rpms
/
samba
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to Samba 4.8.5 

Guenther
This commit is contained in:
Günther Deschner 2018-08-24 16:43:00 +02:00
parent d5f6590d81
commit e71ae77cc4
4 changed files with 11 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -129,3 +129,5 @@ samba-3.6.0pre1.tar.gz
/samba-4.8.3.tar.xz
/samba-4.8.4.tar.xz
/samba-4.8.4.tar.asc
/samba-4.8.5.tar.xz
/samba-4.8.5.tar.asc

270
samba-4.8.3-fix_krb5_plugins.patch
View File

@ -1,270 +0,0 @@
From 341da4f38809d0efaa282d5281ee69c62a826f9a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 27 Jun 2018 14:06:39 +0200
Subject: [PATCH 1/4] krb5_plugin: Install plugins to krb5 modules dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
nsswitch/wscript_build | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 15e93db2f05..576855bb56c 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -105,16 +105,18 @@ if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
)
if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
- bld.SAMBA_LIBRARY('winbind_krb5_locator',
- source='winbind_krb5_locator.c',
- deps='wbclient krb5 com_err',
- realname='winbind_krb5_locator.so')
+ bld.SAMBA_LIBRARY('winbind_krb5_locator',
+ source='winbind_krb5_locator.c',
+ deps='wbclient krb5 com_err',
+ realname='winbind_krb5_locator.so',
+ install_path='${MODULESDIR}/krb5')
if bld.CONFIG_SET('HAVE_KRB5_LOCALAUTH_PLUGIN_H'):
bld.SAMBA_LIBRARY('winbind_krb5_localauth',
source='krb5_plugin/winbind_krb5_localauth.c',
deps='wbclient krb5 com_err',
- realname='winbind-krb5-localauth.so')
+ realname='winbind_krb5_localauth.so',
+ install_path='${MODULESDIR}/krb5')
bld.SAMBA_SUBSYSTEM('WB_REQTRANS',
source='wb_reqtrans.c',
--
2.17.1
From a1e9527b207b4bb045012cf78649362b42351313 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 27 Jun 2018 14:08:56 +0200
Subject: [PATCH 2/4] krb5_plugin: Move krb5 locator plugin to krb5_plugin
subdir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
nsswitch/{ => krb5_plugin}/winbind_krb5_locator.c | 0
nsswitch/wscript_build | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
rename nsswitch/{ => krb5_plugin}/winbind_krb5_locator.c (100%)
diff --git a/nsswitch/winbind_krb5_locator.c b/nsswitch/krb5_plugin/winbind_krb5_locator.c
similarity index 100%
rename from nsswitch/winbind_krb5_locator.c
rename to nsswitch/krb5_plugin/winbind_krb5_locator.c
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 576855bb56c..dd1952b799b 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -106,7 +106,7 @@ if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
bld.SAMBA_LIBRARY('winbind_krb5_locator',
- source='winbind_krb5_locator.c',
+ source='krb5_plugin/winbind_krb5_locator.c',
deps='wbclient krb5 com_err',
realname='winbind_krb5_locator.so',
install_path='${MODULESDIR}/krb5')
--
2.17.1
From b0fa360161aba9aa092bf4ecf0533a49d621a068 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 27 Jun 2018 15:14:15 +0200
Subject: [PATCH 3/4] docs: Move winbind_krb5_locator manpage to volume 8
The vfs and idmap manpages are in volume 8 too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
...inbind_krb5_locator.7.xml => winbind_krb5_locator.8.xml} | 6 +++---
docs-xml/wscript_build | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
rename docs-xml/manpages/{winbind_krb5_locator.7.xml => winbind_krb5_locator.8.xml} (96%)
diff --git a/docs-xml/manpages/winbind_krb5_locator.7.xml b/docs-xml/manpages/winbind_krb5_locator.8.xml
similarity index 96%
rename from docs-xml/manpages/winbind_krb5_locator.7.xml
rename to docs-xml/manpages/winbind_krb5_locator.8.xml
index 17e401a9da0..0af0c2cc95f 100644
--- a/docs-xml/manpages/winbind_krb5_locator.7.xml
+++ b/docs-xml/manpages/winbind_krb5_locator.8.xml
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="winbind_krb5_locator.7">
+<refentry id="winbind_krb5_locator.8">
<refmeta>
<refentrytitle>winbind_krb5_locator</refentrytitle>
- <manvolnum>7</manvolnum>
+ <manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">7</refmiscinfo>
+ <refmiscinfo class="manual">8</refmiscinfo>
<refmiscinfo class="version">&doc.version;</refmiscinfo>
</refmeta>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 954c62a29bc..2d686eb38b0 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -103,7 +103,7 @@ pam_winbind_manpages = '''
manpages/pam_winbind.conf.5
'''
-krb5_locator_manpages = 'manpages/winbind_krb5_locator.7'
+krb5_locator_manpages = 'manpages/winbind_krb5_locator.8'
def smbdotconf_generate_parameter_list(task):
parameter_all = task.outputs[0].bldpath(task.env)
--
2.17.1
From d16a8b65af5de19c1ccbb95e3542d01f77696be3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 27 Jun 2018 15:06:07 +0200
Subject: [PATCH 4/4] docs: Add manpage for winbind_krb5_localauth.8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---
.../manpages/winbind_krb5_localauth.8.xml | 86 +++++++++++++++++++
docs-xml/wscript_build | 4 +
2 files changed, 90 insertions(+)
create mode 100644 docs-xml/manpages/winbind_krb5_localauth.8.xml
diff --git a/docs-xml/manpages/winbind_krb5_localauth.8.xml b/docs-xml/manpages/winbind_krb5_localauth.8.xml
new file mode 100644
index 00000000000..a382e71ead3
--- /dev/null
+++ b/docs-xml/manpages/winbind_krb5_localauth.8.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="winbind_krb5_localauth.8">
+
+<refmeta>
+ <refentrytitle>winbind_krb5_localauth</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">8</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>winbind_krb5_localauth</refname>
+ <refpurpose>A plugin for MIT Kerberos for mapping user accounts.</refpurpose>
+</refnamediv>
+
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>
+ This plugin is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.
+ </para>
+
+ <para>
+ <command>winbind_krb5_localauth</command> is a plugin that
+ permits the MIT Kerberos libraries that Kerberos principals can
+ be validated against local user accounts.
+ </para>
+</refsect1>
+<refsect1>
+ <title>PREREQUISITES</title>
+ <para>
+ MIT Kerberos (at least version 1.12) is required.
+ </para>
+
+ <para>
+ The plugin queries the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon which needs to be configured
+ and started separately.
+ </para>
+
+ <para>
+ The following sections needs to be added to the
+ <filename>krb5.conf</filename> file.
+
+ <programlisting>
+[plugins]
+ localauth = {
+ module = winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
+ enable_only = winbind
+ }
+ </programlisting>
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>
+ This man page is part of version &doc.version; of the Samba
+ suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities were created
+ by Andrew Tridgell. Samba is now developed by the Samba Team as
+ an Open Source project similar to the way the Linux kernel is
+ developed.
+ </para>
+
+ <para>
+ The winbind_krb5_localauth manpage was written by Andreas
+ Schneider.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 2d686eb38b0..ec5d28fc62a 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -104,6 +104,7 @@ pam_winbind_manpages = '''
'''
krb5_locator_manpages = 'manpages/winbind_krb5_locator.8'
+krb5_localauth_manpages = 'manpages/winbind_krb5_localauth.8'
def smbdotconf_generate_parameter_list(task):
parameter_all = task.outputs[0].bldpath(task.env)
@@ -162,5 +163,8 @@ if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
bld.SAMBAMANPAGES(krb5_locator_manpages)
+ if bld.CONFIG_SET('HAVE_KRB5_LOCALAUTH_PLUGIN_H'):
+ bld.SAMBAMANPAGES(krb5_localauth_manpages)
+
if bld.SAMBA3_IS_ENABLED_MODULE('vfs_zfsacl'):
bld.SAMBAMANPAGES('manpages/vfs_zfsacl.8')
--
2.17.1

11
samba.spec
View File

@ -8,7 +8,7 @@
%define main_release 0
%define samba_version 4.8.4
%define samba_version 4.8.5
%define talloc_version 2.1.11
%define tdb_version 1.3.15
%define tevent_version 0.9.36
@ -122,8 +122,6 @@ Source14: samba.pamd
Source200: README.dc
Source201: README.downgrade
Patch0: samba-4.8.3-fix_krb5_plugins.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
Requires(preun): systemd
@ -926,7 +924,6 @@ filenames=$(echo "
remove_dc.py
sites.py
subnets.py
tests/auth_log.py
tests/auth_log_base.py
tests/auth_log_pass_change.py
tests/blackbox/ndrdump.py
@ -2453,6 +2450,7 @@ fi
%dir %{python3_sitearch}/samba/tests/__pycache__
%{python3_sitearch}/samba/tests/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/auth.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/auth_log.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/auth_log_ncalrpc.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/auth_log_netlogon.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/auth_log_netlogon_bad_creds.*.pyc
@ -2505,6 +2503,7 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/upgradeprovisionneeddc.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/tests/auth.py
%{python3_sitearch}/samba/tests/auth_log.py
%{python3_sitearch}/samba/tests/auth_log_ncalrpc.py
%{python3_sitearch}/samba/tests/auth_log_netlogon.py
%{python3_sitearch}/samba/tests/auth_log_netlogon_bad_creds.py
@ -3327,6 +3326,7 @@ fi
%{_datadir}/ctdb/tests/simple/76_ctdb_pdb_recovery.sh
%{_datadir}/ctdb/tests/simple/77_ctdb_db_recovery.sh
%{_datadir}/ctdb/tests/simple/78_ctdb_large_db_recovery.sh
%{_datadir}/ctdb/tests/simple/79_volatile_db_traverse.sh
%{_datadir}/ctdb/tests/simple/80_ctdb_traverse.sh
%{_datadir}/ctdb/tests/simple/81_tunnel_ring.sh
%{_datadir}/ctdb/tests/simple/99_daemons_shutdown.sh
@ -3555,6 +3555,9 @@ fi
%endif # with_clustering_support
%changelog
* Fri Aug 24 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.5-0
- Update to Samba 4.8.5
* Wed Aug 15 2018 Guenther Deschner <gdeschner@redhat.com> - 4.8.4-0
- Update to Samba 4.8.4
- resolves: #1589651, #1617916 - Security fixes for CVE-2018-1139

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (samba-4.8.4.tar.xz) = e7c9e6b7ad0569572a228842703f6e57b6d78a0a9382a1ab011b7f67a96baa21c834945b0acb7e14feb6be0c853dbab8f13e53cb3de83904c09b2852d054b84e
SHA512 (samba-4.8.4.tar.asc) = 2804c89598b2901332d6c4f58c14723e831eac610f764dfd434e3470a9ecafeba0e10d24d3243ba751f61b74be3f78dd63e9d76c99249f5f49f36addd08c402d
SHA512 (samba-4.8.5.tar.xz) = 13f6d60b850af826101d37745395e04d0b054e858711764b85f7c7f16b556e3d42d10b0da1700d820724f56f425619c1c174068f7ab51e009f4b8086dc68d5e2
SHA512 (samba-4.8.5.tar.asc) = ded827adf1b5709a20bbb3aa5db618fbc2e2b7b2245cbe3c484d910ab86f587e635eb9deb059633c8a526cc0064f8988b6e190fb5e73918afda81bcda3a35c68