Log message:
Remove python33: adapt all packages that refer to it.

Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Log message:
Update samba4 to 4.3.11 (Samba 4.3.11), including security fix for
CVE-2016-2119.

Changes from 4.3.9 to 4.3.10 are too many to write here, please refer
WHATSNEW.txt file.

                   ==============================
                   Release Notes for Samba 4.3.11
                            July 07, 2016
                   ==============================

This is a security release in order to address the following defect:

o  CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)

=======
Details
=======

o  CVE-2016-2119:
   It's possible for an attacker to downgrade the required signing for
   an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST
   or SMB2_SESSION_FLAG_IS_NULL flags.

   This means that the attacker can impersonate a server being connected to by
   Samba, and return malicious results.

   The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking
   to domain controllers as a member server, and trusted domains as a domain
   controller.  These DCE/RPC connections were intended to protected by the
   combination of "client ipc signing" and
   "client ipc max protocol" in their effective default settings
   ("mandatory" and "SMB3_11").

   Additionally, management tools like net, samba-tool and rpcclient use DCERPC
   over SMB2/3 connections.

   By default, other tools in Samba are unprotected, but rarely they are
   configured to use smb signing, via the "client signing" parameter \ 
(the default
   is "if_required").  Even more rarely the "client max \ 
protocol" is set to SMB2,
   rather than the NT1 default.

   If both these conditions are met, then this issue would also apply to these
   other tools, including command line tools like smbcacls, smbcquota, smbclient,
   smbget and applications using libsmbclient.

Changes since 4.3.10:
--------------------

o  Stefan Metzmacher <metze@samba.org>
   * BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.
   * BUG 11948: Total dcerpc response payload more than 0x400000.

#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).

Log message:
Remove the stability entity, it has no meaning outside of an official context.

Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".

Log message:
Add or fix manpath entries to use the correct path.

Log message:
Update samba4 to 4.3.8, which contains security fix.

This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.

Changes since 4.3.8:
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
   * BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
   * BUG 11822: s3: libsmb: Fix error where short name length was read as 2
     bytes, should be 1.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 11780: smbd: Only check dev/inode in open_directory, not the full
     stat().
   * BUG 11789: pydsdb: Fix returning of ldb.MessageElement.

o  Berend De Schouwer <berend.de.schouwer@gmail.com>
   * BUG 11643: docs: Add example for domain logins to smbspool man page.

o  Günther Deschner <gd@samba.org>
   * BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.

o  Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
   * BUG 8093: access based share enum: Handle permission set in configuration
      files.

o  Volker Lendecke <vl@samba.org>
   * BUG 11816: nwrap: Fix the build on Solaris.
   * BUG 11827: vfs_catia: Fix memleak.
   * BUG 11878: smbd: Avoid large reads beyond EOF.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
     dereferencing an ioctl response.
   * BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
   * BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
     ldap_add.
   * BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
     restored.
   * BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
     list.
   * BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
   * BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
   * BUG 11847: Only validate MIC if "map to guest" is not being used.
   * BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
     option for testing.
   * BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
   * BUG 11858: Allow anonymous smb connections.
   * BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
   * BUG 11872: Fix 'wbinfo -u' and 'net ads search'.

o  Noel Power <noel.power@suse.com>
   * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.

o  Garming Sam <garming@catalyst.net.nz>
   * BUG 11789: build: Mark explicit dependencies on pytalloc-util.

o  Partha Sarathi <partha@exablox.com>
   * BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
     infolevel.

o  Jorge Schrauwen <sjorge@blackdot.be>
   * BUG 11816: configure: Don't check for inotify on illumos.

o  Uri Simchoni <uri@samba.org>
   * BUG 11691: winbindd: Return trust parameters when listing trusts.
   * BUG 11753: smbd: Ignore SVHDX create context.
   * BUG 11763: passdb: Add linefeed to debug message.
   * BUG 11788: build: Fix disk-free quota support on Solaris 10.
   * BUG 11798: build: Fix build when '--without-quota' specified.
   * BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system \ 
acls"
     is set.
   * BUG 11852: libads: Record session expiry for spnego sasl binds.

o  Hemanth Thummala <hemanth.thummala@nutanix.com>
   * BUG 11740: Real memory leak(buildup) issue in loadparm.
   * BUG 11840: Mask general purpose signals for notifyd.

Log message:
Update net/samba4 to 4.3.8

This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities:
o  CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
o  CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o  CVE-2016-2114 ("server signing = mandatory" not enforced)
o  CVE-2016-2113 (Missing TLS certificate validation)
o  CVE-2016-2112 (LDAP client and server don't enforce integrity)
o  CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o  CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o  CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o  CVE-2016-0771 (Out-of-bounds read in internal DNS server)
o  CVE-2015-5370 (Multiple errors in DCE-RPC code)

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Update to 4.3.4

Changelog:
                   =============================
                   Release Notes for Samba 4.3.4
                         January 12, 2016
                   =============================

This is the latest stable release of Samba 4.3.

Changes since 4.3.3:
--------------------

o  Michael Adam <obnox@samba.org>
   * BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap
     config.
   * BUG 11647: s3:smbd: Fix a corner case of the symlink verification.

o  Jeremy Allison <jra@samba.org>
   * BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a
     list of primary followed by DFS connections.
   * BUG 11625: Reduce the memory footprint of empty string options.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 11659: Update lastLogon and lastLogonTimestamp.

o  Ralph Boehme <slow@samba.org>
   * BUG 11065: vfs_fruit: Enable POSIX directory rename semantics.
   * BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr
     without stream prefix and type suffix.
   * BUG 11645: smbd: Make "hide dot files" option work with \ 
"store dos
     attributes = yes".

o  Günther Deschner <gd@samba.org>
   * BUG 11639: lib/async_req: Do not install async_connect_send_test.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 11394: Crash: Bad talloc magic value - access after free.

o  Rowland Penny <repenny241155@gmail.com>
   * BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner
     attribute is given.

o  Karolin Seeger <kseeger@samba.org>
   * BUG 11619: docs: Fix some typos in the idmap backend section.
   * BUG 11641: docs: Fix typos in man vfs_gpfs.

o  Uri Simchoni <uri@samba.org>
   * BUG 11649: smbd: Do not disable "store dos attributes" on-the-fly.