Update to Samba 4.4.14

resolves: #1455050 - Security fix for CVE-2017-7494 Guenther
Fix nss_wins crash
2017-05-24 09:39:30 +02:00 · 2017-04-06 16:12:20 +02:00 · 2017-03-31 10:22:45 +02:00 · 2017-03-23 11:31:40 +01:00 · 2017-03-16 10:53:54 +01:00 · 2017-03-01 12:40:35 +01:00
7 changed files with 171 additions and 159 deletions
--- a/.gitignore
+++ b/.gitignore
@ -66,3 +66,13 @@ samba-3.6.0pre1.tar.gz
 /samba-4.4.2.tar.xz
 /samba-4.4.3.tar.xz
 /samba-4.4.4.tar.xz
+/samba-4.4.5.tar.xz
+/samba-4.4.6.tar.xz
+/samba-4.4.7.tar.xz
+/samba-4.4.8.tar.xz
+/samba-4.4.9.tar.xz
+/samba-4.4.10.tar.xz
+/samba-4.4.11.tar.xz
+/samba-4.4.12.tar.xz
+/samba-4.4.13.tar.xz
+/samba-4.4.14.tar.xz
--- a/samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
+++ b/samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
@ -1,35 +0,0 @@
-From 97d7bc19bb463cfbb9d45b69cec1e668eb15b4a1 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <ab@samba.org>
-Date: Thu, 7 May 2015 14:12:03 +0000
-Subject: [PATCH] auth/credentials: if credentials have principal set, they are
- not anonymous anymore
-
-When dealing with Kerberos, we cannot consider credentials anonymous
-if credentials were obtained properly.
-
-Signed-off: Alexander Bokovoy <ab@samba.org>
---
- auth/credentials/credentials.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index 78b5955..b1ccc5a 100644
--- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -921,6 +921,13 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
- 						    cred->machine_account_pending_lp_ctx);
- 	}
- 
-+	if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
-+		/* if principal is set, it's not anonymous */
-+		if (cred->principal && cred->principal_obtained >= cred->username_obtained) {
-+			return false;
-+		}
-+	}
-+
- 	username = cli_credentials_get_username(cred);
- 	
- 	/* Yes, it is deliberate that we die if we have a NULL pointer
-- 
-2.4.0
-
--- a/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
+++ b/samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
@ -1,59 +0,0 @@
-From afb52fd865448042ddda6b660df159f93f344b93 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Tue, 12 Apr 2016 09:36:12 +0300
-Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted
- domains DCs
-
-  Allow cm_connect_netlogon() to talk to trusted domains' DCs when
-  running in a domain member configuration.
-
-  BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
-
-Signed-off-by: Alexander Bokovoy <ab@samba.org>
---
- source3/winbindd/winbindd_cm.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
-index 45e3fad..6f5a042 100644
--- a/source3/winbindd/winbindd_cm.c
-+++ b/source3/winbindd/winbindd_cm.c
-@@ -2851,9 +2851,10 @@ retry:
-  anonymous:
- 
- 	/* Finally fall back to anonymous. */
-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
-+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
-+	    (IS_DC || domain->primary)) {
- 		status = NT_STATUS_DOWNGRADE_DETECTED;
-		DEBUG(1, ("Unwilling to make SAMR connection to domain %s"
-+		DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
- 			  "without connection level security, "
- 			  "must set 'winbind sealed pipes = false' and "
- 			  "'require strong key = false' to proceed: %s\n",
-@@ -3150,7 +3151,8 @@ retry:
- 
-  anonymous:
- 
-	if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
-+	if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
-+	    (IS_DC || domain->primary)) {
- 		result = NT_STATUS_DOWNGRADE_DETECTED;
- 		DEBUG(1, ("Unwilling to make LSA connection to domain %s "
- 			  "without connection level security, "
-@@ -3324,9 +3326,10 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain,
- 	TALLOC_FREE(netlogon_creds);
- 
- 	if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
-		if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
-+		if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
-+		    (IS_DC || domain->primary)) {
- 			result = NT_STATUS_DOWNGRADE_DETECTED;
-			DEBUG(1, ("Unwilling to make connection to domain %s"
-+			DEBUG(1, ("Unwilling to make connection to domain %s "
- 				  "without connection level security, "
- 				  "must set 'winbind sealed pipes = false' and "
- 				  "'require strong key = false' to proceed: %s\n",
-- 
-2.5.5
-
--- a/samba-4.4.x-fix_nss_wins_crash.patch
+++ b/samba-4.4.x-fix_nss_wins_crash.patch
@ -0,0 +1,35 @@
+From 119825e3df9b65ea24f28a7faf39b54861d62f0c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 19 Sep 2016 16:21:31 +0200
+Subject: [PATCH] waf: Explicitly link libreplace against libnss_wins.so
+
+If we do not specify replace as a depencency here, it will not link to
+libreplace using an rpath.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12277
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Jim McDonough <jmcd@samba.org>
+
+(cherry picked from commit d8a5565ae647352d11d622bd4e73ff4568678a7c)
+---
+ nsswitch/wscript_build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
+index f286896..ab8f8ea 100644
+--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
+@@ -42,7 +42,7 @@ if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)):
+     bld.SAMBA3_LIBRARY('nss_wins',
+                        keep_underscore=True,
+                        source='wins.c',
+-                       deps='''wbclient''',
+                       deps='wbclient replace',
+                        public_headers=[],
+                        public_headers_install=False,
+                        pc_files=[],
+-- 
+2.10.0
+
--- a/samba.spec
+++ b/samba.spec
@ -6,9 +6,9 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering

-%define main_release 1
+%define main_release 0

-%define samba_version 4.4.4
+%define samba_version 4.4.14
 %define talloc_version 2.1.6
 %define tdb_version 1.3.8
 %define tevent_version 0.9.28
@ -107,7 +107,7 @@ Source6: samba.pamd
 Source200: README.dc
 Source201: README.downgrade

-Patch0:    samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
+Patch0: samba-4.4.x-fix_nss_wins_crash.patch

 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)

@ -150,7 +150,7 @@ BuildRequires: dbus-devel
 BuildRequires: docbook-style-xsl
 BuildRequires: e2fsprogs-devel
 BuildRequires: gawk
-BuildRequires: krb5-devel >= 1.10
+BuildRequires: krb5-devel >= 1.14
 BuildRequires: libacl-devel
 BuildRequires: libaio-devel
 BuildRequires: libarchive-devel
@ -161,6 +161,7 @@ BuildRequires: libxslt
 BuildRequires: ncurses-devel
 BuildRequires: openldap-devel
 BuildRequires: pam-devel
+BuildRequires: perl-generators
 BuildRequires: perl(ExtUtils::MakeMaker)
 BuildRequires: perl(Parse::Yapp)
 BuildRequires: popt-devel
@ -183,6 +184,8 @@ BuildRequires: libcephfs1-devel
 %endif
 %if %{with_dc}
 BuildRequires: gnutls-devel >= 3.4.7
+# Required by samba-tool to run tests
+BuildRequires: python-crypto
 %endif

 # pidl requirements
@ -320,8 +323,10 @@ Requires: %{name}-libs = %{samba_depver}
 Requires: %{name}-dc-libs = %{samba_depver}
 Requires: %{name}-python = %{samba_depver}
 Requires: %{name}-winbind = %{samba_depver}
+%if %{with_dc}
 # samba-tool requirements
 Requires: python-crypto
+%endif

 Provides: samba4-dc = %{samba_depver}
 Obsoletes: samba4-dc < %{samba_depver}
@ -407,7 +412,7 @@ the Kerberos credentials cache of the user issuing the print job.
 %package libs
 Summary: Samba libraries
 Group: Applications/System
-Requires: krb5-libs >= 1.10
+Requires: krb5-libs >= 1.14
 Requires: %{name}-client-libs = %{samba_depver}
 %if %with_libwbclient
 Requires: libwbclient = %{samba_depver}
@ -685,7 +690,7 @@ and use CTDB instead.
 %prep
 %setup -q -n samba-%{version}%{pre_release}

-%patch0 -p 1 -b .samba-4.4.2-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
+%patch0 -p1 -b .samba-4.4.x-fix_nss_wins_crash.patch

 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@ -853,7 +858,7 @@ for i in nmb smb winbind ; do
    install -m 0644 tmp$i.service %{buildroot}%{_unitdir}/$i.service
 done
 %if %with_clustering_support
-install -m 0755 ctdb/config/ctdb.service %{buildroot}%{_unitdir}
+install -m 0644 ctdb/config/ctdb.service %{buildroot}%{_unitdir}
 %endif

 # NetworkManager online/offline script
@ -914,7 +919,7 @@ fi

 %postun client
 if [ $1 -eq 0 ] ; then
-    %{_sbindir}/update-alternatives --remove cups_backend_smb %{_libexecdir}/samba/smbspool
+    %{_sbindir}/update-alternatives --remove cups_backend_smb %{_bindir}/smbspool
 fi

 %post client-libs -p /sbin/ldconfig
@ -1094,7 +1099,7 @@ rm -rf %{buildroot}
 %attr(1777,root,root) %dir /var/spool/samba
 %dir %{_sysconfdir}/openldap/schema
 %config %{_sysconfdir}/openldap/schema/samba.schema
-%config %{_sysconfdir}/pam.d/samba
+%config(noreplace) %{_sysconfdir}/pam.d/samba
 %{_mandir}/man1/smbstatus.1*
 %{_mandir}/man8/eventlogadm.8*
 %{_mandir}/man8/smbd.8*
@ -1209,8 +1214,6 @@ rm -rf %{buildroot}
 %{_mandir}/man8/tdbtool.8*
 %endif

-%dir %{_libdir}/samba/ldb
-
 %if %with_internal_ldb
 %{_bindir}/ldbadd
 %{_bindir}/ldbdel
@ -1252,7 +1255,6 @@ rm -rf %{buildroot}
 %{_libdir}/libsamdb.so.*
 %{_libdir}/libsmbconf.so.*
 %{_libdir}/libsmbldap.so.*
-%{_libdir}/libtevent-unix-util.so.*
 %{_libdir}/libtevent-util.so.*
 %{_libdir}/libdcerpc.so.*

@ -1297,6 +1299,7 @@ rm -rf %{buildroot}
 %{_libdir}/samba/libnet-keytab-samba4.so
 %{_libdir}/samba/libnetif-samba4.so
 %{_libdir}/samba/libnpa-tstream-samba4.so
+%{_libdir}/samba/libposix-eadb-samba4.so
 %{_libdir}/samba/libprinting-migrate-samba4.so
 %{_libdir}/samba/libreplace-samba4.so
 %{_libdir}/samba/libregistry-samba4.so
@ -1393,6 +1396,8 @@ rm -rf %{buildroot}
 # common libraries
 %{_libdir}/samba/libpopt-samba3-samba4.so

+%dir %{_libdir}/samba/ldb
+
 %dir %{_libdir}/samba/pdb
 %{_libdir}/samba/pdb/ldapsam.so
 %{_libdir}/samba/pdb/smbpasswd.so
@ -1506,7 +1511,6 @@ rm -rf %{buildroot}
 %{_libdir}/samba/service/nbtd.so
 %{_libdir}/samba/service/ntp_signd.so
 %{_libdir}/samba/service/s3fs.so
-%{_libdir}/samba/service/smb.so
 %{_libdir}/samba/service/web.so
 %{_libdir}/samba/service/winbindd.so
 %{_libdir}/samba/service/wrepl.so
@ -1515,7 +1519,6 @@ rm -rf %{buildroot}
 %{_libdir}/samba/libdnsserver-common-samba4.so
 %{_libdir}/samba/libdsdb-module-samba4.so
 %{_libdir}/samba/libntvfs-samba4.so
-%{_libdir}/samba/libposix-eadb-samba4.so
 %{_libdir}/samba/bind9/dlz_bind9_9.so
 %else
 %doc packaging/README.dc-libs
@ -1620,7 +1623,6 @@ rm -rf %{buildroot}
 %{_libdir}/libsamba-util.so
 %{_libdir}/libsamdb.so
 %{_libdir}/libsmbconf.so
-%{_libdir}/libtevent-unix-util.so
 %{_libdir}/libtevent-util.so
 %{_libdir}/pkgconfig/dcerpc.pc
 %{_libdir}/pkgconfig/dcerpc_samr.pc
@ -1696,6 +1698,8 @@ rm -rf %{buildroot}
 %{_libdir}/samba/libHDB-SAMBA4-samba4.so
 %{_libdir}/samba/libasn1-samba4.so.8
 %{_libdir}/samba/libasn1-samba4.so.8.0.0
+%{_libdir}/samba/libcom_err-samba4.so.0
+%{_libdir}/samba/libcom_err-samba4.so.0.25
 %{_libdir}/samba/libgssapi-samba4.so.2
 %{_libdir}/samba/libgssapi-samba4.so.2.0.0
 %{_libdir}/samba/libhcrypto-samba4.so.5
@ -1938,59 +1942,116 @@ rm -rf %{buildroot}

 %files -n ctdb-tests
 %defattr(-,root,root)
-%dir %{_libdir}/ctdb-tests
-%{_libdir}/ctdb-tests/comm_client_test
-%{_libdir}/ctdb-tests/comm_server_test
-%{_libdir}/ctdb-tests/comm_test
-%{_libdir}/ctdb-tests/ctdb_bench
-%{_libdir}/ctdb-tests/ctdb_fetch
-%{_libdir}/ctdb-tests/ctdb_fetch_one
-%{_libdir}/ctdb-tests/ctdb_fetch_readonly_loop
-%{_libdir}/ctdb-tests/ctdb_fetch_readonly_once
-%{_libdir}/ctdb-tests/ctdb_functest
-%{_libdir}/ctdb-tests/ctdb_lock_tdb
-%{_libdir}/ctdb-tests/ctdb_persistent
-%{_libdir}/ctdb-tests/ctdb_porting_tests
-%{_libdir}/ctdb-tests/ctdb_randrec
-%{_libdir}/ctdb-tests/ctdb_store
-%{_libdir}/ctdb-tests/ctdb_stubtest
-%{_libdir}/ctdb-tests/ctdb_takeover_tests
-%{_libdir}/ctdb-tests/ctdb_trackingdb_test
-%{_libdir}/ctdb-tests/ctdb_transaction
-%{_libdir}/ctdb-tests/ctdb_traverse
-%{_libdir}/ctdb-tests/ctdb_update_record
-%{_libdir}/ctdb-tests/ctdb_update_record_persistent
-%{_libdir}/ctdb-tests/db_hash_test
-%{_libdir}/ctdb-tests/pkt_read_test
-%{_libdir}/ctdb-tests/pkt_write_test
-%{_libdir}/ctdb-tests/protocol_client_test
-%{_libdir}/ctdb-tests/protocol_types_test
-%{_libdir}/ctdb-tests/rb_test
-%{_libdir}/ctdb-tests/reqid_test
-%{_libdir}/ctdb-tests/srvid_test
+%dir %{_libexecdir}/ctdb/tests
+%{_libexecdir}/ctdb/tests/comm_client_test
+%{_libexecdir}/ctdb/tests/comm_server_test
+%{_libexecdir}/ctdb/tests/comm_test
+%{_libexecdir}/ctdb/tests/ctdb_bench
+%{_libexecdir}/ctdb/tests/ctdb_fetch
+%{_libexecdir}/ctdb/tests/ctdb_fetch_one
+%{_libexecdir}/ctdb/tests/ctdb_fetch_readonly_loop
+%{_libexecdir}/ctdb/tests/ctdb_fetch_readonly_once
+%{_libexecdir}/ctdb/tests/ctdb_functest
+%{_libexecdir}/ctdb/tests/ctdb_lock_tdb
+%{_libexecdir}/ctdb/tests/ctdb_persistent
+%{_libexecdir}/ctdb/tests/ctdb_porting_tests
+%{_libexecdir}/ctdb/tests/ctdb_randrec
+%{_libexecdir}/ctdb/tests/ctdb_store
+%{_libexecdir}/ctdb/tests/ctdb_stubtest
+%{_libexecdir}/ctdb/tests/ctdb_takeover_tests
+%{_libexecdir}/ctdb/tests/ctdb_trackingdb_test
+%{_libexecdir}/ctdb/tests/ctdb_transaction
+%{_libexecdir}/ctdb/tests/ctdb_traverse
+%{_libexecdir}/ctdb/tests/ctdb_update_record
+%{_libexecdir}/ctdb/tests/ctdb_update_record_persistent
+%{_libexecdir}/ctdb/tests/db_hash_test
+%{_libexecdir}/ctdb/tests/pidfile_test
+%{_libexecdir}/ctdb/tests/pkt_read_test
+%{_libexecdir}/ctdb/tests/pkt_write_test
+%{_libexecdir}/ctdb/tests/protocol_client_test
+%{_libexecdir}/ctdb/tests/protocol_types_test
+%{_libexecdir}/ctdb/tests/rb_test
+%{_libexecdir}/ctdb/tests/reqid_test
+%{_libexecdir}/ctdb/tests/srvid_test
 %{_bindir}/ctdb_run_tests
 %{_bindir}/ctdb_run_cluster_tests
-%dir %{_datadir}/ctdb-tests
-%dir %{_datadir}/ctdb-tests/eventscripts
-%{_datadir}/ctdb-tests/eventscripts/etc-ctdb/events.d
-%{_datadir}/ctdb-tests/eventscripts/etc-ctdb/functions
-%{_datadir}/ctdb-tests/eventscripts/etc-ctdb/nfs-checks.d
-%{_datadir}/ctdb-tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
-%{_datadir}/ctdb-tests/eventscripts/etc-ctdb/statd-callout
-%dir %{_datadir}/ctdb-tests/onnode
-%{_datadir}/ctdb-tests/onnode/functions
-%dir %{_datadir}/ctdb-tests/scripts
-%{_datadir}/ctdb-tests/scripts/common.sh
-%{_datadir}/ctdb-tests/scripts/integration.bash
-%{_datadir}/ctdb-tests/scripts/test_wrap
-%{_datadir}/ctdb-tests/scripts/unit.sh
-%dir %{_datadir}/ctdb-tests/simple
-%{_datadir}/ctdb-tests/simple/functions
-%{_datadir}/ctdb-tests/simple/nodes
+%dir %{_datadir}/ctdb/tests
+%dir %{_datadir}/ctdb/tests/eventscripts
+%{_datadir}/ctdb/tests/eventscripts/etc-ctdb/events.d
+%{_datadir}/ctdb/tests/eventscripts/etc-ctdb/functions
+%{_datadir}/ctdb/tests/eventscripts/etc-ctdb/nfs-checks.d
+%{_datadir}/ctdb/tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
+%{_datadir}/ctdb/tests/eventscripts/etc-ctdb/statd-callout
+%dir %{_datadir}/ctdb/tests/onnode
+%{_datadir}/ctdb/tests/onnode/functions
+%dir %{_datadir}/ctdb/tests/scripts
+%{_datadir}/ctdb/tests/scripts/common.sh
+%{_datadir}/ctdb/tests/scripts/integration.bash
+%{_datadir}/ctdb/tests/scripts/test_wrap
+%{_datadir}/ctdb/tests/scripts/unit.sh
+%dir %{_datadir}/ctdb/tests/simple
+%{_datadir}/ctdb/tests/simple/functions
+%{_datadir}/ctdb/tests/simple/nodes
 %doc ctdb/tests/README
 %endif # with_clustering_support

 %changelog
+* Wed May 24 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.14-0
+- Update to Samba 4.4.14
+- resolves: #1455050 - Security fix for CVE-2017-7494
+
+* Thu Apr 06 2017 Andreas Schneider <asn@redhat.com> - 4.4.13-1
+- resolves: #1364666 - Fix nss_wins crash
+
+* Fri Mar 31 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.13-0
+- Update to Samba 4.4.13
+- related: #1435156 - Security fix for CVE-2017-2619
+
+* Thu Mar 23 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.12-0
+- Update to Samba 4.4.12
+- resolves: #1435156 - Security fix for CVE-2017-2619
+
+* Thu Mar 16 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.11-0
+- Update to Samba 4.4.11
+
+* Wed Mar 01 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.10-0
+- Update to Samba 4.4.10
+
+* Wed Jan 04 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.9-0
+- Update to Samba 4.4.9
+
+* Mon Dec 19 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.8-0
+- Update to Samba 4.4.8
+- resolves: #1405984 - CVE-2016-2123,CVE-2016-2125 and CVE-2016-2126
+
+* Mon Dec 05 2016 Rex Dieter <rdieter@fedoraproject.org> - -
+- rebuild (libldb)
+
+* Fri Nov 04 2016 Anoop C S <anoopcs@redhat.com> - 4.4.7-2
+- Fix glfs_realpath allocation in vfs_glusterfs
+
+* Wed Oct 26 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.7-1
+- Update to Samba 4.4.7
+
+* Thu Sep 22 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.6-1
+- Update to Samba 4.4.6
+
+* Wed Sep 14 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.5-2
+- Fix smbspool alternatives handling during samba-client uninstall
+
+* Thu Jul 07 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.5-1
+- Update to Samba 4.4.5
+- resolves: #1353504 - CVE-2016-2119
+
+* Thu Jun 23 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.4-4
+- resolves: #1348899 - Import of samba.ntacls fails
+
+* Mon Jun 20 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-3
+- resolves: #1337260 - Small fix to the example smb.conf file
+
+* Wed Jun 15 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-2
+- Fix resolving trusted domain users on domain member
+
 * Tue Jun 07 2016 Guenther Deschner <gdeschner@redhat.com> - 4.4.4-1
 - Update to Samba 4.4.4
 - resolves: #1343529
--- a/smb.conf.example
+++ b/smb.conf.example
@ -295,7 +295,7 @@
 ;	writable = no
 ;	share modes = no

-# Un-comment the following to provide a specific roving profile share.
+# Un-comment the following to provide a specific roaming profile share.
 # The default is to use the user's home directory:
 ;	[Profiles]
 ;	path = /var/lib/samba/profiles
@ -308,6 +308,6 @@
 ;	comment = Public Stuff
 ;	path = /home/samba
 ;	public = yes
-;	writable = yes
+;	writable = no
 ;	printable = no
 ;	write list = +staff
--- a/2
+++ b/2
@ -1 +1 @@
-001dc67499f5b834c7570c6d118af1fc  samba-4.4.4.tar.xz
+SHA512 (samba-4.4.14.tar.xz) = 6fce503974e48ad120c42bc53b88c67b4b9ccd72b921cd854f6e46d51fe29db7ff37316c3317c8b16ac74fcb8cad1924aa490fa0d1fee2a8152e94ff75d8ce38
Author	SHA1	Message	Date
Günther Deschner	77b0b0e7f7	Update to Samba 4.4.14 resolves: #1455050 - Security fix for CVE-2017-7494 Guenther	2017-05-24 09:39:30 +02:00
Andreas Schneider	3f00133370	Fix nss_wins crash resolves: #1364666	2017-04-06 16:12:20 +02:00
Günther Deschner	1f279f6b3b	Update to Samba 4.4.13 related: #1435156 - Security fix for CVE-2017-2619 Guenther	2017-03-31 10:22:45 +02:00
Günther Deschner	3b228fcdbc	Update to Samba 4.4.12 resolves: #1435156 - Security fix for CVE-2017-2619 Guenther	2017-03-23 11:31:40 +01:00
Günther Deschner	3c1e4c121b	Update to Samba 4.4.11 Guenther	2017-03-16 10:53:54 +01:00
Günther Deschner	2d1d6fb9c9	Update to Samba 4.4.10 Guenther	2017-03-01 12:40:35 +01:00
Günther Deschner	b15ae90556	Update to Samba 4.4.9 Guenther	2017-01-04 12:36:26 +01:00
Günther Deschner	581f0ad413	Add CKSUMTYPE build fix Guenther	2016-12-19 16:55:25 +01:00
Günther Deschner	73534a5320	Update to Samba 4.4.8 resolves: #1405984 - CVE-2016-2123,CVE-2016-2125 and CVE-2016-2126 Guenther	2016-12-19 16:25:48 +01:00
Anoop C S	3fd4af2bd8	Remove executable permission bits from ctdb service file Avoids the following warning message from /var/log/messages: ... systemd: Configuration file /usr/lib/systemd/system/ctdb.service is marked executable. Please remove executable permission bits. Proceeding anyway. ... Signed-off-by: Anoop C S <anoopcs@redhat.com>	2016-12-07 19:34:40 +05:30
Rex Dieter	51e7bd4c65	rebuild (libldb)	2016-12-07 19:34:30 +05:30
Anoop C S	58f0168507	Fix glfs_realpath allocation in vfs_glusterfs Signed-off-by: Anoop C S <anoopcs@redhat.com>	2016-11-04 19:40:52 +05:30
Günther Deschner	e077064f62	Update to Samba 4.4.7 Guenther	2016-10-26 12:24:06 +02:00
Günther Deschner	cfe0a228de	Update to Samba 4.4.6 Guenther	2016-09-22 18:04:12 +02:00
Günther Deschner	d98ace60c1	Fix client postun path for smbspool handling Guenther	2016-09-14 13:05:41 +02:00
Andreas Schneider	db8cc2574d	Increase required Kerbersion version number	2016-08-17 08:36:35 +02:00
Andreas Schneider	04791bb336	Package /var/lib/samba/ldb in the common-libs package Since gensec also parses secrets.ldb all our tools like 'net' are looking for this directory and print a warning if it doesn't exist.	2016-08-17 08:36:33 +02:00
Andreas Schneider	95eb202c19	Fix python-crypto requirements	2016-08-17 08:36:31 +02:00
Günther Deschner	51adbf01b9	Update to Samba 4.4.5 resolves: #1353504 - CVE-2016-2119 Guenther	2016-07-07 13:45:02 +02:00
Petr Písař	6b9b534c5d	Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >	2016-07-07 13:45:00 +02:00
Günther Deschner	48212403d0	Import of samba.ntacls fails resolves: #1348899 Guenther	2016-06-23 14:55:34 +02:00
Andreas Schneider	7c28044a29	Small fix to the example smb.conf file resolves: #1337260	2016-06-20 12:03:18 +02:00
Andreas Schneider	ffce0c6776	Fix resolving trusted domain users on domain member	2016-06-16 07:16:57 +02:00
Andreas Schneider	639cf0c65a	Set noreplace for /etc/pam.d/samba	2016-06-16 07:16:52 +02:00
Andreas Schneider	b842bc4009	Remove unused patch	2016-06-16 07:16:50 +02:00
Andreas Schneider	31f2dd93ff	Fix the DC build	2016-06-16 07:16:49 +02:00