samba-4.22.3+git.401.c70158430cc-160000.2.2

- Update to 4.22.3
  * samba-tool cannot add user to group whose name is exactly 16
    characters long; (bso#15854);
  * Windows security hardening locks out schannel'ed netlogon dc
    calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876);
  * Startup messages of rpc deamons fills /var/log/messages;
    (bso#15869);

- Update to 4.22.2
  * (CVE-2025-0620) [SECURITY] CVE-2025-0620: smbd doesn't pick
    up group membership changes when re-authenticating an expired
    SMB session; (bso#15707); (bsc#1244136).
  * Profile sync fails due to Directory Leases; (bso#15861).
  * net ad join fails with "Failed to join domain: failed to
    create kerberos keytab"; (bso#15727).
  * dcerpcd not able to bind to listening port; (bso#15851).
  * vfs_ceph_snapshots fails to list snapshots for entries at any
    level beyond share root; (bso#15819).
  * CTDB does not put nodes running NFS into grace on graceful
    shutdown; (bso#15858).

- Update and rename update-apparmor-samba-profile script to
  update-samba-security-profile. It additionally now caters
  for selinux (if selinux is used); (bsc#1241391);

- Update smb.conf to enable SMB3 unix extensions

- Update to 4.22.1
  * Running "gpo manage motd set" twice fails with backtrace;
    (bso#15774).
  * samba-tool gpo backup creates entity backups it can't read;
    (bso#15829).
  * gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with
    prepended 0's; (bso#15839).
  * Deadlock between two smbd processes; (bso#15767).
  * Subnet based interfaces definition not listening on all
    covered IP addresses; (bso#15823).
  * PANIC: assert failed at source3/smbd/smb2_oplock.c(156):
    sconn->oplocks.exclusive_open>=0; (bso#15836).
  * net ad join fails with "Failed to join domain: failed to
    create kerberos keytab"; (bso#15727).
  * Enable support for cephfs case insensitive behavior;
    (bso#15822).
  * Remove of file or directory not possible with vfs_acl_tdb;
    (bso#15791).
  * Wide link issue in samba 4.22; (bso#15841).
  * NT_STATUS_INVALID_PARAMETER: Can't create folders on share of
    an exfat file system; (bso#15845).
  * Lease code is not endian-safe; (bso#15849).
  * vfs_ceph_new module does not work with other modules for
    snapshot management; (bso#15818).
  * vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN,
    SMB_VFS_FCHMOD and SMB_VFS_FNTIMES; (bso#15834).
  * Add async io API from libcephfs to ceph_new VFS module;
    (bso#15810).

- Update to 4.22.0
  * SMB3 Directory Leases are supported. By default, SMB3 Directory
    Leases are enabled on non-clustered Samba and disabled on
    clustered Samba, based on the "clustering" option.
  * Netlogon Ping over LDAP and LDAPS
  * Experimental Himmelblaud Authentication in Samba
  * The "nmbd proxy logon" feature was removed.
  * fruit:posix_rename option of the vfs_fruit VFS module that
    could be used to enable POSIX directory rename behaviour for
    OS X clients has been removed as it could result in severe
    problems for Windows clients.

- Remove nscd build dependency and usage in RPM scriptlets;
  (bsc#1237296);

- Update to 4.21.4
  * Increasing slowness of sharesec performance with high number
    of registry shares; (bso#15780).
  * winbindd shows memleak in kerberos_decode_pac; (bso#15782).
  * Creation of GPOs applicable to more than one group is
    impossible with Samba 4.20.0 and later; (bso#15738).
  * Replace `crypt` module in
    python/samba/netcmd/user/readpasswords/common.py;
    (bso#15756).
  * vfs_gpfs silently garbles timestamps > year 2106;
    (bso#15151).
  * Spotlight search results don't show file size and creation
    date; (bso#15796).
  * General improvements for vfs_ceph_new module; (bso#15703).
  * net offlinejoin not working correctly; (bso#15777).
  * net ads create/join/winbind producing unix dysfunctional
    keytabs; (bso#15759).
  * Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing
    security tab; (bso#14213).
  * The values from hresult_errstr_const and hresult_errstr are
    reversed in 4.20 and 4.21; (bso#15769).
  * Kerberos referral tickets are generated for principals in our
    domain if we have a trust to a top level domain; (bso#15778).
  * NETLOGON_NTLMV2_ENABLED is missing in the SamLogon*
    user_flags field; (bso#15783).
  * Regression: stack-use-after-return in crypt_as_best_we_can();
    (bso#15784).
  * libreplace:readline: gcc 15 complains about incompatible
    pointer types; (bso#15788).

- Update to 4.21.3
  * More possible replication loops against Azure AD;
    (bso#15701).
  * Compound rename from Mac clients can fail with
    NT_STATUS_INTERNAL_ERROR if the file has a lease;
    (bso#15697).
  * vfs crossrename seems not work correctly; (bso#15724).
  * After 'machine password timeout' /etc/krb5.keytab is not
    updated; (bso#6750).
  * Memory leak wbcCtxLookupSid; (bso#15771).
  * Fix heap-user-after-free with association groups;
    (bso#15765).
  * Segfault in vfs_btrfs; (bso#15758).
  * Avoid event failure race when disabling an event script;
    (bso#15755).

- Update shipped /etc/samba/smb.conf to point to smb.conf
  man page;(bsc#1233880).