Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

samba-client-4.17.4+git.314.7b07e3c51a6-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: samba-client Distribution: openSUSE:Factory:zSystems
Version: 4.17.4+git.314.7b07e3c51a6 Vendor: openSUSE
Release: 1.1 Build date: Wed Jan 25 19:09:13 2023
Group: Productivity/Networking/Samba Build host: s390zp24
Size: 4638801 Source RPM: samba-4.17.4+git.314.7b07e3c51a6-1.1.src.rpm
Summary: Samba Client Utilities
Samba is a suite of programs that allows SMB/CIFS clients to use the
Unix file space, printers, and authentication subsystem.

The package named samba-client contains all programs that are needed to
act as a Samba client. The binaries expect the configuration file to
be found in /etc/samba/smb.conf

For a more detailed description of Samba, check the samba-doc package
or the Web page at

Please check for general information on
Samba as part of SUSE Linux Enterprise or openSUSE products, links to
binary packages of the most current Samba version, and a bug reporting
how to.






* Mon Jan 23 2023 Noel Power <>
  - libdsdb-module-samba4 should be packaged as part of samba-libs and
    not samba-ad-dc-libs. Additionally no need for it to be
    removed conditionally.
* Thu Jan 12 2023 Noel Power <>
  - Clean up logic for PAM migration settings in spec file.
* Wed Jan 04 2023 Stefan Schubert <>
  - Migration of PAM settings to /usr/lib/pam.d.
* Wed Dec 21 2022 Noel Power <>
  - Change with_dc default to 0 (for non TW builds).
* Thu Dec 15 2022 Samuel Cabrero <>
  - Update to 4.17.4
    * CVE-2022-44640 Upstream Heimdal free of user-controlled
      pointer in FAST; (bsc#14929);
    * CVE-2021-20251 Bad password count not incremented atomically;
    * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
    * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
      modern servers; (bso#15237);
    * CVE-2022-37967 Kerberos constrained delegation ticket forgery
      possible against Samba AD DC; (bso#15231);
    * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
      and should be avoided; (bso#15240);
    * pam_winbind uses time_t and pointers assuming they are of the
      same size; (bso#15224);
    * Heimdal session key selection in AS-REQ examines wrong entry;
    * filter-subunit is inefficient with large numbers of
      knownfails; (bso#15258);
    * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
    * The KDC logic arround msDs-supportedEncryptionTypes differs
      from Windows; (bso#13135);
    * libnet: change_password() doesn't work with
      dcerpc_samr_ChangePasswordUser4(); (bso#15206);
    * Heimdal session key selection in AS-REQ examines wrong entry;
    * Memory leak in snprintf replacement functions; (bso#15230);
    * RODC doesn't reset badPwdCount reliable via an RWDC
      (CVE-2021-20251 regression); (bso#15253);
    * Prevent EBADF errors with vfs_glusterfs; (bso#15198);
    * %U for include directive doesn't work for share listing
      (netshareenum); (bso#15243);
    * Stack smashing in net offlinejoin requestodj; (bso#15257);
    * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    * Heimdal session key selection in AS-REQ examines wrong entry;
  - Remove deprecated if-{down,up} scripts; (bsc#1206444);
  - Adjust the systemd drop-in file for named service; (bsc#1201689);
    * Paths are additive so do not repeat paths from named.service
    * Prefix the samba DLZ directory with "-" to ignore this path
      if it does not exists
* Mon Dec 12 2022 Stefan Schubert <>
  - Migration PAM settings to /usr/etc: Saving user changed
    configuration files in /etc and restoring them while an RPM
* Thu Dec 01 2022 David Mulder <>
  - Introduce without-smb1-server spec flag; (bsc#1205104);
* Tue Nov 15 2022 Samuel Cabrero <>
  - Update to 4.17.3
    * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
      systems; (bsc#1205126); (bso#15203);
* Tue Nov 08 2022 Ben Greiner <>
  - Replace obsolete python-gpgme with python-gpg
    * Upstream replaced it in v4.9.5 -- bso#13728
* Tue Oct 25 2022 Noel Power <>
  - Update to 4.17.2
    * CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
      (bso#15207); (bsc#1204499).
    * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
      unwrap_des3();(bso#15134); (bsc#1204254).
* Wed Oct 19 2022 Noel Power <>
  - Update to 4.17.1
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
    * Flush on a named stream never completes; (bso#15182).
    * Permission denied calling SMBC_getatr when file not exists;
    * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
      over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    * pytest: add file removal helpers for TestCaseInTempDir;
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
      over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    * Flush on a named stream never completes; (bso#15182).
    * vfs_gpfs silently garbles timestamps > year 2106;
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * multi-channel socket passing may hit a race if one of the
      involved processes already existed; (bso#15200).
    * memory leak on temporary of struct imessaging_post_state and
      struct tevent_immediate on struct imessaging_context (in
      rpcd_spoolss and maybe others); (bso#15201).
    * Since popt1.19 various use after free errors using result of
      poptGetArg are now exposed; (bso#15205); (boo#1204279).
    * Remove special case for O_CREAT in SMB_VFS_OPENAT from
      vfs_glusterfs; (bso#15192).
    * GETPWSID in memory cache grows indefinetly with each NTLM
      auth; (bso#15169).
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
  - Install a systemd drop-in file for named service to allow
    read/write access to the DLZ directory; (bsc#1201689);
* Fri Oct 14 2022 Noel Power <>
  - Fix use after free errors resulting from using return of
    poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).
* Mon Sep 26 2022 Noel Power <>
  - s3: smbd: Fix memory leak in
    smbd_server_connection_terminate_done(); (bso#15174).
* Mon Sep 26 2022 Noel Power <>
  - Disable SMB1 for tumbleweed builds.
* Fri Sep 23 2022 Noel Power <>
  - Update to 4.17.0
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * Missing SMB2-GETINFO access checks from MS-SMB2;
    * assert failed: !is_named_stream(smb_fname)") at
      ../../lib/util/fault.c:197; (bso#15161).
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * assert failed: !is_named_stream(smb_fname)") at
      ../../lib/util/fault.c:197; (bso#15161).
    * Cross-node multi-channel reconnects result in SMB2 Negotiate
      returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
    * winbind at info level debug can coredump when processing
      wb_lookupusergroups; (bso#15160).
    * Make use of glfs_*at() API calls in vfs_glusterfs;
    * Possible use after free of connection_struct when iterating
      smbd_server_connection->connections; (bso#15128).
    * `net usershare add` fails with flag works with --long but
      fails with -l; (bso#15145).
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * Performance regression on contended path based operations;
    * Missing READ_LEASE break could cause data corruption;
    * libsamba-errors uses a wrong version number; (bso#15141).
    * SMB1 negotiation can fail to handle connection errors;
    * New filename parser doesn't check veto files smb.conf
      parameter; (bso#15143).
    * 4.17.rc1 still uses symlink-race prone unix_convert();
    * Backport fileserver related changed to 4.17.0rc2;
    * Manpage for smbstatus json is missing; (bso#15147).
    * Backport fileserver related changed to 4.17.0rc2;
    * Performance regression on contended path based operations;
    * Backport fileserver related changed to 4.17.0rc2;
    * Fix issues found by coverity in smbstatus json code;
    * Backport fileserver related changed to 4.17.0rc2;
* Thu Sep 01 2022 Stefan Schubert <>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Thu Jul 28 2022 Samuel Cabrero <>
  - Update to 4.16.4
    * CVE-2022-2031: Samba AD users can bypass certain restrictions
      associated with changing passwords; (bsc#1201495); (bso#15047);
    * CVE-2022-32744: Samba AD users can forge password change
      requests for any user; (bsc#1201493); (bso#15074);
    * CVE-2022-32745: Samba AD users can crash the server process
      with an LDAP add or modify request; (bsc#1201492); (bso#15008);
    * CVE-2022-32746: Samba AD users can induce a use-after-free in
      the server process with an LDAP add or modify request;
      (bsc#1201490); (bso#15009);
    * CVE-2022-32742: Server memory information leak via SMB1;
      (bsc#1201496); (bso#15085);
* Tue Jul 19 2022 Samuel Cabrero <>
  - Update to 4.16.3
    * Using vfs_streams_xattr and deleting a file causes a panic;
    * Add support for bind 9.18; (bso#14986);
    * logging dsdb audit to specific files does not work;
    * Problem when winbind renews Kerberos; (bso#14979);
    * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
      developer mode; (bso#15095);
    * Crash in streams_xattr because fsp->base_fsp->fsp_name is
      NULL; (bso#15105);
    * Crash in rpcd_classic - NULL pointer deference in
      mangle_is_mangled(); (bso#15118);
    * smbclient commands del & deltree fail with
      NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    * Fix check for chown when processing NFSv4 ACL; (bso#15120);
    * The pcap background queue process should not be stopped;
    * testparm: Fix typo in idmap rangesize check; (bso#15097);
    * net ads info returns LDAP server and LDAP server name as
      null; (bso#15106);
    * ldconfig: /lib64/ is not a symbolic link;
    * CTDB child process logging does not work as expected;
* Tue Jul 12 2022 Samuel Cabrero <>
  - Update spec file to fix the optional Heimdal DC build
  - Fix external trusts with MIT Kerberos 1.20
  - Add missing samba-client requirement to samba-winbind package;
  - Move pdb backends from package samba-libs to package
    samba-client-libs and remove samba-libs requirement from
    samba-winbind; (bsc#1200964); (bsc#1198255);
  - Add sysuser-shadow requirement for packages using
  - Use the canonical realm name to refresh the Kerberos tickets;
    (bsc#1196224); (bso#14979);
* Tue Jun 21 2022 Stefan Schubert <>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 13 2022 Samuel Cabrero <>
  - Update to 4.16.2
    * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
      file had been deleted; (bso#15069);
    * Reintroduce netgroups support; (bso#15087);
    * net ads info shows LDAP Server: depending on contacted
      server; (bso#14674);
    * Update from 4.15  to 4.16 breaks discovery of [homes] on
      standalone server from Win and IOS; (bso#15062);
    * waf produces incorrect names for python extensions with Python
      3.11; (bso#15071);
    * smbclient -E doesn't work as advertised; (bso#15075);
    * The samba background daemon doesn't refresh the printcap cache
      on startup; (bso#15081);
    * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
  - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7
  - Support building with MIT Kerberos 1.20
  - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC;
  - Resource Based Constrained Delegation (RBCD) for Samba AD DC
  - Support building with gcc 12.1
* Wed May 11 2022 Samuel Cabrero <>
  - Use requires_eq macro to require the libldb2 version available at
    samba-dsdb-modules build time; (bsc#1199362);
* Tue May 03 2022 Samuel Cabrero <>
  - Update to 4.16.1
    * Share and server swapped in smbget password prompt; (bso#14831);
    * Durable handles won't reconnect if the leased file is written to;
    * rmdir silently fails if directory contains unreadable files and
      hide unreadable is yes; (bso#15023);
    * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
      on renamed file handle; (bso#15038);
    * Need to describe --builtin-libraries= better (compare with
    - -bundled-libraries); (bso#8731);
    * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
    * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    * PAM Kerberos authentication incorrectly fails with a clock skew
      error; (bso#15046);
    * Username map - samba erroneously applies unix group memberships
      to user account entries; (bso#15041);
    * KVNO off by 100000; (bso#14951);
    * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
    * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
    * smbd doesn't handle UPNs for looking up names; (bso#15054);
* Wed Apr 20 2022 Noel Power <>
  - Update update-apparmor-samba-profile script, replace
    non-printable delimiter with more human readable separator as
    sed can accept separators that can appear in the input data.
* Wed Apr 13 2022 Noel Power <>
  - Fix update-apparmor-samba-profile script, sed doesn't like
    multibyte separators; (bsc#1198309).
* Thu Mar 24 2022 Samuel Cabrero <>
  - Update to 4.16.0
    * New samba-dcerpcd binary to provide DCERPC in the member server
    * Certificate Auto Enrollment
    * Ability to add ports to dns forwarder addresses in internal DNS
    * No longer using Linux mandatory locks for sharemodes
    * SMB1 protocol has been deprecated, particularly older dialects
    * SMB1 protocol SMBCopy command removed
    * SMB1 server-side wildcard expansion removed
  - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
  - Use systemd-sysusers to create system users; (bsc#1182847);
* Tue Mar 15 2022 Samuel Cabrero <>
  - Update to 4.15.6
    * Renaming file on DFS root fails with
    * Samba does not response STATUS_INVALID_PARAMETER when opening 2
      objects with same lease key; (bso#14737);
    * NT error code is not set when overwriting a file during rename
      in libsmbclient; (bso#14938);
    * Fix ldap simple bind with TLS auditing; (bso#14996);
    * net ads info shows LDAP Server: depending on contacted
      server; (bso#14674);
    * Problem when winbind renews Kerberos; (bso#14979);
    * pam_winbind will not allow gdm login if password about to
      expire; (bso#8691);
    * virusfilter_vfs_openat: Not scanned: Directory or special file;
    * DFS fix for AIX broken; (bso#13631);
    * Solaris and AIX acl modules: wrong function arguments;
    * Function aixacl_sys_acl_get_file not declared / coredump;
    * Regression: Samba 4.15.2 on macOS segfaults intermittently
      during strcpy in tdbsam_getsampwnam; (bso#14900);
    * Fix a use-after-free in SMB1 server; (bso#14989);
    * smb2_signing_decrypt_pdu() may not decrypt with
      gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    * Changing the machine password against an RODC likely destroys
      the domain join; (bso#14984);
    * authsam_make_user_info_dc() steals memory from its struct
      ldb_message *msg argument; (bso#14993);
    * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    * Samba autorid fails to map AD users if id rangesize fits in the
      id range only once; (bso#14967);
* Mon Mar 07 2022 David Mulder <>
  - Fix mismatched version of libldb2; (bsc#1196788).
  - Drop obsolete SuSEfirewall2 service files.
* Fri Mar 04 2022 David Disseldorp <>
  - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
* Wed Feb 23 2022 Noel Power <>
  - Fix ntlm authentications with "winbind use default domain = yes";
    (bso#13126); (bsc#1173429); (bsc#1196308).
* Mon Feb 14 2022 David Mulder <>
  - Fix samba-ad-dc status warning notification message by disabling
    systemd notifications in bgqd; (bsc#1195896); (bso#14947).
* Mon Feb 07 2022 David Mulder <>
  - libldb version mismatch in Samba dsdb component; (bsc#1118508);
* Mon Jan 31 2022 Noel Power <>
  - Update to 4.15.5
    * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
      outside target of a symlink exists; (bso#14911);
    * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
      module; (bso#14914); (bsc#1194859).
    * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
      conflict checks; bso#14950); (bsc#1195048).
* Wed Jan 26 2022 Samuel Cabrero <>
  - CVE-2021-44141: Information leak via symlinks of existance of
    files or directories outside of the exported share; (bso#14911);
  - CVE-2021-44142: Out-of-bounds heap read/write vulnerability
    in VFS module vfs_fruit allows code execution; (bso#14914);
  - CVE-2022-0336: Samba AD users with permission to write to an
    account can impersonate arbitrary services; (bso#14950);
* Fri Jan 21 2022 Samuel Cabrero <>
  - Update to 4.15.4
    * Duplicate SMB file_ids leading to Windows client cache
      poisoning; (bso#14928);
    * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
      NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
    * kill_tcp_connections does not work; (bso#14934);
    * Can't connect to Windows shares not requiring authentication
      using KDE/Gnome; (bso#14935);
    * smbclient -L doesn't set "client max protocol" to NT1 before
      calling the "Reconnecting with SMB1 for workgroup listing"
      path; (bso#14939);
    * Cross device copy of the crossrename module always fails;
    * symlinkat function from VFS cap module always fails with an
      error; (bso#14941);
    * Fix possible fsp pointer deference; (bso#14942);
    * Missing pop_sec_ctx() in error path inside close_directory();
    * "smbd --build-options" no longer works without an smb.conf file;
* Tue Jan 18 2022 Dominique Leuenberger <>
  - Use pkgconfig(krb5) as dependency for the -devel package: allow
    OBS to pick the right flavor of krb5-devel (full vs mini).
  - Do not require the 'krb5' symbol by samba-client-libs: this
    package has an automatic dependency due to linkage on Automatic deps are always better.
  - Do not require the 'krb5' symbol from samba-libs: samba-libs
    requires samba-client-libs, which in turn requires krb5
    libraries. Samba-libs itself has no need for krb5 (but get it
    indirectly anyway).
* Thu Jan 13 2022 Samuel Cabrero <>
  - Reorganize libs packages. Split samba-libs into samba-client-libs,
    samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
    public libraries depending on internal samba libraries into these
    packages as there were dependency problems everytime one of these
    public libraries changed its version (bsc#1192684). The devel
    packages are merged into samba-devel.
  - Rename package samba-core-devel to samba-devel
  - Add python-rpm-macros to build requirements
  - Update the symlink create by samba-dsdb-modules to private samba
    ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
* Fri Dec 10 2021 Samuel Cabrero <>
  - Update to 4.15.3
    * Recursive directory delete with veto files is broken in 4.15.0;
    * A directory containing dangling symlinks cannot be deleted by
      SMB2 alone when they are the only entry in the directory;
    * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
      uninitialized in rmdir_internals(); (bso#14892);
    * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
    * The CVE-2020-25717 username map [script] advice has undesired
      side effects for the local nt token; (bso#14901); (bsc#1192849);
    * User with multiple spaces (eg Fred<space><space>Nurk) become
      un-deletable; (bso#14902);
    * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
    * smbXsrv_client_global record validation leads to crash if existing
      record points at non-existing process; (bso#14882);
    * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
    * Samba process doesn't log to logfile; (bso#14897);
    * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
      triggers locking.tdb assert; (bso#14907);
    * Kerberos authentication on standalone server in MIT realm broken;
    * Segmentation fault when joining the domain; (bso#14923);
    * Support for ROLE_IPA_DC is incomplete; (bso#14903);
    * rpcclient cannot connect to ncacn_ip_tcp services anymore;
    * winexe crashes since 4.15.0 after popt parsing; (bso#14893);
    * net ads status -P broken in a clustered environment; (bso#14908);
    * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
      smbd_smb2_ioctl_send; (bso#14788);
    * winbindd doesn't start when "allow trusted domains" is off;
    * smbclient login without password using '-N' fails with
      NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
    * A schannel client incorrectly detects a downgrade connecting to
      an AES only server; (bso#14912);
    * Possible null pointer dereference in winbind; (bso#14921);
    * Fix -k legacy option for client tools like smbclient, rpcclient,
      net, etc.; (bso#14846);
    * Add Debian 11 CI bootstrap support; (bso#14872);
    * Crash in recycle_unlink_internal(); (bso#14888);
* Thu Nov 18 2021 Samuel Cabrero <>
  - Fix dependency problem upgrading from libndr0 to libndr2 and
    from libsamba-credentials0 to libsamba-credentials1;
* Wed Nov 10 2021 Samuel Cabrero <>
  - Fix regression introduced by CVE-2020-25717 patches, winbindd
    does not start when 'allow trusted domains' is off; (bso#14899);
  - Update to 4.15.2
    * CVE-2016-2124:  SMB1 client connections can be downgraded to
      plaintext authentication; (bso#12444); (bsc#1014440);
    * CVE-2020-25717: A user on the domain can become root on domain
      members; (bso#14556); (bsc#1192284);
    * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
      tickets issued by an RODC; (bso#14558); (bsc#1192246);
    * CVE-2020-25719: Samba AD DC did not always rely on the SID and
      PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
    * CVE-2020-25721: Kerberos acceptors need easy access to stable
      AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
    * CVE-2020-25722: Samba AD DC did not do suffienct access and
      conformance checking of data stored; (bso#14564);
    * CVE-2021-3738: Use after free in Samba AD DC RPC server;
      (bso#14468); (bsc#1192215);
    * CVE-2021-23192: Subsequent DCE/RPC fragment injection
      vulnerability; (bso#14875); (bsc#1192214);
  - Update to 4.15.1
    * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
    * Log clutter from filename_convert_internal; (bso#14685);
    * MacOSX compilation fixes; (bso#14862);
    * rodc_rwdc test flaps; (bso#14868);
    * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
    bit' S4U2Proxy Constrained Delegation bypass in Samba with
    embedded Heimdal; (bso#14642);
    * Python ldb.msg_diff() memory handling failure; (bso#14836);
    * "in" operator on ldb.Message is case sensitive; (bso#14845);
    * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
    * samldb_krbtgtnumber_available() looks for incorrect string;
    * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
    * Allow special chars like "@" in samAccountName when generating
    the salt; (bso#14874);
    * Correctly ignore comments in CTDB public addresses file;
    * Fix transit path validation; (bso#12998);
    * Fix that child winbindd logs to log.winbindd instead of
    log.wb-<DOMAIN>; (bso#14852);
    * SMB3 cancel requests should only include the MID together with
    AsyncID when AES-128-GMAC is used; (bso#14855);
    * Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
    * Heimdal prefers RC4 over AES for machine accounts; (bso#14864);
* Wed Oct 13 2021 David Mulder <>
  - Enable samba-tool without ad dc.
* Thu Sep 30 2021 Noel Power <>
  -  Adjust spec to use pam macros; (bsc#1191046).
* Wed Sep 29 2021 Noel Power <>
  - Adjust spec for size
    * allow some Recommends instead Requires to be configured
      for cifs-utils, samba-libs-python3 & samba-gpupdate;
    * remove fam, undocumented and unneeded.
* Thu Sep 23 2021 Samuel Cabrero <>
  - Add missing build dependency on bison when building with the
    embedded Heimdal Kerberos
* Mon Sep 20 2021 Samuel Cabrero <>
  - Update to 4.15.0
    * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
    * VFS layer modernized.
    * Add the ability to set allow/deny lists for zone transfer clients
      in Bind DLZ plugin
    * Server multi-channel support no longer experimental
    * Improved command line user experience, unifying the options in
      different commands
    * Winbindd no longer scans trusted domains on startup and will use
      enterprise principals by default.
    * The net utility is now able to support the offline domain join feature
    * New options for 'samba-tool dns zoneoptions' for aging control
      and to mark old records as static or dynamic
    * DNS tombstones are now deleted as appropriate and use a consistent
      timestamp format
    * The 'samba-tool dns update' command validates and rejects now malformed
      IPv4 and IPv6 addresses
    * The 'samba-tool domain backup' command correctly takes out locks
      against concurrent modification during backup when using the LMDB
    * TruACL support has been removed
    * NIS support has been removed
* Thu Sep 16 2021 Samuel Cabrero <>
  - Update to 4.14.7
    * smbd panic on force-close share during offload write; (bso#14769);
    * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
    * Fix returned attributes on fake quota file handle and avoid hitting
      the VFS; (bso#14731);
    * vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
    * Fix build on Solaris; (bso#14774);
    * Make dos attributes available for unreadable files; (bso#14654);
    * Work around special SMB2 READ response behavior of NetApp Ontap
      7.3.7; (bso#14607);
    * Start the SMB encryption as soon as possible; (bso#14793);
* Tue Aug 17 2021 David Mulder <>
  - Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).
* Fri Jul 23 2021 David Mulder <>
  - Update to 4.14.6
    * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
    * smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
    * s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
    * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
      change_file_owner_to_parent() error path; (bso#14736).
    * NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
      glusterfs VFS module; (bso#14730).
    * s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
    * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
    * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
    * smbXsrv_{open,session,tcon}: protect
      smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
    * samba-tool domain backup offline doesn't work against bind DLZ
      backend; (bso#14027).
    * netcmd: Use next_free_rid() function to calculate a SID for
      restoring a backup; (bso#14669).
* Tue Jun 01 2021 Samuel Cabrero <>
  - Update to 4.14.5
    * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
    * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
      ACL for directory handles; (bso#14708);
    * s3: smbd: Fix uninitialized memory read in process_symlink_open()
      when used with vfs_shadow_copy2(); (bso#14721);
    * docs: Expand the "log level" docs on audit logging; (bso#14689);
    * smbd: Correctly initialize close timestamp fields; (bso#14714);
    * Fix gcc11 compiler issues; (bso#14699);
    * docs-xml: Update smbcacls manpage; (bso#14718);
    * docs: Update list of available commands in rpcclient; (bso#14719);
    * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
    * s3:winbind: For 'security = ADS' require realm/workgroup to be set;
    * lib:replace: Do not build strndup test with gcc 11 or newer;
* Thu Apr 29 2021 Noel Power <>
  - Update to 4.14.4
    * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
      (bso#14571); (bsc#1184677).
  - Update to 4.14.3
    * s3:modules:vfs_virusfilter: Recent New_VFS changes break
      vfs_virusfilter_openat; (bso#14671).
    * build: Notice if flex is missing at configure time; (bso#14586).
    * Fix smbd panic when two clients open same file; (bso#14672).
    * Fix memory leak in the RPC server; (bso#14675).
    * s3: smbd: fix deferred renames; (bso#14679).
    * s3-iremotewinspool: Set the per-request memory context;
    * Fix memory leak in the RPC server; (bso#14675).
    * third_party: Update socket_wrapper to version 1.3.2;
    * third_party: Update socket_wrapper to version 1.3.3;
    * samba-gpupdate: Test that sysvol paths download in
      case-insensitive way; (bso#14665).
    * smbd: Ensure errno is preserved across fsp destructor;
    * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
      conflict; (bso#14663).
    * build: Only add -Wl,--as-needed when supported; (bso#14288).
* Wed Mar 31 2021 Samuel Cabrero <>
  - Update to 4.14.2
    * Release with dependency on ldb version 2.3.0.
  - Update to 4.14.1
    * CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655);
    * CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs;
  - Update to 4.14.0
    * VFS layer modernized.
    * Printers publishing in AD improved.
    * Client group policies support for sudoers configuration and
      cron jobs.
    * Improved consistency of samba-tool subcommands.
    * CTDB now uses the terms leader and follower instead of master and
      slave. Configuration options have changed accordingly.
    * The ctdb isnotrecmaster command is removed.
    * For details on all items see WHATSNEW.txt in samba-doc package.
* Mon Mar 01 2021 Samuel Cabrero <>
  - Spec file fixes around systemd and requires; (bsc#1182830);
  - Align systemd service unit files with upstream provided ones.
* Tue Jan 26 2021 Samuel Cabrero <>
  - Update to 4.13.4
    * Work around special SMB2 IOCTL response behavior of NetApp Ontap
      7.3.7; (bso#14607);
    * Temporary DFS share setup doesn't set case parameters in the same
      way as a regular share definition does; (bso#14612);
    * lib: Avoid declaring zero-length VLAs in various messaging functions;
    * Do not create an empty DB when accessing a sam.ldb; (bso#14579);
    * vfs_fruit may close wrong backend fd; (bso#14596);
    * Temporary DFS share setup doesn't set case parameters in the same way
      as a regular share definition does; (bso#14612);
    * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
    * vfs_fruit may close wrong backend fd; (bso#14596);
    * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
    * The cache directory for the user gencache should be created recursively;
    * Be more flexible with repository names in CentOS 8 test environments;
* Mon Dec 28 2020 Samuel Cabrero <>
  - Uninstalling samba-client: Failed to disable unit, cifs.service
    does not exists; (bsc#1180388);
* Wed Dec 16 2020 Samuel Cabrero <>
  - Update to 4.13.3
    + libcli: smb2: Never print length if smb2_signing_key_valid() fails for
      crypto blob; (bso#14210);
    + s3: modules: gluster. Fix the error I made in preventing talloc leaks
      from a function; (bso#14486);
    + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
      via TALLOC_FREE(); (bso#14515);
    + s3: spoolss: Make parameters in call to user_ok_token() match all other
      uses; (bso#14568);
    + s3: smbd: Quiet log messages from usershares for an unknown share;
    + samba process does not honor max log size; (bso#14248);
    + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
    + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
    + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
    + smbclient: Fix recursive mget; (bso#14517);
    + clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
    + manpages/vfs_glusterfs: Mention silent skipping of write-behind
      translator; (bso#14486);
    + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
    + interface: Fix if_index is not parsed correctly; (bso#14514);
* Mon Nov 16 2020 Samuel Cabrero <>
  - Update to 4.13.2
    + s3: modules: vfs_glusterfs: Fix leak of char **lines onto
      mem_ctx on return; (bso#14486);
    + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    + smb.conf.5: Add clarification how configuration changes reflected
      by Samba; (bso#14538);
    + daemons: Report status to systemd even when running in foreground;
    + DNS Resolver: Support both dnspython before and after 2.0.0;
    + s3-vfs_glusterfs: Refuse connection when write-behind xlator is
      present; (bso#14486);
    + provision: Add support for BIND 9.16.x; (bso#14487);
    + ctdb-common: Avoid aliasing errors during code optimization;
    + libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
    + docs: Fix default value of spoolss:architecture; (bso#14522);
    + winbind: Fix a memleak; (bso#14388);
    + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
    + docs-xml/manpages: Add warning about write-behind translator for
      vfs_glusterfs; (bso#14486);
    + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
    + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
    + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
    + examples:auth: Do not install example plugin; (bso#14550);
    + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
    + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
* Thu Nov 05 2020 Noel Power <>
  - Adjust smbcacls '--propagate-inheritance' feature to align with
    upstream; (bsc#1178469).
* Tue Oct 06 2020 Samuel Cabrero <>
  - Update to samba 4.13.1
    + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
      easily crafted records; (bsc#1177613); (bso#14472);
    + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
    + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
      (bsc#1173902); (bso#14434);
  - Adjust systemd tmpfiles.d configuration, use /run/samba instead of
    /var/run/samba; (bsc#1177355);
* Mon Oct 05 2020 David Disseldorp <>
  - Fix vfs_ceph query_directory regression; (bso#14519)
  - Drop liburing-devel for SLE15-SP2; (bsc#1177245)
* Thu Sep 24 2020 David Disseldorp <>
  - Register CTDB recovery lock holder with ceph-mgr
  - Add liburing-devel dependency
* Tue Sep 22 2020 David Disseldorp <>
  - Update to samba 4.13.0
    + Require Python 3.6
    + Move wide links functionality into VFS module
    + Deprecate NT4-like 'classic' Samba domain controllers
    + Deprecate SMBv1 only protocol options
    + Remove deprecated "ldap ssl ads" option
    + Unify asynchronous DCE-RPC server; (jsc#SES-645)
    + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
    + Drop internal byteorder.h header from util-devel package
    + Remove final code for the AD DC LDAP backend
    + Add AD DC Group Policy Scripts
    + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
    + Fix %U substitutions if it contains a domain name; (bso#14467)
    + Fix krb5.conf creation for 'net ads join'; (bso#14479)
    + Fix build problem if libbsd-dev is not installed; (bso#14482)
    + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
    + Fix idmap_ad RFC4511 response handling; (bso#14465)
    + Fix panic in get_lease_type(); (bso#14428)
* Fri Sep 18 2020 Samuel Cabrero <>
  - Update to samba 4.12.7
    + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
      netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
      "server require schannel:WORKSTATION$ = no" about unsecure configurations;
      (bsc#1176579); (bso#14497);
    + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
      challenge; (bsc#1176579); (bso#14497);
    + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
      netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
      (bsc#1176579); (bso#14497);
  - Update to samba 4.12.6
    + s3: libsmb: Fix SMB2 client rename bug to a Windows server;
    + dsdb: Allow "password hash userPassword schemes = CryptSHA256"
      to work on RHEL7; (bso#14424).
    + dbcheck: Allow a dangling forward link outside our known NCs;
    + lib/debug: Set the correct default backend loglevel to
      MAX_DEBUG_LEVEL; (bso#14426).
    + PANIC: Assert failed in get_lease_type(); (bso#14428).
    + util: Fix build on AIX by fixing the order of replace.h include;
    + srvsvc_NetFileEnum asserts with open files; (bso#14355).
    + KDC breaks with DES keys still in the database and
      msDS-SupportedEncryptionTypes 31 indicating support for it;
    + s3:smbd: Make sure vfs_ChDir() always sets
      conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).
    + PANIC: Assert failed in get_lease_type(); (bso#14428).
    + docs: Fix documentation for require_membership_of of
      pam_winbind.conf; (bso#14358).
    + ctdb-scripts: Use nfsconf utility for variable values in CTDB
      NFS scripts; (bso#14444).
    + s3:winbind:idmap_ad: Make failure to get attrnames for schema
      mode fatal; (bso#14425).
* Tue Jul 28 2020 Thorsten Kukuk <>
  - Don't install SuSEfirewall2 services, we don't have that package
* Thu Jul 02 2020 Noel Power <>
  - Update to samba 4.12.5
    + Fix smbd panic on force-close share during async
      io; (bso#14301).
    + Fix segfault when using SMBC_opendir_ctx() routine for
      share folder that contains incorrect symbols in any
      file name; (bso#14374)
    + Fix DFS links; (bso#14391).
    + Can't use DNS functionality after a Windows DC has been
      in domain; (bso#14310).
    + ldapi search to FreeIPA crashes; (bso#14413).
    + Add net-ads-join dnshostname=fqdn option; (bso#14396)
    + Fix adding msDS-AdditionalDnsHostName to keytab with
      Windows DC; (bso#14406).
    + docs-xml: Update list of posible VFS operations for
      vfs_full_audit; (bso#14386).
    + winbindd: Fix a use-after-free when winbind clients exit;
    + Client tools are not able to read gencache anymore;
* Thu Jul 02 2020 Noel Power <>
  - Update to samba 4.12.4
    + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
      ASQ and VLV combined; (bso#14364); (bsc#1173159)
    + CVE-2020-10745: invalid DNS or NBT queries containing dots use
      several seconds of CPU each; (bso#14378); (bsc#1173160).
    + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
      server with paged_result or VLV; (bso#14402); (bsc#1173161)
    + CVE-2020-14303: Endless loop from empty UDP packet sent to
      AD DC nbt_server; (bso#14417); (bsc#1173359).
* Sat May 30 2020 Marcus Meissner <>
  - add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)
* Thu May 28 2020 Samuel Cabrero <>
  - Add system-user-nobody to samba package requirements
* Wed May 20 2020 Samuel Cabrero <>
  - Update to samba 4.12.3
    + Fix smbd panic on force-close share during async io; (bso#14301);
    + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
    + Fix smbd crashes when MacOS Catalina connects if iconv initialization
      fails; (bso#14372);
    + Exporting from macOS Adobe Illustrator creates multiple copies;
    + smbd does a chdir() twice per request; (bso#14256);
    + smbd mistakenly updates a file's write-time on close; (bso#14320);
    + vfs_shadow_copy2: implement case canonicalisation in
      shadow_copy2_get_real_filename(); (bso#14350);
    + Fix Windows 7 clients problem after upgrading samba file server;
    + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
    + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
    + mit-kdc: Explicitly reject S4U requests; (bso#14342);
    + dbwrap_watch: Set rec->value_valid while returning nested
      share_mode_do_locked(); (bso#14352);
    + lib:util: Fix smbclient -l basename dir; (bso#14345);
    + s3:libads: Fix ads_get_upn(); (bso#14336);
    + ctdb: Fix a memleak; (bso#14348);
    + Malicous SMB1 server can crash libsmbclient; (bso#14366);
    + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
    + s3/librpc/crypto: Fix double free with unresolved credential cache;
    + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358);
* Mon May 11 2020 David Mulder <>
  - Installing: samba - samba-ad-dc.service does not exist and unit
    not found; (bsc#1171437);
* Mon May 04 2020 Samuel Cabrero <>
  - libsmb: Don't try to find posix stat info in SMBC_getatr();
    (bso#14101); (bsc#1169242);
* Wed Apr 29 2020 Noel Power <>
  - Move to samba-libs package, this was
    initially erroneously located in  samba-ad-dc.
* Tue Apr 28 2020 Noel Power <>
  - Update to samba 4.12.2
    + CVE-2020-10700: A client combining the 'ASQ' and
      'Paged Results' LDAP controls can cause a use-after-free
      in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
    + CVE-2020-10704: A deeply nested filter in an un-authenticated
      LDAP search can exhaust the LDAP server's stack memory causing
      a SIGSEGV; (bso#14334); (bsc#1169851).
* Mon Apr 13 2020 Samuel Cabrero <>
  - Update to samba 4.12.1
    + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
    + samba-tool group: Handle group names with special chars correctly;
    + Add missing check for DMAPI offline status in async DOS attributes;
    + Starting ctdb node that was powered off hard before results in recovery
      loop; (bso#14295);
    + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    + vfs_recycle: Prevent flooding the log if we're called on non-existant
      paths; (bso#14316);
    + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
    + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    + fruit:time machine max size is broken on arm; (bso#13622);
    + CTDB recovery corner cases can cause record resurrection and node
      banning; (bso#14294);
    + s3/utils: Fix double free error with smbtree; (bso#14332);
    + CTDB recovery corner cases can cause record resurrection and node
      banning; (bso#14294);
    + Starting ctdb node that was powered off hard before results in recovery
      loop; (bso#14295);
    + CTDB recovery daemon can crash due to dereference of NULL pointer;
* Wed Mar 25 2020 Noel Power <>
  - s3: libsmbclient.h: add missing time.h include to fix
    ffmpeg build and make it compatible with -std=c99.
* Mon Mar 16 2020 Noel Power <>
  - ndrdump tests: Make the tests less fragile
  - python/samba/gp_parse: Fix test errors with python3.8
* Fri Mar 13 2020 Noel Power <>
  - Starting ctdb node that was powered off hard before results
    in recovery loop; (bso#14295); (bsc#1162680).
* Fri Mar 06 2020 Noel Power <>
  - Update to samba 4.12.0
    + For details on all items see WHATSNEW.txt in samba-doc
    + Samba 4.12 raises this minimum version to Python
    + Samba now requires GnuTLS 3.4.7 to be installed.
    + New Spotlight backend for Elasticsearch.
    + Retiring DES encryption types in Kerberos. With this release,
      support for DES encryption types has been removed from
      Samba, and setting DES_ONLY flag for an account will cause
      Kerberos authentication to fail for that account (see
    + Samba-DC: DES keys no longer saved in DB.
    + The netatalk VFS module has been removed.
    + The BIND9_FLATFILE DNS backend is deprecated in this release
      and will be removed in the future.
    + CTDB changes
      + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
    + Bugs
    + Retire DES encryption types in Kerberos; (bso#14202);
    + dsdb: Correctly handle memory in objectclass_attrs;
    + s3: DFS: Don't allow link deletion on a read-only share;
    + pidl/wscript: configure should insist on Parse::Yapp::Driver;
    + smbd fails to handle EINTR from open(2) properly;
    + ldb: version 2.1.1; (bso#14270)).
    + vfs: Set getting and setting of MS-DFS redirects on the
      filesystem to go through two new VFS functions
      SMB_VFS_READ_DFS_PATHAT(); (bso#14282).
    + bootstrap: Remove un-used dependency python3-crypto;
    + Fix CID 1458418 and 1458420; (bso#14247).
    + lib: Fix a shutdown crash with "clustering = yes";
    + Winbind member (source3) fails local SAM auth with empty
      domain name; (bso#14247).
    + winbindd: Handle missing idmap in getgrgid(); (bso#14265).
    + Don't use forward declaration for GnuTLS typedefs; (bso#14271).
    + Add io_uring vfs module; (bso#14280).
    + libcli:smb: Improve check for
      gnutls_aead_cipher_(en|de)cryptv2; (bso#14250).
    + s3: lib: nmblib. Clean up and harden nmb packet processing;
    + lib:util: Log mkdir error on correct debug levels; (bso#14253).
* Sun Feb 02 2020 Thorsten Kukuk <>
  - Remove unused pwdutils buildrequires
* Thu Jan 30 2020 Samuel Cabrero <>
  - Update to samba 4.11.6
    + pygpo: Use correct method flags; (bso#14209);
    + Avoiding bad call flags with python 3.8, using METH_NOARGS
      instead of zero; (bso#14209);
    + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    + smbd: Fix the build with clang; (bso#14251);
    + upgradedns: Ensure lmdb lock files linked; (bso#14199);
    + s3: VFS: glusterfs: Reset nlinks for symlink entries during
      readdir; (bso#14182);
    + smbc_stat() doesn't return the correct st_mode and also the
      uid/gid is not filled (SMBv1) file; (bso#14101);
    + librpc: Fix string length checking in ndr_pull_charset_to_null();
    + ctdb-scripts: Strip square brackets when gathering connection info;
* Tue Jan 21 2020 Samuel Cabrero <>
  - Fix nmbstatus not reporting detailed information about workgroups;
  - Fix querying all names registered within broadcast area; (bso#8927);
* Tue Jan 21 2020 Noel Power <>
  - Update to samab 4.11.5
    + CVE-2019-14902: Replication of ACLs down subtree on
      AD Directory is not automatic; (bso#12497); (bsc#1160850).
    + CVE-2019-19344: Fix  server crash with
      dns zone scavenging = yes; (bso#14050); (bsc#1160852).
    + CVE-2019-14907: server-side crash after charset conversion
      failure (eg during NTLMSSP processing); (bso#14208);
  - Update to samba 4.11.4
    + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
    + Ensure we don't call cli_RNetShareEnum() on an SMB1
      connection; (bso#14174).
    + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
      SMBC_opendir_ctx; (bso#14176).
    + SMB2 - Ensure we use the correct session_id if encrypting
      an interim response; (bso#14189).
    + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
    + printing: Fix %J substition; (bso#13745).
    + Remove now unneeded call to cmdline_messaging_context();
    + Fix incomplete conversion of former parametric options;
    + Fix sync dosmode fallback in async dosmode codepath;
    + vfs_fruit returns capped resource fork length; (bso#14171).
    + libnet_join: Add SPNs for additional-dns-hostnames entries;
    + smbd: Increase a debug level; (bso#14211).
    + Prevent azure ad connect from reporting discovery errors
      reference-value-not-ldap-conformant; (bso#14153).
    + krb5_plugin: Fix developer build with newer heimdal system
      library; (bso#14179).
    + replace: Only link libnsl and libsocket if required;
    + ctdb: Incoming queue can be orphaned causing communication;
      breakdown; (bso#14175).
    + ldb: Release ldb 2.0.8. Cross-compile will not take
      cross-answers or cross-execute; (bso#13846).
    + heimdal-build: Avoid hard-coded /usr/include/heimdal in
      asn1_compile-generated code; (bso#13856).
* Fri Dec 20 2019 David Disseldorp <>
  - Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).
* Tue Dec 10 2019 Noel Power <>
  - Update to samba 4.11.3
    + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
      can crash the DCE/RPC DNS management server by creating records
      with matching the zone name; (bso#14138); (bsc#1158108).
    + CVE-2019-14870: DelegationNotAllowed not being enforced, the
      DelegationNotAllowed Kerberos feature restriction was not being
      applied when processing protocol transition requests (S4U2Self),
      in the AD DC KDC; (bso#14187); (bsc#1158109).
* Tue Oct 29 2019 Jim McDonough <>
  - Update to samba 4.11.2
    + CVE-2019-10218: Client code can return filenames containing
      path separators; (bsc#1144902); (bso#14071).
    + CVE-2019-14833: Samba AD DC check password script does not
      receive the full password; (bso#12438).
    + CVE-2019-14847: User with "get changes" permission can crash
      AD DC LDAP server via dirsync; (bso#14040).
  - Fixes from 4.11.1
    + Overlinking libreplace against librt and pthread against every
      binary or library causes issues; (bso#14140);
    + kpasswd fails when built with MIT Kerberos; (bso#14155);
    + Fix spnego fallback from kerberos to ntlmssp in smbd server;
    + Stale file handle error when using mkstemp on a share; (bso#14137);
    + non-AES schannel broken; (bso#14134);
    + Joining Active Directory should not use SAMR to set the password;
    + smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
      call on an SMB2 connection; (bso#14152);
    + Deleted records can be resurrected during recovery; (bso#14147);
    + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
    + winbind does not list forest trusts with additional trust
      attributes; (bso#14130);
    + fault report points to outdated documentation; (bso#14139);
    + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
      trusted domains/forests; (bso#14124);
    + classicupgrade results in uncaught exception - a bytes-like object
      is required, not 'str'; (bso#14136);
    + pod2man is not longer required, stop checking at build time;
    + Exit code of ctdb nodestatus should not be influenced by deleted
      nodes; (bso#14129);
    + username/password authentication doesn't work with CUPS and
      smbspool; (bso#14128);
    + smbc_readdirplus() is incompatible with smbc_telldir() and
      smbc_lseekdir(); (bso#14094);
* Sat Oct 05 2019 James McDonough <>
  - Update to samba 4.11.0
    + For details on all items see WHATSNEW.txt in samba-doc
    + Python2 runtime support removed; python 3.4 or later required
    + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
    + CephFS Snapshot integration, exposed as previous file
    + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
    + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
    - many performance improvements
    + Configuration webserver support removed
* Tue Sep 03 2019 Samuel Cabrero <>
  - Update to samba 4.10.8
    + CVE-2019-10197: user escape from share path definition;
      (bso#14035); (bsc#1141267);
* Fri Aug 30 2019 Noel Power <>
  - Fix build on newer systems by modifying samba.spec to use
    consistent non-relative paths for pammodules in configure line
    and specification of library to package.
* Tue Aug 27 2019 Noel Power <>
  - Update to samba 4.10.7
    + Unable to create or rename file/directory inside shares
      configured with vfs_glusterfs_fuse module; (bso#14010).
    + build: Allow build when '--disable-gnutls' is set; (bso#13844)
    + samba-tool: Add 'import samba.drs_utils' to;
    + Fix 'Error 32 determining PSOs in system' message on old DB
      with FL upgrade; (bso#14008).
    + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
    + join: Use a specific attribute order for the DsAddEntry
      nTDSDSA object; (bso#14046).
    + vfs_catia: Pass stat info to synthetic_smb_fname();
    + lookup_name: Allow own domain lookup when flags == 0;
    + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    + DEBUGC and DEBUGADDC doesn't print into a class specific log
      file; (bso#13915).
    + Request to keep deprecated option "server schannel",
      VMWare Quickprep requires "auto"; (bso#13949).
    + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    + dnsProperty fails to decode values from older Windows versions;
    + samba-tool: Use only one LDAP modify for dns partition fsmo
      role transfer; (bso#13973).
    + third_party: Update waf to version 2.0.17; (bso#13960).
    + netcmd: Allow 'drs replicate --local' to create partitions;
    + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).
* Wed Aug 07 2019 npower <>
  - Prepare for use future use of kernel keyrings, modify
    /etc/pam.d/samba to include; (bsc#1144059).
* Thu Aug 01 2019 Samuel Cabrero <>
  - Update samba-winbind script to work with systemd; (bsc#1132739);
  - Drop samba dhcpcd hook scripts
  - Update to samba 4.10.6
    + s3: winbind: Fix crash when invoking winbind idmap scripts;
    + smbd does not correctly parse arguments passed to dfree and quota
      scripts; (bso#13964).
    + samba-tool dns: use bytes for inet_ntop; (bso#13965).
    + samba-tool domain provision: Fix --interactive module in python3;
    + ldb_kv: Skip @ records early in a search full scan; (bso#13893).
    + docs: Improve documentation of "lanman auth" and "ntlm auth"
      connection; (bso#13981).
    + python/ntacls: Use correct "state directory" smb.conf option instead
      of "state dir"; (bso#14002).
    + registry: Add a missing include; (bso#13840).
    + Fix SMB guest authentication; (bso#13944).
    + AppleDouble conversion breaks Resourceforks; (bso#13958).
    + vfs_fruit makes direct use of syscalls like mmap() and pread();
    + s3:mdssvc: Fix flex compilation error; (bso#13987).
    + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
    + dsdb:samdb: schemainfo update with relax control; (bso#13799).
    + s3:util: Move static file_pload() function to lib/util; (bso#13964).
    + smbd: Fix a panic; (bso#13957).
    + ldap server: Generate correct referral schemes; (bso#12478).
    + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
    + s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
    + dsdb/repl: we need to replicate the whole schema before we can apply it;
    + ldb: Release ldb 1.5.5; (bso#12478).
    + Schema replication fails if link crosses chunk boundary backwards;
    + 'samba-tool domain schemaupgrade' uses relax control and skips the
      schemaInfo update provision; (bso#13799).
    + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
      ..."; (bso#13916).
    + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
      get the ACL; (bso#13917).
    + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
    + Using Kerberos credentials to print using spoolss doesn't work;
    + wafsamba: Use native waf timer; (bso#13998).
    + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).
* Wed Jun 19 2019 Noel Power <>
  - Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
    + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
      in DnssrvOperation2; (bso#13922); (bsc#1137815).
    + CVE-2019-12436 dsdb/paged_results: Ignore successful results
      without messages; (bso#13951); (bsc#1137816).
  - Update to samba-4.10.4
    + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
    + py/provision: Fix for Python 2.6; (bso#13882).
    + netcmd: Fix 'passwordsettings --max-pwd-age' command;
    + s3-libnet_join: 'net ads join' to child domain fails when
      using "-U admin@forestroot"; (bso#13861).
    + vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
      (bso#13896); (bsc#1130245).
    + vfs_ceph: Fix cephwrap_flistxattr() debug message;
      (bso#13940); (bsc#1134697).
    + ctdb-common: Avoid race between fd and signal events;
    + ctdb-common: Fix memory leak in run_proc; (bso#13943).
    + lib: Initialize getline() arguments; (bso#13892).
    + winbind: Fix overlapping id ranges; (bco#13903).
    + lib util debug: Increase format buffer to 4KiB; (bso#13902).
    + nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
    + s4 lib socket: Ensure address string owned by parent struct;
    + s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
    + s3:smbd: Handle IO_REPARSE_TAG_DFS in
    + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
    + smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
    + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
    + smb2_sesssetup: avoid STATUS_PENDING responses for session
      setup; (bso#13796).
    + dbcheck: Fix the err_empty_attribute() check; (bso#13843).
    + vfs_snapper: Drop unneeded fstat handler; (bso#13858).
    + vfs_default: Fix vfswrap_offload_write_send()
      NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
    + smb2_server: Grant all 8192 credits to clients; (bso#13863).
    + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
    + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
    + s3: modules: ceph: Use current working directory instead of
      share path; (bso#13918); (bsc#1134452).
    + winbind: Use domain name from lsa query for sid_to_name cache
      entry; (bso#13831).
    + memcache: Increase size of default memcache to 512k;
    + docs: Update smbclient manpage for "--max-protocol";
    + s3:utils: If share is NULL in smbcacls, don't print it;
    + s3:smbspool: Fix regression printing with Kerberos credentials;
    + ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
      which is incompatible with systemd; (bso#13860).
    + ctdb-daemon: Revert "We can not assume that just because we
      could complete a TCP handshake"; (bso#13888).
    + ctdb-daemon: Never use 0 as a client ID; (bso#13930).
    + ctdb-common: Fix memory leak; (bso#13943).
    + s3:debug: Enable logging for early startup failures;
  - Update to samba-4.10.3
    + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
      checksum; (bso#13685); (bsc#1134024).
* Tue May 14 2019 David Disseldorp <>
  - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
  - Add ceph_snapshots VFS module; (jsc#SES-183).
* Wed May 08 2019 David Disseldorp <>
  - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).
* Wed Apr 17 2019 npower <>
  - Update to samba-4.10.2:
    + CVE-2019-3870 (World writable files in
      Samba AD DC private/ dir); (bso#13834).
    + CVE-2019-3880 (Save registry file outside share as
      unprivileged user); (bso#13851).
    + py/kcc_utils: py2.6 compatibility; (bso#13837).
    + libcli: permit larger values of DataLength in
      SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    + regfio: Improve handling of malformed registry hive files;
    + ctdb-version: Simplify version string usage; (bso#13789).
    + lib: Make fd_load work for non-regular files; (bso#13859).
    + dbcheck: in the middle of the tombstone garbage collection
      causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
    + ndr_spoolss_buf: Fix out of scope use of stack variable in
      NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
    + s4/messaging: Fix undefined reference in linking; (bso#13854).
    + acl_read: Fix regression for empty lists; (bso#13836).
    + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
    + s3:client: Fix printing via smbspool backend with kerberos
      auth; (bso#13832).
    + s4:librpc: Fix installation of Samba; (bso#13847).
    + s3:lib: Fix the debug message for adding cache entries;
    + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    + s3:lib: Fix the debug message for adding cache entries;
    + s3:waf: Fix the detection of makdev() macro on Linux;
    * ctdb-build: Drop creation of .distversion in tarball;
    * ctdb-packaging: Test package requires tcpdump, ctdb package
      should not own system library directory;  (bso#13838).
  - Update to samba-4.10.1:
    + py/kcc_utils: py2.6 compatibility; (bso#13837);
    + libcli: permit larger values of DataLength in
      SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
    + regfio: Improve handling of malformed registry hive files; (bso#13840);
    + ctdb-version: Simplify version string usage; (bso#13789);
    + lib: Make fd_load work for non-regular files; (bso#13859);
    + dbcheck in the middle of the tombstone garbage collection causes
      replication failures, dbcheck: add --selftest-check-expired-tombstones
      cmdline option; (bso#13816);
    + ndr_spoolss_buf: Fix out of scope use of stack variable in
      NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
    + s4/messaging: Fix undefined reference in linking; (bso#13854);
    + acl_read: Fix regression for empty lists; (bso#13836);
    + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
    + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
    + s4:librpc: Fix installation of Samba; (bso#13847);
    + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
    + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
    + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
    + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
    + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
    + ctdb-packaging: Test package requires tcpdump, ctdb package
      should not own system library directory; (bso#13838);
  - Update to samba-4.10.0:
    + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
    + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
    + s4/scripting/bin: Open unicode files with utf8 encoding and write
    + unicode string.
    + sambaundoguididx: Use the right escaped oder unescaped sam ldb
      files; (bso#13759);
    + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
    + passdb: Update ABI to 0.27.2.
    + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
    + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
* Sun Apr 14 2019 David Disseldorp <>
  - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).
* Tue Apr 02 2019 npower <>
  - CVE-2019-3880: Save registry file outside share as unprivileged
    user; (bso#13851); (bsc#1131060 ).
* Wed Mar 27 2019 David Mulder <>
  - Update to samba-4.9.5
    + audit_logging: Remove debug log header and JSON Authentication:
      prefix; (bso#13714);
    + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
    + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
      CID: 1433607; (bso#11495);
    + smbd: uid: Don't crash if 'force group' is added to an existing
      share connection; (bso#13690);
    + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
      code; (bso#13770);
    + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
    + s3:utils/smbget fix recursive download with empty source
      directories; (bso#13199);
    + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
    + s3:libsmb: cli_smb2_list() can sometimes fail initially on a
      connection; (bso#13736);
    + join: Throw CommandError instead of Exception for simple errors; (bso#13747);
    + ldb: Avoid inefficient one-level searches; (bso#13762);
    + s3: libsmb: use smb2cli_conn_max_trans_size() in
      cli_smb2_list(); (bso#13736);
    + tldap: Avoid use after free errors; (bso#13776);
    + Fix idmap xid2sid cache churn; (bso#13802);
    + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
    + s3-smbd: Avoid assuming fsp is always intact after close_file
      call; (bso#13720);
    + s3-vfs-fruit: Add close call; (bso#13725);
    + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
    + s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
    + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
    + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
      ftruncate and fallocate; (bso#13807);
    + lib/audit_logging: Actually create talloc; (bso#13737);
    + netcmd/user: python[3]-gpgme unsupported and replaced by
      python[3]-gpg; (bso#13728);
    + dns: Changing onelevel search for wildcard to subtree; (bso#13738);
    + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
    + sambaundoguididx: Use the right escaped oder unescaped sam ldb
      files; (bso#13759);
    + ctdb: Print locks latency in machinereadable stats; (bso#13742);
    + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
    + audit_logging: auth_json_audit required auth_json; (bso#13715);
    + man pages: Document prefork process model; (bso#13765);
    + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
    + s3:auth: ignore create_builtin_guests() failing without a valid
      idmap configuration; (bso#13697);
    + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
      without trusts; (bso#13722);
    + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
      is not available; (bso#13723);
    + s4:server: Add support for 'smbcontrol samba shutdown' and
      'smbcontrol <pid> debug/debuglevel'; (bso#13752);
    + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
    + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
    + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
    + notifyd: Fix SIGBUS on sparc; (bso#13704);
    + waf: Check for libnscd; (bso#13787);
    + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
    + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
    + Recovery lock bug fixes; (bso#13800);
    + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
    + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
    + vfs_fileid: Fix get_connectpath_ino; (bso#13741);
    + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);
* Mon Mar 04 2019 David Disseldorp <>
  - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
* Fri Feb 22 2019 Samuel Cabrero <>
  - Fix update-apparmor-samba-profile script after apparmor switched
    to using named profiles. The change is backwards compatible;
* Thu Feb 07 2019 David Mulder <>
  - LoadParm().load_default() fails with "Unable to load default file";
* Thu Feb 07 2019
  - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
* Mon Feb 04 2019 Samuel Cabrero <>
  - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
    (bso#13173); (bsc#1123755);
  - s3:winbind: Fix regression introduced with bso #12851;
    (bso#12851); (bsc#1123755);
* Tue Jan 08 2019
  - Update to samba-4.9.4
    + libcli/smb: Don't overwrite status code; (bso#9175).
    + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
    + Session setup reauth fails to sign response; (bso#13661).
    + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
    + vfs_shadow_copy2: Nicely deal with attempts to open previous
      version for writing; (bso#13688).
    + Restoring previous version of stream with vfs_shadow_copy2 fails
      with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
    + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
    + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
    + PEP8: fix E231: missing whitespace after ','.
    + winbindd: Fix crash when taking profiles;(bso#13629)
    + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
      regression; (bso#13600)
    + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
    + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
    + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
    + ctdb-daemon: Exit with error if a database directory does not
      exist; (bso#13696).
    + s3:libads: Add net ads leave keep-account option; (bso#13498).



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 3 00:14:55 2023