<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: .875rem;
}
body {
-webkit-text-shadow: hsla(0,0%,100%,.01) 0 0 1px;
}
body {
font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: hsla(0,0%,100%,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Michael Tokarev pushed to branch debian/4.22 at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b4912756d2877fb4db4c75299fcbda54dc0e842b">b4912756</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-02-19T10:40:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>VERSION: Bump version up to Samba 4.22.9...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4146d3a90aa0483bced13cd3327c70218dd8132c">4146d3a9</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>selftest: mark "smb2.lease.rename_dir_openfile" as flapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15978
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 23 12:37:28 UTC 2026 on atb-devel-224
(cherry picked from commit 437436832fdddfda692fac01452ad7bc4a0b6e3d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/178c213067500c7ae27819f0f83d9fcfd5a16813">178c2130</a></strong>
<div>
<span> by Noel Power </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>s3/librpc/crypto: Don't keep growing in memory keytab
When we have long living concurrent connections every rpc bind
ends up calling and subsequently adding keytab entries to the
memory keytab returned by 'gse_krb5_get_server_keytab(...)'. This is
happening because as long as there is a handle open for the
keytab named "MEMORY:cifs_srv_keytab" then we keep adding entries to
it.
Note: There is no leak of gensec_security nor the krb5_keytab
it contains. When rpc clients connected to the rpc worker process
exit the gensec_security and the krb5_keytab structures are
destructed as expected. However because we use a fixed name
"MEMORY:cifs_srv_keytab" clients end up with a handle to a
reference counted shared keytab. Destruction of the keytab results
in the associated reference count being decremented. When the
reference count reaches 0 the keytab is destroyed.
To avoid the keytab being extended the easiest solution is to ensure a
unique memory keytab is created for each client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16042
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Mar 30 09:36:45 UTC 2026 on atb-devel-224
(cherry picked from commit c28a86c45d9d9673de18f9c29ea80dff12c9e7dd)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6a1ff6298fdc66d440834b9a1f790442d3280dac">6a1ff629</a></strong>
<div>
<span> by Martin Schwenke </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ctdb-tests: Update statd-callout unit test infrastructure
Don't cheat. Keep some state about what is happening, similar to what
statd_callout and statd_callout_helper are expected to keep. This
means hinting arguments to check_shared_storage_statd_state() and
check_statd_callout_smnotify() can be dropped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15939
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit 85afee0a83dd2f70b90cff4c1e21b865640261fb)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8603eb0b7bdc17e28ba19d4b264b65762795394f">8603eb0b</a></strong>
<div>
<span> by Peter Schwenke </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ctdb-scripts: Only send notifies for newly taken IPs
We no longer delete shared state (and send notifies) for
IPs previously held by the current node. The NFS lock manager
won't have released locks for these IPs, so won't generate
SM_MON on reclaim attempts. Therefore, there will be
no add-client to put them back.
We now record newly taken IP addresses in takeip,
and only send notifies for those during
ipreallocated. The extra notifies were also confusing
statd.
Update existing tests to always simulate taking all of a node's IPs.
This causes no output changes.
Test updates confirm the subtleties of the statd_callout_helper
behaviour change. These pretend to only take a single IP, so
SM_NOTIFY must not be sent for other IPs. Shared state should
remain for these other files.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15939
Signed-off-by: Peter Schwenke <pschwenke@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit e4914e6a4f1cb77eebf86c5ab3f241c2a9e5bd05)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/84cb6eb6ff38eae744fc832977d0f900c45adb90">84cb6eb6</a></strong>
<div>
<span> by Peter Schwenke </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ctdb-failover: Add sm-notify to statd_callout
sm-notify is required when an NFS client reboots.
rpc-statd on the client will send an sm-notify to
rpc-statd on the NFS sever.
Add a test case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15938
Signed-off-by: Peter Schwenke <pschwenke@ddn.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Feb 18 12:29:16 UTC 2026 on atb-devel-224
(cherry picked from commit 7c5ce115f2c11e5a2dd326238f08bc5e7c10641c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c7adc83306ac8d284aa8095db7e6b671fc2a253e">c7adc833</a></strong>
<div>
<span> by Noel Power </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>selftest: Update tests to use --use-kereros=desired|required no creds
Add tests to call smbclient without passing credentials to
demonstrate failure with --use-kereros=desired
Also add knownfail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a22af9420965083b99b956477d1833000b7f2414)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b6d084e8e1e884ac339fb59665a551faef85365d">b6d084e8</a></strong>
<div>
<span> by Noel Power </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>auth/credentials: Fix regression with --use-kerberos=desired for smbclient
As part of the gse_krb5 processing the following call chain
gensec_gse_client_start()
---> gensec_kerberos_possible()
---> cli_credentials_authentication_requested()
gensec_kerberos_possible() will always fail when
cli_credentials_get_kerberos_state() returns CRED_USE_KERBEROS_DESIRED
It seems since use kerberos == desired is the default that it isn't
necessary to see if credentials were modified to indicated authentication
was requested. gensec_kerberos_possible() should afaics return true
if kerberos is desired OR required (regardless of whether credentials
were requested)
This commit removes the knownfail associated with this bug.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 88f42eb222f299189d5f5f8204ae353e63a50970)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2358c39db5b54883aa9d291338552bde3b3ea512">2358c39d</a></strong>
<div>
<span> by Noel Power </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>s3/libsmb: cli_session_creds_init fails when kerberos is desired
There is a regression with code using cli_session_creds_init when
cli_credentials_get_kerberos_state() returns CRED_USE_KERBEROS_DESIRED
Authentication succeeds when boolean fallback_after_kerberos is false
and fails when true.
There doesn't seem to be a good reason why the value of
fallback_after_kerberos should initialise the krb5 ccache or not.
It would seems that krb5 cache should be setup for creds
for *any* kerberos auth (whether fallback is enabled or not)
Partial patch from <will69@gmx.de> (see bug referenced below)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1c48599105736499d18aa1f647bce9e1f8dbdcca)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3d467f5b859ae676909ac3f193ad9131c8c6e5b3">3d467f5b</a></strong>
<div>
<span> by Noel Power </span> <i> at 2026-04-08T16:43:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>s3/libsmb: block anon authentication fallback is use-kerberos = desired
When cli_credentials_get_kerberos_state returns CRED_USE_KERBEROS_REQUIRED
libsmbclient method SMBC_server_internal will still try to fallback to
anon NTLM. This patch prevents that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Feb 17 16:06:18 UTC 2026 on atb-devel-224
(cherry picked from commit bc868800276fe09cbcb206ebe4cb4da32af7599f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/27dad685330bc67bb7c6306ab187a734c35edf3e">27dad685</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2026-04-08T17:40:49+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>rpc: Don't offer spoolss RPC with "disable spoolss = yes"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=16019
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 13 09:00:05 UTC 2026 on atb-devel-224
(cherry picked from commit 8497fb05d8d9c082b7ba318844970f0b3227aff9)
Autobuild-User(v4-22-test): Björn Jacke <bjacke@samba.org>
Autobuild-Date(v4-22-test): Wed Apr 8 17:40:49 UTC 2026 on atb-devel-224
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ef25c3fcb9f627d47640e178e82f08d64ff6dd78">ef25c3fc</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-04-09T10:46:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>WHATSNEW: Add release notes for Samba 4.22.9
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ff3dd691f38e23f9ea8d18376df1b24ea9b335b6">ff3dd691</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-04-09T10:51:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>VERSION: Disable GIT_SNAPSHOT for the 4.22.10 release.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ef42f9ccaaf2fd0e4b885e54b26e67abbe5f2356">ef42f9cc</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-04-09T10:53:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>VERSION: Bump version up to Samba 4.22.10...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ec7b13c0b03142e1e7d94c8d85e93b38a2f0e7db">ec7b13c0</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-04-10T19:51:09+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>New upstream version 4.22.9+dfsg</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/677936c3b431e7e5be6e8c2921f770e103094630">677936c3</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-04-10T19:51:32+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update upstream source from tag 'upstream/4.22.9+dfsg'
Update to upstream version '4.22.9+dfsg'
with Debian dir 63de8a6a9b0616478a100d36e2b96398f2cb5b95</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7cbcccb423db005a1d91f416b9c8f0cc15c996e3">7cbcccb4</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-04-10T20:22:37+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>update changelog; upload version 4.22.9+dfsg-0 to unstable
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/e153cec7a8a271465de76d38a96ca5dc4fded82d">e153cec7</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-04-10T20:23:20+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>update changelog; upload version 4.22.9+dfsg-0+deb13u1 to trixie
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7e0bdc05237cdf10e5ee22aa884af8337a53607e">7e0bdc05</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-12T15:05:10+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_winbind: only chown the home directory if it was created
Otherwise we may change the permission for '/'
if some systemuser (e.g. nobody) has no homedir and root
runs 'su - nobody'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16073
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Sun May 10 23:22:27 UTC 2026 on atb-devel-224
(cherry picked from commit 79caa6ef08b9b333e17bb0762e95e18e250db463)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/11dcdd6b6a880e0f59d478ff3fd5e2ad579f5719">11dcdd6b</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-05-12T16:09:54+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>samba_cross.py: autobuild fails with trailing space at line endings
autobuild fails with trailing space at line endings, so we need to strip() only
at "\n" here strictly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16057
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 10 21:20:52 UTC 2026 on atb-devel-224
(cherry picked from commit 2f8dfde1210395175e726455bdb63a7b97245a72)
Autobuild-User(v4-24-test): Björn Jacke <bjacke@samba.org>
Autobuild-Date(v4-24-test): Tue Apr 14 13:43:47 UTC 2026 on atb-devel-224
Autobuild-User(v4-22-test): Björn Jacke <bjacke@samba.org>
Autobuild-Date(v4-22-test): Tue May 12 16:09:54 UTC 2026 on atb-devel-224
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/024c0f6e511f0b477f5dd2582f03ac0f44f011d1">024c0f6e</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2026-05-15T11:26:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-1933: tests: Fix permissions used for creating reparse points
SEC_STD_ALL does not lead to fsp->access_mask to include the required
bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15992
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a0e66dbfc549b7b3daea5b82a626dda5810ec764">a0e66dbf</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:26:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-1933: smbd: Add access checks to reparse point operations
On a share marked "read only = yes" and on file handles opened R/O
users can set or delete the reparse point xattrs on files that the
user has write-access in the file system for. Add the required access
checks.
Thanks to Asim Viladi Oglu Manizada for reporting the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15992
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/97f86ccf7d26ea3600739e9de16eb68be64162c3">97f86ccf</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-2340: test whether vfs_worm allows overwrite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15997
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/76d10f4480d981ddef237e447ea48beef430da84">76d10f44</a></strong>
<div>
<span> by Pavel Kohout </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-2340: vfs_worm: Check destination WORM status in rename
vfs_worm_renameat() only checked if the source file was WORM-protected,
but not the destination. This allowed overwriting immutable files via
SMB2 rename with ReplaceIfExists=1, bypassing WORM protection.
Add destination check using FSTATAT on the destination dirfsp, as
suggested by the maintainer.
CWE-284 (Improper Access Control)
Reported-by: Pavel Kohout, Aisle Research, www.aisle.com
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15997
To backport to 4.23 we change the name of dst_dirfsp and src_dirfsp to
dstfsp and srcfsp, respectively (accounting for
76796180cf3af3252db2c29d0e95282a498a8527 in 4.24/master).
Signed-off-by: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2ea796104ce1e39becaab59608ade4d30cc5352e">2ea79610</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3012: gpo tests: fix test cleanup
These tests are going to fail soon but as currently written they do
not clean up after themselves, erroring instead of failing and causing
cascading errors in subsequent tests. For now we don't care to make
the other tests less fragile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16003
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f21f87e0f64dc4aea8c9537f182282077ae6a37b">f21f87e0</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3012: do not fetch certificate over http
In the case where a certificate was found via HTTP, it was trusted
without verification and put in the global CA store.
There is no means to check the certificate other than by comparing it
to certificates we may have gathered via LDAP, but in that case there
is no advantage over just using the LDAP-derived certificates.
Using the LDAP certificates was already the fallback case if HTTP
failed, so we just make it the default.
The HTTP fetch depends on the NDES service, which is a variant of
Simple Certificate Enrolment Protocol (SCEP, RFC8894), but in fact
Samba implements none of that protocol other than the HTTP fetch. SCEP
is for clients that are not true domain members. Domain members can
access to certificates over LDAP. This patch is not reducing SCEP
client support because Samba never had it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16003
Reported-by: Arad Inbar, DREAM Security Research Team
Reported-by: Nir Somech, DREAM Security Research Team
Reported-by: Ben Grinberg, DREAM Security Research Team
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7337d99ed55c01cd5837029485cd971a48f761c2">7337d99e</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3012: gp_auto_enrol: skip CAs not found in LDAP
If a certificate is mentioned in a GPO but is not present as a
cACertificate attribute on a pKIEnrollmentService object, we have no way
of obtaining it, so we might as well forget it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16003
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6bde7ce351af70c017bb57fb02651ad57403188c">6bde7ce3</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3012: gpo tests should use real certificates
Or at least, more real than a short arbitrary byte string, so that
the certificates can be parsed.
This shows that certificate enrolment works via LDAP in the situations
where we would have fetched them via HTTP.
This does not fix the advanced_gp_cert_auto_enroll_ext test which
wants to install certificates it has no access too. This will not be
fixed in the security release.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16003
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4798eb7aba91f526d3e88d7dbb3fb06923d891e5">4798eb7a</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2026-05-15T11:26:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3238: winsserver4: Dissolve direct variable initialization
Checks are required before the packet is dereferenced
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16012
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4a53add03f1eb5d44deb76d7e171fc638e9ef8d0">4a53add0</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2026-05-15T11:26:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-3238: winsserver4: Validate incoming packets
Avoid NULL pointer dereferences, leading to a crash in the nbt process
serving wins.
Thanks to Arad Inbar, Erez Cohen, Nir Somech and Ben Grinberg from
DREAM Security Research Team for pointing out this crash bug out to
the Samba team.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16012
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/26b64ec55944b375ead223a214c5f4301329511f">26b64ec5</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: inline string_sub2() into string_sub() the only caller
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/76dcb30911c22d92ca79e9034656b691a2d51df4">76dcb309</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: remove unused talloc_strdup(insert) from talloc_string_sub2()
The insert string is not modified, so we do not need to copy it.
This will simplify further changes.
Review with: git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3032b7efe9d2fd35081ec33d575d01f9ebf6725c">3032b7ef</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: factor out a mask_unsafe_character() helper function
This moves the logic into a single place and
makes if more flexible to be used with more
values than STRING_SUB_UNSAFE_CHARACTERS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3f24236a5000402de11d973527eb7d28fd30de19">3f24236a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: split out realloc_string_sub_raw()
This will allow realloc_string_sub2() to use it in order
to have the logic in one place only.
And it will also allow adjacted callers to be
more flexible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/113ba24197ca4e5bd683951f99fa4553a4240e48">113ba241</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: s3:lib: fix potential memory leak in talloc_sub_basic()
This makes the code easier to understand...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c4a93471622e5d7f8e28073029f3ebfbe22b6288">c4a93471</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: s3:lib: let realloc_string_sub2() use realloc_string_sub_raw()
We don't need this logic more than once!
But we leave the strange calling convention of
realloc_string_sub2(), where the caller it
not allowed to use the passed pointer when
NULL is returned...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/003ff9b49f65d8006330a018da6fe0169a6fdb48">003ff9b4</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: let mask_unsafe_character() check all control characters
There's no reason to mask only \r and \n.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/5551dd76e92480625f00765f183d753dcb857894">5551dd76</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: add more unsafe characters to STRING_SUB_UNSAFE_CHARACTERS
|&<> are unsafe characters for shell processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0cabcbd24cf2eec692b1a9642447e81c97cc90b7">0cabcbd2</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: let log_escape() make use of iscntrl()
using iscntrl() also handles 0x7F (DEL).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d291377ac1ea515ac064ac00d59e1787db5671d1">d291377a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: add talloc_string_sub_{mixed_quoting,unsafe}() helpers
This is the basic helper function for the security problems.
talloc_string_sub_mixed_quoting() checks for strange quoting
in smb.conf options.
And talloc_string_sub_unsafe() tries to autodetect how the unsafe
(client controlled value) and masked and single quote it,
as a fallback for strange quoting a fixed fallback string
is used and the caller should warn the admin and give
hints how to fix the configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Pair-Programmed-With: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ebd4edda32d949e10e531939b7a4e19b2306ff64">ebd4edda</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480/CVE-2026-4408: lib/util: add test_string_sub unittests
This demonstrates the logic of talloc_string_sub_{mixed_quoting,unsafe}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/31449816464f07cd2ef156a96e68c604f36b2164">31449816</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480: s3:printing: mask and/or single quote jobname passed as %J to "print command"
Fix an unauthenticated remote code execution vulnerability with
printing set to anything *but* cups and iprint, for example "lprng",
so that "print command" is executed upon job submission. If the
client-controlled job name is handed to the "print command" via %J,
rpcd_spoolssd passes this to the shell without escaping critical
characters.
Using single quotes (directly) around %J, '%J' would avoid the
problem, we now try to autodetect if we can use '%J' implicitly
or we fallback to a fixed "__CVE-2026-4480_FallbackJobname__"
string instead of the client provided jobname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/02356117b73f0e4e1063860d99cb892e6d6ce7f0">02356117</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480: s3:testparm: warn about 'print command' %J usage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8ea1a94c95330ee64f5b0ab20d4fee453e367218">8ea1a94c</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4480: docs-xml/smbdotconf: clarify '%J' in 'print command'
Admins should use '%J'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16033
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6dce1833a5d27f82a9b133601ce7f749f3be08ec">6dce1833</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: lib/util: introduce strstr_for_invalid_account_characters()
This splits out the logic from samaccountname_bad_chars_check()
in source4/dsdb/samdb/ldb_modules/samldb.c, this will be used
in other places soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8f28ca0b8abccf30f479133cc78f9a72500ab366">8f28ca0b</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: s3:samr-server: only allow _samr_ValidatePassword as DC
This is only supported with 'rpc start on demand helpers = no',
as it needs ncacn_ip_tcp, but we better also restrict it to DCs.
Maybe only FreeIPA needs it as NT4 didn't support ncacn_ip_tcp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1c5146ddfc736e9d790bd91f3124c6fba6847bb3">1c5146dd</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: s3:samr-server: deny, mask and/or single quote username to 'check password script'
We pass this on to the check password script, prevent remote command
execution.
We now try to autodetect if we could implicitly use '%u' for the
replacement and fallback to a fixed fallback username.
Admins should make use of SAMBA_CPS_ACCOUNT_NAME
instead of passing '%u' to 'check password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Pair-Programmed-With: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/67ad724e22f3724d5e07eaa8f25eb527aa417599">67ad724e</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: s3:samr-server: make check_password_complexity_internal() non-static, for easier testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/266cd3dc063fdb88a0d0468e8d6f85d6abdecc04">266cd3dc</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: s3:torture: tests for password complexity scripts
This tries to demonstrate the new logic for %u in
'check password script'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/65a9ac413b03eefc7a48d5536e54177319ca30e3">65a9ac41</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: s3:testparm: warn about 'check password script' %u usage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/640f18d1a642264a9777f933dfaae78db6918a5f">640f18d1</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2026-05-15T11:27:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CVE-2026-4408: docs-xml/smbdotconf: clarify '%u' in 'check password script'
Admins should use SAMBA_CPS_ACCOUNT_NAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16034
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6b9cad82bc647332025a24ae2e6efd0e478f1592">6b9cad82</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-05-15T14:16:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>WHATSNEW: Add release notes for Samba 4.22.10.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0abfaceda097f447ac0284db9f639dabc5070595">0abfaced</a></strong>
<div>
<span> by Björn Jacke </span> <i> at 2026-05-15T14:38:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>VERSION: Disable GIT_SNAPSHOT for the 4.22.10 release.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6a9607d67877d83e82ece97b06c65492f2e46287">6a9607d6</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-05-26T16:09:44+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>New upstream version 4.22.10+dfsg</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2617dc10c2ebe7a75f3f0417b40006ad76c480ea">2617dc10</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-05-26T16:10:01+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update upstream source from tag 'upstream/4.22.10+dfsg'
Update to upstream version '4.22.10+dfsg'
with Debian dir 9c3d95e56dc3c5b9481fc957cfff2dbb0bb0dd34</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1d4397c31639edf4f4355bb8cbce3032d8328016">1d4397c3</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2026-05-26T16:12:19+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>update changelog; upload version 4.22.10+dfsg-0 to unstable
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
54 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#b33892fbddeffc3368077b4904ad0b3d562a7312">
VERSION
</a>
</li>
<li class="file-stats">
<a href="#3277e12b5a9f9ff632d229e2629d34ad21dd93fc">
WHATSNEW.txt
</a>
</li>
<li class="file-stats">
<a href="#ad462ff026e43477e18e9b8f1bb1a8ba607251c9">
auth/gensec/gensec_util.c
</a>
</li>
<li class="file-stats">
<a href="#d5ce5488dd16174bafa83601235549a07d6aee8b">
buildtools/wafsamba/samba_cross.py
</a>
</li>
<li class="file-stats">
<a href="#70f3a9a6bc95bdfae1d73bd88db3f6fbd979789d">
ctdb/config/events/legacy/60.nfs.script
</a>
</li>
<li class="file-stats">
<a href="#fd1c03fbbcea5bbe15cc56b40c2a6be56f909aa8">
ctdb/failover/statd_callout.c
</a>
</li>
<li class="file-stats">
<a href="#2a83c4855e8f5bf171c758e340c8e045b94bd52c">
ctdb/tests/UNIT/eventscripts/scripts/statd-callout.sh
</a>
</li>
<li class="file-stats">
<a href="#e4ce736e876ad5e107952c2ab5df1bab89252630">
ctdb/tests/UNIT/eventscripts/statd-callout.001.sh
</a>
</li>
<li class="file-stats">
<a href="#8b0d5c7a60741c579ac5ef81af2f90c6191fd5ea">
ctdb/tests/UNIT/eventscripts/statd-callout.002.sh
</a>
</li>
<li class="file-stats">
<a href="#161a46b36a5eccd56cc4f4527a915a03547bfbdb">
ctdb/tests/UNIT/eventscripts/statd-callout.004.sh
</a>
</li>
<li class="file-stats">
<a href="#b7acf488338b6c37e0e7a61c8bd0ede081fe046f">
ctdb/tests/UNIT/eventscripts/statd-callout.005.sh
</a>
</li>
<li class="file-stats">
<a href="#438b932afb688cdc18358a90399fe7f13bd96a3f">
ctdb/tests/UNIT/eventscripts/statd-callout.006.sh
</a>
</li>
<li class="file-stats">
<a href="#39b28dec8c607bc2870690c4baf6faaf7ba58f92">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.008.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#dd8d020125bc96c2c6db404cc4852bfd9f0384f0">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.050.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#a6ea3bac6ef92acb4df670eb241f53273e2521a3">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.108.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#ffa5fc83a63d3fc96215d3339199721c98932371">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.150.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#fa23dedd9943ac1135e724df54624fec8ac22224">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.208.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#c7a5e6c9427276b824aa7a6dae72fc6cdf85dd84">
<span class="new-file">
+
ctdb/tests/UNIT/eventscripts/statd-callout.250.sh
</span>
</a>
</li>
<li class="file-stats">
<a href="#5b92646dad31299614fe9d62dea1edf01d8bfe68">
ctdb/tools/statd_callout_helper
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#d6eb3f00377264d673e5819f40755b20b89ce248">
docs-xml/smbdotconf/printing/printcommand.xml
</a>
</li>
<li class="file-stats">
<a href="#dc8753a91cebb6ff703c884dd7a66ba13f0c8c51">
docs-xml/smbdotconf/security/checkpasswordscript.xml
</a>
</li>
<li class="file-stats">
<a href="#3c9526842015b4142e3592e0f326162e38af3b25">
lib/util/samba_util.h
</a>
</li>
<li class="file-stats">
<a href="#6199c8b960f492bc1c2e99c0a8f7a422cb7d5756">
lib/util/substitute.c
</a>
</li>
<li class="file-stats">
<a href="#eef36799fcb65e2f2379d82b519dca6e2e151ccd">
lib/util/substitute.h
</a>
</li>
<li class="file-stats">
<a href="#91aa5498ae35dd10f4ad7e42c5778d84a1d839b3">
<span class="new-file">
+
lib/util/tests/test_string_sub.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#920f977b858bb58715332f2592336aeff6b91622">
lib/util/util_str.c
</a>
</li>
<li class="file-stats">
<a href="#d8a820cfbb4c9227d9ce921a00e8e962d1bdc9b2">
lib/util/util_str_escape.c
</a>
</li>
<li class="file-stats">
<a href="#400cdebf703164fa356294af7e4ba155a39ece05">
lib/util/wscript_build
</a>
</li>
<li class="file-stats">
<a href="#5f61f6e699617df0af98b5c0d7393f484faf9b38">
nsswitch/pam_winbind.c
</a>
</li>
<li class="file-stats">
<a href="#630252301d9dbf59616c9af85170f226068e5efb">
python/samba/gp/gp_cert_auto_enroll_ext.py
</a>
</li>
<li class="file-stats">
<a href="#abcbd61b068e27b5501f9dc010f43688de4802a3">
python/samba/tests/gpo.py
</a>
</li>
<li class="file-stats">
<a href="#45a895f722594b89411e669fdcca2bc82f274cdd">
python/samba/tests/smb3unix.py
</a>
</li>
<li class="file-stats">
<a href="#f6038275e1812b33a3897c88f1742b9ff2a090e2">
<span class="new-file">
+
selftest/flapping.d/smb2.lease
</span>
</a>
</li>
<li class="file-stats">
<a href="#f2f5f888a14f7610acd7670c4b77993c1c4589dd">
<span class="new-file">
+
selftest/knownfail.d/gpo-auto-enrol
</span>
</a>
</li>
<li class="file-stats">
<a href="#67802ecd7f5d56293dc57deab3dc856420d0e358">
selftest/tests.py
</a>
</li>
<li class="file-stats">
<a href="#7d44b567b6ffc9b1a99474e2c631ec536fc2ed41">
source3/lib/substitute.c
</a>
</li>
<li class="file-stats">
<a href="#5b87877bfbc8ef79d8f9f539a43c99930dfdabee">
source3/lib/substitute_generic.c
</a>
</li>
<li class="file-stats">
<a href="#32cc7fb9e78ba4b78431e9f3e7b1883296aede74">
source3/librpc/crypto/gse_krb5.c
</a>
</li>
<li class="file-stats">
<a href="#45f13bd066779dadd873ffd680e8fd980ae6873a">
source3/libsmb/cliconnect.c
</a>
</li>
<li class="file-stats">
<a href="#c3336e9dcf44c1056b6fda025c6fc01dbe8eb9a4">
source3/libsmb/libsmb_server.c
</a>
</li>
<li class="file-stats">
<a href="#6994afd9e7ee92e9a5298d4c3acb6acee6afcb3e">
source3/modules/util_reparse.c
</a>
</li>
<li class="file-stats">
<a href="#3abc80b20f6bc7c193e2deefc57181dcd57833d0">
source3/modules/vfs_worm.c
</a>
</li>
<li class="file-stats">
<a href="#46bd22e7792af07411139a298173a3af3d51a1d1">
source3/printing/print_generic.c
</a>
</li>
<li class="file-stats">
<a href="#e6da3a8454b47cb5120539acf3170dee93a899a1">
source3/rpc_server/rpcd_spoolss.c
</a>
</li>
<li class="file-stats">
<a href="#dbb32561321d0fe7feb4d0772fd31c2e24a48fbd">
source3/rpc_server/samr/srv_samr_chgpasswd.c
</a>
</li>
<li class="file-stats">
<a href="#f8e52f840dd40f4361877f78e5ff9feb2f4a79fa">
source3/rpc_server/samr/srv_samr_nt.c
</a>
</li>
<li class="file-stats">
<a href="#db9f621a27f097f29dec7939695b727c0c326b4f">
source3/rpc_server/samr/srv_samr_util.h
</a>
</li>
<li class="file-stats">
<a href="#1f03091855bf3e865cf948dfd978d1d2f62c3486">
source3/script/tests/test_smbclient_kerberos.sh
</a>
</li>
<li class="file-stats">
<a href="#2a3b0edc2bd248b0d9fccd48756f59b6856b4dbb">
source3/script/tests/test_worm.sh
</a>
</li>
<li class="file-stats">
<a href="#1a845d6e5a7663f91418c9eeb984924fda3eea88">
<span class="new-file">
+
source3/torture/test_rpc_samr.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#87e9625d824d89ccc33e072816f646ef7c0fbbd9">
source3/torture/wscript_build
</a>
</li>
<li class="file-stats">
<a href="#20d12b0602e308cb04b6c031285ec35afd51deba">
source3/utils/testparm.c
</a>
</li>
<li class="file-stats">
<a href="#be5832040fb43a49bd9e18fa6b8a322b1f341f66">
source4/nbt_server/wins/winsserver.c
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: .875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #626168;">
—
<br>
<a href="https://salsa.debian.org/samba-team/samba/-/compare/ea2a869f810b1da51084a0c3d846406bc7b6655f...1d4397c31639edf4f4355bb8cbce3032d8328016">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
<span style="color: transparent; font-size: 0; display: none; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0;">
Notification message regarding https://salsa.debian.org/samba-team/samba/-/compare/ea2a869f810b1da51084a0c3d846406bc7b6655f...1d4397c31639edf4f4355bb8cbce3032d8328016 at 1779801196
</span>
</p>
</div>
</body>
</html>