Your message dated Tue, 30 Nov 2021 20:32:22 +0000
with message-id <[email protected]>
and subject line Bug#939419: fixed in samba 2:4.9.5+dfsg-5+deb10u2
has caused the Debian Bug report #939419,
regarding libparse-pidl-perl: version ordering issue.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
939419: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939419
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libparse-pidl-perl
Version: 2:4.9.5+dfsg-5+deb10u1+really0.02
X-debbugs-cc: [email protected]
It seems that the recent update to samba in buster-security generated a
libparse-pidl-perl package with a lower version number than the version
already in buster. As far as I can tell this has the following consequences.
1. Users will not get the update to this package, (I don't think this is
a big problem in this particular case as I don't see anything perl
related in the changelog).
2. I suspect it will stop the security update getting rolled in to the
next point release.
3. It may mess up downstream infrastructure (that is how I ran into the
issue).
I see two possible fixes.
1. Avoid using version numbers for the samba package that will trigger
this issue.
2. Change the logic that generates the version numbers for the
libparse-pidl-perl package.
I have knocked up some code to implement the second option and I am
testing it now. If it works out ok i'll post a patch here.
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:4.9.5+dfsg-5+deb10u2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Nov 2021 10:34:50 +0100
Source: samba
Architecture: source
Version: 2:4.9.5+dfsg-5+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 939419
Changes:
samba (2:4.9.5+dfsg-5+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Salvatore Bonaccorso ]
* CVE-2020-25722 Ensure the structural objectclass cannot be changed
* CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during
LDAP add/modify
* s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
* selftest: Fix ktest usermap file
* selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with
(winbindd => "offline")
* CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac"
settings
* CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative
= true
* CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to
r->out.authoritative = true
* CVE-2020-25717: s4:torture: start with authoritative = 1
* CVE-2020-25717: s4:smb_server: start with authoritative = 1
* CVE-2020-25717: s4:auth_simple: start with authoritative = 1
* CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1
* CVE-2020-25717: s3:torture: start with authoritative = 1
* CVE-2020-25717: s3:rpcclient: start with authoritative = 1
* CVE-2020-25717: s3:auth: start with authoritative = 1
* CVE-2020-25717: auth/ntlmssp: start with authoritative = 1
* CVE-2020-25717: loadparm: Add new parameter "min domain uid"
* CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward the
low level errors
* CVE-2020-25717: s3:auth: Check minimum domain uid
* CVE-2020-25717: s3:auth: we should not try to autocreate the guest account
* CVE-2020-25717: s3:auth: no longer let check_account() autocreate local
users
* CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam()
* CVE-2020-25717: s3:auth: don't let create_local_token depend on
!winbind_ping()
* CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or
member)
* CVE-2020-25717: s4:auth: remove unused
auth_generate_session_info_principal()
* CVE-2020-25717: s3:ntlm_auth: fix memory leaks in
ntlm_auth_generate_session_info_pac()
* CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac()
base the name on the PAC LOGON_INFO only
* CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate
everything to make_server_info_wbcAuthUserInfo()
* CVE-2020-25717: selftest: configure 'ktest' env with winbindd and
idmap_autorid
* CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a
PAC in standalone mode
* CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by
removing the unused logon_info argument
* CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing
unused arguments
* lib: Add dom_sid_str_buf
* CVE-2020-25717: idmap_nss: verify that the name of the sid belongs to the
configured domain
* CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named
based lookup fails
* waf: install: Remove installation of PIDL and manpages.
.
[ Mathieu Parent ]
* Drop libparse-pidl-perl package (Closes: #939419)
Checksums-Sha1:
7c1a30096180625d416a8a43ce76272ccd071c0a 4249 samba_4.9.5+dfsg-5+deb10u2.dsc
584e991700124fc657268d62ede53f588a0debaf 273680
samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz
Checksums-Sha256:
cf81437e962601a0f02d885b159a33adf8a7ef2e1d3c4ccf6eb5d066aef6fa55 4249
samba_4.9.5+dfsg-5+deb10u2.dsc
1593518732bcdfc203e36121b05510a273a095c95d29d00e24ac5a5f7797bd20 273680
samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz
Files:
7cf4d3af28587032986de521f42e5d69 4249 net optional
samba_4.9.5+dfsg-5+deb10u2.dsc
df9857bead4a4f2141783901691eca6d 273680 net optional
samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmGh/+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiGgP/2AdfMqI2D/tsKST+Z6iUH/n22IdNLeI
NixYKRltrPKnYQPpBHv7mCkM0a7O9scxkQCRFiyitaMT2LZ+sNX1r7ZoEsbKMB/x
/yYKLTIxLY+OltMAGy8AkPmgLNI+m1Hrh8jPSfdzIV3/bIlHuIS1WE2k+/W6SwlJ
7YVmTTZNvo82UQA+75oceDSFcnmqMHVrkckOrlc8XBrFTueGssj/2SkiDiZzUrl7
Jb1U1atPuw6tt6kcKK35YI7hGxRM03l1Mm6IGsRYYvFAJTUDNOKEledzitYYGnlo
XgsZotett1CDh0+GF8ToCBFSxy3iQlNGUuZlkt0rDCe/7MAsVKG3pXZipnicFWtN
bbg6xl9745o4p2BZPHrq4B+3PTrJjLuqqCrKJP17lakTLoa0LembdryJFGEfN9jg
1G7mGXSkhslME7TVAPoFLuqXSvUCPyqv7FPhkE660O0xEZfvmcFhTWQWlJ5sW4UV
j0FElwtv49Ms+CGQO7C5milibILU3QXPGb4PvoQgVfu1kR/af3kmQRWURIg5IVak
sm1mfG4hd7sTQYkjJTEOB1NtGHcwImtdvzMzfkVYwv2jCk/puNgDGKcusy8K21ch
gBVR/y6F0V89i4/vK8QY9VZHVt3QK84nqsB6QKyrU4NzQvYhkXwMrhWzen/rCTnJ
kjxxeonRKGAD
=7DJa
-----END PGP SIGNATURE-----
--- End Message ---
