enterprise-support team mailing list archive

Thread
Date
[Bug 2018054] [NEW] Merge samba from Debian unstable for mantic

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <2018054@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2023 22:17:14 -0000
Reply-to: Bug 2018054 <2018054@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: 4.17.7
Debian:   2:4.17.7+dfsg-1    2:4.18.2+dfsg-1
Ubuntu:   2:4.17.7+dfsg-1ubuntu1


Debian new has 2:4.18.2+dfsg-1, which may be available for merge soon.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.


### New Debian Changes ###

samba (2:4.17.7+dfsg-1) unstable; urgency=high

  * upstream stable/security/bugfix release, fixing the following issues:
    o CVE-2023-0225: An incomplete access check on dnsHostName allows
      authenticated but otherwise unprivileged users to delete this
      attribute from any object in the directory.
      https://www.samba.org/samba/security/CVE-2023-0225.html
    o CVE-2023-0922: The Samba AD DC administration tool, when operating
      against a remote LDAP server, will by default send new or reset
      passwords over a signed-only connection.
      https://www.samba.org/samba/security/CVE-2023-0922.html
    o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
      Confidential attribute disclosure via LDAP filters was insufficient and
      an attacker may be able to obtain confidential BitLocker recovery keys
      from a Samba AD DC.  Installations with such secrets in their Samba AD
      should assume they have been obtained and need replacing.
      https://www.samba.org/samba/security/CVE-2023-0614.html
    Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
  * update libldb symbols and versions

 -- Michael Tokarev <mjt@xxxxxxxxxx>  Wed, 29 Mar 2023 17:59:17 +0300

samba (2:4.17.6+dfsg-1) unstable; urgency=medium

  * new upstream stable/bugfix release 4.17.6:
   * https://bugzilla.samba.org/show_bug.cgi?id=15314
     streams_xattr is creating unexpected locks on folders.
   * https://bugzilla.samba.org/show_bug.cgi?id=10635
     Use of the Azure AD Connect cloud sync tool is now supported for password
     hash synchronisation, allowing Samba AD Domains to synchronise passwords
     with this popular cloud environment.
   * https://bugzilla.samba.org/show_bug.cgi?id=15299
     Spotlight doesn't work with latest macOS Ventura.
   * https://bugzilla.samba.org/show_bug.cgi?id=15310
     New samba-dcerpc architecture does not scale gracefully.
   * https://bugzilla.samba.org/show_bug.cgi?id=15307
     vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd()
     in close and fstat.
   * https://bugzilla.samba.org/show_bug.cgi?id=15293
     With clustering enabled samba-bgqd can core dump due to use after free.
   * https://bugzilla.samba.org/show_bug.cgi?id=15311
     fd_load() function implicitly closes the fd where it should not.
  * debian/po/ro.po update from Remus-Gabriel Chelu
  * s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch
     makes smbd a bit less spammy in logs
  * d/control: clarify some package descriptions (Closes: #1031922)

 -- Michael Tokarev <mjt@xxxxxxxxxx>  Thu, 09 Mar 2023 12:52:14 +0300

samba (2:4.17.5+dfsg-2) unstable; urgency=medium

  * d/control: samba: depends on exact version of python3-samba
  * d/control: fix typo
  * more tweaks for foreign/cross build
  * d/control: work around autodep8 #904999 again
  * introduce upstream-like aliases for debian .service names,
    add rationale

 -- Michael Tokarev <mjt@xxxxxxxxxx>  Sat, 04 Feb 2023 17:15:40 +0300

samba (2:4.17.5+dfsg-1) unstable; urgency=medium

  * new upstream stable/bugfix release. From WHATSNEW.txt:
    * BUG 14808: smbc_getxattr() return value is incorrect.
    * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX
      are not handled correctly.
    * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
    * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs()
      fails to find DC when there is only an AAAA record for the DC in DNS
      (Closes: #1023606).
    * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
    * BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
    * BUG 15283: vfs_virusfilter segfault on access,
      directory edgecase (accessing NULL value).
    * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
      based SChannel on NETLOGON (additional changes).
    * BUG 15243: %U for include directive doesn't work for share listing
      (netshareenum) (the fix was in debian before).
    * BUG 15266: Shares missing from netshareenum response in samba 4.17.4
      (the fix was in debian before).
    * BUG 15269: ctdb: use-after-free in run_proc.
    * BUG 15280: irpc_destructor may crash during shutdown.
    * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
    * BUG 15268: smbclient segfaults with use after free on an optimized build
    * BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
    * BUG 15164: Leak in wbcCtxPingDc2.
    * BUG 15265: Access based share enum does not work in Samba 4.16+.
    * BUG 15267: Crash during share enumeration.
    * BUG 15271: rep_listxattr on FreeBSD does not properly check
      for reads off end of returned buffer.
    * BUG 15281: Avoid relying on C89 features in a few places.
  * remove patches applied upstream:
   - reload-registry-shares-after-reloading-services.patch
   - rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
  * d/control: Standards-Version: 4.6.2 (no changes)
  * d/control: put all doc-generating build-deps into one line
  * little prep for cross-compilation
    - build-depend on python3:any and python3-dev:any
    - build-depend on libpython3-dev for actual module building,
      and use arch-specific python3-config from there


### Old Ubuntu Delta ###

samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #2014052). Remaining changes:
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
      + enable the liburing vfs module, except on i386 where liburing is
        not available
      + build-depend on libglusterfs-dev only on !i386 arches
    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
      samba AD DC provisioning and domain join tests with internal DNS
      (LP #1977746, LP #2011745)

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Fri, 31 Mar 2023 15:26:11
-0300

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: samba (Ubuntu)
    Milestone: None => ubuntu-23.06

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2018054

Title:
  Merge samba from Debian unstable for mantic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2018054/+subscriptions
Follow ups

[Bug 2018054] Re: Merge samba from Debian unstable for mantic
From: Launchpad Bug Tracker, 2023-06-28