rpms
/
samba
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to Samba 4.16.0rc1

This commit is contained in:
Pavel Filipenský 2022-01-25 11:55:29 +01:00
parent c1f9bec1db
commit c8ac21e6f1
6 changed files with 111 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -277,3 +277,5 @@ samba-3.6.0pre1.tar.gz
/samba-4.15.3.tar.asc
/samba-4.15.4.tar.xz
/samba-4.15.4.tar.asc
/samba-4.16.0rc1.tar.xz
/samba-4.16.0rc1.tar.asc

30
samba-ctdb-etcd-reclock.patch
View File

@ -1,30 +0,0 @@
From 939aed0498269df3c1e012f3b68c314b583f25bd Mon Sep 17 00:00:00 2001
From: Martin Schwenke <martin@meltin.net>
Date: Tue, 27 Apr 2021 15:46:14 +1000
Subject: [PATCH] utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities. These will be cleaned up in
subsequent commits.
Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
---
ctdb/utils/etcd/ctdb_etcd_lock | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock
index 000c6bb7208..7f5194eff0a 100755
--- a/ctdb/utils/etcd/ctdb_etcd_lock
+++ b/ctdb/utils/etcd/ctdb_etcd_lock
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
--
2.31.1

64
samba-glibc-dns.patch
View File

@ -1,64 +0,0 @@
From e556b4067e0c4036e20fc26523e3b4d6d5c6be42 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 7 Oct 2021 15:55:37 +0200
Subject: [PATCH] waf: Fix resolv_wrapper with glibc 2.34
With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper
anymore. The res_* symbols have been moved from libresolv to libc. We are not
able to intercept any traffic inside of libc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
selftest/wscript | 2 +-
third_party/resolv_wrapper/wscript | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/selftest/wscript b/selftest/wscript
index a6be06c2ae9..85d9338489a 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -252,7 +252,7 @@ def cmd_testonly(opt):
if os.environ.get('USE_NAMESPACES') is None:
env.OPTIONS += " --socket_wrapper_so_path=" + CONFIG_GET(opt, 'LIBSOCKET_WRAPPER_SO_PATH')
- if Utils.unversioned_sys_platform() in ('netbsd', 'openbsd', 'sunos'):
+ if not CONFIG_SET(opt, 'HAVE_RESOLV_CONF_SUPPORT'):
env.OPTIONS += " --use-dns-faking"
if CONFIG_GET(opt, 'USING_SYSTEM_KRB5') and CONFIG_GET(opt, 'MIT_KDC_PATH'):
diff --git a/third_party/resolv_wrapper/wscript b/third_party/resolv_wrapper/wscript
index a7f18389b0f..7e369bd90b5 100644
--- a/third_party/resolv_wrapper/wscript
+++ b/third_party/resolv_wrapper/wscript
@@ -1,6 +1,7 @@
#!/usr/bin/env python
import os
+from waflib import Logs
VERSION="1.1.7"
@@ -49,6 +50,18 @@ def configure(conf):
if conf.CONFIG_SET('HAVE_RES_NCLOSE'):
conf.DEFINE('HAVE_RES_NCLOSE_IN_LIBRESOLV', 1)
+ # If we find res_nquery in libc, we can't do resolv.conf redirect
+ conf.CHECK_FUNCS('res_nquery __res_nquery')
+ if (conf.CONFIG_SET('HAVE_RES_NQUERY')
+ or conf.CONFIG_SET('HAVE___RES_NQUERY')):
+ Logs.warn("Detection for resolv_wrapper: "
+ "Only dns faking will be available")
+ else:
+ if conf.CHECK_FUNCS('res_nquery', lib='resolv'):
+ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1)
+ if conf.CHECK_FUNCS('__res_nquery', lib='resolv'):
+ conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1)
+
conf.CHECK_FUNCS_IN('res_init __res_init', 'resolv', checklibc=True)
conf.CHECK_FUNCS_IN('res_ninit __res_ninit', 'resolv', checklibc=True)
conf.CHECK_FUNCS_IN('res_close __res_close', 'resolv', checklibc=True)
--
2.33.1

145
samba-s4u.patch
View File

@ -1,7 +1,7 @@
From 0b196043f08ea4c025f19c4519175a3a73e1d185 Mon Sep 17 00:00:00 2001
From 17eb98d3f8ebd0fe48e218bb03a3c0165b9b6e95 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:25:03 +0300
Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
Subject: [PATCH 1/4] mit-kdc: add basic loacl realm S4U support
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -12,10 +12,10 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
3 files changed, 71 insertions(+), 106 deletions(-)
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index f35210669c2..b1c7c5dcc5e 100644
index 793fe366c35..22534c09974 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -195,13 +195,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -200,13 +200,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
krb5_keyblock *krbtgt_key,
krb5_timestamp authtime,
krb5_authdata **tgt_auth_data,
@ -36,7 +36,7 @@ index f35210669c2..b1c7c5dcc5e 100644
mit_ctx = ks_get_context(context);
if (mit_ctx == NULL) {
@@ -233,41 +237,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -238,41 +242,43 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = krb5_pac_parse(context,
authdata[0]->contents,
authdata[0]->length,
@ -106,7 +106,7 @@ index f35210669c2..b1c7c5dcc5e 100644
if (code != 0) {
goto done;
}
@@ -275,17 +281,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@@ -280,17 +286,22 @@ static krb5_error_code ks_verify_pac(krb5_context context,
code = mit_samba_reget_pac(mit_ctx,
context,
flags,
@ -133,7 +133,7 @@ index f35210669c2..b1c7c5dcc5e 100644
return code;
}
@@ -314,6 +325,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -319,6 +330,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krb5_authdata **pac_auth_data = NULL;
krb5_authdata **authdata = NULL;
krb5_boolean is_as_req;
@ -141,7 +141,7 @@ index f35210669c2..b1c7c5dcc5e 100644
krb5_error_code code;
krb5_pac pac = NULL;
krb5_data pac_data;
@@ -325,11 +337,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -330,11 +342,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
krbtgt = krbtgt == NULL ? local_krbtgt : krbtgt;
krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
@ -153,7 +153,7 @@ index f35210669c2..b1c7c5dcc5e 100644
is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
/*
@@ -390,6 +397,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -395,6 +402,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
ks_client_princ = client->princ;
}
@ -170,7 +170,7 @@ index f35210669c2..b1c7c5dcc5e 100644
if (client_entry == NULL) {
client_entry = client;
}
@@ -454,7 +471,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -469,7 +486,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
code = ks_verify_pac(context,
flags,
@ -179,7 +179,7 @@ index f35210669c2..b1c7c5dcc5e 100644
client_entry,
server,
krbtgt,
@@ -494,7 +511,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -515,7 +532,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
is_as_req ? "AS-REQ" : "TGS-REQ",
client_name);
code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
@ -188,7 +188,7 @@ index f35210669c2..b1c7c5dcc5e 100644
if (code != 0) {
DBG_ERR("krb5_pac_sign failed: %d\n", code);
goto done;
@@ -520,12 +537,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
@@ -541,12 +558,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
KRB5_AUTHDATA_IF_RELEVANT,
authdata,
signed_auth_data);
@ -201,7 +201,7 @@ index f35210669c2..b1c7c5dcc5e 100644
done:
if (client_entry != NULL && client_entry != client) {
ks_free_principal(context, client_entry);
@@ -551,32 +562,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
@@ -572,32 +583,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
* server; -> delegating service
* proxy; -> target principal
*/
@ -236,10 +236,10 @@ index f35210669c2..b1c7c5dcc5e 100644
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 4239332f0d9..acc3cba6254 100644
index 27b15828468..994dfed312b 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -501,7 +501,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
@ -247,7 +247,7 @@ index 4239332f0d9..acc3cba6254 100644
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
@@ -665,7 +664,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
@@ -682,7 +681,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
context,
*pac,
server->princ,
@ -256,7 +256,7 @@ index 4239332f0d9..acc3cba6254 100644
deleg_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Update delegation info failed: %s\n",
@@ -987,41 +986,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
@@ -1004,41 +1003,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
}
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@ -309,10 +309,10 @@ index 4239332f0d9..acc3cba6254 100644
static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
index 636c77ec97c..9cb00c9610e 100644
index 4431e82a1b2..9370ab533af 100644
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@@ -57,7 +57,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_context context,
int flags,
@ -320,7 +320,7 @@ index 636c77ec97c..9cb00c9610e 100644
krb5_db_entry *client,
krb5_db_entry *server,
krb5_db_entry *krbtgt,
@@ -73,9 +72,8 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
@@ -74,9 +73,8 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
DATA_BLOB *e_data);
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@ -336,10 +336,10 @@ index 636c77ec97c..9cb00c9610e 100644
2.33.1
From 992d38fa35c01f2f0bdb39d387fa29e8eb8d3d37 Mon Sep 17 00:00:00 2001
From f4fc23103f47b712baf3b4b0ebcb42d0f3f3fd42 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 27 Sep 2019 18:35:30 +0300
Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
Subject: [PATCH 2/4] krb5-mit: enable S4U client support for MIT build
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -350,10 +350,10 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
3 files changed, 185 insertions(+), 13 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index fff5b4e2a22..791b417d5ba 100644
index 61d651b4d5f..462acec90b6 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
@@ -2699,6 +2699,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
return 0;
}
@ -546,7 +546,7 @@ index fff5b4e2a22..791b417d5ba 100644
#if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index eab67f6d969..b5385c69a33 100644
index a66b7465530..c8573f52bd9 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
@ -614,63 +614,20 @@ index 544d9d853cc..c14d8c72d8c 100644
2.33.1
From f1951b501ca0fb3e613f04437c99dc1bbf204609 Mon Sep 17 00:00:00 2001
From 48d73d552f2fbbdb07bd9aff4d0294883b70417f Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 19 Sep 2020 14:16:20 +0200
Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
Subject: [PATCH 3/4] wip: for canonicalization with new MIT kdc code
---
source4/heimdal/lib/hdb/hdb.h | 1 +
source4/kdc/db-glue.c | 8 ++++++--
source4/kdc/mit_samba.c | 3 +++
source4/kdc/sdb.h | 1 +
4 files changed, 11 insertions(+), 2 deletions(-)
source4/kdc/mit_samba.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
index 5ef9d9565f3..dafaffc6c2d 100644
--- a/source4/heimdal/lib/hdb/hdb.h
+++ b/source4/heimdal/lib/hdb/hdb.h
@@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
#define HDB_F_ALL_KVNOS 2048 /* we want all the keys, live or not */
#define HDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */
#define HDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */
+#define HDB_F_FORCE_CANON 16384 /* force canonicalition */
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index aff74f2ee71..d16b4c3329a 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
}
}
- } else if (ent_type == SAMBA_KDC_ENT_TYPE_ANY && principal == NULL) {
+ } else if (ent_type == SAMBA_KDC_ENT_TYPE_ANY && principal == NULL) { // was this supposed to be || ?
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
krb5_clear_error_message(context);
goto out;
}
- } else if ((flags & SDB_F_CANON) && (flags & SDB_F_FOR_AS_REQ)) {
+ } else if (((flags & SDB_F_CANON) && (flags & SDB_F_FOR_AS_REQ)) || (flags & SDB_F_FORCE_CANON)){
/*
* SDB_F_CANON maps from the canonicalize flag in the
* packet, and has a different meaning between AS-REQ
* and TGS-REQ. We only change the principal in the AS-REQ case
+ *
+ * The SDB_F_FORCE_CANON if for the new MIT kdc code that wants
+ * the canonical name in all lookups, and takes care to canonicalize
+ * only when appropriate.
*/
ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
if (ret) {
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index acc3cba6254..f0b9df8b613 100644
index 994dfed312b..9d039e5601b 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -224,6 +224,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
@@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
sflags |= SDB_F_CANON;
}
@ -680,18 +637,34 @@ index acc3cba6254..f0b9df8b613 100644
if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY |
KRB5_KDB_FLAG_INCLUDE_PAC)) {
/*
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h
index c929acccce6..a9115ec23d7 100644
--- a/source4/kdc/sdb.h
+++ b/source4/kdc/sdb.h
@@ -116,6 +116,7 @@ struct sdb_entry_ex {
#define SDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */
#define SDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */
#define SDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */
+#define SDB_F_FORCE_CANON 16384 /* force canonicalition */
void sdb_free_entry(struct sdb_entry_ex *e);
void free_sdb_entry(struct sdb_entry *s);
--
2.33.1
From f5f54026d151f6d899e8ff52d8829a2f9cf57f25 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 21 Dec 2021 12:17:11 +0100
Subject: [PATCH 4/4] s4:kdc: Also cannoicalize krbtgt principals when
enforcing canonicalization
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/kdc/db-glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 8d17038cfe6..77c0c0e4746 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -946,7 +946,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) {
p->is_krbtgt = true;
- if (flags & (SDB_F_CANON)) {
+ if (flags & (SDB_F_CANON|SDB_F_FORCE_CANON)) {
/*
* When requested to do so, ensure that the
* both realm values in the principal are set
--
2.33.1

66
samba.spec
View File

@ -134,13 +134,13 @@
%global baserelease 0
%global samba_version 4.15.4
%global samba_version 4.16.0
%global talloc_version 2.3.3
%global tdb_version 1.4.4
%global tdb_version 1.4.6
%global tevent_version 0.11.0
%global ldb_version 2.4.1
%global ldb_version 2.5.0
# This should be rc1 or nil
%global pre_release %nil
%global pre_release rc1
%global samba_release %{baserelease}
%if "x%{?pre_release}" != "x"
@ -202,8 +202,6 @@ Source14: samba.pamd
Source201: README.downgrade
Patch0: samba-s4u.patch
Patch1: samba-ctdb-etcd-reclock.patch
Patch2: samba-glibc-dns.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
@ -1614,11 +1612,21 @@ fi
%{_libdir}/samba/vfs/nfs4acl_xattr.so
%endif
%dir %{_libexecdir}/samba
%{_libexecdir}/samba/samba-bgqd
%{_libexecdir}/samba/samba-dcerpcd
%{_libexecdir}/samba/rpcd_classic
%{_libexecdir}/samba/rpcd_epmapper
%{_libexecdir}/samba/rpcd_fsrvp
%{_libexecdir}/samba/rpcd_lsad
%{_libexecdir}/samba/rpcd_mdssvc
%{_libexecdir}/samba/rpcd_rpcecho
%{_libexecdir}/samba/rpcd_spoolss
%{_libexecdir}/samba/rpcd_winreg
%dir %{_datadir}/samba
%dir %{_datadir}/samba/mdssvc
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
#%%dir %%{_datadir}/samba/mdssvc
#%%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
%{_unitdir}/nmb.service
%{_unitdir}/smb.service
@ -1628,6 +1636,7 @@ fi
%{_mandir}/man1/smbstatus.1*
%{_mandir}/man8/eventlogadm.8*
%{_mandir}/man8/samba-bgqd.8*
%{_mandir}/man8/samba-dcerpcd.8*
%{_mandir}/man8/smbd.8*
%{_mandir}/man8/nmbd.8*
%{_mandir}/man8/vfs_acl_tdb.8*
@ -1642,6 +1651,7 @@ fi
%{_mandir}/man8/vfs_crossrename.8*
%{_mandir}/man8/vfs_default_quota.8*
%{_mandir}/man8/vfs_dirsort.8*
%{_mandir}/man8/vfs_expand_msdfs.8*
%{_mandir}/man8/vfs_extd_audit.8*
%{_mandir}/man8/vfs_fake_perms.8*
%{_mandir}/man8/vfs_fileid.8*
@ -1852,7 +1862,7 @@ fi
%if %{without libwbclient}
%{_libdir}/samba/libwbclient.so.*
%{_libdir}/samba/libwinbind-client-samba4.so
#%%{_libdir}/samba/libwinbind-client-samba4.so
#endif without libwbclient
%endif
@ -2232,6 +2242,9 @@ fi
%{_libdir}/samba/libshares-samba4.so
%{_libdir}/samba/libsmbpasswdparser-samba4.so
%{_libdir}/samba/libxattr-tdb-samba4.so
%{_libdir}/samba/libREG-FULL-samba4.so
%{_libdir}/samba/libRPC-SERVER-LOOP-samba4.so
%{_libdir}/samba/libRPC-WORKER-samba4.so
### LIBSMBCLIENT
%if %{with libsmbclient}
@ -2251,7 +2264,7 @@ fi
%if %{with libwbclient}
%files -n libwbclient
%{_libdir}/samba/wbclient/libwbclient.so.*
%{_libdir}/samba/libwinbind-client-samba4.so
#%%{_libdir}/samba/libwinbind-client-samba4.so
### LIBWBCLIENT-DEVEL
%files -n libwbclient-devel
@ -2322,7 +2335,11 @@ fi
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_cert_auto_enroll_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_chromium_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_firefox_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_firewalld_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
@ -2438,7 +2455,11 @@ fi
%{python3_sitearch}/samba/emulate/__init__.py
%{python3_sitearch}/samba/emulate/traffic.py
%{python3_sitearch}/samba/emulate/traffic_packets.py
%{python3_sitearch}/samba/gp_cert_auto_enroll_ext.py
%{python3_sitearch}/samba/gp_chromium_ext.py
%{python3_sitearch}/samba/gp_ext_loader.py
%{python3_sitearch}/samba/gp_firefox_ext.py
%{python3_sitearch}/samba/gp_firewalld_ext.py
%{python3_sitearch}/samba/gp_msgs_ext.py
%{python3_sitearch}/samba/gp_smb_conf_ext.py
%{python3_sitearch}/samba/gp_sudoers_ext.py
@ -2755,6 +2776,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/source.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/source_chars.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/strings.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/subunitrun.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/tdb_util.*.pyc
@ -2924,14 +2946,15 @@ fi
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_idmap_nss.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
@ -2949,25 +2972,26 @@ fi
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
%{python3_sitearch}/samba/tests/krb5/test_rpc.py
%{python3_sitearch}/samba/tests/krb5/test_smb.py
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
%{python3_sitearch}/samba/tests/krb5_credentials.py
%{python3_sitearch}/samba/tests/ldap_raw.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_spn.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py
@ -3031,6 +3055,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join_member.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/ntacl.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/ou.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/passwordsettings.*.pyc
@ -3067,6 +3092,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/help.py
%{python3_sitearch}/samba/tests/samba_tool/join.py
%{python3_sitearch}/samba/tests/samba_tool/join_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/join_member.py
%{python3_sitearch}/samba/tests/samba_tool/ntacl.py
%{python3_sitearch}/samba/tests/samba_tool/ou.py
%{python3_sitearch}/samba/tests/samba_tool/passwordsettings.py
@ -3098,6 +3124,7 @@ fi
%{python3_sitearch}/samba/tests/smbd_base.py
%{python3_sitearch}/samba/tests/smbd_fuzztest.py
%{python3_sitearch}/samba/tests/source.py
%{python3_sitearch}/samba/tests/source_chars.py
%{python3_sitearch}/samba/tests/strings.py
%{python3_sitearch}/samba/tests/subunitrun.py
%{python3_sitearch}/samba/tests/tdb_util.py
@ -3119,7 +3146,6 @@ fi
%{_mandir}/man1/masktest.1*
%{_mandir}/man1/ndrdump.1*
%{_mandir}/man1/smbtorture.1*
%{_mandir}/man1/vfstest.1*
%if %{with testsuite}
# files to ignore in testsuite mode
@ -4103,6 +4129,10 @@ fi
%endif
%changelog
* Tue Jan 25 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.0rc1
- Update to Samba 4.16.0rc1
- resolves: #2042518
* Thu Jan 20 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.4-0
- Update to Samba 4.15.4
- resolves: #2009673, #2039034 - Security fixes for CVE-2021-20316

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (samba-4.15.4.tar.xz) = 19aa7edc55d545c42ba9c2d2bb987df63a825c5a1a6fa2a350d6bca41f04fde6f63b643f6e38d32f4d4067c24420e1ca62ef28dc285c70105ca78487e80ee2dc
SHA512 (samba-4.15.4.tar.asc) = 6878efc500f423e7061966954163ef3503e4ab43a527b370a3e26e6992bc9b6a3161e296800b6cd78d5e0d99ac7f1db249d52c2475d035973e2121bc67df6fab
SHA512 (samba-4.16.0rc1.tar.asc) = 07aebb0d76834a1a56021d3a9004d6eefae8fb1426aabaca89c9df3572cbcb09dfc0c649c5e28e1844ce53dfd1e94cc828915df26e63268ce883045e4f3c3548
SHA512 (samba-4.16.0rc1.tar.xz) = dd7711c998e6d33056d913af64ef33957badf09fb59ba21921f81676b96a939bbf491bfb1362d2625ba30d08526abc6c889376b4e1e439e266bd9b2e9864bcbc