Your message dated Mon, 24 Oct 2022 09:44:16 +0300
with message-id <[email protected]>
and subject line Re: Bug#833287: A proper fix for Samba plugins linking against
other libraries is upstream
has caused the Debian Bug report #833287,
regarding samba: Upgrading samba with winbind before compat in nsswitch.conf
can harm entire OS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
833287: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833287
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Severity: normal
Dear Maintainer,
Upgrading samba when using winbind as NSS service can break OS. Probably not
triggered if "compat" is BEFORE "winbind" in nsswitch.conf. Huge impact due to
big version different between winbind and libraries.
The upgrade doesn't complete and segfault.
How to reproduce easily:
$ cat /etc/nsswitch.conf
passwd: winbind compat
shadow: compat
group: winbind compat
(winbind is usually used after compat, in this case it was used before)
$ sudo apt-get update
Workaround:
DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with
"pam-auth-update") before ANY attempt of upgrading samba to latest version.
We believe the problem is due to a lack of sane ABI versioning on "samba-libs"
and, thus, incorrectly weak deps between libnss-winbind and samba-libs.
The more robust solution might just be for libnss-winbind and libpam-winbind to
be statically linked to samba-libs.
-- System Information:
Debian Release: 8.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-17-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Version: 2:4.16.0+dfsg-1
On 23.10.2022 23:07, Andrew Bartlett wrote:
https://bugzilla.samba.org/show_bug.cgi?id=14780 has the correct fix
for this, and this change landed in Samba 4.16.
Ok, let's close this as fixed in 4.16.0+dfsg-1.
This is a much harder bug to solve properly than it looks, but once
solved properly we should have proper static plugins that won't fail
during upgrades as they will be self-contained.
Well. There are many fun things in there. Static linking of everything
isn't good either.
I had to work around one issue with libreplace.so already - I replaced
calls of memset_s() to [explicit_]bzero() in one of the common macros,
in order to eliminate linkage with libreplace for certain other libs,
to stop circular dependencies - this way, eg, libldb.so does not depend
on samba-libs package. But this is a thin ice, it is too easy to break.
Thanks,
/mjt
--- End Message ---
