Changelog
samba (2:4.17.3+dfsg-1) unstable; urgency=medium
* new upstream security release 4.17.3, fixing the following issue:
CVE-2022-42898: Heimdal Kerberos libraries suffers from an integer
multiplication overflow vulnerability which affects 32bit platforms,
see https://www.samba.org/samba/security/CVE-2022-42898.html
This changes third_party/heimdal/, it does not affect mitkrb5 builds.
* d/rules: stop stripping +dfsg suffix from ldb version
* d/control: declare dependency on password (for groupadd in postinst)
for winbind and samba (Closes: #1023759)
* implement pkg.samba.mitkrb5 build profile to build with system mit-krb5
(with "mitkrb5" version suffix in some packages for now)
* d/control: mark libufing-dev build dep with <!pkg.samba.nouring>
(to simplify out-of-archive builds for older systems)
* d/rules: parametrise list of packages to omit (eg on ubuntu-i386)
with ${omit-pkgs}
* d/rules: use variables in a more consistent way, use single ${config-args}
* d/control: tdb-tools and lmdb-utils packages are also needed for tests
(everything is commented out for now anyway)
* d/rules: update knownfail tests
* d/rules: stop exporting buildflags, export compiler options when needed
* d/rules: always define rados:Depends & vfsmods:Depends substvars
* unwrap-getresgid-typo.patch - fix crash during p11-kit execution
(https://bugzilla.samba.org/show_bug.cgi?id=15227) (for the testsuite only)
* nsswitch-pam-data-time_t.patch - fix time_t not fit in a pointer (eg x32)
(https://bugzilla.samba.org/show_bug.cgi?id=15224)
-- Michael Tokarev <email address hidden> Tue, 15 Nov 2022 19:26:10 +0300