enterprise-support team mailing list archive

Thread
Date
[Bug 1946839] [NEW] Merge samba from Debian unstable for 22.04

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <1946839@xxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Oct 2021 04:01:51 -0000
Reply-to: Bug 1946839 <1946839@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Scheduled-For: 23.01
Upstream: 4.13.12
Debian:   2:4.13.5+dfsg-2    
Ubuntu:   2:4.13.5+dfsg-2ubuntu2


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.


### New Debian Changes ###

samba (2:4.13.5+dfsg-2) unstable; urgency=high

  * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
    entries in the Samba file server process token (Closes: #987811)
  * Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209)

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Thu, 06 May 2021 21:09:29 +0200

samba (2:4.13.5+dfsg-1) unstable; urgency=medium

  * New upstream version (Closes: #984863)

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Sat, 13 Mar 2021 08:31:27 +0100

samba (2:4.13.4+dfsg-1) unstable; urgency=medium

  * New upstream version
    - GPG signature has changed
    - Update samba-libs.install
    - Update symbols
  * Never use priority high when asking for DHCP integration (Closes: #981554)
  * Sync CTDB patches with Ubuntu:
    - Add 'ctdb-config: enable syslog by default'
    - Update 'fix nfs related service names'
  * d/rules: Ubuntu specifics
    - No Ceph on i386
    - Disable some i386 packages
    - No GlusterFS

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Tue, 09 Feb 2021 22:26:43 +0100

samba (2:4.13.3+dfsg-1) unstable; urgency=medium

  [ Andreas Hasenack ]
  * d/control: enable the liburing vfs module (Closes: #976854)
  * Add new DEP8 tests for the uring vfs module
  * Factor out common DEP8 test code into d/t/util and change the tests to
    source from it
  * Add set -x and set -e to DEP8 tests

  [ Mathieu Parent ]
  * liburing-dev is linux-any
  * New upstream version

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Wed, 16 Dec 2020 18:23:09 +0100

samba (2:4.13.2+dfsg-3) unstable; urgency=medium

  * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
  * Only check configuration on configure step

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Sun, 22 Nov 2020 10:44:51 +0100

samba (2:4.13.2+dfsg-2) unstable; urgency=medium

  * Upload to unstable

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Wed, 18 Nov 2020 20:34:51 +0100

samba (2:4.13.2+dfsg-1) experimental; urgency=medium

  * New upstream major version
    - Update d/gbp.conf, d/watch and d/README.source for 4.13
    - Update patches
    - Bump build-depends ldb >= 2.2.0
    - Install new files
    - Update symbols
  * Includes the following security fixes:
    - CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
      (Closes: #973400)
    - CVE-2020-14323: Unprivileged user can crash winbind (Closes: #973399)
    - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
      easily crafted records (Closes: #973398)
    - CVE-2020-1472: Unauthenticated domain takeover via netlogon ('ZeroLogon')
      (Closes: #971048)
  * Includes the following fixes:
    - Fixes 'samba_dnsupdate gives depreacation warnings' (Closes: #973957)
    - s3: libsmbclient.h: add missing time.h include (Closes: #946840)
  * Remove unused python3-crypto dependency (Closes: #971292)
  * Enable Spotlight with ES backend (Closes: #956096, #956482)
  * Standards-Version: 4.5.0
  * Add missing Build-Depends-Package in libsmbclient.symbols and
    libwbclient0.symbols
  * d/copyright: Fix duplicate-globbing-patterns
  * Remove outdated/malformed lintian overrides
  * d/winbind.logrotate: Only reload winbindd when running (Closes: #946821)
  * Bump to debhelper compat 13
  * Add another library-not-linked-against-libc override

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Thu, 12 Nov 2020 11:23:01 +0100

samba (2:4.12.5+dfsg-3) unstable; urgency=high

  * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
    (Closes: #963971)
  * Add patch traffic_packets: fix SyntaxWarning: 'is' with a literal
    (Closes: #964165)
  * Add patch Rename mdfind to mdsearch (Closes: #963985)

 -- Mathieu Parent <sathieu@xxxxxxxxxx>  Sat, 04 Jul 2020 23:57:59 +0200


### Old Ubuntu Delta ###

samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium

  * No-change rebuild due to OpenLDAP soname bump.

 -- Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>  Mon, 21 Jun
2021 18:08:36 -0400

samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/VERSION.patch: Update vendor string to 'Ubuntu'.
    - debian/smb.conf;
      + Add '(Samba, Ubuntu)' to server string.
      + Comment out the default [homes] share, and add a comment about
        'valid users = %s' to show users how to restrict access to
        /server/username to only username.
    - d/control: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
    - d/control: add a versioned libgnutls28-dev build-depends to reduce
      the amount of in-tree crypto code that is built
    - d/control: enable the liburing vfs module, except on i386 where
      liburing is not available
    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
      Skip running the tests if on i386 platform, because the uring
      package is not available there.
  * Dropped changes:
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
      [Included in 2:4.13.4+dfsg-1]
    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
      change nfs service name from nfs to nfs-kernel-server
      (LP #722201)
      [Included in 2:4.13.4+dfsg-1]
    - d/p/ctdb-config-enable-syslog-by-default.patch:
      enable syslog and systemd journal by default
      [Included in 2:4.13.4+dfsg-1]
    - debian/rules: Ubuntu i386 binary compatibility:
      + drop ceph support
      + disable the following binary packages:
        - ctdb
        - libnss-winbind
        - libpam-winbind
        - python3-samba
        - samba
        - samba-common-bin
        - samba-testsuite
        - winbind
      [Included in 2:4.13.4+dfsg-1]
    - debian/rules: Ubuntu i386 binary compatibility:
      + re-enable the following binary packages:
        - libnss-winbind
        - samba-common-bin
        - python3-samba
        - winbind
      [Included in 2:4.13.4+dfsg-1]
    - SECURITY UPDATE: wrong group entries via negative idmap cache entries
      + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
        source3/passdb/lookup_sid.c.
      + CVE-2021-20254
      [Included in 2:4.13.5+dfsg-2]

 -- Athos Ribeiro <athos.ribeiro@xxxxxxxxxxxxx>  Mon, 17 May 2021
11:51:54 -0300

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1946839

Title:
  Merge samba from Debian unstable for 22.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1946839/+subscriptions
Follow ups

[Bug 1946839] Re: Merge samba from Debian unstable for 22.04
From: Launchpad Bug Tracker, 2022-03-02