Merge samba from Debian unstable for noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
Upstream: 4.18.8
Debian: 2:4.19.2+dfsg-1
Ubuntu: 2:4.18.
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
### New Debian Changes ###
samba (2:4.19.2+dfsg-1) unstable; urgency=medium
* new upstream stable/bugfix release:
- https:/
Use-after-free in aio_del_
after failed IPC FSCTL_PIPE_
- https:/
clidfs.c do_connect() missing a 'return' after a cli_shutdown() call
- https:/
macOS mdfind returns only 50 results
- https:/
GETREALFIL
with previous cache entry value
- https:/
libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more
- https:/
ctdbd: setproctitle not initialized messages flooding logs
- https:/
CVE-2023-5568 Heap buffer overflow with freshness tokens
in the Heimdal KDC in Samba 4.19
- https:/
The heimdal KDC doesn't detect s4u2self correctly when fast is in use
* d/samba-
/etc/
-- Michael Tokarev <email address hidden> Mon, 16 Oct 2023 18:26:31 +0300
samba (2:4.19.1+dfsg-4) unstable; urgency=medium
* d/samba-
-- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 22:33:32 +0300
samba (2:4.19.1+dfsg-3) unstable; urgency=medium
* d/ctdb.install: sync ceph arch list
* d/control: mention other places where ceph arch list is used
-- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 20:12:20 +0300
samba (2:4.19.1+dfsg-2) unstable; urgency=medium
* d/rules: sync with-ceph arch list from d/control
-- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 19:03:42 +0300
samba (2:4.19.1+dfsg-1) unstable; urgency=medium
* new stable security bugfix release:
o CVE-2023-3961: https:/
Unsanitized pipe names allow SMB clients to connect as root
to existing unix domain sockets on the file system.
o CVE-2023-4091: https:/
SMB client can truncate files to 0 bytes by opening files with OVERWRITE
disposition when using the acl_xattr Samba VFS module with the smb.conf
setting 'acl_xattr:ignore system acls = yes'
o CVE-2023-4154: https:/
An RODC and a user with the GET_CHANGES right can view all attributes,
including secrets and passwords. Additionally, the access check fails
open on error conditions.
o CVE-2023-42669: https:/
Calls to the rpcecho server on the AD DC can request that the server
block for a user-defined amount of time, denying service.
o CVE-2023-42670: https:/
Samba can be made to start multiple incompatible RPC listeners,
disrupting service on the AD DC.
* remove debconf questions and wins dhcp hooks together with po files
(wins is not relevant today anymore)
* d/control: bump mit-krb5 build-dep (on mitkrb5 profile) to 1.20
* d/control: disable ceph (libcephfs-dev, librados-dev) on 32bit
architectures (Closes: #1053202)
* d/control: enable rados on riscv64 once it's available there
* d/control: samba-libs: depend on libldb of the same version since libldb
symbols might appear during previous stable series but they don't propagate
to next releases with previous minor version numbers. This is ABI breakage
but the symbols are mostly internal to samba itself
* debian/
* drop attempts to keep ldb ABI versioning
-- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 18:02:05 +0300
samba (2:4.19.0+dfsg-1) unstable; urgency=medium
* new upstream release. Some highlights:
o changed command-line interface of smbget utility
o improved winbindd logging
o AD database prepared to FL 2016 standards for new domains
o initial, partial implementation of AD FL 2012, 2012R2 and 2016
o samba-tool support for silos, claims, sites and subnets
o updated Heimdal import
o other improvements and changes, see WHATSNEW.txt file for details.
* d/patches: remove patches applied upstream, refresh patches
* d/control: update talloc/tevent/tdb build-deps
* d/smbclient.
* d/patches: add ldb 2.7.1 & 2.7.2 ABI files
* d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0)
* d/python3-
* d/control: fix description of samba-common-bin (samba-client)
* d/samba-
### Old Ubuntu Delta ###
samba (2:4.18.
* No-change rebuild with glusterfs 10.3 (LP: #2035127)
-- Andreas Hasenack <email address hidden> Wed, 13 Sep 2023 09:57:01 -0300
samba (2:4.18.
* Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes:
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
+ enable the liburing vfs module, except on i386 where liburing is
not available
- d/t/control, d/t/util,
samba AD DC provisioning and domain join tests with internal DNS
(LP #1977746, LP #2011745)
* Dropped:
- build-depend on libglusterfs-dev only on !i386 arches
[In 2:4.18.5+dfsg-2]
- Add changes to fix uncaught exception when updating old password
containing regex metacharacters by simplifying samba-tool password
redaction (LP #2002949).
+ d/p/lib-
+ d/p/lib-
+ d/p/lib-
+ d/p/samba-
+ d/p/python-
+ d/p/python-
+ d/p/python-
[Fixed upstream in 4.18.6]
* Added:
- d/control: adjust breaks/replaces for file move that Debian did in
4.
file conflict in a dist-upgrade from earlier Ubuntu releases, like
Kinetic (LP: #2024663)
- d/rules: ceph is not available in Ubuntu i386, disable it
-- Andreas Hasenack <email address hidden> Thu, 17 Aug 2023 09:52:00 -0300
Related branches
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 3610 lines (+3180/-8)7 files modifieddebian/changelog (+2622/-0)
debian/control (+30/-4)
debian/rules (+11/-3)
debian/samba-vfs-modules-extra.install (+4/-0)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+111/-1)
Changed in samba (Ubuntu): | |
milestone: | none → ubuntu-24.01 |
Changed in samba (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in samba (Ubuntu): | |
status: | New → In Progress |
Changed in samba (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package samba - 2:4.19. 4+dfsg- 3ubuntu1
--------------- 4+dfsg- 3ubuntu1) noble; urgency=medium
samba (2:4.19.
* Merge with Debian unstable (LP: #2051717). Remaining changes: d/t/samba- ad-dc-provision ing-internal- dns: 16.6+dfsg- 5, and Ubuntu only did in 4.17.7+ dfsg-1ubuntu1, to avoid modules- glusterfs package
samba- vfs-modules- extra package vfs-modules- extra.install: add glusterfs vfs modules and
- debian/control: Ubuntu i386 binary compatibility:
+ enable the liburing vfs module, except on i386 where liburing is
not available
- d/t/control, d/t/util,
samba AD DC provisioning and domain join tests with internal DNS
(LP #1977746, LP #2011745)
- d/control: adjust breaks/replaces for file move that Debian did in
4.
file conflict in a dist-upgrade from earlier Ubuntu releases, like
Kinetic (LP #2024663)
- d/control: python3-samba has a runtime dep on python3-markdown
- glusterfs is no longer in main, create new binary package in
universe to ship the samba glusterfs vfs modules and manpages
(LP #2045063):
+ d/control: new samba-vfs-
+ d/rules: glusterfs vfs modules and manpages are now in the
+ d/samba-
manpage
* Added:
- d/t/util: handle breakage introduced by lxd-installer. If on
Ubuntu, assume lxd comes from a snap and install it if needed
- d/t/util: ignore cloud-init's warning exit status, which is
happening because of LP #2048129 (also see LP #2048522)
-- Andreas Hasenack <email address hidden> Sat, 03 Feb 2024 10:14:42 -0300