Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: samba-winbind-libs-32bit | Distribution: openSUSE Tumbleweed |
Version: 4.22.5+git.431.dc5a539f124 | Vendor: openSUSE |
Release: 1.1 | Build date: Wed Oct 15 14:55:57 2025 |
Group: Development/Libraries/C and C++ | Build host: reproducible |
Size: 105444 | Source RPM: samba-4.22.5+git.431.dc5a539f124-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://www.samba.org/ | |
Summary: Winbind Daemon libraries |
This package contains the libraries required by the Winbind daemon.
GPL-3.0-or-later
* Wed Oct 15 2025 Noel Power <noel.power@suse.com> - Update to 4.22.5 * CVE-2025-10230: Command injection via WINS server hook script (bso#15903); (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr; (bso#15885); (bsc#1251279). * Wed Oct 01 2025 Samuel Cabrero <scabrero@suse.de> - Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a recommends. They are only required if utilizing certificate auto enrollment (bsc#1249087). * Thu Sep 25 2025 Noel Power <noel.power@suse.com> - Disable timeouts for smb.service so that possibly slow running ExecStartPre script 'update-samba-security-profile' doesn't cause service start to fail due to timeouts;(bsc#1249181). * Thu Sep 25 2025 Noel Power <noel.power@suse.com> - Ensure semanage is pulled in as a requirement when samba in installed when selinux security access mechanism that is used; (bsc#1249180). * Thu Sep 25 2025 Noel Power <noel.power@suse.com> - don't attempt to label paths that don't exist, also remove unecessary evaluation of semange & restorecon cmds;(bsc#1249179). * Thu Sep 25 2025 Noel Power <noel.power@suse.com> - Update to 4.22.4 * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * getpwuid does not shift to new DC when current DC is down; (bso#15844). * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName-; (bso#15876). * Unresponsive second DC can cause idmapping failure when using idmap_ad-; (bso#15881). * kinit command is failing with Missing cache Error; (bso#15840). * Figuring out the DC name from IP address fails and breaks fork_domain_child(); (bso#15891). * vfs_streams_depot fstatat broken; (bso#15816). * Delayed leader broadcast can block ctdb forever; (bso#15892). * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine); (bso#15663). * Fix handling of empty GPO link; (bso#15877). * SMB ACL inheritance doesn't work for files created; (bso#15880). * Fri Jul 25 2025 Andreas Stieger <andreas.stieger@gmx.de> - adjust gpgme build dependency for future-proofing * Tue Jul 08 2025 Samuel Cabrero <scabrero@suse.de> - Update to 4.22.3 * samba-tool cannot add user to group whose name is exactly 16 characters long; (bso#15854); * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876); * Startup messages of rpc deamons fills /var/log/messages; (bso#15869); * Fri Jun 06 2025 Noel Power <nopower@suse.com> - Update to 4.22.2 * (CVE-2025-0620) [SECURITY] CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session; (bso#15707); (bsc#1244136). * Profile sync fails due to Directory Leases; (bso#15861). * net ad join fails with "Failed to join domain: failed to create kerberos keytab"; (bso#15727). * dcerpcd not able to bind to listening port; (bso#15851). * vfs_ceph_snapshots fails to list snapshots for entries at any level beyond share root; (bso#15819). * CTDB does not put nodes running NFS into grace on graceful shutdown; (bso#15858). * Fri May 09 2025 Noel Power <nopower@suse.com> - Update and rename update-apparmor-samba-profile script to update-samba-security-profile. It additionally now caters for selinux (if selinux is used); (bsc#1241391); * Wed Apr 30 2025 Samuel Cabrero <scabrero@suse.de> - Update smb.conf to enable SMB3 unix extensions * Tue Apr 22 2025 Noel Power <nopower@suse.com> - Update to 4.22.1 * Running "gpo manage motd set" twice fails with backtrace; (bso#15774). * samba-tool gpo backup creates entity backups it can't read; (bso#15829). * gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with prepended 0's; (bso#15839). * Deadlock between two smbd processes; (bso#15767). * Subnet based interfaces definition not listening on all covered IP addresses; (bso#15823). * PANIC: assert failed at source3/smbd/smb2_oplock.c(156): sconn->oplocks.exclusive_open>=0; (bso#15836). * net ad join fails with "Failed to join domain: failed to create kerberos keytab"; (bso#15727). * Enable support for cephfs case insensitive behavior; (bso#15822). * Remove of file or directory not possible with vfs_acl_tdb; (bso#15791). * Wide link issue in samba 4.22; (bso#15841). * NT_STATUS_INVALID_PARAMETER: Can't create folders on share of an exfat file system; (bso#15845). * Lease code is not endian-safe; (bso#15849). * vfs_ceph_new module does not work with other modules for snapshot management; (bso#15818). * vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN, SMB_VFS_FCHMOD and SMB_VFS_FNTIMES; (bso#15834). * Add async io API from libcephfs to ceph_new VFS module; (bso#15810). * Wed Mar 12 2025 Samuel Cabrero <scabrero@suse.de> - Update to 4.22.0 * SMB3 Directory Leases are supported. By default, SMB3 Directory Leases are enabled on non-clustered Samba and disabled on clustered Samba, based on the "clustering" option. * Netlogon Ping over LDAP and LDAPS * Experimental Himmelblaud Authentication in Samba * The "nmbd proxy logon" feature was removed. * fruit:posix_rename option of the vfs_fruit VFS module that could be used to enable POSIX directory rename behaviour for OS X clients has been removed as it could result in severe problems for Windows clients. * Wed Feb 19 2025 Samuel Cabrero <scabrero@suse.de> - Remove nscd build dependency and usage in RPM scriptlets; (bsc#1237296); * Wed Feb 19 2025 Noel Power <nopower@suse.com> - Update to 4.21.4 * Increasing slowness of sharesec performance with high number of registry shares; (bso#15780). * winbindd shows memleak in kerberos_decode_pac; (bso#15782). * Creation of GPOs applicable to more than one group is impossible with Samba 4.20.0 and later; (bso#15738). * Replace `crypt` module in python/samba/netcmd/user/readpasswords/common.py; (bso#15756). * vfs_gpfs silently garbles timestamps > year 2106; (bso#15151). * Spotlight search results don't show file size and creation date; (bso#15796). * General improvements for vfs_ceph_new module; (bso#15703). * net offlinejoin not working correctly; (bso#15777). * net ads create/join/winbind producing unix dysfunctional keytabs; (bso#15759). * Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing security tab; (bso#14213). * The values from hresult_errstr_const and hresult_errstr are reversed in 4.20 and 4.21; (bso#15769). * Kerberos referral tickets are generated for principals in our domain if we have a trust to a top level domain; (bso#15778). * NETLOGON_NTLMV2_ENABLED is missing in the SamLogon* user_flags field; (bso#15783). * Regression: stack-use-after-return in crypt_as_best_we_can(); (bso#15784). * libreplace:readline: gcc 15 complains about incompatible pointer types; (bso#15788). * Tue Jan 07 2025 Noel Power <nopower@suse.com> - Update to 4.21.3 * More possible replication loops against Azure AD; (bso#15701). * Compound rename from Mac clients can fail with NT_STATUS_INTERNAL_ERROR if the file has a lease; (bso#15697). * vfs crossrename seems not work correctly; (bso#15724). * After 'machine password timeout' /etc/krb5.keytab is not updated; (bso#6750). * Memory leak wbcCtxLookupSid; (bso#15771). * Fix heap-user-after-free with association groups; (bso#15765). * Segfault in vfs_btrfs; (bso#15758). * Avoid event failure race when disabling an event script; (bso#15755). * Fri Dec 06 2024 Noel Power <nopower@suse.com> - Update shipped /etc/samba/smb.conf to point to smb.conf man page;(bsc#1233880). * Mon Nov 25 2024 Noel Power <nopower@suse.com> - Update to 4.21.2 * smbd fails to correctly check sharemode against OVERWRITE dispositions; (bso#15732). * Panic in close_directory; (bso#15754). * winexe no longer works with samba 4.21; (bso#15752). * protocol error - Unclear debug message "pad length mismatch" for invalid bind packet; (bso#14356). * NetrGetLogonCapabilities QueryLevel 2 needs to be implemented; (bso#15425). * gss_accept_sec_context() from Heimdal does not imply GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE; (bso#15740). * winbindd should call process_set_title() for locator child; (bso#15749). * Update CTDB to track all TCP connections to public IP addresses; (bso#15320). * Thu Oct 31 2024 Noel Power <nopower@suse.com> - Add placeholder changelog for sle15-sp7; (jsc#PED-11210). * Wed Oct 16 2024 Noel Power <nopower@suse.com> - Adjust spec to split out rpcd_* binaries into a separate sub package; (bsc#1231414). * Tue Oct 15 2024 Noel Power <nopower@suse.com> - Update to 4.21.1 * DH reconnect error handling can lead to stale sharemode entries; (bso#15624). * "inherit permissions = yes" triggers assert() in vfs_default when creating a stream; (bso#15695). * Samba 4.21.0 broke FreeIPA domain member integration; (bso#15715). * Missing conversion for msDS-UserTGTLifetime, msDS- ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba- tool domain auth policy modify"; (bso#15692). * irpc_destructor may crash during shutdown; (bso#15280). * Durable handle is not granted when a previous OPEN exists with NoOplock; (bso#15649). * Durable handle is granted but reconnect fails; (bso#15651). * Disconnected durable handles with RH lease should not be purged by a new non conflicting open; (bso#15708). * net ads testjoin and other commands use the wrong secrets.tdb in a cluster; (bso#15714). * 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as rfc 8009 etypes are used; (bso#15726). * VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2; (bso#15730). * Samba 4.20.0 DLZ module crashes BIND on startup; (bso#15643). * Cannot build libldb lmdb backend on a build without AD DC; (bso#15721). * Consistent log level for sighup handler; (bso#15706). * Wed Sep 25 2024 Noel Power <nopower@suse.com> - Support needed packaging changes required update to samba-4.21.0 Update samba.spec, baselibs.conf to deliver libldb packages. * Thu Sep 05 2024 David Disseldorp <ddiss@suse.com> - Package ceph_new VFS module. * Thu Sep 05 2024 David Disseldorp <ddiss@suse.com> - Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699); (bsc#1229684). * Wed Aug 28 2024 Noel Power <nopower@suse.com> - Bad variable definition for ParseTuple causing test failure for Smb3UnixTests.test_create_context_reparse; (bso#15702). * Wed Aug 28 2024 Noel Power <nopower@suse.com> - Update to 4.21.0 * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699). * Bad variable definition for ParseTuple causing test failure for Smb3UnixTests.test_create_context_reparse; (bso#15702). * Add new vfs_ceph module (based on low level API); (bso#15686). * samba-tool can not load the default configuration file; (bso#15698). * Crash when readlinkat fails; (bso#15700). * Can't add/delete special keys to keytab for nfs, cifs, http etc; (bso#15689). * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients; (bso#15696). * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673). * ldb_version.h is missing from ldb public library; (bso#15690). * Can not add/delete special keys to keytab for nfs, cifs, http etc; (bso#15689). * undefined reference to winbind_lookup_name_ex; (bso#15687). * per user veto and hide file syntax is to complex; (bso#15688). * Wed Aug 07 2024 Noel Power <nopower@suse.com> - Fix a crash when joining offline and 'kerberos method' includes keytab; (bsc#1228732). * Tue Aug 06 2024 Noel Power <noel.power@suse.com> - Update to 4.20.4 * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673). - Update to 4.20.3 * Running samba-bgqd a a standalone systemd service does not work; (bso#15683). * When claims enabled with heimdal kerberos, unable to log on to a Windows computer when user account need to change their own password; (bso#15655). * Invalid client warning about command line passwords; (bso#15671). * Version string is truncated in manpages; (bso#15672). * cmdline_burn does not always burn secrets; (bso#15674). * Samba does not parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685). * The images don\'t build after the git security release and CentOS 8 Stream is EOL; (bso#15660). * Fix clock skew error message and memory cache clock skew recovery; (bso#15676). * Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual; (bso#15603). * s4:ldap_server: does not support tls channel bindings for sasl binds; (bso#15621). * CTDB socket output queues may suffer unbounded delays under some special conditions; (bso#15678). * Wed Jul 17 2024 Samuel Cabrero <scabrero@suse.de> - Update samba-tool package to require python3-Markdown also in the Heimdal ADDC build. * Thu Jul 04 2024 Samuel Cabrero <scabrero@suse.de> - Fix named crash when using samba's DLZ plugin; (bsc#1224003); (bso#15643); * Thu Jul 04 2024 pgajdos@suse.com - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] * Wed Jun 19 2024 Noel Power <nopower@suse.com> - Update to 4.20.2 * vfs_widelinks with DFS shares breaks case insensitivity; (bso#15662); (bsc#1213607). * Samba build is not reproducible; (bso#13213). * ldb qsort might r/w out of bounds with an intransitive compare function; (bso#15569). * Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances; (bso#15625). * Need to change gitlab-ci.yml tags in all branches to avoid CI bill; (bso#15638). * We have added new options --vendor-name and --vendor-patch- revision arguments to ./configure to allow distributions and packagers to put their name in the Samba version string so that when debugging Samba the source of the binary is obvious; (bso#15654). * CTDB RADOS mutex helper misses namespace support; (bso#15665). * Dynamic DNS updates with the internal DNS are not working; (bso#13019). * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022); (bso#15412). * Panic in dreplsrv_op_pull_source_apply_changes_trigger; (bso#15573). * s4:nbt_server: does not provide unexpected handling, so winbindd can't use nmb requests instead cldap; (bso#15620). * winbindd, net ads join and other things don't work on an ipv6 only host; (bso#15642). * Segmentation fault when deleting files in vfs_recycle; (bso#15659). * Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664). * "client use kerberos" and --use-kerberos is ignored for the machine account; (bso#15666). * Regression DFS not working with widelinks = true; (bso#15435). * samba-gpupdate - Invalid NtVer in netlogon_samlogon_response; (bso#15633). * idmap_ad creates an incorrect local krb5.conf in case of trusted domain lookups; (bso#15653). * The images don't build after the git security release and CentOS 8 Stream is EOL; (bso#15660). * Mon Jun 03 2024 Samuel Cabrero <scabrero@suse.de> - Fix non deterministic builds; (bsc#1225754); (bso#13213); * Thu May 16 2024 Samuel Cabrero <scabrero@suse.de> - Update to 4.20.1 * dns update debug message is too noisy; (bso#15630); * Do not fail PAC validation for RFC8009 checksums types; (bso#15635); * Improve performance of lookup_groupmem() in idmap_ad; (bso#15605); * Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636); * http library doesn't support 'chunked transfer encoding'; (bso#15611); * Provide a systemd service file for the background queue daemon; (bso#15600); - Update to 4.20.0 New features: * samba-tool user getpassword / syncpasswords ;rounds= change * Group Managed service account client-side features * New Windows Search Protocol Client * Allow 'smbcacls' to save/restore DACLs to file * Samba-tool extensions for AD Claims, Authentication Policies and Silos * AD DC support for Authentication Silos and Authentication Policies * Conditional ACEs and Resource Attribute ACEs * Service Witness Protocol [MS-SWN] Removed features: * Get locally logged on users from utmp Fixed bugs: * Avoid null-dereference with bad claims; (bso#15606); * ndr_pull_security_ace can leave resource attribute ACE coda claim struct undefined; (bso#15613); * fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close(); (bso#15527); * set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - openat() EACCES; (bso#15583); * libgpo: Segfault in python bindings; (bso#15599); * Samba AD is missing some authentication policy tests; (bso#15607); * samba-gpupdate: Correctly implement site support; (bso#15588); * Remove unsupported "Final" keyword missing from Python 3.6; (bso#15575); * Additional witness backports for 4.20.0; (bso#15577); * Error output with wspsearch; (bso#15579); * Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580); * Performance regression for NDR parsing of security descriptors; (bso#15574); * Build and install man page for wspsearch client utility; (bso#15565); * Tue Feb 20 2024 Noel Power <nopower@suse.com> - Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555). * Wed Jan 10 2024 Noel Power <nopower@suse.com> - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). * Tue Jan 09 2024 Noel Power <nopower@suse.com> - Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440). * Multichannel refresh network information; (bso#15547). * Mon Nov 27 2023 Noel Power <nopower@suse.com> - Update to 4.19.3 * sid_strings test broken by unix epoch > 1700000000; (bso#15520). * smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set; (bso#15487). * smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(); (bso#15521). * Improve logging for failover scenarios; (bso#15499). * Files without "read attributes" NFS4 ACL permission are not listed in directories; (bso#15093). * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users; (bso#13595). * Kerberos TGS-REQ with User2User does not work for normal accounts; (bso#15492). * vfs_gpfs stat calls fail due to file system permissions; (bso#15507). * Samba doesn't build with Python 3.12; (bso#15513). * Mon Oct 23 2023 David Mulder <dmulder@suse.com> - packaging: samba-tool domain provision requires python3-Markdown; (bsc#1216519). * Mon Oct 16 2023 Noel Power <nopower@suse.com> - Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477). * Thu Oct 12 2023 Noel Power <nopower@suse.com> - packaging: Remove /etc/slp.reg.d from samba spec file; (bsc#1216160) * Thu Oct 12 2023 Noel Power <nopower@suse.com> - use systemd-logind rather than utmp for y2038 safety; (bsc#1216159). * Tue Oct 10 2023 Noel Power <nopower@suse.com> - CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424). * Tue Sep 26 2023 Noel Power <nopower@suse.com> - Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true; (bso#15435). * Heimdal fails to build on 32-bit FreeBSD; (bso#15443). * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441). * Mon Aug 21 2023 Samuel Cabrero <scabrero@suse.de> - Update to 4.18.6 * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420); * Missing return in reply_exit_done(); (bso#15430); * post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself; (bso#15289); * Windows client join fails if a second container CN=System exists somewhere; (bso#9959); * Spotlight sometimes returns no results on latest macOS; (bso#15342); * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination; (bso#15417); * Spotlight results return wrong date in result list; (bso#15427); * "net offlinejoin provision" does not work as non-root user; (bso#15414); * rpcserver no longer accepts double backslash in dfs pathname; (bso#15400); * cm_prepare_connection() calls close(fd) for the second time; (bso#15433); * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346); * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441); * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446); * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390); * Regression DFS not working with widelinks = true; (bso#15435); * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449); * Tue Aug 08 2023 Samuel Cabrero <scabrero@suse.de> - Move libcluster-samba4.so from samba-libs to samba-client-libs; (bsc#1213940); * Wed Jul 19 2023 Noel Power <nopower@suse.com> - Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). * Thu Jul 06 2023 Noel Power <nopower@suse.com> - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390). * The winbind child segfaults when listing users with `winbind scan trusted domains = yes`; (bso#15398). * Remove comments about deprecated 'write cache size'; (bso#15383). * smbget memory leak if failed to download files recursively; (bso#15403). * Thu Jun 01 2023 Noel Power <nopower@suse.com> - Update to 4.18.3 * Symlinks to files can have random DOS mode information in a directory listing; (bso#15375). * vfs_fruit might cause a failing open for delete; (bso#15378). * winbind recurses into itself via rpcd_lsad; (bso#15361). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND; (bso#15362). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * Setting veto files = /.*/ break listing directories; (bso#15360). * "samba-tool domain provision" does not run interactive mode if no arguments are given; (bso#15363). * dsgetdcname: assumes local system uses IPv4; (bso#15325). - Update to 4.18.2 * Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * Flapping tests in samba_tool_drs_show_repl.py; (bso#15316). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Tests use depricated and removed methods like assertRegexpMatches; (bso#15343). * Wed Mar 29 2023 Noel Power <nopower@suse.com> - Update to 4.18.1 * CVE-2023-0225: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (bso#15276);(bsc#1209483). * CVE-2023-0614: Access controlled AD LDAP attributes can be discovered (bso#15270); (bsc#1209485). * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext(bso#15315);(bsc#1209481). * ldb wildcard matching makes excessive allocations; (bso#15331). * large_ldap test is inefficient; (bso#15332). * Fri Mar 17 2023 Samuel Cabrero <scabrero@suse.de> - Update to 4.18.0 * SMB server performance improvements * More succinct samba-tool error messages * Color output with samba-tool --color The NO_COLOR environment variable will disable colour output * New samba-tool dsacl subcommand for deleting ACEs * New wbinfo option --change-secret-at * Net option to change the NT ACL default location * Azure AD / Office365 synchronization improvements * Tue Feb 14 2023 Samuel Cabrero <scabrero@suse.de> - Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808); * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172); * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210); * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226); * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236); * DFS links don't work anymore on Mac clients since 4.17; (bso#15277); * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283); * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Shares missing from netshareenum response in samba 4.17.4; (bso#15266); * ctdb: use-after-free in run_proc; (bso#15269); * irpc_destructor may crash during shutdown; (bso#15280); * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286); * smbclient segfaults with use after free on an optimized build; (bso#15268); * smbstatus leaking files in msg.sock and msg.lock; (bso#15282); * Leak in wbcCtxPingDc2; (bso#15164); * Access based share enum does not work in Samba 4.16+; (bso#15265); * Crash during share enumeration; (bso#15267); * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271); * Avoid relying on C89 features in a few places; (bso#15281); - named crashes on DLZ zone update; (bso#14030); (bsc#1206996); - Drop libnsl build requirement; (bsc#1208220); * Mon Jan 23 2023 Noel Power <nopower@suse.com> - libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally. * Thu Jan 12 2023 Noel Power <nopower@suse.com> - Clean up logic for PAM migration settings in spec file. * Wed Jan 04 2023 Stefan Schubert <schubi@suse.com> - Migration of PAM settings to /usr/lib/pam.d. * Wed Dec 21 2022 Noel Power <nopower@suse.com> - Change with_dc default to 0 (for non TW builds). * Thu Dec 15 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); * Prevent EBADF errors with vfs_glusterfs; (bso#15198); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Stack smashing in net offlinejoin requestodj; (bso#15257); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); - Remove deprecated if-{down,up} scripts; (bsc#1206444); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists * Mon Dec 12 2022 Stefan Schubert <schubi@suse.com> - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Thu Dec 01 2022 David Mulder <dmulder@suse.com> - Introduce without-smb1-server spec flag; (bsc#1205104); * Tue Nov 15 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.17.3 * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203); * Tue Nov 08 2022 Ben Greiner <code@bnavigator.de> - Replace obsolete python-gpgme with python-gpg * Upstream replaced it in v4.9.5 -- bso#13728 * Tue Oct 25 2022 Noel Power <nopower@suse.com> - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). * Wed Oct 19 2022 Noel Power <nopower@suse.com> - Update to 4.17.1 * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Flush on a named stream never completes; (bso#15182). * Permission denied calling SMBC_getatr when file not exists; (bso#15195). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * pytest: add file removal helpers for TestCaseInTempDir; (bso#15191). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * Flush on a named stream never completes; (bso#15182). * vfs_gpfs silently garbles timestamps > year 2106; (bso#15151). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * multi-channel socket passing may hit a race if one of the involved processes already existed; (bso#15200). * memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others); (bso#15201). * Since popt1.19 various use after free errors using result of poptGetArg are now exposed; (bso#15205); (boo#1204279). * Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs; (bso#15192). * GETPWSID in memory cache grows indefinetly with each NTLM auth; (bso#15169). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689); * Fri Oct 14 2022 Noel Power <nopower@suse.com> - Fix use after free errors resulting from using return of poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205). * Mon Sep 26 2022 Noel Power <nopower@suse.com> - s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(); (bso#15174). * Mon Sep 26 2022 Noel Power <nopower@suse.com> - Disable SMB1 for tumbleweed builds. * Fri Sep 23 2022 Noel Power <nopower@suse.com> - Update to 4.17.0 * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Cross-node multi-channel reconnects result in SMB2 Negotiate returning NT_STATUS_NOT_SUPPORTED; (bso#15159). * winbind at info level debug can coredump when processing wb_lookupusergroups; (bso#15160). * Make use of glfs_*at() API calls in vfs_glusterfs; (bso#15157). * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128). * `net usershare add` fails with flag works with --long but fails with -l; (bso#15145). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Performance regression on contended path based operations; (bso#15125). * Missing READ_LEASE break could cause data corruption; (bso#15148). * libsamba-errors uses a wrong version number; (bso#15141). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * 4.17.rc1 still uses symlink-race prone unix_convert(); (bso#15144). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Manpage for smbstatus json is missing; (bso#15147). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Performance regression on contended path based operations; (bso#15125). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Fix issues found by coverity in smbstatus json code; (bso#15140). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Thu Sep 01 2022 Stefan Schubert <schubi@suse.com> - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Thu Jul 28 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.16.4 * CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords; (bsc#1201495); (bso#15047); * CVE-2022-32744: Samba AD users can forge password change requests for any user; (bsc#1201493); (bso#15074); * CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request; (bsc#1201492); (bso#15008); * CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request; (bsc#1201490); (bso#15009); * CVE-2022-32742: Server memory information leak via SMB1; (bsc#1201496); (bso#15085); * Tue Jul 19 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.16.3 * Using vfs_streams_xattr and deleting a file causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode; (bso#15095); * Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL; (bso#15105); * Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(); (bso#15118); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * Fix check for chown when processing NFSv4 ACL; (bso#15120); * The pcap background queue process should not be stopped; (bso#15082); * testparm: Fix typo in idmap rangesize check; (bso#15097); * net ads info returns LDAP server and LDAP server name as null; (bso#15106); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * CTDB child process logging does not work as expected; (bso#15090); * Tue Jul 12 2022 Samuel Cabrero <scabrero@suse.de> - Update spec file to fix the optional Heimdal DC build - Fix external trusts with MIT Kerberos 1.20 - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Add sysuser-shadow requirement for packages using systemd-sysusers - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); * Tue Jun 21 2022 Stefan Schubert <schubi@suse.de> - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. * Mon Jun 13 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.16.2 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * Reintroduce netgroups support; (bso#15087); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS; (bso#15062); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient -E doesn't work as advertised; (bso#15075); * The samba background daemon doesn't refresh the printcap cache on startup; (bso#15081); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7 - Support building with MIT Kerberos 1.20 - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC; (CVE-2020-17049); - Resource Based Constrained Delegation (RBCD) for Samba AD DC - Support building with gcc 12.1 * Wed May 11 2022 Samuel Cabrero <scabrero@suse.de> - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); * Tue May 03 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.16.1 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * KVNO off by 100000; (bso#14951); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Wed Apr 20 2022 Noel Power <nopower@suse.com> - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data. * Wed Apr 13 2022 Noel Power <nopower@suse.com> - Fix update-apparmor-samba-profile script, sed doesn't like multibyte separators; (bsc#1198309). * Thu Mar 24 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.16.0 * New samba-dcerpcd binary to provide DCERPC in the member server setup * Certificate Auto Enrollment * Ability to add ports to dns forwarder addresses in internal DNS backend * No longer using Linux mandatory locks for sharemodes * SMB1 protocol has been deprecated, particularly older dialects * SMB1 protocol SMBCopy command removed * SMB1 server-side wildcard expansion removed - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101); - Use systemd-sysusers to create system users; (bsc#1182847); * Tue Mar 15 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); * Mon Mar 07 2022 David Mulder <dmulder@suse.com> - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. * Fri Mar 04 2022 David Disseldorp <ddiss@suse.com> - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). * Wed Feb 23 2022 Noel Power <nopower@suse.com> - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). * Mon Feb 14 2022 David Mulder <dmulder@suse.com> - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). * Mon Feb 07 2022 David Mulder <dmulder@suse.com> - libldb version mismatch in Samba dsdb component; (bsc#1118508); * Mon Jan 31 2022 Noel Power <nopower@suse.com> - Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048). * Wed Jan 26 2022 Samuel Cabrero <scabrero@suse.de> - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); * Fri Jan 21 2022 Samuel Cabrero <scabrero@suse.de> - Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); * Tue Jan 18 2022 Dominique Leuenberger <dimstar@opensuse.org> - Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway). * Thu Jan 13 2022 Samuel Cabrero <scabrero@suse.de> - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba
/usr/lib/libnss_winbind.so.2 /usr/lib/security /usr/lib/security/pam_winbind.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Oct 22 22:37:11 2025