Bug#1022068: Reproduced
c_core cqhci xhci_pci ghash_clmulni_intel drm_ttm_helper sha512_ssse3 sha512_generic ttm ehci_pci realtek scsi_mod xhci_hcd drm_kms_helper aesni_intel mdio_devres ehci_hcd i2c_i801 sdhci rtsx_pci_sdmmc drm crypto_simd usbcore cryptd mmc_core psmouse libphy rtsx_pci scsi_common lpc_ich i2c_smbus usb_common video battery wmi button [2.740163] CR2: 0020 [2.740271] ---[ end trace ]--- [2.740272] RIP: 0010:nvif_object_mthd+0xba/0x200 [nouveau] [2.740335] Code: 94 de 41 8d 56 20 49 8b 44 24 08 83 fa 17 0f 86 35 01 00 00 4c 39 e0 0f 84 ea 00 00 00 4c 89 63 10 31 c9 48 89 de c6 43 06 ff <48> 8b 78 20 48 8b 40 38 48 8b 40 28 e8 55 24 d3 de 48 8b 3c 24 4c [2.740337] RSP: 0018:a98280c37608 EFLAGS: 00010246 [2.740338] RAX: RBX: a98280c37610 RCX: [2.740339] RDX: 0028 RSI: a98280c37610 RDI: a98280c37638 [2.740340] RBP: R08: a98280c37860 R09: ff8e [2.740341] R10: R11: 8e1cdf5c6000 R12: 8e19c40a7508 [2.740342] R13: a98280c37610 R14: 0008 R15: a98280c37630 [2.740343] FS: 7facb03abd00() GS:8e1ccf28() knlGS: [2.740344] CS: 0010 DS: ES: CR0: 80050033 [2.740345] CR2: 0020 CR3: 00010194c003 CR4: 001706e0 Regards -- Mathieu Parent
Bug#1022068: Still found
found 1022068 6.1~rc8-1~exp1 upstream 1022068 https://gitlab.freedesktop.org/drm/nouveau/-/issues/188 thanks Still in latest experimental kernel. :-( I've found an upstream bug (every distro affected). Cheers -- Mathieu
Bug#1022068: Still found
found 1022068 6.1~rc7-1~exp1 done Still in latest experimental kernel. :-(
Bug#1022068: linux: kernel NULL pointer dereference in nouveau driver on Thinkpad W541
fb45a8054b710 RCX: [2.725302] RDX: 0028 RSI: b45a8054b710 RDI: b45a8054b738 [2.725303] RBP: R08: b45a8054b958 R09: ff8e [2.725304] R10: R11: 003f R12: 9e0489847508 [2.725305] R13: b45a8054b710 R14: 0008 R15: b45a8054b730 [2.725306] FS: 7f2c9ec40d00() GS:9e07cf2c() knlGS: [2.725307] CS: 0010 DS: ES: CR0: 80050033 [2.725308] CR2: 0020 CR3: 00010163c002 CR4: 001706e0 [2.725310] Call Trace: [2.725312] [2.725315] nvif_conn_hpd_status+0x35/0xe0 [nouveau] [2.725386] nouveau_dp_detect+0x2f7/0x470 [nouveau] [2.725478] ? migrate_enable+0xde/0x160 [2.725482] nouveau_connector_detect+0x9b/0x550 [nouveau] [2.725578] drm_helper_probe_detect+0x84/0xb0 [drm_kms_helper] [2.725595] drm_helper_probe_single_connector_modes+0x31b/0x550 [drm_kms_helper] [2.725608] ? __kmem_cache_alloc_node+0x12c/0x210 [2.725612] drm_client_modeset_probe+0x243/0x1660 [drm] [2.725647] ? nouveau_cli_init+0x400/0x4a0 [nouveau] [2.725738] ? recalibrate_cpu_khz+0x10/0x10 [2.725741] ? __pm_runtime_suspend+0x61/0x70 [2.725745] __drm_fb_helper_initial_config_and_unlock+0x44/0x530 [drm_kms_helper] [2.725759] ? drm_client_init+0x133/0x160 [drm] [2.725792] nouveau_fbcon_init+0x159/0x1d0 [nouveau] [2.725890] nouveau_drm_device_init+0x1f8/0x7b0 [nouveau] [2.725982] ? pci_update_current_state+0x6e/0xa0 [2.725986] nouveau_drm_probe+0x128/0x1f0 [nouveau] [2.726082] ? rt_spin_unlock+0x13/0x40 [2.726086] local_pci_probe+0x41/0x80 [2.726090] pci_device_probe+0xc3/0x230 [2.726092] really_probe+0xde/0x380 [2.726096] ? pm_runtime_barrier+0x50/0x90 [2.726098] __driver_probe_device+0x78/0x170 [2.726101] driver_probe_device+0x1f/0x90 [2.726103] __driver_attach+0xd1/0x1d0 [2.726106] ? __device_attach_driver+0x110/0x110 [2.726108] bus_for_each_dev+0x87/0xd0 [2.726111] bus_add_driver+0x1b1/0x200 [2.726113] driver_register+0x89/0xe0 [2.726116] ? 0xc0c5b000 [2.726118] do_one_initcall+0x59/0x280 [2.726122] do_init_module+0x4a/0x200 [2.726125] __do_sys_finit_module+0xac/0x120 [2.726129] do_syscall_64+0x3a/0xc0 [2.726133] entry_SYSCALL_64_after_hwframe+0x63/0xcd [2.726136] RIP: 0033:0x7f2c9f3445a9 [2.726138] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 27 08 0d 00 f7 d8 64 89 01 48 [2.726140] RSP: 002b:7ffe76944e78 EFLAGS: 0246 ORIG_RAX: 0139 [2.726142] RAX: ffda RBX: 564c4da28500 RCX: 7f2c9f3445a9 [2.726143] RDX: RSI: 7f2c9f4d6efd RDI: 0013 [2.726144] RBP: 7f2c9f4d6efd R08: R09: 564c4d9fb240 [2.726145] R10: 0013 R11: 0246 R12: 0002 [2.726145] R13: R14: 564c4da15a00 R15: 564c4c09be50 [2.726148] [2.726148] Modules linked in: i915 nouveau(+) ahci drm_buddy mxm_wmi libahci i2c_algo_bit crct10dif_pclmul crct10dif_common crc32_pclmul drm_display_helper crc32c_intel libata cec sdhci_pci ghash_clmulni_intel rc_core cqhci drm_ttm_helper sha512_ssse3 xhci_pci sha512_generic ttm r8169 ehci_pci aesni_intel xhci_hcd drm_kms_helper scsi_mod realtek sdhci ehci_hcd rtsx_pci_sdmmc i2c_i801 crypto_simd mdio_devres drm usbcore psmouse cryptd libphy mmc_core rtsx_pci lpc_ich i2c_smbus scsi_common usb_common battery video wmi button [2.726174] CR2: 0020 [2.726274] ---[ end trace ]--- [2.726275] RIP: 0010:nvif_object_mthd+0xba/0x200 [nouveau] [2.726368] Code: e0 e5 41 8d 56 20 49 8b 44 24 08 83 fa 17 0f 86 35 01 00 00 4c 39 e0 0f 84 ea 00 00 00 4c 89 63 10 31 c9 48 89 de c6 43 06 ff <48> 8b 78 20 48 8b 40 38 48 8b 40 28 e8 15 d4 1f e6 48 8b 3c 24 4c [2.726369] RSP: 0018:b45a8054b708 EFLAGS: 00010246 [2.726371] RAX: RBX: b45a8054b710 RCX: [2.726372] RDX: 0028 RSI: b45a8054b710 RDI: b45a8054b738 [2.726373] RBP: R08: b45a8054b958 R09: ff8e [2.726374] R10: R11: 003f R12: 9e0489847508 [2.726374] R13: b45a8054b710 R14: 0008 R15: b45a8054b730 [2.726375] FS: 7f2c9ec40d00() GS:9e07cf2c() knlGS: [2.726377] CS: 0010 DS: ES: CR0: 80050033 [2.726378] CR2: 0020 CR3: 00010163c002 CR4: 001706e0 Regards Mathieu Parent
Bug#1024881: firmware-misc-nonfree: Missing firmwares for i915
Package: firmware-misc-nonfree Version: 20221109-2 Severity: wishlist Dear Maintainer, I have: W: Possible missing firmware /lib/firmware/i915/dg1_huc.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc.bin for module i915 W: Possible missing firmware /lib/firmware/i915/dg1_guc_70.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_guc_70.bin for module i915 W: Possible missing firmware /lib/firmware/i915/adlp_guc_70.bin for module i915 W: Possible missing firmware /lib/firmware/i915/dg2_guc_70.bin for module i915 And my graphics card is not working correctly (temperature high and PC abruply shuts down). Not sure this is related, but at least this couldn't be worst with more firmwares. NB: I've tested with linux from experimetal too (6.1). Please add those firmwares. Thanks Mathieu Parent -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-0-rt-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_DIE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled firmware-misc-nonfree depends on no packages. firmware-misc-nonfree recommends no packages. Versions of packages firmware-misc-nonfree suggests: ii initramfs-tools 0.142 -- no debconf information
Bug#1024651: ruby-gpgme: FTBFS against libgpgme-dev >= 1.18.0-2
I was hit by this, and created https://github.com/ueno/ruby-gpgme/pull/166. Won't have much time on this topic however.
Bug#814382: RFA: samba -- SMB/CIFS file, print, and login server for Unix
Maybe leave this bug opened, and retitle it as a RFH? (it was the case before) -- Mathieu
Bug#1009726: [Pkg-samba-maint] broken build of samba_4.13.13+dfsg-1~deb11u3 on i386
On Sat, Apr 23, 2022 at 9:55 AM Michael Tokarev wrote: > > Hello! Hello, > Now since the prob is quite serious, maybe we can fix this some > faster way? Yes. A regression update thru -security would be good. But better to wait for the -security team ack. Again, thanks for bringing samba back in shape ! Cheers -- Mathieu Parent
Bug#1009428: gitlabracadabra: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.9 3.10" returned exit code 13
Control: tag -1 upstream Control: forwarded -1 https://gitlab.com/gitlabracadabra/gitlabracadabra/-/merge_requests/240 On Tue, Apr 12, 2022 at 8:53 PM Lucas Nussbaum wrote: > > Source: gitlabracadabra > Version: 1.4.0 > Severity: serious > Justification: FTBFS > Tags: bookworm sid ftbfs > User: lu...@debian.org > Usertags: ftbfs-20220412 ftbfs-bookworm > > Hi, > > During a rebuild of all packages in sid, your package failed to build > on amd64. The reason is the update of python-gitlab to v3. Work is upstream: https://gitlab.com/gitlabracadabra/gitlabracadabra/-/merge_requests/240 Regards -- Mathieu Parent
Bug#814382: RFA: samba -- SMB/CIFS file, print, and login server for Unix
On Mon, Mar 21, 2022 at 10:45 AM Michael Tokarev wrote: > > Ok. Let's try to step on this one. Hi Michael, Thanks for coming here ;-) > I grabbed the package from salsa, applied the fix for #1005642. it built okay > (I use the fixed packages here for about a month already). > > Mathieu, can you please give me some little guide in importing the new > upstream > version, what is usually required, how did you done this before? This is documented in debian/README.source > Let's try to keep the package in a good shape. > > Also, what are/were your plans wrt MR#56, "Build ldb from samba source" - is > it > ready to me merged? The less packages to maintain, the better :) It's not ready to be merged yet. At least sssd should build with it. It looks like you're not a Debian developer. Do you plan to be? Regards Mathieu Parent
Bug#814382: RFA: samba -- SMB/CIFS file, print, and login server for Unix
X-Debbugs-CC: debian-de...@lists.debian.org X-Debbugs-CC: pkg-samba-ma...@lists.alioth.debian.org Hello everybody, I don't have the time to keep samba, cifs-utils and [related] packages in good shape, and I don't use it anymore as file server or AD/DC (I only use it as domain member and cifs client). [related] https://qa.debian.org/developer.php?email=pkg-samba-maint%40lists.alioth.debian.org A team with at least 2-3 members would smooth the process. Any help is appreciated. There is some bug triaging and packaging needed, but the packages are not far from common and recent packaging practices. You don't need to be an advanced packager and you don't need to know samba internals nor advanced configuration slots. The RFA bug: https://bugs.debian.org/814382 Regards -- Mathieu Parent
Bug#814382: RFA: samba -- SMB/CIFS file, print, and login server for Unix
retitle 814382 RFA: samba -- SMB/CIFS file, print, and login server for Unix thanks Hi, I'm retitling this bug as "request for adoption", I don't have the time to keep this package in good shape, and I don't use it anymore as file server or AD/DC (I only use it as domain member and other client things). This RFA is also for other samba-related packages: https://qa.debian.org/developer.php?email=pkg-samba-maint%40lists.alioth.debian.org Regards -- Mathieu Parent
Bug#1003367: upgrade-reports: samba seriously broken after upgrade - major config changes
Hi Karl, > > - samba broke - looks like support for a simple workgroup share is now gone > > - wish there had been some warning. The most common problems are fixed by installing winbind. If it's not working, please post your smb.conf. Regards Mathieu Parent
Bug#1003477: [Pkg-samba-maint] Bug#1003477: talloc FTCBFS: it's difficult
Le lun. 10 janv. 2022 à 21:27, Helmut Grohne a écrit : > > Source: talloc > Version: 2.3.3-2 > Tags: patch > User: debian-cr...@lists.debian.org > Usertags: cross-satisfiability ftcbfs > > talloc fails to cross build from source. I'm inclined to say it's > because waf. Really, stop using waf if you can. It's a nightmare. > > Ok ok. It's bad, but not impossible. I've attached this huge patch to > make it work. Of course you can apply it and it'll work, yes. But how > about stop using waf? > > Polemics aside. waf can be made to cross build if you export all the > build tools. Beyond the usual ones, you also need PYTHON3_CONFIG and > this magic _PYTHON_SYSCONFIGDATA_NAME variable. Of course, debian/rules > also needs to use it instead of calling python3-config directly. Beyond > that, a waf anser file is needed. And that's mostly it. Build-Depends > need to be multiarchified and the python3-talloc.lintian-overrides was > wrongly hard coding the amd64 triplet. > > It really can be made to work. But is all this pain really worth it? How > about using like setuptools or something sane? Think about it. And if > all else fails, apply my patch. I would review any "setuptools or something sane" patch, but I won't have the time to write it myself. Alternatively, a patch to waf would help too... Regards -- Mathieu Parent
Bug#990877: Proposed patch upstream
Proposed an MR: https://gitlab.com/ita1024/waf/-/merge_requests/2336 Regards -- Mathieu Parent
Bug#990877: [Pkg-samba-maint] Bug#990877: FTBFS on kfreebsd
Le sam. 6 nov. 2021 à 19:51, Laurent Bigonville a écrit : > > Hello, Hello, > Any hope somebody could have a look at this? The patch is pretty trivial. Sorry for the delay. This kind of patch is probably needed for all packages using waf (samba, talloc, tdb, tevent, ldb). I would prefer if we can fix waf itself. What is the output of this command on kfreebsd: python3 -c 'import sys; print(sys.platform)' Then the c_compiler dict in third_party/waf/waflib/Tools/compiler_c.py could be amended. Regards -- Mathieu Parent
Bug#998328: [Pkg-samba-maint] Bug#998328: smbclient: missing alternative for smbspool_krb5_wrapper cups backend
Le mar. 2 nov. 2021 à 15:21, Laurent Grawet a écrit : > > Package: smbclient > Version: 2:4.13.5+dfsg-2 > Severity: normal > > Dear Maintainer, > >* What led up to the situation? no way to choose between smb and > smbspool_krb5_wrapper cups backend >* What exactly did you do (or not do) that was effective (or > ineffective)? add alternative >* What was the outcome of this action? success > > This is how I've configured the new alternative: > > update-alternatives --install /usr/lib/cups/backend/smb \ > cups-backend-smb \ > /usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper 50 > > update-alternatives --install /usr/lib/cups/backend/smb \ > cups-backend-smb \ > /usr/bin/smbspool 25 Thanks. Could you propose a merge request for this in the samba repo?: https://salsa.debian.org/samba-team/samba/ Regards. -- Mathieu
Bug#994225: New upstream version 1.2.0
Package: src:libgit2 Version: 1.1.0+dfsg.1-4 Severity: wishlist Hi maintainers, Please update to libgit2 version 1.2.0, juste released. There is a soname change, and also some struct changes[1]. Going thru experimental is probably needed. [1]: https://github.com/libgit2/libgit2/pull/6051#issuecomment-918337543 Regards -- Mathieu Parent
Bug#993347: [Pkg-samba-maint] Bug#993347: samba: recent systemd update (DSA-4942-1) makes samba-ad-dc complain about PID's.
Le mar. 31 août 2021 à 10:21, lo...@van-belle.nl a écrit : > > Package: samba > Version: 2:4.13.5+dfsg-2 > Severity: important > X-Debbugs-Cc: lo...@van-belle.nl > > Hai > > current samba-ad-dc complains about Type=notify(-all) > > We are getting the mssage. > Got notification message from PID x, but reception only permitted for > main PID > > Suspectily the update in Systemd while Bullseye was in freeze triggered above > message > (see https://www.debian.org/security/2021/dsa-4942) > > The fix is simple. > Change in samba-ad-dc.service Type=Notify to Type=Fork > it only effects (as far i can tell) the AD-DC setups. Thanks Louis for this. Maybe a better fix is to use: NotifyAccess=all https://www.freedesktop.org/software/systemd/man/systemd.service.html#NotifyAccess= Cheers -- Mathieu Parent
Bug#989080: [Pkg-samba-maint] Bug#989080: cifs-utils: diff for NMU version 2:6.11-3.1
Le lun. 26 juil. 2021 à 23:21, Sebastian Ramacher a écrit : > > Dear maintainer, > > I've prepared an NMU for cifs-utils (versioned as 2:6.11-3.1). The diff > is attached to this message. > Thanks! -- Mathieu Parent
Bug#814382: RFH: samba -- SMB/CIFS file, print, and login server for Unix
Le lun. 24 mai 2021 à 07:18, Abi a écrit :
>
> Hello again, thanks for responding.
>
> My skills include:
>
> An amateur understanding of Samba4 AD DC and file server. I manage a dozen or
> so installations ( addc and fs ), and I know how to spin up and manage
> installations as well as troubleshoot issues when they occur. I also read
> through the mailing list daily in order to have a better grasp possible
> issues.
> Identifying warnings/errors from log output within code. I wouldn't call
> myself an advanced C or Python developer ( I mostly write golang/php ),
> however I should be able to look through the source code and trace issues
> based off the output reporters provide.
>
> I'm also interested in debian packaging, but I know absolutely nothing apart
> from a few links I've read through. Would you be able to forward me some
> relevant reading so I'll be able to assist on that front ( if needed ) in the
> future?
You can take a look at https://wiki.debian.org/Packaging which starts
with basic guides up to advanced topics. Samba is a big package, using
recent packaging methods.
>
> By default, sending to n...@bugs.debian.org won't be sent to the submitter,
> carefully read https://www.debian.org/Bugs/Developer#followup to ensure that
> both submitter and maintainer (pkg-samba list) have the mail (nnn +
> nnn-submitter)
>
> I read through that section that you've linked and I think I understand.
> Since you are the maintainer and the person I am replying to, this message
> will actually get to you twice. However, if you were not a maintainer and
> just a user in the bug report I was replying to, you would receive this once.
> If I wanted to reply directly to the bug submitter and maintainer, I would
> tag 814...@bugs.debian.org ( so the maintainer receives it ) and
> 814382-submit...@bugs.debian.org ( so the submitter receives it ) - I'm
> assuming it will only be filed in the bug report once. Alternatively,
> couldn't I just send a reply to 814...@bugs.debian.org and {submitter email
> address} ? or should I stick with nnn-submitter?
You can send to submitter address directly, they may receive the mail
twice if you do and they have subscribed to the bug (but twice is
better than none).
>
> Debian's bug tracker is managed thru mails, you can look at
> https://www.debian.org/Bugs/ and
> https://www.debian.org/Bugs/server-control to start with.
>
> I've gone ahead and read through both links ( and the links within those
> links ), and I think I have a good understanding of the various levels/tags
> that should be assigned to a report and what the standard operating procedure
> is, as well as the control request server commands.
>
> Tagging bugs and closing with the relevant version of the fix would help a
> lot!
>
> Sure, where should I start? I looked through
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=samba#_0_4_4
> , and found: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765408 . I
> guess what needs to be changed is:
>
> Tag set to fixed-upstream
> Security level: important
> Add wheezy tag
Yes
> I'm assuming it's okay to close the bug report after that since the wheezy is
> EOL, and there is no hope for backporting?
Yes, you can also close jessie-only bugs for the same reason. For
stretch and buster, you can also close up to normal-severity bugs,
saying that we won't fix them. Having a list of commits that we should
cherry-pick for buster would be good (security fixes, stability fixes,
crashes). Also I think upgrade issues up to stretch can be closed.
> Am I on the right track, or totally off?
You're on the right track. Go ahead ! I'll receive notifications of
your changes and if you have any doubt, ask on the bug. Some users may
have created a bug and are no longer impacted, so pinging old bugs and
closing after a month without reply will also help.
Also, appart from samba, there are some bugs in cifs-utils (and one in
ldb, talloc, tevent):
https://qa.debian.org/developer.php?email=pkg-samba-maint%40lists.alioth.debian.org
>
> Let me know if there's a particular system you'd like me to follow when
> triaging. I can start right away.
You can sort by bug number, or by severity. Both ascending and
descending makes sense.
>
> Thanks!
>
>
> On 5/23/21 3:02 PM, Mathieu Parent wrote:
>
> Le dim. 23 mai 2021 à 04:33, Abi a écrit :
>
> Hello Mathieu,
>
> Hello Abi,
>
> I saw the help request submitted to the samba mailing list by A.
> Bartlett on 05/14 . I would love to help with triaging bug
> reports/improving tests . What steps would I need to take in order to
> get involved?
>
> Let me know. Thanks.
>
> Thanks for proposing your help.What are your skills?
>
> Debian's bug tracker i
Bug#814382: RFH: samba -- SMB/CIFS file, print, and login server for Unix
Le dim. 23 mai 2021 à 04:33, Abi a écrit : > > Hello Mathieu, Hello Abi, > I saw the help request submitted to the samba mailing list by A. > Bartlett on 05/14 . I would love to help with triaging bug > reports/improving tests . What steps would I need to take in order to > get involved? > > Let me know. Thanks. Thanks for proposing your help.What are your skills? Debian's bug tracker is managed thru mails, you can look at https://www.debian.org/Bugs/ and https://www.debian.org/Bugs/server-control to start with. By default, sending to n...@bugs.debian.org won't be sent to the submitter, carefully read https://www.debian.org/Bugs/Developer#followup to ensure that both submitter and maintainer (pkg-samba list) have the mail (nnn + nnn-submitter) Tagging bugs and closing with the relevant version of the fix would help a lot! On the test side, I have a WIP mrege request at: https://salsa.debian.org/samba-team/samba/-/merge_requests/6 But we'll wait for bullseye to be released to start working on this. If you know about Debian packaging, there other possible tasks. Regards Mathieu Parent
Bug#988197: [Pkg-samba-maint] Bug#988197: patch for samba which fixes legacy printing support
OK. Then I'll try to add this fix in bullseye. Le lun. 10 mai 2021 à 12:40, Mateusz Mikołajczyk a écrit : > > not sure how to check this. I googled for "debian source code" and that's the > source for samba version in bullseye (I think): > > https://sources.debian.org/src/samba/2:4.13.5+dfsg-1/source3/smbd/reply.c/#L7094 > > I marked the line that has the patch on samba's gitlab > > the patch was made in upstream literally days ago so I don't think it made to > bullseye yet. especially given the fact that upstream samba is at 4.14.x and > this is 4.13.x > > pon., 10 maj 2021 o 12:14 Mathieu Parent napisał(a): >> >> I think the bug is not present in bullseye. >> >> Le lun. 10 mai 2021 à 12:09, Mateusz Mikołajczyk >> a écrit : >> > >> > sorry, I'm a bit confused. did you mean bullseye is frozen? Does it mean >> > that this patch won't make it to bullseye either and I'd have to switch to >> > sid instead? the patch is definetely not a feature implementation, it >> > simply makes samba conform with the SMB protocol. this particular function >> > was bugged for quite a while now, but on the other hand I totally >> > understand that only a minority of a percentage of users will benefit from >> > this. >> > >> > if it would make it to bullseye, how would I know this? >> > >> > pon., 10 maj 2021 o 11:48 Mathieu Parent >> > napisał(a): >> >> >> >> Le lun. 10 mai 2021 à 11:29, Mateusz Mikołajczyk >> >> a écrit : >> >> > >> >> > actually, I thought that I couldn't do this but on a second thought as >> >> > I understand I'd simply have to change all my entries in sources.list >> >> > from buster to bullseye ? I'm using armbian if that's relevant to the >> >> > story :) >> >> > >> >> >> >> I don't know for Raspian, but upgrades notes are here: >> >> >> >> https://www.debian.org/releases/bullseye/armhf/release-notes/ch-upgrading.en.html >> >> >> >> Please note that Debian buster is the future Debian stable, and is >> >> currently "frozen" (i.e only stabibilty fixes are allowed). >> >> >> >> Regards >> >> -- >> >> Mathieu Parent >> > >> > >> > >> > -- >> > pozdrawiam serdecznie, >> > Mateusz Mikołajczyk, a.k.a. toudi >> >> >> >> -- >> Mathieu > > > > -- > pozdrawiam serdecznie, > Mateusz Mikołajczyk, a.k.a. toudi -- Mathieu
Bug#988197: [Pkg-samba-maint] Bug#988197: patch for samba which fixes legacy printing support
I think the bug is not present in bullseye. Le lun. 10 mai 2021 à 12:09, Mateusz Mikołajczyk a écrit : > > sorry, I'm a bit confused. did you mean bullseye is frozen? Does it mean that > this patch won't make it to bullseye either and I'd have to switch to sid > instead? the patch is definetely not a feature implementation, it simply > makes samba conform with the SMB protocol. this particular function was > bugged for quite a while now, but on the other hand I totally understand that > only a minority of a percentage of users will benefit from this. > > if it would make it to bullseye, how would I know this? > > pon., 10 maj 2021 o 11:48 Mathieu Parent napisał(a): >> >> Le lun. 10 mai 2021 à 11:29, Mateusz Mikołajczyk >> a écrit : >> > >> > actually, I thought that I couldn't do this but on a second thought as I >> > understand I'd simply have to change all my entries in sources.list from >> > buster to bullseye ? I'm using armbian if that's relevant to the story :) >> > >> >> I don't know for Raspian, but upgrades notes are here: >> >> https://www.debian.org/releases/bullseye/armhf/release-notes/ch-upgrading.en.html >> >> Please note that Debian buster is the future Debian stable, and is >> currently "frozen" (i.e only stabibilty fixes are allowed). >> >> Regards >> -- >> Mathieu Parent > > > > -- > pozdrawiam serdecznie, > Mateusz Mikołajczyk, a.k.a. toudi -- Mathieu
Bug#988197: [Pkg-samba-maint] Bug#988197: patch for samba which fixes legacy printing support
Le lun. 10 mai 2021 à 11:29, Mateusz Mikołajczyk a écrit : > > actually, I thought that I couldn't do this but on a second thought as I > understand I'd simply have to change all my entries in sources.list from > buster to bullseye ? I'm using armbian if that's relevant to the story :) > I don't know for Raspian, but upgrades notes are here: https://www.debian.org/releases/bullseye/armhf/release-notes/ch-upgrading.en.html Please note that Debian buster is the future Debian stable, and is currently "frozen" (i.e only stabibilty fixes are allowed). Regards -- Mathieu Parent
Bug#988197: [Pkg-samba-maint] Bug#988197: patch for samba which fixes legacy printing support
Le ven. 7 mai 2021 à 15:24, Mateusz Mikołajczyk a écrit : > > Package: samba > Version: 4.9.5+dfsg-5+deb10u1 > > I was testing samba with an really old DOS client. it turns out that ever > since samba 3.2.0 there was an upstream change that broke this legacy > printing support. It was already merged upstream but the patch is super tiny > - a one liner: > > https://gitlab.com/samba-team/samba/-/commit/47d79d7e7e406f7dd204ded7c72cfed3e0761ad5 > > I was wondering, would it be possible to add it as a patch to debian buster? > Currently I figured out a way to apply it - I simply build samba .deb package > from source (i.e. deb-src), manually apply the patch and then install local > version of the package. That's all great until I'm testing this on x86 > architecture (because the compilation is relatively quick), however I intend > to put everything to sbc board as a headless print server. In order to avoid > compilation on the sbc, I could create a virtual machine and do a > cross-compilation but it seems like a massive overkill just to introduce a > one-liner patch, plus it wouldn't survive any of the potential upgrades Hi, I'm sorry, but I won't apply this patch to buster. You can use bullseye instead. Regards -- Mathieu Parent
Bug#988169: unblock: samba/2:4.13.5+dfsg-2
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package samba. [ Reason ] It fixes: * CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (Closes: #987811) * Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209) [ Impact ] Without the second fix, some buster -> bulleye upgrades will fail. There is no known exploit for the security issue, but: > an unprivileged user was able to delete a file within > a network share that they should have been disallowed access to [ Tests ] Minimal manual tests done. [ Risks ] ? [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] (Anything else the release team should know.) unblock samba/2:4.13.5+dfsg-2 samba.debdiff Description: Binary data
Bug#988168: unblock: cifs-utils/6.11-3
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package cifs-utils. [ Reason ] It fixes: CVE-2021-20208: cifs.upcall kerberos auth leak in container (Closes: #987308) [ Impact ] Only needed when using containers. Marked "minor" for stretch and buster. [ Tests ] Minimal manual tests done. [ Risks ] ? [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] (Anything else the release team should know.) unblock cifs-utils/6.11-3 cifs-utils.debdiff Description: Binary data
Bug#986867: [Pkg-samba-maint] Bug#986867: fixed in cifs-utils 2:6.11-2
Version: 2:6.11-2 Le lun. 19 avr. 2021 à 11:54, Daniel Lewart a écrit : > > Mathieu, > > > * Recommends keyutils (Closes: #986867) > > This also Closes: #967972: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967972 > > Thank you for applying my patch! > Daniel Lewart > Urbana, Illinois > > ___ > Pkg-samba-maint mailing list > pkg-samba-ma...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-samba-maint -- Mathieu
Bug#985217: unblock: samba/2:4.13.5+dfsg-1
Package: release.debian.org User: release.debian@packages.debian.org Usertags: unblock Severity: normal Please unblock package samba This is an update from 4.13.4 to 4.13.5 (requested in #984863). [ Reason ] This is a stability fixes release. Full list of changes: o Trever L. Adams * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure. o Jeremy Allison * BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection. * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services. o Andrew Bartlett * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones. o Ralph Boehme conn->session_info for the initial delete-on-close token. o Peter Eriksson * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path. o Björn Jacke * BUG 14624: classicupgrade: Treat old never expires value right. o Volker Lendecke * BUG 14636: g_lock: Fix uninitalized variable reads. o Stefan Metzmacher * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file(). o Andreas Schneider * BUG 14625: lib:util: Avoid free'ing our own pointer. o Paul Wise * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work. [ Impact ] At least Paul Wise is affected. See: https://bugzilla.samba.org/show_bug.cgi?id=13992 https://bugzilla.samba.org/show_bug.cgi?id=12505 [ Tests ] As is every samba release, the testsuite is improved. I've also tested the package. [ Risks ] [ Checklist ] [ ] all changes are documented in the d/changelog I forgot samba was a key package, so the changelog is not complete. The missing pieces are above. [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing Attached are releavant changes (removing diff in the doc about the version). [ Other info ] I may ask another unblock request before the bullseye release if samba 4.13.6+ is released. unblock samba/2:4.13.5+dfsg-1 diff --git a/Makefile b/Makefile index 0b7b0ae8866..7f5960d5191 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,9 @@ uninstall: test: $(WAF) test $(TEST_OPTIONS) +testonly: + $(WAF) testonly $(TEST_OPTIONS) + perftest: $(WAF) test --perf-test $(TEST_OPTIONS) diff --git a/VERSION b/VERSION index 130087004f0..c24df6ba32e 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 544f4377bfd..8b8c349eaa5 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,79 @@ + == + Release Notes for Samba 4.13.5 + March 09, 2021 + == + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.4 + + +o Trever L. Adams + * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite + start-up failure. + +o Jeremy Allison + * BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption + setup failed on temp proxy connection. + * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed + force a full reload of services. + +o Andrew Bartlett + * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about + expired tombstones. + +o Ralph Boehme conn->session_info for the initial + delete-on-close token. + +o Peter Eriksson + * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error + path. + +o Björn Jacke + * BUG 14624: classicupgrade: Treat old never expires value right. + +o Volker Lendecke + * BUG 14636: g_lock: Fix uninitalized variable reads. + +o Stefan Metzmacher + * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file(). + +o Andreas Schneider + * BUG 14625: lib:util: Avoid free'ing our own pointer. + +o Paul Wise + * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + +
Bug#984486: libsmbclient-dev: ffmpeg 4.3.2 FTBFS against libsmbclient.h
Le ven. 5 mars 2021 à 15:02, Vasyl Gello a écrit : > > Hi Mathieu, Andrei, Mattia, > > > I won't have the time to handle this. But if any Debian Developer > > wants, please reach me. > > I have already prepared & tested the fix, but I am not a DD :) Please push this to a MR, for review. > Mattia, can you sponsor the upload then, please? Regards -- Mathieu Parent
Bug#984486: libsmbclient-dev: ffmpeg 4.3.2 FTBFS against libsmbclient.h
Hi, Le ven. 5 mars 2021 à 13:22, Andrei POPESCU a écrit : > > Is it possible to incorporate this low-risk fix to stable-updates / > > stable-security? I won't have the time to handle this. But if any Debian Developer wants, please reach me. Regards -- Mathieu Parent
Bug#972912: [Pkg-samba-maint] Bug#972912: Incorrect fix to bug
Le lun. 21 déc. 2020 à 16:06, Sven Mueller a écrit : > > Well, turns out that apparently nobody else bothers with a .symbols file for > Python extensions. I looked at the packages for samba, numpy, mypy and > python-stdlib-extensions. And if the Python maintainers themselves don't do > it, you probably shouldn't. > > I attached a diff to remove the relevant file and the setup for it. I also > added some verbosity to the stuff debhelper does (I find it harder to debug > build issues without it). > I verified that except for this symbols file going away, nothing else > changed. (Most notable, the main libldb-dev package still looks the same.) - > Verified via diffoscope which only showed expected changes (timestamps, > mostly) > > I'll see if I can turn it into a pull request on Salsa, but my git-foo is > weaker than it probably should be, so feel free to just apply my patch > yourself. > If I create a pull request, should that include an update to debian/changelog? Hello, just a quick note that I won't work on this for bullseye. If you can propose a MR in salsa and test that samba builds and works, I'll happily review it. Regards -- Mathieu Parent
Bug#972912: [Pkg-samba-maint] Bug#972912: Incorrect fix to bug
Le jeu. 17 déc. 2020 à 16:48, Sven Mueller a écrit : > > Hi Mathieu. Hi, > Just wanted to say that your fix here seems wrong: > The symbols file says when a specific symbol for a specific lib was added. > If I rebuild ldb against Python 3.9, it will suddenly claim that - for > example - symbol PYLDB_UTIL_2.1.0@PYLDB_UTIL_2.1.0 was added to the package > - for the Python 3.9 specific lib - in package version 2:2.1.0 - Even though > that package version was not built against Python 3.9 at all. > > The better fix would be to explicitly build against specific Python versions > (python3.8-dev, python3.9-dev build dependencies) and have appropriate > symbols listed for both of them. > > Currently, if a package builds against the ldb python bindings for Python > 3.9, it will generate versioned dependencies that are incorrect (if all it > uses would be the above symbol, it would depend on python3-ldb >= 2:2.1.0 - > which didn't have any Python 3.9 bindings) - and fail after installation. > > To be fair though, I'm not even sure having the symbols file for the python > bindings .so files makes much sense. OK. Could you submit a merge request fixing this? SInce the migration to python3, the bindings are getting complicated. Any help here is apprecciated. Regards Mathieu Parent
Bug#974868:
Hi, Le ven. 11 déc. 2020 à 07:12, Reid Priedhorsky a écrit : > > I was able to build and install a set of .debs including the above patch, > thanks to Raphael Hertzog’s fine instructions [2]. However, unfortunately I > still have the following error in the logs: > > [2020/12/10 22:25:23.078271, 0] ../source3/smbd/dfree.c:125(sys_disk_free) > sys_disk_free: VFS disk_free failed. Error was : Invalid or incomplete > multibyte or wide character > > So possibly the patch is insufficient? > > [1]: > https://raphaelhertzog.com/2011/07/04/how-to-prepare-patches-for-debian-packages/ Can you test the version in testing? The bug should be fixed there. Regards Mathieu Parent -- Mathieu
Bug#866823: [Pkg-samba-maint] Bug#866823: samba: does not follow symbolic links
Hi, Le lun. 23 nov. 2020 à 09:48, Ritesh Raj Sarraf a écrit : > > Package: samba > Version: 2:4.13.2+dfsg-3 > Followup-For: Bug #866823 > > So "follow symlinks" feature seems to have been broken in the latest > upload of samba, version 2:4.13.2+dfsg-3. > > The current version in testing, 2:4.12.5+dfsg-3, did not have this > problem and I was happiliy using the "follow symlinks" feature so far. > > Given the dependency on python3, which now transitioned to 3.9, I can't > downgrade to the previous version. > > The (insecure) workaround mentioned in this bug report, that of: > > # For symlink hack >wide links = yes >allow insecure wide links = yes > > > makes it work again. Do you have path=/ ? Also, from the 4.13 WHATSNEW.txt: > wide links functionality > > > For this release, the code implementing the insecure "wide links = yes" > functionality has been moved out of the core smbd code and into a separate > VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded > by smbd as the last but one module before vfs_default if "wide links = yes" > is enabled on the share (note, the existing restrictions on enabling wide > links around the SMB1 "unix extensions" and the "allow insecure wide links" > parameters are still in force). The implicit loading was done to allow > existing users of "wide links = yes" to keep this functionality without > having to make a change to existing working smb.conf files. > > Please note that the Samba developers recommend changing any Samba > installations that currently use "wide links = yes" to use bind mounts > as soon as possible, as "wide links = yes" is an inherently insecure > configuration which we would like to remove from Samba. Moving the > feature into a VFS module allows this to be done in a cleaner way > in future. > > A future release to be determined will remove this implicit linkage, > causing administrators who need this functionality to have to explicitly > add the vfs_widelinks module into the "vfs objects =" parameter lists. > The release notes will be updated to note this change when it occurs. Can't you use bind mounts? Regards Mathieu Parent
Bug#972253: samba was forgotten for py3.9
Le sam. 21 nov. 2020 à 07:46, Graham Inggs a écrit : > > Hi Mathieu > > On Fri, 20 Nov 2020 at 22:39, Mathieu Parent wrote: > > SInce 14h 10m! Oh wait ;-) > > I did :) and have scheduled the binNMUs for samba now. > > I'm not sure if you've noticed, but ceph is in quite a bad state. Is > it possible to build samba without it? This should not be a problem for the migration to testing, as samba only build-depends on and recommends ceph. This has to be fixed still. Unfortunately, the package has not seen any update since months ... Regards -- Mathieu Parent
Bug#972253: samba was forgotten for py3.9
Le ven. 20 nov. 2020 à 21:36, Matthias Klose a écrit : > > On 11/20/20 9:33 PM, Matthias Klose wrote: > > On 11/20/20 9:13 PM, Mathieu Parent wrote: > >> Hi, > >> > >> It looks like samba was forgotten by the binNMU request. > >> > >> See https://bugs.debian.org/975330 > >> > >> Can you schedule that? > > > > no, according to > > https://release.debian.org/transitions/html/python3.9-default.html > > ldb ftbfs on s390x. > > wait, the build is still pending ... SInce 14h 10m! Oh wait ;-)
Bug#972253: samba was forgotten for py3.9
Hi, It looks like samba was forgotten by the binNMU request. See https://bugs.debian.org/975330 Can you schedule that? Thanks -- Mathieu Parent
Bug#975310: new upstream version
Package: python3-gitlab Version: 1:2.4.0-1 Hi, Version 2.5.0 adds support for group of groups. Please upload it. Thanks! Mathieu Parent -- Mathieu
Bug#963971: [Pkg-samba-maint] Bug#963971: samba-libs: libndr.so.0 gone from latest version, breaks sssd-ad-common dependency
Le sam. 4 juil. 2020 à 15:15, Michael Stone a écrit : > > On Sat, Jul 04, 2020 at 07:28:32AM +0200, Mathieu Parent wrote: > >clone 963971 -1 > >tag 963971 + upstream > >tag -1 + upstream fixed-upstream patch > >reassign -1 sssd-ad-common > > > >Le lun. 29 juin 2020 à 14:48, Michael Stone a écrit : > >> > >> Package: samba-libs > >> Version: 2:4.12.3+dfsg-2 > >> Severity: critical > >> Justification: breaks the whole system > >> > >> The new samba-libs package changes the soname of libndr from libndr.so.0 to > >> libndr.so.1 without reflecting this change in the package name. > >> sssd-ad-common > >> has a dependency on samba-libs (>= 2:4.11.5+dfsg) and links to libndr.so.0. > >> When the samba-libs package is updated and libndr.so.0 disappears sssd > >> fails to > >> start, which then makes a system's remote users unavailable. (Worse, this > >> doesn't happen until the next time sssd restarts--which may not be until > >> the > >> next reboot.) > > > >It looks to be fixed in sssd 2.3.0: > >https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d > > > >I'm cloning this bug: > >- on the samba side I'll add a breaks: sssd-ad-common (<< 2.3.0) > >- on the sssd side, an update to 2.3.0+ is needed > > Going forward, do things using samba-libs need a strict version > depenedency since there is no ABI version in the package name? No, I think. According to the sssd commit, sssd 2.3 will still build on older samba-libs. Regards -- Mathieu Parent
Bug#963985: Forwarded
Control: forwarded -1 https://bugzilla.samba.org/show_bug.cgi?id=14431 Forwarded upstream Regards -- Mathieu Parent
Bug#963971: [Pkg-samba-maint] Bug#963971: samba-libs: libndr.so.0 gone from latest version, breaks sssd-ad-common dependency
clone 963971 -1 tag 963971 + upstream tag -1 + upstream fixed-upstream patch reassign -1 sssd-ad-common Le lun. 29 juin 2020 à 14:48, Michael Stone a écrit : > > Package: samba-libs > Version: 2:4.12.3+dfsg-2 > Severity: critical > Justification: breaks the whole system > > The new samba-libs package changes the soname of libndr from libndr.so.0 to > libndr.so.1 without reflecting this change in the package name. sssd-ad-common > has a dependency on samba-libs (>= 2:4.11.5+dfsg) and links to libndr.so.0. > When the samba-libs package is updated and libndr.so.0 disappears sssd fails > to > start, which then makes a system's remote users unavailable. (Worse, this > doesn't happen until the next time sssd restarts--which may not be until the > next reboot.) It looks to be fixed in sssd 2.3.0: https://github.com/SSSD/sssd/commit/bc56b10aea999284458dcc293b54cf65288e325d I'm cloning this bug: - on the samba side I'll add a breaks: sssd-ad-common (<< 2.3.0) - on the sssd side, an update to 2.3.0+ is needed Regards -- Mathieu Parent
Bug#956535: buster-pu: package php-horde-data/2.1.4-5+deb10u1
Le mer. 15 avr. 2020 à 08:40, Salvatore Bonaccorso a écrit : > > Hi Roberto, > > On Tue, Apr 14, 2020 at 05:45:54PM -0400, Roberto C. Sánchez wrote: > > On Tue, Apr 14, 2020 at 10:04:00PM +0200, Salvatore Bonaccorso wrote: > > > Control: tags -1 - moreinfo > > > > > > Hi Adam, > > > > > > On Sun, Apr 12, 2020 at 10:05:55PM +0100, Adam D. Barratt wrote: > > > > Control: tags -1 + moreinfo > > > > > > > > On Sun, 2020-04-12 at 09:23 -0400, Roberto C. Sanchez wrote: > > > > > Please find attached a proposed debdiff for php-horde-data. The > > > > > change fixes CVE-2020-8518, which the security team has classified as > > > > > , deeming it a minor issue which can be fixed via a point > > > > > release. > > > > > > > > The Security Tracker indicates that this issue affects the package in > > > > unstable and is not yet fixed there; is that correct? > > > > > > This is correct, the issue has not been fixed in unstable "yet". The > > > horde ecosystem is currently unmaintained, and previous maintainer > > > indicated to ask actually for removal if nobody steps up. See #942282 > > > for context. > > > > > > That said, it's possible to either wait for a fix in unstable or the > > > removal of the php-horde* packages first before accepting the upload > > > for a buster point release (same for the other updates proposed by > > > Roberto). > > > > > > Does this make sense? > > > > > Hi Salvatore, > > > > I've communicated with Mathieu Parent (the php-horde-* maintainer) > > regarding his intentions for unstable uploads of these three packages. > > He has asked that I go ahead and perform the uploads. However, if you > > think that a removal request is forthcoming in the very near future, I > > will wait and not make those uploads. > > > > My intent was to have them done in the next 24 hours. Please advise if > > I should proceed or if I should wait for removal. > > That's fine if you communicated with Mathieu and he agreed then go > ahead and fix it as well in unstable. > Thanks Roberto! Hello Salvatore, > Mathieu, but are you still planning to request removals? Done as #956808. Cheers! -- Mathieu Parent
Bug#956808: RM: php-horde -- ROM; Orphaned
Package: ftp.debian.org Severity: normal Hi, Please remove all Horde packages, the complete list is available at: https://qa.debian.org/developer.php?email=team%2Bdebian-horde-team%40tracker.debian.org and below: ckeditor3 php-horde php-horde-activesync php-horde-alarm php-horde-ansel php-horde-argv php-horde-auth php-horde-autoloader php-horde-browser php-horde-cache php-horde-cli php-horde-compress php-horde-compress-fast php-horde-constraint php-horde-content php-horde-controller php-horde-core php-horde- crypt php-horde-crypt-blowfish php-horde-css-parser php-horde-cssminify php-horde-data php-horde-date php-horde-date-parser php-horde-dav php-horde-db php-horde-editor php-horde-elasticsearch php-horde-exception php-horde-feed php-horde-form php-horde-gollem php-horde-group php-horde-groupware php-horde-hashtable php-horde-history php-horde-http php-horde-icalendar php-horde-idna php-horde-image php-horde-imap-client php-horde-imp php-horde-imsp php-horde-ingo php-horde-injector php-horde-itip php-horde-javascriptminify php-horde-kolab-format php-horde-kolab-server php-horde-kolab-session php-horde-kolab-storage php-horde-kronolith php-horde-ldap php-horde-listheaders php-horde-lock php-horde-log php-horde-logintasks php-horde-lz4 php-horde-mail php-horde-mail-autoconfig php-horde-mapi php-horde-memcache php-horde-mime php-horde-mime-viewer php-horde-mnemo php-horde-mongo php-horde-nag php-horde-nls php-horde-notification php-horde-oauth php-horde-openxchange php-horde-pack php-horde-passwd php-horde-pdf php-horde-perms php-horde-prefs php-horde-queue php-horde-rdo php-horde-role php-horde-routes php-horde-rpc php-horde-scheduler php-horde-scribe php-horde-secret php-horde-serialize php-horde-service-facebook php-horde-service-gravatar php-horde-service-twitter php-horde-service-urlshortener php-horde-service-weather php-horde-sesha php-horde-sessionhandler php-horde-share php-horde-smtp php-horde-socket-client php-horde-spellchecker php-horde-stream php-horde-stream-filter php-horde-stream-wrapper php-horde-support php-horde-syncml php-horde-template php-horde-test php-horde-text-diff php-horde-text-filter php-horde-text-flowed php-horde-thrift php-horde-timeobjects php-horde-timezone php-horde-token php-horde-translation php-horde-trean php-horde-tree php-horde-turba php-horde-url php-horde-util php-horde-vfs php-horde-view php-horde-webmail php-horde-whups php-horde-wicked php-horde-xml-element php-horde-xml-wbxml php-horde-javascriptminify-jsmin php-horde-text-filter-jsmin Thanks Mathieu Parent
Bug#814382: RFH: samba -- SMB/CIFS file, print, and login server for Unix
Le ven. 13 mars 2020 à 19:39, Alex Crichton a écrit : > > Hi Jelmer Hi Alex, I'm currently the main contributor. > > > RE: RFH: samba -- SMB/CIFS file, print, and login server for Unix > > > > Is there anything I can help with? Help includes: - triaging bug reports: trying to reproduce a bug or ask for reproducibility, test with newer versions of the packages - proposing merge requests to improve packaging or to fix bugs - improving the tests Note that help is needed in all packages of the pkg-samba team, but the "samba" package is where most of the work is needed. > > > Regards > > Alex Regards -- Mathieu Parent
Bug#931255: Orphaning php-horde*
Le mardi 28 janvier 2020, IOhannes m zmölnig a écrit : > On Tue, 28 Jan 2020 11:15:56 +0100 =?UTF-8?Q?IOhannes_m_zm=c3=b6lnig?= > wrote: >> if nobody objects, i'm going to do a QA-upload to buster/proposed-updates. > > https://bugs.debian.org/950018 No objection on my part. Please go ahead. -- Mathieu
Bug#943903: [Pkg-samba-maint] Bug#943903: samba 2:4.11.1+dfsg-1 server breaks mount.cifs from cifs-utils 2:6.9-1
Le dimanche 17 novembre 2019, Marvin Renich a écrit : > Thanks for looking into this. > > * Mathieu Parent [191116 16:12]: >> Le jeu. 31 oct. 2019 à 17:03, Marvin Renich a écrit : >> > >> > Package: samba >> > Version: 2:4.11.1+dfsg-1 >> > Severity: normal >> > >> > After upgrading from samba 2:4.9.13+dfsg-1 to 2:4.11.0+dfsg-10 on a server machine, mount.cifs from cifs-utils 2:6.9-1 >> > on a different machine fails to connect with "mount error(13): Permission denied". Subsequently upgrading samba to >> > 2:4.11.1+dfsg-1 did not help. >> >> What is the kernel version on the client side? > > $ uname -a > Linux basil 5.2.0-3-amd64 #1 SMP Debian 5.2.17-1 (2019-09-26) x86_64 GNU/Linux > >> >> Try to force the CIFS version with vers= in the mount options. > > At the time, I tried 1.0, 2.0, 2.1, 3.0, and 3. > > If I remember correctly, 1.0 gave me a different error message, but > still failed to mount. 3.0 (I think) and 3 gave the error above. I > don't remember which error I got for 2.[01], but it was one of the two. > > If it would be useful, early next week I can try temporarily upgrading > samba on the server and running mount on the client with the --verbose > option. If there is anything else I should try at that time, let me > know. See https://wiki.samba.org/index.php/LinuxCIFS_troubleshooting#Enabling_Debugging > > If it makes any difference (I don't think so), the version of samba on > my client is 2:4.11.1+dfsg-2, and mount.cifs works correctly with the > older version of samba on the server. > > ...Marvin > > -- Mathieu
Bug#943903: [Pkg-samba-maint] Bug#943903: samba 2:4.11.1+dfsg-1 server breaks mount.cifs from cifs-utils 2:6.9-1
Le jeu. 31 oct. 2019 à 17:03, Marvin Renich a écrit : > > Package: samba > Version: 2:4.11.1+dfsg-1 > Severity: normal > > I plan to clone this bug to cifs-utils, as it is unclear which package has > the bug. > > After upgrading from samba 2:4.9.13+dfsg-1 to 2:4.11.0+dfsg-10 on a server > machine, mount.cifs from cifs-utils 2:6.9-1 > on a different machine fails to connect with "mount error(13): Permission > denied". Subsequently upgrading samba to > 2:4.11.1+dfsg-1 did not help. > > Downgrading samba to stable 2:4.9.5+dfsg-5+deb10u1 on the server fixes the > problem. Adding a snapshot version to figure > out what needed to be downgraded to get version 2:4.9.13+dfsg-1 was deemed > not worth the effort, as my daily backup on > the client machine (which mounts the remote cifs share) was running fine when > the server had 2:4.9.13+dfsg-1. What is the kernel version on the client side? Try to force the CIFS version with vers= in the mount options. > vers=arg > SMB protocol version. Allowed values are: > > • 1.0 - The classic CIFS/SMBv1 protocol. > > • 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows > Vista Service Pack 1, and Windows Server 2008. Note that > the initial release version of Windows Vista spoke a slightly different > dialect (2.000) that is not supported. > > • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and > Windows Server 2008R2. > > • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and > Windows Server 2012. > > • 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft > Windows Server 2016. > > Note too that while this option governs the protocol version used, not all > features of each version are available. > > The default since v4.13.5 is for the client and server to negotiate the > highest possible version greater than or equal to 2.1. In > kernels prior to v4.13, the default was 1.0. For kernels between v4.13 and > v4.13.5 the default is 3.0. Ref: https://manpages.debian.org/buster/cifs-utils/mount.cifs.8.en.html Regards -- Mathieu Parent
Bug#944712: ITP: gitlabracadabra -- Configure GitLab from a YAML file
Package: wnpp Owner: Mathieu Parent Severity: wishlist * Package name: gitlabracadabra Version : 0.3.0 Upstream Author : Mathieu Parent * URL : https://gitlab.com/gitlabracadabra/gitlabracadabra#readme * License : LGPL-3.0 Programming Lang: Python Description : Configure GitLab from a YAML file GitLab'racadabra is a way to configure a GitLab instance from a YAML configuration, using the API. It is able to create GitLab's groups, projects, users and application settings.
Bug#942669: [Pkg-samba-maint] Bug#942669: ldb doesn't build for all supported python versions
Le sam. 19 oct. 2019 à 22:21, Matthias Klose a écrit : > > Package: src:ldb > Version: 2:2.0.7-3 > Severity: important > Tags: sid bullseye Hi, > ldb doesn't build for all supported python versions, while b-d on > python3-all-dev. Either drop that b-d, or build the extension for all > supported > python versions. I want to try the second option but cannot test because `py3versions -vd` doesn't return 3.8 yet. I will do the forst option then. Regards -- Mathieu Parent
Bug#942433: [Pkg-samba-maint] Bug#942433: samba: Cannot mount share on samba3 server from samba4 client: protocol negotiation failed
Le jeu. 17 oct. 2019 à 03:45, Igor Liferenko a écrit : > > Hi, > > In "global" section on samba3 server I set this parameter: > > server min protocol = SMB2_02 > > but mounting from samba4 client fails with the same error. > > Samba3 server version is 3.5.6. > Is it possible to configure SMB2_02 in samba-3.5.6? Try: client min protocol=NT1 Ref: "SMB1 is disabled by default" https://www.samba.org/samba/history/samba-4.11.0.html Regards -- Mathieu Parent
Bug#942298: [Pkg-samba-maint] Bug#942298: postinst fails if smb.conf is not available
Le lun. 14 oct. 2019 à 13:54, Timo Aaltonen a écrit : > > On 14.10.2019 11.11, Mathieu Parent wrote: > > Control: tag -1 moreinfo > > > > Le lun. 14 oct. 2019 à 09:36, Timo Aaltonen a écrit : > >> > >> Package: samba-common-bin > >> Severity: normal > >> > >> Hi > > > > Hello, > > > >> > >> If there's no smb.conf, sambal-common-bin postinst fails because > >> testparm returns an error. Please make it handle this error. > > > > What is your usecase? > > > > samba-common-bin depends on samba-common which has smb.conf. > > > > Regards > > > > freeipa-client-samba needs /usr/bin/net from samba-common-bin, and I > don't see a smb.conf generated after installing it. Testing from sid: # apt install -y freeipa-client-samba [...] # wc -l /etc/samba/smb.conf 236 /etc/samba/smb.conf It is automaticaly created. How could you have none? NB: samba-common.postinst checks for this: > if [ ! -e "$CONFIG" ]; then > echo "Install/upgrade will fail. To recover, please try:" > echo " sudo cp /usr/share/samba/smb.conf $CONFIG" >echo " sudo dpkg --configure -a" Regards -- Mathieu Parent
Bug#941654: Forwardedd
Control: forward -1 https://bugzilla.samba.org/show_bug.cgi?id=14159 Control: tag -1 upstream Reported upstream: https://bugzilla.samba.org/show_bug.cgi?id=14159 I've tried, but failed to render this dep optional. I will therefore completely disable spotlight support in the next upload. -- Mathieu Parent
Bug#942298: [Pkg-samba-maint] Bug#942298: postinst fails if smb.conf is not available
Control: tag -1 moreinfo Le lun. 14 oct. 2019 à 09:36, Timo Aaltonen a écrit : > > Package: samba-common-bin > Severity: normal > > Hi Hello, > > If there's no smb.conf, sambal-common-bin postinst fails because > testparm returns an error. Please make it handle this error. What is your usecase? samba-common-bin depends on samba-common which has smb.conf. Regards -- Mathieu Parent
Bug#880380: Orphaning php-horde*
Hello, FYI, I'm orphaning php-horde-* packages. See: https://bugs.debian.org/942282 Regards -- Mathieu Parent
Bug#942282: O: php-horde-core -- Core Horde Framework library (AND all php-horde*!)
Package: wnpp Severity: normal X-Debbugs-CC: debian-de...@lists.debian.org Hello, I intend to orphan the php-horde-core package and ALL the php-horde* packages. I'm not using them anymore. There are a few stability fixes to backport to stable (#839129, #931255 #880380, #935816). There is some tooling to ease package update and upload. I won't create a bug for each of those 123 packages [1], but I will ask for the removal of those packages if no-one comes within the next months. [1]: https://qa.debian.org/developer.php?email=team%2Bdebian-horde-team%40tracker.debian.org The php-horde-core package description is: These classes provide the core functionality of the Horde Application Framework. . This package is part of Horde, a web application Framework written in PHP with modules like IMP (webmail), Turba (contacts), Kronolith (calendar), Nag (task list), Gollem (file manager), etc.
Bug#942214: thunar/nautilus crash navigate directory "cifs mounted" containing opened libreoffice writer file
Control: reassign -1 libglib2.0-0 2.58.3-2+deb10u Le sam. 12 oct. 2019 à 14:30, a écrit : > > Package: cifs-utils > Version: 2:6.8-2 > Severity: normal > > Dear Maintainer, Hi, > How to product case : > 1- have a mounted filesystem with cifs ( microsoft shared directory ) > 2- open a file with libreoffice writer in one directory of this cifs > mounted > 3- try to navigate with Thunar or Nautilus into this directory containing > the opened file > 4- Thunar or Nautilus crash and is closed immediatly > > Log from syslog (with thunar case) : > Oct 11 11:11:46 localhost kernel: [ 8856.065120] Thunar[3403]: segfault at > 7ffd820ea000 ip 7fad784aba2d sp 7ffd820e62b0 error 4 in > libgio-2.0.so.0.5800.3[7fad783b8000+f9000] Assigning to the relevant package. > Note : > Thunar or Nautilus only crash with opened "libreoffice writer file" in a > cifs mounted directory... > NO problem with other filesystems > > DELANSAY David > > -- System Information: > Debian Release: 10.1 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), > LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages cifs-utils depends on: > ii libc6 2.28-10 > ii libcap-ng00.7.9-2 > ii libkeyutils1 1.6-6 > ii libkrb5-3 1.17-3 > ii libpam0g 1.3.1-5 > ii libtalloc22.1.14-2 > ii libwbclient0 2:4.9.5+dfsg-5+deb10u1 > > cifs-utils recommends no packages. > > Versions of packages cifs-utils suggests: > pn keyutils > pn smbclient > pn winbind > > -- no debconf information > > Regards -- Mathieu Parent
Bug#942163: O: c-icap-modules -- C-ICAP modules
Package: wnpp Severity: normal Control: block -1 by 942160 X-Debbugs-CC: debian-de...@lists.debian.org Hello, I intend to orphan the c-icap-modules package. See also #942160 for c-icap. Package: libc-icap-mod-virus-scan Description: Antivirus Service for c-icap This is an antivirus Service for c-icap which uses libclamav or clamd to do scanning. It is distributed with c-icap and written by the same author. Package: libc-icap-mod-urlcheck Description: URL Check Service for c-icap This is an URL Check Service for c-icap. It is distributed with c-icap and written by the same author. Package: libc-icap-mod-contentfiltering Description: Content filtering Service for c-icap This is an score based content filtering icap service. It is distributed with c-icap and written by the same author.
Bug#942160: O: c-icap -- ICAP server implementation
Package: wnpp Severity: normal I intend to orphan the c-icap package. The package description is: C-ICAP is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. . Most of the commercial HTTP proxies must support the ICAP protocol. The open source Squid 3.x proxy server supports it. . This Package contains the core ICAP daemon C-ICAP is an implementation of an ICAP server. It can be used with HTTP proxies that support the ICAP protocol to implement content adaptation and filtering services. . Most of the commercial HTTP proxies must support the ICAP protocol. The open source Squid 3.x proxy server supports it. . This Package contains the core ICAP daemon
Bug#941654: [Pkg-samba-maint] Bug#941654: samba: Upgrading to 4.11.0 pulls in glib, dconf and systemd packages by enabling spotlight feature
Le jeu. 3 oct. 2019 à 13:21, Elimar Riesebieter a écrit :
>
> Package: samba
> Version: 2:4.11.0+dfsg-8
> Severity: normal
Hi,
> Upgrading to 4.11.0+dfsg-8 pulls in by enabling spotlight feature::
>
> The following packages will be REMOVED:
> libldb1 sysvinit-core
> The following NEW packages will be installed:
> dbus-user-session dconf-gsettings-backend dconf-service glib-networking
> glib-networking-common glib-networking-services gsettings-desktop-schemas
> libargon2-1 libcryptsetup12 libdconf1 libjson-glib-1.0-0
> libjson-glib-1.0-common libldb2 libpam-systemd libproxy1v5 libsoup2.4-1
> libtracker-sparql-2.0-0 systemd systemd-sysv
> The following packages will be upgraded:
> ldb-tools libwbclient0 python3-ldb python3-samba samba samba-common
> samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules winbind
> 11 upgraded, 19 newly installed, 2 to remove and 0 not upgraded.
Yes:
# aptitude why libglib2.0-0
i samba Depends samba-libs (= 2:4.11.0+dfsg-8)
i A samba-libs Depends libglib2.0-0 (>= 2.16.0)
# ldd /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0 | grep glib
libglib-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
(0x7f35b0ad8000)
libjson-glib-1.0.so.0 =>
/usr/lib/x86_64-linux-gnu/libjson-glib-1.0.so.0 (0x7f35aff06000)
$ git grep ifdef.HAVE_GLIB
source3/lib/tevent_glib_glue.c:#ifdef HAVE_GLIB
$ cat source3/wscript
# ...
if conf.CONFIG_SET('HAVE_GLIB'):
conf.DEFINE('WITH_TEVENT_GLIB_GLUE', '1')
# ...
> Neither the dconf nor the glib packages are needed to run a headless
> server. Hence systemd isn't wanted from me on a headless server.
Agree.
> It should be possible to package the spotlight feature in a separate
> package, though.
This is in samba-libs, and harder to fix probably.
Will take a look...
> Thanks
> --
> Elimar
>
> ___
> Pkg-samba-maint mailing list
> pkg-samba-ma...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-samba-maint
--
Mathieu
Bug#941467: fixed in samba 2:4.11.0+dfsg-7
Le jeudi 3 octobre 2019, Jeremy Bicha a écrit : > Control: reopen 941467 > > Oops, it looks like this fix didn't work either. Argh! At least ldb is now fixed. > > https://buildd.debian.org/status/package.php?p=samba > > Thanks, > Jeremy > -- Mathieu
Bug#941467: [Pkg-samba-maint] Bug#941467: fixed in samba 2:4.11.0+dfsg-6
Le mer. 2 oct. 2019 à 21:12, Paul Gevers a écrit : > > Control: reopen 941467 > > On Tue, 01 Oct 2019 21:07:24 +0000 Mathieu Parent > wrote: > > samba (2:4.11.0+dfsg-6) unstable; urgency=medium > > . > >* Do not run waf configure in parallel. Fix FTBFS on arm (Closes: > > #941467) > > Apparently this wasn't enough to fix the failures, as armel, armhf and > mipsel still FTBFS. Only armel and armhf were affected by this FTBFS. And this is fixed in -7 (I forgot about make lazy vars). > Additionally mips64el and ppc64el now have an > unfulfilled Build-Depends. This is the remaining blocker in the > gnome-desktop3/mutter/evolution-data-server transition. Yes. This is also in progress (ldb 2:2.0.7-3 is coming soon). Regards -- Mathieu Parent
Bug#941162: php-horde-mime: DEP-8 tests fail with error "Class 'Horde_Test_Case' not found".
Le mer. 25 sept. 2019 à 21:03, Bryce Harrington
a écrit :
>
> Package: php-horde-mime
> Version: 2.11.0-2
> Severity: normal
>
> Dear Maintainer,
Thanks for your report.
> php-horde-mime fails its DEP-8 test with the error shown below, on
> ci.debian.net, and similar failure was seen in Ubuntu.
>
> PHP Fatal error: Uncaught Error: Class 'Horde_Test_Case' not found in
> /tmp/autopkgtest.WKueSZ/build.G63/src/Horde_Mime-2.11.0/test/Horde/Mime/Filter/EncodingTest.php:26
> Stack trace:
> #0 /usr/share/php/PHPUnit/Util/FileLoader.php(57): include_once()
> #1 /usr/share/php/PHPUnit/Util/FileLoader.php(45):
> PHPUnit\Util\FileLoader::load('/tmp/autopkgtes...')
> #2 /usr/share/php/PHPUnit/Framework/TestSuite.php(540):
> PHPUnit\Util\FileLoader::checkAndLoad('/tmp/autopkgtes...')
> #3 /usr/share/php/PHPUnit/Framework/TestSuite.php(618):
> PHPUnit\Framework\TestSuite->addTestFile('/tmp/autopkgtes...')
> #4 /usr/share/php/PHPUnit/Runner/BaseTestRunner.php(70):
> PHPUnit\Framework\TestSuite->addTestFiles(Array)
> #5 /usr/share/php/PHPUnit/TextUI/Command.php(183):
> PHPUnit\Runner\BaseTestRunner->getTest('.', '', Array)
> #6 /usr/share/php/PHPUnit/TextUI/Command.php(162):
> PHPUnit\TextUI\Command->run(Array, true)
> #7 /usr/bin/phpunit(42): PHPUnit\TextUI\Command::main()
> #8 {main}
> thrown in
> /tmp/autopkgtest.WKueSZ/build.G63/src/Horde_Mime-2.11.0/test/Horde/Mime/Filter/EncodingTest.php
> on line 26
>
> Debian log:
>
> https://ci.debian.net/data/autopkgtest/unstable/amd64/p/php-horde-mime/3015914/log.gz
> Ubuntu log:
>
> https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-eoan/eoan/amd64/p/php-horde-mime/20190913_195327_67b6b@/log.gz
>
> I've added a patch in Ubuntu that works around the issue by adding an
> include for AllTests.php. (Is it possible AllTests.php is supposed to
> be automatically included, yet isn't for some reason?)
This looks like a workaround indeed.
Currently almost all horde packages fails in CI, there is a huge work
here and I need help. I don't want to merge those workaround patches
until we have a summary of the different kind of problems. Also, we
need to work with upstream.
Can Ubuntu help here?
See also : https://salsa.debian.org/groups/horde-team/-/merge_requests
Regards
Mathieu Parent
Bug#940963: [Pkg-samba-maint] Bug#940963: samba doesn't start anymore
Le dim. 22 sept. 2019 à 19:27, Elimar Riesebieter a écrit : > > Control: severity -1 grave > Control: reassign -1 samba-common-bin > > * Elimar Riesebieter [2019-09-22 13:00 +0200]: > > > Package: samba > > Version: 2:4.10.8+dfsg-1 > > Severity: normal > > > > > > This server runs sysvinit! > > > > [2019/09/22 12:44:28.672896, 0] ../../source3/smbd/server.c:1850(main) > > server role = 'active directory domain controller' not compatible with > > running smbd standalone. > > You should start 'samba' instead, and it will control starting smbd if > > required > > [2019/09/22 12:44:30.809747, 0] ../../source3/nmbd/nmbd.c:921(main) > > server role = 'active directory domain controller' not compatible with > > running nmbd standalone. > > You should start 'samba' instead, and it will control starting the > > internal nbt server > > /etc/init.d/samba-ad-dc calls > 'samba-tool testparm --parameter-name="server role"' which fails > with: > > Traceback (most recent call last): > File "/bin/samba-tool", line 33, in > from samba.netcmd.main import cmd_sambatool > File "/usr/lib/python3/dist-packages/samba/__init__.py", line 29, in > > import samba.param > ImportError: > /lib/x86_64-linux-gnu/libpytalloc-util.cpython-37m-x86-64-linux-gnu.so.2: > version `PYTALLOC_UTIL.PY3_2.1.6' not found (required by > /usr/lib/python3/dist-packages/samba/param.cpython-37m-x86_64-linux-gnu.so) Yes, talloc from samba 4.11 was uploaded, this usually doesn't introduce pain. But this time (they dropped python2 support) it was. Maybe a samba rebuild would help. I hope that ldb will pass NEW fast... Regards -- Mathieu Paretn
Bug#940697: marked as pending in samba
Le jeu. 19 sept. 2019 à 12:57, John Paul Adrian Glaubitz a écrit : > > Hi Mathieu! > > On 9/19/19 12:51 PM, John Paul Adrian Glaubitz wrote: > > On 9/19/19 10:26 AM, Mathieu Parent wrote: > >> Bug #940697 in samba reported by you has been fixed in the > >> Git repository and is awaiting an upload. You can see the commit > >> message below and you can check the diff of the fix at: > >> > >> https://salsa.debian.org/samba-team/samba/commit/8c76b2d3ee3617bf1fb5c70640d70029f7c207e5 > > Thanks a lot for the very quick fix. > > > > I noticed two issues with my patch: > > > > 1) In debian/rules, the if-condition should start with "ifneq", not "ifeq". > > > > 2) in debian/ctdb.install, "linux-any" should be replaced with > > "amd64 arm64 i386 mips64el ppc64el ppc64 x32". > > > > Apologies for the mistakes. I wasn't finished with full testing when I > > submitted the patch. > > It also seems that ceph can be enabled on more architectures than > > amd64 arm64 i386 mips64el ppc64el ppc64 x32 > > but the primary problem that needs to be fixed first is that samba hangs > during configure > on at least armel, armhf, mipsel and powerpc. We need to figure out what's > happening > here. See https://salsa.debian.org/samba-team/samba/commit/f3b77f815ed9bba8e0969ecc8b359f6721210146 Applied in upcoming 4.11. > Adrian > > -- > .''`. John Paul Adrian Glaubitz > : :' : Debian Developer - glaub...@debian.org > `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de >`-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -- Mathieu Parent
Bug#932716: [Pkg-samba-maint] Bug#932716: samba: smbd gets killed by systemd on magic script invocation
Control: reopen -1 2:4.5.16+dfsg-1+deb9u2 Control: tag -1 moreinfo Le lun. 16 sept. 2019 à 15:42, Alexander Zima a écrit : > > Can you please explain it a little bit more... > I investigated the whole thing through and finally I decided to open the bug. > As there was no information in the samba logs, I didn't add them. > I really need this to be clarified. Reopening. This needs more info: Does it gets killed for a simple no-op script too? Regards -- Mathieu Parent
Bug#939698: [pkg-php-pear] Bug#939698: lintian: warning about pkg-php-tools versioned dependency conflicts with cme suggestion
Le dim. 8 sept. 2019 à 02:25, David Prévot a écrit : > > Le 07/09/2019 à 11:00, Antonio Ospite a écrit : > > Package: lintian > […] > > one of my packages build-depends on pkg-php-tools, and I used to have > > that as a versioned dependency, as suggested by this lintian warning: > > > > W: tweeper source: pear-package-feature-requires-newer-pkg-php-tools (>= > > 1.7~) for Composer package support > > > > However I found out that running `cme check dpkg` on said package > > suggests to remove the versioned dependency because it has become > > unnecessary: > > It has become unnecessary since at least oldoldstable, so full ack. I’m > not the pkg-php-tools maintainer, just a member of the PHP PEAR (and > Composer) team taking care of ~100 of PHP library packages. Acking too as the main author and maintainer of pkg-php-tools. Regards -- Mathieu Parent
Bug#709975: Add set_sourcedir to Debian::Debhelper::Buildsystem
Le mer. 14 août 2019 à 18:30, Niels Thykier a écrit :
>
> On Mon, 27 May 2013 10:29:42 +0200 Mathieu Parent
> wrote:
> > Package: debhelper
> > Version: 9.20130518
> > Severity: whishlist
> > X-Debbugs-CC: pkg-php-p...@lists.alioth.debian.org
> >
> > Hi Joey,
> >
> > For the pkg-php-tools [1] package, which enhance debhelper, I need to
> > change the sourcedir when building PECL [2] package.
> >
> > [1]: http://anonscm.debian.org/gitweb/?p=pkg-php/pkg-php-tools.git;a=summary
> > [2]: http://www.php.net/manual/en/install.pecl.phpize.php
> >
> > The wanted workflow on configure:
> > - set sourcedir to Foo-0.0.0
> > - phpize
> > - pass to parent Debian::Debhelper::Buildsystem::autoconf configure()
> > - set sourcedir back to top
> >
> > The wanted workflow on build:
> > - set sourcedir to Foo-0.0.0
> > - pass to parent Debian::Debhelper::Buildsystem::autoconf build()
> > - set sourcedir back to top
> >
> > The wanted workflow on install:
> > - set sourcedir to Foo-0.0.0
> > - pass to parent Debian::Debhelper::Buildsystem::autoconf install()
> > - set sourcedir back to top
> >
> > Wanted API:
> > - push_sourcedir (with the same checks as in
> > Debian::Debhelper::Buildsystem::new())
> > - pop_sourcedir
> >
> > Or:
> > - set_sourcedir (with the same checks as in
> > Debian::Debhelper::Buildsystem::new())
> >
> > I'm open to any better solution.
> >
> > Regards
> > --
> > Mathieu Parent
> >
> >
>
> Hi Mathieu,
>
> Apologies for the long wait before picking this up.
Hi,
Me answering late too ...
> Since you filed this bug, debhelper has gotten a new model for build
> systems that may be relevant to this case. The described build flows
> looks a look existing build generator flows (a la meson+ninja or
> cmake+make[1]).
>
> The phppear have some differences to this theme as such debhelper does
> not currently support exactly the phppear use-case. I am hoping we can
> come to a solution on that.
>
> If phppear would be converted to generator buildsystem like meson, then
> it would probably look something like this (mix-pseudo code, mix real code):
>
>
> """
> # Remove 'use base "Debian::Debhelper::Buildsystem::autoconf";'
> [...]
>
> sub IS_GENERATOR_BUILD_SYSTEM {
> return 1;
> }
>
> sub SUPPORTED_TARGET_BUILD_SYSTEMS {
> return qw(autoconf);
> }
>
> sub _get_peardir {
> [...]
> }
>
> # This sub does *not* exist yet
> sub _initialize_target_buildsystem {
> my ($this, $target_bs_options, @args) = shift;
> $target_bs_options->{'sourcedir'} = $this->_get_peardir;
> $target_bs_options->{'builddir'} = $this->_get_peardir;
> return $this->SUPER::_initialize_target_buildsystem(
> $target_bs_options, @args);
> }
>
> sub configure {
> my $this=shift;
> $this->get_targetbuildsystem->mkdir_builddir;
> $this->get_targetbuildsystem->doit_in_builddir('phpize');
> return $this->SUPER::configure(@_);
> }
>
> [...]
> """
> The configure is from your concept description; I realise that the real
> phppear build system is "slightly" more complex than that.
>
>
> The most difficult issue is if you need to extract data to make
> _get_peardir work, which may only be available if phppear is a valid
> buildsystem for the concrete package. However, debhelper currently
> initializes the target buildsystem immediately and we rely on this
> elsewhere in debhelper (e.g. in dh_auto_configure --list).
>
>
> Just to confirm I got some details correct:
> * Is it correctly understood of me that phppear *conditionally* uses
>autoconf as a generated build system (i.e. there are packages where
>phppear does everything without ever using the autoconf bits)?
Yes. PECL (php extensions) use autoconf, but PEAR (php only) don't.
> * Is it correctly understood that phppear potentially needs two
>distinct "build directories"? One for itself and a generated one for
>the autoconf parts?
I'm not sure (I don't remember, even reading the code). There are
several source dirs.
>
> * Is the exact name returned by _get_peardir important or just "nice to
>have"?
It is important. This dir should exists in the tarball already,
>
>
>
> Finally, a few drive-by remarks after reviewing the phppear build system
> (in case they are useful to you):
>
> * _get_mainpackage looks like an expensive version of $dh{MAINPACKA
Bug#931255: Update in stable?
Le jeu. 29 août 2019 à 15:39, Christoph Haas a écrit : > > I would like to see this simple fix in Buster. Without it the package is > nearly unusable in my opinion. Do you think the release team would agree? Yes, the release team will agree. Unfortunately, I won't work on this soon. Regards -- Mathieu Parent
Bug#935501: [Pkg-samba-maint] Bug#935501: cifs-utils: accessing cifs mounted share in qbittorrent causes kehelper 100% cpu after 10-15 mins of use.
Control: reassign -1 src:linux 4.19.37-5 Control: affects -1 cifs-utils Le ven. 23 août 2019 à 11:09, PB a écrit : > > Package: cifs-utils > Version: 2:6.8-2 > Severity: important > > Dear Maintainer, Hi, >* What led up to the situation? > - cifs-utils: accessing cifs mounted share in qbittorrent causes kehelper 100% > cpu after 10-15 mins of use. > - watchdog: BUG: soft lockup - CPU#3 stuck for 23s! [cifsd:1280] reported in > syslog This is a kernel bug then, reaffecting. >* What exactly did you do (or not do) that was effective (or > ineffective)? > n/a. requires hard power off to shutdown. >* What was the outcome of this action? > n/a >* What outcome did you expect instead? > n/a > > This system was ugraded from Stretch release which was working fine with same > hardware and usage pattern. Please try with linux 4.19.37-5+deb10u2 from buster-proposed-updates. It has a couple of cifs fixes. Also, this commit in cifs is about lockup, and *may* be relevant: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/cifs?id=48f238a79f668f8ff013024d83010de551833d7f Regards Mathieu Parent > > -- System Information: > Debian Release: 10.0 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, > TAINT_UNSIGNED_MODULE > Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), > LANGUAGE=en_AU:en (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages cifs-utils depends on: > ii libc6 2.28-10 > ii libcap-ng00.7.9-2 > ii libkeyutils1 1.6-6 > ii libkrb5-3 1.17-3 > ii libpam0g 1.3.1-5 > ii libtalloc22.1.14-2 > ii libwbclient0 2:4.9.5+dfsg-5 > > cifs-utils recommends no packages. > > Versions of packages cifs-utils suggests: > ii keyutils 1.6-6 > pn smbclient > pn winbind > > -- no debconf information
Bug#781913:
Le lun. 19 août 2019 à 14:27, Andreas Hasenack a écrit : > > FWIW, in Ubuntu we completely dropped python2, I think Debian will > want both for a while? On the other hand, I hear that samba 4.11 will > also completely drop python2. The plan is to build both for 4.10, and drop python2 with (or before) 4.11. I don't want to break depending packages. Regards -- Mathieu Parent
Bug#781913: [Pkg-samba-maint] Bug#781913: please build bindings for Python3 and let samba-common-bin use them
Le dim. 18 août 2019 à 14:15, Laurent Bigonville a écrit : > > Package: src:samba > Followup-For: Bug #781913 > > Hi, > > samba 4.10 is apparently supporting python3 > > Are there any plans to upload that soon? Yes. Work has already started. I plan to finish this during August. > Not that ubuntu already did the work apparently I know. Regards -- Mathieu Paren
Bug#929503: blhc: Arch improperly detected on newer dpkg-buildpackage
Hello,
I found the cause of #929503.
The following line is not properly parsed:
dpkg-buildpackage: info: host architecture amd64
See attached patch.
Regards
--
Mathieu Parent
From b470b50e1509f582abeeda59bfb9ffbb8ab20716 Mon Sep 17 00:00:00 2001
From: Mathieu Parent
Date: Thu, 1 Aug 2019 00:17:31 +0200
Subject: [PATCH] Detect architecture automatically on newer dpkg-buildpackage
Detected by https://salsa.debian.org/samba-team/samba/-/jobs/247553
---
bin/blhc | 4
1 file changed, 4 insertions(+)
diff --git a/bin/blhc b/bin/blhc
index d9a3bb2..8eaf2f5 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -964,6 +964,10 @@ foreach my $file (@ARGV) {
$arch = substr $arch, 3;
}
}
+if (not $arch
+and index($line, 'dpkg-buildpackage: info: host architecture ') == 0) {
+$arch = substr $line, 43, -1; # -1 to ignore '\n' at the end
+}
next if $line =~ /^\s*#/;
# Ignore compiler warnings for now.
--
2.20.1
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Control: clone -1 -2
Control: retitle -2 smbd No way to bind to IPv4 only
Control: severity -2 wishlist
Control: reopen -2
Control: tags -2 confirmed upstrea
Le jeu. 25 juil. 2019 à 01:36, Dark Penguin a écrit :
>
> On 24/07/19 22:14, Mathieu Parent wrote:
> > Le mer. 24 juil. 2019 à 00:27, Dark Penguin a
> > écrit :
> >>
> >> On 24/07/19 00:15, Mathieu Parent wrote:
> >>> Version: 2:4.9.5+dfsg-5
> >>>
> >>> I'm closing this bug with the version in buster.
> >>>
> >>> Le dim. 21 juil. 2019 à 21:45, Dark Penguin a
> >>> écrit :
> >>>>
> >>>> I tried this just now. The result is, basically, nothing: my kernel does
> >>>> not have IPv6 support anyway, so restricting IPv6 out on the systemd
> >>>> level does not change anything. There are still error messages about
> >>>> being unable to bind to IPv6 upon restarting smbd, however with this,
> >>>> restarting it also takes a few seconds instead of happening almost
> >>>> instantly.
> >>>>
> >>>> I guess the "proper" solution would be the same: if there are no IPv6
> >>>> interfaces in the system, smbd should not try to bind to them. If it was
> >>>> specifically instructed to bind to a certain interface and it is
> >>>> unavailable, then output an error message "This interface is requested
> >>>> but unavailable", instead of "open_socket_in(): socket() call failed:
> >>>> Address family not supported by protocol". This error message is not
> >>>> even decipherable without Google's help.
> >>>
> >>> The following binds to IPv4 only:
> >>>
> >>> interfaces = lo 0.0.0.0
> >>> bind to interfaces only = yes
> >>>
> >>> Regards
> >>
> >>
> >> Umm... I've actually tried that before.
> >
> > Confirmed with:
> >interfaces = 127.0.0.0/8 0.0.0.0
> >bind interfaces only = yes
> >
> >
> > $ sudo ss -lntp | grep smbd
> > LISTEN0 50 127.0.0.1:445
> > 0.0.0.0:*users:(("smbd",pid=9146,fd=32))
> > LISTEN0 50 127.0.0.1:139
> > 0.0.0.0:*users:(("smbd",pid=9146,fd=33))
>
>
> We should probably reopen this then?..
The current bug is about samba service depending on network.
I'm cloning this bug to another, about IPv4-only binding.
Regards
--
Mathieu Parent
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Le mer. 24 juil. 2019 à 00:27, Dark Penguin a écrit :
>
> On 24/07/19 00:15, Mathieu Parent wrote:
> > Version: 2:4.9.5+dfsg-5
> >
> > I'm closing this bug with the version in buster.
> >
> > Le dim. 21 juil. 2019 à 21:45, Dark Penguin a
> > écrit :
> >>
> >> I tried this just now. The result is, basically, nothing: my kernel does
> >> not have IPv6 support anyway, so restricting IPv6 out on the systemd
> >> level does not change anything. There are still error messages about
> >> being unable to bind to IPv6 upon restarting smbd, however with this,
> >> restarting it also takes a few seconds instead of happening almost
> >> instantly.
> >>
> >> I guess the "proper" solution would be the same: if there are no IPv6
> >> interfaces in the system, smbd should not try to bind to them. If it was
> >> specifically instructed to bind to a certain interface and it is
> >> unavailable, then output an error message "This interface is requested
> >> but unavailable", instead of "open_socket_in(): socket() call failed:
> >> Address family not supported by protocol". This error message is not
> >> even decipherable without Google's help.
> >
> > The following binds to IPv4 only:
> >
> > interfaces = lo 0.0.0.0
> > bind to interfaces only = yes
> >
> > Regards
>
>
> Umm... I've actually tried that before.
Confirmed with:
interfaces = 127.0.0.0/8 0.0.0.0
bind interfaces only = yes
$ sudo ss -lntp | grep smbd
LISTEN0 50 127.0.0.1:445
0.0.0.0:*users:(("smbd",pid=9146,fd=32))
LISTEN0 50 127.0.0.1:139
0.0.0.0:*users:(("smbd",pid=9146,fd=33))
--
Mathieu Parent
Bug#932716: [Pkg-samba-maint] Bug#932716: samba: smbd gets killed by systemd on magic script invocation
Control: tag -1 + moreinfo Le lun. 22 juil. 2019 à 09:54, Alexander Zima a écrit : > > Package: samba > Version: 2:4.5.16+dfsg-1+deb9u2 > Severity: normal > > Dear Maintainer, > >* What led up to the situation? > > Samba was configured to use a magic script and the magic script was executed. > > >* What exactly did you do (or not do) that was effective (or > ineffective)? > > Tried different settings in the systemd unit (Type forking, simple, notify) > and > ultimately started smbd manually without systemd. > > >* What was the outcome of this action? > > When smbd was run manually, the magic script was executed normally and > everything worked as expected. > When smbd was started via systemd, systemd killed the smbd process. The log > reported the following: > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: State 'stop-sigterm' timed > out. Killing. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 30152 (smbd) > with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 12712 (smbd) > with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 13890 (smbd) > with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 30153 > (smbd-notifyd) with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 30154 > (cleanupd) with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Killing process 30156 (lpqd) > with signal SIGKILL. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Main process exited, > code=killed, status=9/KILL > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Unit entered failed state. > Jun 26 14:18:19 vast01 systemd[1]: smbd.service: Failed with result 'timeout' Please attach you /var/log/samba/log.smb file, and optionaly /var/log/samba/cores/smbd. Thanks -- Mathieu Parent
Bug#932685: [Pkg-samba-maint] Bug#932685: Samba package won't respect the -y switch of apt-get install command
Control; retitle -1 samba-common: DHCP debconf question shouldn't be critical
Control: severity -1 wishlist
Le dim. 21 juil. 2019 à 22:09, Mikael Hartzell
a écrit :
>
> Package: samba-common
> Version: 2:4.9.5+dfsg-5
>
> I maintain a software package (freelcs.sourceforge.net) that runs on Debian.
> My software needs samba and installs this among other packages it needs with
> apt-get. The user runs my GUI installer which uses apt-get in the background
> to install needed Debian packages unattended. This has worked fine before in
> Debian releases 7, 8 and 9, but now in Debian 10 the installer fails because
> the samba-common package won't respect the -q=2 -y swithces on apt-get
> commandline. The exact commandline I use is:
>
> apt-get -q=2 --reinstall -y install samba
-q is not related to debconf questions.
> another commandline I tried is:
>
> sudo apt-get --reinstall -y --no-install-recommends install samba
Those options neither.
> The expected behavior is that samba package is installed without prompting
> the user for anything. However both of these commands now always open up a
> prompt asking:
>
> "If your computer gets IP address information from a DHCP server on the
> network, the DHCP server may also provide information about WINS servers
> ("NetBIOS name servers") present on the network. This requires a change to
> your smb.conf file so
> that DHCP-provided WINS settings will automatically be read from
> /var/lib/samba/dhcp.conf.
> The dhcp-client package must be installed to take advantage of this feature.
> Modify smb.conf to use WINS settings from DHCP?"
>
> IMHO this seems like a bug in the samba package, since the behavior has
> changed from earlier samba - versions and the apt-get switches -q=2 -y and
> --no-install-recommends should provide default answers for the packages
> questions and the installation should proceed without any prompts.
This was actually fixed by samba 2:4.8.1+dfsg-1 [1]. And was broken by
the upload of isc-dhcp (4.1.1-P1-7) in 2010.
[1]:
https://salsa.debian.org/samba-team/samba/commit/04bfc02107845ed941cf7cfd5003a56736d78d54
What you want is something like:
DEBIAN_FRONTEND=noninteractive apt-get -y install samba
So, the behavior is as expected.
However, I agree that asking for wins options today should not be that
"critical".
I'm keeping this bug to track either:
- the lowering of the option, or
- the complete removal of dhcp/wins support
Regards
--
Mathieu Parent
Bug#873073: [Pkg-samba-maint] Bug#873073: Other ways to disable IPv6 ?
Le dim. 14 juil. 2019 à 15:09, Dark Penguin a écrit : > > This particular case could be less of a problem (at least to me) if > adding "bind interfaces only = yes" was not the only way to disable IPv6 > in samba. > > Would it make sense to change the priority of an error message on > startup about missing IPv6 support? If samba sees that IPv6 is not > supported on this system, shouldn't it deduce that it is therefore not > required, and output an "info" message like "Not binding to IPv6 - > protocol not supported" instead of an error? Have you tried overriding with: cat /etc/systemd/system/smbd.service [Service] RestrictAddressFamilies=AF_UNIX AF_INET (then systemctl daemon-reload and systemctl restart smbd) (Not tested...) Regards -- Mathieu Parent
Bug#873073: [Pkg-samba-maint] Bug#873073: Still present in Buster
Le dim. 14 juil. 2019 à 14:51, Dark Penguin a écrit : > > This issue is still present in Buster. > > Changing the interface name to its IP address in smb.conf does not make > sense because we're talking about a situation when your IP address is > managed by DHCP. > > Tweaking the systemd service files does not help according to the OP, > and even if it did, this is not a solution - network-online.target > apparently still does not work. > > Mathieu, is there a bug report with more details about the > network-online.target problem? It looks pretty serious since it can > potentially break all network-based daemons, and is still not fixed in > Buster. Have you considered tuning /etc/default/networking ? For example: WAIT_ONLINE_METHOD="ifup" WAIT_ONLINE_IFACE="enp2s0" WAIT_ONLINE_ADDRESS="" WAIT_ONLINE_TIMEOUT=300 or: WAIT_ONLINE_METHOD="ping" WAIT_ONLINE_IFACE="" WAIT_ONLINE_ADDRESS="128.31.0.62" WAIT_ONLINE_TIMEOUT=300 See also /lib/ifupdown/wait-online.sh What is the content of /etc/network/interfaces? Regards -- Mathieu Parent
Bug#931411: samba-common-bin: samba-tool user create error with unicode characters in the names
Control: tag + confirmed upstream fixed-upstream
Le jeu. 4 juil. 2019 à 11:54, Pisch Tamás a écrit :
>
> Package: samba-common-bin
> Version: 2:4.9.5+dfsg-5
> Severity: normal
>
> Dear Maintainer,
Hi
> when I give the command, for example
> samba-tool user create test pwd --surname Vezetéknév --givenname Keresztnév
> I get the following error message:
> ERROR(): Failed to add user
> 'teszttanar3': - 'ascii' codec can't decode byte 0xc3 in position 16:
> ordinal not in range(128)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 425, in
> run
> smartcard_required=smartcard_required)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 490, in newuser
> force_password_change_at_next_login_req)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 606, in
> setpassword
> """ % (user_dn, base64.b64encode(pw).decode('utf-8'))
> On the Samba list, somebody suggested to use newer Samba version,
> because it is improved. Samba 4.10 can (or in default?) uses python3,
> and with it, I could use unicode
> characters. Ok, but I would like to use Debian 10, with official packages.
Your error is on the password. Could you try this patch:
https://gitlab.com/samba-team/samba/commit/7102732b25dfcd5e6815159e3043eed240e918d3
Thanks
--
Mathieu Parent
Bug#930749: unblock: samba/2:4.9.9+dfsg-1
Control: tag -1 - moreinfo Le jeu. 20 juin 2019 à 09:03, Paul Gevers a écrit : > > Control: tags -1 moreinfo > > On 19-06-2019 22:14, Mathieu Parent wrote: > > Without an ack from you, I will only add the patch for CVE-2019-12435 (and > > maybe #929217?) and delay the other fixes for buster-proposed-updates. > > > > What is you opinion? > > Please do the targeted fix (for both issues). We are really closing the > release now and its not appropriate anymore to include new upstream > releases that are *not* target fix upstream releases. I went ahead and uploaded 2:4.9.5+dfsg-5 to sid just now. The debdiff is attached. > Please also try hard to meet the dead-line for a ready to migrate > package at 2019-06-25 13:00 UTC [1]. It should be ok. > Remove the moreinfo tag once there is something ready to review. Done. Regards -- Mathieu Parent debdiff Description: Binary data
Bug#930766: unblock: samba/2:4.9.9+dfsg-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, This is a pre-approval request about samba. A new Samba security version was released today to address CVE-2019-12435: 4.9.9. Sid/buster currently has 4.9.5. I'm tempted to upload 4.9.9 to sid (targeting buster). This would add a big diff of stability fixes. The d/changelog would look like: samba (2:4.9.9+dfsg-1) unstable; urgency=high * This is a security release in order to address the following defect: - CVE-2019-12435 zone operations can crash rpc server * New upstream release - Remove security patches, included in release - libsamba-passdb.so bumped to 0.27.2 * Add missing Breaks+Replace found by piuparts (Closes: #929217) Thanks Andreas Beckmann! Without an ack from you, I will only add the patch for CVE-2019-12435 (and maybe #929217?) and delay the other fixes for buster-proposed-updates. What is you opinion? (not including the debdiff against the package in testing, which is huge) unblock samba/2:4.9.9+dfsg-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#930749: unblock: samba/2:4.9.9+dfsg-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, This is a pre-approval request about samba. A new Samba security version was released today to address CVE-2019-12435: 4.9.9. Sid/buster currently has 4.9.5. I'm tempted to upload 4.9.9 to sid (targeting buster). This would add a big diff of stability fixes. The d/changelog would look like: samba (2:4.9.9+dfsg-1) unstable; urgency=high * This is a security release in order to address the following defect: - CVE-2019-12435 zone operations can crash rpc server (Closes: #930748) * New upstream release - Remove security patches, included in release - libsamba-passdb.so bumped to 0.27.2 * Add missing Breaks+Replace found by piuparts (Closes: #929217) Thanks Andreas Beckmann! Without an ack from you, I will only add the patch for CVE-2019-12435 (and maybe #929217?) and delay the other fixes for buster-proposed-updates. What is you opinion? (not including the debdiff against the package in testing, which is huge) unblock samba/2:4.9.9+dfsg-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#930748: [Pkg-samba-maint] Bug#930748: samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
Le mer. 19 juin 2019 à 21:51, Salvatore Bonaccorso a écrit : > > Source: samba > Version: 2:4.9.5+dfsg-4 > Severity: important > Tags: security upstream > > Hi, Hi, > The following vulnerability was published for samba. > > CVE-2019-12435[0]: > | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer > | dereference, leading to Denial of Service. This is related to the AD > | DC DNS management server (dnsserver) RPC server process. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-12435 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435 > [1] https://www.samba.org/samba/security/CVE-2019-12435.html I've just created a pre-approval unblock request to choose between uploading 4.9.9 (including stability fixes) or 4.9.5+patch. Regards -- Mathieu Parent
Bug#930321: php-horde-form: diff for NMU version 2.0.18-3.1
Le dim. 16 juin 2019 à 17:48, Salvatore Bonaccorso a écrit : > > Control: tags 930321 + pending > > Hi Mathieu, > > I've prepared an NMU for php-horde-form (versioned as 2.0.18-3.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should cancel it or feel free to override it with a maintainer upload! > > Decided to go ahead with a DELAYED/2 only given the approaching > release for buster. Thanks. I've also pushed your changes to salsa. Usually, the release team handle those security patches automaticaly. Otherwise an unblock request is needed in 2 days. Cheers -- Mathieu Parent
Bug#929931: [Pkg-samba-maint] Bug#929931: CTDB: Debian Enablement (focus: NFS HA)
Hello Rafael, Thanks for your work. Have you sent all patches to upstream? Once this is done, please propose a MR at: https://salsa.debian.org/samba-team/samba (with cherry-picked commits, with "-x") Those may go in Debian 10 buster. Thanks again Mathieu Parent
Bug#929268: Pending fixed packages
Hi rollopack, Please test the packages from: https://salsa.debian.org/samba-team/samba/-/jobs/179622/artifacts/browse/debian/output/ They should fix the segfaults. @carnil: Once the package is confirmed fixing this bug, can I upload to security-master? It has only 3 changes: * Update Salsa Pipeline * Backport stability fixes: - Bug 13315: Samba segfault with NT1 connections in smbXsrv_session_create() (Closes: #929268) - Bug 13454: No Backtrace given by Samba's AD DC by default" (Closes: #929303) Regards -- Mathieu Parent
Bug#929268: [Pkg-samba-maint] Bug#929268: Acknowledgement (samba: Samba segfault)
Control: forwarded -1 https://bugzilla.samba.org/show_bug.cgi?id=13315 Control: tag -1 + upstream fixed-upstream patch It looks to be: https://bugzilla.samba.org/show_bug.cgi?id=13315 Regards -- Mathieu Parent
Bug#929268: [Pkg-samba-maint] Bug#929268: Acknowledgement (samba: Samba segfault)
Hi, Thanks for your report. I've forwarded it at https://bugzilla.samba.org/show_bug.cgi?id=13685#c45 It looks like you don't have all debug symbols installed. Unfortunately there are probably not available (as https://wiki.debian.org/AutomaticDebugPackages#Status does not have stretch-security). Regards -- Mathieu Parent
Bug#927747: [Pkg-samba-maint] Bug#927747: bind9_dlz backend is entirely broken in Debian
severity 927747 serious thanks Le mar. 23 avr. 2019 à 23:12, Steinar H. Gunderson a écrit : > > On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote: > > There are several issues here. Trying a summary. > > 1. We need to patch bind9 apparmor profile (this is the cloned bug) > > Yes. > > > 2. The /var/lib/samba/bind-dns directory is created on domain > > provision. Nothing to do here? > > It's not created on upgrade from stretch, though? You don't re-provision your > domain when upgrading Samba, yet upgrading should be allowed. > > > 2. bind9 conf "include" should be updated. As the conffile is not > > owned by samba all we can do is printing a message in samba preinst > > (if include "/usr/local/samba/private/named.conf" is found in > > /etc/named/named.conf or /etc/bind/named.conf.local) > > Yes. > > > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11) > > I _think_ samba_dnsupgradedns writes a new config fragment. > > > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when? > > I would assume in postinst (assuming we detect its use). > I've started to work on this but was unable to automate things. Will try again Downgrading the severity as the AppArmor side is already fixed it seems in sid. Regards -- Mathieu Parent
Bug#927747: [Pkg-samba-maint] Bug#927747: bind9_dlz backend is entirely broken in Debian
clone 927747 -1 reassign -1 bind9 severity -1 serious retitle -1 bind9: Please add "/var/lib/samba/bind-dns/** rwk," to apparmor profile thanks Le lun. 22 avr. 2019 à 17:30, Steinar H. Gunderson a écrit : > > Package: samba > Version: 2:4.9.5+dfsg-3 > Severity: grave > > Hi, Hi, Thanks for your detailed report. > I upgraded a DC from stretch to buster, and DNS for AD (via bind9_dlz) > started failing in strange ways. (In particular, when I changed the IP address > of the DC, samba-tool dns query would return the correct addresses, but actual > DNS lookups would return the old ones.) It turns out that upstream, bind9_dlz > data has moved from /var/lib/samba/private to /var/lib/samba/bind-dns; > however, > there's no notice about this anywhere, and the path does not exist in Debian. > (Thus, the .conf file in use didn't even mention the BIND 9.11 .so file, much > less load it.) Furthermore, if you try to remedy this problem yourself by > mkdir-ing the new directory and running samba_dnsupgrade, BIND will no longer > start due to AppArmor policies being out of date: > > [84419.640664] audit: type=1400 audit(1555945763.230:88): apparmor="DENIED" > operation="open" profile="/usr/sbin/named" > name="/var/lib/samba/bind-dns/named.conf" pid=9043 comm="isc-worker" > requested_mask="r" denied_mask="r" fsuid=111 ouid=0 > [84486.581899] audit: type=1400 audit(1555945830.170:89): apparmor="DENIED" > operation="open" profile="/usr/sbin/named" > name="/var/lib/samba/bind-dns/named.conf" pid=9171 comm="isc-worker" > requested_mask="r" denied_mask="r" fsuid=111 ouid=0 > > Given that AppArmor now seems to be default on in buster, this breaks > the functionality completely, even for new installations (not just for > upgrades from stretch). > > I would suppose that postinst needs to check whether BIND9_DLZ is in use, > and if so, run samba_upgradedns --dns-backend=BIND9_DLZ and then finally > pop up a message saying that the admin will have to change the .conf path > in named.conf.local. And the AppArmor profile will need to be fixed. > > Even after this, I had to run samba_dnsupdate once with --use-samba-tool, > and then it would finally run without “dns_tkey_gssnegotiate: TKEY is > unacceptable” the next time. There are several issues here. Trying a summary. 1. We need to patch bind9 apparmor profile (this is the cloned bug) 2. The /var/lib/samba/bind-dns directory is created on domain provision. Nothing to do here? 2. bind9 conf "include" should be updated. As the conffile is not owned by samba all we can do is printing a message in samba preinst (if include "/usr/local/samba/private/named.conf" is found in /etc/named/named.conf or /etc/bind/named.conf.local) 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11) 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when? 1. I think adding this rule is ok: +/var/lib/samba/bind-dns/** rwk, But we may do better with something like this (to be tested and improved): /var/lib/samba/private/dns.keytab r, /var/lib/samba/private/named.conf r, - /var/lib/samba/private/dns/** rwk, + /var/lib/samba/bind-dns/*.conf r, + /var/lib/samba/bind-dns/dns/** rwk, - /etc/smb.conf r, + /etc/samba/smb.conf r, Regards -- Mathieu Parent
Bug#927794: Add support for Cannonlake un
Package: src:linux Version: 4.9.168-1 Severity: wishlist Tags: upstream fixed-upstream Hi, Please add support for I219-V7 and other e1000e Cannonlake. Patches are here: https://github.com/torvalds/linux/commit/3a3173b9c37aa1f07f8a71021114ee29a5712acb https://github.com/torvalds/linux/commit/c8744f44aeaee1caf5d6595e9351702253260088 And probably: https://github.com/torvalds/linux/commit/68fe1d5da548aab2b6b1c28a9137248d6ccfcc43 You can also add Icelake: https://github.com/torvalds/linux/commit/48f76b68f9fca4e1d5bbb1755d14e8e8e09bdd5b Thanks Mathieu Parent See also: https://kernelnewbies.org/Linux_4.12#Networking-1 https://kernelnewbies.org/Linux_4.14#Networking-1 -- Mathieu
Bug#926887: [Pkg-samba-maint] Bug#926887: Upgrade replaced smb.conf
Control: fixed -1 2:4.8.1+dfsg-1 Le jeu. 11 avr. 2019 à 22:06, Alexander Toresson a écrit : > > Package: samba-common > Version: 2:4.2.14+dfsg-0+deb8u12 > > Hi, > > Suddenly my smb shares stopped working. I found out that an unattended > upgrade of samba-common hade replaced (!) smb.conf, for whatever reason: > > Excerpt from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log: > ... > Setting up samba-common (2:4.2.14+dfsg-0+deb8u12) ... > Replacing config file /etc/samba/smb.conf with new version > ... > > This is not something I'd expect to happen on package upgrade, at least not > without being asked about it, which cannot be done for an unattended upgrade. > Also, this was a security upgrade from deb8u11 to deb8u12, on which I'd > expect it even less. > > This occured on debian 8.11 armel. Samba uses ucf to manage config file during upgrade. This should ensure proper three way merge between old, new and local config. However this is a bit broken in stretch as it searches for [cdrom] section. Can you send your /etc/samba/smb.conf* (including .ucf*) and /var/run/samba/upgrades/smb.conf files? Regards -- Mathieu Parent
Bug#926431: [Pkg-samba-maint] Bug#926431: cifs-utils: Password containing special character "$" (dollar) only works with prepended backslash
Le ven. 5 avr. 2019 à 03:21, Lars Kruse a écrit :
>
> Package: cifs-utils
> Version: 2:6.8-2
> Severity: normal
>
> Dear Maintainer,
>
> recently I changed my LDAP password to a new one, that contains a "$"
> character.
> Afterwards I failed to mount shares with this new password.
>
> I tried the following approaches:
> * interactive mount (e.g. "mount -t cifs -o user=foo //example/share /mnt")
> * credential file
> (e.g. "mount -t cifs -o user=foo,credentials=bar //example/share /mnt")
> * indirect mount via "pam_mount"
>
> In the first two cases I succeed to mount the share, if I prepend the
> special character ("$") with a backslash. Thus "pass\$word" works, while
> the real password is "pass$word".
> The last case ("pam_mount") was obviously impossible to test this way.
>
> I observed the same behaviour with a client on jessie (2:6.4-1) and on
> stretch (2:6.7-1).
Thanks for your report. Reading the source of cifs-utils and linux, I
don't find where the dollar sign is unescaped.
As a workaround for pma_mount, you may use a wrapper command.
See https://manpages.debian.org/testing/libpam-mount/pam_mount.conf.5.en.html
Regards
--
Mathieu Parent
Bug#926474: [Pkg-samba-maint] Bug#926474: smbclient: Can browse samba shares as root but not as user
Le dimanche 7 avril 2019, a écrit : > a) no, winbind is not installed (and is not installed under Stretch 9.8, where the samba connection is working perfectly). Can you try wih winbind installed (and all samba services restarted)? > b) for the moment, I just set up a point-to-point ethernet cable connection with an old pc running winxp, within the same workgroup, and I just use the file \etc\hosts to map the addresses (pinging is ok both ways). > c) don't get what you mean by command; I use smbtree to check that the shares on both pc's are visible, after that (normally) I can browse through a file manager, and in fact I can do that through Krusader running with root privileges. > > > >> Il 6 aprile 2019 alle 21.58 Mathieu Parent ha scritto: >> >> >> Le sam. 6 avr. 2019 à 16:00, a écrit : >> > >> > Hi, Mathieu, thanks for your reply. >> > >> > I tried either with the new smb.conf (att. smb.conf.up1) suggested during installing samba, and with the version taken from previous releases and which is working flawlessly in Stretch (att. smb.conf.ucf-old). Does not change the problem. >> >> Is Winbind installed? Are you using pam_winbind and nss_winbind? What >> is your complete command? >> >> Regards >> >> -- >> Mathieu Parent > > -- Mathieu
Bug#926474: [Pkg-samba-maint] Bug#926474: smbclient: Can browse samba shares as root but not as user
Le sam. 6 avr. 2019 à 16:00, a écrit : > > Hi, Mathieu, thanks for your reply. > > I tried either with the new smb.conf (att. smb.conf.up1) suggested during > installing samba, and with the version taken from previous releases and which > is working flawlessly in Stretch (att. smb.conf.ucf-old). Does not change the > problem. Is Winbind installed? Are you using pam_winbind and nss_winbind? What is your complete command? Regards -- Mathieu Parent
Bug#926474: [Pkg-samba-maint] Bug#926474: smbclient: Can browse samba shares as root but not as user
Control: tag -1 + moreinfo Le ven. 5 avr. 2019 à 20:27, a écrit : > > Package: smbclient > Version: 2:4.9.5+dfsg-2 > Severity: important > > Dear Maintainer, Hi, > in a freshly installed testing/buster release, I installed samba + > smbclient and reproduced the same configuration > (smb.conf, smbpasswd for root and for user) that is perfectly working on a > Stretch release installed in a separated partition . > Testparm gives a positive result, and # pdbedit -w -L correctly provides > root:0::564A9466B5B97FEBE398359543B5B07D:[U >]:LCT-5CA4C2F8: > giuliano:1000::8C869E0D14E71B60877E785FE5F8A299:[U > ]:LCT-5CA4C312: > > Issuing the command smbtree as root I can see the available local and remote > resources, however issuing the same command > as user I get > "Unable to initialize messaging context" on the first line, > followed either by nothing, or by an incorrect or partial list of the shares. > Restarting samba (# /usr/sbin/service smbd restart) then smbtree shows all > the shares, always with the same message on first > line, but I cannot browse them: > Dolphin does not show anything under Samba Shares. > > I have quite a limited experience and do not know which other details might > be of interest. Please provide your smb.conf. Regards -- Mathieu Parent
Bug#925249: unblock: ldb/2:1.5.1+really1.4.6-3 and samba/2:4.9.5+dfsg-2
Le dimanche 31 mars 2019, Ivo De Decker a écrit : > Hi Mathieu, > > On Sun, Mar 31, 2019 at 09:24:58AM +0200, Mathieu Parent wrote: >> Done. All the releasable archs are built. >> >> Could you also reduce the aging of both packages to ensure they >> migrate before April, 8? There is a samba security fix at this date. >> >> unblock ldb/2:1.5.1+really1.4.6-3 >> age-days 7 ldb/2:1.5.1+really1.4.6-3 >> unblock samba/2:4.9.5+dfsg-2 >> age-days 7 samba/2:4.9.5+dfsg-2 > > Unblocked and aged 5 days. Thanks > When the security fix is released, I assume you will just upload it to > unstable and file a new unblock. Yes > Thanks! > > Ivo > > > -- Mathieu
Bug#925249: unblock: ldb/2:1.5.1+really1.4.6-3 and samba/2:4.9.5+dfsg-2
Control: tags -1 - moreinfo Le ven. 29 mars 2019 à 12:32, Ivo De Decker a écrit : > > Control: tags -1 confirmed moreinfo > > Hi, Hi, > On Thu, Mar 21, 2019 at 07:03:08PM +0100, Mathieu Parent wrote: > > I'm waiting your ack to upload those to unstable: > > > > unblock ldb/2:1.5.1+really1.4.6-3 > > unblock samba/2:4.9.5+dfsg-2 > > Please go ahead with the upload to unstable and remove the moreinfo tag from > this bug once the builds in unstable are done. Done. All the releasable archs are built. Could you also reduce the aging of both packages to ensure they migrate before April, 8? There is a samba security fix at this date. unblock ldb/2:1.5.1+really1.4.6-3 age-days 7 ldb/2:1.5.1+really1.4.6-3 unblock samba/2:4.9.5+dfsg-2 age-days 7 samba/2:4.9.5+dfsg-2 > Thanks, > > Ivo > Thanks -- Mathieu
