--- rpms/samba/sme10/samba.spec	2017/03/02 16:04:48	1.3
+++ rpms/samba/sme10/samba.spec	2017/05/26 21:02:39	1.8
@@ -6,7 +6,7 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 12
+%define main_release 14.6
 
 %define samba_version 4.4.4
 %define talloc_version 2.1.6
@@ -32,7 +32,7 @@
 %global with_internal_talloc 0
 %global with_internal_tevent 0
 %global with_internal_tdb 0
-%global with_internal_ldb 0
+%global with_internal_ldb 1
 
 %global with_profiling 1
 
@@ -56,8 +56,8 @@
 %global libwbc_alternatives_suffix -64
 %endif
 
-%global with_mitkrb5 1
-%global with_dc 0
+%global with_mitkrb5 0
+%global with_dc 1
 
 %if %{with testsuite}
 # The testsuite only works with a full build right now.
@@ -120,6 +120,11 @@ Patch9:    samba-4.4.7-fix_smget_auth_ca
 Patch10:   samba-4.4.6-fix_nss_wins.patch
 Patch11:   samba-4.4.7-fix_group_substituion_with_ad.patch
 Patch12:   samba-4.4.6-fix_smbclient_against_apple_and_azure.patch
+Patch13:   samba-4.4.x-fix_libads_krb5_memcache.patch
+Patch14:   CVE-2016-2125-v4-4.patch
+Patch15:   CVE-2016-2126-v4-4.patch
+Patch16:   CVE-2017-2619-v4-4.patch
+Patch17:   CVE-2017-7494.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -194,7 +199,7 @@ BuildRequires: glusterfs-devel >= 3.4.0.
 %if %{with_vfs_cephfs}
 BuildRequires: libcephfs1-devel
 %endif
-
+BuildRequires: gnutls-devel
 # Allow build with testsuite which uses heimdal
 #%if %{with_dc}
 #BuildRequires: gnutls-devel >= 3.4.7
@@ -395,6 +400,7 @@ Samba VFS module for Ceph distributed st
 %package vfs-glusterfs
 Summary: Samba VFS module for GlusterFS
 Group: Applications/System
+Requires: libldb
 Requires: glusterfs-api >= 3.4.0.16
 Requires: glusterfs >= 3.4.0.16
 Requires: %{name} = %{samba_depver}
@@ -494,7 +500,7 @@ Requires: %{name}-client-libs = %{samba_
 Requires: %{name}-libs = %{samba_depver}
 Requires: python-tevent
 Requires: python-tdb
-Requires: pyldb
+#Requires: pyldb
 Requires: pytalloc
 
 Provides: samba4-python = %{samba_depver}
@@ -717,6 +723,11 @@ and use CTDB instead.
 %patch10 -p1 -b .samba-4.4.6-fix_nss_wins.patch
 %patch11 -p1 -b .samba-4.4.7-fix_group_substituion_with_ad.patch
 %patch12 -p1 -b .samba-4.4.6-fix_smbclient_against_apple_and_azure.patch
+%patch13 -p1 -b .samba-4.4.x-fix_libads_krb5_memcache.patch
+%patch14 -p1 -b .CVE-2016-2125-v4-4.patch
+%patch15 -p1 -b .CVE-2016-2126-v4-4.patch
+%patch16 -p1 -b .CVE-2017-2619-v4-4.patch
+%patch17 -p1 -b .CVE-2017-7494.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -879,8 +890,8 @@ install -m 0644 %{SOURCE200} packaging/R
 %endif
 
 install -d -m 0755 %{buildroot}%{_unitdir}
-for i in nmb smb winbind ; do
-    cat packaging/systemd/$i.service | sed -e 's@\[Service\]@[Service]\nEnvironment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba@g' >tmp$i.service
+for i in nmb smb winbind samba; do
+    cat packaging/systemd/$i.service | sed -e 's@\[Service\]@[Service]\nEnvironment=KRB5CCNAME=/run/samba/krb5cc_samba@g' >tmp$i.service
     install -m 0644 tmp$i.service %{buildroot}%{_unitdir}/$i.service
 done
 %if %with_clustering_support
@@ -1494,6 +1505,7 @@ rm -rf %{buildroot}
 %{_libdir}/samba/ldb/repl_meta_data.so
 %{_libdir}/samba/ldb/resolve_oids.so
 %{_libdir}/samba/ldb/rootdse.so
+%{_unitdir}/samba.service
 %{_libdir}/samba/ldb/samba3sam.so
 %{_libdir}/samba/ldb/samba3sid.so
 %{_libdir}/samba/ldb/samba_dsdb.so
@@ -2025,7 +2037,24 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
-* Tue Nov 15 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-11
+* Fri May 26 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-14.6.sme
+- import to SME the two last upstream releases [SME: 10326]
+- resolves: #1450784 - Security fix for CVE-2017-7494
+- resolves: #1437816 - Fix krb5 memory cache in libads sasl code
+- resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619
+
+* Thu May 18 2017 Guenther Deschner <gdeschner@redhat.com> - 4.4.4-14
+- resolves: #1450784 - Security fix for CVE-2017-7494
+
+* Wed Apr 05 2017 Andreas Schneider <asn@redhat.com> - 4.4.4-13
+- resolves: #1437816 - Fix krb5 memory cache in libads sasl code
+- resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619
+
+* Thu Mar 02 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-12.6.sme
+- added DC support thanks to Greg Zartman work [SME: 9817]
+- added Buildrequires gnutls-devel
+
+* Tue Nov 15 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-12
 - related: #1393051 - Fix return code if ip not defined in gethostbyname
 
 * Wed Nov 09 2016 Andreas Schneider <asn@redhat.com> - 4.4.4-11