Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed . - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack . - CVE-2016-2113: TLS certificate validation were missing . - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks . - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible . Also the following fixes were done: - Upgrade on-disk FSRVP server state to new version; . - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; . - Align fsrvp feature sources with upstream version. - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel; . - s3:utils/smbget: Fix recursive download; . - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; . - docs: Add example for domain logins to smbspool man page; . - s3-client: Add a KRB5 wrapper for smbspool; . - loadparm: Fix memory leak issue; . - lib/tsocket: Work around sockets not supporting FIONREAD; . - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; . - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; . - param: Fix str_list_v3 to accept ";" again; . - Real memeory leak issue in loadparm; . - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; . - Getting and setting Windows ACLs on symlinks can change permissions on link - Only obsolete but do not provide gplv2/3 package names; . - Enable clustering support; . - s3: smbd: Fix timestamp rounding inside SMB2 create; ; . - vfs_fruit: Fix renaming directories with open files; . - Fix MacOS finder error 36 when copying folder to Samba; . - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; . - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; . - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; . - Reduce the memory footprint of empty string options; . - lib/async_req: Do not install async_connect_send_test; . - docs: Fix typos in man vfs_gpfs; . - smbd: make "hide dot files" option work with "store dos attributes = yes"; . - smbcacls: Fix uninitialized variable; . - s3:smbd: Ignore initial allocation size for directory creation; . - Changing log level of two entries to from 1 to 3; . - vfs_gpfs: Re-enable share modes; . - wafsamba: Also build libraries with RELRO protection; . - ctdb: Strip trailing spaces from nodes file; . - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; . - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; . - async_req: Fix non-blocking connect; . - auth: gensec: Fix a memory leak; . - lib: util: Make non-critical message a warning; . - Fix winbindd crashes with samlogon for trusted domain user; ; . - smbd: Send SMB2 oplock breaks unencrypted; . - ctdb: Open the RO tracking db with perms 0600 instead of 0000; . - manpage: Correct small typo error; . - s3: smbd: If EA"s are turned off on a share don"t allow an SMB2 create containing them; . - Backport some valgrind fixes from upstream master; . - s3: smbd: have_file_open_below fails to enumerate open files below an open directory handle; . - docs: Fix some typos in the idmap config section of man 5 smb.conf; .