Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package samba.16181 for
openSUSE:Leap:15.2:Update checked in at 2021-04-30 21:22:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/samba.16181 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.samba.16181.new.1947 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba.16181"
Fri Apr 30 21:22:55 2021 rev:1 rq:889391 version:4.11.14+git.247.8c858f7ee14
Changes:
--------
New Changes file:
--- /dev/null 2021-04-29 10:03:23.520854754 +0200
+++ /work/SRC/openSUSE:Leap:15.2:Update/.samba.16181.new.1947/samba.changes
2021-04-30 21:22:56.849905050 +0200
@@ -0,0 +1,12654 @@
+-------------------------------------------------------------------
+Wed Apr 14 07:50:42 UTC 2021 - Noel Power <nopo...@suse.com>
+
+- CVE-2021-20254 Buffer overrun in sids_to_unixids();
+ (bnc#14571); (bsc#1184677).
+
+-------------------------------------------------------------------
+Fri Mar 26 16:43:17 UTC 2021 - David Mulder <dmul...@suse.com>
+
+- s3-libads: use dns name to open a ldap session; (bso#13124);
+ (bsc#1184310).
+
+-------------------------------------------------------------------
+Tue Mar 16 11:23:18 UTC 2021 - Noel Power <nopo...@suse.com>
+
+- CVE-2020-27840: samba: Unauthenticated remote heap corruption
+ via bad DNs; (bso#14595); (bsc#1183572).
+- CVE-2021-20277: samba: out of bounds read in ldb_handler_fold;
+ (bso#14655); (bsc#1183574).
+
+-------------------------------------------------------------------
+Thu Feb 4 14:49:08 UTC 2021 - Noel Power <nopo...@suse.com>
+
+- Avoid free'ing our own pointer in memcache when memcache_trim
+ attempts to reduce cache size; (bso#14625); (bnc#1179156).
+
+-------------------------------------------------------------------
+Thu Nov 5 12:23:49 UTC 2020 - Noel Power <nopo...@suse.com>
+
+- Adjust smbcacls '--propagate-inheritance' feature to align with
+ upstream; (bsc#1178469).
+
+-------------------------------------------------------------------
+Tue Oct 13 09:16:35 UTC 2020 - Samuel Cabrero <scabr...@suse.de>
+
+- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
+ easily crafted records; (bsc#1177613); (bso#14472);
+- CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
+ (bso#14436);
+- CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
+ (bsc#1173902); (bso#14434);
+- Update to samba 4.11.14
+ + lib/util: Do not install /usr/bin/test_util; (bso#14166);
+ + smbd: don't log success as error; (bso#14490);
+ + idmap_ad does not deal properly with a RFC4511 section 4.4.1 response;
+ (bso#14465);
+ + winbind: Fix a memleak; (bso#14388);
+ + idmap_ad: Pass tldap debug messages on to DEBUG(); (bso#14465);
+ + lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to
+ REPLACE_HOSTCC_SOURCE; (bso#14482);
+ + ctdb disable/enable can fail due to race condition; (bso#14466);
+
+-------------------------------------------------------------------
+Fri Sep 18 13:31:42 UTC 2020 - Samuel Cabrero <scabr...@suse.de>
+
+- Update to samba 4.11.13
+ + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
+ netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
+ (bso#14497);
+ + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
+ "server require schannel:WORKSTATION$ = no" about unsecure configurations;
+ (bsc#1176579); (bso#14497);
+ + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
+ challenge; (bsc#1176579); (bso#14497);
+ + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
+ netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
+ (bsc#1176579); (bso#14497);
+
+- Update to samba 4.11.12
+ + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);
+ + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work
+ on RHEL7; (bso#14424);
+ + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);
+ + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL;
+ (bso#14426);
+ + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ + lib/util: do not install "test_util_paths"; (bso#14370);
+ + lib:util: Fix smbclient -l basename dir; (bso#14345);
+ + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ + util: Allow symlinks in directory_create_or_exist; (bso#14166);
+ + docs: Fix documentation for require_membership_of of pam_winbind;
+ (bso#14358);
+ + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal;
+ (bso#14425);
+
+-------------------------------------------------------------------
+Mon Jul 27 08:42:02 UTC 2020 - Samuel Cabrero <scabr...@suse.de>
+
+- Add obsoletes to libsmbldap2 package to fix upgrades from previous
+ versions; (bsc#1172810);
+
+-------------------------------------------------------------------
+Tue Jul 14 14:54:31 UTC 2020 - David Mulder <dmul...@suse.com>
+
+- Fix net command unable to negotiate SMB2; (bsc#1174120);
+
+-------------------------------------------------------------------
+Thu Jul 2 13:36:36 UTC 2020 - Noel Power <nopo...@suse.com>
+
+- Update to samba 4.11.11
+ + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined; (bso#14364); (bsc#1173159]
+ + CVE-2020-10745: invalid DNS or NBT queries containing dots use
+ several seconds of CPU each; (bso#14378); (bsc#1173160).
+ + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ + CVE-2020-14303: Endless loop from empty UDP packet sent to
+ AD DC nbt_server; (bso#14417); (bsc#1173359).
+
+- Update to samba 4.11.10
+ + Fix segfault when using SMBC_opendir_ctx() routine for share
+ folder that contains incorrect symbols in any file name;
+ (bso#14374).
+ + vfs_shadow_copy2 doesn't fail case looking in
+ snapdirseverywhere mode; (bso#14350)
+ + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
+ (bso#14413).
+ + Malicous SMB1 server can crash libsmbclient; (bso#14366)
+ + winbindd: Fix a use-after-free when winbind clients exit;
+ (bso#14382)
+ + ldb: Bump version to 2.0.11, LMDB databases can grow without
+ bounds. (bso#14330)
+
+- Update to samba 4.11.9
+ + nmblib: Avoid undefined behaviour in handle_name_ptrs();
+ (bso#14242).
+ + 'samba-tool group' commands do not handle group names with
+ special chars correctly; (bso#14296).
+ + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo
+ is not valid; (bso#14237).
+ + Missing check for DMAPI offline status in async DOS
+ attributes; (bso#14293).
+ + smbd: Ignore set NTACL requests which contain
+ S-1-5-88 NFS ACEs; (bso#14307).
+ + vfs_recycle: Prevent flooding the log if we're called on
+ non-existant paths; (bso#14316)
+ + smbd mistakenly updates a file's write-time on close;
+ (bso#14320).
+ + RPC handles cannot be differentiated in source3 RPC server;
+ (bso#14359).
+ + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
+ + nsswitch: Fix use-after-free causing segfault in
+ _pam_delete_cred; (bso#14327).
+ + Fix fruit:time machine max size on arm; (bso#13622)
+ + CTDB recovery corner cases can cause record resurrection
+ and node banning; (bso#14294).
+ + ctdb: Fix a memleak; (bso#14348).
+ + libsmb: Don't try to find posix stat info in SMBC_getatr().
+ + ctdb-tcp: Move free of inbound queue to TCP restart;
+ (bso#14295); (bsc#1162680).
+ + s3/librpc/crypto: Fix double free with unresolved
+ credential cache; (bso#14344); (bsc#1169095)
+ + s3:libads: Fix ads_get_upn(); (bso#14336).
+ + CTDB recovery corner cases can cause record resurrection
+ and node banning; (bso#14294)
+ + Starting ctdb node that was powered off hard before
+ results in recovery loop; (bso#14295); (bsc#1162680).
+ + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
+ (bso#14324)
+- Update to samba 4.11.8
+ + CVE-2020-10700: Use-after-free in Samba AD DC LDAP
+ Server with ASQ; (bso#14331); (bsc#1169850);
+ + CVE-2020-10704: LDAP Denial of Service (stack overflow)
+ in Samba AD DC; (bso#14334); (bsc#1169851);
+- Update to samba 4.11.7
+ + s3: lib: nmblib. Clean up and harden nmb packet
+ processing; (bso#14239).
+ + s3: VFS: full_audit. Use system session_info if called
+ from a temporary share definition; (bso#14283)
+ + dsdb: Correctly handle memory in objectclass_attrs;
+ (bso#14258).
+ + ldb: version 2.0.9, Samba 4.11 and later give incorrect
+ results for SCOPE_ONE searches; (bso#14270)
+ + auth: Fix CIDs 1458418 and 1458420 Null pointer
+ dereferences; (bso#14247).
+ + smbd: Handle EINTR from open(2) properly; (bso#14285)
+ + winbind member (source3) fails local SAM auth with empty
+ domain name; (bso#14247)
+ + winbindd: Handling missing idmap in getgrgid(); (bso#14265).
+ + lib:util: Log mkdir error on correct debug levels;
+ (bso#14253).
+ + wafsamba: Do not use 'rU' as the 'U' is deprecated in
+ Python 3.9; (bso#14266).
+ + ctdb-tcp: Make error handling for outbound connection
+ consistent; (bso#14274).
+- Update to samba 4.11.6
+ + pygpo: Use correct method flags; (bso#14209).
+ + vfs_ceph_snapshots: Fix root relative path handling;
+ (bso#14216); (bsc#1141320).
+ + Avoiding bad call flags with python 3.8, using METH_NOARGS
+ instead of zero; (bso#14209).
+ + source4/utils/oLschema2ldif: Include stdint.h before
+ cmocka.h; (bso#14218).
+ + docs-xml/winbindnssinfo: Clarify interaction with
+ idmap_ad etc; (bso#14122).
+ + smbd: Fix the build with clang; (bso#14251).
+ + upgradedns: Ensure lmdb lock files linked; (bso#14199).
++++ 12457 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:Leap:15.2:Update/.samba.16181.new.1947/samba.changes
New:
----
_service
baselibs.conf
samba-4.11.14+git.247.8c858f7ee14.tar.bz2
samba-client-rpmlintrc
samba.changes
samba.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba.spec ++++++
++++ 2635 lines (skipped)
++++++ _service ++++++
<services>
<service name="tar_scm" mode="disabled">
<param
name="url">https://gitlab.suse.de/samba/suse-samba.git/</param>
<param name="scm">git</param>
<param name="revision">SLE15-SP2-EMBARGOED-2021-04-29</param>
<param
name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">samba(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="filename">samba</param>
<param name="exclude">.git</param>
</service>
<service name="extract_file" mode="disabled">
<param name="archive">samba*.tar</param>
<param name="files">samba-*/packaging/SuSE/samba.changes</param>
<param name="files">samba-*/packaging/SuSE/baselibs.conf</param>
<param
name="files">samba-*/packaging/SuSE/samba-client-rpmlintrc</param>
<param name="files">samba-*/packaging/SuSE/samba.spec</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">samba</param>
<param name="regex">^samba-([^/]+)</param>
<param name="file">samba.spec</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">samba</param>
<param name="regex">^samba-([^/]+)</param>
<param name="file">samba.changes</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">bz2</param>
</service>
</services>
++++++ baselibs.conf ++++++
libdcerpc0
libdcerpc-binding0
libdcerpc-samr0
libndr0
libndr-krb5pac0
libndr-nbt0
libndr-standard0
libnetapi0
libnetapi-devel
requires "libnetapi0-<targettype> = %version"
libsamba-credentials0
libsamba-errors0
libsamba-hostconfig0
libsamba-passdb0
obsoletes "libpdb0-<targettype> < <version>"
libsamba-policy0-python3
libsamba-util0
libsamdb0
libsmbclient0
libsmbconf0
libsmbldap2
libtevent-util0
libwbclient0
samba-winbind
supplements "packageand(samba-winbind:pam-<targettype>)"
supplements "packageand(samba-winbind:glibc-<targettype>)"
-/usr/lib/samba
samba-client
supplements "packageand(samba-client:glibc-<targettype>)"
-/usr/lib/samba
samba-libs
samba-libs-python3
samba-ad-dc
++++++ samba-client-rpmlintrc ++++++
addFilter("shlib-policy-name-error")
