[Pkg-samba-maint] [Git][samba-team/samba][mjt-4.16] 7 commits: d/changelog: start of 4.16
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Thu Mar 24 13:24:55 GMT 2022
Michael Tokarev pushed to branch mjt-4.16 at Debian Samba Team / samba
Commits:
75d71a45 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/changelog: start of 4.16
- - - - -
08db2646 by Michael Tokarev at 2022-03-24T15:07:35+03:00
refresh patches (reduce context in ctdb.conf), comment out add-so-version-to-private-libraries for now
- - - - -
3a162b8f by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/control: update required versions (talloc=2.3.3,tdb=1.4.6,tevent=0.11.0,ldb=2.5.0)
- - - - -
caacc012 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/control: add myself to Uploaders
- - - - -
8eabb514 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/rules: --with-dnsupdate has been consolidated with --with-ads
- - - - -
34dd6171 by Michael Tokarev at 2022-03-24T15:07:37+03:00
d/control: add python3-markdown to build-depends
- - - - -
5c0c5b14 by Michael Tokarev at 2022-03-24T15:12:20+03:00
d/control: add libjson-perl to build-depends (needed for heimdal)
- - - - -
8 changed files:
- debian/changelog
- debian/control
- − debian/patches/Rename-mdfind-to-mdsearch.patch
- debian/patches/ctdb-config-enable-syslog-by-default.patch
- debian/patches/heimdal-rfc3454.txt
- debian/patches/series
- − debian/patches/trusted_domain_fix_v4.13.patch
- debian/rules
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,22 @@
+samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
+
+ * New upstream major release.
+ Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
+ Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
+ Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
+ the outside target of a symlink exists
+ Closes: #1005642 (windows client data corruption due to cache poisoning)
+ * Notable changes in 4.16 series compared to 4.13:
+ - modular VFS (see The_New_VFS.txt)
+ - publishing printers in AD is more complete
+ - group policies for winbindd cilents (like linux systems)
+ - certificate auto enrollement in AD group policy
+ - large list of improvements in samba-tool
+ - SMB1 protocol has been deprecated, some subcommands has been removed
+ - more consistend options/subcommands in samba commands
+
+ -- Michael Tokarev <mjt at tls.msk.ru> Thu, 24 Mar 2022 13:54:07 +0300
+
samba (2:4.13.14+dfsg-1) unstable; urgency=high
* New upstream security release in order to address the following defects:
=====================================
debian/control
=====================================
@@ -5,7 +5,8 @@ Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Uploaders: Steve Langasek <vorlon at debian.org>,
Jelmer Vernooij <jelmer at debian.org>,
Mathieu Parent <sathieu at debian.org>,
- Andrew Bartlett <abartlet+debian at catalyst.net.nz>
+ Andrew Bartlett <abartlet+debian at catalyst.net.nz>,
+ Michael Tokarev <mjt at tls.msk.ru>
Homepage: https://www.samba.org
Standards-Version: 4.5.1
Build-Depends: bison,
@@ -31,8 +32,9 @@ Build-Depends: bison,
libgpgme11-dev,
libicu-dev,
libjansson-dev,
+ libjson-perl,
libldap2-dev,
- libldb-dev (>= 2:2.2.3~),
+ libldb-dev (>= 2:2.5.0~),
libncurses5-dev,
libpam0g-dev,
libparse-yapp-perl,
@@ -41,11 +43,11 @@ Build-Depends: bison,
librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el ppc64 s390x x32],
libreadline-dev,
libsystemd-dev [linux-any],
- libtalloc-dev (>= 2.3.1~),
+ libtalloc-dev (>= 2.3.3~),
libtasn1-6-dev (>= 3.8),
libtasn1-bin,
- libtdb-dev (>= 1.4.3~),
- libtevent-dev (>= 0.10.2~),
+ libtdb-dev (>= 1.4.6~),
+ libtevent-dev (>= 0.11.0~),
liburing-dev [linux-any],
perl,
pkg-config,
@@ -53,10 +55,11 @@ Build-Depends: bison,
python3-dev,
python3-dnspython,
python3-etcd,
- python3-ldb (>= 2:2.2.3~),
- python3-ldb-dev (>= 2:2.2.3~),
- python3-talloc-dev (>= 2.3.1~),
- python3-tdb (>= 1.4.3~),
+ python3-ldb (>= 2:2.5.0~),
+ python3-ldb-dev (>= 2:2.5.0~),
+ python3-markdown,
+ python3-talloc-dev (>= 2.3.3~),
+ python3-tdb (>= 1.4.6~),
python3-testtools,
python3,
xfslibs-dev [linux-any],
=====================================
debian/patches/Rename-mdfind-to-mdsearch.patch deleted
=====================================
@@ -1,184 +0,0 @@
-From 32d876c6fa18cfbd2f81823c122a9eb5c50a6313 Mon Sep 17 00:00:00 2001
-From: Mathieu Parent <math.parent at gmail.com>
-Date: Sat, 4 Jul 2020 23:16:40 +0200
-Subject: [PATCH] Rename mdfind to mdsearch
-
-GNUstep as an mdfind binary, and both should be co-instalable.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=14431
-
-Signed-off-by: Mathieu Parent <math.parent at gmail.com>
----
- docs-xml/manpages/{mdfind.1.xml => mdsearch.1.xml} | 10 +++++-----
- docs-xml/wscript_build | 2 +-
- python/samba/tests/blackbox/{mdfind.py => mdsearch.py} | 10 +++++-----
- source3/rpc_server/mdssvc/es_mapping.c | 2 +-
- source3/utils/{mdfind.c => mdsearch.c} | 2 +-
- source3/utils/wscript_build | 4 ++--
- source4/selftest/tests.py | 2 +-
- 7 files changed, 16 insertions(+), 16 deletions(-)
- rename docs-xml/manpages/{mdfind.1.xml => mdsearch.1.xml} (94%)
- rename python/samba/tests/blackbox/{mdfind.py => mdsearch.py} (93%)
- rename source3/utils/{mdfind.c => mdsearch.c} (98%)
-
-diff --git a/docs-xml/manpages/mdfind.1.xml b/docs-xml/manpages/mdsearch.1.xml
-similarity index 94%
-rename from docs-xml/manpages/mdfind.1.xml
-rename to docs-xml/manpages/mdsearch.1.xml
-index 0deef066059..c75d1f045f0 100644
---- a/docs-xml/manpages/mdfind.1.xml
-+++ b/docs-xml/manpages/mdsearch.1.xml
-@@ -1,9 +1,9 @@
- <?xml version="1.0" encoding="iso-8859-1"?>
- <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
--<refentry id="mdfind.1">
-+<refentry id="mdsearch.1">
-
- <refmeta>
-- <refentrytitle>mdfind</refentrytitle>
-+ <refentrytitle>mdsearch</refentrytitle>
- <manvolnum>1</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">User Commands</refmiscinfo>
-@@ -11,7 +11,7 @@
- </refmeta>
-
- <refnamediv>
-- <refname>mdfind</refname>
-+ <refname>mdsearch</refname>
- <refpurpose>Run Spotlight searches against an SMB server</refpurpose>
- </refnamediv>
-
-@@ -32,7 +32,7 @@
- <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry> suite.</para>
-
-- <para>mdfind is a simple utility to run Spotlight searches against an SMB server
-+ <para>mdsearch is a simple utility to run Spotlight searches against an SMB server
- that runs the Spotlight <emphasis>mdssvc</emphasis> RPC service.</para>
- </refsect1>
-
-@@ -143,6 +143,6 @@
- Andrew Tridgell. Samba is now developed by the Samba Team as an Open
- Source project similar to the way the Linux kernel is developed.</para>
-
-- <para>The mdfind manpage was written by Ralph Boehme.</para>
-+ <para>The mdsearch manpage was written by Ralph Boehme.</para>
- </refsect1>
- </refentry>
-diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
-index dc5f31459e7..37094147e0b 100644
---- a/docs-xml/wscript_build
-+++ b/docs-xml/wscript_build
-@@ -19,7 +19,7 @@ manpages='''
- manpages/libsmbclient.7
- manpages/lmhosts.5
- manpages/log2pcap.1
-- manpages/mdfind.1
-+ manpages/mdsearch.1
- manpages/mvxattr.1
- manpages/net.8
- manpages/nmbd.8
-diff --git a/python/samba/tests/blackbox/mdfind.py b/python/samba/tests/blackbox/mdsearch.py
-similarity index 93%
-rename from python/samba/tests/blackbox/mdfind.py
-rename to python/samba/tests/blackbox/mdsearch.py
-index 5c1c0c3d155..8da5a49e136 100644
---- a/python/samba/tests/blackbox/mdfind.py
-+++ b/python/samba/tests/blackbox/mdsearch.py
-@@ -1,5 +1,5 @@
- #
--# Blackbox tests for mdfind
-+# Blackbox tests for mdsearch
- #
- # Copyright (C) Ralph Boehme 2019
- #
-@@ -17,7 +17,7 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
- #
-
--"""Blackbox test for mdfind"""
-+"""Blackbox test for mdsearch"""
-
- import os
- import time
-@@ -95,8 +95,8 @@ class MdfindBlackboxTests(BlackboxTestCase):
- self.server.server_activate()
- self.server.serve_forever()
-
-- def test_mdfind(self):
-- """Simple blackbox test for mdfind"""
-+ def test_mdsearch(self):
-+ """Simple blackbox test for mdsearch"""
-
- username = os.environ["USERNAME"]
- password = os.environ["PASSWORD"]
-@@ -123,7 +123,7 @@ class MdfindBlackboxTests(BlackboxTestCase):
- self.server.json_in = json_in.replace("%BASEPATH%", self.sharepath)
- self.server.json_out = json_out.replace("%BASEPATH%", self.sharepath)
-
-- output = self.check_output("mdfind -s %s -U %s%%%s fileserver spotlight '*==\"samba*\"'" % (config, username, password))
-+ output = self.check_output("mdsearch -s %s -U %s%%%s fileserver spotlight '*==\"samba*\"'" % (config, username, password))
-
- actual = output.decode('utf-8').splitlines()
- expected = ["%s/%s" % (self.sharepath, file) for file in testfiles]
-diff --git a/source3/rpc_server/mdssvc/es_mapping.c b/source3/rpc_server/mdssvc/es_mapping.c
-index 5c71e503bf5..e55a0768d47 100644
---- a/source3/rpc_server/mdssvc/es_mapping.c
-+++ b/source3/rpc_server/mdssvc/es_mapping.c
-@@ -41,7 +41,7 @@
- * search term, the corresponding Spotlight query and the final string that gets
- * sent to the target Elasticsearch server.
- *
-- * string | mdfind | http
-+ * string | mdsearch | http
- * -------+--------+------
- * x!x x!x x\\!x
- * x&x x&x x\\&x
-diff --git a/source3/utils/mdfind.c b/source3/utils/mdsearch.c
-similarity index 98%
-rename from source3/utils/mdfind.c
-rename to source3/utils/mdsearch.c
-index 2f952c29b4f..df146063508 100644
---- a/source3/utils/mdfind.c
-+++ b/source3/utils/mdsearch.c
-@@ -90,7 +90,7 @@ int main(int argc, char **argv)
- long_options,
- POPT_CONTEXT_KEEP_FIRST);
-
-- poptSetOtherOptionHelp(pc, "mdfind [OPTIONS] <server> <share> <query>\n");
-+ poptSetOtherOptionHelp(pc, "mdsearch [OPTIONS] <server> <share> <query>\n");
-
- while ((opt = poptGetNextOpt(pc)) != -1) {
- DBG_ERR("Invalid option %s: %s\n",
-diff --git a/source3/utils/wscript_build b/source3/utils/wscript_build
-index 6157cac9050..3393111ccfc 100644
---- a/source3/utils/wscript_build
-+++ b/source3/utils/wscript_build
-@@ -312,8 +312,8 @@ bld.SAMBA3_BINARY('smbstatus',
- CONN_TDB
- ''')
-
--bld.SAMBA3_BINARY('mdfind',
-- source='mdfind.c',
-+bld.SAMBA3_BINARY('mdsearch',
-+ source='mdsearch.c',
- deps='''
- talloc
- tevent
-diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
-index 3a903a7eee0..d16fb02f43c 100755
---- a/source4/selftest/tests.py
-+++ b/source4/selftest/tests.py
-@@ -929,7 +929,7 @@ planoldpythontestsuite("ad_dc_ntvfs",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
- planoldpythontestsuite("none", "samba.tests.loadparm")
- planoldpythontestsuite("fileserver",
-- "samba.tests.blackbox.mdfind",
-+ "samba.tests.blackbox.mdsearch",
- extra_args=['-U"$USERNAME%$PASSWORD"'])
- planoldpythontestsuite("fileserver",
- "samba.tests.blackbox.smbcacls_basic")
---
-2.26.2
-
=====================================
debian/patches/ctdb-config-enable-syslog-by-default.patch
=====================================
@@ -22,18 +22,16 @@ Signed-off-by: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Author: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Bug-Debian: https://bugs.debian.org/929931
Bug-Ubuntu: https://bugs.launchpad.net/bugs/722201
-Last-Update: 2018-06-27
+Last-Update: 2022-03-24
---
ctdb/config/ctdb.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ctdb/config/ctdb.conf b/ctdb/config/ctdb.conf
-index 5440600a4..cde24280e 100644
+index 8e1b3760973..def0803578f 100644
--- a/ctdb/config/ctdb.conf
+++ b/ctdb/config/ctdb.conf
-@@ -5,10 +5,10 @@
-
- [logging]
+@@ -7,6 +7,6 @@
# Enable logging to syslog
- # location = syslog
+ location = syslog
@@ -42,8 +40,3 @@ index 5440600a4..cde24280e 100644
- # log level = NOTICE
+ log level = NOTICE
- [cluster]
- # Shared recovery lock file to avoid split brain. Daemon
---
-2.20.1
-
=====================================
debian/patches/heimdal-rfc3454.txt
=====================================
@@ -3,16 +3,16 @@ Subject: Patch in symbol table from rfc3454, for Heimdal scripts
Status: cherry-picked from heimdal package
---
- source4/heimdal/lib/wind/rfc3454.txt-table | 7074 ++++++++++++++++++++++++++++
- source4/heimdal_build/wscript_build | 6 +-
+ third_party/heimdal/lib/wind/rfc3454.txt-table | 7074 ++++++++++++++++++++++++++++
+ third_party/heimdal_build/wscript_build | 6 +-
2 files changed, 7077 insertions(+), 3 deletions(-)
create mode 100644 source4/heimdal/lib/wind/rfc3454.txt-table
-diff --git a/source4/heimdal/lib/wind/rfc3454.txt-table b/source4/heimdal/lib/wind/rfc3454.txt-table
+diff --git a/third_party/heimdal/lib/wind/rfc3454.txt-table b/third_party/heimdal/lib/wind/rfc3454.txt-table
new file mode 100644
index 0000000..5bef0b5
--- /dev/null
-+++ b/source4/heimdal/lib/wind/rfc3454.txt-table
++++ b/third_party/heimdal/lib/wind/rfc3454.txt-table
@@ -0,0 +1,7074 @@
+ ----- Start Table A.1 -----
+
@@ -7088,10 +7088,10 @@ index 0000000..5bef0b5
+
+ ----- End Table D.2 -----
+
-diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
+diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
index 2072be4..c93bdb8 100644
---- a/source4/heimdal_build/wscript_build
-+++ b/source4/heimdal_build/wscript_build
+--- a/third_party/heimdal_build/wscript_build
++++ b/third_party/heimdal_build/wscript_build
@@ -842,7 +842,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name="HEIMDAL_ERRORLIST",
=====================================
debian/patches/series
=====================================
@@ -4,10 +4,8 @@ README_nosmbldap-tools.patch
smbclient-pager.patch
usershare.patch
VERSION.patch
-add-so-version-to-private-libraries
heimdal-rfc3454.txt
+#add-so-version-to-private-libraries
smbd.service-Run-update-apparmor-samba-profile-befor.patch
fix-nfs-service-name-to-nfs-kernel-server.patch
-Rename-mdfind-to-mdsearch.patch
ctdb-config-enable-syslog-by-default.patch
-trusted_domain_fix_v4.13.patch
=====================================
debian/patches/trusted_domain_fix_v4.13.patch deleted
=====================================
@@ -1,39 +0,0 @@
-From 21ee75079ec354e2e5ba3252cdc63be4da059413 Mon Sep 17 00:00:00 2001
-From: Andrew Walker <awalker at ixsystems.com>
-Date: Tue, 9 Nov 2021 13:46:45 -0500
-Subject: [PATCH] s3/winbindd/winbindd_util - fix "allow trusted domains"
-
-At bypass for BUILTIN (S-1-5-32) domain if
-"allow trusted domains" is disabled.
----
- source3/winbindd/winbindd_util.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
-index 1ae4a8d3ca3..20f13fcaa21 100644
---- a/source3/winbindd/winbindd_util.c
-+++ b/source3/winbindd/winbindd_util.c
-@@ -125,13 +125,19 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
- struct winbindd_domain *domain = NULL;
- int role = lp_server_role();
- struct dom_sid_buf buf;
-+ bool is_builtin = false;
-
- if (is_null_sid(sid)) {
- DBG_ERR("Got null SID for domain [%s]\n", domain_name);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-- if (!is_allowed_domain(domain_name)) {
-+ if (strequal(domain_name, "BUILTIN") &&
-+ sid_check_is_builtin(sid)) {
-+ is_builtin = True;
-+ }
-+
-+ if (!is_builtin && !is_allowed_domain(domain_name)) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
-
---
-2.26.2
-
=====================================
debian/rules
=====================================
@@ -53,7 +53,6 @@ conf_args = \
--with-automount \
--with-ldap \
--with-ads \
- --with-dnsupdate \
--with-gpgme \
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/c77abd3a5585b6c5fb9419cfa34fd4e7a6b4d5e7...5c0c5b148c2bf6fe6c9b1fdbc8b150e2d6f5080f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/c77abd3a5585b6c5fb9419cfa34fd4e7a6b4d5e7...5c0c5b148c2bf6fe6c9b1fdbc8b150e2d6f5080f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220324/34a8d31a/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list