[Pkg-samba-maint] bookworm-security: package samba/2:4.17.10+dfsg-0+deb12u1

Salvatore Bonaccorso carnil at debian.org
Fri Jul 21 17:02:23 BST 2023 

Hi,

On Fri, Jul 21, 2023 at 04:56:54PM +0200, Moritz Muehlenhoff wrote:
> On Thu, Jul 20, 2023 at 09:07:35PM +0200, Moritz Muehlenhoff wrote:
> > > The fix for the recent windows updates is trivial to apply to 4.13,
> > > it's a simple patch which applies to 4.10 and even 4.7.  But this is
> > > like pretending we're doing something with that one, - nope, we're
> > > not. Maybe this should be made official really, I just don't know how
> > > to do that properly.
> > 
> > Nah, let's avoid solutions which provide a false sense of security. We can
> > tell people to upgrade to Bookworm and in the interim move to
> > bullseye-backports. I'll draft some text for the advisory.
> 
> How about the following:
> 
> ------------------------
> The version of Samba in Debian 11/Bullseye is based on Samba 4.13
> and faces multiple interoperability and maintenance issues with
> current Windows clients at this point, which cannot be reasonably
> backport any longer. The library packages and client side tools will
> continue to work fine, but the support for Samba server packages in
> Debian 11 is discontinued. You can either upgrade Samba servers to
> Debian 12/Bookworm or if that is not an option migrate to the the
> version of Samba provided in bullseye-backports (which is a backport
> of what is in Debian 12).
> ------------------------

As the maintainer you are in the best position to really judge that,
but in past we did just discontinued the part of Samba running as AD
while still Samba running as Fileserver be supported. Are we sure we
just want to drop completely the support? Is the path to migrate to
4.17.y within bullseye to bullseye-backports without need of major
changes?

Utilmately I will not block this, but I would want to raise a question
flag. I was helping out Mathieu in past with the samba updates for
security-updates as you can see from the changelog entries (up to
~deb11u3). I was thinking if we are able to continue doing so for the
issues in the Fileserver parts still, but have not looked into the
last patchsets.

Thanks for keeping up with the samba maintenance!

Regards,
Salvatore

More information about the Pkg-samba-maint mailing list