samba-4.7.11+git.202.6edee83fb34-4.34.1

-  CVE-2019-14861: DNSServer RPC server crash, an authenticated user
  can crash the DCE/RPC DNS management server by creating records
  with matching the zone name; (bso#14138); (bsc#1158108).
-  CVE-2019-14870: DelegationNotAllowed not being enforced, the
  DelegationNotAllowed Kerberos feature restriction was not being
  applied when processing protocol transition requests (S4U2Self),
  in the AD DC KDC; (bso#14187); (bsc#1158109).

- Disable samba-pidl package, due to the removal of dependency
  perl-Parse-Yapp; (bsc#1085150);

- CVE-2019-14847: User with "get changes" permission can
  crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
  separators; (bso#14071); (bsc#1144902);

- CVE-2019-14833: samba: Accent with "check script password"
  Samba AD DC check password script does not receive the full
  password; (bso#12438); (bsc#1154289).

- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).

- MacOS credit accounting breaks with async SESSION SETUP;
  (bsc#1125601); (bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
  temporarily unavailable and drops connection; (bso#13698)

- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).

- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).

- Ensure we build against correct version of ldb; (bsc#1131686);
  (bsc#1125410).

- CVE-2019-3880: Save registry file outside share as unprivileged
  user; (bso#13851); (bsc#1131060 ).

- Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377);

- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);

- CVE-2018-14629: dns: CNAME loop prevention using counter;
  (bso#13600); (bsc#1116319);
- CVE-2018-16841: heimdal: Fix segfault on PKINIT with mis-matching principal;
  (bso#13628); (bsc#1116320);
- CVE-2018-16851: ldap_server: Check ret before manipulating blob;
  (bso#13674); (bsc#1116322);
- CVE-2018-16853: build: The Samba AD DC, when build with MIT Kerberos is
  experimental; (bso#13678); (bsc#1116324);

- Update to 4.7.11;
  + s3: util: Do not take over stderr when there is no log file;
    (bso#13578); (bsc#1101499);
  + s3: smbd: Ensure get_real_filename() copes with empty pathnames;
    (bso#13585);
  + s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test; (bso#13633);
  + Durable Reconnect fails because cookie.allow_reconnect is not set
    redundant for SMB2; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + Fix possible memory leak in the Samba process; (bso#13362);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add virtualKerberosSalt attribute to 'user
    getpassword/syncpasswords'; (bso#13539);
  + smb2_server: Set req->do_encryption = true earlier; (bso#13624);
  + s3:winbind: Fix regression: winbind normalize names doesn't work for
    users; (bso#12851);

- Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
- Fix vfs_ceph flock stub; (bso#13506);
- Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); bsc#(1068059);
- Allow idmap_rid to have primary group other than "Domain Users";
  (bsc#1087931).

- Update to 4.7.10; (bsc#1111528);
  + support the new v4 Performance Co-Pilot API; (bsc#1111374)
  + quotas don't work with SMB2; (bso#13553);
  + Build failure when quota support not detected; (bso#13563);
  + vfs_fruit can leave lock records when testing for netatalk share
    mode locks - causing panic; (bso#13584);
  + vfs_time_audit is failing FSCTL_SRV_REQUEST_RESUME_KEY requests;
    (bso#13568);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + deadlock with ctdb_mutex_ceph_rados_helper; (bso#13540);
  + NTLM authentications using default domain/workgroup stopped
    working; (bso#13126); (bsc#1068059);
  + vfs_ceph lies about flock support; (bso#13506);
  + Using sendfile = yes with SMB2 can cause CPU spin; (bso#13537);
  + Durable Handle reconnect fails in
    smbd_smb2_create_durable_lease_check(); (bso#13535);
  + cli_splice() fallback code reads wrong amount on termination
    case; (bso#13527);
  + LDB 1.4.0 breaks Samba < 4.9; (bso#13519);
  + samba-tool trust: support discovery via netr_GetDcName;
    (bso#13538);
  + samba-tool domain trust: fix trust compatibility to Windows Server
    1709 and FreeIPA; (bso#13308);
  + conn->vuid is invalid after a SMB session reauth; (bso#13351);
  + Durable Handles reconnect fails in a cluster when the cluster fs
    uses different device ids; (bso#13318);
  + cli_splice() doesn't correctly return written bytes as it's
    uninitialized in libsmbclient code; (bso#13511);
  + Threading support in talloc_tos() crashes when enabled;
    (bso#13505);
  + Incorrect talloc_stackframe handling in python ACL test code
    (make_simple_acl); (bso#13474);
  + Fail renaming file if that file has open streams; (bso#13451);
  + vfs_fruit: delete 0 byte size streams if AAPL is enabled;
    (bso#13441);
  + Creating missing remote databases during recovery can fail;
    (bso#13500);
  + CTDB_BROADCAST_VNNMAP should not be used; (bso#13499);
  + Fix building Samba with gcc 8.1; (bso#13437);
  + Uncaught exception at ldb_modules/password_hash.c:2241 during new
    domain provision; (bso#11573);
  + "net ads keytab add nfs" writes only one enctype with older
    kerberos libraries; (bso#13478);
  + VFS modules that implement pread/pwrite must also implement
    pread_send/pwrite_send; (bso#13425);
  + vfs_ceph is missing async fsync implementations; (bso#13412);
  + net ads keytab list fails with (smb_krb5_kt_open failed (Key table
    name malformed); (bso#13166);
  + s390 and s390 needs to run with 'use mmap = no' by default;
    (bso#10765);

- Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048);
  (bso#13360); (CVE-2018-1139);
- ldbsearch '(distinguishedName=abc)' and DNS query with escapes
  crashes; (bsc#1095056); (bso#13374); (CVE-2018-1140);
- Confidential attribute disclosure via substring search;
  (bsc#1095057); (bso#13434); (CVE-2018-10919);
- smbc_urlencode helper function is a subject to buffer overflow;
  (bsc#1103411); (bso#13453); (CVE-2018-10858);
- Fix NULL ptr dereference in DsCrackNames on a user without a SPN;
  (bsc#1103414); (bso#13552); (CVE-2018-10918);

- Update to 4.7.8; (bsc#1099702);
  + s3: smbd: Generic fix for incorrect reporting of stream dos attributes
    on a directory; (bso#13380);
  + ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous
    call; (bso#13412);
  + s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT;
    (bso#13419);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + s3: smbd: printing: Re-implement delete-on-close semantics for print
    files missing since 3.5.x; (bso#13457);
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474);
  + winbindd on the AD DC is slow for passdb queries; (bso#13430);
  + No Backtrace given by Samba's AD DC by default; (bso#13454);
  + winbindd doesn't recover loss of netlogon secure channel in case the peer
    DC is rebooted; (bso#13332);
  + s3:smbd: Fix interaction between chown and SD flags; (bso#13432);
  + s4-heimdal: Fix the format-truncation errors; (bso#13437);
  + vfs_ceph: Add fake async pwrite/pread send/recv hooks; (bso#13425);
  + printing: Return the same error code as Windows does on upload failures;
    (bso#13395);
  + winbind: Improve child selection; (bso#13290);
  + winbind: Maintain a binding handle per domain and always go via
    wb_domain_request_send(); (bso#13292);
  + winbindd doesn't recover loss of netlogon secure channel in case the peer
    DC is rebooted; (bso#13332);
  + Looking up the user using the UPN results in user name with the REALM
    instead of the DOMAIN; (bso#13369);
  + rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair;
    (bso#13370);
  + smbclient: Fix broken notify; (bso#13382);
  + libads: Fix the build --without-ads; (bso#13273);
  + winbindd: Don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids;
    (bso#13279);
  + winbindd: initialize type = SID_NAME_UNKNOWN in
    wb_lookupsids_single_done(); (bso#13280);
  + s4:rpc_server: Fix call_id truncation in dcesrv_find_fragmented_call();
    (bso#13289);
  + A disconnecting winbind client can cause a problem in the winbind parent
    child communication; (bso#13290);
  + winbind: Use one queue for all domain children;
    (bso#13292);
  + Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state;
    (bso#13293);
  + winbind should avoid using fstrcpy(domain->dcname,...) on a char *;
    (bso#13294); (bsc#1087303);
  + The winbind parent should find the dc of a foreign domain via the primary
    domain; (bso#13295);
  + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged
    pipe is not accessable; (bso#13400);
  + Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP
    NTLM2 packet check failed due to invalid signature!); (bso#13427);
  + s3: VFS: Fix memory leak in vfs_ceph; (bso#13424);
  + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407);
  + dfree cache returning incorrect data for sub directory mounts;
    (bso#13446);
  + Looking up the user using the UPN results in user name with the REALM
    instead of the DOMAIN; (bso#13369);
  + s3:passdb: Do not return OK if we don't have pinfo set up;
    (bso#13376);
  + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
  + s4:auth_sam: Allow logons with an empty domain name; (bso#13206);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number
    of ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + build: Fix libceph-common detection; (bso#13277);
  + build: Fix ceph_statx check when configured with libcephfs_dir;
    (bso#13250);
  + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
    (bso#13297);
  + ctdb-scripts: Drop 'net serverid wipe' from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + smbd can panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + s3:libsmb: Allow -U"\\administrator" to work; (bso#13206);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + smbc_opendir should not return EEXIST with invalid login credentials;
    (bso#13050);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310);
  + subnet: Avoid a segfault when renaming subnet objects; (bso#13031);
  + 'wbinfo --name-to-sid' returns misleading result on invalid query;
    (bso#13312);
  + s3:smbd: Do not crash if we fail to init the session table; (bso#13315);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);

- Bump vendor-files
- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551); (bsc#1094881);

- Add missing package descriptions; (bsc#1093864);

- samba-tool requires samba-python; (bnc#1067771).

- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);

- Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
  package won't be generated simply based on the fact that there is
  no files section for the package. Allows the source validator to
  ensure samba-kdc is a built package.

- Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.

- CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624).