[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.22] 30 commits: VERSION: Bump version up to Samba 4.22.2...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Thu Jun 5 17:36:00 BST 2025
Michael Tokarev pushed to branch upstream_4.22 at Debian Samba Team / samba
Commits:
46d661f5 by Jule Anger at 2025-04-17T19:10:45+02:00
VERSION: Bump version up to Samba 4.22.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
c9064d23 by Pavel Filipenský at 2025-05-08T11:50:14+00:00
lib/krb5_wrap: Fix placement of TALLOC_FREE(frame)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15727
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Apr 23 12:14:17 UTC 2025 on atb-devel-224
(cherry picked from commit b5bd36dfd7dfd9a09a3f9378330df3be9db4551f)
- - - - -
501f32ea by Anoop C S at 2025-05-08T11:50:14+00:00
vfs_ceph_snapshots: Use full path from dirfsp at smb_fname
In ceph_snap_gmt_openat() we hand in the incoming smb_fname as it is
to ceph_snap_gmt_strip_snapshot() which is then passed on to derive
the actual snapshot path using ceph_snap_gmt_convert(). But this can
go wrong in ceph_snap_gmt_convert_dir() while opening the snapdir.
Unless we constitute the full path from dirfsp at the first place we
always end up opening the snapdir from the parent directory with
OpenDir().
For example with dirfsp("foobar") and smb_fname("shift.txt"), we open
snapdir from share root because parent is calculated as empty string
via ceph_snap_get_parent_path(). Instead we could construct the full
path from dirfsp using full_path_from_dirfsp_atname() to ensure we
don't open the wrong snapdir.
Since we have access to the twrp token at VFS layer it doesn't make
much sense to make use of ceph_snap_gmt_strip_snapshot() in openat.
We could instead directly act based on already available twrp token
avoiding an extra copy of incoming smb_filename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15819
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: David Disseldorp ddiss at samba.org
(cherry picked from commit ad8b2dbb67d87db22f2fa2df814dd91cbe071e60)
- - - - -
77e490b0 by Anoop C S at 2025-05-08T12:54:02+00:00
vfs_ceph_snapshots: Always calculate absolute snapshot path
Use the same logic from shadow_copy2 module to always prepend the
connectpath to the relative snapshot path so as to return converted
path corresponding to the file's share root.
Please note that with the current working directory staying at the
connectpath level we are safe to prefix it to the smb_filename. In
other words it seems we never get past the connectpath internally
during normal file system operations via chdir(). Since all relative
paths are now based on dirfsp we could constitute absolute path by
prepending the connectpath to full_path_from_dirfsp_atname() output
ignoring the current working directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15819
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Wed Apr 30 11:32:59 UTC 2025 on atb-devel-224
(cherry picked from commit 95a2b50b1983a6ba810a96f50b27db7c992c02c0)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu May 8 12:54:02 UTC 2025 on atb-devel-224
- - - - -
6f21f952 by Stefan Metzmacher at 2025-05-08T14:04:08+00:00
s3:rpc_server: make sure we can bind to the same port on all ip addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15851
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 783ca9dc434bd1d18b762185ee936fcbcf292124)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu May 8 14:04:08 UTC 2025 on atb-devel-224
- - - - -
b0a66c42 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Avoid aborting during early shutdown
An early shutdown can put ctdbd into SHUTDOWN runstate before ctdbd
has completed all early initialisation. Some of the start-time
transitions then attempt to set the runstate to FIRST_RECOVERY or
RUNNING, which would make the runstate go backwards, so ctdbd aborts.
Upcoming changes cause ctdbd shutdown to take longer, so the problem
will become more likely. With those changes, this can be
unreliably (50% of the time?) triggered by:
ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh
since it does an early shutdown due to a version mismatch.
Avoid this by noticing when the runstate is SHUTDOWN and refusing to
continue with subsequent early initialisation steps, which aren't
needed when shutting down.
Earlier runstate transitions do not seems likely to cause an abort
during early shutdown. The following:
./tests/local_daemons.sh foo start 0; ./tests/local_daemons.sh foo stop 0
sees ctdbd already into FIRST_RECOVERY before the shutdown is
processed.
The change to ctdb_run_startup() probably isn't strictly necessary.
There will be no abort in this case. ctdb_shutdown_sequence() will
always run the "shutdown" event and then stop the event daemon, so it
doesn't seem possible that services could be left running. However,
we might as well avoid running the "startup" event when shutting down,
even if only to avoid confusing logs.
Ultimately, it seems like some redesign would be needed to avoid this
in a more predictable manner, rather than responding when an early
initialisation step inconveniently completes during shutdown. For
example, hanging a lot of the start-time event handling off a common
talloc context, could allow it to be cancelled with a single
TALLOC_FREE(). However, a change like that would involve a lot of
analysis to ensure that the talloc hierarchy is correct and there is
no change of free'd pointers being dereferenced. So, we're probably
better off just keeping this issue in mind during a broader redesign.
This workaround appears to be sufficient.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit c03e6b9d50cac67fe33dc6b120996d1915331be6)
- - - - -
ee3415e3 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-protocol: Add CTDB server SRVID range
Normally, communication from other components to ctdbd is done via
controls. However, there are contexts where receiving SRVID messages
in ctdbd makes sense, such as replies to outgoing SRVID messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 631d1d38ad10c73aa559561bea6b5ed45c2226c4)
- - - - -
9e4b88f8 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Add failover on shutdown
Without this, NFS servers on other nodes will not go into grace before
this node releases locks. This should also support improved behaviour
for SMB durable file handles.
The timeout is currently a constant 10s. However, it will
subsequently be switched to an option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit b84fbd7b3fedc998633400981ce0c5dc963d052e)
- - - - -
8b49433a by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Add configuration option shutdown failover timeout
Allows the timeout for failover during shutdown to be modified.
Defaults to 10s.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
SQ
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit dd9b73119afd3a0c60c87c938b5aefc766ca78d2)
- - - - -
302af7a9 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Run "startipreallocate" event in SHUTDOWN runstate
Even though all nodes may be shutting down there is still a very small
window for a race when multiple nodes are shut down. For simplicity,
assume 2 nodes. Assume the shutdowns of nodes are staggered, which is
usual because they're usually initiated by a loop (e.g. onnode -p all
ctdb shutdown). Although commands can continue in parallel, some
commands are started later than others.
Consider this sequence:
1. Node 0 reaches ctdb_shutdown_takeover() in
ctdb_shutdown_sequence() and a takeover run starts
2. Node 1 has not yet set its runlevel to SHUTDOWN in
ctdb_shutdown_sequence()
3. The leader node asks node 1 which IPs it can host
4. Node 1 replies "all of them"
5. Node 1 now sets its runlevel to SHUTDOWN in
ctdb_shutdown_sequence()
6. The leader node continues with the takeover run, first asking all
nodes to run "startipreallocate"
7. Node 0 runs "startipreallocate", so its NFS server starts grace
8. Node 1 does not run "startipreallocate" because it is not in
RUNNING runstate, so its NFS server does not start grace
9. The leader node continues with the takeover run, first asking all
nodes to run "releaseip" for IPs they can no longer hold
10. Node 0 releases all IPs, since it is SHUTDOWN runstate (so can't
host IPs)
11. As part of this, the NFS server on node 0 releases locks held
against IPs it is releasing
12. A client connected to node 1, where the NFS server is not in
grace, takes ("steals") one of those locks
This client is then permitted to reclaim the lock when nodes are
restarted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 4877541cfd8f782f516f6471edc52629720963fb)
- - - - -
64e92bc9 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Add configuration option shutdown extra timeout
See documentation change for details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 3a770c8d46934870f42059640b0aaa0c76a3f4fb)
- - - - -
0c47b4e7 by Martin Schwenke at 2025-06-05T10:57:15+00:00
ctdb-daemon: Modernise some DEBUGs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu May 29 10:57:35 UTC 2025 on atb-devel-224
(cherry picked from commit 5a582bddd834fffe2b27cc8b2e9468fa84dfc6f2)
- - - - -
b58ffb3b by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbtorture: remove unused torture_lease_ignore_handler()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit e1a38cd3f9f5665c9f7dd202fec1c7ec72fa419c)
- - - - -
0939ddae by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbtorture: make torture_lease_break_callback() static
It's only used in this compilation unit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 56fe5e8ef192f38b928eed9b454709242f02699e)
- - - - -
31f4023c by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbtorture: add support for closing a handle when receiving a lease break
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit d88885b77cd9d86969eac2cd2010ed31e329106a)
- - - - -
edd94c6d by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbtorture: add test smb2.dirlease.rename_dst_parent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit a2827f4d6d8b56de08adaee35a051022f255769e)
- - - - -
e23cddcc by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbtorture: fix test smb2.notify-inotify.inotify-rename
Need to remove SEC_STD_DELETE from the access mask, otherwise we can't move
files into this directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 8b346857b837259c017b47cb6a935ed54afc8c60)
- - - - -
4c62ed11 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: expand logging in contend_dirleases()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 509081e7ed064899701a9e53b1597c33bcf5b77d)
- - - - -
b171beb8 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: support breaking leases on an object where we don't have an own internal open
So far, when dealing with the rename destination, we had an internal open on
that which ensured get_existing_share_mode_lock() would always return a
lock.
Subsequently I'll want delay_for_handle_lease_break_send() to be callable on an
object that doesn't have a full internal open including locking.tdb entry, but
merely an open handle from filename_convert_dirfsp().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 03c46342e2a65e6d81bd581471310c0ec2cbbdfb)
- - - - -
2b8ac687 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: add has_delete_access_opens()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 1351b613679acb063d7ef8bc63d438e1ec973a9a)
- - - - -
4874eb99 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: add access_mask to delay_for_handle_lease_break_send()
No change in behaviour, existing caller all pass SEC_RIGHTS_DIR_ALL. Prepares
for selectively breaking only H-leases if the access_mask of the corresponding
open contains DELETE_ACCESS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 5d4565c1f974b75a1c080f4503613201ecaf7001)
- - - - -
9b651c01 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: implement H-lease breaks on parent directory of rename target
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 91b7a5e7ac308040bd60a172280e4429ee25f3b0)
- - - - -
44811da2 by Ralph Boehme at 2025-06-05T10:57:15+00:00
selftest: stop running smb2.streams against "ad_dc" environment
Drop running smb2.streams tests against the "ad_dc" environment, to simplify
test failure handling with the knownfail file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 8c0888a94bbcd55b5746305ab82c9ce50095db32)
- - - - -
4cc5ed62 by Ralph Boehme at 2025-06-05T10:57:15+00:00
selftest: stop running smb2.streams against the ad_dc_ntvfs
This will soon start failing with
UNEXPECTED(failure): samba4.smb2.streams.rename2(ad_dc_ntvfs)
REASON: Exception: Exception: ../../source4/torture/smb2/streams.c:1533: status was NT_STATUS_OBJECT_NAME_COLLISION, expected NT_STATUS_OK: CHECK_STATUS
and I don't see the point in tracking this down for a dead product.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 69a7d5881bd0d91d270b4a8be4c75dcd94f19897)
- - - - -
0527b007 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: remove parent_dirname_compatible_open()
This is now handled correctly smbd_smb2_setinfo_rename_dst_parent_check().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
(cherry picked from commit 17ed8c0f9a0ab8b4b7feb213b4e3a0765f8cc0cd)
- - - - -
43698c83 by Ralph Boehme at 2025-06-05T10:57:15+00:00
smbd: use fsp->name_hash in check_parent_access_fsp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed May 28 16:03:59 UTC 2025 on atb-devel-224
(backported from commit 9b9fc589e55d467c97fd4580c2d6d9aa8cb73b13)
[slow at samba.org: removed write_time arg to get_file_infos() in master]
- - - - -
baea7672 by Ralph Boehme at 2025-06-05T11:55:52+00:00
CVE-2025-0620: smbd: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15707
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6f0ae60428a024b4aba92a8103a698c1eca2357c)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Jun 5 11:55:52 UTC 2025 on atb-devel-224
- - - - -
2fbf88cb by Jule Anger at 2025-06-05T17:34:47+02:00
WHATSNEW: Add release notes for Samba 4.22.2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
64a23714 by Jule Anger at 2025-06-05T17:35:40+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.22.2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3cd671ca by Michael Tokarev at 2025-06-05T18:59:31+03:00
New upstream version 4.22.2+dfsg
- - - - -
32 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/conf/ctdb_config.c
- ctdb/conf/ctdb_config.h
- ctdb/conf/failover_conf.c
- ctdb/conf/failover_conf.h
- ctdb/doc/ctdb.conf.5.xml
- ctdb/protocol/protocol.h
- ctdb/server/ctdb_daemon.c
- ctdb/server/ctdb_monitor.c
- ctdb/server/ctdb_takeover.c
- ctdb/tests/UNIT/cunit/config_test_001.sh
- lib/krb5_wrap/krb5_samba.c
- selftest/knownfail
- source3/modules/vfs_ceph_snapshots.c
- source3/rpc_server/rpc_sock_helper.c
- source3/selftest/tests.py
- source3/smbd/close.c
- source3/smbd/conn.c
- source3/smbd/open.c
- source3/smbd/proto.h
- source3/smbd/smb2_close.c
- source3/smbd/smb2_oplock.c
- source3/smbd/smb2_reply.c
- source3/smbd/smb2_setinfo.c
- source3/smbd/smbXsrv_session.c
- source4/selftest/tests.py
- source4/torture/smb2/lease.c
- source4/torture/smb2/lease_break_handler.c
- source4/torture/smb2/lease_break_handler.h
- source4/torture/smb2/notify.c
- source4/torture/smb2/streams.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/4723b0912ae715d7487d9e4337b74aad9af17201...3cd671ca38b2b7e97ff1e673324cf87c1be9bd11
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/4723b0912ae715d7487d9e4337b74aad9af17201...3cd671ca38b2b7e97ff1e673324cf87c1be9bd11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20250605/e94c6a8a/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list