Hello community, here is the log from the commit of package samba.11851 for openSUSE:Leap:15.1:Update checked in at 2020-01-29 00:11:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/samba.11851 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.samba.11851.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba.11851" Wed Jan 29 00:11:31 2020 rev:1 rq:766691 version:4.9.5+git.243.e76c5cb3d97 Changes: -------- New Changes file: --- /dev/null 2019-12-19 10:12:34.003146842 +0100 +++ /work/SRC/openSUSE:Leap:15.1:Update/.samba.11851.new.26092/samba.changes 2020-01-29 00:11:32.186034194 +0100 @@ -0,0 +1,12022 @@ +------------------------------------------------------------------- +Tue Jan 14 09:38:31 UTC 2020 - Noel Power <[email protected]> + +- CVE-2019-14902: Replication of ACLs down subtree on AD Directory + is not automatic; (bso#12497); (bsc#1160850). +- CVE-2019-19344: Fix server crash with dns zone scavenging = yes; + (bso#14050); (bsc#1160852). +- CVE-2019-14907: server-side crash after charset conversion failure + (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). + +------------------------------------------------------------------- +Fri Dec 20 17:59:01 UTC 2019 - David Disseldorp <[email protected]> + +- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320). + +------------------------------------------------------------------- +Mon Dec 2 09:23:52 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14861: DNSServer RPC server crash, an authenticated user + can crash the DCE/RPC DNS management server by creating records + with matching the zone name; (bso#14138); (bsc#1158108). +- CVE-2019-14870: DelegationNotAllowed not being enforced, the + DelegationNotAllowed Kerberos feature restriction was not being + applied when processing protocol transition requests (S4U2Self), + in the AD DC KDC; (bso#14187); (bsc#1158109). + +------------------------------------------------------------------- +Tue Oct 22 08:59:17 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14847: User with "get changes" permission can + crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); +- CVE-2019-10218: Client code can return filenames containing path + separators; (bso#14071); (bsc#1144902); + +------------------------------------------------------------------- +Fri Oct 18 10:25:13 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14833: samba: Accent with "check script password" + Samba AD DC check password script does not receive the full + password; (bso#12438); (bsc#1154289). + +------------------------------------------------------------------- +Thu Sep 26 11:36:42 UTC 2019 - Noel Power <[email protected]> + +- Fix broken username/password authentication with CUPS and + smbspool; (bsc#1152143); (bso#14128). + +------------------------------------------------------------------- +Tue Sep 3 13:45:26 UTC 2019 - Noel Power <[email protected]> + +- Fix auth problems when printing via smbspool backend with kerberos; + (bnc#1148539); (bso#13832). + +------------------------------------------------------------------- +Fri Aug 23 18:33:23 UTC 2019 - James McDonough <[email protected]> + +- CVE-2019-10197: user escape from share path definition; + (bso#14035); (bsc#1141267). + +------------------------------------------------------------------- +Wed Aug 7 13:03:55 UTC 2019 - npower <[email protected]> + +- Prepare for use future use of kernel keyrings, modify + /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). + +------------------------------------------------------------------- +Thu Jun 13 10:43:03 UTC 2019 - npower <[email protected]> + +- CVE-2019-12435: zone operations can crash rpc server; + (bso#13922); (bsc#1137815). + +------------------------------------------------------------------- +Tue May 14 14:22:11 UTC 2019 - David Disseldorp <[email protected]> + +- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). +- Add ceph_snapshots VFS module; (jsc#SES-183). + +------------------------------------------------------------------- +Wed May 8 12:42:31 UTC 2019 - David Disseldorp <[email protected]> + +- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). + +------------------------------------------------------------------- +Wed Apr 17 09:28:46 UTC 2019 - npower <[email protected]> + +- MacOS credit accounting breaks with async SESSION SETUP; + (bsc#1125601); (bso#13796). +- Mac OS X SMB2 implmenetation sees Input/output error or Resource + temporarily unavailable and drops connection; (bso#13698) + +------------------------------------------------------------------- +Sun Apr 14 22:31:32 UTC 2019 - David Disseldorp <[email protected]> + +- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + +------------------------------------------------------------------- +Tue Apr 2 08:38:28 UTC 2019 - npower <[email protected]> + +- CVE-2019-3880: Save registry file outside share as unprivileged + user; (bso#13851); (bsc#1131060 ). + +------------------------------------------------------------------- +Wed Mar 27 19:09:13 UTC 2019 - David Mulder <[email protected]> + +- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); + (bso#13834); (bsc#1130703); + +------------------------------------------------------------------- +Wed Mar 27 18:47:07 UTC 2019 - David Mulder <[email protected]> + +- Update to samba-4.9.5 + + audit_logging: Remove debug log header and JSON Authentication: + prefix; (bso#13714); + + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# + CID: 1433607; (bso#11495); + + smbd: uid: Don't crash if 'force group' is added to an existing + share connection; (bso#13690); + + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code; (bso#13770); + + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + + s3:utils/smbget fix recursive download with empty source + directories; (bso#13199); + + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + + s3:libsmb: cli_smb2_list() can sometimes fail initially on a + connection; (bso#13736); + + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + + ldb: Avoid inefficient one-level searches; (bso#13762); + + s3: libsmb: use smb2cli_conn_max_trans_size() in + cli_smb2_list(); (bso#13736); + + tldap: Avoid use after free errors; (bso#13776); + + Fix idmap xid2sid cache churn; (bso#13802); + + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + + s3-smbd: Avoid assuming fsp is always intact after close_file + call; (bso#13720); + + s3-vfs-fruit: Add close call; (bso#13725); + + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) + ftruncate and fallocate; (bso#13807); + + lib/audit_logging: Actually create talloc; (bso#13737); + + netcmd/user: python[3]-gpgme unsupported and replaced by + python[3]-gpg; (bso#13728); + + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + + sambaundoguididx: Use the right escaped oder unescaped sam ldb + files; (bso#13759); + + ctdb: Print locks latency in machinereadable stats; (bso#13742); + + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + + audit_logging: auth_json_audit required auth_json; (bso#13715); + + man pages: Document prefork process model; (bso#13765); + + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + + s3:auth: ignore create_builtin_guests() failing without a valid + idmap configuration; (bso#13697); + + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC + without trusts; (bso#13722); + + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd + is not available; (bso#13723); + + s4:server: Add support for 'smbcontrol samba shutdown' and + 'smbcontrol <pid> debug/debuglevel'; (bso#13752); + + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + + notifyd: Fix SIGBUS on sparc; (bso#13704); + + waf: Check for libnscd; (bso#13787); + + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + + Recovery lock bug fixes; (bso#13800); + + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744); + +------------------------------------------------------------------- +Mon Mar 4 12:42:36 UTC 2019 - David Disseldorp <[email protected]> + +- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). + +------------------------------------------------------------------- +Fri Feb 22 11:58:53 UTC 2019 - Samuel Cabrero <[email protected]> + +- Fix update-apparmor-samba-profile script after apparmor switched + to using named profiles. The change is backwards compatible; + (bsc#1126377); + +------------------------------------------------------------------- +Thu Feb 7 16:13:15 UTC 2019 - David Mulder <[email protected]> + +- LoadParm().load_default() fails with "Unable to load default file"; + (bsc#1089758); + +------------------------------------------------------------------- +Thu Feb 7 00:27:42 UTC 2019 - [email protected] + +- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); + ++++ 11825 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.samba.11851.new.26092/samba.changes New: ---- _service baselibs.conf samba-4.9.5+git.243.e76c5cb3d97.tar.bz2 samba-client-rpmlintrc samba.changes samba.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba.spec ++++++ ++++ 2749 lines (skipped) ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">https://gitlab.suse.de/samba/suse-samba.git/</param> <param name="scm">git</param> <param name="revision">SLE15-SP1-EMBARGOED-2020-01-21</param> <param name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">samba(.*)</param> <param name="versionrewrite-replacement">\1</param> <param name="filename">samba</param> <param name="exclude">.git</param> </service> <service name="extract_file" mode="disabled"> <param name="archive">samba*.tar</param> <param name="files">samba-*/packaging/SuSE/samba.changes</param> <param name="files">samba-*/packaging/SuSE/baselibs.conf</param> <param name="files">samba-*/packaging/SuSE/samba-client-rpmlintrc</param> <param name="files">samba-*/packaging/SuSE/samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.changes</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">bz2</param> </service> </services> ++++++ baselibs.conf ++++++ libdcerpc0 libdcerpc-binding0 libdcerpc-samr0 libndr0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 obsoletes "libpdb0-<targettype> < <version>" libsamba-policy0-python3 libsamba-policy0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-winbind supplements "packageand(samba-winbind:pam-<targettype>)" supplements "packageand(samba-winbind:glibc-<targettype>)" -/usr/lib/samba samba-client supplements "packageand(samba-client:glibc-<targettype>)" -/usr/lib/samba samba-libs samba-libs-python3 samba-libs-python samba-ad-dc ++++++ samba-client-rpmlintrc ++++++ addFilter("shlib-policy-name-error")
