[Pkg-samba-maint] Bug#820947: smbclient: [regression] pulls the server package "samba" via samba-libs since 2:4.2.10+dfsg-0+deb8u1 (DSA 3548-1)

Salvatore Bonaccorso carnil at debian.org
Thu Apr 14 06:48:24 UTC 2016 

Hi,

On Wed, Apr 13, 2016 at 11:57:13PM +0200, Axel Beckert wrote:
> Package: smbclient
> Version: 2:4.2.10+dfsg-0+deb8u1
> Severity: serious
> Tags: security
> 
> Today's samba security update now pulls in the samba server package on
> all client machines where smbclient or fusesmb is installed:
> 
> Salvatore Bonaccorso wrote in DSA 3548-1:
> > For the oldstable distribution (wheezy), these problems have been fixed
> > in version 2:3.6.6-6+deb7u9.
> 
> Worked fine for me.
> 
> > For the stable distribution (jessie), these problems have been fixed in
> > version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading
> > to the new upstream version 4.2.10, which includes additional changes
> > and bugfixes. The depending libraries ldb, talloc, tdb and tevent
> > required as well an update to new upstream versions for this update.
> 
> This one looks broken: All client systems that have smbclient or fusesmb
> installed pull the server package "samba" in via the following
> (partially new) dependencies:
> 
> smbclient -> samba-libs -> samba
> (multiple packages, e.g. fusesmb) -> samba-common-bin -> samba
> 
> Looks like this:
> 
> # apt upgrade --no-install-recommends
> Reading package lists... Done
> Building dependency tree       
> Reading state information... Done
> Calculating upgrade... Done
> The following NEW packages will be installed:
>   libhdb9-heimdal samba samba-dsdb-modules tdb-tools
> The following packages will be upgraded:
>   libldb1 libsmbclient python-ldb python-samba samba-common samba-common-bin samba-libs smbclient
> 8 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
> Need to get 9,015 kB of archives.
> After this operation, 14.1 MB of additional disk space will be used.
> Do you want to continue? [Y/n] n
> Abort.
> #
> 
> Is this really on purpose? I don't expect anyone wants the samba server
> package installed only to be able to connect to one.
> 
> P.S.: This one only affects Jessie. Neither Wheezy nor Sid are affected.

Current test packages for (amd64) are on
https://people.debian.org/~carnil/tmp/samba/jessie/ with the libraries
moved to the correct samba-libs instead of samba.

Salvatore

More information about the Pkg-samba-maint mailing list