Hello community, here is the log from the commit of package samba.13815 for openSUSE:Leap:15.2:Update checked in at 2020-09-01 12:31:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/samba.13815 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.samba.13815.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba.13815" Tue Sep 1 12:31:07 2020 rev:1 rq:830438 version:4.11.11+git.180.2cf3b203f07 Changes: -------- New Changes file: --- /dev/null 2020-08-06 00:20:10.149648038 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.samba.13815.new.3399/samba.changes 2020-09-01 12:31:10.388247573 +0200 @@ -0,0 +1,12563 @@ +------------------------------------------------------------------- +Tue Jul 14 14:54:31 UTC 2020 - David Mulder <[email protected]> + +- Fix net command unable to negotiate SMB2; (bsc#1174120); + +------------------------------------------------------------------- +Thu Jul 2 13:36:36 UTC 2020 - Noel Power <[email protected]> + +- Update to samba 4.11.11 + + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ + and VLV combined; (bso#14364); (bsc#1173159] + + CVE-2020-10745: invalid DNS or NBT queries containing dots use + several seconds of CPU each; (bso#14378); (bsc#1173160). + + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP + server with paged_result or VLV; (bso#14402); (bsc#1173161) + + CVE-2020-14303: Endless loop from empty UDP packet sent to + AD DC nbt_server; (bso#14417); (bsc#1173359). + +- Update to samba 4.11.10 + + Fix segfault when using SMBC_opendir_ctx() routine for share + folder that contains incorrect symbols in any file name; + (bso#14374). + + vfs_shadow_copy2 doesn't fail case looking in + snapdirseverywhere mode; (bso#14350) + + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; + (bso#14413). + + Malicous SMB1 server can crash libsmbclient; (bso#14366) + + winbindd: Fix a use-after-free when winbind clients exit; + (bso#14382) + + ldb: Bump version to 2.0.11, LMDB databases can grow without + bounds. (bso#14330) + +- Update to samba 4.11.9 + + nmblib: Avoid undefined behaviour in handle_name_ptrs(); + (bso#14242). + + 'samba-tool group' commands do not handle group names with + special chars correctly; (bso#14296). + + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo + is not valid; (bso#14237). + + Missing check for DMAPI offline status in async DOS + attributes; (bso#14293). + + smbd: Ignore set NTACL requests which contain + S-1-5-88 NFS ACEs; (bso#14307). + + vfs_recycle: Prevent flooding the log if we're called on + non-existant paths; (bso#14316) + + smbd mistakenly updates a file's write-time on close; + (bso#14320). + + RPC handles cannot be differentiated in source3 RPC server; + (bso#14359). + + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + + nsswitch: Fix use-after-free causing segfault in + _pam_delete_cred; (bso#14327). + + Fix fruit:time machine max size on arm; (bso#13622) + + CTDB recovery corner cases can cause record resurrection + and node banning; (bso#14294). + + ctdb: Fix a memleak; (bso#14348). + + libsmb: Don't try to find posix stat info in SMBC_getatr(). + + ctdb-tcp: Move free of inbound queue to TCP restart; + (bso#14295); (bsc#1162680). + + s3/librpc/crypto: Fix double free with unresolved + credential cache; (bso#14344); (bsc#1169095) + + s3:libads: Fix ads_get_upn(); (bso#14336). + + CTDB recovery corner cases can cause record resurrection + and node banning; (bso#14294) + + Starting ctdb node that was powered off hard before + results in recovery loop; (bso#14295); (bsc#1162680). + + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; + (bso#14324) +- Update to samba 4.11.8 + + CVE-2020-10700: Use-after-free in Samba AD DC LDAP + Server with ASQ; (bso#14331); (bsc#1169850); + + CVE-2020-10704: LDAP Denial of Service (stack overflow) + in Samba AD DC; (bso#14334); (bsc#1169851); +- Update to samba 4.11.7 + + s3: lib: nmblib. Clean up and harden nmb packet + processing; (bso#14239). + + s3: VFS: full_audit. Use system session_info if called + from a temporary share definition; (bso#14283) + + dsdb: Correctly handle memory in objectclass_attrs; + (bso#14258). + + ldb: version 2.0.9, Samba 4.11 and later give incorrect + results for SCOPE_ONE searches; (bso#14270) + + auth: Fix CIDs 1458418 and 1458420 Null pointer + dereferences; (bso#14247). + + smbd: Handle EINTR from open(2) properly; (bso#14285) + + winbind member (source3) fails local SAM auth with empty + domain name; (bso#14247) + + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + + lib:util: Log mkdir error on correct debug levels; + (bso#14253). + + wafsamba: Do not use 'rU' as the 'U' is deprecated in + Python 3.9; (bso#14266). + + ctdb-tcp: Make error handling for outbound connection + consistent; (bso#14274). +- Update to samba 4.11.6 + + pygpo: Use correct method flags; (bso#14209). + + vfs_ceph_snapshots: Fix root relative path handling; + (bso#14216); (bsc#1141320). + + Avoiding bad call flags with python 3.8, using METH_NOARGS + instead of zero; (bso#14209). + + source4/utils/oLschema2ldif: Include stdint.h before + cmocka.h; (bso#14218). + + docs-xml/winbindnssinfo: Clarify interaction with + idmap_ad etc; (bso#14122). + + smbd: Fix the build with clang; (bso#14251). + + upgradedns: Ensure lmdb lock files linked; (bso#14199). + + s3: VFS: glusterfs: Reset nlinks for symlink entries during + readdir; (bso#14182). + + smbc_stat() doesn't return the correct st_mode and also + the uid/gid is not filled (SMBv1) file; (bso#14101). + + librpc: Fix string length checking in + ndr_pull_charset_to_null(); (bso#14219). + + ctdb-scripts: Strip square brackets when gathering + connection info; (bso#14227). + +------------------------------------------------------------------- +Mon Jun 1 10:01:40 UTC 2020 - Samuel Cabrero <[email protected]> + +- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); + +------------------------------------------------------------------- +Thu May 14 17:19:04 UTC 2020 - Samuel Cabrero <[email protected]> + +- Installing: samba - samba-ad-dc.service does not exist and unit + not found; (bsc#1171437); + +------------------------------------------------------------------- +Thu May 14 14:50:40 UTC 2020 - David Mulder <[email protected]> + +- Fix samba_winbind package is installing python3-base without + python3 package; (bsc#1169521); + +------------------------------------------------------------------- +Mon May 4 09:51:03 UTC 2020 - Samuel Cabrero <[email protected]> + +- Require libldb2 >= 2.0.10 after security release. + +------------------------------------------------------------------- +Wed Apr 22 09:58:07 UTC 2020 - Samuel Cabrero <[email protected]> + +- CVE-2020-10704: LDAP Denial of Service (stack overflow) in + Samba AD DC; (bso#14334); (bsc#1169851); +- CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with + ASQ; (bso#14331); (bsc#1169850); + +------------------------------------------------------------------- +Mon Apr 20 10:31:08 UTC 2020 - Noel Power <[email protected]> + +- Fix smbclient crash with double free (with unresolved krb5 + credential cache); (bso#14344); (bsc#1169095). + +------------------------------------------------------------------- +Fri Feb 28 09:19:39 UTC 2020 - Noel Power <[email protected]> + +- Starting ctdb node that was powered off hard before results + in recovery loop; (bso#14295); (bsc#1162680). + +------------------------------------------------------------------- +Mon Feb 17 18:10:06 UTC 2020 - Noel Power <[email protected]> + +- CTDB doesn't retry outgoing connections on bind (and some other) + failures; (bso#14274); (bsc#1162680). + +------------------------------------------------------------------- +Thu Jan 30 18:26:54 UTC 2020 - David Mulder <[email protected]> + +- Revert: Allow idmap_rid to have primary group other than + "Domain Users"; (bsc#1087931). + +------------------------------------------------------------------- +Tue Jan 21 16:55:36 UTC 2020 - Samuel Cabrero <[email protected]> + +- Fix nmbstatus not reporting detailed information about workgroups; + (bsc#1159464); +- Fix querying all names registered within broadcast area; (bso#8927); + +------------------------------------------------------------------- +Tue Jan 21 16:31:07 UTC 2020 - Noel Power <[email protected]> + +- Update to samab 4.11.5 + + CVE-2019-14902: Replication of ACLs down subtree on + AD Directory is not automatic; (bso#12497); (bsc#1160850). + + CVE-2019-19344: Fix server crash with + dns zone scavenging = yes; (bso#14050); (bsc#1160852). + + CVE-2019-14907: server-side crash after charset conversion + failure (eg during NTLMSSP processing); (bso#14208); + (bsc#1160888). + +- Update to samba 4.11.4 + + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; + (bso#14161). + + Ensure we don't call cli_RNetShareEnum() on an SMB1 + connection; (bso#14174). + + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in + SMBC_opendir_ctx; (bso#14176). + + SMB2 - Ensure we use the correct session_id if encrypting + an interim response; (bso#14189). ++++ 12366 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.samba.13815.new.3399/samba.changes New: ---- _service baselibs.conf samba-4.11.11+git.180.2cf3b203f07.tar.bz2 samba-client-rpmlintrc samba.changes samba.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba.spec ++++++ ++++ 2605 lines (skipped) ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">https://gitlab.suse.de/samba/suse-samba.git/</param> <param name="scm">git</param> <param name="revision">SLE15-SP2</param> <param name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">samba(.*)</param> <param name="versionrewrite-replacement">\1</param> <param name="filename">samba</param> <param name="exclude">.git</param> </service> <service name="extract_file" mode="disabled"> <param name="archive">samba*.tar</param> <param name="files">samba-*/packaging/SuSE/samba.changes</param> <param name="files">samba-*/packaging/SuSE/baselibs.conf</param> <param name="files">samba-*/packaging/SuSE/samba-client-rpmlintrc</param> <param name="files">samba-*/packaging/SuSE/samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.spec</param> </service> <service name="set_version" mode="disabled"> <param name="basename">samba</param> <param name="regex">^samba-([^/]+)</param> <param name="file">samba.changes</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">bz2</param> </service> </services> ++++++ baselibs.conf ++++++ libdcerpc0 libdcerpc-binding0 libdcerpc-samr0 libndr0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libnetapi-devel requires "libnetapi0-<targettype> = %version" libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 obsoletes "libpdb0-<targettype> < <version>" libsamba-policy0-python3 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-winbind supplements "packageand(samba-winbind:pam-<targettype>)" supplements "packageand(samba-winbind:glibc-<targettype>)" -/usr/lib/samba samba-client supplements "packageand(samba-client:glibc-<targettype>)" -/usr/lib/samba samba-libs samba-libs-python3 samba-ad-dc ++++++ samba-client-rpmlintrc ++++++ addFilter("shlib-policy-name-error")
