diff --git a/.gitignore b/.gitignore index db71ada..c1e928f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/samba-4.17.5.tar.xz +SOURCES/samba-4.18.6.tar.xz SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/.samba.metadata b/.samba.metadata index a072d0f..c0a00fe 100644 --- a/.samba.metadata +++ b/.samba.metadata @@ -1,2 +1,2 @@ -68926a886d20bbd5b4d768d9788d4b5a5ca399e5 SOURCES/samba-4.17.5.tar.xz +12b41f2a849cb6c40e9f5b174bb1cd823a060bd7 SOURCES/samba-4.18.6.tar.xz 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg diff --git a/SOURCES/CVE-2023-3347-signing-4.17-01.patch b/SOURCES/CVE-2023-3347-signing-4.17-01.patch deleted file mode 100644 index 4ab4892..0000000 --- a/SOURCES/CVE-2023-3347-signing-4.17-01.patch +++ /dev/null @@ -1,441 +0,0 @@ -From 2c987aa203f12390c51810e4fbca6a176180a8b1 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Tue, 20 Jun 2023 12:46:31 +0200 -Subject: [PATCH 1/5] CVE-2023-3347: CI: add a test for server-side mandatory - signing - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 - -Signed-off-by: Ralph Boehme ---- - .../samba3.smb2.session-require-signing | 1 + - selftest/target/Samba3.pm | 1 + - source3/selftest/tests.py | 2 + - source4/torture/smb2/session.c | 64 +++++++++++++++++++ - source4/torture/smb2/smb2.c | 1 + - 5 files changed, 69 insertions(+) - create mode 100644 selftest/knownfail.d/samba3.smb2.session-require-signing - -diff --git a/selftest/knownfail.d/samba3.smb2.session-require-signing b/selftest/knownfail.d/samba3.smb2.session-require-signing -new file mode 100644 -index 000000000000..53b7a7022a83 ---- /dev/null -+++ b/selftest/knownfail.d/samba3.smb2.session-require-signing -@@ -0,0 +1 @@ -+^samba3.smb2.session-require-signing.bug15397 -diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm -index 9c590547c943..3336c5b8e97c 100755 ---- a/selftest/target/Samba3.pm -+++ b/selftest/target/Samba3.pm -@@ -1294,6 +1294,7 @@ sub setup_ad_member_idmap_rid - # values required for tests to succeed - create krb5 conf = no - map to guest = bad user -+ server signing = required - "; - - my $ret = $self->provision( -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py -index 04349c1f1f75..887bf6d52933 100755 ---- a/source3/selftest/tests.py -+++ b/source3/selftest/tests.py -@@ -938,6 +938,8 @@ tests = base + raw + smb2 + rpc + unix + local + rap + nbt + idmap + vfs - # Certain tests fail when run against ad_member with MIT kerberos because the private krb5.conf overrides the provisioned lib/krb5.conf, - # ad_member_idmap_rid sets "create krb5.conf = no" - plansmbtorture4testsuite(t, "ad_member_idmap_rid", '//$SERVER/tmp -k yes -U$DC_USERNAME@$REALM%$DC_PASSWORD', 'krb5') -+ elif t == "smb2.session-require-signing": -+ plansmbtorture4testsuite(t, "ad_member_idmap_rid", '//$SERVER_IP/tmp -U$DC_USERNAME@$REALM%$DC_PASSWORD') - elif t == "rpc.lsa": - plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD', 'over ncacn_np ') - plansmbtorture4testsuite(t, "nt4_dc", 'ncacn_ip_tcp:$SERVER_IP -U$USERNAME%$PASSWORD', 'over ncacn_ip_tcp ') -diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c -index 92f9e638ff47..e417008cad7a 100644 ---- a/source4/torture/smb2/session.c -+++ b/source4/torture/smb2/session.c -@@ -5498,3 +5498,67 @@ struct torture_suite *torture_smb2_session_init(TALLOC_CTX *ctx) - - return suite; - } -+ -+static bool test_session_require_sign_bug15397(struct torture_context *tctx, -+ struct smb2_tree *_tree) -+{ -+ const char *host = torture_setting_string(tctx, "host", NULL); -+ const char *share = torture_setting_string(tctx, "share", NULL); -+ struct cli_credentials *_creds = samba_cmdline_get_creds(); -+ struct cli_credentials *creds = NULL; -+ struct smbcli_options options; -+ struct smb2_tree *tree = NULL; -+ uint8_t security_mode; -+ NTSTATUS status; -+ bool ok = true; -+ -+ /* -+ * Setup our own connection so we can control the signing flags -+ */ -+ -+ creds = cli_credentials_shallow_copy(tctx, _creds); -+ torture_assert(tctx, creds != NULL, "cli_credentials_shallow_copy"); -+ -+ options = _tree->session->transport->options; -+ options.client_guid = GUID_random(); -+ options.signing = SMB_SIGNING_IF_REQUIRED; -+ -+ status = smb2_connect(tctx, -+ host, -+ lpcfg_smb_ports(tctx->lp_ctx), -+ share, -+ lpcfg_resolve_context(tctx->lp_ctx), -+ creds, -+ &tree, -+ tctx->ev, -+ &options, -+ lpcfg_socket_options(tctx->lp_ctx), -+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)); -+ torture_assert_ntstatus_ok_goto(tctx, status, ok, done, -+ "smb2_connect failed"); -+ -+ security_mode = smb2cli_session_security_mode(tree->session->smbXcli); -+ -+ torture_assert_int_equal_goto( -+ tctx, -+ security_mode, -+ SMB2_NEGOTIATE_SIGNING_REQUIRED | SMB2_NEGOTIATE_SIGNING_ENABLED, -+ ok, -+ done, -+ "Signing not required"); -+ -+done: -+ return ok; -+} -+ -+struct torture_suite *torture_smb2_session_req_sign_init(TALLOC_CTX *ctx) -+{ -+ struct torture_suite *suite = -+ torture_suite_create(ctx, "session-require-signing"); -+ -+ torture_suite_add_1smb2_test(suite, "bug15397", -+ test_session_require_sign_bug15397); -+ -+ suite->description = talloc_strdup(suite, "SMB2-SESSION require signing tests"); -+ return suite; -+} -diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c -index c717db50b70c..8621f09d820c 100644 ---- a/source4/torture/smb2/smb2.c -+++ b/source4/torture/smb2/smb2.c -@@ -189,6 +189,7 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx) - torture_suite_add_suite(suite, torture_smb2_sharemode_init(suite)); - torture_suite_add_1smb2_test(suite, "hold-oplock", test_smb2_hold_oplock); - torture_suite_add_suite(suite, torture_smb2_session_init(suite)); -+ torture_suite_add_suite(suite, torture_smb2_session_req_sign_init(suite)); - torture_suite_add_suite(suite, torture_smb2_replay_init(suite)); - torture_suite_add_simple_test(suite, "dosmode", torture_smb2_dosmode); - torture_suite_add_simple_test(suite, "async_dosmode", torture_smb2_async_dosmode); --- -2.40.0 - - -From dfde1691d336fe658857e576cec0debd3a2450b9 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Wed, 21 Jun 2023 15:06:12 +0200 -Subject: [PATCH 2/5] CVE-2023-3347: smbd: pass lp_ctx to - smb[1|2]_srv_init_signing() - -No change in behaviour. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 - -Signed-off-by: Ralph Boehme ---- - source3/smbd/proto.h | 3 ++- - source3/smbd/smb1_signing.c | 10 ++-------- - source3/smbd/smb1_signing.h | 3 ++- - source3/smbd/smb2_signing.c | 25 +++++++++++++++---------- - 4 files changed, 21 insertions(+), 20 deletions(-) - -diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h -index c4a330145151..67cc5e8a380a 100644 ---- a/source3/smbd/proto.h -+++ b/source3/smbd/proto.h -@@ -52,7 +52,8 @@ struct dcesrv_context; - - /* The following definitions come from smbd/smb2_signing.c */ - --bool smb2_srv_init_signing(struct smbXsrv_connection *conn); -+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, -+ struct smbXsrv_connection *conn); - bool srv_init_signing(struct smbXsrv_connection *conn); - - /* The following definitions come from smbd/aio.c */ -diff --git a/source3/smbd/smb1_signing.c b/source3/smbd/smb1_signing.c -index 6bcb0629c4f0..aa3027d53182 100644 ---- a/source3/smbd/smb1_signing.c -+++ b/source3/smbd/smb1_signing.c -@@ -170,18 +170,13 @@ static void smbd_shm_signing_free(TALLOC_CTX *mem_ctx, void *ptr) - Called by server negprot when signing has been negotiated. - ************************************************************/ - --bool smb1_srv_init_signing(struct smbXsrv_connection *conn) -+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx, -+ struct smbXsrv_connection *conn) - { - bool allowed = true; - bool desired; - bool mandatory = false; - -- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); -- if (lp_ctx == NULL) { -- DEBUG(10, ("loadparm_init_s3 failed\n")); -- return false; -- } -- - /* - * if the client and server allow signing, - * we desire to use it. -@@ -195,7 +190,6 @@ bool smb1_srv_init_signing(struct smbXsrv_connection *conn) - */ - - desired = lpcfg_server_signing_allowed(lp_ctx, &mandatory); -- talloc_unlink(conn, lp_ctx); - - if (lp_async_smb_echo_handler()) { - struct smbd_shm_signing *s; -diff --git a/source3/smbd/smb1_signing.h b/source3/smbd/smb1_signing.h -index 56c59c5bbc21..26f60420dfa8 100644 ---- a/source3/smbd/smb1_signing.h -+++ b/source3/smbd/smb1_signing.h -@@ -33,4 +33,5 @@ bool smb1_srv_is_signing_negotiated(struct smbXsrv_connection *conn); - void smb1_srv_set_signing(struct smbXsrv_connection *conn, - const DATA_BLOB user_session_key, - const DATA_BLOB response); --bool smb1_srv_init_signing(struct smbXsrv_connection *conn); -+bool smb1_srv_init_signing(struct loadparm_context *lp_ctx, -+ struct smbXsrv_connection *conn); -diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c -index 4691ef4d6130..c1f876f9cd74 100644 ---- a/source3/smbd/smb2_signing.c -+++ b/source3/smbd/smb2_signing.c -@@ -26,32 +26,37 @@ - #include "lib/param/param.h" - #include "smb2_signing.h" - --bool smb2_srv_init_signing(struct smbXsrv_connection *conn) -+bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, -+ struct smbXsrv_connection *conn) - { -- struct loadparm_context *lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); -- if (lp_ctx == NULL) { -- DBG_DEBUG("loadparm_init_s3 failed\n"); -- return false; -- } -- - /* - * For SMB2 all we need to know is if signing is mandatory. - * It is always allowed and desired, whatever the smb.conf says. - */ - (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); -- talloc_unlink(conn, lp_ctx); - return true; - } - - bool srv_init_signing(struct smbXsrv_connection *conn) - { -+ struct loadparm_context *lp_ctx = NULL; -+ bool ok; -+ -+ lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); -+ if (lp_ctx == NULL) { -+ DBG_DEBUG("loadparm_init_s3 failed\n"); -+ return false; -+ } -+ - #if defined(WITH_SMB1SERVER) - if (conn->protocol >= PROTOCOL_SMB2_02) { - #endif -- return smb2_srv_init_signing(conn); -+ ok = smb2_srv_init_signing(lp_ctx, conn); - #if defined(WITH_SMB1SERVER) - } else { -- return smb1_srv_init_signing(conn); -+ ok = smb1_srv_init_signing(lp_ctx, conn); - } - #endif -+ talloc_unlink(conn, lp_ctx); -+ return ok; - } --- -2.40.0 - - -From fd5f7d15869b67c41f681539348f7917a8c2fc0c Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Wed, 21 Jun 2023 15:10:58 +0200 -Subject: [PATCH 3/5] CVE-2023-3347: smbd: inline smb2_srv_init_signing() code - in srv_init_signing() - -It's now a one-line function, imho the overall code is simpler if that code is -just inlined. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 - -Signed-off-by: Ralph Boehme ---- - source3/smbd/proto.h | 2 -- - source3/smbd/smb2_signing.c | 19 ++++++------------- - 2 files changed, 6 insertions(+), 15 deletions(-) - -diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h -index 67cc5e8a380a..8075f4e567e3 100644 ---- a/source3/smbd/proto.h -+++ b/source3/smbd/proto.h -@@ -52,8 +52,6 @@ struct dcesrv_context; - - /* The following definitions come from smbd/smb2_signing.c */ - --bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, -- struct smbXsrv_connection *conn); - bool srv_init_signing(struct smbXsrv_connection *conn); - - /* The following definitions come from smbd/aio.c */ -diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c -index c1f876f9cd74..ef4a54d57107 100644 ---- a/source3/smbd/smb2_signing.c -+++ b/source3/smbd/smb2_signing.c -@@ -26,21 +26,10 @@ - #include "lib/param/param.h" - #include "smb2_signing.h" - --bool smb2_srv_init_signing(struct loadparm_context *lp_ctx, -- struct smbXsrv_connection *conn) --{ -- /* -- * For SMB2 all we need to know is if signing is mandatory. -- * It is always allowed and desired, whatever the smb.conf says. -- */ -- (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); -- return true; --} -- - bool srv_init_signing(struct smbXsrv_connection *conn) - { - struct loadparm_context *lp_ctx = NULL; -- bool ok; -+ bool ok = true; - - lp_ctx = loadparm_init_s3(conn, loadparm_s3_helpers()); - if (lp_ctx == NULL) { -@@ -51,7 +40,11 @@ bool srv_init_signing(struct smbXsrv_connection *conn) - #if defined(WITH_SMB1SERVER) - if (conn->protocol >= PROTOCOL_SMB2_02) { - #endif -- ok = smb2_srv_init_signing(lp_ctx, conn); -+ /* -+ * For SMB2 all we need to know is if signing is mandatory. -+ * It is always allowed and desired, whatever the smb.conf says. -+ */ -+ (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); - #if defined(WITH_SMB1SERVER) - } else { - ok = smb1_srv_init_signing(lp_ctx, conn); --- -2.40.0 - - -From afe8b8d4f55ac330683645dad149a1691c15e2bd Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Tue, 20 Jun 2023 18:13:23 +0200 -Subject: [PATCH 4/5] CVE-2023-3347: smbd: remove comment in - smbd_smb2_request_process_negprot() - -This is just going to bitrot. Anyone who's interested can just grep for -"signing_mandatory" and look up what it does. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 - -Signed-off-by: Ralph Boehme ---- - source3/smbd/smb2_negprot.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c -index baddbecaade9..685a1460cef4 100644 ---- a/source3/smbd/smb2_negprot.c -+++ b/source3/smbd/smb2_negprot.c -@@ -361,12 +361,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) - } - - security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED; -- /* -- * We use xconn->smb2.signing_mandatory set up via -- * srv_init_signing() -> smb2_srv_init_signing(). -- * This calls lpcfg_server_signing_allowed() to get the correct -- * defaults, e.g. signing_required for an ad_dc. -- */ - if (xconn->smb2.signing_mandatory) { - security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; - } --- -2.40.0 - - -From d01483dba47134ee1cc959d3e52ef2af1b1221d8 Mon Sep 17 00:00:00 2001 -From: Ralph Boehme -Date: Tue, 20 Jun 2023 15:33:02 +0200 -Subject: [PATCH 5/5] CVE-2023-3347: smbd: fix "server signing = mandatory" - -This was broken by commit 1f3f6e20dc086a36de52bffd0bc36e15fb19e1c6 because when -calling srv_init_signing() very early after accepting the connection in -smbd_add_connection(), conn->protocol is still PROTOCOL_NONE. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397 - -Signed-off-by: Ralph Boehme ---- - .../samba3.smb2.session-require-signing | 1 - - source3/smbd/smb2_signing.c | 19 ++++++++----------- - 2 files changed, 8 insertions(+), 12 deletions(-) - delete mode 100644 selftest/knownfail.d/samba3.smb2.session-require-signing - -diff --git a/selftest/knownfail.d/samba3.smb2.session-require-signing b/selftest/knownfail.d/samba3.smb2.session-require-signing -deleted file mode 100644 -index 53b7a7022a83..000000000000 ---- a/selftest/knownfail.d/samba3.smb2.session-require-signing -+++ /dev/null -@@ -1 +0,0 @@ --^samba3.smb2.session-require-signing.bug15397 -diff --git a/source3/smbd/smb2_signing.c b/source3/smbd/smb2_signing.c -index ef4a54d57107..73d07380dfa1 100644 ---- a/source3/smbd/smb2_signing.c -+++ b/source3/smbd/smb2_signing.c -@@ -37,19 +37,16 @@ bool srv_init_signing(struct smbXsrv_connection *conn) - return false; - } - -+ /* -+ * For SMB2 all we need to know is if signing is mandatory. -+ * It is always allowed and desired, whatever the smb.conf says. -+ */ -+ (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); -+ - #if defined(WITH_SMB1SERVER) -- if (conn->protocol >= PROTOCOL_SMB2_02) { --#endif -- /* -- * For SMB2 all we need to know is if signing is mandatory. -- * It is always allowed and desired, whatever the smb.conf says. -- */ -- (void)lpcfg_server_signing_allowed(lp_ctx, &conn->smb2.signing_mandatory); --#if defined(WITH_SMB1SERVER) -- } else { -- ok = smb1_srv_init_signing(lp_ctx, conn); -- } -+ ok = smb1_srv_init_signing(lp_ctx, conn); - #endif -+ - talloc_unlink(conn, lp_ctx); - return ok; - } --- -2.40.0 - diff --git a/SOURCES/samba-4.17-fix-netlogon-capability-level2.patch b/SOURCES/samba-4.17-fix-netlogon-capability-level2.patch deleted file mode 100644 index cca4d97..0000000 --- a/SOURCES/samba-4.17-fix-netlogon-capability-level2.patch +++ /dev/null @@ -1,356 +0,0 @@ -From 5a0951ffae8e030dfabad6f6eac9d2b48aba7a5b Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Sat, 15 Jul 2023 17:20:32 +0200 -Subject: [PATCH 1/4] netlogon.idl: add support for netr_LogonGetCapabilities - response level 2 - -We don't have any documentation about this yet, but tests against -a Windows Server 2022 patched with KB5028166 revealed that -the response for query_level=2 is exactly the same as -for querey_level=1. - -Until we know the reason for query_level=2 we won't -use it as client nor support it in the server, but -we want ndrdump to work. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Andrew Bartlett -(cherry picked from commit 5f87888ed53320538cf773d64868390d8641a40e) ---- - librpc/idl/netlogon.idl | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl -index e563e114900b..c77151af26b1 100644 ---- a/librpc/idl/netlogon.idl -+++ b/librpc/idl/netlogon.idl -@@ -1241,6 +1241,7 @@ interface netlogon - /* Function 0x15 */ - typedef [switch_type(uint32)] union { - [case(1)] netr_NegotiateFlags server_capabilities; -+ [case(2)] netr_NegotiateFlags server_capabilities; - } netr_Capabilities; - - NTSTATUS netr_LogonGetCapabilities( --- -2.34.1 - - -From c28a4312122189740a6e02f1a9e4394d6c9c7f2e Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Sat, 15 Jul 2023 17:25:05 +0200 -Subject: [PATCH 2/4] s4:torture/rpc: let rpc.schannel also check - netr_LogonGetCapabilities with different levels - -The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG -for unsupported query_levels, we allow it to work with servers -with or without support for query_level=2. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Andrew Bartlett -(cherry picked from commit 404ce08e9088968311c714e756f5d58ce2cef715) ---- - .../knownfail.d/netr_LogonGetCapabilities | 3 + - source4/torture/rpc/netlogon.c | 77 ++++++++++++++++++- - 2 files changed, 79 insertions(+), 1 deletion(-) - create mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities - -diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities -new file mode 100644 -index 000000000000..30aadf3bb9d5 ---- /dev/null -+++ b/selftest/knownfail.d/netr_LogonGetCapabilities -@@ -0,0 +1,3 @@ -+^samba3.rpc.schannel.*\.schannel\(nt4_dc -+^samba3.rpc.schannel.*\.schannel\(ad_dc -+^samba4.rpc.schannel.*\.schannel\(ad_dc -diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c -index 1f068eb78265..a3d190f13dd8 100644 ---- a/source4/torture/rpc/netlogon.c -+++ b/source4/torture/rpc/netlogon.c -@@ -2056,8 +2056,47 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t - r.out.capabilities = &capabilities; - r.out.return_authenticator = &return_auth; - -- torture_comment(tctx, "Testing LogonGetCapabilities\n"); -+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=0\n"); - -+ r.in.query_level = 0; -+ ZERO_STRUCT(return_auth); -+ -+ /* -+ * we need to operate on a temporary copy of creds -+ * because dcerpc_netr_LogonGetCapabilities with -+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG -+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE -+ * without looking a the authenticator. -+ */ -+ tmp_creds = *creds; -+ netlogon_creds_client_authenticator(&tmp_creds, &auth); -+ -+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r); -+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE, -+ "LogonGetCapabilities query_level=0 failed"); -+ -+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=3\n"); -+ -+ r.in.query_level = 3; -+ ZERO_STRUCT(return_auth); -+ -+ /* -+ * we need to operate on a temporary copy of creds -+ * because dcerpc_netr_LogonGetCapabilities with -+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG -+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE -+ * without looking a the authenticator. -+ */ -+ tmp_creds = *creds; -+ netlogon_creds_client_authenticator(&tmp_creds, &auth); -+ -+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r); -+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE, -+ "LogonGetCapabilities query_level=0 failed"); -+ -+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=1\n"); -+ -+ r.in.query_level = 1; - ZERO_STRUCT(return_auth); - - /* -@@ -2077,6 +2116,42 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t - - *creds = tmp_creds; - -+ torture_assert(tctx, netlogon_creds_client_check(creds, -+ &r.out.return_authenticator->cred), -+ "Credential chaining failed"); -+ -+ torture_assert_int_equal(tctx, creds->negotiate_flags, -+ capabilities.server_capabilities, -+ "negotiate flags"); -+ -+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=2\n"); -+ -+ r.in.query_level = 2; -+ ZERO_STRUCT(return_auth); -+ -+ /* -+ * we need to operate on a temporary copy of creds -+ * because dcerpc_netr_LogonGetCapabilities with -+ * an query level 2 may returns DCERPC_NCA_S_FAULT_INVALID_TAG -+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE -+ * without looking a the authenticator. -+ */ -+ tmp_creds = *creds; -+ netlogon_creds_client_authenticator(&tmp_creds, &auth); -+ -+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r); -+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) { -+ /* -+ * an server without KB5028166 returns -+ * DCERPC_NCA_S_FAULT_INVALID_TAG => -+ * NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE -+ */ -+ return true; -+ } -+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities query_level=2 failed"); -+ -+ *creds = tmp_creds; -+ - torture_assert(tctx, netlogon_creds_client_check(creds, - &r.out.return_authenticator->cred), - "Credential chaining failed"); --- -2.34.1 - - -From 4c4c630fe99c253f3400fc7a4542178eba9d0aa7 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Sat, 15 Jul 2023 16:11:48 +0200 -Subject: [PATCH 3/4] s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for - invalid netr_LogonGetCapabilities levels - -This is important as Windows clients with KB5028166 seem to -call netr_LogonGetCapabilities with query_level=2 after -a call with query_level=1. - -An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG -for query_level values other than 1. -While Samba tries to return NT_STATUS_NOT_SUPPORTED, but -later fails to marshall the response, which results -in DCERPC_FAULT_BAD_STUB_DATA instead. - -Because we don't have any documentation for level 2 yet, -we just try to behave like an unpatched server and -generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of -DCERPC_FAULT_BAD_STUB_DATA. -Which allows patched Windows clients to keep working -against a Samba DC. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Andrew Bartlett -(cherry picked from commit d5f1097b6220676d56ed5fc6707acf667b704518) ---- - .../knownfail.d/netr_LogonGetCapabilities | 2 -- - source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++++++++++++--- - 2 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities -index 30aadf3bb9d5..99c7ac711ede 100644 ---- a/selftest/knownfail.d/netr_LogonGetCapabilities -+++ b/selftest/knownfail.d/netr_LogonGetCapabilities -@@ -1,3 +1 @@ - ^samba3.rpc.schannel.*\.schannel\(nt4_dc --^samba3.rpc.schannel.*\.schannel\(ad_dc --^samba4.rpc.schannel.*\.schannel\(ad_dc -diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c -index 314b469a718a..e203e04143d7 100644 ---- a/source4/rpc_server/netlogon/dcerpc_netlogon.c -+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c -@@ -2359,6 +2359,30 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c - struct netlogon_creds_CredentialState *creds; - NTSTATUS status; - -+ switch (r->in.query_level) { -+ case 1: -+ break; -+ case 2: -+ /* -+ * Until we know the details behind KB5028166 -+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG -+ * like an unpatched Windows Server. -+ */ -+ FALL_THROUGH; -+ default: -+ /* -+ * There would not be a way to marshall the -+ * the response. Which would mean our final -+ * ndr_push would fail an we would return -+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA. -+ * -+ * But it's important to match a Windows server -+ * especially before KB5028166, see also our bug #15418 -+ * Otherwise Windows client would stop talking to us. -+ */ -+ DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG); -+ } -+ - status = dcesrv_netr_creds_server_step_check(dce_call, - mem_ctx, - r->in.computer_name, -@@ -2370,10 +2394,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c - } - NT_STATUS_NOT_OK_RETURN(status); - -- if (r->in.query_level != 1) { -- return NT_STATUS_NOT_SUPPORTED; -- } -- - r->out.capabilities->server_capabilities = creds->negotiate_flags; - - return NT_STATUS_OK; --- -2.34.1 - - -From 44fb6686eee8f1c8767eee6a26edc215dccbc766 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Sat, 15 Jul 2023 16:11:48 +0200 -Subject: [PATCH 4/4] s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for - invalid netr_LogonGetCapabilities levels - -This is important as Windows clients with KB5028166 seem to -call netr_LogonGetCapabilities with query_level=2 after -a call with query_level=1. - -An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG -for query_level values other than 1. -While Samba tries to return NT_STATUS_NOT_SUPPORTED, but -later fails to marshall the response, which results -in DCERPC_FAULT_BAD_STUB_DATA instead. - -Because we don't have any documentation for level 2 yet, -we just try to behave like an unpatched server and -generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of -DCERPC_FAULT_BAD_STUB_DATA. -Which allows patched Windows clients to keep working -against a Samba DC. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Andrew Bartlett - -Autobuild-User(master): Stefan Metzmacher -Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224 - -(cherry picked from commit dfeabce44fbb78083fbbb2aa634fc4172cf83db9) ---- - .../knownfail.d/netr_LogonGetCapabilities | 1 - - source3/rpc_server/netlogon/srv_netlog_nt.c | 29 ++++++++++++++++--- - 2 files changed, 25 insertions(+), 5 deletions(-) - delete mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities - -diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities -deleted file mode 100644 -index 99c7ac711ede..000000000000 ---- a/selftest/knownfail.d/netr_LogonGetCapabilities -+++ /dev/null -@@ -1 +0,0 @@ --^samba3.rpc.schannel.*\.schannel\(nt4_dc -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index 83318fff7532..c91eeed06b8d 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -2286,6 +2286,31 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p, - struct netlogon_creds_CredentialState *creds; - NTSTATUS status; - -+ switch (r->in.query_level) { -+ case 1: -+ break; -+ case 2: -+ /* -+ * Until we know the details behind KB5028166 -+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG -+ * like an unpatched Windows Server. -+ */ -+ FALL_THROUGH; -+ default: -+ /* -+ * There would not be a way to marshall the -+ * the response. Which would mean our final -+ * ndr_push would fail an we would return -+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA. -+ * -+ * But it's important to match a Windows server -+ * especially before KB5028166, see also our bug #15418 -+ * Otherwise Windows client would stop talking to us. -+ */ -+ p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG; -+ return NT_STATUS_NOT_SUPPORTED; -+ } -+ - become_root(); - status = dcesrv_netr_creds_server_step_check(p->dce_call, - p->mem_ctx, -@@ -2298,10 +2323,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p, - return status; - } - -- if (r->in.query_level != 1) { -- return NT_STATUS_NOT_SUPPORTED; -- } -- - r->out.capabilities->server_capabilities = creds->negotiate_flags; - - return NT_STATUS_OK; --- -2.34.1 - diff --git a/SOURCES/samba-4.17.5.tar.asc b/SOURCES/samba-4.17.5.tar.asc deleted file mode 100644 index 6d0b732..0000000 --- a/SOURCES/samba-4.17.5.tar.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmPSvJEACgkQqplEL7aA -tiDXbA//bPY+2A4y8zPJLibWjRtmv76xTgj1EJMZoC5d7+5PXQfuVhVULGYrxriF -MIF4CtTnMDk20mihnQb03csGpZGvqfBKbZg6jYolqeTmwRDgKXf9dxLxYYBGswPN -JXiF/ZvDQzEorrsz24o7i9Pe44IXpdf7+3RjIXhKjCa2vFQibTndGRhYb0UYiR9S -DELp6V/rmV9/BrYWVhHVnuzROzNWsrXIyu1GPNRWdX6ptJmjq6f8wZUP0NODYsBP -e0+BpXwob795tDSAMBnbnp7ZsHRYgB2/iWDTe19MF5LjHCcPwRWmzfZjiWQuz11D -kg7RUmlTkpU0mrToM+Uyg3Lhc8sayojDTHkIuIPBTuirdKuyP5Zov1wCaPuvf8Ew -LCQlQsC2AVeko8xY7P5ieXrmsfncoKR23S0MaKM6oNXooMJcNFnemMvCsOGGeGCi -HJa1whPdI5Cj3zLB5X35UNMmauS7qWyyj3lS2horg8L/iIQ3R3q+0Xkd5VmX1BXz -EhVDvOnb1F7E9HFlxhZRJFufpnHrGZX6ZYe6BqP8oU092UUU5JMeIqe20wG/dAtX -B91QhITdPDnM4KrSbch9i+BKW1xD8srRXu4yqMTZp6X6dPh6lnzVn6vj4uKNCMwz -2qLa3Rl+cRON1uTeFJXSTHg/diHjKriu3+bCqm0RlHAFLMtvudk= -=gZl3 ------END PGP SIGNATURE----- diff --git a/SOURCES/samba-4.18.6.tar.asc b/SOURCES/samba-4.18.6.tar.asc new file mode 100644 index 0000000..7a910c3 --- /dev/null +++ b/SOURCES/samba-4.18.6.tar.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTc/5EACgkQqplEL7aA +tiB+4RAAkcRhO1/ZC7sXgqAqTZY05On8g2GLeuBh2Q+u7QIyjcDLuJWzp0TkrbMn +LBGtFAyCxM1JbW/K1UNafeQcf3UKzY1nIPtUpqVjN7qMxt0BDZ6MsXGbB/qhyGMZ +YnsZ8of/8NOUKx5KbrSeN5TqjICWTVRKi7KPcBrD51sTSt5unXYrolyJpKoPjYYU +lQS8cnh/shfvvFX4fYf9XtFS2OcQqCTFrLeajb6DU7Ep6ZBZa9r3m5Gk3ZvhBu9r +qowmQDqbNfo++wIkOaehD6tQsWcY2XvfBCFLqtSnF1SraN0jpdYr08dbcRGyuhFd +DS9+4BwCCML0mip7aaP6NHZpN+LvyYkAKPuKo8mW8pxe3i8ctxcTyN6SfmZA6RlE +bcmRQSkBD/e0jjBX5nR0zsaT01bgE1bBvbro0ZKHpR7/k6WeV+k6jDmqqXnYj3uB +61fCtf41w1b2pMhty70niga2gxaHrSqu9gqSl2wk/uMhwtdntqrJtaWIChWM0CRs +b6pfbjEZM2NDhsLe3idvY9Hl1hlKrMtoLJTu7fksTDVJzWPfqOCyIOc1DkxbCqlG +XB9fbre57DWIpRvNK4pu108LiGbavK2rLC6wlcjshP3/9BA3c3HO/JPQGtDAn1UE +JVQlYT1Fzzp9RU8U5Khz9D7pB3k6K19ZIo3q5xTA/V5O6axB5WM= +=GnJM +-----END PGP SIGNATURE----- diff --git a/SPECS/samba.spec b/SPECS/samba.spec index a66a879..182cc38 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -2,7 +2,7 @@ # # To build and run the tests use: # -# fedpkg local --with testsuite +# fedpkg mockbuild --with testsuite # or # rpmbuild --rebuild --with testsuite samba.src.rpm # @@ -10,12 +10,15 @@ # Build with internal talloc, tevent, tdb and ldb. # -# fedpkg local --with=testsuite --with=includelibs +# fedpkg mockbuild --with=testsuite --with=includelibs # or # rpmbuild --rebuild --with=testsuite --with=includelibs samba.src.rpm # %bcond_with includelibs +# fedpkg mockbuild --with=ccache +%bcond_with ccache + # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering @@ -134,8 +137,8 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") -%global samba_version 4.17.5 -%global baserelease 3 +%global samba_version 4.18.6 +%global baserelease 1 # This should be rc1 or %%nil %global pre_release %nil @@ -168,10 +171,10 @@ %global libsmbclient_so_version 0 %global libwbclient_so_version 0 -%global talloc_version 2.3.4 -%global tdb_version 1.4.7 -%global tevent_version 0.13.0 -%global ldb_version 2.6.1 +%global talloc_version 2.4.0 +%global tdb_version 1.4.8 +%global tevent_version 0.14.1 +%global ldb_version 2.7.2 %global required_mit_krb5 1.18 @@ -185,7 +188,7 @@ # https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md %undefine _strict_symbol_defs_build -%global libwbc_alternatives_version 0.15 +%global libwbc_alternatives_version 0.16 %global libwbc_alternatives_suffix %nil %if 0%{?__isa_bits} == 64 %global libwbc_alternatives_suffix -64 @@ -210,7 +213,7 @@ Epoch: 0 %global samba_depver %{epoch}:%{version}-%{release} Summary: Server and Client software to interoperate with Windows machines -License: GPLv3+ and LGPLv3+ +License: GPL-3.0-or-later AND LGPL-3.0-or-later URL: https://www.samba.org # This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%%{version}%%{pre_release}.tar.gz @@ -231,9 +234,6 @@ Source17: samba-usershares-systemd-sysusers.conf Source201: README.downgrade Source202: samba.abignore -Patch0: samba-4.17-fix-netlogon-capability-level2.patch -Patch1: CVE-2023-3347-signing-4.17-01.patch - Requires(pre): /usr/sbin/groupadd Requires(pre): %{name}-common = %{samba_depver} @@ -273,6 +273,7 @@ Provides: bundled(libreplace) BuildRequires: make BuildRequires: gcc +BuildRequires: glibc-gconv-extra BuildRequires: avahi-devel BuildRequires: bison BuildRequires: cups-devel @@ -329,6 +330,10 @@ BuildRequires: zlib-devel >= 1.2.3 BuildRequires: pkgconfig(libsystemd) +%if 0%{?fedora} >= 37 +BuildRequires: mold +%endif + %if %{with vfs_glusterfs} BuildRequires: glusterfs-api-devel >= 3.4.0.16 BuildRequires: glusterfs-devel >= 3.4.0.16 @@ -447,6 +452,8 @@ Requires: %{name}-common-libs = %{samba_depver} Requires: libwbclient = %{samba_depver} %endif Requires: krb5-libs >= %{required_mit_krb5} +# This is needed for charset conversion +Requires: glibc-gconv-extra %description client-libs The samba-client-libs package contains internal libraries needed by the @@ -530,13 +537,13 @@ The samba-common-tools package contains tools for SMB/CIFS clients. Summary: Tools for Samba servers # samba-tool needs python3-samba Requires: python3-%{name} = %{samba_depver} -# samba-tool needs tdbbackup -Requires: tdb-tools # samba-tool needs python3-samba-dc also on non-dc build Requires: python3-%{name}-dc = %{samba_depver} %if %{with dc} -# samba-tool needs mdb_copy for domain backup or upgrade provision +# samba-tool needs mdb_copy and tdbackup for domain backup or upgrade provision Requires: lmdb +Requires: tdb-tools +Requires: python3-gpg %endif %description tools @@ -565,6 +572,7 @@ Requires: %{name} = %{samba_depver} Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-common-tools = %{samba_depver} +Requires: %{name}-tools = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires: %{name}-dc-provision = %{samba_depver} Requires: %{name}-dc-libs = %{samba_depver} @@ -585,6 +593,7 @@ Requires: python3-setproctitle Requires: python3-%{name} = %{samba_depver} Requires: python3-%{name}-dc = %{samba_depver} Requires: krb5-server >= %{required_mit_krb5} +Requires: bind-utils Provides: samba4-dc = %{samba_depver} Obsoletes: samba4-dc < %{samba_depver} @@ -820,6 +829,7 @@ suite. %package -n libwbclient Summary: The winbind client library Requires: %{name}-client-libs = %{samba_depver} +Conflicts: sssd-libwbclient %description -n libwbclient The libwbclient package contains the winbind client library from the Samba @@ -828,6 +838,7 @@ suite. %package -n libwbclient-devel Summary: Developer tools for the winbind library Requires: libwbclient = %{samba_depver} +Conflicts: sssd-libwbclient-devel Provides: samba-winbind-devel = %{samba_depver} Obsoletes: samba-winbind-devel < %{samba_depver} @@ -898,7 +909,6 @@ Summary: Perl IDL compiler Requires: perl-interpreter Requires: perl(FindBin) Requires: perl(Parse::Yapp) -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) BuildArch: noarch Provides: samba4-pidl = %{samba_depver} @@ -984,7 +994,7 @@ Requires(post): %{name}-client-libs = %{samba_depver} Requires: %{name}-libs = %{samba_depver} Requires(post): %{name}-libs = %{samba_depver} Requires: %{name}-winbind-modules = %{samba_depver} -Recommends: %{name}-tools = %{samba_depver} +Suggests: %{name}-tools = %{samba_depver} %if %{with libwbclient} Requires(post): libwbclient = %{samba_depver} @@ -1075,14 +1085,14 @@ necessary to communicate to the Winbind Daemon %if %{with winexe} %package winexe Summary: Samba Winexe Windows Binary -License: GPLv3 +License: GPL-3.0-only Requires: %{name}-client-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver} Provides: bundled(libreplace) %description winexe -Winexe is a Remote Windows®-command executor +Winexe is a Remote Windows-command executor %endif ### CTDB @@ -1252,6 +1262,15 @@ export python_LDFLAGS="$(echo %{__global_ldflags} | sed -e 's/-Wl,-z,defs//g')" # Use the gold linker export LDFLAGS="%{__global_ldflags} -fuse-ld=gold" +# Add support for mock ccache plugin +%if %{with ccache} +CCACHE="$(command -v ccache)" +if [ -n "${CCACHE}" ]; then + ${CCACHE} -s + export CC="${CCACHE} gcc" +fi +%endif + %configure \ --enable-fhs \ --with-piddir=/run \ @@ -1337,17 +1356,6 @@ install -d -m 0755 %{buildroot}/%{_libdir}/samba install -d -m 0755 %{buildroot}/%{_libdir}/samba/ldb install -d -m 0755 %{buildroot}/%{_libdir}/pkgconfig -# Move libwbclient.so* into private directory, it cannot be just libdir/samba -# because samba uses rpath with this directory. -install -d -m 0755 %{buildroot}/%{_libdir}/samba/wbclient -mv %{buildroot}/%{_libdir}/libwbclient.so* %{buildroot}/%{_libdir}/samba/wbclient -if [ ! -f %{buildroot}/%{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version} ] -then - echo "Expected libwbclient version not found, please check if version has changed." - exit -1 -fi - - touch %{buildroot}%{_libexecdir}/samba/cups_backend_smb # Install other stuff @@ -1554,52 +1562,13 @@ fi %endif %if %{with libwbclient} -%posttrans -n libwbclient -# It has to be posttrans here to make sure all files of a previous version -# without alternatives support are removed -%{_sbindir}/update-alternatives \ - --install \ - %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \ - libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ - %{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version} \ - 10 -%{?ldconfig} - -%preun -n libwbclient -if [ $1 -eq 0 ]; then - %{_sbindir}/update-alternatives \ - --remove \ - libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \ - %{_libdir}/samba/wbclient/libwbclient.so.%{libwbc_alternatives_version} -fi -/sbin/ldconfig - -%posttrans -n libwbclient-devel -%{_sbindir}/update-alternatives \ - --install %{_libdir}/libwbclient.so \ - libwbclient.so%{libwbc_alternatives_suffix} \ - %{_libdir}/samba/wbclient/libwbclient.so \ - 10 - -%preun -n libwbclient-devel -# alternatives checks if the file which should be removed is a link or not, but -# not if it points to the /etc/alternatives directory or to some other place. -# When downgrading to a version where alternatives is not used and -# libwbclient.so is a link and not a file it will be removed. The following -# check removes the alternatives files manually if that is the case. -if [ $1 -eq 0 ]; then - if [ "`readlink %{_libdir}/libwbclient.so`" == "libwbclient.so.%{libwbc_alternatives_version}" ]; then - /bin/rm -f \ - /etc/alternatives/libwbclient.so%{libwbc_alternatives_suffix} \ - /var/lib/alternatives/libwbclient.so%{libwbc_alternatives_suffix} 2> /dev/null - else - %{_sbindir}/update-alternatives \ - --remove \ - libwbclient.so%{libwbc_alternatives_suffix} \ - %{_libdir}/samba/wbclient/libwbclient.so - fi +%pre -n libwbclient +if [ $1 -gt 1 ] ; then + rm -rf %{_libdir}/samba/wbclient/ + rm -f /etc/alternatives/libwbclient.so* + rm -f /var/lib/alternatives/libwbclient.so* fi - +%{?ldconfig} #endif {with libwbclient} %endif @@ -1946,6 +1915,7 @@ fi %{_libdir}/samba/libsmbd-base-samba4.so %{_libdir}/samba/libsmbd-shim-samba4.so %{_libdir}/samba/libsmbldaphelper-samba4.so +%{_libdir}/samba/libstable-sort-samba4.so %{_libdir}/samba/libsys-rw-samba4.so %{_libdir}/samba/libsocket-blocking-samba4.so %{_libdir}/samba/libtalloc-report-printf-samba4.so @@ -1971,10 +1941,9 @@ fi %if %{with includelibs} %{_libdir}/samba/libldb-*.so -%{_libdir}/samba/libldb.so.* -%{_libdir}/samba/libtalloc.so.* -%{_libdir}/samba/libtdb.so.* -%{_libdir}/samba/libtevent.so.* +%{_libdir}/samba/libtalloc-samba4.so +%{_libdir}/samba/libtdb-samba4.so +%{_libdir}/samba/libtevent-samba4.so %{_libdir}/samba/ldb/asq.so %{_libdir}/samba/ldb/ldb.so @@ -2127,9 +2096,13 @@ fi %{_mandir}/man8/samba.8* %{_mandir}/man8/samba_downgrade_db.8* %dir %{_datadir}/samba/admx +%{_datadir}/samba/admx/GNOME_Settings.admx %{_datadir}/samba/admx/samba.admx %dir %{_datadir}/samba/admx/en-US +%{_datadir}/samba/admx/en-US/GNOME_Settings.adml %{_datadir}/samba/admx/en-US/samba.adml +%dir %{_datadir}/samba/admx/ru-RU +%{_datadir}/samba/admx/ru-RU/GNOME_Settings.adml %files dc-provision %license source4/setup/ad-schema/licence.txt @@ -2207,6 +2180,7 @@ fi %{_includedir}/samba-4.0/domain_credentials.h %{_includedir}/samba-4.0/gen_ndr/atsvc.h %{_includedir}/samba-4.0/gen_ndr/auth.h +%{_includedir}/samba-4.0/gen_ndr/claims.h %{_includedir}/samba-4.0/gen_ndr/dcerpc.h %{_includedir}/samba-4.0/gen_ndr/krb5pac.h %{_includedir}/samba-4.0/gen_ndr/lsa.h @@ -2399,12 +2373,12 @@ fi ### LIBWBCLIENT %if %{with libwbclient} %files -n libwbclient -%{_libdir}/samba/wbclient/libwbclient.so.%{libwbclient_so_version}* +%{_libdir}/libwbclient.so.%{libwbclient_so_version}* ### LIBWBCLIENT-DEVEL %files -n libwbclient-devel %{_includedir}/samba-4.0/wbclient.h -%{_libdir}/samba/wbclient/libwbclient.so +%{_libdir}/libwbclient.so %{_libdir}/pkgconfig/wbclient.pc #endif {with libwbclient} %endif @@ -2479,6 +2453,7 @@ fi %{python3_sitearch}/samba/__pycache__/ms_schema.*.pyc %{python3_sitearch}/samba/__pycache__/ndr.*.pyc %{python3_sitearch}/samba/__pycache__/ntacls.*.pyc +%{python3_sitearch}/samba/__pycache__/safe_tarfile.*.pyc %{python3_sitearch}/samba/__pycache__/sd_utils.*.pyc %{python3_sitearch}/samba/__pycache__/sites.*.pyc %{python3_sitearch}/samba/__pycache__/subnets.*.pyc @@ -2494,6 +2469,7 @@ fi %{python3_sitearch}/samba/dbchecker.py %{python3_sitearch}/samba/colour.py %{python3_sitearch}/samba/common.py +%{python3_sitearch}/samba/compression.*.so %{python3_sitearch}/samba/credentials.*.so %{python3_sitearch}/samba/crypto.*.so %dir %{python3_sitearch}/samba/dcerpc @@ -2503,6 +2479,7 @@ fi %{python3_sitearch}/samba/dcerpc/atsvc.*.so %{python3_sitearch}/samba/dcerpc/auth.*.so %{python3_sitearch}/samba/dcerpc/base.*.so +%{python3_sitearch}/samba/dcerpc/claims.*.so %{python3_sitearch}/samba/dcerpc/dcerpc.*.so %{python3_sitearch}/samba/dcerpc/dfs.*.so %{python3_sitearch}/samba/dcerpc/dns.*.so @@ -2699,7 +2676,9 @@ fi %{python3_sitearch}/samba/param.*.so %{python3_sitearch}/samba/policy.*.so %{python3_sitearch}/samba/registry.*.so +%{python3_sitearch}/samba/reparse_symlink.*.so %{python3_sitearch}/samba/security.*.so +%{python3_sitearch}/samba/safe_tarfile.py %dir %{python3_sitearch}/samba/samba3 %{python3_sitearch}/samba/samba3/__init__.py %dir %{python3_sitearch}/samba/samba3/__pycache__ @@ -2735,8 +2714,8 @@ fi %{_libdir}/samba/libsamba-python.cpython*.so %if %{with includelibs} -%{_libdir}/samba/libpyldb-util.cpython*.so.* -%{_libdir}/samba/libpytalloc-util.cpython*.so.* +%{_libdir}/samba/libpyldb-util.cpython*.so +%{_libdir}/samba/libpytalloc-util.cpython*.so %{python3_sitearch}/__pycache__/_ldb_text*.pyc %{python3_sitearch}/__pycache__/_tdb_text*.pyc @@ -2833,6 +2812,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/auth_log_winbind.*.pyc %{python3_sitearch}/samba/tests/__pycache__/common.*.pyc %{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/compression.*.pyc %{python3_sitearch}/samba/tests/__pycache__/core.*.pyc %{python3_sitearch}/samba/tests/__pycache__/credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc @@ -2873,6 +2853,7 @@ fi %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc %{python3_sitearch}/samba/tests/__pycache__/logfiles.*.pyc %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/libsmb-basic.*.pyc %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc %{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc %{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc @@ -2907,12 +2888,14 @@ fi %{python3_sitearch}/samba/tests/__pycache__/pso.*.pyc %{python3_sitearch}/samba/tests/__pycache__/py_credentials.*.pyc %{python3_sitearch}/samba/tests/__pycache__/registry.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/reparsepoints.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3idmapdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3param.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/safe_tarfile.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc %{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc @@ -2922,6 +2905,9 @@ fi %{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc %{python3_sitearch}/samba/tests/__pycache__/sid_strings.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/smb1posix.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/smb2symlink.*.pyc +%{python3_sitearch}/samba/tests/__pycache__/smb3unix.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smbconf.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc %{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc @@ -2987,6 +2973,7 @@ fi %{python3_sitearch}/samba/tests/blackbox/traffic_replay.py %{python3_sitearch}/samba/tests/blackbox/traffic_summary.py %{python3_sitearch}/samba/tests/common.py +%{python3_sitearch}/samba/tests/compression.py %{python3_sitearch}/samba/tests/complex_expressions.py %{python3_sitearch}/samba/tests/core.py %{python3_sitearch}/samba/tests/credentials.py @@ -3092,9 +3079,11 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/claims_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/etype_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/group_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc @@ -3123,9 +3112,11 @@ fi %{python3_sitearch}/samba/tests/krb5/alias_tests.py %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py %{python3_sitearch}/samba/tests/krb5/as_req_tests.py +%{python3_sitearch}/samba/tests/krb5/claims_tests.py %{python3_sitearch}/samba/tests/krb5/compatability_tests.py %{python3_sitearch}/samba/tests/krb5/etype_tests.py %{python3_sitearch}/samba/tests/krb5/fast_tests.py +%{python3_sitearch}/samba/tests/krb5/group_tests.py %{python3_sitearch}/samba/tests/krb5/kcrypto.py %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py %{python3_sitearch}/samba/tests/krb5/kdc_tests.py @@ -3157,6 +3148,7 @@ fi %{python3_sitearch}/samba/tests/ldap_referrals.py %{python3_sitearch}/samba/tests/ldap_upn_sam_account.py %{python3_sitearch}/samba/tests/libsmb.py +%{python3_sitearch}/samba/tests/libsmb-basic.py %{python3_sitearch}/samba/tests/loadparm.py %{python3_sitearch}/samba/tests/logfiles.py %{python3_sitearch}/samba/tests/lsa_string.py @@ -3193,12 +3185,14 @@ fi %{python3_sitearch}/samba/tests/pso.py %{python3_sitearch}/samba/tests/py_credentials.py %{python3_sitearch}/samba/tests/registry.py +%{python3_sitearch}/samba/tests/reparsepoints.py %{python3_sitearch}/samba/tests/s3idmapdb.py %{python3_sitearch}/samba/tests/s3param.py %{python3_sitearch}/samba/tests/s3passdb.py %{python3_sitearch}/samba/tests/s3registry.py %{python3_sitearch}/samba/tests/s3windb.py %{python3_sitearch}/samba/tests/s3_net_join.py +%{python3_sitearch}/samba/tests/safe_tarfile.py %{python3_sitearch}/samba/tests/samba3sam.py %{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py %dir %{python3_sitearch}/samba/tests/samba_tool @@ -3286,6 +3280,9 @@ fi %{python3_sitearch}/samba/tests/segfault.py %{python3_sitearch}/samba/tests/sid_strings.py %{python3_sitearch}/samba/tests/smb.py +%{python3_sitearch}/samba/tests/smb1posix.py +%{python3_sitearch}/samba/tests/smb2symlink.py +%{python3_sitearch}/samba/tests/smb3unix.py %{python3_sitearch}/samba/tests/smbconf.py %{python3_sitearch}/samba/tests/smb-notify.py %{python3_sitearch}/samba/tests/smbd_base.py @@ -3315,6 +3312,7 @@ fi %{_mandir}/man1/smbtorture.1* %if %{with testsuite} +%{_mandir}/man1/vfstest.1* # files to ignore in testsuite mode %{_libdir}/samba/libnss-wrapper.so %{_libdir}/samba/libsocket-wrapper.so @@ -3532,7 +3530,10 @@ fi %{_libexecdir}/ctdb/tests/sock_io_test %{_libexecdir}/ctdb/tests/srvid_test %{_libexecdir}/ctdb/tests/system_socket_test +%{_libexecdir}/ctdb/tests/tmon_ping_test +%{_libexecdir}/ctdb/tests/tmon_test %{_libexecdir}/ctdb/tests/transaction_loop +%{_libexecdir}/ctdb/tests/tunable_test %{_libexecdir}/ctdb/tests/tunnel_cmd %{_libexecdir}/ctdb/tests/tunnel_test %{_libexecdir}/ctdb/tests/update_record @@ -3619,13 +3620,19 @@ fi %{_datadir}/ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh -%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.recmaster_yield.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.001.stop_leader_yield.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.ban_leader_yield.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.003.capability_leader_yield.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.006.stop_leader_yield_no_lock.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.007.ban_leader_yield_no_lock.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.008.capability_leader_yield_no_lock.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.016.reclock_move_lock_dir.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.020.message_ring.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.021.tunnel_ring.sh +%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.030.node_stall_leader_timeout.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.090.unreachable.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh %{_datadir}/ctdb/tests/INTEGRATION/simple/debug.001.getdebug.sh @@ -3651,6 +3658,7 @@ fi %{_datadir}/ctdb/tests/UNIT/cunit/cmdline_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/comm_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/comm_test_002.sh +%{_datadir}/ctdb/tests/UNIT/cunit/conf_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/config_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/config_test_002.sh %{_datadir}/ctdb/tests/UNIT/cunit/config_test_003.sh @@ -3658,7 +3666,6 @@ fi %{_datadir}/ctdb/tests/UNIT/cunit/config_test_005.sh %{_datadir}/ctdb/tests/UNIT/cunit/config_test_006.sh %{_datadir}/ctdb/tests/UNIT/cunit/config_test_007.sh -%{_datadir}/ctdb/tests/UNIT/cunit/conf_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/ctdb_io_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/db_hash_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/event_protocol_test_001.sh @@ -3686,6 +3693,9 @@ fi %{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_001.sh %{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_002.sh %{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_003.sh +%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_001.sh +%{_datadir}/ctdb/tests/UNIT/cunit/tmon_test_002.sh +%{_datadir}/ctdb/tests/UNIT/cunit/tunable_test_001.sh %dir %{_datadir}/ctdb/tests/UNIT/eventd %dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/ctdb.conf @@ -3756,10 +3766,6 @@ fi %{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.007.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.008.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.init.009.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.001.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.002.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.003.sh -%{_datadir}/ctdb/tests/UNIT/eventscripts/00.ctdb.setup.004.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.001.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.002.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/01.reclock.init.003.sh @@ -3936,6 +3942,22 @@ fi %{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.shutdown.002.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.001.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/91.lvs.startup.002.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.001.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.002.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.003.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.004.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.005.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.006.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.007.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.008.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.021.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.022.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.023.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.024.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.025.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.026.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.027.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/debug_locks.sh.028.sh %dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc %dir %{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb %{_datadir}/ctdb/tests/UNIT/eventscripts/etc-ctdb/public_addresses @@ -3965,6 +3987,7 @@ fi %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/50.samba.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/60.nfs.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/91.lvs.sh +%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/debug_locks.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/local.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh %{_datadir}/ctdb/tests/UNIT/eventscripts/statd-callout.001.sh @@ -3984,6 +4007,7 @@ fi %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/df %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ethtool %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/exportfs +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/gstack %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/id %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ip6tables @@ -3992,21 +4016,24 @@ fi %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/kill %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/killall %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/multipath -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/net +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfs-fake-callout +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pidof %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pkill %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ps %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rm -%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpcinfo %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.lockd %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.mountd %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.rquotad %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpc.statd +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/rpcinfo %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/service %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/sleep %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/smnotify %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/ss +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/stat +%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdb_mutex_check %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbdump %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/tdbtool %{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/testparm @@ -4034,7 +4061,6 @@ fi %{_datadir}/ctdb/tests/UNIT/onnode/stubs/ssh %dir %{_datadir}/ctdb/tests/UNIT/shellcheck %{_datadir}/ctdb/tests/UNIT/shellcheck/base_scripts.sh -%{_datadir}/ctdb/tests/UNIT/shellcheck/ctdbd_wrapper.sh %{_datadir}/ctdb/tests/UNIT/shellcheck/ctdb_helpers.sh %{_datadir}/ctdb/tests/UNIT/shellcheck/event_scripts.sh %{_datadir}/ctdb/tests/UNIT/shellcheck/functions.sh @@ -4169,6 +4195,8 @@ fi %{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.ipinfo.003.sh +%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.001.sh +%{_datadir}/ctdb/tests/UNIT/tool/ctdb.leader.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.listnodes.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.listvars.001.sh @@ -4196,6 +4224,7 @@ fi %{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.004.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.005.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.006.sh +%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.007.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.pdelete.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.ping.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.pnn.001.sh @@ -4205,8 +4234,6 @@ fi %{_datadir}/ctdb/tests/UNIT/tool/ctdb.pstore.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.ptrans.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.readkey.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recmaster.001.sh -%{_datadir}/ctdb/tests/UNIT/tool/ctdb.recmaster.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.recover.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.reloadnodes.002.sh @@ -4248,6 +4275,7 @@ fi %{_datadir}/ctdb/tests/UNIT/tool/ctdb.setvar.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.002.sh +%{_datadir}/ctdb/tests/UNIT/tool/ctdb.status.003.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.001.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.002.sh %{_datadir}/ctdb/tests/UNIT/tool/ctdb.stop.003.sh @@ -4300,9 +4328,36 @@ fi %endif %changelog -* Tue Jul 18 2023 Andreas Schneider - 4.17.5-3 -- resolves: rhbz#2223515 - Fix CVE-2023-3347 - SMB2 packet signing not enforced -- resolves: rhbz#2223601 - Fix netlogon capabilities level 2 +* Thu Aug 17 2023 Andreas Schneider - 4.18.6-1 +- related: rhbz#2190417 - Update to version 4.18.6 +- resolves: rhbz#2232564 - Fix the rpc dsgetinfo command + +* Thu Jul 20 2023 Pavel Filipenský - 4.18.5-0 +- resolves: rhbz#2222894 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 + +* Mon Jul 17 2023 Pavel Filipenský - 4.18.4-2 +- resolves: rhbz#2222884 - Fix trust relationship between workstation and DC + +* Mon Jul 10 2023 Pavel Filipenský - 4.18.4-1 +- resolves: rhbz#2221594 - Fix broken symlink for libwbclient +- resolves: rhbz#2221600 - Fix segfault of winbind child when listing users with `winbind scan trusted domains = yes` +- resolves: rhbz#2175385 - Fix access of Samba share with veto files = /.*/ +- resolves: rhbz#2218237 - Fix Python tarfile extraction to avoid a warning + +* Thu Jul 06 2023 Pavel Filipenský - 4.18.4-0 +- resolves: rhbz#2190417 - Update to version 4.18.4 + +* Tue Jun 13 2023 Pavel Filipenský - 4.18.3-0 +- resolves: rhbz#2190417 - Update to version 4.18.3 + +* Tue Jun 06 2023 Pavel Filipenský - 4.18.2-2 +- resolves: rhbz#2190417 - Rebuild to trigger distrobaker sync + +* Wed May 24 2023 Pavel Filipenský - 4.18.2-1 +- resolves: rhbz#2190417 - Add missing tests to fix osci.brew-build.tier0.functional + +* Mon May 22 2023 Pavel Filipenský - 4.18.2-0 +- resolves: rhbz#2190417 - Update to version 4.18.2 * Wed Feb 15 2023 Pavel Filipenský - 4.17.5-2 - resolves: rhbz#2169339 - Fix winbind memory leak