Recommended update for Samba

SUSE Recommended Update: Recommended update for Samba
Announcement ID: SUSE-RU-2012:1684-1
Rating: low
References: #769957 #770056 #770262 #771516 #779269 #783719 #787983 #788159 #790741
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP2
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP2

  • An update that has 9 recommended fixes can now be installed.

    Description:


    This collective update to Samba includes the following
    fixes and improvements:

    * ACL masks incorrectly applied when setting ACLs
    (bso#9236)
    * s3-kerberos: also try with AES keys, when decrypting
    tickets (bso#9272)
    * lib/replace: replace all *printf function if we
    replace snprintf (bso#9390)
    * lib/addns: don't depend on the order in
    resp->answers[] (bso#9402)
    * s4:torture/smb2: improve the smb2.create.blob test
    (bso#9209)
    * lib/krb5_wrap: request enc_types in the correct order
    (bso#9272)
    * Fix net ads join message for the dns domain (bso#9326)
    * docs-xml: fix use of tag (bso#9345)
    * s3-aio_pthread: Optimize
    aio_pthread_handle_completion (bso#9359)
    * s3:winbind: Failover if netlogon pipe is not
    available (bso#9386)
    * Ensure adding the winbind group never can fail
    * Create ntadmin group only if it doesn't yet exist
    * quota: Don't force the block size to 512 (bso#3272)
    * Fix poll replacement to become a msleep replacement
    (bso#8107)
    * Fix wrong test == syntax in configure (bso#8146)
    * Fix --with(out)-sendfile-support option handling in
    autoconf (bso#8344)
    * Fix builtin forms order to match Windows again
    (bso#8632)
    * Fix RAW printing for normal users (bso#8769,
    bnc#790741)
    * Initialise ticket to ensure we do not invalid memory
    (bso#8788)
    * Fix 'net rpc share allowedusers' to work with 2008r2
    (bso#8966)
    * Fix crash on null pam change pw response (bso#9013)
    * Connection to outbound trusted domain goes offline
    (bso#9016)
    * Increase debug level for info that the db is empty
    (bso#9112)
    * 'smbclient' can't connect to a Windows 7 server using
    NTLMv2 (bso#9117)
    * Winbind can't fetch user or group info from AD via
    LDAP (bso#9147)
    * Open printers with the right access mask (bso#9154)
    * Remove non-existent option '-Y' from winbindd manpage
    (bso#9171)
    * Add quota support for gfs2 (bso#9172)
    * Make SMB2 compound request
    create/delete_on_close/close work as Windows (bso#9173)
    * Empty SPNEGO packet can cause smbd to crash (bso#9174)
    * pam_winbind: Match more return codes when wbcGetPwnam
    has failed (bso#9177)
    * Fix crash bug in idmap_hash (bso#9188, bnc#788159)
    * SMB2 Create doesn't return correct MAX ACCESS access
    mask in blob (bso#9189)
    * Fix service control for non-internal services
    (bso#9192)
    * Don't take 'state->te' as indication for
    "was_deferred" (bso#9196)
    * Parse of invalid SMB2 create blob can cause smbd
    crash (bso#9209)
    * Bad ASN.1 NegTokenInit packet can cause invalid free
    (bso#9213)
    * Fix segfault in smbd if user specified ports out for
    range (bso#9218)
    * Signing cannot be disabled for SMB2 by design, so fix
    the documentation instead (bso#9222)
    * Fix NT_STATUS_IO_TIMEOUT during slow import of
    printers into registry (bso#9231)
    * When setting a non-default ACL, don't forget to apply
    masks to SMB_ACL_USER and SMB_ACL_GROUP entries (bso#9236)
    * lib-addns: ensure that allocated buffer are pre set
    to 0 (bso#9259)
    * Make tdb robust against shrinking tdbs and improper
    CLEAR_IF_FIRST restart (bso#9268)
    * Add support for reloading systemd services (bso#9280)
    * Warn via the smbd log if AppArmor and "wide links"
    are in use (bnc#783719)
    * Backport FSCTL codes and fix segfault in smbstatus
    from master (bso#9058)
    * Fix bad call to memcpy source3/registry/regfio.c
    (bso#9065)
    * "Domain Users" incorrectly added as additional group
    on domain members (bso#9066)
    * Use correct RID for "Domain Guests" primary group
    (bso#9067)
    * Fix crash bug in smbd caused by a blocking lock
    followed by close (bso#9084)
    * Fix smbclient/tarmode panic when connecting to
    Windows 2000 clients (bso#9088)
    * Fix refreshing of Kerberos tickets in Winbind
    (bso#9098)
    * Fix identification of idle clients in Winbind to
    avoid crashes and NDR parsing errors (bso#9104)
    * Fix compilation with newer MIT Kerberos which hides
    internal symbols (bso#9111)
    * Fix flooding the logs with records we don't find in
    pcap (bso#9112)
    * Initialize the print backend after we setup winreg
    (bso#9122)
    * Fix lprng job tracking errors (bso#9123)
    * Fix setting of "inherited" bit on inherited ACE's
    (bso#9124)
    * Fix Winbind panic if we couldn't find the domain
    (bso#9135)
    * Make 'smbclient allinfo' show the snapshot list
    (bso#9137)
    * Fix nfs quota support with Linux nfs4 mounts
    (bso#9144)
    * Valid open requests can cause smbd assert due to
    incorrect oplock handling on delete requests (bso#9150)
    * NMB registration for a duplicate workstation fails
    with registration refuse (bso#9085, bnc#770056)
    * Correct documentation of "case sensitive" (bso#8552)
    * Printing fails in function cups_job_submit (bso#8719)
    * Fix kernel oplocks when uid(file) != uid(process)
    (bso#8974)
    * Send correct responses to NT Transact Secondary when
    no data and no params for the Trans2 calls are set
    (bso#8989)
    * Fix build without ads support (bso#8996)
    * Don't turn negative cache entries into valid
    idmappings (bso#9002)
    * Fix posix acl on gpfs (bso#9003)
    * Make vfs_gpfs less verbose in get/set_xattr functions
    (bso#9022)
    * Fix migrating printers while upgrading from 3.5.x
    (bso#9026)
    * Fix typo in set_re_uid() call when USE_SETRESUID
    selected in configure (bso#9034)
    * Using asynchronous IO with SMB2 can return
    NT_STATUS_FILE_CLOSED in error instead of
    NT_STATUS_FILE_LOCK_CONFLICT (bso#9040)
    * Fix resolving our own "Domain Local" groups
    (bso#9052, bnc#779269)
    * Fix build against CUPS 1.6 (bso#9055)
    * Fix bugs in SMB2 credit handling code (bso#9057)
    * rpcclient: Fix bad call to data_blob_const (bso#9062)
    * BuildRequire gcc, make, and patch (bnc#771516)
    * ndr: fix push/pull DATA_BLOB with NDR_NOALIGN
    (bso#9026, bnc#770262)
    * Fix shell syntax in dhcpcd hook script (bnc#769957)
    * resolve_ads() code can return zero addresses and miss
    valid DC IP addresses (bso#8910)
    * Can't join XP Pro workstations to 3.6.1 DC (bso#8373,
    bnc#787983)
    * winbind can hang as nbt_getdc() has no timeout
    (bso#8953)
    * Fix crash bug in dns_create_probe when
    dns_create_update fails (bso#8627)
    * s3-pid: Catch with pid filename's change when config
    file is not smb.conf (bso#8714)
    * Possible memory leaks in the main Samba process
    (bso#8970)
    * Treat exit_server_cleanly() as a "clean" shutdown
    (bso#8971)
    * Avoid crash with MIT krb5 1.10.0 in
    gss_get_name_attribute() (bso#8988)
    * Winzip occasionally can not read files out of an open
    winzip dialog (bso#8311)
    * s3-winbindd: call dump_core_setup after command line
    option has been parsed (bso#8975)
    * Directory group write permission bit is set if unix
    extensions are enabled (bso#8972)
    * s3: remove dependency on automake for "make
    everything" (bso#8978)
    * sd_has_inheritable_components segfaults on an SD that
    se_access_check accepts (bso#8811)
    * smbclient's tarmode insists on listing excluded
    directories (bso#8922)
    * Notify code can miss a ChDir (bso#8998)
    * s3:smbd: add a fsp_persistent_id() function (bso#8995)
    * s3: Fix a segfault with debug level 3 on Solaris
    (bso#8861)
    * s3: wbinfo --lookup-sids "" crashes winbind (bso#8904)
    * smbd crashes when deleting directory and veto files
    are enabled (bso#8837)
    * winbind_krb5_locator only returns one IP address
    (bso#8897)
    * Wrong assertion/comparison: Compare value not pointer
    (bso#8859)
    * Inconsistent (with manpage) command-line switch for
    "help" in smbtree (bso#8831)
    * Setting traverse rights fails to enable directory
    traversal when acl_xattr in use (bso#8857)
    * Syslog broken owing to mistyping of
    debug_settings.syslog (bso#8877)
    * s3/ldap: remove outdated netscape ds 5 schema file
    (bso#8869)
    * s3-docs: fixes several typos (bso#7938)
    * s3-VFS: Fix building out-of-tree modules (bso#8822)
    * s3-docs: Add hint that setting "profile acls = yes"
    on normal shares can cause trouble (bso#7930)
    * s3-pam_winbind: Fix the build with a newer iniparser
    library (bso#8915)
    * Avoid null dereference in initialize_password_db()
    (bso#8920)
    * s3:registry: implement values_need_update and
    subkeys_need_update in the smbconf backend
    * s3:registry:reg_api: fix reg_queryvalue to not fail
    when values are modified while it runs
    * s4:torture:rpc:spoolss: also initialize driverName
    before checking it in test_PrinterData_DsSpooler()
    * s3:registry: multiple cleanups, fixes, and
    optimisations
    * s3:auth/server_info: the primary rid should be in the
    groups rid array (bso#8798)
    * s3-printing: Add new printers to registry (bso#8554,
    bso#8612, bso#8748)
    * Fix the overwriting of errno before use in a DEBUG
    statement and use the return value from store_acl_blob_fsp
    rather than ignoring it (bso#8945)
    * s3-auth: Don't lookup the system user in pdb
    (bso#8944)
    * s3-passdb: Fix negative SID->uid/gid cache handling
    (bso#8952)
    * Fix typo in pam_winbindd code (bso#8957)
    * Fix remove_duplicate_addrs2 previously it could leave
    zero addresses in the list (bso#8910)
    * Slow but responsive DC can lock up winbindd (bso#8943)
    * Broken processing of %U with vfs_full_audit when
    force user is set (bso#8882)
    * Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.

    Patch Instructions:

    To install this SUSE Recommended Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP2:
      zypper in -t patch sdksp2-cifs-mount-7087
    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-cifs-mount-7087
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-cifs-mount-7087
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-cifs-mount-7087

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):
    • libldb-devel-3.6.3-0.28.1
    • libnetapi-devel-3.6.3-0.28.1
    • libnetapi0-3.6.3-0.28.1
    • libsmbclient-devel-3.6.3-0.28.1
    • libsmbsharemodes-devel-3.6.3-0.28.1
    • libsmbsharemodes0-3.6.3-0.28.1
    • libtalloc-devel-3.6.3-0.28.1
    • libtdb-devel-3.6.3-0.28.1
    • libtevent-devel-3.6.3-0.28.1
    • libwbclient-devel-3.6.3-0.28.1
    • samba-devel-3.6.3-0.28.1
    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
    • ldapsmb-1.34b-12.28.1
    • libldb1-3.6.3-0.28.1
    • libsmbclient0-3.6.3-0.28.1
    • libtalloc1-3.4.3-1.42.6
    • libtalloc2-3.6.3-0.28.1
    • libtdb1-3.6.3-0.28.1
    • libtevent0-3.6.3-0.28.1
    • libwbclient0-3.6.3-0.28.1
    • samba-3.6.3-0.28.1
    • samba-client-3.6.3-0.28.1
    • samba-krb-printing-3.6.3-0.28.1
    • samba-winbind-3.6.3-0.28.1
    • SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):
    • libsmbclient0-32bit-3.6.3-0.28.1
    • libtalloc1-32bit-3.4.3-1.42.6
    • libtalloc2-32bit-3.6.3-0.28.1
    • libtdb1-32bit-3.6.3-0.28.1
    • libwbclient0-32bit-3.6.3-0.28.1
    • samba-32bit-3.6.3-0.28.1
    • samba-client-32bit-3.6.3-0.28.1
    • samba-winbind-32bit-3.6.3-0.28.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
    • ldapsmb-1.34b-12.28.1
    • libldb1-3.6.3-0.28.1
    • libsmbclient0-3.6.3-0.28.1
    • libtalloc1-3.4.3-1.42.6
    • libtalloc2-3.6.3-0.28.1
    • libtdb1-3.6.3-0.28.1
    • libtevent0-3.6.3-0.28.1
    • libwbclient0-3.6.3-0.28.1
    • samba-3.6.3-0.28.1
    • samba-client-3.6.3-0.28.1
    • samba-krb-printing-3.6.3-0.28.1
    • samba-winbind-3.6.3-0.28.1
    • SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
    • libsmbclient0-32bit-3.6.3-0.28.1
    • libtalloc1-32bit-3.4.3-1.42.6
    • libtalloc2-32bit-3.6.3-0.28.1
    • libtdb1-32bit-3.6.3-0.28.1
    • libwbclient0-32bit-3.6.3-0.28.1
    • samba-32bit-3.6.3-0.28.1
    • samba-client-32bit-3.6.3-0.28.1
    • samba-winbind-32bit-3.6.3-0.28.1
    • SUSE Linux Enterprise Server 11 SP2 (ia64):
    • libsmbclient0-x86-3.6.3-0.28.1
    • libtalloc1-x86-3.4.3-1.42.6
    • libtalloc2-x86-3.6.3-0.28.1
    • libtdb1-x86-3.6.3-0.28.1
    • libwbclient0-x86-3.6.3-0.28.1
    • samba-client-x86-3.6.3-0.28.1
    • samba-winbind-x86-3.6.3-0.28.1
    • samba-x86-3.6.3-0.28.1
    • SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
    • libldb1-3.6.3-0.28.1
    • libsmbclient0-3.6.3-0.28.1
    • libtalloc1-3.4.3-1.42.6
    • libtalloc2-3.6.3-0.28.1
    • libtdb1-3.6.3-0.28.1
    • libtevent0-3.6.3-0.28.1
    • libwbclient0-3.6.3-0.28.1
    • samba-3.6.3-0.28.1
    • samba-client-3.6.3-0.28.1
    • samba-krb-printing-3.6.3-0.28.1
    • samba-winbind-3.6.3-0.28.1
    • SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
    • libldb1-32bit-3.6.3-0.28.1
    • libsmbclient0-32bit-3.6.3-0.28.1
    • libtalloc1-32bit-3.4.3-1.42.6
    • libtalloc2-32bit-3.6.3-0.28.1
    • libtdb1-32bit-3.6.3-0.28.1
    • libtevent0-32bit-3.6.3-0.28.1
    • libwbclient0-32bit-3.6.3-0.28.1
    • samba-32bit-3.6.3-0.28.1
    • samba-client-32bit-3.6.3-0.28.1
    • samba-winbind-32bit-3.6.3-0.28.1

    References:

    • https://bugzilla.novell.com/769957
    • https://bugzilla.novell.com/770056
    • https://bugzilla.novell.com/770262
    • https://bugzilla.novell.com/771516
    • https://bugzilla.novell.com/779269
    • https://bugzilla.novell.com/783719
    • https://bugzilla.novell.com/787983
    • https://bugzilla.novell.com/788159
    • https://bugzilla.novell.com/790741
    • http://download.suse.com/patch/finder/?keywords=ef0a97f30ded58bb5811aa39a6b48a97