Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: samba-tool | Distribution: SUSE Linux Framework One |
Version: 4.20.2+git.348.4fb6af61307 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.26 | Build date: Thu Jul 4 12:34:20 2024 |
Group: Productivity/Networking/Samba | Build host: reproducible |
Size: 12796 | Source RPM: samba-4.20.2+git.348.4fb6af61307-slfo.1.1.26.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://www.samba.org/ | |
Summary: Main Samba administration tool |
The package contains samba-tool, the main tool for Samba Administration.
GPL-3.0-or-later
* Thu Jul 04 2024 scabrero@suse.de - Fix named crash when using samba's DLZ plugin; (bsc#1224003); (bso#15643); * Thu Jul 04 2024 pgajdos@suse.com - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] * Wed Jun 19 2024 nopower@suse.com - Update to 4.20.2 * vfs_widelinks with DFS shares breaks case insensitivity; (bso#15662); (bsc#1213607). * Samba build is not reproducible; (bso#13213). * ldb qsort might r/w out of bounds with an intransitive compare function; (bso#15569). * Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances; (bso#15625). * Need to change gitlab-ci.yml tags in all branches to avoid CI bill; (bso#15638). * We have added new options --vendor-name and --vendor-patch- revision arguments to ./configure to allow distributions and packagers to put their name in the Samba version string so that when debugging Samba the source of the binary is obvious; (bso#15654). * CTDB RADOS mutex helper misses namespace support; (bso#15665). * Dynamic DNS updates with the internal DNS are not working; (bso#13019). * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022); (bso#15412). * Panic in dreplsrv_op_pull_source_apply_changes_trigger; (bso#15573). * s4:nbt_server: does not provide unexpected handling, so winbindd can't use nmb requests instead cldap; (bso#15620). * winbindd, net ads join and other things don't work on an ipv6 only host; (bso#15642). * Segmentation fault when deleting files in vfs_recycle; (bso#15659). * Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664). * "client use kerberos" and --use-kerberos is ignored for the machine account; (bso#15666). * Regression DFS not working with widelinks = true; (bso#15435). * samba-gpupdate - Invalid NtVer in netlogon_samlogon_response; (bso#15633). * idmap_ad creates an incorrect local krb5.conf in case of trusted domain lookups; (bso#15653). * The images don't build after the git security release and CentOS 8 Stream is EOL; (bso#15660). * Mon Jun 03 2024 scabrero@suse.de - Fix non deterministic builds; (bsc#1225754); (bso#13213); * Thu May 16 2024 scabrero@suse.de - Update to 4.20.1 * dns update debug message is too noisy; (bso#15630); * Do not fail PAC validation for RFC8009 checksums types; (bso#15635); * Improve performance of lookup_groupmem() in idmap_ad; (bso#15605); * Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636); * http library doesn't support 'chunked transfer encoding'; (bso#15611); * Provide a systemd service file for the background queue daemon; (bso#15600); - Update to 4.20.0 New features: * samba-tool user getpassword / syncpasswords ;rounds= change * Group Managed service account client-side features * New Windows Search Protocol Client * Allow 'smbcacls' to save/restore DACLs to file * Samba-tool extensions for AD Claims, Authentication Policies and Silos * AD DC support for Authentication Silos and Authentication Policies * Conditional ACEs and Resource Attribute ACEs * Service Witness Protocol [MS-SWN] Removed features: * Get locally logged on users from utmp Fixed bugs: * Avoid null-dereference with bad claims; (bso#15606); * ndr_pull_security_ace can leave resource attribute ACE coda claim struct undefined; (bso#15613); * fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close(); (bso#15527); * set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - openat() EACCES; (bso#15583); * libgpo: Segfault in python bindings; (bso#15599); * Samba AD is missing some authentication policy tests; (bso#15607); * samba-gpupdate: Correctly implement site support; (bso#15588); * Remove unsupported "Final" keyword missing from Python 3.6; (bso#15575); * Additional witness backports for 4.20.0; (bso#15577); * Error output with wspsearch; (bso#15579); * Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580); * Performance regression for NDR parsing of security descriptors; (bso#15574); * Build and install man page for wspsearch client utility; (bso#15565); * Tue Feb 20 2024 nopower@suse.com - Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555). * Wed Jan 10 2024 nopower@suse.com - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). * Tue Jan 09 2024 nopower@suse.com - Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440). * Multichannel refresh network information; (bso#15547). * Mon Nov 27 2023 nopower@suse.com - Update to 4.19.3 * sid_strings test broken by unix epoch > 1700000000; (bso#15520). * smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set; (bso#15487). * smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(); (bso#15521). * Improve logging for failover scenarios; (bso#15499). * Files without "read attributes" NFS4 ACL permission are not listed in directories; (bso#15093). * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users; (bso#13595). * Kerberos TGS-REQ with User2User does not work for normal accounts; (bso#15492). * vfs_gpfs stat calls fail due to file system permissions; (bso#15507). * Samba doesn't build with Python 3.12; (bso#15513). * Mon Oct 23 2023 dmulder@suse.com - packaging: samba-tool domain provision requires python3-Markdown; (bsc#1216519). * Mon Oct 16 2023 nopower@suse.com - Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477). * Thu Oct 12 2023 nopower@suse.com - packaging: Remove /etc/slp.reg.d from samba spec file; (bsc#1216160) * Thu Oct 12 2023 nopower@suse.com - use systemd-logind rather than utmp for y2038 safety; (bsc#1216159). * Tue Oct 10 2023 nopower@suse.com - CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424). * Tue Sep 26 2023 nopower@suse.com - Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true; (bso#15435). * Heimdal fails to build on 32-bit FreeBSD; (bso#15443). * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441). * Mon Aug 21 2023 scabrero@suse.de - Update to 4.18.6 * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420); * Missing return in reply_exit_done(); (bso#15430); * post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself; (bso#15289); * Windows client join fails if a second container CN=System exists somewhere; (bso#9959); * Spotlight sometimes returns no results on latest macOS; (bso#15342); * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination; (bso#15417); * Spotlight results return wrong date in result list; (bso#15427); * "net offlinejoin provision" does not work as non-root user; (bso#15414); * rpcserver no longer accepts double backslash in dfs pathname; (bso#15400); * cm_prepare_connection() calls close(fd) for the second time; (bso#15433); * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346); * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441); * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446); * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390); * Regression DFS not working with widelinks = true; (bso#15435); * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449); * Tue Aug 08 2023 scabrero@suse.de - Move libcluster-samba4.so from samba-libs to samba-client-libs; (bsc#1213940); * Wed Jul 19 2023 nopower@suse.com - Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). * Thu Jul 06 2023 nopower@suse.com - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390). * The winbind child segfaults when listing users with `winbind scan trusted domains = yes`; (bso#15398). * Remove comments about deprecated 'write cache size'; (bso#15383). * smbget memory leak if failed to download files recursively; (bso#15403). * Thu Jun 01 2023 nopower@suse.com - Update to 4.18.3 * Symlinks to files can have random DOS mode information in a directory listing; (bso#15375). * vfs_fruit might cause a failing open for delete; (bso#15378). * winbind recurses into itself via rpcd_lsad; (bso#15361). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND; (bso#15362). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * Setting veto files = /.*/ break listing directories; (bso#15360). * "samba-tool domain provision" does not run interactive mode if no arguments are given; (bso#15363). * dsgetdcname: assumes local system uses IPv4; (bso#15325). - Update to 4.18.2 * Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * Flapping tests in samba_tool_drs_show_repl.py; (bso#15316). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Tests use depricated and removed methods like assertRegexpMatches; (bso#15343). * Wed Mar 29 2023 nopower@suse.com - Update to 4.18.1 * CVE-2023-0225: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (bso#15276);(bsc#1209483). * CVE-2023-0614: Access controlled AD LDAP attributes can be discovered (bso#15270); (bsc#1209485). * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext(bso#15315);(bsc#1209481). * ldb wildcard matching makes excessive allocations; (bso#15331). * large_ldap test is inefficient; (bso#15332). * Fri Mar 17 2023 scabrero@suse.de - Update to 4.18.0 * SMB server performance improvements * More succinct samba-tool error messages * Color output with samba-tool --color The NO_COLOR environment variable will disable colour output * New samba-tool dsacl subcommand for deleting ACEs * New wbinfo option --change-secret-at * Net option to change the NT ACL default location * Azure AD / Office365 synchronization improvements * Tue Feb 14 2023 scabrero@suse.de - Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808); * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172); * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210); * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226); * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236); * DFS links don't work anymore on Mac clients since 4.17; (bso#15277); * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283); * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Shares missing from netshareenum response in samba 4.17.4; (bso#15266); * ctdb: use-after-free in run_proc; (bso#15269); * irpc_destructor may crash during shutdown; (bso#15280); * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286); * smbclient segfaults with use after free on an optimized build; (bso#15268); * smbstatus leaking files in msg.sock and msg.lock; (bso#15282); * Leak in wbcCtxPingDc2; (bso#15164); * Access based share enum does not work in Samba 4.16+; (bso#15265); * Crash during share enumeration; (bso#15267); * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271); * Avoid relying on C89 features in a few places; (bso#15281); - named crashes on DLZ zone update; (bso#14030); (bsc#1206996); - Drop libnsl build requirement; (bsc#1208220); * Mon Jan 23 2023 nopower@suse.com - libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally. * Thu Jan 12 2023 nopower@suse.com - Clean up logic for PAM migration settings in spec file. * Wed Jan 04 2023 schubi@suse.com - Migration of PAM settings to /usr/lib/pam.d. * Wed Dec 21 2022 nopower@suse.com - Change with_dc default to 0 (for non TW builds). * Thu Dec 15 2022 scabrero@suse.de - Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); * Prevent EBADF errors with vfs_glusterfs; (bso#15198); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Stack smashing in net offlinejoin requestodj; (bso#15257); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); - Remove deprecated if-{down,up} scripts; (bsc#1206444); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists * Mon Dec 12 2022 schubi@suse.com - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Thu Dec 01 2022 dmulder@suse.com - Introduce without-smb1-server spec flag; (bsc#1205104); * Tue Nov 15 2022 scabrero@suse.de - Update to 4.17.3 * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203); * Tue Nov 08 2022 code@bnavigator.de - Replace obsolete python-gpgme with python-gpg * Upstream replaced it in v4.9.5 -- bso#13728 * Tue Oct 25 2022 nopower@suse.com - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). * Wed Oct 19 2022 nopower@suse.com - Update to 4.17.1 * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Flush on a named stream never completes; (bso#15182). * Permission denied calling SMBC_getatr when file not exists; (bso#15195). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * pytest: add file removal helpers for TestCaseInTempDir; (bso#15191). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * Flush on a named stream never completes; (bso#15182). * vfs_gpfs silently garbles timestamps > year 2106; (bso#15151). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * multi-channel socket passing may hit a race if one of the involved processes already existed; (bso#15200). * memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others); (bso#15201). * Since popt1.19 various use after free errors using result of poptGetArg are now exposed; (bso#15205); (boo#1204279). * Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs; (bso#15192). * GETPWSID in memory cache grows indefinetly with each NTLM auth; (bso#15169). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689); * Fri Oct 14 2022 nopower@suse.com - Fix use after free errors resulting from using return of poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205). * Mon Sep 26 2022 nopower@suse.com - s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(); (bso#15174). * Mon Sep 26 2022 nopower@suse.com - Disable SMB1 for tumbleweed builds. * Fri Sep 23 2022 nopower@suse.com - Update to 4.17.0 * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Cross-node multi-channel reconnects result in SMB2 Negotiate returning NT_STATUS_NOT_SUPPORTED; (bso#15159). * winbind at info level debug can coredump when processing wb_lookupusergroups; (bso#15160). * Make use of glfs_*at() API calls in vfs_glusterfs; (bso#15157). * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128). * `net usershare add` fails with flag works with --long but fails with -l; (bso#15145). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Performance regression on contended path based operations; (bso#15125). * Missing READ_LEASE break could cause data corruption; (bso#15148). * libsamba-errors uses a wrong version number; (bso#15141). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * 4.17.rc1 still uses symlink-race prone unix_convert(); (bso#15144). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Manpage for smbstatus json is missing; (bso#15147). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Performance regression on contended path based operations; (bso#15125). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Fix issues found by coverity in smbstatus json code; (bso#15140). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Thu Sep 01 2022 schubi@suse.com - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Thu Jul 28 2022 scabrero@suse.de - Update to 4.16.4 * CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords; (bsc#1201495); (bso#15047); * CVE-2022-32744: Samba AD users can forge password change requests for any user; (bsc#1201493); (bso#15074); * CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request; (bsc#1201492); (bso#15008); * CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request; (bsc#1201490); (bso#15009); * CVE-2022-32742: Server memory information leak via SMB1; (bsc#1201496); (bso#15085); * Tue Jul 19 2022 scabrero@suse.de - Update to 4.16.3 * Using vfs_streams_xattr and deleting a file causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode; (bso#15095); * Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL; (bso#15105); * Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(); (bso#15118); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * Fix check for chown when processing NFSv4 ACL; (bso#15120); * The pcap background queue process should not be stopped; (bso#15082); * testparm: Fix typo in idmap rangesize check; (bso#15097); * net ads info returns LDAP server and LDAP server name as null; (bso#15106); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * CTDB child process logging does not work as expected; (bso#15090); * Tue Jul 12 2022 scabrero@suse.de - Update spec file to fix the optional Heimdal DC build - Fix external trusts with MIT Kerberos 1.20 - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Add sysuser-shadow requirement for packages using systemd-sysusers - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); * Tue Jun 21 2022 schubi@suse.de - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. * Mon Jun 13 2022 scabrero@suse.de - Update to 4.16.2 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * Reintroduce netgroups support; (bso#15087); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS; (bso#15062); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient -E doesn't work as advertised; (bso#15075); * The samba background daemon doesn't refresh the printcap cache on startup; (bso#15081); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7 - Support building with MIT Kerberos 1.20 - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC; (CVE-2020-17049); - Resource Based Constrained Delegation (RBCD) for Samba AD DC - Support building with gcc 12.1 * Wed May 11 2022 scabrero@suse.de - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); * Tue May 03 2022 scabrero@suse.de - Update to 4.16.1 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * KVNO off by 100000; (bso#14951); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Wed Apr 20 2022 nopower@suse.com - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data. * Wed Apr 13 2022 nopower@suse.com - Fix update-apparmor-samba-profile script, sed doesn't like multibyte separators; (bsc#1198309). * Thu Mar 24 2022 scabrero@suse.de - Update to 4.16.0 * New samba-dcerpcd binary to provide DCERPC in the member server setup * Certificate Auto Enrollment * Ability to add ports to dns forwarder addresses in internal DNS backend * No longer using Linux mandatory locks for sharemodes * SMB1 protocol has been deprecated, particularly older dialects * SMB1 protocol SMBCopy command removed * SMB1 server-side wildcard expansion removed - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101); - Use systemd-sysusers to create system users; (bsc#1182847); * Tue Mar 15 2022 scabrero@suse.de - Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); * Mon Mar 07 2022 dmulder@suse.com - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. * Fri Mar 04 2022 ddiss@suse.com - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). * Wed Feb 23 2022 nopower@suse.com - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). * Mon Feb 14 2022 dmulder@suse.com - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). * Mon Feb 07 2022 dmulder@suse.com - libldb version mismatch in Samba dsdb component; (bsc#1118508); * Mon Jan 31 2022 nopower@suse.com - Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048). * Wed Jan 26 2022 scabrero@suse.de - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); * Fri Jan 21 2022 scabrero@suse.de - Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); * Tue Jan 18 2022 dimstar@opensuse.org - Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway). * Thu Jan 13 2022 scabrero@suse.de - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba * Fri Dec 10 2021 scabrero@suse.de - Update to 4.15.3 * Recursive directory delete with veto files is broken in 4.15.0; (bso#14878); * A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879); * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892); * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694); * The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849); * User with multiple spaces (eg Fred<space><space>Nurk) become un-deletable; (bso#14902); * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127); * smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882); * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890); * Samba process doesn't log to logfile; (bso#14897); * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907); * Kerberos authentication on standalone server in MIT realm broken; (bso#14922); * Segmentation fault when joining the domain; (bso#14923); * Support for ROLE_IPA_DC is incomplete; (bso#14903); * rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767); * winexe crashes since 4.15.0 after popt parsing; (bso#14893); * net ads status -P broken in a clustered environment; (bso#14908); * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788); * winbindd doesn't start when "allow trusted domains" is off; (bso#14899); * smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883); * A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912); * Possible null pointer dereference in winbind; (bso#14921); * Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846); * Add Debian 11 CI bootstrap support; (bso#14872); * Crash in recycle_unlink_internal(); (bso#14888); * Thu Nov 18 2021 scabrero@suse.de - Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684); * Wed Nov 10 2021 scabrero@suse.de - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - Update to 4.15.2 * CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440); * CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284); * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246); * CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247); * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505); * CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283); * CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215); * CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214); - Update to 4.15.1 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682); * Log clutter from filename_convert_internal; (bso#14685); * MacOSX compilation fixes; (bso#14862); * rodc_rwdc test flaps; (bso#14868); * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642); * Python ldb.msg_diff() memory handling failure; (bso#14836); * "in" operator on ldb.Message is case sensitive; (bso#14845); * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848); * samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854); * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871); * Allow special chars like "@" in samAccountName when generating the salt; (bso#14874); * Correctly ignore comments in CTDB public addresses file; (bso#14826); * Fix transit path validation; (bso#12998); * Fix that child winbindd logs to log.winbindd instead of log.wb-<DOMAIN>; (bso#14852); * SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855); * Prepare to operate with MIT krb5 >= 1.20; (bso#14870); * Heimdal prefers RC4 over AES for machine accounts; (bso#14864); * Wed Oct 13 2021 dmulder@suse.com - Enable samba-tool without ad dc. * Thu Sep 30 2021 nopower@suse.com - Adjust spec to use pam macros; (bsc#1191046). * Wed Sep 29 2021 nopower@suse.com - Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded. * Thu Sep 23 2021 scabrero@suse.de - Add missing build dependency on bison when building with the embedded Heimdal Kerberos * Mon Sep 20 2021 scabrero@suse.de - Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed * Thu Sep 16 2021 scabrero@suse.de - Update to 4.14.7 * smbd panic on force-close share during offload write; (bso#14769); * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK; (bso#12033); * Fix returned attributes on fake quota file handle and avoid hitting the VFS; (bso#14731); * vfs_shadow_copy2 fix inodes not correctly updating inode numbers; (bso#14756); * Fix build on Solaris; (bso#14774); * Make dos attributes available for unreadable files; (bso#14654); * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7; (bso#14607); * Start the SMB encryption as soon as possible; (bso#14793); * Tue Aug 17 2021 dmulder@suse.com - Add Certificate Auto Enrollment Policy; (jsc#SLE-18457). * Fri Jul 23 2021 dmulder@suse.com - Update to 4.14.6 * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722). * smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732). * s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734). * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736). * NT_STATUS_FILE_IS_A_DIRECTORY error messages when using glusterfs VFS module; (bso#14730). * s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734). * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740). * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750). * smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752). * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027). * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669). * Tue Jun 01 2021 scabrero@suse.de - Update to 4.14.5 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(); (bso#14721); * docs: Expand the "log level" docs on audit logging; (bso#14689); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Fix gcc11 compiler issues; (bso#14699); * docs-xml: Update smbcacls manpage; (bso#14718); * docs: Update list of available commands in rpcclient; (bso#14719); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * s3:winbind: For 'security = ADS' require realm/workgroup to be set; (bso#14695); * lib:replace: Do not build strndup test with gcc 11 or newer; (bso#14699); * Thu Apr 29 2021 nopower@suse.com - Update to 4.14.4 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571); (bsc#1184677). - Update to 4.14.3 * s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat; (bso#14671). * build: Notice if flex is missing at configure time; (bso#14586). * Fix smbd panic when two clients open same file; (bso#14672). * Fix memory leak in the RPC server; (bso#14675). * s3: smbd: fix deferred renames; (bso#14679). * s3-iremotewinspool: Set the per-request memory context; (bso#14675) * Fix memory leak in the RPC server; (bso#14675). * third_party: Update socket_wrapper to version 1.3.2; (bso#11899). * third_party: Update socket_wrapper to version 1.3.3; (bso#14640). * samba-gpupdate: Test that sysvol paths download in case-insensitive way; (bso#14665). * smbd: Ensure errno is preserved across fsp destructor; (bso#14662). * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663). * build: Only add -Wl,--as-needed when supported; (bso#14288). * Wed Mar 31 2021 scabrero@suse.de - Update to 4.14.2 * Release with dependency on ldb version 2.3.0. - Update to 4.14.1 * CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655); * CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs; (bso#14595); - Update to 4.14.0 * VFS layer modernized. * Printers publishing in AD improved. * Client group policies support for sudoers configuration and cron jobs. * Improved consistency of samba-tool subcommands. * CTDB now uses the terms leader and follower instead of master and slave. Configuration options have changed accordingly. * The ctdb isnotrecmaster command is removed. * For details on all items see WHATSNEW.txt in samba-doc package. * Mon Mar 01 2021 scabrero@suse.de - Spec file fixes around systemd and requires; (bsc#1182830); - Align systemd service unit files with upstream provided ones. * Tue Jan 26 2021 scabrero@suse.de - Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594); * Mon Dec 28 2020 scabrero@suse.de - Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388); * Wed Dec 16 2020 scabrero@suse.de - Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514); * Mon Nov 16 2020 scabrero@suse.de - Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); * Thu Nov 05 2020 nopower@suse.com - Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469). * Tue Oct 06 2020 scabrero@suse.de - Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355); * Mon Oct 05 2020 ddiss@suse.com - Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245) * Thu Sep 24 2020 ddiss@suse.com - Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency * Tue Sep 22 2020 ddiss@suse.com - Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428) * Fri Sep 18 2020 scabrero@suse.de - Update to samba 4.12.7 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.12.6 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403). + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424). + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450). + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426). + PANIC: Assert failed in get_lease_type(); (bso#14428). + util: Fix build on AIX by fixing the order of replace.h include; (bso#14422). + srvsvc_NetFileEnum asserts with open files; (bso#14355). + KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it; (bso#14354). + s3:smbd: Make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427). + PANIC: Assert failed in get_lease_type(); (bso#14428). + docs: Fix documentation for require_membership_of of pam_winbind.conf; (bso#14358). + ctdb-scripts: Use nfsconf utility for variable values in CTDB NFS scripts; (bso#14444). + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425). * Tue Jul 28 2020 kukuk@suse.com - Don't install SuSEfirewall2 services, we don't have that package anymore * Thu Jul 02 2020 nopower@suse.com - Update to samba 4.12.5 + Fix smbd panic on force-close share during async io; (bso#14301). + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374) + Fix DFS links; (bso#14391). + Can't use DNS functionality after a Windows DC has been in domain; (bso#14310). + ldapi search to FreeIPA crashes; (bso#14413). + Add net-ads-join dnshostname=fqdn option; (bso#14396) + Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC; (bso#14406). + docs-xml: Update list of posible VFS operations for vfs_full_audit; (bso#14386). + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382). + Client tools are not able to read gencache anymore; (bso#14370). * Thu Jul 02 2020 nopower@suse.com - Update to samba 4.12.4 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159) + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). * Sat May 30 2020 meissner@suse.com - add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307) * Thu May 28 2020 scabrero@suse.de - Add system-user-nobody to samba package requirements * Wed May 20 2020 scabrero@suse.de - Update to samba 4.12.3 + Fix smbd panic on force-close share during async io; (bso#14301); + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array; (bso#14343); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + Fix smbd crashes when MacOS Catalina connects if iconv initialization fails; (bso#14372); + Exporting from macOS Adobe Illustrator creates multiple copies; (bso#14150); + smbd does a chdir() twice per request; (bso#14256); + smbd mistakenly updates a file's write-time on close; (bso#14320); + vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename(); (bso#14350); + Fix Windows 7 clients problem after upgrading samba file server; (bso#14375); + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359); + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155); + mit-kdc: Explicitly reject S4U requests; (bso#14342); + dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked(); (bso#14352); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:libads: Fix ads_get_upn(); (bso#14336); + ctdb: Fix a memleak; (bso#14348); + Malicous SMB1 server can crash libsmbclient; (bso#14366); + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds; (bso#14330); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358); * Mon May 11 2020 dmulder@dmulder.com - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); * Mon May 04 2020 scabrero@suse.de - libsmb: Don't try to find posix stat info in SMBC_getatr(); (bso#14101); (bsc#1169242); * Wed Apr 29 2020 nopower@suse.com - Move libdcerpc-server-core.so to samba-libs package, this was initially erroneously located in samba-ad-dc. * Tue Apr 28 2020 nopower@suse.com - Update to samba 4.12.2 + CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850) + CVE-2020-10704: A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV; (bso#14334); (bsc#1169851). * Mon Apr 13 2020 scabrero@suse.de - Update to samba 4.12.1 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295); + samba-tool group: Handle group names with special chars correctly; (bso#14296); + Add missing check for DMAPI offline status in async DOS attributes; (bso#14293); + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307); + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316); + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313); + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327); + fruit:time machine max size is broken on arm; (bso#13622); + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294); + s3/utils: Fix double free error with smbtree; (bso#14332); + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294); + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); + CTDB recovery daemon can crash due to dereference of NULL pointer; (bso#14324); * Wed Mar 25 2020 nopower@suse.com - s3: libsmbclient.h: add missing time.h include to fix ffmpeg build and make it compatible with -std=c99. * Mon Mar 16 2020 nopower@suse.com - ndrdump tests: Make the tests less fragile - python/samba/gp_parse: Fix test errors with python3.8 * Fri Mar 13 2020 nopower@suse.com - Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). * Fri Mar 06 2020 nopower@suse.com - Update to samba 4.12.0 + For details on all items see WHATSNEW.txt in samba-doc package. + Samba 4.12 raises this minimum version to Python 3.5. + Samba now requires GnuTLS 3.4.7 to be installed. + New Spotlight backend for Elasticsearch. + Retiring DES encryption types in Kerberos. With this release, support for DES encryption types has been removed from Samba, and setting DES_ONLY flag for an account will cause Kerberos authentication to fail for that account (see RFC-6649). + Samba-DC: DES keys no longer saved in DB. + The netatalk VFS module has been removed. + The BIND9_FLATFILE DNS backend is deprecated in this release and will be removed in the future. + CTDB changes + The ctdb_mutex_fcntl_helper periodically re-checks the lock file. + Bugs + Retire DES encryption types in Kerberos; (bso#14202); bsc#(1165574). + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + s3: DFS: Don't allow link deletion on a read-only share; (bso#14269). + pidl/wscript: configure should insist on Parse::Yapp::Driver; (bso#14284). + smbd fails to handle EINTR from open(2) properly; (bso#14285). + ldb: version 2.1.1; (bso#14270)). + vfs: Set getting and setting of MS-DFS redirects on the filesystem to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and SMB_VFS_READ_DFS_PATHAT(); (bso#14282). + bootstrap: Remove un-used dependency python3-crypto; (bso#14255) + Fix CID 1458418 and 1458420; (bso#14247). + lib: Fix a shutdown crash with "clustering = yes"; (bso#14281). + Winbind member (source3) fails local SAM auth with empty domain name; (bso#14247). + winbindd: Handle missing idmap in getgrgid(); (bso#14265). + Don't use forward declaration for GnuTLS typedefs; (bso#14271). + Add io_uring vfs module; (bso#14280). + libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2; (bso#14250). + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239); + lib:util: Log mkdir error on correct debug levels; (bso#14253). * Sun Feb 02 2020 kukuk@suse.com - Remove unused pwdutils buildrequires * Thu Jan 30 2020 scabrero@suse.de - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209); + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209); + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218); + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122); + smbd: Fix the build with clang; (bso#14251); + upgradedns: Ensure lmdb lock files linked; (bso#14199); + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182); + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101); + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219); + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227); * Tue Jan 21 2020 scabrero@suse.de - Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464); - Fix querying all names registered within broadcast area; (bso#8927); * Tue Jan 21 2020 nopower@suse.com - Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). - Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). + Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856). * Fri Dec 20 2019 ddiss@suse.com - Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320). * Tue Dec 10 2019 nopower@suse.com - Update to samba 4.11.3 + CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). + CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109). * Tue Oct 29 2019 jmcdonough@suse.com - Update to samba 4.11.2 + CVE-2019-10218: Client code can return filenames containing path separators; (bsc#1144902); (bso#14071). + CVE-2019-14833: Samba AD DC check password script does not receive the full password; (bso#12438). + CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040). - Fixes from 4.11.1 + Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140); + kpasswd fails when built with MIT Kerberos; (bso#14155); + Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); + Stale file handle error when using mkstemp on a share; (bso#14137); + non-AES schannel broken; (bso#14134); + Joining Active Directory should not use SAMR to set the password; (bso#13884); + smbclient can blunder into the SMB1 specific cli_RNetShareEnum() call on an SMB2 connection; (bso#14152); + Deleted records can be resurrected during recovery; (bso#14147); + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group; (bso#14141); + winbind does not list forest trusts with additional trust attributes; (bso#14130); + fault report points to outdated documentation; (bso#14139); + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests; (bso#14124); + classicupgrade results in uncaught exception - a bytes-like object is required, not 'str'; (bso#14136); + pod2man is not longer required, stop checking at build time; (bso#14131); + Exit code of ctdb nodestatus should not be influenced by deleted nodes; (bso#14129); + username/password authentication doesn't work with CUPS and smbspool; (bso#14128); + smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094); * Sat Oct 05 2019 jmcdonough@suse.com - Update to samba 4.11.0 + For details on all items see WHATSNEW.txt in samba-doc package + Python2 runtime support removed; python 3.4 or later required + Security improvements: - SMB1 disabled by default - lanman and plaintext authentication deprecated - winbind: PAM_AUTH and NTLM_AUTH events logged - GnuTLS 3.2 required; system FIPS mode setting honored + CephFS Snapshot integration, exposed as previous file versions + ctdb changes: - onnode -o option removed - ctdbd logs when using more than 90% of a CPU thread - CTDB_MONITOR_SWAP_USAGE variable removed + AD Domain controller improvements: - Upgrade AD databse format - BIND9_FLATFILE deprecated - default process model chagned to prefork - bind9 dns operation duration logging - Default schema updated to 2012_R2; function level is unchanged - many performance improvements + Configuration webserver support removed * Tue Sep 03 2019 scabrero@suse.de - Update to samba 4.10.8 + CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267); * Fri Aug 30 2019 nopower@suse.com - Fix build on newer systems by modifying samba.spec to use consistent non-relative paths for pammodules in configure line and specification of pam_winbind.so library to package. * Tue Aug 27 2019 nopower@suse.com - Update to samba 4.10.7 + Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). + build: Allow build when '--disable-gnutls' is set; (bso#13844) + samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). + Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021) + join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). + vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). + lookup_name: Allow own domain lookup when flags == 0; (bso#14091). + s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). + DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). + Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). + dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). + dnsProperty fails to decode values from older Windows versions; (bso#13969). + samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). + third_party: Update waf to version 2.0.17; (bso#13960). + netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017). * Wed Aug 07 2019 nopower@suse.com - Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). * Thu Aug 01 2019 scabrero@suse.de - Update samba-winbind script to work with systemd; (bsc#1132739); - Drop samba dhcpcd hook scripts - Update to samba 4.10.6 + s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). + smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). + samba-tool dns: use bytes for inet_ntop; (bso#13965). + samba-tool domain provision: Fix --interactive module in python3; (bso#13828). + ldb_kv: Skip @ records early in a search full scan; (bso#13893). + docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). + python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). + registry: Add a missing include; (bso#13840). + Fix SMB guest authentication; (bso#13944). + AppleDouble conversion breaks Resourceforks; (bso#13958). + vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). + s3:mdssvc: Fix flex compilation error; (bso#13987). + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872). + dsdb:samdb: schemainfo update with relax control; (bso#13799). + s3:util: Move static file_pload() function to lib/util; (bso#13964). + smbd: Fix a panic; (bso#13957). + ldap server: Generate correct referral schemes; (bso#12478). + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). + s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). + dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). + ldb: Release ldb 1.5.5; (bso#12478). + Schema replication fails if link crosses chunk boundary backwards; (bso#13713). + 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). + Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). + wafsamba: Use native waf timer; (bso#13998). + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984). * Wed Jun 19 2019 nopower@suse.com - Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2; (bso#13922); (bsc#1137815). + CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages; (bso#13951); (bsc#1137816). - Update to samba-4.10.4 + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + py/provision: Fix for Python 2.6; (bso#13882). + netcmd: Fix 'passwordsettings --max-pwd-age' command; (bso#13873). + s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot"; (bso#13861). + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + vfs_ceph: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). + ctdb-common: Avoid race between fd and signal events; (bso#13895). + ctdb-common: Fix memory leak in run_proc; (bso#13943). + lib: Initialize getline() arguments; (bso#13892). + winbind: Fix overlapping id ranges; (bco#13903). + lib util debug: Increase format buffer to 4KiB; (bso#13902). + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + s4 lib socket: Ensure address string owned by parent struct; (bso#13929). + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#12845). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#13796). + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + smb2_server: Grant all 8192 credits to clients; (bso#13863). + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; (bso#13919). + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + s3: modules: ceph: Use current working directory instead of share path; (bso#13918); (bsc#1134452). + winbind: Use domain name from lsa query for sid_to_name cache entry; (bso#13831). + memcache: Increase size of default memcache to 512k; (bso#13865). + docs: Update smbclient manpage for "--max-protocol"; (bso#13857). + s3:utils: If share is NULL in smbcacls, don't print it; (bso#13937). + s3:smbspool: Fix regression printing with Kerberos credentials; (bso#13939). + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd; (bso#13860). + ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"; (bso#13888). + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + ctdb-common: Fix memory leak; (bso#13943). + s3:debug: Enable logging for early startup failures; (bso#13904) - Update to samba-4.10.3 + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum; (bso#13685); (bsc#1134024). * Tue May 14 2019 ddiss@suse.com - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). * Wed May 08 2019 ddiss@suse.com - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). * Wed Apr 17 2019 nopower@suse.com - Update to samba-4.10.2: + CVE-2019-3870 (World writable files in Samba AD DC private/ dir); (bso#13834). + CVE-2019-3880 (Save registry file outside share as unprivileged user); (bso#13851). + py/kcc_utils: py2.6 compatibility; (bso#13837). + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869). + regfio: Improve handling of malformed registry hive files; (bso#13840). + ctdb-version: Simplify version string usage; (bso#13789). + lib: Make fd_load work for non-regular files; (bso#13859). + dbcheck: in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816). + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818). + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854). + acl_read: Fix regression for empty lists; (bso#13836). + s4:dlz make b9_has_soa check dc=@ node; (bso#13841). + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832). + s4:librpc: Fix installation of Samba; (bso#13847). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853). * ctdb-build: Drop creation of .distversion in tarball; (bso#13789). * ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838). - Update to samba-4.10.1: + py/kcc_utils: py2.6 compatibility; (bso#13837); + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869); + regfio: Improve handling of malformed registry hive files; (bso#13840); + ctdb-version: Simplify version string usage; (bso#13789); + lib: Make fd_load work for non-regular files; (bso#13859); + dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816); + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818); + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854); + acl_read: Fix regression for empty lists; (bso#13836); + s4:dlz make b9_has_soa check dc=@ node; (bso#13841); + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832); + s4:librpc: Fix installation of Samba; (bso#13847); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853); + ctdb-build: Drop creation of .distversion in tarball; (bso#13789); + ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838); - Update to samba-4.10.0: + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s4/scripting/bin: Open unicode files with utf8 encoding and write + unicode string. + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813); + passdb: Update ABI to 0.27.2. + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813); + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823); * Sun Apr 14 2019 ddiss@suse.com - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). * Tue Apr 02 2019 nopower@suse.com - CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ). * Wed Mar 27 2019 dmulder@suse.com - Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol <pid> debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744); * Mon Mar 04 2019 ddiss@suse.com - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). * Fri Feb 22 2019 scabrero@suse.de - Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377); * Thu Feb 07 2019 dmulder@suse.com - LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758); * Thu Feb 07 2019 ddiss@suse.com - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); * Mon Feb 04 2019 scabrero@suse.de - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit(); (bso#13173); (bsc#1123755); - s3:winbind: Fix regression introduced with bso #12851; (bso#12851); (bsc#1123755); * Tue Jan 08 2019 nopower@suse.com - Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498). * Thu Dec 20 2018 dmulder@suse.com - s3:passdb: Do not return OK if we don't have pinfo set up; (bsc#1099590); (bso#13376); * Thu Dec 06 2018 jengelh@inai.de - Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd. * Thu Nov 29 2018 dmulder@suse.com - Remove python2 build dependency from samba-libs; (bsc#1116900); * Wed Nov 28 2018 scabrero@suse.de - Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path. * Mon Nov 19 2018 scabrero@suse.de - Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323); * Thu Nov 08 2018 scabrero@suse.de - s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459); - Use foreground execution mode for systemd samba daemons; (bsc#1112223); * Thu Nov 08 2018 scabrero@suse.de - Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670); * Mon Oct 29 2018 dmulder@suse.com - lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373); * Tue Oct 23 2018 dmulder@suse.com - winbind requires latest version of libtevent-util0 to start * Fri Oct 12 2018 dmulder@suse.com - Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method * Mon Oct 08 2018 scabrero@suse.de - Update to 4.6.16; (bsc#1110943); + CVE-2018-10919: Fix unauthorized attribute access via searches; (bso#13434); * Wed Sep 26 2018 jmcdonough@suse.com - Enable profiling data collection * Tue Sep 25 2018 dmulder@suse.com - Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package * Mon Sep 24 2018 scabrero@suse.de - Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610); * Thu Sep 13 2018 dmulder@suse.com - Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed. * Thu Sep 13 2018 scabrero@suse.de - Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j<jobs>'; (bso#13606); * Mon Sep 10 2018 dmulder@suse.com - Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592); * Wed Aug 29 2018 dmulder@suse.com - Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568); * Mon Aug 27 2018 vcizek@suse.com - Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel * Tue Aug 21 2018 dmulder@suse.com - Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562); * Mon Aug 20 2018 ddiss@suse.com - Update to 4.6.15 + Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230); + Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931). * Mon Aug 20 2018 dmulder@suse.com - Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551); * Tue Aug 14 2018 nopower@suse.com - Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480). * Wed Aug 01 2018 scabrero@suse.de - CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bso#13453); (bsc#1103411); - s3: winbind: Fix 'winbind normalize names' in wb_getpwsid(); (bso#12851); - winbind: avoid using fstrcpy in _dual_init_connection; (bso#13294); (bsc#1087303); - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1068059); - net: fix net ads keytab handling; (bso#13166); (bsc#1067700); - fix vfs_ceph flock stub; (bso#13506). * Tue May 29 2018 scabrero@suse.de - Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099); * Wed May 23 2018 ddiss@suse.com - Fix vfs_ceph with "aio read size" or "aio write size" > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). - Update to 4.6.14 + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U"\\administrator" to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add "force_channel_sequence"; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). * Wed May 23 2018 jmcdonough@suse.com - Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417). * Fri Apr 27 2018 scabrero@suse.de - Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302); * Wed Apr 11 2018 aaptel@suse.com - Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit * Mon Mar 26 2018 jengelh@inai.de - Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros * Thu Mar 22 2018 dimstar@opensuse.org - BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages. * Thu Mar 22 2018 dmulder@suse.com - Enable building samba with python3, and create a samba-python3 package. * Thu Mar 15 2018 jmcdonough@suse.com - Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed * Tue Mar 13 2018 david.mulder@suse.com - Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150); * Tue Mar 13 2018 jmcdonough@suse.com - Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024). * Wed Mar 07 2018 jmcdonough@suse.com - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); * Tue Mar 06 2018 ddiss@suse.com - Update to 4.6.13; (bsc#1084191) + ceph_statx configure time check doesn't work with a non-default - -with-libcephfs path; (bso#13250). - follow up fix for libceph-common detection; (bso#13277). + Fail to copy file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181). + vfs_ceph uses a local statvfs() call to determine FS capabilities; (bso#13208). + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193). + smbd panic when chdir returns error during exit; (bso#13189). + ctdb_recovery_helper crashes if recovery process times out; (bso#13188). + POSIX ACL support is broken on hpux and possibly other big-endian OSs; (bso#13176). + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986). + g_lock conflict detection broken when processing stale entries.; (bso#13195). + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132). * Mon Feb 26 2018 aaptel@suse.com - Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test * Fri Feb 23 2018 dmulder@suse.com - samba fails to build with glibc2.27; (bsc#1081042); * Mon Feb 12 2018 scabrero@suse.com - Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176); * Fri Feb 09 2018 scabrero@suse.com - Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125); * Wed Dec 06 2017 kukuk@suse.de - Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc) * Thu Nov 30 2017 scabrero@suse.com - Update to 4.6.11; (bsc#1084191) + vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091); + s3: smbclient: Ensure we call client_clean_name() before all operations on remote pathnames; (bso#13093); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + smbd: Move check for SMB2 compound request to new function; (bso#13047); + s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100); + s4:pyparam: Fix resource leaks on error; (bso#13101); + s3:smbd: Fix delete-on-close after smb2_find; (bso#13118); * Wed Nov 29 2017 david.mulder@suse.com - smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868). * Tue Nov 28 2017 scabrero@suse.com - Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE. * Mon Nov 27 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Wed Nov 15 2017 dmulder@suse.com - samba-tool requires samba-python; (bnc#1067771). * Wed Nov 08 2017 scabrero@suse.de - CVE-2017-14746: Use-after-free vulnerability; (bso#13041); (bsc#1060427); - CVE-2017-15275: Server heap memory information leak; (bso#13077); (bsc#1063008); * Tue Nov 07 2017 scabrero@suse.com - Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049); * Fri Oct 27 2017 scabrero@suse.de - Update to 4.6.9; (bsc#1065066); + Reverse sense of 'clear all attributes', ignore attribute change in SMB2 to match SMB1; (bso#12899); + SMBC_setatr() initially uses an SMB1 call before falling back; (bso#12913); + Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION; (bso#13003); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically; (bso#7909); + Honor SEC_STD_WRITE_OWNER bit; (bso#7933); + Kernel oplocks still have issues with named streams; (bso#12791); + Handle EACCES when fetching DOS attributes; (bso#12944); + Missing assignment in sl_pack_float; (bso#12991); + Fix wrong Samba access checks when changing DOS attributes; (bso#12995); + Groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + Fix GUID string format on GetPrinter info; (bso#12993); + Match WS2016 ReFS set compression behaviour; (bso#12144); + Fix implementation of process_exists control; (bso#13012); + GET_DB_SEQNUM control can cause ctdb to deadlock when databases are frozen; (bso#13021); + Free up record data if a call request is deferred; (bso#13029); + Initialize ctdb_ltdb_header completely for empty record; (bso#13036); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + Ignore event scripts with multiple '.'s; (bso#13070); + Sort the GPOs in the correct order; (bso#13046); + 'smbd' uses a lot of CPU on startup of a connection; (bso#12973); + Fix str[n]casecmp_m() by comparing lower case values; (bso#13018); + Can't change password in Samba from a windows client if Samba runs on IPv6 only interface; (bso#13079); + Fix file change notification for renames; (bso#12903); + Avoid a socket leak after fork; (bso#13006); + Fix a potential memleak; (bso#13090); + Fix passing of errno from async calls; (bso#12983); + Fix segfault when running with log level 10; (bso#13032); + Do not report an invalid range for AD DC role; (bso#12629); + Print the kinit failed message with DBGLVL_NOTICE; (bso#12704); + Fix changing passwords with Kerberos; (bso#12956); + Fix changing the password with 'smbpasswd' as a local user on a domain member; (bso#12975); + Fix a read after free if a chained SMB1 call goes async; (bso#12836); + CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); + Let non_widelink_open() chdir() to directories directly; (bso#12885); + CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); + CVE-2017-12150: Some code path don't enforce smb signing when they should; (bso#12997); * Mon Oct 23 2017 dimstar@opensuse.org - Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package. * Thu Sep 28 2017 scabrero@suse.com - Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available. * Fri Sep 22 2017 scabrero@suse.de - Fix GUID string format on GetPrinter info request; (bso#12993); (bsc#1050707). * Thu Sep 14 2017 aaptel@suse.com - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624). * Thu Sep 14 2017 nopower@suse.com - CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622). * Thu Sep 14 2017 nopower@suse.com - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565). * Thu Aug 31 2017 aaptel@suse.com - Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100 * Wed Aug 16 2017 ddiss@suse.com - Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827). * Tue Aug 08 2017 dmulder@suse.com - Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339). * Mon Jul 24 2017 ddiss@suse.com - fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278). * Thu Jul 13 2017 dmulder@suse.com - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339). * Wed Jul 12 2017 ddiss@suse.com - Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387). * Wed Jun 07 2017 ddiss@suse.com - Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756). * Wed Jun 07 2017 nopower@suse.com - s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419). * Mon May 29 2017 ddiss@suse.com - Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899). * Mon May 22 2017 ddiss@suse.com - Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231). * Tue Apr 25 2017 ddiss@suse.com - Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737). * Tue Apr 25 2017 ddiss@suse.com - Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416). * Tue Apr 18 2017 ddiss@suse.com - Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist" * Mon Apr 10 2017 ddiss@suse.com - Update to 4.6.2 + remove bso#12721 patches now upstream * Fri Apr 07 2017 ddiss@suse.com - Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64 * Mon Apr 03 2017 ddiss@suse.com - Enable librados CTDB lock helper for samba-ceph package; (fate#321622). * Thu Mar 30 2017 dmulder@suse.com - Build and install the html man pages (bsc#1021907). * Thu Mar 30 2017 nopower@suse.com - Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721). * Wed Mar 22 2017 jmcdonough@suse.com - Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes * Wed Mar 15 2017 aaptel@suse.com - Remove chkconfig requirements for systemd systems * Mon Mar 13 2017 kukuk@suse.com - Don't call insserv if systemd is used * Fri Feb 10 2017 kukuk@suse.de - Fix check if we need to require insserv * Thu Feb 09 2017 nopower@suse.com - async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416). * Mon Feb 06 2017 aaptel@suse.com - Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847). * Thu Jan 26 2017 dmulder@suse.com - add missing patch for libnss_wins segfault; (bsc#995730). * Wed Jan 25 2017 ddiss@suse.com - Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933). * Mon Jan 23 2017 dmulder@suse.com - Document "winbind: ignore domains" parameter; (bsc#1019416). * Thu Jan 19 2017 ddiss@suse.com - Add base Samba dependency to samba-ceph package. * Mon Dec 19 2016 jmcdonough@suse.com - Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior * Fri Dec 02 2016 nopower@suse.com - Add missing ldb module directory; (bnc#1012092). * Thu Nov 17 2016 nopower@suse.com - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418). * Mon Sep 26 2016 nopower@suse.com - Include vfstest in samba-test; (bsc#1001203). * Wed Sep 21 2016 nopower@suse.com - s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833). * Tue Sep 20 2016 jmcdonough@suse.com - Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730). * Wed Sep 14 2016 jmcdonough@suse.com - Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter * Tue Aug 30 2016 nopower@suse.com - Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299). * Mon Aug 29 2016 nopower@suse.com - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). * Mon Aug 15 2016 ddiss@suse.com - Don't package man pages for VFS modules that aren't built; (boo#993707). * Sat Aug 13 2016 jmcdonough@suse.com - Fix population of ctdb sysconfig after source merge; (bsc#981566). * Fri Aug 12 2016 ddiss@suse.com - Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package. * Thu Jul 07 2016 jmcdonough@suse.com - Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869). * Wed Jun 22 2016 jmcdonough@suse.com - Remove obsolete syslog.target; (bsc#983938). * Tue Jun 14 2016 jmcdonough@suse.com - Honor smb.conf socket options in winbind; (bsc#975131). * Thu Jun 09 2016 jmcdonough@suse.com - Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522). * Thu Jun 09 2016 jmcdonough@suse.com - Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934). * Thu May 19 2016 jmcdonough@suse.com - Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852). * Tue May 03 2016 jmcdonough@suse.com - Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669). * Thu Apr 28 2016 jmcdonough@suse.com - Revert shared library packaging to comply with SLPP * Sat Apr 09 2016 jmcdonough@suse.com - Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862). * Fri Apr 08 2016 nopower@suse.com - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629). * Tue Mar 22 2016 lmuelle@suse.com - Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197). * Tue Mar 22 2016 lmuelle@suse.com - Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package. * Sun Mar 06 2016 jmcdonough@suse.com - Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223). * Thu Mar 03 2016 nopower@suse.com - Upgrade on-disk FSRVP server state to new version; (bsc#924519). * Tue Mar 01 2016 lmuelle@suse.com - Only obsolete but do not provide gplv2/3 package names; (bsc#968973). * Tue Mar 01 2016 lmuelle@suse.com - Relocate existing lock files to /var/lib/samba/lock; (bsc#968963). * Thu Feb 25 2016 lmuelle@suse.com - Obsolete no longer existing samba-32bit package; (bsc#967625). * Tue Feb 23 2016 lmuelle@suse.com - Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732). * Mon Feb 22 2016 lmuelle@suse.com - Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361). * Wed Feb 17 2016 lmuelle@suse.com - Simplify shared library packaging; (bsc#966956). * Sun Feb 14 2016 lmuelle@suse.com - Enable clustering (CTDB) support; (bsc#966271). * Fri Feb 12 2016 lmuelle@suse.com - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023). * Fri Jan 15 2016 lmuelle@suse.com - Add quotes around path of update-apparmor-samba-profile; (bnc#962177). * Wed Jan 13 2016 lmuelle@suse.com - Remove autoconf build-time requirement. * Wed Jan 13 2016 lmuelle@suse.com - Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659). * Mon Jan 11 2016 lmuelle@suse.com - Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249). * Fri Dec 11 2015 lmuelle@suse.com - Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). * Tue Dec 01 2015 lmuelle@suse.com - Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912). * Mon Nov 16 2015 nopower@suse.com - Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972). * Sat Nov 14 2015 lmuelle@suse.com - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems. * Sat Nov 14 2015 lmuelle@suse.com - Remove redundant configure options while adding with-relro. * Sat Nov 14 2015 lmuelle@suse.com - Relocate the lockdir to the /var/lib/samba/lock directory. * Sat Nov 14 2015 lmuelle@suse.com - Cleanup and enhance the pidl sub package. * Thu Oct 22 2015 lmuelle@suse.com - Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage. * Wed Oct 21 2015 lmuelle@suse.com - Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555). * Fri Oct 16 2015 lmuelle@suse.com - Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038). * Fri Sep 25 2015 lmuelle@suse.com - Relocate the tmpfiles.d directory to the client package; (bnc#947552). * Tue Sep 22 2015 lmuelle@suse.com - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716). * Wed Sep 16 2015 lmuelle@suse.com - Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051). * Fri Sep 11 2015 lmuelle@suse.com - Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502). * Wed Sep 09 2015 lmuelle@suse.com - Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013). * Tue Sep 08 2015 lmuelle@suse.com - Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488). * Mon Aug 31 2015 lmuelle@suse.com - Configure with --bundled-libraries=NONE; (bso#11458). * Fri Aug 07 2015 lmuelle@suse.com - Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284). * Fri Jul 17 2015 lmuelle@suse.com - Remove libiniparser-devel build-time requirement. * Tue Jul 14 2015 lmuelle@suse.com - Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371). * Sun Jul 05 2015 tchvatal@suse.com - Disable rpath usage; (bnc#902421). * Fri Jul 03 2015 lmuelle@suse.com - Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909). * Tue Jun 16 2015 nopower@suse.com - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457). * Sat Jun 06 2015 crrodriguez@opensuse.org - Order winbind.service Before and Want nss-user-lookup target. * Fri Jun 05 2015 lmuelle@suse.com - Remove fam-devel build-time dependency for post-6 RHEL systems. * Fri May 29 2015 lmuelle@suse.com - Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033). * Fri May 22 2015 lmuelle@suse.com - Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854). * Wed May 13 2015 lmuelle@suse.com - Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf. * Wed May 06 2015 lmuelle@suse.com - Drop redundant doc attribute from man pages. * Thu Apr 16 2015 lmuelle@suse.com - Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185). * Thu Apr 16 2015 lmuelle@suse.com - Prevent samba package updates from disabling samba kerberos printing. * Thu Apr 09 2015 noel.power@suse.com - Add sparse file support for samba; (fate#318424). * Tue Mar 31 2015 ddiss@suse.com - Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813). * Fri Mar 20 2015 ddiss@suse.com - Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374). * Wed Mar 18 2015 lmuelle@suse.com - Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root. * Tue Mar 17 2015 ddiss@suse.com - Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304). * Thu Mar 05 2015 lmuelle@suse.com - Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127). * Sun Mar 01 2015 lmuelle@suse.com - Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376). * Tue Feb 24 2015 nopower@suse.com - Fix usage of freed memory on server exit; (bso#11218); (bnc#919309). * Tue Feb 24 2015 ddiss@suse.com - Fix tdb_store_flag_to_ntdb() gcc5 build failure. * Thu Jan 22 2015 ddiss@suse.com - Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238). * Thu Jan 22 2015 lmuelle@suse.com - Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). * Tue Jan 20 2015 lmuelle@suse.com - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. * Mon Jan 19 2015 ddiss@suse.com - Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059). * Mon Jan 19 2015 lmuelle@suse.com - Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages. * Tue Jan 13 2015 mpluskal@suse.com - Enable avahi support on post-12.2 systems. * Tue Jan 13 2015 lmuelle@suse.com - Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034). * Tue Jan 06 2015 nopower@suse.de - yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922). * Mon Dec 08 2014 ddiss@suse.com - Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627). * Fri Dec 05 2014 ddiss@suse.com - Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175). * Thu Dec 04 2014 ddiss@suse.com - Fix spoolss error response marshalling; (bso#10984). * Tue Dec 02 2014 lmuelle@suse.de - Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942). * Fri Nov 28 2014 nopower@suse.de - Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312). * Thu Nov 06 2014 lmuelle@suse.com - Use the upstream tar ball, as signature verification is now able to handle compressed archives. * Wed Nov 05 2014 nopower@suse.de - Fix leak when closing file descriptor returned from dirfd; (bso#10918). * Thu Oct 30 2014 ddiss@suse.com - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898). * Tue Oct 28 2014 lmuelle@suse.com - Remove dependency on gpg-offline as signature checking is implemented in the source validator. * Sat Oct 25 2014 lmuelle@suse.com - Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860). * Wed Oct 15 2014 lmuelle@suse.com - Update to 4.2.0rc2. * Wed Oct 08 2014 ddiss@suse.com - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346). * Wed Oct 08 2014 nopower@suse.de - Backport upstream master fixes for samba-regedit; (bnc#896536). * Tue Oct 07 2014 lmuelle@suse.com - BuildRequire python-xml on SUSE systems only. * Sun Oct 05 2014 lmuelle@suse.com - BuildRequire python-xml. - Exclude unwanted texpect binary and libhttp, libsamba-cluster-support, libsamba-debug, and libsocket-blocking shared libs. - Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct, tstream_smbXcli_np, idtree, and idtree_random header files. - Remove nmblookup and smbclient4 binary and nmblookup4 man page. * Thu Oct 02 2014 lmuelle@suse.com - Update to 4.2.0rc1. * Thu Oct 02 2014 ddiss@suse.com - Fix small memory-leak in the background print process; (bnc#899558). * Fri Sep 26 2014 nopower@suse.de - Modify samba-regedit so it displays correctly (related to ncurses). Changed code to use menu sub windows, seems to fix problems with display not refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536). * Thu Sep 25 2014 lmuelle@suse.com - Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and the man page of the unused findsmb script. * Tue Sep 23 2014 ddiss@suse.com - Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969). * Tue Sep 23 2014 lmuelle@suse.com - Update to 4.1.12. + s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout". Please see smb.conf man page for details; (bso#3204); (bnc#872912). + Fix smbd crashes when filename contains non-ascii character; (bso#10716). + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects; (bso#10749). + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570). + s4:setup/dns_update_list: make use of the new substitution variables; (bso#9831). + build: Fix configure to honour '--without-dmapi'; (bso#10369). + provision: Correctly provision the SOA record minimum TTL; (bso#10466). + s3: Enforce a positive allocation_file_size for non-empty files; (bso#10543). + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640). + Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories; (bso#10650). + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652). + lib: strings: Simplify strcasecmp; (bso#10716). + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections; (bso#10723). + 'net time': Fix usage and core dump; (bso#10728). + sys_poll_intr: Fix timeout arithmetic; (bso#10731). + s3:idmap: Don't log missing range config if range checking not requested; (bso#10737). + Fix flapping VFS gpfs offline bit; (bso#10741). + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742). + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for; (bso#10751). + samba: Retain case sensitivity of cifs client; (bso#10755). + lib: Remove unused nstrcpy; (bso#10758). + Fix a memory leak in cli_set_mntpoint(); (bso#10759). + docs: Fix typos in smb.conf (inherit acls); (bso#10761). + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(); (bso#10773). + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(); (bso#10773). + Don't discard result of checking grouptype; (bso#10777). + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778). + smbd: Properly initialize mangle_hash; (bso#10782). + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787). + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read; (bso#10794). * Thu Sep 18 2014 jmcdonough@suse.com - Wait for network-online.target to prevent caching of pre-network failures; (bnc#889175). * Thu Sep 18 2014 jmcdonough@suse.com - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend; (bnc#773464). * Thu Sep 11 2014 ddiss@suse.com - Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912). * Thu Aug 28 2014 ddiss@suse.com - fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774). * Tue Aug 19 2014 lmuelle@suse.com - Remove pre-11.2 patch which by default uses the smbpasswd passdb backend. * Wed Aug 13 2014 lmuelle@suse.com - build: disable mmap on s390 systems; (bso#10765); (bnc#886193); (bnc#882356). * Mon Aug 11 2014 lmuelle@suse.com - Create the cups smb backend as sym link pointing to smbspool; (bnc#891220). * Fri Aug 01 2014 ddiss@suse.com - Fix winbind service parameter usage; (bnc#890005). * Fri Aug 01 2014 lmuelle@suse.com - lib/param: change the default for "winbind expand groups" to "0"; (bnc#890008). * Fri Aug 01 2014 lmuelle@suse.com - Update to 4.1.11. + A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429). * Wed Jul 30 2014 ddiss@suse.com - Fix "net time" segfault; (bso#10728); (bnc#889539). * Mon Jul 28 2014 lmuelle@suse.com - Update to 4.1.10. + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263). + dbcheck: Add check and test for various invalid userParameters values; (bso#8077). + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077). + Simple use case results in "no talloc stackframe around, leaking memory" error; (bso#8449). + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763). + dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130). + s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294). + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469). + dbchecker: Verify and fix broken dn values; (bso#10536). + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582). + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587). + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret"; (bso#10593). + rid_array used before status checked - segmentation fault due to null pointer dereference; (bso#10627). + Samba won't start on a machine configured with only IPv4; (bso#10653). + msg_channel: Fix a 100% CPU loop; (bso#10663). + s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673). + samba-tool: Add --site parameter to provision command; (bso#10674). + smbstatus: Fix an uninitialized variable; (bso#10680). + SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684). + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685). + 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the invalid status check in the second client; (bso#10687). + wbcCredentialCache fails if challenge_blob is not first; (bso#10692). + Backport ldb-1.1.17 + changes from master; (bso#10693). + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693). + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693). + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693). + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910); (bso#10693). + ldb: make the successful ldb_transaction_start() message clearer; (bso#10693). + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693). + ldb: Use of NULL pointer bugfix; (bso#10693). + lib/ldb: Fix compiler warnings; (bso#10693). + pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693). + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693). + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694). + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694). + Backport autobuild/selftest fixes from master; (bso#10696). + Backport drs-crackname fixes from master; (bso#10698). + smbd: Avoid double-free in get_print_db_byname; (bso#10699). + Backport access check related fixes from master; (bso#10700). + Backport provision fixes from master; (bso#10703). + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706). + s3: Fix missing braces in nfs4_acls.c. * Wed Jul 09 2014 ddiss@suse.com - Reduce printer_list.tdb lock contention during printcap update; (bso#10652); (bnc#883870). + Only update the printer share inventory when needed. * Tue Jul 08 2014 lmuelle@suse.com - Add missing newline to debug message in daemon_ready(); (bnc#865627). * Mon Jul 07 2014 lmuelle@suse.com - BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627). * Wed Jun 25 2014 ddiss@suse.com - Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). * Mon Jun 23 2014 lmuelle@suse.com - Update to 4.1.9. + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962). + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler; CVE-2014-3493; (bnc#883758). * Thu Jun 12 2014 lmuelle@suse.com - BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case. * Thu Jun 12 2014 lmuelle@suse.com - BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent on CentOS, Fedora, and RHEL systems. * Tue Jun 03 2014 lmuelle@suse.com - Update to 4.1.8. + dns: Don't reply to replies; CVE-2014-0239; (bso#10609). + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549). + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124). + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command; (bso#10151). + s3: nmbd: Reset debug settings after reading config file; (bso#10239). + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348). + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'; (bso#10472). + wafsamba: Fix the installation on FreeBSD; (bso#10472). + Use exit_daemon() to communicate status of startup to systemd; (bso#10517). + Fix adding NetApps; (bso#10524). + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544). + s3: lib/util: set_namearray reads across end of namelist; (bso#10544). + idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0; (bso#10547). + build: Fix ordering problems with lib-provided and internal RPATHs; (bso#10548). + Fix read of deleted memory in reply_writeclose()'; (bso#10554). + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556). + Fix lock order violation and file lost; (bso#10564). + dsdb: Do checks for invalid renames in samldb, before repl_meta_data; (bso#10569). + Fix wildcard unlink to fail if we get an error rather than trying to continue; (bso#10577). + byteorder: Do not assume PowerPC is big-endian; (bso#10590). + printing: Fix purge of all print jobs; (bso#10612). * Fri May 23 2014 lmuelle@suse.com - examples/libsmbclient: avoid some compiler warnings; (bso#10624). * Thu May 22 2014 ddiss@suse.com - Fix printer job purging; (bso#10612); (bnc#879390). * Sun May 18 2014 lmuelle@suse.com - Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17. * Mon May 05 2014 ddiss@suse.com - Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701). * Fri May 02 2014 ddiss@suse.com - Pass through vfs_btrfs snapshot manipulation requests when "btrfs: manipulate snapshots = no" is configured; (bnc#874180). * Fri Apr 25 2014 ddiss@suse.com - Clone the base share security descriptor when exposing a snapshot share; (bnc#874656). * Thu Apr 24 2014 ddiss@suse.com - Use appropriate HRESULT return codes; (bnc#875046). * Thu Apr 17 2014 lmuelle@suse.com - Update to 4.1.7. + Make "force user" work as expected; (bso#9878). + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911). + Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942). + s3-printing: Fix obvious memory leak in printer_list_get_printer(); (bso#9993). + doc: Add "spoolss: architecture" parameter usage; (bso#10188). + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200). + Make (lib)smbclient work with NetApp; (bso#10230). + SessionLogoff on a signed connection with an outstanding notify request crashes smbd; (bso#10344). + dfs: Always call create_conn_struct with root privileges; (bso#10378). + 'net ads search' on high latency networks can return a partial list with no error indication; (bso#10387). + max xmit > 64kb leads to segmentation fault; (bso#10422). + Fix STATUS_NO_MEMORY response from Query File Posix Lock request; (bso#10431). + Increase max netbios name components; (bso#10439). + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order; (bso#10444). + Fix 'wbinfo -i' with one-way trust; (bso#10458). + samba4 services not binding on IPv6 addresses causing connection delays; (bso#10464). + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467). + Don't respond with NXDOMAIN to records that exist with another type; (bso#10471). + pidl: waf should have an option for the dir to install perl files and do not glob; (bso#10472). + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474). + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481). + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE; (bso#10484). + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs; (bso#10504). + Make 'smbreadline' build with readline 6.3; (bso#10506). + smbd: Correctly add remote users into local groups; (bso#10508). + rpcclient FSRVP request UNCs should include a trailing backslash; (bso#10521). + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534). + s3:rpc_server: Minor refactoring of process_request_pdu(). * Tue Apr 15 2014 ddiss@suse.com - Create a new DBus connection for every vfs_snapper request, to ensure correct snapper UID detection; (bnc#866354). * Tue Apr 15 2014 nopower@suse.de - Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658). * Fri Apr 11 2014 ddiss@suse.com - Fix minor compiler warnings in snapshot code-path; (bnc#873177). * Fri Apr 11 2014 lmuelle@suse.com - Remove references to the obsolete samba-krb-printing package and get_printing_ticket binary. * Fri Apr 11 2014 ddiss@suse.com - Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549); (bnc#872396). * Fri Apr 11 2014 nopower@suse.de - User error strings instead of hex codes where possible for FSRVP errors; (bnc#866927). * Tue Apr 01 2014 ddiss@suse.com - Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957). * Tue Apr 01 2014 lmuelle@suse.com - Add krb5rcache directory to the winbind package; (bnc#870607). - Cleanup and consolidate the sysconfig and systemd service files. * Fri Mar 28 2014 ddiss@suse.com - Extend vfs_snapper man page to cover permissions; (bnc#870570). * Wed Mar 26 2014 ddiss@suse.com - Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707). * Fri Mar 21 2014 lmuelle@suse.com - Default with the cache and lock directory to the same path to have both non-persistent and persistent data at one location; (bnc#846586). * Wed Mar 12 2014 lmuelle@suse.com - Depend only on %version with all manual Provides and Requires; (bnc#844307). * Tue Mar 11 2014 lmuelle@suse.com - Update to 4.1.6. + Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866). * Tue Mar 11 2014 lmuelle@suse.com - Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). * Tue Mar 11 2014 lmuelle@suse.com - Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665). * Mon Mar 10 2014 nopower@suse.com - samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442; (bnc#855866). * Tue Mar 04 2014 ddiss@suse.com - Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095). * Thu Feb 27 2014 ddiss@suse.com - Propagate snapshot enumeration permissions errors to SMB clients; (bnc#865641). * Wed Feb 26 2014 nopower@suse.de - Properly handle empty 'requires_membership_of' entries in /etc/security/pam_winbind.conf; (bnc#865771). * Tue Feb 25 2014 ddiss@suse.com - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). * Mon Feb 24 2014 ddiss@suse.com - Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397). * Fri Feb 21 2014 ddiss@suse.com - Use libarchive to provide improved smbclient tarmode functionality; (bso#9667); (bnc#861135). * Fri Feb 21 2014 lmuelle@suse.com - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). * Fri Feb 21 2014 lmuelle@suse.com - Update to 4.1.5. + Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork; (bso#10358); (bnc#786677). + smbd: Fix memory overwrites; (bso#10415). + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(); (bso#2191). + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind; (bso#10087). + s3: smbpasswd: Fix crashes on invalid input; (bso#10320). + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open; (bso#10406). + Add support for Heimdal's unified krb5 and hdb plugin system, cope with first element in hdb_method having a different name in different heimdal versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418). + vfs_btrfs: Fix incorrect zero length server-side copy request handling; (bso#10424). + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429). + smbd: Fix an ancient oplock bug; (bso#10436). + Fix crash bug in smb2_notify code; (bso#10442). * Tue Feb 18 2014 lmuelle@suse.com - Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). * Fri Feb 14 2014 ddiss@suse.com - Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079). + Improve vfs_snapper documentation. * Wed Feb 12 2014 ddiss@suse.com - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). * Sat Feb 08 2014 ddiss@suse.com - Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415); (bnc#862370). * Fri Feb 07 2014 lmuelle@suse.com - Streamline the vendor suffix handling and add support for SLE 12. * Fri Feb 07 2014 ddiss@suse.com - Fix zero length server-side copy request handling; (bso#10424); (bnc#862558). * Tue Feb 04 2014 lmuelle@suse.com - Set the PID directory to /run/samba on post-12.2 systems. * Tue Feb 04 2014 lmuelle@suse.com - Make use of the tmpfilesdir macro while calling systemd-tmpfiles. * Tue Jan 28 2014 nopower@suse.de - Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937). * Tue Jan 28 2014 ddiss@suse.com - Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH definitions; (bnc#860832). * Tue Jan 28 2014 ddiss@suse.com - Check for NULL gensec_security in gensec_security_by_auth_type(); (bnc#860809). * Tue Jan 28 2014 ddiss@suse.com - Ensure ndr table initialization; (bnc#860648). * Fri Jan 24 2014 ddiss@suse.com - Add File Server Remote VSS Protocol (FSRVP) server for SMB share shadow-copies; (fate#313346). * Fri Jan 24 2014 lmuelle@suse.com - s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662). - shadow_copy2: module "Previous Version" not working in Windows 7; (bso#10259). - s3-passdb: Fix string duplication to pointers; (bso#10367). - vfs/glusterfs: in case atime is not passed, set it to the current atime; (bso#10384) * Fri Jan 24 2014 lmuelle@suse.com - s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(); (bso#10358); (bnc#786677). * Mon Jan 20 2014 lmuelle@suse.com - Default sysconfig daemon options to -D; (bso#10388); (bnc#857454). * Thu Jan 16 2014 lmuelle@suse.com - Add /var/cache/samba to the client file list; (bnc#846586). * Tue Jan 14 2014 lmuelle@suse.com - Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454). * Mon Jan 13 2014 lmuelle@suse.com - Correct sysconfig variable names by adding the missing D char; (bnc#857454). * Fri Jan 10 2014 lmuelle@suse.com - Update to 4.1.4. + Fix segfault in smbd; (bso#10284). + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311). * Wed Jan 08 2014 lmuelle@suse.com - Call stop_on_removal from preun and restart_on_update and insserv_cleanup from postun on pre-12.3 systems only; (bnc#857454). * Wed Jan 08 2014 adrian@suse.de - BuildRequire gamin-devel instead of unmaintained fam-devel package on post-12.1 systems. * Mon Jan 06 2014 lmuelle@suse.com - smbd: allow updates on directory write times on open handles; (bso#9870). - lib/util: use proper include for struct stat; (bso#10276). - s3:winbindd fix use of uninitialized variables; (bso#10280). - s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285). - s3-lib: Fix %G substitution for domain users in smbd; (bso#10286). - smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open; (bso#10297). - smb2_server processing overhead; (bso#10298). - ldb: bad if test in ldb_comparison_fold(); (bso#10305). - Fix AIO with SMB2 and locks; (bso#10310). - smbd: Fix a panic when a smb2 brlock times out; (bso#10311). - vfs_glusterfs: Enable per client log file; (bso#10337). * Mon Jan 06 2014 lmuelle@suse.com - Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454). * Mon Jan 06 2014 lmuelle@suse.com - Create /var/run/samba with systemd-tmpfiles on post-12.2 systems; (bnc#856759). * Mon Jan 06 2014 lmuelle@suse.com - Fix broken rc{nmb,smb,winbind} sym links which should point to the service binary on post-12.2 systems; (bnc#856759). * Mon Jan 06 2014 ddiss@suse.com - Add Snapper VFS module for snapshot manipulation; (fate#313347). + dbus-1-devel required at build time. * Mon Jan 06 2014 ddiss@suse.com - Add File Server Remote VSS Protocol (FSRVP) client for SMB share shadow-copies; (fate#313345). * Wed Dec 11 2013 lmuelle@suse.com - Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part of the minimum build environment. * Mon Dec 09 2013 lmuelle@suse.com - Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347). * Fri Dec 06 2013 lmuelle@suse.com - Make use of the full gpg pub key file name including the key ID. * Thu Dec 05 2013 ddiss@suse.com - Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks. * Thu Dec 05 2013 ddiss@suse.com - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770). * Mon Dec 02 2013 lmuelle@suse.com - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). * Fri Nov 22 2013 lmuelle@suse.com - BuildRequire systemd on post-12.2 systems. * Fri Nov 22 2013 lmuelle@suse.com - Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'; (bso#10193). + Make offline logon cache updating for cross child domain group membership; (bso#10194). + nsswitch: Fix short writes in winbind_write_sock; (bso#10195). + RW Deny for a specific user is not overriding RW Allow for a group; (bso#10196). + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(); (bso#10224). + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs; (bso#10224). + VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity; (bso#10224). + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232). + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247). + Fix the build of vfs_glusterfs; (bso#10253). + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries; (bso#10264). + util: Remove 32bit macros breaking strict aliasing; (bso#10269). * Thu Nov 21 2013 lmuelle@suse.com - Let gpg verify execution condition not fail on non SUSE systems. * Thu Nov 21 2013 lmuelle@suse.com - Add systemd support for post-12.2 systems. * Tue Nov 19 2013 nopower@suse.de - Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). * Fri Nov 15 2013 lmuelle@suse.com - Unconditionally create the CUPS smb backend sym link pointing to smbspool; (bnc#850656). * Wed Nov 13 2013 lmuelle@suse.com - Update to 4.1.1. + ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). * Sun Nov 10 2013 lmuelle@suse.com - Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). * Wed Oct 30 2013 lmuelle@suse.com - ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). * Fri Oct 11 2013 lmuelle@suse.com - Update to 4.1.0. + pam_winbindd: Support the KEYRING ccache type; (bso#10132). + Fix PAC parsing failure; (bso#10178). * Wed Oct 09 2013 lmuelle@suse.com - Unify the defattr lines in the pidl, python, test and test-devel files section by removing the optional directory mode. * Wed Oct 09 2013 lmuelle@suse.com - Verify source tar ball gpg signature. * Fri Sep 27 2013 lmuelle@suse.com - Update to 4.1.0rc4. + dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs; (bso#8077). + python-samba-tool fsmo: Do not give an error on a successful role transfer; (bso#9461). + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008). + Raise the level of a debug when unable to open a printer; (bso#10118). + Add "acl allow execute always" parameter; (bso#10134). + vfs_shadow_copy2: Display previous versions correctly over SMB2; (bso#10137). + smbd: Always clean up share modes after hard crash; (bso#10138). + Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144). + Samba SMB2 client code reads the wrong short name length in a directory listing reply; (bso#10145). + libcli/smb: Only check the SMB2 session setup signature if required and valid; (bso#10146). + Better document potential implications of a globally used "valid users"; (bso#10147). + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149). + Not all OEM servers support the ALTNAME info level; (bso#10150). + Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects; (bso#10157). + Netbios related samba process consumes 100% CPU; (bso#10158). + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162). * Thu Sep 19 2013 lmuelle@suse.com - Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel. * Mon Sep 16 2013 lmuelle@suse.com - Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0, libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0, libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0, libsmbldap0, and libtevent-util0 to baselibs.conf. * Sat Sep 14 2013 jengelh@inai.de - Add or polish the shared library package summaries and descriptions. * Fri Sep 13 2013 lmuelle@suse.com - Update to 4.1.0rc3. + Fix working on site with Read Only Domain Controller; (bso#5917). + Add man page for vfs_syncops; (bso#7364). + Add man page for vfs_linux_xfs_sgid; (bso#7490). + When replicating DNS for bind9_dlz we need to create the server-DNS account remotely; (bso#9091). + Winbind unable to retrieve user information from AD; (bso#9615). + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO; (bso#9899). + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911). + Add SMB2 and SMB3 support for smbclient; (bso#9974). + Add man pages for ntdb tools; (bso#10000). + Add man page for samba-regedit tool; (bso#10001). + ::1 added to nameserver on join; (bso#10030). + Fix memory leak in source3/lib/util.c:1493; (bso#10063). + Fix segmentation fault in 'net ads join'; (bso#10073). + Fix variable list in vfs_crossrename man page; (bso#10076). + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082). + smbd: Fix async echo handler forking; (bso#10086). + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). + Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). + Fix Winbind crashes on DC with trusted AD domains; (bso#10107). + Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). + Masks incorrectly applied to UNIX extension permission changes; (bso#10121). * Thu Sep 05 2013 jengelh@inai.de - Implement shared library packaging guidelines. - Correct interpackage dependencies; (bso#10129). * Tue Sep 03 2013 lmuelle@suse.com - Define the source URL differently in the case of a release candidate. * Sat Aug 31 2013 lmuelle@suse.com - Update to 4.1.0rc2. + Add vfs_btrfs module. + Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. + Fix replication with --domain-crictical-only to fill in backlinks; (bso#9029). + Windows 8 Roaming profiles fail; (bso#9678). + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + Do not delete an existing valid credential cache (s3-winbind); (bso#9994). + Fix segfault while reading incomplete session info; (bso#10003). + Missing integer wrap protection in EA list reading can cause server to loop with DOS (CVE-2013-4124); (bso#10010). + Fix a 100% loop at shutdown time (smbd); (bso#10013). + Fix/improve debug options; (bso#10015). + Rename regedit to samba-regedit; (bso#10040). + Remove obsolete swat manpage and references; (bso#10041). + Fix crashes in socket_get_local_addr(); (bso#10042). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Remove a redundant inlined substitution of ACLs; (bso#10045). + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048). + dsdb improvements; (bso#10056). + Linux kernel oplock breaks can miss signals; (bso#10064). * Thu Aug 29 2013 lmuelle@suse.com - BuildRequire pyldb-devel. * Wed Aug 28 2013 lmuelle@suse.com - Add libnetapi0 and samba-libs to baselibs.conf. * Thu Aug 22 2013 lmuelle@suse.de - Update to 4.0.9. + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + s3-lib: Fix segmentation fault while reading incomplete session info; (bso#10003). + smbd: Fix a 100% loop at shutdown time; (bso#10013). + Windows 8 Roaming profiles fail; (bso#9678). + Add UPN enumeration to passdb internal API; (bso#9779). + smbd: Cleanup disonnected durable handles; (bso#9930). + vfs_streams_xattr: Do not attempt to write empty attribute twice; (bso#9970). + Fix Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + s3-winbind: Do not delete an existing valid credential cache; (bso#9994). + Fix excessive RID allocation; (bso#10014). + Add debugclass for DNS server; (bso#10015). + Fix/improve debug options; (bso#10015). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Linux kernel oplock breaks can miss signals; (bso#10064). + net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073). * Mon Aug 05 2013 lmuelle@suse.com - Update to 4.0.8. + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969). * Mon Jul 22 2013 lmuelle@suse.com - Require krb5 and not the non existing krb5-libs package. * Wed Jul 17 2013 lmuelle@suse.com - Update to 4.1.0rc1. + Directory database replication (AD DC mode) + Server-Side Copy Support + Btrfs Filesystem Integration * Fri Jul 12 2013 lmuelle@suse.com - BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp. - BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version. - Require perl-base on SUSE systems only. * Fri Jul 12 2013 lmuelle@suse.com - Adjust group setting of the test-devel subpackage. - Require perl-base from the pidl subpackage. * Fri Jul 12 2013 lmuelle@suse.com - Remove libdir/samba/ldb after install if we're building Samba without Active Directory Domain Controller support. * Thu Jul 11 2013 lmuelle@suse.com - Remove unused ccache switch from the spec file. * Thu Jul 11 2013 lmuelle@suse.com - BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the man pages and add them to the package again. * Thu Jul 11 2013 lmuelle@suse.com - Build from the package from the top level directory; (bnc#794744). - BuildRequire pytalloc-devel, python-tdb, and python-tevent. - Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1 SUSE systems. * Fri Jul 05 2013 lmuelle@suse.com - Remove the empty data dir from the doc package filelist. - Explicitly use samba instead of the name macro to define the docbook dir. * Tue Jul 02 2013 lmuelle@suse.com - Update to 4.0.7. + Fix a core dump with invalid lock order while opening/editing or copying MS files; (bso#9794). + Fix crash bug from search of mail=; (bso#9967). + s3-rpc_server: Ensure we are root when starting and using gensec; (bso#9465). + Add support for MX queries; (bso#9485). + dns: Delete dnsNode objects when they are empty; (bso#9559). + dns: Support larger queries when asking forwarder; (bso#9632). + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805). + Use of wrong RFC2307 primary group field; (bso#9880). + Check for system libtevent; (bso#9881). + is_printer_published GUID retrieval; (bso#9900). + Doc fixes for 4.0; (bso#9906). + Build fixes for 4.0 found during autoconf or debian packaging work; (bso#9907). + build: Add missing new line to replaced python shebang line; (bso#9909). + PIE builds not supported; (bso#9910). + s4:winbind: Don't leak libnet_context into the main event context; (bso#9929). + Fix a bug of drvupgrade of smbcontrol; (bso#9941). + Check for netbios aliases in ad_get_referrals; (bso#9947). + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953). + docs: Avoid mentioning a possibly misleading option; (bso#9964). + Fix build with system Heimdal of samba4kgetcred; (bso#9968). * Mon Jul 01 2013 lmuelle@suse.com - Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and OBS for any other operating system to define the vendor string while build. * Fri Jun 28 2013 lmuelle@suse.com - Remove ldapsmb from the main spec file. * Wed Jun 26 2013 lmuelle@suse.com - Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man. * Tue Jun 25 2013 lmuelle@suse.com - Don't bzip2 the main tar ball, use the upstream gziped one instead. * Sun Jun 23 2013 jengelh@inai.de - Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and libopenssl-devel. * Wed Jun 05 2013 ddiss@suse.com - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). * Wed May 22 2013 lmuelle@suse.com - Update to 4.0.6. + Fix crash during Win8 sync; (bso#9822). + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834). + Fix the username map optimization; (bso#9139). + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). + SMB2 server doesn't support recvfile; (bso#9412). + Fix the build of vfs_notify_fam; (bso#9545). + Fix adding case sensitive spn; (bso#9699). + Properly handle oplock breaks in compound requests; (bso#9722). + Properly handle oplock breaks in compound requests; (bso#9722). + Cache name_to_sid/sid_to_name correctly; (bso#9766). + Fix 'net ads join' when called via stdin; (bso#9767). + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775). + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading; (bso#9777). + Fix panic when running 'smbtorture smb.base'; (bso#9782). + Use specified python for runtime installation of Samba; (bso#9785). + Change '--with-dmapi' to 'default=auto' to match the autoconf build; (bso#9803). + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION; (bso#9804). + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807). + Package new dbwrap_tool man page; (bso#9809). + Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem; (bso#9811). + Fix 'map untrusted to domain' with NTLMv2; (bso#9817). + SMB signing and the async echo responder don't work together; (bso#9824). + Fix panic in nt_printer_publish_ads; (bso#9830). + talloc use after free in winbind4; (bso#9832). + Function called in unix_convert() path can overwrite errno; (bso#9833). + Fix NULL pointer dereference in Winbind; (bso#9854). + Fix making LIBNDR_PREG_OBJ; (bso#9868). * Fri Apr 26 2013 lmuelle@suse.com - Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches. * Tue Apr 09 2013 lmuelle@suse.com - Update to 4.0.5. + Fix large reads/writes from some Linux clients; (bso#9706). + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740). + Can't delegate adding computers to domain; (bso#9267). + Fix GNU ld version detection with old gcc releases; (bso#7825). + Never try to map global SAM name; (bso#9039). + Certain xattrs cause Windows error 0x800700FF; (bso#9130). + Samba returns unexpected error on SMB posix open; (bso#9519). + Fix build on AIX; (bso#9557). + libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa; (bso#9617). + Reauth-capable client fails to access shares on Windows member; (bso#9625). + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636). + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639). + Fix the build of vfs_afsacl; (bso#9642). + Fix the build with --fake-kaserver; (bso#9643). + Fix compile of source3/lib/afs.c; (bso#9644). + Make SMB2_GETINFO multi-volume aware; (bso#9646). + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653). + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656). + 'make test' hangs; (bso#9663). + Fix correct linking of libreplace with cmdline-credentials; (bso#9664). + Fix filtering of link-local addresses; (bso#9666). + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669). + Samba denies owner Read Control when there is a DENY entry while W2K08 does not; (bso#9674). + Fix several resource (fd) leaks; (bso#9683). + Fix a memory leak in spoolss rpc server; (bso#9685). + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686). + Fix several possible null pointer dereferences; (bso#9687). + Make sure that domain joins work correctly when the DC disallows NTLM auth; (bso#9689). + Backport tevent changes to bring library to version 0.9.18; (bso#9695). + Remove incomplete samba_dnsupdate IPv6 link-local address check; (bso#9696). + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket; (bso#9697). + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833). + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703). + Fix nss_winbind name on FreeBSD; (bso#9704). + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls; (bso#9711). + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717). + s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307; (bso#9718). + Allow forcing an override of an old @MODULES record; (bso#9719). + Do not print the admin password during 'samba-tool classicupgrade'; (bso#9720). + Make samba_upgradedns more robust (do not guess addresses when just changing roles); (bso#9721). + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723). + is_encrypted_packet() function incorrectly used inside server; (bso#9724). + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725). + Fix NULL pointer dereference; (bso#9727). + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728). + Fix 'smbcontrol close-share'; (bso#9733). + Fix Winbind separator in upn to username conversion; (bso#9735). + Change to smbd/dir.c code gives significant performance increases on large directory listings; (bso#9736). + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739). + Make sure that we only propogate the INHERITED flag when we are allowed to; (bso#9747). + Remove unneeded fstat system call from hot read path; (bso#9748). + Don't leak the epm_Map policy handle; (bso#9758). + Fix incorrect parsing of SMB2 command codes; (bso#9760). - Update to 4.0.4. + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624). * Thu Mar 14 2013 ddiss@suse.com - Fix periodic printcap cache reloads; (bso#9650); (bnc#807334). * Tue Feb 26 2013 lmuelle@suse.com - No longer use the cifs- or smbfstab named configuration file on post-12.2 systems; (bnc#804822); (bnc#821889). * Mon Feb 25 2013 lmuelle@suse.com - Shift the smbfs init script nfs dependency from Required to Should. * Mon Feb 11 2013 ddiss@suse.com - Fix SMB1 Session Setup AndX handling with a large krb PAC; (bso#9658); (bnc#802031). * Fri Feb 08 2013 lmuelle@suse.com - Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to generate the default share snippets on pre-12.2 systems. * Fri Feb 08 2013 ddiss@suse.com - Explicitly configure --with-ads. * Thu Feb 07 2013 ddiss@suse.com - Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350). * Thu Feb 07 2013 lmuelle@suse.com - Remove superfluous quotation marks while setting the SAMBA_VERSION_VENDOR_SUFFIX string. * Wed Feb 06 2013 sjayaraman@suse.de - Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same; (bnc#800782). * Tue Feb 05 2013 lmuelle@suse.com - Update to 4.0.3. + Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface; add documentation; (bso##8909). + check_password_quality: Handle non-ASCII characters properly; (bso##9105). + Fix 'smbd' panic triggered by unlink after open; (bso##9571). + smbd: Fix memleak in the async echo handler; (bso##9549). + defer_open is triggered multiple times on the same request; (bso#9196). + Add extra attributes for AD printer publishing; (bso#9378). + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461). + Downgrade v4 printer driver requests to v3; (bso#9474). + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers; (bso#9481). + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499). + waf assumes that pythonX.Y-config is a Python script; (bso#9503). + s4:drsuapi: Make sure we report the meta data from the cycle start; (bso#9508). + wafsamba: Use additional xml catalog file; (bso#9512). + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517). + conn->share_access appears not be be reset between users; (bso#9518). + Remove superfluous bracket in samba.8.xml; (bso#9528). + Fix typo in vfs_tsmsm.8.xml; (bso#9530). + terminate the irpc_servers_byname() result with server_id_set_disconnected(); (bso#9540). + Make use of posix_openpt; (bso#9541). + Fix build of vfs_commit and plug in async pwrite support; (bso#9544). + Fix aio_suspend detection on FreeBSD; (bso#9546). + Correctly detect O_DIRECT; (bso#9548). + sigprocmask does not work on FreeBSD to stop further signals in a signal handler; (bso#9550). + smb.conf(5): Update list of available protocols; (bso#9552). + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555). + Fix compilation of Solaris ACL module; (bso#9564). + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors; (bso#9565). + Add dbwrap_tool.1 manual page; (bso#9568). + Document the command line options in dbwrap_tool(1); (bso#9568). + ntlm_auth(1): Fix format and make examples visible; (bso#9569). + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients; (bso#9572). + Fix a possible null pointer dereference in spoolss; (bso#9574). + Duplicate flags defined in the winbindd protocol; (bso#9575). + gensec: Allow login without a PAC by default; (bso#9581). + smbd: disk_free: sys_popen() failed" message logged in /var/log/message many times; (bso#9586). + Archive flag is always set on directories; (bso#9587). + ACLs are not inherited to directories for DFS shares; (bso#9588). + Correct meta data in ldb manpages; (bso#9591). + s3-winbind: Fix the build of idmap_ldap; (bso#9595). + Linked attribute handling should be by GUID; (bso#9596). + Fix timeouts of some IRPC calls; (bso#9598). + Use pid,task_id as cluster_id in process_single just like process_prefork; (bso#9598). + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609). + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610). * Thu Jan 31 2013 lmuelle@suse.com - Update to 4.0.2. + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both don't apply to any SUSE Samba post-3.6.10 as it isn't longer built. + Don't build and package static libraries. * Thu Jan 31 2013 lmuelle@suse.com - Drop separate build-source-timestamp file as it led to a second, incorrect Source Timestamp line. * Wed Jan 23 2013 ddiss@suse.com - Add server-side copy support; (fate#314770). + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers. + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage. * Mon Jan 21 2013 lmuelle@suse.com - Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2. * Mon Jan 21 2013 lmuelle@suse.com - Disable SWAT during configure and don't package it any longer. * Fri Jan 18 2013 lmuelle@suse.com - Remove dangling references to Heimdal from the spec file. * Thu Jan 17 2013 lmuelle@suse.com - Remove /lib/samba prefix from the localstatedir configure option. * Tue Jan 15 2013 lmuelle@suse.com - Update to 4.0.1. + Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects; CVE-2013-0172; (bnc#798364). * Wed Jan 09 2013 lmuelle@suse.com - Add the missing get_printing_ticket binary path while calling the set_permissions macro; (bnc#783375). * Sun Dec 23 2012 lmuelle@suse.com - Use the version macro while definition of the branch macro. * Wed Dec 19 2012 lmuelle@suse.com - Remove references to no longer used devel macros. * Tue Dec 11 2012 lmuelle@suse.com - Update to 4.0.0. + Honor password complexity settings; (bso#9414). + Install SWAT *.msg files with waf; (bso#9415). + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES; (bso#9438). + developer-build: Fix panic when acl_xattr fails with access denied; (bso#9456). + Fix "map username script" with "security=ads" and Winbind; (bso#9457). + Install manpages only if we install the target; (bso#9459). + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Users can not be given write permissions any more by default; (bso#9462). + Fix MMC crashes; (bso#9470). + Fix SEGV when using second vfs module; (bso#9471). + Support FIPS mode when building Samba; (bso#9479). + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481). * Tue Dec 11 2012 lmuelle@suse.com - netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken; (bso#9438). - s3:auth: fix create_token_from_sid() to not fail in the winbindd case; (bso#9457). - s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given; (bso#9470). - Support FIPS mode when building Samba; (bso#9479). - s4:provision: set the correct nTSecurityDescriptor; (bso#9481). * Mon Dec 10 2012 lmuelle@suse.com - SEGV when using second vfs module; (bso#9471). * Mon Dec 10 2012 lmuelle@suse.com - Update to 3.6.10. + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Fix segfault when "default devmode" is disabled; (bso#9433). + Fix segfaults in "log level = 10" on Solaris; (bso#9390). * Sun Dec 09 2012 lmuelle@suse.com - s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED; (bso#9456). - Install manpages only if we install the target; (bso#9459). - Users can not be given write permissions any more by default; (bso#9462). * Sat Dec 08 2012 lmuelle@suse.com - Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094); (bso#9418). - Use work around for 'winbind use default domain' only if it is set; (bso#9367). - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend; (bso#9374). - large read requests cause server to issue malformed reply; (bso#9422). - s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426). - Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439). - Allow to force DNS updates using net; (bso#9451). - Respond correctly to FILE_STREAM_INFO requests; (bso#9460). * Fri Dec 07 2012 lmuelle@suse.com - Update to 4.0.0rc6. See WHATSNEW.txt from the samba-doc package. * Tue Dec 04 2012 lmuelle@suse.com - On uninstall remove winbind from the pam configuration, invalidate the nscd passwd and group cache and only recommend the install of nscd; (bnc#792340). * Mon Dec 03 2012 lmuelle@suse.com - BuildRequire libnscd-devel once. * Sun Dec 02 2012 lmuelle@suse.com - Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294). - Add SUSE version depending pkg-config requires macro; (bnc#792294). * Sun Dec 02 2012 lmuelle@suse.com - Define library names and use it instead of libldb1, libnetapi0, libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and libwbclient0; (bnc#792294). - Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems. * Fri Nov 30 2012 lmuelle@suse.com - Don't clutter the spec file diff view; (bnc#783384). * Wed Nov 28 2012 jmcdonough@suse.com - Fix fd leak causing 100% CPU in winbind on certain dc connection failures; (bso#9436); (bnc#786677). * Tue Nov 27 2012 ddiss@suse.com - Fix spoolss segfault when default devmode is disabled; (bso#9433); (bnc#791183). * Mon Nov 19 2012 lmuelle@suse.com - Update to 4.0.0rc5. See WHATSNEW.txt from the samba-doc package. * Fri Nov 16 2012 lmuelle@suse.com - ACL masks incorrectly applied when setting ACLs; (bso#9236). - s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272). - lib/replace: replace all *printf function if we replace snprintf; (bso#9390). - lib/addns: don't depend on the order in resp->answers[]; (bso#9402). * Tue Nov 13 2012 lmuelle@suse.com - s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209). - lib/krb5_wrap: request enc_types in the correct order; (bso#9272). - Fix net ads join message for the dns domain; (bso#9326). - docs-xml: fix use of <smbconfoption> tag; (bso#9345). - s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359). - s3:winbind: Failover if netlogon pipe is not available; (bso#9386). * Thu Nov 01 2012 lmuelle@suse.com - Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available. * Mon Oct 29 2012 lmuelle@suse.com - Ensure adding the winbind group never can fail. * Mon Oct 29 2012 lmuelle@suse.com - Create ntadmin group only if it doesn't yet exist. * Mon Oct 29 2012 lmuelle@suse.com - Update to 3.6.9. + When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). + Winbind can't fetch user or group info from AD via LDAP; (bso#9147). + Fix segfault in smbd if user specified ports out for range; (bso#9218). * Mon Oct 29 2012 lmuelle@suse.com - quota: Don't force the block size to 512; (bso#3272). - Fix poll replacement to become a msleep replacement; (bso#8107). - Fix wrong test == syntax in configure; (bso#8146). - Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344). - Fix builtin forms order to match Windows again; (bso#8632). - Fix RAW printing for normal users; (bso#8769); (bnc#790741). - Initialise ticket to ensure we do not invalid memory; (bso#8788). - Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966). - Fix crash on null pam change pw response; (bso#9013). - Connection to outbound trusted domain goes offline; (bso#9016). - Increase debug level for info that the db is empty; (bso#9112). - 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117). - Winbind can't fetch user or group info from AD via LDAP; (bso#9147). - Open printers with the right access mask; (bso#9154). - Fix makerpms.sh on RHEL; (bso#9165). - Remove non-existent option '-Y' from winbindd manpage; (bso#9171). - Add quota support for gfs2; (bso#9172). - Make SMB2 compound request create/delete_on_close/close work as Windows; (bso#9173). - Empty SPNEGO packet can cause smbd to crash; (bso#9174). - pam_winbind: Match more return codes when wbcGetPwnam has failed; (bso#9177). - Fix crash bug in idmap_hash; (bso#9188); (bnc#788159). - SMB2 Create doesn't return correct MAX ACCESS access mask in blob; (bso#9189). - Fix service control for non-internal services; (bso#9192). - Don't take 'state->te' as indication for "was_deferred"; (bso#9196). - Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209). - Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213). - Fix segfault in smbd if user specified ports out for range; (bso#9218). - Signing cannot be disabled for SMB2 by design, so fix the documentation instead; (bso#9222). - Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry; (bso#9231). - When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). - lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259). - Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart; (bso#9268). - Add support for reloading systemd services; (bso#9280). * Fri Oct 26 2012 lmuelle@suse.com - Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719). * Wed Sep 26 2012 lmuelle@suse.com - Do not write the build date into the header of the default smb.conf as this causses superfluous rebuilds of packages depending on samba; (bnc#781601). * Wed Sep 26 2012 lmuelle@suse.com - Do not prerequire SuSEconfig.permissions as it's already enough and more generic to depend on the permissions package; (bnc#782293). * Mon Sep 17 2012 lmuelle@suse.com - Update to 3.6.8. + Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). + Fix Winbind panic if we couldn't find the domain; (bso#9135). * Mon Sep 17 2012 lmuelle@suse.com - Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058). - Fix bad call to memcpy source3/registry/regfio.c; (bso#9065). - "Domain Users" incorrectly added as additional group on domain members; (bso#9066). - Use correct RID for "Domain Guests" primary group; (bso#9067). - Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). - Fix smbclient/tarmode panic when connecting to Windows 2000 clients; (bso#9088). - Fix refreshing of Kerberos tickets in Winbind; (bso#9098). - Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors; (bso#9104). - Fix compilation with newer MIT Kerberos which hides internal symbols; (bso#9111). - Fix flooding the logs with records we don't find in pcap; (bso#9112). - Initialize the print backend after we setup winreg; (bso#9122). - Fix lprng job tracking errors; (bso#9123). - Fix setting of "inherited" bit on inherited ACE's; (bso#9124). - Fix Winbind panic if we couldn't find the domain; (bso#9135). - Make 'smbclient allinfo' show the snapshot list; (bso#9137). - Fix nfs quota support with Linux nfs4 mounts; (bso#9144). - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests; (bso#9150). * Thu Sep 13 2012 shargagan@novell.com - NMB registration for a duplicate workstation fails with registration refuse; (bso#9085); (bnc#770056). * Thu Aug 16 2012 lmuelle@suse.com - Remove backup files caused by running configure in examples/VFS. * Mon Aug 06 2012 lmuelle@suse.com - Update to 3.6.7. + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). + Fix migrating printers while upgrading from 3.5.x; (bso#9026). * Mon Aug 06 2012 lmuelle@suse.com - Correct documentation of "case sensitive"; (bso#8552). - Printing fails in function cups_job_submit; (bso#8719). - Fix kernel oplocks when uid(file) != uid(process); (bso#8974). - Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989). - Fix build without ads support; (bso#8996). - Don't turn negative cache entries into valid idmappings; (bso#9002). - Fix posix acl on gpfs; (bso#9003). - Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022). - Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034). - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040). - Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). - Fix build against CUPS 1.6; (bso#9055). - Fix bugs in SMB2 credit handling code; (bso#9057). - rpcclient: Fix bad call to data_blob_const; (bso#9062). * Fri Jul 20 2012 lmuelle@suse.com - Create missing doc directories while install. - Remove no longer existing Manifest file from install. - Don't creat a link to non existend html man pages for swat. - Don't call the no longer existing libsmbclient testsuit while build. * Fri Jul 20 2012 lmuelle@suse.com - Configure with option --mandir instead --with-mandir. - Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and - -with-swatdir configure options. * Thu Jul 19 2012 lmuelle@suse.com - Update to 4.0.0beta4. See WHATSNEW.txt from the samba-doc package. * Mon Jul 16 2012 lmuelle@suse.com - BuildRequire gcc, make, and patch; (bnc#771516). * Wed Jul 11 2012 lmuelle@suse.com - ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262). * Wed Jul 11 2012 lmuelle@suse.com - Fix shell syntax in dhcpcd hook script; (bnc#769957). * Wed Jun 27 2012 lmuelle@suse.com - Add missing int declaration to the net kdc lookup patch. * Mon Jun 25 2012 lmuelle@suse.com - Update to 4.0.0beta2. See WHATSNEW.txt from the samba-doc package. * Mon Jun 25 2012 lmuelle@suse.com - Update to 3.6.6. + Fix possible memory leaks in the Samba master process; (bso#8970). + Fix uninitialized memory read in talloc_free(); (bnc#764577). + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983). * Thu Jun 21 2012 lmuelle@suse.com - resolve_ads() code can return zero addresses and miss valid DC IP addresses; (bso#8910). - Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983). - winbind can hang as nbt_getdc() has no timeout; (bso#8953). - Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627) - s3-pid: Catch with pid filename's change when config file is not smb.conf; (bso#8714). - Possible memory leaks in the main Samba process; (bso#8970). - s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). - Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971). - Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988). - Winzip occasionally can not read files out of an open winzip dialog; (bso#8311). - s3-winbindd: call dump_core_setup after command line option has been parsed; (bso#8975). - Directory group write permission bit is set if unix extensions are enabled; (bso#8972). - s3: remove dependency on automake for "make everything"; (bso#8978). - sd_has_inheritable_components segfaults on an SD that se_access_check accepts; (bso#8811). - smbclient's tarmode insists on listing excluded directories; (bso#8922). - Notify code can miss a ChDir; (bso#8998). - s3:smbd: add a fsp_persistent_id() function; (bso#8995). * Mon Jun 04 2012 lmuelle@suse.com - Call autogen.sh even on post-12.1 SUSE systems. * Fri Jun 01 2012 lmuelle@suse.com - Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems. - Recompile all IDL in any case. * Fri Jun 01 2012 lmuelle@suse.com - BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora systems. * Thu May 31 2012 lmuelle@suse.com - Install talloc.pc only on pre-12.2 and non SUSE systems. * Thu May 31 2012 lmuelle@suse.com - BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and libtevent-devel on post-12.1 systems. * Wed May 30 2012 lmuelle@suse.com - s3: Fix a segfault with debug level 3 on Solaris; (bso#8861). - s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904). - smbd crashes when deleting directory and veto files are enabled; (bso#8837). - winbind_krb5_locator only returns one IP address; (bso#8897). - Wrong assertion/comparison: Compare value not pointer; (bso#8859). - Inconsistent (with manpage) command-line switch for "help" in smbtree; (bso#8831). - Fix incorrect debug statement. - Setting traverse rights fails to enable directory traversal when acl_xattr in use; (bso#8857). - Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877). - s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869). - s3-docs: fixes several typos; (bso#7938). - s3-VFS: Fix building out-of-tree modules; (bso#8822). - s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble; (bso#7930). - s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915). - Avoid null dereference in initialize_password_db(); (bso#8920). - s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend. - s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs. - s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler(). - s3:registry: multiple cleanups, fixes, and optimisations. - s3:auth/server_info: the primary rid should be in the groups rid array; (bso#8798). - s3-printing: Add new printers to registry; (bso#8554); (bso#8612); (bso#8748). - Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it; (bso#8945). - s3-auth: Don't lookup the system user in pdb; (bso#8944). - s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952). - Fix typo in pam_winbindd code; (bso#8957). - Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list; (bso#8910). - Slow but responsive DC can lock up winbindd; (bso#8943). - Broken processing of %U with vfs_full_audit when force user is set; (bso#8882). * Tue May 15 2012 lmuelle@suse.com - Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems. - BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and libtevent0-devel on post-12.1 systems. * Wed May 02 2012 lmuelle@suse.com - Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731). * Sat Apr 21 2012 lmuelle@suse.com - docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845); (bnc#730769). - s3-docs: Prepend '/' to filename argument; (bso#8826). * Fri Apr 20 2012 lmuelle@suse.com - Update to 3.6.5. - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576). * Fri Apr 13 2012 ddiss@suse.de - Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080). * Tue Apr 10 2012 lmuelle@suse.com - Update to 3.6.4. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). * Sun Mar 25 2012 lmuelle@suse.de - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). * Fri Mar 16 2012 lmuelle@suse.de - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). * Thu Mar 15 2012 ddiss@suse.de - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). * Wed Mar 14 2012 lmuelle@suse.de - Remove obsoleted Authors lines from spec file for post-11.2 systems. * Mon Feb 27 2012 lmuelle@suse.de - Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems. * Mon Feb 20 2012 lmuelle@suse.de - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934). * Fri Feb 17 2012 ddiss@suse.de - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). * Thu Feb 16 2012 ddiss@suse.de - s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). * Mon Feb 06 2012 lmuelle@suse.de - s3:winbindd fix a return code check; (bso#8406). * Mon Feb 06 2012 lmuelle@suse.de - s3: Add rmdir operation to streams_depot; (bso#8733). * Mon Feb 06 2012 lmuelle@suse.de - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738); CVE-2013-0454; (bnc#811975). * Mon Feb 06 2012 lmuelle@suse.de - s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). * Mon Feb 06 2012 lmuelle@suse.de - s3:client: ignore SMBecho errors (the server may not support it); (bso#8139). * Mon Feb 06 2012 lmuelle@suse.de - Be more strict when using PAM_AUTH API from winbind if Kerberos auth is enabled and don't unintentionally use a bogus domain name; (bso#8734). * Mon Feb 06 2012 lmuelle@suse.de - smbclient fails with posix large reads; (bso#8727). * Thu Feb 02 2012 lmuelle@suse.de - Use the smbfs init script on versions pre-11.3, or cifs in later versions; (bnc#744614). * Mon Jan 30 2012 lmuelle@suse.de - s3: Compile IDL files in autogen, some configure tests need this. * Mon Jan 30 2012 fcrozat@suse.com - Fixes various deadlocks in if-up.d / if-down.d when running under systemd; (bnc#732395). * Sun Jan 29 2012 lmuelle@suse.de - Update to 3.6.3. + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986). * Thu Jan 26 2012 lmuelle@suse.de - Use spdx.org compliant license names for all packages. * Wed Jan 25 2012 lmuelle@suse.de - Update to 3.6.2. + Make Winbind receive user/group information (bug #8371). + Several SMB2 fixes. + Fix a crash bug in the spoolss code. + Add new contributing FAQ announcing acceptance of corporate (C). + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504). + Fix cli_write_and_x() against OS/2 print shares; (bso#5326). + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563); (bnc#726145). + Remove pointless use_memory_krb5_ccache; (bso#7465). + Fix perl path; (bso#8176). + Grant credits in async interim responses (SMB2); (bso#8357). + Make Winbind receive user/group information; (bso#8371). + Fix Windows XP clients crashing smbd process every once in a while; (bso#8384); (bnc#731571). + Make VFS op "streaminfo" stackable; (bso#8419). + Add an allocation pool to idmap_autorid; (bso#8444). + Fix SEGFAULT from net registry export on not zero terminated REG_SZ values; (bso#8528). + Make DSO_EXPORTS_CMD more portable; (bso#8531). + readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). + smbclient posix_open command fails to return correct info on open file; (bso#8542). + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548). + Fix setting the machine account password; (bso#8550). + Make SMB2 handle compound request headers in the same way as Windows; (bso#8560). + Password change settings not fully observed; (bso#8561). + Fix double free error in talloc; (bso#8562). + Fix alignment in the non-extended-security negprot; (bso#8573). + Add systemd service files; (bso#8575). + Add systemd service files; (bso#8575). + smb2_flush: Don't send uninitialized memory; (bso#8579). + Enable inotify if sys or kernel inotify is available; (bso#8580). + Increase a debug level; (bso#8585). + libsmb: Only align unicode pipe_name; (bso#8586). + Fix marshalling of samr_ChangePasswordUser3; (bso#8591). + Don't limit the number of open dptrs for SMB2; (bso#8592). + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). + Make cldap work over IPv6; (bso#8600). + Fix intermittent print job failures caused by character conversion errors; (bso#8606). + Improve configure.in so it can be used outside the Samba source tree; (bso#8607). + Winbind: Don't fail on users without a uid; (bso#8608). + Ensure we correctly calculate reply credits over all returned SMB2 replies; (bso#8614). + Fix migrate printer code; (bso#8618). + Fix crash bug when trying to browse Samba printers; (bso#8623). + libsmb: Don't duplicate Kerberos service tickets; (bso#8628). + POSIX ACE x permission becomes rx following mapping to and from a DACL; (bso#8631). + When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). + Fix the vfs_commit module; (bso#8639). + Add an update function for Winbind cache; (bso#8643). + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules; (bso#8652). + Fix deleting a symlink if the symlink target is outside of the share; (bso#8663). + Fix renaming a symlink if the symlink target is outside of the share; (bso#8664). + Fix NT ACL issue; (bso#8673). + Fix buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). + Fix Winbind segfault if we can't map the last user; (bso#8678). + recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). + Try ctdbd_init_connection() as root; (bso#8684). + Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). + Fix typo in 'net memberships' usage; (bso#8687). + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(); (bso#8692). + Make DeletePrinterDriverEx remove printer driver files; (bso#8697) (bnc#740810). + Fix major leak with SMB2 in connections.tdb; (bso#8710). * Wed Jan 25 2012 lmuelle@suse.de - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). * Wed Jan 25 2012 lmuelle@suse.de - Use correct license, LGPLv3+ for libwbclient packages. * Tue Jan 24 2012 lmuelle@suse.de - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). * Tue Jan 24 2012 ddiss@suse.de - Fix incorrect types in the full_audit VFS module. Add null terminators to audit log enums; (bnc#742885). * Sun Jan 22 2012 ddiss@suse.de - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). * Sat Jan 21 2012 lmuelle@suse.de - Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710). * Wed Jan 18 2012 lmuelle@suse.de - Renaming a symlink fails if the symlink target is outside of the share; (bso#8664). * Tue Jan 17 2012 lmuelle@suse.de - Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). * Mon Jan 16 2012 lmuelle@suse.de - net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419). * Tue Jan 03 2012 ddiss@suse.de - Fix incorrect perfcount array length calculations; (bnc#739258). * Wed Dec 21 2011 coolo@suse.com - BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. * Wed Dec 21 2011 coolo@suse.com - Remove call to suse_update_config macro for post-11.4 systems. * Mon Dec 19 2011 lmuelle@suse.de - Use samba.org for the ldapsmb source location. * Wed Dec 07 2011 shargagan@novell.com - Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516). * Fri Nov 25 2011 ddiss@suse.de - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572). * Fri Nov 25 2011 lmuelle@suse.de - Add ldap to Should-Start and Stop of the smb init script; (bnc#730046). * Sat Nov 19 2011 ddiss@suse.de - Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571). * Fri Nov 04 2011 ddiss@suse.de - Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564). * Tue Nov 01 2011 ddiss@suse.de - Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145). * Mon Oct 31 2011 ddiss@suse.de - Fix typo in net ads join output; (bnc#713135). * Thu Oct 27 2011 lmuelle@suse.de - Ignore a potentially missing AppArmor snippet helper script; (bnc#725256). * Thu Oct 20 2011 lmuelle@suse.de - Update to 3.6.1. + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Several SMB2 fixes. + The VFS ACL modules are no longer experimental but production-ready. + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465). + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). + Return error of cli_push when 'put - /some/file' is used; (bso#7551). + Fix usage of cli_errstr(); (bso#7864). + Fix 'widelinks' regression; (bso#8229). + Empty notify servername; (bso#8236). + Add man vfs_aio_fork; (bso#8256). + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes; (bso#8334). + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338). + While migrating forms, don't fail if the form already exists; (bso#8351). + OS/2 sends an unexpected write&x/read&x chain; (bso#8360). + Fix build of vfs_prealloc on SLES8; (bso#8363). + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364). + Fix the fallback to the deprecated spelling idmap:script; (bso#8368). + Fix vfs_chown_fsp; (bso#8370). + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix smbclient access to NT4 shares; (bso#8385). + Optimize serverid_exists() for Solaris; (bso#8395). + registry/reg_format.c must include includes.h; (bso#8401). + SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2; (bso#8412). + Fix 'getent group' if trusted domains are not reachable; (bso#8420). + Fix infinite loop in ACL module code; (bso#8422). + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428). + Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). + Fix segfault in iconv.c; (bso#8433). + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). + Be smarter about setting default permissions when a ACL_USER_OBJ isn't given; (bso#8443). + Check the wct of the incoming SMBnegprot responses; (bso#8452). + Fix smbclient segfaults when dialect option -m is used for legacy dialects; (bso#8453). + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). + Samba PDC is looking up only primary user group; (bso#8455). + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458). + smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). + SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). + Don't call smbd_terminate_connection in smb2_validate_message_id(); (bso#8476). + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476). + Map to guest can return uninitialized blob of data; (bso#8477). + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). + DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). + Remove "experimental" label on VFS ACL modules; (bso#8494). + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). + smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). + Disallow "." in can_set_delete_on_close(); (bso#8515). + SMB2 create call returns incorrect file allocation size; (bso#8518). + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). + Winbind cache timeout expiry test was reversed; (bso#8521). * Tue Oct 18 2011 lmuelle@suse.de - s3/doc: add man page for aio_fork vfs module. * Tue Oct 18 2011 lmuelle@suse.de - Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). * Tue Oct 18 2011 lmuelle@suse.de - s3: Samba PDC is looking up only primary user group; (bso#8455). * Tue Oct 18 2011 lmuelle@suse.de - Add script to create or update an AppArmor sniplet with permissions for all Samba shares; (bnc#688040). * Tue Oct 18 2011 jmcdonough@suse.de - Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261). * Fri Oct 14 2011 ddiss@suse.de - Retain the smbd startproc return value for correct startup status reporting. unset was incorrectly being called prior to rc_status; (bnc#723724). * Fri Oct 14 2011 ddiss@suse.de - Prevent deadlock in systemd triggered by if-down.d handler on shutdown; (bnc#721598). * Thu Oct 13 2011 lmuelle@suse.de - smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; changed defaults and documentation (bso8473). * Thu Oct 13 2011 lmuelle@suse.de - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client); (bso#8515). * Wed Oct 12 2011 lmuelle@suse.de - winbindd cache timeout expiry test was reversed; (bso#8521). * Wed Oct 12 2011 lmuelle@suse.de - Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). * Wed Oct 12 2011 lmuelle@suse.de - s3:smb2_create: fix allocation size return value when opening existing files; (bso#8518). * Wed Oct 12 2011 lmuelle@suse.de - SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). * Wed Oct 12 2011 lmuelle@suse.de - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). * Wed Oct 12 2011 lmuelle@suse.de - s3-docs: Fix bug (bso#7908) and typo. * Mon Oct 10 2011 lmuelle@suse.de - Return error of cli_push when 'put - /some/file' is used; (bso#7551). * Mon Oct 10 2011 lmuelle@suse.de - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). * Mon Oct 10 2011 lmuelle@suse.de - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). * Mon Oct 10 2011 lmuelle@suse.de - Default user entry is set to minimal permissions on incoming ACL change with no user specified; (bso#8443). * Mon Oct 10 2011 lmuelle@suse.de - smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). * Mon Oct 10 2011 lmuelle@suse.de - Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft Internet Explorer 9 on Windows 7 to download files; (bso#8458). * Mon Oct 10 2011 lmuelle@suse.de - DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). * Mon Oct 10 2011 lmuelle@suse.de - s3-docs: Fix typos. * Mon Oct 10 2011 lmuelle@suse.de - s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). * Mon Oct 10 2011 lmuelle@suse.de - Remove "experimental" label on VFS ACL modules; (bso#8494). * Mon Oct 10 2011 lmuelle@suse.de - acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). * Mon Oct 10 2011 lmuelle@suse.de - s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476). * Mon Oct 10 2011 lmuelle@suse.de - s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin; (bso#7465). * Mon Oct 10 2011 lmuelle@suse.de - smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). * Mon Oct 10 2011 lmuelle@suse.de - s3-netapi: allow to use default krb5 credential cache for libnetapi users. * Mon Oct 10 2011 lmuelle@suse.de - s3-docs: document -k switch in net manpage. * Mon Oct 10 2011 lmuelle@suse.de - Map to guest can return uninitialized blob of data; (bso#8477). * Mon Oct 10 2011 lmuelle@suse.de - s3-registry: registry/reg_format.c must include includes.h; (bso#8401). * Mon Oct 10 2011 lmuelle@suse.de - smbclient segfaults when option -m is used for legacy dialects; (bso#8453). * Mon Oct 10 2011 lmuelle@suse.de - Fix 'widelinks' regression intro'd in 3.2; (bso#8229). * Mon Oct 10 2011 lmuelle@suse.de - Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). * Mon Oct 10 2011 lmuelle@suse.de - s3-spoolss: Fix bug forms migration; (bso#8351). * Mon Oct 10 2011 lmuelle@suse.de - s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452). * Mon Oct 10 2011 lmuelle@suse.de - s3: Do not fork the echo handler for smb2; (bso#8334). * Mon Oct 10 2011 lmuelle@suse.de - s3-spoolss: Fix bug empty notify servername; (bso#8236). * Mon Oct 10 2011 lmuelle@suse.de - SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). * Fri Oct 07 2011 lmuelle@suse.de - Remove smb child crash fix. The issue had been fixed upstream differently. * Sun Oct 02 2011 lmuelle@suse.de - BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems. * Tue Sep 27 2011 hhetter@suse.de - Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208). * Wed Sep 21 2011 jmcdonough@suse.de - Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721). * Fri Sep 09 2011 lmuelle@suse.de - Spec file cleanup as suggested by the spec-cleaner tool. + Make all BuildRequires, PreReq, and Provides a separate line. + Use %{buildroot} instead of ${RPM_BUILD_ROOT}. + Use straight commands instead of macros (make, install). + Use -p in post and postun if we only call one command. + Use %{_localstatedir} instead of %{_var} in the filelist. + Remove superfluous AutoReqProv on lines. * Thu Sep 08 2011 lmuelle@suse.de - Remove %release from all Provides. * Thu Sep 01 2011 lmuelle@suse.de - Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433). * Wed Aug 31 2011 lmuelle@suse.de - Use /var/run for the cifs state file in the init script too; (bnc#710304). * Tue Aug 30 2011 lmuelle@suse.de - Microsoft Word from Microsoft Office 2007 fails to save as on a share with SMB2; (bso#8412). * Tue Aug 30 2011 lmuelle@suse.de - Use sys_write and sys_read in fork_domain_child to fix a winbind race leading to 100% CPU usage; (bso#8409). * Tue Aug 30 2011 lmuelle@suse.de - Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428). * Tue Aug 30 2011 lmuelle@suse.de - Fix infinite loop in ACL module code; (bso#8422). * Mon Aug 29 2011 lmuelle@suse.de - Fix getent group if trusted domains are not reachable; (bso#8420). * Mon Aug 29 2011 lmuelle@suse.de - smbclient can't access a NT4 share since 3.6.0; (bso#8385). * Sat Aug 27 2011 lmuelle@suse.de - Optimize serverid_exists() for Solaris; (bso#8395). * Sat Aug 27 2011 lmuelle@suse.de - talloc: + check block count after references test. + added test suite for talloc_free_children(). + license info erratum in the manpage. + fix typos and better differentiation between versions 1 and 2. + preserve context name on talloc_free_children(). + ensure the sibling linked list remains valid during a free. * Sat Aug 27 2011 lmuelle@suse.de - vfs_chown_fsp returned in the wrong directory; (bso#8370). * Sat Aug 27 2011 lmuelle@suse.de - Remove irritating "." targets when recent system libs exist; (bso#8369). * Sat Aug 27 2011 lmuelle@suse.de - Correctly initialize "idmap config * : script" with NULL; (bso#8368). * Sat Aug 27 2011 lmuelle@suse.de - Add missing include to suppress compiler warnings; (bso#8365). * Sat Aug 27 2011 lmuelle@suse.de - Point the chain offset beyond the current request; (bso#8360). * Sat Aug 27 2011 lmuelle@suse.de - Fix gpfs vfs module build; (bso#8364). * Sat Aug 27 2011 lmuelle@suse.de - Make vfs_prealloc even build on older systems; (bso#8363). * Sat Aug 27 2011 lmuelle@suse.de - Do central cli_set_error and return the actual NTSTATUS; (bso#7864). * Sat Aug 27 2011 lmuelle@suse.de - Add a fallback for missing open&x support in OS/X Lion; (bso#8338). * Tue Aug 09 2011 lmuelle@suse.de - Update to 3.6.0. + BUG 7462: Make SA_RESETHAND conditional on its existance. + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined. + BUG 8324: smbclient cannot list directories from a big-endian machine. + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname. + BUG 8327: Fix the reload of the configuration, also reload activated registry shares. + BUG 8328: Cleanup of idmap_tdb2 code. + BUG 8330: Fix NFSv4 ACL merging logic. + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id. + BUG 8341: Fix segfault in libsmbclient. + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file. + BUG 8347: Fix regression for HP-UX, AIX and OSF. + BUG 8357: Make sure we grant credits on async read/write operations. + BUG 8358: Fix a bug in run_poll_events(). + BUG 8362: Fix build issue on old glibc systems. * Mon Aug 08 2011 lmuelle@suse.de - Remove references to disabled vscan build. * Thu Aug 04 2011 lmuelle@suse.de - Add missing define, includes, and initialization to get_printing_ticket. * Thu Aug 04 2011 lmuelle@suse.de - Use /var/run for the cifs state file; (bnc#710304). * Mon Aug 01 2011 lmuelle@suse.de - Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303). * Mon Aug 01 2011 lmuelle@suse.de - File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335). * Sun Jul 31 2011 lmuelle@suse.de - Fix reload of the configuration and also reload activated registry shares; (bso#8327). * Sun Jul 31 2011 lmuelle@suse.de - WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326). * Thu Jul 28 2011 lmuelle@suse.de - smbclient cannot list directories from a big-endian machine; (bso#8324). * Wed Jul 27 2011 lmuelle@suse.de - Update to 3.6.0rc3. + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + BUG 7888: Deal with buggy 3.0 based PDCs. + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb module. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8193: Add new command 'enumerate_recursive'. + BUG 8195: Make rpc client code working against NT4 servers. + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is set. + BUG 8213: Fixes in idmap_autorid. + BUG 8214: Fix smbd crash on printer driver upgrade. + BUG 8215: Fix Winbind unix username lookup. + BUG 8216: Make Winbind returning correct results with 'sids2xids'. + BUG 8217: Do not stat-check the share path in 'net conf addshare'. + BUG 8219: Fix SMB Panic from Windows 7 client. + BUG 8224: Fix the build on FreeBSD. + BUG 8226: Use c99 initializers which are supported by old gcc 2.95 compilers. + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd. + BUG 8231: Fix crash bug in 'net cache get'. + BUG 8235: Fix smbd crash on startup caused by migrate_printer(). + BUG 8240: Fix Valgrind warnings in winreg/spoolss code. + BUG 8244: Fix copying files larger than 2 GB to a Samba share. + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL. + BUG 8253: Fix Winbind panic if verify_idpool() fails. + BUG 8254: Fix "acl check permissions = no". + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes. + BUG 8262: Fix build of vfs_commit. + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. + BUG 8264: Fix Valgrind bugs in svcctl. + BUG 8276: Close all sockets attached to a subnet in close_subnet(). + BUG 8278: Fix smbd panic when CTDB is unhealthy. + BUG 8281: Fix build of examples/VFS/*. + BUG 8286: Fix smbd crash on premature end of smb2 conn. + BUG 8292: Fix a major architectural flaw in the SMB2 server code. + BUG 8293: Fix log file rotating in SMB2. + BUG 8304: Fix uninitialized variable in error path. + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'.. + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks. + BUG 8310: toupper_ascii() is broken on big-endian systems. + BUG 8314: Fix smbd crash with unknown user. + Mark 'time offset' parameter as deprecated. * Tue Jul 26 2011 lmuelle@suse.de - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); (bnc#708503). * Tue Jul 26 2011 lmuelle@suse.de - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); (bnc#705241). * Mon Jul 25 2011 shargagan@novell.com - Fixed the DFS referral response for msdfs root; (bnc#703655). * Wed Jul 20 2011 ddiss@suse.de - Fix CUPS print job IDs; (bso#7288); (bnc#701257). * Thu Jul 14 2011 lmuelle@suse.de - Make use of the actual library version as part of the package name on post-11.3 systems only. * Mon Jul 11 2011 jmcdonough@suse.de - Fix winbind internal error; (bso#7636); (bnc#659424). * Mon Jul 11 2011 ddiss@suse.de - Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; (bnc#705170). * Mon Jun 20 2011 ddiss@suse.de - Specify nmbdsocketdir at configure time; (bnc#700953). * Thu Jun 09 2011 lmuelle@suse.de - Build the tdb, talloc, and tevent libraries ahead of anything else. * Tue Jun 07 2011 jmcdonough@suse.de - Update to 3.6.0rc2. + BUG 6911: Fix Kerberos authentication from Vista to Samba. + BUG 8166: Don't lockout users when offline. + BUG 8200: Add support for multiple writeable ldap idmap domains. + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + BUG 7054: Fix X account flag when "pwdlastset" is "0". + BUG 8144: Fix setting timestamp when touching files with CIFS clients. + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. + BUG 8157: Fix parsing a cups printcap file. + BUG 8175: Fix smbd deadlock. + BUG 8189: Support shadow copy display over SMB2. + BUG 8197: Winbind does not properly detect when a DC connection is dead. + BUG 8203: Winbind needs to reset the DC connection if an RPC times out. * Mon Jun 06 2011 mrsb@novell.com - Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209). * Fri Jun 03 2011 lpechacek@suse.cz - Add "winbind max clients" parameter to remove 200-client limit; (bnc#697461). * Fri Jun 03 2011 jmcdonough@suse.de - Disable logon cache for password lockout consistency when running in a cluster; (bnc#694836). * Fri May 27 2011 jmcdonough@suse.de - Fix logon of AD users with many group memberships; (bso#6911); (bnc#657026). * Wed May 25 2011 jmcdonough@suse.de - Don't lockout users while offline; (bso#8166); (bnc#692607). * Mon May 23 2011 lmuelle@suse.de - Update to 3.6.0rc1. + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + BUG 8112: POSIX extension opens of a directory are denied with EISDIR. + BUG 8132: Fix filling printers location field when using cups. + Remove fstrings from client struct. + BUGFIX when converting from safe_strcpy to strlcpy. + Fix off-by-one calculations with strlcpy. + Ensure we always write the correct incoming mid into the share mode table entries. + Fix the SMB2 oplock showstopper. + Convert user-specified domain to uppercase in libsmb. + Fix Coverity CID #2302: FORWARD_NULL. + Fix cups_pull_comment_location(). + Fix double free of cups request. + Make cups_pull_comment_location() work again. + Fix potential crash bug in display_print_driver3(). + Properly clean up in pthreadpool_init in case of failure. + Make plaintext session setup async. + Reduce fd load in Winbind children. + Avoid a potential 100% CPU loop in Winbind. + Tune broadcast namequeries for unique names. + Properly deal with exited winbind children. + Fix dup_smb2_vec3. + Fix return check in nss_wins. * Tue May 17 2011 shargagan@novell.com - Fix to renew the kerberos ticket in samba after expiry; (bnc#669949). * Mon May 16 2011 ddiss@suse.de - Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945). * Thu May 05 2011 lmuelle@suse.de - Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969). * Thu May 05 2011 shargagan@novell.com - Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946). * Sat Apr 30 2011 lmuelle@suse.de - Package static libraries with 0644 permissions. * Sat Apr 30 2011 lmuelle@suse.de - Add Requires libtalloc-devel to libldb-devel and libtevent-devel. * Sat Apr 30 2011 lmuelle@suse.de - Rename libldb0 to libldb1 as 1 is the current major version of the library. - Add libldb1 and libtevent0 to baselibs.conf. * Fri Apr 29 2011 lmuelle@suse.de - Don't call the suse_update_config macro before building lib ldb and tevent. * Fri Apr 29 2011 lmuelle@suse.de - Update to 3.6.0pre3. + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383). + Fix wrong output in 'smbget'; (bso#8066). + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module; (bso#8083). + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null; (bso#8088). + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099). + Fix the build of 'smbget' on HP NonStop; (bso#8106). + Fix build of tdb2. + Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no". + Fix timeout in rpc_pipe_open_tcp_port(). + Fix the build of "--with-profiling-data". + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, 2471, 2478. + nsswitch: Add 'wbinfo --lookup-sids'. + nsswitch: Add 'wbinfo --sids-to-unix-ids'. + Fix smbd with the async echo responder. + Fix the build of vfs_gpfs.c. + Add a 10-second timeout for the 445 or netbios connection to a DC. + Many pthreadpool fixes. + Fix transaction recovery area for converted tdbs. * Thu Apr 28 2011 lmuelle@suse.de - Add PreReq permissions to the krb-printing package. * Thu Apr 28 2011 lmuelle@suse.de - Remove _libdir ldb and tevent from file list. - Explicitly state not to bundle talloc or tdb while ldb and tevent build. * Thu Apr 21 2011 lmuelle@suse.de - Always use the actual library version as part of the package name. - Exclude shared python modules. * Thu Apr 21 2011 ddiss@suse.de - Fix printing from Windows 7 clients; (bso#7567); (bnc#687535). * Thu Apr 21 2011 ddiss@suse.de - Update pidl and always compile IDL at build time; (bnc#688810). * Thu Apr 14 2011 lmuelle@suse.de - Update to 3.6.0pre2. + ID Mapping changes. + Implement SMB2 support. + Add an Endpoint Mapper daemon. + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Quota only shown when logged as root; (bso#7080). + Fix printing from Windows 7; (bso#7567). + Retry DNS updates when connection to one nameserver has failed; (bso#7690). + Unlink may unlink wrong file when hardlinks are involved; (bso#7863). + Fix 'nmbd --port'; (bso#7875). + cmd_spoolss_deletedriver() returned without checking all architectures; (bso#7880). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix cups pcap reload with no printers; (bso#7915). + Fix bug in chain_reply; (bso#7917). + Fix problems with "kernel oplocks" option set to "no"; (bso#7928). + Fall back for utimes calls; (bso#7940). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let winbind try to use samlogon validation level 6; (bso#7945). + Sgid bit lost on folder rename; (bso#7996). + Fix getting username in 'net rap session'; (bso#8009). + Fix inode generation so nautilus can count total dir size correctly; (bso#8010). + Use jenkins hash for str_checksum; (bso#8010). + Add explicit configure option whether or not to enable dmapi support; (bso#8033). + Fix smbclient segfault with Cyrillic netbios names; (bso#8040). + Fix file creation on OS/X; (bso#8042). + Add "--option" to 'testparm'. + Fix crash bug on smbd shutdown when using FOPENDIR(). + Ensure we don't return an incorrect access mask. + Fix bug against the new Mac client. + Fix leak in error path. + Fix error where Windows client spoolss returns WERR_INVALID_DATA. + Fix a segfault in the krb5 locator plugin. + Enable sharesec for registry shares. + Fix memory leak in "security=share" and "force user". + Add "net idmap check", a check and repair tool for the id mapping database. + Add new 'net idmap delete' command. + Fix segfault on missing input file in 'net idmap restore'. + Fix 'net usersidlist' not to skip every other user. + Fix potential crash bug in spoolss_PrinterEnumValues push path. + Internal restructuring. + Don't wipe out all printer drivers when only one should be deleted. + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains. + Fix memory leak in print_cups.c. + Remove duplicate cups response processing code. + Follow force user/group for driver IO. + Initiate pcap reload from parent smbd. + Reload shares after pcap cache fill. + Fix numerous Coverity IDs (2041 and others). + Fix a memory leak in check_sam_security_info3. + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable. + Make "net sam list [users|workstations]" list only the right things. + Fix a potential memleak in secrets_fetch_trusted_domain_password. + Use the right credentials in check_netlogond_security. + Add support for AF_NETLINK addr notifications. + Fork multiple Winbind children per domain. + Fix a deadlock between smbd and ctdbd. + Add 'wbinfo --dc-info'. + Make "nmbd socket dir" configurable. + Fixed valgrind errors. + Fix a memleak in receive_getdc_response. + Don't grant SEC_STD_DELETE always to the owner of a file. + Fix segfaults on addrchange errors in Winbind. + Allow machine accounts as members in groupdb. + Add IPv6 support for the endpoint mapper. + Free unused memory in the rpc server. + Fix possible segfaults in svcctl server. + Fix possible segfault with client_id in rpc server. + Add a 'svcctl shutdown' function to rpc server. + Fix a resource leak in net_afs. + Fix a resource leak in smbta-util. + Fix possible resource leak in net_usershare. + Fix possible resource leak in 'smbget'. + Fix possible resource leak in 'smbfilter'. + Fix a possible null pointer dereference in smbd. + Ensure we send the direct levelII oplock break to the correct fid. + Fix private libdir and codepages paths. - Add RFC 3454 to the vendor files. * Thu Apr 07 2011 jmcdonough@suse.de - Fix idmap_tdb for big-endian systems such as ppc and s390; (bso#6901); (bnc#675978). * Thu Mar 24 2011 ddiss@suse.de - Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913). * Fri Mar 18 2011 lmuelle@suse.de - Replace jobs by _smp_mflags macro while calling make on post-11.4 systems. * Thu Mar 17 2011 ddiss@suse.de - Don't crash when publishing a single printer; (bnc#643119). * Wed Mar 09 2011 ddiss@suse.de - Carry error status in printer list IPC message, do not refresh printers if cups is unavailable; (bso#7994); (bnc#675478). * Wed Mar 09 2011 lmuelle@suse.de - Define the libwbclient packages ahead of packages with a different version. * Wed Mar 09 2011 jengelh@medozas.de - Use %_smp_mflags for parallel building. * Mon Mar 07 2011 lmuelle@suse.de - Update to 3.5.8. + Fix Winbind crash bug when no DC is available; (bso#7730). + Fix finding users on domain members; (bso#7743). + Fix memory leaks in Winbind; (bso#7879). + Fix printing with Windows 7 clients; (bso#7567). + Fix 'testparm' return code when EOF in encountered in param name; (bso#3185). + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Fix "Your Password expires today" message for users of trusted domains; (bso#7066). + Fix maintaining of users' groups via UsrMgr; (bso#7262). + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356). + Raise debug level for "reduce_name: couldn't get realpath" messages; (bso#7409). + Fix updating the time on close in vfs_gpfs; (bso#7498). + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594). + Handle Windows 9x adddriver calls without config file; (bso#7641). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix memory leak in the netapi routines; (bso#7665). + Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules; (bso#7716). + Fix incorrect unix mode_t caused by invalid client DOS attributes on create; (bso#7733). + Apply appropriate create masks when creating files with "inherit ACLs" set to true; (bso#7734). + Fix "dfree cache time" parameter; (bso#7744). + Fix a getgrent crash with many groups; (bso#7774). + Fix requesting lookups for BUILTIN sids; (bso#7777). + Fix smbd crash caused by expand_msdfs; (bso#7779). + Fix atime limit; (bso#7785). + vfs_scannedonly: Switch from mtime to ctime which is more reliable; (bso#7789). + Fix copying files from a SMB share using Gnome vfs and SMB signing; (bso#7791). + Make Winbind recover from a signing error; (bso#7800). + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb; (bso#7812). + Fix "force group" with ntlmssp guest session setup; (bso#7817). + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841). + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842). + Expand the local SAMs aliases; (bso#7843). + ntlm_auth: Support clients which offer a spnego mechs we don't support; (bso#7855). + Fix 'net ads dns register' in cluster setups; (bso#7871). + Fix 'nmbd --port'; (bso#7875). + Make 'rpcclient deldriver' delete drivers for all architectures; (bso#7880). + Fix flaky Winbind against Windows 2008; (bso#7881). + Fix SMB session setups with Kerberos against some closed source SMB servers; (bso#7883). + Fix stale lock in open_file_fchmod(); (bso#7892). + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894). + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name; (bso#7896). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix connections from WinCE; (bso#7917). + Fix opening MS Powerpoint files; (bso#7940). + Fix endless loops caused by inotify; (bso#7942). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let Winbind try to use samlogon validation level 6; (bso#7945). + Revalidate the pathname once re-constructed from a root fsp; (bso#7950). * Fri Mar 04 2011 lmuelle@suse.de - Require a particular library version even if the major version is part of the package name. Using the same major version does not guarantee forward compatibility. * Fri Mar 04 2011 ddiss@suse.de - Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773). * Mon Feb 28 2011 lmuelle@suse.de - Update to 3.5.7 + Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431). * Wed Feb 23 2011 lmuelle@suse.de - Disable separate build of samba-doc for post-11.1 systems. * Tue Feb 22 2011 lmuelle@suse.de - Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431). * Thu Feb 17 2011 ddiss@suse.de - Increase the log level for missing PIDs on SIGCHLD, printcap child processes are not added to the children PID list; (bnc#666460). * Thu Feb 10 2011 lmuelle@suse.de - Do not require a particular library version if the major version is part of the package name. * Wed Feb 09 2011 lmuelle@suse.de - Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries on post-11.3 systems. * Sun Jan 23 2011 ddiss@suse.de - Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353). * Tue Jan 18 2011 ddiss@suse.de - Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded() returns false if the pcap cache contains no printer entries. correct call ordering is already enforced. (bso#7836); (bnc#625936). * Fri Jan 14 2011 lmuelle@suse.de - No longer force activation of the cifs service on post-11.3 systems. - Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4 systems. - Move the cifs init script nfs dependencies from Required to Should. * Tue Jan 04 2011 lmuelle@suse.de - Recommend to install samba-krb-printing from samba-winbind on post-10.3 systems; (bnc#661845). * Thu Dec 30 2010 ddiss@suse.de - Fix error paths in cups_async_callback(), an empty cups printer list should not be treated as an error; (bnc#661842). * Tue Dec 21 2010 ddiss@suse.de - Abide by printcap cache time, reload parent smbd pcap cache on expiry; (bso#7836); (bnc#625936). * Fri Dec 17 2010 ddiss@suse.de - Fix race in cups async printer services reload; (bso#7836); (bnc#625936). * Sun Dec 12 2010 ro@suse.de - Don't tweak with baselibs.conf during %post if not present; (bnc#652620). * Thu Dec 09 2010 lmuelle@suse.de - Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620). * Tue Dec 07 2010 lmuelle@suse.de - Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux Enterprise 10; (bnc#652620). * Sun Dec 05 2010 lars@samba.org - vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). * Fri Dec 03 2010 lmuelle@suse.de - Replace Requires samba-client by samba-gplv3-client in the gplv3 packages; (bnc#652620). * Tue Nov 30 2010 ddiss@suse.de - Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112). * Tue Nov 30 2010 lmuelle@suse.de - Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind, client-gplv2, and doc-gplv2 packages; (bnc#652620). * Fri Nov 26 2010 lmuelle@suse.de - Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions; (bnc#652620). * Fri Nov 26 2010 lmuelle@suse.de - Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620). * Thu Nov 25 2010 lmuelle@suse.de - Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind package to avoide an accidental install trigger; (bnc#652620). * Thu Nov 25 2010 lmuelle@suse.de - Add Provides samba-client to the samba-gplv3-client package; (bnc#652620). * Wed Nov 24 2010 lmuelle@suse.de - Remove all Obsoletes from the samba-gplv3 packages and only keep the Provides samba; (bnc#652620). * Sat Nov 20 2010 lmuelle@suse.de - Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620). * Fri Nov 19 2010 jmcdonough@suse.de - Reduce unnecessary ldap round trips and eliminate invalid DN messages; (bnc#654719). * Fri Nov 12 2010 lmuelle@suse.de - Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux Enterprise 10 SP 3 and 4. * Thu Nov 11 2010 lmuelle@suse.de - Add the _build_arch at the end of the vendor version suffix. * Thu Oct 28 2010 lmuelle@suse.de - Provide and Obsolete samba-gplv3 to replace potentially installed packages. * Fri Oct 15 2010 lmuelle@suse.de - Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4. - Do not package libsmbclient and libsmbsharemodes. * Sun Oct 10 2010 jmcdonough@suse.de - Update to 3.5.6 + Fix auto printers with registry config; (bso#7280); (bnc#617153). + Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant; (bso#7577). + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578). + Fix "admin users" when using vfs_acl_xattr; (bso#7581). + Fix using cached credentials in ntlm_auth; (bso#7589). + Fix Winbind offline login; (bso#7590). + Fix Winbind internal error; (bso#7636). + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651). + Fix smbd changing mode of files on rename; (bso#7693). + Fix crash bug with invalid SPNEGO token; (bso#7694). + Fix smbd panic on invalid NetBIOS session request; (bso#7698). + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541). + Fix 'smbclient -M'; (bso#7635). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix crash bug in rpcclient; (bso#7688). + Fix file corruption when setting Samba "write wache wize"; (bso#7715). * Thu Oct 07 2010 lmuelle@suse.de - Let startproc wait for nmb, smb and winbind pid files getting created on post-11.1 systems; (bnc#520036). * Thu Oct 07 2010 hhetter@suse.de - Include the reviewed french translation for pam_winbind; (bnc#499233). * Thu Sep 23 2010 ddiss@suse.de - Fix smbd crash with CUPS printers and no [printers] share defined; (bso#7297); (bnc#637755). * Mon Sep 20 2010 jmcdonough@suse.de - Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870). * Sun Sep 12 2010 coolo@novell.com - Fix baselibs.conf for libtalloc. * Wed Sep 08 2010 lmuelle@suse.de - Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID); CVE-2010-3069; (bso#7669); (bnc#637218). * Mon Aug 30 2010 jmcdonough@suse.de - Use cached ntlm password in libsmbclient. Prevent lockouts when kerberos tickets are lost; (bnc#602418); (bnc#606304). * Thu Aug 26 2010 gber@opensuse.org - Add a dependency on nfs to the smbfs/ cifs init scripts as they require the en_US locale and /usr might be on NFS. * Mon Aug 23 2010 jmcdonough@suse.de - Complete fix for trusts with Windows 2008R2 DCs. * Fri Aug 20 2010 jmcdonough@suse.de - Fix authentication dialogs when connecting to older systems; (bnc#632055). * Thu Aug 19 2010 lmuelle@suse.de - Adjust position of conditional ldapsmb %package and %files definition. * Thu Aug 19 2010 lmuelle@suse.de - Create the /var/run/samba directory on the fly and package it as %ghost. * Thu Aug 19 2010 jmcdonough@suse.de - Fix preexec scripts; (bso#7104); (bnc#632852). * Thu Aug 19 2010 lmuelle@suse.de - Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient pkgconfig files and BuildRequire pkgconfig; (bnc#632770). * Tue Aug 17 2010 lmuelle@suse.de - BuildRequire python-devel for post-9.3 systems. * Tue Aug 17 2010 lmuelle@suse.de - Only create precompiled headers for post-10.2 systems. - Remove mkinitrd scriptlets. * Tue Aug 17 2010 lmuelle@suse.de - Add vfs_crossrename man page. - Call make basic and remove conditional proto target. - Increase libtevent version to 0.9.9. - Remove wbc_async header from the file list. - Remove remaining cifs-mount pieces from the spec file. * Mon Aug 16 2010 jmcdonough@suse.de - Fix printers not auto loading with registry config; (bso#7280); (bnc#617153). * Sun Aug 15 2010 lmuelle@suse.de - Update to 3.6.0pre1. + SMB2 support is fully functional despite managing quota using the Microsoft management tools. + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local user and group information. + The spoolss and the old RAP printing code have been completely overhauled and refactored. + The SMB Traffic Analyzer (SMBTA) VFS module got added. * Sun Aug 15 2010 lmuelle@suse.de - Intilize workgroup of nmblookup as empty string. * Thu Aug 12 2010 jmcdonough@suse.de - Fix net ads join when using parent domain users; (bso#6364); (bnc#630812). * Wed Jul 28 2010 sjayaraman@suse.de - cifs: do not restart during dhcp lease renewal when IPaddress remains the same; (bnc#573246). * Mon Jul 05 2010 lmuelle@suse.de - Fix "Too many open files" when trying to access large number of files; (bso#6837); (bnc#619787). * Wed Jun 23 2010 lmuelle@suse.de - Update to 3.5.4. + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap (bug #7448). + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + Allow previous password to be stored and use it to check tickets; (bso#7099). + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188). + Fix editing users' groups via UsrMgr; (bso#7262). + Fix Winbind over IPv6; (bso#7341). + Samba sends "raw" inode number as uniqueid with unix extensions; (bso#7410). + Fix printing large formats; (bso#7423). + Fix spnego returning incorrect mechListMIC string; (bso#7449). + Fix some crash bugs and missing error codes in AddDriver paths; (bso#7459). + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479). + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500). + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503). + Fix numerous build issues; (bso#7504). + Fix session setup from linux kernel cifs clients with "sec=ntlmv2"; (bso#7517). * Mon Jun 21 2010 lmuelle@suse.de - Remove all provides and obsoletes samba3 from the spec file. Packages with this base name have not been offered as part of a product. * Fri Jun 11 2010 lmuelle@suse.de - Fix a NULL pointer dereference in smbd of the 3.4 code base; CVE-2010-1635; (bso#7229); (bnc#605935). * Tue Jun 08 2010 lmuelle@suse.de - Address possible buffer overrun in chain_reply code of pre-3.4 versions; CVE-2010-2063; (bso#7494); (bnc#611927). * Mon Jun 07 2010 hhetter@suse.de - Update of the SMB Traffic Analyzer v2 VFS module * Fri May 28 2010 jmcdonough@suse.de - Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873); (bnc#592198); (bso#6697). * Wed May 19 2010 lmuelle@suse.de - Update to 3.5.3. + Fix MS-DFS functionality; (bso#7339). + Fix a Winbind crash when scanning trusts; (bso#7389). + Fix problems with SIGCHLD handling in Winbind; (bso#7317). + Add replacement for IPV6_V6ONLY on linux systems with broken headers; (bso#7196). + Fix cups encryption setting; (bso#7263). + Fix exporting printers via 'cupsaddsmb' command; (bso#7277). + Fix SMB job IDs in CUPS job names; (bso#7288). + Fix segfault in mount.cifs; (bso#7315). + Make TIME_T_MAX defines consistent; (bso#7352). + Re-fix a bug with smbd serving a windows terminal server; (bso#7357). + Display an error on 'net conf import' failures; (bso#7378). + Fix bitmap leak in dptr_Close; (bso#7384). + Fix rename problems with full_audit VFS module; (bso#7398). + Fix setting of passwords via 'net rpc user password' command; (bso#7417). + Fix 'net rpc printer list' command; (bso#7418). + Rename mod_name to module_name; (bso#7421). - Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. - Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423). - Winbind not working over IPv6; (bso#7341). * Tue May 18 2010 jmcdonough@suse.de - Honor "interfaces" list in net ad dns register; (bnc#606947). * Tue May 18 2010 lmuelle@suse.de - Exclude the RPM release from the vendor tag for openSUSE Factory; (bnc#604049). * Thu Apr 29 2010 lmuelle@suse.de - Enable the build of the idmap tdb2 module; (bnc#600822). * Sun Apr 25 2010 lars@samba.org - BuildRequire keyutils-libs-devel for Fedora and post-RHEL4. * Sun Apr 25 2010 lars@samba.org - BuildRequire pkg-config for post-10.2 systems and else pkgconfig. * Wed Apr 21 2010 jmcdonough@suse.de - Add "net conf import" error messages; (bso#7378, bnc#598189). * Wed Apr 21 2010 jsmeix@suse.de - Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544). * Wed Apr 07 2010 lmuelle@suse.de - Update to 3.5.2. + Fix smbd segfaults in _netr_SamLogon for clients sending null domain; (bso#7237). + Fix smbd segfaults in "waiting for connections" message; (bso#7251). + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935); CVE-2010-1642. + Fix a memleak in Winbind; (bso#7278). + Fix Winbind reconnection to it's own domain; (bso#7295). + Fix segfault if hide files or veto files has no ".AppleDouble"; (bso#1206). + Fix parsing of the gecos field; (bso#5198). + Fix several printing issues; (bso#6727). + Fix valgrind warning; (bso#6814). + Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink; (bso#6853). + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075). + Fix handling of bad server data returns in client rpc_transport; (bso#7159). + Never mark external domains as internal in Winbind; (bso#7170). + Fix access by multi-threaded applications; (bso#7202). + Fix 'net share' command; (bso#7203). + Fix DN parsing name was always null; (bso#7204). + Signals are processed twice in child; (bso#7206). + Fix returning of group members with 'getent group'; (bso#7212). + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216). + Make Winbind logs more verbose for troubleshooting; (bso#7225). + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229); (bnc#605935). + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present; (bso#7231). + Fix race conditions in CTDB persistent transactions; (bso#7232). + Symlink delete fails but incorrectly reports success to client; (bso#7234). + Fix "printer admin" functionality; (bso#7255). + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256). + Fix _winreg_QueryValue crash bugs and implement Windows behavior; (bso#7258). + Fix job management commands for CUPS queues; (bso#7269). + Fix smbd segfault if using vfs_acl_tdb; (bso#7283). + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290). + Fix smbd crashes with CUPS printers and no [printers] share defined; (bso#7297). + Fix DOS attribute inconsistency with MS Office; (bso#7310). + Many disconnecting clients render clustered Samba unusuable for some time; (bso#7312). + Make 'net conf addshare' atomic; (bso#7313). + Eliminate race condition in creating/scanning sorted subkeys in the registry backend; (bso#7314). + Winbind possibly segfaults when trying a trusted domain without inbound trust; (bso#7316). * Tue Apr 06 2010 hhetter@suse.de - Add SMB Traffic Analyzer v2 VFS module. * Tue Mar 30 2010 lmuelle@suse.de - Document "wide links" defaults to "no" in the smb.conf man page for versions pre-3.4.6; (bnc#577868). * Fri Mar 26 2010 jmcdonough@suse.de - Fix workgroup enumeration, for client printer and file share selection; (bso#6880); (bnc#586215). * Tue Mar 23 2010 jmcdonough@suse.de - Fix tdb validation for offline auth; (bnc#587014). * Mon Mar 22 2010 lmuelle@suse.de - Fix "printer admin" functionality; (bso#7255). * Mon Mar 22 2010 lmuelle@suse.de - An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935); CVE-2010-1642. * Mon Mar 22 2010 lmuelle@suse.de - Ensure to have a valid talloc stackframe; (bso#7251). * Mon Mar 22 2010 lmuelle@suse.de - _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237). * Thu Mar 18 2010 lmuelle@suse.de - Merge missing pam_winbind message translations; (bnc#499233). * Sun Mar 14 2010 lmuelle@suse.de - Remove cifs-mount subpackage for post-11.2 systems as the tools are now part of the independent cifs-utils package. * Thu Mar 11 2010 jmcdonough@suse.de - Fix join of Windows 2008 domains; (bnc#567013). * Mon Mar 08 2010 lmuelle@suse.de - Update to 3.5.1 and 3.4.7. + Fix security flaw on Linux platforms if built with libcap support allowing file system access even when permissions should have denied it; CVE-2010-0728; (bso#7222); (bnc#586683). * Mon Mar 08 2010 rhafer@novell.com - Fixed libldb.so link in libldb-devel. * Fri Mar 05 2010 hhetter@novell.com - Fix argc handling in net_share, making the command "net share" work again; (bso#7203); (bnc#584253). * Mon Mar 01 2010 lmuelle@suse.de - Update to 3.5.0. + Fix duplicate sam and unix accounts; (bso#7145). + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + Fix 'net ads dns' usage calls; (bso#7181). + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182). * Wed Feb 24 2010 lmuelle@suse.de - Update to 3.4.6. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix printing with 64 bit clients (bso#6888). + Fix core dump on 64 bit Linux (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bso#7067). + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + Fix bogus ip address in SWAT; (bso#5885). + Fix vfs_full_audit; (bso#6557). + Use the first "uid" value; (bso#6157). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix DFS on AIX (maybe others); (bso#7052). + Fix pdb_search crash as non-root user; (bso#7068). + Fix unlocking of accounts from ldap; (bso#7072). + Fix vfs_expand_msdfs; (bso#7081). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Fix reading of large browselist; (bso#7122). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix listing of printjobs in Windows 7; (bso#7130). + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + Make idmap cache persistent for "ldapsam:trusted". + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. + Shortcut uid_to_sid when "ldapsam:trusted = yes". + Make pdb_copy_sam_account also copy the group sid. + Shortcut gid_to_sid when "ldapsam:trusted = yes". + Speed up pdb_get_group_sid(). + Try to build the full unix_pw structure with ldapsam:trusted support. + Optimize ldapsam_alias_memberships() and cache ldap searches. * Fri Feb 19 2010 lmuelle@suse.de - Update to 3.5.0rc3. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix vfs_full_audit; (bso#6557). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Fix duplicate initializer in the rmdir module; (bso#6876). + Fix printing with 64 bit clients; (bso#6888). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio); (bso#7067). + Fix 'smbget' error status; (bso#7069). + Fix build of 'smbfilter'; (bso#7071). + Fix unlocking of accounts from ldap; (bso#7072). + Cliconnect gets realm wrong with trusted domains; (bso#7079). + Fix vfs_expand_msdfs; (bso#7081). + Fix storing of create time on directories in an EA in new create time code; (bso#7084). + Fix an early release of the global lock that can cause data corruption in libtdb; (bso#7085). + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Add pdb_ldap performance fixes; (bso#7116). + Change ldap filter to what really was intended; (bso#7116). + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + Fix nmbd problems with socket address; (bso#7118). + Support large browselist; (bso#7119). + Fix reading of large browselist; (bso#7122). + Fix listing of printjobs in Windows 7; (bso#7130). + Owner of file not available with Kerberos; (bso#7139). + Fix IPv4/IPv6 problems; (bso#7140). + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix some wrong newlines in de translation strings. * Tue Feb 09 2010 lmuelle@suse.de - Take extra care that a mount point of mount.cifs isn't changed during mount and don't allow it to be run as setuid root program; CVE-2010-0787; (bso#6853); (bnc#550002). * Tue Feb 09 2010 lmuelle@suse.de - Check in mount.cifs for invalid characters in device name and mountpoint; CVE-2010-0547; (brc#562156); (bnc#577925). * Tue Feb 09 2010 boyang@suse.de - Don't invalidate cache for uninitialized domains; (bnc#538923). * Tue Feb 09 2010 boyang@suse.de - Signals are processed twice in child; (bnc#538923). * Mon Feb 08 2010 jmcdonough@suse.de - Allow forced pw change even with min pw age; (bnc#561894). * Mon Feb 08 2010 lmuelle@suse.de - Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868). * Sun Feb 07 2010 boyang@suse.de - Fix enumerate domain local groups for primary domain; (bnc#573813). * Sun Feb 07 2010 boyang@suse.de - Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106). * Fri Feb 05 2010 lmuelle@suse.de - Normalize "Changing password for" msg IDs and STRs; (bnc#499233). * Thu Feb 04 2010 rhafer@novell.com - Build libtevent and libldb and put them into separate subpackages. * Tue Jan 26 2010 lmuelle@suse.de - Update to 3.5.0rc2. + The Using Samba HTML book has been removed. + 'net', 'smbclient' and libsmbclient can use logon credentials cached by Winbind; (bso#7062). + New vfs_scannedonly module has been added; (bso#7028). + Check password history before increasing "badPasswordCount"; (bso#4347). + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; (bso#6157). + Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb; (bso#6876). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + Disable sanity check in NetShareEnum for better compatibility with Windows; (bso#7029). + Fix SMBrmdir error message when deleting a directory fails; (bso#7033). + Fix segfault in vfs_cap; (bso#7034). + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036). + Fix a Winbind segfault in "trusted_domains"; (bso#7037). + Complete and improve some German translation of 'net'; (bso#7039). + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039). + Fix crash bug in libsmbclient; (bso#7043). + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045). + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046). + Lock down some srvsvc calls according to what w2k3 seems to do. * Tue Jan 19 2010 lmuelle@suse.de - Update to 3.4.5. + Fix memory leak in smbd (bug #7020). + Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + BUG 6642: Fix opening the quota magic file. + BUG 6919: Fix remote quota management. + BUG 7034: Fix internal error caused by vfs_cap. + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + BUG 7043: Fix crash bug in "SMBC_parse_path". + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server. * Tue Jan 12 2010 lmuelle@suse.de - Free unused memory after a packet got processed; (bso#7020). * Fri Jan 08 2010 boyang@suse.de - Add timeout to rpc call to prevent infinite loop when network is down; (bnc#538923). * Thu Jan 07 2010 lmuelle@suse.de - Update to 3.5.0rc1. + BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7; (bnc#619787). + BUG 6939: Fix long filenames when "mangling method" is set to "hash". + BUG 6991: Create symbol links to shared libraries. + BUG 6992: make test for getgrouplist cacheable. + BUG 7014: Fix Winbind crash when retrieving empty group members. + BUG 7020: Fix smbd using 2G memory. + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. + Vector correctly through reply_openerror() (which uses the same logic). + Fix bugs with the full Windows ACL support. + Add a few missing gettext calls to the 'net' command. + Fix up a share type translation and translate some more strings in 'net'. + Allow to call "pdbedit -N description -u user" without specifiyng "-r". + Add spoolss_DriverInfo7. + Fix rpcclient after setprinter IDL fixes. + Use generated krb5.conf in 'net ads testjoin'. + Add some German translations for the 'net' command. + Update mount.cifs man page with nounix option. + Fix _samr_GetAliasMembership for results with 0 rids. + Fix an error case in cli_negprot. + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. + Restore correct timeouts for SMB requests. + Fix a 64-bit error in libsmb. + Replace IS_DOMAIN_OFFLINE by a function in Winbind. + Simplify/cleanup Winbind code. + Fix write behind memory block in libtalloc. + Fix result check for getaddrinfo(). + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. + Fix standalone 'make installdocs'. + Output %p as unsigned in snprintf replacement. + New attempt at TDB transaction nesting allow/disallow. + Remove swig stuff from libtdb. + Reset tdb->fd to -1 in tdb_close() in libtdb. + Change the way mksysms work in libtalloc. + Also build and install tdb manpages from standalone tdb. + Fix infinite loop in NCACN_IP_TCP as there is no timeout. + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. + List trusted domains from wcache when domain is offline. * Thu Jan 07 2010 lmuelle@suse.de - Update to 3.4.4. + Fix interdomain trust relationships with Win2008R2 (bug #6697). + Fix Winbind crashes when queried from nss (bug #6889). + Fix Winbind crash when retrieving empty group members (bug #7014). + Fix "UID range full" error in Winbind (bug #6901). + Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). + BUG 4832: Fix iconv checks. + BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + BUG 6828: Fix infinite timeout when byte lock held outside of samba. + BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7; (bnc#619787). + BUG 6841: Fix "map acl inherit = yes". + BUG 6850: Fix shadow copy display on Windows 7. + BUG 6867: Fix listing of directories with a lot of files. + BUG 6868: Support building with Heimdal we well as with MIT. + BUG 6875: Fix DOS attributes on OS/2 clients. + BUG 6880: Fix listing of workgroup servers in libsmbclient. + BUG 6898: Samba duplicates file content on appending. + BUG 6918: Fix krb5 build problem on Ubuntu karmic. + BUG 6929: Fix build with recent heimdal. + BUG 6939: Fix long filenames with "mangling method = hash". + BUG 6967: Fix 'net ads join' with OU. + BUG 6981: Fix paged search with DirX LDAP server. + BUG 6982: Remove erroneous out of memory error path in lookup_sid. + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. + Fix the build of the winbind krb5 locator plugin. + Fix enumprinter key client and server. * Wed Jan 06 2010 lmuelle@suse.de - Readjust the _libdir/cups/backend/smb sym link only on uninstall of the samba-krb-printing package; (bnc#568603). * Fri Jan 01 2010 lars@samba.org - Add BuildRequires to fam-devel; (bnc#564260). * Wed Dec 30 2009 jmcdonough@suse.de - Prevent winbind crash; (bso#7014); (bnc#566119). * Mon Dec 21 2009 sjayaraman@suse.de - Fix processing of open modes in POSIX open; (bnc#530683). * Thu Dec 17 2009 jengelh@medozas.de - Add baselibs.conf as a source. * Tue Dec 15 2009 lmuelle@suse.de - Update to 3.5.0pre2. + BUG 2350: Add LDAP Alias Dereferencing support. + BUG 6288: SWAT adds a second share when changing parameters of an existing share. + BUG 6435: Fix minor memory corruption. + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. + BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. + BUG 6837: "Too many open files" when trying to access large number of files from Windows 7; (bnc#619787). + BUG 6860: Fix shared library build on QNX. + BUG 6879: Fix crash in Winbind. + BUG 6929: Fix build with recent heimdal. + BUG 6938 : No hook exists to check creation rights when using acl_xattr module. + BUG 6967: Prevent glibc error on 'net ads join'. + Fix vfs_acl_xattr which was failing to call the NEXT connect function. + Restructure the ACL code. + Refactor reply_rmdir to use handle based code. + Fix the build when no external talloc and tdb are installed. + Fix detection of CTDB headers on systems without system-libtalloc. + Fix several printing issues. + Fix the build on Mac OS X 10.6.2. + Fix net and rpcclient after setprinterdataex changes. + Add full support for level 8 printer drivers. + Add more spoolss architectures to IDL. + Fix enumprinter key client and server. + Fix crash in EnumPrinterDataEx. + Prefer posix_fallocate for doing "strict allocate". + Restore "fake directory create times" as a share parameter. + Fix explicit stat64 support. + Add support for NetWkstaGetInfo 101 and 102. + Add rpcclient wkssvc_enumerateusers. + De-deprecate "write cache size" to prevent its removal without a proper alternative. + Allow more than 1000 users in BUILTIN\Users. + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. + Fix the build of the example VFS modules. + Fix crash in free_file_list(). + Give the user a chance to change password when password will expire soon. * Wed Dec 09 2009 lmuelle@suse.de - Store the smbfs service state if enabled and restore it for cifs while upgrade on post-11.2 systems. * Wed Dec 09 2009 lmuelle@suse.de - Prevent cifstab from being overwritten while upgrade on post-11.2 systems. * Wed Dec 09 2009 boyang@suse.de - Give the user a chance to change password when password will expire soon; (FATE#302414). * Tue Dec 08 2009 lmuelle@suse.de - Rename smbfs init script to cifs for post-11.2 systems. * Tue Dec 08 2009 jmcdonough@suse.de - Allow Windows 7 to connection to samba domain controllers and member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680). * Fri Dec 04 2009 jmcdonough@suse.de - Error on joining windows domain (invalid pointer); (bso#6967); (bnc#553622). * Thu Dec 03 2009 lmuelle@suse.de - Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165). - Simplify the winbind package %pre script and suppress stdout only. * Thu Nov 26 2009 lmuelle@suse.de - Update to 3.5.0pre1 + Add support for full Windows timestamp resolution. + Experimental implementation of SMB2. + Add encryption support for connections to a CUPS server. + Major windbind asynchronous refactoring. - Remove using_samba from the doc package. - Increase major version of libtalloc to 2. * Thu Nov 19 2009 boyang@suse.de - Fix kerberos refresh chain; (bnc#546162); (bso#6872). * Fri Nov 06 2009 lmuelle@suse.de - Hardlink duplicate files on post-11.1 systems. * Fri Nov 06 2009 lmuelle@suse.de - Add BuildArch noarch to samba-doc on post-11.1 systems. * Tue Nov 03 2009 boyang@suse.de - Use full 16byte session key in make_user_info_netlogon_interactive(); (bnc#551811). * Thu Oct 29 2009 lmuelle@suse.de - Update to 3.4.3. + Fix trust relationships to windows 2008 (2008 r2) (bug #6711). + Fix file corruption using smbclient with NT4 server (bug #6606). + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. + BUG 6529: Offline files conflict with Vista and Office 2003. + BUG 6532: Fix domain enumeration if master browser has space in name. + BUG 6606: Fix file corruption using smbclient with NT4 server. + BUG 6690: Fix wrong error check in profile. + BUG 6703: Allow smbstatus as non-root. + BUG 6704: Fix syntax error in avahi configure test. + BUG 6707: Fix an occasional segfault in config file parsing. + BUG 6710: Adjust regex to match variable names including underscores. + BUG 6711: Fix trust relationships to windows 2008 (2008 r2). + BUG 6726: SIVAL should have been an SVAL. + BUG 6728: BSD needs sys/sysctl.h included to build properly. + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. + BUG 6764: Fix timeval calculation. + BUG 6765: Add a "hidden" parameter "share:fake_fscaps". + BUG 6769: Fix symlink unlink. + BUG 6772: Allow outstanding_aio_calls to be decremented. + BUG 6774: smbd crashes if "aio write behind" is set. + BUG 6776: Fix core dump caused by running overlapping Byte Lock test. + BUG 6781: Fix renaming subfolders in Explorer view. + BUG 6791: Fix linking order in cifs.upcall. + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". + BUG 6793: Fix segfault in winbindd_pam_auth. + BUG 6796: Deleting an event context on shutdown can cause smbd to crash. + BUG 6797: Fix a memleak in libwbclient. + BUG 6804: Fix hpux compiler issue. + BUG 6805: Correctly handle aio_error() and errno. + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. + BUG 6810: Add support for finding alternate credcaches to cifs.upcall. + BUG 6811: Fix reference to freed memory in pam_winbind. + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. + BUG 6824: Fix avahi activation. + BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. + BUG 6828: Fix infinite timeout when byte lock held outside of Samba. + BUG 6829: Fix displaying of multibyte characters in smbclient. + BUG 6840: Fix crash in pam_winbind. + Fix an uninitialized variable. + Only ever handle one event after a select call. + Conditional install of the cifs.upcall man page. + Fix warning occuring when building the manpages. * Fri Oct 23 2009 lmuelle@suse.de - Let smbclient show special characters properly; (bso#6829); (bnc#544204). * Fri Oct 23 2009 boyang@suse.de - Don't fail authentication when one or some group of require-membership-of is invalid; (bnc#525123); (bso#6826). * Fri Oct 16 2009 jmcdonough@suse.de - Allow winbind to ignore certain domains; (bnc#539506). * Thu Oct 08 2009 lmuelle@suse.de - Update to 3.4.2. + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517). + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115). + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). * Wed Sep 30 2009 jmcdonough@suse.de - Fix potential denial of service; CVE-2009-2906; (bnc#543115). * Fri Sep 25 2009 jmcdonough@suse.de - Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). * Wed Sep 23 2009 jmcdonough@suse.de - Fix unresolved home path; CVE-2009-2813; (bnc#539517). * Mon Sep 21 2009 boyang@suse.de - Don't overwrite password in pam_winbind; (bnc#515444). * Mon Sep 14 2009 chris@computersalat.de - mods for winbind (when used with squid - ntlm_auth) o winbind adds group 'winbind' o permission 0750,root,winbind LOCKDIR/winbindd_privileged * Thu Sep 10 2009 lmuelle@suse.de - Merge two fixes from 3.2.8 and 3.3.1. + Adjust regex to match variable names including underscores. + Conditional install of the cifs.upcall man page. * Wed Sep 09 2009 lmuelle@suse.de - Remove supplements from baselibs.conf while %clean for pre-11.1 systems; (bnc#520579). * Wed Sep 09 2009 lmuelle@suse.de - Update to 3.4.1. + Fix authentication on member servers without Winbind (bug #6650). + Nautilus fails to copy files from an SMB share (bug #6649). + Fix connections of Win98 clients (bug #6551). + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + Fix Winbind authentication issue (bug #6646). + BUG 5879: Update LDAP schema for Netscape DS 5. + BUG 5886: Fix password change propagation with ldapsam. + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe. + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. + BUG 6437: Make open_udp_socket() IPv6 clean. + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. + BUG 6532: Fix the build with external talloc. + BUG 6538: Cancel all locks that are made before the first failure. + BUG 6560: Fix lookupname. + BUG 6564: SetPrinter fails (panics) as non root. + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. + BUG 6585: Fix unqualified "net join". + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. + BUG 6601: Avoid global fd limits. + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. + BUG 6611: Fix a valgrind error in chain_reply. + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 6650: Fix authentication on member servers without Winbind. + BUG 6651: Fix smbd SIGSEGV when breaking oplocks. + BUG 6655: Fix 'smbcontrol smbd ping'. + BUG 6620: Fix a bug in renames of directories. + BUG 6664: Fix truncation of the session key. + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". + BUG 6680: Fix authentication failure from Windows 7 when domain joined. + BUG 6688: Fix crash in 'net usershare list'. + BUG 6693: Check we read off the complete event from inotify. + BUG 6700: Use dns domain name when needing to guess server principal. * Thu Aug 13 2009 boyang@suse.de - Update to 3.2.14. + Fix SAMR access checks (e.g. bugs #6089 and #6112). + Fix 'force user' (bug #6291). + Improve Win7 support (bug #6099). + Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6089: Fix SAMR access checks. + BUG 6112: Fix SAMR access checks. + BUG 6279: Fix Winbind crash. + BUG 6291: Fix 'force user'. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6386: Groupdb mapping fix. + BUG 6421: Fix POSIX read-only open on read-only shares. + BUG 6476: Fix more smbd-zombies in memory. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + BUG 6504: Fix SAMR server for Winbind access. + BUG 6520: Fix time stamps. + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6465: Fix enum_aliasmem in ldb branch. + BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 6526: Let parent_dirname() correctly return toplevel filenames. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 5798: Preserve CFLAGS info in configure. + BUG 6382: Case insensitive access to DFS links broken. + BUG 6481: Don't require "Modify property" perms to unjoin. + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. + BUG 6560: Lookupname failed, cannot find domain when attempt to change password. + Prevent creation of keys containing the '/' character. + Fix join of Windows 7 RC to a Samba3 DC. + Fix bug in processing of open modes in POSIX open. + Fix the negotiate flags. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to 'net'. + Fix a race condition in Winbind leading to a panic. + Add workaround for MS KB932762. + 5945: Fix out of memory error with Winbind idmap. + Avoid duplicate ACEs. + Fix profile ACLs in some corner cases. + Zero an uninitialized array. * Wed Aug 12 2009 boyang@suse.de - Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271); (bso#6615). * Mon Aug 10 2009 boyang@suse.de - check in .po files for pam_winbind; (bnc#499233); (bso#6602). * Thu Aug 06 2009 hhetter@suse.de - Add ntp and network-remotefs as Should-Start dependency to the winbind init script; (bnc#515629). * Thu Aug 06 2009 lmuelle@suse.de - Update to 3.0.36. + Fix Winbind crash on 'getent group' (bug #5906). + Excel save operation corrupts file ACLs (bug #4308). + Prevent segmentation fault on joining a very long domain name. + BUG 4308: Excel save operation corrupts file ACLs. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + BUG 4640: Fix guest mounts in mount-cifs. + BUG 5906: Fix Winbind crash on 'getent group'. + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + BUG 6099: In order to allow Win7 to connect to a Samba NT style. + BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. + BUG 6085: Fix build of vfs_default. + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. + Fix logic error in try_chown. + Correctly use chroot(). + Fix bug in processing of open modes in POSIX open. + Don't install the cifs.upcall binary twice. + Fix mount.cifs handling of -V option. + Prevent segmentation fault on joining a very long domain name. + Don't try and delete a default ACL from a file. + Add workaround for MS KB932762. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg. * Sat Aug 01 2009 lmuelle@suse.de - Use a conditional suse_version macro in front of the SUSE_ASNEEDED export. * Mon Jul 27 2009 boyang@suse.de - lookupname failed, cannot find domain when attempt to change password; (bnc#520645); (bso#6560). * Thu Jul 16 2009 lmuelle@suse.de - Don't link with --as-needed flag on post-11.1 systems. * Tue Jul 14 2009 lmuelle@suse.de - Stop the smbfs service if an interface goes down; (bnc#517768). * Wed Jul 08 2009 lmuelle@suse.de - Disable build of static libraries on post-11.1 systems; (bnc#509945). * Wed Jul 08 2009 jmcdonough@suse.de - Fix missing zlibs for cifs.upcall and test_shlibs. * Fri Jul 03 2009 lmuelle@suse.de - Update to 3.4.0. + BUG 6431: Local groups from 3.0 setups no longer found. + BUG 6459: Fix build of pam_smbpass on some distributions. + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain not. + BUG 6497: Fix calling of 'test' in configure. + BUG 6498: Add workaround for MS KB932762. + BUG 6499: Fix building of pam_smbpass. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6512: Fix support for enumerating user forms. + BUG 6514: Improve error message in 'net' when smb.conf is not available. + BUG 6520: Fix time stamps when "unix extensions = yes". + BUG 6521: Fix building tevent_ntstatus without config.h. + BUG 6526: Fix notifies in the share root directory. + BUG 6531: Fix pid file name. * Thu Jul 02 2009 lmuelle@suse.de - Package /etc/samba/smbpasswd as %ghost on post-11.1 systems. * Tue Jun 30 2009 jmcdonough@suse.de - Fix net ads leave; (bnc#511695). * Thu Jun 25 2009 sbrabec@suse.cz - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). - Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164). * Wed Jun 24 2009 lmuelle@suse.de - Update to 3.2.13, 3.3.6. + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478). * Wed Jun 24 2009 lmuelle@suse.de - Update to 3.0.35. + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes"; CVE-2009-1888; (bnc#515479). * Tue Jun 23 2009 jmcdonough@suse.de - Uninitialized read of a data value; CVE-2009-1888 (bnc#515479). * Fri Jun 19 2009 lmuelle@suse.de - Update to 3.4.0rc1. + BUG 4699: Remove pidfile on clean shutdown. + BUG 5456: Fix "net ads testjoin". + BUG 6081: Make it possible to change machine account sids. + BUG 6253: Use correct value for password expiry calculation in pam_winbind. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6305: Correctly prompt for a password when a username was given. + BUG 6328: Add support for multiple rights to "net sam rights grant/revoke". + BUG 6333: Consolidate create/delete account paths in pdbedit. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6451: net/libnetapi user rename using wrong access bits. + BUG 6458: Fix uninitialized variable in local_password_change(). + BUG 6465: Fix enumeration of empty aliases. + BUG 6476: Fix smbd-zombies in memory when using [x]inetd. + BUG 6487: Add missing DFS call in trans2 mkdir call. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + Improve pam_winbind documentation. - Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions. * Thu Jun 18 2009 boyang@suse.de - Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user input as a format string to asprintf; CVE-2009-1886; (bnc#513360). * Wed Jun 17 2009 boyang@suse.de - Fix a bad memleak in vfs_full_audit; (bnc#510035). * Tue Jun 16 2009 lmuelle@suse.de - Update to 3.3.5. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix joining of Win7 into Samba domain (bug #6099). + Fix joining of Win2000 SP4 clients (bug #6301). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL. + BUG 5897: Fix shutdown script example in the smb.conf manpage. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6301: Fix joining of Win2000 SP4 clients. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix 'net groupmap set' segfault. + BUG 6361: Make --rcfile work in smbget. + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. + BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. + BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. + BUG 6441: Fix the compile with --enable-dnssd. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent infinite include nesting. + Mark registry shares without path unavailable. + Also handle DirX return codes. + Fix Coverity ID 897. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix a race condition in winbind leading to a panic. + Some man pam_winbind improvements. + Zero an uninitialized array. * Tue Jun 16 2009 lmuelle@suse.de - Update to 3.2.12. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix "force user" (bug #6291). + Fix Winbind crash (bug #6279). + Fix joining of Win7 into Samba domain (bug #6099). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5798: CFLAGS info lost in configure. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5835: Add keyutils-devel to build requires. + BUG 5945: Fix out of memory error with Winbind idmap. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6279: Fix Winbind crash. + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6291: Fix "force user". + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6386: Groupdb mapping fix. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent creation of keys containing the '/' character. + Fix bug in processing of open modes in POSIX open. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a race condition in winbind leading to a panic. + Fix a crash bug if we timeout in net rpc trustdom list. + Fix profile acls in some corner cases. * Fri Jun 12 2009 lmuelle@suse.de - Default with passdb backend to smbpasswd for SUSE products older than 11.2. * Fri Jun 12 2009 lmuelle@suse.de - Explicitly use 'tdbsam' as passdb backend in the default smb.conf file. * Mon Jun 08 2009 lmuelle@suse.de - Update to 3.4.0pre2. + The default passdb backend has been changed to 'tdbsam'! + Samba4 and Samba3 sources are included in the tarball. + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Made parameter syntax of the net command more consistent. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 4271: testparm should not print includes. + BUG 4831: Don't call openlog() or closelog() from pam_smbpass. + BUG 5681: Do not limit the number of network interfaces. + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo access checks. + BUG 6099: Fix NETLOGON credential chain. + BUG 6136: New AFS syscall conventions. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6253: Use correct value for password expiry calculation. + BUG 6291: Fix 'force user'. + BUG 6292: Update config.guess from gnu.org. + BUG 6302: Give the VFS a chance to read from 0-byte files. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on malloced memory. + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix segfault in 'net groupmap set'. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6357: Use Samba default command line arguments in 'net'. + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4 and IPv6 addresses + BUG 6361: Make --rcfile work in smbget. + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share. + BUG 6372: usermanager only displaying 1024 groups and aliases. + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids. + BUG 6415: Filter out of range mappings in default idmap config (idmap_tdb). + BUG 6416: Filter out of range mappings in default idmap config (idmap_tdb2). + BUG 6417: Filter out of range mappings in default idmap config (idmap_ldap). + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Fix the core of the SAMR access functions. + Fix SAMR server for winbindd access. + Add dbwrap_tool - a tdb tool that is CTDB-aware. + Hide "config backend" from swat. + Fix linking with --disable-shared-libs. + Fix issue with missing entries when enumerating directories. + Map NULL domains to our global sam name. + Fix driver upload for Xerox 4110 PS printer driver. + Add "net dom renamecomputer" to rename machines in a domain. + Inspect the correct computername string before enabling/disabling the change button in netdomjoin-gui. + Fix join prompt dialog test in netdomjoin-gui. + Only gray out labels when not root and not connecting to remote machines (netdomjoin-gui). + Allow to switch between workgroups/domains with the same name (netdomjoin-gui). + Add NetShutdownInit and NetShutdownAbort. + Fix samr access checks. + Add a security model to LSA. + Also handle DirX return codes. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix Coverity ID 897. + Fix a race condition in vfs_aio_fork with gpfs share modes. + Fix bug disclosed by lock8 torture test. + Fix a race condition in winbind leading to a panic. + Detect tight loop in tdb_find(). + Fix chained sesssetupAndX/tconn messages. + Fix strict locking with chained reads. + Fix two bugs in sendfile. + Fix memory leak. + Fix file descriptor leak. + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL. + Always allocate memory in dptr_ReadDirName. + Fix 'net' crash during domain join. + Zero an uninitialized array. + Allow child processes to exit gracefully if we are out of fds. * Thu Jun 04 2009 sjayaraman@suse.de - Enable cifs.upcall on versions newer than SUSE 10.0. * Thu Jun 04 2009 sjayaraman@suse.de - Add BuildRequires to keyutils-devel. * Thu Jun 04 2009 sjayaraman@suse.de - Remove redundant Requires to keyutils-libs for cifs-mount. * Wed May 27 2009 jmcdonough@suse.de - Detect tight loop in tdb_find(); (bnc#450974). * Mon May 18 2009 jmcdonough@suse.de - Fix lp printing with kerberos; (bnc#476913). * Sat May 09 2009 lmuelle@suse.de - Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all other build targets. * Thu Apr 30 2009 lmuelle@suse.de - Update to 3.4.0pre1. + Samba4 and Samba3 sources are included in the tarball + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Make merged build possible. + Move common libraries to the shared lib/ directory. * Thu Apr 30 2009 lmuelle@suse.de - Update to 3.3.4. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix usrmgr.exe creating a user (bug #6243). + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6279: Fix Winbind crash. + BUG 5329: Add "net rpc service delete/create". + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. + BUG 6263: Fix domain logins for WinXP clients pre SP3. + BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. + BUG 6243: Fix usrmgr.exe creating a user. + net conf: Save share name as given, not as lower case only. + Prevent creation of registry keys containing the '/' character. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Don't access a freed structure when logging off and re-using a vuid. + Try to to fix password_expired flag handling. + Make sure to grey out change fields in the netdomjoin-gui when not running as root. + Don't look up local user for remote changes, even when root. + Use procid_str in debug messages for better cluster-debuggability. + Use cluster-aware procid_is_me instead of comparing pids. + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Do not use the file system GET_REAL_FILENAME for mangled names. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to net. + In net_conf_import, start a transaction when importing a single share. + Fix writing of roaming profiles with "profile acls" set to "yes". * Fri Apr 17 2009 lmuelle@suse.de - Update to 3.2.11. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix smbd crash for close_on_completion. + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6205: Correct sample smb.conf share configuration. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6263: Fix domain logins for WinXP clients pre SP3. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Fix resume command typo for "printing = vlp". + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Don't look up local user for remote changes, even when root. * Fri Apr 17 2009 jmcdonough@suse.de - Don't lookup local user for remote password changes; (bnc#493507). * Thu Apr 02 2009 lmuelle@suse.de - Update to 3.3.3. + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). + Fix serving of files with colons to CIFS/VFS client (bug #6196). + Fix "map readonly" (bug #6186). + BUG 6195: Don't let smbd child processes panic. + Add backend_requires_messaging() method to libsmbconf. + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + Fall back to file backend when no valid backend was found. + Fix a memleak in dbwrap_rbt. + Provide transaction_start|commit|cancel fns for the registry tdb. + Speed up "net conf drop". + Speed up "net conf import". + Add transactions to the libsmbconf API. + Reduce memory usage of "net conf import". + Registry cleanup. + Fix handling of SAMBA_VERSION_VENDOR_PATCH. + Fix build of pam_winbind.so with static linking. + Tidy up some convert_string_internal error cases. + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. + Allow DFS client paths to work when POSIX pathnames have been selected. + Try and fix the build farm RAW-STREAMS errors. + Ensure files starting with multiple dots are hidden. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + Fix notify_printer_status_byname. + Fix Coverity IDs 722, 762, 774, 775, 776. + Fix build on old Heimdal based systems. + Fix compile warning. + Use parentheses in if condition to make negation clear. + Add dirsort module. + BUG 6147: Fix detection of the GNU ld version. + BUG 6097: Fix smbd segfault. + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6139: Add missing whitespace in mount.cifs error message. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix a valgrind error. + Speed up "net conf list". + Add sorted subkey cache. + Use StrCaseCmp in the dirsort module. + Document the dirsort module. + Disable dns_sd by default. + Add avahi detection to configure. + Add event avahi binding. + Use avahi to register _smb._tcp in smbd. + Fix two memleaks in the encryption code. + Fix a scary "fill_share_mode_lock failed" message. + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. + Don't use reserved words in smbconftort. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Parse_packet can return NULL which is then dereferenced in match_mailslot_name. + Format the header check for netinet/ip.h more nicely. + Missing break in conversion function prevents tdb password database update. * Wed Apr 01 2009 jmcdonough@suse.de - Update to 3.2.10. + BUG #6195: Don't let smbd child processes panic. * Wed Apr 01 2009 jmcdonough@suse.de - BUG 6195: Fix crash on passdb conversion. * Tue Mar 31 2009 jmcdonough@suse.de - Update to 3.2.9. + BUG 5920: The length of the memcpy was calculated wrong. + BUG 6097: Fix smbd segfault. + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS server is invalid. + BUG 6099: Samba returns incurrate capabilities list. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem. + BUG 6161: smbclient corrupts source path in tar mode. + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + BUG 6224: nmbd waits 5 minutes before checking to run elections. + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno. + Numerous Coverity fixes + Fix double free caused by incorrect talloc_steal usage. + Backport delete semantics of alternate data streams on a file truncate. + Allow set attributes on a stream fnum to redirect to the base filename. + Fix use of streams modules with CIFSFS client. + Fix more POSIX path lstat calls. + Allow DFS client paths to work with POSIX pathnames. + Ensure files starting with multiple dots are hidden. + Fix guest auth when Winbind is running. + Fix memleak in get_remote_printer_publishing_data(). + cifs mount fix for handling -V parameter. + Fix guest mounts. + Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Enable total anonymization in vfs_smb_traffic_analyzer. + Don't try and delete a default ACL from a file. + Fix remotely adding a share via MMC. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Fix a valgrind error / segfault in dns_register_smbd(). + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix two memleaks in the encryption code. + Fix "fill_share_mode_lock failed" message. + Add S-1-22-X-Y sids to the local token. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Don't miss an absolute pathname as a kerberos keytab path. + Have nmbd check all available interfaces for WINS before failing. + Initialize the id_map status in idmap_ldap to avoid surprise. * Sun Mar 15 2009 lmuelle@suse.de - Obsolete change from 2008-03-05 by removing the needless examples cleanup. * Sat Mar 14 2009 lmuelle@suse.de - Update to 3.3.2. + Fix "force group" (bug #6155). + Fix saving of files on Samba share using MS Office 2007 (bug #6160). + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + Fix corruptions of source path in tar mode of smbclient (bug #6161). + BUG 6082: Fix renaming and deleting of directories using Windows clients. + BUG 6154: Make ZFS honor admin users. + BUG 6155: Fix "force group". + BUG 6160: Fix saving of files on Samba share using MS Office 2007. + BUG 6161: Fix corruptions of source path in tar mode of smbclient. + Fix some NetBSD warnings. + Fix bug in processing of open modes in POSIX open. + Fix use of streams modules with CIFSFS client. + Ensure ACL modules work with POSIX paths. + Use fsp->posix_open in preference if we have it. + Fix more POSIX path lstat calls. + Fix a bug in message handling for the change notify code. + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + BUG 4640: Fix guest mounts in mount.cifs. + Fix displaying the version string properly when no other parameters passed in in mount.cifs. + Prefer gssapi header files from subdirectory. + BUG 6176: winbindd -n should disable the winbind idmap cache. + Add a vfs_preopen module to hide fs latencies. + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a valgrind error / segfault in dns_register_smbd(). + Fix build on SLES8. + Decremented by 1 for ntcancel requests. + Fix creation of core files. + Fix first mapping of uids/gids in Winbind. + Initialize the id_map status in idmap_ldap to avoid surprise. + Fix initialization of idmap status. * Tue Mar 10 2009 lmuelle@suse.de - Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc. * Thu Mar 05 2009 ro@suse.de - Ignore return value from subshell to fix build. * Wed Feb 25 2009 boyang@suse.de - Make libsmbclient work with DFS, backported from 3.3; (bnc#475995). * Tue Feb 24 2009 lmuelle@suse.de - Update to 3.3.1. + Fix net ads join when "ldap ssl = start tls" (bug #6073). + Fix renaming/deleting of files using Windows clients (bug #6082). + Fix renaming/deleting a "not matching/resolving" symlink (bug #6090). + Fix remotely adding a share via the Windows MMC. + BUG 6082: Fix renaming/deleting of files using Windows clients. + BUG 6069: Fix build with too many arguments. + BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6117: Fix core dump of pdbedit -a. + BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem. + Fix Coverity IDs 115, 116, 117, 602. + Fix warning (bad handler prototype). + Unify the detection of the timespec code in configure.in, and the application of it in time.c. + Correctly use chroot(). + Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" read from the rpc packet in spoolss is under that size. + Backport the semantics of when to delete alternate data streams on a file truncate. + Fix printf warnings. + BUG 6073: Prevent ads_connect() from using SSL unless explicitly requested. + Fix 'getent passwd' to allocate new uids. + Fix 'getent group' to allocate new gids. + Remove check for sharename being a username in 'net conf addshare'. + Fix Coverity ID 848. + Remove unused ENUM_HND from 'net'. + Fix getform command asprintf return code in rpcclient. + Fix memleak in get_remote_printer_publishing_data(). + Remove duplicate prototypes for generated rpc server functions. + Enable total anonymization in vfs_smb_traffic_analyzer. + Fix build with external dns_sd libraries. + Fix configure check "sub-second timestamps without struct timespec". + Use correct BSD evironment variable. + Don't try and delete a default ACL from a file. + BUG 5798: CFLAGS info lost in configure. + Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880. + Fix remotely adding a share via the Windows MMC. + Avoid valgrind errors. + Fix 'net rpc join' for users with the SeMachineAccountPrivilege. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Initialize rc to 0 in main in mount.cifs. + BUG 6069: Add a fstatvfs function for libsmbclient. + Eliminate compiler warnings. + Don't miss an absolute pathname as a kerberos keytab path. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + Make Samba work with older ctdb versions. + Add S-1-22-X-Y sids to the local token. + Conditional install of the cifs.upcall man page. + Adjust regex to match variable names including underscores. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution. + Fix "assignment discards qualifiers from pointer target type" warnings. + Fix SMB_VFS_RECVFILE/SENDFILE macros. + Change "ldap ssl:ads" parameter to "ldap ssl ads". + Add manpages for vfs_acl_xattr and vfs_acl_tdb. + Fix double free caused by incorrect talloc_steal usage. + Build ldbrename. + Make nmbd check all available interfaces for WINS before failing. + Fix compilation of vfs_default on systems that do not support utimes(). + BUG 5920: Fix the calculation of the memcpy length. + BUG 6098: Fix ads_find_dc() in setups with "security = domain". + Make libsmbclient work with DFS. * Mon Feb 23 2009 hhetter@suse.de - Define init_samba_module in all samba-vscan modules; (bnc#469218). * Sat Feb 21 2009 lmuelle@suse.de - Add GPLv3 header to all init scripts; (bnc#459766). * Tue Feb 10 2009 boyang@suse.de - Backport of the clean event context after fork and krb5 refresh chain fixes; (bnc#415026). * Mon Feb 09 2009 jmcdonough@suse.de - Revert accidental partial strict allocate upstream commit * Sun Feb 08 2009 jmcdonough@suse.de - Update to 3.2.8. + Fix and streamline join and DC detection + BUG 4308: Excel save operation corrupts file ACLs. + BUG 5933: Fix incrementing/decrementing num_validated_vuids. + BUG 5953: Fix smbclient crashes. + BUG 5953: Make cli_send_smb_direct_writeX use writev. + BUG 5965: Fix creation of the first share using SWAT. + BUG 5969: Optimize smbclient put command. + BUG 5979: Fix level 2 oplocks. + BUG 5980: Fix race condition when granting level2 oplocks + BUG 5986: Fix renaming of streams. + BUG 5990: Strict allocate should be checked before ftruncate. + BUG 6000: Avoid bashism in perfcount.init. + BUG 6009: Setting "min receivefile size = 1" breaks writes. + BUG 6014: mget shouldn't segfault without arguments. + BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict. + BUG 6017: Fix magic scripts. + BUG 6021: smbclient du command does not recuse properly. + BUG 6030: Add missing <th> header in Status page. + BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery. + BUG 6040: Calling Samba print server with an aliased DNS-name fails. + BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs. + Fix "allow trusted domain" so it disables trusted domains. + Fix error code when smbclient puts a file over an existing directory. + Don't return 0 on error in smbcacls - bad for scripts. + Determine case sensitivity based on file system attributes. + Add vfs_fileid manpage. + Adjust regex to match variable names including underscores. + Fix stream marshalling to return the correct streaminfo status. + Fix a delete on close divergence from Windows. + Allow renames of streams via NTRENAME and fix stream error codes. + Fix a segfault if ? is there but the options are NULL. + Avoid flooding of syslog with failing pam_putenv messages. + Document default of the printing config variable. + Change default value for "ldap ssl" to "start tls". + Check if Unix account exists before asking for the password in smbpasswd. + Add manpage for vfs_shadow_copy2. + Clean event context after child is forked. + Refresh sequence number as soon as possible. + Don't set child->requests to NULL in parent after fork. + Clean event context after fork and fix krb5 refresh chain. + Fix null pointer refrence in event context. + Don't send message to any other child in child process. + Fix bug in get_dc_name_via_netlogon(), null pointer refrence. * Tue Feb 03 2009 jmcdonough@suse.de - Backport 3.2.8 fixes. + cups leaks and crashes + various winbind child handling fixes + join fixes + ACL fixes for Excel + allow usrmgr with non-root * Mon Feb 02 2009 lmuelle@suse.de - Replace cifs.upcall Makefile patches by the upstream version. * Wed Jan 28 2009 lmuelle@suse.de - Only add ccache to BuildRequires if it is used. * Tue Jan 27 2009 lmuelle@suse.de - Update to 3.3.0. + The passdb tdbsam version has been raised. + Splitting of library directory into library directory and separate modules directory. + The default value of "ldap ssl" has been changed to "start tls". + Extended Cluster support. + New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb" to store NTFS ACLs on Samba file servers. + Simplified idmap configuration. + New idmap backends "adex" and "hash". + Added new parameter "winbind reconnect delay". + Added support for user and group aliasing. + Added support for multiple domains to idmap_ad. + The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. + The 'net' utility can now use kerberos for joining and authentication. + The 'wbinfo' utility can now add, modify and remove identity mapping entries. + NetApi library implements various new calls for User- and Group Account Management. + libsmbclient does now determine case sensitivity based on file system attributes. * Fri Jan 23 2009 anschneider@suse.de - Replace all chkconfig calls with rc_active calls to improve performance during boot. * Fri Jan 23 2009 anschneider@suse.de - Add SuSEfirewall2 service config file to allow samba browsing on post-10.2 systems; (bnc#460902). * Tue Jan 20 2009 lmuelle@suse.de - Update to 3.0.34. + Fix update of machine account passwords. + Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. + Fix Winbind crashes. + Correctly detect if the current dc is the closest one. + Add saf_join_store() function to memorize the dc used at join time. This avoids problems caused by replication delays shortly after domain joins. + Fix write list in setups using "security = share". * Wed Jan 07 2009 olh@suse.de - Obsolete old -XXbit packages; (bnc#437293). * Mon Jan 05 2009 lmuelle@suse.de - Update to 3.2.7. + Samba 3.2.0 to 3.2.6 can potentially give root filesystem access to older versions of smbclient; CVE-2009-0022; (bnc#460764). * Sat Dec 27 2008 jmcdonough@suse.de - Samba 3.2.0 to 3.2.6 can potentially give root filesystem access to older versions of smbclient; CVE-2009-0022; (bnc#460764). * Thu Dec 25 2008 boyang@suse.de - Fix nmbstatus dipslay when workgroup parameter is given; (bnc#459785). * Thu Dec 25 2008 boyang@suse.de - Fix Mounting failure when there is white spaces in service; (bnc#460793). * Mon Dec 15 2008 anschneider@suse.de - Update to 3.3.0rc2. + Splitting of library directory into library directory and separate modules directory. + Extended Cluster support. + Simplified idmap configuration. + New idmap backends "adex" and "hash". + Added new parameter "winbind reconnect delay". + Added support for user and group aliasing. + Added support for multiple domains to idmap_ad. + The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. + The 'net' utility can now use kerberos for joining and authentication. + The 'wbinfo' utility can now add, modify and remove identity mapping entries. + NetApi library implements various new calls for User- and Group Account Management. * Fri Dec 12 2008 lmuelle@suse.de - Fix all remaining conditional macro calls; (bnc#456469). * Fri Dec 12 2008 anschneider@suse.de - Add IPv6 support for mount.cifs. * Wed Dec 10 2008 lmuelle@suse.de - Update to 3.2.6. + Fix potential segfault in vfs_tsmsm. + Don't list the domain twice when expanding internal aliases. + Fix the output of "getent group" when "winbind use default domain = yes" with "security = ads". + Add domain prefix to username in lookup_groupmem(). + Prevent negative GM/ cache entries due to broken connections. + Fix crash in sync_eventlog_params(). + Fix timeouts when calling 'getgrent'. + BUG 1254: Fix "write list" in setups using "security = share". + BUG 5080: Fix access to cups-printers with cups 1.3.4. + BUG 5737: Fix Winbind crash in an unusual failure mode; (bnc#416598). + BUG 5783: Fix FindFirst where search pattern equals the mangled filename. + BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file disposition. + BUG 5797: Fix moving of readonly files. + BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain". + BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. + BUG 5825: Fix account locking with LDAP backend. + BUG 5826: Fix truncated filenames when accessing old servers. + BUG 5889: Fix "delete veto files = no". + BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog list". + BUG 5900: Fix vfs_readonly. + BUG 5903: Fix vfs_streams_xattr breaking contents of files. + BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo() request. + BUG 5914: Fix build failure: redefinition of struct name_list. + BUG 5937: Fix filenames with "*" char hiding other files. + BUG 5953: Fix smbclient crashes. + Fix rename_open_files. + Restructure VFS SMB traffic analyzer VFS module. + Correctly fix smbclient to terminate on eof from server. + Unify access checks for lsa server functions. + Remove the requirement for ldap call made as root. + Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles. + Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>. + Fix Coverity IDs 456, 574, 592, 606 and 607. + Fix net rpc vampire. + Use the same prerequisite for DDNS update as Windows XP. + Make "lwinet ads dns register" honor the "interfaces" parameter. + Fix extended DN parse error when AD object does not have a SID. + BUG 5888: Fix PNP_GetHwProfInfo(). + BUG 5957: Do not abort rename process on valid rename script. + BUG 5898: Fix 'net rpc shutdown'. + Fix duplicate installation of cifs.upcall. + Fix _srvsvc_NetShareAdd segfault. + Ensure consistency when reporting password complexity. + Fix _lsa_GetUserName. + Fix access check in _samr_QuerySecurity(). + _samr_DeleteUser needs to wipe out the user_handle on success. + NetGroupEnum_r needs to handle servers with no groups. + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. + BUG 5908: Fix internal change notify on shared directory. + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share. + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support and GPFS. + Add new VFS module to analyze SMB traffic + BUG 5928: Fix 'testparm --version'. + Have uppercase_string return success on NULL pointer in mount.cifs. + Make mount.cifs return codes match the return codes for /bin/mount. + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs. + BUG 5778: Check if strlcpy and strlcat are already defined. + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy. + Fix a potential NULL deref in found by the IBM Checker. + Fix an uninitialized variable found by the IBM Checker. + Fix an unlikely memleak found by the IBM Checker. + Fix some missing error handlings. + Add workaround for domain joins using a netbios name which is different from the hostname. + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a non-encrypted packet with the crypto state set. + Fix trans2findfirst for the large directory optimization. + Fix checking for presence of cups-devel and correct cups-devel test for HAVE_IPRINT. + BUG 5805: Don't close stdout when calling setup_logging multiple times. + Fix setting of trust password using 'net rpc trustdom add'. + Fix several issues in vfs_streams_xattr and vfs_stream_depot. + Return an error instead of crashing when no realm is given (trigerred by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and "disable netbios = yes"). + Fix the new vfs_smb_traffic_analyzer build for static links. + BUG 5901: Fix default for streams_depot location. + Fix several build warnings. + Delete the krb5 ccname variable from the PAM environment if set. + Fix circular dependency error with autoconf 2.6.3. + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at compile time rather than install time. + BUG 5906: Fix Winbind crash when calling 'getent group'. + Fix logging to syslog. + Allow SYSLOG_FACILITY to be modified with a new configure option called - -with-syslog-facility. + BUG 5909: Fix MS-DFS on Vista clients. + BUG 5944: Fix starting of nmbd with "socket address" set to "". + Fix segfault on startup with trusted domains. + Re-add "winbind:ignore domains" parameter. + Avoid freeing fsp twice when opening new_file fails (Debian #431696). * Wed Dec 10 2008 anschneider@suse.de - Fix the conditional macro to start smbfs by default; (bnc#456469). * Wed Dec 03 2008 anschneider@suse.de - Readd libsmbclient to baselibs.conf for pre 11.0 distributions. * Wed Dec 03 2008 anschneider@suse.de - Use %__install macro to install files with the right permissions instead of cp. * Mon Dec 01 2008 anschneider@suse.de - Update to 3.3.0rc1. + Splitting of library directory into library directory and separate modules directory. + Extended Cluster support. + Simplified idmap configuration. + New idmap backends "adex" and "hash". + Added new parameter "winbind reconnect delay". + Added support for user and group aliasing. + The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. + The 'net' utility can now use kerberos for joining and authentication. + The 'wbinfo' utility can now add, modify and remove identity mapping entries. + NetApi library implements various new calls for User- and Group Account Management. - Added German translation for pam_winbind. * Mon Dec 01 2008 boyang@suse.de - Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher. * Sun Nov 30 2008 lmuelle@suse.de - Use %{NET_CFGDIR} define instead of a fixed path to the network conf. * Sat Nov 29 2008 lmuelle@suse.de - Update to 3.2.5. + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients; CVE-2008-4314; (bnc#446971). * Thu Nov 27 2008 ro@suse.de - Update baselibs.conf. * Thu Nov 27 2008 anschneider@suse.de - Fix circular dependency error with autoconf 2.6.3. * Thu Nov 27 2008 anschneider@suse.de - Fix the dhcp hook script and support CODE11; (bnc#442335). * Thu Nov 27 2008 anschneider@suse.de - Fix perl v5.10 warnings in nmbstatus; (bnc#448225). * Wed Nov 26 2008 sjayaraman@suse.de - Include the missing spec file change mentioned the previous commit. * Tue Nov 25 2008 sjayaraman@suse.de - Make cifs-mount depend on keyutils, keyutils-libs packages as they are required to support dfs and kerberos; (bnc#432494). * Thu Nov 20 2008 lmuelle@suse.de - Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971). * Thu Nov 20 2008 hhetter@suse.de - Change the runlevel description for winbindd to use "Microsoft Windows" instead of "NT"; (bnc#446154). * Tue Nov 11 2008 boyang@suse.de - Directory/Filenames get truncated when 3.2.0 client acesses old server; (bnc#432471). * Thu Nov 06 2008 anschneider@suse.de - Add SuSEfirewall2 services config file to open Netbios and Samba ports on post-10.2 systems; (bnc#247344). * Wed Oct 29 2008 anschneider@suse.de - Remove unrecognized configure options. * Fri Oct 24 2008 anschneider@suse.de - Fix the pam_winbind build. * Tue Oct 21 2008 anschneider@suse.de - Delete the krb5 ccname variable from the PAM environment if set. * Thu Oct 16 2008 anschneider@suse.de - Move the nss_info modules to the samba-winbind package. * Thu Oct 16 2008 anschneider@suse.de - Activate the idmap backends "adex" and "hash". * Thu Oct 16 2008 anschneider@suse.de - Add version branding for CODE 11. * Wed Oct 15 2008 anschneider@suse.de - Restart smbfs even with the traditional network setup; (bnc#425058). * Fri Oct 03 2008 lmuelle@suse.de - Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro if available. * Fri Oct 03 2008 lmuelle@suse.de - Only call the fillup_and_insserv or fillup_only macro if available. * Fri Oct 03 2008 lmuelle@suse.de - Use package names instead of macros for cp, mkdir, mv, rm, and grep or instead of the full path to the binary for ln, find and xargs. * Thu Oct 02 2008 lmuelle@suse.de - Introduce NET_CFGDIR to fit the needs for a differing location of the network configuration per vendor. * Thu Oct 02 2008 lmuelle@suse.de - Use path macros for cp, mkdir, mv, rm, and grep. * Thu Oct 02 2008 lmuelle@suse.de - Only use SUSE rpm macros and SuSEconfig.permissions if available. * Thu Oct 02 2008 lmuelle@suse.de - Update to 3.3.0pre2. + BUG 5729: Explicitly allow "-valid". + BUG 5737: Fix winbindd crash in an unusual failure mode; (bnc#416598). + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. + BUG 5762: Fix opening of mangled directory name (resulted 'is a stream name'). + BUG 5783: Fix FindFirst where search pattern == mangled filename. + BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file disposition. + BUG 5797: Fix moving of readonly files. + Fix crashes when looking up a non-existant uid. + Fix getting/setting of NT ACLs on a file. + Fix the wcache_invalidate_samlogon calls. + Clarify usage of "force create mode". + Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid mappings. + Write times code update. + Add experimental version of VFS module acl_xattr. + Fix rename_open_files. + Make SMB traffic analyzer VFS module more efficient. + Fix segfault when calling nss_get_info() with a NULL ads structure. + Add support for name aliasing in Winbind. + Add the idmap/nss-info provider from Likewise Open. + Allow an admin to define the "uid" attribute for a RFC2307 user object in AD to be the username alias. + Add new idmap backend "adex" to support RFC2307 enabled AD forests. + Add new idmap backend "hash". + Fix build warnings. + Cleanup of DC enumeration in get_dcs(). + BUG 5710: Fix changing of machine account passwords. + BUG 5784: Fix pam_winbind build issue on Solaris. + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. + Fix double installation of cifs.upcall. + Add change-user-password command to wbinfo. + Fix segfault in _srvsvc_NetShareAdd. + BUG 5736: Fix Winbind crash bug with trusted domains. + Correct the netsamlogon_clear_cached_user function. + Add new VFS module to analyze SMB traffic to record write and read operations on the Samba server. + Fix build warnings in cifs.upcall. + BUG 5707: Do proper error handling if the socket is closed. + BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined. + Fix Coverity IDs 587 and 589. + Increase the default positive idmap cache time to a week. + Fix calculation of useable_space for trans2 and nttrans replies. + Add mapping of generic bits when setting an NFSv4 ACL. + Some write time fixes. + Add new parameter "cups connection timeout". + Fix enumeration of nested group memberships in Winbind. This affected only setups using "security = ads". + Fix cut and paste error in quota code. + Fix display of POSIX ACLs. + Fix permissions of group_mapping.ldb (CVE-2008-3789); (bnc#420634). + Avoid a race condition in glibc between AIO and setresuid(). + Add missing become root for AIO operations. + Fix an errno handling bug that could lead to an infinite loop. + Fix logic of tsmsm_sendfile(). + Fix handling of arbitrary new PAC types. + Fix segfault on startup with trusted domains. + Fix segfault on the CTDB destructor code. + Re-add "winbind:ignore domains". + BUG 5609: Remove configure option "--with-libdir" and add "--with-modulesdir". + Extend "net rpc vampire keytab" to support differential replication and storing of kerberos keys. + Rework internal logic of registry tdb code. + Freeze autogenerated prototype headers (good bye "make proto"). + Add new "winbind reconnect delay" parameter. + Make the change to smbcontrol for "all" to mean broadcast, and "smbd" to mean the main smb daemon. + Allow an admin to define the "uid" attribute for a RFC2307 user object in AD to be the username alias. + Add "net rpc vampire keytab" and "net rpc vampire ldif". + Rework of the Winbind idmap backend. * Wed Oct 01 2008 lmuelle@suse.de - Define PAM_AUTHTOK_RECOVERY_ERR when not available on older Linux products. * Mon Sep 29 2008 lmuelle@suse.de - Adopt samba-vscan to build after the change to the bool type define. * Mon Sep 22 2008 lmuelle@suse.de - Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too. * Sat Sep 20 2008 lmuelle@suse.de - Call mkinitrd_setup during %post and %postun for post-9.2 systems only. * Thu Sep 18 2008 anschneider@suse.de - Create a link to the html manpages so that they can be accesses in swat; (bnc#426182). * Tue Sep 09 2008 jmcdonough@suse.de - "Password last set" timestamp update from admin pw change; (bnc#420407). * Wed Sep 03 2008 hare@suse.de - Call mkinitrd_setup during %post and %postun for package cifs-mount; (bnc#413709). * Wed Aug 27 2008 lmuelle@suse.de - Update to 3.3.0pre1. + Splitting of library directory into library directory and separate modules directory. + Extended Cluster support. + Simplyfied idmap configuration. + Added new parameter "winbind reconnect delay". + The destination "all" of smbcontrol does now affect all running daemons including nmbd and winbindd. + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. * Wed Aug 27 2008 lmuelle@suse.de - Update to 3.2.3. + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789; (bnc#420634). * Tue Aug 19 2008 lmuelle@suse.de - Update to 3.2.2. + BUG 5592: Fix creation and installation of shared libraries. + Fix replacement of random seed generator. + Fix a race condition in idmap_tdb2_allocate_id(). + Fix unix_convert() for "*" after changing map_nt_error_from_unix(). + Make sure to always set errno on error path in OpenDir. + BUG 5675: Fix smbspool program assuming Kerberos authentication by mistake. + BUG 5686: Fix segfaults in libsmbclient. + BUG 5692: Fix coredump in full_audit.so. + BUG 5696: Fix "force group" in setups using Winbind. + Rename cifs.spnego to cifs.upcall. + Fix segfault in cifs.upcall when it is called without any arguments. + Fix coverity ID 594 (resource leak on error path). + Fix assigning of primary group memberships when authenticating via Winbind. + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba shares. + Include stdlib.h to get a prototype for free(). + Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c. + Use NGROUPS_MAX instead of 32 for the max group value in rep_initgroups(). + Add add c++ guard to netapi. + Fix compile warning in cifs.upcall. + Add "dns_resolver" key type to cifs.upcall. + BUG 5688: Fix orphaned LPQ processes if socket address is invalid. + BUG 5684: Fix removal of dead records in tdb files. + Fix coverity IDs 595, 596. + Fix smb_len calculation for chained requests. + Fix output of test status. + Fix smbclient connections to older servers. + Fix a fd leak when trying to regain contact to a domain controller in Winbind. + Fix permissions on ctdb databases. + Fix passing back success when a function had in fact failed in two places. - Add --enable-static to the configure options to get the statical libraries installed by the install Makefile target. - Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems. * Thu Aug 14 2008 lmuelle@suse.de - Set Required- and Should-Stop in the init info part of all init scripts. * Thu Aug 14 2008 jmcdonough@suse.de - Fix libsmbclient to older servers; (bnc#402776). * Tue Aug 05 2008 lmuelle@suse.de - Update to 3.2.1. + BUG 5594: Fix "make test" by adding and using a new testparm switch "--skip-logic-checks". + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a. + Update the section about net conf in the net(8) manpage. + Improve processing of registry shares. + Fix listing of registry shares with testparm. + Fix several build issues. + BUG 5578: Fix error from strlcat. + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT. + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + Remove worrying warning message when safe_strcpy tries to copy a pseaudo interface name that's too long. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. + Fix bug creating files using DOS clients with mixed case files. + Fix uninitialized variable. + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. + BUG 5570: Fix bogus error message during AD domain join. + Fix trusted domain handling in Winbindd. + Fix build warning. + BUG 5202: Fix setting of ACEs for users/groups with write access in setups with 'dos filemode = yes'. + Re-activate 'acl group control' parameter and make it only apply to owning group. + Make ntimes function more like POSIX and allow NULL arg. + BUG 5512: Fix alignment problems on sparc. + BUG 5616: Fix share connections in setups with "server signing = mandatory" or SMB signing set on the client side. + Fix a race condition in Winbind leading to a crash. + Fix a segfault in base64_encode_data_blob. + Fix some uninitialized variable references via ndr_print. + Fix error message if trying to join with a non-privileged user. + Fix setups using "include = registry" without [global] settings in the registry. + Fix "net sam rights" on domain member servers. + Add documentation for the vfs streams modules. + Cleanup some duplicate code by passing the password to the wbinfo_auth* functions. + Allow SID with 0 in subauthority to be converted properly. + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage. + Fix realpath() check so that it doesn't generate a core() when it fails. + Fix overwriting of winbind logfiles. + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic. + Add broadcasting of the debug message to all winbindd children. + BUG 5635: Fix updating of printer queues. + Release still reachable memory if the smbclient context is freed. + Remove trailing withespace from wbinfo -m which breaks gdm auth. + BUG 5540: Fix "set primary group script" user option substitution. + Fix regression in Winbindd offline mode. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Allow %u parameters for print job username. * Tue Jul 29 2008 anschneider@suse.de - Fix a race condition in winbind leading to a crash; (bnc#406623). * Mon Jul 28 2008 anschneider@suse.de - Use the configure option to enable debugging. This fixes the creation of the debuginfo and debugsource package. * Sun Jul 27 2008 anschneider@suse.de - Fix emptying the printing queue; (bnc#411493). * Fri Jul 25 2008 anschneider@suse.de - Remove trailing withespace from wbinfo -m which breaks gdm auth. * Thu Jul 24 2008 anschneider@suse.de - Add a recommendation to the samba and samba-winbind package to install logrotate for openSUSE 11.0 and later. * Wed Jul 23 2008 hare@suse.de - Include mkinitrd scriptlets. * Mon Jul 21 2008 boyang@suse.de - Allow %u parameters for print job username - use advanced sub; (bnc#374389). * Thu Jul 17 2008 lmuelle@suse.de - Update to 3.0.31. + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not remove the unix domain socket used to field client requests. + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend. + When allocating client buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. + Memory leak fixes in DC location code. + BUG 5533: Winbindd fails to cope correctly with a workgroup name containing a '.' + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine account logon. + BUG 5551: smbd recursing back into winbindd from a winbindd call. + Fix usage message for "net rpc trustdom add". + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd. + BUG 5578: Bad (non-Samba) use of strlcat gives error. + Canonicalize servername in the printer functions to remove leading '\\' characters. + Documentation build fixes. + [DOCS] Fix use of smbconfoption in samba.entities. + Return NULL in sitename_fetch() if gencache_init() fails. + Use machine account and machine password from our domain when contacting trusted domains. + SPNEGO SPN fix when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix joining NT4 domains. + Don't let winbind getgroups crash when we have no gids in the token. + Fallback to level 24 pwd set while joining. + Fix joining w2k domains in "security = ads". + Fix pam_sm_chauthtok for storing modified cached creds. + BUG 5202: Re-activate "acl group control" parameter and make it only apply to owning group. + BUG 5531: Fix conversion of ns units when converting from nttime to timespec. + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient. + Fix a segfault in base64_encode_data_blob. + AIX build fixes. + ENODATA is not defined in freeBSD 4.6.2. + Don't reset password last set time just because the expired flag is set to 0. + Fix usage message for 'net idmap dump'. + Miscellaneous man page fixes. + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd. + Fixes to man pages. + Add tdb file documentation. + Ensure that winbindd trusted domain children keep primary domain online status up to date. + Update cached creds during password change. + Ensure that Winbind always uses set_domain_offline() to mark a domain offline. + Allow authentication and memory credential refresh after password change from gdm/xdm. + Memory leak fixes. * Tue Jul 08 2008 boyang@suse.de - Allow authentication and memory credential refresh after password change from gdm/xdm; [bnc#395578]. * Fri Jul 04 2008 lmuelle@suse.de - Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h. * Wed Jul 02 2008 lmuelle@suse.de - Call the libsmbclient testsuite from the %check instead of the %build script. * Wed Jul 02 2008 boyang@suse.de - Use machine account and machine password from our domain when contacting trusted domains; [bnc#404667]. * Tue Jul 01 2008 anschneider@suse.de - Add a %check section move the test of the PAM modules to this section and add more tests. * Tue Jul 01 2008 anschneider@suse.de - Add a recommendation to the samba and samba-winbind package to install cron for openSUSE 11.0 and later. * Tue Jul 01 2008 anschneider@suse.de - Use a variable for syslog and add missing $remote_fs dependency for Require-Start in the init information of the init scripts. * Tue Jul 01 2008 lmuelle@suse.de - Update to 3.2.0. + Support for establishing interdomain trust relationships with Windows 2008. + All changes from the pre and rc releases as noted in here earlier. * Tue Jul 01 2008 lmuelle@suse.de - Move header files from the devel sub package to lib*-devel. * Mon Jun 30 2008 schwab@suse.de - Work around bad use of autoconf interna. * Mon Jun 30 2008 anschneider@suse.de - Build Samba with debug symbols to get working debuginfo packages. * Thu Jun 26 2008 lmuelle@suse.de - Add /etc/openldap to the file list and not only the schema directory. * Wed Jun 25 2008 anschneider@suse.de - Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster booting; [fate#304967], [fate#304965]. * Wed Jun 18 2008 anschneider@suse.de - Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to 'Network/DHCP/DHCP client'; [bnc#400467]. * Wed Jun 11 2008 boyang@suse.de - pam_winbind: Update cached creds during password change; [bnc#395578]. * Tue Jun 10 2008 lmuelle@suse.de - Update to 3.2.0rc2. + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. + Make sure we take account of the large read/write SMB headers as well as the buffer space when allocating cli buffers for large read/write. + Fix tag as a goto target we were not reinitializing the array counts. + BUG 5451: Fix for using the correct machine domain when looking up trust credentials in our tdb. + Fix spnego SPN when contacting trusted domains. + BUG 5285: Fix libcap header mismatch. + Fix pam_sm_chauthtok for storing modified cached creds. + Fix joining issue in setups with "config backend = registry". + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting for TCP connection timeouts if no LDAP server is available. + BUG 5502: Fix security=server. + Fix coverity IDs 552, 553, 570, 571, 572. + Shrink ldbtools. + Fix reset of password last set time just because the expired flag is set to 0. + Remove support for symbol versioning in shared libraries. + Fix autogen for autoconf 2.62. + BUG 5515: Fix empty input fields in SWAT. + BUG 5516: Fix saving of the config file in SWAT. + Fix winbindd trusted domain child not keeping primary domain online status up to date. * Tue Jun 10 2008 boyang@suse.de - pam_winbind: fix pam_sm_chauthtok for storing modified cached creds; [bnc#395578]. * Mon Jun 09 2008 jmcdonough@suse.de - Don't reset "password last set time" when unlocking an autolocked account; [bnc#382111]. * Fri Jun 06 2008 jmcdonough@suse.de - Fix winbind sigterm handling and make init script send sighup to all child winbind processes; [bnc#382027]. * Thu Jun 05 2008 boyang@suse.de - Fix bug with winbindd trusted domain child not keeping primary domain online status up to date, merge to trunk from reversion 1801; [bnc#373560]. * Fri May 30 2008 jmcdonough@suse.de - Make winbind children reopen logs on SIGHUP; [bnc#382027]. * Fri May 30 2008 lmuelle@suse.de - Set only CONFIGDIR and LIBDIR while make everything and install. No longer set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877]. * Wed May 28 2008 lmuelle@suse.de - Update to 3.0.30. + Fix for CVE-2008-1105. + Remove man pages for ldb tools not included in Samba 3.0. * Wed May 28 2008 lmuelle@suse.de - Fix vulnerability that allows for the execution of arbitrary code in smbd; CVE-2008-1105; SA30228; [#391168]. * Tue May 27 2008 coolo@suse.de - Follow the rename of libtdb0 in baselibs.conf. * Fri May 23 2008 lmuelle@suse.de - Rename sub package libtdb0 to libtdb1. * Fri May 23 2008 lmuelle@suse.de - Update to 3.2.0rc1. + Move the posix pending close functionality down into the VFS layer. + Fix activation of registry globals in loadparm. + BUG 5452: Fix smbclient put. + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. + BUG 5456: Fix missing echo if we ^C at the prompt. + BUG 5464: Fix timeout in winbindd. + Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. + Use more error-prone form of testing dm_destroy_session() return code. + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. + Fix wins null pointer crash in nss_wins module. + Fix lm session key length in _netr_LogonSamLogon. + Add -f switch for DsGetDCName() example and be more verbose on output. + BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users} + Fix the DNS Update option of "net ads join". + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). + Recognize and allow longer UA keys in winbindd_cache. + BUG 5436: Fix signing problem in the client with transs requests. + Fix a valgrind bug in the new [ug]id2sid cache. + Fix Coverity IDs 565 and 222. + Fix dfs_Enum: In form_junctions, correctly check for malloc failure. + Add support for symbol versioning in shared libraries (can be disabled with - -disable-sysmbol-versioning). + Add new function wbcLibraryDetails() to libwbclient. + Cleanup size_t return values in convert_string_allocate. + Fix Kerberos support for CUPS 1.3 in smbspool. + Fix printing with Vista. + Fix deletion of files when they're in use by other drivers. * Fri May 23 2008 lmuelle@suse.de - Update to 3.0.29. + Fix a crash in tdb_wrap_log(). + BUG 5267: Fix for nmbd termination problems when no interfaces found. + BUG 5326: OS/2 servers give strange "high word" replies for print jobs. + Remove MS-DFS check that required the target host be ourself. + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. + BUG 5095: Fix the enforcement of the "Manage Documents" access right. + BUG 5460: Fix MS-DFS referral problem in server code. + Fix bug in Winbind that caused the parent to ignore dead children. + BUG 4235: Improve compliance to the Squid helper protocol. Original patch from Pawel Worach <pawel.worach@gmail.com>. + Prevent cycle in Wibind's list of children when reaping dead processes. + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. + Fix client connections and negotiation with Windows 2008 DCs in member server code. + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). + Re-add samr getdispinfoindex parsing which got lost in the glue commit. + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. + BUG 4901: Fix behavior of "ldap passwd sync = only". + BUG 5317: Fix debug output from domain_client_validate(). + BUG 5338: Fix format string bug in rpcclient. + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. + BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. + Fix signing problem in the client with trans requests. + Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. + Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. + Fix trusted users on a DC that uses the old idmap syntax. + Only have Winbind cache domain password policies that were successfully retrieved. + Fix alignment bug when marshalling printer data replies. + Fix DeleteDriverDriverEx() checks to prevent removing in use files. * Sat May 17 2008 lmuelle@suse.de - Expand baselibs.conf to match pre SUSE 11.0 products. * Fri May 16 2008 lmuelle@suse.de - Remove obsoletes and provides <package>3 for all packages and systems. * Fri May 16 2008 lmuelle@suse.de - Cleanup the use of the suse_version macro to achieve consistent defaults. * Fri May 16 2008 lmuelle@suse.de - Set CODEPAGEDIR while make to fit the install location. * Fri May 16 2008 hhetter@suse.de - Prevent errors during the cache validation when ua keys reach a size larger than 1024; [bnc#372558]. * Wed May 14 2008 lmuelle@suse.de - Package man page files independent of the used compression method (gz,lzma). * Wed May 14 2008 lmuelle@suse.de - Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva in the OBS too. * Wed May 14 2008 anschneider@suse.de - Add a script to restart smbfs if NetworkMangaer gets an IP address; [bnc#373075]. * Tue May 13 2008 lmuelle@suse.de - Remove all references to the obsoleted samba-pdb package. * Fri May 09 2008 lmuelle@suse.de - Compose the BuildRequires in a more flexible way to fit the openSUSE build service (OBS) requirements to support different operating system targets. * Mon Apr 28 2008 lmuelle@suse.de - Use _libdir macro instead of a local define of LIBDIR. * Mon Apr 28 2008 lmuelle@suse.de - Remove PreReq /sbin/ldconfig from the libtdb-devel package. * Sat Apr 26 2008 lmuelle@suse.de - Install the shared libraries with the same name as used as soname. * Fri Apr 25 2008 lmuelle@suse.de - Update to 3.2.0pre3. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Support for IPv6 in the server, and client tools and libraries. + Support for storing alternate data streams in xattrs. + Encrypted SMB transport in client tools and libraries, and server. + Support for Vista clients authenticating via Kerberos. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New LGPL Winbind client library (libwbclient.so). + New NetApi library for domain join related queries (libnetapi.so) and example GTK+ Domain join gui. + New client and server support for remotely joining and unjoining Domains. + Support for joining into Windows 2008 domains. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTML version of the 3rd edition of "Using Samba" from O'Reilly Publishing. * Fri Apr 25 2008 lmuelle@suse.de - Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf. * Fri Apr 25 2008 lmuelle@suse.de - Remove obsoletes and provides samba3 for post 10.3 systems. * Fri Apr 25 2008 lmuelle@suse.de - Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems. * Wed Apr 23 2008 lmuelle@suse.de - Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the shared library packaging policy for post 10.3 systems. * Tue Apr 22 2008 jmcdonough@suse.de - Update kdc dns-only lookup patch to IPv6. * Thu Apr 17 2008 lmuelle@suse.de - Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym links in /sbin/; [bnc#380693]. * Thu Apr 17 2008 anschneider@suse.de - Enable the build of vfs_cacheprime and vfs_readahead modules. * Mon Apr 14 2008 lmuelle@suse.de - Update to 3.2.0pre2. + Add library for access to the registry configuration data. + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. + BUG 4308: Fix Excel save operation ACL bug. + BUG 4801: Correctly implement LSA lookup levels for LookupNames. + Add new option "debug class" to control printing of the debug class. + Enable building of the zfsacl and notify_fam vfs modules. + BUG 5083: Fix memleak in solarisacl module. + BUG 5063: Fix build on RHEL5. + New smb.conf parameter "config backend = registry" to enable registry only configuration. + Added support for IPv6 client and server connections. + Remove unused utilities: smbctool and rpctorture. + Fix service principal detection to match Windows Vista (based on work from Andreas Schneider). + Encrypted SMB transport in client tools and libraries, and server. + Added support for an SMB_CONF_PATH environment variable containing the path to smb.conf. + Various fixes to ntlm_auth. + Correctly handle mixed-case hostnames in NTLMv2 authentication. + Add Winbind client library. + Enhance client and server remote registry access. + Add client calls for remotely joining a computer to a domain (including calls from "net dom" command). + Add libnetapi.so library for joining domains including sample GTK+ app. + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC. + Various fixes for DsGetDcName and conversion to IDL based structures. + Add ads_get_joinable_ous() to libads to get list of joinable ous. + Add get_logon_hours_from_pdb() to comply with new IDL based structures. + Migration of the entire client and server DCE/RPC code to IDL based structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON. + Started migration of client and server DCE/RPC code to IDL based structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG. + Use IDL and autogenerated code for samlogoncache and Kerberos PAC handling. + Add remote join/unjoin server-side implementation. + Import the Linux red-black tree implementation. + Support for storing xattrs in tdb files. + Support for storing alternate data streams in xattrs. + Implement a generic in-memory cache based on rb-trees. + Speed up the smbclient "get" command. + Add the aio_fork module. + Modified libsmbclient API for more easily maintaining ABI compatibility while adding new features to libsmbclient. + Refactor Winbind internal parent-child interface tables to achieve better unit testing support. + Networking fixes to the libreplace library. + Add support for DNS Service Discovery. Based on work from Rishi Srivatsavai <rishisv@gmail.com>. + Don't restart winbind if a corrupted tdb is found during initialization. + Add share parameter "administrative share". + Improve error messages of net subcommands. + Add 'net rap file user'. + Change LDAP search filter to find machine accounts which are not located in the user suffix. + Remove smbmount. + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of a file. + Register the smb service with mDNS if mDNS is supported. + Add smbclient support for basic mDNS browsing. + Fix padding between Winbind 32bit/64bit client library in the request/ response structures. + Added a syncops VFS module for file systems which do not guarantee meta-data operations are immediately committed to disk in stable form. + Additional portability support for building shared libraries. + Get Samba version or capability information from Windows user space. - Add new sub packages libnetapi0, libnetapi-devel, libtalloc1, libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel. * Mon Apr 14 2008 anschneider@suse.de - Fix build with glibc 2.8. * Thu Apr 10 2008 ro@suse.de - Added baselibs.conf file to build xxbit packages for multilib support for post 10.3 systems. * Thu Apr 10 2008 boyang@suse.de - Only cache password policy results that worked, otherwise we cannot login until the cache expires even if a connection to a DC has been restored; [bnc#373552]. * Tue Apr 01 2008 mkoenig@suse.de - Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem. * Tue Mar 11 2008 lmuelle@suse.de - Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200]. * Mon Mar 10 2008 lmuelle@suse.de - Update to 3.0.28a. + Failure to join Windows 2008 domains. + Windows Vista (including SP1 RC) interop issues. * Tue Mar 04 2008 lmuelle@suse.de - Rename the libsmbclient package to libsmbclient0 to follow the shared library packaging policy and remove provides libsmbclient3 for post 10.3 systems. * Fri Feb 22 2008 anschneider@suse.de - Add variable to define if a share should be an administrative share; [bnc#358841]. * Mon Feb 18 2008 jjaimon@novell.com - Fix patch errors with dcerpc and idmap_global; [bnc#280452]. * Thu Feb 07 2008 jmcd@suse.de - Fix safe_strcpy error caused by duplicate domain name fix; [bnc#356025]. * Thu Feb 07 2008 anschneider@suse.de - Fix two memleaks if num_validated_vuids exceeds its maximum; [bnc#349581]. * Fri Jan 25 2008 jmcdonough@suse.de - Fix ACL inheritance; [bnc#351570]. * Wed Jan 23 2008 anschneider@suse.de - Fix a gcc 4.3 buffer overflow warning. * Wed Jan 09 2008 boyang@novell.com - Remove duplicate domain name prepend when user SID is in winbindd cache; [#336854]. * Tue Jan 08 2008 anschneider@suse.de - Prevent winbindd from segfaulting due to corrupted cache tdb on flushing caches; [#340332]. * Thu Dec 20 2007 anschneider@suse.de - Fix kerberos authentication with Vista; [#350032]. * Wed Dec 12 2007 jmcdonough@suse.de - Update to 3.0.28. + Fix send_mailslot overflow: CVE-2007-6015; [#343702]. * Wed Nov 28 2007 jmcdonough@suse.de - Additional cases and problems caused by fix for CVE-2007-4572; [#337823]. * Mon Nov 26 2007 jmcdonough@suse.de - Fix send_mailslot overflow: CVE-2007-6015; [#343702]. * Fri Nov 23 2007 hhetter@suse.de - Added default printing system information to README.vendor; [#113759]. * Fri Nov 16 2007 lmuelle@suse.de - Add missing define of AI_ADDRCONFIG for systems with older glibc versions. * Thu Nov 15 2007 lmuelle@suse.de - Update to 3.0.27. + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572; [#326261]. + Remote code execution in Samba's WINS server daemon (nmbd) whe processing name registration followed name query requests; CVE-2007-5398; [#337823]. * Thu Nov 15 2007 anschneider@suse.de - Change the spec file to get debug packages again. * Wed Nov 14 2007 jmcdonough@suse.de - Additional case for overflow: CVE-2007-4572; [#326261]. * Thu Nov 08 2007 jmcdonough@suse.de - Fix process_logon_packet overflow; CVE-2007-4572; [#326261]. * Wed Nov 07 2007 jmcdonough@suse.de - Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823]. * Tue Oct 30 2007 jmcdonough@suse.de - Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854]. * Tue Oct 30 2007 jmcdonough@suse.de - Fix the alignment of 32 and 64-bit winbind requests; [#331754]. * Fri Oct 12 2007 lmuelle@suse.de - Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0 systems; [#289599], fate [#302668]. * Tue Oct 09 2007 anschneider@suse.de - Fix possible segfault in winbind which could be caused by uninitialized variables; [#253862c223]. * Fri Oct 05 2007 jmcdonough@suse.de - Use FQDN in KDC DNS lookup; [#295284]. * Wed Oct 03 2007 lmuelle@suse.de - Update to 3.2.0pre1. + Use of IDL generated parsing layer for several DCE/RPC interfaces. + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS. + Introduction of a registry based configuration system. + Improved CIFS Unix Extensions support. + Experimental support for file serving clusters. + Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts + Support for userPrincipalName logons via pam_winbind and NSS lookups. + Support in pam_winbind for logging on using the userPrincipalName. + Expansion of nested domain groups via NSS calls. + Support for Active Directory LDAP Signing policy. + New ldb backend for local group mapping tables + Raised level of security defaults for authentication operations. + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from O'Reilly Publishing. - Update samba-vscan to 0.3.6c-beta5. - Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't apply to Samba 3.2. * Wed Oct 03 2007 jmcdonough@suse.de - Make nss_winbind thread-safe; [#293907, #329796]. * Wed Oct 03 2007 jmcdonough@suse.de - Perform KDC lookup using DNS only; [#295284]. * Wed Sep 26 2007 anschneider@suse.de - Handle smb child crash; [#294895]. * Tue Sep 25 2007 lmuelle@suse.de - Add a global lock inside nss_winbind as workaround; [#293907]. * Thu Sep 20 2007 lmuelle@suse.de - Merge ranged retrieval optimization to winbindd. * Wed Sep 19 2007 lmuelle@suse.de - Update to 3.0.26a. + Memory leaks in Winbind's IDMap manager. - Update to 3.0.26. + Incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin; CVE-2007-4138; [#307623]. * Fri Sep 07 2007 lmuelle@suse.de - Fix two memleaks in idmap_cache.c; bso [#4917]. - Correct failure of libsmbclient against a version of Windows. - Make read_sock return the total number of bytes read instead. - Fix error in enum_dom_groups. - Fix logic error in timeout of blocking lock processing. - Add parameter "directory name cache size". - Fix use of pwrite in tdb code. * Thu Aug 30 2007 lmuelle@suse.de - Also ensure to initialize ip_srv_site and count_site even if we are not on site; [#230963#c124]. - Use an off site DC if we're not online and talking to the KDC of our domain; [#230963#c106]. * Wed Aug 22 2007 anschneider@suse.de - Fix a bug where samba writes the wrong default value of max_passwd_expire to an LDAP server; [#298469]. * Tue Aug 21 2007 lmuelle@suse.de - Fix if statements where we still expected cli_connect() to return BOOL. * Tue Aug 21 2007 lmuelle@suse.de - Update to 3.0.25c. + File sharing with Widows 9x clients. + Winbind running out of file descriptors due to stalled child processes. + MS-DFS inter-operability issues. * Tue Jul 24 2007 anschneider@suse.de - Update the cache tdb validation patch which improves the backup handling trying to end up with a useable cache tdb. This applies mostly to the situation that disk space is short; [#256166c82]. * Thu Jul 19 2007 anschneider@suse.de - Update the cache tdb validation patch to support backup and corrupted file handling; [#256166c77]. * Wed Jul 11 2007 anschneider@suse.de - Fix a bug that causes smbd to 'hang' intermittently; [#289599]. * Tue Jul 10 2007 lmuelle@suse.de - Fix event based krb5 ticket refreshing in winbindd. * Fri Jul 06 2007 lmuelle@suse.de - Limit the LDAP expression in lookup_usergroups_member() to security groups; [253862c209]. * Fri Jul 06 2007 lmuelle@suse.de - Don't reset the num_names counter in lookup_groupmem(); [253862c198]. * Wed Jul 04 2007 anschneider@suse.de - Make the days before the password expiry warning appears configurable in pam_winbind.conf; [#287871]. * Tue Jul 03 2007 schwab@suse.de - Don't link shared libraries of vscan with -pie. * Fri Jun 29 2007 lmuelle@suse.de - Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to 20480; [#253862c175]. * Wed Jun 27 2007 lmuelle@suse.de - Update to 3.0.25b. + Offline caching of files with Windows XP/Vista clients. + Improper cleanup of expired or invalid byte range locks on files. + Crashes is idmap_ldap and idmap_rid. * Sat Jun 23 2007 lmuelle@suse.de - Fix reply when no dfs share is configured. - Fix the DFS code to work with Vista clients; [#286937]. * Fri Jun 22 2007 lmuelle@suse.de - Migrate old if-up/down scripts to new names on update; [#283706, #285187]. * Tue Jun 19 2007 anschneider@suse.de - Introduced prefix numbering of if-up/down scripts that they get executed in the right order; [#283706, #285187]. * Tue Jun 19 2007 anschneider@suse.de - Restart nscd on winbind update to load the new libnss_winbind.so.2 library. This will not resolve every problem with nss modules; [#174589c88]. * Mon Jun 18 2007 anschneider@suse.de - Fix winbind segfaults with idmap_rid; bso [#4624]. * Thu Jun 07 2007 lmuelle@suse.de - Add missed 'c' character to the list of valid ones in escape_shell_string(); [#273611]. * Fri Jun 01 2007 lmuelle@suse.de - Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106]. * Thu May 31 2007 lmuelle@suse.de - Remove superfluous requires to samba from the devel package. * Wed May 30 2007 lmuelle@suse.de - Ensure the returned structure size from _samr_query_dispinfo() is smaller than the total size; [#203833]. * Sat May 26 2007 lmuelle@suse.de - Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan. - Install header files with 0644 instead of 0755 permissions. - Enable build of the python package. * Fri May 25 2007 anschneider@suse.de - Branch a samba-devel package for post 10.2 systems. - Install .a library files with 0644 instead of 0755 permissions. * Fri May 25 2007 lmuelle@suse.de - Update to 3.0.25a. + Missing supplementary Unix group membership when using "force·group". + Premature expiration of domain user passwords when using a·Samba domain controller. + Failure to open the Windows object picker against a server configured to use "security = domain". + Authentication failures when using security = server. * Thu May 24 2007 lmuelle@suse.de - Add %dir /usr/share/samba to the client package. - Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and smbclnt from Provides and Obsoletes of the main or client package. * Thu May 24 2007 stbinner@suse.de - Add /sbin/ldconfig to %post and %postun of libsmbsharemode. * Wed May 23 2007 lmuelle@suse.de - Update samba-vscan to 0.3.6c-beta4. * Wed May 23 2007 anschneider@suse.de - In some cases PRS_ALLOC_MEM was called with zero count; [#273613]; bso [#4637]. * Wed May 23 2007 hhetter@suse.de - Enhance the patch to the ads version of lookup_groupmem(); [#253862c89]. * Mon May 21 2007 lmuelle@suse.de - Don't use current_user to prep the security ctx in change_to_user(); [#273613]. * Mon May 21 2007 lmuelle@suse.de - Prevent winbindd segfaulting due to corrupted cache tdb; [#256166]. * Sat May 19 2007 lmuelle@suse.de - Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf. * Fri May 18 2007 lmuelle@suse.de - No longer check in the pre package scripts if swat or winbindd of version 2.2 are updated; [#273160]. * Mon May 14 2007 lmuelle@suse.de - Update to 3.0.25. + Significant improvements in the winbind off-line logon support. + Support for secure DDNS updates as part of the 'net ads join'·process. + Rewritten IdMap interface which allows for TTL based caching and·per domain backends. + New plug-in interface for the "winbind nss info" parameter. + New file change notify subsystem which is able to make use of·inotify on Linux. + Support for passing Windows security descriptors to a VFS·plug-in allowing for multiple Unix ACL implements to running side·by side on the Same server. + Improved compatibility with Windows Vista clients including·improved read performance with Linux servers. + Man pages for IdMap and VFS plug-ins. + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447. - Disable build of the python package. * Fri May 11 2007 lmuelle@suse.de - Fix heap overflows to prevent remote code execution; CVE-2007-2446; [#273613]. - Fix remote command injection vulnerability; CVE-2007-2447; [#273611]. * Tue May 08 2007 lmuelle@suse.de - Remove obsolete samba-pdb package and required packages from BuildRequires for post 10.2 systems. * Mon May 07 2007 lmuelle@suse.de - Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems. * Mon May 07 2007 lmuelle@suse.de - Remove requires on release from devel packages. * Thu May 03 2007 lmuelle@suse.de - Reduces the number of queries made to the DC in the ads version of lookup_groupmem(); [#253862]. * Thu May 03 2007 lmuelle@suse.de - Allow winbindd to take local shortcut on secondary DCs in case dce funnel directory is set; [#266853]. * Wed May 02 2007 lmuelle@suse.de - Really remove Should-Start smb in smbfs init script; [#242918]. * Wed Apr 25 2007 lmuelle@suse.de - Disable 'msdfs root' by default again; [#268004]. * Fri Apr 20 2007 lmuelle@suse.de - Build libsmbsharemodes and create libsmbsharemodes and corresponding devel package; [#264623]. * Fri Apr 20 2007 lmuelle@suse.de - Let idmap_ad search in the Global Catalog in case dce funnel directory is set; [#266049]. * Tue Apr 17 2007 lmuelle@suse.de - Allow share names with a lengths greater than 32 chars; bso [#4512]. * Tue Apr 17 2007 lmuelle@suse.de - Check the euid and call become_root() to get write access to dump a core. * Tue Apr 17 2007 lmuelle@suse.de - Add pwdutils BuildRequires for post 10.2 systems. * Mon Apr 16 2007 lmuelle@suse.de - Do not restart winbindd under any if-up circumstances; [#227942]. * Fri Apr 13 2007 lmuelle@suse.de - Replace unneeded become_root_uid_only() by refactored become_root(); CVE-2007-2444; [#262090]. * Tue Apr 03 2007 lmuelle@suse.de - Add repository version and branch to the spec file via build-source-timestamp mechanism. * Tue Apr 03 2007 lmuelle@suse.de - Allow applications to set the share mode while opening a file using libsmbclient; bso [#3684]; [#203737]. * Thu Mar 29 2007 lmuelle@suse.de - Fix for fd leak on error path in winbindd; bso [#3204], [#258737]. * Mon Mar 26 2007 rguenther@suse.de - Add gdbm-devel BuildRequires for post 10.2 systems. * Mon Mar 26 2007 lmuelle@suse.de - Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728]. * Sat Mar 17 2007 lmuelle@suse.de - Fix segfault and memleak in wb_lookup_rids(); bso [#4434]. * Mon Mar 05 2007 lmuelle@suse.de - Fixes a known bottleneck under very high load situations; [#247984]. * Mon Feb 26 2007 gd@suse.de - Avoid passdb builtin group membership calls in the DCERPC funnel patch; [#248556]. * Fri Feb 23 2007 lmuelle@suse.de - Allow pre 3.0.23 multi passdb backend configurations to work with post 3.0.22 by using the first backend only; [#245167]. * Thu Feb 22 2007 gd@suse.de - Prevent nscd crash in NSS winbind initgroups(); [#237719]. - Fix pam_winbind cached login for samba/NT4 domains; bso [#4225]. - Various pam_winbind fixes; bso [#4094, #4288]. - Fix DCERPC funnel patch; [#245278]. - Fix vista and share level security. - Fix vista variable expansion; bso [#4093]. - Fix vista DFS support; bso [#4356]. - Fix vista backup tool; bso [#4361]. - Fix vista deletion on shares; bso [#4188]. - Fix vista spoolss problems. * Tue Feb 13 2007 gd@suse.de - Fix crash bug in rpc_pipe_bind(); [#244892]. * Fri Feb 09 2007 lmuelle@suse.de - Enable DCERPC funnel patch. * Fri Feb 09 2007 gd@suse.de - Fix accumulation of expired LDAP connections when winbind in ads mode; bso [#4009]. * Wed Feb 07 2007 gd@suse.de - Fix all lp_dce_funnel_directory() callers; [#242833]. * Wed Feb 07 2007 lmuelle@suse.de - Disable broken DCERPC funnel patch; [#242833]. * Mon Feb 05 2007 lmuelle@suse.de - Update to 3.0.24. + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265]. * Thu Feb 01 2007 lmuelle@suse.de - Fix logic error in the deferred open code; CVE-2007-0452; [#240265]. * Thu Feb 01 2007 gd@suse.de - Avoid winbind event handler for internal domains. * Tue Jan 30 2007 gd@suse.de - Fix smbcontrol winbind offline; [#223418]. - Fail on offline pwd change attempts; [#223501]. - Register check_dom_handler when coming from offline mode. - Fix pam_winbind passwd changes in online mode. - Call set_domain_online in init_domain_list(). - Winbind cleanup after failure and fix crash bug. - Don't register check domain handler for all trusts. - Add separate logfile for dc-connect wb child. - Only write custom krb5 conf for own domain. - Move check domain handler to fork_domain_child. * Fri Jan 26 2007 gd@suse.de - Fix pam_winbind text string typo; [#238496]. - Support sites without DCs (automatic site coverage); [#219793]. - Fix invalid krb5 cred cache deletion; [#227782]. - Fix invalid warning in the PAM session close; - Fix DC queries for all DCs; [#230963]. - Fix sitename usage depending on realm; [#195354]. * Wed Jan 24 2007 gd@suse.de - Add DCERPC funnel patch; fate [#300768]. * Mon Jan 22 2007 gd@suse.de - Fix pam password change with w2k DCs; [#237281]. * Thu Jan 18 2007 lmuelle@suse.de - Check from the init script for SAMBA_<daemonname>_ENV variable expected to be set in /etc/sysconfig/samba to export a particular environment variable before starting a daemon. See section 'Setup a particular environment for a Samba daemon' from the README file how this feature is to use. * Mon Jan 15 2007 lmuelle@suse.de - Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files. * Thu Jan 11 2007 gd@suse.de - Fix pam_winbind grace offline logins; [#223501]. - Fix password expiry message; [#231583]. * Thu Jan 11 2007 lmuelle@suse.de - Move XML service description documents; fate [#301712]. * Wed Jan 10 2007 lmuelle@suse.de - Disable smbmnt, smbmount, and smbumount for systems newer than 10.1. * Tue Jan 09 2007 lmuelle@suse.de - Add XML service description documents; fate [#301712]. * Thu Jan 04 2007 lmuelle@suse.de - Move tdb utils to the client package. * Thu Dec 14 2006 jeallison@novell.com - Fix crash caused by deleting a message dispatch handler from inside the handler itself; [#221709]. * Fri Dec 08 2006 jeallison@novell.com - Fix delays in winbindd access when on a non-home network; [#222595]. * Wed Nov 22 2006 jeallison@novell.com - Fix client-side smb signing; [#222951]. - Fix imcomplete merge for firefox NTLM handling; [#198255]. * Mon Nov 20 2006 lmuelle@suse.de - Add IA64 and x64 printer drivers directory. * Thu Nov 16 2006 lmuelle@suse.de - Update to 3.0.23d. + Stability fixes for winbindd. * Fri Nov 03 2006 gd@suse.de - Fix ldapsmb group and unicode issues; [#143417, #216606]. - Fix net ads account management; [#217046]. - Fix libnscd usage in passdb; [#217363]. - Add the "mega patch" + Add site support for winbind; [#195354], fate [#300909]. + Add site support for net; [#211281], fate [#300909]. + Fix winbind krb5 ticket handling from offline; [#178028]. + Fix "net ads leave"; [#196771]. + Fix winbind username case handling; [#184902]. + Fix winbind name canonicalisation; [#210174]. + Fix winbind online/offline handling; [#196859]. + Add NTLM cached credential handling for firefox; [#198255], fate [#300973]. + Fix winbind groupmembership handling; [#211324]. + Fix winbind site-support handling on reconnect; [#195354]. + Fix winbind child initialization and online/offline handling; [#196859]. + Fix winbind cached credential storage; [#185053]. + Fix winbind long login delays; [#184450]. + Fix winbind crash for new AD user; [#208454]. * Thu Oct 26 2006 gd@suse.de - Fix pam_winbind overriding syslog settings; [#201756]. - Fix profilepath pam_set_data for other PAM modules; [#215707]. * Mon Oct 23 2006 gd@suse.de - Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. - Fix libsmbclient accessing NetApp; bso [#4018]. - Fix error handling in ads printer code; [#209409]. - Fix passwd pam segfault; [#211719]. - Fix crash in winbind async child. - Fix winbind failure mode for trusted domains. * Fri Oct 20 2006 jeallison@novell.com - Add realm to username if missing in net ads join; [#211706]. * Thu Oct 19 2006 lmuelle@suse.de - Move the LOCKDIR to the client sub package. * Thu Oct 12 2006 lmuelle@suse.de - Activate the libaddns. * Thu Sep 28 2006 lmuelle@suse.de - Add version of the package subversion to Samba vendor version suffix. * Fri Sep 01 2006 lmuelle@suse.de - Update to 3.0.23c. + Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. + Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. * Thu Aug 24 2006 jeallison@novell.com - Fix time value reporting in libsmbclient; [#195285]. * Tue Aug 15 2006 ro@suse.de - Remove update-messages. * Tue Aug 08 2006 jeallison@novell.com - Store and restore NT hashes as string compatible values; [#185053]. * Tue Aug 08 2006 jeallison@novell.com - Added winbindd null sid fix; [#185053]. * Tue Aug 08 2006 lmuelle@suse.de - Update to 3.0.23b. + Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". + Errors in 'net ads join' caused by bad IP address in the list of domain controllers. + SMB signing errors in the client and server code. + Domain join failures when using smbpasswd on a Samba PDC. * Wed Jul 26 2006 lmuelle@suse.de - Fix from Alison Winters of SGI to build even if make_vscan is 0. * Sat Jul 22 2006 lmuelle@suse.de - Update to 3.0.23a. + Failure to strip the domain name from groups when 'winbind use default domain = yes' + Bad token creation of local users on member servers not running winbindd. + Failure to add users or groups to ACLs using the Windows object picker. + Failure in file serving code when 'kernel oplocks = yes'. + New "createupn" option to "net ads join" + Rewritten Kerberos keytab generation when 'use kerberos keytab = yes' * Tue Jul 18 2006 lmuelle@suse.de - Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule. * Tue Jul 18 2006 lmuelle@suse.de - Fix pam config file parsing in pam_winbind; bso [#3916]. * Mon Jul 10 2006 lmuelle@suse.de - Update to 3.0.23. + Improved 'make test' + New offline mode in winbindd. + New Kerberos support for pam_winbind.so. + New handling of unmapped users and groups. + New non-root share management tools. + Improved support for local and BUILTIN groups. * Fri Jul 07 2006 gd@suse.de - Prevent potential crash in winbindd's credential cache handling; [#184450]. * Thu Jul 06 2006 lmuelle@suse.de - Fix memory exhaustion DoS; CVE-2006-3403; [#190468]. * Sun Jul 02 2006 jeallison@novell.com - Fix the munlock call, samba.org svn rev r16755 from Volker. * Fri Jun 30 2006 jeallison@novell.com - Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]. * Tue Jun 27 2006 lmuelle@suse.de - Ensure to link all required libraries to libnss_wins; [#184306]. * Sat Jun 24 2006 lmuelle@suse.de - Update to 3.0.23rc3. + Warnings from the Klocwork code analyzer. + Various portability bugs on AIX, Solaris, and True64. + Authorization problems when managing services. + Problems joining Windows clients to a Samba/LDAP domain. * Wed Jun 21 2006 jeallison@novell.com - Change log level of debug message to avaoid flodded nmbd log; [#157623]. * Mon Jun 19 2006 lmuelle@suse.de - Add 'usershare allow guests = Yes' to the default config; [#144787]. * Fri Jun 16 2006 schwab@suse.de - Fix syntax error in configure script. * Thu Jun 15 2006 gd@suse.de - Add CHANGEPW kpasswd fallback to TCP; [#184945]. * Tue Jun 13 2006 lmuelle@suse.de - Update to 3.0.23rc2. + Winbindd & Samba PDC integration issues. + Join problems from Windows clients in a Samba domain. + Winbind & AD trust failures. * Fri Jun 09 2006 lmuelle@suse.de - Remove VFS examples; [#182117]. * Fri Jun 09 2006 gd@suse.de - Honour 'sn' attribute for eDir; [#176799]. * Thu Jun 08 2006 lmuelle@suse.de - Adapt smbclient fix to smbtree to enable long share names; [#175999]. - Make smbclient -L use RPC to list shares, fall back to RAP; [#171311]. * Wed Jun 07 2006 gd@suse.de - Re-add in-forest domain trusts; [bso #3823]. * Thu Jun 01 2006 lmuelle@suse.de - Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723]. * Wed May 31 2006 gd@suse.de - Add wbinfo --own-domain; [#167344]. - Fix usability of pam_winbind on a Samba PDC; [bso #3800]. * Tue May 30 2006 lmuelle@suse.de - Remove intrusive affinity patches for winbindd. * Sat May 27 2006 jeallison@novell.com - Merge Volker's winbindd crash fix for half-opened connections in winbindd_cm.c (sessionsetup succeeded but tconX failed). * Thu May 25 2006 lmuelle@suse.de - Update to 3.0.23rc1. + Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. + Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. * Mon May 22 2006 lmuelle@suse.de - Optimize lookup of user's group memberships via ExtendedDn LDAP control; [#168100]. - Restart winbind if the hostname is modified by the DHCP client; [#169260]. - Set the groups membership first whilst we're still root and use execve() instead of execv() in get_printing_ticket; [#177114]. - Add samba-krb-printing sub package with get_printing_ticket wrapper binary; [#149698]. * Tue May 16 2006 gd@suse.de - Prevent passwords beeing swapped to disc; [#174834]. - Remove length limit from winbind cache cleanup function; [#175737]. - Fix NDS_ldapsam memory leak. - Only add password to linked list when necessary. - Don't try cached credentials when changing passwords. - Cleanup winbind linked list of credential caches. - Use the index objectCategory attribute in AD LDAP requests. - Adjust AD time difference when validating tickets. - Add password change warning for passwords beeing too young. - Remove experimental Heimdal KCM support. * Mon May 08 2006 lmuelle@suse.de - Added "usershare allow guests" global parameter; [#144787]. * Thu May 04 2006 gd@suse.de - Return domain name in samrquerydominfo 5; [#172756]. * Tue May 02 2006 gd@suse.de - Fix unauthorized access when logging in with pam_winbind; [#156385]. * Thu Apr 27 2006 lmuelle@suse.de - Don't ever set O_SYNC on open unless "strict sync = yes"; [#165431]. * Mon Apr 24 2006 gd@suse.de - Correct fix to exit from "net" with an inproper configuration; [#163227], [#182749]. - Robustness fixes for winbind; [#167952]. - Fix build of own iniparser copy. * Sun Apr 23 2006 lmuelle@suse.de - Update to 3.0.23pre1. * Sat Apr 15 2006 lmuelle@suse.de - Exit from the net command with an error if Samba is not configured for the required role; [#163227]. - Add portability issue fixes between 32-bit winbind clients and a 64-bit winbindd server. - Install pam_winbind.conf to /etc/security and add it with %config(noreplace) to the samba-winbind sub package. - Add fix to the vscan antivir module to circumvent longer startup times of the antivir scanner process. * Wed Apr 12 2006 gd@suse.de - Use iniparser for pam_winbind. * Mon Apr 03 2006 lmuelle@suse.de - Allow testparm to dump a paramatrical option. - Update to 3.0.22; CVE-2006-1059; [#161778]. * Fri Mar 31 2006 gd@suse.de - Don't assume account objectclass for eDir; [#160169]. * Wed Mar 29 2006 gd@suse.de - Only send CLDAP request to an connect AD DC; [#159684]. - Invalidate krb5 credential cache when pam_auth has failed; [#161018]. * Tue Mar 28 2006 lmuelle@suse.de - Enhance comment for the 'cups options = raw' line; [#160720]. * Thu Mar 23 2006 gd@suse.de - Align pam_winbind patch with upstream version. * Tue Mar 21 2006 jeallison@novell.com - Fix oplock logic bug under heavy load; [#159626]. * Mon Mar 20 2006 gd@suse.de - Flush nscd cache also on winbindd startup; [#137793]. - Remove paranoia check for empty acct_flags to support NT4 and older Samba 3 DCs; [#149477]. - Skip superfluous keytab-iteration; [#154951]. - Avoid fallback to samlogon after password failure; [#158717]. - Fix empty domain name in NSS calls; [#154954]. * Wed Mar 15 2006 lmuelle@suse.de - Call make proto instead of pch for pre 10.0 systems. - Use 0750 as default permissions for /var/log/samba as the log files are created with 0644. - Add libnscd-devel to BuildRequires for post 9.1 systems. * Tue Mar 14 2006 jeallison@novell.com - Fix Coverity bug missing return on error case in usershare code. Samba.org svn rev 14019. * Mon Mar 13 2006 gd@suse.de - Correctly flush nscd caches when winbindd comes (back) online; [#137793]. - Fix ldapsmb handling of quoted strings in smb.conf; [#153756]. * Thu Mar 09 2006 gd@suse.de - Fix LDAP replication sleep handling for search requests; [#118378]. * Tue Mar 07 2006 lmuelle@suse.de - Use dlopen.sh to test that every module we just built can actually be loaded by a minimal PAM-aware application. - Link pam_smbpass with the required object files; bso [#3565]. * Wed Mar 01 2006 lmuelle@suse.de - Fix case where a non existing tdb let smbpasswd -a core dump. - Use make everything only to build the same result. - Call proto_exists before we create the precompiled headers (pch). - Set LC_ALL, LC_CTYPE, and LANG from /etc/sysconfig/language before we start smbd and unset it afterwards; [#105322]. - Fix message handling with smbcontrol; [#153699]. - Build and install mount.cifs and umount.cifs as part of the main Makefile. - Define 'symbols' heimdal if we build on a system older than 9.1. Else the heimdal specific patches are not applied. - Start nmbd in /etc/sysconfig/network/scripts/samba-winbindd if the service is enabled before we switch winbindd online. * Fri Feb 24 2006 lmuelle@suse.de - Only use absolute paths for the targets of sym links. - Add a comment to the smbusers file that we are not using it in our default configuration; [#153370]. - Update to final 3.0.21c. - Properly shutdown winbindd with invalid configuration; [#153074]. - Never overwrite the acct_flags in rpccli_netlogon_sam_network_logon; [#149477]. - Fix usage of DESTDIR while calling make install; bso [#3282]. - Allow to rename workstations in a Samba Domain; [#140877], bso [#2331]. - Honour workgroup when parsing smb-uris correctly; [#152821]. - Simplify fillup_and_insserv call in the %post of the client package for post 10.0 systems. - Fix net usershare info core dump; [#150870]. - Reorder Prereq lines and add missing binaries. - Run /sbin/ldconfig from %post and %postun if the package contains a lib; also replace any %run_ldconfig by /sbin/ldconfig; add PreReq /sbin/ldconfig. * Mon Feb 20 2006 lmuelle@suse.de - Update to 3.0.21c from svn.Samba.org SAMBA_3_0_RELEASE tree. * Thu Feb 16 2006 lmuelle@suse.de - Replace swat-welcome.diff by the upstream version; [#63160], bso [#2278]. - Replace pdbedit-pw-stdin.diff by the upstream version; bso [#1386]. - Add winbind offline config template; fate [#300457]. - Enhance return codes of net usershare; [#150870]. - Don't let lp_load() overwrite configuration settings; [#149682]. - Fix winbindd getpwnam behaviour for pam_winbind; [#149021]. - Replace nss-soname.diff by the upstream version; bso [#3381]. - Move libnss_wins into the client package. - Fix pam_winbind Kerberos/NTLM fallback; [#149477]. - Update eDirectory LDAP schema for account policies; [#149470]. - Fix login password expiry handling in pam_winbind; [#149462]. * Tue Feb 14 2006 gd@suse.de - Send correct workstation name to prevent NT_STATUS_INVALID_WORKSTATION beeing returned in samlogon; [#148645], [#161051]. * Wed Feb 08 2006 aj@suse.de - Remove openafs requirement. * Mon Feb 06 2006 lmuelle@suse.de - Add Requires kerberos devel package to libsmbclient-devel; [#148579]. - Add Requires of the main lib packages to the libsmbclient and libmsrps devel packages. - Add missing documentation to testparm man page.. * Mon Feb 06 2006 lmuelle@suse.de - Remove /var/spool/samba from the filelist. - No longer ignore NetworkManager controlled interfaces in dhcpcd-hook-samba. - No longer call netbios_setup() if we source dhcpcd-hook-samba-functions. * Thu Feb 02 2006 lmuelle@suse.de - Add missing \ to the dhcpcd-hook-samba-functions. - Change password character to '*' in NSS replies. - Fix online/offline message handling for winbindd. - Only do anything while calling the helper script samba-winbindd if "winbind offline logon" is "Yes". - Starting nmbd with helper script samba-winbindd if we are going online and service nmb is activated. - Package network interface scripts as %ghost and only create the sym links on the initial install. - Update to final 3.0.21b. - Always use a local copy of guards (patches/tools/guards) instead of depending to the quilt package at build time. - Install any section of the default smb.conf as separate file packaged in /usr/share/samba/templates/default-* into the client package. - Append product version string to SAMBA_VERSION_VENDOR_SUFFIX. - Add new feature to allow winbindd online offline state to be controlled by smbcontrol; [#147249]. - Add -k switch to tdbdump to dump the data of a single key; [#133453]. * Thu Jan 26 2006 lmuelle@suse.de - Add --all-domains switch to wbinfo. - Update to 3.0.21b from svn.Samba.org SAMBA_3_0_RELEASE tree. - Add script to trigger winbindd on- or offline mode. - By default only allow to share directories owned by the user; [#144787]. - Add more verbose error message if usershares aren't activated; [#145299]. - Remove /var/lib/samba/usershares/ from the filelist; [#144013]. * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Fri Jan 20 2006 lmuelle@suse.de - Add %w macro to be replaced by the winbind separator. - Add a desktop smb.conf as template to the client package. - Run SuSEconfig --module permissions if the package is not installed with YaST and we have a /etc/permissions.d/samba-usershares file. - Add /etc/permissions.d/samba-usershares as %ghost to the filelist. - Set %verify(not group mode), root:users and 01700 as default for the default usershare path, /var/lib/samba/usershares/. - It turns out krb5_kt_get_entry() on MIT does an implicit open/read/close and blows away an open keytab handle - so make sure we use a new handle; bso [#3421]. - Ensure net usershare add uses an absolute path; [#143777]. - Use stderr for error messages of the net command. - Ensure to rewind rem_backend if we have to workaround an old configuration. Else winbindd might seg fault. - Fix crash bug in the idmap winbindd child. - Add PAM conversation for disallowed password change. * Sat Jan 14 2006 lmuelle@suse.de - Remove idmap_ prefix from any idmap backend config setting; bso [#3264]. - Add net usershare command to manipulate user shares from trunk of samba.org. - Align suse/samba3-pam_winbind patch with trunk of samba.org. - Fix segfault in "net rpc vampire|samdump"; bso [#3390]. * Mon Jan 09 2006 jeallison@novell.com - Don't assume owning sticky bit directory means write access allowed; bso [#3348]. * Wed Jan 04 2006 lmuelle@suse.de - Create the precompiled headers with exactly the same flags as the binaries. - Allow to rename machine accounts. Fixed crash against eDirectory; [#140877]. * Tue Jan 03 2006 lmuelle@suse.de - Add 'winbind refresh tickets' parameter; [#140962]. * Sun Jan 01 2006 lmuelle@suse.de - Update to 3.0.21a; bso [#3349]. * Wed Dec 21 2005 lmuelle@suse.de - Update to 3.0.21. * Mon Dec 19 2005 gd@suse.de - Add extended pam_winbind work from trunk. * Wed Dec 14 2005 lmuelle@suse.de - Return NT_STATUS_ACCOUNT_DISABLED if eDirectory returns LDAP_UNWILLING_TO_PERFORM; [#138491]. * Sun Dec 04 2005 lmuelle@suse.de - Package libmsrpc files separate. - Revert libsmbclient package renaming. - Update to 3.0.21rc2. * Tue Nov 29 2005 lmuelle@suse.de - Ensure to be root while calling pdb_search_destroy(); else we don't have enough permissions to do the last paged LDAP search. * Wed Nov 23 2005 lmuelle@suse.de - Store "sambaLogonHours" in GMT and display them in localtime; bso [#3187] - Update to ldapsmb 1.34. - Cache the results more agressivly to stop multiple LDAP searches; bnc [#134082]. - Allow anonymous printing to Microsoft Windows 2000 and XP systems via unauthenticated ntlmssp session setup, bnc [#106335]. * Mon Nov 21 2005 lmuelle@suse.de - Improve performance when enumerating users from a LDAP database; bnc [#134082]. * Fri Nov 18 2005 lmuelle@suse.de - Add fix for quota on ext[23], reiserfs. * Thu Nov 17 2005 lmuelle@suse.de - Create a separate Samba documentation package to build it as noarch for post 10.0 systems. * Sun Nov 13 2005 lmuelle@suse.de - Update to 3.0.21rc1. * Wed Nov 09 2005 lmuelle@suse.de - Add samba.org post 3.0.20b fixes. + Ensure printjob deletion. + Fix setting of quotas on Linux. + Clear request structure before used by wbinfo; bso [#3201]. + Added new parameter 'map readonly = [yes|no|permissions]'; bnc [#134188]. + Fix acl evaluation bug. + Don't count open pipes in the num_files_open on a connection. * Fri Oct 28 2005 lmuelle@suse.de - Speed up load of the configuration file with a large number of share definitions; bnc [#129341], bso [#1117]. * Sun Oct 16 2005 lmuelle@suse.de - Update patch for mount.cifs to work with named uid/ gid; [#120601]. * Fri Oct 14 2005 lmuelle@suse.de - Use upstream fix to supress LDAP build warnings with OpenLDAP 2.3.7 or higher and to build with openssl 0.9.8a or higher. - Allow mount.cifs also to work with uid/ gid names; [#120601]. * Thu Oct 13 2005 lmuelle@suse.de - Disable smbwrapper support for all architectures. - Update to 3.0.20b + winbindd crash with alt_names; bso [#3068] + denied write on a share in read/write mode; bso [#3088] + read-only share files are always seen as read-only + quota support; bso [#3070] * Sun Oct 09 2005 schwab@suse.de - Make syscall wrapper stuff compilable. * Fri Sep 30 2005 lmuelle@suse.de - Update to 3.0.20a. * Mon Sep 26 2005 ro@suse.de - fix some implicit function declarations in getdate. * Mon Sep 19 2005 lmuelle@suse.de - Add iprint support; [#113346]. - Update to samba-vscan 0.3.6b. - Add more samba.org post 3.0.20 fixes. + RegCreateKeyEx() Failures + Usrmgr.exe and Groups + net rpc shutdown + DOS applications - Disable build of smbwrapper for ia64. * Mon Sep 12 2005 gd@suse.de - Fix x86_64 crash bugs + security descriptor upgrade in print tdbs [#106751, samba.org #3084] + winbindd resolving group membership [samba.org #3082] * Mon Aug 29 2005 lmuelle@suse.de - Add samba.org post 3.0.20 fixes. + Fix password history for eDirectory + fix enumerated group name + other minor fixes * Sat Aug 20 2005 lmuelle@suse.de - Update to 3.0.20. * Thu Aug 18 2005 lmuelle@suse.de - Fix assembling of the filepath in vscan-icap; [#105582]. - Fix typo in vscan-mcdaemon; [#102372]. * Tue Aug 09 2005 lmuelle@suse.de - Update to 3.0.20rc2. * Tue Aug 09 2005 lmuelle@suse.de - Enable vscan filetype support for post 9.0 systems as SLES 9 SP 2 provides a file package built with -fPIC; [#102372]. * Wed Aug 03 2005 lmuelle@suse.de - Update to ldapsmb 1.33. - Create precompiled headers on post 9.3 systems. * Fri Jul 29 2005 lmuelle@suse.de - Update to 3.0.20rc1. - Fail build if a patch doesn't apply. * Wed Jul 20 2005 lmuelle@suse.de - Use guards of the quilt package to apply all patches. - Add shared module idmap_ad. - Update to ldapsmb 1.32. * Wed Jul 13 2005 lmuelle@suse.de - Update to 3.0.20pre2. * Tue Jun 28 2005 lmuelle@suse.de - Update to 3.0.20pre1. * Mon Jun 20 2005 lmuelle@suse.de - Add more post 3.0.14a fixes; bugzilla.Samba.org [#2729, #2698]. - Add hint to documentation about the permissions of umount.cifs; [#85813]. * Tue May 10 2005 lmuelle@suse.de - Add more post 3.0.14a fixes. - Update umount.cifs to the current version. * Tue Apr 26 2005 lmuelle@suse.de - Add umount.cifs binary. * Fri Apr 22 2005 lmuelle@suse.de - Fix potential buffer overflow in torture. - Change Requires ... = %{version} to >= ... %{version} to allow installation of an subpackage from the original media after a version update was available and installed by online update. Kept Requires samba = %{version} for samba-vscan [#80230]. * Wed Apr 20 2005 lmuelle@suse.de - Add missing /usr/sbin/groupadd to PreReq of the main package. * Tue Apr 19 2005 lmuelle@suse.de - Remove 'dos filetimes = Yes' from smb.conf as it now is the default. * Tue Apr 19 2005 ro@suse.de - try to make testsuite build with gcc-4 * Fri Apr 15 2005 lmuelle@suse.de - Update to version 3.0.14a. - Fix net share migrate and report in the case of the top level share directory ACL. * Tue Apr 12 2005 lmuelle@suse.de - Update to version 3.0.14. * Fri Apr 08 2005 lmuelle@suse.de - Update samba-vscan to version 0.3.6. - Set 'dos filetimes = Yes' in smb.conf for all shares where other users than the owning user might have write access to Microsoft Excel files. * Thu Mar 24 2005 lmuelle@suse.de - Update to version 3.0.13; fix Samba to POSIX draft ACL mapping [#74373]; bugzilla.Samba.org [#2521]. * Mon Mar 21 2005 lmuelle@suse.de - Fix copy/delete files from Microsoft Windows 98 explorer; [#74102]; bugzilla.Samba.org [#2501]. * Fri Mar 18 2005 lmuelle@suse.de - Update to version 3.0.12. * Sun Mar 13 2005 lmuelle@suse.de - Ensure to package smbfstab with limited access permissions. - Add additional Provides and Obsoletes and add %version-%release to the Provides tags. * Fri Feb 25 2005 lmuelle@suse.de - Disable com_err patch for post 9.2 products. - Use NO_BRP_STRIP_DEBUG="true" in the %install section if make_devel is set. - Call mkversion.sh to add VENDOR_SUFFIX to version.h * Mon Feb 07 2005 ro@suse.de - use kerberos-devel-packages in neededforbuild (again) * Fri Feb 04 2005 lmuelle@suse.de - Update to 3.0.11. - Create extra package, cifs-mount for the mount.cifs for post 9.2 products; [#45324]. - Replace SWAT welcome.html sym link post and pre script workaround by a SWAT fix; [#48160]; bugzilla.Samba.org [#2278]. * Fri Jan 21 2005 lmuelle@suse.de - Enusre to free memory used for response and language in the print_cups code; [#49999]; bugzilla.Samba.org [#2270]. * Thu Jan 20 2005 lmuelle@suse.de - Fix order of evaluation in the bitmap code; Samba.org svn revision 4120; [#49476,#49514,#49947]. * Fri Jan 14 2005 ro@suse.de - fix typo in specfile * Wed Dec 22 2004 lmuelle@suse.de - Fix open_any_socket_out on request of Volker Lendecke; bugzilla.Samba.org [#2180]; [#49480]. * Thu Dec 16 2004 lmuelle@suse.de - Update to version 3.0.10; CAN-2004-1154; [#49119]. * Wed Dec 15 2004 lmuelle@suse.de - Set IDMAP_RID_SUPPORT_TRUSTED_DOMAINS to 1 in sam/idmap_rid.c and add Samba.org svn revision 4216; [#49250]. - Disable none working pdf share; [#49221]. - Don't remove statically defined printers in remove_stale_printers(); bugzilla.Samba.org [#2091]; [#49221]. * Tue Dec 14 2004 lmuelle@suse.de - Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the eDirectory integration patches; [#48821]. * Mon Dec 13 2004 lmuelle@suse.de - Fix remote exploitation of an integer overflow vulnerability in the smbd daemon; will be addressed in 3.0.10 upstream; CAN-2004-1154; [#49119]. - Add workaround for samba-vscan if TMPDIR env is set; [#49041]. - Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the eDirectory integration patches; rename the passdb backend file to pdb_nds; [#48821]. - Remove patch to avoid inclusion of linux/audit.h as it - even for post 9.1 products - is superfluous; bugzilla.Samba.org [#2061]. * Tue Nov 30 2004 lmuelle@suse.de - Add -O to CFLAGS only for pre 9.2 products; [#44167], bugzilla.Samba.org [#1631]. - Ensure to include /usr/lib/cups/backend only in post 9.0 products. * Fri Nov 19 2004 lmuelle@suse.de - Only avoid inclusion of linux/audit.h for post 9.1 products. - Fix also max fd count for the select() call in nmbd and wrepld. - Add more post 3.0.9 fixes. * Fri Nov 19 2004 lmuelle@suse.de - Add missing ldapsmb man page. - Add AntiVir module to samba-vscan. - Fix fixed PID file name if multiple Samba daemons are used; [#48237]. - Add fixes to nds_ldap.c and nds-pdb_ldap.c.diff from Vince Brimhall <vbrimhall at Novell dot com>. - Use common* PAM configuration only for post 9.2 products. - Update to version 3.0.9. * Mon Nov 15 2004 lmuelle@suse.de - Add max fd count for select call in smbd/server.c. * Mon Nov 15 2004 kukuk@suse.de - Use common-* PAM configuration. * Fri Nov 12 2004 lmuelle@suse.de - Remove check for uid and gib mapping from winbind init script as winbind nowadays works fine as a proxy only. - Add -t 10 to all killproc calls in the init scripts; [#47227]. - Fix output of smbstatus to make the man page; fix -L, -p, & -S and the -u <username> functionality. - Move doc subpackage %preun to %postun and change sym link only if first arg is less than 1 as only this situation is a deinstallation case. * Thu Nov 11 2004 lmuelle@suse.de - Fix seg fault in lanman printing code. - Fix testparm reporting for the passwd program string. - Add welcome.html also as %ghost to the samba-doc package and remove rm from %preun as this breaks the uninstall of samba-doc; [#48160]. - Protect all welcome-* files in the %pre section of samba-doc to not get deleteted. welcome-en-no-samba-doc.html of the samba package was accidently removed. * Thu Nov 11 2004 lmuelle@suse.de - Update Samba docs to version 3.0.8; [#48137]. - Use a 32 instead of a 64 byte case-exact string in the samba-nds.schema for the sambaPasswordHistory object; [#48134]. - Use samba-nds.schema of examples/LDAP/samba-nds.schema as it is now part of the main line and mark it as %config in the filelist. - Remove admin from default smbusers mapping file; [#48111]. - Add post 3.0.8 fixes. - Remove rest of old net RPC printer migration patch as the problem is solved different in 3.0.8. - Fix undefined reference to `secrets_*' in libsmbclient; [#48082]. - Enable testsuite for libsmbclient. - Fix domain/ workgroup bug for multibyte names in nmbstatus; [#38309]. - Remove superfluous rm in the preun of the samba package. * Mon Nov 08 2004 lmuelle@suse.de - Update to version 3.0.8; CAN-2004-0930; [#48019]. - Fix roundup problem for non-Windows clients; CAN-2004-0882 [#46203]. - Use upstream version of the HTML index file; [#48041]. * Wed Nov 03 2004 lmuelle@suse.de - Add samba-nds.schema to /usr/share/samba/LDAP, [#47894]. * Tue Nov 02 2004 lmuelle@suse.de - Remove incomplete account expiry feature. - Remove broken clockskew fix on request of the author. * Thu Oct 28 2004 lmuelle@suse.de - Add printername and queue update patch, bugzilla.Samba.org [#1519]. - Add account and password expire feature mainly for migration. - Add bad password count and logon count while migration. - Use define for common %setup options and set it to -q. - Fix several serious compiler warnings in smbd/lanman.c. * Fri Oct 22 2004 adrian@suse.de - make it possible to build the package as user * Thu Oct 21 2004 mc@suse.de - disable samba3-account_pol_ldap.diff; breaks libsmbclient * Tue Oct 19 2004 lmuelle@suse.de - Add showacls option to smbclient. * Mon Oct 18 2004 mc@suse.de - Update pdb_ldap.c.diff from Vince Brimhall <vbrimhall at Novell dot com>. * Fri Oct 15 2004 lmuelle@suse.de - Update eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>. * Thu Oct 14 2004 lmuelle@suse.de - Add information to the default smb.conf that the full version is only available if samba-doc is installed, [#43953]. - Move samba.reg to the vendor-files tar ball. - Use $syslog for Required-Start in the smbfs init script, [#37618]. - Add eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>. - Add alias migration code from Volker Lendecke <vl at Sernet do DE>. - Add account policy migration to LDAP code from Guenther Deschner <gd at Samba dot org>. * Mon Oct 11 2004 lmuelle@suse.de - Fix recursive ls in smbclient. Fix by Josef Zlomek. * Wed Oct 06 2004 lmuelle@suse.de - Fix job check of smbfs init script. - Use 0754 permissions for all init scripts. * Thu Sep 23 2004 lmuelle@suse.de - Fix smbfs init script for case where we wait for mount or umount to succeed, [#45778]. * Tue Sep 21 2004 lmuelle@suse.de - User 0775 and root:ntadmin for drivers and 0770 and root:users for profiles directory as with the Samba 2.2 packages. - Add groupadd ntadmin to %pre of the main package, [#45719]. - Modify NetBIOS Datagram Distributor extensions patch to protect records which are marked as permanent. * Thu Sep 16 2004 lmuelle@suse.de - Enable krb5_cc_close() in libsmb/clikrb5 to avoid memleak of winbindd. - Remove obsolet part from vendor README. - Call mount only one time in the smbfs init script. - Add additional information to the samba-vscan INSTALL file. * Mon Sep 13 2004 lmuelle@suse.de - Update to version 3.0.7, CAN-2004-0807, CAN-2004-0808, [#44883]. - Restructure vendor-files tar ball. - Use -dPARANOIDSAFER as option to gs in smbprngenpdf. - Move all 'inherit permissions' to 'inherit acls' in the default smb.conf. - Enhance libtool --mode patch for examples/pdb/ as suggested by Andreas Schwab <schwab at suse dot de>. - Add %{?jobs:-j%jobs} to most make calls as suggested by Stephan Kulow <coolo at suse dot de> * Fri Sep 03 2004 lmuelle@suse.de - Remove letters from the version string of autoconf and autoheader. - Add --mode=MODE to libtool calls. - Add logrotate settings for nmbd and smbd only on systems newer than 8.1. * Wed Sep 01 2004 lmuelle@suse.de - Disable filetype support in vscan for version older than 9.2 where file was built without -fPIC. - Use new update message mechanism, [#44359]. - Disable profile information gathering. This is the Samba default. - Check in %pre of the doc package if there are still directories and files in swat/help and remove them to allow cpio to create sym links here, [#44564]. - Check in dhcpcd-hook-samba if the interface is configured for BOOTPROTO dhcp and exit gracefully if not. * Fri Aug 27 2004 lmuelle@suse.de - Fix check for DHCLIENT_MODIFY_SMB_CONF, add copyright to and remove 'set -e' from dhcpcd-hook script. - Remove swat/help/* and replace it with sym links to the samba-doc package. - Add VENDOR suffix to mount.cifs. - Add NetBIOS Datagram Distributor extensions provided by Brian Landy <landy at alumni dot caltech dot edu>. See http://www.landy.cx/ or the comments in the patch. - Add more post 3.0.6 fixes. * Thu Aug 26 2004 lmuelle@suse.de - Use try-restart in nmb init script when called with force-reload. - Add DHCP support for wins server and netbios scope setting. * Tue Aug 24 2004 lmuelle@suse.de - Update to version 3.0.6, [#43737, #43773]. - Update samba-vscan to version 0.3.5, [#43853]. - Update net RPC printer migrate patch from Günther Deschner. - Add several post 3.0.6 fixes. - Use -O instead of default -O2 for CFLAGS to avoid potential miscompilation, [#44167]; bugzilla.Samba.org [#1631]. * Thu Jul 22 2004 lmuelle@suse.de - Update to version 3.0.5. CAN-2004-0600 and CAN-2004-0686. - Add net RPC printer migrate patch from Günther Deschner. - Add RPM release to the vendor suffix in the version header file. * Tue Jun 22 2004 lmuelle@suse.de - Fix premature optimization in unix_convert() [#42332]; bugzilla.Samba.org [#1345]. * Wed Jun 16 2004 lmuelle@suse.de - Convert spec file to UTF-8 to produce mail with content type UTF-8 if we create one in the %pre or %post section. * Tue Jun 15 2004 lmuelle@suse.de - Create a mail if we update from Samba 2.2 and used LDAP as SAM before [#42055]. - Move /var/log/samba and /var/run/samba to the client package [#42018]. * Fri Jun 11 2004 lmuelle@suse.de - Ensure that we always use tdb_open_log() instead of tdb_open_ex() [#41929]. - Fix afs syscall patch. Already tested and added upstream. - Add some information about the commented example configuration file to the README. - Add an inative [netlogon] share to the example configuration. * Wed Jun 02 2004 ro@suse.de - avoid inclusion of linux/audit.h * Tue Jun 01 2004 lmuelle@suse.de - Add CIFS support to smbfs init script [#41486]. - Use stderr for important messages in the init scripts. - Remove empty Samba named configuration. - Add hu translation to Samba.desktop file. * Mon May 31 2004 lmuelle@suse.de - Move smb.conf existence test in all init scripts to the start case [#41430]. - Add WHATSNEW and README to the htmldocs file. - Use samba.css in htmldocs.html and manpages.html. - Add X-DOC-* lines to enable search index creation and some translations to the Samba.desktop file. * Sun May 30 2004 lmuelle@suse.de - Remove backtrace file from vendor-files as our version it's now in upstream. - Add Samba.desktop file for SuSEhelp system to the doc package. - Move smbpasswd, smbcontrol binaries and man pages to the client package. - Move README to the client package. - Add additional information to the README. * Sun May 30 2004 lmuelle@suse.de - Split winbind and wrepl logrotate from main package [#41433]. - Skip test for smb.conf file in case of stop in nmb, smb, winbind, and wrepl init scripts [#41430]. - Move sym link /usr/share/samba/swat/using_samba to the doc package [#41429]. - Return always with success from smbfs init script in case of stop [#41428]. - Don't add /etc/samba/*.tdb files to file list. - Enable patch to build examples-vfs with -fPIC for all architectures. * Fri May 28 2004 lmuelle@suse.de - Add profiles share with setting to suppress popup of a desktop.ini file to the default smb.conf. * Thu May 27 2004 lmuelle@suse.de - Enable logon drive, path, and home in the way Standard Server 8 does and add 'username map' setting to default smb.conf. - Use /var/log/samba/ as a secure directory for the smb-print script [#36676]. - Readd -t|--password-from-stdin option to pdbedit [#41182]; bugzilla.Samba.org [#1386]. - Fix winbind in case schannel verifier does not include the nonce [#41100]; bugzilla.Samba.org [#1315]. - Fix 'write list' option in case of security is better than share [#41101]; bugzilla.Samba.org [#1319]. - Touch smbd pid file in the init script while reload if the daemon runs. This allows probe to return a value not equal reload. - Add upstream changes to the 'printcap cache time' feature. Thie requires to set 'printcap cache time = 750' in our default smb.conf as the upstream default is 0 which disables the feature. * Wed May 19 2004 ro@suse.de - fix some gcc warnings (py_spoolss_drivers.c: argument sequence) * Thu May 13 2004 lmuelle@suse.de - Add patch to fix clock skew of winbind in ADS security. For details see bugzilla.Samba.org [#1208]. - Add patch to fix printing to the IP address of the server. - Remove TDB files from below /var/lib/samba/ from filelist. - Update to version 3.0.4. Fix password change broken by Microsoft hotfix MS04-011 [#40087]. - Add libsmbclient fix from Stephan Kulow <coolo at suse dot de>. For details see bugzilla.samba.org [#429]. - Add 'printcap cache time' option to remove stale and add new printers [#21846]. See also bugzilla.Samba.org [#1259]. By this we no longer have to wait for the CUPS dameon in the init script. - Disable 'interfaces' and 'bind interfaces only' by default [#39491]. - Use right path to smb.conf in smbpasswd file and add some hints. * Thu Apr 29 2004 lmuelle@suse.de - Add quotactl support patch from Stefan Metzmacher <metze at samba dot org> [#39666] - Replace suse_ver macro by real version string. * Thu Apr 29 2004 lmuelle@suse.de - Update to version 3.0.3. - Adopt missing patches from 2.2.8a. - Move LDAP schema to samba-client package. - Add prerequires to samba package. - Add missing stop_on_removal macros - Add /var/lib/samba/browse.dat to the file list. - Add /var/lib/samba/printing directory to the file list. - Remove printingCupsOptions and expired_service_tickets diff; use upstream version instead; they are now part of the printingAndManyOtherFixes diff. - Enhance waiting for cupsd function in the smb init script * only check with lpstat every two seconds * remember start time in seconds and calculate the waiting time in relation to this; this is important if a configured CUPS server is unreachable. In this case we now really wait only 30 seconds and not 30 times of the lpstat timeout. * Thanks to Bjoern Jacke <bjoern at j3e dot de> for the patch. * Mon Apr 19 2004 lmuelle@suse.de - fix ldapsmb script - add expired service tickets patch from Guenther Deschner <gd at suse dot de> * Thu Apr 15 2004 lmuelle@suse.de - add 'cups options = raw' to the default smb.conf, [#28176] - fix typo and use signal USR2 in write-status case of init script * Mon Apr 05 2004 lmuelle@suse.de - add patch from Alexander Bokovoy <ab@samba.org> to fix smbmount, [#37871] - only create notify message on first installation * Sat Apr 03 2004 lmuelle@suse.de - readd /var/lock/samba/{drivers,netlogon,profiles} - add more TDB files as %ghost %config(noreplace) to the file list - enhance default configuration file, [#38024] * Wed Mar 31 2004 lmuelle@suse.de - add restart_on_update macros for nmb, smb and winbind - fix path to smb-print.log, [#36676] - move smbpasswd, pdbedit and testparm binaries and man pages to the client package - add cracklib-devel to BuildRequires - add several TDB files as %ghost %config(noreplace) to the file list - add backtrace script to examples/scripts - fix smbadduser paths - move /etc/xinetd.d/samba to /etc/xinetd.d/swat * Mon Mar 22 2004 lmuelle@suse.de - add 'printing cups options' feature; this allows us to print with option 'raw' without enabeling raw printing in the cups.conf, [#20218] - add big patch collected from the CVS; [#36602] - add sambaxp and sambaxp-client to the provides and obsoletes tag - spec file cleanup * Tue Feb 24 2004 gd@suse.de - readd nmbstatus, mkntpwd, ldap-schema and cups-smb-backend * Sun Feb 22 2004 gd@suse.de - disable build of utils-package * Wed Feb 18 2004 gd@suse.de - update to 3.0.2a - removed last references of docbook package - moved cifsmount into client package - added pgsql-backend - cleaned up neededforbuild - build as root - fixed dependencies - smb init-script should check for defaults - winbind init-script should warn for required params * Wed Feb 18 2004 coolo@suse.de - readding my fix for libsmbclient. without it surfing windows networks is pure luck ;( * Mon Feb 16 2004 adrian@suse.de - register samba and swat via slp.reg.d * Wed Feb 11 2004 kukuk@suse.de - Remove self Conflicts * Sun Feb 01 2004 gd@suse.de - update to 3.0.2rc2 * Sun Jan 25 2004 adrian@suse.de - rename package back to "samba" - fix build - add %defattr - clean up Provides/Obsoletes - add Provides/Obsoletes for libsmbclient3 * Sun Jan 25 2004 gd@suse.de - removed extra docbook-package * Sun Jan 25 2004 gd@suse.de - initial package of samba3. based on the work of Lars Mueller <lmuelle-at-suse.de>. * Sun Jan 18 2004 meissner@suse.de - Added -fPIC to libmksd build. * Thu Jan 15 2004 kukuk@suse.de - added pam-devel to neededforbuild * Fri Oct 17 2003 kukuk@suse.de - Remove unused des from neededforbuild * Mon Sep 15 2003 kukuk@suse.de - Add requires to libsmbclient-devel [Bug #30718] * Fri Sep 05 2003 kukuk@suse.de - Move /var/log/samba and /var/run/samba to samba-client [#30027] * Thu Aug 28 2003 lmuelle@suse.de - call sbin/SuSEconfig --module samba and not directly the script in the %post section * Tue Aug 26 2003 lmuelle@suse.de - add patch from Ademar de Souza Reis Jr. <ademar at conectiva dot com dot br> for smbclient to get a working -TI option, #27353 * Thu Aug 21 2003 lmuelle@suse.de - add nss-soname patch from Andreas Schwab, #28248 - add stop_on_removal and restart_on_update macros to preun and postun section * Tue Jul 29 2003 lmuelle@suse.de - point getSambaOptions to the right location of the source file - fix handling of uninitialized variable in nmbstatus * Mon Jul 28 2003 lmuelle@suse.de - add Urban Widmark <urban at teststation dot com> patches for smbmount; this includes LFS, unicode, escape character, and 32 bit uid suppprt, #18472 - add nmbstatus utility - add schannel feature from Volker Lendecke <Volker.Lendecke at SerNet dot DE> - move winbind init script and rc sysm link to the client package - remove superfluous linkvfs patch - activate root = administrator admin in smbusers by default - add smbprngenpdf - add configure option --with-sendfile-support - autocreate samba.opts.ini while build * Mon Jun 23 2003 lmuelle@suse.de - add /usr/lib/cups/backend/smb to the samba-client package - unify init scripts; add one space at the end to all echos * Wed Jun 04 2003 lmuelle@suse.de - fix pointer cast on 64bit big endian architecture in winbind_nss.c, #27220 - add new sysconfig tags * Wed May 14 2003 ro@suse.de - run autoreconf / fix build with latest libtool * Thu May 08 2003 lmuelle@suse.de - remove %ghost from sym linked files * Mon Apr 28 2003 lmuelle@suse.de - cleanup %post script part which takes care of old configuration location * Sun Apr 20 2003 lmuelle@suse.de - remove tdbtorture from package on request of the Samba team - update to version 2.2.8a * Mon Mar 17 2003 lmuelle@suse.de - readd map to guest = Bad User to smb.conf * Fri Mar 14 2003 lmuelle@suse.de - move samba LDAP schema to the client package - add product suffix to README and smb.conf files of documentation - mark sym links from /var/lib/samba/bin/ as %ghost * Thu Mar 13 2003 lmuelle@suse.de - add security patch for the client side, #25140 - remove check for existence of sysconfig and smb.conf from smbfs init script * Wed Mar 12 2003 lmuelle@suse.de - add security patch from SuSE Security Team, #25140 - cleanup init scripts try-restart part * Mon Mar 10 2003 lmuelle@suse.de - add fix to samba-nds.schema provided by Jochen Schaefer <jschaef@SuSE.de> - add fixes for winbind caching and uid handling , smbpasswd, smbd and TDB handling * Sun Mar 09 2003 kukuk@suse.de - Use getent in smbadduser * Fri Mar 07 2003 ro@suse.de - remove mminimal-toc from CFLAGS (ppc64) * Thu Mar 06 2003 kukuk@suse.de - Add xinetd config file [Bug #24682] * Thu Mar 06 2003 kukuk@suse.de - Remove cyrus-sasl from neededforbuild * Mon Mar 03 2003 lmuelle@suse.de - add header files to samba package for squid, #24235 - remove rc_reset from status part of nmb init script * Mon Feb 24 2003 lmuelle@suse.de - update samba-vscan to version 0.3.2a * Tue Feb 18 2003 lmuelle@suse.de - add separate binaries to PreReq - add /bin/grep to PreReq of the client package - move README to client package and inform about the new doc package, #23838 - fix %post in case of update - fix nmb init script, #23854 * Mon Feb 17 2003 lmuelle@suse.de - add appropriate suffix to example smb.conf of documentation - add example to auto mount or umount CD drive to smb.conf - add -s ${SMB_CONF} to all startproc calls in init scripts * Fri Feb 14 2003 lmuelle@suse.de - call SuSEconfig -module samba if packages with binaries are installed via rpm - only insserv nmb depending on an active smb service, if we update from a version before SuSE Linux 8.1 - add meta data to sysconfig file - add appropriate suffix to README - update samba-vscan to version 0.3.2 - split libsmbclient and libsmbclient-devel package from samba-client - add msdfsproxy and ldaprebind patches from Guenther Deschner <gd@suse.de> * Wed Jan 29 2003 kukuk@suse.de - Remove samba-doc requires from samba-client * Wed Jan 15 2003 ro@suse.de - use fPIC in samba-vscan * Wed Jan 15 2003 ro@suse.de - use sasl2 * Wed Jan 15 2003 ro@suse.de - added logrotate config - added patch to work around glibc defining st_atime as macro * Fri Dec 13 2002 ro@suse.de - updated neededforbuild * Thu Dec 12 2002 lmuelle@suse.de - update samba to version 2.2.7a - update samba-vscan to version 0.3.1 - move tdb tools to client package - move smbldap-tools from examples/LDAP to a new package - move samba.schema to /etc/openldap/schema * Fri Nov 22 2002 lmuelle@suse.de - fix some broken literals in samba-svan and nettime - split documentation to samba-doc subpackage - move provides smbfs to samba-client package * Wed Nov 20 2002 lmuelle@suse.de - update samba to version 2.2.7; this includes the security fix for the broken password length handling - update samba-vscan to version 0.3.0 - remove superfluous aclocal, autoconf and libtoolize calls * Fri Nov 08 2002 lmuelle@suse.de - use rc_exit, not exit at the end of the smbfs init script, #21641 * Wed Nov 06 2002 lmuelle@suse.de - remove check and Required-Start for nmb in smbfs init script, #20793 move nmb from Required-Start to X-UnitedLinux-Should-Start add section about smbfs and nmb service to README.SuSE - add fix for s390 interface handling, #15717 * Tue Nov 05 2002 lmuelle@suse.de - add security fix for wrong passwd len handling * Fri Oct 18 2002 lmuelle@suse.de - update to version 2.2.6 * Thu Oct 17 2002 lmuelle@suse.de - generate version suffix UL or SuSE as required from Samba team * Wed Oct 16 2002 lmuelle@suse.de - add improved ACL mapping patch, #19494 - remove check_nmbd and rc_reset from smb init script status part, #20921 - also remove check_nmbd from winbind and smbfs init scripts * Tue Oct 08 2002 lmuelle@suse.de - add improved ACL mapping patch, #19494 - set syslog = 0, log level = 1 in smb.conf, #20411 - switch to RFC 3330 conform example IP addresses in smb.conf - remove character set and client code page from smb.conf, #20378 * Thu Sep 26 2002 ro@suse.de - remove hang in smbfs init script (#20204) * Wed Sep 25 2002 agruen@suse.de - WinNT compatibility fix in the improved ACL mapping * Mon Sep 23 2002 lmuelle@suse.de - add ACL mapping fixes from Andreas Gruenbacher <agruen@suse.de> - put SAM related binaries in extra subdirectories - set TMPDIR to /var/tmp in smb init script - create classic and ldap sudirectories for the binaries to get usual process names - remove runlevel 2 from Default-Start of smbfs; add nmb to Required-Start - warn if nmbd is not running while start of smb, smbfs and winbind - drop rcsamba * Thu Sep 12 2002 lmuelle@suse.de - add missing user information if nmbd is reloaded - add root to write list of print$ in default smb.conf * Wed Sep 11 2002 lmuelle@suse.de - add check for ready cupsd if CUPS is active and Samba using CUPS as printing system - remove ACL fixes, #19494 * Wed Sep 11 2002 lmuelle@suse.de - add winbind to X-UnitedLinux-Should-Start of smb init script * Tue Sep 10 2002 lmuelle@suse.de - intergrate ACL fixes from Andreas Gruenbacher <agruen@suse.de> - split smb in two (smb and nmb) init scripts - fix Required-Start of smb and winbind init script - include most parts of two mostly printing related pre 2.2.6 patches * Mon Sep 09 2002 lmuelle@suse.de - check existence of brlock and locking tdb, #18978 - include tdbdump, tdbtest, tdbtool, tdbtorture - change smb and winbind init script, #18784 * Mon Sep 02 2002 lmuelle@suse.de - let SuSEconfig.samba use correct lib subdirectory, #18730 - include printing patch for 2.2.5 from Samba team - let smb and winbind init script also recognize daemons started before an update of the package; workaround for #18784 - include netttime program, #6508 * Fri Aug 30 2002 lmuelle@suse.de - replace wrong, left variable in %post of samba by filename * Wed Aug 28 2002 lmuelle@suse.de - make reload of smbfs init script equal to restart - remove Should-Start smb in smbfs init script - create ntadmin group in %pre of samba - adjust permission and ownership of /var/lib/samba/drivers * Wed Aug 21 2002 lmuelle@suse.de - fix start of smbfs init script; introduce /etc/samba/smbfstab, #7146 - reinclude lost pdbedit and man page, now part of the client package - move cupsd to Should-Start in smb, also smb and remove $remote_fs from Required-Start in smbfs init script - rename sysconfig.samba-samba-client to sysconfig.samba-client and use fillup_only with -ans due to usage in a subpackage - force LDAP protocol version 3 during connection establishment * Tue Aug 20 2002 lmuelle@suse.de - add missing PreReq to samba and samba-client, #17979, #17980 - fix status of smbfs init script, #9092 * Mon Aug 19 2002 lmuelle@suse.de - fix path to temp file in %post of samba - fix %post of samba-client, rename sysconfig.samba to sysconfig.samba-samba-client * Mon Aug 19 2002 lmuelle@suse.de - drop the split in classic and ldap version; introduce etc/sysconfig/samba and SuSEconfig.samba instead to get the appropriate binaries, #17691 * Fri Jul 26 2002 gd@suse.de - fixed /usr/share/samba in %files - moved libsmbclient libraries to samba-client * Fri Jul 19 2002 gd@suse.de - added rediffed start_tls-fix from cvs - enabled challenge-response-auth for winbind - removed all references to rc.config - made cups default printing system for SuSE Linux 8.1 * Thu Jul 18 2002 link@suse.de - updated to samba-vscan-0.2.5d - - bugfix for F-Prot Daemon and ScannerDaemon - - added a sanity check for "grepping" the virus name from the output of ScannerDaemon and F-Prot Daemon - - init message has been changed when module is loaded - - added Makefile fix for x86-64 by Ulricht Hecht * Tue Jul 16 2002 uli@suse.de - link PIC objects into examples/VFS stuff (fixes x86-64) * Tue Jul 16 2002 kukuk@suse.de - Don't use macros for Version: * Mon Jul 15 2002 gd@suse.de - update to version 2.2.5 (mainly done by Lars Mueller <lmuelle@suse.de>) - added samba-vscan 0.2.5a as subpackage - link against acl and attr library - added winbind-init script, rewrote smb-init script - updates, clean-ups in smb.conf and more examples - added patch for pdbedit to handle script based LDAP account creation and make deletion of only SAM LDAP entries possible and added a -b option for pdbedit to allow stdin password changes (patch by lmuelle@suse.de) - fixed smbadduser script patch (bug #15562) - split the samba-package into a classic and a ldap-version: thus you need in either case samba/samba-client, then you choose between samba-classic/samba-classic-client for the common smbpasswd-backend or samba-ldap/samba-ldap-client to support the ldapsam-backend. - added README.SuSE - added link to make using_samba accessible from swat - no sgid for printer-drivers-dir * Fri Jun 14 2002 meissner@suse.de - rerun auto* tools, use -mminimal-toc on ppc64. * Fri Mar 08 2002 kukuk@suse.de - Add libsmbclient.so.0 and /usr/share/samba to filelist * Thu Feb 14 2002 adrian@suse.de - install needed header file for libsmbclient.so * Sun Feb 10 2002 kukuk@suse.de - Don't test for -fpic if PICFLAG is already set * Thu Feb 07 2002 lmuelle@suse.de - Update to 2.2.3a, minor bugfix release * Thu Feb 07 2002 lmuelle@suse.de - Update to 2.2.3 - Fix smbsh library search path - Removed 'kernel oplocks = No' from smb.conf; default is yes - Include pam_smbpass, syslog, utmp, and winbind support - Include libsmbclient - Include findsmb * Tue Jan 08 2002 egmont@suselinux.hu - Cosmetical changes in init scripts * Thu Dec 20 2001 ro@suse.de - removed START_SMB and added insserv_macros * Sat Sep 22 2001 lmuelle@suse.de - Shorten output and tunig of old configuration files handling - Include SID and secrets files to old configuration files handling - Move netlogon and profiles directories to /var/lib/samba - Move smbpasswd binary and man page to samba-client package - Introduce additional sym link from /etc/init.d/smb to rcsamba due to too many typos and cleaner systematic - Add character set = ISO8859-15 and client code page = 850 to smb.conf in the global section to enable correct UNIX <-> DOS character mapping for west European languages - Change create mask of home section to 0640, directory mask to 0750; change create mask of printers section to 0600 in smb.conf - Move path of printers section to /var/tmp * Fri Aug 24 2001 lmuelle@suse.de - Move all configuration files to /etc/samba - Move data bases to /var/lib/samba; important, cause boot script cleans up /var/lock/samba - Move pid files to /var/run/samba - Link against cups library - Use build root - Rename subpackage smbclnt to samba-client - Move /usr/share/doc/packages/samba to package samba-client - Move /usr/lib/samba/scripts to /usr/share/samba/scripts - Move /usr/lib/samba/codepages to /usr/share/samba/codepages - Move /usr/lib/samba/swat to /usr/share/samba/swat - Move /usr/lib/samba/VFS/* to /usr/lib/samba - Remove smb.conf from package samba, kept in samba-client - Remove redundant html documentation of man pages - Remove superfluous install and uninstall scripts - Add example configuration file /etc/samba/smbusers - Update to 2.2.1a: fixes bug with too strict name handling while adding a machine into a domain - Update to 2.2.1: add pam password changing and pam restrictions code; printer driver management improvements (delete driver); fix for Samba running on top of Linux VFAT ftruncate bug * Tue Aug 14 2001 ro@suse.de - Don't use absolute paths to PAM modules in PAM config files * Tue Jun 26 2001 ro@suse.de - re-added the libtoolize to make it build * Tue Jun 26 2001 lmuelle@suse.de - Update to 2.2.0a fixes remote file create/ append bug. This may only happen by '%m' macro usage for the 'log file' command. - spec and dif cleanup - Include VFS module support. * Wed Jun 13 2001 ro@suse.de - fix to build with new autoconf * Wed May 30 2001 ro@suse.de - config-dist.sh: accept any kernel version on s390 * Thu May 10 2001 bodammer@suse.de - initscript fix: don't start smbd in runlevel 2 [bug #8046] - some additional files included to doc (COPYING, README, ..) * Wed May 09 2001 uli@suse.de - bzipped tarball * Tue May 08 2001 schwab@suse.de - Don't use _syscallX. * Mon Apr 30 2001 ro@suse.de - added config-dist.sh to build only on 2.4 machines (samba configure seems braindead enough to check the running kernel) * Mon Apr 30 2001 ro@suse.de - removed kerberos support: does not work as expected * Tue Apr 24 2001 lemsi@suse.de - for 7.2 we have added some kerbereos 5 support * Tue Apr 24 2001 lemsi@suse.de - new version samba 2.2 - new spec file with more functions for configure - libnss_winbind.so support for /etc/nsswich.conf * Wed Apr 18 2001 lemsi@suse.de - new security fixes and version 2.0.8 for 6.3, 6.4, 7.0, 7.1 * Tue Apr 17 2001 lemsi@suse.de - new rcsmb script - include security fixes * Fri Mar 09 2001 ro@suse.de - don't mess with os_install_post * Thu Feb 22 2001 ro@suse.de - added readline/readline-devel to neededforbuild (split from bash) * Wed Feb 07 2001 schwab@suse.de - Fix LFS support in client. * Mon Feb 05 2001 schwab@suse.de - Compile with -D_GNU_SOURCE and -D_LARGEFILE64_SOURCE to get missing declarations. - Include <sys/types.h> when checking for ino64_t. - Include <crypt.h> for crypt declaration. * Wed Jan 31 2001 lemsi@suse.de - added codepages in smbclnt-subpackage - changed german coments to english coments * Wed Jan 03 2001 lemsi@suse.de - changed in the share section the path /cd to /cdrom - added smb.conf to the smbclnt-subpackage * Tue Nov 28 2000 kukuk@suse.de - Fix init scripts and move them to /etc/init.d - Fix post/postun section for subpackages * Fri Nov 24 2000 bodammer@suse.de - rcscript update * Mon Aug 28 2000 choeger@suse.de - changed $* to "$@" in mount.smbfs to make it also possible to mount shares with spaces * Mon Jul 31 2000 choeger@suse.de - improvement for rcsmb - fix for spec-file to compile with NIS netgroups * Thu Jul 20 2000 choeger@suse.de - added smbfs initscript that has been removed by an error * Tue Jul 11 2000 choeger@suse.de - split package into client and server parts client package name: smbclnt * Wed Apr 26 2000 choeger@suse.de - new version, 2.0.7 * Thu Apr 06 2000 ro@suse.de - removed pam,cracklib from neededforbuild: build handles this * Wed Apr 05 2000 bk@suse.de - s390 team added config.{sub,guess} update macro for s390 * Mon Mar 27 2000 choeger@suse.de - fixed bug in specfile the multilined configure call missed a "\" :-( * Thu Mar 09 2000 choeger@suse.de - fixed typo in specfile * Wed Mar 01 2000 choeger@suse.de - added %{_mandir} * Tue Feb 08 2000 choeger@suse.de - removed /sbin/init.d/smbfs because it is no longer needed * Mon Jan 03 2000 choeger@suse.de - bugfix for ipc.c to make roaming profiles work again. * Tue Nov 30 1999 choeger@suse.de - changed kernel oplocks = off to kernel oplocks = false * Tue Nov 16 1999 choeger@suse.de - added kernel oplocks = off in smb.conf * Fri Nov 12 1999 choeger@suse.de - new version, 2.0.6 * Fri Nov 05 1999 choeger@suse.de - Fix for the smbmount lost-connection problem _seems_ to work... * Fri Oct 29 1999 choeger@suse.de - removed comment sign in /etc/inetd.conf for swat * Mon Sep 13 1999 bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. * Tue Aug 10 1999 fehr@suse.de - set execute permissions for mksmbpasswd.sh and changesmbpasswd.sh * Thu Jul 29 1999 fehr@suse.de - fixed typo in /sbin/init.d/smbfs * Thu Jul 22 1999 fehr@suse.de - changed to new version 2.0.5a * Wed Jul 21 1999 fehr@suse.de - changed to new version 2.0.5 * Tue Jul 20 1999 fehr@suse.de - install /sbin/init.d/smbfs - changed to new version 2.0.5pre4 * Mon Jul 19 1999 fehr@suse.de - add /sbin/init.d/smbfs - changed to new version 2.0.5pre3 * Fri Jul 02 1999 fehr@suse.de - removed "umount -a -t smbfs" from start sscript * Tue Jun 22 1999 kukuk@suse.de - 2.0.4b changed default values, enable PAM again * Fri Jun 18 1999 kukuk@suse.de - changed to new version 2.0.4b * Mon Jun 14 1999 kukuk@suse.de - Enable PAM, add samba.pamd * Mon May 03 1999 fehr@suse.de - add umount -a -t smbfs to shutdown sequence of samba * Thu Mar 11 1999 ro@suse.de - smbmount: define NR_OPEN to 1024 if undefined (GLIBC-2.1) * Wed Mar 10 1999 choeger@suse.de - some enhancements for smb.conf * Wed Mar 10 1999 choeger@suse.de - new version 2.0.3 and smbmount now seems to work * Tue Mar 09 1999 ro@suse.de - use samba-2.0.2 for STABLE - use smbfs-2.1 with kernel 2.2.2 * Sun Feb 28 1999 ro@suse.de - for glibc-2.1 strncat uses strcat for one subcase, so don't redefine strcat to "ERROR" for glibc-2.1 * Mon Feb 15 1999 fehr@suse.de - fix for umount problem from Volker * Tue Feb 09 1999 fehr@suse.de - changed to version 2.0.2 of samba * Fri Jan 15 1999 bs@suse.de - replaced /sbin/init.d/smb with newer style version (again) * Fri Jan 15 1999 fehr@suse.de - switched to new version 2.0.0 * Wed Jan 13 1999 bs@suse.de - fixed entry in inetd.conf * Wed Jan 13 1999 bs@suse.de - replaced /sbin/init.d/smb with newer style version * Mon Jan 11 1999 vl@suse.de - make 2.0.0beta5 package of samba * Mon Aug 24 1998 vl@suse.de - changed to version 1.9.18p10 * Mon Jun 29 1998 vl@suse.de - changed to version 1.9.18p8 * Mon Apr 20 1998 vl@suse.de - changed to version 1.9.18p4 * Thu Feb 19 1998 vl@suse.de - changed to version 1.9.18p3 * Tue Feb 03 1998 vl@suse.de - changed to version 1.9.18p2 - fixed some problems in spec-file, some files were missing :-( - fixed smbfs-2.0.2/Makefile.Linux * Tue Jan 13 1998 vl@suse.de - changed to version 1.9.18p1 * Fri Jan 09 1998 vl@suse.de - changed to version 1.9.18 * Tue Dec 02 1997 bs@suse.de - disable samba by default in /etc/rc.config * Mon Oct 06 1997 fehr@suse.de - package prepared for automatic building * Mon Sep 29 1997 fehr@suse.de - updated to version 1.9.17p2 due to security hole. * Wed Jul 16 1997 fehr@suse.de - add fillup-template for rc.config and install it in doinst.sh * Fri Jun 27 1997 bs@suse.de - update to smbfs-2.0.2, due to security hole. * Tue Jun 17 1997 fehr@suse.de - changed init-skript to recognize entry START_SMB of rc.config * Mon Jun 02 1997 vl@suse.de - update to version 1.9.16p11 - Starting Samba from /sbin/init.d, not from inetd.conf * Sun Feb 02 1997 vl@suse.de - update to version 1.9.16p10 - Adapted /etc/smb.conf.sample to 4.4.1 manual * Thu Jan 02 1997 florian@suse.de - update to version 1.9.16p9 - configuration file is now /etc/smb.conf - smbd and nmbd are now in /usr/sbin - added start-script /sbin/init.d/smb and entry in /etc/rc.config * Thu Jan 02 1997 florian@suse.de - Update auf neue Version 1.9.16p6.
/usr/bin/samba-tool /usr/share/man/man8/samba-tool.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Nov 16 00:16:38 2024