Log message:
samba4: add flex to USE_TOOLS

Log message:
samba4: updated to 4.14.3

Changes since 4.14.2
--------------------
* BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break
  vfs_virusfilter_openat.
* BUG 14586: build: Notice if flex is missing at configure time.
* BUG 14672: Fix smbd panic when two clients open same file.
* BUG 14675: Fix memory leak in the RPC server.
* BUG 14679: s3: smbd: fix deferred renames.
* BUG 14675: s3-iremotewinspool: Set the per-request memory context.
* BUG 14675: Fix memory leak in the RPC server.
* BUG 11899: third_party: Update socket_wrapper to version 1.3.2.
* BUG 14640: third_party: Update socket_wrapper to version 1.3.3.
* BUG 14665: samba-gpupdate: Test that sysvol paths download in
  case-insensitive way.
* BUG 14662: smbd: Ensure errno is preserved across fsp destructor.
* BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
  conflict.
* BUG 14288: build: Only add -Wl,--as-needed when supported.

Log message:
revbump for boost-libs

Log message:
samba4: updated to 4.14.2

Samba 4.14.2

This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.

This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Samba 4.14.1

This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Samba 4.14.0

This is the first stable release of the Samba 4.14 release series.
Please read the release notes carefully before upgrading.

NEW FEATURES/CHANGES
====================

Here is a copy of a clarification note added to the Samba code
in the file: VFS-License-clarification.txt.
--------------------------------------------------------------

A clarification of our GNU GPL License enforcement boundary within the Samba
Virtual File System (VFS) layer.

Samba is licensed under the GNU GPL. All code committed to the Samba
project or that creates a "modified version" or software "based \ 
on" Samba must
be either licensed under the GNU GPL or a compatible license.

Samba has several plug-in interfaces where external code may be called
from Samba GNU GPL licensed code. The most important of these is the
Samba VFS layer.

Samba VFS modules are intimately connected by header files and API
definitions to the part of the Samba code that provides file services,
and as such, code that implements a plug-in Samba VFS module must be
licensed under the GNU GPL or a compatible license.

However, Samba VFS modules may themselves call third-party external
libraries that are not part of the Samba project and are externally
developed and maintained.

As long as these third-party external libraries do not use any of the
Samba internal structure, APIs or interface definitions created by the
Samba project (to the extent that they would be considered subject to the GNU
GPL), then the Samba Team will not consider such third-party external
libraries called from Samba VFS modules as "based on" and/or creating a
"modified version" of the Samba code for the purposes of GNU GPL.
Accordingly, we do not require such libraries be licensed under the GNU GPL
or a GNU GPL compatible license.

VFS
---

The effort to modernize Samba's VFS interface has reached a major milestone with
the next release Samba 4.14.

For details please refer to the documentation at source3/modules/The_New_VFS.txt or
visit the <https://wiki.samba.org/index.php/The_New_VFS>.

Printing
--------

Publishing printers in AD is more reliable and more printer features are
added to the published information in AD. Samba now also supports Windows
drivers for the ARM64 architecture.

Client Group Policy
-------------------
This release extends Samba to support Group Policy functionality for Winbind
clients. Active Directory Administrators can set policies that apply Sudoers
configuration, and cron jobs to run hourly, daily, weekly or monthly.

To enable the application of Group Policies on a client, set the global
smb.conf option 'apply group policies' to 'yes'. Policies are applied on an
interval of every 90 minutes, plus a random offset between 0 and 30 minutes.

Policies applied by Samba are 'non-tattooing', meaning that changes can be
reverted by executing the `samba-gpupdate --unapply` command. Policies can be
re-applied using the `samba-gpupdate --force` command.
To view what policies have been or will be applied to a system, use the
`samba-gpupdate --rsop` command.

Administration of Samba policy requires that a Samba ADMX template be uploaded
to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is
provided as a convenient method for adding this policy. Once uploaded, policies
can be modified in the Group Policy Management Editor under Computer
Configuration/Policies/Administrative Templates. Alternatively, Samba policy
may be managed using the `samba-tool gpo manage` command. This tool does not
require the admx templates to be installed.

Python 3.6 or later required
----------------------------

Samba's minimum runtime requirement for python was raised to Python
3.6 with samba 4.13.  Samba 4.14 raises this minimum version to Python
3.6 also to build Samba. It is no longer possible to build Samba
(even just the file server) with Python versions 2.6 and 2.7.

As Python 2.7 has been End Of Life upstream since April 2020, Samba
is dropping ALL Python 2.x support in this release.

Miscellaneous samba-tool changes
--------------------------------

The 'samba-tool' subcommands to manage AD objects (e.g. users, computers and
groups) now consistently use the "add" command when adding a new object to
the AD. The previous deprecation warnings when using the 'add' commands
have been removed. For compatibility reasons, both the 'add' and 'create'
commands can be used now.

Users, groups and contacts can now be renamed with the respective rename
commands.

Locked users can be unlocked with the new 'samba-tool user unlock' command.

The 'samba-tool user list' and 'samba-tool group listmembers' commands
provide additional options to hide expired and disabled user accounts
(--hide-expired and --hide-disabled).

CTDB CHANGES
============

* The NAT gateway and LVS features now uses the term "leader" to refer
  to the main node in a group through which traffic is routed and
  "follower" for other members of a group.  The command for
  determining the leader has changed to "ctdb natgw leader" (from
  "ctdb natgw master").  The configuration keyword for indicating that
  a node can not be the leader of a group has changed to
  "follower-only" (from "slave-only").  Identical changes \ 
were made
  for LVS.

* Remove "ctdb isnotrecmaster" command.  It isn't used by CTDB's
  scripts and can be checked by users with "ctdb pnn" and "ctdb
  recmaster".

Log message:
ldb: updated to 2.2.1; samba: updated to 4.13.7

                   ==============================
                   Release Notes for Samba 4.13.7
                           March 24, 2021
                   ==============================

This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.

This is a security release in order to address the following defects:

o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.

=======
Details
=======

o  CVE-2020-27840:
   An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
   crafted DNs as part of a bind request. More serious heap corruption is likely
   also possible.

o  CVE-2021-20277:
   User-controlled LDAP filter strings against the AD DC LDAP server may crash
   the LDAP server.

For more details, please refer to the security advisories.

Changes since 4.13.6
--------------------

o  Release with dependency on ldb version 2.2.1.

Log message:
samba4: updated to 4.13.5

Changes since 4.13.4
--------------------
* BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
  start-up failure.
* BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption
  setup failed on temp proxy connection.
* BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed
  force a full reload of services.
* BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about
  expired tombstones.
* BUG 14503: s3: Fix fcntl waf configure check.
* BUG 14602: s3/auth: Implement "winbind:ignore domains".
* BUG 14617: smbd: Use fsp->conn->session_info for the initial
  delete-on-close token.
* BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error
  path.
* BUG 14624: classicupgrade: Treat old never expires value right.
* BUG 14636: g_lock: Fix uninitalized variable reads.
* BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file().
* BUG 14625: lib:util: Avoid free'ing our own pointer.
* BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work.

Log message:
samba4: fix PLIST

Log message:
samba4: updated to 4.13.4

Changes 4.13.4
* BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
  7.3.7.
* BUG 14612: Temporary DFS share setup doesn't set case parameters in the
  same way as a regular share definition does.
* BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging
  functions.
* BUG 14579: Do not create an empty DB when accessing a sam.ldb.
* BUG 14596: vfs_fruit may close wrong backend fd.
* BUG 14612: Temporary DFS share setup doesn't set case parameters in the
  same way as a regular share definition does.
* BUG 14606: vfs_virusfilter: Allocate separate memory for config char*.
* BUG 14596: vfs_fruit may close wrong backend fd.
* BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap
  7.3.7.
* BUG 14601: The cache directory for the user gencache should be created
  recursively.
* BUG 14594: Be more flexible with repository names in CentOS 8 test
  environments.

Log message:
samba4: add missing entries to PLIST.Linux

Log message:
samba4: updated to 4.13.3

Changes since 4.13.2
* BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid()
  fails for crypto blob.
* BUG 14486: s3: modules: gluster. Fix the error I made in preventing talloc
  leaks from a function.
* BUG 14515: s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with
  NULL via TALLOC_FREE().
* BUG 14568: s3: spoolss: Make parameters in call to user_ok_token() match
  all other uses.
* BUG 14590: s3: smbd: Quiet log messages from usershares for an unknown
  share.
* BUG 14248: samba process does not honor max log size.
* BUG 14587: vfs_zfsacl: Add missing inherited flag on hidden "magic"
  everyone@ ACE.
* BUG 13124: s3-libads: Pass timeout to open_socket_out in ms.
* BUG 14486: s3-vfs_glusterfs: Always disable write-behind translator.
* BUG 14517: smbclient: Fix recursive mget.
* BUG 14581: clitar: Use do_list()'s recursion in clitar.c.
* BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind
  translator.
* BUG 14573: vfs_shadow_copy2: Preserve all open flags assuming ROFS.
* BUG 14514: interface: Fix if_index is not parsed correctly.