Hello community, here is the log from the commit of package samba.13796 for openSUSE:Leap:15.1:Update checked in at 2020-08-30 16:20:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/samba.13796 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.samba.13796.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba.13796" Sun Aug 30 16:20:57 2020 rev:1 rq:829986 version:4.9.5+git.350.020abd898fa Changes: -------- New Changes file: --- /dev/null 2020-08-06 00:20:10.149648038 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.samba.13796.new.3399/samba.changes 2020-08-30 16:20:57.753670759 +0200 @@ -0,0 +1,12103 @@ +------------------------------------------------------------------- +Mon Jul 27 08:39:19 UTC 2020 - Samuel Cabrero <[email protected]> + +- Add obsoletes to libsmbldap2 package to fix upgrades from previous + versions; (bsc#1172810); + +------------------------------------------------------------------- +Tue Jul 14 14:54:31 UTC 2020 - David Mulder <[email protected]> + +- Fix net command unable to negotiate SMB2; (bsc#1174120); + +------------------------------------------------------------------- +Thu Jun 25 07:21:46 UTC 2020 - Noel Power <[email protected]> + +- CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC + nbt_server; (bso#14417); (bsc#1173359). + +------------------------------------------------------------------- +Mon Jun 22 10:16:03 UTC 2020 - Noel Power <[email protected]> + +- CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ + and VLV combined; (bso#14364); (bsc#1173159]. +- CVE-2020-10745: invalid DNS or NBT queries containing dots use + several seconds of CPU each; (bso#14378); (bsc#1173160). +- CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server + with paged_result or VLV; (bso#14402); (bsc#1173161). + +------------------------------------------------------------------- +Mon Jun 1 10:01:40 UTC 2020 - Samuel Cabrero <[email protected]> + +- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); + +------------------------------------------------------------------- +Thu May 14 14:59:30 UTC 2020 - Samuel Cabrero <[email protected]> + +- Installing: samba - samba-ad-dc.service does not exist and unit + not found; (bsc#1171437); + +------------------------------------------------------------------- +Wed Apr 22 09:30:52 UTC 2020 - Noel Power <[email protected]> + +- CVE-2020-10704: samba: Stack overflow in AD DC (C)LDAP server; + (bso#14334); (bsc#1169851). + +------------------------------------------------------------------- +Tue Apr 14 18:48:31 UTC 2020 - David Mulder <[email protected]> + +- Fix spnego fallback from kerberos to ntlmssp in smbd server; + (bso#14106); (bsc#1169473); + +------------------------------------------------------------------- +Fri Mar 20 10:46:51 UTC 2020 - Noel Power <[email protected]> + +- Fix CLI tools still printing "Unable to initialize messaging + context" messages; (bso#13925); (bsc#1167070). +- Do print mkdir failure message on error debug level when + initializing messaging; (bso#13823); (bsc#1167070). + +------------------------------------------------------------------- +Thu Mar 19 11:07:30 UTC 2020 - Samuel Cabrero <[email protected]> + +- Fix domain join when the machine account does not exists; + (bso#14007); (bsc#1161389); + +------------------------------------------------------------------- +Fri Feb 28 15:20:15 UTC 2020 - Samuel Cabrero <[email protected]> + +- Fix pam_winbind with krb5_auth or wbinfo -K for users of trusted + domains/forests; (bso#14124); (bsc#1160490); + +------------------------------------------------------------------- +Mon Jan 27 08:29:56 UTC 2020 - Samuel Cabrero <[email protected]> + +- Prefer principal over DOMAIN/username for NTLM; (bso#13861); + (bsc#1143499); + +------------------------------------------------------------------- +Tue Jan 14 09:38:31 UTC 2020 - Noel Power <[email protected]> + +- CVE-2019-14902: Replication of ACLs down subtree on AD Directory + is not automatic; (bso#12497); (bsc#1160850). +- CVE-2019-19344: Fix server crash with dns zone scavenging = yes; + (bso#14050); (bsc#1160852). +- CVE-2019-14907: server-side crash after charset conversion failure + (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). + +------------------------------------------------------------------- +Fri Dec 20 17:59:01 UTC 2019 - David Disseldorp <[email protected]> + +- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320). + +------------------------------------------------------------------- +Thu Dec 05 18:50:56 UTC 2019 - David Mulder <[email protected]> + +- Print command %J substitution issue; (bso#13745); (bsc#1158551); + +------------------------------------------------------------------- +Mon Dec 2 09:23:52 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14861: DNSServer RPC server crash, an authenticated user + can crash the DCE/RPC DNS management server by creating records + with matching the zone name; (bso#14138); (bsc#1158108). +- CVE-2019-14870: DelegationNotAllowed not being enforced, the + DelegationNotAllowed Kerberos feature restriction was not being + applied when processing protocol transition requests (S4U2Self), + in the AD DC KDC; (bso#14187); (bsc#1158109). + +------------------------------------------------------------------- +Tue Oct 22 08:59:17 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14847: User with "get changes" permission can + crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); +- CVE-2019-10218: Client code can return filenames containing path + separators; (bso#14071); (bsc#1144902); + +------------------------------------------------------------------- +Fri Oct 18 10:25:13 UTC 2019 - Noel Power <[email protected]> + +- CVE-2019-14833: samba: Accent with "check script password" + Samba AD DC check password script does not receive the full + password; (bso#12438); (bsc#1154289). + +------------------------------------------------------------------- +Thu Sep 26 11:36:42 UTC 2019 - Noel Power <[email protected]> + +- Fix broken username/password authentication with CUPS and + smbspool; (bsc#1152143); (bso#14128). + +------------------------------------------------------------------- +Tue Sep 3 13:45:26 UTC 2019 - Noel Power <[email protected]> + +- Fix auth problems when printing via smbspool backend with kerberos; + (bnc#1148539); (bso#13832). + +------------------------------------------------------------------- +Fri Aug 23 18:33:23 UTC 2019 - James McDonough <[email protected]> + +- CVE-2019-10197: user escape from share path definition; + (bso#14035); (bsc#1141267). + +------------------------------------------------------------------- +Wed Aug 7 13:03:55 UTC 2019 - npower <[email protected]> + +- Prepare for use future use of kernel keyrings, modify + /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). + +------------------------------------------------------------------- +Thu Jun 13 10:43:03 UTC 2019 - npower <[email protected]> + +- CVE-2019-12435: zone operations can crash rpc server; + (bso#13922); (bsc#1137815). + +------------------------------------------------------------------- +Tue May 14 14:22:11 UTC 2019 - David Disseldorp <[email protected]> + +- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). +- Add ceph_snapshots VFS module; (jsc#SES-183). + +------------------------------------------------------------------- +Wed May 8 12:42:31 UTC 2019 - David Disseldorp <[email protected]> + +- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). + +------------------------------------------------------------------- +Wed Apr 17 09:28:46 UTC 2019 - npower <[email protected]> + +- MacOS credit accounting breaks with async SESSION SETUP; + (bsc#1125601); (bso#13796). +- Mac OS X SMB2 implmenetation sees Input/output error or Resource + temporarily unavailable and drops connection; (bso#13698) + +------------------------------------------------------------------- +Sun Apr 14 22:31:32 UTC 2019 - David Disseldorp <[email protected]> + +- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + +------------------------------------------------------------------- +Tue Apr 2 08:38:28 UTC 2019 - npower <[email protected]> + +- CVE-2019-3880: Save registry file outside share as unprivileged + user; (bso#13851); (bsc#1131060 ). + +------------------------------------------------------------------- +Wed Mar 27 19:09:13 UTC 2019 - David Mulder <[email protected]> + +- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); + (bso#13834); (bsc#1130703); + +------------------------------------------------------------------- +Wed Mar 27 18:47:07 UTC 2019 - David Mulder <[email protected]> + +- Update to samba-4.9.5 + + audit_logging: Remove debug log header and JSON Authentication: + prefix; (bso#13714); + + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# + CID: 1433607; (bso#11495); ++++ 11906 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.samba.13796.new.3399/samba.changes New: ---- _service baselibs.conf samba-4.9.5+git.350.020abd898fa.tar.bz2 samba-client-rpmlintrc samba.changes samba.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba.spec ++++++ ++++ 2753 lines (skipped) ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">https://gitlab.suse.de/samba/suse-samba.git/</param> <param name="scm">git</param> <param name="revision">SLE15-SP1</param> <param name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">samba(.*)</param> <param name="versionrewrite-replacement">\1</param> <param name="filename">samba</param> <param name="exclude">.git</param> </service> <service name="extract_file" mode="disabled"> <param name="archive">samba*.tar</param> <param name="files">samba-*/packaging/SuSE/samba.changes</param> <param name="files">samba-*/packaging/SuSE/baselibs.conf</param> <param name="files">samba-*/packaging/SuSE/samba-client-rpmlintrc</param> <param name="files">samba-*/packaging/SuSE/samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.changes</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">bz2</param> </service> </services> ++++++ baselibs.conf ++++++ libdcerpc0 libdcerpc-binding0 libdcerpc-samr0 libndr0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libnetapi-devel requires "libnetapi0-<targettype> = %version" libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 obsoletes "libpdb0-<targettype> < <version>" libsamba-policy0-python3 libsamba-policy0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-winbind supplements "packageand(samba-winbind:pam-<targettype>)" supplements "packageand(samba-winbind:glibc-<targettype>)" -/usr/lib/samba samba-client supplements "packageand(samba-client:glibc-<targettype>)" -/usr/lib/samba samba-libs samba-libs-python3 samba-libs-python samba-ad-dc ++++++ samba-client-rpmlintrc ++++++ addFilter("shlib-policy-name-error")
