Package /usr/libexec/samba directory

resolves: #1346229
Fix the build of 4.2.12 (w.r.t. smbspool krb5 helper)
2016-06-16 08:32:56 +02:00 · 2016-05-03 16:19:16 +02:00 · 2016-05-03 09:51:40 +02:00 · 2016-04-12 19:36:46 +02:00 · 2016-03-09 09:19:36 +01:00 · 2016-03-09 09:18:34 +01:00
7 changed files with 628 additions and 286 deletions
--- a/.gitignore
+++ b/.gitignore
@ -44,3 +44,16 @@ samba-3.6.0pre1.tar.gz
 /samba-4.1.12.tar.xz
 /samba-4.2.0rc2.tar.xz
 /samba-4.2.0rc3.tar.xz
+/samba-4.2.0rc4.tar.xz
+/samba-4.2.0rc5.tar.xz
+/samba-4.2.0.tar.xz
+/samba-4.2.1.tar.xz
+/samba-4.2.2.tar.xz
+/samba-4.2.3.tar.xz
+/samba-4.2.5.tar.xz
+/samba-4.2.6.tar.xz
+/samba-4.2.7.tar.xz
+/samba-4.2.8.tar.xz
+/samba-4.2.9.tar.xz
+/samba-4.2.11.tar.xz
+/samba-4.2.12.tar.xz
--- a/samba-4.2.0rc3-fix_debug_macro.patch
+++ b/samba-4.2.0rc3-fix_debug_macro.patch
@ -1,70 +0,0 @@
-From 3a2a35eade8739fc5a52526ea3d64a7a36254351 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Thu, 8 Jan 2015 10:24:36 +0100
-Subject: [PATCH] lib/util: Avoid collision which alread defined consumer DEBUG
- macro.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11033
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Martin Schwenke <martin@meltin.net>
-
-(cherry picked from commit 87c176563baea3458c5322f1e3dfae6cf074b4b4)
-Signed-off-by: Andreas Schneider <asn@samba.org>
---
- lib/util/debug.h | 6 +++---
- lib/util/fault.h | 5 +++++
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/lib/util/debug.h b/lib/util/debug.h
-index 27c319b..fa07d40 100644
--- a/lib/util/debug.h
-+++ b/lib/util/debug.h
-@@ -20,8 +20,8 @@
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
- 
-#ifndef _DEBUG_H
-#define _DEBUG_H
-+#ifndef _SAMBA_DEBUG_H
-+#define _SAMBA_DEBUG_H
- 
- #include <stdbool.h>
- #include <stddef.h>
-@@ -262,4 +262,4 @@ typedef void (*debug_callback_fn)(void *private_ptr, int level, const char *msg)
-  */
- void debug_set_callback(void *private_ptr, debug_callback_fn fn);
- 
-#endif
-+#endif /* _SAMBA_DEBUG_H */
-diff --git a/lib/util/fault.h b/lib/util/fault.h
-index 98a24a3..aa10a71 100644
--- a/lib/util/fault.h
-+++ b/lib/util/fault.h
-@@ -24,11 +24,15 @@
- #include <sys/types.h>
- 
- #include "attr.h"
-+
-+#ifndef DEBUG
- #include "debug.h"
-+#endif /* DEBUG */
- 
- /**
-  * assert macros
-  */
-+#ifdef _SAMBA_DEBUG_H
- #define SMB_ASSERT(b) \
- do { \
- 	if (!(b)) { \
-@@ -37,6 +41,7 @@ do { \
- 		smb_panic("assert failed: " #b); \
- 	} \
- } while(0)
-+#endif /* _SAMBA_DEBUG_H */
- 
- extern const char *panic_action;
- 
-- 
-2.2.1
-
--- a/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
+++ b/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
@ -0,0 +1,71 @@
+From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Fri, 22 Jan 2016 11:44:03 +0200
+Subject: [PATCH] s3-parm: clean up defaults when removing global parameters
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693
+
+When globals are re-initialized, they are cleared and globals' talloc
+context is freed. However, parm_table still contains a reference to the
+global value in the defaults. This confuses lpcfg_string_free() after
+commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
+free already freed pointer which is passed by lp_save_defaults():
+
+....
+    case P_STRING:
+    case P_USTRING:
+                  lpcfg_string_set(Globals.ctx,
+                                   &parm_table[i].def.svalue,
+                                   *(char **)lp_parm_ptr(NULL, &parm_table[i]));
+....
+
+here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
+is a pointer to a value allocated with previous Globals.ctx which
+already was freed.
+
+This specifically affects registry backend of smb.conf in lp_load_ex()
+where init_globals() called explicitly to re-init globals after
+lp_save_defaults() if we have registry backend defined.
+
+Reviewed-by: Uri Simchoni <uri@samba.org>
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+
+Autobuild-User(master): Uri Simchoni <uri@samba.org>
+Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144
+---
+ source3/param/loadparm.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index 94de252..9bd47dc 100644
+--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
+@@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum)
+  */
+ static void free_global_parameters(void)
+ {
+	uint32_t i;
+	struct parm_struct *parm;
+
+ 	free_param_opts(&Globals.param_opt);
+ 	free_parameters_by_snum(GLOBAL_SECTION_SNUM);
+
+	/* Reset references in the defaults because the context is going to be freed */
+	for (i=0; parm_table[i].label; i++) {
+		parm = &parm_table[i];
+		if ((parm->type == P_STRING) ||
+		    (parm->type == P_USTRING)) {
+			if ((parm->def.svalue != NULL) &&
+			    (*(parm->def.svalue) != '\0')) {
+				if (talloc_parent(parm->def.svalue) == Globals.ctx) {
+					parm->def.svalue = NULL;
+				}
+			}
+		}
+	}
+ 	TALLOC_FREE(Globals.ctx);
+ }
+ 
+-- 
+2.5.5
+
--- a/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
+++ b/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
@ -0,0 +1,60 @@
+From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Tue, 12 Apr 2016 09:36:12 +0300
+Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted
+ domains DCs
+
+  Allow cm_connect_netlogon() to talk to trusted domains' DCs when
+  running in a domain member configuration.
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+---
+ source3/winbindd/winbindd_cm.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 63175e5..1ef3d17 100644
+--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
+@@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
+  anonymous:
+ 
+ 	/* Finally fall back to anonymous. */
+-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+	    (IS_DC || domain->primary)) {
+ 		status = NT_STATUS_DOWNGRADE_DETECTED;
+-		DEBUG(1, ("Unwilling to make SAMR connection to domain %s"
+		DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
+ 			  "without connection level security, "
+ 			  "must set 'winbind sealed pipes = false' and "
+ 			  "'require strong key = false' to proceed: %s\n",
+@@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
+ 
+  anonymous:
+ 
+-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+	    (IS_DC || domain->primary)) {
+ 		result = NT_STATUS_DOWNGRADE_DETECTED;
+-		DEBUG(1, ("Unwilling to make LSA connection to domain %s"
+		DEBUG(1, ("Unwilling to make LSA connection to domain %s "
+ 			  "without connection level security, "
+ 			  "must set 'winbind sealed pipes = false' and "
+ 			  "'require strong key = false' to proceed: %s\n",
+@@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
+ 
+  no_schannel:
+ 	if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
+-		if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
+		if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
+		    (IS_DC || domain->primary)) {
+ 			result = NT_STATUS_DOWNGRADE_DETECTED;
+-			DEBUG(1, ("Unwilling to make connection to domain %s"
+			DEBUG(1, ("Unwilling to make connection to domain %s "
+ 				  "without connection level security, "
+ 				  "must set 'winbind sealed pipes = false' and "
+ 				  "'require strong key = false' to proceed: %s\n",
+-- 
+2.5.5
+
--- a/samba-4.2.12-smbspool_krb5_install_path.patch
+++ b/samba-4.2.12-smbspool_krb5_install_path.patch
@ -0,0 +1,29 @@
+From b504918372df0a55585c92da445f4e1fba4af04a Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 12 Feb 2016 08:46:10 +0100
+Subject: [PATCH] s3-waf: Install smbspool_krb5_wrapper in LIBEXECDIR
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Martin Schwenke <martin@meltin.net>
+
+Autobuild-User(master): Martin Schwenke <martins@samba.org>
+Autobuild-Date(master): Sat Feb 13 00:41:33 CET 2016 on sn-devel-144
+---
+ source3/wscript_build | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/source3/wscript_build b/source3/wscript_build
+index 0c7dfc2..6f47c35 100755
+--- a/source3/wscript_build
+++ b/source3/wscript_build
+@@ -1191,6 +1191,7 @@ bld.SAMBA3_BINARY('smbspool_krb5_wrapper',
+                  DYNCONFIG
+                  cups
+                  ''',
+                 install_path='${LIBEXECDIR}/samba',
+                  enabled=bld.CONFIG_SET('HAVE_CUPS'))
+ 
+ bld.SAMBA3_BINARY('testparm',
+-- 
+2.5.5
+
--- a/samba.spec
+++ b/samba.spec
--- a/2
+++ b/2
@ -1 +1 @@
-72a9cac473a2a3368eea9e7333ae6aa3  samba-4.2.0rc3.tar.xz
+e598a3ef169d2361d4277a39036f63a9  samba-4.2.12.tar.xz
Author	SHA1	Message	Date
Andreas Schneider	c9c656d6ef	Package /usr/libexec/samba directory resolves: #1346229	2016-06-16 08:32:56 +02:00
Günther Deschner	9b8834de10	Fix the build of 4.2.12 (w.r.t. smbspool krb5 helper) Guenther Signed-off-by: Guenther Deschner <gd@samba.org>	2016-05-03 16:19:16 +02:00
Günther Deschner	3d8c3cb3a7	Update to Samba 4.2.12 Guenther	2016-05-03 09:51:40 +02:00
Günther Deschner	d89d561988	Update to Samba 4.2.11, fix badlock security bug resolves: #1326453 - CVE-2015-5370 resolves: #1326453 - CVE-2016-2110 resolves: #1326453 - CVE-2016-2111 resolves: #1326453 - CVE-2016-2112 resolves: #1326453 - CVE-2016-2113 resolves: #1326453 - CVE-2016-2114 resolves: #1326453 - CVE-2016-2115 resolves: #1326453 - CVE-2016-2118 Guenther	2016-04-12 19:36:46 +02:00
Günther Deschner	d826544fa7	CVE-2015-7560 Incorrect ACL get/set allowed on symlink path resolves: #1315942	2016-03-09 09:19:36 +01:00
Günther Deschner	af0f2554f6	Update to Samba 4.2.8 Guenther	2016-03-09 09:18:34 +01:00
Günther Deschner	cc1615395a	Update to Samba 4.2.7 (security release) resolves: #1292069 CVE-2015-3223 Remote DoS in Samba (AD) LDAP server CVE-2015-5252 Insufficient symlink verification in smbd CVE-2015-5296 Samba client requesting encryption vulnerable to downgrade attack CVE-2015-5299 Missing access control check in shadow copy code CVE-2015-7540 DoS to AD-DC due to insufficient checking of asn1 memory allocation Guenther	2015-12-16 13:47:55 +01:00
Günther Deschner	3ee9fba944	Update to Samba 4.2.6 Guenther	2015-12-09 15:30:09 +01:00
Günther Deschner	c9d5246e3c	Update to Samba 4.2.5 Guenther	2015-11-09 18:39:28 +01:00
Günther Deschner	d846dd69e1	Update to Samba 4.2.3 resolves: #1088911 Guenther	2015-07-14 15:29:59 +02:00
Andreas Schneider	cc4f0811d8	Own the /var/lib/samba directory	2015-06-24 14:04:23 +02:00
Andreas Schneider	750e37b89e	Fix tar support in smbclient	2015-06-24 14:04:14 +02:00
Christoph Wickert	babfce9ad2	Fix trivial typo	2015-06-24 14:03:45 +02:00
Günther Deschner	428a26b918	Update to Samba 4.2.2 Guenther	2015-05-29 12:26:18 +02:00
Alexander Bokovoy	e086e4164c	Remove usage of deprecated gnutls APIs	2015-05-29 12:26:04 +02:00
Alexander Bokovoy	a797802842	Samba 4.2 broke FreeIPA trusts to AD Fixes #1219834	2015-05-11 20:31:10 +03:00
Alexander Bokovoy	7f71dc3fee	Fix bug 1217346 FreeIPA trusts to AD broken due to Samba 4.2 failure to run LSARPC pipe externally	2015-04-30 13:11:53 +03:00
Alexander Bokovoy	8c4ecc69cf	Back out samba-common-tools dependency from samba-client We need to avoid pulling in Python 2.7 dependency in samba-client due to requirement from Fedora installer to migrate to Python 3	2015-04-27 16:43:26 +03:00
Alexander Bokovoy	9efcb7cebb	Require samba-common-tools in samba and samba-client packages Resolves: #1215631	2015-04-27 14:16:28 +03:00
Alexander Bokovoy	082c9d6058	Fix build with systemd libraries systemd-related fixes did not land in Samba 4.2.1 release, they are in v4-2-test branch _past_ 4.2.1 release. We need to keep going with a local patch until 4.2.2 release.	2015-04-25 09:54:48 +03:00
Andreas Schneider	1b9d99efc1	Fix libwbclient alternatives link. resolves: #1214973	2015-04-24 15:15:13 +02:00
Günther Deschner	427f6ef661	Add vfs snapper module. Guenther	2015-04-22 09:54:41 +02:00
Günther Deschner	67eceb8aec	remove snapper vfs module from the default build. Guenther	2015-04-22 09:54:40 +02:00
Günther Deschner	567467ce2a	Update to Samba 4.2.1 Guenther	2015-04-22 09:54:38 +02:00
Andreas Schneider	453c02a3ab	Update Samba to version 4.2.1	2015-04-22 09:54:35 +02:00
Andreas Schneider	a06d06604d	Revert to BuildRequires: systemd-devel	2015-04-08 17:11:43 +02:00
Andreas Schneider	1df9cd10c0	Fix libsystemd detection. resolves: #1207381	2015-04-08 17:11:41 +02:00
Andreas Schneider	54b3198613	Fix dependencies.	2015-03-25 15:56:06 +01:00
Andreas Schneider	1634ac77c9	Split the samba-common package to fix multiarch issues	2015-03-25 15:56:05 +01:00
Andreas Schneider	4d58122b8f	Create samba-client-libs subpackage.	2015-03-25 15:56:04 +01:00
Andreas Schneider	1e5c647f22	Fix the AD build.	2015-03-25 15:56:01 +01:00
Günther Deschner	4bc2708e27	Update to Samba 4.2.0 Guenther	2015-03-05 23:36:15 +01:00
Andreas Schneider	3b58bc20d1	Update to Samba 4.2.0rc5	2015-03-05 23:36:11 +01:00
Andreas Schneider	929360d5e1	Remove obsolete patch.	2015-03-05 23:36:02 +01:00
Andreas Schneider	da0d92a0bc	Update to Samba 4.2.0rc4	2015-03-05 23:35:53 +01:00