--- rpms/samba/sme10/samba.spec	2017/03/02 16:20:16	1.5
+++ rpms/samba/sme10/samba.spec	2017/05/26 21:02:39	1.8
@@ -6,7 +6,7 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 12.5
+%define main_release 14.6
 
 %define samba_version 4.4.4
 %define talloc_version 2.1.6
@@ -120,6 +120,11 @@ Patch9:    samba-4.4.7-fix_smget_auth_ca
 Patch10:   samba-4.4.6-fix_nss_wins.patch
 Patch11:   samba-4.4.7-fix_group_substituion_with_ad.patch
 Patch12:   samba-4.4.6-fix_smbclient_against_apple_and_azure.patch
+Patch13:   samba-4.4.x-fix_libads_krb5_memcache.patch
+Patch14:   CVE-2016-2125-v4-4.patch
+Patch15:   CVE-2016-2126-v4-4.patch
+Patch16:   CVE-2017-2619-v4-4.patch
+Patch17:   CVE-2017-7494.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -194,7 +199,7 @@ BuildRequires: glusterfs-devel >= 3.4.0.
 %if %{with_vfs_cephfs}
 BuildRequires: libcephfs1-devel
 %endif
-
+BuildRequires: gnutls-devel
 # Allow build with testsuite which uses heimdal
 #%if %{with_dc}
 #BuildRequires: gnutls-devel >= 3.4.7
@@ -718,6 +723,11 @@ and use CTDB instead.
 %patch10 -p1 -b .samba-4.4.6-fix_nss_wins.patch
 %patch11 -p1 -b .samba-4.4.7-fix_group_substituion_with_ad.patch
 %patch12 -p1 -b .samba-4.4.6-fix_smbclient_against_apple_and_azure.patch
+%patch13 -p1 -b .samba-4.4.x-fix_libads_krb5_memcache.patch
+%patch14 -p1 -b .CVE-2016-2125-v4-4.patch
+%patch15 -p1 -b .CVE-2016-2126-v4-4.patch
+%patch16 -p1 -b .CVE-2017-2619-v4-4.patch
+%patch17 -p1 -b .CVE-2017-7494.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -2027,8 +2037,22 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
-* Thu Mar 02 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-12.5.sme
+* Fri May 26 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-14.6.sme
+- import to SME the two last upstream releases [SME: 10326]
+- resolves: #1450784 - Security fix for CVE-2017-7494
+- resolves: #1437816 - Fix krb5 memory cache in libads sasl code
+- resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619
+
+* Thu May 18 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.4-14
+- resolves: #1450784 - Security fix for CVE-2017-7494
+
+* Wed Apr 05 2017 Andreas Schneider <asn@redhat.com> - 4.4.4-13
+- resolves: #1437816 - Fix krb5 memory cache in libads sasl code
+- resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619
+
+* Thu Mar 02 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-12.6.sme
 - added DC support thanks to Greg Zartman work [SME: 9817]
+- added Buildrequires gnutls-devel
 
 * Tue Nov 15 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-12
 - related: #1393051 - Fix return code if ip not defined in gethostbyname