| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: python3-ldb | Distribution: openSUSE Tumbleweed |
| Version: 4.23.5+git.463.513487e87f1 | Vendor: openSUSE |
| Release: 1.2 | Build date: Wed Feb 18 16:26:01 2026 |
| Group: Development/Libraries/Python | Build host: reproducible |
| Size: 125200 | Source RPM: samba-4.23.5+git.463.513487e87f1-1.2.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.samba.org/ | |
| Summary: Python3 bindings for the LDB library | |
This package contains the python3 bindings for the LDB library.
GPL-3.0-or-later
* Wed Feb 18 2026 Samuel Cabrero <scabrero@suse.de>
- The "include system krb5 conf" option searchs for
/usr/etc/krb5.conf if /etc/krb5.conf does not exist;
(bsc#1257940);
* Mon Feb 02 2026 Samuel Cabrero <scabrero@suse.de>
- Update to 4.23.5
* New Spotlight default search field incorrectly initialized;
(bso#15959);
* Winbind group resolution failure; (bso#15972);
* winbindd crashes with Bad talloc magic value - unknown value;
(bso#15937);
* Bind dlz 9.20; (bso#15790); (bsc#1249058);
* Wed Jan 21 2026 Noel Power <nopower@suse.com>
- Fix mistake in README.SUSE /var/spool/samba => /var/samba/spool
(bsc#1254665).
* Mon Dec 22 2025 Samuel Cabrero <scabrero@suse.de>
- Remove cron package recommends; (bsc#1255450);
* Thu Dec 18 2025 Noel Power <nopower@suse.com>
- Adjust README.SUSE to reflect the new preferred location for
'[printers]' share; (bsc#1254665).
* Wed Dec 17 2025 Noel Power <nopower@suse.com>
- Fix Samba printers reporting invalid sid during print jobs;
(bsc#1234210); (bsc#1254926); (bso#15792).
* Fri Dec 12 2025 Noel Power <nopower@suse.com>
- samba-ad-dc-libs packages are missing a DLZ plugin for bind 9.20;
(bso#15790); (bsc#1249058).
* Tue Dec 09 2025 Noel Power <nopower@suse.com>
- Update to 4.23.4
* Samba 4.22 breaks Time Machine; (bso#15926).
* mdssvc doesn't support $time.iso dates before 1970;
(bso#15947).
* Fix winbind cache consistency; (bso#15963).
* Assert failed: (dirfd != -1) || (smb_fname->base_name[0] ==
'/') in vfswrap_openat; (bso#15897).
* ctdb can crash with inconsistent cluster lock configuration;
(bso#15950).
* samba-bgqd: rework man page; (bso#15809).
* samba-bgqd can't find [printers] share; (bso#15936).
* Winbind can hang forever in gssapi if there are network
issues; (bso#15955).
* libldb requires linking libreplace on Linux; (bso#15961).
- Update to 4.23.3
* Spotlight search restriction for shares incomplete and
default search searches in too many attributes; (bso#15927).
* Searching for numbers doesn't work with Spotlight;
(bso#15930).
* rpcd_mdssvc may crash because name mangling is not
initialized; (bso#15931).
* Only increment lease epoch if a lease was granted;
(bso#15933).
* vfs_recycle does not update mtime; (bso#15940).
* samba-log-parser fails with UnicodeDecodeError: 'utf-8' codec
can't decode byte; (bso#15943).
* Crash in ctdbd on failed updateip; (bso#15935).
- Update to 4.23.2
* CVE-2025-10230: Command injection via WINS server hook
script (bso#15903); (bsc#1251280).
* CVE-2025-9640: uninitialized memory disclosure via
vfs_streams_xattr; (bso#15885); (bsc#1251279).
- Update to 4.23.1
* Incomplete bind configuration causes DLZ plugin to crash;
(bso#15920).
* winbind can crash at startup; (bso#15914).
* vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for fsync_send; (bso#15919).
* CTDB does not support PCP 7.0.0; (bso#15904).
* CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set;
(bso#15921).
- Update to 4.23.0
* samba.tests.safe_tarfile fails on Python 3.13 with additional
security fixes for tarfile support; (bso#15911).
* samba-4.21 fails to join AD when multiple DCs are returned;
(bso#15905).
* Uninitialized read leads to hanging rpcd_spoolss;
(bso#15908).
* Stack buffer overflow in samba3.smb2.dirlease.fileserver;
(bso#15907).
* Regression in gssproxy support in 4.23.rc1+; (bso#15902).
* 'net ads group' failed to list domain groups; (bso#15900).
* macOS Finder client DFS broken on 4.22.0; (bso#15843).
* Self-signed certificates don't have X509v3 Subject
Alternative Name for DNS; (bso#15899).
* Improve handling of principals and realms in client tools;
(bso#15893).
* libquic build fixes; (bso#15896).
* getpwuid does not shift to new DC when current DC is down;
(bso#15844).
* Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bso#15876).
* Fri Oct 31 2025 Noel Power <noel.power@suse.com>
- Update [printers] location to /var/samba/spool; (bsc#1249179).
* Tue Oct 21 2025 Noel Power <nopower@suse.com>
- Update to 4.22.6
* macOS Finder client DFS broken on 4.22.0; (bso#15843).
* Samba 4.22 breaks Time Machine; (bso#15926).
* Spotlight search restriction for shares incomplete and
default search searches in too many attributes; (bso#15927).
* rpcd_mdssvc may crash because name mangling is not
initialized; (bso#15931).
* Only increment lease epoch if a lease was granted;
(bso#15933).
* samba-4.21 fails to join AD when multiple DCs are returned;
(bso#15905).
* 'net ads group' failed to list domain groups; (bso#15900).
* vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for fsync_send; (bso#15919).
* CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set;
(bso#15921).
* Wed Oct 15 2025 Noel Power <noel.power@suse.com>
- Update to 4.22.5
* CVE-2025-10230: Command injection via WINS server hook
script (bso#15903); (bsc#1251280).
* CVE-2025-9640: uninitialized memory disclosure via
vfs_streams_xattr; (bso#15885); (bsc#1251279).
* Wed Oct 01 2025 Samuel Cabrero <scabrero@suse.de>
- Relax samba-gpupdate requirement for cepces, certmonger, and sscep
to a recommends. They are only required if utilizing certificate
auto enrollment (bsc#1249087).
* Thu Sep 25 2025 Noel Power <noel.power@suse.com>
- Disable timeouts for smb.service so that possibly slow running
ExecStartPre script 'update-samba-security-profile' doesn't
cause service start to fail due to timeouts;(bsc#1249181).
* Thu Sep 25 2025 Noel Power <noel.power@suse.com>
- Ensure semanage is pulled in as a requirement when samba in
installed when selinux security access mechanism that is used;
(bsc#1249180).
* Thu Sep 25 2025 Noel Power <noel.power@suse.com>
- don't attempt to label paths that don't exist, also remove
unecessary evaluation of semange & restorecon cmds;(bsc#1249179).
* Thu Sep 25 2025 Noel Power <noel.power@suse.com>
- Update to 4.22.4
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0; (bso#14981).
* getpwuid does not shift to new DC when current DC is down;
(bso#15844).
* Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName-; (bso#15876).
* Unresponsive second DC can cause idmapping failure when using
idmap_ad-; (bso#15881).
* kinit command is failing with Missing cache Error;
(bso#15840).
* Figuring out the DC name from IP address fails and breaks
fork_domain_child(); (bso#15891).
* vfs_streams_depot fstatat broken; (bso#15816).
* Delayed leader broadcast can block ctdb forever; (bso#15892).
* Apparently there is a conflict between shadow_copy2 module
and virusfilter (action quarantine); (bso#15663).
* Fix handling of empty GPO link; (bso#15877).
* SMB ACL inheritance doesn't work for files created;
(bso#15880).
* Fri Jul 25 2025 Andreas Stieger <andreas.stieger@gmx.de>
- adjust gpgme build dependency for future-proofing
* Tue Jul 08 2025 Samuel Cabrero <scabrero@suse.de>
- Update to 4.22.3
* samba-tool cannot add user to group whose name is exactly 16
characters long; (bso#15854);
* Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876);
* Startup messages of rpc deamons fills /var/log/messages;
(bso#15869);
* Fri Jun 06 2025 Noel Power <nopower@suse.com>
- Update to 4.22.2
* (CVE-2025-0620) [SECURITY] CVE-2025-0620: smbd doesn't pick
up group membership changes when re-authenticating an expired
SMB session; (bso#15707); (bsc#1244136).
* Profile sync fails due to Directory Leases; (bso#15861).
* net ad join fails with "Failed to join domain: failed to
create kerberos keytab"; (bso#15727).
* dcerpcd not able to bind to listening port; (bso#15851).
* vfs_ceph_snapshots fails to list snapshots for entries at any
level beyond share root; (bso#15819).
* CTDB does not put nodes running NFS into grace on graceful
shutdown; (bso#15858).
* Fri May 09 2025 Noel Power <nopower@suse.com>
- Update and rename update-apparmor-samba-profile script to
update-samba-security-profile. It additionally now caters
for selinux (if selinux is used); (bsc#1241391);
* Wed Apr 30 2025 Samuel Cabrero <scabrero@suse.de>
- Update smb.conf to enable SMB3 unix extensions
* Tue Apr 22 2025 Noel Power <nopower@suse.com>
- Update to 4.22.1
* Running "gpo manage motd set" twice fails with backtrace;
(bso#15774).
* samba-tool gpo backup creates entity backups it can't read;
(bso#15829).
* gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with
prepended 0's; (bso#15839).
* Deadlock between two smbd processes; (bso#15767).
* Subnet based interfaces definition not listening on all
covered IP addresses; (bso#15823).
* PANIC: assert failed at source3/smbd/smb2_oplock.c(156):
sconn->oplocks.exclusive_open>=0; (bso#15836).
* net ad join fails with "Failed to join domain: failed to
create kerberos keytab"; (bso#15727).
* Enable support for cephfs case insensitive behavior;
(bso#15822).
* Remove of file or directory not possible with vfs_acl_tdb;
(bso#15791).
* Wide link issue in samba 4.22; (bso#15841).
* NT_STATUS_INVALID_PARAMETER: Can't create folders on share of
an exfat file system; (bso#15845).
* Lease code is not endian-safe; (bso#15849).
* vfs_ceph_new module does not work with other modules for
snapshot management; (bso#15818).
* vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN,
SMB_VFS_FCHMOD and SMB_VFS_FNTIMES; (bso#15834).
* Add async io API from libcephfs to ceph_new VFS module;
(bso#15810).
* Wed Mar 12 2025 Samuel Cabrero <scabrero@suse.de>
- Update to 4.22.0
* SMB3 Directory Leases are supported. By default, SMB3 Directory
Leases are enabled on non-clustered Samba and disabled on
clustered Samba, based on the "clustering" option.
* Netlogon Ping over LDAP and LDAPS
* Experimental Himmelblaud Authentication in Samba
* The "nmbd proxy logon" feature was removed.
* fruit:posix_rename option of the vfs_fruit VFS module that
could be used to enable POSIX directory rename behaviour for
OS X clients has been removed as it could result in severe
problems for Windows clients.
* Wed Feb 19 2025 Samuel Cabrero <scabrero@suse.de>
- Remove nscd build dependency and usage in RPM scriptlets;
(bsc#1237296);
* Wed Feb 19 2025 Noel Power <nopower@suse.com>
- Update to 4.21.4
* Increasing slowness of sharesec performance with high number
of registry shares; (bso#15780).
* winbindd shows memleak in kerberos_decode_pac; (bso#15782).
* Creation of GPOs applicable to more than one group is
impossible with Samba 4.20.0 and later; (bso#15738).
* Replace `crypt` module in
python/samba/netcmd/user/readpasswords/common.py;
(bso#15756).
* vfs_gpfs silently garbles timestamps > year 2106;
(bso#15151).
* Spotlight search results don't show file size and creation
date; (bso#15796).
* General improvements for vfs_ceph_new module; (bso#15703).
* net offlinejoin not working correctly; (bso#15777).
* net ads create/join/winbind producing unix dysfunctional
keytabs; (bso#15759).
* Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing
security tab; (bso#14213).
* The values from hresult_errstr_const and hresult_errstr are
reversed in 4.20 and 4.21; (bso#15769).
* Kerberos referral tickets are generated for principals in our
domain if we have a trust to a top level domain; (bso#15778).
* NETLOGON_NTLMV2_ENABLED is missing in the SamLogon*
user_flags field; (bso#15783).
* Regression: stack-use-after-return in crypt_as_best_we_can();
(bso#15784).
* libreplace:readline: gcc 15 complains about incompatible
pointer types; (bso#15788).
* Tue Jan 07 2025 Noel Power <nopower@suse.com>
- Update to 4.21.3
* More possible replication loops against Azure AD;
(bso#15701).
* Compound rename from Mac clients can fail with
NT_STATUS_INTERNAL_ERROR if the file has a lease;
(bso#15697).
* vfs crossrename seems not work correctly; (bso#15724).
* After 'machine password timeout' /etc/krb5.keytab is not
updated; (bso#6750).
* Memory leak wbcCtxLookupSid; (bso#15771).
* Fix heap-user-after-free with association groups;
(bso#15765).
* Segfault in vfs_btrfs; (bso#15758).
* Avoid event failure race when disabling an event script;
(bso#15755).
* Fri Dec 06 2024 Noel Power <nopower@suse.com>
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
* Mon Nov 25 2024 Noel Power <nopower@suse.com>
- Update to 4.21.2
* smbd fails to correctly check sharemode against OVERWRITE
dispositions; (bso#15732).
* Panic in close_directory; (bso#15754).
* winexe no longer works with samba 4.21; (bso#15752).
* protocol error - Unclear debug message "pad length mismatch"
for invalid bind packet; (bso#14356).
* NetrGetLogonCapabilities QueryLevel 2 needs to be
implemented; (bso#15425).
* gss_accept_sec_context() from Heimdal does not imply
GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE; (bso#15740).
* winbindd should call process_set_title() for locator child;
(bso#15749).
* Update CTDB to track all TCP connections to public IP
addresses; (bso#15320).
* Thu Oct 31 2024 Noel Power <nopower@suse.com>
- Add placeholder changelog for sle15-sp7; (jsc#PED-11210).
* Wed Oct 16 2024 Noel Power <nopower@suse.com>
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
* Tue Oct 15 2024 Noel Power <nopower@suse.com>
- Update to 4.21.1
* DH reconnect error handling can lead to stale sharemode
entries; (bso#15624).
* "inherit permissions = yes" triggers assert() in vfs_default
when creating a stream; (bso#15695).
* Samba 4.21.0 broke FreeIPA domain member integration;
(bso#15715).
* Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-
tool domain auth policy modify"; (bso#15692).
* irpc_destructor may crash during shutdown; (bso#15280).
* Durable handle is not granted when a previous OPEN exists
with NoOplock; (bso#15649).
* Durable handle is granted but reconnect fails; (bso#15651).
* Disconnected durable handles with RH lease should not be
purged by a new non conflicting open; (bso#15708).
* net ads testjoin and other commands use the wrong secrets.tdb
in a cluster; (bso#15714).
* 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as
rfc 8009 etypes are used; (bso#15726).
* VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2;
(bso#15730).
* Samba 4.20.0 DLZ module crashes BIND on startup; (bso#15643).
* Cannot build libldb lmdb backend on a build without AD DC;
(bso#15721).
* Consistent log level for sighup handler; (bso#15706).
* Wed Sep 25 2024 Noel Power <nopower@suse.com>
- Support needed packaging changes required update to samba-4.21.0
Update samba.spec, baselibs.conf to deliver libldb packages.
* Thu Sep 05 2024 David Disseldorp <ddiss@suse.com>
- Package ceph_new VFS module.
* Thu Sep 05 2024 David Disseldorp <ddiss@suse.com>
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
* Wed Aug 28 2024 Noel Power <nopower@suse.com>
- Bad variable definition for ParseTuple causing test failure for
Smb3UnixTests.test_create_context_reparse; (bso#15702).
* Wed Aug 28 2024 Noel Power <nopower@suse.com>
- Update to 4.21.0
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when
truncated; (bso#15699).
* Bad variable definition for ParseTuple causing test failure
for Smb3UnixTests.test_create_context_reparse; (bso#15702).
* Add new vfs_ceph module (based on low level API);
(bso#15686).
* samba-tool can not load the default configuration file;
(bso#15698).
* Crash when readlinkat fails; (bso#15700).
* Can't add/delete special keys to keytab for nfs, cifs, http
etc; (bso#15689).
* Compound SMB2 requests don't return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients; (bso#15696).
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
* ldb_version.h is missing from ldb public library;
(bso#15690).
* Can not add/delete special keys to keytab for nfs, cifs, http
etc; (bso#15689).
* undefined reference to winbind_lookup_name_ex; (bso#15687).
* per user veto and hide file syntax is to complex;
(bso#15688).
* Wed Aug 07 2024 Noel Power <nopower@suse.com>
- Fix a crash when joining offline and 'kerberos method' includes
keytab; (bsc#1228732).
* Tue Aug 06 2024 Noel Power <noel.power@suse.com>
- Update to 4.20.4
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
- Update to 4.20.3
* Running samba-bgqd a a standalone systemd service does not
work; (bso#15683).
* When claims enabled with heimdal kerberos, unable to log on
to a Windows computer when user account need to change their
own password; (bso#15655).
* Invalid client warning about command line passwords;
(bso#15671).
* Version string is truncated in manpages; (bso#15672).
* cmdline_burn does not always burn secrets; (bso#15674).
* Samba does not parse SDDL found in defaultSecurityDescriptor
in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685).
* The images don\'t build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
* Fix clock skew error message and memory cache clock skew
recovery; (bso#15676).
* Heimdal ignores _gsskrb5_decapsulate errors in
init_sec_context/repl_mutual; (bso#15603).
* s4:ldap_server: does not support tls channel bindings for
sasl binds; (bso#15621).
* CTDB socket output queues may suffer unbounded delays under
some special conditions; (bso#15678).
* Wed Jul 17 2024 Samuel Cabrero <scabrero@suse.de>
- Update samba-tool package to require python3-Markdown also in
the Heimdal ADDC build.
* Thu Jul 04 2024 Samuel Cabrero <scabrero@suse.de>
- Fix named crash when using samba's DLZ plugin; (bsc#1224003);
(bso#15643);
* Thu Jul 04 2024 pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
* Wed Jun 19 2024 Noel Power <nopower@suse.com>
- Update to 4.20.2
* vfs_widelinks with DFS shares breaks case insensitivity;
(bso#15662); (bsc#1213607).
* Samba build is not reproducible; (bso#13213).
* ldb qsort might r/w out of bounds with an intransitive
compare function; (bso#15569).
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances;
(bso#15625).
* Need to change gitlab-ci.yml tags in all branches to avoid CI
bill; (bso#15638).
* We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and
packagers to put their name in the Samba version string so
that when debugging Samba the source of the binary is
obvious; (bso#15654).
* CTDB RADOS mutex helper misses namespace support;
(bso#15665).
* Dynamic DNS updates with the internal DNS are not working;
(bso#13019).
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0; (bso#14981).
* Anonymous smb3 signing/encryption should be allowed (similar
to Windows Server 2022); (bso#15412).
* Panic in dreplsrv_op_pull_source_apply_changes_trigger;
(bso#15573).
* s4:nbt_server: does not provide unexpected handling, so
winbindd can't use nmb requests instead cldap; (bso#15620).
* winbindd, net ads join and other things don't work on an ipv6
only host; (bso#15642).
* Segmentation fault when deleting files in vfs_recycle;
(bso#15659).
* Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664).
* "client use kerberos" and --use-kerberos is ignored for the
machine account; (bso#15666).
* Regression DFS not working with widelinks = true;
(bso#15435).
* samba-gpupdate - Invalid NtVer in netlogon_samlogon_response;
(bso#15633).
* idmap_ad creates an incorrect local krb5.conf in case of
trusted domain lookups; (bso#15653).
* The images don't build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
* Mon Jun 03 2024 Samuel Cabrero <scabrero@suse.de>
- Fix non deterministic builds; (bsc#1225754); (bso#13213);
* Thu May 16 2024 Samuel Cabrero <scabrero@suse.de>
- Update to 4.20.1
* dns update debug message is too noisy; (bso#15630);
* Do not fail PAC validation for RFC8009 checksums types; (bso#15635);
* Improve performance of lookup_groupmem() in idmap_ad; (bso#15605);
* Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636);
* http library doesn't support 'chunked transfer encoding'; (bso#15611);
* Provide a systemd service file for the background queue daemon; (bso#15600);
- Update to 4.20.0
New features:
* samba-tool user getpassword / syncpasswords ;rounds= change
* Group Managed service account client-side features
* New Windows Search Protocol Client
* Allow 'smbcacls' to save/restore DACLs to file
* Samba-tool extensions for AD Claims, Authentication Policies and Silos
* AD DC support for Authentication Silos and Authentication Policies
* Conditional ACEs and Resource Attribute ACEs
* Service Witness Protocol [MS-SWN]
Removed features:
* Get locally logged on users from utmp
Fixed bugs:
* Avoid null-dereference with bad claims; (bso#15606);
* ndr_pull_security_ace can leave resource attribute ACE coda
claim struct undefined; (bso#15613);
* fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close(); (bso#15527);
* set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER -
openat() EACCES; (bso#15583);
* libgpo: Segfault in python bindings; (bso#15599);
* Samba AD is missing some authentication policy tests;
(bso#15607);
* samba-gpupdate: Correctly implement site support; (bso#15588);
* Remove unsupported "Final" keyword missing from Python 3.6;
(bso#15575);
* Additional witness backports for 4.20.0; (bso#15577);
* Error output with wspsearch; (bso#15579);
* Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580);
* Performance regression for NDR parsing of security
descriptors; (bso#15574);
* Build and install man page for wspsearch client utility;
(bso#15565);
* Tue Feb 20 2024 Noel Power <nopower@suse.com>
- Update to 4.19.5
* Windows 2016 fails to restore previous version of a file from
a shadow_copy2 snapshot; (bso#13688).
* Symlinks on AIX are broken in 4.19 (and a few version before
that); (bso#15549).
* Fake directory create times has no effect; (bso#12421).
* ctime mixed up with mtime by smbd; (bso#15550).
* samba-gpupdate --rsop fails if machine is not in a site;
(bso#15548).
* gpupdate: The root cert import when NDES is not available is
broken; (bso#15557).
* samba-gpupdate should print a useful message if cepces-submit
can't be found; (bso#15552).
* samba-gpupdate logging doesn't work; (bso#15558).
* smbpasswd reset permissions only if not 0600; (bso#15555).
* Wed Jan 10 2024 Noel Power <nopower@suse.com>
- Remove -x from bash shebang update-apparmor-samba-profile;
(bsc#1218431).
* Tue Jan 09 2024 Noel Power <nopower@suse.com>
- Update to 4.19.4
* net changesecretpw cannot set the machine account password if
secrets.tdb is empty; (bso#13577).
* For generating doc, take, if defined, env XML_CATALOG_FILES;
(bso#15540).
* Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541).
* vfs_linux_xfs is incorrectly named; (bso#15542).
* systemd stumbled over copyright-message at smbd startup;
(bso#15377).
* Following intermediate abolute share-local symlinks is
broken; (bso#15505).
* ctdb RELEASE_IP causes a crash in release_ip if a connection
to a non-public address disconnects first; (bso#15523).
* shadow_copy2 broken when current fileset's directories are
removed; (bso#15544).
* smbd does not detect ctdb public ipv6 addresses for
multichannel exclusion; (bso#15534).
* 'force user = localunixuser' doesn't work if 'allow trusted
domains = no' is set; (bso#15469).
* smbget debug logging doesn't work; (bso#15525).
* smget: username in the smburl and interactive password entry
doesn't work; (bso#15532).
* smbget auth function doesn't set values for password prompt
correctly; (bso#15538).
* Unable to copy and write files from clients to Ceph cluster
via SMB Linux gateway with Ceph VFS module; (bso#15440).
* Multichannel refresh network information; (bso#15547).
* Mon Nov 27 2023 Noel Power <nopower@suse.com>
- Update to 4.19.3
* sid_strings test broken by unix epoch > 1700000000;
(bso#15520).
* smbd crashes if asked to return full information on close of
a stream handle with delete on close disposition set;
(bso#15487).
* smbd: fix close order of base_fsp and stream_fsp in
smb_fname_fsp_destructor(); (bso#15521).
* Improve logging for failover scenarios; (bso#15499).
* Files without "read attributes" NFS4 ACL permission are not
listed in directories; (bso#15093).
* CVE-2018-14628 [SECURITY] Deleted Object tombstones visible
in AD LDAP to normal users; (bso#13595).
* Kerberos TGS-REQ with User2User does not work for normal
accounts; (bso#15492).
* vfs_gpfs stat calls fail due to file system permissions;
(bso#15507).
* Samba doesn't build with Python 3.12; (bso#15513).
* Mon Oct 23 2023 David Mulder <dmulder@suse.com>
- packaging: samba-tool domain provision requires python3-Markdown;
(bsc#1216519).
* Mon Oct 16 2023 Noel Power <nopower@suse.com>
- Update to 4.19.2
* Use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423).
* clidfs.c do_connect() missing a "return" after a
cli_shutdown() call; (bso#15426).
* macOS mdfind returns only 50 results; (bso#15463).
* GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value; (bso#15481).
* libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more; (bso#15464).
* ctdbd: setproctitle not initialized messages flooding logs;
(bso#15479).
* CVE-2023-5568 Heap buffer overflow with freshness tokens in
the Heimdal KDC in Samba 4.19; (bso#15491).
* The heimdal KDC doesn't detect s4u2self correctly when fast
is in use; (bso#15477).
* Thu Oct 12 2023 Noel Power <nopower@suse.com>
- packaging: Remove /etc/slp.reg.d from samba spec file;
(bsc#1216160)
* Thu Oct 12 2023 Noel Power <nopower@suse.com>
- use systemd-logind rather than utmp for y2038 safety;
(bsc#1216159).
* Tue Oct 10 2023 Noel Power <nopower@suse.com>
- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-42670: samba: The procedure number is out of range
when starting Active Directory Users and Computers;
(bsc#1215906); (bso#15473).
- CVE-2023-3961: samba: Unsanitized client pipe name passed to
local_np_connect(); (bsc#1215907); (bso#15422).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
"GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
(bsc#1215908); (bso#15424).
* Tue Sep 26 2023 Noel Power <nopower@suse.com>
- Update to 4.19.0
* File doesn't show when user doesn't have permission if
aio_pthread is loaded; (bso#15453).
* ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1; (bso#15451).
* Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can
log to syslog; (bso#15460).
* ‘samba-tool domain level raise’ fails unless given a URL;
(bso#15458).
* reply_sesssetup_and_X() can dereference uninitialized tmp
pointer; (bso#15420).
* missing return in reply_exit_done(); (bso#15430).
* TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer; (bso#15432).
* Avoid infinite loop in initial user sync with Azure AD
Connect when synchronising a large Samba AD domain;
(bso#15401).
* Samba replication logs show (null) DN; (bso#15407).
* 2-3min delays at reconnect with
smb2_validate_sequence_number: bad message_id 2; (bso#15346).
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed;
(bso#15446).
* CID 1539212 causes real issue when output contains only
newlines; (bso#15438).
* KDC encodes INT64 claims incorrectly; (bso#15452).
* mdssvc: Do an early talloc_free() in _mdssvc_open();
(bso#15449).
* Windows client join fails if a second container CN=System
exists somewhere; (bso#9959).
* regression DFS not working with widelinks = true;
(bso#15435).
* Heimdal fails to build on 32-bit FreeBSD; (bso#15443).
* samba-tool ntacl get segfault if aio_pthread appended;
(bso#15441).
* Mon Aug 21 2023 Samuel Cabrero <scabrero@suse.de>
- Update to 4.18.6
* reply_sesssetup_and_X() can dereference uninitialized tmp pointer;
(bso#15420);
* Missing return in reply_exit_done(); (bso#15430);
* post-exec password redaction for samba-tool is more reliable for fully
random passwords as it no longer uses regular expressions containing the
password value itself; (bso#15289);
* Windows client join fails if a second container CN=System exists somewhere;
(bso#9959);
* Spotlight sometimes returns no results on latest macOS; (bso#15342);
* Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to
remove the destination; (bso#15417);
* Spotlight results return wrong date in result list; (bso#15427);
* "net offlinejoin provision" does not work as non-root user; (bso#15414);
* rpcserver no longer accepts double backslash in dfs pathname; (bso#15400);
* cm_prepare_connection() calls close(fd) for the second time; (bso#15433);
* 2-3min delays at reconnect with smb2_validate_sequence_number: bad
message_id 2; (bso#15346);
* samba-tool ntacl get segfault if aio_pthread appended; (bso#15441);
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446);
* Python tarfile extraction needs change to avoid a warning (CVE-2007-4559
mitigation); (bso#15390);
* Regression DFS not working with widelinks = true; (bso#15435);
* mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449);
* Tue Aug 08 2023 Samuel Cabrero <scabrero@suse.de>
- Move libcluster-samba4.so from samba-libs to samba-client-libs;
(bsc#1213940);
* Wed Jul 19 2023 Noel Power <nopower@suse.com>
- Update to 4.18.5
* CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
* CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
* CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
* CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).
* CVE-2023-3347: Samba doesn't require SMB2+ signing if
`server signing = mandatory` is set; (bso#15397); (bsc#1213170).
* secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).
* Thu Jul 06 2023 Noel Power <nopower@suse.com>
- Update to 4.18.4
* Backport --pidl-developer fixes; (bso#15404).
* Named crashes on DLZ zone update; (bso#14030).
* smbcacls and smbcquotas do not check // before the server;
(bso#2312).
* cli_list loops 100% CPU against pre-lanman2 servers;
(bso#15382).
* smbclient leaks fds with showacls; (bso#15391).
* smbd returns NOT_FOUND when creating files on a r/o
filesystem; (bso#15402).
* NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry
and causes test timeouts; (bso#15355).
* net ads lookup (with unspecified realm) fails; (bso#15384).
* Register Samba processes with GPFS; (bso#15381).
* Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation); (bso#15390).
* The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`; (bso#15398).
* Remove comments about deprecated 'write cache size';
(bso#15383).
* smbget memory leak if failed to download files recursively;
(bso#15403).
* Thu Jun 01 2023 Noel Power <nopower@suse.com>
- Update to 4.18.3
* Symlinks to files can have random DOS mode information in a
directory listing; (bso#15375).
* vfs_fruit might cause a failing open for delete; (bso#15378).
* winbind recurses into itself via rpcd_lsad; (bso#15361).
* wbinfo -u fails on ad dc with >1000 users; (bso#15366).
* DS ACEs might be inherited to unrelated object classes;
(bso#15338).
* a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND;
(bso#15362).
* aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse(); (bso#15374).
* Setting veto files = /.*/ break listing directories;
(bso#15360).
* "samba-tool domain provision" does not run interactive mode
if no arguments are given; (bso#15363).
* dsgetdcname: assumes local system uses IPv4; (bso#15325).
- Update to 4.18.2
* Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower; (bso#15302).
* Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c; (bso#15306).
* test_tstream_more_tcp_user_timeout_spin fails intermittently
on Rackspace GitLab runners; (bso#15328).
* Reduce flapping of ridalloc test; (bso#15329).
* large_ldap test is unreliable; (bso#15351).
* New filename parser doesn't check veto files smb.conf
parameter; (bso#15143).
* mdssvc may crash when initializing; (bso#15354).
* large directory optimization broken for non-lcomp path
elements; (bso#15313).
* streams_depot fails to create streams; (bso#15357).
* shadow_copy2 and streams_depot don't play well together;
(bso#15358).
* Flapping tests in samba_tool_drs_show_repl.py; (bso#15316).
* winbindd idmap child contacts the domain controller without a
need; (bso#15317).
* idmap_autorid may fail to map sids of trusted domains for the
first time; (bso#15318).
* idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings;
(bso#15319).
* net ads search -P doesn't work against servers in other
domains; (bso#15323).
* Temporary smbXsrv_tcon_global.tdb can't be parsed;
(bso#15353).
* Tests use depricated and removed methods like
assertRegexpMatches; (bso#15343).
* Wed Mar 29 2023 Noel Power <nopower@suse.com>
- Update to 4.18.1
* CVE-2023-0225: AD DC "dnsHostname" attribute can be
deleted by unprivileged authenticated users.
(bso#15276);(bsc#1209483).
* CVE-2023-0614: Access controlled AD LDAP attributes can be
discovered (bso#15270); (bsc#1209485).
* CVE-2023-0922: Samba AD DC admin tool samba-tool sends
passwords in cleartext(bso#15315);(bsc#1209481).
* ldb wildcard matching makes excessive allocations;
(bso#15331).
* large_ldap test is inefficient; (bso#15332).
* Fri Mar 17 2023 Samuel Cabrero <scabrero@suse.de>
- Update to 4.18.0
* SMB server performance improvements
* More succinct samba-tool error messages
* Color output with samba-tool --color
The NO_COLOR environment variable will disable colour output
* New samba-tool dsacl subcommand for deleting ACEs
* New wbinfo option --change-secret-at
* Net option to change the NT ACL default location
* Azure AD / Office365 synchronization improvements
* Tue Feb 14 2023 Samuel Cabrero <scabrero@suse.de>
- Update to 4.17.5
* smbc_getxattr() return value is incorrect; (bso#14808);
* Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly; (bso#15172);
* synthetic_pathref AFP_AfpInfo failed errors; (bso#15210);
* samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC
when there is only an AAAA record for the DC in DNS; (bso#15226);
* smbd crashes if an FSCTL request is done on a stream handle; (bso#15236);
* DFS links don't work anymore on Mac clients since 4.17; (bso#15277);
* vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value); (bso#15283);
* CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based
SChannel on NETLOGON (additional changes); (bso#15240);
* %U for include directive doesn't work for share listing
(netshareenum); (bso#15243);
* Shares missing from netshareenum response in samba 4.17.4;
(bso#15266);
* ctdb: use-after-free in run_proc; (bso#15269);
* irpc_destructor may crash during shutdown; (bso#15280);
* auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286);
* smbclient segfaults with use after free on an optimized build;
(bso#15268);
* smbstatus leaking files in msg.sock and msg.lock; (bso#15282);
* Leak in wbcCtxPingDc2; (bso#15164);
* Access based share enum does not work in Samba 4.16+; (bso#15265);
* Crash during share enumeration; (bso#15267);
* rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer; (bso#15271);
* Avoid relying on C89 features in a few places; (bso#15281);
- named crashes on DLZ zone update; (bso#14030); (bsc#1206996);
- Drop libnsl build requirement; (bsc#1208220);
* Mon Jan 23 2023 Noel Power <nopower@suse.com>
- libdsdb-module-samba4 should be packaged as part of samba-libs and
not samba-ad-dc-libs. Additionally no need for it to be
removed conditionally.
* Thu Jan 12 2023 Noel Power <nopower@suse.com>
- Clean up logic for PAM migration settings in spec file.
* Wed Jan 04 2023 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
/usr/lib/python3.13/site-packages/_ldb_text.py /usr/lib/python3.13/site-packages/ldb.cpython-313-i386-linux-gnu.so /usr/lib/samba/libpyldb-util.cpython-313-i386-linux-gnu-private-samba.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Mar 5 23:04:22 2026