Hello community,
here is the log from the commit of package samba for openSUSE:Factory checked
in at 2014-08-13 17:19:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/samba (Old)
and /work/SRC/openSUSE:Factory/.samba.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba"
Changes:
--------
--- /work/SRC/openSUSE:Factory/samba/samba.changes 2014-07-29
21:21:47.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.samba.new/samba.changes 2014-08-13
17:19:53.000000000 +0200
@@ -1,0 +2,23 @@
+Fri Aug 1 16:34:44 UTC 2014 - dd...@suse.com
+
+- Fix winbind service parameter usage; (bnc#890005).
+
+-------------------------------------------------------------------
+Fri Aug 1 13:47:57 UTC 2014 - lmue...@suse.com
+
+- lib/param: change the default for "winbind expand groups" to "0";
+ (bnc#890008).
+
+-------------------------------------------------------------------
+Fri Aug 1 13:42:19 UTC 2014 - lmue...@suse.com
+
+- Update to 4.1.11.
+ + A malicious browser can send packets that may overwrite the heap of the
+ target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).
+
+-------------------------------------------------------------------
+Wed Jul 30 11:39:30 UTC 2014 - dd...@suse.com
+
+- Fix "net time" segfault; (bso#10728); (bnc#889539).
+
+-------------------------------------------------------------------
Old:
----
samba-4.1.10.tar.asc
samba-4.1.10.tar.gz
New:
----
samba-4.1.11.tar.asc
samba-4.1.11.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.DWhhZX/_old 2014-08-13 17:19:54.000000000 +0200
+++ /var/tmp/diff_new_pack.DWhhZX/_new 2014-08-13 17:19:54.000000000 +0200
@@ -121,7 +121,7 @@
BuildRequires: systemd
BuildRequires: systemd-devel
%endif
-%define samba_ver 4.1.10
+%define samba_ver 4.1.11
%define samba_ver_suffix %nil
%if "%{samba_ver_suffix}" == ""
%define samba_source_location
http://ftp.samba.org/pub/samba/stable/samba-%{version}.tar.gz
@@ -148,11 +148,11 @@
%else
%define build_make_smp_mflags %{?jobs:-j%jobs}
%endif
-%define SOURCE_TIMESTAMP 3266
+%define SOURCE_TIMESTAMP 3274
%define BRANCH %{version}
%global with_mitkrb5 1
%global with_dc 0
-Version: 4.1.10
+Version: 4.1.11
Release: 0
Url: http://www.samba.org/
Provides: samba-gplv3 = %{version}
++++++ patches.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f
new/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f
--- old/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f
1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/6abeff5f46d2d46332a36018370b69ebb547799f
2014-08-01 14:10:23.000000000 +0200
@@ -0,0 +1,91 @@
+From 6abeff5f46d2d46332a36018370b69ebb547799f Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <j...@samba.org>
+Date: Tue, 29 Jul 2014 14:12:31 -0700
+Subject: [PATCH 2/2] s3: net time - fix usage and core dump.
+
+Bug 10728 - 'net time system' segfaults
+
+https://bugzilla.samba.org/show_bug.cgi?id=10728
+
+Signed-off-by: Jeremy Allison <j...@samba.org>
+Reviewed-by: David Disseldorp <dd...@samba.org>
+
+Autobuild-User(master): David Disseldorp <dd...@samba.org>
+Autobuild-Date(master): Wed Jul 30 13:32:47 CEST 2014 on sn-devel-104
+---
+ source3/utils/net_time.c | 30 ++++++++++++++++++++----------
+ 1 file changed, 20 insertions(+), 10 deletions(-)
+
+diff --git source3/utils/net_time.c source3/utils/net_time.c
+index 847b4fe..56ce8f7 100644
+--- source3/utils/net_time.c
++++ source3/utils/net_time.c
+@@ -84,10 +84,10 @@ static const char *systime(time_t t)
+ int net_time_usage(struct net_context *c, int argc, const char **argv)
+ {
+ d_printf(_(
+-"net time\n\tdisplays time on a server\n\n"
+-"net time system\n\tdisplays time on a server in a format ready for
/bin/date\n\n"
+-"net time set\n\truns /bin/date with the time from the server\n\n"
+-"net time zone\n\tdisplays the timezone in hours from GMT on the remote
computer\n\n"
++"net time\n\tdisplays time on a server (-S server)\n\n"
++"net time system\n\tdisplays time on a server (-S server) in a format ready
for /bin/date\n\n"
++"net time set\n\truns /bin/date with the time from the server (-S server)\n\n"
++"net time zone\n\tdisplays the timezone in hours from GMT on the remote
server (-S server)\n\n"
+ "\n"));
+ net_common_flags_usage(c, argc, argv);
+ return -1;
+@@ -99,6 +99,16 @@ static int net_time_set(struct net_context *c, int argc,
const char **argv)
+ struct timeval tv;
+ int result;
+
++ if (c->display_usage || c->opt_host == NULL) {
++ d_printf( "%s\n"
++ "net time set\n"
++ " %s\n",
++ _("Usage:"),
++ _("Set local time to that of remote time "
++ "server (-S server) "));
++ return 0;
++ }
++
+ tv.tv_sec = nettime(c, NULL);
+ tv.tv_usec=0;
+
+@@ -118,13 +128,13 @@ static int net_time_system(struct net_context *c, int
argc, const char **argv)
+ {
+ time_t t;
+
+- if (c->display_usage) {
++ if (c->display_usage || c->opt_host == NULL) {
+ d_printf( "%s\n"
+ "net time system\n"
+ " %s\n",
+ _("Usage:"),
+- _("Output remote time server time in a format "
+- "ready for /bin/date"));
++ _("Output remote time server (-S server) "
++ "time in a format ready for /bin/date"));
+ return 0;
+ }
+
+@@ -144,13 +154,13 @@ static int net_time_zone(struct net_context *c, int
argc, const char **argv)
+ char zsign;
+ time_t t;
+
+- if (c->display_usage) {
++ if (c->display_usage || c->opt_host == NULL) {
+ d_printf( "%s\n"
+ "net time zone\n"
+ " %s\n",
+ _("Usage:"),
+- _("Display the remote time server's offset to "
+- "UTC"));
++ _("Display the remote time server's (-S server) "
++ "offset to UTC"));
+ return 0;
+ }
+
+--
+1.8.4.5
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035
new/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035
--- old/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035
1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/98426ad467fa64975bd9e6aa32530a2dde719035
2014-08-01 20:41:35.000000000 +0200
@@ -0,0 +1,64 @@
+commit 98426ad467fa64975bd9e6aa32530a2dde719035
+Author: Stefan Metzmacher <me...@samba.org>
+Date: Thu Jul 24 09:12:14 2014 +0200
+
+ lib/param: change the default for "winbind expand groups" to "0"
+
+ Expanding groups requires the usage of SAMR, which is often not possible
+ with the trust account credentials. This has caused a lot of trouble
+ in the past, as this is the only operation which requires a member to
+ contact a dc of a trusted domain directly, which is not always possible.
+ With this changed default, it should only be required to contact
+ a dc of our own domain. This is the correct behavior for a domain member.
+
+ As expanding groups is mostly cosmetic, we should avoid it.
+ This is similar to "winbind enum users" and "winbind enum groups",
+ which are also off by default.
+
+ Only some broken applications calculate the group memberships of
+ users by traversing groups, such applications will require
+ "winbind expand groups = 1".
+
+ Signed-off-by: Stefan Metzmacher <me...@samba.org>
+ Reviewed-by: Michael Adam <ob...@samba.org>
+ Reviewed-by: Jeremy Allison <j...@samba.org>
+ Reviewed-by: Björn Jacke <b...@sernet.de>
+
+ Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
+ Autobuild-Date(master): Thu Jul 31 18:48:36 CEST 2014 on sn-devel-104
+
+Index: docs-xml/smbdotconf/winbind/winbindexpandgroups.xml
+===================================================================
+--- docs-xml/smbdotconf/winbind/winbindexpandgroups.xml.orig
++++ docs-xml/smbdotconf/winbind/winbindexpandgroups.xml
+@@ -17,8 +17,15 @@
+ result in system slowdown as the main parent winbindd daemon
+ must perform the group unrolling and will be unable to answer
+ incoming NSS or authentication requests during this time.</para>
+-
++
++ <para>The default value was changed from 1 to 0 with Samba 4.2.
++ SUSE changed the default with Samba 4.1.11.
++ Some broken applications calculate the group memberships of
++ users by traversing groups, such applications will require
++ "winbind expand groups = 1". But the new default makes winbindd more
reliable
++ as it doesn't require SAMR access to domain controllers of trusted
domains.</para>
++
+ </description>
+
+-<value type="default">1</value>
++<value type="default">0</value>
+ </samba:parameter>
+Index: source3/param/loadparm.c
+===================================================================
+--- source3/param/loadparm.c.orig
++++ source3/param/loadparm.c
+@@ -984,7 +984,7 @@ static void init_globals(bool reinit_glo
+ Globals.bWinbindUseDefaultDomain = false;
+ Globals.bWinbindTrustedDomainsOnly = false;
+ Globals.bWinbindNestedGroups = true;
+- Globals.winbind_expand_groups = 1;
++ Globals.winbind_expand_groups = 0;
+ Globals.szWinbindNssInfo = (const char **)str_list_make_v3(NULL,
"template", NULL);
+ Globals.bWinbindRefreshTickets = false;
+ Globals.bWinbindOfflineLogon = false;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9
new/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9
--- old/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9
1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9
2014-08-01 14:10:23.000000000 +0200
@@ -0,0 +1,64 @@
+From 9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <j...@samba.org>
+Date: Tue, 29 Jul 2014 12:29:37 -0700
+Subject: [PATCH 1/2] s3: xml-docs. Ensure users of 'net time' know the remote
+ server must be specified with -S.
+
+Bug 10728 - 'net time system' segfaults
+
+https://bugzilla.samba.org/show_bug.cgi?id=10728
+
+Signed-off-by: Jeremy Allison <j...@samba.org>
+Reviewed-by: David Disseldorp <dd...@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git docs-xml/manpages/net.8.xml docs-xml/manpages/net.8.xml
+index 8524d1f..d497e66 100644
+--- docs-xml/manpages/net.8.xml
++++ docs-xml/manpages/net.8.xml
+@@ -404,7 +404,8 @@ YOU HAVE BEEN WARNED.
+ <title>TIME</title>
+
+ <para>Without any options, the <command>NET TIME</command> command
+-displays the time on the remote server.
++displays the time on the remote server. The remote server must be
++specified with the -S option.
+ </para>
+
+ </refsect3>
+@@ -412,21 +413,27 @@ displays the time on the remote server.
+ <refsect3>
+ <title>TIME SYSTEM</title>
+
+-<para>Displays the time on the remote server in a format ready for
<command>/bin/date</command>.</para>
++<para>Displays the time on the remote server in a format ready for
<command>/bin/date</command>.
++The remote server must be specified with the -S option.
++</para>
+
+ </refsect3>
+
+ <refsect3>
+ <title>TIME SET</title>
+ <para>Tries to set the date and time of the local server to that on
+-the remote server using <command>/bin/date</command>. </para>
++the remote server using <command>/bin/date</command>.
++The remote server must be specified with the -S option.
++</para>
+
+ </refsect3>
+
+ <refsect3>
+ <title>TIME ZONE</title>
+
+-<para>Displays the timezone in hours from GMT on the remote computer.</para>
++<para>Displays the timezone in hours from GMT on the remote server.
++The remote server must be specified with the -S option.
++</para>
+
+ </refsect3>
+ </refsect2>
+--
+1.8.4.5
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/patches/series new/patches/series
--- old/patches/series 2014-07-28 12:30:09.000000000 +0200
+++ new/patches/series 2014-08-01 21:10:26.000000000 +0200
@@ -78,6 +78,9 @@
samba.org/4f9dd94819b5cebe53bbc34d69df408f2eb1e800 -p0 # bnc 866927
samba.org/c8519003a34dc7db44854a3d844d1c7432d52a78 -p0 # bso 10624
samba.org/55c279f0c4cc915d2cd7bb07ce0628fe42700890 -p0 # bnc 865627
+samba.org/9919c90ca8622ef4c9bb3753518a9bffd0c4f3b9 -p0 # bso 10728, bnc 889539
+samba.org/6abeff5f46d2d46332a36018370b69ebb547799f -p0 # bso 10728, bnc 889539
+samba.org/98426ad467fa64975bd9e6aa32530a2dde719035 -p0 # bnc 890008
samba.org/fix_pc_dependencies.diff -p0
# SuSE specific changes
++++++ samba-4.1.10.tar.gz -> samba-4.1.11.tar.gz ++++++
/work/SRC/openSUSE:Factory/samba/samba-4.1.10.tar.gz
/work/SRC/openSUSE:Factory/.samba.new/samba-4.1.11.tar.gz differ: char 5, line 1
++++++ vendor-files.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor-files/systemd/sysconfig.samba-winbind
new/vendor-files/systemd/sysconfig.samba-winbind
--- old/vendor-files/systemd/sysconfig.samba-winbind 2014-04-11
14:17:04.000000000 +0200
+++ new/vendor-files/systemd/sysconfig.samba-winbind 2014-08-01
18:26:16.000000000 +0200
@@ -1,4 +1,4 @@
## Type: string
## Default: "-D"
## ServiceRestart:·winbind
-WINBINDDOPTIONS="-D"
+WINBINDOPTIONS="-D"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor-files/tools/package-data
new/vendor-files/tools/package-data
--- old/vendor-files/tools/package-data 2014-07-28 13:02:49.000000000 +0200
+++ new/vendor-files/tools/package-data 2014-08-01 21:12:17.000000000 +0200
@@ -1,2 +1,2 @@
# This is an autogenrated file.
-SAMBA_PACKAGE_SVN_VERSION="3266"
+SAMBA_PACKAGE_SVN_VERSION="3274"
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
