This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; ; - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; ; - Add missing samba-client requirement to samba-winbind package; ; Update to 4.15.7 * Share and server swapped in smbget password prompt; ; * Durable handles won"t reconnect if the leased file is written to; ; * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; ; * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; ; * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; ; * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; ; * PAM Kerberos authentication incorrectly fails with a clock skew error; ; * username map - samba erroneously applies unix group memberships to user account entries; ; * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; ; * Simple bind doesn"t work against an RODC ; ; * Crash of winbind on RODC; ; * uncached logon on RODC always fails once; ; * KVNO off by 100000; ; * LDAP simple binds should honour 'old password allowed period'; ; * wbinfo -a doesn"t work reliable with upn names; ; * Simple bind doesn"t work against an RODC ; ; * Uninitialized litemask in variable in vfs_gpfs module; ; * Regression: create krb5 conf = yes doesn"t work with a single KDC; ; - Add provides to samba-client-libs package to fix upgrades from previous versions; ; - Add missing samba-libs requirement to samba-winbind package; ; Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; ; * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; ; * NT error code is not set when overwriting a file during rename in libsmbclient; ; * Fix ldap simple bind with TLS auditing; ; * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; ; * Problem when winbind renews Kerberos; ; ; * pam_winbind will not allow gdm login if password about to expire; ; * virusfilter_vfs_openat: Not scanned: Directory or special file; ; * DFS fix for AIX broken; ; * Solaris and AIX acl modules: wrong function arguments; ; * Function aixacl_sys_acl_get_file not declared / coredump; ; * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; ; * Fix a use-after-free in SMB1 server; ; * smb2_signing_decrypt_pdu may not decrypt with gnutls_aead_cipher_decrypt from gnutls before 3.5.2; ; * Changing the machine password against an RODC likely destroys the domain join; ; * authsam_make_user_info_dc steals memory from its struct ldb_message *msg argument; ; * Use Heimdal 8.0 rather than an earlier snapshot; ; * Samba autorid fails to map AD users if id rangesize fits in the id range only once; ; Other SUSE fixes: - Fix mismatched version of libldb2; . - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0-greater than or v1 state upgrade functionality; . - Fix ntlm authentications with 'winbind use default domain = yes'; ; ; . - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; ; . - libldb version mismatch in Samba dsdb component; ;