Packages changed: autoyast2 (3.1.125 -> 3.1.126) bluedevil5 (5.6.2 -> 5.6.3) breeze (5.6.2 -> 5.6.3) breeze-gtk (5.6.2 -> 5.6.3) breeze4-style (5.6.2 -> 5.6.3) btrfsprogs (4.5.1 -> 4.5.2) dmidecode hexchat html2text htmldoc joe (4.1 -> 4.2) kactivitymanagerd (5.6.2 -> 5.6.3) kcm_sddm (5.6.2 -> 5.6.3) kde-cli-tools5 (5.6.2 -> 5.6.3) kde-gtk-config5 (5.6.2 -> 5.6.3) kde-user-manager (5.6.2 -> 5.6.3) kernel-source (4.5.2 -> 4.5.3) khotkeys5 (5.6.2 -> 5.6.3) kinfocenter5 (5.6.2 -> 5.6.3) kmenuedit5 (5.6.2 -> 5.6.3) kscreen5 (5.6.2 -> 5.6.3) kscreenlocker (5.6.2 -> 5.6.3) ksshaskpass5 (5.6.2 -> 5.6.3) ksysguard5 (5.6.2 -> 5.6.3) kwayland (5.6.2 -> 5.6.3) kwin5 (5.6.2 -> 5.6.3) libkdecoration2 (5.6.2 -> 5.6.3) libkscreen2 (5.6.2 -> 5.6.3) libksysguard5 (5.6.2 -> 5.6.3) libxml2 liferea (1.10.18 -> 1.10.19) lsof (4.88 -> 4.89) mdadm (3.3.4 -> 3.4) milou5 (5.6.2 -> 5.6.3) openssl (1.0.2g -> 1.0.2h) oxygen5 (5.6.2 -> 5.6.3) pixman plasma-nm5 (5.6.2 -> 5.6.3) plasma5-addons (5.6.2 -> 5.6.3) plasma5-desktop (5.6.2 -> 5.6.3) plasma5-openSUSE plasma5-pa (5.6.2 -> 5.6.3) plasma5-session (5.6.2 -> 5.6.3) plasma5-workspace (5.6.2 -> 5.6.3) polkit-kde-agent-5 (5.6.2 -> 5.6.3) postgresql-init powerdevil5 (5.6.2 -> 5.6.3) qtcurve-kde4 samba systemsettings5 (5.6.2 -> 5.6.3) taglib (1.10 -> 1.11) virt-manager webkit2gtk3 (2.12.1 -> 2.12.2) wicked (0.6.32 -> 0.6.33) xf86-input-evdev (2.10.1 -> 2.10.2) xmlstarlet (1.5.0 -> 1.6.1) yast2-update (3.1.37 -> 3.1.39) === Details === ==== autoyast2 ==== Version update (3.1.125 -> 3.1.126) Subpackages: autoyast2-installation - Media-based AutoUpgrade case for feature: No Recommends in * -release RPMs (FATE#320199) - 3.1.126 ==== bluedevil5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== breeze ==== Version update (5.6.2 -> 5.6.3) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-wallpapers - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== breeze-gtk ==== Version update (5.6.2 -> 5.6.3) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== breeze4-style ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== btrfsprogs ==== Version update (4.5.1 -> 4.5.2) Subpackages: libbtrfs0 - update to 4.5.2 * new/moved command: btrfs-calc-stats -> btrfs inspect tree-stats * check: fix false alert for metadata blocks crossing stripe boundary * check: catch when qgroup numbers mismatch * check: detect running quota rescan and report mismatches * balance start: add safety delay before doing a full balance * fi sync: is now silent * fi show: don't miss filesystems with partially matching uuids * dev ready: accept only one argument for device * dev stats: print "devid:N" for a missing device instead of "(null)" * other: * lowest supported version of e2fsprogs is 1.41 * minor cleanups, test updates - Removed patch: 2000-btrfs-full-balance-warning.diff ==== dmidecode ==== - dmidecode-01-add-no-sysfs-option-description-to-h-output.patch: Add "--no-sysfs" option description to -h output. - dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch: Fix 'No SMBIOS nor DMI entry point found' on SMBIOS3. - dmidecode-03-let-read_file-return-the-actual-data-size.patch: Let read_file return the actual data size. - dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch: Use read_file() to read the DMI table from sysfs. https://savannah.nongnu.org/bugs/?46176 - dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch: Use DWORD for Structure table maximum size in SMBIOS3. - dmidecode-06-hide-irrelevant-fixup-message.patch: Hide irrelevant fixup message. http://savannah.nongnu.org/support/?109024 ==== hexchat ==== Subpackages: hexchat-lang - Add migrate-configuration-from-xchat.patch Fate#318480:replace xchat with hexchat,automaticly migrate settings from xchat: http://hexchat.readthedocs.io/en/latest/faq.html#how-do-i-migrate-my-settings-from-xchat ==== html2text ==== - Cleanup spec file with spec-cleaner - Use macro for configure - Do not ship INSTALL - Remove useless provides/obsoletes - Add gpg signature - Use url for source ==== htmldoc ==== - Cleanup spec file with spec-cleaner - Use macro for configure ==== joe ==== Version update (4.1 -> 4.2) - Update to 4.2: * New or improved syntax files for the following languages: * Dockerfile * Usability Enhancements * The top Google help searches for JOE include: * How do I save and exit? The startup copyright notice has been replaced with basic help for beginners * How do I dismiss the region highlighting? Changed to Ctrl-C will do it. * How do I close all files and exit? Now Ctrl-K Q does this. * Restyle the help screens. * Remove time and "Ctrl-K H for help" message from status bar. * Add ^KH for help to search and replace prompts. * Provide aborthint and helphint options * Enable -noxon by default (disable ^S/^Q flow control). * Document ESC X (command prompt) in the help screens. * "joe --help" now prints all command line options. * Other Enhancements * Tags search now tries to find the tags file in parent directories if it does not exist in the current directory and if the TAGS environment variable was not set. * Built-in calculator can now print and accept numbers in binary, octal and engineering formats: __dec__ 12_345 __eng__ 12.345_0e3 __bin__ 0b11_0000_0011_1001 __oct__ 0o3_0071 __hex__ 0x3039 * Built-in calculator now prints and accepts separating underscores for clarity. * Enhanced calculator statistics functions: * __dev__ computes standard deviation with full population * __samp__ computes standard deviation with sample of population * Linear regression analysis. Select a region of x and y values, then: * __lr__(x) provide estimate of y given x * __rlr__(y) provide estimate of x given y * __Lr__, __lR__, __LR__: log, exponential, power regression * Calculator region functions now assume the entire buffer if no region is set. * Tab completion now works at the calculator prompt (and in all prompts which allow numeric input, such as ^KL- go to line). * Make new regex engine (from JOE 4.1) more compatible with the classic engine. \\y is now shorthand for \\(\\.\\\*\\), so that it does what \\\* did in the old engine. Also: * \\. no longer matches newline. * \\\* matches shortest match, not longest match. * Add -left and -right options to control the amount scrolling when the cursor moves past the left or right edge of the screen. * Bugs fixed * Fix use after free bug which shows up as a crash in OpenBSD * Fix bug where indent step value was not shown on ^T menu * Fix bug where setting margin doesn't work on big-endian systems * Fix issue where highest valued unicode character equivalent was not translating to its corresponding 8-bit character. Effect of this was that Delete key was not working in shell windows in ASCII character set. * Standard deviation calculator function was not producing correct results. * Allow koi8r and koi8-r for KOI8-R in joe_getcodeset (which is only used if there is no setlocale). * Guess_crlf forced UNIX line endings for new files even though crlf was set. Now crlf is left alone if guess_crlf can not determine the line ending. * If cursor was at end of a long line and you switched to hex dump display mode, then hex dump was scrolled. Now scroll offset is reset when you switch to hex display mode. - Resynched patches: joe-3.3-warnings.patch joe-3.7-spec_association.patch - Update German translations ==== kactivitymanagerd ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kcm_sddm ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kde-cli-tools5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kde-gtk-config5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kde-user-manager ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kernel-source ==== Version update (4.5.2 -> 4.5.3) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.5.3. - Delete patches.arch/arm64-kvm-fix-hrtimer.patch. - Delete patches.fixes/sched-cgroup-Fix-cleanup-cgroup-teardown-init.patch. - Update config files (BMP085 changed to m). - commit d29747f - sched/cgroup: Fix/cleanup cgroup teardown/init. - commit 4da1329 ==== khotkeys5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: khotkeys5-devel - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kinfocenter5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kmenuedit5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kscreen5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kscreenlocker ==== Version update (5.6.2 -> 5.6.3) Subpackages: libKScreenLocker5 - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== ksshaskpass5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== ksysguard5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kwayland ==== Version update (5.6.2 -> 5.6.3) Subpackages: kwayland-devel - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== kwin5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: kwin5-devel - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== libkdecoration2 ==== Version update (5.6.2 -> 5.6.3) Subpackages: libkdecoration2-devel libkdecorations2-5 libkdecorations2private5 - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== libkscreen2 ==== Version update (5.6.2 -> 5.6.3) Subpackages: libKF5Screen7 libkscreen2-devel libkscreen2-plugin - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== libksysguard5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: libksysguard5-devel libksysguard5-helper - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== libxml2 ==== Subpackages: libxml2-2 libxml2-2-32bit libxml2-devel libxml2-tools - Add libxml2-2.9.1-CVE-2016-3627.patch to fix stack exhaustion while parsing certain XML files in recovery mode (CVE-2016-3627, bnc#972335). - Add 0001-Add-missing-increments-of-recursion-depth-counter-to.patch to improve protection against Billion Laughs Attack (bnc#975947). ==== liferea ==== Version update (1.10.18 -> 1.10.19) - Update to version 1.10.19: + Fixes gh#lwindolf/liferea#317: Compilation problems in 1.10.18 release. + Fixes gh#lwindolf/liferea#73: Problem with updating favicons. ==== lsof ==== Version update (4.88 -> 4.89) - Update to version 4.89 * Applied correction from Casper Dik to his patch for Solaris 11 that I applied incorrectly in revision 4.88. * Updated for latest version of FreeBSD 11.0-CURRENT. * Compensated for a missing FreeBSD 10.0 typedef of bool on the i386 architecture. Allen Hewes provided a test system. Andrey Chernov provided useful advice. * Improved tests/Add2TestDB script with a patch from Peter Schiffer . Added patches from Peter to eliminate Linux gcc warnings. Updated Lsof.8 with improvements supplied by Bjarni Ingi Gislason . * Changed FreeBSD global CFLAGS extraction per Terry Kennedy . Also made sure -DNEEDS_BOOL_TYPEDEF is [#]define'd when the resulting CFLAGS doesn't contain it. Terry reported that need. * Improved Linux test for tcp.h in response to a report from Cato Auestad . Cato did the testing. * Fixed Linux UNIX socket search by name bug reported by Stephane Chazelas . * Added Linux display of UNIX socket endpoint information with code provided by Masatake YAMATO . Peter Schiffer provided a test system. * Insured that type definitions from were again made visible to lsof on FreeBSD 11 after a system header file change hid them. - use spec-cleaner to clean specfile ==== mdadm ==== Version update (3.3.4 -> 3.4) - New upstream release mdadm-3.4 Adds support for clustered-raid1 and journalled raid5 - 0001-super1-Clear-memory-allocated-for-superblock-bitmap-.patch Important upstream bugfix relating to uninialised memory. ==== milou5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== openssl ==== Version update (1.0.2g -> 1.0.2h) Subpackages: libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit - OpenSSL Security Advisory [3rd May 2016] - update to 1.0.2h (boo#977584, boo#977663) * Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. (CVE-2016-2107, boo#977616) * Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. (CVE-2016-2105, boo#977614) * Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. (CVE-2016-2106, boo#977615) * Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. (CVE-2016-2109, boo#976942) * EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. (CVE-2016-2176, boo#978224) * Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. * Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. * Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. ==== oxygen5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: oxygen5-cursors oxygen5-decoration oxygen5-devel oxygen5-lang oxygen5-sounds oxygen5-style - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== pixman ==== Subpackages: libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-devel - Add pixman-private-correct-include.patch: pixman-private: include only in C code, patch from upstream git. ==== plasma-nm5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== plasma5-addons ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== plasma5-desktop ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== plasma5-openSUSE ==== Subpackages: plasma5-desktop-branding-openSUSE plasma5-workspace-branding-openSUSE - Bump Plasma (Build)Requires to 5.6.3 ==== plasma5-pa ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== plasma5-session ==== Version update (5.6.2 -> 5.6.3) - Reset the DEFAULT_WM value in %post for KDE upgrade compatibility, script taken from kdebase4-session (boo#978454) - Bump to 5.6.3 ==== plasma5-workspace ==== Version update (5.6.2 -> 5.6.3) Subpackages: drkonqi5 plasma5-workspace-devel plasma5-workspace-libs - Add digitalclock-fix-show-seconds.patch: Fixes displaying seconds in the digital clock which was broken with certain locales ("C" e.g.) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== polkit-kde-agent-5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== postgresql-init ==== - fix building on sle11: - guard all systemd related parts with build conditional - do not own fwdir on sle11 - Increase the default timeout for pg_ctl from 60 to 600 seconds and make it configurable (bsc#966285). ==== powerdevil5 ==== Version update (5.6.2 -> 5.6.3) - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== qtcurve-kde4 ==== Subpackages: libqtcurve-cairo1 libqtcurve-utils2 qtcurve-gtk2 qtcurve-qt5 - Added fix-build-with-gcc5.patch: fixes build in Factory ==== samba ==== Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962). - Revert shared library packaging to comply with SLPP - Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862). - Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197). - Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package. - Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223). - Upgrade on-disk FSRVP server state to new version; (bsc#924519). - Only obsolete but do not provide gplv2/3 package names; (bsc#968973). - Relocate existing lock files to /var/lib/samba/lock; (bsc#968963). - Obsolete no longer existing samba-32bit package; (bsc#967625). - Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732). - Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361). - Simplify shared library packaging; (bsc#966956). - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023). - Add quotes around path of update-apparmor-samba-profile; (bnc#962177). - Remove autoconf build-time requirement. - Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659). - Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249). - Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972). - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems. - Remove redundant configure options while adding with-relro. - Relocate the lockdir to the /var/lib/samba/lock directory. - Cleanup and enhance the pidl sub package. - Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage. - Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555). - Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038). - Relocate the tmpfiles.d directory to the client package; (bnc#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051). - Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502). - Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013). - Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488). - Configure with --bundled-libraries=NONE; (bso#11458). - Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284). - Remove libiniparser-devel build-time requirement. - Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "?PTHREAD_MUTEX_ROBUST? undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371). - Disable rpath usage; (bnc#902421). - Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909). - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457). - Order winbind.service Before and Want nss-user-lookup target. - Remove fam-devel build-time dependency for post-6 RHEL systems. - Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033). - Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854). - Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf. - Drop redundant doc attribute from man pages. - Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813). - Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374). - Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root. - Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304). - Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127). - Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376). - Fix usage of freed memory on server exit; (bso#11218); (bnc#919309). - Fix tdb_store_flag_to_ntdb() gcc5 build failure. - Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238). - Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059). - Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages. - Enable avahi support on post-12.2 systems. - Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034). - yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922). - Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627). - Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175). - Fix spoolss error response marshalling; (bso#10984). - Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942). - Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312). - Use the upstream tar ball, as signature verification is now able to handle compressed archives. - Fix leak when closing file descriptor returned from dirfd; (bso#10918). - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898). - Remove dependency on gpg-offline as signature checking is implemented in the source validator. - Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860). - Update to 4.2.0rc2. - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346). - Backport upstream master fixes for samba-regedit; (bnc#896536). - BuildRequire python-xml on SUSE systems only. - BuildRequire python-xml. - Exclude unwanted texpect binary and libhttp, libsamba-cluster-support, libsamba-debug, and libsocket-blocking shared libs. - Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct, tstream_smbXcli_np, idtree, and idtree_random header files. - Remove nmblookup and smbclient4 binary and nmblookup4 man page. - Update to 4.2.0rc1. - Fix small memory-leak in the background print process; (bnc#899558). - Modify samba-regedit so it displays correctly (related to ncurses). Changed code to use menu sub windows, seems to fix problems with display not refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536). - Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and the man page of the unused findsmb script. - Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969). - Update to 4.1.12. + s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout". Please see smb.conf man page for details; (bso#3204); (bnc#872912). + Fix smbd crashes when filename contains non-ascii character; (bso#10716). + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects; (bso#10749). + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570). + s4:setup/dns_update_list: make use of the new substitution variables; (bso#9831). + build: Fix configure to honour '--without-dmapi'; (bso#10369). + provision: Correctly provision the SOA record minimum TTL; (bso#10466). + s3: Enforce a positive allocation_file_size for non-empty files; (bso#10543). + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640). + Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories; (bso#10650). + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652). + lib: strings: Simplify strcasecmp; (bso#10716). + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections; (bso#10723). + 'net time': Fix usage and core dump; (bso#10728). + sys_poll_intr: Fix timeout arithmetic; (bso#10731). + s3:idmap: Don't log missing range config if range checking not requested; (bso#10737). + Fix flapping VFS gpfs offline bit; (bso#10741). + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742). + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for; (bso#10751). + samba: Retain case sensitivity of cifs client; (bso#10755). + lib: Remove unused nstrcpy; (bso#10758). + Fix a memory leak in cli_set_mntpoint(); (bso#10759). + docs: Fix typos in smb.conf (inherit acls); (bso#10761). + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(); (bso#10773). + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(); (bso#10773). + Don't discard result of checking grouptype; (bso#10777). + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778). + smbd: Properly initialize mangle_hash; (bso#10782). + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787). + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read; (bso#10794). - Wait for network-online.target to prevent caching of pre-network failures; (bnc#889175). - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend; (bnc#773464). - Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912). - fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774). - Remove pre-11.2 patch which by default uses the smbpasswd passdb backend. - build: disable mmap on s390 systems; (bso#10765); (bnc#886193); (bnc#882356). - Create the cups smb backend as sym link pointing to smbspool; (bnc#891220). - Fix winbind service parameter usage; (bnc#890005). - lib/param: change the default for "winbind expand groups" to "0"; (bnc#890008). - Update to 4.1.11. + A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429). - Fix "net time" segfault; (bso#10728); (bnc#889539). - Update to 4.1.10. + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263). + dbcheck: Add check and test for various invalid userParameters values; (bso#8077). + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077). + Simple use case results in "no talloc stackframe around, leaking memory" error; (bso#8449). + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763). + dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130). + s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294). + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469). + dbchecker: Verify and fix broken dn values; (bso#10536). + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582). + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587). + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret"; (bso#10593). + rid_array used before status checked - segmentation fault due to null pointer dereference; (bso#10627). + Samba won't start on a machine configured with only IPv4; (bso#10653). + msg_channel: Fix a 100% CPU loop; (bso#10663). + s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673). + samba-tool: Add --site parameter to provision command; (bso#10674). + smbstatus: Fix an uninitialized variable; (bso#10680). + SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684). + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685). + 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client; (bso#10687). + wbcCredentialCache fails if challenge_blob is not first; (bso#10692). + Backport ldb-1.1.17 + changes from master; (bso#10693). + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693). + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693). + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693). + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910); (bso#10693). + ldb: make the successful ldb_transaction_start() message clearer; (bso#10693). + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693). + ldb: Use of NULL pointer bugfix; (bso#10693). + lib/ldb: Fix compiler warnings; (bso#10693). + pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693). + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693). + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694). + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694). + Backport autobuild/selftest fixes from master; (bso#10696). + Backport drs-crackname fixes from master; (bso#10698). + smbd: Avoid double-free in get_print_db_byname; (bso#10699). + Backport access check related fixes from master; (bso#10700). + Backport provision fixes from master; (bso#10703). + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706). + s3: Fix missing braces in nfs4_acls.c. - Reduce printer_list.tdb lock contention during printcap update; (bso#10652); (bnc#883870). + Only update the printer share inventory when needed. - Add missing newline to debug message in daemon_ready(); (bnc#865627). - BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627). - Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). - Update to 4.1.9. + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962). + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler; CVE-2014-3493; (bnc#883758). - BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case. - BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent on CentOS, Fedora, and RHEL systems. - Update to 4.1.8. + dns: Don't reply to replies; CVE-2014-0239; (bso#10609). + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549). + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124). + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command; (bso#10151). + s3: nmbd: Reset debug settings after reading config file; (bso#10239). + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348). + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'; (bso#10472). + wafsamba: Fix the installation on FreeBSD; (bso#10472). + Use exit_daemon() to communicate status of startup to systemd; (bso#10517). + Fix adding NetApps; (bso#10524). + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544). + s3: lib/util: set_namearray reads across end of namelist; (bso#10544). + idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0; (bso#10547). + build: Fix ordering problems with lib-provided and internal RPATHs; (bso#10548). + Fix read of deleted memory in reply_writeclose()'; (bso#10554). + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556). + Fix lock order violation and file lost; (bso#10564). + dsdb: Do checks for invalid renames in samldb, before repl_meta_data; (bso#10569). + Fix wildcard unlink to fail if we get an error rather than trying to continue; (bso#10577). + byteorder: Do not assume PowerPC is big-endian; (bso#10590). + printing: Fix purge of all print jobs; (bso#10612). - examples/libsmbclient: avoid some compiler warnings; (bso#10624). - Fix printer job purging; (bso#10612); (bnc#879390). - Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17. - Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701). - Pass through vfs_btrfs snapshot manipulation requests when "btrfs: manipulate snapshots = no" is configured; (bnc#874180). - Clone the base share security descriptor when exposing a snapshot share; (bnc#874656). - Use appropriate HRESULT return codes; (bnc#875046). - Update to 4.1.7. + Make "force user" work as expected; (bso#9878). + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911). + Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942). + s3-printing: Fix obvious memory leak in printer_list_get_printer(); (bso#9993). + doc: Add "spoolss: architecture" parameter usage; (bso#10188). + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200). + Make (lib)smbclient work with NetApp; (bso#10230). + SessionLogoff on a signed connection with an outstanding notify request crashes smbd; (bso#10344). + dfs: Always call create_conn_struct with root privileges; (bso#10378). + 'net ads search' on high latency networks can return a partial list with no error indication; (bso#10387). + max xmit > 64kb leads to segmentation fault; (bso#10422). + Fix STATUS_NO_MEMORY response from Query File Posix Lock request; (bso#10431). + Increase max netbios name components; (bso#10439). + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order; (bso#10444). + Fix 'wbinfo -i' with one-way trust; (bso#10458). + samba4 services not binding on IPv6 addresses causing connection delays; (bso#10464). + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467). + Don't respond with NXDOMAIN to records that exist with another type; (bso#10471). + pidl: waf should have an option for the dir to install perl files and do not glob; (bso#10472). + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474). + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481). + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE; (bso#10484). + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs; (bso#10504). + Make 'smbreadline' build with readline 6.3; (bso#10506). + smbd: Correctly add remote users into local groups; (bso#10508). + rpcclient FSRVP request UNCs should include a trailing backslash; (bso#10521). + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534). + s3:rpc_server: Minor refactoring of process_request_pdu(). - Create a new DBus connection for every vfs_snapper request, to ensure correct snapper UID detection; (bnc#866354). - Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658). - Fix minor compiler warnings in snapshot code-path; (bnc#873177). - Remove references to the obsolete samba-krb-printing package and get_printing_ticket binary. - Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549); (bnc#872396). - User error strings instead of hex codes where possible for FSRVP errors; (bnc#866927). - Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957). - Add krb5rcache directory to the winbind package; (bnc#870607). - Cleanup and consolidate the sysconfig and systemd service files. - Extend vfs_snapper man page to cover permissions; (bnc#870570). - Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707). - Default with the cache and lock directory to the same path to have both non-persistent and persistent data at one location; (bnc#846586). - Depend only on %version with all manual Provides and Requires; (bnc#844307). - Update to 4.1.6. + Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866). - Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). - Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665). - samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442; (bnc#855866). - Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095). - Propagate snapshot enumeration permissions errors to SMB clients; (bnc#865641). - Properly handle empty 'requires_membership_of' entries in /etc/security/pam_winbind.conf; (bnc#865771). - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397). - Use libarchive to provide improved smbclient tarmode functionality; (bso#9667); (bnc#861135). - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). - Update to 4.1.5. + Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork; (bso#10358); (bnc#786677). + smbd: Fix memory overwrites; (bso#10415). + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(); (bso#2191). + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind; (bso#10087). + s3: smbpasswd: Fix crashes on invalid input; (bso#10320). + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open; (bso#10406). + Add support for Heimdal's unified krb5 and hdb plugin system, cope with first element in hdb_method having a different name in different heimdal versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418). + vfs_btrfs: Fix incorrect zero length server-side copy request handling; (bso#10424). + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429). + smbd: Fix an ancient oplock bug; (bso#10436). + Fix crash bug in smb2_notify code; (bso#10442). - Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). - Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079). + Improve vfs_snapper documentation. - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). - Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415); (bnc#862370). - Streamline the vendor suffix handling and add support for SLE 12. - Fix zero length server-side copy request handling; (bso#10424); (bnc#862558). - Set the PID directory to /run/samba on post-12.2 systems. - Make use of the tmpfilesdir macro while calling systemd-tmpfiles. - Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937). - Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH definitions; (bnc#860832). - Check for NULL gensec_security in gensec_security_by_auth_type(); (bnc#860809). - Ensure ndr table initialization; (bnc#860648). - Add File Server Remote VSS Protocol (FSRVP) server for SMB share shadow-copies; (fate#313346). - s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662). - shadow_copy2: module "Previous Version" not working in Windows 7; (bso#10259). - s3-passdb: Fix string duplication to pointers; (bso#10367). - vfs/glusterfs: in case atime is not passed, set it to the current atime; (bso#10384) - s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(); (bso#10358); (bnc#786677). - Default sysconfig daemon options to -D; (bso#10388); (bnc#857454). - Add /var/cache/samba to the client file list; (bnc#846586). - Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454). - Correct sysconfig variable names by adding the missing D char; (bnc#857454). - Update to 4.1.4. + Fix segfault in smbd; (bso#10284). + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311). - Call stop_on_removal from preun and restart_on_update and insserv_cleanup from postun on pre-12.3 systems only; (bnc#857454). - BuildRequire gamin-devel instead of unmaintained fam-devel package on post-12.1 systems. - smbd: allow updates on directory write times on open handles; (bso#9870). - lib/util: use proper include for struct stat; (bso#10276). - s3:winbindd fix use of uninitialized variables; (bso#10280). - s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285). - s3-lib: Fix %G substitution for domain users in smbd; (bso#10286). - smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open; (bso#10297). - smb2_server processing overhead; (bso#10298). - ldb: bad if test in ldb_comparison_fold(); (bso#10305). - Fix AIO with SMB2 and locks; (bso#10310). - smbd: Fix a panic when a smb2 brlock times out; (bso#10311). - vfs_glusterfs: Enable per client log file; (bso#10337). - Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454). - Create /var/run/samba with systemd-tmpfiles on post-12.2 systems; (bnc#856759). - Fix broken rc{nmb,smb,winbind} sym links which should point to the service binary on post-12.2 systems; (bnc#856759). - Add Snapper VFS module for snapshot manipulation; (fate#313347). + dbus-1-devel required at build time. - Add File Server Remote VSS Protocol (FSRVP) client for SMB share shadow-copies; (fate#313345). - Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part of the minimum build environment. - Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347). - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks. - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770). - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - BuildRequire systemd on post-12.2 systems. - Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'; (bso#10193). + Make offline logon cache updating for cross child domain group membership; (bso#10194). + nsswitch: Fix short writes in winbind_write_sock; (bso#10195). + RW Deny for a specific user is not overriding RW Allow for a group; (bso#10196). + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(); (bso#10224). + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs; (bso#10224). + VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity; (bso#10224). + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232). + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247). + Fix the build of vfs_glusterfs; (bso#10253). + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries; (bso#10264). + util: Remove 32bit macros breaking strict aliasing; (bso#10269). - Let gpg verify execution condition not fail on non SUSE systems. - Add systemd support for post-12.2 systems. - Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). - Unconditionally create the CUPS smb backend sym link pointing to smbspool; (bnc#850656). - Update to 4.1.1. + ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). - Private key in key.pem world readable; CVE-2013-4476; (bnc#848103). - ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). - Update to 4.1.0. + pam_winbindd: Support the KEYRING ccache type; (bso#10132). + Fix PAC parsing failure; (bso#10178). - Unify the defattr lines in the pidl, python, test and test-devel files section by removing the optional directory mode. - Verify source tar ball gpg signature. - Update to 4.1.0rc4. + dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs; (bso#8077). + python-samba-tool fsmo: Do not give an error on a successful role transfer; (bso#9461). + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008). + Raise the level of a debug when unable to open a printer; (bso#10118). + Add "acl allow execute always" parameter; (bso#10134). + vfs_shadow_copy2: Display previous versions correctly over SMB2; (bso#10137). + smbd: Always clean up share modes after hard crash; (bso#10138). + Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144). + Samba SMB2 client code reads the wrong short name length in a directory listing reply; (bso#10145). + libcli/smb: Only check the SMB2 session setup signature if required and valid; (bso#10146). + Better document potential implications of a globally used "valid users"; (bso#10147). + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149). + Not all OEM servers support the ALTNAME info level; (bso#10150). + Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects; (bso#10157). + Netbios related samba process consumes 100% CPU; (bso#10158). + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162). - Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel. - Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0, libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0, libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0, libsmbldap0, and libtevent-util0 to baselibs.conf. - Add or polish the shared library package summaries and descriptions. - Update to 4.1.0rc3. + Fix working on site with Read Only Domain Controller; (bso#5917). + Add man page for vfs_syncops; (bso#7364). + Add man page for vfs_linux_xfs_sgid; (bso#7490). + When replicating DNS for bind9_dlz we need to create the server-DNS account remotely; (bso#9091). + Winbind unable to retrieve user information from AD; (bso#9615). + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO; (bso#9899). + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911). + Add SMB2 and SMB3 support for smbclient; (bso#9974). + Add man pages for ntdb tools; (bso#10000). + Add man page for samba-regedit tool; (bso#10001). + ::1 added to nameserver on join; (bso#10030). + Fix memory leak in source3/lib/util.c:1493; (bso#10063). + Fix segmentation fault in 'net ads join'; (bso#10073). + Fix variable list in vfs_crossrename man page; (bso#10076). + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082). + smbd: Fix async echo handler forking; (bso#10086). + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). + Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). + Fix Winbind crashes on DC with trusted AD domains; (bso#10107). + Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). + Masks incorrectly applied to UNIX extension permission changes; (bso#10121). - Implement shared library packaging guidelines. - Correct interpackage dependencies; (bso#10129). - Define the source URL differently in the case of a release candidate. - Update to 4.1.0rc2. + Add vfs_btrfs module. + Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. + Fix replication with --domain-crictical-only to fill in backlinks; (bso#9029). + Windows 8 Roaming profiles fail; (bso#9678). + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + Do not delete an existing valid credential cache (s3-winbind); (bso#9994). + Fix segfault while reading incomplete session info; (bso#10003). + Missing integer wrap protection in EA list reading can cause server to loop with DOS (CVE-2013-4124); (bso#10010). + Fix a 100% loop at shutdown time (smbd); (bso#10013). + Fix/improve debug options; (bso#10015). + Rename regedit to samba-regedit; (bso#10040). + Remove obsolete swat manpage and references; (bso#10041). + Fix crashes in socket_get_local_addr(); (bso#10042). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Remove a redundant inlined substitution of ACLs; (bso#10045). + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048). + dsdb improvements; (bso#10056). + Linux kernel oplock breaks can miss signals; (bso#10064). - BuildRequire pyldb-devel. - Add libnetapi0 and samba-libs to baselibs.conf. - Update to 4.0.9. + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + s3-lib: Fix segmentation fault while reading incomplete session info; (bso#10003). + smbd: Fix a 100% loop at shutdown time; (bso#10013). + Windows 8 Roaming profiles fail; (bso#9678). + Add UPN enumeration to passdb internal API; (bso#9779). + smbd: Cleanup disonnected durable handles; (bso#9930). + vfs_streams_xattr: Do not attempt to write empty attribute twice; (bso#9970). + Fix Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + s3-winbind: Do not delete an existing valid credential cache; (bso#9994). + Fix excessive RID allocation; (bso#10014). + Add debugclass for DNS server; (bso#10015). + Fix/improve debug options; (bso#10015). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Linux kernel oplock breaks can miss signals; (bso#10064). + net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073). - Update to 4.0.8. + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969). - Require krb5 and not the non existing krb5-libs package. - Update to 4.1.0rc1. + Directory database replication (AD DC mode) + Server-Side Copy Support + Btrfs Filesystem Integration - BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp. - BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version. - Require perl-base on SUSE systems only. - Adjust group setting of the test-devel subpackage. - Require perl-base from the pidl subpackage. - Remove libdir/samba/ldb after install if we're building Samba without Active Directory Domain Controller support. - Remove unused ccache switch from the spec file. - BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the man pages and add them to the package again. - Build from the package from the top level directory; (bnc#794744). - BuildRequire pytalloc-devel, python-tdb, and python-tevent. - Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1 SUSE systems. - Remove the empty data dir from the doc package filelist. - Explicitly use samba instead of the name macro to define the docbook dir. - Update to 4.0.7. + Fix a core dump with invalid lock order while opening/editing or copying MS files; (bso#9794). + Fix crash bug from search of mail=; (bso#9967). + s3-rpc_server: Ensure we are root when starting and using gensec; (bso#9465). + Add support for MX queries; (bso#9485). + dns: Delete dnsNode objects when they are empty; (bso#9559). + dns: Support larger queries when asking forwarder; (bso#9632). + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805). + Use of wrong RFC2307 primary group field; (bso#9880). + Check for system libtevent; (bso#9881). + is_printer_published GUID retrieval; (bso#9900). + Doc fixes for 4.0; (bso#9906). + Build fixes for 4.0 found during autoconf or debian packaging work; (bso#9907). + build: Add missing new line to replaced python shebang line; (bso#9909). + PIE builds not supported; (bso#9910). + s4:winbind: Don't leak libnet_context into the main event context; (bso#9929). + Fix a bug of drvupgrade of smbcontrol; (bso#9941). + Check for netbios aliases in ad_get_referrals; (bso#9947). + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953). + docs: Avoid mentioning a possibly misleading option; (bso#9964). + Fix build with system Heimdal of samba4kgetcred; (bso#9968). - Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and OBS for any other operating system to define the vendor string while build. - Remove ldapsmb from the main spec file. - Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man. - Don't bzip2 the main tar ball, use the upstream gziped one instead. - Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and libopenssl-devel. - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). - Update to 4.0.6. + Fix crash during Win8 sync; (bso#9822). + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834). + Fix the username map optimization; (bso#9139). + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). + SMB2 server doesn't support recvfile; (bso#9412). + Fix the build of vfs_notify_fam; (bso#9545). + Fix adding case sensitive spn; (bso#9699). + Properly handle oplock breaks in compound requests; (bso#9722). + Properly handle oplock breaks in compound requests; (bso#9722). + Cache name_to_sid/sid_to_name correctly; (bso#9766). + Fix 'net ads join' when called via stdin; (bso#9767). + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775). + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading; (bso#9777). + Fix panic when running 'smbtorture smb.base'; (bso#9782). + Use specified python for runtime installation of Samba; (bso#9785). + Change '--with-dmapi' to 'default=auto' to match the autoconf build; (bso#9803). + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION; (bso#9804). + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807). + Package new dbwrap_tool man page; (bso#9809). + Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem; (bso#9811). + Fix 'map untrusted to domain' with NTLMv2; (bso#9817). + SMB signing and the async echo responder don't work together; (bso#9824). + Fix panic in nt_printer_publish_ads; (bso#9830). + talloc use after free in winbind4; (bso#9832). + Function called in unix_convert() path can overwrite errno; (bso#9833). + Fix NULL pointer dereference in Winbind; (bso#9854). + Fix making LIBNDR_PREG_OBJ; (bso#9868). - Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches. - Update to 4.0.5. + Fix large reads/writes from some Linux clients; (bso#9706). + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740). + Can't delegate adding computers to domain; (bso#9267). + Fix GNU ld version detection with old gcc releases; (bso#7825). + Never try to map global SAM name; (bso#9039). + Certain xattrs cause Windows error 0x800700FF; (bso#9130). + Samba returns unexpected error on SMB posix open; (bso#9519). + Fix build on AIX; (bso#9557). + libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa; (bso#9617). + Reauth-capable client fails to access shares on Windows member; (bso#9625). + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636). + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639). + Fix the build of vfs_afsacl; (bso#9642). + Fix the build with --fake-kaserver; (bso#9643). + Fix compile of source3/lib/afs.c; (bso#9644). + Make SMB2_GETINFO multi-volume aware; (bso#9646). + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653). + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656). + 'make test' hangs; (bso#9663). + Fix correct linking of libreplace with cmdline-credentials; (bso#9664). + Fix filtering of link-local addresses; (bso#9666). + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669). + Samba denies owner Read Control when there is a DENY entry while W2K08 does not; (bso#9674). + Fix several resource (fd) leaks; (bso#9683). + Fix a memory leak in spoolss rpc server; (bso#9685). + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686). + Fix several possible null pointer dereferences; (bso#9687). + Make sure that domain joins work correctly when the DC disallows NTLM auth; (bso#9689). + Backport tevent changes to bring library to version 0.9.18; (bso#9695). + Remove incomplete samba_dnsupdate IPv6 link-local address check; (bso#9696). + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket; (bso#9697). + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833). + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703). + Fix nss_winbind name on FreeBSD; (bso#9704). + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls; (bso#9711). + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717). + s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307; (bso#9718). + Allow forcing an override of an old @MODULES record; (bso#9719). + Do not print the admin password during 'samba-tool classicupgrade'; (bso#9720). + Make samba_upgradedns more robust (do not guess addresses when just changing roles); (bso#9721). + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723). + is_encrypted_packet() function incorrectly used inside server; (bso#9724). + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725). + Fix NULL pointer dereference; (bso#9727). + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728). + Fix 'smbcontrol close-share'; (bso#9733). + Fix Winbind separator in upn to username conversion; (bso#9735). + Change to smbd/dir.c code gives significant performance increases on large directory listings; (bso#9736). + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739). + Make sure that we only propogate the INHERITED flag when we are allowed to; (bso#9747). + Remove unneeded fstat system call from hot read path; (bso#9748). + Don't leak the epm_Map policy handle; (bso#9758). + Fix incorrect parsing of SMB2 command codes; (bso#9760). - Update to 4.0.4. + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624). - Fix periodic printcap cache reloads; (bso#9650); (bnc#807334). - No longer use the cifs- or smbfstab named configuration file on post-12.2 systems; (bnc#804822); (bnc#821889). - Shift the smbfs init script nfs dependency from Required to Should. - Fix SMB1 Session Setup AndX handling with a large krb PAC; (bso#9658); (bnc#802031). - Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to generate the default share snippets on pre-12.2 systems. - Explicitly configure --with-ads. - Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350). - Remove superfluous quotation marks while setting the SAMBA_VERSION_VENDOR_SUFFIX string. - Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same; (bnc#800782). - Update to 4.0.3. + Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface; add documentation; (bso##8909). + check_password_quality: Handle non-ASCII characters properly; (bso##9105). + Fix 'smbd' panic triggered by unlink after open; (bso##9571). + smbd: Fix memleak in the async echo handler; (bso##9549). + defer_open is triggered multiple times on the same request; (bso#9196). + Add extra attributes for AD printer publishing; (bso#9378). + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461). + Downgrade v4 printer driver requests to v3; (bso#9474). + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers; (bso#9481). + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499). + waf assumes that pythonX.Y-config is a Python script; (bso#9503). + s4:drsuapi: Make sure we report the meta data from the cycle start; (bso#9508). + wafsamba: Use additional xml catalog file; (bso#9512). + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517). + conn->share_access appears not be be reset between users; (bso#9518). + Remove superfluous bracket in samba.8.xml; (bso#9528). + Fix typo in vfs_tsmsm.8.xml; (bso#9530). + terminate the irpc_servers_byname() result with server_id_set_disconnected(); (bso#9540). + Make use of posix_openpt; (bso#9541). + Fix build of vfs_commit and plug in async pwrite support; (bso#9544). + Fix aio_suspend detection on FreeBSD; (bso#9546). + Correctly detect O_DIRECT; (bso#9548). + sigprocmask does not work on FreeBSD to stop further signals in a signal handler; (bso#9550). + smb.conf(5): Update list of available protocols; (bso#9552). + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555). + Fix compilation of Solaris ACL module; (bso#9564). + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors; (bso#9565). + Add dbwrap_tool.1 manual page; (bso#9568). + Document the command line options in dbwrap_tool(1); (bso#9568). + ntlm_auth(1): Fix format and make examples visible; (bso#9569). + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients; (bso#9572). + Fix a possible null pointer dereference in spoolss; (bso#9574). + Duplicate flags defined in the winbindd protocol; (bso#9575). + gensec: Allow login without a PAC by default; (bso#9581). + smbd: disk_free: sys_popen() failed" message logged in /var/log/message many times; (bso#9586). + Archive flag is always set on directories; (bso#9587). + ACLs are not inherited to directories for DFS shares; (bso#9588). + Correct meta data in ldb manpages; (bso#9591). + s3-winbind: Fix the build of idmap_ldap; (bso#9595). + Linked attribute handling should be by GUID; (bso#9596). + Fix timeouts of some IRPC calls; (bso#9598). + Use pid,task_id as cluster_id in process_single just like process_prefork; (bso#9598). + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609). + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610). - Update to 4.0.2. + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both don't apply to any SUSE Samba post-3.6.10 as it isn't longer built. + Don't build and package static libraries. - Drop separate build-source-timestamp file as it led to a second, incorrect Source Timestamp line. - Add server-side copy support; (fate#314770). + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers. + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage. - Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2. - Disable SWAT during configure and don't package it any longer. - Remove dangling references to Heimdal from the spec file. - Remove /lib/samba prefix from the localstatedir configure option. - Update to 4.0.1. + Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects; CVE-2013-0172; (bnc#798364). - Add the missing get_printing_ticket binary path while calling the set_permissions macro; (bnc#783375). - Use the version macro while definition of the branch macro. - Remove references to no longer used devel macros. - Update to 4.0.0. + Honor password complexity settings; (bso#9414). + Install SWAT *.msg files with waf; (bso#9415). + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES; (bso#9438). + developer-build: Fix panic when acl_xattr fails with access denied; (bso#9456). + Fix "map username script" with "security=ads" and Winbind; (bso#9457). + Install manpages only if we install the target; (bso#9459). + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Users can not be given write permissions any more by default; (bso#9462). + Fix MMC crashes; (bso#9470). + Fix SEGV when using second vfs module; (bso#9471). + Support FIPS mode when building Samba; (bso#9479). + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481). - netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken; (bso#9438). - s3:auth: fix create_token_from_sid() to not fail in the winbindd case; (bso#9457). - s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given; (bso#9470). - Support FIPS mode when building Samba; (bso#9479). - s4:provision: set the correct nTSecurityDescriptor; (bso#9481). - SEGV when using second vfs module; (bso#9471). - Update to 3.6.10. + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Fix segfault when "default devmode" is disabled; (bso#9433). + Fix segfaults in "log level = 10" on Solaris; (bso#9390). - s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED; (bso#9456). - Install manpages only if we install the target; (bso#9459). - Users can not be given write permissions any more by default; (bso#9462). - Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094); (bso#9418). - Use work around for 'winbind use default domain' only if it is set; (bso#9367). - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend; (bso#9374). - large read requests cause server to issue malformed reply; (bso#9422). - s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426). - Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439). - Allow to force DNS updates using net; (bso#9451). - Respond correctly to FILE_STREAM_INFO requests; (bso#9460). - Update to 4.0.0rc6. See WHATSNEW.txt from the samba-doc package. - On uninstall remove winbind from the pam configuration, invalidate the nscd passwd and group cache and only recommend the install of nscd; (bnc#792340). - BuildRequire libnscd-devel once. - Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294). - Add SUSE version depending pkg-config requires macro; (bnc#792294). - Define library names and use it instead of libldb1, libnetapi0, libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and libwbclient0; (bnc#792294). - Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems. - Don't clutter the spec file diff view; (bnc#783384). - Fix fd leak causing 100% CPU in winbind on certain dc connection failures; (bso#9436); (bnc#786677). - Fix spoolss segfault when default devmode is disabled; (bso#9433); (bnc#791183). - Update to 4.0.0rc5. See WHATSNEW.txt from the samba-doc package. - ACL masks incorrectly applied when setting ACLs; (bso#9236). - s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272). - lib/replace: replace all *printf function if we replace snprintf; (bso#9390). - lib/addns: don't depend on the order in resp->answers[]; (bso#9402). - s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209). - lib/krb5_wrap: request enc_types in the correct order; (bso#9272). - Fix net ads join message for the dns domain; (bso#9326). - docs-xml: fix use of tag; (bso#9345). - s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359). - s3:winbind: Failover if netlogon pipe is not available; (bso#9386). - Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available. - Ensure adding the winbind group never can fail. - Create ntadmin group only if it doesn't yet exist. - Update to 3.6.9. + When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). + Winbind can't fetch user or group info from AD via LDAP; (bso#9147). + Fix segfault in smbd if user specified ports out for range; (bso#9218). - quota: Don't force the block size to 512; (bso#3272). - Fix poll replacement to become a msleep replacement; (bso#8107). - Fix wrong test == syntax in configure; (bso#8146). - Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344). - Fix builtin forms order to match Windows again; (bso#8632). - Fix RAW printing for normal users; (bso#8769); (bnc#790741). - Initialise ticket to ensure we do not invalid memory; (bso#8788). - Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966). - Fix crash on null pam change pw response; (bso#9013). - Connection to outbound trusted domain goes offline; (bso#9016). - Increase debug level for info that the db is empty; (bso#9112). - 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117). - Winbind can't fetch user or group info from AD via LDAP; (bso#9147). - Open printers with the right access mask; (bso#9154). - Fix makerpms.sh on RHEL; (bso#9165). - Remove non-existent option '-Y' from winbindd manpage; (bso#9171). - Add quota support for gfs2; (bso#9172). - Make SMB2 compound request create/delete_on_close/close work as Windows; (bso#9173). - Empty SPNEGO packet can cause smbd to crash; (bso#9174). - pam_winbind: Match more return codes when wbcGetPwnam has failed; (bso#9177). - Fix crash bug in idmap_hash; (bso#9188); (bnc#788159). - SMB2 Create doesn't return correct MAX ACCESS access mask in blob; (bso#9189). - Fix service control for non-internal services; (bso#9192). - Don't take 'state->te' as indication for "was_deferred"; (bso#9196). - Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209). - Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213). - Fix segfault in smbd if user specified ports out for range; (bso#9218). - Signing cannot be disabled for SMB2 by design, so fix the documentation instead; (bso#9222). - Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry; (bso#9231). - When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). - lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259). - Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart; (bso#9268). - Add support for reloading systemd services; (bso#9280). - Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719). - Do not write the build date into the header of the default smb.conf as this causses superfluous rebuilds of packages depending on samba; (bnc#781601). - Do not prerequire SuSEconfig.permissions as it's already enough and more generic to depend on the permissions package; (bnc#782293). - Update to 3.6.8. + Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). + Fix Winbind panic if we couldn't find the domain; (bso#9135). - Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058). - Fix bad call to memcpy source3/registry/regfio.c; (bso#9065). - "Domain Users" incorrectly added as additional group on domain members; (bso#9066). - Use correct RID for "Domain Guests" primary group; (bso#9067). - Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). - Fix smbclient/tarmode panic when connecting to Windows 2000 clients; (bso#9088). - Fix refreshing of Kerberos tickets in Winbind; (bso#9098). - Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors; (bso#9104). - Fix compilation with newer MIT Kerberos which hides internal symbols; (bso#9111). - Fix flooding the logs with records we don't find in pcap; (bso#9112). - Initialize the print backend after we setup winreg; (bso#9122). - Fix lprng job tracking errors; (bso#9123). - Fix setting of "inherited" bit on inherited ACE's; (bso#9124). - Fix Winbind panic if we couldn't find the domain; (bso#9135). - Make 'smbclient allinfo' show the snapshot list; (bso#9137). - Fix nfs quota support with Linux nfs4 mounts; (bso#9144). - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests; (bso#9150). - NMB registration for a duplicate workstation fails with registration refuse; (bso#9085); (bnc#770056). - Remove backup files caused by running configure in examples/VFS. - Update to 3.6.7. + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). + Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Correct documentation of "case sensitive"; (bso#8552). - Printing fails in function cups_job_submit; (bso#8719). - Fix kernel oplocks when uid(file) != uid(process); (bso#8974). - Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989). - Fix build without ads support; (bso#8996). - Don't turn negative cache entries into valid idmappings; (bso#9002). - Fix posix acl on gpfs; (bso#9003). - Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022). - Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034). - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040). - Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). - Fix build against CUPS 1.6; (bso#9055). - Fix bugs in SMB2 credit handling code; (bso#9057). - rpcclient: Fix bad call to data_blob_const; (bso#9062). - Create missing doc directories while install. - Remove no longer existing Manifest file from install. - Don't creat a link to non existend html man pages for swat. - Don't call the no longer existing libsmbclient testsuit while build. - Configure with option --mandir instead --with-mandir. - Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and - -with-swatdir configure options. - Update to 4.0.0beta4. See WHATSNEW.txt from the samba-doc package. - BuildRequire gcc, make, and patch; (bnc#771516). - ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262). - Fix shell syntax in dhcpcd hook script; (bnc#769957). - Add missing int declaration to the net kdc lookup patch. - Update to 4.0.0beta2. See WHATSNEW.txt from the samba-doc package. - Update to 3.6.6. + Fix possible memory leaks in the Samba master process; (bso#8970). + Fix uninitialized memory read in talloc_free(); (bnc#764577). + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983). - resolve_ads() code can return zero addresses and miss valid DC IP addresses; (bso#8910). - Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983). - winbind can hang as nbt_getdc() has no timeout; (bso#8953). - Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627) - s3-pid: Catch with pid filename's change when config file is not smb.conf; (bso#8714). - Possible memory leaks in the main Samba process; (bso#8970). - s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). - Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971). - Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988). - Winzip occasionally can not read files out of an open winzip dialog; (bso#8311). - s3-winbindd: call dump_core_setup after command line option has been parsed; (bso#8975). - Directory group write permission bit is set if unix extensions are enabled; (bso#8972). - s3: remove dependency on automake for "make everything"; (bso#8978). - sd_has_inheritable_components segfaults on an SD that se_access_check accepts; (bso#8811). - smbclient's tarmode insists on listing excluded directories; (bso#8922). - Notify code can miss a ChDir; (bso#8998). - s3:smbd: add a fsp_persistent_id() function; (bso#8995). - Call autogen.sh even on post-12.1 SUSE systems. - Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems. - Recompile all IDL in any case. - BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora systems. - Install talloc.pc only on pre-12.2 and non SUSE systems. - BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and libtevent-devel on post-12.1 systems. - s3: Fix a segfault with debug level 3 on Solaris; (bso#8861). - s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904). - smbd crashes when deleting directory and veto files are enabled; (bso#8837). - winbind_krb5_locator only returns one IP address; (bso#8897). - Wrong assertion/comparison: Compare value not pointer; (bso#8859). - Inconsistent (with manpage) command-line switch for "help" in smbtree; (bso#8831). - Fix incorrect debug statement. - Setting traverse rights fails to enable directory traversal when acl_xattr in use; (bso#8857). - Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877). - s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869). - s3-docs: fixes several typos; (bso#7938). - s3-VFS: Fix building out-of-tree modules; (bso#8822). - s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble; (bso#7930). - s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915). - Avoid null dereference in initialize_password_db(); (bso#8920). - s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend. - s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs. - s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler(). - s3:registry: multiple cleanups, fixes, and optimisations. - s3:auth/server_info: the primary rid should be in the groups rid array; (bso#8798). - s3-printing: Add new printers to registry; (bso#8554); (bso#8612); (bso#8748). - Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it; (bso#8945). - s3-auth: Don't lookup the system user in pdb; (bso#8944). - s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952). - Fix typo in pam_winbindd code; (bso#8957). - Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list; (bso#8910). - Slow but responsive DC can lock up winbindd; (bso#8943). - Broken processing of %U with vfs_full_audit when force user is set; (bso#8882). - Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems. - BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and libtevent0-devel on post-12.1 systems. - Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731). - docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845); (bnc#730769). - s3-docs: Prepend '/' to filename argument; (bso#8826). - Update to 3.6.5. - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576). - Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080). - Update to 3.6.4. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). - Remove obsoleted Authors lines from spec file for post-11.2 systems. - Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems. - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934). - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). - s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). - s3:winbindd fix a return code check; (bso#8406). - s3: Add rmdir operation to streams_depot; (bso#8733). - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738); CVE-2013-0454; (bnc#811975). - s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). - s3:client: ignore SMBecho errors (the server may not support it); (bso#8139). - Be more strict when using PAM_AUTH API from winbind if Kerberos auth is enabled and don't unintentionally use a bogus domain name; (bso#8734). - smbclient fails with posix large reads; (bso#8727). - Use the smbfs init script on versions pre-11.3, or cifs in later versions; (bnc#744614). - s3: Compile IDL files in autogen, some configure tests need this. - Fixes various deadlocks in if-up.d / if-down.d when running under systemd; (bnc#732395). - Update to 3.6.3. + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986). - Use spdx.org compliant license names for all packages. - Update to 3.6.2. + Make Winbind receive user/group information (bug #8371). + Several SMB2 fixes. + Fix a crash bug in the spoolss code. + Add new contributing FAQ announcing acceptance of corporate (C). + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504). + Fix cli_write_and_x() against OS/2 print shares; (bso#5326). + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563); (bnc#726145). + Remove pointless use_memory_krb5_ccache; (bso#7465). + Fix perl path; (bso#8176). + Grant credits in async interim responses (SMB2); (bso#8357). + Make Winbind receive user/group information; (bso#8371). + Fix Windows XP clients crashing smbd process every once in a while; (bso#8384); (bnc#731571). + Make VFS op "streaminfo" stackable; (bso#8419). + Add an allocation pool to idmap_autorid; (bso#8444). + Fix SEGFAULT from net registry export on not zero terminated REG_SZ values; (bso#8528). + Make DSO_EXPORTS_CMD more portable; (bso#8531). + readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). + smbclient posix_open command fails to return correct info on open file; (bso#8542). + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548). + Fix setting the machine account password; (bso#8550). + Make SMB2 handle compound request headers in the same way as Windows; (bso#8560). + Password change settings not fully observed; (bso#8561). + Fix double free error in talloc; (bso#8562). + Fix alignment in the non-extended-security negprot; (bso#8573). + Add systemd service files; (bso#8575). + Add systemd service files; (bso#8575). + smb2_flush: Don't send uninitialized memory; (bso#8579). + Enable inotify if sys or kernel inotify is available; (bso#8580). + Increase a debug level; (bso#8585). + libsmb: Only align unicode pipe_name; (bso#8586). + Fix marshalling of samr_ChangePasswordUser3; (bso#8591). + Don't limit the number of open dptrs for SMB2; (bso#8592). + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). + Make cldap work over IPv6; (bso#8600). + Fix intermittent print job failures caused by character conversion errors; (bso#8606). + Improve configure.in so it can be used outside the Samba source tree; (bso#8607). + Winbind: Don't fail on users without a uid; (bso#8608). + Ensure we correctly calculate reply credits over all returned SMB2 replies; (bso#8614). + Fix migrate printer code; (bso#8618). + Fix crash bug when trying to browse Samba printers; (bso#8623). + libsmb: Don't duplicate Kerberos service tickets; (bso#8628). + POSIX ACE x permission becomes rx following mapping to and from a DACL; (bso#8631). + When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). + Fix the vfs_commit module; (bso#8639). + Add an update function for Winbind cache; (bso#8643). + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules; (bso#8652). + Fix deleting a symlink if the symlink target is outside of the share; (bso#8663). + Fix renaming a symlink if the symlink target is outside of the share; (bso#8664). + Fix NT ACL issue; (bso#8673). + Fix buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). + Fix Winbind segfault if we can't map the last user; (bso#8678). + recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). + Try ctdbd_init_connection() as root; (bso#8684). + Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). + Fix typo in 'net memberships' usage; (bso#8687). + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(); (bso#8692). + Make DeletePrinterDriverEx remove printer driver files; (bso#8697) (bnc#740810). + Fix major leak with SMB2 in connections.tdb; (bso#8710). - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). - Use correct license, LGPLv3+ for libwbclient packages. - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). - Fix incorrect types in the full_audit VFS module. Add null terminators to audit log enums; (bnc#742885). - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). - Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710). - Renaming a symlink fails if the symlink target is outside of the share; (bso#8664). - Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). - net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419). - Fix incorrect perfcount array length calculations; (bnc#739258). - BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. - Remove call to suse_update_config macro for post-11.4 systems. - Use samba.org for the ldapsmb source location. - Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516). - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572). - Add ldap to Should-Start and Stop of the smb init script; (bnc#730046). - Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571). - Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564). - Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145). - Fix typo in net ads join output; (bnc#713135). - Ignore a potentially missing AppArmor snippet helper script; (bnc#725256). - Update to 3.6.1. + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Several SMB2 fixes. + The VFS ACL modules are no longer experimental but production-ready. + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465). + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). + Return error of cli_push when 'put - /some/file' is used; (bso#7551). + Fix usage of cli_errstr(); (bso#7864). + Fix 'widelinks' regression; (bso#8229). + Empty notify servername; (bso#8236). + Add man vfs_aio_fork; (bso#8256). + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes; (bso#8334). + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338). + While migrating forms, don't fail if the form already exists; (bso#8351). + OS/2 sends an unexpected write&x/read&x chain; (bso#8360). + Fix build of vfs_prealloc on SLES8; (bso#8363). + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364). + Fix the fallback to the deprecated spelling idmap:script; (bso#8368). + Fix vfs_chown_fsp; (bso#8370). + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix smbclient access to NT4 shares; (bso#8385). + Optimize serverid_exists() for Solaris; (bso#8395). + registry/reg_format.c must include includes.h; (bso#8401). + SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2; (bso#8412). + Fix 'getent group' if trusted domains are not reachable; (bso#8420). + Fix infinite loop in ACL module code; (bso#8422). + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428). + Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). + Fix segfault in iconv.c; (bso#8433). + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). + Be smarter about setting default permissions when a ACL_USER_OBJ isn't given; (bso#8443). + Check the wct of the incoming SMBnegprot responses; (bso#8452). + Fix smbclient segfaults when dialect option -m is used for legacy dialects; (bso#8453). + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). + Samba PDC is looking up only primary user group; (bso#8455). + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458). + smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). + SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). + Don't call smbd_terminate_connection in smb2_validate_message_id(); (bso#8476). + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476). + Map to guest can return uninitialized blob of data; (bso#8477). + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). + DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). + Remove "experimental" label on VFS ACL modules; (bso#8494). + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). + smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). + Disallow "." in can_set_delete_on_close(); (bso#8515). + SMB2 create call returns incorrect file allocation size; (bso#8518). + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). + Winbind cache timeout expiry test was reversed; (bso#8521). - s3/doc: add man page for aio_fork vfs module. - Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). - s3: Samba PDC is looking up only primary user group; (bso#8455). - Add script to create or update an AppArmor sniplet with permissions for all Samba shares; (bnc#688040). - Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261). - Retain the smbd startproc return value for correct startup status reporting. unset was incorrectly being called prior to rc_status; (bnc#723724). - Prevent deadlock in systemd triggered by if-down.d handler on shutdown; (bnc#721598). - smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; changed defaults and documentation (bso8473). - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client); (bso#8515). - winbindd cache timeout expiry test was reversed; (bso#8521). - Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). - s3:smb2_create: fix allocation size return value when opening existing files; (bso#8518). - SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). - s3-docs: Fix bug (bso#7908) and typo. - Return error of cli_push when 'put - /some/file' is used; (bso#7551). - Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). - Default user entry is set to minimal permissions on incoming ACL change with no user specified; (bso#8443). - smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). - Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft Internet Explorer 9 on Windows 7 to download files; (bso#8458). - DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). - s3-docs: Fix typos. - s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). - Remove "experimental" label on VFS ACL modules; (bso#8494). - acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). - s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476). - s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin; (bso#7465). - smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). - s3-netapi: allow to use default krb5 credential cache for libnetapi users. - s3-docs: document -k switch in net manpage. - Map to guest can return uninitialized blob of data; (bso#8477). - s3-registry: registry/reg_format.c must include includes.h; (bso#8401). - smbclient segfaults when option -m is used for legacy dialects; (bso#8453). - Fix 'widelinks' regression intro'd in 3.2; (bso#8229). - Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). - s3-spoolss: Fix bug forms migration; (bso#8351). - s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452). - s3: Do not fork the echo handler for smb2; (bso#8334). - s3-spoolss: Fix bug empty notify servername; (bso#8236). - SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). - Remove smb child crash fix. The issue had been fixed upstream differently. - BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems. - Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208). - Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721). - Spec file cleanup as suggested by the spec-cleaner tool. + Make all BuildRequires, PreReq, and Provides a separate line. + Use %{buildroot} instead of ${RPM_BUILD_ROOT}. + Use straight commands instead of macros (make, install). + Use -p in post and postun if we only call one command. + Use %{_localstatedir} instead of %{_var} in the filelist. + Remove superfluous AutoReqProv on lines. - Remove %release from all Provides. - Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433). - Use /var/run for the cifs state file in the init script too; (bnc#710304). - Microsoft Word from Microsoft Office 2007 fails to save as on a share with SMB2; (bso#8412). - Use sys_write and sys_read in fork_domain_child to fix a winbind race leading to 100% CPU usage; (bso#8409). - Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428). - Fix infinite loop in ACL module code; (bso#8422). - Fix getent group if trusted domains are not reachable; (bso#8420). - smbclient can't access a NT4 share since 3.6.0; (bso#8385). - Optimize serverid_exists() for Solaris; (bso#8395). - talloc: + check block count after references test. + added test suite for talloc_free_children(). + license info erratum in the manpage. + fix typos and better differentiation between versions 1 and 2. + preserve context name on talloc_free_children(). + ensure the sibling linked list remains valid during a free. - vfs_chown_fsp returned in the wrong directory; (bso#8370). - Remove irritating "." targets when recent system libs exist; (bso#8369). - Correctly initialize "idmap config * : script" with NULL; (bso#8368). - Add missing include to suppress compiler warnings; (bso#8365). - Point the chain offset beyond the current request; (bso#8360). - Fix gpfs vfs module build; (bso#8364). - Make vfs_prealloc even build on older systems; (bso#8363). - Do central cli_set_error and return the actual NTSTATUS; (bso#7864). - Add a fallback for missing open&x support in OS/X Lion; (bso#8338). - Update to 3.6.0. + BUG 7462: Make SA_RESETHAND conditional on its existance. + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined. + BUG 8324: smbclient cannot list directories from a big-endian machine. + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname. + BUG 8327: Fix the reload of the configuration, also reload activated registry shares. + BUG 8328: Cleanup of idmap_tdb2 code. + BUG 8330: Fix NFSv4 ACL merging logic. + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id. + BUG 8341: Fix segfault in libsmbclient. + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file. + BUG 8347: Fix regression for HP-UX, AIX and OSF. + BUG 8357: Make sure we grant credits on async read/write operations. + BUG 8358: Fix a bug in run_poll_events(). + BUG 8362: Fix build issue on old glibc systems. - Remove references to disabled vscan build. - Add missing define, includes, and initialization to get_printing_ticket. - Use /var/run for the cifs state file; (bnc#710304). - Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303). - File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335). - Fix reload of the configuration and also reload activated registry shares; (bso#8327). - WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326). - smbclient cannot list directories from a big-endian machine; (bso#8324). - Update to 3.6.0rc3. + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + BUG 7888: Deal with buggy 3.0 based PDCs. + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb module. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8193: Add new command 'enumerate_recursive'. + BUG 8195: Make rpc client code working against NT4 servers. + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is set. + BUG 8213: Fixes in idmap_autorid. + BUG 8214: Fix smbd crash on printer driver upgrade. + BUG 8215: Fix Winbind unix username lookup. + BUG 8216: Make Winbind returning correct results with 'sids2xids'. + BUG 8217: Do not stat-check the share path in 'net conf addshare'. + BUG 8219: Fix SMB Panic from Windows 7 client. + BUG 8224: Fix the build on FreeBSD. + BUG 8226: Use c99 initializers which are supported by old gcc 2.95 compilers. + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd. + BUG 8231: Fix crash bug in 'net cache get'. + BUG 8235: Fix smbd crash on startup caused by migrate_printer(). + BUG 8240: Fix Valgrind warnings in winreg/spoolss code. + BUG 8244: Fix copying files larger than 2 GB to a Samba share. + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL. + BUG 8253: Fix Winbind panic if verify_idpool() fails. + BUG 8254: Fix "acl check permissions = no". + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes. + BUG 8262: Fix build of vfs_commit. + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. + BUG 8264: Fix Valgrind bugs in svcctl. + BUG 8276: Close all sockets attached to a subnet in close_subnet(). + BUG 8278: Fix smbd panic when CTDB is unhealthy. + BUG 8281: Fix build of examples/VFS/*. + BUG 8286: Fix smbd crash on premature end of smb2 conn. + BUG 8292: Fix a major architectural flaw in the SMB2 server code. + BUG 8293: Fix log file rotating in SMB2. + BUG 8304: Fix uninitialized variable in error path. + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'.. + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks. + BUG 8310: toupper_ascii() is broken on big-endian systems. + BUG 8314: Fix smbd crash with unknown user. + Mark 'time offset' parameter as deprecated. - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); (bnc#708503). - The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); (bnc#705241). - Fixed the DFS referral response for msdfs root; (bnc#703655). - Fix CUPS print job IDs; (bso#7288); (bnc#701257). - Make use of the actual library version as part of the package name on post-11.3 systems only. - Fix winbind internal error; (bso#7636); (bnc#659424). - Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; (bnc#705170). - Specify nmbdsocketdir at configure time; (bnc#700953). - Build the tdb, talloc, and tevent libraries ahead of anything else. - Update to 3.6.0rc2. + BUG 6911: Fix Kerberos authentication from Vista to Samba. + BUG 8166: Don't lockout users when offline. + BUG 8200: Add support for multiple writeable ldap idmap domains. + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + BUG 7054: Fix X account flag when "pwdlastset" is "0". + BUG 8144: Fix setting timestamp when touching files with CIFS clients. + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. + BUG 8157: Fix parsing a cups printcap file. + BUG 8175: Fix smbd deadlock. + BUG 8189: Support shadow copy display over SMB2. + BUG 8197: Winbind does not properly detect when a DC connection is dead. + BUG 8203: Winbind needs to reset the DC connection if an RPC times out. - Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209). - Add "winbind max clients" parameter to remove 200-client limit; (bnc#697461). - Disable logon cache for password lockout consistency when running in a cluster; (bnc#694836). - Fix logon of AD users with many group memberships; (bso#6911); (bnc#657026). - Don't lockout users while offline; (bso#8166); (bnc#692607). - Update to 3.6.0rc1. + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + BUG 8112: POSIX extension opens of a directory are denied with EISDIR. + BUG 8132: Fix filling printers location field when using cups. + Remove fstrings from client struct. + BUGFIX when converting from safe_strcpy to strlcpy. + Fix off-by-one calculations with strlcpy. + Ensure we always write the correct incoming mid into the share mode table entries. + Fix the SMB2 oplock showstopper. + Convert user-specified domain to uppercase in libsmb. + Fix Coverity CID #2302: FORWARD_NULL. + Fix cups_pull_comment_location(). + Fix double free of cups request. + Make cups_pull_comment_location() work again. + Fix potential crash bug in display_print_driver3(). + Properly clean up in pthreadpool_init in case of failure. + Make plaintext session setup async. + Reduce fd load in Winbind children. + Avoid a potential 100% CPU loop in Winbind. + Tune broadcast namequeries for unique names. + Properly deal with exited winbind children. + Fix dup_smb2_vec3. + Fix return check in nss_wins. - Fix to renew the kerberos ticket in samba after expiry; (bnc#669949). - Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945). - Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969). - Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946). - Package static libraries with 0644 permissions. - Add Requires libtalloc-devel to libldb-devel and libtevent-devel. - Rename libldb0 to libldb1 as 1 is the current major version of the library. - Add libldb1 and libtevent0 to baselibs.conf. - Don't call the suse_update_config macro before building lib ldb and tevent. - Update to 3.6.0pre3. + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383). + Fix wrong output in 'smbget'; (bso#8066). + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module; (bso#8083). + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null; (bso#8088). + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099). + Fix the build of 'smbget' on HP NonStop; (bso#8106). + Fix build of tdb2. + Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no". + Fix timeout in rpc_pipe_open_tcp_port(). + Fix the build of "--with-profiling-data". + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, 2471, 2478. + nsswitch: Add 'wbinfo --lookup-sids'. + nsswitch: Add 'wbinfo --sids-to-unix-ids'. + Fix smbd with the async echo responder. + Fix the build of vfs_gpfs.c. + Add a 10-second timeout for the 445 or netbios connection to a DC. + Many pthreadpool fixes. + Fix transaction recovery area for converted tdbs. - Add PreReq permissions to the krb-printing package. - Remove _libdir ldb and tevent from file list. - Explicitly state not to bundle talloc or tdb while ldb and tevent build. - Always use the actual library version as part of the package name. - Exclude shared python modules. - Fix printing from Windows 7 clients; (bso#7567); (bnc#687535). - Update pidl and always compile IDL at build time; (bnc#688810). - Update to 3.6.0pre2. + ID Mapping changes. + Implement SMB2 support. + Add an Endpoint Mapper daemon. + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Quota only shown when logged as root; (bso#7080). + Fix printing from Windows 7; (bso#7567). + Retry DNS updates when connection to one nameserver has failed; (bso#7690). + Unlink may unlink wrong file when hardlinks are involved; (bso#7863). + Fix 'nmbd --port'; (bso#7875). + cmd_spoolss_deletedriver() returned without checking all architectures; (bso#7880). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix cups pcap reload with no printers; (bso#7915). + Fix bug in chain_reply; (bso#7917). + Fix problems with "kernel oplocks" option set to "no"; (bso#7928). + Fall back for utimes calls; (bso#7940). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let winbind try to use samlogon validation level 6; (bso#7945). + Sgid bit lost on folder rename; (bso#7996). + Fix getting username in 'net rap session'; (bso#8009). + Fix inode generation so nautilus can count total dir size correctly; (bso#8010). + Use jenkins hash for str_checksum; (bso#8010). + Add explicit configure option whether or not to enable dmapi support; (bso#8033). + Fix smbclient segfault with Cyrillic netbios names; (bso#8040). + Fix file creation on OS/X; (bso#8042). + Add "--option" to 'testparm'. + Fix crash bug on smbd shutdown when using FOPENDIR(). + Ensure we don't return an incorrect access mask. + Fix bug against the new Mac client. + Fix leak in error path. + Fix error where Windows client spoolss returns WERR_INVALID_DATA. + Fix a segfault in the krb5 locator plugin. + Enable sharesec for registry shares. + Fix memory leak in "security=share" and "force user". + Add "net idmap check", a check and repair tool for the id mapping database. + Add new 'net idmap delete' command. + Fix segfault on missing input file in 'net idmap restore'. + Fix 'net usersidlist' not to skip every other user. + Fix potential crash bug in spoolss_PrinterEnumValues push path. + Internal restructuring. + Don't wipe out all printer drivers when only one should be deleted. + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains. + Fix memory leak in print_cups.c. + Remove duplicate cups response processing code. + Follow force user/group for driver IO. + Initiate pcap reload from parent smbd. + Reload shares after pcap cache fill. + Fix numerous Coverity IDs (2041 and others). + Fix a memory leak in check_sam_security_info3. + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable. + Make "net sam list [users|workstations]" list only the right things. + Fix a potential memleak in secrets_fetch_trusted_domain_password. + Use the right credentials in check_netlogond_security. + Add support for AF_NETLINK addr notifications. + Fork multiple Winbind children per domain. + Fix a deadlock between smbd and ctdbd. + Add 'wbinfo --dc-info'. + Make "nmbd socket dir" configurable. + Fixed valgrind errors. + Fix a memleak in receive_getdc_response. + Don't grant SEC_STD_DELETE always to the owner of a file. + Fix segfaults on addrchange errors in Winbind. + Allow machine accounts as members in groupdb. + Add IPv6 support for the endpoint mapper. + Free unused memory in the rpc server. + Fix possible segfaults in svcctl server. + Fix possible segfault with client_id in rpc server. + Add a 'svcctl shutdown' function to rpc server. + Fix a resource leak in net_afs. + Fix a resource leak in smbta-util. + Fix possible resource leak in net_usershare. + Fix possible resource leak in 'smbget'. + Fix possible resource leak in 'smbfilter'. + Fix a possible null pointer dereference in smbd. + Ensure we send the direct levelII oplock break to the correct fid. + Fix private libdir and codepages paths. - Add RFC 3454 to the vendor files. - Fix idmap_tdb for big-endian systems such as ppc and s390; (bso#6901); (bnc#675978). - Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913). - Replace jobs by _smp_mflags macro while calling make on post-11.4 systems. - Don't crash when publishing a single printer; (bnc#643119). - Carry error status in printer list IPC message, do not refresh printers if cups is unavailable; (bso#7994); (bnc#675478). - Define the libwbclient packages ahead of packages with a different version. - Use %_smp_mflags for parallel building. - Update to 3.5.8. + Fix Winbind crash bug when no DC is available; (bso#7730). + Fix finding users on domain members; (bso#7743). + Fix memory leaks in Winbind; (bso#7879). + Fix printing with Windows 7 clients; (bso#7567). + Fix 'testparm' return code when EOF in encountered in param name; (bso#3185). + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Fix "Your Password expires today" message for users of trusted domains; (bso#7066). + Fix maintaining of users' groups via UsrMgr; (bso#7262). + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356). + Raise debug level for "reduce_name: couldn't get realpath" messages; (bso#7409). + Fix updating the time on close in vfs_gpfs; (bso#7498). + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594). + Handle Windows 9x adddriver calls without config file; (bso#7641). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix memory leak in the netapi routines; (bso#7665). + Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules; (bso#7716). + Fix incorrect unix mode_t caused by invalid client DOS attributes on create; (bso#7733). + Apply appropriate create masks when creating files with "inherit ACLs" set to true; (bso#7734). + Fix "dfree cache time" parameter; (bso#7744). + Fix a getgrent crash with many groups; (bso#7774). + Fix requesting lookups for BUILTIN sids; (bso#7777). + Fix smbd crash caused by expand_msdfs; (bso#7779). + Fix atime limit; (bso#7785). + vfs_scannedonly: Switch from mtime to ctime which is more reliable; (bso#7789). + Fix copying files from a SMB share using Gnome vfs and SMB signing; (bso#7791). + Make Winbind recover from a signing error; (bso#7800). + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb; (bso#7812). + Fix "force group" with ntlmssp guest session setup; (bso#7817). + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841). + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842). + Expand the local SAMs aliases; (bso#7843). + ntlm_auth: Support clients which offer a spnego mechs we don't support; (bso#7855). + Fix 'net ads dns register' in cluster setups; (bso#7871). + Fix 'nmbd --port'; (bso#7875). + Make 'rpcclient deldriver' delete drivers for all architectures; (bso#7880). + Fix flaky Winbind against Windows 2008; (bso#7881). + Fix SMB session setups with Kerberos against some closed source SMB servers; (bso#7883). + Fix stale lock in open_file_fchmod(); (bso#7892). + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894). + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name; (bso#7896). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix connections from WinCE; (bso#7917). + Fix opening MS Powerpoint files; (bso#7940). + Fix endless loops caused by inotify; (bso#7942). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let Winbind try to use samlogon validation level 6; (bso#7945). + Revalidate the pathname once re-constructed from a root fsp; (bso#7950). - Require a particular library version even if the major version is part of the package name. Using the same major version does not guarantee forward compatibility. - Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773). - Update to 3.5.7 + Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431). - Disable separate build of samba-doc for post-11.1 systems. - Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431). - Increase the log level for missing PIDs on SIGCHLD, printcap child processes are not added to the children PID list; (bnc#666460). - Do not require a particular library version if the major version is part of the package name. - Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries on post-11.3 systems. - Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353). - Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded() returns false if the pcap cache contains no printer entries. correct call ordering is already enforced. (bso#7836); (bnc#625936). - No longer force activation of the cifs service on post-11.3 systems. - Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4 systems. - Move the cifs init script nfs dependencies from Required to Should. - Recommend to install samba-krb-printing from samba-winbind on post-10.3 systems; (bnc#661845). - Fix error paths in cups_async_callback(), an empty cups printer list should not be treated as an error; (bnc#661842). - Abide by printcap cache time, reload parent smbd pcap cache on expiry; (bso#7836); (bnc#625936). - Fix race in cups async printer services reload; (bso#7836); (bnc#625936). - Don't tweak with baselibs.conf during %post if not present; (bnc#652620). - Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620). - Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux Enterprise 10; (bnc#652620). - vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). - Replace Requires samba-client by samba-gplv3-client in the gplv3 packages; (bnc#652620). - Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112). - Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind, client-gplv2, and doc-gplv2 packages; (bnc#652620). - Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions; (bnc#652620). - Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620). - Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind package to avoide an accidental install trigger; (bnc#652620). - Add Provides samba-client to the samba-gplv3-client package; (bnc#652620). - Remove all Obsoletes from the samba-gplv3 packages and only keep the Provides samba; (bnc#652620). - Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620). - Reduce unnecessary ldap round trips and eliminate invalid DN messages; (bnc#654719). - Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux Enterprise 10 SP 3 and 4. - Add the _build_arch at the end of the vendor version suffix. - Provide and Obsolete samba-gplv3 to replace potentially installed packages. - Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4. - Do not package libsmbclient and libsmbsharemodes. - Update to 3.5.6 + Fix auto printers with registry config; (bso#7280); (bnc#617153). + Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant; (bso#7577). + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578). + Fix "admin users" when using vfs_acl_xattr; (bso#7581). + Fix using cached credentials in ntlm_auth; (bso#7589). + Fix Winbind offline login; (bso#7590). + Fix Winbind internal error; (bso#7636). + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651). + Fix smbd changing mode of files on rename; (bso#7693). + Fix crash bug with invalid SPNEGO token; (bso#7694). + Fix smbd panic on invalid NetBIOS session request; (bso#7698). + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541). + Fix 'smbclient -M'; (bso#7635). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix crash bug in rpcclient; (bso#7688). + Fix file corruption when setting Samba "write wache wize"; (bso#7715). - Let startproc wait for nmb, smb and winbind pid files getting created on post-11.1 systems; (bnc#520036). - Include the reviewed french translation for pam_winbind; (bnc#499233). - Fix smbd crash with CUPS printers and no [printers] share defined; (bso#7297); (bnc#637755). - Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870). - Fix baselibs.conf for libtalloc. - Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID); CVE-2010-3069; (bso#7669); (bnc#637218). - Use cached ntlm password in libsmbclient. Prevent lockouts when kerberos tickets are lost; (bnc#602418); (bnc#606304). - Add a dependency on nfs to the smbfs/ cifs init scripts as they require the en_US locale and /usr might be on NFS. - Complete fix for trusts with Windows 2008R2 DCs. - Fix authentication dialogs when connecting to older systems; (bnc#632055). - Adjust position of conditional ldapsmb %package and %files definition. - Create the /var/run/samba directory on the fly and package it as %ghost. - Fix preexec scripts; (bso#7104); (bnc#632852). - Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient pkgconfig files and BuildRequire pkgconfig; (bnc#632770). - BuildRequire python-devel for post-9.3 systems. - Only create precompiled headers for post-10.2 systems. - Remove mkinitrd scriptlets. - Add vfs_crossrename man page. - Call make basic and remove conditional proto target. - Increase libtevent version to 0.9.9. - Remove wbc_async header from the file list. - Remove remaining cifs-mount pieces from the spec file. - Fix printers not auto loading with registry config; (bso#7280); (bnc#617153). - Update to 3.6.0pre1. + SMB2 support is fully functional despite managing quota using the Microsoft management tools. + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local user and group information. + The spoolss and the old RAP printing code have been completely overhauled and refactored. + The SMB Traffic Analyzer (SMBTA) VFS module got added. - Intilize workgroup of nmblookup as empty string. - Fix net ads join when using parent domain users; (bso#6364); (bnc#630812). - cifs: do not restart during dhcp lease renewal when IPaddress remains the same; (bnc#573246). - Fix "Too many open files" when trying to access large number of files; (bso#6837); (bnc#619787). - Update to 3.5.4. + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap (bug #7448). + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + Allow previous password to be stored and use it to check tickets; (bso#7099). + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188). + Fix editing users' groups via UsrMgr; (bso#7262). + Fix Winbind over IPv6; (bso#7341). + Samba sends "raw" inode number as uniqueid with unix extensions; (bso#7410). + Fix printing large formats; (bso#7423). + Fix spnego returning incorrect mechListMIC string; (bso#7449). + Fix some crash bugs and missing error codes in AddDriver paths; (bso#7459). + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479). + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500). + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503). + Fix numerous build issues; (bso#7504). + Fix session setup from linux kernel cifs clients with "sec=ntlmv2"; (bso#7517). - Remove all provides and obsoletes samba3 from the spec file. Packages with this base name have not been offered as part of a product. - Fix a NULL pointer dereference in smbd of the 3.4 code base; CVE-2010-1635; (bso#7229); (bnc#605935). - Address possible buffer overrun in chain_reply code of pre-3.4 versions; CVE-2010-2063; (bso#7494); (bnc#611927). - Update of the SMB Traffic Analyzer v2 VFS module - Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873); (bnc#592198); (bso#6697). - Update to 3.5.3. + Fix MS-DFS functionality; (bso#7339). + Fix a Winbind crash when scanning trusts; (bso#7389). + Fix problems with SIGCHLD handling in Winbind; (bso#7317). + Add replacement for IPV6_V6ONLY on linux systems with broken headers; (bso#7196). + Fix cups encryption setting; (bso#7263). + Fix exporting printers via 'cupsaddsmb' command; (bso#7277). + Fix SMB job IDs in CUPS job names; (bso#7288). + Fix segfault in mount.cifs; (bso#7315). + Make TIME_T_MAX defines consistent; (bso#7352). + Re-fix a bug with smbd serving a windows terminal server; (bso#7357). + Display an error on 'net conf import' failures; (bso#7378). + Fix bitmap leak in dptr_Close; (bso#7384). + Fix rename problems with full_audit VFS module; (bso#7398). + Fix setting of passwords via 'net rpc user password' command; (bso#7417). + Fix 'net rpc printer list' command; (bso#7418). + Rename mod_name to module_name; (bso#7421). - Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. - Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423). - Winbind not working over IPv6; (bso#7341). - Honor "interfaces" list in net ad dns register; (bnc#606947). - Exclude the RPM release from the vendor tag for openSUSE Factory; (bnc#604049). - Enable the build of the idmap tdb2 module; (bnc#600822). - BuildRequire keyutils-libs-devel for Fedora and post-RHEL4. - BuildRequire pkg-config for post-10.2 systems and else pkgconfig. - Add "net conf import" error messages; (bso#7378, bnc#598189). - Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544). - Update to 3.5.2. + Fix smbd segfaults in _netr_SamLogon for clients sending null domain; (bso#7237). + Fix smbd segfaults in "waiting for connections" message; (bso#7251). + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935); CVE-2010-1642. + Fix a memleak in Winbind; (bso#7278). + Fix Winbind reconnection to it's own domain; (bso#7295). + Fix segfault if hide files or veto files has no ".AppleDouble"; (bso#1206). + Fix parsing of the gecos field; (bso#5198). + Fix several printing issues; (bso#6727). + Fix valgrind warning; (bso#6814). + Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink; (bso#6853). + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075). + Fix handling of bad server data returns in client rpc_transport; (bso#7159). + Never mark external domains as internal in Winbind; (bso#7170). + Fix access by multi-threaded applications; (bso#7202). + Fix 'net share' command; (bso#7203). + Fix DN parsing name was always null; (bso#7204). + Signals are processed twice in child; (bso#7206). + Fix returning of group members with 'getent group'; (bso#7212). + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216). + Make Winbind logs more verbose for troubleshooting; (bso#7225). + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229); (bnc#605935). + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present; (bso#7231). + Fix race conditions in CTDB persistent transactions; (bso#7232). + Symlink delete fails but incorrectly reports success to client; (bso#7234). + Fix "printer admin" functionality; (bso#7255). + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256). + Fix _winreg_QueryValue crash bugs and implement Windows behavior; (bso#7258). + Fix job management commands for CUPS queues; (bso#7269). + Fix smbd segfault if using vfs_acl_tdb; (bso#7283). + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290). + Fix smbd crashes with CUPS printers and no [printers] share defined; (bso#7297). + Fix DOS attribute inconsistency with MS Office; (bso#7310). + Many disconnecting clients render clustered Samba unusuable for some time; (bso#7312). + Make 'net conf addshare' atomic; (bso#7313). + Eliminate race condition in creating/scanning sorted subkeys in the registry backend; (bso#7314). + Winbind possibly segfaults when trying a trusted domain without inbound trust; (bso#7316). - Add SMB Traffic Analyzer v2 VFS module. - Document "wide links" defaults to "no" in the smb.conf man page for versions pre-3.4.6; (bnc#577868). - Fix workgroup enumeration, for client printer and file share selection; (bso#6880); (bnc#586215). - Fix tdb validation for offline auth; (bnc#587014). - Fix "printer admin" functionality; (bso#7255). - An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935); CVE-2010-1642. - Ensure to have a valid talloc stackframe; (bso#7251). - _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237). - Merge missing pam_winbind message translations; (bnc#499233). - Remove cifs-mount subpackage for post-11.2 systems as the tools are now part of the independent cifs-utils package. - Fix join of Windows 2008 domains; (bnc#567013). - Update to 3.5.1 and 3.4.7. + Fix security flaw on Linux platforms if built with libcap support allowing file system access even when permissions should have denied it; CVE-2010-0728; (bso#7222); (bnc#586683). - Fixed libldb.so link in libldb-devel. - Fix argc handling in net_share, making the command "net share" work again; (bso#7203); (bnc#584253). - Update to 3.5.0. + Fix duplicate sam and unix accounts; (bso#7145). + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + Fix 'net ads dns' usage calls; (bso#7181). + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182). - Update to 3.4.6. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix printing with 64 bit clients (bso#6888). + Fix core dump on 64 bit Linux (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bso#7067). + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + Fix bogus ip address in SWAT; (bso#5885). + Fix vfs_full_audit; (bso#6557). + Use the first "uid" value; (bso#6157). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix DFS on AIX (maybe others); (bso#7052). + Fix pdb_search crash as non-root user; (bso#7068). + Fix unlocking of accounts from ldap; (bso#7072). + Fix vfs_expand_msdfs; (bso#7081). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Fix reading of large browselist; (bso#7122). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix listing of printjobs in Windows 7; (bso#7130). + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + Make idmap cache persistent for "ldapsam:trusted". + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. + Shortcut uid_to_sid when "ldapsam:trusted = yes". + Make pdb_copy_sam_account also copy the group sid. + Shortcut gid_to_sid when "ldapsam:trusted = yes". + Speed up pdb_get_group_sid(). + Try to build the full unix_pw structure with ldapsam:trusted support. + Optimize ldapsam_alias_memberships() and cache ldap searches. - Update to 3.5.0rc3. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix vfs_full_audit; (bso#6557). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Fix duplicate initializer in the rmdir module; (bso#6876). + Fix printing with 64 bit clients; (bso#6888). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio); (bso#7067). + Fix 'smbget' error status; (bso#7069). + Fix build of 'smbfilter'; (bso#7071). + Fix unlocking of accounts from ldap; (bso#7072). + Cliconnect gets realm wrong with trusted domains; (bso#7079). + Fix vfs_expand_msdfs; (bso#7081). + Fix storing of create time on directories in an EA in new create time code; (bso#7084). + Fix an early release of the global lock that can cause data corruption in libtdb; (bso#7085). + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Add pdb_ldap performance fixes; (bso#7116). + Change ldap filter to what really was intended; (bso#7116). + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + Fix nmbd problems with socket address; (bso#7118). + Support large browselist; (bso#7119). + Fix reading of large browselist; (bso#7122). + Fix listing of printjobs in Windows 7; (bso#7130). + Owner of file not available with Kerberos; (bso#7139). + Fix IPv4/IPv6 problems; (bso#7140). + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix some wrong newlines in de translation strings. - Take extra care that a mount point of mount.cifs isn't changed during mount and don't allow it to be run as setuid root program; CVE-2010-0787; (bso#6853); (bnc#550002). - Check in mount.cifs for invalid characters in device name and mountpoint; CVE-2010-0547; (brc#562156); (bnc#577925). - Don't invalidate cache for uninitialized domains; (bnc#538923). - Signals are processed twice in child; (bnc#538923). - Allow forced pw change even with min pw age; (bnc#561894). - Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868). - Fix enumerate domain local groups for primary domain; (bnc#573813). - Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106). - Normalize "Changing password for" msg IDs and STRs; (bnc#499233). - Build libtevent and libldb and put them into separate subpackages. - Update to 3.5.0rc2. + The Using Samba HTML book has been removed. + 'net', 'smbclient' and libsmbclient can use logon credentials cached by Winbind; (bso#7062). + New vfs_scannedonly module has been added; (bso#7028). + Check password history before increasing "badPasswordCount"; (bso#4347). + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; (bso#6157). + Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb; (bso#6876). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + Disable sanity check in NetShareEnum for better compatibility with Windows; (bso#7029). + Fix SMBrmdir error message when deleting a directory fails; (bso#7033). + Fix segfault in vfs_cap; (bso#7034). + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036). + Fix a Winbind segfault in "trusted_domains"; (bso#7037). + Complete and improve some German translation of 'net'; (bso#7039). + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039). + Fix crash bug in libsmbclient; (bso#7043). + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045). + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046). + Lock down some srvsvc calls according to what w2k3 seems to do. - Update to 3.4.5. + Fix memory leak in smbd (bug #7020). + Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + BUG 6642: Fix opening the quota magic file. + BUG 6919: Fix remote quota management. + BUG 7034: Fix internal error caused by vfs_cap. + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + BUG 7043: Fix crash bug in "SMBC_parse_path". + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server. - Free unused memory after a packet got processed; (bso#7020). - Add timeout to rpc call to prevent infinite loop when network is down; (bnc#538923). - Update to 3.5.0rc1. + BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7; (bnc#619787). + BUG 6939: Fix long filenames when "mangling method" is set to "hash". + BUG 6991: Create symbol links to shared libraries. + BUG 6992: make test for getgrouplist cacheable. + BUG 7014: Fix Winbind crash when retrieving empty group members. + BUG 7020: Fix smbd using 2G memory. + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. + Vector correctly through reply_openerror() (which uses the same logic). + Fix bugs with the full Windows ACL support. + Add a few missing gettext calls to the 'net' command. + Fix up a share type translation and translate some more strings in 'net'. + Allow to call "pdbedit -N description -u user" without specifiyng "-r". + Add spoolss_DriverInfo7. + Fix rpcclient after setprinter IDL fixes. + Use generated krb5.conf in 'net ads testjoin'. + Add some German translations for the 'net' command. + Update mount.cifs man page with nounix option. + Fix _samr_GetAliasMembership for results with 0 rids. + Fix an error case in cli_negprot. + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. + Restore correct timeouts for SMB requests. + Fix a 64-bit error in libsmb. + Replace IS_DOMAIN_OFFLINE by a function in Winbind. + Simplify/cleanup Winbind code. + Fix write behind memory block in libtalloc. + Fix result check for getaddrinfo(). + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. + Fix standalone 'make installdocs'. + Output %p as unsigned in snprintf replacement. + New attempt at TDB transaction nesting allow/disallow. + Remove swig stuff from libtdb. + Reset tdb->fd to -1 in tdb_close() in libtdb. + Change the way mksysms work in libtalloc. + Also build and install tdb manpages from standalone tdb. + Fix infinite loop in NCACN_IP_TCP as there is no timeout. + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. + List trusted domains from wcache when domain is offline. - Update to 3.4.4. + Fix interdomain trust relationships with Win2008R2 (bug #6697). + Fix Winbind crashes when queried from nss (bug #6889). + Fix Winbind crash when retrieving empty group members (bug #7014). + Fix "UID range full" error in Winbind (bug #6901). + Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). + BUG 4832: Fix iconv checks. + BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + BUG 6828: Fix infinite timeout when byte lock held outside of samba. + BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7; (bnc#619787). + BUG 6841: Fix "map acl inherit = yes". + BUG 6850: Fix shadow copy display on Windows 7. + BUG 6867: Fix listing of directories with a lot of files. + BUG 6868: Support building with Heimdal we well as with MIT. + BUG 6875: Fix DOS attributes on OS/2 clients. + BUG 6880: Fix listing of workgroup servers in libsmbclient. + BUG 6898: Samba duplicates file content on appending. + BUG 6918: Fix krb5 build problem on Ubuntu karmic. + BUG 6929: Fix build with recent heimdal. + BUG 6939: Fix long filenames with "mangling method = hash". + BUG 6967: Fix 'net ads join' with OU. + BUG 6981: Fix paged search with DirX LDAP server. + BUG 6982: Remove erroneous out of memory error path in lookup_sid. + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. + Fix the build of the winbind krb5 locator plugin. + Fix enumprinter key client and server. - Readjust the _libdir/cups/backend/smb sym link only on uninstall of the samba-krb-printing package; (bnc#568603). - Add BuildRequires to fam-devel; (bnc#564260). - Prevent winbind crash; (bso#7014); (bnc#566119). - Fix processing of open modes in POSIX open; (bnc#530683). - Add baselibs.conf as a source. - Update to 3.5.0pre2. + BUG 2350: Add LDAP Alias Dereferencing support. + BUG 6288: SWAT adds a second share when changing parameters of an existing share. + BUG 6435: Fix minor memory corruption. + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. + BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. + BUG 6837: "Too many open files" when trying to access large number of files from Windows 7; (bnc#619787). + BUG 6860: Fix shared library build on QNX. + BUG 6879: Fix crash in Winbind. + BUG 6929: Fix build with recent heimdal. + BUG 6938 : No hook exists to check creation rights when using acl_xattr module. + BUG 6967: Prevent glibc error on 'net ads join'. + Fix vfs_acl_xattr which was failing to call the NEXT connect function. + Restructure the ACL code. + Refactor reply_rmdir to use handle based code. + Fix the build when no external talloc and tdb are installed. + Fix detection of CTDB headers on systems without system-libtalloc. + Fix several printing issues. + Fix the build on Mac OS X 10.6.2. + Fix net and rpcclient after setprinterdataex changes. + Add full support for level 8 printer drivers. + Add more spoolss architectures to IDL. + Fix enumprinter key client and server. + Fix crash in EnumPrinterDataEx. + Prefer posix_fallocate for doing "strict allocate". + Restore "fake directory create times" as a share parameter. + Fix explicit stat64 support. + Add support for NetWkstaGetInfo 101 and 102. + Add rpcclient wkssvc_enumerateusers. + De-deprecate "write cache size" to prevent its removal without a proper alternative. + Allow more than 1000 users in BUILTIN\Users. + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. + Fix the build of the example VFS modules. + Fix crash in free_file_list(). + Give the user a chance to change password when password will expire soon. - Store the smbfs service state if enabled and restore it for cifs while upgrade on post-11.2 systems. - Prevent cifstab from being overwritten while upgrade on post-11.2 systems. - Give the user a chance to change password when password will expire soon; (FATE#302414). - Rename smbfs init script to cifs for post-11.2 systems. - Allow Windows 7 to connection to samba domain controllers and member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680). - Error on joining windows domain (invalid pointer); (bso#6967); (bnc#553622). - Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165). - Simplify the winbind package %pre script and suppress stdout only. - Update to 3.5.0pre1 + Add support for full Windows timestamp resolution. + Experimental implementation of SMB2. + Add encryption support for connections to a CUPS server. + Major windbind asynchronous refactoring. - Remove using_samba from the doc package. - Increase major version of libtalloc to 2. - Fix kerberos refresh chain; (bnc#546162); (bso#6872). - Hardlink duplicate files on post-11.1 systems. - Add BuildArch noarch to samba-doc on post-11.1 systems. - Use full 16byte session key in make_user_info_netlogon_interactive(); (bnc#551811). - Update to 3.4.3. + Fix trust relationships to windows 2008 (2008 r2) (bug #6711). + Fix file corruption using smbclient with NT4 server (bug #6606). + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. + BUG 6529: Offline files conflict with Vista and Office 2003. + BUG 6532: Fix domain enumeration if master browser has space in name. + BUG 6606: Fix file corruption using smbclient with NT4 server. + BUG 6690: Fix wrong error check in profile. + BUG 6703: Allow smbstatus as non-root. + BUG 6704: Fix syntax error in avahi configure test. + BUG 6707: Fix an occasional segfault in config file parsing. + BUG 6710: Adjust regex to match variable names including underscores. + BUG 6711: Fix trust relationships to windows 2008 (2008 r2). + BUG 6726: SIVAL should have been an SVAL. + BUG 6728: BSD needs sys/sysctl.h included to build properly. + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. + BUG 6764: Fix timeval calculation. + BUG 6765: Add a "hidden" parameter "share:fake_fscaps". + BUG 6769: Fix symlink unlink. + BUG 6772: Allow outstanding_aio_calls to be decremented. + BUG 6774: smbd crashes if "aio write behind" is set. + BUG 6776: Fix core dump caused by running overlapping Byte Lock test. + BUG 6781: Fix renaming subfolders in Explorer view. + BUG 6791: Fix linking order in cifs.upcall. + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". + BUG 6793: Fix segfault in winbindd_pam_auth. + BUG 6796: Deleting an event context on shutdown can cause smbd to crash. + BUG 6797: Fix a memleak in libwbclient. + BUG 6804: Fix hpux compiler issue. + BUG 6805: Correctly handle aio_error() and errno. + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. + BUG 6810: Add support for finding alternate credcaches to cifs.upcall. + BUG 6811: Fix reference to freed memory in pam_winbind. + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. + BUG 6824: Fix avahi activation. + BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. + BUG 6828: Fix infinite timeout when byte lock held outside of Samba. + BUG 6829: Fix displaying of multibyte characters in smbclient. + BUG 6840: Fix crash in pam_winbind. + Fix an uninitialized variable. + Only ever handle one event after a select call. + Conditional install of the cifs.upcall man page. + Fix warning occuring when building the manpages. - Let smbclient show special characters properly; (bso#6829); (bnc#544204). - Don't fail authentication when one or some group of require-membership-of is invalid; (bnc#525123); (bso#6826). - Allow winbind to ignore certain domains; (bnc#539506). - Update to 3.4.2. + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517). + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115). + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). - Fix potential denial of service; CVE-2009-2906; (bnc#543115). - Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150). - Fix unresolved home path; CVE-2009-2813; (bnc#539517). - Don't overwrite password in pam_winbind; (bnc#515444). - mods for winbind (when used with squid - ntlm_auth) o winbind adds group 'winbind' o permission 0750,root,winbind LOCKDIR/winbindd_privileged - Merge two fixes from 3.2.8 and 3.3.1. + Adjust regex to match variable names including underscores. + Conditional install of the cifs.upcall man page. - Remove supplements from baselibs.conf while %clean for pre-11.1 systems; (bnc#520579). - Update to 3.4.1. + Fix authentication on member servers without Winbind (bug #6650). + Nautilus fails to copy files from an SMB share (bug #6649). + Fix connections of Win98 clients (bug #6551). + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + Fix Winbind authentication issue (bug #6646). + BUG 5879: Update LDAP schema for Netscape DS 5. + BUG 5886: Fix password change propagation with ldapsam. + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe. + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. + BUG 6437: Make open_udp_socket() IPv6 clean. + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. + BUG 6532: Fix the build with external talloc. + BUG 6538: Cancel all locks that are made before the first failure. + BUG 6560: Fix lookupname. + BUG 6564: SetPrinter fails (panics) as non root. + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. + BUG 6585: Fix unqualified "net join". + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. + BUG 6601: Avoid global fd limits. + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. + BUG 6611: Fix a valgrind error in chain_reply. + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 6650: Fix authentication on member servers without Winbind. + BUG 6651: Fix smbd SIGSEGV when breaking oplocks. + BUG 6655: Fix 'smbcontrol smbd ping'. + BUG 6620: Fix a bug in renames of directories. + BUG 6664: Fix truncation of the session key. + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". + BUG 6680: Fix authentication failure from Windows 7 when domain joined. + BUG 6688: Fix crash in 'net usershare list'. + BUG 6693: Check we read off the complete event from inotify. + BUG 6700: Use dns domain name when needing to guess server principal. - Update to 3.2.14. + Fix SAMR access checks (e.g. bugs #6089 and #6112). + Fix 'force user' (bug #6291). + Improve Win7 support (bug #6099). + Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6089: Fix SAMR access checks. + BUG 6112: Fix SAMR access checks. + BUG 6279: Fix Winbind crash. + BUG 6291: Fix 'force user'. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6386: Groupdb mapping fix. + BUG 6421: Fix POSIX read-only open on read-only shares. + BUG 6476: Fix more smbd-zombies in memory. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + BUG 6504: Fix SAMR server for Winbind access. + BUG 6520: Fix time stamps. + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6465: Fix enum_aliasmem in ldb branch. + BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 6526: Let parent_dirname() correctly return toplevel filenames. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 5798: Preserve CFLAGS info in configure. + BUG 6382: Case insensitive access to DFS links broken. + BUG 6481: Don't require "Modify property" perms to unjoin. + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. + BUG 6560: Lookupname failed, cannot find domain when attempt to change password. + Prevent creation of keys containing the '/' character. + Fix join of Windows 7 RC to a Samba3 DC. + Fix bug in processing of open modes in POSIX open. + Fix the negotiate flags. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to 'net'. + Fix a race condition in Winbind leading to a panic. + Add workaround for MS KB932762. + 5945: Fix out of memory error with Winbind idmap. + Avoid duplicate ACEs. + Fix profile ACLs in some corner cases. + Zero an uninitialized array. - Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271); (bso#6615). - check in .po files for pam_winbind; (bnc#499233); (bso#6602). - Add ntp and network-remotefs as Should-Start dependency to the winbind init script; (bnc#515629). - Update to 3.0.36. + Fix Winbind crash on 'getent group' (bug #5906). + Excel save operation corrupts file ACLs (bug #4308). + Prevent segmentation fault on joining a very long domain name. + BUG 4308: Excel save operation corrupts file ACLs. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + BUG 4640: Fix guest mounts in mount-cifs. + BUG 5906: Fix Winbind crash on 'getent group'. + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + BUG 6099: In order to allow Win7 to connect to a Samba NT style. + BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. + BUG 6085: Fix build of vfs_default. + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. + Fix logic error in try_chown. + Correctly use chroot(). + Fix bug in processing of open modes in POSIX open. + Don't install the cifs.upcall binary twice. + Fix mount.cifs handling of -V option. + Prevent segmentation fault on joining a very long domain name. + Don't try and delete a default ACL from a file. + Add workaround for MS KB932762. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg. - Use a conditional suse_version macro in front of the SUSE_ASNEEDED export. - lookupname failed, cannot find domain when attempt to change password; (bnc#520645); (bso#6560). - Don't link with --as-needed flag on post-11.1 systems. - Stop the smbfs service if an interface goes down; (bnc#517768). - Disable build of static libraries on post-11.1 systems; (bnc#509945). - Fix missing zlibs for cifs.upcall and test_shlibs. - Update to 3.4.0. + BUG 6431: Local groups from 3.0 setups no longer found. + BUG 6459: Fix build of pam_smbpass on some distributions. + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain not. + BUG 6497: Fix calling of 'test' in configure. + BUG 6498: Add workaround for MS KB932762. + BUG 6499: Fix building of pam_smbpass. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6512: Fix support for enumerating user forms. + BUG 6514: Improve error message in 'net' when smb.conf is not available. + BUG 6520: Fix time stamps when "unix extensions = yes". + BUG 6521: Fix building tevent_ntstatus without config.h. + BUG 6526: Fix notifies in the share root directory. + BUG 6531: Fix pid file name. - Package /etc/samba/smbpasswd as %ghost on post-11.1 systems. - Fix net ads leave; (bnc#511695). - Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). - Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164). - Update to 3.2.13, 3.3.6. + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478). - Update to 3.0.35. + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes"; CVE-2009-1888; (bnc#515479). - Uninitialized read of a data value; CVE-2009-1888 (bnc#515479). - Update to 3.4.0rc1. + BUG 4699: Remove pidfile on clean shutdown. + BUG 5456: Fix "net ads testjoin". + BUG 6081: Make it possible to change machine account sids. + BUG 6253: Use correct value for password expiry calculation in pam_winbind. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6305: Correctly prompt for a password when a username was given. + BUG 6328: Add support for multiple rights to "net sam rights grant/revoke". + BUG 6333: Consolidate create/delete account paths in pdbedit. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6451: net/libnetapi user rename using wrong access bits. + BUG 6458: Fix uninitialized variable in local_password_change(). + BUG 6465: Fix enumeration of empty aliases. + BUG 6476: Fix smbd-zombies in memory when using [x]inetd. + BUG 6487: Add missing DFS call in trans2 mkdir call. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + Improve pam_winbind documentation. - Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions. - Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user input as a format string to asprintf; CVE-2009-1886; (bnc#513360). - Fix a bad memleak in vfs_full_audit; (bnc#510035). - Update to 3.3.5. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix joining of Win7 into Samba domain (bug #6099). + Fix joining of Win2000 SP4 clients (bug #6301). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL. + BUG 5897: Fix shutdown script example in the smb.conf manpage. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6301: Fix joining of Win2000 SP4 clients. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix 'net groupmap set' segfault. + BUG 6361: Make --rcfile work in smbget. + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. + BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. + BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. + BUG 6441: Fix the compile with --enable-dnssd. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent infinite include nesting. + Mark registry shares without path unavailable. + Also handle DirX return codes. + Fix Coverity ID 897. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix a race condition in winbind leading to a panic. + Some man pam_winbind improvements. + Zero an uninitialized array. - Update to 3.2.12. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix "force user" (bug #6291). + Fix Winbind crash (bug #6279). + Fix joining of Win7 into Samba domain (bug #6099). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5798: CFLAGS info lost in configure. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5835: Add keyutils-devel to build requires. + BUG 5945: Fix out of memory error with Winbind idmap. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6279: Fix Winbind crash. + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6291: Fix "force user". + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6386: Groupdb mapping fix. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent creation of keys containing the '/' character. + Fix bug in processing of open modes in POSIX open. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a race condition in winbind leading to a panic. + Fix a crash bug if we timeout in net rpc trustdom list. + Fix profile acls in some corner cases. - Default with passdb backend to smbpasswd for SUSE products older than 11.2. - Explicitly use 'tdbsam' as passdb backend in the default smb.conf file. - Update to 3.4.0pre2. + The default passdb backend has been changed to 'tdbsam'! + Samba4 and Samba3 sources are included in the tarball. + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Made parameter syntax of the net command more consistent. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 4271: testparm should not print includes. + BUG 4831: Don't call openlog() or closelog() from pam_smbpass. + BUG 5681: Do not limit the number of network interfaces. + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo access checks. + BUG 6099: Fix NETLOGON credential chain. + BUG 6136: New AFS syscall conventions. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6253: Use correct value for password expiry calculation. + BUG 6291: Fix 'force user'. + BUG 6292: Update config.guess from gnu.org. + BUG 6302: Give the VFS a chance to read from 0-byte files. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on malloced memory. + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix segfault in 'net groupmap set'. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6357: Use Samba default command line arguments in 'net'. + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4 and IPv6 addresses + BUG 6361: Make --rcfile work in smbget. + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share. + BUG 6372: usermanager only displaying 1024 groups and aliases. + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids. + BUG 6415: Filter out of range mappings in default idmap config (idmap_tdb). + BUG 6416: Filter out of range mappings in default idmap config (idmap_tdb2). + BUG 6417: Filter out of range mappings in default idmap config (idmap_ldap). + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Fix the core of the SAMR access functions. + Fix SAMR server for winbindd access. + Add dbwrap_tool - a tdb tool that is CTDB-aware. + Hide "config backend" from swat. + Fix linking with --disable-shared-libs. + Fix issue with missing entries when enumerating directories. + Map NULL domains to our global sam name. + Fix driver upload for Xerox 4110 PS printer driver. + Add "net dom renamecomputer" to rename machines in a domain. + Inspect the correct computername string before enabling/disabling the change button in netdomjoin-gui. + Fix join prompt dialog test in netdomjoin-gui. + Only gray out labels when not root and not connecting to remote machines (netdomjoin-gui). + Allow to switch between workgroups/domains with the same name (netdomjoin-gui). + Add NetShutdownInit and NetShutdownAbort. + Fix samr access checks. + Add a security model to LSA. + Also handle DirX return codes. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix Coverity ID 897. + Fix a race condition in vfs_aio_fork with gpfs share modes. + Fix bug disclosed by lock8 torture test. + Fix a race condition in winbind leading to a panic. + Detect tight loop in tdb_find(). + Fix chained sesssetupAndX/tconn messages. + Fix strict locking with chained reads. + Fix two bugs in sendfile. + Fix memory leak. + Fix file descriptor leak. + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL. + Always allocate memory in dptr_ReadDirName. + Fix 'net' crash during domain join. + Zero an uninitialized array. + Allow child processes to exit gracefully if we are out of fds. - Enable cifs.upcall on versions newer than SUSE 10.0. - Add BuildRequires to keyutils-devel. - Remove redundant Requires to keyutils-libs for cifs-mount. - Detect tight loop in tdb_find(); (bnc#450974). - Fix lp printing with kerberos; (bnc#476913). - Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all other build targets. - Update to 3.4.0pre1. + Samba4 and Samba3 sources are included in the tarball + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Make merged build possible. + Move common libraries to the shared lib/ directory. - Update to 3.3.4. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix usrmgr.exe creating a user (bug #6243). + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6279: Fix Winbind crash. + BUG 5329: Add "net rpc service delete/create". + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. + BUG 6263: Fix domain logins for WinXP clients pre SP3. + BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. + BUG 6243: Fix usrmgr.exe creating a user. + net conf: Save share name as given, not as lower case only. + Prevent creation of registry keys containing the '/' character. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Don't access a freed structure when logging off and re-using a vuid. + Try to to fix password_expired flag handling. + Make sure to grey out change fields in the netdomjoin-gui when not running as root. + Don't look up local user for remote changes, even when root. + Use procid_str in debug messages for better cluster-debuggability. + Use cluster-aware procid_is_me instead of comparing pids. + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Do not use the file system GET_REAL_FILENAME for mangled names. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to net. + In net_conf_import, start a transaction when importing a single share. + Fix writing of roaming profiles with "profile acls" set to "yes". - Update to 3.2.11. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix smbd crash for close_on_completion. + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6205: Correct sample smb.conf share configuration. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6263: Fix domain logins for WinXP clients pre SP3. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Fix resume command typo for "printing = vlp". + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Don't look up local user for remote changes, even when root. - Don't lookup local user for remote password changes; (bnc#493507). - Update to 3.3.3. + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). + Fix serving of files with colons to CIFS/VFS client (bug #6196). + Fix "map readonly" (bug #6186). + BUG 6195: Don't let smbd child processes panic. + Add backend_requires_messaging() method to libsmbconf. + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + Fall back to file backend when no valid backend was found. + Fix a memleak in dbwrap_rbt. + Provide transaction_start|commit|cancel fns for the registry tdb. + Speed up "net conf drop". + Speed up "net conf import". + Add transactions to the libsmbconf API. + Reduce memory usage of "net conf import". + Registry cleanup. + Fix handling of SAMBA_VERSION_VENDOR_PATCH. + Fix build of pam_winbind.so with static linking. + Tidy up some convert_string_internal error cases. + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. + Allow DFS client paths to work when POSIX pathnames have been selected. + Try and fix the build farm RAW-STREAMS errors. + Ensure files starting with multiple dots are hidden. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + Fix notify_printer_status_byname. + Fix Coverity IDs 722, 762, 774, 775, 776. + Fix build on old Heimdal based systems. + Fix compile warning. + Use parentheses in if condition to make negation clear. + Add dirsort module. + BUG 6147: Fix detection of the GNU ld version. + BUG 6097: Fix smbd segfault. + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6139: Add missing whitespace in mount.cifs error message. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix a valgrind error. + Speed up "net conf list". + Add sorted subkey cache. + Use StrCaseCmp in the dirsort module. + Document the dirsort module. + Disable dns_sd by default. + Add avahi detection to configure. + Add event avahi binding. + Use avahi to register _smb._tcp in smbd. + Fix two memleaks in the encryption code. + Fix a scary "fill_share_mode_lock failed" message. + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. + Don't use reserved words in smbconftort. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Parse_packet can return NULL which is then dereferenced in match_mailslot_name. + Format the header check for netinet/ip.h more nicely. + Missing break in conversion function prevents tdb password database update. - Update to 3.2.10. + BUG #6195: Don't let smbd child processes panic. - BUG 6195: Fix crash on passdb conversion. - Update to 3.2.9. + BUG 5920: The length of the memcpy was calculated wrong. + BUG 6097: Fix smbd segfault. + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS server is invalid. + BUG 6099: Samba returns incurrate capabilities list. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem. + BUG 6161: smbclient corrupts source path in tar mode. + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + BUG 6224: nmbd waits 5 minutes before checking to run elections. + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno. + Numerous Coverity fixes + Fix double free caused by incorrect talloc_steal usage. + Backport delete semantics of alternate data streams on a file truncate. + Allow set attributes on a stream fnum to redirect to the base filename. + Fix use of streams modules with CIFSFS client. + Fix more POSIX path lstat calls. + Allow DFS client paths to work with POSIX pathnames. + Ensure files starting with multiple dots are hidden. + Fix guest auth when Winbind is running. + Fix memleak in get_remote_printer_publishing_data(). + cifs mount fix for handling -V parameter. + Fix guest mounts. + Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Enable total anonymization in vfs_smb_traffic_analyzer. + Don't try and delete a default ACL from a file. + Fix remotely adding a share via MMC. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Fix a valgrind error / segfault in dns_register_smbd(). + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix two memleaks in the encryption code. + Fix "fill_share_mode_lock failed" message. + Add S-1-22-X-Y sids to the local token. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Don't miss an absolute pathname as a kerberos keytab path. + Have nmbd check all available interfaces for WINS before failing. + Initialize the id_map status in idmap_ldap to avoid surprise. - Obsolete change from 2008-03-05 by removing the needless examples cleanup. - Update to 3.3.2. + Fix "force group" (bug #6155). + Fix saving of files on Samba share using MS Office 2007 (bug #6160). + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + Fix corruptions of source path in tar mode of smbclient (bug #6161). + BUG 6082: Fix renaming and deleting of directories using Windows clients. + BUG 6154: Make ZFS honor admin users. + BUG 6155: Fix "force group". + BUG 6160: Fix saving of files on Samba share using MS Office 2007. + BUG 6161: Fix corruptions of source path in tar mode of smbclient. + Fix some NetBSD warnings. + Fix bug in processing of open modes in POSIX open. + Fix use of streams modules with CIFSFS client. + Ensure ACL modules work with POSIX paths. + Use fsp->posix_open in preference if we have it. + Fix more POSIX path lstat calls. + Fix a bug in message handling for the change notify code. + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + BUG 4640: Fix guest mounts in mount.cifs. + Fix displaying the version string properly when no other parameters passed in in mount.cifs. + Prefer gssapi header files from subdirectory. + BUG 6176: winbindd -n should disable the winbind idmap cache. + Add a vfs_preopen module to hide fs latencies. + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a valgrind error / segfault in dns_register_smbd(). + Fix build on SLES8. + Decremented by 1 for ntcancel requests. + Fix creation of core files. + Fix first mapping of uids/gids in Winbind. + Initialize the id_map status in idmap_ldap to avoid surprise. + Fix initialization of idmap status. - Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc. - Ignore return value from subshell to fix build. ==== systemsettings5 ==== Version update (5.6.2 -> 5.6.3) Subpackages: systemsettings5-devel - Update to 5.6.3 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.3.php ==== taglib ==== Version update (1.10 -> 1.11) Subpackages: libtag-devel libtag1 libtag_c0 - Update to 1.11 * Fixed reading APE items with long keys. * Fixed reading ID3v2 SYLT frames when description is empty. 1.11 BETA 2: * Better handling of PCM WAV files with a 'fact' chunk. * Better handling of corrupted APE tags. * Efficient decoding of unsynchronized ID3v2 frames. * Fixed text encoding when saving certain frames in ID3v2.3 tags. * Fixed updating the size of RIFF files when removing chunks. * Several smaller bug fixes and performance improvements. 1.11 BETA: * New API for creating FileRef from IOStream. * Added support for ID3v2 PCST and WFED frames. * Added support for pictures in XiphComment. * Added String::clear(). * Added FLAC::File::strip() for removing non-standard tags. * Added alternative functions to XiphComment::removeField(). * Added BUILD_BINDINGS build option. * Added ENABLE_CCACHE build option. * Replaced ENABLE_STATIC build option with BUILD_SHARED_LIBS. * Better handling of duplicate ID3v2 tags in all kinds of files. * Better handling of duplicate tag chunks in WAV files. * Better handling of duplicate tag chunks in AIFF files. * Better handling of duplicate Vorbis comment blocks in FLAC files. * Better handling of broken MPEG audio frames. * Fixed crash when calling File::properties() after strip(). * Fixed crash when parsing certain MPEG files. * Fixed crash when saving Ogg files. * Fixed possible file corruptions when saving ASF files. * Fixed possible file corruptions when saving FLAC files. * Fixed possible file corruptions when saving MP4 files. * Fixed possible file corruptions when saving MPEG files. * Fixed possible file corruptions when saving APE files. * Fixed possible file corruptions when saving Musepack files. * Fixed possible file corruptions when saving WavPack files. * Fixed updating the comment field of Vorbis comments. * Fixed reading date and time in ID3v2.3 tags. * Marked ByteVector::null and ByteVector::isNull() deprecated. * Marked String::null and String::isNull() deprecated. * Marked XiphComment::removeField() deprecated. * Marked Ogg::Page::getCopyWithNewPageSequenceNumber() deprecated. It returns null. * Marked custom integer types deprecated. * Many smaller bug fixes and performance improvements. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#975219 - virt-manager interface is broken (Tumbleweed-20160417) virt-manager.spec ==== webkit2gtk3 ==== Version update (2.12.1 -> 2.12.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Refresh webkitgtk-disable-gcc-version-checks.patch for latest version. - Update to version 2.12.2: + Fix rendering of scrollbars with GTK themes using stepper buttons. + Fix compatibility issue with 2.12.1 regarding local storage access from file URLs. + Make menu list buttons use the text color from the theme. + Do not show resize grip in non-resizable text fields. + Fix accessibility events causing Orca to echo key presses instead of speaking the inserted characters in password fields. + Fix an off by one error in hyphenation. + Fix several crashes and rendering issues. + Fix the build with libjpeg v9. + Updated translations. - Drop pkgconfig(gtk+-2.0) BuildRequires and pass - DENABLE_PLUGIN_PROCESS_GTK2=OFF to configure. We do no longer ship the flash-plugin in openSUSE, and it were the last consumer of this functionality. This also have the added bonus of freeing zenity and dependant packages of gtk2 dependencies. ==== wicked ==== Version update (0.6.32 -> 0.6.33) Subpackages: libwicked-0-6 wicked-service - version 0.6.33 - route: initial routing policy rules support (fate#312217) ==== xf86-input-evdev ==== Version update (2.10.1 -> 2.10.2) - u_01-Add-a-kiosk-mode-for-touch-screens.patch u_02-Add-delay-between-button-press-and-release-to-kiosk-mode.patch Add click on touch (FATE#320263). - Update to version 2.10.2 This release restores wheel emulation on absolute devices and drops the forced direction locking for scroll buildup during wheel emulation since it made it almost impossible to actually scroll in both directions. Since horizontal scrolling is disabled by default anyway, we don't need this lock. ==== xmlstarlet ==== Version update (1.5.0 -> 1.6.1) - Update to 1.6.1: * handle unicode arguments under Windows - Changes for 1.6.0: * get rid of "helpful" message about namespaces * update user guide * Enhancements: + add --stop option to val + add global option --no-doc-namespace * Build: + let the make install target succeed even if docs aren't built. - Cleanup spec file with spec-cleaner - Cleanup dependencies - Refresh xmlstarlet-xml_depyx.c.diff ==== yast2-update ==== Version update (3.1.37 -> 3.1.39) - Updated yast2-packager dependency (FATE#320199) - 3.1.39 - Select the default product patterns in the pattern based upgrade (FATE#320199) - 3.1.38