Update to Samba 4.4.10

Guenther

.gitignore

@@ -71,3 +71,4 @@ samba-3.6.0pre1.tar.gz
 /samba-4.4.7.tar.xz
 /samba-4.4.8.tar.xz
 /samba-4.4.9.tar.xz
+/samba-4.4.10.tar.xz

samba-4.4.5-fix_resolving_trusted_domain_users.patch

@@ -1,68 +0,0 @@
-From 9845aff09ac6b136ee363f7fb869bfd3a8f9b8c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 10 Jun 2016 16:51:18 +0200
-Subject: [PATCH] s3-winbind: Fix schannel connections against trusted domain
- DCs
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
-
-Pair-Programmed-With: Andreas Schneider <asn@samba.org>
-Signed-off-by: Guenther Deschner <gd@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Alexander Bokovoy <ab@samba.org>
-(cherry picked from commit d2379caa77fe02264323d69fee1bcad33f1bfeee)
----
- source3/winbindd/winbindd_cm.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 45e3fad..f1f98db 100644
---- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -903,6 +903,7 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
- 	struct cli_credentials *creds;
- 	NTSTATUS status;
- 	bool force_machine_account = false;
-+	bool ok;
- 
- 	/* If we are a DC and this is not our own domain */
- 
-@@ -947,7 +948,13 @@ static NTSTATUS get_trust_credentials(struct winbindd_domain *domain,
- 						   CRED_DONT_USE_KERBEROS);
- 	}
- 
--	if (creds_domain != domain) {
-+	/*
-+	 * When we contact our own domain and get a list of the trusted domain
-+	 * we have the information if we are able to contact the DC with
-+	 * with our machine account password.
-+	 */
-+	ok = winbindd_can_contact_domain(domain);
-+	if (!ok) {
- 		/*
- 		 * We can only use schannel against a direct trust
- 		 */
-@@ -3284,6 +3291,8 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
- 
- 	sec_chan_type = cli_credentials_get_secure_channel_type(creds);
- 	if (sec_chan_type == SEC_CHAN_NULL) {
-+		DBG_WARNING("get_secure_channel_type gave SEC_CHAN_NULL for %s\n",
-+			    domain->name);
- 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- 	}
- 
-@@ -3323,6 +3332,11 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
- 	conn->netlogon_flags = netlogon_creds->negotiate_flags;
- 	TALLOC_FREE(netlogon_creds);
- 
-+	/*
-+	 * FIXME: Document in which case we are not able to contact
-+	 * a DC without schannel. Which information do we try to get
-+	 * from this DC?
-+	 */
- 	if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
- 		if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
- 			result = NT_STATUS_DOWNGRADE_DETECTED;
--- 
-2.8.4
-

samba.spec

@@ -8,7 +8,7 @@
 
 %define main_release 0
 
-%define samba_version 4.4.9
+%define samba_version 4.4.10
 %define talloc_version 2.1.6
 %define tdb_version 1.3.8
 %define tevent_version 0.9.28
@@ -107,8 +107,6 @@ Source6: samba.pamd
 Source200: README.dc
 Source201: README.downgrade
 
-Patch0:    samba-4.4.5-fix_resolving_trusted_domain_users.patch
-
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 Requires(pre): /usr/sbin/groupadd
@@ -690,8 +688,6 @@ and use CTDB instead.
 %prep
 %setup -q -n samba-%{version}%{pre_release}
 
-%patch0 -p 1 -b .samba-4.4.5-fix_resolving_trusted_domain_users.patch
-
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
 %global _tevent_lib ,tevent,pytevent
@@ -1996,6 +1992,9 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
+* Wed Mar 01 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.10-0
+- Update to Samba 4.4.10
+
 * Wed Jan 04 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.9-0
 - Update to Samba 4.4.9
 

sources

@@ -1 +1 @@
-SHA512 (samba-4.4.9.tar.xz) = f88eef036bcf744df2d3780e1ac50ac07e6290fa18b6947e92d130581b3b580a9c1cf4258a309c1dd98702e61e50ffbb48a4fd188e14a5ebe6bb7a8b2279df79
+SHA512 (samba-4.4.10.tar.xz) = d4a07b009dd44ad84d74f6568a7006f0d658cadc0a75763396be7530d64539283b927ecfb60ba218e34b3826c54bd641de8679a94c497b3f575de57c054f70b3