Hello community, here is the log from the commit of package samba for openSUSE:Factory checked in at 2014-08-13 17:19:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/samba (Old) and /work/SRC/openSUSE:Factory/.samba.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba" Changes: -------- --- /work/SRC/openSUSE:Factory/samba/samba.changes 2014-07-29 21:21:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.samba.new/samba.changes 2014-08-13 17:19:53.000000000 +0200 @@ -1,0 +2,23 @@ +Fri Aug 1 16:34:44 UTC 2014 - dd...@suse.com + +- Fix winbind service parameter usage; (bnc#890005). + +------------------------------------------------------------------- +Fri Aug 1 13:47:57 UTC 2014 - lmue...@suse.com + +- lib/param: change the default for "winbind expand groups" to "0"; + (bnc#890008). + +------------------------------------------------------------------- +Fri Aug 1 13:42:19 UTC 2014 - lmue...@suse.com + +- Update to 4.1.11. + + A malicious browser can send packets that may overwrite the heap of the + target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429). + +------------------------------------------------------------------- +Wed Jul 30 11:39:30 UTC 2014 - dd...@suse.com + +- Fix "net time" segfault; (bso#10728); (bnc#889539). + +------------------------------------------------------------------- Old: ---- samba-4.1.10.tar.asc samba-4.1.10.tar.gz New: ---- samba-4.1.11.tar.asc samba-4.1.11.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.DWhhZX/_old 2014-08-13 17:19:54.000000000 +0200 +++ /var/tmp/diff_new_pack.DWhhZX/_new 2014-08-13 17:19:54.000000000 +0200 @@ -121,7 +121,7 @@ BuildRequires: systemd BuildRequires: systemd-devel %endif -%define samba_ver 4.1.10 +%define samba_ver 4.1.11 %define samba_ver_suffix %nil %if "%{samba_ver_suffix}" == "" %define samba_source_location http://ftp.samba.org/pub/samba/stable/samba-%{version}.tar.gz @@ -148,11 +148,11 @@ %else %define build_make_smp_mflags %{?jobs:-j%jobs} %endif -%define SOURCE_TIMESTAMP 3266 +%define SOURCE_TIMESTAMP 3274 %define BRANCH %{version} %global with_mitkrb5 1 %global with_dc 0 -Version: 4.1.10 +Version: 4.1.11 Release: 0 Url: http://www.samba.org/ Provides: samba-gplv3 = %{version} ++++++ patches.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f new/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f --- old/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f 2014-08-01 14:10:23.000000000 +0200 @@ -0,0 +1,91 @@ +From 6abeff5f46d2d46332a36018370b69ebb547799f Mon Sep 17 00:00:00 2001 +From: Jeremy Allison <j...@samba.org> +Date: Tue, 29 Jul 2014 14:12:31 -0700 +Subject: [PATCH 2/2] s3: net time - fix usage and core dump. + +Bug 10728 - 'net time system' segfaults + +https://bugzilla.samba.org/show_bug.cgi?id=10728 + +Signed-off-by: Jeremy Allison <j...@samba.org> +Reviewed-by: David Disseldorp <dd...@samba.org> + +Autobuild-User(master): David Disseldorp <dd...@samba.org> +Autobuild-Date(master): Wed Jul 30 13:32:47 CEST 2014 on sn-devel-104 +--- + source3/utils/net_time.c | 30 ++++++++++++++++++++---------- + 1 file changed, 20 insertions(+), 10 deletions(-) + +diff --git source3/utils/net_time.c source3/utils/net_time.c +index 847b4fe..56ce8f7 100644 +--- source3/utils/net_time.c ++++ source3/utils/net_time.c +@@ -84,10 +84,10 @@ static const char *systime(time_t t) + int net_time_usage(struct net_context *c, int argc, const char **argv) + { + d_printf(_( +-"net time\n\tdisplays time on a server\n\n" +-"net time system\n\tdisplays time on a server in a format ready for /bin/date\n\n" +-"net time set\n\truns /bin/date with the time from the server\n\n" +-"net time zone\n\tdisplays the timezone in hours from GMT on the remote computer\n\n" ++"net time\n\tdisplays time on a server (-S server)\n\n" ++"net time system\n\tdisplays time on a server (-S server) in a format ready for /bin/date\n\n" ++"net time set\n\truns /bin/date with the time from the server (-S server)\n\n" ++"net time zone\n\tdisplays the timezone in hours from GMT on the remote server (-S server)\n\n" + "\n")); + net_common_flags_usage(c, argc, argv); + return -1; +@@ -99,6 +99,16 @@ static int net_time_set(struct net_context *c, int argc, const char **argv) + struct timeval tv; + int result; + ++ if (c->display_usage || c->opt_host == NULL) { ++ d_printf( "%s\n" ++ "net time set\n" ++ " %s\n", ++ _("Usage:"), ++ _("Set local time to that of remote time " ++ "server (-S server) ")); ++ return 0; ++ } ++ + tv.tv_sec = nettime(c, NULL); + tv.tv_usec=0; + +@@ -118,13 +128,13 @@ static int net_time_system(struct net_context *c, int argc, const char **argv) + { + time_t t; + +- if (c->display_usage) { ++ if (c->display_usage || c->opt_host == NULL) { + d_printf( "%s\n" + "net time system\n" + " %s\n", + _("Usage:"), +- _("Output remote time server time in a format " +- "ready for /bin/date")); ++ _("Output remote time server (-S server) " ++ "time in a format ready for /bin/date")); + return 0; + } + +@@ -144,13 +154,13 @@ static int net_time_zone(struct net_context *c, int argc, const char **argv) + char zsign; + time_t t; + +- if (c->display_usage) { ++ if (c->display_usage || c->opt_host == NULL) { + d_printf( "%s\n" + "net time zone\n" + " %s\n", + _("Usage:"), +- _("Display the remote time server's offset to " +- "UTC")); ++ _("Display the remote time server's (-S server) " ++ "offset to UTC")); + return 0; + } + +-- +1.8.4.5 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 new/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 --- old/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 2014-08-01 20:41:35.000000000 +0200 @@ -0,0 +1,64 @@ +commit 98426ad467fa64975bd9e6aa32530a2dde719035 +Author: Stefan Metzmacher <me...@samba.org> +Date: Thu Jul 24 09:12:14 2014 +0200 + + lib/param: change the default for "winbind expand groups" to "0" + + Expanding groups requires the usage of SAMR, which is often not possible + with the trust account credentials. This has caused a lot of trouble + in the past, as this is the only operation which requires a member to + contact a dc of a trusted domain directly, which is not always possible. + With this changed default, it should only be required to contact + a dc of our own domain. This is the correct behavior for a domain member. + + As expanding groups is mostly cosmetic, we should avoid it. + This is similar to "winbind enum users" and "winbind enum groups", + which are also off by default. + + Only some broken applications calculate the group memberships of + users by traversing groups, such applications will require + "winbind expand groups = 1". + + Signed-off-by: Stefan Metzmacher <me...@samba.org> + Reviewed-by: Michael Adam <ob...@samba.org> + Reviewed-by: Jeremy Allison <j...@samba.org> + Reviewed-by: Björn Jacke <b...@sernet.de> + + Autobuild-User(master): Stefan Metzmacher <me...@samba.org> + Autobuild-Date(master): Thu Jul 31 18:48:36 CEST 2014 on sn-devel-104 + +Index: docs-xml/smbdotconf/winbind/winbindexpandgroups.xml +=================================================================== +--- docs-xml/smbdotconf/winbind/winbindexpandgroups.xml.orig ++++ docs-xml/smbdotconf/winbind/winbindexpandgroups.xml +@@ -17,8 +17,15 @@ + result in system slowdown as the main parent winbindd daemon + must perform the group unrolling and will be unable to answer + incoming NSS or authentication requests during this time.</para> +- ++ ++ <para>The default value was changed from 1 to 0 with Samba 4.2. ++ SUSE changed the default with Samba 4.1.11. ++ Some broken applications calculate the group memberships of ++ users by traversing groups, such applications will require ++ "winbind expand groups = 1". But the new default makes winbindd more reliable ++ as it doesn't require SAMR access to domain controllers of trusted domains.</para> ++ + </description> + +-<value type="default">1</value> ++<value type="default">0</value> + </samba:parameter> +Index: source3/param/loadparm.c +=================================================================== +--- source3/param/loadparm.c.orig ++++ source3/param/loadparm.c +@@ -984,7 +984,7 @@ static void init_globals(bool reinit_glo + Globals.bWinbindUseDefaultDomain = false; + Globals.bWinbindTrustedDomainsOnly = false; + Globals.bWinbindNestedGroups = true; +- Globals.winbind_expand_groups = 1; ++ Globals.winbind_expand_groups = 0; + Globals.szWinbindNssInfo = (const char **)str_list_make_v3(NULL, "template", NULL); + Globals.bWinbindRefreshTickets = false; + Globals.bWinbindOfflineLogon = false; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 new/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 --- old/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 2014-08-01 14:10:23.000000000 +0200 @@ -0,0 +1,64 @@ +From 9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 Mon Sep 17 00:00:00 2001 +From: Jeremy Allison <j...@samba.org> +Date: Tue, 29 Jul 2014 12:29:37 -0700 +Subject: [PATCH 1/2] s3: xml-docs. Ensure users of 'net time' know the remote + server must be specified with -S. + +Bug 10728 - 'net time system' segfaults + +https://bugzilla.samba.org/show_bug.cgi?id=10728 + +Signed-off-by: Jeremy Allison <j...@samba.org> +Reviewed-by: David Disseldorp <dd...@samba.org> +--- + docs-xml/manpages/net.8.xml | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git docs-xml/manpages/net.8.xml docs-xml/manpages/net.8.xml +index 8524d1f..d497e66 100644 +--- docs-xml/manpages/net.8.xml ++++ docs-xml/manpages/net.8.xml +@@ -404,7 +404,8 @@ YOU HAVE BEEN WARNED. + <title>TIME</title> + + <para>Without any options, the <command>NET TIME</command> command +-displays the time on the remote server. ++displays the time on the remote server. The remote server must be ++specified with the -S option. + </para> + + </refsect3> +@@ -412,21 +413,27 @@ displays the time on the remote server. + <refsect3> + <title>TIME SYSTEM</title> + +-<para>Displays the time on the remote server in a format ready for <command>/bin/date</command>.</para> ++<para>Displays the time on the remote server in a format ready for <command>/bin/date</command>. ++The remote server must be specified with the -S option. ++</para> + + </refsect3> + + <refsect3> + <title>TIME SET</title> + <para>Tries to set the date and time of the local server to that on +-the remote server using <command>/bin/date</command>. </para> ++the remote server using <command>/bin/date</command>. ++The remote server must be specified with the -S option. ++</para> + + </refsect3> + + <refsect3> + <title>TIME ZONE</title> + +-<para>Displays the timezone in hours from GMT on the remote computer.</para> ++<para>Displays the timezone in hours from GMT on the remote server. ++The remote server must be specified with the -S option. ++</para> + + </refsect3> + </refsect2> +-- +1.8.4.5 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/series new/patches/series --- old/patches/series 2014-07-28 12:30:09.000000000 +0200 +++ new/patches/series 2014-08-01 21:10:26.000000000 +0200 @@ -78,6 +78,9 @@ samba.org/4f9dd94819b5cebe53bbc34d69df408f2eb1e800 -p0 # bnc 866927 samba.org/c8519003a34dc7db44854a3d844d1c7432d52a78 -p0 # bso 10624 samba.org/55c279f0c4cc915d2cd7bb07ce0628fe42700890 -p0 # bnc 865627 +samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 -p0 # bso 10728, bnc 889539 +samba.org/6abeff5f46d2d46332a36018370b69ebb547799f -p0 # bso 10728, bnc 889539 +samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 -p0 # bnc 890008 samba.org/fix_pc_dependencies.diff -p0 # SuSE specific changes ++++++ samba-4.1.10.tar.gz -> samba-4.1.11.tar.gz ++++++ /work/SRC/openSUSE:Factory/samba/samba-4.1.10.tar.gz /work/SRC/openSUSE:Factory/.samba.new/samba-4.1.11.tar.gz differ: char 5, line 1 ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/systemd/sysconfig.samba-winbind new/vendor-files/systemd/sysconfig.samba-winbind --- old/vendor-files/systemd/sysconfig.samba-winbind 2014-04-11 14:17:04.000000000 +0200 +++ new/vendor-files/systemd/sysconfig.samba-winbind 2014-08-01 18:26:16.000000000 +0200 @@ -1,4 +1,4 @@ ## Type: string ## Default: "-D" ## ServiceRestart:·winbind -WINBINDDOPTIONS="-D" +WINBINDOPTIONS="-D" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/tools/package-data new/vendor-files/tools/package-data --- old/vendor-files/tools/package-data 2014-07-28 13:02:49.000000000 +0200 +++ new/vendor-files/tools/package-data 2014-08-01 21:12:17.000000000 +0200 @@ -1,2 +1,2 @@ # This is an autogenrated file. -SAMBA_PACKAGE_SVN_VERSION="3266" +SAMBA_PACKAGE_SVN_VERSION="3274" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org