commit samba for openSUSE:Factory

Fri, 12 Nov 2021 07:00:28 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package samba for openSUSE:Factory checked 
in at 2021-11-12 15:59:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/samba (Old)
 and      /work/SRC/openSUSE:Factory/.samba.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "samba"

Fri Nov 12 15:59:16 2021 rev:274 rq:930760 version:4.15.2+git.193.a4d6307f1fd

Changes:
--------
--- /work/SRC/openSUSE:Factory/samba/samba.changes      2021-10-08 
22:05:14.964579979 +0200
+++ /work/SRC/openSUSE:Factory/.samba.new.1890/samba.changes    2021-11-12 
15:59:58.574584686 +0100
@@ -1,0 +2,56 @@
+Wed Nov 10 10:26:01 UTC 2021 - Samuel Cabrero <scabr...@suse.de>
+
+- Fix regression introduced by CVE-2020-25717 patches, winbindd
+  does not start when 'allow trusted domains' is off; (bso#14899);
+
+- Update to 4.15.2
+  * CVE-2016-2124:  SMB1 client connections can be downgraded to
+    plaintext authentication; (bso#12444); (bsc#1014440);
+  * CVE-2020-25717: A user on the domain can become root on domain
+    members; (bso#14556); (bsc#1192284);
+  * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
+    tickets issued by an RODC; (bso#14558); (bsc#1192246);
+  * CVE-2020-25719: Samba AD DC did not always rely on the SID and
+    PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
+  * CVE-2020-25721: Kerberos acceptors need easy access to stable
+    AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
+  * CVE-2020-25722: Samba AD DC did not do suffienct access and
+    conformance checking of data stored; (bso#14564);
+    (bsc#1192283);
+  * CVE-2021-3738: Use after free in Samba AD DC RPC server;
+    (bso#14468); (bsc#1192215);
+  * CVE-2021-23192: Subsequent DCE/RPC fragment injection
+    vulnerability; (bso#14875); (bsc#1192214);
+
+- Update to 4.15.1
+ * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
+ * Log clutter from filename_convert_internal; (bso#14685);
+ * MacOSX compilation fixes; (bso#14862);
+ * rodc_rwdc test flaps; (bso#14868);
+ * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
+   bit' S4U2Proxy Constrained Delegation bypass in Samba with
+   embedded Heimdal; (bso#14642);
+ * Python ldb.msg_diff() memory handling failure; (bso#14836);
+ * "in" operator on ldb.Message is case sensitive; (bso#14845);
+ * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
+ * samldb_krbtgtnumber_available() looks for incorrect string;
+   (bso#14854);
+ * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
+ * Allow special chars like "@" in samAccountName when generating
+   the salt; (bso#14874);
+ * Correctly ignore comments in CTDB public addresses file;
+   (bso#14826);
+ * Fix transit path validation; (bso#12998);
+ * Fix that child winbindd logs to log.winbindd instead of
+   log.wb-<DOMAIN>; (bso#14852);
+ * SMB3 cancel requests should only include the MID together with
+   AsyncID when AES-128-GMAC is used; (bso#14855);
+ * Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
+ * Heimdal prefers RC4 over AES for machine accounts; (bso#14864);
+
+-------------------------------------------------------------------
+Wed Oct 13 17:07:47 UTC 2021 - David Mulder <dmul...@suse.com>
+
+- Enable samba-tool without ad dc.
+
+-------------------------------------------------------------------

Old:
----
  samba-4.15.0+git.185.378416e547c.tar.bz2

New:
----
  samba-4.15.2+git.193.a4d6307f1fd.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.UyI4GL/_old  2021-11-12 15:59:59.310585027 +0100
+++ /var/tmp/diff_new_pack.UyI4GL/_new  2021-11-12 15:59:59.310585027 +0100
@@ -53,7 +53,7 @@
 %define talloc_version 2.3.3
 %define tevent_version 0.11.0
 %define tdb_version    1.4.4
-%define ldb_version    2.4.0
+%define ldb_version    2.4.1
 
 # This table represents the possible combinations of build macros.
 # They are defined only if not already defined in the build service
@@ -184,7 +184,7 @@
 %else
 %define        build_make_smp_mflags %{?jobs:-j%jobs}
 %endif
-Version:        4.15.0+git.185.378416e547c
+Version:        4.15.2+git.193.a4d6307f1fd
 Release:        0
 URL:            https://www.samba.org/
 Obsoletes:      samba-32bit < %{version}
@@ -873,6 +873,18 @@
 distributed file system. A Ceph CTDB lock helper binary is included so
 that RADOS locks can be used for CTDB split-brain avoidance.
 
+
+%package -n samba-tool
+Summary:        Main Samba administration tool
+License:        GPL-3.0-or-later
+Group:          Productivity/Networking/Samba
+Requires:       samba = %{version}
+Requires:       samba-python3 = %{version}
+Requires:       samba-ldb-ldap = %{version}
+
+%description -n samba-tool
+The package contains samba-tool, the main tool for Samba Administration.
+
 %package ad-dc
 Summary:        Samba Active Directory-compatible Domain Controller
 License:        GPL-3.0-or-later
@@ -883,6 +895,7 @@
 Recommends:     krb5-server >= 1.15.1
 %endif
 Requires:       samba-python3 = %{version}
+Requires:       samba-tool = %{version}
 Recommends:     samba-winbind = %{version}
 Recommends:     tdb-tools >= %{tdb_version}
 Provides:       samba-kdc = %{version}
@@ -1067,10 +1080,7 @@
 # debug symbols are created and installed if the files are excluded only
 %if ! %{with_dc}
 rm \
-       %{buildroot}/%{_libdir}/samba/ldb/ildap.so \
-       %{buildroot}/%{_libdir}/samba/ldb/ldbsamba_extensions.so \
        %{buildroot}/%{_mandir}/man8/samba.8* \
-       %{buildroot}/%{_mandir}/man8/samba-tool.8* \
        %{buildroot}/%{_mandir}/man8/samba_downgrade_db.8* \
        %{buildroot}/%{_unitdir}/samba-ad-dc.service
 %endif
@@ -1859,8 +1869,8 @@
 %if %{with_dc}
 %{_libdir}/samba/libdb-glue-samba4.so
 %{_libdir}/samba/libdfs-server-ad-samba4.so
-%{_libdir}/samba/libdnsserver-common-samba4.so
 %endif
+%{_libdir}/samba/libdnsserver-common-samba4.so
 %{_libdir}/samba/libdsdb-module-samba4.so
 %if %{with_dc}
 %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
@@ -2403,11 +2413,14 @@
 %{_libdir}/ctdb/ctdb_mutex_ceph_rados_helper
 %endif
 
+%files -n samba-tool
+%{_bindir}/samba-tool
+%{_mandir}/man8/samba-tool.8.*
+
 %if %{with_dc}
 %files ad-dc
 %{_fillupdir}/sysconfig.samba-ad-dc
 %{_unitdir}/samba-ad-dc.service
-%{_bindir}/samba-tool
 %{_sbindir}/samba
 %{_sbindir}/samba_dnsupdate
 %{_sbindir}/samba_kcc
@@ -2518,14 +2531,15 @@
 %{_datadir}/samba/admx/en-US
 %{_datadir}/samba/admx/en-US/samba.adml
 %{_mandir}/man8/samba.8.*
-%{_mandir}/man8/samba-tool.8.*
 %{_mandir}/man8/samba_downgrade_db.8.*
+%endif
 
 %files ldb-ldap
 %defattr(-,root,root)
 %{_libdir}/samba/ldb/ildap.so
 %{_libdir}/samba/ldb/ldbsamba_extensions.so
 
+%if %{with_dc}
 %files dsdb-modules
 %defattr(-,root,root)
 %{_libdir}/samba/ldb/acl.so

++++++ samba-4.15.0+git.185.378416e547c.tar.bz2 -> 
samba-4.15.2+git.193.a4d6307f1fd.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/samba/samba-4.15.0+git.185.378416e547c.tar.bz2 
/work/SRC/openSUSE:Factory/.samba.new.1890/samba-4.15.2+git.193.a4d6307f1fd.tar.bz2
 differ: char 11, line 1

Reply via email to