Package samba: Information

- New build scheme with separate upstream, altlinux and sisyphus branches.

- Update to security release of Samba 4.17
- smbd fileserver fixes (Samba#15419, Samba#15420, Samba#15430, Samba#15432,
                         Samba#15417, Samba#15346, Samba#15453, Samba#15435):
  + Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink().
  + reply_sesssetup_and_X() can dereference uninitialized tmp pointer.
  + Missing return in reply_exit_done().
  + TREE_CONNECT without SETUP causes smbd to use uninitialized pointer.
  + Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted
    to remove the destination.
  + 2-3min delays at reconnect with smb2_validate_sequence_number:
    bad message_id 2.
  + File doesn't show when user doesn't have permission if
    aio_pthread is loaded.
  + Regression DFS not working with widelinks = true.

- replication fixes (Samba#15401, Samba#15407)
  + Improve GetNChanges to address some (but not all "Azure AD Connect")
    syncronisation tool looping during the initial user sync phase.
  + Samba replication logs show (null) DN.

- tools fixes (Samba#15384, Samba#15441, Samba#15451):
  + net ads lookup (with unspecified realm) fails
  + samba-tool ntacl get segfault if aio_pthread appended.
  + ctdb_killtcp fails to work with --enable-pcap and libpcap >= 1.9.1.

- other protocol fixes (Samba#15446, Samba#9959, Samba#15463
                        Samba#15449, Samba#15342, Samba#15427):
  + DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
  + Windows client join fails if a second container CN=System exists somewhere.
  + macOS mdfind returns only 50 results.
  + mdssvc: Do an early talloc_free() in _mdssvc_open().
  + Spotlight sometimes returns no results on latest macOS.
  + Spotlight results return wrong date in result list.

- Compatibility fixes of spec (thx asheplyakov@):
  + added missing BR: alternatives.
  + added rpm-macros-alterinatives as a pre-requirement.
  + added missing build-requirements: flex, liblmdb-devel.
  + dropped obsolete build dependency on gtk+2.
  + samba-client: libldb-cmdline-samba4.so.

- Disabled tracker backend in spotlight (obsolete with version less than 3.x).
- Disabled glusterfs on armh due it not supported on this architecture.

- Update to maintenance release of Samba 4.17:
  + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166).

- Security fixes (Samba#15418):
  + CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                    crafted request can trigger an out-of-bounds read in winbind
                    and possibly crash it.
                    https://www.samba.org/samba/security/CVE-2022-2127.html

  + CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                    "server signing = required" or for SMB2 connections to Domain
                    Controllers where SMB2 packet signing is mandatory.
                    https://www.samba.org/samba/security/CVE-2023-3347.html

  + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                    Spotlight can be triggered by an unauthenticated attacker by
                    issuing a malformed RPC request.
                    https://www.samba.org/samba/security/CVE-2023-34966.html

  + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                    Spotlight can be used by an unauthenticated attacker to
                    trigger a process crash in a shared RPC mdssvc worker process.
                    https://www.samba.org/samba/security/CVE-2023-34967.html

  + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                    side absolute path of shares and files and directories in
                    search results.
                    https://www.samba.org/samba/security/CVE-2023-34968.html