[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.23] 13 commits: VERSION: Bump version up to Samba 4.23.1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Fri Sep 26 20:33:31 BST 2025
Michael Tokarev pushed to branch upstream_4.23 at Debian Samba Team / samba
Commits:
19d0be0b by Jule Anger at 2025-09-12T10:25:33+02:00
VERSION: Bump version up to Samba 4.23.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
c01bad23 by Jule Anger at 2025-09-12T10:45:13+02:00
WHATSNEW: fix typo
- - - - -
3749bc3d by Andreas Schneider at 2025-09-17T07:44:16+00:00
ctdb: Fix redefinitoin of pmdaResult
../../ctdb/utils/pmda/pmda_ctdb.c:52:9: warning: 'pmdaResult' redefined
52 | #define pmdaResult pmResult
| ^~~~~~~~~~
In file included from ../../ctdb/utils/pmda/pmda_ctdb.c:35:
/usr/include/pcp/pmda.h:30:9: note: this is the location of the previous definition
30 | #define pmdaResult pmResult_v2
| ^~~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15904
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Sep 13 08:12:42 UTC 2025 on atb-devel-224
(cherry picked from commit d4b448c305f674646001e293d8aa6ebc0ca6dc77)
- - - - -
babc0c7c by Volker Lendecke at 2025-09-17T08:48:10+00:00
winbind: Initialize idmap in winbindd_getgroups
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15914
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Sep 13 05:44:20 UTC 2025 on atb-devel-224
(cherry picked from commit beaf661b1ec1f048efc8eb2b383fc989a79ae009)
Autobuild-User(v4-23-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-23-test): Wed Sep 17 08:48:10 UTC 2025 on atb-devel-224
- - - - -
ee566060 by Shachar Sharon at 2025-09-26T09:28:19+00:00
vfs_ceph_new: dont use ceph_ll_nonblocking_readv_writev for fsync_send
Commit 4ae922413844 ("vfs_ceph_new: use libcephfs nonblocking API for
async-io ops") uses ceph_ll_nonblocking_readv_writev for fsync_send.
However, the actual behaviour of libcephfs when using this API with
'fsync=true' is not async-fsync, as one may assume. Instead,
vfs_ceph_new should use a nonblocking fsync API[1], once it is ready.
Removed the usage of ceph_ll_nonblocking_readv_writev for fsync.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15919
[1] https://github.com/ceph/ceph/commit/c88a21c30d8b265adb152f631d2629d29539f7b7
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 82c0988a8bc3d3e364e2d56ad8ea27e359fbc3f0)
- - - - -
73f3f2a5 by Anoop C S at 2025-09-26T09:28:19+00:00
vfs_ceph_new: Use integer value instead of boolean
ceph_ll_fsync() API[1] accepts the third and final argument as integer
and not a boolean value.
[1] https://github.com/ceph/ceph/blob/main/src/include/cephfs/libcephfs.h#L2041
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15919
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Sep 22 12:24:35 UTC 2025 on atb-devel-224
(cherry picked from commit 5200c120f34c4a28fa9f4cb55b46dbb9d90eb758)
- - - - -
7e144282 by Alexander Bokovoy at 2025-09-26T10:36:53+00:00
Fix crash in DLZ plugin for incorrect setup
When bind is not yet setup properly, logging errors should be done
through the temporary handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15920
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sat Sep 20 06:49:37 UTC 2025 on atb-devel-224
(cherry picked from commit 821cf798d87162b1f3b5d7388891d15fea0a969a)
Autobuild-User(v4-23-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-23-test): Fri Sep 26 10:36:53 UTC 2025 on atb-devel-224
- - - - -
95b2c73d by Martin Schwenke at 2025-09-26T12:31:12+00:00
ctdb-pmda: Do not directly support CTDB_SOCKET environment variable
Always use whatever CTDB uses in the current environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c4794e40529c63c696ecc3f8f27c810c22dd63a5)
- - - - -
d20797de by Martin Schwenke at 2025-09-26T12:31:12+00:00
ctdb-common: Factor out checking of CTDB_TEST_MODE
For use elsewhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
(cherry picked from commit 4c12a36eb5b44fb08d0461e6fa77fcdb4a128433)
- - - - -
35e59dcf by Martin Schwenke at 2025-09-26T13:32:05+00:00
ctdb-common: Only respect CTDB_SOCKET in CTDB_TEST_MODE
At the moment CTDB_SOCKET can be used outside of test mode even though
nobody should do this. So, no longer allow this.
This means ensuring CTDB_TEST_MODE is set in the in the
"clusteredmember" selftest environment, so that CTDB_SOCKET is
respected there..
Details...
The associated use of chown(2) and chmod(2), used to secure the socket
in ctdb_daemon.c:ux_socket_bind(), potentially enables a symlink race
attack. However, the chown(2) is currently not done in test mode, so
restricting the use of CTDB_SOCKET to test mode solves the potential
security issue.
Also, sprinkle warnings about use of CTDB_TEST_MODE in appropriate
places, just to attempt to limit unwanted behaviour.
An alternative could be to use the socket file descriptor with
fchown(2) and fchmod(2). However, these system calls are not well
defined on sockets. Still, this was previously done in CTDB's early
days (using the poorly documented method where they are allowed in
Linux (only?) before calling bind(2)). It was removed (due to
portability issues, via commits
cf1056df94943ddcc3d547d4533b4bc04f57f265 and
2da3fe1b175a468fdff4aa4f65627facd2c28394) and replaced with the
current post-bind chown(2) and chmod(2).
I would like to remove the CTDB_SOCKET environment variable entirely,
since setting CTDB_TEST_MODE and CTDB_BASE covers all reasonable test
environments. However, I have a feeling that people use it for
interactive testing, and that can still be done in CTDB_TEST_MODE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reported-by: *GUIAR OQBA * <techokba at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 25 09:02:06 UTC 2025 on atb-devel-224
(cherry picked from commit 7e2358fcf7be177d6e5de6e26f9d7c5af4acbb0c)
Autobuild-User(v4-23-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-23-test): Fri Sep 26 13:32:06 UTC 2025 on atb-devel-224
- - - - -
c14e283a by Jule Anger at 2025-09-26T15:44:21+02:00
WHATSNEW: Add release notes for Samba 4.23.1.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
821a2477 by Jule Anger at 2025-09-26T15:45:23+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.23.1 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9ee8a0a8 by Michael Tokarev at 2025-09-26T22:13:43+03:00
New upstream version 4.23.1+dfsg
- - - - -
11 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/common/path.c
- ctdb/server/ctdbd.c
- ctdb/tests/README
- ctdb/utils/pmda/pmda_ctdb.c
- selftest/target/Samba.pm
- selftest/target/Samba3.pm
- source3/modules/vfs_ceph_new.c
- source3/winbindd/winbindd_getgroups.c
- source4/dns_server/dlz_bind9.c
Changes:
=====================================
VERSION
=====================================
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=23
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# If a official release has a serious bug #
=====================================
WHATSNEW.txt
=====================================
@@ -1,10 +1,66 @@
+ ==============================
+ Release Notes for Samba 4.23.1
+ September 26, 2025
+ ==============================
+
+
+This is the latest stable release of the Samba 4.23 release series.
+
+
+Changes since 4.23.0
+--------------------
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 15920: Incomplete bind configuration causes DLZ plugin to crash.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15914: winbind can crash at startup.
+
+o Anoop C S <anoopcs at samba.org>
+ * BUG 15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for
+ fsync_send.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15904: CTDB does not support PCP 7.0.0.
+
+o Martin Schwenke <mschwenke at ddn.com>
+ * BUG 15921: CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set.
+
+o Shachar Sharon <ssharon at redhat.com>
+ * BUG 15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for
+ fsync_send.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.23.0
September 12, 2025
==============================
-This is the first stable release of the Samba 4.22 release series.
+This is the first stable release of the Samba 4.23 release series.
Please read the release notes carefully before upgrading.
=====================================
ctdb/common/path.c
=====================================
@@ -45,16 +45,30 @@ struct {
.vardir = CTDB_VARDIR,
};
-static void path_set_basedir(void)
+static void path_set_test_mode(void)
{
- const char *t;
-
+ const char *t = NULL;
+
+ /*
+ * Do not use CTDB_TEST_MODE outside a test environment to
+ * attempt to (for example) improve installation flexibility.
+ * This is unsupported, may cause unwanted security issues and
+ * may break in future releases.
+ */
t = getenv("CTDB_TEST_MODE");
if (t == NULL) {
- goto done;
+ return;
}
ctdb_paths.test_mode = true;
+}
+
+static void path_set_basedir(void)
+{
+ path_set_test_mode();
+ if (!ctdb_paths.test_mode) {
+ goto done;
+ }
ctdb_paths.basedir = getenv("CTDB_BASE");
if (ctdb_paths.basedir == NULL) {
@@ -188,11 +202,14 @@ char *path_config(TALLOC_CTX *mem_ctx)
char *path_socket(TALLOC_CTX *mem_ctx, const char *daemon)
{
- if (strcmp(daemon, "ctdbd") == 0) {
- const char *t = getenv("CTDB_SOCKET");
-
- if (t != NULL) {
- return talloc_strdup(mem_ctx, t);
+ path_set_test_mode();
+ if (ctdb_paths.test_mode) {
+ if (strcmp(daemon, "ctdbd") == 0) {
+ const char *t = getenv("CTDB_SOCKET");
+
+ if (t != NULL) {
+ return talloc_strdup(mem_ctx, t);
+ }
}
}
=====================================
ctdb/server/ctdbd.c
=====================================
@@ -241,6 +241,13 @@ int main(int argc, const char *argv[])
* Logging setup/options
*/
+
+ /*
+ * Do not use CTDB_TEST_MODE outside a test environment to
+ * attempt to (for example) improve installation flexibility.
+ * This is unsupported, may cause unwanted security issues and
+ * may break in future releases.
+ */
test_mode = getenv("CTDB_TEST_MODE");
/* Log to stderr (ignoring configuration) when running as interactive */
=====================================
ctdb/tests/README
=====================================
@@ -98,7 +98,7 @@ Test and debugging variable options
PID file relative to CTDB_BASE.
When testing with multiple local daemons on a single
- machine this does 3 extra things:
+ machine this does some extra things:
* Disables checks related to public IP addresses
@@ -107,6 +107,14 @@ Test and debugging variable options
* Disables real-time scheduling
+ * Allows the CTDB_SOCKET environment variable to be used to
+ specify ctdbd's Unix domain socket location.
+
+ Do not use this variable outside a test environment to
+ attempt to (for example) improve installation flexibility.
+ This is unsupported, may cause unwanted security issues and
+ may break in future releases.
+
CTDB_DEBUG_HUNG_SCRIPT_LOGFILE=FILENAME
FILENAME specifies where log messages should go when
debugging hung eventscripts. This is a testing option. See
=====================================
ctdb/utils/pmda/pmda_ctdb.c
=====================================
@@ -28,6 +28,8 @@
#include "lib/util/time.h"
#include "lib/util/blocking.h"
+#include "common/path.h"
+
#include "client/client.h"
#include "client/client_sync.h"
@@ -48,7 +50,7 @@
#define pmSetProgname(a) __pmSetProgname(a)
#endif
-#ifdef HAVE_STRUCT_PMRESULT
+#if !defined(pmdaResult) && defined(HAVE_STRUCT_PMRESULT)
#define pmdaResult pmResult
#endif
@@ -58,9 +60,7 @@
* CTDB PMDA
*
* This PMDA connects to the locally running ctdbd daemon and pulls
- * statistics for export via PCP. The ctdbd Unix domain socket path can be
- * specified with the CTDB_SOCKET environment variable, otherwise the default
- * path is used.
+ * statistics for export via PCP.
*/
/*
@@ -200,7 +200,7 @@ pmda_ctdb_disconnected(void *args)
static int
pmda_ctdb_daemon_connect(void)
{
- const char *socket_name;
+ char *socket_name = NULL;
int ret;
ev = tevent_context_init(NULL);
@@ -209,9 +209,9 @@ pmda_ctdb_daemon_connect(void)
return -1;
}
- socket_name = getenv("CTDB_SOCKET");
+ socket_name = path_socket(ev, "ctdbd");
if (socket_name == NULL) {
- socket_name = CTDB_SOCKET;
+ goto err_ev;
}
ret = ctdb_client_init(ev, ev, socket_name, &client);
@@ -224,6 +224,7 @@ pmda_ctdb_daemon_connect(void)
ctdb_client_set_disconnect_callback(client, pmda_ctdb_disconnected,
NULL);
+ talloc_free(socket_name);
return 0;
err_ev:
=====================================
selftest/target/Samba.pm
=====================================
@@ -1017,6 +1017,7 @@ my @exported_envvars = (
"RESOLV_WRAPPER_HOSTS",
# ctdb stuff
+ "CTDB_TEST_MODE",
"CTDB_PREFIX",
"NUM_NODES",
"CTDB_BASE",
=====================================
selftest/target/Samba3.pm
=====================================
@@ -4322,6 +4322,7 @@ sub provision_ctdb($$$$)
$ret{"CTDB_IFACE_IP_NODE${i}"} = $ip;
}
+ $ret{CTDB_TEST_MODE} = "yes";
$ret{CTDB_BASE} = $ret{CTDB_BASE_NODE0};
$ret{CTDB_SOCKET} = $ret{CTDB_SOCKET_NODE0};
$ret{CTDB_SERVER_NAME} = $ret{CTDB_SERVER_NAME_NODE0};
=====================================
source3/modules/vfs_ceph_new.c
=====================================
@@ -3019,18 +3019,8 @@ static struct tevent_req *vfs_ceph_fsync_send(struct vfs_handle_struct *handle,
SMBPROFILE_BYTES_ASYNC_SET_IDLE_X(state->profile_bytes,
state->profile_bytes_x);
-#if HAVE_CEPH_ASYNCIO
- state->req = req;
- state->data = NULL;
- state->len = 0;
- state->off = 0;
- state->fsync = true;
- vfs_ceph_aio_submit(handle, req, ev);
- return req;
-#endif
-
vfs_ceph_aio_start(state);
- ret = vfs_ceph_ll_fsync(handle, state->cfh, false);
+ ret = vfs_ceph_ll_fsync(handle, state->cfh, 0);
vfs_ceph_aio_finish(state, ret);
if (ret != 0) {
/* ceph_fsync returns -errno on error. */
=====================================
source3/winbindd/winbindd_getgroups.c
=====================================
@@ -38,6 +38,7 @@ struct winbindd_getgroups_state {
gid_t *gids;
};
+static void winbindd_getgroups_idmap_initialized(struct tevent_req *subreq);
static void winbindd_getgroups_lookupname_done(struct tevent_req *subreq);
static void winbindd_getgroups_gettoken_done(struct tevent_req *subreq);
static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq);
@@ -72,16 +73,40 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ subreq = wb_parent_idmap_setup_send(state, state->ev);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ winbindd_getgroups_idmap_initialized,
+ req);
+ return req;
+}
+
+static void winbindd_getgroups_idmap_initialized(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct winbindd_getgroups_state *state = tevent_req_data(
+ req, struct winbindd_getgroups_state);
+ const struct wb_parent_idmap_config *cfg = NULL;
+ NTSTATUS status;
+
+ status = wb_parent_idmap_setup_recv(subreq, &cfg);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
subreq = dcerpc_wbint_NormalizeNameUnmap_send(state,
state->ev,
idmap_child_handle(),
state->request_name,
&state->unmapped_name);
if (tevent_req_nomem(subreq, req)) {
- return tevent_req_post(req, ev);
+ return;
}
tevent_req_set_callback(subreq, winbindd_getgroups_unmap_done, req);
- return req;
}
static void winbindd_getgroups_unmap_done(struct tevent_req *subreq)
=====================================
source4/dns_server/dlz_bind9.c
=====================================
@@ -671,6 +671,9 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
}
va_end(ap);
+ /* starting from here, we can only use state->log() until
+ * dlz_bind9_state is assigned */
+
/* Do not install samba signal handlers */
fault_setup_disable();
@@ -727,11 +730,11 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
}
if (!file_exist(state->options.url)) {
- dlz_bind9_state->log(ISC_LOG_ERROR,
- "samba_dlz: dlz_create could not find '%s'; "
- "trying old location '%s/dns/sam.ldb' instead",
- state->options.url,
- lpcfg_private_dir(state->lp));
+ state->log(ISC_LOG_ERROR,
+ "samba_dlz: dlz_create could not find '%s'; "
+ "trying old location '%s/dns/sam.ldb' instead",
+ state->options.url,
+ lpcfg_private_dir(state->lp));
state->options.url = talloc_asprintf(state,
"%s/dns/sam.ldb",
lpcfg_private_dir(state->lp));
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/43a21a970a6629601232c2b75829ca1b0ea467a3...9ee8a0a8e5b8293e7c25c09e3398f7b0e0ff5c9f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/43a21a970a6629601232c2b75829ca1b0ea467a3...9ee8a0a8e5b8293e7c25c09e3398f7b0e0ff5c9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20250926/9cb5b6ae/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list