[Pkg-samba-maint] [Git][samba-team/samba][debian/trixie] 140 commits: VERSION: Bump version up to Samba 4.22.4...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Fri Mar 6 20:42:26 GMT 2026
Michael Tokarev pushed to branch debian/trixie at Debian Samba Team / samba
Commits:
ef1a5896 by Jule Anger at 2025-07-07T18:16:50+02:00
VERSION: Bump version up to Samba 4.22.4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
69cccd4c by Jule Anger at 2025-07-17T09:47:19+00:00
WHATSNEW: fix typo
Found by script/codespell.sh.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f186da9f by Aleksandr Sharov at 2025-07-17T10:48:14+00:00
Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link
Singed-off-by: Alex Sharov (kororland at gmail.com)
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
(cherry picked from commit 44ee31c0258b0afb3d3f2ce17942cc86e308a690)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Jul 17 10:48:14 UTC 2025 on atb-devel-224
- - - - -
e119cb0b by Ralph Boehme at 2025-07-21T09:30:29+00:00
libads: fix get_kdc_ip_string() ...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15881
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jul 7 16:46:29 UTC 2025 on atb-devel-224
(cherry picked from commit 88572cc8f629a737a1d5b33d5800f3692895233f)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Mon Jul 21 09:30:29 UTC 2025 on atb-devel-224
- - - - -
f7b28aa9 by Stefan Metzmacher at 2025-08-07T12:53:16+00:00
s3:conncache: improve debugging for the negative connection cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 613ac83fb7666f5b132187d5587053e0d7dcd46d)
- - - - -
48ce6782 by Stefan Metzmacher at 2025-08-07T12:53:16+00:00
winbindd: always use winbind_add_failed_connection_entry() wrapper
We should not use add_failed_connection_entry() directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7fed75c495ead8f476c805b91cc6624ebf933427)
- - - - -
04c938d8 by Stefan Metzmacher at 2025-08-07T12:53:16+00:00
winbindd: blacklist servers returning ACCESS_DENIED/authoritative=0
https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit ce80451f3af4418d1c83be009b58b3824c071cae)
- - - - -
213af0ed by Stefan Metzmacher at 2025-08-07T12:53:16+00:00
s3:libads: let cldap_ping_list() check for a blacklisted server name
If we black listed a server we should not use it even if
it responses to CLDAP requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 08c8760ad9706b62755e35acaa121647344a4c9e)
- - - - -
a77d376a by Stefan Metzmacher at 2025-08-07T12:53:16+00:00
s3:libads: let get_kdc_ip_string() check for a blacklisted server name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 63051a2dcbe3a4a07f029e0c18aa90bd3f56b0a4)
- - - - -
10c00de2 by Ralph Boehme at 2025-08-07T12:53:16+00:00
s3/libads: get rid of additional loop calling add_failed_connection_entry()
Just call add_failed_connection_entry() in the initial loop at all places where
we have a "bad" result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit a397801598eef4b0381a64a37af1845e9e85a50f)
- - - - -
02080bdb by Ralph Boehme at 2025-08-07T12:53:17+00:00
libads: check for if DCs are in paused state when processing CLDAP replies
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit d3000d7df09de724694aa0682b9750b8c7767514)
- - - - -
a7eaa61f by Ralph Boehme at 2025-08-07T12:53:17+00:00
s3/libsmb: check command in make_dc_info_from_cldap_reply()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 5217bd1a2334825fed32f40c57f72464d126aac0)
- - - - -
4a05b06b by Ralph Boehme at 2025-08-07T13:50:32+00:00
s3/libsmb: check the negative-conn-cache in resolve_ads()
This way we throw away blacklisted servers right away when learning about them
from the DNS SRV query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 30 10:10:21 UTC 2025 on atb-devel-224
(cherry picked from commit c1ee6fe9a489a8923d607e14d26768935a398849)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Aug 7 13:50:32 UTC 2025 on atb-devel-224
- - - - -
b17dec31 by Günther Deschner at 2025-08-11T06:56:08+00:00
s3-selftest: add tests for "net ads kerberos" commands
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 18d0574a0fe4b5fd468f949cfaa507ab4519c9e6)
- - - - -
25f5debf by Günther Deschner at 2025-08-11T06:56:08+00:00
s3-net: fix "net ads kerberos" krb5ccname handling
We can only rely on KRB5CCNAME being set, --use-krb5-ccname content is
not available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15840
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Jul 24 17:31:14 UTC 2025 on atb-devel-224
(cherry picked from commit 8a97afdae788e8d10a51035f8b287dc00293f90d)
- - - - -
fe8eafc2 by Pavel Filipenský at 2025-08-11T06:56:08+00:00
s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name(). We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.
The impacted environment has:
domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 4921c3304e5e0480e5bb80a757b3f04b3b92c3b1)
- - - - -
d14fa6eb by Pavel Filipenský at 2025-08-11T06:56:09+00:00
docs-xml: Make smb.conf 'server role' value consistent with ROLE_IPA_DC in libparam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d88268102ade07fab345e04109818d97d8843a14)
- - - - -
00adb310 by Pavel Filipenský at 2025-08-11T06:56:09+00:00
s3:netlogon: IPA DC is the PDC as well - allow ROLE_IPA_DC in _netr_DsRGetForestTrustInformation()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1dbafcc4e4ff8f39af5ca737b30e9821413dd1f2)
- - - - -
33647976 by Pavel Filipenský at 2025-08-11T07:53:47+00:00
s3:utils: Allow ROLE_IPA_DC to allow to use Kerberos in gensec
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15891
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 14:51:51 UTC 2025 on atb-devel-224
(cherry picked from commit a4dff82e45308db3ccabac2a55c03d52f04d7b4d)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Mon Aug 11 07:53:47 UTC 2025 on atb-devel-224
- - - - -
af6d23f9 by Srinivas Rao V at 2025-08-14T12:32:46+00:00
smbd: fix mode being sent to possibly_set_archive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15880
possibly_set_archive is being passed smb_fname->st.st_ex_mode.
Inside the function same variable is getting assigned to itself.
Fixed this to send unx_mode to possibly_set_archive.
Signed-off-by: Srinivas Rao V <Srinivas.Rao.V at ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Jul 18 22:25:05 UTC 2025 on atb-devel-224
(cherry picked from commit 1d1acebf01902bef3a9ccae23c3be4cacbb777b2)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Aug 14 12:32:46 UTC 2025 on atb-devel-224
- - - - -
5f93ef72 by Volker Lendecke at 2025-08-21T08:58:34+00:00
ctdb: Fix a stuck cluster lock holder after a delayed leader bcast
If a delayed broadcast by a previous cluster lock holder arrives, the
new legitimate leader will accept this without questioning in
leader_handler(). Without this patch rec->leader will never be
overwritten, and because rec->pnn != rec->leader we'll also never send
out fresh leader broadcasts. And because we hold the cluster lock,
nobody else can step up.
Fix this in the next round of leader broadcast timeout.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15892
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Aug 7 02:59:20 UTC 2025 on atb-devel-224
(cherry picked from commit 1a7cfd93432a227a972b34e1eb844134173be7b0)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Aug 21 08:58:34 UTC 2025 on atb-devel-224
- - - - -
a35b91ff by Rabinarayan Panigrahi at 2025-08-21T14:11:46+00:00
vfs_virsufilter: Fix the invocation of SMB_VFS_NEXT_CONNECT
virusfilter is failing if path is defined for virusfilter:quarantine
as next module is not initialized by mean time. So rearranged invocation
of SMB_VFS_NEXT_CONNECT call
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15663
Signed-off-by: Rabinarayan Panigrahi <rapanigr at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Jul 21 11:28:12 UTC 2025 on atb-devel-224
(cherry picked from commit 605d4d065cd5951385a744230cf7f159468c02a2)
- - - - -
58aa90b3 by Volker Lendecke at 2025-08-21T14:11:46+00:00
vfs: Fix vfs_streams_depot's fstatat
a24c7d566f2 does not cover subdirectories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15816
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Feb 26 09:00:34 UTC 2025 on atb-devel-224
(cherry picked from commit 125862c617efae6926c91acae44206f29e61b148)
- - - - -
e4420f35 by Ralph Boehme at 2025-08-21T14:11:46+00:00
tldap: use tevent_req_set_endtime() to terminate LDAP searches
Needed to detect unresponsive LDAP servers, otherwise we might be sitting up to
924.6 seconds after sending a request before the kernel notifies us of a broken
connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 4e79fe13325385ef4fe37baeec8656c9b332de19)
- - - - -
5e685641 by Ralph Boehme at 2025-08-21T14:11:46+00:00
idmap_ad: add and use ldap_timeout and fix LDAP server failover
The key parts are:
1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.
2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.
3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 4d69ec473b7be763399c9787eda8e659a1582184)
- - - - -
0a1f0d01 by Ralph Boehme at 2025-08-21T14:11:46+00:00
libads: reverse termination condition in netlogon_pings_done()
No change in behaviour, prepares for upcoming change and minimizes its diff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 6643d1fb3375903e2857e5bff33b39a4562c5a4d)
- - - - -
4725af8a by Ralph Boehme at 2025-08-21T14:11:46+00:00
libads: change netlogon_pings() behaviour wrt to min_servers parameter
Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail
if it can't contact X DCs. This is not really what we want. What we want is: we
want at least one DC, and up to X.
Change implemenentation in that sense and rename the min_servers argument to
wanted_servers to express this behaviour change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Aug 13 19:31:10 UTC 2025 on atb-devel-224
(cherry picked from commit 85dd55a5fef0049660126bdcd48abfa1c48da259)
- - - - -
8f00ba25 by Ralph Boehme at 2025-08-21T14:11:46+00:00
libads: fix get_kdc_ip_string()
Correctly handle the interaction between optionally passed in DC via
pss and DC lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 23f100f67c0586a940e91e9e1e6f42b804401322)
- - - - -
a31301e4 by Ralph Boehme at 2025-08-21T15:08:53+00:00
winbindd: use find_domain_from_name_noinit() in find_dns_domain_name()
Avoid triggering a connection to a DC of a trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 9ad2e59a464bb472da2071c61a254547b6497625)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Aug 21 15:08:53 UTC 2025 on atb-devel-224
- - - - -
99b0baad by Jule Anger at 2025-08-21T17:21:11+02:00
WHATSNEW: Add release notes for Samba 4.22.4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
31b82351 by Jule Anger at 2025-08-21T17:21:11+02:00
VERSION: Bump version up to Samba 4.22.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
356fafd5 by Jule Anger at 2025-08-21T17:21:11+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.22.4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
021db3d9 by Michael Tokarev at 2025-08-21T19:19:19+03:00
New upstream version 4.22.4+dfsg
- - - - -
917e8dad by Michael Tokarev at 2025-08-21T19:26:23+03:00
d/gbp.conf: debian-branch=debian/4.22
- - - - -
f0b09967 by Michael Tokarev at 2025-08-21T19:27:18+03:00
Update upstream source from tag 'upstream/4.22.4+dfsg'
Update to upstream version '4.22.4+dfsg'
with Debian dir 9eed400c7862ea319283c68d3e8301831b8f5c50
- - - - -
d34b6a5a by Michael Tokarev at 2025-08-21T20:36:18+03:00
libads-fix-get_kdc_ip_string.patch: remove, included upstream
- - - - -
bbea64a3 by Michael Tokarev at 2025-08-21T20:37:46+03:00
update changelog; upload version 4.22.4+dfsg-1 to unstable
- - - - -
66de85af by Michael Tokarev at 2025-08-22T06:48:02+03:00
update changelog; upload version 4.22.4+dfsg-1~deb13u1 to trixie
- - - - -
15ab604e by Ralph Boehme at 2025-09-11T10:07:08+00:00
s3/rpc_server/dfs: fix creating a DFS link
If there's no existing link, get_referred_path() returns NT_STATUS_OBJECT_PATH_NOT_FOUND.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 2cb2991ccdd5d4f63e4c5b3ccc4454a6b39d6afe)
- - - - -
0ec18e6b by Ralph Boehme at 2025-09-11T10:07:08+00:00
vfs_xattr_tdb: fix dangling symlink detection
The caller might not have called stat on smb_fname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 2e88ba4b4de146327c19682d59bbe34d68158bf7)
- - - - -
51fa56ad by Ralph Boehme at 2025-09-11T10:07:08+00:00
pylibsmb: add SMB2_FIND_ID_BOTH_DIRECTORY_INFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 698a0195f72a091e9ed6b0448160c79e37761840)
- - - - -
cced6a07 by Ralph Boehme at 2025-09-11T10:07:08+00:00
python/tests: also populate self.server in calls LibsmbTests setup()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5f7b31927733b0ff3e1207be242f1ddb2cb699bd)
- - - - -
4f959e0d by Ralph Boehme at 2025-09-11T10:07:09+00:00
CI: add Python test samba.tests.dcerpc.dfs.DfsTests.test_dfs_reparse_tag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 43ee86c0c757e95712ed52bd336d2085485498ba)
- - - - -
91031b72 by Ralph Boehme at 2025-09-11T10:07:09+00:00
smbd: return correct reparse tag DFS when listing directories
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 15 15:37:05 UTC 2025 on atb-devel-224
(cherry picked from commit 0be53d7ac0a39d6a48c6c5e2144f342c0d406781)
- - - - -
69fddebd by MikeLiu at 2025-09-11T10:07:09+00:00
s3:net: fix "net ads group"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15900
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 4 09:33:27 UTC 2025 on atb-devel-224
(cherry picked from commit 8738fa1cc42d913e3ab2b54fe1e75ca4da37073f)
- - - - -
b26cc594 by Pavel Filipenský at 2025-09-11T10:07:09+00:00
selftest: Add the short name for localvampiredc to hosts file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 5d2f60ae5aa96751b74901ae5384291ef338b152)
- - - - -
0034b13f by Pavel Filipenský at 2025-09-11T10:07:09+00:00
tests: Add test for 'net ads join' to a preferred DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(backported from commit 36f6ac547c09f492d1dcab11570e8bcbd377cf26)
- - - - -
6ee4a2bf by Andreas Schneider at 2025-09-11T11:06:53+00:00
s3:net: Pass down the server from cmdline to sync_pw2keytabs()
This makes sure that during 'net ads join' the keytab create code
- sync_pw2keytabs() talks to the same DC at what the machine account
was created.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15905
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Pair-Programmed-With: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Sep 5 13:38:33 UTC 2025 on atb-devel-224
(cherry picked from commit 5d1d3a8b568b5a07ed1ed537d20aa93820cecc14)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Sep 11 11:06:53 UTC 2025 on atb-devel-224
- - - - -
23d2e88c by Shachar Sharon at 2025-09-25T12:12:14+00:00
vfs_ceph_new: dont use ceph_ll_nonblocking_readv_writev for fsync_send
Commit 4ae922413844 ("vfs_ceph_new: use libcephfs nonblocking API for
async-io ops") uses ceph_ll_nonblocking_readv_writev for fsync_send.
However, the actual behaviour of libcephfs when using this API with
'fsync=true' is not async-fsync, as one may assume. Instead,
vfs_ceph_new should use a nonblocking fsync API[1], once it is ready.
Removed the usage of ceph_ll_nonblocking_readv_writev for fsync.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15919
[1] https://github.com/ceph/ceph/commit/c88a21c30d8b265adb152f631d2629d29539f7b7
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 82c0988a8bc3d3e364e2d56ad8ea27e359fbc3f0)
- - - - -
5c357796 by Anoop C S at 2025-09-25T13:24:44+00:00
vfs_ceph_new: Use integer value instead of boolean
ceph_ll_fsync() API[1] accepts the third and final argument as integer
and not a boolean value.
[1] https://github.com/ceph/ceph/blob/main/src/include/cephfs/libcephfs.h#L2041
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15919
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Sep 22 12:24:35 UTC 2025 on atb-devel-224
(cherry picked from commit 5200c120f34c4a28fa9f4cb55b46dbb9d90eb758)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Sep 25 13:24:44 UTC 2025 on atb-devel-224
- - - - -
6bdd1419 by Martin Schwenke at 2025-09-26T14:07:09+00:00
ctdb-pmda: Do not directly support CTDB_SOCKET environment variable
Always use whatever CTDB uses in the current environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c4794e40529c63c696ecc3f8f27c810c22dd63a5)
- - - - -
e4445e74 by Martin Schwenke at 2025-09-26T14:07:09+00:00
ctdb-common: Factor out checking of CTDB_TEST_MODE
For use elsewhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
(cherry picked from commit 4c12a36eb5b44fb08d0461e6fa77fcdb4a128433)
- - - - -
ad38c984 by Martin Schwenke at 2025-09-26T15:10:56+00:00
ctdb-common: Only respect CTDB_SOCKET in CTDB_TEST_MODE
At the moment CTDB_SOCKET can be used outside of test mode even though
nobody should do this. So, no longer allow this.
This means ensuring CTDB_TEST_MODE is set in the in the
"clusteredmember" selftest environment, so that CTDB_SOCKET is
respected there..
Details...
The associated use of chown(2) and chmod(2), used to secure the socket
in ctdb_daemon.c:ux_socket_bind(), potentially enables a symlink race
attack. However, the chown(2) is currently not done in test mode, so
restricting the use of CTDB_SOCKET to test mode solves the potential
security issue.
Also, sprinkle warnings about use of CTDB_TEST_MODE in appropriate
places, just to attempt to limit unwanted behaviour.
An alternative could be to use the socket file descriptor with
fchown(2) and fchmod(2). However, these system calls are not well
defined on sockets. Still, this was previously done in CTDB's early
days (using the poorly documented method where they are allowed in
Linux (only?) before calling bind(2)). It was removed (due to
portability issues, via commits
cf1056df94943ddcc3d547d4533b4bc04f57f265 and
2da3fe1b175a468fdff4aa4f65627facd2c28394) and replaced with the
current post-bind chown(2) and chmod(2).
I would like to remove the CTDB_SOCKET environment variable entirely,
since setting CTDB_TEST_MODE and CTDB_BASE covers all reasonable test
environments. However, I have a feeling that people use it for
interactive testing, and that can still be done in CTDB_TEST_MODE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15921
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reported-by: *GUIAR OQBA * <techokba at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 25 09:02:06 UTC 2025 on atb-devel-224
(cherry picked from commit 7e2358fcf7be177d6e5de6e26f9d7c5af4acbb0c)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Fri Sep 26 15:10:56 UTC 2025 on atb-devel-224
- - - - -
16e212a8 by Jule Anger at 2025-10-14T10:21:40+02:00
VERSION: Bump version up to Samba 4.22.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
(cherry picked from commit 31b82351af11bf4cf1fcd656e2c4ea4ef463d6f4)
- - - - -
af58459f by Douglas Bagnall at 2025-10-14T10:36:21+02:00
CVE-2025-10230: s4/tests: check that wins hook sanitizes names
An smb.conf can contain a 'wins hook' parameter, which names a script
to run when a WINS name is changed. The man page says
The second argument is the NetBIOS name. If the name is not a
legal name then the wins hook is not called. Legal names contain
only letters, digits, hyphens, underscores and periods.
but it turns out the legality check is not performed if the WINS
server in question is the source4 nbt one. It is not expected that
people will run this server, but they can. This is bad because the
name is passed unescaped into a shell command line, allowing command
injection.
For this test we don't care whether the WINS server is returning an
error code, just whether it is running the wins hook. The tests show
it often runs the hook it shouldn't, though some characters are
incidentally blocked because the name has to fit in a DN before it
gets to the hook, and DNs have a few syntactic restrictions (e.g.,
blocking '<', '>', and ';').
The source3 WINS server that is used by Samba when not run as a DC is
not affected and not here tested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15903
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
540197b9 by Douglas Bagnall at 2025-10-14T10:36:21+02:00
CVE-2025-10230: s4:wins: restrict names fed to shell
If the "wins hook" smb.conf parameter is set, the WINS server will
attempt to execute that value in a shell command line when a client
asks to modify a name. The WINS system is a trusting one, and clients
can claim any NETBIOS name they wish.
With the source3 nmbd WINS server (since the 1999 commit now called
3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7) the wins hook will not be
run for names that contain shell metacharacters. This restriction has
not been present on the source4 nbt WINS server, which is the WINS
server that will be used in the event that an Active Directory Domain
Controller is also running WINS.
This allowed an unauthenticated client to execute arbitrary commands
on the server.
This commit brings the nmbd check into the nbt WINS server, so that
the wins hook will only be run for names that contain only letters,
digits, hyphens, underscores and periods. This matches the behaviour
described in the smb.conf man page.
The source3 nmbd WINS server has another layer of protection, in that
it uses the smb_run() exec wrapper that tries to escape arguments. We
don't do that here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15903
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
44d71234 by Andrew Walker at 2025-10-14T10:36:35+02:00
CVE-2025-9640: Add torture test for inserting hole in stream
This commit adds an smb torture test for inserting a hole into
an alternate data stream and then verifying that hole contains
null bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15885
Signed-off-by: Andrew Walker <andrew.walker at truenas.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
06bc23b5 by Andrew Walker at 2025-10-14T10:36:35+02:00
CVE-2025-9640: s3/modules/vfs_streams_xattr fix unitialized write
This commit fixes a situation in which vfs_streams_xattr could
write unitialized memory into alternate data streams if the
user writes to an offset that is beyond the current end of file
to insert a hole in it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15885
Signed-off-by: Andrew Walker <andrew.walker at truenas.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5a70240c by Jule Anger at 2025-10-14T16:56:17+02:00
WHATSNEW: Add release notes for Samba 4.22.5.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9f4a4c03 by Jule Anger at 2025-10-14T16:56:24+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.22.5 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
463d7a0e by Jule Anger at 2025-10-15T15:03:17+02:00
Merge tag 'samba-4.22.5' into v4-22-test
samba: tag release samba-4.22.5
- - - - -
6014ff20 by Jule Anger at 2025-10-15T15:09:04+02:00
VERSION: Bump version up to Samba 4.22.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
bafb6107 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbtorture: fix locking offset in test_fruit_locking_conflict()
AD_FILELOCK_RSRC_DENY_WR = AD_FILELOCK_BASE + 6
= (0x7FFFFFFFFFFFFFFF - 9) + 6
= 0x7FFFFFFFFFFFFFFC
No change in behaviour though, just stumpled across it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3052839636f185307edb8832de9bdba4b2e2c83c)
- - - - -
01deeae7 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbd: don't use sticky write times on POSIX handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 795a8c0e84f2bf2b70c8070737183e33f4254a54)
- - - - -
0d7fb9f3 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbtorture: add test vfs.fruit.readonly-exclusive-lock
Verify macOS clients get Windows byterange lock behavour by trying to set an
exclusive lock on a file opened in read-only mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 777db5b50689d28c53d6b0116818601fd8e52aa8)
- - - - -
4cb3c969 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbtorture: add test vfs.fruit.case_insensitive_find
Verifies case insensitive directory scanning works.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 68ed6279335cfac13a624ae8a7738dac3d9b0d1a)
- - - - -
353b9500 by Ralph Boehme at 2025-10-15T15:07:13+00:00
vfs_fruit: add option "fruit:posix_opens = yes|no" (default: yes)
Tags alls opens as POSIX by setting fsp_flags.posix_open to true.
POSIX handles have different behaviour compared to Windows:
Behaviour | POSIX | Windows | macOS |fruit:posix_opens = yes
-----------------------------------+------------+----------------------------------------
Deleting files with open handles | yes | no | yes | yes
Moving directories with open files | yes | no | yes | yes
Byterange locks behaviour | POSIX-ish | Window-ish | POSIX-ish | POSIX-ish
Sticky writetime | no | yes | no | no
Case sensitive | no | yes | yes | yes
Streams allowed | no | yes | yes | yes
macOS follows POSIX for the first four, but needs case insensitive behaviour
and needs streams.
By carefully setting fsp_flags.posix_open to true *after* going through the path
resolution logic, but before opens are added to locking.tdb, with
"fruit:posix_opens = yes" we get closest to macOS semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit e86f0c2de80e2409bfe3fc12df24e94470988e3c)
[slow at samba.org: conflict due to optino veto_localized only present in master]
- - - - -
7973c122 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbd: hang posix brl per-handle check on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS client
to continue to get case insensitive behavour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 75fa416f911f1f30aae8bdf14b423140874acaa0)
- - - - -
ad1a3189 by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbd: hang directory pattern matching case sensitivity on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS client
to continue to get case insensitive behavour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b3132202cf787cc9fb061e39eaf1509157f53953)
- - - - -
544e46f1 by Ralph Boehme at 2025-10-15T15:07:13+00:00
vfs_fruit: ignore Set-ACL requests with zero ACEs
Workaround for a new behaviour in latest macOS versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(backported from commit a112978ed1240c399eb90e4472d5c43d867c49d9)
[slow at samba.org: conflict due to option veto_localized present only in master]
- - - - -
e48cbfa1 by Ralph Boehme at 2025-10-15T15:07:13+00:00
mdssvc: fix running test command manually
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit a8791c0cad4fb03606ea484c2da7ee69d9de5d48)
- - - - -
daf79bd1 by Ralph Boehme at 2025-10-15T15:07:13+00:00
mdssvc: fix filtering by share path prefix
To correctly filter by share path, use a filter with a prefix match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 594eb4eb0eb4a6c87c5b136106afd05357b80e91)
- - - - -
6a306f8d by Ralph Boehme at 2025-10-15T15:07:13+00:00
mdssvc: implement elasticsearch:default_fields
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 2b5cbb955ab2cf278272aa8457a672aa27ff1020)
- - - - -
c819724d by Ralph Boehme at 2025-10-15T15:07:13+00:00
mdssvc: call mangle_reset_cache()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15931
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Oct 8 07:54:48 UTC 2025 on atb-devel-224
(cherry picked from commit 708ae38a76a13a5b77373770149678233b4b3c37)
- - - - -
966700ae by Ralph Boehme at 2025-10-15T15:07:13+00:00
smbtorture: add test "smb2.lease.lease-epoch"
Verifies the lease epoch is not incremented by the server (returns what the
client sent in the request) if a lease was not granted ie lease_level=NONE.
Test passes against Windows 2025.
>From MS-SMB2 3.3.5.9.11 "Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create
Context":
If the object store succeeds this request, Lease.LeaseState MUST be set to the
new caching state. The server MUST increment Lease.Epoch by 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit ca0363e5a7f53cde4ae7223c36f21c2ae12318f9)
- - - - -
a5d45782 by Ralph Boehme at 2025-10-15T16:04:41+00:00
smbd: only increment lease epoch if a lease was granted
>From MS-SMB2 3.3.5.9.11 "Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create
Context":
If the object store succeeds this request, Lease.LeaseState MUST be set to the
new caching state. The server MUST increment Lease.Epoch by 1.
try_lease_upgrade() already has the same logic when checking for a possible
upgrade of an exisiting lease.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Oct 10 17:02:26 UTC 2025 on atb-devel-224
(cherry picked from commit 9f45eae2928bd2cb46fc827a348531acb471a549)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Wed Oct 15 16:04:41 UTC 2025 on atb-devel-224
- - - - -
85602fc0 by Michael Tokarev at 2025-10-15T19:21:21+03:00
New upstream version 4.22.5+dfsg
- - - - -
664ea226 by Michael Tokarev at 2025-10-15T19:21:42+03:00
Update upstream source from tag 'upstream/4.22.5+dfsg'
Update to upstream version '4.22.5+dfsg'
with Debian dir 8e966bf380ea60a192817ccd98c97ad7dc7fc186
- - - - -
8fbdf912 by Michael Tokarev at 2025-10-15T19:21:46+03:00
update changelog; upload version 4.22.5+dfsg-1 to unstable
- - - - -
854d763b by Jule Anger at 2025-10-16T16:23:29+02:00
WHATSNEW: Add release notes for Samba 4.22.6.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
7e96f4ec by Jule Anger at 2025-10-16T16:26:24+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.22.6 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
69ef72ed by Jule Anger at 2025-10-16T16:26:40+02:00
VERSION: Bump version up to Samba 4.22.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
7c54855a by Michael Tokarev at 2025-10-16T18:14:46+03:00
New upstream version 4.22.6+dfsg
- - - - -
515700ae by Michael Tokarev at 2025-10-16T18:15:11+03:00
Update upstream source from tag 'upstream/4.22.6+dfsg'
Update to upstream version '4.22.6+dfsg'
with Debian dir 3748ef09f3c99d086472ca66a8855d1cb5c4cbdd
- - - - -
4bc117bb by Michael Tokarev at 2025-10-16T19:16:11+03:00
update changelog; upload version 4.22.6+dfsg-0 to unstable
- - - - -
f88ae006 by Michael Tokarev at 2025-10-27T14:38:49+03:00
update changelog; upload version 4.22.6+dfsg-0+deb13u1 to trixie
- - - - -
36b489ce by Martin Schwenke at 2025-10-27T13:24:10+00:00
ctdb-daemon: Fix a crash due to a failed updateip
This should really be a takeip. However, CTDB's weak check of the IP
address state (using bind(2)) incorrectly indicates that the IP
address is assigned to an interface so it is converted to an updateip.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15935
Reported-by: Bailey Allison <ballison at 45drives.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d08f9ebd2755671d30c73a4e979029d353848828)
- - - - -
0af32c6b by Martin Schwenke at 2025-10-27T13:24:10+00:00
ctdb-tests: Add an event script unit test for updateip
This illustrates the current failure where an unassigned public IP
address causes updateip to fail.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15935
Reported-by: Bailey Allison <ballison at 45drives.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a98ffb96efc4a9ea2110c654860a4ba3896ab3d5)
- - - - -
38938918 by Martin Schwenke at 2025-10-27T13:24:11+00:00
ctdb-scripts: Avoid printing a message if no connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15935
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 01d3d25c0139a3dd49a2322a9416698d08733377)
- - - - -
c78caf6c by Martin Schwenke at 2025-10-27T14:31:26+00:00
ctdb-scripts: Avoid failing updateip when IP is not assigned
There is no use failing this when it could behave more like takeip.
Use old interface of "__none__" as a hint that ctdbd doesn't think the
IP is assigned either. In this case print a warning instead of an
error. Take some care to avoid spurious errors in updateip.
After commit 0536d7a98b832fc00d26b09c26bf14fb63dbf5fb (which improves
IP address state checking), this will almost certainly not occur on
platforms with getifaddrs(3) (e.g. Linux). This means it is only
likely to occur in 4.21 when net.ipv4.ip_nonlocal_bind=1.
Update test to match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15935
Reported-by: Bailey Allison <ballison at 45drives.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Oct 17 06:28:30 UTC 2025 on atb-devel-224
(cherry picked from commit 0e73781bf84a1e8e596d8be3f55eeb5f8f927990)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Mon Oct 27 14:31:26 UTC 2025 on atb-devel-224
- - - - -
a22f2a91 by Ralph Boehme at 2025-11-03T12:55:17+00:00
mdssvc: reduce a log level to DEBUG
The expression
InRange(*,$time.iso(2024-12-31T23:00:00Z),$time.iso(2025-12-31T23:00:00Z))
in a Spotlight query produces the following log message:
map_fts: Mapping fts [757378800] unexpected op [~]
However, when
elasticsearch:ignore unknown attribute = yes
is set, the parser will ignore the failed expression and continue
parsing given the expression is part of a larger expression like
"subexpression1 OR subexpression2". Avoid spamming the log and reduce
the loglevel when we hit this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15930
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3b2b50983901ad5039124b82f149b30675c80a9a)
- - - - -
954b08d1 by Ralph Boehme at 2025-11-03T12:55:17+00:00
mdssvc: add a test for parsing Spotlight date ranges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15930
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1239e5a4c7f5930a4a1b3a6a7a005f4d543a5ea5)
- - - - -
5e797f89 by Ralph Boehme at 2025-11-03T13:59:46+00:00
mdssvc: add support for parsing date ranges
Example:
InRange(kMDItemContentCreationDate,$time.iso(2024-12-31T23:00:00Z),$time.iso(2025-12-31T23:00:00Z))
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15930
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Oct 20 10:59:03 UTC 2025 on atb-devel-224
(cherry picked from commit c00de32585bf47ec4753f966fe9ac4dd2fb8f4e7)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Mon Nov 3 13:59:46 UTC 2025 on atb-devel-224
- - - - -
56ff3d96 by Pavel Filipenský at 2025-11-05T09:05:09+00:00
selftest: Add a test for recycle:touch,touch_mtime,keeptree
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15940
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 498984cf346630c17169dbdb13a232854309f6a8)
- - - - -
cd92005e by Pavel Filipenský at 2025-11-05T09:05:09+00:00
vfs_recycle: Fix trailing whitespace in vfs_recycle.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15940
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5124acec34c20391cdfeb9d9005365047b7d7eee)
- - - - -
f318a44c by Pavel Filipenský at 2025-11-05T10:04:58+00:00
vfs_recycle: Make recycle:touch/touch_mtime work again if recycle:keeptree is set
Problem: Since commit c7839fa smbd: Remove non_widelink_open()
the atime/mtime is not updated if recycle:keeptree is set
recycle:keeptree = yes
recycle:touch = yes
recycle:touch_mtime = yes
Cause: recycle_do_touch() fails since the path ".deleted/administrator/./file"
contains a dot '.' - openat_pathref_fsp_nosymlink() loops over all
components and fails if there is a dot:
[2025/10/24 20:09:24.618003, 10, pid=95965, effective(65534, 65534), real(65534, 0)] ../../source3/smbd/files.c:1144(openat_pathref_fsp_nosymlink)
openat_pathref_fsp_nosymlink: .deleted/administrator/. contains a dot
[2025/10/24 20:09:24.618007, 5, pid=95965, effective(65534, 65534), real(65534, 0)] ../../source3/smbd/files.c:2337(file_free)
file_free: freed files structure 0 (4 used)
[2025/10/24 20:09:24.618010, 10, pid=95965, effective(65534, 65534), real(65534, 0)] ../../source3/smbd/filename.c:811(filename_convert_dirfsp_nosymlink)
filename_convert_dirfsp_nosymlink: opening directory .deleted/administrator/. failed: NT_STATUS_OBJECT_NAME_INVALID
[2025/10/24 20:09:24.618014, 10, pid=95965, effective(65534, 65534), real(65534, 0)] ../../source3/smbd/open.c:568(fd_openat)
fd_openat: filename_convert_dirfsp_rel returned NT_STATUS_OBJECT_PATH_NOT_FOUND
[2025/10/24 20:09:24.618021, 10, pid=95965, effective(65534, 65534), real(65534, 0)] ../../source3/smbd/files.c:487(openat_pathref_fullname)
openat_pathref_fullname: Opening pathref for [.deleted/administrator/./file] failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
Here is a backtrace when openat_pathref_fsp_nosymlink() hits: DBG_DEBUG("%s contains a dot\n", path_in);
0 openat_pathref_fsp_nosymlink (mem_ctx=0x353463c0, conn=0x35322350, in_dirfsp=0x3532a820, path_in=0x3533afe0 ".trash/.", twrp=0, posix=true, _smb_fname=0x7ffdb25df138, _symlink_err=0x7ffdb25df140) at ../../source3/smbd/files.c:1144
1 filename_convert_dirfsp_nosymlink (mem_ctx=0x353463c0, conn=0x35322350, basedir=0x3532a820, name_in=0x35321a80 ".trash/./mmm", ucf_flags=8, twrp=0, _dirfsp=0x7ffdb25df370, _smb_fname=0x7ffdb25df378, _smb_fname_rel=0x7ffdb25df380, _symlink_err=0x7ffdb25df2d8) at ../../source3/smbd/filename.c:782
2 filename_convert_dirfsp_rel (mem_ctx=0x353463c0, conn=0x35322350, basedir=0x3532a820, name_in=0x35321a80 ".trash/./mmm", ucf_flags=8, twrp=0, _dirfsp=0x7ffdb25df370, _smb_fname=0x7ffdb25df378, _smb_fname_rel=0x7ffdb25df380) at ../../source3/smbd/filename.c:1097
3 fd_openat (dirfsp=0x3532a820, smb_fname=0x35321950, fsp=0x3531b670, _how=0x7ffdb25df4b0) at ../../source3/smbd/open.c:549
4 openat_pathref_fullname (conn=0x35322350, dirfsp=0x3532a820, full_fname=0x7ffdb25df498, smb_fname=0x35321950, how=0x7ffdb25df4b0) at ../../source3/smbd/files.c:437
5 openat_pathref_fsp (dirfsp=0x3532a820, smb_fname=0x35321950) at ../../source3/smbd/files.c:545
6 synthetic_pathref (mem_ctx=0x353463c0, dirfsp=0x3532a820, base_name=0x35346ef0 ".trash/./mmm", stream_name=0x0, psbuf=0x0, twrp=0, flags=0, _smb_fname=0x7ffdb25df578) at ../../source3/smbd/files.c:1871
7 recycle_do_touch (handle=0x35311cb0, smb_fname=0x35346dc0, touch_mtime=true) at ../../source3/modules/vfs_recycle.c:439
8 recycle_unlink_internal (handle=0x35311cb0, dirfsp=0x352592a0, smb_fname=0x35335eb0, flags=0) at ../../source3/modules/vfs_recycle.c:726
9 recycle_unlinkat (handle=0x35311cb0, dirfsp=0x352592a0, smb_fname=0x35335eb0, flags=0) at ../../source3/modules/vfs_recycle.c:746
10 smb_vfs_call_unlinkat (handle=0x35311cb0, dirfsp=0x352592a0, smb_fname=0x35335eb0, flags=0) at ../../source3/smbd/vfs.c:1987
11 close_remove_share_mode (fsp=0x35344a40, close_type=NORMAL_CLOSE) at ../../source3/smbd/close.c:624
12 close_normal_file (req=0x35336eb0, fsp=0x35344a40, close_type=NORMAL_CLOSE) at ../../source3/smbd/close.c:932
13 close_file_smb (req=0x35336eb0, fsp=0x35344a40, close_type=NORMAL_CLOSE) at ../../source3/smbd/close.c:1414
Fix: If the path_name is '.', just do not add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15940
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Nov 4 11:38:52 UTC 2025 on atb-devel-224
(cherry picked from commit 9bbdfee7f2fdeee3cf530becb2a6f06345627b23)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Wed Nov 5 10:04:58 UTC 2025 on atb-devel-224
- - - - -
fd9de4bd by Volker Lendecke at 2025-11-14T12:42:16+00:00
smbd: Add openat_pathref_fsp_dot()
Very simple reopen of a directory as pathref. Too much magic in
openat_pathref_fsp_lcomp() leads to Bug 15897:
openat_pathref_fsp_lcomp() can return NT_STATUS_OK but still leave the
file descriptor at -1 for msdfs and smb1 posix reasons. When using it
in filename_convert_dirfsp_nosymlink() this bites us, the -1 can leak
into vfswrap_openat(). Avoid any magic by directly calling
SMB_VFS_OPENAT() with maximum NOFOLLOW/etc safety for this use case
and fail when this does not work.
This adds another flavor of openat_pathref_fsp, and at some point we
need to consolidate them again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15897
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 83ece80ecc2baa52a3caa0ee3b0f954b005b2268)
- - - - -
b42548e5 by Volker Lendecke at 2025-11-14T12:42:16+00:00
smbd: Fix Bug 15897
Don't leak smb_dirname->fsp->fh->fd == -1 coming from
openat_pathref_fsp_lcomp().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15897
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Sep 10 09:37:33 UTC 2025 on atb-devel-224
(cherry picked from commit 7143caeecc856d3326fdc3eb466ef1f37bc564b5)
- - - - -
593b3a43 by Anoop C S at 2025-11-14T14:00:00+00:00
smbd: Fix CID 1665417, UNUSED_VALUE in openat_pathref_fsp_dot()
Rearrange how the open flags are defined so as to make Coverity happy
about it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15897
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Sep 15 15:44:38 UTC 2025 on atb-devel-224
(cherry picked from commit 1ec54347acac241f900b52c16c2dcba04164e898)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Fri Nov 14 14:00:00 UTC 2025 on atb-devel-224
- - - - -
9ab05f17 by Andreas Schneider at 2025-11-21T13:32:14+00:00
docs-xml: Improve the samba-bgqd manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15809
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Nov 14 15:05:11 UTC 2025 on atb-devel-224
(cherry picked from commit 9322231f716237abba8627acda62c279c6a90f4f)
- - - - -
cbe63c13 by Andreas Schneider at 2025-11-21T13:32:14+00:00
s3:printing: Load the shares for [printers] in samba-bgqd
One of the main functions of bgqd is:
delete_and_reload_printers_full()
It isn't able to do its work, if we don't load the shares. Normally bgqd was
forked from smbd and this loaded the shares. But with the introduction of
samba-dcerpcd it is a standalone service now. As a standalone service it is
responsible to load the shares if it needs to work on them.
The following message is printed if delete_and_reload_printers_full() tries to
do its job:
[2025/10/23 09:57:27, 7, pid=41935, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:4419(lp_servicenumber)
lp_servicenumber: couldn't find printers
[2025/10/23 09:57:27, 7, pid=41935, effective(0, 0), real(0, 0)] ../../source3/param/loadparm.c:4419(lp_servicenumber)
lp_servicenumber: couldn't find printers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15936
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 327e60adf2e1e0c040bd32c748fbabc9e4a3593b)
- - - - -
ac715e2e by Volker Lendecke at 2025-11-21T14:35:43+00:00
ctdb: Fix ctdb startup with inconsistent cluster lock settings
ctdb_shutdown_sequence() normally exits. When we end up here, it is
because we have received a reclock callback twice. We can't handle
that, we have already removed "state", which would be referenced deep
in run_start_recovery_event() returning here another time.
The bug is triggered since b84fbd7b3fedc998 introduced a nested event
loop, making ctdb_shutdown_sequence() return into
start_recovery_reclock_callback() due to multiple reclock checks being
triggered somehow (not sure exactly how, but we should not crash under
any circumstance).
Reproducer: Run one ctdb daemon with cluster lock set, try to start
another one without cluster lock set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15950
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Nov 19 03:04:13 UTC 2025 on atb-devel-224
(cherry picked from commit 66ebdb917054f4841f583ee21f910a1869712b53)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Fri Nov 21 14:35:43 UTC 2025 on atb-devel-224
- - - - -
59200ef1 by Ralph Boehme at 2025-11-26T11:53:16+00:00
mdssvc: support a wider range of years [0000,9999] in $time.iso
Most importantly use strtoll to allow negative numbers and use a filed width
with %Y in strftime() to parse years with less then four digits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15947
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Nov 19 01:59:34 UTC 2025 on atb-devel-224
(cherry picked from commit 1b2b08bb7067852ad1bf8847b266baaab06905d7)
- - - - -
baca60f9 by Ralph Boehme at 2025-11-26T12:51:16+00:00
vfs_fruit: psd->dacl can be NULL, use orig_num_aces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Nov 18 10:13:44 UTC 2025 on atb-devel-224
(cherry picked from commit 0de67cf0748139920006a4dd65cb77c874c3595f)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Wed Nov 26 12:51:16 UTC 2025 on atb-devel-224
- - - - -
b3810646 by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-selftest: add tests for winbindd_cache.tdb sanity
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 073a9482f0ace8847781181a552e0d0ceb897d0c)
- - - - -
92d7ff79 by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-winbindd: Fix winbind NDR caching.
All of winbindd's core caching relies on NDR entries. Those entries can
not be stored in winbindd_cache.tdb via wcache_store_ndr() as long as
there is no SEQNUM entry present in the cache.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit c4606bc40632869ff4f1036cf6899df400d15a53)
- - - - -
8218ed45 by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-winbind: make wcache_store_seqnum static
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ffe1883d7d68dd933b6fa41e3af722e8688ff882)
- - - - -
b0378cf3 by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-winbindd: make initialize_winbindd_cache() static
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6667f25507687c19f3d3eaa3301a7ccd2433d4e3)
- - - - -
68013eed by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-winbindd: provide one wcache_open() function for all tdb opens
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7136a6ba39ddf025e85c639f3e53f53f8ff46cb5)
- - - - -
573a31bc by Günther Deschner at 2025-12-18T08:55:15+00:00
s3-winbindd: make sure we always have WINBINDD_CACHE_VERSION in winbindd_cache.tdb
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15963
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Dec 8 09:59:58 UTC 2025 on atb-devel-224
(cherry picked from commit d6ee9b04f2c9875953fba60a26a764ef61670114)
- - - - -
f1b0234b by Andreas Schneider at 2025-12-18T08:55:15+00:00
s3:libads: Set a request timeout for Kerberos requests
Without this, libkrb5 can wait indefinitely after creating a TCP
connection. This means winbind is stuck forever till it is restarted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15955
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 92601536ba0490bdfb5dd632fff2e5c0b541620c)
- - - - -
66be538e by Andreas Schneider at 2025-12-18T08:55:15+00:00
s3:libads: Set udp_preference_limit = 0 for MIT Kerberos
This option enable TCP connection before UDP, when sending a message to
the KDC.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 2c51cf118a1d9b7a5956a62e71df8fa1e576599c)
- - - - -
80e60822 by Andreas Schneider at 2025-12-18T09:59:12+00:00
Revert "ldb: User hexchars_upper from replace.h"
This reverts commit 542cf01bfe530a83dfbc8a606d182c0a5a622059.
We shouldn't put a hard requirement for libreplace in libldb! We do not need
libreplace on Linux until we start using hexbytes_upper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15961
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1bb25c0e01d35b1adb3137cb193de27f5c5a65f0)
Autobuild-User(v4-22-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-22-test): Thu Dec 18 09:59:12 UTC 2025 on atb-devel-224
- - - - -
49f6aa2c by Jule Anger at 2025-12-18T17:07:55+01:00
WHATSNEW: Add release notes for Samba 4.22.7.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
44b1df8e by Jule Anger at 2025-12-18T17:08:30+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.22.7 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
34b3aec0 by Jule Anger at 2025-12-18T17:08:52+01:00
VERSION: Bump version up to Samba 4.22.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
28320f41 by Michael Tokarev at 2025-12-18T22:12:42+03:00
New upstream version 4.22.7+dfsg
- - - - -
a019c1b6 by Michael Tokarev at 2025-12-18T22:12:59+03:00
Update upstream source from tag 'upstream/4.22.7+dfsg'
Update to upstream version '4.22.7+dfsg'
with Debian dir aa5d51516879c13ed5e609df6861b3efd0d4f7ad
- - - - -
732da952 by Michael Tokarev at 2025-12-18T22:33:57+03:00
revert-ldb-use-hexchars_upper-from-replace.h.patch: remove (applied upstream)
- - - - -
e2107a1e by Michael Tokarev at 2025-12-18T22:34:29+03:00
update changelog; upload version 4.22.7+dfsg-0 to unstable
- - - - -
87a3565c by Michael Tokarev at 2025-12-18T22:35:13+03:00
update changelog; upload version 4.22.7+dfsg-0+deb13u1 to trixie
- - - - -
252edf3f by Ralph Boehme at 2026-01-14T11:59:08+00:00
mdssvc: make a copy of the elasticsearch:default_fields
lp_parm_const_string() returns a pointer to loadparm state that is not stable
across loadparm reloads and hence may later point at random garbage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15959
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Dec 16 18:58:07 UTC 2025 on atb-devel-224
(cherry picked from commit 5f8125665cb2ccad12678f95d20cae09922b3767)
- - - - -
7c7373f2 by Shweta Sodani at 2026-01-14T13:04:41+00:00
vfs_ceph_new: use vfs_ceph_iget/vfs_ceph_iput in vfs_ceph_disk_free
Currently inode of root is using to report stats that works fine for share of root volume.
But for subvolume share it reports incorrect information. Hence choose the inode based on path,
so that it will report stats information correctly.
Bug:https://bugzilla.samba.org/show_bug.cgi?id=15954
Signed-off-by: Shweta Sodani <ssodani at redhat.com>
Reviewed-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Nov 24 18:03:08 UTC 2025 on atb-devel-224
(cherry picked from commit f2ccf020046bc4f0465dfa8b5a8737b018fa66ac)
Autobuild-User(v4-22-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-22-test): Wed Jan 14 13:04:41 UTC 2026 on atb-devel-224
- - - - -
3299aee7 by Michael Tokarev at 2026-01-15T13:03:51+00:00
s4/dlz: add support for bind 9.20
bind dlz interface does not change much, yet we build
dlz_bind9_NN for every bind9 version NN we support -
despite many of them differ only in soversion, with
the code being identical.
For bind9_20, use dlz_bind9_18.so which we already have.
It'd be nice to extract actual bind9 version string in
sambadns.py and use it in more direct way.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15790
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Dec 10 22:46:11 UTC 2025 on atb-devel-224
(cherry picked from commit 6488787d65ef02cc97b4b79587da6155ff369ac0)
Autobuild-User(v4-22-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-22-test): Thu Jan 15 13:03:51 UTC 2026 on atb-devel-224
- - - - -
1f56c9f8 by Pavel Filipenský at 2026-01-22T13:02:15+00:00
s3:libads: Reset ads->config.flags in ads_disconnect()
This is doing the same thing in ads_disconnect() as commit
a26f535 Clear previous CLDAP ping flags when reusing the ADS_STRUCT
did in ads_current_time()
In this case we:
1) found cached ADS_STRUCT which already has ads->config.flags set:
lookup_groupmem()
ads_cached_connection()
ads_cached_connection_reuse()
2) started search which immediately timeouts (the cached conn. was dead)
ads_do_search_retry_internal()
ldap_search_with_timeout() - IO_TIMEOUT
3) Retry loop finds a new DC and tries to connect
ads_do_search_retry_internal()
ads_disconnect()
ads_find_dc()
ads_try_connect()
netlogon_pings()
check_cldap_reply_required_flags()
4) check_cldap_reply_required_flags() fails since ads->config.flags
(stored possibly long time ago) contain:
NBT_SERVER_CLOSEST 0x00000080
which is misinterpreted as:
DS_PDC_REQUIRED 0x00000080
the newly found DC is not PDC (we asked for DS_ONLY_LDAP_NEEDED)
and since previous DC had NBT_SERVER_CLOSEST we want DS_PDC_REQUIRED
and fail.
We should anyway avoid mixing independent namespaces NBT_* and DS_*
in the same flag.
Next commit will do that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9f3a35991feb01a8d2c2b69fa0b914bbc637a809)
- - - - -
124185a1 by Pavel Filipenský at 2026-01-22T14:19:11+00:00
s3:libads: Separate use of ads->config.flags for NBT_* and DS_* values
Use of ads->config.flags is overloaded.
It is used to:
- pass DS_* flags down to cldap_netlogon()
- store the server_type from NETLOGON_SAM_LOGON_RESPONSE
Both cases use different values and cannot be combined.
E.g. flags mess up with value 0x00000080
NBT_SERVER_CLOSEST 0x00000080
DS_PDC_REQUIRED 0x00000080
Let's create two separate flags
nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
uint32 required_flags; /* DS_* - Netlogon flags */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224
(cherry picked from commit 7483903575eab97773a992149d64511d5ec6f256)
Autobuild-User(v4-22-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-22-test): Thu Jan 22 14:19:11 UTC 2026 on atb-devel-224
- - - - -
662ed308 by Martin Schwenke at 2026-02-18T11:32:15+00:00
docs-xml:smb.conf: Fix "ctdbd socket" documentation
This has been wrong for a very long time. I only noticed it just
now... :-(
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15977
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Jan 22 23:06:20 UTC 2026 on atb-devel-224
(cherry picked from commit 8c458675c10bfda66fb86c5ed67d1d6d0cbbaedf)
- - - - -
29550e80 by Samuel Cabrero at 2026-02-18T11:32:15+00:00
s3:rpc_client: Fix memory leak opening local named pipe
If no local server name was passed to rpc_pipe_open_local_np() then
get_myname() was called with NULL talloc context instead of the
current stackframe.
This was causing an increase of memory usage on busy servers with long-living
rpcd_* workers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jan 27 10:13:40 UTC 2026 on atb-devel-224
(cherry picked from commit 24dc455362fb49ef81c99d95880e106a234ce29a)
- - - - -
39796375 by Noel Power at 2026-02-18T11:32:15+00:00
s3/printing: Fix leaked mem ctx returned from talloc_new
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15979
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry picked from commit 5ba76344ef807577ea1fd4265d585285eb633971)
- - - - -
a7acb270 by Noel Power at 2026-02-18T11:32:16+00:00
s3/printing: Fix leaking parsed options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15979
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jan 30 11:09:44 UTC 2026 on atb-devel-224
(cherry picked from commit 22021dbfa7a94007a511d05f25e49ab73dacbcf5)
- - - - -
eac3575b by Ralph Boehme at 2026-02-18T11:32:16+00:00
smbd: in contend_dirleases() don't bother checking when not enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15984
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martins at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 26 12:09:13 UTC 2026 on atb-devel-224
(cherry picked from commit f11bce483a6403d9ed250c874105248c8e9782e2)
- - - - -
c3bf3935 by Günther Deschner at 2026-02-18T12:41:16+00:00
docs-xml: fix manpage for "net offlinejoin requestodj"
One actually does *NOT* need to provide AD credentials to process a
requestodj operation. This is run as root and populates Samba's
databases based on the ODJ blob. Thanks John Mulligan for pointing this out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15964
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: John Mulligan <jmulligan at redhat.com>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Dec 11 15:19:13 UTC 2025 on atb-devel-224
(cherry picked from commit a44abbfde048c378fcadea0d597762f7eb10a6a4)
Autobuild-User(v4-22-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-22-test): Wed Feb 18 12:41:16 UTC 2026 on atb-devel-224
- - - - -
935486ff by Björn Jacke at 2026-02-19T10:32:44+01:00
Add release notes for Samba 4.22.8.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jule Anger <janger at samba.org>
- - - - -
d0a814e3 by Björn Jacke at 2026-02-19T10:37:42+01:00
VERSION: Disable GIT_SNAPSHOT for the upcoming release.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
e5685960 by Michael Tokarev at 2026-02-19T14:59:08+03:00
d/clean: also remove python/samba/provision/kerberos_implementation.py (#1048754)
Since this turned out to be an easy one, let's not open a new bug report.
- - - - -
62e99079 by Michael Tokarev at 2026-02-19T15:14:58+03:00
New upstream version 4.22.8+dfsg
- - - - -
46097bad by Michael Tokarev at 2026-02-19T15:15:16+03:00
Update upstream source from tag 'upstream/4.22.8+dfsg'
Update to upstream version '4.22.8+dfsg'
with Debian dir 64f7188b60d867ca32a5bdb203277ad650628c9f
- - - - -
f1917780 by Michael Tokarev at 2026-02-19T15:19:23+03:00
add-support-for-bind-9.20.patch: remove
- - - - -
30e5ccb9 by Michael Tokarev at 2026-02-19T15:19:23+03:00
update changelog; upload version 4.22.8+dfsg-0 to unstable
- - - - -
ea2a869f by Michael Tokarev at 2026-02-27T17:10:23+03:00
update changelog; upload version 4.22.8+dfsg-0+deb13u1 to trixie
- - - - -
114 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/common/path.c
- ctdb/config/events/legacy/10.interface.script
- ctdb/config/functions
- ctdb/server/ctdb_recover.c
- ctdb/server/ctdb_recoverd.c
- ctdb/server/ctdb_takeover.c
- ctdb/server/ctdbd.c
- ctdb/tests/README
- + ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh
- ctdb/utils/pmda/pmda_ctdb.c
- debian/changelog
- debian/clean
- debian/gbp.conf
- − debian/patches/add-support-for-bind-9.20.patch
- − debian/patches/libads-fix-get_kdc_ip_string.patch
- − debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch
- debian/patches/series
- docs-xml/manpages/net.8.xml
- docs-xml/manpages/samba-bgqd.8.xml
- docs-xml/manpages/vfs_fruit.8.xml
- docs-xml/smbdotconf/misc/ctdbdsocket.xml
- + docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
- docs-xml/smbdotconf/security/serverrole.xml
- lib/ldb/common/ldb_dn.c
- python/samba/gp/gpclass.py
- python/samba/provision/sambadns.py
- python/samba/tests/blackbox/mdsearch.py
- + python/samba/tests/dcerpc/dfs.py
- python/samba/tests/dcerpc/mdssvc.py
- python/samba/tests/libsmb.py
- python/samba/tests/usage.py
- selftest/knownfail
- selftest/target/Samba.pm
- selftest/target/Samba3.pm
- selftest/target/Samba4.pm
- source3/include/secrets.h
- source3/include/vfs.h
- source3/lib/tldap.c
- source3/libads/ads_proto.h
- source3/libads/cldap.c
- source3/libads/kerberos.c
- source3/libads/kerberos_keytab.c
- source3/libads/ldap.c
- source3/libads/netlogon_ping.c
- source3/libads/netlogon_ping.h
- source3/libads/trusts_util.c
- source3/libads/util.c
- source3/libnet/libnet_join.c
- source3/librpc/idl/ads.idl
- source3/libsmb/conncache.c
- source3/libsmb/dsgetdcname.c
- source3/libsmb/namequery.c
- source3/libsmb/namequery_dc.c
- source3/libsmb/pylibsmb.c
- source3/modules/vfs_ceph_new.c
- source3/modules/vfs_fruit.c
- source3/modules/vfs_recycle.c
- source3/modules/vfs_streams_depot.c
- source3/modules/vfs_streams_xattr.c
- source3/modules/vfs_virusfilter.c
- source3/modules/vfs_xattr_tdb.c
- source3/passdb/machine_account_secrets.c
- source3/printing/print_cups.c
- source3/printing/printing.c
- source3/printing/queue_process.c
- source3/rpc_client/cli_pipe.c
- source3/rpc_server/dfs/srv_dfs_nt.c
- source3/rpc_server/mdssvc/es_parser.y
- source3/rpc_server/mdssvc/es_parser_test.c
- source3/rpc_server/mdssvc/mdssvc_es.c
- source3/rpc_server/mdssvc/mdssvc_es.h
- source3/rpc_server/mdssvc/test_mdsparser_es.c
- source3/rpc_server/netlogon/srv_netlog_nt.c
- source3/rpc_server/rpcd_mdssvc.c
- + source3/script/tests/test_net_ads_kerberos.sh
- source3/script/tests/test_recycle.sh
- + source3/script/tests/test_winbind_cache_sanity.sh
- source3/selftest/tests.py
- source3/smbd/dir.c
- source3/smbd/dosmode.c
- source3/smbd/filename.c
- source3/smbd/files.c
- source3/smbd/open.c
- source3/smbd/proto.h
- source3/smbd/smb2_lock.c
- source3/smbd/smb2_oplock.c
- source3/utils/net.c
- source3/utils/net.h
- source3/utils/net_ads.c
- source3/utils/ntlm_auth.c
- source3/winbindd/idmap_ad.c
- source3/winbindd/wb_queryuser.c
- source3/winbindd/wb_sids2xids.c
- source3/winbindd/wb_xids2sids.c
- source3/winbindd/winbindd_cache.c
- source3/winbindd/winbindd_cm.c
- source3/winbindd/winbindd_pam.c
- source3/winbindd/winbindd_proto.h
- source3/winbindd/winbindd_util.c
- source4/libnet/libnet_site.c
- source4/nbt_server/wins/wins_hook.c
- source4/selftest/tests.py
- source4/setup/named.conf.dlz
- source4/torture/nbt/wins.c
- source4/torture/rpc/lsa.c
- source4/torture/smb2/lease.c
- source4/torture/vfs/fruit.c
- + source4/torture/vfs/streams_xattr.c
- source4/torture/vfs/vfs.c
- source4/torture/wscript_build
- + testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh
- + testprogs/blackbox/wins_hook_test
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b0dc036b076c1b52bf86aaee7dc8dcc074cce0b0...ea2a869f810b1da51084a0c3d846406bc7b6655f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b0dc036b076c1b52bf86aaee7dc8dcc074cce0b0...ea2a869f810b1da51084a0c3d846406bc7b6655f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20260306/6d09018e/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list