[Pkg-samba-maint] [Git][samba-team/samba][debian_4.21] 32 commits: VERSION: Bump version up to Samba 4.21.8...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Tue Sep 9 17:21:46 BST 2025
Michael Tokarev pushed to branch debian_4.21 at Debian Samba Team / samba
Commits:
693e4eaf by Jule Anger at 2025-07-07T18:08:04+02:00
VERSION: Bump version up to Samba 4.21.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b542e354 by Andreas Schneider at 2025-07-31T13:39:13+00:00
third_party: Update socket_wrapper to version 1.4.4
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 23 11:28:32 UTC 2025 on atb-devel-224
(cherry picked from commit 2c44022c512e302e8a3787ca17188213f112e182)
- - - - -
f6381830 by Jule Anger at 2025-07-31T13:39:13+00:00
WHATSNEW: fix typo
Found by script/codespell.sh.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
04913d3a by Aleksandr Sharov at 2025-07-31T14:51:55+00:00
Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link
Singed-off-by: Alex Sharov (kororland at gmail.com)
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
(cherry picked from commit 44ee31c0258b0afb3d3f2ce17942cc86e308a690)
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Thu Jul 31 14:51:55 UTC 2025 on atb-devel-224
- - - - -
56b975c4 by Stefan Metzmacher at 2025-08-06T08:08:10+00:00
s3:conncache: improve debugging for the negative connection cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 613ac83fb7666f5b132187d5587053e0d7dcd46d)
- - - - -
23eeafe4 by Stefan Metzmacher at 2025-08-06T08:08:10+00:00
winbindd: always use winbind_add_failed_connection_entry() wrapper
We should not use add_failed_connection_entry() directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7fed75c495ead8f476c805b91cc6624ebf933427)
- - - - -
49948686 by Stefan Metzmacher at 2025-08-06T08:08:10+00:00
winbindd: blacklist servers returning ACCESS_DENIED/authoritative=0
https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit ce80451f3af4418d1c83be009b58b3824c071cae)
- - - - -
2994369b by Stefan Metzmacher at 2025-08-06T08:08:10+00:00
s3:libads: let cldap_ping_list() check for a blacklisted server name
If we black listed a server we should not use it even if
it responses to CLDAP requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 08c8760ad9706b62755e35acaa121647344a4c9e)
- - - - -
a9250ab5 by Stefan Metzmacher at 2025-08-06T08:08:10+00:00
s3:libads: let get_kdc_ip_string() check for a blacklisted server name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 63051a2dcbe3a4a07f029e0c18aa90bd3f56b0a4)
- - - - -
e5637650 by Ralph Boehme at 2025-08-06T08:08:10+00:00
s3/libads: get rid of additional loop calling add_failed_connection_entry()
Just call add_failed_connection_entry() in the initial loop at all places where
we have a "bad" result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit a397801598eef4b0381a64a37af1845e9e85a50f)
- - - - -
a0bf6a94 by Ralph Boehme at 2025-08-06T08:08:10+00:00
libads: check for DCs in paused state in ads_try_connect()
Similar to d3000d7df09de724694aa0682b9750b8c7767514 in master, 4.21 doesn't have
netlogon_pings().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
ad604bb4 by Ralph Boehme at 2025-08-06T08:08:10+00:00
s3/libsmb: check command in make_dc_info_from_cldap_reply()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 5217bd1a2334825fed32f40c57f72464d126aac0)
- - - - -
4750b7b5 by Ralph Boehme at 2025-08-06T08:08:10+00:00
s3/libsmb: check the negative-conn-cache in resolve_ads()
This way we throw away blacklisted servers right away when learning about them
from the DNS SRV query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 30 10:10:21 UTC 2025 on atb-devel-224
(cherry picked from commit c1ee6fe9a489a8923d607e14d26768935a398849)
- - - - -
d9fc8dc0 by Günther Deschner at 2025-08-06T08:08:10+00:00
s3-selftest: add tests for "net ads kerberos" commands
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 18d0574a0fe4b5fd468f949cfaa507ab4519c9e6)
- - - - -
9ca7d637 by Günther Deschner at 2025-08-06T09:29:29+00:00
s3-net: fix "net ads kerberos" krb5ccname handling
We can only rely on KRB5CCNAME being set, --use-krb5-ccname content is
not available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Jul 24 17:31:14 UTC 2025 on atb-devel-224
(cherry picked from commit 8a97afdae788e8d10a51035f8b287dc00293f90d)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Wed Aug 6 09:29:29 UTC 2025 on atb-devel-224
- - - - -
a8e2ea60 by Pavel Filipenský at 2025-08-06T11:46:17+00:00
s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name(). We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.
The impacted environment has:
domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 4921c3304e5e0480e5bb80a757b3f04b3b92c3b1)
- - - - -
1c6b6494 by Pavel Filipenský at 2025-08-06T11:46:17+00:00
docs-xml: Make smb.conf 'server role' value consistent with ROLE_IPA_DC in libparam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d88268102ade07fab345e04109818d97d8843a14)
- - - - -
7bf2051a by Pavel Filipenský at 2025-08-06T11:46:17+00:00
s3:netlogon: IPA DC is the PDC as well - allow ROLE_IPA_DC in _netr_DsRGetForestTrustInformation()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1dbafcc4e4ff8f39af5ca737b30e9821413dd1f2)
- - - - -
2a52c976 by Pavel Filipenský at 2025-08-06T13:07:38+00:00
s3:utils: Allow ROLE_IPA_DC to allow to use Kerberos in gensec
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 14:51:51 UTC 2025 on atb-devel-224
(cherry picked from commit a4dff82e45308db3ccabac2a55c03d52f04d7b4d)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Wed Aug 6 13:07:38 UTC 2025 on atb-devel-224
- - - - -
c2be2d30 by Volker Lendecke at 2025-08-11T17:21:00+00:00
ctdb: Fix a stuck cluster lock holder after a delayed leader bcast
If a delayed broadcast by a previous cluster lock holder arrives, the
new legitimate leader will accept this without questioning in
leader_handler(). Without this patch rec->leader will never be
overwritten, and because rec->pnn != rec->leader we'll also never send
out fresh leader broadcasts. And because we hold the cluster lock,
nobody else can step up.
Fix this in the next round of leader broadcast timeout.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15892
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Aug 7 02:59:20 UTC 2025 on atb-devel-224
(cherry picked from commit 1a7cfd93432a227a972b34e1eb844134173be7b0)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Aug 11 17:21:00 UTC 2025 on atb-devel-224
- - - - -
2278b631 by Srinivas Rao V at 2025-08-14T09:41:57+00:00
smbd: fix mode being sent to possibly_set_archive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15880
possibly_set_archive is being passed smb_fname->st.st_ex_mode.
Inside the function same variable is getting assigned to itself.
Fixed this to send unx_mode to possibly_set_archive.
Signed-off-by: Srinivas Rao V <Srinivas.Rao.V at ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Jul 18 22:25:05 UTC 2025 on atb-devel-224
(cherry picked from commit 1d1acebf01902bef3a9ccae23c3be4cacbb777b2)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Aug 14 09:41:57 UTC 2025 on atb-devel-224
- - - - -
e71799c9 by Rabinarayan Panigrahi at 2025-08-22T15:56:15+00:00
vfs_virsufilter: Fix the invocation of SMB_VFS_NEXT_CONNECT
virusfilter is failing if path is defined for virusfilter:quarantine
as next module is not initialized by mean time. So rearranged invocation
of SMB_VFS_NEXT_CONNECT call
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15663
Signed-off-by: Rabinarayan Panigrahi <rapanigr at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Jul 21 11:28:12 UTC 2025 on atb-devel-224
(cherry picked from commit 605d4d065cd5951385a744230cf7f159468c02a2)
- - - - -
23667202 by Ralph Boehme at 2025-08-22T15:56:15+00:00
tldap: use tevent_req_set_endtime() to terminate LDAP searches
Needed to detect unresponsive LDAP servers, otherwise we might be sitting up to
924.6 seconds after sending a request before the kernel notifies us of a broken
connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 4e79fe13325385ef4fe37baeec8656c9b332de19)
- - - - -
8910ba21 by Ralph Boehme at 2025-08-22T15:56:15+00:00
idmap_ad: add and use ldap_timeout and fix LDAP server failover
The key parts are:
1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.
2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.
3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 4d69ec473b7be763399c9787eda8e659a1582184)
- - - - -
3ba1c4be by Ralph Boehme at 2025-08-22T15:56:15+00:00
libads: fix get_kdc_ip_string()
Correctly handle the interaction between optionally passed in DC via
pss and DC lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 23f100f67c0586a940e91e9e1e6f42b804401322)
- - - - -
1f8a549e by Ralph Boehme at 2025-08-22T17:03:53+00:00
winbindd: use find_domain_from_name_noinit() in find_dns_domain_name()
Avoid triggering a connection to a DC of a trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 9ad2e59a464bb472da2071c61a254547b6497625)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Fri Aug 22 17:03:53 UTC 2025 on atb-devel-224
- - - - -
81e5b025 by MikeLiu at 2025-09-08T22:04:45+00:00
s3:net: fix "net ads group"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15900
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 4 09:33:27 UTC 2025 on atb-devel-224
(cherry picked from commit 8738fa1cc42d913e3ab2b54fe1e75ca4da37073f)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Sep 8 22:04:45 UTC 2025 on atb-devel-224
- - - - -
fa5a1430 by Jule Anger at 2025-09-09T17:31:42+02:00
WHATSNEW: Add release notes for Samba 4.21.8.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
05debb4b by Jule Anger at 2025-09-09T17:32:30+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.8 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
96f9f175 by Michael Tokarev at 2025-09-09T19:17:39+03:00
New upstream version 4.21.8+dfsg
- - - - -
a64c85e5 by Michael Tokarev at 2025-09-09T19:17:56+03:00
Update upstream source from tag 'upstream/4.21.8+dfsg'
Update to upstream version '4.21.8+dfsg'
with Debian dir 8368897ca46b475f9e2ef4d37507fe700d71d333
- - - - -
2a0302c9 by Michael Tokarev at 2025-09-09T19:20:13+03:00
update changelog; upload version 4.21.8+dfsg-1 to unstable
- - - - -
33 changed files:
- VERSION
- WHATSNEW.txt
- buildtools/wafsamba/samba_third_party.py
- ctdb/server/ctdb_recoverd.c
- debian/changelog
- docs-xml/smbdotconf/security/serverrole.xml
- python/samba/gp/gpclass.py
- selftest/knownfail
- source3/lib/tldap.c
- source3/libads/kerberos.c
- source3/libads/ldap.c
- source3/libsmb/conncache.c
- source3/libsmb/dsgetdcname.c
- source3/libsmb/namequery.c
- source3/modules/vfs_virusfilter.c
- source3/rpc_server/netlogon/srv_netlog_nt.c
- + source3/script/tests/test_net_ads_kerberos.sh
- source3/selftest/tests.py
- source3/smbd/open.c
- source3/utils/net.c
- source3/utils/net.h
- source3/utils/net_ads.c
- source3/utils/ntlm_auth.c
- source3/winbindd/idmap_ad.c
- source3/winbindd/wb_queryuser.c
- source3/winbindd/wb_sids2xids.c
- source3/winbindd/wb_xids2sids.c
- source3/winbindd/winbindd_cm.c
- source3/winbindd/winbindd_pam.c
- source3/winbindd/winbindd_proto.h
- source3/winbindd/winbindd_util.c
- third_party/socket_wrapper/socket_wrapper.c
- third_party/socket_wrapper/wscript
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/58b07a780fd87f9d2f000c8eea387fcc756b4ef1...2a0302c9eafce4a60818d51adb5e6f52899b7950
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/58b07a780fd87f9d2f000c8eea387fcc756b4ef1...2a0302c9eafce4a60818d51adb5e6f52899b7950
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20250909/7d726e60/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list