[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.23] 10 commits: VERSION: Bump version up to Samba 4.23.5...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Fri Jan 23 12:32:38 GMT 2026
Michael Tokarev pushed to branch upstream_4.23 at Debian Samba Team / samba
Commits:
7216b885 by Björn Jacke at 2025-12-12T14:27:26+01:00
VERSION: Bump version up to Samba 4.23.5...
and re-enable GIT_SNAPSHOT.
- - - - -
5b31a12d by Ralph Boehme at 2026-01-13T22:27:09+00:00
mdssvc: make a copy of the elasticsearch:default_fields
lp_parm_const_string() returns a pointer to loadparm state that is not stable
across loadparm reloads and hence may later point at random garbage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15959
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Dec 16 18:58:07 UTC 2025 on atb-devel-224
(cherry picked from commit 5f8125665cb2ccad12678f95d20cae09922b3767)
- - - - -
8b927894 by Shweta Sodani at 2026-01-13T23:33:56+00:00
vfs_ceph_new: use vfs_ceph_iget/vfs_ceph_iput in vfs_ceph_disk_free
Currently inode of root is using to report stats that works fine for share of root volume.
But for subvolume share it reports incorrect information. Hence choose the inode based on path,
so that it will report stats information correctly.
Bug:https://bugzilla.samba.org/show_bug.cgi?id=15954
Signed-off-by: Shweta Sodani <ssodani at redhat.com>
Reviewed-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Nov 24 18:03:08 UTC 2025 on atb-devel-224
(cherry picked from commit f2ccf020046bc4f0465dfa8b5a8737b018fa66ac)
Autobuild-User(v4-23-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-23-test): Tue Jan 13 23:33:56 UTC 2026 on atb-devel-224
- - - - -
5085b8c1 by Michael Tokarev at 2026-01-15T12:34:22+00:00
s4/dlz: add support for bind 9.20
bind dlz interface does not change much, yet we build
dlz_bind9_NN for every bind9 version NN we support -
despite many of them differ only in soversion, with
the code being identical.
For bind9_20, use dlz_bind9_18.so which we already have.
It'd be nice to extract actual bind9 version string in
sambadns.py and use it in more direct way.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15790
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Dec 10 22:46:11 UTC 2025 on atb-devel-224
(cherry picked from commit 6488787d65ef02cc97b4b79587da6155ff369ac0)
- - - - -
36f0300c by Gary Lockyer at 2026-01-15T13:38:20+00:00
s3:winbindd fix race condition in terminate_child
Fixes:
winbindd[306061]: Bad talloc magic value - unknown value
winbindd[306061]: =========================================================
winbindd[306061]: INTERNAL ERROR: Bad talloc magic value - unknown value in
winbindd () () pid
A race condition in source3/windbindd/winbindd_util.c::terminate_child
between the child socket closing, and the destructor de-registering the
child socket from epoll.
If the socket closes before it is de-registered from epoll, the event
is added to the epoll rdllink and will be retrieved when epoll_wait
is next called. However monitor_fde has been deallocated and we get the
observed failure.
Moving the TALLOC_FREE before the kill ensures that the child socket has been
de-registered from epoll before it closes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15937
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 13 14:50:20 UTC 2026 on atb-devel-224
(cherry picked from commit a3684a2284cdf421090d6064b720b81b05b6eae6)
Autobuild-User(v4-23-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-23-test): Thu Jan 15 13:38:20 UTC 2026 on atb-devel-224
- - - - -
1652a108 by Pavel Filipenský at 2026-01-23T09:08:14+00:00
s3:libads: Reset ads->config.flags in ads_disconnect()
This is doing the same thing in ads_disconnect() as commit
a26f535 Clear previous CLDAP ping flags when reusing the ADS_STRUCT
did in ads_current_time()
In this case we:
1) found cached ADS_STRUCT which already has ads->config.flags set:
lookup_groupmem()
ads_cached_connection()
ads_cached_connection_reuse()
2) started search which immediately timeouts (the cached conn. was dead)
ads_do_search_retry_internal()
ldap_search_with_timeout() - IO_TIMEOUT
3) Retry loop finds a new DC and tries to connect
ads_do_search_retry_internal()
ads_disconnect()
ads_find_dc()
ads_try_connect()
netlogon_pings()
check_cldap_reply_required_flags()
4) check_cldap_reply_required_flags() fails since ads->config.flags
(stored possibly long time ago) contain:
NBT_SERVER_CLOSEST 0x00000080
which is misinterpreted as:
DS_PDC_REQUIRED 0x00000080
the newly found DC is not PDC (we asked for DS_ONLY_LDAP_NEEDED)
and since previous DC had NBT_SERVER_CLOSEST we want DS_PDC_REQUIRED
and fail.
We should anyway avoid mixing independent namespaces NBT_* and DS_*
in the same flag.
Next commit will do that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9f3a35991feb01a8d2c2b69fa0b914bbc637a809)
- - - - -
573959f7 by Pavel Filipenský at 2026-01-23T10:09:15+00:00
s3:libads: Separate use of ads->config.flags for NBT_* and DS_* values
Use of ads->config.flags is overloaded.
It is used to:
- pass DS_* flags down to cldap_netlogon()
- store the server_type from NETLOGON_SAM_LOGON_RESPONSE
Both cases use different values and cannot be combined.
E.g. flags mess up with value 0x00000080
NBT_SERVER_CLOSEST 0x00000080
DS_PDC_REQUIRED 0x00000080
Let's create two separate flags
nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
uint32 required_flags; /* DS_* - Netlogon flags */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224
(cherry picked from commit 7483903575eab97773a992149d64511d5ec6f256)
Autobuild-User(v4-23-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-23-test): Fri Jan 23 10:09:15 UTC 2026 on atb-devel-224
- - - - -
c66fb7bd by Björn Jacke at 2026-01-23T11:32:43+01:00
Add release notes for Samba 4.23.5
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
028df22e by Björn Jacke at 2026-01-23T11:37:40+01:00
VERSION: Disable GIT_SNAPSHOT for the upcoming release.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
46ffb42c by Michael Tokarev at 2026-01-23T15:26:29+03:00
New upstream version 4.23.5+dfsg
- - - - -
11 changed files:
- VERSION
- WHATSNEW.txt
- python/samba/provision/sambadns.py
- source3/libads/ldap.c
- source3/librpc/idl/ads.idl
- source3/libsmb/namequery_dc.c
- source3/modules/vfs_ceph_new.c
- source3/rpc_server/mdssvc/mdssvc_es.c
- source3/winbindd/winbindd_cm.c
- source3/winbindd/winbindd_util.c
- source4/setup/named.conf.dlz
Changes:
=====================================
VERSION
=====================================
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=23
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
=====================================
WHATSNEW.txt
=====================================
@@ -1,3 +1,51 @@
+ ==============================
+ Release Notes for Samba 4.23.5
+ January 23, 2026
+ ==============================
+
+
+This is the latest stable release of the Samba 4.23 release series.
+
+
+Changes since 4.23.4
+--------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15959: New Spotlight default search field incorrectly initialized
+
+o Pavel Filipenský <pfilipensky at samba.org>
+ * BUG 15972: Winbind group resolution failure
+
+o Gary Lockyer <gary at catalyst.net.nz>
+ * BUG 15937: winbindd crashes with Bad talloc magic value - unknown value
+
+o Michael Tokarev <mjt at tls.msk.ru>
+ * BUG 15790: Bind dlz 9.20
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.23.4
December 12, 2025
@@ -54,8 +102,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.23.3
November 07, 2025
=====================================
python/samba/provision/sambadns.py
=====================================
@@ -1030,7 +1030,8 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
bind9_14 = ''
elif bind_info.upper().find('BIND 9.16') != -1:
bind9_16 = ''
- elif bind_info.upper().find('BIND 9.18') != -1:
+ elif bind_info.upper().find('BIND 9.18') != -1 \
+ or bind_info.upper().find('BIND 9.20') != -1:
bind9_18 = ''
elif bind_info.upper().find('BIND 9.7') != -1:
raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
=====================================
source3/libads/ldap.c
=====================================
@@ -237,7 +237,7 @@ bool ads_sitename_match(ADS_STRUCT *ads)
bool ads_closest_dc(ADS_STRUCT *ads)
{
- if (ads->config.flags & NBT_SERVER_CLOSEST) {
+ if (ads->config.server_flags & NBT_SERVER_CLOSEST) {
DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag set\n"));
return True;
}
@@ -344,7 +344,7 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
sitename_store(cldap_reply->dns_domain, cldap_reply->client_site);
/* Leave this until last so that the flags are not clobbered */
- ads->config.flags = cldap_reply->server_type;
+ ads->config.server_flags = cldap_reply->server_type;
ret = true;
@@ -379,7 +379,8 @@ static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
ok = ads_cldap_netlogon_5(frame,
ss,
ads->server.realm,
- ads->config.flags | DS_ONLY_LDAP_NEEDED,
+ ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
&cldap_reply);
if (!ok) {
DBG_NOTICE("ads_cldap_netlogon_5(%s, %s) failed.\n",
@@ -490,20 +491,21 @@ again:
return status;
}
- status = netlogon_pings(frame, /* mem_ctx */
- lp_client_netlogon_ping_protocol(), /* proto */
- ts_list, /* servers */
- num_requests, /* num_servers */
- (struct netlogon_ping_filter){
- .ntversion = nt_version,
- .domain = ads->server.realm,
- .acct_ctrl = -1,
- .required_flags = ads->config.flags |
- DS_ONLY_LDAP_NEEDED,
- },
- 1, /* wanted_servers */
- endtime, /* timeout */
- &responses);
+ status = netlogon_pings(
+ frame, /* mem_ctx */
+ lp_client_netlogon_ping_protocol(), /* proto */
+ ts_list, /* servers */
+ num_requests, /* num_servers */
+ (struct netlogon_ping_filter){
+ .ntversion = nt_version,
+ .domain = ads->server.realm,
+ .acct_ctrl = -1,
+ .required_flags = ads->config.required_flags |
+ DS_ONLY_LDAP_NEEDED,
+ },
+ 1, /* wanted_servers */
+ endtime, /* timeout */
+ &responses);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("netlogon_pings(realm=%s, num_requests=%zu) "
"for count[%zu] - %s\n",
@@ -1261,6 +1263,7 @@ void ads_disconnect(ADS_STRUCT *ads)
if (ads->ldap_wrap_data.mem_ctx) {
talloc_free(ads->ldap_wrap_data.mem_ctx);
}
+ ads->config.server_flags = 0;
ads_zero_ldap(ads);
ZERO_STRUCT(ads->ldap_tls_data);
ZERO_STRUCT(ads->ldap_wrap_data);
@@ -3725,10 +3728,10 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
@@ -3814,10 +3817,10 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32_t *val)
}
/*
- * Reset ads->config.flags as it can contain the flags
+ * Reset flags as it can contain the flags
* returned by the previous CLDAP ping when reusing the struct.
*/
- ads_s->config.flags = 0;
+ ads_s->config.server_flags = 0;
status = ads_connect_simple_anon(ads_s);
if ( !ADS_ERR_OK(status))
=====================================
source3/librpc/idl/ads.idl
=====================================
@@ -6,6 +6,7 @@
*/
import "nbt.idl";
+import "netlogon.idl";
cpp_quote("#include <system/network.h>")
@@ -51,7 +52,8 @@ interface ads
} ads_auth;
typedef [nopull,nopush] struct {
- nbt_server_type flags; /* cldap flags identifying the services. */
+ nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
+ netr_DsRGetDCName_flags required_flags; /* DS_* - Netlogon flags */
string workgroup;
string realm;
string bind_path;
=====================================
source3/libsmb/namequery_dc.c
=====================================
@@ -109,7 +109,9 @@ static bool ads_dc_name(const char *domain,
}
#ifdef HAVE_ADS
- if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) {
+ if (is_our_primary_domain(domain) &&
+ (ads->config.server_flags & NBT_SERVER_KDC))
+ {
if (ads_closest_dc(ads)) {
/* We're going to use this KDC for this realm/domain.
If we are using sites, then force the krb5 libs
=====================================
source3/modules/vfs_ceph_new.c
=====================================
@@ -872,13 +872,14 @@ static int vfs_ceph_ll_statfs(const struct vfs_handle_struct *handle,
struct statvfs *stbuf)
{
struct vfs_ceph_config *config = NULL;
+ int ret = -1;
SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config,
return -ENOMEM);
- DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 "\n", iref->ino);
-
- return config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf);
+ ret = config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf);
+ DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 " ret=%d\n", iref->ino, ret);
+ return ret;
}
static int vfs_ceph_ll_getattr2(const struct vfs_handle_struct *handle,
@@ -2034,25 +2035,21 @@ static uint64_t vfs_ceph_disk_free(struct vfs_handle_struct *handle,
uint64_t *dsize)
{
struct statvfs statvfs_buf = { 0 };
- struct Inode *inode = NULL;
int ret;
struct vfs_ceph_config *config = NULL;
+ struct vfs_ceph_iref iref = {0};
SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config,
return -ENOMEM);
- ret = config->ceph_ll_lookup_root_fn(config->mount, &inode);
+ ret = vfs_ceph_iget(handle, smb_fname->base_name, 0, &iref);
if (ret != 0) {
- DBG_DEBUG("[CEPH] disk_free: ceph_ll_lookup_root returned ret=%d\n",
- ret);
errno = -ret;
return (uint64_t)(-1);
}
- ret = config->ceph_ll_statfs_fn(config->mount, inode, &statvfs_buf);
- config->ceph_ll_put_fn(config->mount, inode);
+ ret = vfs_ceph_ll_statfs(handle, &iref, &statvfs_buf);
+ vfs_ceph_iput(handle, &iref);
if (ret != 0) {
- DBG_DEBUG("[CEPH] disk_free: ceph_ll_statfs returned ino=%p"
- " ret=%d\n", inode, ret);
errno = -ret;
return (uint64_t)(-1);
}
=====================================
source3/rpc_server/mdssvc/mdssvc_es.c
=====================================
@@ -108,10 +108,12 @@ static bool mdssvc_es_init(struct mdssvc_ctx *mdssvc_ctx)
}
TALLOC_FREE(default_path);
- mdssvc_es_ctx->default_fields = lp_parm_const_string(GLOBAL_SECTION_SNUM,
- "elasticsearch",
- "default_fields",
- default_fields);
+ default_fields = lp_parm_const_string(GLOBAL_SECTION_SNUM,
+ "elasticsearch",
+ "default_fields",
+ default_fields);
+ mdssvc_es_ctx->default_fields = talloc_strdup(mdssvc_es_ctx,
+ default_fields);
if (mdssvc_es_ctx->default_fields == NULL) {
TALLOC_FREE(mdssvc_es_ctx);
return false;
=====================================
source3/winbindd/winbindd_cm.c
=====================================
@@ -1051,7 +1051,7 @@ static bool dcip_check_name_ads(const struct winbindd_domain *domain,
ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto out;
}
- ads->config.flags |= request_flags;
+ ads->config.required_flags |= request_flags;
ads->server.no_fallback = true;
ads_status = ads_connect_cldap_only(ads);
@@ -1067,9 +1067,9 @@ static bool dcip_check_name_ads(const struct winbindd_domain *domain,
}
namecache_store(name, 0x20, 1, sa);
- DBG_DEBUG("CLDAP flags = 0x%"PRIx32"\n", ads->config.flags);
+ DBG_DEBUG("CLDAP flags = 0x%" PRIx32 "\n", ads->config.server_flags);
- if (domain->primary && (ads->config.flags & NBT_SERVER_KDC)) {
+ if (domain->primary && (ads->config.server_flags & NBT_SERVER_KDC)) {
if (ads_closest_dc(ads)) {
char *sitename = sitename_fetch(tmp_ctx,
ads->config.realm);
=====================================
source3/winbindd/winbindd_util.c
=====================================
@@ -971,13 +971,13 @@ static void terminate_child(struct tevent_req *subreq)
TALLOC_FREE(subreq);
if (c->pid != 0) {
+ TALLOC_FREE(c->monitor_fde);
kill(c->pid, SIGTERM);
c->pid = 0;
if (c->sock != -1) {
close(c->sock);
}
c->sock = -1;
- TALLOC_FREE(c->monitor_fde);
}
c = NULL;
=====================================
source4/setup/named.conf.dlz
=====================================
@@ -30,8 +30,8 @@ dlz "AD DNS Zone" {
# For BIND 9.16.x
${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
- #
- # For BIND 9.18.x
+
+ # For BIND 9.18.x and 9.20.x
${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
};
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/0ebec4d41a6a30b1557815477c54fd1cad4778d2...46ffb42ccd050de7e880e778ad962d1de84acd66
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/0ebec4d41a6a30b1557815477c54fd1cad4778d2...46ffb42ccd050de7e880e778ad962d1de84acd66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20260123/2d9e646b/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list