Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

samba-ad-dc-libs-32bit-4.17.4+git.314.7b07e3c51a6-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: samba-ad-dc-libs-32bit Distribution: openSUSE Tumbleweed
Version: 4.17.4+git.314.7b07e3c51a6 Vendor: openSUSE
Release: 1.1 Build date: Wed Jan 25 19:40:54 2023
Group: Development/Libraries/C and C++ Build host: cumulus3
Size: 2778961 Source RPM: samba-4.17.4+git.314.7b07e3c51a6-1.1.src.rpm
Summary: Samba Active Directory Domain Controller libraries
This package contains the Active Directory-compatible Domain Controller






* Mon Jan 23 2023 Noel Power <>
  - libdsdb-module-samba4 should be packaged as part of samba-libs and
    not samba-ad-dc-libs. Additionally no need for it to be
    removed conditionally.
* Thu Jan 12 2023 Noel Power <>
  - Clean up logic for PAM migration settings in spec file.
* Wed Jan 04 2023 Stefan Schubert <>
  - Migration of PAM settings to /usr/lib/pam.d.
* Wed Dec 21 2022 Noel Power <>
  - Change with_dc default to 0 (for non TW builds).
* Thu Dec 15 2022 Samuel Cabrero <>
  - Update to 4.17.4
    * CVE-2022-44640 Upstream Heimdal free of user-controlled
      pointer in FAST; (bsc#14929);
    * CVE-2021-20251 Bad password count not incremented atomically;
    * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
    * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
      modern servers; (bso#15237);
    * CVE-2022-37967 Kerberos constrained delegation ticket forgery
      possible against Samba AD DC; (bso#15231);
    * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
      and should be avoided; (bso#15240);
    * pam_winbind uses time_t and pointers assuming they are of the
      same size; (bso#15224);
    * Heimdal session key selection in AS-REQ examines wrong entry;
    * filter-subunit is inefficient with large numbers of
      knownfails; (bso#15258);
    * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
    * The KDC logic arround msDs-supportedEncryptionTypes differs
      from Windows; (bso#13135);
    * libnet: change_password() doesn't work with
      dcerpc_samr_ChangePasswordUser4(); (bso#15206);
    * Heimdal session key selection in AS-REQ examines wrong entry;
    * Memory leak in snprintf replacement functions; (bso#15230);
    * RODC doesn't reset badPwdCount reliable via an RWDC
      (CVE-2021-20251 regression); (bso#15253);
    * Prevent EBADF errors with vfs_glusterfs; (bso#15198);
    * %U for include directive doesn't work for share listing
      (netshareenum); (bso#15243);
    * Stack smashing in net offlinejoin requestodj; (bso#15257);
    * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    * Heimdal session key selection in AS-REQ examines wrong entry;
  - Remove deprecated if-{down,up} scripts; (bsc#1206444);
  - Adjust the systemd drop-in file for named service; (bsc#1201689);
    * Paths are additive so do not repeat paths from named.service
    * Prefix the samba DLZ directory with "-" to ignore this path
      if it does not exists
* Mon Dec 12 2022 Stefan Schubert <>
  - Migration PAM settings to /usr/etc: Saving user changed
    configuration files in /etc and restoring them while an RPM
* Thu Dec 01 2022 David Mulder <>
  - Introduce without-smb1-server spec flag; (bsc#1205104);
* Tue Nov 15 2022 Samuel Cabrero <>
  - Update to 4.17.3
    * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
      systems; (bsc#1205126); (bso#15203);
* Tue Nov 08 2022 Ben Greiner <>
  - Replace obsolete python-gpgme with python-gpg
    * Upstream replaced it in v4.9.5 -- bso#13728
* Tue Oct 25 2022 Noel Power <>
  - Update to 4.17.2
    * CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
      (bso#15207); (bsc#1204499).
    * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
      unwrap_des3();(bso#15134); (bsc#1204254).
* Wed Oct 19 2022 Noel Power <>
  - Update to 4.17.1
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
    * Flush on a named stream never completes; (bso#15182).
    * Permission denied calling SMBC_getatr when file not exists;
    * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
      over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    * pytest: add file removal helpers for TestCaseInTempDir;
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
      over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    * Flush on a named stream never completes; (bso#15182).
    * vfs_gpfs silently garbles timestamps > year 2106;
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
    * multi-channel socket passing may hit a race if one of the
      involved processes already existed; (bso#15200).
    * memory leak on temporary of struct imessaging_post_state and
      struct tevent_immediate on struct imessaging_context (in
      rpcd_spoolss and maybe others); (bso#15201).
    * Since popt1.19 various use after free errors using result of
      poptGetArg are now exposed; (bso#15205); (boo#1204279).
    * Remove special case for O_CREAT in SMB_VFS_OPENAT from
      vfs_glusterfs; (bso#15192).
    * GETPWSID in memory cache grows indefinetly with each NTLM
      auth; (bso#15169).
    * CVE-2021-20251 [SECURITY] Bad password count not incremented
      atomically; (bso#14611).
  - Install a systemd drop-in file for named service to allow
    read/write access to the DLZ directory; (bsc#1201689);
* Fri Oct 14 2022 Noel Power <>
  - Fix use after free errors resulting from using return of
    poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).
* Mon Sep 26 2022 Noel Power <>
  - s3: smbd: Fix memory leak in
    smbd_server_connection_terminate_done(); (bso#15174).
* Mon Sep 26 2022 Noel Power <>
  - Disable SMB1 for tumbleweed builds.
* Fri Sep 23 2022 Noel Power <>
  - Update to 4.17.0
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * Missing SMB2-GETINFO access checks from MS-SMB2;
    * assert failed: !is_named_stream(smb_fname)") at
      ../../lib/util/fault.c:197; (bso#15161).
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * assert failed: !is_named_stream(smb_fname)") at
      ../../lib/util/fault.c:197; (bso#15161).
    * Cross-node multi-channel reconnects result in SMB2 Negotiate
      returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
    * winbind at info level debug can coredump when processing
      wb_lookupusergroups; (bso#15160).
    * Make use of glfs_*at() API calls in vfs_glusterfs;
    * Possible use after free of connection_struct when iterating
      smbd_server_connection->connections; (bso#15128).
    * `net usershare add` fails with flag works with --long but
      fails with -l; (bso#15145).
    * acl_xattr VFS module may unintentionally use filesystem
      permissions instead of ACL from xattr; (bso#15126).
    * Performance regression on contended path based operations;
    * Missing READ_LEASE break could cause data corruption;
    * libsamba-errors uses a wrong version number; (bso#15141).
    * SMB1 negotiation can fail to handle connection errors;
    * New filename parser doesn't check veto files smb.conf
      parameter; (bso#15143).
    * 4.17.rc1 still uses symlink-race prone unix_convert();
    * Backport fileserver related changed to 4.17.0rc2;
    * Manpage for smbstatus json is missing; (bso#15147).
    * Backport fileserver related changed to 4.17.0rc2;
    * Performance regression on contended path based operations;
    * Backport fileserver related changed to 4.17.0rc2;
    * Fix issues found by coverity in smbstatus json code;
    * Backport fileserver related changed to 4.17.0rc2;
* Thu Sep 01 2022 Stefan Schubert <>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Thu Jul 28 2022 Samuel Cabrero <>
  - Update to 4.16.4
    * CVE-2022-2031: Samba AD users can bypass certain restrictions
      associated with changing passwords; (bsc#1201495); (bso#15047);
    * CVE-2022-32744: Samba AD users can forge password change
      requests for any user; (bsc#1201493); (bso#15074);
    * CVE-2022-32745: Samba AD users can crash the server process
      with an LDAP add or modify request; (bsc#1201492); (bso#15008);
    * CVE-2022-32746: Samba AD users can induce a use-after-free in
      the server process with an LDAP add or modify request;
      (bsc#1201490); (bso#15009);
    * CVE-2022-32742: Server memory information leak via SMB1;
      (bsc#1201496); (bso#15085);
* Tue Jul 19 2022 Samuel Cabrero <>
  - Update to 4.16.3
    * Using vfs_streams_xattr and deleting a file causes a panic;
    * Add support for bind 9.18; (bso#14986);
    * logging dsdb audit to specific files does not work;
    * Problem when winbind renews Kerberos; (bso#14979);
    * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
      developer mode; (bso#15095);
    * Crash in streams_xattr because fsp->base_fsp->fsp_name is
      NULL; (bso#15105);
    * Crash in rpcd_classic - NULL pointer deference in
      mangle_is_mangled(); (bso#15118);
    * smbclient commands del & deltree fail with
      NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    * Fix check for chown when processing NFSv4 ACL; (bso#15120);
    * The pcap background queue process should not be stopped;
    * testparm: Fix typo in idmap rangesize check; (bso#15097);
    * net ads info returns LDAP server and LDAP server name as
      null; (bso#15106);
    * ldconfig: /lib64/ is not a symbolic link;
    * CTDB child process logging does not work as expected;
* Tue Jul 12 2022 Samuel Cabrero <>
  - Update spec file to fix the optional Heimdal DC build
  - Fix external trusts with MIT Kerberos 1.20
  - Add missing samba-client requirement to samba-winbind package;
  - Move pdb backends from package samba-libs to package
    samba-client-libs and remove samba-libs requirement from
    samba-winbind; (bsc#1200964); (bsc#1198255);
  - Add sysuser-shadow requirement for packages using
  - Use the canonical realm name to refresh the Kerberos tickets;
    (bsc#1196224); (bso#14979);
* Tue Jun 21 2022 Stefan Schubert <>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 13 2022 Samuel Cabrero <>
  - Update to 4.16.2
    * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
      file had been deleted; (bso#15069);
    * Reintroduce netgroups support; (bso#15087);
    * net ads info shows LDAP Server: depending on contacted
      server; (bso#14674);
    * Update from 4.15  to 4.16 breaks discovery of [homes] on
      standalone server from Win and IOS; (bso#15062);
    * waf produces incorrect names for python extensions with Python
      3.11; (bso#15071);
    * smbclient -E doesn't work as advertised; (bso#15075);
    * The samba background daemon doesn't refresh the printcap cache
      on startup; (bso#15081);
    * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
  - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7
  - Support building with MIT Kerberos 1.20
  - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC;
  - Resource Based Constrained Delegation (RBCD) for Samba AD DC
  - Support building with gcc 12.1
* Wed May 11 2022 Samuel Cabrero <>
  - Use requires_eq macro to require the libldb2 version available at
    samba-dsdb-modules build time; (bsc#1199362);
* Tue May 03 2022 Samuel Cabrero <>
  - Update to 4.16.1
    * Share and server swapped in smbget password prompt; (bso#14831);
    * Durable handles won't reconnect if the leased file is written to;
    * rmdir silently fails if directory contains unreadable files and
      hide unreadable is yes; (bso#15023);
    * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
      on renamed file handle; (bso#15038);
    * Need to describe --builtin-libraries= better (compare with
    - -bundled-libraries); (bso#8731);
    * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
    * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    * PAM Kerberos authentication incorrectly fails with a clock skew
      error; (bso#15046);
    * Username map - samba erroneously applies unix group memberships
      to user account entries; (bso#15041);
    * KVNO off by 100000; (bso#14951);
    * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
    * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
    * smbd doesn't handle UPNs for looking up names; (bso#15054);
* Wed Apr 20 2022 Noel Power <>
  - Update update-apparmor-samba-profile script, replace
    non-printable delimiter with more human readable separator as
    sed can accept separators that can appear in the input data.
* Wed Apr 13 2022 Noel Power <>
  - Fix update-apparmor-samba-profile script, sed doesn't like
    multibyte separators; (bsc#1198309).
* Thu Mar 24 2022 Samuel Cabrero <>
  - Update to 4.16.0
    * New samba-dcerpcd binary to provide DCERPC in the member server
    * Certificate Auto Enrollment
    * Ability to add ports to dns forwarder addresses in internal DNS
    * No longer using Linux mandatory locks for sharemodes
    * SMB1 protocol has been deprecated, particularly older dialects
    * SMB1 protocol SMBCopy command removed
    * SMB1 server-side wildcard expansion removed
  - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
  - Use systemd-sysusers to create system users; (bsc#1182847);
* Tue Mar 15 2022 Samuel Cabrero <>
  - Update to 4.15.6
    * Renaming file on DFS root fails with
    * Samba does not response STATUS_INVALID_PARAMETER when opening 2
      objects with same lease key; (bso#14737);
    * NT error code is not set when overwriting a file during rename
      in libsmbclient; (bso#14938);
    * Fix ldap simple bind with TLS auditing; (bso#14996);
    * net ads info shows LDAP Server: depending on contacted
      server; (bso#14674);
    * Problem when winbind renews Kerberos; (bso#14979);
    * pam_winbind will not allow gdm login if password about to
      expire; (bso#8691);
    * virusfilter_vfs_openat: Not scanned: Directory or special file;
    * DFS fix for AIX broken; (bso#13631);
    * Solaris and AIX acl modules: wrong function arguments;
    * Function aixacl_sys_acl_get_file not declared / coredump;
    * Regression: Samba 4.15.2 on macOS segfaults intermittently
      during strcpy in tdbsam_getsampwnam; (bso#14900);
    * Fix a use-after-free in SMB1 server; (bso#14989);
    * smb2_signing_decrypt_pdu() may not decrypt with
      gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    * Changing the machine password against an RODC likely destroys
      the domain join; (bso#14984);
    * authsam_make_user_info_dc() steals memory from its struct
      ldb_message *msg argument; (bso#14993);
    * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    * Samba autorid fails to map AD users if id rangesize fits in the
      id range only once; (bso#14967);
* Mon Mar 07 2022 David Mulder <>
  - Fix mismatched version of libldb2; (bsc#1196788).
  - Drop obsolete SuSEfirewall2 service files.
* Fri Mar 04 2022 David Disseldorp <>
  - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
* Wed Feb 23 2022 Noel Power <>
  - Fix ntlm authentications with "winbind use default domain = yes";
    (bso#13126); (bsc#1173429); (bsc#1196308).
* Mon Feb 14 2022 David Mulder <>
  - Fix samba-ad-dc status warning notification message by disabling
    systemd notifications in bgqd; (bsc#1195896); (bso#14947).
* Mon Feb 07 2022 David Mulder <>
  - libldb version mismatch in Samba dsdb component; (bsc#1118508);
* Mon Jan 31 2022 Noel Power <>
  - Update to 4.15.5
    * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
      outside target of a symlink exists; (bso#14911);
    * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
      module; (bso#14914); (bsc#1194859).
    * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
      conflict checks; bso#14950); (bsc#1195048).
* Wed Jan 26 2022 Samuel Cabrero <>
  - CVE-2021-44141: Information leak via symlinks of existance of
    files or directories outside of the exported share; (bso#14911);
  - CVE-2021-44142: Out-of-bounds heap read/write vulnerability
    in VFS module vfs_fruit allows code execution; (bso#14914);
  - CVE-2022-0336: Samba AD users with permission to write to an
    account can impersonate arbitrary services; (bso#14950);
* Fri Jan 21 2022 Samuel Cabrero <>
  - Update to 4.15.4
    * Duplicate SMB file_ids leading to Windows client cache
      poisoning; (bso#14928);
    * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
      NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
    * kill_tcp_connections does not work; (bso#14934);
    * Can't connect to Windows shares not requiring authentication
      using KDE/Gnome; (bso#14935);
    * smbclient -L doesn't set "client max protocol" to NT1 before
      calling the "Reconnecting with SMB1 for workgroup listing"
      path; (bso#14939);
    * Cross device copy of the crossrename module always fails;
    * symlinkat function from VFS cap module always fails with an
      error; (bso#14941);
    * Fix possible fsp pointer deference; (bso#14942);
    * Missing pop_sec_ctx() in error path inside close_directory();
    * "smbd --build-options" no longer works without an smb.conf file;
* Tue Jan 18 2022 Dominique Leuenberger <>
  - Use pkgconfig(krb5) as dependency for the -devel package: allow
    OBS to pick the right flavor of krb5-devel (full vs mini).
  - Do not require the 'krb5' symbol by samba-client-libs: this
    package has an automatic dependency due to linkage on Automatic deps are always better.
  - Do not require the 'krb5' symbol from samba-libs: samba-libs
    requires samba-client-libs, which in turn requires krb5
    libraries. Samba-libs itself has no need for krb5 (but get it
    indirectly anyway).
* Thu Jan 13 2022 Samuel Cabrero <>
  - Reorganize libs packages. Split samba-libs into samba-client-libs,
    samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
    public libraries depending on internal samba libraries into these
    packages as there were dependency problems everytime one of these
    public libraries changed its version (bsc#1192684). The devel
    packages are merged into samba-devel.
  - Rename package samba-core-devel to samba-devel
  - Add python-rpm-macros to build requirements
  - Update the symlink create by samba-dsdb-modules to private samba
    ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
* Fri Dec 10 2021 Samuel Cabrero <>
  - Update to 4.15.3
    * Recursive directory delete with veto files is broken in 4.15.0;
    * A directory containing dangling symlinks cannot be deleted by
      SMB2 alone when they are the only entry in the directory;
    * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
      uninitialized in rmdir_internals(); (bso#14892);
    * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
    * The CVE-2020-25717 username map [script] advice has undesired
      side effects for the local nt token; (bso#14901); (bsc#1192849);
    * User with multiple spaces (eg Fred<space><space>Nurk) become
      un-deletable; (bso#14902);
    * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
    * smbXsrv_client_global record validation leads to crash if existing
      record points at non-existing process; (bso#14882);
    * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
    * Samba process doesn't log to logfile; (bso#14897);
    * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
      triggers locking.tdb assert; (bso#14907);
    * Kerberos authentication on standalone server in MIT realm broken;
    * Segmentation fault when joining the domain; (bso#14923);
    * Support for ROLE_IPA_DC is incomplete; (bso#14903);
    * rpcclient cannot connect to ncacn_ip_tcp services anymore;
    * winexe crashes since 4.15.0 after popt parsing; (bso#14893);
    * net ads status -P broken in a clustered environment; (bso#14908);
    * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
      smbd_smb2_ioctl_send; (bso#14788);
    * winbindd doesn't start when "allow trusted domains" is off;
    * smbclient login without password using '-N' fails with
      NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
    * A schannel client incorrectly detects a downgrade connecting to
      an AES only server; (bso#14912);
    * Possible null pointer dereference in winbind; (bso#14921);
    * Fix -k legacy option for client tools like smbclient, rpcclient,
      net, etc.; (bso#14846);
    * Add Debian 11 CI bootstrap support; (bso#14872);
    * Crash in recycle_unlink_internal(); (bso#14888);
* Thu Nov 18 2021 Samuel Cabrero <>
  - Fix dependency problem upgrading from libndr0 to libndr2 and
    from libsamba-credentials0 to libsamba-credentials1;
* Wed Nov 10 2021 Samuel Cabrero <>
  - Fix regression introduced by CVE-2020-25717 patches, winbindd
    does not start when 'allow trusted domains' is off; (bso#14899);
  - Update to 4.15.2
    * CVE-2016-2124:  SMB1 client connections can be downgraded to
      plaintext authentication; (bso#12444); (bsc#1014440);
    * CVE-2020-25717: A user on the domain can become root on domain
      members; (bso#14556); (bsc#1192284);
    * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
      tickets issued by an RODC; (bso#14558); (bsc#1192246);
    * CVE-2020-25719: Samba AD DC did not always rely on the SID and
      PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
    * CVE-2020-25721: Kerberos acceptors need easy access to stable
      AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
    * CVE-2020-25722: Samba AD DC did not do suffienct access and
      conformance checking of data stored; (bso#14564);
    * CVE-2021-3738: Use after free in Samba AD DC RPC server;
      (bso#14468); (bsc#1192215);
    * CVE-2021-23192: Subsequent DCE/RPC fragment injection
      vulnerability; (bso#14875); (bsc#1192214);
  - Update to 4.15.1
    * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
    * Log clutter from filename_convert_internal; (bso#14685);
    * MacOSX compilation fixes; (bso#14862);
    * rodc_rwdc test flaps; (bso#14868);
    * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
    bit' S4U2Proxy Constrained Delegation bypass in Samba with
    embedded Heimdal; (bso#14642);
    * Python ldb.msg_diff() memory handling failure; (bso#14836);
    * "in" operator on ldb.Message is case sensitive; (bso#14845);
    * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
    * samldb_krbtgtnumber_available() looks for incorrect string;
    * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
    * Allow special chars like "@" in samAccountName when generating
    the salt; (bso#14874);
    * Correctly ignore comments in CTDB public addresses file;
    * Fix transit path validation; (bso#12998);
    * Fix that child winbindd logs to log.winbindd instead of
    log.wb-<DOMAIN>; (bso#14852);
    * SMB3 cancel requests should only include the MID together with
    AsyncID when AES-128-GMAC is used; (bso#14855);
    * Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
    * Heimdal prefers RC4 over AES for machine accounts; (bso#14864);
* Wed Oct 13 2021 David Mulder <>
  - Enable samba-tool without ad dc.
* Thu Sep 30 2021 Noel Power <>
  -  Adjust spec to use pam macros; (bsc#1191046).
* Wed Sep 29 2021 Noel Power <>
  - Adjust spec for size
    * allow some Recommends instead Requires to be configured
      for cifs-utils, samba-libs-python3 & samba-gpupdate;
    * remove fam, undocumented and unneeded.
* Thu Sep 23 2021 Samuel Cabrero <>
  - Add missing build dependency on bison when building with the
    embedded Heimdal Kerberos
* Mon Sep 20 2021 Samuel Cabrero <>
  - Update to 4.15.0
    * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
    * VFS layer modernized.
    * Add the ability to set allow/deny lists for zone transfer clients
      in Bind DLZ plugin
    * Server multi-channel support no longer experimental
    * Improved command line user experience, unifying the options in
      different commands
    * Winbindd no longer scans trusted domains on startup and will use
      enterprise principals by default.
    * The net utility is now able to support the offline domain join feature
    * New options for 'samba-tool dns zoneoptions' for aging control
      and to mark old records as static or dynamic
    * DNS tombstones are now deleted as appropriate and use a consistent
      timestamp format
    * The 'samba-tool dns update' command validates and rejects now malformed
      IPv4 and IPv6 addresses
    * The 'samba-tool domain backup' command correctly takes out locks
      against concurrent modification during backup when using the LMDB
    * TruACL support has been removed
    * NIS support has been removed
* Thu Sep 16 2021 Samuel Cabrero <>
  - Update to 4.14.7
    * smbd panic on force-close share during offload write; (bso#14769);
    * smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
    * Fix returned attributes on fake quota file handle and avoid hitting
      the VFS; (bso#14731);
    * vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
    * Fix build on Solaris; (bso#14774);
    * Make dos attributes available for unreadable files; (bso#14654);
    * Work around special SMB2 READ response behavior of NetApp Ontap
      7.3.7; (bso#14607);
    * Start the SMB encryption as soon as possible; (bso#14793);
* Tue Aug 17 2021 David Mulder <>
  - Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).
* Fri Jul 23 2021 David Mulder <>
  - Update to 4.14.6
    * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
    * smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
    * s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
    * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
      change_file_owner_to_parent() error path; (bso#14736).
    * NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
      glusterfs VFS module; (bso#14730).
    * s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
    * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
    * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
    * smbXsrv_{open,session,tcon}: protect
      smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
    * samba-tool domain backup offline doesn't work against bind DLZ
      backend; (bso#14027).
    * netcmd: Use next_free_rid() function to calculate a SID for
      restoring a backup; (bso#14669).
* Tue Jun 01 2021 Samuel Cabrero <>
  - Update to 4.14.5
    * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
    * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
      ACL for directory handles; (bso#14708);
    * s3: smbd: Fix uninitialized memory read in process_symlink_open()
      when used with vfs_shadow_copy2(); (bso#14721);
    * docs: Expand the "log level" docs on audit logging; (bso#14689);
    * smbd: Correctly initialize close timestamp fields; (bso#14714);
    * Fix gcc11 compiler issues; (bso#14699);
    * docs-xml: Update smbcacls manpage; (bso#14718);
    * docs: Update list of available commands in rpcclient; (bso#14719);
    * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
    * s3:winbind: For 'security = ADS' require realm/workgroup to be set;
    * lib:replace: Do not build strndup test with gcc 11 or newer;
* Thu Apr 29 2021 Noel Power <>
  - Update to 4.14.4
    * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
      (bso#14571); (bsc#1184677).
  - Update to 4.14.3
    * s3:modules:vfs_virusfilter: Recent New_VFS changes break
      vfs_virusfilter_openat; (bso#14671).
    * build: Notice if flex is missing at configure time; (bso#14586).
    * Fix smbd panic when two clients open same file; (bso#14672).
    * Fix memory leak in the RPC server; (bso#14675).
    * s3: smbd: fix deferred renames; (bso#14679).
    * s3-iremotewinspool: Set the per-request memory context;
    * Fix memory leak in the RPC server; (bso#14675).
    * third_party: Update socket_wrapper to version 1.3.2;
    * third_party: Update socket_wrapper to version 1.3.3;
    * samba-gpupdate: Test that sysvol paths download in
      case-insensitive way; (bso#14665).
    * smbd: Ensure errno is preserved across fsp destructor;
    * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
      conflict; (bso#14663).
    * build: Only add -Wl,--as-needed when supported; (bso#14288).
* Wed Mar 31 2021 Samuel Cabrero <>
  - Update to 4.14.2
    * Release with dependency on ldb version 2.3.0.
  - Update to 4.14.1
    * CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655);
    * CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs;
  - Update to 4.14.0
    * VFS layer modernized.
    * Printers publishing in AD improved.
    * Client group policies support for sudoers configuration and
      cron jobs.
    * Improved consistency of samba-tool subcommands.
    * CTDB now uses the terms leader and follower instead of master and
      slave. Configuration options have changed accordingly.
    * The ctdb isnotrecmaster command is removed.
    * For details on all items see WHATSNEW.txt in samba-doc package.
* Mon Mar 01 2021 Samuel Cabrero <>
  - Spec file fixes around systemd and requires; (bsc#1182830);
  - Align systemd service unit files with upstream provided ones.
* Tue Jan 26 2021 Samuel Cabrero <>
  - Update to 4.13.4
    * Work around special SMB2 IOCTL response behavior of NetApp Ontap
      7.3.7; (bso#14607);
    * Temporary DFS share setup doesn't set case parameters in the same
      way as a regular share definition does; (bso#14612);
    * lib: Avoid declaring zero-length VLAs in various messaging functions;
    * Do not create an empty DB when accessing a sam.ldb; (bso#14579);
    * vfs_fruit may close wrong backend fd; (bso#14596);
    * Temporary DFS share setup doesn't set case parameters in the same way
      as a regular share definition does; (bso#14612);
    * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
    * vfs_fruit may close wrong backend fd; (bso#14596);
    * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
    * The cache directory for the user gencache should be created recursively;
    * Be more flexible with repository names in CentOS 8 test environments;
* Mon Dec 28 2020 Samuel Cabrero <>
  - Uninstalling samba-client: Failed to disable unit, cifs.service
    does not exists; (bsc#1180388);
* Wed Dec 16 2020 Samuel Cabrero <>
  - Update to 4.13.3
    + libcli: smb2: Never print length if smb2_signing_key_valid() fails for
      crypto blob; (bso#14210);
    + s3: modules: gluster. Fix the error I made in preventing talloc leaks
      from a function; (bso#14486);
    + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
      via TALLOC_FREE(); (bso#14515);
    + s3: spoolss: Make parameters in call to user_ok_token() match all other
      uses; (bso#14568);
    + s3: smbd: Quiet log messages from usershares for an unknown share;
    + samba process does not honor max log size; (bso#14248);
    + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
    + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
    + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
    + smbclient: Fix recursive mget; (bso#14517);
    + clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
    + manpages/vfs_glusterfs: Mention silent skipping of write-behind
      translator; (bso#14486);
    + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
    + interface: Fix if_index is not parsed correctly; (bso#14514);
* Mon Nov 16 2020 Samuel Cabrero <>
  - Update to 4.13.2
    + s3: modules: vfs_glusterfs: Fix leak of char **lines onto
      mem_ctx on return; (bso#14486);
    + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    + smb.conf.5: Add clarification how configuration changes reflected
      by Samba; (bso#14538);
    + daemons: Report status to systemd even when running in foreground;
    + DNS Resolver: Support both dnspython before and after 2.0.0;
    + s3-vfs_glusterfs: Refuse connection when write-behind xlator is
      present; (bso#14486);
    + provision: Add support for BIND 9.16.x; (bso#14487);
    + ctdb-common: Avoid aliasing errors during code optimization;
    + libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
    + docs: Fix default value of spoolss:architecture; (bso#14522);
    + winbind: Fix a memleak; (bso#14388);
    + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
    + docs-xml/manpages: Add warning about write-behind translator for
      vfs_glusterfs; (bso#14486);
    + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
    + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
    + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
    + examples:auth: Do not install example plugin; (bso#14550);
    + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
    + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
* Thu Nov 05 2020 Noel Power <>
  - Adjust smbcacls '--propagate-inheritance' feature to align with
    upstream; (bsc#1178469).
* Tue Oct 06 2020 Samuel Cabrero <>
  - Update to samba 4.13.1
    + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
      easily crafted records; (bsc#1177613); (bso#14472);
    + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
    + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
      (bsc#1173902); (bso#14434);
  - Adjust systemd tmpfiles.d configuration, use /run/samba instead of
    /var/run/samba; (bsc#1177355);
* Mon Oct 05 2020 David Disseldorp <>
  - Fix vfs_ceph query_directory regression; (bso#14519)
  - Drop liburing-devel for SLE15-SP2; (bsc#1177245)
* Thu Sep 24 2020 David Disseldorp <>
  - Register CTDB recovery lock holder with ceph-mgr
  - Add liburing-devel dependency
* Tue Sep 22 2020 David Disseldorp <>
  - Update to samba 4.13.0
    + Require Python 3.6
    + Move wide links functionality into VFS module
    + Deprecate NT4-like 'classic' Samba domain controllers
    + Deprecate SMBv1 only protocol options
    + Remove deprecated "ldap ssl ads" option
    + Unify asynchronous DCE-RPC server; (jsc#SES-645)
    + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
    + Drop internal byteorder.h header from util-devel package
    + Remove final code for the AD DC LDAP backend
    + Add AD DC Group Policy Scripts
    + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
    + Fix %U substitutions if it contains a domain name; (bso#14467)
    + Fix krb5.conf creation for 'net ads join'; (bso#14479)
    + Fix build problem if libbsd-dev is not installed; (bso#14482)
    + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
    + Fix idmap_ad RFC4511 response handling; (bso#14465)
    + Fix panic in get_lease_type(); (bso#14428)
* Fri Sep 18 2020 Samuel Cabrero <>
  - Update to samba 4.12.7
    + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
      netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
      "server require schannel:WORKSTATION$ = no" about unsecure configurations;
      (bsc#1176579); (bso#14497);
    + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
      challenge; (bsc#1176579); (bso#14497);
    + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
      netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
      (bsc#1176579); (bso#14497);
  - Update to samba 4.12.6
    + s3: libsmb: Fix SMB2 client rename bug to a Windows server;
    + dsdb: Allow "password hash userPassword schemes = CryptSHA256"
      to work on RHEL7; (bso#14424).
    + dbcheck: Allow a dangling forward link outside our known NCs;
    + lib/debug: Set the correct default backend loglevel to
      MAX_DEBUG_LEVEL; (bso#14426).
    + PANIC: Assert failed in get_lease_type(); (bso#14428).
    + util: Fix build on AIX by fixing the order of replace.h include;
    + srvsvc_NetFileEnum asserts with open files; (bso#14355).
    + KDC breaks with DES keys still in the database and
      msDS-SupportedEncryptionTypes 31 indicating support for it;
    + s3:smbd: Make sure vfs_ChDir() always sets
      conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).
    + PANIC: Assert failed in get_lease_type(); (bso#14428).
    + docs: Fix documentation for require_membership_of of
      pam_winbind.conf; (bso#14358).
    + ctdb-scripts: Use nfsconf utility for variable values in CTDB
      NFS scripts; (bso#14444).
    + s3:winbind:idmap_ad: Make failure to get attrnames for schema
      mode fatal; (bso#14425).
* Tue Jul 28 2020 Thorsten Kukuk <>
  - Don't install SuSEfirewall2 services, we don't have that package
* Thu Jul 02 2020 Noel Power <>
  - Update to samba 4.12.5
    + Fix smbd panic on force-close share during async
      io; (bso#14301).
    + Fix segfault when using SMBC_opendir_ctx() routine for
      share folder that contains incorrect symbols in any
      file name; (bso#14374)
    + Fix DFS links; (bso#14391).
    + Can't use DNS functionality after a Windows DC has been
      in domain; (bso#14310).
    + ldapi search to FreeIPA crashes; (bso#14413).
    + Add net-ads-join dnshostname=fqdn option; (bso#14396)
    + Fix adding msDS-AdditionalDnsHostName to keytab with
      Windows DC; (bso#14406).
    + docs-xml: Update list of posible VFS operations for
      vfs_full_audit; (bso#14386).
    + winbindd: Fix a use-after-free when winbind clients exit;
    + Client tools are not able to read gencache anymore;
* Thu Jul 02 2020 Noel Power <>
  - Update to samba 4.12.4
    + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
      ASQ and VLV combined; (bso#14364); (bsc#1173159)
    + CVE-2020-10745: invalid DNS or NBT queries containing dots use
      several seconds of CPU each; (bso#14378); (bsc#1173160).
    + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
      server with paged_result or VLV; (bso#14402); (bsc#1173161)
    + CVE-2020-14303: Endless loop from empty UDP packet sent to
      AD DC nbt_server; (bso#14417); (bsc#1173359).
* Sat May 30 2020 Marcus Meissner <>
  - add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)
* Thu May 28 2020 Samuel Cabrero <>
  - Add system-user-nobody to samba package requirements
* Wed May 20 2020 Samuel Cabrero <>
  - Update to samba 4.12.3
    + Fix smbd panic on force-close share during async io; (bso#14301);
    + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
    + Fix smbd crashes when MacOS Catalina connects if iconv initialization
      fails; (bso#14372);
    + Exporting from macOS Adobe Illustrator creates multiple copies;
    + smbd does a chdir() twice per request; (bso#14256);
    + smbd mistakenly updates a file's write-time on close; (bso#14320);
    + vfs_shadow_copy2: implement case canonicalisation in
      shadow_copy2_get_real_filename(); (bso#14350);
    + Fix Windows 7 clients problem after upgrading samba file server;
    + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
    + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
    + mit-kdc: Explicitly reject S4U requests; (bso#14342);
    + dbwrap_watch: Set rec->value_valid while returning nested
      share_mode_do_locked(); (bso#14352);
    + lib:util: Fix smbclient -l basename dir; (bso#14345);
    + s3:libads: Fix ads_get_upn(); (bso#14336);
    + ctdb: Fix a memleak; (bso#14348);
    + Malicous SMB1 server can crash libsmbclient; (bso#14366);
    + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
    + s3/librpc/crypto: Fix double free with unresolved credential cache;
    + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358);
* Mon May 11 2020 David Mulder <>
  - Installing: samba - samba-ad-dc.service does not exist and unit
    not found; (bsc#1171437);
* Mon May 04 2020 Samuel Cabrero <>
  - libsmb: Don't try to find posix stat info in SMBC_getatr();
    (bso#14101); (bsc#1169242);
* Wed Apr 29 2020 Noel Power <>
  - Move to samba-libs package, this was
    initially erroneously located in  samba-ad-dc.
* Tue Apr 28 2020 Noel Power <>
  - Update to samba 4.12.2
    + CVE-2020-10700: A client combining the 'ASQ' and
      'Paged Results' LDAP controls can cause a use-after-free
      in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
    + CVE-2020-10704: A deeply nested filter in an un-authenticated
      LDAP search can exhaust the LDAP server's stack memory causing
      a SIGSEGV; (bso#14334); (bsc#1169851).
* Mon Apr 13 2020 Samuel Cabrero <>
  - Update to samba 4.12.1
    + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
    + samba-tool group: Handle group names with special chars correctly;
    + Add missing check for DMAPI offline status in async DOS attributes;
    + Starting ctdb node that was powered off hard before results in recovery
      loop; (bso#14295);
    + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    + vfs_recycle: Prevent flooding the log if we're called on non-existant
      paths; (bso#14316);
    + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
    + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    + fruit:time machine max size is broken on arm; (bso#13622);
    + CTDB recovery corner cases can cause record resurrection and node
      banning; (bso#14294);
    + s3/utils: Fix double free error with smbtree; (bso#14332);
    + CTDB recovery corner cases can cause record resurrection and node
      banning; (bso#14294);
    + Starting ctdb node that was powered off hard before results in recovery
      loop; (bso#14295);
    + CTDB recovery daemon can crash due to dereference of NULL pointer;
* Wed Mar 25 2020 Noel Power <>
  - s3: libsmbclient.h: add missing time.h include to fix
    ffmpeg build and make it compatible with -std=c99.
* Mon Mar 16 2020 Noel Power <>
  - ndrdump tests: Make the tests less fragile
  - python/samba/gp_parse: Fix test errors with python3.8
* Fri Mar 13 2020 Noel Power <>
  - Starting ctdb node that was powered off hard before results
    in recovery loop; (bso#14295); (bsc#1162680).
* Fri Mar 06 2020 Noel Power <>
  - Update to samba 4.12.0
    + For details on all items see WHATSNEW.txt in samba-doc
    + Samba 4.12 raises this minimum version to Python
    + Samba now requires GnuTLS 3.4.7 to be installed.
    + New Spotlight backend for Elasticsearch.
    + Retiring DES encryption types in Kerberos. With this release,
      support for DES encryption types has been removed from
      Samba, and setting DES_ONLY flag for an account will cause
      Kerberos authentication to fail for that account (see
    + Samba-DC: DES keys no longer saved in DB.
    + The netatalk VFS module has been removed.
    + The BIND9_FLATFILE DNS backend is deprecated in this release
      and will be removed in the future.
    + CTDB changes
      + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
    + Bugs
    + Retire DES encryption types in Kerberos; (bso#14202);
    + dsdb: Correctly handle memory in objectclass_attrs;
    + s3: DFS: Don't allow link deletion on a read-only share;
    + pidl/wscript: configure should insist on Parse::Yapp::Driver;
    + smbd fails to handle EINTR from open(2) properly;
    + ldb: version 2.1.1; (bso#14270)).
    + vfs: Set getting and setting of MS-DFS redirects on the
      filesystem to go through two new VFS functions
      SMB_VFS_READ_DFS_PATHAT(); (bso#14282).
    + bootstrap: Remove un-used dependency python3-crypto;
    + Fix CID 1458418 and 1458420; (bso#14247).
    + lib: Fix a shutdown crash with "clustering = yes";
    + Winbind member (source3) fails local SAM auth with empty
      domain name; (bso#14247).
    + winbindd: Handle missing idmap in getgrgid(); (bso#14265).
    + Don't use forward declaration for GnuTLS typedefs; (bso#14271).
    + Add io_uring vfs module; (bso#14280).
    + libcli:smb: Improve check for
      gnutls_aead_cipher_(en|de)cryptv2; (bso#14250).
    + s3: lib: nmblib. Clean up and harden nmb packet processing;
    + lib:util: Log mkdir error on correct debug levels; (bso#14253).
* Sun Feb 02 2020 Thorsten Kukuk <>
  - Remove unused pwdutils buildrequires
* Thu Jan 30 2020 Samuel Cabrero <>
  - Update to samba 4.11.6
    + pygpo: Use correct method flags; (bso#14209);
    + Avoiding bad call flags with python 3.8, using METH_NOARGS
      instead of zero; (bso#14209);
    + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    + smbd: Fix the build with clang; (bso#14251);
    + upgradedns: Ensure lmdb lock files linked; (bso#14199);
    + s3: VFS: glusterfs: Reset nlinks for symlink entries during
      readdir; (bso#14182);
    + smbc_stat() doesn't return the correct st_mode and also the
      uid/gid is not filled (SMBv1) file; (bso#14101);
    + librpc: Fix string length checking in ndr_pull_charset_to_null();
    + ctdb-scripts: Strip square brackets when gathering connection info;
* Tue Jan 21 2020 Samuel Cabrero <>
  - Fix nmbstatus not reporting detailed information about workgroups;
  - Fix querying all names registered within broadcast area; (bso#8927);
* Tue Jan 21 2020 Noel Power <>
  - Update to samab 4.11.5
    + CVE-2019-14902: Replication of ACLs down subtree on
      AD Directory is not automatic; (bso#12497); (bsc#1160850).
    + CVE-2019-19344: Fix  server crash with
      dns zone scavenging = yes; (bso#14050); (bsc#1160852).
    + CVE-2019-14907: server-side crash after charset conversion
      failure (eg during NTLMSSP processing); (bso#14208);
  - Update to samba 4.11.4
    + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
    + Ensure we don't call cli_RNetShareEnum() on an SMB1
      connection; (bso#14174).
    + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
      SMBC_opendir_ctx; (bso#14176).
    + SMB2 - Ensure we use the correct session_id if encrypting
      an interim response; (bso#14189).
    + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
    + printing: Fix %J substition; (bso#13745).
    + Remove now unneeded call to cmdline_messaging_context();
    + Fix incomplete conversion of former parametric options;
    + Fix sync dosmode fallback in async dosmode codepath;
    + vfs_fruit returns capped resource fork length; (bso#14171).
    + libnet_join: Add SPNs for additional-dns-hostnames entries;
    + smbd: Increase a debug level; (bso#14211).
    + Prevent azure ad connect from reporting discovery errors
      reference-value-not-ldap-conformant; (bso#14153).
    + krb5_plugin: Fix developer build with newer heimdal system
      library; (bso#14179).
    + replace: Only link libnsl and libsocket if required;
    + ctdb: Incoming queue can be orphaned causing communication;
      breakdown; (bso#14175).
    + ldb: Release ldb 2.0.8. Cross-compile will not take
      cross-answers or cross-execute; (bso#13846).
    + heimdal-build: Avoid hard-coded /usr/include/heimdal in
      asn1_compile-generated code; (bso#13856).
* Fri Dec 20 2019 David Disseldorp <>
  - Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).
* Tue Dec 10 2019 Noel Power <>
  - Update to samba 4.11.3
    + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
      can crash the DCE/RPC DNS management server by creating records
      with matching the zone name; (bso#14138); (bsc#1158108).
    + CVE-2019-14870: DelegationNotAllowed not being enforced, the
      DelegationNotAllowed Kerberos feature restriction was not being
      applied when processing protocol transition requests (S4U2Self),
      in the AD DC KDC; (bso#14187); (bsc#1158109).
* Tue Oct 29 2019 Jim McDonough <>
  - Update to samba 4.11.2
    + CVE-2019-10218: Client code can return filenames containing
      path separators; (bsc#1144902); (bso#14071).
    + CVE-2019-14833: Samba AD DC check password script does not
      receive the full password; (bso#12438).
    + CVE-2019-14847: User with "get changes" permission can crash
      AD DC LDAP server via dirsync; (bso#14040).
  - Fixes from 4.11.1
    + Overlinking libreplace against librt and pthread against every
      binary or library causes issues; (bso#14140);
    + kpasswd fails when built with MIT Kerberos; (bso#14155);
    + Fix spnego fallback from kerberos to ntlmssp in smbd server;
    + Stale file handle error when using mkstemp on a share; (bso#14137);
    + non-AES schannel broken; (bso#14134);
    + Joining Active Directory should not use SAMR to set the password;
    + smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
      call on an SMB2 connection; (bso#14152);
    + Deleted records can be resurrected during recovery; (bso#14147);
    + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
    + winbind does not list forest trusts with additional trust
      attributes; (bso#14130);
    + fault report points to outdated documentation; (bso#14139);
    + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
      trusted domains/forests; (bso#14124);
    + classicupgrade results in uncaught exception - a bytes-like object
      is required, not 'str'; (bso#14136);
    + pod2man is not longer required, stop checking at build time;
    + Exit code of ctdb nodestatus should not be influenced by deleted
      nodes; (bso#14129);
    + username/password authentication doesn't work with CUPS and
      smbspool; (bso#14128);
    + smbc_readdirplus() is incompatible with smbc_telldir() and
      smbc_lseekdir(); (bso#14094);
* Sat Oct 05 2019 James McDonough <>
  - Update to samba 4.11.0
    + For details on all items see WHATSNEW.txt in samba-doc
    + Python2 runtime support removed; python 3.4 or later required
    + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
    + CephFS Snapshot integration, exposed as previous file
    + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
    + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
    - many performance improvements
    + Configuration webserver support removed
* Tue Sep 03 2019 Samuel Cabrero <>
  - Update to samba 4.10.8
    + CVE-2019-10197: user escape from share path definition;
      (bso#14035); (bsc#1141267);
* Fri Aug 30 2019 Noel Power <>
  - Fix build on newer systems by modifying samba.spec to use
    consistent non-relative paths for pammodules in configure line
    and specification of library to package.
* Tue Aug 27 2019 Noel Power <>
  - Update to samba 4.10.7
    + Unable to create or rename file/directory inside shares
      configured with vfs_glusterfs_fuse module; (bso#14010).
    + build: Allow build when '--disable-gnutls' is set; (bso#13844)
    + samba-tool: Add 'import samba.drs_utils' to;
    + Fix 'Error 32 determining PSOs in system' message on old DB
      with FL upgrade; (bso#14008).
    + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
    + join: Use a specific attribute order for the DsAddEntry
      nTDSDSA object; (bso#14046).
    + vfs_catia: Pass stat info to synthetic_smb_fname();
    + lookup_name: Allow own domain lookup when flags == 0;
    + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    + DEBUGC and DEBUGADDC doesn't print into a class specific log
      file; (bso#13915).
    + Request to keep deprecated option "server schannel",
      VMWare Quickprep requires "auto"; (bso#13949).
    + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    + dnsProperty fails to decode values from older Windows versions;
    + samba-tool: Use only one LDAP modify for dns partition fsmo
      role transfer; (bso#13973).
    + third_party: Update waf to version 2.0.17; (bso#13960).
    + netcmd: Allow 'drs replicate --local' to create partitions;
    + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).
* Wed Aug 07 2019 npower <>
  - Prepare for use future use of kernel keyrings, modify
    /etc/pam.d/samba to include; (bsc#1144059).
* Thu Aug 01 2019 Samuel Cabrero <>
  - Update samba-winbind script to work with systemd; (bsc#1132739);
  - Drop samba dhcpcd hook scripts
  - Update to samba 4.10.6
    + s3: winbind: Fix crash when invoking winbind idmap scripts;
    + smbd does not correctly parse arguments passed to dfree and quota
      scripts; (bso#13964).
    + samba-tool dns: use bytes for inet_ntop; (bso#13965).
    + samba-tool domain provision: Fix --interactive module in python3;
    + ldb_kv: Skip @ records early in a search full scan; (bso#13893).
    + docs: Improve documentation of "lanman auth" and "ntlm auth"
      connection; (bso#13981).
    + python/ntacls: Use correct "state directory" smb.conf option instead
      of "state dir"; (bso#14002).
    + registry: Add a missing include; (bso#13840).
    + Fix SMB guest authentication; (bso#13944).
    + AppleDouble conversion breaks Resourceforks; (bso#13958).
    + vfs_fruit makes direct use of syscalls like mmap() and pread();
    + s3:mdssvc: Fix flex compilation error; (bso#13987).
    + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
    + dsdb:samdb: schemainfo update with relax control; (bso#13799).
    + s3:util: Move static file_pload() function to lib/util; (bso#13964).
    + smbd: Fix a panic; (bso#13957).
    + ldap server: Generate correct referral schemes; (bso#12478).
    + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
    + s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
    + dsdb/repl: we need to replicate the whole schema before we can apply it;
    + ldb: Release ldb 1.5.5; (bso#12478).
    + Schema replication fails if link crosses chunk boundary backwards;
    + 'samba-tool domain schemaupgrade' uses relax control and skips the
      schemaInfo update provision; (bso#13799).
    + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
      ..."; (bso#13916).
    + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
      get the ACL; (bso#13917).
    + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
    + Using Kerberos credentials to print using spoolss doesn't work;
    + wafsamba: Use native waf timer; (bso#13998).
    + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).
* Wed Jun 19 2019 Noel Power <>
  - Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
    + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
      in DnssrvOperation2; (bso#13922); (bsc#1137815).
    + CVE-2019-12436 dsdb/paged_results: Ignore successful results
      without messages; (bso#13951); (bsc#1137816).
  - Update to samba-4.10.4
    + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
    + py/provision: Fix for Python 2.6; (bso#13882).
    + netcmd: Fix 'passwordsettings --max-pwd-age' command;
    + s3-libnet_join: 'net ads join' to child domain fails when
      using "-U admin@forestroot"; (bso#13861).
    + vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
      (bso#13896); (bsc#1130245).
    + vfs_ceph: Fix cephwrap_flistxattr() debug message;
      (bso#13940); (bsc#1134697).
    + ctdb-common: Avoid race between fd and signal events;
    + ctdb-common: Fix memory leak in run_proc; (bso#13943).
    + lib: Initialize getline() arguments; (bso#13892).
    + winbind: Fix overlapping id ranges; (bco#13903).
    + lib util debug: Increase format buffer to 4KiB; (bso#13902).
    + nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
    + s4 lib socket: Ensure address string owned by parent struct;
    + s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
    + s3:smbd: Handle IO_REPARSE_TAG_DFS in
    + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
    + smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
    + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
    + smb2_sesssetup: avoid STATUS_PENDING responses for session
      setup; (bso#13796).
    + dbcheck: Fix the err_empty_attribute() check; (bso#13843).
    + vfs_snapper: Drop unneeded fstat handler; (bso#13858).
    + vfs_default: Fix vfswrap_offload_write_send()
      NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
    + smb2_server: Grant all 8192 credits to clients; (bso#13863).
    + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
    + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
    + s3: modules: ceph: Use current working directory instead of
      share path; (bso#13918); (bsc#1134452).
    + winbind: Use domain name from lsa query for sid_to_name cache
      entry; (bso#13831).
    + memcache: Increase size of default memcache to 512k;
    + docs: Update smbclient manpage for "--max-protocol";
    + s3:utils: If share is NULL in smbcacls, don't print it;
    + s3:smbspool: Fix regression printing with Kerberos credentials;
    + ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
      which is incompatible with systemd; (bso#13860).
    + ctdb-daemon: Revert "We can not assume that just because we
      could complete a TCP handshake"; (bso#13888).
    + ctdb-daemon: Never use 0 as a client ID; (bso#13930).
    + ctdb-common: Fix memory leak; (bso#13943).
    + s3:debug: Enable logging for early startup failures;
  - Update to samba-4.10.3
    + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
      checksum; (bso#13685); (bsc#1134024).
* Tue May 14 2019 David Disseldorp <>
  - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
  - Add ceph_snapshots VFS module; (jsc#SES-183).
* Wed May 08 2019 David Disseldorp <>
  - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).
* Wed Apr 17 2019 npower <>
  - Update to samba-4.10.2:
    + CVE-2019-3870 (World writable files in
      Samba AD DC private/ dir); (bso#13834).
    + CVE-2019-3880 (Save registry file outside share as
      unprivileged user); (bso#13851).
    + py/kcc_utils: py2.6 compatibility; (bso#13837).
    + libcli: permit larger values of DataLength in
      SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    + regfio: Improve handling of malformed registry hive files;
    + ctdb-version: Simplify version string usage; (bso#13789).
    + lib: Make fd_load work for non-regular files; (bso#13859).
    + dbcheck: in the middle of the tombstone garbage collection
      causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
    + ndr_spoolss_buf: Fix out of scope use of stack variable in
      NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
    + s4/messaging: Fix undefined reference in linking; (bso#13854).
    + acl_read: Fix regression for empty lists; (bso#13836).
    + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
    + s3:client: Fix printing via smbspool backend with kerberos
      auth; (bso#13832).
    + s4:librpc: Fix installation of Samba; (bso#13847).
    + s3:lib: Fix the debug message for adding cache entries;
    + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    + s3:lib: Fix the debug message for adding cache entries;
    + s3:waf: Fix the detection of makdev() macro on Linux;
    * ctdb-build: Drop creation of .distversion in tarball;
    * ctdb-packaging: Test package requires tcpdump, ctdb package
      should not own system library directory;  (bso#13838).
  - Update to samba-4.10.1:
    + py/kcc_utils: py2.6 compatibility; (bso#13837);
    + libcli: permit larger values of DataLength in
      SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
    + regfio: Improve handling of malformed registry hive files; (bso#13840);
    + ctdb-version: Simplify version string usage; (bso#13789);
    + lib: Make fd_load work for non-regular files; (bso#13859);
    + dbcheck in the middle of the tombstone garbage collection causes
      replication failures, dbcheck: add --selftest-check-expired-tombstones
      cmdline option; (bso#13816);
    + ndr_spoolss_buf: Fix out of scope use of stack variable in
      NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
    + s4/messaging: Fix undefined reference in linking; (bso#13854);
    + acl_read: Fix regression for empty lists; (bso#13836);
    + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
    + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
    + s4:librpc: Fix installation of Samba; (bso#13847);
    + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
    + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
    + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
    + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
    + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
    + ctdb-packaging: Test package requires tcpdump, ctdb package
      should not own system library directory; (bso#13838);
  - Update to samba-4.10.0:
    + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
    + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
    + s4/scripting/bin: Open unicode files with utf8 encoding and write
    + unicode string.
    + sambaundoguididx: Use the right escaped oder unescaped sam ldb
      files; (bso#13759);
    + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
    + passdb: Update ABI to 0.27.2.
    + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
    + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
* Sun Apr 14 2019 David Disseldorp <>
  - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).
* Tue Apr 02 2019 npower <>
  - CVE-2019-3880: Save registry file outside share as unprivileged
    user; (bso#13851); (bsc#1131060 ).
* Wed Mar 27 2019 David Mulder <>
  - Update to samba-4.9.5
    + audit_logging: Remove debug log header and JSON Authentication:
      prefix; (bso#13714);
    + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
    + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
      CID: 1433607; (bso#11495);
    + smbd: uid: Don't crash if 'force group' is added to an existing
      share connection; (bso#13690);
    + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
      code; (bso#13770);
    + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
    + s3:utils/smbget fix recursive download with empty source
      directories; (bso#13199);
    + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
    + s3:libsmb: cli_smb2_list() can sometimes fail initially on a
      connection; (bso#13736);
    + join: Throw CommandError instead of Exception for simple errors; (bso#13747);
    + ldb: Avoid inefficient one-level searches; (bso#13762);
    + s3: libsmb: use smb2cli_conn_max_trans_size() in
      cli_smb2_list(); (bso#13736);
    + tldap: Avoid use after free errors; (bso#13776);
    + Fix idmap xid2sid cache churn; (bso#13802);
    + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
    + s3-smbd: Avoid assuming fsp is always intact after close_file
      call; (bso#13720);
    + s3-vfs-fruit: Add close call; (bso#13725);
    + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
    + s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
    + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
    + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
      ftruncate and fallocate; (bso#13807);
    + lib/audit_logging: Actually create talloc; (bso#13737);
    + netcmd/user: python[3]-gpgme unsupported and replaced by
      python[3]-gpg; (bso#13728);
    + dns: Changing onelevel search for wildcard to subtree; (bso#13738);
    + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
    + sambaundoguididx: Use the right escaped oder unescaped sam ldb
      files; (bso#13759);
    + ctdb: Print locks latency in machinereadable stats; (bso#13742);
    + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
    + audit_logging: auth_json_audit required auth_json; (bso#13715);
    + man pages: Document prefork process model; (bso#13765);
    + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
    + s3:auth: ignore create_builtin_guests() failing without a valid
      idmap configuration; (bso#13697);
    + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
      without trusts; (bso#13722);
    + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
      is not available; (bso#13723);
    + s4:server: Add support for 'smbcontrol samba shutdown' and
      'smbcontrol <pid> debug/debuglevel'; (bso#13752);
    + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
    + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
    + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
    + notifyd: Fix SIGBUS on sparc; (bso#13704);
    + waf: Check for libnscd; (bso#13787);
    + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
    + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
    + Recovery lock bug fixes; (bso#13800);
    + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
    + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
    + vfs_fileid: Fix get_connectpath_ino; (bso#13741);
    + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);
* Mon Mar 04 2019 David Disseldorp <>
  - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
* Fri Feb 22 2019 Samuel Cabrero <>
  - Fix update-apparmor-samba-profile script after apparmor switched
    to using named profiles. The change is backwards compatible;
* Thu Feb 07 2019 David Mulder <>
  - LoadParm().load_default() fails with "Unable to load default file";
* Thu Feb 07 2019
  - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
* Mon Feb 04 2019 Samuel Cabrero <>
  - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
    (bso#13173); (bsc#1123755);
  - s3:winbind: Fix regression introduced with bso #12851;
    (bso#12851); (bsc#1123755);
* Tue Jan 08 2019
  - Update to samba-4.9.4
    + libcli/smb: Don't overwrite status code; (bso#9175).
    + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
    + Session setup reauth fails to sign response; (bso#13661).
    + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
    + vfs_shadow_copy2: Nicely deal with attempts to open previous
      version for writing; (bso#13688).
    + Restoring previous version of stream with vfs_shadow_copy2 fails
      with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
    + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
    + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
    + PEP8: fix E231: missing whitespace after ','.
    + winbindd: Fix crash when taking profiles;(bso#13629)
    + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
      regression; (bso#13600)
    + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
    + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
    + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
    + ctdb-daemon: Exit with error if a database directory does not
      exist; (bso#13696).
    + s3:libads: Add net ads leave keep-account option; (bso#13498).



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Feb 2 23:38:42 2023