Re: [Evergreen] samba security update - badlock and friends
Hello, Am Samstag, 16. April 2016, 13:27:18 CEST schrieb Wolfgang Rosenauer: > Am 16.04.2016 um 13:11 schrieb Christian Boltz: ... > > I just submitted the update: > > https://build.opensuse.org/request/show/390298 > > For whatever reason it ended up in the openSUSE:Maintenance target > instead of openSUSE:Evergreen:Maintenance. I followed the instructions on https://en.opensuse.org/openSUSE:Package_maintenance which basically means osc branch -M -c openSUSE:13.1 apparmor followed by (after applying the changes) osc mr Now I noticed https://en.opensuse.org/evergreen#Version_11.4.2F13.1 has different instructions, so maybe that explains it. > I've just did an SR > https://build.opensuse.org/request/show/390300 > You can revoke the other one. Thanks, and done ;-) Regards, Christian Boltz -- >>Mir sind genug NT - Admins mit Gehaeltern ab 150 KDM bekannt, die >>weniger von NT wissen als ich - und das ist _sehr_ wenig. >NT-Admins werden wie Bundestagsabgeordnete bezahlt? Wo kriegt man so Angebote? Gibt es irgendwo einen MCSE-Straßenstrich? [in dasr] ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
Am 16.04.2016 um 13:11 schrieb Christian Boltz: > Hello, > > Am Samstag, 16. April 2016, 12:40:47 CEST schrieb Michal Kubecek: >> On Sat, Apr 16, 2016 at 12:24:03AM +0200, Christian Boltz wrote: > > FYI: a quick test of the updated packages on one of my 13.1 machines > looks good. > >> But I'm not realy expert on this. So maybe >> >>> That said - I don't think having a separate update is a real problem >>> if both are released at the same time (or AppArmor first). >> >> might be the safest option after all. > > Indeed ;-) > > I just submitted the update: > https://build.opensuse.org/request/show/390298 For whatever reason it ended up in the openSUSE:Maintenance target instead of openSUSE:Evergreen:Maintenance. I've just did an SR https://build.opensuse.org/request/show/390300 You can revoke the other one. Thanks, Wolfgang ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
Hello, Am Samstag, 16. April 2016, 12:40:47 CEST schrieb Michal Kubecek: > On Sat, Apr 16, 2016 at 12:24:03AM +0200, Christian Boltz wrote: FYI: a quick test of the updated packages on one of my 13.1 machines looks good. > But I'm not realy expert on this. So maybe > > > That said - I don't think having a separate update is a real problem > > if both are released at the same time (or AppArmor first). > > might be the safest option after all. Indeed ;-) I just submitted the update: https://build.opensuse.org/request/show/390298 BTW: I also managed to get 2.9.3 released upstream, so the update for 13.2 is one of the next things I'll do ;-) > > [1] 2.10 isn't the worst thing that can happen to you ;-) and > > probably> > > has much less bugs than 2.8.4 - but I understand that such a > > version > > update isn't the best idea for a maintenance release. > > I'll ignore the fact that we do a version update of Samba ;-) > > I'm really not happy about it either. I even tried to start rebasing > the series but after more than half of first 10 commits needed > adjusting and there were still more than 200 more, I realized that Impressive numbers... > upgrade is probably the only viable option. After all, the fact that > the same was done in SLE12 GA was a hint... Oh yes. If even SLE12 does a version update, that's a *very* clear hint ;-) Regards, Christian Boltz -- ... wenn man schon Spams und Viren nur unvollkommen filtern, wie will man dann die Windoof Experten fo^Hiltern? ;-) [Paul Foerster in suse-laptop] ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
Am 16.04.2016 um 12:40 schrieb Michal Kubecek: > On Sat, Apr 16, 2016 at 12:24:03AM +0200, Christian Boltz wrote: >>> The samba update is submitted now to >>> openSUSE:Evergreen:Maintenance:4627 If you are going to submit the >>> AppArmor profile update, using this incident would be IMHO the best >>> option as that way both samba and profile update would be released at >>> once, preventing regressions. >> >> What is the best way to do this? >> I'd guess something like >> >> osc sr security:apparmor apparmor_2_8 \ >> openSUSE:Evergreen:Maintenance:4627 WHATEVER >> >> but I'm not sure what I should use for WHATEVER ;-) > > I assume apparmor.openSUSE_13.1_Update > > Or maybe rather > > osc mr -a Evergreen:MaintenanceProject \ > --incident-project openSUSE:Evergreen:Maintenance:4627 \ > security:apparmor apparmor_2_8 openSUSE:13.1:Update Just submit it via SR or MR without anything special (with the a Evergreen:MaintenanceProject for MR though. I can merge incoming requests afterwards. Thanks, Wolfgang ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Sat, Apr 16, 2016 at 12:24:03AM +0200, Christian Boltz wrote: > > The samba update is submitted now to > > openSUSE:Evergreen:Maintenance:4627 If you are going to submit the > > AppArmor profile update, using this incident would be IMHO the best > > option as that way both samba and profile update would be released at > > once, preventing regressions. > > What is the best way to do this? > I'd guess something like > > osc sr security:apparmor apparmor_2_8 \ > openSUSE:Evergreen:Maintenance:4627 WHATEVER > > but I'm not sure what I should use for WHATEVER ;-) I assume apparmor.openSUSE_13.1_Update Or maybe rather osc mr -a Evergreen:MaintenanceProject \ --incident-project openSUSE:Evergreen:Maintenance:4627 \ security:apparmor apparmor_2_8 openSUSE:13.1:Update But I'm not realy expert on this. So maybe > That said - I don't think having a separate update is a real problem if > both are released at the same time (or AppArmor first). might be the safest option after all. > [1] 2.10 isn't the worst thing that can happen to you ;-) and probably > has much less bugs than 2.8.4 - but I understand that such a version > update isn't the best idea for a maintenance release. > I'll ignore the fact that we do a version update of Samba ;-) I'm really not happy about it either. I even tried to start rebasing the series but after more than half of first 10 commits needed adjusting and there were still more than 200 more, I realized that upgrade is probably the only viable option. After all, the fact that the same was done in SLE12 GA was a hint... Michal Kubecek ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
Hello, Am Freitag, 15. April 2016, 09:12:06 CEST schrieb Michal Kubecek: > On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote: > > On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote: > > > General feedback if we want that "big" profile update patch or > > > only a > > > "small" patch to adjust the samba/nmbd profile is also welcome. > > > > As you seem to know that some of the changes are actually needed in > > 13.1 (and IIRC you mentioned one in the recent nscd thread), I > > would vote for the full patch. Packages with all the profile updates and an additional fix for libapparmor (taken from upstream 2.8 bzr branch) to support more log formats just built in security:apparmor. Note that this repo contains multiple versions and will give you AppArmor 2.10 if you just zypper dup from it [1], so you'll need to use zypper in with the exact 2.8.4 version in the zypper command line. The safer (and maybe easier) way is probably to download the packages via osc getbinaries security:apparmor apparmor_2_8 openSUSE_13.1 x86_64 (or i586, whatever you need) and install them manually. I'll test the packages on one of my servers tomorrow and submit them to Evergreen afterwards. > The samba update is submitted now to > openSUSE:Evergreen:Maintenance:4627 If you are going to submit the > AppArmor profile update, using this incident would be IMHO the best > option as that way both samba and profile update would be released at > once, preventing regressions. What is the best way to do this? I'd guess something like osc sr security:apparmor apparmor_2_8 \ openSUSE:Evergreen:Maintenance:4627 WHATEVER but I'm not sure what I should use for WHATEVER ;-) That said - I don't think having a separate update is a real problem if both are released at the same time (or AppArmor first). Regards, Christian Boltz [1] 2.10 isn't the worst thing that can happen to you ;-) and probably has much less bugs than 2.8.4 - but I understand that such a version update isn't the best idea for a maintenance release. I'll ignore the fact that we do a version update of Samba ;-) -- looks like you have some special code in yast for password "x", maybe I should use the even more secure new password "y" in the future ?! ;-) [Harald Koenig in https://bugzilla.novell.com/show_bug.cgi?id=148464] ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote: > On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote: > > > General feedback if we want that "big" profile update patch or only a > > "small" patch to adjust the samba/nmbd profile is also welcome. > > As you seem to know that some of the changes are actually needed in 13.1 > (and IIRC you mentioned one in the recent nscd thread), I would vote for > the full patch. The samba update is submitted now to openSUSE:Evergreen:Maintenance:4627 If you are going to submit the AppArmor profile update, using this incident would be IMHO the best option as that way both samba and profile update would be released at once, preventing regressions. Michal Kubecek ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote:
> On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote:
> > Am Mittwoch, 13. April 2016, 22:04:37 CEST schrieb Michal Kubecek:
> > >
> > > I did some (very) basic testing and found only one issue: to start
> > > nmbd from 4.2.4 package on a 13.1 system with AppArmor, these need to
> > > be added to its profile:
> > >
> > > /var/{cache,lib}/samba/lck/ w,
> > > /var/{cache,lib}/samba/lck/* wk,
> > > /var/{cache,lib}/samba/msg/ w,
> > > /var/{cache,lib}/samba/msg/* w,
> >
> > Are those files and directories in /var/cache/samba/ or /var/lib/samba/ ?
> > I'm asking because /var/lib/samba/** is covered by newer upstream
> > profiles (via abstractions/samba), while /var/cache/samba/ isn't.
>
> Only /var/lib/samba paths were needed, I just adjusted the rules to mach
> the others.
>
> I will check if the same problem exists in SLE12 GA and openSUSE 13.2
> which also upgraded from 4.1.x to 4.2.4 (and to exactly the same
> package). I it does, I'll file a bug.
SLE12 GA has apparmor-profiles 2.8.2 but it already has
/var/lib/samba/** rwk,
in abstractions/samba so it's OK. On the other hand, 13.2 has newer
apparmor-profiles 2.9.1 but still without the general rule and as I
checked now, it suffers from the same problem as 13.1. The update hasn't
been released yet so I added a comment to the openSUSE:Maintenance:4961
release request #389541 (https://build.opensuse.org/request/show/389541).
Michal Kubecek
___
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote:
> Am Mittwoch, 13. April 2016, 22:04:37 CEST schrieb Michal Kubecek:
> >
> > I did some (very) basic testing and found only one issue: to start
> > nmbd from 4.2.4 package on a 13.1 system with AppArmor, these need to
> > be added to its profile:
> >
> > /var/{cache,lib}/samba/lck/ w,
> > /var/{cache,lib}/samba/lck/* wk,
> > /var/{cache,lib}/samba/msg/ w,
> > /var/{cache,lib}/samba/msg/* w,
>
> Are those files and directories in /var/cache/samba/ or /var/lib/samba/ ?
> I'm asking because /var/lib/samba/** is covered by newer upstream
> profiles (via abstractions/samba), while /var/cache/samba/ isn't.
Only /var/lib/samba paths were needed, I just adjusted the rules to mach
the others.
I will check if the same problem exists in SLE12 GA and openSUSE 13.2
which also upgraded from 4.1.x to 4.2.4 (and to exactly the same
package). I it does, I'll file a bug.
> > The profile is provided by apparmor-profiles package built from
> > apparmor source package. I'm not sure what would be the best way to
> > handle this:
> >
> > (a) add apparmor.openSUSE_13.1_Update to the project manually and
> > submit it with the rest
> > (b) do a separate update of apparmor and send the request to the
> > same maintenance incident once it is created
> > (c) ignore the issue and just warn users about it
>
> If those changes are needed to start nmbd, option (c) doesn't sound good
> ;-)
The directories themselves could be probably worked around by providing
them in the package (perhaps they even should be) but the rules for
lck/* and msg/* would still be needed.
However, I can't be sure these rules are sufficient. All I did was
starting nmbd and smbd and serving some files to a client. I don't
really know how to test more advanced Samba staff (like AD) as I never
needed it so there may be more. So just adding /var/lib/samba/** as
newer profiles do can be a safer choice.
> I'd even propose to do some more profile updates while we are on it.
> The 2.8 branch isn't maintained in upstream AppArmor anymore, so we
> might want to backport profile changes from the 2.9 bzr branch (which
> is the oldest maintained branch, and also what will be released as
> 2.9.3 (hopefully) soon).
>
> The upstream policy for profile maintenance is that usually
> permissions get added, but it's extremely rare that permissions get
> removed, which makes the risk of regressions quite low.
>
> However, 2.9 introduced some new rule types (like dbus and ptrace)
> which 2.8 doesn't understand, so just shipping the 2.9 profiles isn't
> possible. (We could upgrade all of AppArmor (parser and utils) to
> 2.9.x or 2.10.x, but that's a bigger change and nothing I'd do with
> only a day or two of testing ;-)
This definitely sounds like something out of scope for Evergreen which
should IMHO have policy similar to SLE LTSS.
> I just looked at the changes between the 2.8 and 2.9 profiles and
> picked the interesting changes into the attached patch. I'm not sure
> if all changes are needed on 13.1, but IIRC at least some of them are.
I did a quick look and as far as I can see, all of them are more
permissive (except one in nscd which looks like fixing an obvious typo)
so I have no objection.
> General feedback if we want that "big" profile update patch or only a
> "small" patch to adjust the samba/nmbd profile is also welcome.
As you seem to know that some of the changes are actually needed in 13.1
(and IIRC you mentioned one in the recent nscd thread), I would vote for
the full patch.
Michal Kubecek
___
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
Hello,
Am Mittwoch, 13. April 2016, 22:04:37 CEST schrieb Michal Kubecek:
> On Wed, Apr 13, 2016 at 01:22:46PM +0200, Michal Kubecek wrote:
> > I'll submit both later today once I have chance to to at least some
> > testing (and write the patchinfo). Anyone willing to test it is
> > welcome, of course.
>
> I did some (very) basic testing and found only one issue: to start
> nmbd from 4.2.4 package on a 13.1 system with AppArmor, these need to
> be added to its profile:
>
> /var/{cache,lib}/samba/lck/ w,
> /var/{cache,lib}/samba/lck/* wk,
> /var/{cache,lib}/samba/msg/ w,
> /var/{cache,lib}/samba/msg/* w,
Are those files and directories in /var/cache/samba/ or /var/lib/samba/ ?
I'm asking because /var/lib/samba/** is covered by newer upstream
profiles (via abstractions/samba), while /var/cache/samba/ isn't.
> The profile is provided by apparmor-profiles package built from
> apparmor source package. I'm not sure what would be the best way to
> handle this:
>
> (a) add apparmor.openSUSE_13.1_Update to the project manually and
> submit it with the rest
> (b) do a separate update of apparmor and send the request to the
> same maintenance incident once it is created
> (c) ignore the issue and just warn users about it
If those changes are needed to start nmbd, option (c) doesn't sound good
;-)
I'd even propose to do some more profile updates while we are on it.
The 2.8 branch isn't maintained in upstream AppArmor anymore, so we
might want to backport profile changes from the 2.9 bzr branch (which is
the oldest maintained branch, and also what will be released as 2.9.3
(hopefully) soon).
The upstream policy for profile maintenance is that usually permissions
get added, but it's extremely rare that permissions get removed, which
makes the risk of regressions quite low.
However, 2.9 introduced some new rule types (like dbus and ptrace) which
2.8 doesn't understand, so just shipping the 2.9 profiles isn't possible.
(We could upgrade all of AppArmor (parser and utils) to 2.9.x or 2.10.x,
but that's a bigger change and nothing I'd do with only a day or two of
testing ;-)
I just looked at the changes between the 2.8 and 2.9 profiles and picked
the interesting changes into the attached patch. I'm not sure if all
changes are needed on 13.1, but IIRC at least some of them are.
Note that the patch is completely untested (except "it applies on top of
security:apparmor/apparmor_2_8") - feedback welcome ;-)
General feedback if we want that "big" profile update patch or only a
"small" patch to adjust the samba/nmbd profile is also welcome.
Regards,
Christian Boltz
--
Gericom + Pentium IV? Willst Du ein tragbares Heizkissen,
oder ein Notebook?[Manfred Tremmel in suse-linux]
diff -u -p -r apparmor-2.8.4/profiles/apparmor.d/abstractions/X /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/X
--- apparmor-2.8.4/profiles/apparmor.d/abstractions/X 2013-01-04 18:45:19.0 +0100
+++ /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/X 2016-03-01 22:38:31.564186000 +0100
@@ -7,6 +7,8 @@
@{HOME}/.Xauthority r,
owner /{,var/}run/gdm{,3}/*/database r,
owner /{,var/}run/lightdm/authority/[0-9]* r,
+ owner /{,var/}run/lightdm/*/xauthority r,
+ owner /{,var/}run/user/*/gdm/Xauthority r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* w,
@@ -32,9 +34,13 @@
/usr/share/X11/** r,
/usr/X11R6/**.so* mr,
+ # EGL
+ /usr/lib/@{multiarch}/egl/*.so* mr,
+
# DRI
/usr/lib{,32,64}/dri/** mr,
/usr/lib/@{multiarch}/dri/**mr,
+ /usr/lib/fglrx/dri/** mr,
/dev/dri/** rw,
/etc/drirc r,
owner @{HOME}/.drircr,
diff -u -p -r apparmor-2.8.4/profiles/apparmor.d/abstractions/aspell /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/aspell
--- apparmor-2.8.4/profiles/apparmor.d/abstractions/aspell 2012-01-18 19:15:57.0 +0100
+++ /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/aspell 2016-03-01 22:38:31.564186000 +0100
@@ -8,4 +8,6 @@
/usr/lib/aspell/ r,
/usr/lib/aspell/* r,
/usr/lib/aspell/*.so m,
+ /usr/share/aspell/ r,
+ /usr/share/aspell/* r,
/var/lib/aspell/* r,
diff -u -p -r apparmor-2.8.4/profiles/apparmor.d/abstractions/base /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/base
--- apparmor-2.8.4/profiles/apparmor.d/abstractions/base 2013-04-09 15:18:40.0 +0200
+++ /home/cb/apparmor/2.9-branch/profiles/apparmor.d/abstractions/base 2016-03-01 22:38:31.564186000 +0100
@@ -26,12 +26,14 @@
/etc/locale/** r,
/etc/locale.alias r,
/etc/localtime r,
+ /usr/share/locale-bundle/**r,
/usr/share/locale-langpack/** r,
/usr/share/locale/** r,
/usr/share/**/locale/**r,
/usr/share/zoneinfo/ r,
/usr/share/zoneinfo/** r,
/usr/sh
Re: [Evergreen] samba security update - badlock and friends
On Wed, Apr 13, 2016 at 01:22:46PM +0200, Michal Kubecek wrote:
>
> I'll submit both later today once I have chance to to at least some
> testing (and write the patchinfo). Anyone willing to test it is welcome,
> of course.
I did some (very) basic testing and found only one issue: to start nmbd
from 4.2.4 package on a 13.1 system with AppArmor, these need to be
added to its profile:
/var/{cache,lib}/samba/lck/ w,
/var/{cache,lib}/samba/lck/* wk,
/var/{cache,lib}/samba/msg/ w,
/var/{cache,lib}/samba/msg/* w,
The profile is provided by apparmor-profiles package built from apparmor
source package. I'm not sure what would be the best way to handle this:
(a) add apparmor.openSUSE_13.1_Update to the project manually and
submit it with the rest
(b) do a separate update of apparmor and send the request to the same
maintenance incident once it is created
(c) ignore the issue and just warn users about it
Any ideas? Or other solutions?
Michal Kubecek
___
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Tue, Apr 12, 2016 at 11:48:50PM +0200, Michal Kubecek wrote: > > As for 13.1, we have version 4.1.22. Upstream has abandoned the 4.1 > series and does not provide fixes for it. Doing a backport myself would > be extremely time consuming and I wouldn't be able to trust the result > anyway. AFAIK both openSUSE 13.2 and SLE12 GA which have been providing > Samba 4.1 until now are going to upgrade to version 4.2.4 which is what > SLE12 SP1 and Leap 42.1 have. So I guess doing the same is the only > feasible option. I haven't checked the four update packages if there any > differences (13.2 and 42.1 haven't been even submitted yet), I'm going > to do it tomorrow and then I'll decide which one to use for Evergreen > 13.1 update. So all four versions (SLE12 GA, SLE12 SP1, 13.2, 42.1) are equal to the last byte which makes the selection quite easy. The 13.1 update is at http://download.opensuse.org/repositories/home:/mkubecek:/branches:/Evergreen_Maintained:/samba/openSUSE_13.1_Update/ I'll submit both later today once I have chance to to at least some testing (and write the patchinfo). Anyone willing to test it is welcome, of course. Note: downloading the packages and updating via "rpm -Fvh *.rpm" won't work without some manual work as libpdb0 package has been replaced by libsamba-passdb0 (plus the same for *-32bit). The easiest way to install the update packages would be zypper ar http://download.opensuse.org/repositories/home:/mkubecek:/branches:/Evergreen_Maintained:/samba/openSUSE_13.1_Update/ samba-badlock zypper refresh samba-badlock zypper update -r samba-badlock Michal Kubecek ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
Re: [Evergreen] samba security update - badlock and friends
On Tue, Apr 12, 2016 at 11:48:50PM +0200, Michal Kubecek wrote: > Hello, > > as you may have noticed, we have another Barnum bug with fancy name, > fancy logo and 2nd level domain, this time called "Badlock". It also > comes with few more security fixes. > > A preliminary update package for Evergreen 11.4 can be found at > > > http://download.opensuse.org/repositories/home:/mkubecek:/branches:/Evergreen_Maintained:/samba/openSUSE_Evergreen_11.4/ > > It's completely untested as I didn't have time for it yet and I dont't > actually have a 11.4 system running Samba. Anyone willing to give it a > try is therefore welcome. > > As for 13.1, we have version 4.1.22. Upstream has abandoned the 4.1 > series and does not provide fixes for it. Doing a backport myself would > be extremely time consuming and I wouldn't be able to trust the result > anyway. AFAIK both openSUSE 13.2 and SLE12 GA which have been providing > Samba 4.1 until now are going to upgrade to version 4.2.4 which is what > SLE12 SP1 and Leap 42.1 have. So I guess doing the same is the only > feasible option. I haven't checked the four update packages if there any > differences (13.2 and 42.1 haven't been even submitted yet), I'm going > to do it tomorrow and then I'll decide which one to use for Evergreen > 13.1 update. 42.1 is staged already, but it was 4.2 before. 13.2 will go to 4.2.4, lets see when the samba folks submit. Ciao, Marcus ___ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen
