From gitlab at salsa.debian.org Fri Jul 1 09:07:14 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Fri, 01 Jul 2022 08:07:14 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][master] 9 commits: d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use Message-ID: <62beab32a2275_3db41000523351@godard.mail> Michael Tokarev pushed to branch master at Debian Samba Team / samba Commits: 4872ee66 by Andreas Hasenack at 2022-06-01T10:35:45-03:00 d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use nfsconf(8) if it's available, instead of parsing the old config files in /etc/default/nfs-* - - - - - b5b24e40 by Andreas Hasenack at 2022-06-01T10:36:30-03:00 d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be used by the enable-nfs.sh example script - - - - - 5baa2156 by Andreas Hasenack at 2022-06-01T10:36:54-03:00 d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota config file to be used by the example enable-nfs.sh script - - - - - a93da493 by Andreas Hasenack at 2022-06-01T10:37:03-03:00 d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: obsolete, replaced by nfs.conf - - - - - 6a4c5431 by Andreas Hasenack at 2022-06-01T10:37:18-03:00 d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new nfs.conf and other changes in the new nfs server packages - - - - - 1402b469 by Andreas Hasenack at 2022-06-01T10:37:28-03:00 rename ctdb example files nfs.conf and quota to match what the enable-nfs.sh script expects - - - - - a5fcbd35 by Andreas Hasenack at 2022-06-01T10:37:40-03:00 enable-nfs.sh ctdb example: use debian's filename for the static port sysctl configuration - - - - - 2bc992dc by Andreas Hasenack at 2022-06-01T16:29:56-03:00 enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was renamed to "cluster lock" - - - - - 13eb6050 by Michael Tokarev at 2022-07-01T08:07:00+00:00 Merge branch 'salsa-nfs-ctdb-changes' into 'master' Update CTDB and NFS scripts for new nfs server layout See merge request samba-team/samba!58 - - - - - 6 changed files: - debian/ctdb.example/nfs-kernel-server/enable-nfs.sh - ? debian/ctdb.example/nfs-kernel-server/nfs-common - ? debian/ctdb.example/nfs-kernel-server/nfs-kernel-server - + debian/ctdb.example/nfs-kernel-server/nfs.conf - + debian/ctdb.example/nfs-kernel-server/quota - debian/patches/fix-nfs-service-name-to-nfs-kernel-server.patch Changes: ===================================== debian/ctdb.example/nfs-kernel-server/enable-nfs.sh ===================================== @@ -19,6 +19,14 @@ backupfile() { [ -f $1 ] && cp $1 $1.prvctdb || true } +renamefiles() { + for f; do + [ -f "$f" ] || continue + echo "Renaming $f to $f.prvctdb" + mv "$f" "$f".prvctdb + done +} + checkservice() { (systemctl list-unit-files | grep -q $1.service) || die "service $1 not found" } @@ -46,20 +54,6 @@ appendfile() { cat $base/$origfile >> $replfile } -appendnfsenv() { - - file=$1 ; [ -f $file ] || die "inexistent file $file"; - - echo appending NFS_HOSTNAME to $file... - - grep -q "NFS_HOSTNAME" $file || \ - { - echo - echo "echo NFS_HOSTNAME=\\\"\$NFS_HOSTNAME\\\"" \>\> \/run\/sysconfig\/nfs-utils - echo - } >> $file -} - execnfsenv() { file=$1 ; [ -f $file ] || due "inexistent file $file"; @@ -71,7 +65,7 @@ execnfsenv() { fixnfshostname() { - file=$1 ; [ -f $file ] || due "inexistent file $file"; + type nfsconf > /dev/null 2>&1 || die "nfsconf(8) not found" if [ "$ghostname" == "" ]; then echo "What is the FQDN for the public IP address of this host ?" @@ -79,8 +73,8 @@ fixnfshostname() { read ghostname fi - echo placing hostname $ghostname into $file... - sed -i "s:PLACE_HOSTNAME_HERE:$ghostname:g" $file + echo "Setting $ghostname in nfs.conf..." + nfsconf --set statd name "$ghostname" } # end of functions -- @@ -90,13 +84,14 @@ fixnfshostname() { echo """ This script will enable CTDB NFS HA by changing the following files: -(1) /etc/default/nfs-common ( replace ) -(2) /etc/default/nfs-kernel-server ( replace ) +(1) /etc/nfs.conf ( replace ) +(2) /etc/nfs.conf.d/*.conf ( rename ) (3) /etc/services ( append ) -(4) /etc/sysctl.d/99-nfs-static-ports.conf ( create ) -(5) /usr/lib/systemd/scripts/nfs-utils_env.sh ( modify ) +(4) /etc/sysctl.d/98-nfs-static-ports.conf ( create ) +(5) /etc/default/quota ( replace ) -and disabling the following services: +and disabling the following services, as they will be managed +by ctdb: (1) rpcbind (2) nfs-kernel-server @@ -124,10 +119,10 @@ checkservice rpcbind echo "requirements okay!" echo -backupfile /etc/default/nfs-common -backupfile /etc/default/nfs-kernel-server +backupfile /etc/nfs.conf +renamefiles /etc/nfs.conf.d/*.conf backupfile /etc/services -backupfile /usr/lib/systemd/scripts/nfs-utils_env.sh +backupfile /etc/default/quota echo set +e @@ -150,20 +145,15 @@ echo set -e -replacefile nfs-common /etc/default/nfs-common -replacefile nfs-kernel-server /etc/default/nfs-kernel-server -replacefile 99-nfs-static-ports.conf /etc/sysctl.d/99-nfs-static-ports.conf +replacefile nfs.conf /etc/nfs.conf +replacefile 98-nfs-static-ports.conf /etc/sysctl.d/98-nfs-static-ports.conf +replacefile quota /etc/default/quota echo appendfile services /etc/services echo -fixnfshostname /etc/default/nfs-common -fixnfshostname /etc/default/nfs-kernel-server -echo - -appendnfsenv /usr/lib/systemd/scripts/nfs-utils_env.sh -execnfsenv /usr/lib/systemd/scripts/nfs-utils_env.sh +fixnfshostname echo sysctlrefresh @@ -181,10 +171,10 @@ A log file can be found at: Remember: - - to place a recovery lock in /etc/ctdb/ctdb.conf: + - to place a cluster lock in /etc/ctdb/ctdb.conf: ... [cluster] - recovery lock = /clustered.filesystem/.reclock + cluster lock = /clustered.filesystem/.reclock ... And, make sure you enable ctdb service again: ===================================== debian/ctdb.example/nfs-kernel-server/nfs-common deleted ===================================== @@ -1,19 +0,0 @@ -# CTDB: /etc/default/nfs-common for clustering - -NFS_HOSTNAME="PLACE_HOSTNAME_HERE" - -# rpc.statd - daemon listening for reboot notifications (locks related) -NEED_STATD="yes" -STATDOPTS="-n ${NFS_HOSTNAME} -p 32765 -o 32766 -H /etc/ctdb/statd-callout -T 32768 -U 32768" -STATD_HOSTNAME="$NFS_HOSTNAME" - -# rpc.gssd - security context for rpc connections -NEED_GSSD="no" - -# rpc.idmapd - NFSv4 <-> name mapping daemon (fallback nowadays) -# recent kernels use nfsidmap(8) instead -NEED_IDMAPD="no" - -# rpc.quota - usage quota -RPCRQUOTADOPTS="-p 32769" - ===================================== debian/ctdb.example/nfs-kernel-server/nfs-kernel-server deleted ===================================== @@ -1,16 +0,0 @@ -# CTDB: /etc/default/nfs-kernel-server for clustering - -NFS_HOSTNAME="PLACE_HOSTNAME_HERE" - -# rpc.nfsd - user level part of nfs service (kernel: nfsd module) -RPCNFSDPRIORITY=0 -RPCNFSDCOUNT=8 -RPCNFSDOPTS="-N 4" - -# rpc.mountd - server side of nfs mount protocol -RPCMOUNTDOPTS="-p 32767 --manage-gids --no-nfs-version 4" - -# rpc.svcgssd - userspace daemon to handle sec context for kernel rpcsec_gss -NEED_SVCGSSD="no" -RPCSVCGSSDOPTS="" - ===================================== debian/ctdb.example/nfs-kernel-server/nfs.conf ===================================== @@ -0,0 +1,20 @@ +[general] +pipefs-directory = /run/rpc_pipefs + +[lockd] +port = 32768 +udp-port = 32768 + +[mountd] +manage-gids = 1 +port = 32767 + +[nfsd] +threads = 8 +vers4 = n + +[statd] +ha-callout = /etc/ctdb/statd-callout +name = @NFS_HOSTNAME@ +outgoing-port = 32766 +port = 32765 ===================================== debian/ctdb.example/nfs-kernel-server/quota ===================================== @@ -0,0 +1,5 @@ +# Set to "true" if warnquota should be run in cron.daily +run_warnquota= + +# Add options to rpc.rquotad here +RPCRQUOTADOPTS="-p 32769" ===================================== debian/patches/fix-nfs-service-name-to-nfs-kernel-server.patch ===================================== @@ -4,13 +4,15 @@ Subject: fix nfs related service names Upstream defines nfs related service names based on the Linux distribution. This patch fixes the names for Debian and derivatives. +Update by Andreas Hasenack (LP: #1961840): +Use nfsconf(8) if it's available, instead of parsing the old config +files in /etc/default/nfs-* + Bug-Debian: https://bugs.debian.org/929931 Bug-Ubuntu: https://bugs.launchpad.net/bugs/722201 -Last-Update: 2018-08-05 -Index: samba/ctdb/config/events/legacy/06.nfs.script -=================================================================== ---- samba.orig/ctdb/config/events/legacy/06.nfs.script 2020-11-24 18:11:53.506104058 -0500 -+++ samba/ctdb/config/events/legacy/06.nfs.script 2020-11-24 18:11:53.502104093 -0500 +Last-Update: 2022-03-16 +--- a/ctdb/config/events/legacy/06.nfs.script ++++ b/ctdb/config/events/legacy/06.nfs.script @@ -6,7 +6,7 @@ . "${CTDB_BASE}/functions" @@ -20,11 +22,9 @@ Index: samba/ctdb/config/events/legacy/06.nfs.script load_script_options "service" "60.nfs" -Index: samba/ctdb/config/events/legacy/60.nfs.script -=================================================================== ---- samba.orig/ctdb/config/events/legacy/60.nfs.script 2020-11-24 18:11:53.506104058 -0500 -+++ samba/ctdb/config/events/legacy/60.nfs.script 2020-11-24 18:11:53.502104093 -0500 -@@ -6,9 +6,9 @@ +--- a/ctdb/config/events/legacy/60.nfs.script ++++ b/ctdb/config/events/legacy/60.nfs.script +@@ -6,9 +6,11 @@ . "${CTDB_BASE}/functions" @@ -32,14 +32,14 @@ Index: samba/ctdb/config/events/legacy/60.nfs.script +service_name="nfs-kernel-server" -load_system_config "nfs" -+load_system_config "nfs-kernel-server" ++if ! type nfsconf > /dev/null 2>&1; then ++ load_system_config "nfs-kernel-server" ++fi load_script_options -Index: samba/ctdb/config/nfs-linux-kernel-callout -=================================================================== ---- samba.orig/ctdb/config/nfs-linux-kernel-callout 2020-11-24 18:11:53.506104058 -0500 -+++ samba/ctdb/config/nfs-linux-kernel-callout 2020-11-24 18:11:53.502104093 -0500 +--- a/ctdb/config/nfs-linux-kernel-callout ++++ b/ctdb/config/nfs-linux-kernel-callout @@ -14,7 +14,7 @@ # As above, edit the default value below. CTDB_NFS_DISTRO_STYLE is a @@ -49,31 +49,40 @@ Index: samba/ctdb/config/nfs-linux-kernel-callout case "$nfs_distro_style" in systemd-*) -@@ -33,6 +33,14 @@ +@@ -32,7 +32,22 @@ + : # Defaults only ;; *-debian) - nfs_rquotad_service="quotarpc" -+ nfs_lock_service="" -+ nfs_lock_service="" -+ nfs_mountd_service="" -+ nfs_status_service="" +- nfs_rquotad_service="quotarpc" ++ # XXX ++ # Undefine nfs_rquotad_services because the quotarpc service won't ++ # start unless there are specific "quota" mount options in /etc/fstab.. ++ # In this way, we let ctdb start it up manually once the ++ # /etc/ctdb/nfs-checks.d/50.rquotad.check detects rpc.rquotad isn't ++ # running. ++ # Users who really don't want rpc.rquotad running should then move ++ # the 50.rquotad.check script away. + nfs_rquotad_service="" + nfs_service="nfs-kernel-server" -+ nfs_config="/etc/default/nfs-kernel-server" ++ if type nfsconf >/dev/null 2>&1; then ++ nfs_config="" ++ else ++ nfs_config="/etc/default/nfs-kernel-server" ++ fi + nfs_rquotad_config="/etc/default/quota" ;; *) echo "Internal error" -Index: samba/ctdb/config/statd-callout -=================================================================== ---- samba.orig/ctdb/config/statd-callout 2020-11-24 18:11:53.506104058 -0500 -+++ samba/ctdb/config/statd-callout 2020-11-24 18:11:53.502104093 -0500 -@@ -29,7 +29,7 @@ +--- a/ctdb/config/statd-callout ++++ b/ctdb/config/statd-callout +@@ -29,7 +29,9 @@ } # Try different variables to find config file for NFS_HOSTNAME -load_system_config "nfs" "nfs-common" -+load_system_config "nfs-kernel-server" ++if ! type nfsconf > /dev/null 2>&1; then ++ load_system_config "nfs-common" "nfs-kernel-server" ++fi # If NFS_HOSTNAME not set then try to pull it out of /etc/nfs.conf if [ -z "$NFS_HOSTNAME" ] && type nfsconf >/dev/null 2>&1 ; then View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/394205e6dd4baf98425f87b2e5fd3ba87f7dd0a5...13eb6050d1e9176126a5b50529f9f7cea016a502 -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/394205e6dd4baf98425f87b2e5fd3ba87f7dd0a5...13eb6050d1e9176126a5b50529f9f7cea016a502 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From belegdol at gmail.com Wed Jul 6 12:12:09 2022 From: belegdol at gmail.com (Julian Sikorski) Date: Wed, 06 Jul 2022 13:12:09 +0200 Subject: [Pkg-samba-maint] Bug#1014453: samba: error 22 when attempting to mount a share from linux-5.18.8 or newer client Message-ID: <165710592922.393.17468578298437243800.reportbug@odroidxu4> Package: samba Version: 2:4.13.13+dfsg-1~deb11u3 Severity: important Tags: patch X-Debbugs-Cc: belegdol at gmail.com Dear Maintainer, After updating my client to kernel 5.18.8, I was no longer able to mount samba shares hosted by my debian install. I was getting mount error 22. Upon discussing the problem on linux-cifs [1], it was discovered that the issue can be fixed by a patch available in samba versions 4.15 and later [2]. I can confirm that adding this patch to the debian 4.13 package fixes the issue too. Please add this patch to the package. [1] https://lore.kernel.org/linux-cifs/8ccad303-7489-d90a-2255-ca36b7253810 at gmail.com/T/#t [2] https://git.samba.org/?p=samba.git;a=commitdiff;h=147dd9d58a429695a3b6c6e45c8b0eaafc67908a -- Package-specific info: * /etc/samba/smb.conf present, and attached * /var/lib/samba/dhcp.conf not present -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: armhf (armv7l) Kernel: Linux 5.4.199-odroidxu4 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages samba depends on: ii adduser 3.118 ii dpkg 1.20.10 ii init-system-helpers 1.60 ii libbsd0 0.11.3-1 ii libc6 2.31-13+deb11u3 ii libgnutls30 3.7.1-5 ii libldb2 2:2.2.3-2~deb11u1 ii libpam-modules 1.4.0-9+deb11u1 ii libpam-runtime 1.4.0-9+deb11u1 ii libpopt0 1.18-2 ii libpython3.9 3.9.2-1 ii libtalloc2 2.3.1-2+b1 ii libtasn1-6 4.16.0-2 ii libtdb1 1.4.3-1+b1 ii libtevent0 0.10.2-1 ii libwbclient0 2:4.13.13+dfsg-1~deb11u3.1 ii lsb-base 11.1.0 ii procps 2:3.3.17-5 ii python3 3.9.2-3 ii python3-dnspython 2.0.0-1 ii python3-samba 2:4.13.13+dfsg-1~deb11u3.1 ii samba-common 2:4.13.13+dfsg-1~deb11u3.1 ii samba-common-bin 2:4.13.13+dfsg-1~deb11u3.1 ii samba-libs 2:4.13.13+dfsg-1~deb11u3.1 ii tdb-tools 1.4.3-1+b1 Versions of packages samba recommends: pn attr ii logrotate 3.18.0-2 pn python3-markdown pn samba-dsdb-modules ii samba-vfs-modules 2:4.13.13+dfsg-1~deb11u3.1 Versions of packages samba suggests: pn bind9 pn bind9utils ii chrony 4.0-8+deb11u2 pn ctdb pn ldb-tools pn smbldap-tools pn ufw pn winbind -- Configuration Files: /etc/logrotate.d/samba changed: /var/log.hdd/samba/log.smbd { weekly missingok rotate 7 postrotate [ ! -x /usr/bin/smbcontrol ] || [ ! -f /run/samba/smbd.pid ] || /usr/bin/smbcontrol smbd reload-config endscript compress delaycompress notifempty } /var/log.hdd/samba/log.nmbd { weekly missingok rotate 7 postrotate [ ! -x /usr/bin/smbcontrol ] || [ ! -f /run/samba/nmbd.pid ] || /usr/bin/smbcontrol nmbd reload-config endscript compress delaycompress notifempty } /var/log.hdd/samba/log.samba { weekly missingok rotate 7 postrotate if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet samba-ad-dc; then systemctl kill --kill-who all --signal=SIGHUP samba-ad-dc elif [ -f /run/samba/samba.pid ]; then # This only sends to main pid, See #803924 kill -HUP `cat /run/samba/samba.pid` fi endscript compress delaycompress notifempty } -- no debconf information -------------- next part -------------- # This file is auto-generated by openmediavault (https://www.openmediavault.org) # WARNING: Do not edit this file, your changes will get lost. #======================= Global Settings ======================= [global] workgroup = WORKGROUP server string = %h server dns proxy = no log level = 0 log file = /var/log/samba/log.%m max log size = 1000 logging = syslog panic action = /usr/share/samba/panic-action %d passdb backend = tdbsam obey pam restrictions = no unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes socket options = TCP_NODELAY IPTOS_LOWDELAY guest account = nobody load printers = no disable spoolss = yes printing = bsd printcap name = /dev/null unix extensions = yes wide links = no create mask = 0777 directory mask = 0777 use sendfile = yes aio read size = 16384 aio write size = 16384 time server = no wins support = no disable netbios = yes multicast dns register = no # Special configuration for Apple's Time Machine fruit:aapl = yes # Extra options min receivefile size = 16384 getwd cache = yes #======================= Share Definitions ======================= [julian] path = /srv/dev-disk-by-label-omv/julian/ guest ok = no guest only = no read only = no browseable = yes inherit acls = yes inherit permissions = no ea support = no store dos attributes = no vfs objects = printable = no create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 hide special files = yes follow symlinks = yes hide dot files = yes valid users = "julas" invalid users = read list = write list = "julas" [yasy] path = /srv/dev-disk-by-label-omv/yasy/ guest ok = no guest only = no read only = no browseable = yes inherit acls = yes inherit permissions = no ea support = no store dos attributes = no vfs objects = printable = no create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 hide special files = yes follow symlinks = yes hide dot files = yes valid users = "yasy" invalid users = read list = write list = "yasy" [austausch] path = /srv/dev-disk-by-label-omv/austausch/ guest ok = no guest only = no read only = no browseable = yes inherit acls = yes inherit permissions = no ea support = no store dos attributes = no vfs objects = printable = no create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 hide special files = yes follow symlinks = yes hide dot files = yes valid users = "julas","yasy" invalid users = read list = write list = "julas","yasy" [Bilder2019] path = /srv/dev-disk-by-label-omv/julian/Pictures/2019/ guest ok = no guest only = no read only = no browseable = yes inherit acls = yes inherit permissions = no ea support = no store dos attributes = no vfs objects = printable = no create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 hide special files = yes follow symlinks = yes hide dot files = yes valid users = "julas","yasy" invalid users = read list = write list = "julas","yasy" From mjt at tls.msk.ru Mon Jul 11 16:31:01 2022 From: mjt at tls.msk.ru (Michael Tokarev) Date: Mon, 11 Jul 2022 18:31:01 +0300 Subject: [Pkg-samba-maint] Bug#1014453: Bug#1014453: samba: error 22 when attempting to mount a share from linux-5.18.8 or newer client In-Reply-To: <165710592922.393.17468578298437243800.reportbug@odroidxu4> References: <165710592922.393.17468578298437243800.reportbug@odroidxu4> <165710592922.393.17468578298437243800.reportbug@odroidxu4> Message-ID: 06.07.2022 14:12, Julian Sikorski wrote: > Package: samba > Version: 2:4.13.13+dfsg-1~deb11u3 > Severity: important > Tags: patch > X-Debbugs-Cc: belegdol at gmail.com > > Dear Maintainer, > > After updating my client to kernel 5.18.8, I was no longer able to mount samba shares hosted by my debian install. I was getting mount error 22. > Upon discussing the problem on linux-cifs [1], it was discovered that the issue can be fixed by a patch available in samba versions 4.15 and later [2]. I can confirm that adding this patch to the debian 4.13 package fixes the issue too. Please add this patch to the package. > > [1] https://lore.kernel.org/linux-cifs/8ccad303-7489-d90a-2255-ca36b7253810 at gmail.com/T/#t > [2] https://git.samba.org/?p=samba.git;a=commitdiff;h=147dd9d58a429695a3b6c6e45c8b0eaafc67908a As far as I can see, this fix is included in samba 4.16 which is currently in testing and in bullseye-backports. Kernel 5.18 is not in bullseye. I think you can use samba from bpo to fix this one. I don't have plans to make another 4.13 in bullseye for now. And I don't really know what do do with this bugreport which can already be closed since it is fixed in testing... Thanks, /mjt From belegdol at gmail.com Mon Jul 11 16:45:43 2022 From: belegdol at gmail.com (Julian Sikorski) Date: Mon, 11 Jul 2022 17:45:43 +0200 Subject: [Pkg-samba-maint] Bug#1014453: Bug#1014453: samba: error 22 when attempting to mount a share from linux-5.18.8 or newer client In-Reply-To: References: <165710592922.393.17468578298437243800.reportbug@odroidxu4> <165710592922.393.17468578298437243800.reportbug@odroidxu4> Message-ID: Am 11.07.22 um 17:31 schrieb Michael Tokarev: > 06.07.2022 14:12, Julian Sikorski wrote: >> Package: samba >> Version: 2:4.13.13+dfsg-1~deb11u3 >> Severity: important >> Tags: patch >> X-Debbugs-Cc: belegdol at gmail.com >> >> Dear Maintainer, >> >> After updating my client to kernel 5.18.8, I was no longer able to >> mount samba shares hosted by my debian install. I was getting mount >> error 22. >> Upon discussing the problem on linux-cifs [1], it was discovered that >> the issue can be fixed by a patch available in samba versions 4.15 and >> later [2]. I can confirm that adding this patch to the debian 4.13 >> package fixes the issue too. Please add this patch to the package. >> >> [1] >> https://lore.kernel.org/linux-cifs/8ccad303-7489-d90a-2255-ca36b7253810 at gmail.com/T/#t >> >> [2] >> https://git.samba.org/?p=samba.git;a=commitdiff;h=147dd9d58a429695a3b6c6e45c8b0eaafc67908a >> > > As far as I can see, this fix is included in samba 4.16 which is > currently in > testing and in bullseye-backports.? Kernel 5.18 is not in bullseye. > > I think you can use samba from bpo to fix this one. I don't have plans > to make another 4.13 in bullseye for now.? And I don't really know what > do do with this bugreport which can already be closed since it is fixed > in testing... > > Thanks, > > /mjt Thanks for responding. As I am not familiar with Debian's update policies, please excuse if these are obvious questions. Are there plans to get samba 4.16 into bullseye-updates? Or will the fix only be included in bookworm? While kernel 5.18 is not in bullseye yet, we are specifically talking about client-server situation, meaning that the client is not unlikely to be running to be a different OS than the server. For me it is armbian on the server and fedora on the client. The patch exposing the bug only got into 5.18 stable tree, not to the older ones, so the issue is likely limited in scope at the moment. It might become more prevalent as more clients upgrade the kernel. Best regards, Julian From owner at bugs.debian.org Tue Jul 12 19:03:04 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Tue, 12 Jul 2022 18:03:04 +0000 Subject: [Pkg-samba-maint] Processed: Re: cifs-utils non-parallel FTBFS References: <0e84f68c-e911-b2ca-21ef-9ad44a12a858@unex.es> Message-ID: Processing commands for control at bugs.debian.org: > tags 993014 + patch Bug #993014 [src:cifs-utils] cifs-utils non-parallel FTBFS Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 993014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993014 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From sanvila at unex.es Tue Jul 12 18:58:39 2022 From: sanvila at unex.es (Santiago Vila) Date: Tue, 12 Jul 2022 19:58:39 +0200 Subject: [Pkg-samba-maint] Bug#993014: cifs-utils non-parallel FTBFS In-Reply-To: References: Message-ID: <0e84f68c-e911-b2ca-21ef-9ad44a12a858@unex.es> tags 993014 + patch thanks El 26/8/21 a las 12:31, Helmut Grohne escribi?: > | make install-exec-hook > | make[5]: Entering directory '/<>' > | (cd /<>/debian/cifs-utils/sbin && ln -sf mount.cifs mount.smb3) > | /bin/bash: line 1: cd: /<>/debian/cifs-utils/sbin: No such file or directory Hi. I can reproduce this as well. For the version in bullseye, I believe the attached patch should be enough to fix the problem. For testing/unstable, I'm confused because the QA page for this package: https://packages.qa.debian.org/c/cifs-utils.html says: Updating cifs-utils fixes old bugs: #993014 but I don't see this is fixed in unstable. Is the QA tracker working properly? Thanks. -------------- next part -------------- --- a/Makefile.am +++ b/Makefile.am @@ -119,6 +119,7 @@ SUBDIRS = contrib install-exec-hook: + mkdir -p $(DESTDIR)$(ROOTSBINDIR) (cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3) install-data-hook: From belegdol at gmail.com Mon Jul 18 07:01:32 2022 From: belegdol at gmail.com (Julian Sikorski) Date: Mon, 18 Jul 2022 08:01:32 +0200 Subject: [Pkg-samba-maint] Bug#1014453: Bug#1014453: samba: error 22 when attempting to mount a share from linux-5.18.8 or newer client In-Reply-To: References: <165710592922.393.17468578298437243800.reportbug@odroidxu4> <165710592922.393.17468578298437243800.reportbug@odroidxu4> Message-ID: Am 11.07.22 um 17:45 schrieb Julian Sikorski: > Am 11.07.22 um 17:31 schrieb Michael Tokarev: >> 06.07.2022 14:12, Julian Sikorski wrote: >>> Package: samba >>> Version: 2:4.13.13+dfsg-1~deb11u3 >>> Severity: important >>> Tags: patch >>> X-Debbugs-Cc: belegdol at gmail.com >>> >>> Dear Maintainer, >>> >>> After updating my client to kernel 5.18.8, I was no longer able to >>> mount samba shares hosted by my debian install. I was getting mount >>> error 22. >>> Upon discussing the problem on linux-cifs [1], it was discovered that >>> the issue can be fixed by a patch available in samba versions 4.15 >>> and later [2]. I can confirm that adding this patch to the debian >>> 4.13 package fixes the issue too. Please add this patch to the package. >>> >>> [1] >>> https://lore.kernel.org/linux-cifs/8ccad303-7489-d90a-2255-ca36b7253810 at gmail.com/T/#t >>> >>> [2] >>> https://git.samba.org/?p=samba.git;a=commitdiff;h=147dd9d58a429695a3b6c6e45c8b0eaafc67908a >>> >> >> As far as I can see, this fix is included in samba 4.16 which is >> currently in >> testing and in bullseye-backports.? Kernel 5.18 is not in bullseye. >> >> I think you can use samba from bpo to fix this one. I don't have plans >> to make another 4.13 in bullseye for now.? And I don't really know what >> do do with this bugreport which can already be closed since it is fixed >> in testing... >> >> Thanks, >> >> /mjt > Thanks for responding. As I am not familiar with Debian's update > policies, please excuse if these are obvious questions. > Are there plans to get samba 4.16 into bullseye-updates? Or will the fix > only be included in bookworm? While kernel 5.18 is not in bullseye yet, > we are specifically talking about client-server situation, meaning that > the client is not unlikely to be running to be a different OS than the > server. For me it is armbian on the server and fedora on the client. The > patch exposing the bug only got into 5.18 stable tree, not to the older > ones, so the issue is likely limited in scope at the moment. It might > become more prevalent as more clients upgrade the kernel. > > Best regards, > Julian Looks like this issue is going to be fixed on the client side after all, probably in 5.18.13: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.18/smb3-workaround-negprot-bug-in-some-samba-servers.patch Please feel free to close this bug. Best regards, Julian From gitlab at salsa.debian.org Mon Jul 18 14:37:04 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Mon, 18 Jul 2022 13:37:04 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][master] 32 commits: VERSION: Bump version up to Samba 4.16.3... Message-ID: <62d56200ea5c2_3db1b32191c2069158@godard.mail> Michael Tokarev pushed to branch master at Debian Samba Team / samba Commits: ad60cbaf by Jule Anger at 2022-06-13T08:48:17+02:00 VERSION: Bump version up to Samba 4.16.3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger at samba.org> - - - - - a393eab0 by Martin Schwenke at 2022-06-18T08:47:17+00:00 util: Add new debug setting debug_no_stderr_redirect CTDB doesn't want this redirection of stderr to the log file. It expects to be able to capture stderr of subprocesses and log them with a header. This redirection stops that from happening. Unfortunately this has to be a negative option (i.e. "no" in the name) so that the default of 0/false maintains existing behaviour. Note that the default behaviour is sub-optimal because it causes raw data (i.e. debug data without a header) to appear in the log. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit a8091bd0c565a3f14542731e642319dbb68b4786) - - - - - 79706765 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-common: Tell file logging not to redirect stderr This allows ctdb_set_child_logging() to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit 1596a3e84babb8fdd86af0c4b98906b309be7907) - - - - - c4e176e4 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-daemon: Drop unused prefix, logfn, logfn_private These aren't set anywhere in the code. Drop the log argument because it is also no longer used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit 88f35cf86285b7a818282d5f465711de66dfad59) - - - - - 959d37e7 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-daemon: Use DEBUG() macro for child logging Directly using dbgtext() with file logging results in a log entry with no header, which is wrong. This is a regression, introduced in commit 10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's callback for file logging would always add a header. Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares the passed script_log_level with DEBUGLEVEL, so an explicit check is no longer necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> Autobuild-User(master): Volker Lendecke <vl at samba.org> Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184 (cherry picked from commit e752f841e682cc571006c09249b03d82aea5f8cd) - - - - - 1137957a by Douglas Bagnall at 2022-06-18T08:47:17+00:00 s4/dlz: add support for bind 9.18 It seems nothing has changed since 9.16 for our purposes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986 Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Signed-off-by: Andreas Hasenack <andreas at canonical.com> Pair-programmed-with: Andreas Hasenack <andreas at canonical.com> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org> Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184 (cherry picked from commit 03036442deac25f58be4119e6c9ce2586e0abf51) - - - - - edd5a851 by Douglas Bagnall at 2022-06-18T08:47:17+00:00 cmdline_s4: re-initialise logging once loadparm is ready The first time round we maybe didn't know which files we wanted to log to. Suppose, for example, we had an smb.conf with log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log we wouldn't see anything in "/var/log/group_json.log", while the level 5 dsdb_group_json_audit messages would go into the main log. Note that the named file would still be opened by winbindd and others that use the s3 code, but would remain empty as they don't have anything to say about dsdb_group_json_audit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076 Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> (cherry picked from commit 9537ac723cfdc43e718fdd08dc28883e7057a372) - - - - - a9f87b92 by Andreas Schneider at 2022-06-18T09:55:28+00:00 s3:utils: Fix missing space in testparm output BUG: https://bugzilla.samba.org/show_bug.cgi?id=15097 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Alexander Bokovoy <ab at samba.org> (cherry picked from commit 7009fb1a10c579262dfa62894ea674197fcee354) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Sat Jun 18 09:55:28 UTC 2022 on sn-devel-184 - - - - - 8db232cb by Noel Power at 2022-06-20T10:00:16+00:00 Add new dfs node msdfs-share pointing to new msdfs-share2 Also add another node within msdfs-share2 pointing to normal share This patch is in preperation for creating a test for 'del' & 'deltree' on DFS shares. The extra redirection is necessary to reproduce the bug BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 39672a9676bff53d3ccc0ad7c1fa65a95cbceaab) - - - - - 2f105c9f by Noel Power at 2022-06-20T10:00:16+00:00 Add test smbclient 'del' of file (on DFS share) del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND Addionally add a knownfail (will be removed in following patch to fix the bug) We also need to add a knownfail (which will not be removed) for the new test which will fail in smb1 envs BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (back-ported from commit db1b4df0ab3b18821da3c2dbe6d6058f0c3019b8) - - - - - 8bac5eed by Noel Power at 2022-06-20T10:00:16+00:00 s3/client: fix dfs delete, resolve dfs path since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems to deal with non dfs root path, hence we need to resolve the path before calling cli_unlink. Also remove the knownfail BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 7c4cb4982330cd2eda53950e977179920b1e3b04) - - - - - 659d6140 by Noel Power at 2022-06-20T10:00:16+00:00 Add test smbclient 'delree' of dir (on DFS share) deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND Addionally add a knownfail for this (to be removed in subsequent patch to fix bug) We also need to add a knownfail (which will not be removed) for the new test which will fail in smb1 envs BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 23a5a05db03a8f14ab701005a8bec9a3eeff3d77) - - - - - 94a94383 by Noel Power at 2022-06-20T10:56:52+00:00 s3/client: fix dfs deltree, resolve dfs path since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems to deal with non dfs root path, hence we need to resolve the path before calling cli_unlink. Also remove the knownfail We additionally have to also remove the fallback to remove 'file3' int the smbcacls_dfs_propagate_inherit.teardown as the deltree that happens in the baseclass now succeeds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> Autobuild-User(master): Jeremy Allison <jra at samba.org> Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184 (cherry picked from commit 81fdcf95ae92a02f83501753dec0f29ddd555eeb) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jun 20 10:56:52 UTC 2022 on sn-devel-184 - - - - - 81dc0832 by Jeremy Allison at 2022-06-23T07:35:08+00:00 s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099 Signed-off-by: Jeremy Allison <jra at samba.org> Reviewed-by: Noel Power <npower at samba.org> (backported from commit 238b2cbb8f352375c448d86b462f13752640e16b) - - - - - 58bdf100 by Jeremy Allison at 2022-06-23T08:43:30+00:00 s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat(). vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL when configured to use "fruit:resource = stream" so we need to use synthetic_pathref() to get an fsp on the smb_fname->base_name in order to call SMB_VFS_FREMOVEXATTR(). This is the same change we already use in streams_xattr_renameat() and streams_xattr_stat(), the other pathname operations we implement here. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099 Signed-off-by: Jeremy Allison <jra at samba.org> Reviewed-by: Noel Power <npower at samba.org> Autobuild-User(master): Noel Power <npower at samba.org> Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184 (backported from commit 808a7b8b76dbcaac1db0508fd410d0bcf702af7a) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Thu Jun 23 08:43:30 UTC 2022 on sn-devel-184 - - - - - becccbae by Andreas Schneider at 2022-06-27T08:25:10+00:00 s3:waf: Fix version number of public libsmbconf Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Ralph Boehme <slow at samba.org> (cherry picked from commit 8458449ddf1a5c939784116aa3f9d21edaf93a05) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jun 27 08:25:10 UTC 2022 on sn-devel-184 - - - - - cce25171 by Andreas Schneider at 2022-07-11T10:27:17+00:00 s3:printing: Do not clear the printer-list.tdb With the new dcerpc architecture we need to keep printer-list.tdb around. A spoolss dcerpc call will start rpc-spoolssd which will then start the background queue process. However in order to enum the printers we need have a printer-list.tdb. Depending on the number of printers this task can take several seconds. It is unlinkly that the printer-list will change all the time, so we might provide outdated data till it gets refreshed, but this is better than providing no printer list at all. If there are a lot of printers, the idle_seconds for the rpc-spoolssd should be increased so that the background task can finish. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 9080cd30d517cb50954e440bb4475c2eeb678906) - - - - - 54ad51cd by Volker Lendecke at 2022-07-11T10:27:17+00:00 smbd: Make non_widelink_open() robust for non-cwd dirfsp If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir to the parent pathname, and thus we also don't overwrite fsp->base_fsp. fsp->base_fsp!=NULL is thus the wrong condition to restore the original base fsp name: If we open a stream with a non-cwd_fsp dirfsp, we would overwrite fsp->base_fsp->fsp_name with NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105 Signed-off-by: Volker Lendecke <vl at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 280e9191cbf8a766e69ab138450f2beccbedd879) - - - - - 42edafd3 by Andreas Schneider at 2022-07-11T10:27:17+00:00 s4:libads: Fix trailing whitespaces in ldap.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit d96a6cafe558eedc0419affc784049f915d0a6a2) - - - - - a708af36 by Andreas Schneider at 2022-07-11T11:33:49+00:00 s3:libads: Check if we have a valid sockaddr BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit fbf134c8d9e2fe0615824eee6ae7ccdbef4b59dc) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jul 11 11:33:49 UTC 2022 on sn-devel-184 - - - - - 52ac4ce2 by Christof Schmitt at 2022-07-18T08:47:13+00:00 nfs4_acls: Correctly skip chown when gid did not change Commit 86f7af84 introduced a problem that a chown is always attempted, even when the owning gid did not change. Then the ACL is set in the file system as root. Fix the check by correctly comparing with gid, not uid. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120 Signed-off-by: Christof Schmitt <cs at samba.org> Reviewed-by: Volker Lendecke <vl at samba.org> Autobuild-User(master): Christof Schmitt <cs at samba.org> Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184 (cherry picked from commit a6ccceb97ebd43d453ae4f835927cbacde0fdcef) - - - - - 3537ef5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00 replace: Check for -Wuse-after-free BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andrew Bartlett <abartlet at samba.org> (cherry picked from commit 89e0c732b1c45f6498ed0f39add77c2a52afddce) - - - - - 17451c5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00 third_party/heimdal: Fix build with gcc version 12.1 Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS and avoid the following error: [1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c ../../third_party/heimdal/lib/krb5/crypto.c: In function ?_krb5_internal_hmac?: ../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ?const? qualifier from pointer target type [-Wcast-qual] 302 | iov[0].data.data = (void *) data; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?derive_key_sp800_hmac?: ../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ?const? qualifier from pointer target type [-Wcast-qual] 2427 | label.data = (void *)constant; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_derived?: ../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1280 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ?realloc? here 1278 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_enc_then_cksum?: ../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1365 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ?realloc? here 1363 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal?: ../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1431 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ?realloc? here 1429 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_special?: ../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1478 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ?realloc? here 1476 | result->data = realloc(p, sz); | ^~~~~~~~~~~~~~ cc1: all warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Autobuild-User(master): Samuel Cabrero <scabrero at samba.org> Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184 (cherry picked from commit 971441ca5244b0e56f6b664d785fcefa3867ede1) - - - - - c5569b4f by Volker Lendecke at 2022-07-18T08:47:13+00:00 rpc_server3: Initialize mangle_fns in classic and spoolss Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118 Signed-off-by: Volker Lendecke <vl at samba.org> Reviewed-by: Pavel Filipensk? <pfilipensky at samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org> Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184 (cherry picked from commit 11d3d2aeac599ebbedd5332c5520465970319448) - - - - - e388fe2b by Samuel Cabrero at 2022-07-18T08:47:13+00:00 s3:winbind: Create service principal inside add_ccache_to_list() The function can build the service principal itself, there is no need to do it in the caller. This removes code duplication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> (cherry picked from commit 8bef8e3de9fc96ff45319f80529e878977563f3a) - - - - - 89b914b3 by Samuel Cabrero at 2022-07-18T09:40:12+00:00 s3:winbind: Use the canonical realm name to renew the credentials Consider the following AD topology where all trusts are parent-child trusts: ADOM.AFOREST.AD | ACHILD.ADOM.AFOREST.AD | AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined When logging into the Samba machine using pam_winbind with kerberos enabled with user ACHILD\user1, the ccache content is: Default principal: user1 at ACHILD.ADOM.AFOREST.AD Valid starting Expires Service principal 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:09:23 --> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket renew until 07/13/2022 16:09:23 07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:09:23 But when logging in with user ADOM\user1, the ccache content is: Default principal: user1 at ADOM.AFOREST.AD Valid starting Expires Service principal 07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD renew until 07/13/2022 16:04:37 07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:04:37 MIT does not store the intermediate TGTs when there is more than one hop: ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)] Getting credentials user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105 Starting with TGT for client realm: user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD Sending request to ADOM.AFOREST.AD Received answer from stream 192.168.101.32:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key rc4-hmac/D88B --> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD Received answer (1628 bytes) from stream 192.168.101.33:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015 --> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Received answer (1647 bytes) from stream 192.168.101.34:88 TGS reply is for user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Storing user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105 In the case of ACHILD\user1: ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)] Getting credentials user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000 Starting with TGT for client realm: user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Sending request to ACHILD.ADOM.AFOREST.AD Received answer from stream 192.168.101.33:88 TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60 --> Storing user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Received answer (1675 bytes) from stream 192.168.101.34:88 TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576 Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Storing user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 The result is that winbindd can't refresh the tickets for ADOM\user1 because the local realm is used to build the TGT service name. smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at AGRANDCHILD.ACHILD.ADOM.AFOREST.AD' Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105) The canonical realm name must be used instead: smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD' Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success Get cred via TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD (canonicalize off) Sending request to ADOM.AFOREST.AD Received answer from stream 192.168.101.32:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key aes256-cts/8C7B Storing user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org> Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184 (cherry picked from commit 116af0df4f74aa450cbb77c79f8cac4bfc288631) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jul 18 09:40:12 UTC 2022 on sn-devel-184 - - - - - 36eeba73 by Jule Anger at 2022-07-18T13:08:52+02:00 WHATSNEW: Add release notes for Samba 4.16.3. Signed-off-by: Jule Anger <janger at samba.org> - - - - - b3cbf421 by Jule Anger at 2022-07-18T13:09:27+02:00 VERSION: Disable GIT_SNAPSHOT for the 4.16.3 release. Signed-off-by: Jule Anger <janger at samba.org> - - - - - 55d4cb9e by Michael Tokarev at 2022-07-18T16:25:30+03:00 d/watch: repacksuffix=+dfsg - - - - - 460c18f4 by Michael Tokarev at 2022-07-18T16:27:17+03:00 New upstream version 4.16.3+dfsg - - - - - af9de44b by Michael Tokarev at 2022-07-18T16:28:08+03:00 Update upstream source from tag 'upstream/4.16.3+dfsg' Update to upstream version '4.16.3+dfsg' with Debian dir c3da4b5cf54c461216ab252e9a34b77dcd3055d9 - - - - - b8a32a98 by Michael Tokarev at 2022-07-18T16:36:34+03:00 start changelog for 4.16.3 - - - - - 30 changed files: - VERSION - WHATSNEW.txt - ctdb/common/logging.c - ctdb/doc/ctdb-etcd.7 - ctdb/doc/ctdb-script.options.5 - ctdb/doc/ctdb-statistics.7 - ctdb/doc/ctdb-tunables.7 - ctdb/doc/ctdb.1 - ctdb/doc/ctdb.7 - ctdb/doc/ctdb.conf.5 - ctdb/doc/ctdb.sysconfig.5 - ctdb/doc/ctdb_diagnostics.1 - ctdb/doc/ctdb_mutex_ceph_rados_helper.7 - ctdb/doc/ctdbd.1 - ctdb/doc/ctdbd_wrapper.1 - ctdb/doc/ltdbtool.1 - ctdb/doc/onnode.1 - ctdb/doc/ping_pong.1 - ctdb/server/ctdb_logging.c - debian/changelog - debian/watch - docs/manpages/cifsdd.8 - docs/manpages/dbwrap_tool.1 - docs/manpages/eventlogadm.8 - docs/manpages/idmap_ad.8 - docs/manpages/idmap_autorid.8 - docs/manpages/idmap_hash.8 - docs/manpages/idmap_ldap.8 - docs/manpages/idmap_nss.8 - docs/manpages/idmap_rfc2307.8 The diff was not included because it is too large. View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/13eb6050d1e9176126a5b50529f9f7cea016a502...b8a32a98de745a08740c846c1cde8fee3a6f5b97 -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/13eb6050d1e9176126a5b50529f9f7cea016a502...b8a32a98de745a08740c846c1cde8fee3a6f5b97 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Mon Jul 18 14:52:43 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Mon, 18 Jul 2022 13:52:43 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][master] d/samba-libs.install: +libsmbconf version suffix Message-ID: <62d565ab8620b_3db1c1ec640207357f@godard.mail> Michael Tokarev pushed to branch master at Debian Samba Team / samba Commits: 61bb5745 by Michael Tokarev at 2022-07-18T16:46:48+03:00 d/samba-libs.install: +libsmbconf version suffix - - - - - 1 changed file: - debian/samba-libs.install Changes: ===================================== debian/samba-libs.install ===================================== @@ -15,7 +15,7 @@ usr/lib/*/libsamba-passdb.so.0 usr/lib/*/libsamba-passdb.so.0.28.0 usr/lib/*/libsamba-util.so.* usr/lib/*/libsamdb.so.* -usr/lib/*/libsmbconf.so.0 +usr/lib/*/libsmbconf.so.0* usr/lib/*/libsmbldap.so.2* usr/lib/*/libtevent-util.so.* usr/lib/*/samba/auth/ View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/61bb5745210b80f4532cc18ef5362cc459ebad38 -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/61bb5745210b80f4532cc18ef5362cc459ebad38 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Mon Jul 18 15:59:38 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Mon, 18 Jul 2022 14:59:38 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][pristine-tar] pristine-tar data for samba_4.16.3+dfsg.orig.tar.xz Message-ID: <62d5755a3335f_3db75413502088031@godard.mail> Michael Tokarev pushed to branch pristine-tar at Debian Samba Team / samba Commits: dfc8119b by Michael Tokarev at 2022-07-18T16:28:05+03:00 pristine-tar data for samba_4.16.3+dfsg.orig.tar.xz - - - - - 2 changed files: - + samba_4.16.3+dfsg.orig.tar.xz.delta - + samba_4.16.3+dfsg.orig.tar.xz.id Changes: ===================================== samba_4.16.3+dfsg.orig.tar.xz.delta ===================================== Binary files /dev/null and b/samba_4.16.3+dfsg.orig.tar.xz.delta differ ===================================== samba_4.16.3+dfsg.orig.tar.xz.id ===================================== @@ -0,0 +1 @@ +2453a849bd21dfa73ba57a4dfcf59b6e11ff8693 View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/dfc8119bdada6faa8e2e6ad7b946a81844847f9c -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/dfc8119bdada6faa8e2e6ad7b946a81844847f9c You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Mon Jul 18 15:59:41 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Mon, 18 Jul 2022 14:59:41 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][upstream_4.16] 29 commits: VERSION: Bump version up to Samba 4.16.3... Message-ID: <62d5755d6b765_3db1c1c8fb02088231@godard.mail> Michael Tokarev pushed to branch upstream_4.16 at Debian Samba Team / samba Commits: ad60cbaf by Jule Anger at 2022-06-13T08:48:17+02:00 VERSION: Bump version up to Samba 4.16.3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger at samba.org> - - - - - a393eab0 by Martin Schwenke at 2022-06-18T08:47:17+00:00 util: Add new debug setting debug_no_stderr_redirect CTDB doesn't want this redirection of stderr to the log file. It expects to be able to capture stderr of subprocesses and log them with a header. This redirection stops that from happening. Unfortunately this has to be a negative option (i.e. "no" in the name) so that the default of 0/false maintains existing behaviour. Note that the default behaviour is sub-optimal because it causes raw data (i.e. debug data without a header) to appear in the log. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit a8091bd0c565a3f14542731e642319dbb68b4786) - - - - - 79706765 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-common: Tell file logging not to redirect stderr This allows ctdb_set_child_logging() to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit 1596a3e84babb8fdd86af0c4b98906b309be7907) - - - - - c4e176e4 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-daemon: Drop unused prefix, logfn, logfn_private These aren't set anywhere in the code. Drop the log argument because it is also no longer used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> (cherry picked from commit 88f35cf86285b7a818282d5f465711de66dfad59) - - - - - 959d37e7 by Martin Schwenke at 2022-06-18T08:47:17+00:00 ctdb-daemon: Use DEBUG() macro for child logging Directly using dbgtext() with file logging results in a log entry with no header, which is wrong. This is a regression, introduced in commit 10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's callback for file logging would always add a header. Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares the passed script_log_level with DEBUGLEVEL, so an explicit check is no longer necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090 Signed-off-by: Martin Schwenke <martin at meltin.net> Reviewed-by: Volker Lendecke <vl at samba.org> Autobuild-User(master): Volker Lendecke <vl at samba.org> Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184 (cherry picked from commit e752f841e682cc571006c09249b03d82aea5f8cd) - - - - - 1137957a by Douglas Bagnall at 2022-06-18T08:47:17+00:00 s4/dlz: add support for bind 9.18 It seems nothing has changed since 9.16 for our purposes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986 Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Signed-off-by: Andreas Hasenack <andreas at canonical.com> Pair-programmed-with: Andreas Hasenack <andreas at canonical.com> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org> Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184 (cherry picked from commit 03036442deac25f58be4119e6c9ce2586e0abf51) - - - - - edd5a851 by Douglas Bagnall at 2022-06-18T08:47:17+00:00 cmdline_s4: re-initialise logging once loadparm is ready The first time round we maybe didn't know which files we wanted to log to. Suppose, for example, we had an smb.conf with log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log we wouldn't see anything in "/var/log/group_json.log", while the level 5 dsdb_group_json_audit messages would go into the main log. Note that the named file would still be opened by winbindd and others that use the s3 code, but would remain empty as they don't have anything to say about dsdb_group_json_audit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076 Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> (cherry picked from commit 9537ac723cfdc43e718fdd08dc28883e7057a372) - - - - - a9f87b92 by Andreas Schneider at 2022-06-18T09:55:28+00:00 s3:utils: Fix missing space in testparm output BUG: https://bugzilla.samba.org/show_bug.cgi?id=15097 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Alexander Bokovoy <ab at samba.org> (cherry picked from commit 7009fb1a10c579262dfa62894ea674197fcee354) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Sat Jun 18 09:55:28 UTC 2022 on sn-devel-184 - - - - - 8db232cb by Noel Power at 2022-06-20T10:00:16+00:00 Add new dfs node msdfs-share pointing to new msdfs-share2 Also add another node within msdfs-share2 pointing to normal share This patch is in preperation for creating a test for 'del' & 'deltree' on DFS shares. The extra redirection is necessary to reproduce the bug BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 39672a9676bff53d3ccc0ad7c1fa65a95cbceaab) - - - - - 2f105c9f by Noel Power at 2022-06-20T10:00:16+00:00 Add test smbclient 'del' of file (on DFS share) del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND Addionally add a knownfail (will be removed in following patch to fix the bug) We also need to add a knownfail (which will not be removed) for the new test which will fail in smb1 envs BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (back-ported from commit db1b4df0ab3b18821da3c2dbe6d6058f0c3019b8) - - - - - 8bac5eed by Noel Power at 2022-06-20T10:00:16+00:00 s3/client: fix dfs delete, resolve dfs path since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems to deal with non dfs root path, hence we need to resolve the path before calling cli_unlink. Also remove the knownfail BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 7c4cb4982330cd2eda53950e977179920b1e3b04) - - - - - 659d6140 by Noel Power at 2022-06-20T10:00:16+00:00 Add test smbclient 'delree' of dir (on DFS share) deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND Addionally add a knownfail for this (to be removed in subsequent patch to fix bug) We also need to add a knownfail (which will not be removed) for the new test which will fail in smb1 envs BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 23a5a05db03a8f14ab701005a8bec9a3eeff3d77) - - - - - 94a94383 by Noel Power at 2022-06-20T10:56:52+00:00 s3/client: fix dfs deltree, resolve dfs path since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems to deal with non dfs root path, hence we need to resolve the path before calling cli_unlink. Also remove the knownfail We additionally have to also remove the fallback to remove 'file3' int the smbcacls_dfs_propagate_inherit.teardown as the deltree that happens in the baseclass now succeeds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100 Signed-off-by: Noel Power <noel.power at suse.com> Reviewed-by: Jeremy Allison <jra at samba.org> Autobuild-User(master): Jeremy Allison <jra at samba.org> Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184 (cherry picked from commit 81fdcf95ae92a02f83501753dec0f29ddd555eeb) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jun 20 10:56:52 UTC 2022 on sn-devel-184 - - - - - 81dc0832 by Jeremy Allison at 2022-06-23T07:35:08+00:00 s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099 Signed-off-by: Jeremy Allison <jra at samba.org> Reviewed-by: Noel Power <npower at samba.org> (backported from commit 238b2cbb8f352375c448d86b462f13752640e16b) - - - - - 58bdf100 by Jeremy Allison at 2022-06-23T08:43:30+00:00 s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat(). vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL when configured to use "fruit:resource = stream" so we need to use synthetic_pathref() to get an fsp on the smb_fname->base_name in order to call SMB_VFS_FREMOVEXATTR(). This is the same change we already use in streams_xattr_renameat() and streams_xattr_stat(), the other pathname operations we implement here. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099 Signed-off-by: Jeremy Allison <jra at samba.org> Reviewed-by: Noel Power <npower at samba.org> Autobuild-User(master): Noel Power <npower at samba.org> Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184 (backported from commit 808a7b8b76dbcaac1db0508fd410d0bcf702af7a) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Thu Jun 23 08:43:30 UTC 2022 on sn-devel-184 - - - - - becccbae by Andreas Schneider at 2022-06-27T08:25:10+00:00 s3:waf: Fix version number of public libsmbconf Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Ralph Boehme <slow at samba.org> (cherry picked from commit 8458449ddf1a5c939784116aa3f9d21edaf93a05) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jun 27 08:25:10 UTC 2022 on sn-devel-184 - - - - - cce25171 by Andreas Schneider at 2022-07-11T10:27:17+00:00 s3:printing: Do not clear the printer-list.tdb With the new dcerpc architecture we need to keep printer-list.tdb around. A spoolss dcerpc call will start rpc-spoolssd which will then start the background queue process. However in order to enum the printers we need have a printer-list.tdb. Depending on the number of printers this task can take several seconds. It is unlinkly that the printer-list will change all the time, so we might provide outdated data till it gets refreshed, but this is better than providing no printer list at all. If there are a lot of printers, the idle_seconds for the rpc-spoolssd should be increased so that the background task can finish. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 9080cd30d517cb50954e440bb4475c2eeb678906) - - - - - 54ad51cd by Volker Lendecke at 2022-07-11T10:27:17+00:00 smbd: Make non_widelink_open() robust for non-cwd dirfsp If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir to the parent pathname, and thus we also don't overwrite fsp->base_fsp. fsp->base_fsp!=NULL is thus the wrong condition to restore the original base fsp name: If we open a stream with a non-cwd_fsp dirfsp, we would overwrite fsp->base_fsp->fsp_name with NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105 Signed-off-by: Volker Lendecke <vl at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit 280e9191cbf8a766e69ab138450f2beccbedd879) - - - - - 42edafd3 by Andreas Schneider at 2022-07-11T10:27:17+00:00 s4:libads: Fix trailing whitespaces in ldap.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit d96a6cafe558eedc0419affc784049f915d0a6a2) - - - - - a708af36 by Andreas Schneider at 2022-07-11T11:33:49+00:00 s3:libads: Check if we have a valid sockaddr BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106 Signed-off-by: Andreas Schneider <asn at samba.org> Reviewed-by: Jeremy Allison <jra at samba.org> (cherry picked from commit fbf134c8d9e2fe0615824eee6ae7ccdbef4b59dc) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jul 11 11:33:49 UTC 2022 on sn-devel-184 - - - - - 52ac4ce2 by Christof Schmitt at 2022-07-18T08:47:13+00:00 nfs4_acls: Correctly skip chown when gid did not change Commit 86f7af84 introduced a problem that a chown is always attempted, even when the owning gid did not change. Then the ACL is set in the file system as root. Fix the check by correctly comparing with gid, not uid. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120 Signed-off-by: Christof Schmitt <cs at samba.org> Reviewed-by: Volker Lendecke <vl at samba.org> Autobuild-User(master): Christof Schmitt <cs at samba.org> Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184 (cherry picked from commit a6ccceb97ebd43d453ae4f835927cbacde0fdcef) - - - - - 3537ef5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00 replace: Check for -Wuse-after-free BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andrew Bartlett <abartlet at samba.org> (cherry picked from commit 89e0c732b1c45f6498ed0f39add77c2a52afddce) - - - - - 17451c5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00 third_party/heimdal: Fix build with gcc version 12.1 Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS and avoid the following error: [1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c ../../third_party/heimdal/lib/krb5/crypto.c: In function ?_krb5_internal_hmac?: ../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ?const? qualifier from pointer target type [-Wcast-qual] 302 | iov[0].data.data = (void *) data; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?derive_key_sp800_hmac?: ../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ?const? qualifier from pointer target type [-Wcast-qual] 2427 | label.data = (void *)constant; | ^ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_derived?: ../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1280 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ?realloc? here 1278 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_enc_then_cksum?: ../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1365 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ?realloc? here 1363 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal?: ../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1431 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ?realloc? here 1429 | result->data = realloc(p, l); | ^~~~~~~~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c: In function ?decrypt_internal_special?: ../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ?p? may be used after ?realloc? [-Werror=use-after-free] 1478 | free(p); | ^~~~~~~ ../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ?realloc? here 1476 | result->data = realloc(p, sz); | ^~~~~~~~~~~~~~ cc1: all warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Autobuild-User(master): Samuel Cabrero <scabrero at samba.org> Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184 (cherry picked from commit 971441ca5244b0e56f6b664d785fcefa3867ede1) - - - - - c5569b4f by Volker Lendecke at 2022-07-18T08:47:13+00:00 rpc_server3: Initialize mangle_fns in classic and spoolss Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118 Signed-off-by: Volker Lendecke <vl at samba.org> Reviewed-by: Pavel Filipensk? <pfilipensky at samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org> Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184 (cherry picked from commit 11d3d2aeac599ebbedd5332c5520465970319448) - - - - - e388fe2b by Samuel Cabrero at 2022-07-18T08:47:13+00:00 s3:winbind: Create service principal inside add_ccache_to_list() The function can build the service principal itself, there is no need to do it in the caller. This removes code duplication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> (cherry picked from commit 8bef8e3de9fc96ff45319f80529e878977563f3a) - - - - - 89b914b3 by Samuel Cabrero at 2022-07-18T09:40:12+00:00 s3:winbind: Use the canonical realm name to renew the credentials Consider the following AD topology where all trusts are parent-child trusts: ADOM.AFOREST.AD | ACHILD.ADOM.AFOREST.AD | AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined When logging into the Samba machine using pam_winbind with kerberos enabled with user ACHILD\user1, the ccache content is: Default principal: user1 at ACHILD.ADOM.AFOREST.AD Valid starting Expires Service principal 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:09:23 --> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket renew until 07/13/2022 16:09:23 07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:09:23 But when logging in with user ADOM\user1, the ccache content is: Default principal: user1 at ADOM.AFOREST.AD Valid starting Expires Service principal 07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD renew until 07/13/2022 16:04:37 07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD renew until 07/13/2022 16:04:37 MIT does not store the intermediate TGTs when there is more than one hop: ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)] Getting credentials user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105 Starting with TGT for client realm: user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD Sending request to ADOM.AFOREST.AD Received answer from stream 192.168.101.32:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key rc4-hmac/D88B --> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD Received answer (1628 bytes) from stream 192.168.101.33:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015 --> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Received answer (1647 bytes) from stream 192.168.101.34:88 TGS reply is for user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Storing user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105 In the case of ACHILD\user1: ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)] Getting credentials user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000 Starting with TGT for client realm: user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Sending request to ACHILD.ADOM.AFOREST.AD Received answer from stream 192.168.101.33:88 TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60 --> Storing user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Received answer (1675 bytes) from stream 192.168.101.34:88 TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576 Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD Storing user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 The result is that winbindd can't refresh the tickets for ADOM\user1 because the local realm is used to build the TGT service name. smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at AGRANDCHILD.ACHILD.ADOM.AFOREST.AD' Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105) The canonical realm name must be used instead: smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD' Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success Get cred via TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD (canonicalize off) Sending request to ADOM.AFOREST.AD Received answer from stream 192.168.101.32:88 TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key aes256-cts/8C7B Storing user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979 Signed-off-by: Samuel Cabrero <scabrero at samba.org> Reviewed-by: Andreas Schneider <asn at samba.org> Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org> Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184 (cherry picked from commit 116af0df4f74aa450cbb77c79f8cac4bfc288631) Autobuild-User(v4-16-test): Jule Anger <janger at samba.org> Autobuild-Date(v4-16-test): Mon Jul 18 09:40:12 UTC 2022 on sn-devel-184 - - - - - 36eeba73 by Jule Anger at 2022-07-18T13:08:52+02:00 WHATSNEW: Add release notes for Samba 4.16.3. Signed-off-by: Jule Anger <janger at samba.org> - - - - - b3cbf421 by Jule Anger at 2022-07-18T13:09:27+02:00 VERSION: Disable GIT_SNAPSHOT for the 4.16.3 release. Signed-off-by: Jule Anger <janger at samba.org> - - - - - 460c18f4 by Michael Tokarev at 2022-07-18T16:27:17+03:00 New upstream version 4.16.3+dfsg - - - - - 30 changed files: - VERSION - WHATSNEW.txt - ctdb/common/logging.c - ctdb/doc/ctdb-etcd.7 - ctdb/doc/ctdb-script.options.5 - ctdb/doc/ctdb-statistics.7 - ctdb/doc/ctdb-tunables.7 - ctdb/doc/ctdb.1 - ctdb/doc/ctdb.7 - ctdb/doc/ctdb.conf.5 - ctdb/doc/ctdb.sysconfig.5 - ctdb/doc/ctdb_diagnostics.1 - ctdb/doc/ctdb_mutex_ceph_rados_helper.7 - ctdb/doc/ctdbd.1 - ctdb/doc/ctdbd_wrapper.1 - ctdb/doc/ltdbtool.1 - ctdb/doc/onnode.1 - ctdb/doc/ping_pong.1 - ctdb/server/ctdb_logging.c - docs/manpages/cifsdd.8 - docs/manpages/dbwrap_tool.1 - docs/manpages/eventlogadm.8 - docs/manpages/idmap_ad.8 - docs/manpages/idmap_autorid.8 - docs/manpages/idmap_hash.8 - docs/manpages/idmap_ldap.8 - docs/manpages/idmap_nss.8 - docs/manpages/idmap_rfc2307.8 - docs/manpages/idmap_rid.8 - docs/manpages/idmap_script.8 The diff was not included because it is too large. View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/40cd3b6d0f349d9cf17379ef92f867003f4a41c4...460c18f48bf4dc685c517a9208126d69949cd679 -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/40cd3b6d0f349d9cf17379ef92f867003f4a41c4...460c18f48bf4dc685c517a9208126d69949cd679 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Tue Jul 19 10:24:15 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Tue, 19 Jul 2022 09:24:15 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba][master] update changelog; upload 4.16.3+dfsg-1 to unstable Message-ID: <62d6783f918_3db1c1ec6402217526@godard.mail> Michael Tokarev pushed to branch master at Debian Samba Team / samba Commits: a622afaa by Michael Tokarev at 2022-07-18T17:15:32+03:00 update changelog; upload 4.16.3+dfsg-1 to unstable - - - - - 1 changed file: - debian/changelog Changes: ===================================== debian/changelog ===================================== @@ -1,8 +1,13 @@ -samba (2:4.16.3+dfsg-1) UNRELEASED; urgency=medium +samba (2:4.16.3+dfsg-1) unstable; urgency=medium - * new upstream minor/bugfix releae. + [ Michael Tokarev ] + * new upstream minor/bugfix releae. See WHATSNEW.txt for details. + * d/watch: add the forgotten repacksuffix=+dfsg + + [ Andreas Hasenack ] + * update nfs configuration examples for ctdb - -- Michael Tokarev Mon, 18 Jul 2022 16:30:51 +0300 + -- Michael Tokarev Mon, 18 Jul 2022 17:15:07 +0300 samba (2:4.16.2+dfsg-1) unstable; urgency=medium View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/a622afaa50aebb14ce8868d21734f49d1ae0e109 -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/commit/a622afaa50aebb14ce8868d21734f49d1ae0e109 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Tue Jul 19 10:24:16 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Tue, 19 Jul 2022 09:24:16 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba] Pushed new tag upstream/4.16.3+dfsg Message-ID: <62d67840b5b2c_3db1c1ec6402217752@godard.mail> Michael Tokarev pushed new tag upstream/4.16.3+dfsg at Debian Samba Team / samba -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/tree/upstream/4.16.3+dfsg You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gitlab at salsa.debian.org Tue Jul 19 10:24:18 2022 From: gitlab at salsa.debian.org (Michael Tokarev (@mjt)) Date: Tue, 19 Jul 2022 09:24:18 +0000 Subject: [Pkg-samba-maint] [Git][samba-team/samba] Pushed new tag debian/2%4.16.3+dfsg-1 Message-ID: <62d67842c5d13_3db7541350221797f@godard.mail> Michael Tokarev pushed new tag debian/2%4.16.3+dfsg-1 at Debian Samba Team / samba -- View it on GitLab: https://salsa.debian.org/samba-team/samba/-/tree/debian/2%254.16.3+dfsg-1 You're receiving this email because of your account on salsa.debian.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftpmaster at ftp-master.debian.org Tue Jul 19 10:33:15 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 19 Jul 2022 09:33:15 +0000 Subject: [Pkg-samba-maint] Processing of samba_4.16.3+dfsg-1_source.changes Message-ID: samba_4.16.3+dfsg-1_source.changes uploaded successfully to localhost along with the files: samba_4.16.3+dfsg-1.dsc samba_4.16.3+dfsg.orig.tar.xz samba_4.16.3+dfsg-1.debian.tar.xz samba_4.16.3+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Tue Jul 19 10:37:03 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 19 Jul 2022 09:37:03 +0000 Subject: [Pkg-samba-maint] samba_4.16.3+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jul 2022 17:15:07 +0300 Source: samba Architecture: source Version: 2:4.16.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Samba Maintainers Changed-By: Michael Tokarev Changes: samba (2:4.16.3+dfsg-1) unstable; urgency=medium . [ Michael Tokarev ] * new upstream minor/bugfix releae. See WHATSNEW.txt for details. * d/watch: add the forgotten repacksuffix=+dfsg . [ Andreas Hasenack ] * update nfs configuration examples for ctdb Checksums-Sha1: e4bbc9751c355c89e60c9c48fd2462afdec31762 4225 samba_4.16.3+dfsg-1.dsc a1a7e8096a5fcb88781ec81cfe9ab65120585f91 18141100 samba_4.16.3+dfsg.orig.tar.xz c07336450dac69d8ae0a3e73b5abbbebc5406617 263600 samba_4.16.3+dfsg-1.debian.tar.xz 108f62eb37cd52dd4f4e87922f12f25d89e153b3 6046 samba_4.16.3+dfsg-1_source.buildinfo Checksums-Sha256: 944c89a9f17ab8b92a92f906271a84e4e7922724e40e48a76530b5dd456b41e4 4225 samba_4.16.3+dfsg-1.dsc b87dd93ff2c6edc99d309fb9e77a84fad6568ebb902c09122e903862b4a5e8e9 18141100 samba_4.16.3+dfsg.orig.tar.xz 2063efcb70ce8b7ba5cef6594e5d46fa1834d62dfd289605c95dd20fe852b721 263600 samba_4.16.3+dfsg-1.debian.tar.xz 9452fee53cb3551a31ce3775efcef4d8bf73772677a76433022af25cd181cae9 6046 samba_4.16.3+dfsg-1_source.buildinfo Files: ee61ae7b9efdc9e142f8ede151d0ba74 4225 net optional samba_4.16.3+dfsg-1.dsc 0cf39f7d227ab556c84fffc4220e234e 18141100 net optional samba_4.16.3+dfsg.orig.tar.xz 75559ab9b02bc76d68c9f2c96d396d8a 263600 net optional samba_4.16.3+dfsg-1.debian.tar.xz f52c4b742de1062e5372a75fab259fa3 6046 net optional samba_4.16.3+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmLVayMPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZECIH/iBmoTGlERCBLnBTWcl7v9AQbQvTbMCuHrY/ Ox9QOiTyjc4L7V33ECjGcdoa6sl1KjpCJU3JeeS6qcFRhdpEB8i9UOm9mwqfyKz0 9GpPutqLgJqpQpPGYuNpK4p/xMZwWjwHJd1xdPZVD5DQ3iVcSFcxzOE4F89Ou9yM t9yk1mwZnMLFt3CHHebIA3TZiNCuRlV+/90QTu9Ni9CT6QoISWzlAtF+7BCySyYI K72c4oyTXfQlAEmu0BYv77ak9PXDmDgpxZ07HLkejADXdQfxA6zleC7ulbQ803Ew gESKhMtoceuPM1BMc5VUx/vKKBdOU+D0Q3R9Kkl7V3DqcumFG7E= =bmhW -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From pmhahn at pmhahn.de Mon Jul 25 16:04:01 2022 From: pmhahn at pmhahn.de (Philipp Hahn) Date: Mon, 25 Jul 2022 17:04:01 +0200 Subject: [Pkg-samba-maint] APT dependency resolver: Missing python3-ldb Breaks: libldb2 ? Message-ID: <7c839890-3def-5983-be60-58a2c4ae7829@pmhahn.de> Hello, I'm a DD myself, but employed by Univention GmbH. As such these are NOT Debian packages, but our own builds. Nevertheless I want to understand the underlying issue as I have seen it multiple times by now - even in Debian. Today I observed some APT behavior, which I was unable to explain at first, but after some research make sense: - System has old package versions installed: > libldb2:amd64 2:2.5.1-1 > python3-ldb 2:2.5.1-1 - `apt-get install ?` is used to install additional packages. Indirectly they require newer version of > ...: Depends: libldb2 (>= 2:2.5.2-1) - This aborts refusing to upgrade `python3-ldb`, which declares > python3-ldb: Depends: libldb2 (= ${binary:Version}) - What I thinks is missing is some > libldb2: Breaks: python3-ldb (<< ${binary:Version}) # More details This is from running the following command: > LC_ALL=C apt-get install \ > -s \ > -o Debug::pkgDepCache::Marker=yes \ > -o Debug::pkgDepCache::AutoInstall=yes \ > -o Debug::pkgProblemResolver=yes \ > -o Debug::pkgProblemResolver::ShowScores=yes \ > univention-s4-connector 2>&1 | less which show this: > Show Scores > 10000 univention-s4-connector:amd64 < none -> 14.0.10-2 @un puN > > ... > 35 python3-ldb:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > > ... > 30 libldb2:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > > ... > 8 samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > > Starting 2 pkgProblemResolver with broken count: 1 > Investigating (0) samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > > Broken samba-dsdb-modules:amd64 Depends on libldb2:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > (> 2:2.5.2~) > Considering libldb2:amd64 30 as a solution to samba-dsdb-modules:amd64 8 > MarkKeep samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > FU=0 > Re-Instated libldb2:amd64 > Re-Instated samba-dsdb-modules:amd64 > Investigating (1) python3-ldb:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH Ib > > Broken python3-ldb:amd64 Depends on libldb2:amd64 < 2:2.5.1-1 -> 2:2.5.2-1 @ii umU > (= 2:2.5.1-1) > Considering libldb2:amd64 30 as a solution to python3-ldb:amd64 35 I thinks it is here the APT decides to prioritize `python3-ldb` over `libldb2` and prefers to not update both packages. > Added libldb2:amd64 to the remove list > Fixing python3-ldb:amd64 via keep of libldb2:amd64 > MarkKeep libldb2:amd64 < 2:2.5.1-1A~5.0.0.202206171844 -> 2:2.5.2-1 @ii umU > FU=0 Is this a generic problem, which happens, when an upgrade is requested to a lower-level library such as `libldb2`, but not the higher-level package such as `python3-ldb`, when there is a same version dependency between them? > python3-ldb: Depends: libldb2 (= ${binary:Version}) What is the correct fix? Add this? > libldb2: Breaks: python3-ldb (<< ${binary:Version}) LDB is here: You can find even more details in my blog post at Thanks in advance Philipp From noreply at release.debian.org Tue Jul 26 05:39:17 2022 From: noreply at release.debian.org (Debian testing watch) Date: Tue, 26 Jul 2022 04:39:17 +0000 Subject: [Pkg-samba-maint] samba 2:4.16.3+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the samba source package in Debian's testing distribution has changed. Previous version: 2:4.16.2+dfsg-1 Current version: 2:4.16.3+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From Andre.Wagner at richard-wolf.com Tue Jul 26 09:49:40 2022 From: Andre.Wagner at richard-wolf.com (Wagner Andre) Date: Tue, 26 Jul 2022 08:49:40 +0000 Subject: [Pkg-samba-maint] APT dependency resolver: Missing python3-ldb Breaks: libldb2 ? In-Reply-To: <7c839890-3def-5983-be60-58a2c4ae7829@pmhahn.de> References: <7c839890-3def-5983-be60-58a2c4ae7829@pmhahn.de> Message-ID: <80a58764dabb4f7bacada8dac132f227@richard-wolf.com> Hi Phillipp, I think your problem is quite similar to the problem Michael reported on phoronix: https://www.phoronix.com/news/Ubuntu-22.04-APT-Breaks-Things [https://www.phoronix.net/image.php?id=2022&image=ubuntu_apt_libudev1] An Ubuntu 22.04 LTS Fix Is Coming For A Very Annoying & Serious APT Problem - Phoronix www.phoronix.com Recently on Ubuntu 22.04 LTS I've noticed that after installing dependencies for a number of benchmarks that the Ubuntu Linux installation is simply broken.. In the article it was also mentioned that a fix is ready. Hope this helps. Greetings, Andr? [https://www.richard-wolf.com/mam/data/Typo3/banner/75PfC-e-mail-banner-600x150.png] Richard Wolf GmbH, Pforzheimer Strasse 32, 75438 Knittlingen Managing Directors: Juergen Pfab, Juergen Steinbeck. Trade Register: Mannheim HRB 510031 Richard Wolf GmbH routinely monitors the content of e-mail sent and received via its network for the purposes of ensuring compliance with its policies and procedures. Richard Wolf GmbH is not responsible for any changes made to the message after it has been sent. Where opinions are expressed, they are not necessarily those of Richard Wolf GmbH. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you are not the intended addressee, or the person responsible for delivering it to them, you may not copy, forward, disclose, or otherwise use it or any part of it in any way. To do so may be unlawful. If you receive this e-mail by mistake, please advise the sender immediately. Privacy Statement | Legal Information | Terms & Conditions ________________________________ From: Philipp Hahn Sent: Monday, July 25, 2022 5:04:01 PM To: APT Development Team Cc: Debian Samba Maintainers Subject: APT dependency resolver: Missing python3-ldb Breaks: libldb2 ? Hello, I'm a DD myself, but employed by Univention GmbH. As such these are NOT Debian packages, but our own builds. Nevertheless I want to understand the underlying issue as I have seen it multiple times by now - even in Debian. Today I observed some APT behavior, which I was unable to explain at first, but after some research make sense: - System has old package versions installed: > libldb2:amd64 2:2.5.1-1 > python3-ldb 2:2.5.1-1 - `apt-get install ?` is used to install additional packages. Indirectly they require newer version of > ...: Depends: libldb2 (>= 2:2.5.2-1) - This aborts refusing to upgrade `python3-ldb`, which declares > python3-ldb: Depends: libldb2 (= ${binary:Version}) - What I thinks is missing is some > libldb2: Breaks: python3-ldb (<< ${binary:Version}) # More details This is from running the following command: > LC_ALL=C apt-get install \ > -s \ > -o Debug::pkgDepCache::Marker=yes \ > -o Debug::pkgDepCache::AutoInstall=yes \ > -o Debug::pkgProblemResolver=yes \ > -o Debug::pkgProblemResolver::ShowScores=yes \ > univention-s4-connector 2>&1 | less which show this: > Show Scores > 10000 univention-s4-connector:amd64 < none -> 14.0.10-2 @un puN > > ... > 35 python3-ldb:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > > ... > 30 libldb2:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > > ... > 8 samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > > Starting 2 pkgProblemResolver with broken count: 1 > Investigating (0) samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > > Broken samba-dsdb-modules:amd64 Depends on libldb2:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH > (> 2:2.5.2~) > Considering libldb2:amd64 30 as a solution to samba-dsdb-modules:amd64 8 > MarkKeep samba-dsdb-modules:amd64 < 2:4.16.2-1 -> 2:4.16.2-1 @ii umU Ib > FU=0 > Re-Instated libldb2:amd64 > Re-Instated samba-dsdb-modules:amd64 > Investigating (1) python3-ldb:amd64 < 2:2.5.1-1 | 2:2.5.2-1 @ii umH Ib > > Broken python3-ldb:amd64 Depends on libldb2:amd64 < 2:2.5.1-1 -> 2:2.5.2-1 @ii umU > (= 2:2.5.1-1) > Considering libldb2:amd64 30 as a solution to python3-ldb:amd64 35 I thinks it is here the APT decides to prioritize `python3-ldb` over `libldb2` and prefers to not update both packages. > Added libldb2:amd64 to the remove list > Fixing python3-ldb:amd64 via keep of libldb2:amd64 > MarkKeep libldb2:amd64 < 2:2.5.1-1A~5.0.0.202206171844 -> 2:2.5.2-1 @ii umU > FU=0 Is this a generic problem, which happens, when an upgrade is requested to a lower-level library such as `libldb2`, but not the higher-level package such as `python3-ldb`, when there is a same version dependency between them? > python3-ldb: Depends: libldb2 (= ${binary:Version}) What is the correct fix? Add this? > libldb2: Breaks: python3-ldb (<< ${binary:Version}) LDB is here: You can find even more details in my blog post at Thanks in advance Philipp -------------- next part -------------- An HTML attachment was scrubbed... URL: From pmhahn at pmhahn.de Thu Jul 28 12:42:30 2022 From: pmhahn at pmhahn.de (Philipp Hahn) Date: Thu, 28 Jul 2022 13:42:30 +0200 Subject: [Pkg-samba-maint] APT dependency resolver: Missing python3-ldb Breaks: libldb2 ? In-Reply-To: <80a58764dabb4f7bacada8dac132f227@richard-wolf.com> References: <7c839890-3def-5983-be60-58a2c4ae7829@pmhahn.de> <80a58764dabb4f7bacada8dac132f227@richard-wolf.com> Message-ID: <4d5cfd35-9fa7-1c22-8f97-23f977d87860@pmhahn.de> Hello Andr?, Am 26.07.22 um 10:49 schrieb Wagner Andre: > I think your problem is quite similar to the problem Michael reported on > phoronix: https://www.phoronix.com/news/Ubuntu-22.04-APT-Breaks-Things > > > An Ubuntu 22.04 LTS Fix Is Coming For A Very Annoying & Serious APT > Problem - Phoronix > > In the article it was also mentioned that a fix is ready. Hope this helps. Excellent find, looks very much like my problem. Thank you for the link. And thank you to the APT team for that great tool and also having it fixed already :-) Philipp From carnil at debian.org Sun Jul 31 20:38:47 2022 From: carnil at debian.org (Salvatore Bonaccorso) Date: Sun, 31 Jul 2022 21:38:47 +0200 Subject: [Pkg-samba-maint] Bug#1016449: samba: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 Message-ID: <165929632702.160090.5934400046804716727.reportbug@eldamar.lan> Source: samba Version: 2:4.16.3+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team Hi, The following vulnerabilities were published for samba. CVE-2022-2031[0]: | Samba AD users can bypass certain restrictions associated with | changing passwords CVE-2022-32742[1]: | Server memory information leak via SMB1 CVE-2022-32744[2]: | Samba AD users can forge password change requests for any user CVE-2022-32745[3]: | Samba AD users can crash the server process with an LDAP add or modify | request CVE-2022-32746[4]: | Samba AD users can induce a use-after-free in the server process | with an LDAP add or modify request If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 [1] https://security-tracker.debian.org/tracker/CVE-2022-32742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 [2] https://security-tracker.debian.org/tracker/CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 [3] https://security-tracker.debian.org/tracker/CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 [4] https://security-tracker.debian.org/tracker/CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 Please adjust the affected versions in the BTS as needed. Regards, Salvatore