Package samba: Information

- Update to maintenance release of Samba 4.18:
  + log flood: smbd_calculate_access_mask_fsp: Access denied: message level
    should be lower (Samba#15302).
  + Floating point exception (FPE) via cli_pull_send at
    source3/libsmb/clireadwrite.c (Samba#15306).
  + Reduce flapping of ridalloc test (Samba#15329).
  + large_ldap test is unreliable (Samba#15351).
  + New filename parser doesn't check veto files smb.conf parameter (Samba#15143).
  + mdssvc may crash when initializing (Samba#15354).
  + Large directory optimization broken for non-lcomp path elements (Samba#15313).
  + streams_depot fails to create streams (Samba#15357).
  + shadow_copy2 and streams_depot don't play well together (Samba#15358).
  + wbinfo -u fails on ad dc with >1000 users (Samba#15366).
  + winbindd idmap child contacts the domain controller without a
    need (Samba#15317).
  + idmap_autorid may fail to map sids of trusted domains for the first
    time (Samba#15318).
  + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings (Samba#15319).
  + net ads search -P doesn't work against servers in other domains (Samba#15323).
  + DS ACEs might be inherited to unrelated object classes (Samba#15338).
  + Temporary smbXsrv_tcon_global.tdb can't be parsed (Samba#15353).
  + Setting veto files = /.*/ break listing directories (Samba#15360).
  + CVE-2020-25720 [SECURITY] Create Child permission should not
    allow full write to all attributes (additional changes) (Samba#14810).
  + Reduce flapping of ridalloc test (Samba#15329).
  + dsgetdcname: assumes local system uses IPv4 (Samba#15325).

- Update to maintenance release of Samba 4.17 with update libldb to 2.6.2:
  + ldb wildcard matching makes excessive allocations (Samba#15331).

- Security fixes (Samba#15276, Samba#15270, Samba#15315, Samba#14810):
  + CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
                   but otherwise unprivileged users to delete this attribute from
                   any object in the directory.
                   https://www.samba.org/samba/security/CVE-2023-0225.html

  + CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                   remote LDAP server, will by default send new or reset
                   passwords over a signed-only connection.
                   https://www.samba.org/samba/security/CVE-2023-0922.html

  + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                   Confidential attribute disclosure via LDAP filters was
                   insufficient and an attacker may be able to obtain
                   confidential BitLocker recovery keys from a Samba AD DC.
                   Installations with such secrets in their Samba AD should
                   assume they have been obtained and need replacing.
                   https://www.samba.org/samba/security/CVE-2023-0614.html

  + CVE-2020-25720 Create Child permission should not allow full write to all
                   attributes (additional changes).

- Update to maintenance release of Samba 4.17:
  + streams_xattr is creating unexpected locks on folders (Samba#15314).
  + Use of the Azure AD Connect cloud sync tool is now supported for password
    hash synchronisation, allowing Samba AD Domains to synchronise passwords
    with this popular cloud environment (Samba#10635).
  + New samba-dcerpc architecture does not scale gracefully (Samba#15310).
  + vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd()
    in close and fstat (Samba#15307).
  + fd_load() function implicitly closes the fd where it should not (Samba#15311).
- Revert not treat of missing include file as an error in handle_include().
  This behavior differs between the source3 and source4 parts of Samba.
  So, it should be the same and just not an error (Closes #44214).