[Pkg-samba-maint] Bug#820947: smbclient: [regression] pulls the server package "samba" via samba-libs since 2:4.2.10+dfsg-0+deb8u1 (DSA 3548-1)

Axel Beckert beckert at phys.ethz.ch
Wed Apr 13 21:57:13 UTC 2016 

Package: smbclient
Version: 2:4.2.10+dfsg-0+deb8u1
Severity: serious
Tags: security

Today's samba security update now pulls in the samba server package on
all client machines where smbclient or fusesmb is installed:

Salvatore Bonaccorso wrote in DSA 3548-1:
> For the oldstable distribution (wheezy), these problems have been fixed
> in version 2:3.6.6-6+deb7u9.

Worked fine for me.

> For the stable distribution (jessie), these problems have been fixed in
> version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading
> to the new upstream version 4.2.10, which includes additional changes
> and bugfixes. The depending libraries ldb, talloc, tdb and tevent
> required as well an update to new upstream versions for this update.

This one looks broken: All client systems that have smbclient or fusesmb
installed pull the server package "samba" in via the following
(partially new) dependencies:

smbclient -> samba-libs -> samba
(multiple packages, e.g. fusesmb) -> samba-common-bin -> samba

Looks like this:

# apt upgrade --no-install-recommends
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  libhdb9-heimdal samba samba-dsdb-modules tdb-tools
The following packages will be upgraded:
  libldb1 libsmbclient python-ldb python-samba samba-common samba-common-bin samba-libs smbclient
8 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 9,015 kB of archives.
After this operation, 14.1 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
#

Is this really on purpose? I don't expect anyone wants the samba server
package installed only to be able to connect to one.

P.S.: This one only affects Jessie. Neither Wheezy nor Sid are affected.

-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- no debconf information

More information about the Pkg-samba-maint mailing list