[Pkg-samba-maint] samba and ldb updates for bullseye-security

Tue Aug 9 16:14:36 BST 2022

09.08.2022 14:13, Salvatore Bonaccorso wrote:
..
> 
> Thanks for investigating it! As you say, let's then go with the way it
> goes better.

After thinking, it looks like fixing it in samba to use actual debian version
instead of package internal version is the proper way.  Attached is a debdiff
against the proposed/failed deb11u5 version.  The change is quite small, and
even contain a cleanup.

>> BTW, after fixing this mess, should I increase the debian revision number
>> (~deb11u5 => ~deb11u6) or can I keep the same u5?
> 
> I can reject the samba upload currently on security-master so you can
> keep and reupload then with the ~deb11u5 version. Depending if we need
> to do as well ldb as well will reject that one as well (not done yet).
> Then we can go through the same upload order again as previously done.

There's no need to reject it, - I just increased the debian revision
number. It is easier to review the changes this way, I think.

Tested installation of samba-dsdb-modules (the only package which is
affected by this ldb version thing), - it works now.

I'm ready to upload this new revision of samba package, after your
review/approval.

Thank you for your time, and please excuse me my sloppiness - this whole
samba security update has been quite messy.

/mjt
-------------- next part --------------
diff -Nru samba-4.13.13+dfsg/debian/changelog samba-4.13.13+dfsg/debian/changelog

--- samba-4.13.13+dfsg/debian/changelog	2022-08-01 17:48:14.000000000 +0300
+++ samba-4.13.13+dfsg/debian/changelog	2022-08-09 17:54:01.000000000 +0300
@@ -1,3 +1,11 @@
+samba (2:4.13.13+dfsg-1~deb11u6) bullseye-security; urgency=medium
+
+  * d/rules: use dpkg-query instead of pkg-config to find debian package
+    version of libldb-dev, since this is what we actually want, not the
+    internal version libldb thinks it is at.
+
+ -- Michael Tokarev <mjt at tls.msk.ru>  Tue, 09 Aug 2022 17:54:01 +0300
+
 samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium
 
   * 3 patches:
diff -Nru samba-4.13.13+dfsg/debian/rules samba-4.13.13+dfsg/debian/rules
--- samba-4.13.13+dfsg/debian/rules	2022-08-01 17:48:14.000000000 +0300
+++ samba-4.13.13+dfsg/debian/rules	2022-08-09 17:53:02.000000000 +0300
@@ -15,13 +15,12 @@
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 DEB_HOST_ARCH_CPU ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU)
 
-LDB_VERSION = $(shell pkg-config --modversion ldb)
-LDB_EPOCH = $(shell dpkg-query -f '$${Version}' -W libldb-dev | sed 's/:.*//')
+LDB_VERSION = $(shell dpkg-query -f '$${Version}' -W libldb-dev | sed 's/-.*//')
 LDB_NEXT_VERSION = $(shell python3 -c "x = '$(LDB_VERSION)'.split('.'); x[-1] = str(int(x[-1])+1); print('.'.join(x))")
 # samba ships ldb modules, which are specific to the ldb version, so we need a
 # strict dependency on the upstream ldb version
 # this also mean samba needs a rebuild when the upstream ldb version changes
-LDB_DEPENDS = "libldb2 (<< $(LDB_EPOCH):$(LDB_NEXT_VERSION)~), libldb2 (>> $(LDB_EPOCH):$(LDB_VERSION)~)"
+LDB_DEPENDS = "libldb2 (<< $(LDB_NEXT_VERSION)~), libldb2 (>> $(LDB_VERSION)~)"
 export PYSHORT=python3
 export PYTHON=$(shell which $(PYSHORT))
 export PYTHON_CONFIG="$(PYTHON)-config"
