Public bug reported: Upstream: 4.18.8 Debian: 2:4.19.2+dfsg-1 Ubuntu: 2:4.18.6+dfsg-1ubuntu2
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### samba (2:4.19.2+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15423 Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE - https://bugzilla.samba.org/show_bug.cgi?id=15426 clidfs.c do_connect() missing a 'return' after a cli_shutdown() call - https://bugzilla.samba.org/show_bug.cgi?id=15463 macOS mdfind returns only 50 results - https://bugzilla.samba.org/show_bug.cgi?id=15481 GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value - https://bugzilla.samba.org/show_bug.cgi?id=15464 libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more - https://bugzilla.samba.org/show_bug.cgi?id=15479 ctdbd: setproctitle not initialized messages flooding logs - https://bugzilla.samba.org/show_bug.cgi?id=15491 CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19 - https://bugzilla.samba.org/show_bug.cgi?id=15477 The heimdal KDC doesn't detect s4u2self correctly when fast is in use * d/samba-common.maintscript: remove obsolete conffile /etc/dhcp/dhclient-enter-hooks.d/samba conffile (Closes: #1053780) -- Michael Tokarev <[email protected]> Mon, 16 Oct 2023 18:26:31 +0300 samba (2:4.19.1+dfsg-4) unstable; urgency=medium * d/samba-common.postinst: restore installing of smb.conf using ucf -- Michael Tokarev <[email protected]> Tue, 10 Oct 2023 22:33:32 +0300 samba (2:4.19.1+dfsg-3) unstable; urgency=medium * d/ctdb.install: sync ceph arch list * d/control: mention other places where ceph arch list is used -- Michael Tokarev <[email protected]> Tue, 10 Oct 2023 20:12:20 +0300 samba (2:4.19.1+dfsg-2) unstable; urgency=medium * d/rules: sync with-ceph arch list from d/control -- Michael Tokarev <[email protected]> Tue, 10 Oct 2023 19:03:42 +0300 samba (2:4.19.1+dfsg-1) unstable; urgency=medium * new stable security bugfix release: o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting 'acl_xattr:ignore system acls = yes' o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. * remove debconf questions and wins dhcp hooks together with po files (wins is not relevant today anymore) * d/control: bump mit-krb5 build-dep (on mitkrb5 profile) to 1.20 * d/control: disable ceph (libcephfs-dev, librados-dev) on 32bit architectures (Closes: #1053202) * d/control: enable rados on riscv64 once it's available there * d/control: samba-libs: depend on libldb of the same version since libldb symbols might appear during previous stable series but they don't propagate to next releases with previous minor version numbers. This is ABI breakage but the symbols are mostly internal to samba itself * debian/libldb2.symbols: update * drop attempts to keep ldb ABI versioning -- Michael Tokarev <[email protected]> Tue, 10 Oct 2023 18:02:05 +0300 samba (2:4.19.0+dfsg-1) unstable; urgency=medium * new upstream release. Some highlights: o changed command-line interface of smbget utility o improved winbindd logging o AD database prepared to FL 2016 standards for new domains o initial, partial implementation of AD FL 2012, 2012R2 and 2016 o samba-tool support for silos, claims, sites and subnets o updated Heimdal import o other improvements and changes, see WHATSNEW.txt file for details. * d/patches: remove patches applied upstream, refresh patches * d/control: update talloc/tevent/tdb build-deps * d/smbclient.install: remove smbgetrc.5 * d/patches: add ldb 2.7.1 & 2.7.2 ABI files * d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0) * d/python3-ldb.symbols: remove unused versions, add new version * d/control: fix description of samba-common-bin (samba-client) * d/samba-common-bin.install: install samba-log-parser (for winbindd for now) ### Old Ubuntu Delta ### samba (2:4.18.6+dfsg-1ubuntu2) mantic; urgency=medium * No-change rebuild with glusterfs 10.3 (LP: #2035127) -- Andreas Hasenack <[email protected]> Wed, 13 Sep 2023 09:57:01 -0300 samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes: - debian/control: Ubuntu i386 binary compatibility: + drop ceph support + enable the liburing vfs module, except on i386 where liburing is not available - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: samba AD DC provisioning and domain join tests with internal DNS (LP #1977746, LP #2011745) * Dropped: - build-depend on libglusterfs-dev only on !i386 arches [In 2:4.18.5+dfsg-2] - Add changes to fix uncaught exception when updating old password containing regex metacharacters by simplifying samba-tool password redaction (LP #2002949). + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch + d/p/python-Add-glue.burn_commandline-method.patch + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch + d/p/python-Remove-const-from-PyList_AsStringList.patch [Fixed upstream in 4.18.6] * Added: - d/control: adjust breaks/replaces for file move that Debian did in 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid file conflict in a dist-upgrade from earlier Ubuntu releases, like Kinetic (LP: #2024663) - d/rules: ceph is not available in Ubuntu i386, disable it -- Andreas Hasenack <[email protected]> Thu, 17 Aug 2023 09:52:00 -0300 ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: samba (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to samba in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/2040363 Title: Merge samba from Debian unstable for noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2040363/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : [email protected] Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
