From d48cbd924dccc183fc530a9143ea4a6d711ce205 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Wed, 16 Dec 2015 12:36:08 +0100
Subject: [PATCH] Update to Samba 4.3.3 (security release)

resolves: #1292069

CVE-2015-3223 Remote DoS in Samba (AD) LDAP server
CVE-2015-5252 Insufficient symlink verification in smbd
CVE-2015-5296 Samba client requesting encryption vulnerable to
              downgrade attack
CVE-2015-5299 Missing access control check in shadow copy code
CVE-2015-7540 DoS to AD-DC due to insufficient checking of asn1
              memory allocation

Guenther
---
 .gitignore |  1 +
 samba.spec | 19 +++++++++++++++----
 sources    |  2 +-
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index fbba6a2..782c4d3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,3 +55,4 @@ samba-3.6.0pre1.tar.gz
 /samba-4.3.0.tar.xz
 /samba-4.3.1.tar.xz
 /samba-4.3.2.tar.xz
+/samba-4.3.3.tar.xz
diff --git a/samba.spec b/samba.spec
index cdc7f6c..41cad2c 100644
--- a/samba.spec
+++ b/samba.spec
@@ -6,13 +6,13 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 2
+%define main_release 0
 
-%define samba_version 4.3.2
+%define samba_version 4.3.3
 %define talloc_version 2.1.3
 %define tdb_version 1.3.7
 %define tevent_version 0.9.25
-%define ldb_version 1.1.21
+%define ldb_version 1.1.24
 # This should be rc1 or nil
 %define pre_release %nil
 
@@ -197,7 +197,7 @@ BuildRequires: python-tevent >= %{libtevent_version}
 %endif
 
 %if ! %with_internal_ldb
-%global libldb_version 1.1.21
+%global libldb_version 1.1.24
 
 BuildRequires: libldb-devel >= %{libldb_version}
 BuildRequires: pyldb-devel >= %{libldb_version}
@@ -1982,6 +1982,17 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
+* Wed Dec 16 2015 Guenther Deschner <gdeschner@redhat.com> - 4.3.3-0
+- Update to Samba 4.3.3
+- resolves: #1292069
+- CVE-2015-3223 Remote DoS in Samba (AD) LDAP server
+- CVE-2015-5252 Insufficient symlink verification in smbd
+- CVE-2015-5296 Samba client requesting encryption vulnerable to
+                downgrade attack
+- CVE-2015-5299 Missing access control check in shadow copy code
+- CVE-2015-7540 DoS to AD-DC due to insufficient checking of asn1
+                memory allocation
+
 * Tue Dec 15 2015 Guenther Deschner <gdeschner@redhat.com> - 4.3.2-2
 - revert dependencies to samba-common and -tools
 
diff --git a/sources b/sources
index 4177073..64ac45b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-57d2caad16080a14f2b204b8348902bd  samba-4.3.2.tar.xz
+e4d1ec06f6c48bed51e268947eb812b5  samba-4.3.3.tar.xz