Hello community, here is the log from the commit of package samba for openSUSE:Factory checked in at 2019-06-27 15:52:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/samba (Old) and /work/SRC/openSUSE:Factory/.samba.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba" Thu Jun 27 15:52:59 2019 rev:249 rq:710952 version:4.10.5+git.105.2bd98587873 Changes: -------- --- /work/SRC/openSUSE:Factory/samba/samba.changes 2019-05-16 22:00:19.770768163 +0200 +++ /work/SRC/openSUSE:Factory/.samba.new.4615/samba.changes 2019-06-27 15:53:01.727902541 +0200 @@ -1,0 +2,70 @@ +Wed Jun 19 09:20:12 UTC 2019 - Noel Power <nopo...@suse.com> + +- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2; (bso#13922); (bsc#1137815). + + CVE-2019-12436 dsdb/paged_results: Ignore successful results + without messages; (bso#13951); (bsc#1137816). +- Update to samba-4.10.4 + + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + + py/provision: Fix for Python 2.6; (bso#13882). + + netcmd: Fix 'passwordsettings --max-pwd-age' command; + (bso#13873). + + s3-libnet_join: 'net ads join' to child domain fails when + using "-U admin@forestroot"; (bso#13861). + + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; + (bso#13896); (bsc#1130245). + + vfs_ceph: Fix cephwrap_flistxattr() debug message; + (bso#13940); (bsc#1134697). + + ctdb-common: Avoid race between fd and signal events; + (bso#13895). + + ctdb-common: Fix memory leak in run_proc; (bso#13943). + + lib: Initialize getline() arguments; (bso#13892). + + winbind: Fix overlapping id ranges; (bco#13903). + + lib util debug: Increase format buffer to 4KiB; (bso#13902). + + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + + s4 lib socket: Ensure address string owned by parent struct; + (bso#13929). + + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + + s3:smbd: Handle IO_REPARSE_TAG_DFS in + SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; + (bso#12845). + + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + + smb2_sesssetup: avoid STATUS_PENDING responses for session + setup; (bso#13796). + + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + + vfs_default: Fix vfswrap_offload_write_send() + NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + + smb2_server: Grant all 8192 credits to clients; (bso#13863). + + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; + (bso#13919). + + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + + s3: modules: ceph: Use current working directory instead of + share path; (bso#13918); (bsc#1134452). + + winbind: Use domain name from lsa query for sid_to_name cache + entry; (bso#13831). + + memcache: Increase size of default memcache to 512k; + (bso#13865). + + docs: Update smbclient manpage for "--max-protocol"; + (bso#13857). + + s3:utils: If share is NULL in smbcacls, don't print it; + (bso#13937). + + s3:smbspool: Fix regression printing with Kerberos credentials; + (bso#13939). + + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, + which is incompatible with systemd; (bso#13860). + + ctdb-daemon: Revert "We can not assume that just because we + could complete a TCP handshake"; (bso#13888). + + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + + ctdb-common: Fix memory leak; (bso#13943). + + s3:debug: Enable logging for early startup failures; + (bso#13904) + +- Update to samba-4.10.3 + + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum; (bso#13685); (bsc#1134024). + +------------------------------------------------------------------- @@ -95,0 +166,6 @@ +Tue Apr 2 08:38:28 UTC 2019 - npower <nopo...@suse.com> + +- CVE-2019-3880: Save registry file outside share as unprivileged + user; (bso#13851); (bsc#1131060 ). + +------------------------------------------------------------------- @@ -185,0 +262,8 @@ +Mon Feb 4 12:38:55 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit(); + (bso#13173); (bsc#1123755); +- s3:winbind: Fix regression introduced with bso #12851; + (bso#12851); (bsc#1123755); + +------------------------------------------------------------------- @@ -210,0 +295,6 @@ +Thu Dec 20 15:15:54 UTC 2018 - David Mulder <dmul...@suse.com> + +- s3:passdb: Do not return OK if we don't have pinfo set up; + (bsc#1099590); (bso#13376); + +------------------------------------------------------------------- @@ -246,0 +337,6 @@ +Thu Nov 8 17:53:14 UTC 2018 - Samuel Cabrero <scabr...@suse.de> + +- s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459); +- Use foreground execution mode for systemd samba daemons; (bsc#1112223); + +------------------------------------------------------------------- @@ -303,0 +400,7 @@ +Mon Oct 8 08:36:43 UTC 2018 - Samuel Cabrero <scabr...@suse.de> + +- Update to 4.6.16; (bsc#1110943); + + CVE-2018-10919: Fix unauthorized attribute access via searches; + (bso#13434); + +------------------------------------------------------------------- @@ -415,0 +519,8 @@ +Mon Aug 20 21:25:27 UTC 2018 - dd...@suse.com + +- Update to 4.6.15 + + Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230); + + Allow idmap_rid to have primary group other than "Domain Users"; + (bsc#1087931). + +------------------------------------------------------------------- @@ -468,0 +580,14 @@ +Wed Aug 1 14:57:51 UTC 2018 - scabr...@suse.de + +- CVE-2018-10858: Insufficient input validation on client directory + listing in libsmbclient; (bso#13453); (bsc#1103411); +- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid(); + (bso#12851); +- winbind: avoid using fstrcpy in _dual_init_connection; + (bso#13294); (bsc#1087303); +- Fix ntlm authentications with "winbind use default domain = yes"; + (bso#13126); (bsc#1068059); +- net: fix net ads keytab handling; (bso#13166); (bsc#1067700); +- fix vfs_ceph flock stub; (bso#13506). + +------------------------------------------------------------------- @@ -476,0 +602,39 @@ +Wed May 23 14:01:16 UTC 2018 - dd...@suse.com + +- Fix vfs_ceph with "aio read size" or "aio write size" > 0; + (bsc#1093664). + + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + + Fix memory leak in vfs_ceph; (bso#13424). + +- Update to 4.6.14 + + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; + (bso#13294). + + s3:smb2_server: correctly maintain request counters for compound + requests; (bso#13215). + + s3: smbd: Unix extensions attempts to change wrong field in fchown + call; (bso#13375). + + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; + (bso#13297). + + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't + support fdopendir(); (bso#13270). + + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we + don't own it here; (bso#13244). + + s3:libsmb: allow -U"\\administrator" to work; (bso#13206). + + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; + (bso#13272); (bsc#1081024). + + s3:smbd: Do not crash if we fail to init the session table; + (bso#13315). + + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + + smbXcli: Add "force_channel_sequence"; (bso#13215). + + smbd: Fix channel sequence number checks for long-running requests; + (bso#13215). + + s3:smb2_server: allow logoff, close, unlock, cancel and echo on + expired sessions; (bso#13197). + + s3:smbd: return the correct error for cancelled SMB2 notifies on + expired sessions; (bso#13197). + + samba: Only use async signal-safe functions in signal handler; + (bso#13240). + + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). + +------------------------------------------------------------------- @@ -624,0 +789,30 @@ +Wed Mar 7 11:54:50 UTC 2018 - jmcdono...@suse.com + +- CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; + (bso#11343); (bsc#1081741); + +------------------------------------------------------------------- +Tue Mar 6 23:36:51 UTC 2018 - dd...@suse.com + +- Update to 4.6.13; (bsc#1084191) + + ceph_statx configure time check doesn't work with a non-default + --with-libcephfs path; (bso#13250). + - follow up fix for libceph-common detection; (bso#13277). + + Fail to copy file with empty FinderInfo from Windows client to Samba + share with fruit; (bso#13181). + + vfs_ceph uses a local statvfs() call to determine FS capabilities; + (bso#13208). + + smbd tries to release not leased oplock during oplock II downgrade; + (bso#13193). + + smbd panic when chdir returns error during exit; (bso#13189). + + ctdb_recovery_helper crashes if recovery process times out; (bso#13188). + + POSIX ACL support is broken on hpux and possibly other big-endian OSs; + (bso#13176). + + Kerberos: PKINIT: Can't decode algorithm parameters in + clientPublicValue; (bso#12986). ++++ 98 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/samba/samba.changes ++++ and /work/SRC/openSUSE:Factory/.samba.new.4615/samba.changes Old: ---- samba-4.10.2+git.94.31fb5e37171.tar.bz2 New: ---- samba-4.10.5+git.105.2bd98587873.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.f4q2kq/_old 2019-06-27 15:53:02.831904310 +0200 +++ /var/tmp/diff_new_pack.f4q2kq/_new 2019-06-27 15:53:02.835904316 +0200 @@ -170,7 +170,7 @@ %else %define build_make_smp_mflags %{?jobs:-j%jobs} %endif -Version: 4.10.2+git.94.31fb5e37171 +Version: 4.10.5+git.105.2bd98587873 Release: 0 Url: https://www.samba.org/ Obsoletes: samba-32bit < %{version} ++++++ samba-4.10.2+git.94.31fb5e37171.tar.bz2 -> samba-4.10.5+git.105.2bd98587873.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/samba/samba-4.10.2+git.94.31fb5e37171.tar.bz2 /work/SRC/openSUSE:Factory/.samba.new.4615/samba-4.10.5+git.105.2bd98587873.tar.bz2 differ: char 11, line 1