[Pkg-samba-maint] [Git][samba-team/samba][master] 25 commits: moving python bits from samba-libs to python3-samba also fixes #878612 and #862338

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Fri Apr 1 18:59:59 BST 2022



Michael Tokarev pushed to branch master at Debian Samba Team / samba


Commits:
1298a305 by Michael Tokarev at 2022-04-01T12:00:45+03:00
moving python bits from samba-libs to python3-samba also fixes #878612 and #862338

- - - - -
379c022c by Michael Tokarev at 2022-04-01T12:00:52+03:00
weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed" testparm message (#975882)

- - - - -
4f573572 by Michael Tokarev at 2022-04-01T17:12:52+03:00
spelling.patch: fix some spelling mistakes in the source

- - - - -
7c3b9b61 by Michael Tokarev at 2022-04-01T17:12:52+03:00
mention closing of #988197 by 4.16

- - - - -
c8dacc14 by Michael Tokarev at 2022-04-01T17:12:52+03:00
d/control: stop overriding dh_missing, --fail-missing is the default since compat=13

- - - - -
14bb2749 by Michael Tokarev at 2022-04-01T19:10:02+03:00
d/rules: verify that libldb is not linked with samba-libs

- - - - -
073ccc8b by Michael Tokarev at 2022-04-01T19:10:26+03:00
various lintian overrides

- - - - -
fe9ec33f by Michael Tokarev at 2022-04-01T19:10:27+03:00
d/rules: no need to explicitly copy smb.conf.5 anymore (was temporary)

- - - - -
2fb228fc by Michael Tokarev at 2022-04-01T19:10:27+03:00
d/rules: clean up the install target

 - replace mkdir+install with single install -D
 - use install instead of cp
 - when not renaming, use install --target-directory (-t)
 - specify permissions (-m0xxx) consistently
 - preserve timestamps (-p)

- - - - -
0bee744b by Michael Tokarev at 2022-04-01T19:10:27+03:00
update/cleanup rules for ctdb docs

ctdb READMEs are being renamed during install,
and they're also os-dependent. We used to cp the
REAMEs with the new names before dh_installdocs,
and rm them in clean. I broke the latter. Now
let's clean the whole mess. We conditionally
cp -p the docs into debian/tmp/ctdb directory
and specify it in ctdb.docs. Nothing needs to be
cleaned up (as d/tmp is removed automatically).

This also eliminates the need of
override_dh_installdocs-arch target in d/rules.

- - - - -
a7a3db17 by Michael Tokarev at 2022-04-01T19:10:27+03:00
ctdb examples: put them ready in d/ctdb.example/ instead of renaming during install

also add a newline to nfs-kernel-server/98-nfs-static-ports.conf
(this formely was 99-nfs-static-ports.conf)

- - - - -
4c595637 by Michael Tokarev at 2022-04-01T19:10:27+03:00
move (new in 4.16) libdb-glue-samba4.so from samba to samba-libs (used also in dckeytab python module)

- - - - -
9de271d6 by Michael Tokarev at 2022-04-01T19:11:58+03:00
d/rules: stop dckeytab moving from python3-samba to samba-libs

There were a circular dependency between samba-libs, python-samba
and samba-common-bin once, and this python module has been moved
from python-samba package (where it belongs) to samba-libs.
Now (esp. as libdb-glue-samba4 moved from samba to samba-libs),
there's no circular dependency anymore, so move it back to the
python package (python3-samba).

python3-samba package should not depend on samba package,
or else it becomes a circular dependency.  This is why
there should be no linkage to samba-provided internal libs
in python3-samba package. Verify this dependency does not
exist in d/rules.

- - - - -
bcc1fd8f by Michael Tokarev at 2022-04-01T19:12:34+03:00
d/rules: chmod -x ctdb_etcd_lock for now, add FIXME comment

- - - - -
6a40de7b by Michael Tokarev at 2022-04-01T19:12:34+03:00
d/rules: remove useless dh_installchangelogs override

- - - - -
9ab2a406 by Michael Tokarev at 2022-04-01T19:12:34+03:00
d/rules: specify the package name for dh_installpam

since dh_installpam is given an option (--name) which
is relevant for single package only, specify it with
that package.

The whole thing is because samba.pam is in wrong package
(samba-common vs samba), or else there should be no
options there and no installpam override.  In the
previous life, there were two samba packages (v3 and v4),
and a single samba-common package, so the pam config
moved to -common.  But now there is no good reason to
move this file back into samba package where it belongs,
especially since it is a conffile.  We may combine
*whole* samba-common into samba at some point, though.

- - - - -
da1be892 by Michael Tokarev at 2022-04-01T20:53:13+03:00
internal-ldb: d/control: rename substvars from python:* to python3:*

- - - - -
0b2c4e38 by Michael Tokarev at 2022-04-01T20:53:13+03:00
d/control: python3-ldb-dev is not multi-arch

- - - - -
7fe20026 by Michael Tokarev at 2022-04-01T20:53:13+03:00
d/control: stop pre-depending on ancient dpkg (>= 1.15.6~)

- - - - -
f157d827 by Michael Tokarev at 2022-04-01T20:53:14+03:00
d/control: stop breaking/replacing ancient [individual] samba-libs versions

- - - - -
9b66805c by Michael Tokarev at 2022-04-01T20:53:14+03:00
libldb2: add fixme comment

- - - - -
6ee343ea by Michael Tokarev at 2022-04-01T20:53:14+03:00
d/rules: use empty WITH_{CEPH,GLUSTERFS} for "no"

- - - - -
25d4345a by Michael Tokarev at 2022-04-01T20:53:14+03:00
d/rules: fix wrong variable assignemt for non-linux case: WITH_GLUSTERFS=, not WITH_CEPTH=

- - - - -
9d27f1aa by Michael Tokarev at 2022-04-01T20:53:14+03:00
fix long-standing issues in shlibdeps handling

Shlibdeps run for individual files was entirely wrong,
dh_shlibdeps iterated *all* files in *all* packages even
if we specified individual file for dpkg-shlibdeps.
The result is that the variables being populated contained
dependencies for *all* binaries in *all* packages!
So instead of using dh_shlibdeps, use dpkg-shlibdeps for
individual files. Wug!

This fixes numerous side-effect issues. For example, it
fixes multiple warnings later in the sequence about
substvar variables being set but not used for all packages
(since dh_shlibdeps iterated over every packages each time).

This dramatically reduces package build time too, due to
massive reduction of dplg-shlibdeps executions for the
same set of files.

Also, instead of filling its own variable for each specific
module, it is okay to use single variable for all of them.
Thanks to conditional variables being empty for "no",
it is possible to specify them all on a single command line.

At the same time, change variable naming too. We generate
foo:Depends variables, but we use them in Recommends:, -
this makes things more apparent: these modules really
depends on the libs they're linked with, but we only
put these into Recommends.

- - - - -
dcf23091 by Michael Tokarev at 2022-04-01T20:57:57+03:00
update changelog

- - - - -


24 changed files:

- debian/changelog
- debian/control
- debian/ctdb.docs
- debian/ctdb.example.sysctl-nfs-static-ports.conf → debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf
- debian/ctdb.example.enable.nfs.sh → debian/ctdb.example/nfs-kernel-server/enable-nfs.sh
- debian/ctdb.example.nfs-common → debian/ctdb.example/nfs-kernel-server/nfs-common
- debian/ctdb.example.nfs-kernel-server → debian/ctdb.example/nfs-kernel-server/nfs-kernel-server
- debian/ctdb.example.services → debian/ctdb.example/nfs-kernel-server/services
- debian/ctdb.examples
- debian/libldb2.install
- + debian/libldb2.lintian-overrides
- − debian/libnss-winbind.lintian-overrides
- debian/patches/series
- + debian/patches/spelling.patch
- + debian/patches/weak-crypto-allowed-clarify.diff
- debian/python3-ldb.lintian-overrides
- debian/python3-samba.lintian-overrides
- debian/rules
- + debian/samba-common-bin.lintian-override
- debian/samba-libs.install
- debian/samba-libs.lintian-overrides
- debian/samba-vfs-modules.lintian-overrides
- debian/samba.install
- + debian/source/lintian-overrides


Changes:

=====================================
debian/changelog
=====================================
@@ -6,6 +6,7 @@ samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
     Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
      the outside target of a symlink exists
     Closes: #1005642 (windows client data corruption due to cache poisoning)
+    Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
   * Notable changes in 4.16 series compared to 4.13:
     - modular VFS (see The_New_VFS.txt)
     - publishing printers in AD is more complete
@@ -17,7 +18,7 @@ samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
   * d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
     debian-specific failures to go away, by preserving order of waf hashes
   * refresh patches, update build-depend versions (talloc, tdb, tevent)
-  * refresh lintian-overrides files a bit
+  * refresh lintian-overrides files, add many new overrides
   * build-depend on python3-markdown
   * build-depend on libjson-perl for new heimdal bits
   * more consistent internal lib naming; refresh file lists everywhere
@@ -36,6 +37,9 @@ samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
     Including caching of LDB version information in d/ldb-version.mk file.
     This does not affect the buildd processing much (and does not affect
     runtime at all), but helps with build procedure debugging.
+  * d/rules: numerous small fixes, cleanups and other changes:
+    - clean up the install target
+    - remove some now-irrelevant parts
   * change build procedure: instead of `waf build', run `waf install'.
     `waf build' builds samba to be run from the build dir, and `waf install'
     rebuilds/relinks everything again for production. Build the production
@@ -47,7 +51,16 @@ samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
   * move single python (helper) module, libsamba-policy, together with
     2 internal libraries used by it, from samba-libs package to python3-samba.
     This makes samba-libs to be free from python-related files, and makes
-    python3-samba to be the only python-providing package. Closes: #1006875
+    python3-samba to be the only python-providing package.
+    Closes: #1006875, #878612, #862338
+  * also move dckeytab python module from samba to python3-samba
+    (actually stop moving it from python3-samba to samba to incorrectly
+    avoid a circular dependency). Also verify that python3-samba does
+    not depend on samba package.
+  * weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
+    testparm message (Closes: #975882)
+  * spelling.patch: fix many common spelling mistakes in the source
+  * ctdb: simplify/cleanup instllation of READMEs/examples
 
  -- Michael Tokarev <mjt at tls.msk.ru>  Thu, 24 Mar 2022 13:54:07 +0300
 


=====================================
debian/control
=====================================
@@ -71,7 +71,7 @@ Vcs-Git: https://salsa.debian.org/samba-team/samba.git
 
 Package: samba
 Architecture: any
-Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends}
+Pre-Depends: ${misc:Pre-Depends}
 Depends: adduser,
          libpam-modules,
          libpam-runtime (>= 1.0.1-11),
@@ -121,16 +121,7 @@ Multi-Arch: same
 Architecture: any
 Section: libs
 Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: libndr-standard0 (<< 2:4.0.9),
-        libsamba-credentials0 (<< 2:4.0.9),
-        libsamba-hostconfig0 (<< 2:4.0.9),
-        libsamba-util0 (<< 2:4.0.9),
-        sssd-ad-common (<< 2.3.0),
-Replaces: samba (<< 2:4.3.3+dfsg-1),
-          libndr-standard0 (<< 2:4.0.9),
-          libsamba-credentials0 (<< 2:4.0.9),
-          libsamba-hostconfig0 (<< 2:4.0.9),
-          libsamba-util0 (<< 2:4.0.9),
+Breaks: sssd-ad-common (<< 2.3.0),
 Description: Samba core libraries
  Samba is an implementation of the SMB/CIFS protocol for Unix systems,
  providing support for cross-platform file sharing with Microsoft Windows, OS X,
@@ -142,7 +133,7 @@ Description: Samba core libraries
 Package: samba-common
 Architecture: all
 Multi-Arch: foreign
-Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends}
+Pre-Depends: ${misc:Pre-Depends}
 Depends: ucf, ${misc:Depends}
 Recommends: samba-common-bin
 Description: common files used by both the Samba server and client
@@ -181,7 +172,6 @@ Depends: samba-common (= ${source:Version}),
          samba-libs (= ${binary:Version}),
          ${misc:Depends},
          ${shlibs:Depends}
-Pre-Depends: dpkg (>= 1.15.6~)
 Provides: samba-client
 Suggests: cifs-utils, heimdal-clients
 Description: command-line SMB/CIFS clients for Unix
@@ -256,7 +246,7 @@ Depends: python3-ldb,
          ${python3:Depends},
          ${shlibs:Depends}
 Replaces:
-# libsamba-policy & helpers python libs moved from samba-libs to python3-samba
+# libsamba-policy & helpers and dckeytab python libs moved from samba-libs to python3-samba
  samba-libs (<< 2:4.16.0+dfsg-1~),
 Recommends: python3-gpg
 Description: Python 3 bindings for Samba
@@ -289,10 +279,8 @@ Description: Samba Directory Services Database
 Package: samba-vfs-modules
 Architecture: any
 Multi-Arch: same
-Breaks: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)
-Replaces: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)
 Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
-Recommends: ${vfsceph:Recommends}, ${vfsglusterfs:Recommends}, ${vfssnapper:Recommends}
+Recommends: ${vfsmods:Depends}
 Enhances: samba
 Description: Samba Virtual FileSystem plugins
  Samba is an implementation of the SMB/CIFS protocol for Unix systems,
@@ -316,7 +304,7 @@ Package: libsmbclient
 Section: libs
 Architecture: any
 Multi-Arch: same
-Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends}
+Pre-Depends: ${misc:Pre-Depends}
 Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
 Description: shared library for communication with SMB/CIFS servers
  This package provides a shared library that enables client applications
@@ -328,7 +316,6 @@ Section: libdevel
 Architecture: any
 Multi-Arch: same
 Depends: libsmbclient (= ${binary:Version}), ${misc:Depends}
-Pre-Depends: dpkg (>= 1.15.6~)
 Description: development files for libsmbclient
  This package provides the development files (static library and headers)
  required for building applications against libsmbclient, a library that
@@ -364,7 +351,7 @@ Package: libpam-winbind
 Section: admin
 Architecture: any
 Multi-Arch: same
-Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends}
+Pre-Depends: ${misc:Pre-Depends}
 Depends: libpam-runtime (>= 1.0.1-6),
          libpam0g (>= 1.1.3-2~),
          samba-common (= ${source:Version}),
@@ -386,7 +373,6 @@ Package: libnss-winbind
 Section: admin
 Architecture: any
 Multi-Arch: same
-Pre-Depends: dpkg (>= 1.15.6~)
 Depends: samba-common (= ${source:Version}),
          winbind:any (= ${binary:Version}),
          ${misc:Depends},
@@ -408,10 +394,9 @@ Package: libwbclient0
 Section: libs
 Architecture: any
 Multi-Arch: same
-Pre-Depends: dpkg (>= 1.15.6~), ${misc:Pre-Depends}
+Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
-Breaks: samba-libs (<< 2:4.11.0+dfsg-1~), libsamba-util0 (<< 2:4.0.0)
-Replaces: libsamba-util0 (<< 2:4.0.0)
+Breaks: samba-libs (<< 2:4.11.0+dfsg-1~)
 Description: Samba winbind client library
  Samba is an implementation of the SMB/CIFS protocol for Unix systems,
  providing support for cross-platform file and printer sharing with
@@ -425,7 +410,6 @@ Section: libdevel
 Architecture: any
 Multi-Arch: same
 Depends: libwbclient0 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
-Pre-Depends: dpkg (>= 1.15.6~)
 Breaks: samba-libs (<< 2:4.11.0+dfsg-1~), samba-dev (<< 2:4.11)
 Replaces: samba-dev (<< 2:4.11)
 Description: Samba winbind client library - development files
@@ -450,7 +434,7 @@ Depends: iproute2 [linux-any],
          time,
          ${misc:Depends},
          ${shlibs:Depends}
-Recommends: ethtool [linux-any], python3-etcd, ${rados:Recommends}
+Recommends: ethtool [linux-any], python3-etcd, ${rados:Depends}
 Suggests: logrotate, lsof
 Description: clustered database to store temporary data
  CTDB is a cluster implementation of the TDB database used by Samba and other
@@ -491,7 +475,6 @@ Replaces: libldb0
 Breaks: ldb-tools (<<1.1.30~),
         libldb0,
         libldb1 (<< 2:2~),
-        libsamdb0 (<< 4.0.0~alpha17~git20110724.dfsg1-1),
         python-samba (<< 2:4.7.0~),
         samba (<<2:4.7.0~),
         samba-dsdb-modules (<< 2:4.7.0~),
@@ -551,8 +534,8 @@ Depends: libldb2 (= ${binary:Version}),
          ${misc:Depends},
          ${python3:Depends},
          ${shlibs:Depends}
-Provides: ${python:Provides}
-Breaks: ${python:Breaks}
+Provides: ${python3:Provides}
+Breaks: ${python3:Breaks}
 Description: Python 3 bindings for LDB
  ldb is a LDAP-like embedded database built on top of TDB.
  .
@@ -561,7 +544,6 @@ Description: Python 3 bindings for LDB
 Package: python3-ldb-dev
 Section: libdevel
 Architecture: any
-Multi-Arch: same
 Depends: libc6-dev,
          libldb-dev,
          pkg-config,


=====================================
debian/ctdb.docs
=====================================
@@ -1,4 +1,3 @@
 ctdb/README
-ctdb/README.eventscripts
-ctdb/README.notification
 ctdb/doc/*.txt
+debian/tmp/ctdb/README.*


=====================================
debian/ctdb.example.sysctl-nfs-static-ports.conf → debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf
=====================================
@@ -2,4 +2,4 @@
 
 fs.nfs.nfs_callback_tcpport = 32764
 fs.nfs.nlm_tcpport = 32768
-fs.nfs.nlm_udpport = 32768
\ No newline at end of file
+fs.nfs.nlm_udpport = 32768


=====================================
debian/ctdb.example.enable.nfs.sh → debian/ctdb.example/nfs-kernel-server/enable-nfs.sh
=====================================


=====================================
debian/ctdb.example.nfs-common → debian/ctdb.example/nfs-kernel-server/nfs-common
=====================================


=====================================
debian/ctdb.example.nfs-kernel-server → debian/ctdb.example/nfs-kernel-server/nfs-kernel-server
=====================================


=====================================
debian/ctdb.example.services → debian/ctdb.example/nfs-kernel-server/services
=====================================


=====================================
debian/ctdb.examples
=====================================
@@ -1 +1,2 @@
 ctdb/doc/examples/*
+debian/ctdb.example/nfs-kernel-server/


=====================================
debian/libldb2.install
=====================================
@@ -1,5 +1,6 @@
 #!/bin/sh
 echo 'usr/lib/*/libldb.so.*'
+# FIXME: do we really care about 32 bits here?
 if [ "$DEB_HOST_ARCH_BITS" != 32 ]; then
     echo 'usr/lib/*/samba/libldb-mdb-int-samba4.so.0'
 fi


=====================================
debian/libldb2.lintian-overrides
=====================================
@@ -0,0 +1 @@
+libldb2: shared-library-lacks-prerequisites usr/lib/x86_64-linux-gnu/samba/*.so.0


=====================================
debian/libnss-winbind.lintian-overrides deleted
=====================================
@@ -1 +0,0 @@
-libnss-winbind: package-name-doesnt-match-sonames libnss-winbind2 libnss-wins2


=====================================
debian/patches/series
=====================================
@@ -11,3 +11,5 @@ fix-nfs-service-name-to-nfs-kernel-server.patch
 ctdb-config-enable-syslog-by-default.patch
 Force-LDB-as-standalone.patch
 use-bzero-instead-of-memset_s.diff
+weak-crypto-allowed-clarify.diff
+spelling.patch


=====================================
debian/patches/spelling.patch
=====================================
@@ -0,0 +1,566 @@
+From: Michael Tokarev <mjt at tls.msk.ru>
+Date: Fri, 1 Apr 2022 10:07:47 +0300
+Subject: spelling: connnect encrytion exisit expection explicit
+ invalide missmatch paramater paramter partion privilige relase reponse
+ seperate unkown verson authencication progagated
+
+Tree-wide spellcheck for some common misspellings.
+
+source3/utils/status.c has misspelled local variable (unkown_dialect).
+
+missmatch is a known historical misspelling, only the incorrect misspellings
+are fixed.
+
+source3/locale/net/de.po has the spelling error (unkown) in two msgids -
+it probably should be updated with current source.
+
+Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+---
+ auth/gensec/gensec.h                                      | 4 ++--
+ bootstrap/config.py                                       | 2 +-
+ docs-xml/build/DTD/samba.entities                         | 4 ++--
+ docs-xml/manpages/net.8.xml                               | 2 +-
+ docs-xml/manpages/smbcacls.1.xml                          | 2 +-
+ docs-xml/manpages/vfs_widelinks.8.xml                     | 2 +-
+ docs-xml/smbdotconf/security/clientusekerberos.xml        | 2 +-
+ docs-xml/smbdotconf/security/ntlmauth.xml                 | 2 +-
+ docs-xml/smbdotconf/security/serverschannel.xml           | 2 +-
+ docs-xml/smbdotconf/tuning/usemmap.xml                    | 2 +-
+ libcli/smb/smbXcli_base.c                                 | 4 ++--
+ libgpo/admx/en-US/samba.adml                              | 4 ++--
+ librpc/idl/netlogon.idl                                   | 2 +-
+ python/samba/tests/smb-notify.py                          | 4 ++--
+ source3/locale/net/de.po                                  | 4 ++--
+ source3/rpc_client/cli_mdssvc.c                           | 6 +++---
+ source3/rpc_server/mdssvc/marshalling.c                   | 2 +-
+ source3/rpc_server/mdssvc/mdssvc.c                        | 2 +-
+ source3/smbd/files.c                                      | 2 +-
+ source3/utils/smbcacls.c                                  | 2 +-
+ source3/utils/status.c                                    | 6 +++---
+ source3/winbindd/winbindd.c                               | 2 +-
+ source4/dsdb/samdb/ldb_modules/partition.c                | 2 +-
+ source4/scripting/bin/samba_upgradedns                    | 2 +-
+ .../AD_DS_Attributes__Windows_Server_2012_R2.ldf          | 2 +-
+ .../ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf   | 2 +-
+ .../Attributes_for_AD_DS__Windows_Server_2008_R2.ldf      | 2 +-
+ .../Attributes_for_AD_DS__Windows_Server_2012.ldf         | 2 +-
+ source4/torture/libsmbclient/libsmbclient.c               | 8 ++++----
+ source4/torture/rpc/samba3rpc.c                           | 2 +-
+ source4/torture/smb2/session.c                            | 2 +-
+ 31 files changed, 44 insertions(+), 44 deletions(-)
+
+diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
+index 53fb1e43244..29d5e92c130 100644
+--- a/auth/gensec/gensec.h
++++ b/auth/gensec/gensec.h
+@@ -158,7 +158,7 @@ NTSTATUS gensec_update_recv(struct tevent_req *req, TALLOC_CTX *out_mem_ctx, DAT
+  * The features must be requested before starting the
+  * gensec_update*() loop.
+  *
+- * The current expection is GENSEC_FEATURE_SIGN_PKT_HEADER,
++ * The current exception is GENSEC_FEATURE_SIGN_PKT_HEADER,
+  * it can also be requested once the gensec_update*() loop
+  * returned NT_STATUS_OK.
+  *
+@@ -181,7 +181,7 @@ void gensec_want_feature(struct gensec_security *gensec_security,
+  * The features must be requested after the finished
+  * gensec_update*() loop.
+  *
+- * The current expection is GENSEC_FEATURE_SIGN_PKT_HEADER,
++ * The current exception is GENSEC_FEATURE_SIGN_PKT_HEADER,
+  * it can also be requested before the gensec_update*() loop,
+  * as the return value only indicates if the backend supports
+  * dcerpc header signing, not if header signing will be used
+diff --git a/bootstrap/config.py b/bootstrap/config.py
+index 621912a7d94..5138eddef49 100644
+--- a/bootstrap/config.py
++++ b/bootstrap/config.py
+@@ -125,7 +125,7 @@ PKGS = [
+     ('apt-utils', 'yum-utils'),
+     ('pkg-config', 'pkgconfig'),
+     ('procps', 'procps-ng'),  # required for the free cmd in tests
+-    ('lsb-release', 'lsb-release'),  # we need lsb_relase to show info
++    ('lsb-release', 'lsb-release'),  # we need lsb_release to show info
+     ('', 'rpcgen'),  # required for test
+     # refer: https://fedoraproject.org/wiki/Changes/SunRPCRemoval
+     ('', 'libtirpc-devel'),  # for <rpc/rpc.h> header on fedora
+diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
+index 0a4a21db63e..15a5ba83fb9 100644
+--- a/docs-xml/build/DTD/samba.entities
++++ b/docs-xml/build/DTD/samba.entities
+@@ -599,7 +599,7 @@
+ 			prompted. The client will first check the
+ 			<envar>USER</envar> environment variable
+ 			(which is also permitted to also contain the
+-			password seperated by a &pct;), then the
++			password separated by a &pct;), then the
+ 			<envar>LOGNAME</envar> variable (which is not
+ 			permitted to contain a password) and if either exists,
+ 			the value is used. If these environmental
+@@ -765,7 +765,7 @@
+ 			 This parameter determines whether Samba client tools
+ 			 will try to authenticate using Kerberos. For Kerberos
+ 			 authentication you need to use dns names instead of IP
+-			 addresses when connnecting to a service.
++			 addresses when connecting to a service.
+ 		</para>
+ 
+ 		<para>
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 1bd82933137..5a37119aa20 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -3045,7 +3045,7 @@ Provisions a machine account in AD. This command needs network connectivity to t
+ 
+ <listitem><para><replaceable>DEFPWD</replaceable> is an optional parameter that can be set to enforce using the default machine account password. The use of this parameter is not recommended as the default machine account password can be easily guessed. </para></listitem>
+ 
+-<listitem><para><replaceable>REUSE</replaceable> is an optional parameter that can be set to enforce reusing an exisiting machine account in AD.</para></listitem>
++<listitem><para><replaceable>REUSE</replaceable> is an optional parameter that can be set to enforce reusing an existing machine account in AD.</para></listitem>
+ 
+ <listitem><para><replaceable>SAVEFILE</replaceable> is an optional parameter to store the generated provisioning data on disk.</para></listitem>
+ 
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 9cc2d66a898..ef504b41051 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -356,7 +356,7 @@ ACL:<sid or name>:<type>/<flags>/<mask>
+ 		flag is set. </para>
+ 		</listitem>
+ 		<listitem><para>When an ACE with the (OI) flag alone set is
+-		progagated to a child folder the inheritance only flag (IO) is
++		propagated to a child folder the inheritance only flag (IO) is
+ 		also applied. This indicates the permissions associated with
+ 		the ACE don't apply to the folder itself (only to it's
+ 		child files). When applying the ACE to a child file the ACE is
+diff --git a/docs-xml/manpages/vfs_widelinks.8.xml b/docs-xml/manpages/vfs_widelinks.8.xml
+index b8973701d23..38246508905 100644
+--- a/docs-xml/manpages/vfs_widelinks.8.xml
++++ b/docs-xml/manpages/vfs_widelinks.8.xml
+@@ -31,7 +31,7 @@
+ 
+ 	<para>The <command>vfs_widelinks</command> VFS module
+ 	hides the existence of symbolic links in the filesystem
+-	inside a share. It is used in Samba verson 4.13 and above
++	inside a share. It is used in Samba version 4.13 and above
+ 	to implement the <filename>smb.conf</filename>"wide links = yes"
+ 	functionality that used to be inside the core smbd code.
+ 	The module should not be loaded explicitly by smb.conf
+diff --git a/docs-xml/smbdotconf/security/clientusekerberos.xml b/docs-xml/smbdotconf/security/clientusekerberos.xml
+index 33dd2ac8e23..ad35dcf3aca 100644
+--- a/docs-xml/smbdotconf/security/clientusekerberos.xml
++++ b/docs-xml/smbdotconf/security/clientusekerberos.xml
+@@ -8,7 +8,7 @@
+ 	<para>
+ 		This parameter determines whether Samba client tools will try
+ 		to authenticate using Kerberos. For Kerberos authentication you
+-		need to use dns names instead of IP addresses when connnecting
++		need to use dns names instead of IP addresses when connecting
+ 		to a service.
+ 	</para>
+ 
+diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
+index 9fa3d5c1ce5..728f1d39619 100644
+--- a/docs-xml/smbdotconf/security/ntlmauth.xml
++++ b/docs-xml/smbdotconf/security/ntlmauth.xml
+@@ -9,7 +9,7 @@
+     authenticate users using the NTLM encrypted password response for
+     this local passdb (SAM or account database). </para>
+ 
+-    <para>If disabled, both NTLM and LanMan authencication against the
++    <para>If disabled, both NTLM and LanMan authentication against the
+     local passdb is disabled.</para>
+ 
+     <para>Note that these settings apply only to local users,
+diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml
+index b682d086f76..cd2543113f3 100644
+--- a/docs-xml/smbdotconf/security/serverschannel.xml
++++ b/docs-xml/smbdotconf/security/serverschannel.xml
+@@ -37,7 +37,7 @@
+ <description>
+ 
+     <para>If you still have legacy domain members, which required "server schannel = auto" before,
+-	it is possible to specify explicit expection per computer account
++	it is possible to specify explicit exception per computer account
+ 	by using 'server require schannel:COMPUTERACCOUNT = no' as option.
+ 	Note that COMPUTERACCOUNT has to be the sAMAccountName value of
+ 	the computer account (including the trailing '$' sign).
+diff --git a/docs-xml/smbdotconf/tuning/usemmap.xml b/docs-xml/smbdotconf/tuning/usemmap.xml
+index 9a02501fad9..40ca7b99d81 100644
+--- a/docs-xml/smbdotconf/tuning/usemmap.xml
++++ b/docs-xml/smbdotconf/tuning/usemmap.xml
+@@ -6,7 +6,7 @@
+     <para>This global parameter determines if the tdb internals of Samba can
+     depend on mmap working correctly on the running system. Samba requires a coherent
+     mmap/read-write system memory cache. Currently only OpenBSD and HPUX do not have such a
+-    coherent cache, and on those platforms this paramter is overridden internally
++    coherent cache, and on those platforms this parameter is overridden internally
+     to be effeceively <constant>no</constant>. On all systems this parameter should be left alone. This
+     parameter is provided to help the Samba developers track down problems with
+     the tdb internal code.
+diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
+index 7579fa1c378..ef92c1be1fd 100644
+--- a/libcli/smb/smbXcli_base.c
++++ b/libcli/smb/smbXcli_base.c
+@@ -1761,7 +1761,7 @@ static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req,
+ 	}
+ 
+ 	/*
+-	 * If we supported multiple encrytion contexts
++	 * If we supported multiple encryption contexts
+ 	 * here we'd look up based on tid.
+ 	 */
+ 	if (common_encryption_on(state->conn->smb1.trans_enc)) {
+@@ -2228,7 +2228,7 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
+ 	}
+ 
+ 	/*
+-	 * If we supported multiple encrytion contexts
++	 * If we supported multiple encryption contexts
+ 	 * here we'd look up based on tid.
+ 	 */
+ 	if (common_encryption_on(conn->smb1.trans_enc)
+diff --git a/libgpo/admx/en-US/samba.adml b/libgpo/admx/en-US/samba.adml
+index 7bac33c4554..2b1b520ca62 100755
+--- a/libgpo/admx/en-US/samba.adml
++++ b/libgpo/admx/en-US/samba.adml
+@@ -1963,7 +1963,7 @@ Example: /opt/mit/sbin/krb5kdc</string>
+  authenticate users using the NTLM encrypted password response for
+  this local passdb (SAM or account database).
+ 
+- If disabled, both NTLM and LanMan authencication against the
++ If disabled, both NTLM and LanMan authentication against the
+  local passdb is disabled.
+ 
+  Note that these settings apply only to local users,
+@@ -2836,7 +2836,7 @@ Example: IPTOS_LOWDELAY</string>
+       <string id="POL_3FD02174_8A27_5426_848C_B3123EA8C4C3_Help">This global parameter determines if the tdb internals of Samba can
+  depend on mmap working correctly on the running system. Samba requires a coherent
+  mmap/read-write system memory cache. Currently only OpenBSD and HPUX do not have such a
+- coherent cache, and on those platforms this paramter is overridden internally
++ coherent cache, and on those platforms this parameter is overridden internally
+  to be effeceively no. On all systems this parameter should be left alone. This
+  parameter is provided to help the Samba developers track down problems with
+  the tdb internal code.</string>
+diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
+index cbfc88fe078..5806825a1e6 100644
+--- a/librpc/idl/netlogon.idl
++++ b/librpc/idl/netlogon.idl
+@@ -1132,7 +1132,7 @@ interface netlogon
+ 	/*****************/
+ 	/* Function 0x14 */
+ 
+-	/* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
++	/* one unknown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
+ 
+ 	const int DSGETDC_VALID_FLAGS = (DS_FORCE_REDISCOVERY |
+ 					 DS_DIRECTORY_SERVICE_REQUIRED |
+diff --git a/python/samba/tests/smb-notify.py b/python/samba/tests/smb-notify.py
+index 2f42263be25..c06eabe30c7 100755
+--- a/python/samba/tests/smb-notify.py
++++ b/python/samba/tests/smb-notify.py
+@@ -295,14 +295,14 @@ class SMBNotifyTests(TestCase):
+         set_secinfo = security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_PROTECTED_DACL
+         smb_helper.set_acl(private_path, private_path_sd_new, sinfo=set_secinfo)
+ 
+-        # setup notification request as priviliged user
++        # setup notification request as privileged user
+         monitor_priv_fnum = self.smb_conn.create(Name=monitor_path, ShareAccess=1)
+         notify_priv = self.smb_conn.notify(fnum=monitor_priv_fnum,
+                                            buffer_size=0xffff,
+                                            completion_filter=libsmb.FILE_NOTIFY_CHANGE_ALL,
+                                            recursive=True)
+ 
+-        # setup notification request as unpriviliged user
++        # setup notification request as unprivileged user
+         monitor_unpriv_fnum = self.smb_conn_unpriv.create(Name=monitor_path, ShareAccess=1)
+         notify_unpriv = self.smb_conn_unpriv.notify(fnum=monitor_unpriv_fnum,
+                                                     buffer_size=0xffff,
+diff --git a/source3/locale/net/de.po b/source3/locale/net/de.po
+index c71ffbb9ed8..95d62990dbb 100644
+--- a/source3/locale/net/de.po
++++ b/source3/locale/net/de.po
+@@ -6335,7 +6335,7 @@ msgstr ""
+ 
+ #: ../../utils/net_rpc_printer.c:1305
+ #, c-format
+-msgid "unkown action: %d\n"
++msgid "unknown action: %d\n"
+ msgstr ""
+ 
+ #: ../../utils/net_rpc_printer.c:1331
+@@ -6365,7 +6365,7 @@ msgstr ""
+ 
+ #: ../../utils/net_rpc_printer.c:1458
+ #, c-format
+-msgid "unkown state: %d\n"
++msgid "unknown state: %d\n"
+ msgstr "unbekannter Status: %d\n"
+ 
+ #: ../../utils/net_rpc_printer.c:1528 ../../utils/net_rpc_printer.c:1675 ../../utils/net_rpc_printer.c:1858 ../../utils/net_rpc_printer.c:2047 ../../utils/net_rpc_printer.c:2214
+diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
+index 82d14372fe4..046d37135cb 100644
+--- a/source3/rpc_client/cli_mdssvc.c
++++ b/source3/rpc_client/cli_mdssvc.c
+@@ -347,7 +347,7 @@ static void mdscli_search_cmd_done(struct tevent_req *subreq)
+ 			     "DALLOC_CTX", 0,
+ 			     "uint64_t", 0);
+ 	if (uint64p == NULL) {
+-		DBG_DEBUG("Unexpected mds reponse: %s", dalloc_dump(d, 0));
++		DBG_DEBUG("Unexpected mds response: %s", dalloc_dump(d, 0));
+ 		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ 		return;
+ 	}
+@@ -531,7 +531,7 @@ static void mdscli_get_results_cmd_done(struct tevent_req *subreq)
+ 			     "DALLOC_CTX", 0,
+ 			     "uint64_t", 0);
+ 	if (uint64p == NULL) {
+-		DBG_DEBUG("Unexpected mds reponse: %s", dalloc_dump(d, 0));
++		DBG_DEBUG("Unexpected mds response: %s", dalloc_dump(d, 0));
+ 		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ 		return;
+ 	}
+@@ -755,7 +755,7 @@ static void mdscli_get_path_done(struct tevent_req *subreq)
+ 			  "DALLOC_CTX", 1,
+ 			  "char *", 0);
+ 	if (path == NULL) {
+-		DBG_DEBUG("No path in mds reponse: %s", dalloc_dump(d, 0));
++		DBG_DEBUG("No path in mds response: %s", dalloc_dump(d, 0));
+ 		tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ 		return;
+ 	}
+diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
+index 1aa750413cd..9ba6ef571f2 100644
+--- a/source3/rpc_server/mdssvc/marshalling.c
++++ b/source3/rpc_server/mdssvc/marshalling.c
+@@ -1050,7 +1050,7 @@ static ssize_t sl_unpack_cpx(DALLOC_CTX *query,
+ 		break;
+ 
+ 	default:
+-		DEBUG(1, ("unkown complex query type: %u", cpx_query_type));
++		DEBUG(1, ("unknown complex query type: %u", cpx_query_type));
+ 		return -1;
+ 	}
+ 
+diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
+index fa31b55a183..d6684901172 100644
+--- a/source3/rpc_server/mdssvc/mdssvc.c
++++ b/source3/rpc_server/mdssvc/mdssvc.c
+@@ -464,7 +464,7 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path)
+ 		 */
+ 
+ 		if (value.dsize != sizeof(void *)) {
+-			DEBUG(1, ("invalide dsize\n"));
++			DEBUG(1, ("invalid dsize\n"));
+ 			return false;
+ 		}
+ 		memcpy(&p, value.dptr, sizeof(p));
+diff --git a/source3/smbd/files.c b/source3/smbd/files.c
+index 677b600d0a6..840117666d9 100644
+--- a/source3/smbd/files.c
++++ b/source3/smbd/files.c
+@@ -516,7 +516,7 @@ NTSTATUS openat_pathref_fsp(const struct files_struct *dirfsp,
+ 		{
+ 			/*
+ 			 * streams_xattr return NT_STATUS_NOT_FOUND for
+-			 * opens of not yet exisiting streams.
++			 * opens of not yet existing streams.
+ 			 *
+ 			 * ELOOP maps to NT_STATUS_OBJECT_PATH_NOT_FOUND
+ 			 * and this will result from a open request from
+diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
+index 661d4eacf3e..4e21ede74d9 100644
+--- a/source3/utils/smbcacls.c
++++ b/source3/utils/smbcacls.c
+@@ -1174,7 +1174,7 @@ static NTSTATUS prepare_inheritance_propagation(TALLOC_CTX *ctx, char *filename,
+ 	for (j = 0; sd->dacl && j < sd->dacl->num_aces; j++) {
+ 		struct security_ace *ace = &sd->dacl->aces[j];
+ 		if (ace->flags & SEC_ACE_FLAG_INHERITED_ACE) {
+-			d_printf("Illegal paramater %s\n", the_acl);
++			d_printf("Illegal parameter %s\n", the_acl);
+ 			result = NT_STATUS_UNSUCCESSFUL;
+ 			goto out;
+ 		}
+diff --git a/source3/utils/status.c b/source3/utils/status.c
+index f982edfa834..e860436d72b 100644
+--- a/source3/utils/status.c
++++ b/source3/utils/status.c
+@@ -288,7 +288,7 @@ static void print_brl(struct file_id id,
+ 
+ static const char *session_dialect_str(uint16_t dialect)
+ {
+-	static fstring unkown_dialect;
++	static fstring unknown_dialect;
+ 
+ 	switch(dialect){
+ 	case SMB2_DIALECT_REVISION_000:
+@@ -311,8 +311,8 @@ static const char *session_dialect_str(uint16_t dialect)
+ 		return "SMB3_11";
+ 	}
+ 
+-	fstr_sprintf(unkown_dialect, "Unknown (0x%04x)", dialect);
+-	return unkown_dialect;
++	fstr_sprintf(unknown_dialect, "Unknown (0x%04x)", dialect);
++	return unknown_dialect;
+ }
+ 
+ static int traverse_connections(const struct connections_data *crec,
+diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
+index 0f9c6449a5a..5d263b9f0ba 100644
+--- a/source3/winbindd/winbindd.c
++++ b/source3/winbindd/winbindd.c
+@@ -1792,7 +1792,7 @@ int main(int argc, const char **argv)
+ 		size_t sun_path_len = sizeof(un.sun_path);
+ 
+ 		if (winbindd_priv_socket_len >= sun_path_len) {
+-			DBG_ERR("The winbind priviliged socket path [%s/%s] is too long "
++			DBG_ERR("The winbind privileged socket path [%s/%s] is too long "
+ 				"(%zu >= %zu)\n",
+ 				winbindd_priv_socket_dir,
+ 				WINBINDD_SOCKET_NAME,
+diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
+index 2544a106d13..0f9d9c199a9 100644
+--- a/source4/dsdb/samdb/ldb_modules/partition.c
++++ b/source4/dsdb/samdb/ldb_modules/partition.c
+@@ -1224,7 +1224,7 @@ int partition_del_trans(struct ldb_module *module)
+ 	bool trace = module && ldb_module_flags(ldb) & LDB_FLG_ENABLE_TRACING;
+ 
+ 	if (data == NULL) {
+-		DEBUG(0,("partion delete transaction with no private data\n"));
++		DEBUG(0,("partition delete transaction with no private data\n"));
+ 		return ldb_operr(ldb);
+ 	}
+ 
+diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
+index ac2fdfca5ef..afc580779b7 100755
+--- a/source4/scripting/bin/samba_upgradedns
++++ b/source4/scripting/bin/samba_upgradedns
+@@ -527,7 +527,7 @@ if __name__ == '__main__':
+     elif opts.dns_backend == "SAMBA_INTERNAL":
+         # Make sure to remove everything from the bind-dns directory to avoid
+         # possible security issues with the named group having write access
+-        # to all AD partions
++        # to all AD partitions
+         cleanup_remove_file(os.path.join(paths.binddns_dir, "dns.keytab"))
+         cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf"))
+         cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf.update"))
+diff --git a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
+index ef839bdaaf9..467c8276529 100644
+--- a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
++++ b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
+@@ -7682,7 +7682,7 @@ isSingleValued: FALSE
+ rangeUpper: 128
+ showInAdvancedViewOnly: TRUE
+ adminDisplayName: macAddress
+-adminDescription: MAC address in maximal, colon seperated hex notation
++adminDescription: MAC address in maximal, colon separated hex notation
+ oMSyntax: 22
+ searchFlags: 0
+ lDAPDisplayName: macAddress
+diff --git a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
+index e4c5e6044bb..5a5c2455e9b 100644
+--- a/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
++++ b/source4/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
+@@ -25142,7 +25142,7 @@ isSingleValued: FALSE
+ rangeUpper: 128
+ showInAdvancedViewOnly: TRUE
+ adminDisplayName: macAddress
+-adminDescription: MAC address in maximal, colon seperated hex notation
++adminDescription: MAC address in maximal, colon separated hex notation
+ oMSyntax: 22
+ searchFlags: 0
+ lDAPDisplayName: macAddress
+diff --git a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
+index 97e70e077f6..5a739468521 100644
+--- a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
++++ b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf
+@@ -7682,7 +7682,7 @@ isSingleValued: FALSE
+ rangeUpper: 128
+ showInAdvancedViewOnly: TRUE
+ adminDisplayName: macAddress
+-adminDescription: MAC address in maximal, colon seperated hex notation
++adminDescription: MAC address in maximal, colon separated hex notation
+ oMSyntax: 22
+ searchFlags: 0
+ lDAPDisplayName: macAddress
+diff --git a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
+index 4395cad679f..9d72b137cab 100644
+--- a/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
++++ b/source4/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf
+@@ -7682,7 +7682,7 @@ isSingleValued: FALSE
+ rangeUpper: 128
+ showInAdvancedViewOnly: TRUE
+ adminDisplayName: macAddress
+-adminDescription: MAC address in maximal, colon seperated hex notation
++adminDescription: MAC address in maximal, colon separated hex notation
+ oMSyntax: 22
+ searchFlags: 0
+ lDAPDisplayName: macAddress
+diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
+index b04dbde04ac..82f64c38b69 100644
+--- a/source4/torture/libsmbclient/libsmbclient.c
++++ b/source4/torture/libsmbclient/libsmbclient.c
+@@ -668,7 +668,7 @@ static bool torture_libsmbclient_readdirplus_seek(struct torture_context *tctx)
+ 		success,
+ 		done,
+ 		talloc_asprintf(tctx,
+-				"after seek (20) readdir name missmatch "
++				"after seek (20) readdir name mismatch "
+ 				"file %s - got %s\n",
+ 				dirent_20->name,
+ 				getdentries[0].name));
+@@ -700,7 +700,7 @@ static bool torture_libsmbclient_readdirplus_seek(struct torture_context *tctx)
+ 		success,
+ 		done,
+ 		talloc_asprintf(tctx,
+-				"after seek (20) readdirplus name missmatch "
++				"after seek (20) readdirplus name mismatch "
+ 				"file %s - got %s\n",
+ 				dirent_20->name,
+ 				direntries_20->name));
+@@ -733,7 +733,7 @@ static bool torture_libsmbclient_readdirplus_seek(struct torture_context *tctx)
+ 		success,
+ 		done,
+ 		talloc_asprintf(tctx,
+-				"after seek (20) readdirplus2 name missmatch "
++				"after seek (20) readdirplus2 name mismatch "
+ 				"file %s - got %s\n",
+ 				dirent_20->name,
+ 				direntries_20->name));
+@@ -937,7 +937,7 @@ static bool torture_libsmbclient_readdirplus2(struct torture_context *tctx)
+ 		success,
+ 		done,
+ 		talloc_asprintf(tctx,
+-			"filename '%s' ino missmatch. "
++			"filename '%s' ino mismatch. "
+ 			"From smbc_readdirplus2 = %"PRIx64" "
+ 			"From smbc_stat = %"PRIx64"",
+ 			filename,
+diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
+index ff5dc1d6800..39e43e5fcdb 100644
+--- a/source4/torture/rpc/samba3rpc.c
++++ b/source4/torture/rpc/samba3rpc.c
+@@ -4626,7 +4626,7 @@ static bool torture_rpc_pipes_supported_interfaces(
+ 	struct dcerpc_pipe *pipe2;
+ 	struct dcerpc_pipe *pipe3;
+ 
+-	torture_comment(torture, "Testing only appropiate interfaces are "
++	torture_comment(torture, "Testing only appropriate interfaces are "
+ 			"available in smb pipes\n");
+ 
+ 	mem_ctx = talloc_init("torture_samba3_rpc_pipes_supported_interfaces");
+diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
+index fdfd947d5e3..92f9e638ff4 100644
+--- a/source4/torture/smb2/session.c
++++ b/source4/torture/smb2/session.c
+@@ -2724,7 +2724,7 @@ static bool test_session_bind_negative_smb202(struct torture_context *tctx, stru
+ 	encrypted = smb2cli_tcon_is_encryption_on(tree0->smbXcli);
+ 	if (encrypted) {
+ 		torture_skip(tctx,
+-			     "Can't test SMB 2.02 if encrytion is required");
++			     "Can't test SMB 2.02 if encryption is required");
+ 	}
+ 
+ 	options1 = transport0->options;
+-- 
+2.30.2
+


=====================================
debian/patches/weak-crypto-allowed-clarify.diff
=====================================
@@ -0,0 +1,28 @@
+Subject: testparm: clarify "weak crypto is allowed" message
+From: Michael Tokarev <mjt at tls.msk.ru>
+Date: Fri, 01 Apr 2022 09:56:55 +0300
+Bug-Debian: https://bugs.debian.org/975882
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=14583
+
+This message makes people think there's some issue with their
+smb.conf settings which allows weak crypto to be used while
+communicating with (windows) clients.  This actually is not
+the case, the message says weak algorithms are allowed by the
+gnutls _library_, not by smb.conf. Clarify the message to
+avoid confusion.
+
+Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+
+diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
+index 58ba46bc15f..4d419fd4805 100644
+--- a/source3/utils/testparm.c
++++ b/source3/utils/testparm.c
+@@ -875,7 +875,7 @@ static void do_per_share_checks(int s)
+ 	} else {
+ 		weak_crypo_str = "disallowed";
+ 	}
+-	fprintf(stderr, "Weak crypto is %s\n", weak_crypo_str);
++	fprintf(stderr, "Weak crypto is %s by gnutls library\n", weak_crypo_str);
+ 
+ 	if (skip_logic_checks == 0) {
+ 		ret = do_global_checks();


=====================================
debian/python3-ldb.lintian-overrides
=====================================
@@ -1,2 +1,3 @@
 python3-ldb: package-name-doesnt-match-sonames libpyldb-util.cpython-*
 python3-ldb: library-not-linked-against-libc usr/lib/*/libpyldb-util.*.so.*
+python3-ldb: no-symbols-control-file usr/lib/*/libpyldb-util.*.so.*


=====================================
debian/python3-samba.lintian-overrides
=====================================
@@ -1,3 +1,5 @@
 # False positives, see #896012
 python3-samba: library-not-linked-against-libc *
 python3-samba: package-name-doesnt-match-sonames libsamba-policy.cpython-*0
+python3-samba: shared-library-lacks-prerequisites usr/lib/python3/dist-packages/samba/*.so
+python3-samba: no-symbols-control-file usr/lib/*/libsamba-policy.*.so.*


=====================================
debian/rules
=====================================
@@ -85,11 +85,11 @@ conf_args = \
 WITH_CEPH = yes
 # Ceph is not available on all platforms
 ifeq (,$(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el ppc64 s390x x32, $(DEB_HOST_ARCH)))
-    WITH_CEPH = no
+    WITH_CEPH =
 endif
 # Ubuntu i386 binary compatibility only effort: No Ceph
 ifeq ($(DEB_VENDOR) $(DEB_HOST_ARCH), Ubuntu i386)
-    WITH_CEPH = no
+    WITH_CEPH =
 endif
 
 ifeq ($(WITH_CEPH), yes)
@@ -104,11 +104,11 @@ endif
 WITH_GLUSTERFS = yes
 # GlusterFS is linux-only
 ifneq ($(DEB_HOST_ARCH_OS), linux)
-    WITH_CEPH = no
+    WITH_GLUSTERFS =
 endif
 # GlusterFS is not in Ubuntu main
 ifeq ($(DEB_VENDOR), Ubuntu)
-    WITH_GLUSTERFS = no
+    WITH_GLUSTERFS =
 endif
 
 
@@ -168,38 +168,23 @@ override_dh_auto_install:
 	# Already documented in debian/copyright
 	-rm $(DESTDIR)/usr/share/samba/setup/ad-schema/licence.txt
 	# pam stuff
-	mkdir -p $(DESTDIR)/usr/share/pam-configs
-	install -m 0644 debian/winbind.pam-config $(DESTDIR)/usr/share/pam-configs/winbind
+	install -Dp -m0644 debian/winbind.pam-config $(DESTDIR)/usr/share/pam-configs/winbind
 	mv $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* $(DESTDIR)/lib/$(DEB_HOST_MULTIARCH)/
 	# Debian goodies to set global option in smb.conf and add a share
-	install -m 0755 debian/setoption.py $(DESTDIR)/usr/share/samba
-	install -m 0755 debian/addshare.py $(DESTDIR)/usr/share/samba
+	install -p -m0755 debian/setoption.py -t $(DESTDIR)/usr/share/samba/
+	install -p -m0755 debian/addshare.py -t $(DESTDIR)/usr/share/samba/
 	# Debian goodies
-	cp debian/smb.conf* $(DESTDIR)/usr/share/samba/
-	install -m755 debian/panic-action $(DESTDIR)/usr/share/samba/panic-action
-	install -m755 debian/update-apparmor-samba-profile $(DESTDIR)/usr/share/samba/update-apparmor-samba-profile
-	cp debian/gdbcommands $(DESTDIR)/etc/samba/
-	mkdir -p $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d
-	install -m755 debian/samba-common.dhcp $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d/samba
-	install -m 0755 debian/mksmbpasswd.awk $(DESTDIR)/usr/sbin/mksmbpasswd
-	mkdir -p $(DESTDIR)/etc/ufw/applications.d
-	install -m644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
-	mkdir -p $(DESTDIR)/usr/share/apport/package-hooks
-	install -D -m 644 debian/source_samba.py $(DESTDIR)/usr/share/apport/package-hooks/source_samba.py
-	# Install other stuff not installed by "make install"
-	# This moves the dckeytab module to the samba package in order to avoid
-	# a circular dependency between python3-samba, samba and samba-common-bin
-	mkdir -p debian/samba/usr/lib/$(PYSHORT)/dist-packages/samba
-	mv $(DESTDIR)/usr/lib/$(PYSHORT)/dist-packages/samba/dckeytab*.so \
-	   debian/samba/usr/lib/$(PYSHORT)/dist-packages/samba/
-	# use upstream version of smb.conf.5 if there is no built version
-	# this is a temporary workaround for #750593 in xsltproc
-	[ -e $(DESTDIR)/usr/share/man/man5/smb.conf.5 ] || \
-	   cp docs/manpages/smb.conf.5 $(DESTDIR)/usr/share/man/man5/smb.conf.5
+	install -p -m0644 debian/smb.conf* -t $(DESTDIR)/usr/share/samba/
+	install -p -m755 debian/panic-action -t $(DESTDIR)/usr/share/samba/
+	install -p -m755 debian/update-apparmor-samba-profile -t $(DESTDIR)/usr/share/samba/
+	install -p -m0644 debian/gdbcommands -t $(DESTDIR)/etc/samba/
+	install -Dp -m0755 debian/samba-common.dhcp $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d/samba
+	install -p -m0755 debian/mksmbpasswd.awk $(DESTDIR)/usr/sbin/mksmbpasswd
+	install -Dp -m0644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
+	install -Dp -m0644 debian/source_samba.py -t $(DESTDIR)/usr/share/apport/package-hooks/
 ifeq ($(DEB_HOST_ARCH_OS), linux)
 	# Install systemd configs
-	mkdir -p $(DESTDIR)/lib/systemd/system/
-	install -m 0644 ctdb/config/ctdb.service $(DESTDIR)/lib/systemd/system/
+	install -Dp -m0644 ctdb/config/ctdb.service -t $(DESTDIR)/lib/systemd/system/
 	# Services fixups
 	mv $(DESTDIR)/lib/systemd/system/nmb.service $(DESTDIR)/lib/systemd/system/nmbd.service
 	mv $(DESTDIR)/lib/systemd/system/smb.service $(DESTDIR)/lib/systemd/system/smbd.service
@@ -220,33 +205,25 @@ endif
 	echo "d /run/samba 0755 root root -" > $(DESTDIR)/usr/lib/tmpfiles.d/samba.conf
 	echo "d /run/ctdb 0755 root root -" > $(DESTDIR)/usr/lib/tmpfiles.d/ctdb.conf
 
-override_dh_install:
-	DEB_PY3_INCDIR=$$(python3-config --includes | sed 's,^-I\([^ ]*\).*,\1,') \
-		dh_install
-
-override_dh_installdocs-arch:
-	cp ctdb/config/events/README ctdb/README.eventscripts
-	cp ctdb/config/notification.README ctdb/README.notification
-	dh_installdocs
+	# install-and-rename docs for ctdb (also arch-specific)
+	mkdir -p ${DESTDIR}/ctdb
+	install -p ctdb/config/events/README ${DESTDIR}/ctdb/README.notification
+	install -p ctdb/config/notification.README ${DESTDIR}/ctdb/README.notification
 ifeq ($(DEB_HOST_ARCH_OS), hurd)
-	dh_installdocs -pctdb debian/ctdb.README.hurd
+	install -p debian/ctdb.README.hurd ${DESTDIR}/ctdb/README.hurd
 endif
 ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
-	dh_installdocs -pctdb debian/ctdb.README.kfreebsd
+	install -p debian/ctdb.README.kfreebsd ${DESTDIR}/ctdb/README.kfreebsd
 endif
+	# FIXME: ctdb_etcd_lock is a python script which uses etcd python module,
+	# it should be either packaged separately or etcd deps are added.
+	# Also it should not be in arch-specific libdir,
+	# and all referencs to it in docs/manpages/examples should be fixed.
+	chmod -x ${DESTDIR}/usr/lib/${DEB_HOST_MULTIARCH}/ctdb/ctdb_etcd_lock
 
-override_dh_installexamples-arch:
-	# CTDB config examples and helper scripts
-	mkdir -p ctdb/doc/examples/nfs-kernel-server
-	cp debian/ctdb.example.enable.nfs.sh ctdb/doc/examples/nfs-kernel-server/enable-nfs.sh
-	cp debian/ctdb.example.nfs-common ctdb/doc/examples/nfs-kernel-server/nfs-common
-	cp debian/ctdb.example.nfs-kernel-server ctdb/doc/examples/nfs-kernel-server/nfs-kernel-server
-	cp debian/ctdb.example.services ctdb/doc/examples/nfs-kernel-server/services
-	cp debian/ctdb.example.sysctl-nfs-static-ports.conf ctdb/doc/examples/nfs-kernel-server/99-nfs-static-ports.conf
-	dh_installexamples
-
-override_dh_installchangelogs:
-	dh_installchangelogs
+override_dh_install:
+	DEB_PY3_INCDIR=$$(python3-config --includes | sed 's,^-I\([^ ]*\).*,\1,') \
+		dh_install
 
 override_dh_installinit:
 ifneq (,$(filter samba, ${dh_packagelist}))
@@ -277,7 +254,7 @@ ifneq (,$(filter ctdb, ${dh_packagelist}))
 endif
 
 override_dh_installpam:
-	dh_installpam --name=samba
+	dh_installpam -psamba-common --name=samba
 
 #override_dh_perl-arch:
 #	dh_perl -a
@@ -297,30 +274,32 @@ ifneq (,$(filter smbclient, ${dh_packagelist}))
 	chmod 0700 debian/smbclient/usr/lib/*/samba/smbspool_krb5_wrapper
 endif
 
-override_dh_missing:
-	dh_missing --fail-missing
-
 override_dh_makeshlibs:
 	# create symbols and shlibs files in separate wrapper script
 	# to deal with private libraries
 	debian/make_shlibs "${LDB_DEB_VERSION}|libldb2|ldb-tools|libldb-dev|python3-ldb|python3-ldb-dev"
 
-shlibdeps := dh_shlibdeps -l${DESTDIR}/usr/lib/${DEB_HOST_MULTIARCH}/samba
-
 override_dh_shlibdeps:
-	${shlibdeps} -a -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
+# for specific executables/modules, put dependencies in separate variables
+# to change Depends to Recommends for them in d/control
+	dh_shlibdeps -a -l${DESTDIR}/usr/lib/${DEB_HOST_MULTIARCH}/samba \
+	    -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
 ifeq ($(WITH_CEPH), yes)
-	${shlibdeps}-a -- -pvfsceph -dRecommends \
-	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so
-	${shlibdeps} -a -- -prados -dRecommends \
-	    -e debian/ctdb/usr/lib/*/ctdb/ctdb_mutex_ceph_rados_helper
-endif
-ifeq ($(WITH_GLUSTERFS), yes)
-	${shlibdeps} -a -- -pvfsglusterfs -dRecommends \
-	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so
+	dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \
+	    debian/ctdb/usr/lib/${DEB_HOST_MULTIARCH}/ctdb/ctdb_mutex_ceph_rados_helper
 endif
-	${shlibdeps} -a -- -pvfssnapper -dRecommends \
-	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so
+	dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \
+	    debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so \
+	    $(if ${WITH_CEPH}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \
+	    $(if ${WITH_GLUSTERFS}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so)
+# after shlibdeps run, check that we don't have wrong depdendencies
+	# libldb2 should not depend on samba-libs
+	# (also see debian/patches/use-bzero-instead-of-memset_s.diff)
+	if egrep "^shlibs.Depends=.* (samba-libs|samba) " debian/libldb2.substvars; \
+	then echo "E: libldb2 should not depend on samba libs" >&2; exit 1; fi
+	# python3-samba should not depend on samba
+	if egrep "^shlibs.Depends=.* (samba) " debian/python3-samba.substvars; \
+	then echo "E: python3-samba should not depend on samba" >&2; exit 1; fi
 
 override_dh_gencontrol:
 	dh_gencontrol -plibldb2 -pldb-tools -plibldb-dev -ppython3-ldb -ppython3-ldb-dev \


=====================================
debian/samba-common-bin.lintian-override
=====================================
@@ -0,0 +1,2 @@
+# deliberate, a synonym for misspelled parameter
+samba-common-bin: typo-in-manual-page usr/share/man/man5/smb.conf.5.gz line * prefered preferred


=====================================
debian/samba-libs.install
=====================================
@@ -46,6 +46,7 @@ usr/lib/*/samba/libcmdline-contexts-samba4.so.0
 usr/lib/*/samba/libcmdline-samba4.so.0
 usr/lib/*/samba/libcom-err-samba4.so.0
 usr/lib/*/samba/libcommon-auth-samba4.so.0
+usr/lib/*/samba/libdb-glue-samba4.so.0
 usr/lib/*/samba/libdbwrap-samba4.so.0
 usr/lib/*/samba/libdcerpc-pkt-auth-samba4.so.0
 usr/lib/*/samba/libdcerpc-samba-samba4.so.0


=====================================
debian/samba-libs.lintian-overrides
=====================================
@@ -6,3 +6,16 @@ samba-libs: package-name-doesnt-match-sonames libdcerpc-binding0 libdcerpc-samr0
 samba-libs: embedded-library heimdal usr/lib/*/samba/libgssapi-samba4.so.0
 # False positives, see #896012
 samba-libs: library-not-linked-against-libc *
+samba-libs: shared-library-lacks-prerequisites usr/lib/*/libdcerpc-samr.so.*
+# unofficial APIs
+samba-libs: no-symbols-control-file usr/lib/*/libdcerpc*.so.*
+samba-libs: no-symbols-control-file usr/lib/*/libndr*.so.*
+samba-libs: no-symbols-control-file usr/lib/*/libnetapi.so.*
+samba-libs: no-symbols-control-file usr/lib/*/libsamba-*.so*
+samba-libs: no-symbols-control-file usr/lib/*/libsamdb.so.*
+samba-libs: no-symbols-control-file usr/lib/*/libsmbconf.so.*
+# FIXME: libsmbldap actually has ABI file
+#samba-libs: no-symbols-control-file usr/lib/*/libsmbldap.so.*
+samba-libs: no-symbols-control-file usr/lib/*/libtevent-util.so.*
+# deliberate, a synonym for misspelled parameter
+samba-libs: spelling-error-in-binary usr/lib/*/libsamba-hostconfig.so.* prefered preferred


=====================================
debian/samba-vfs-modules.lintian-overrides
=====================================
@@ -1,2 +1,4 @@
 # False positives, see #896012
 samba-vfs-modules: library-not-linked-against-libc *
+# this is intentional: it was a typo in old config parser so we allow old config to work
+samba-vfs-modules: spelling-error-in-binary usr/lib/*/samba/vfs/fruit.so ressource resource


=====================================
debian/samba.install
=====================================
@@ -14,7 +14,6 @@ usr/bin/smbstatus
 usr/lib/*/samba/libHDB-SAMBA4-samba4.so.0
 usr/lib/*/samba/libREG-FULL-samba4.so.0
 usr/lib/*/samba/libRPC-WORKER-samba4.so.0
-usr/lib/*/samba/libdb-glue-samba4.so.0
 usr/lib/*/samba/libgss-preauth-samba4.so.0
 usr/lib/*/samba/libhdb-samba4.so.0
 usr/lib/*/samba/libkdc-samba4.so.0


=====================================
debian/source/lintian-overrides
=====================================
@@ -0,0 +1,2 @@
+# this variable is set in d/rules
+samba source: dh-exec-subst-unknown-variable DEB_PY3_INCDIR [debian/python3-ldb-dev.install:2]



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/28b7cfaf34ad5a815092f5edb7bc918977945e8f...dcf2309161f1c4944b3cc31df5f4752d6203faf1

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/28b7cfaf34ad5a815092f5edb7bc918977945e8f...dcf2309161f1c4944b3cc31df5f4752d6203faf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220401/5e273e27/attachment-0001.htm>


More information about the Pkg-samba-maint mailing list