Bug#1001068: samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid (part of CVE-2020-25717)
Hi Paul, On Tue, May 03, 2022 at 09:05:34PM +0200, Paul Gevers wrote: > Dear all, > > On Fri, 03 Dec 2021 15:44:02 +0100 =?utf-8?q?J=C3=B6rg_Behrmann?= > wrote: > > The upstream samba commit 0a546be0 is included in the buster security > > release > > 2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is > > missing > > in the bullseye security release 2:4.13.13+dfsg-1~deb11u2. > > This bug shows up in the list of RC bugs for bookworm, because according to > the fixed versions, it still applies to unstable and testing. I *assume* > this has been fixed in the mean time in unstable. It would be great if > somebody could confirm that, ideally with the appropriate "Control: -1 fixed > ." line at the start of the mail. Right, the upstream commit in question is included in 4.16.0 upstream, so added an additional fixed version to the bug. Regards, Salvatore
Bug#1001068: samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid (part of CVE-2020-25717)
Dear all, On Fri, 03 Dec 2021 15:44:02 +0100 =?utf-8?q?J=C3=B6rg_Behrmann?= wrote: The upstream samba commit 0a546be0 is included in the buster security release 2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is missing in the bullseye security release 2:4.13.13+dfsg-1~deb11u2. This bug shows up in the list of RC bugs for bookworm, because according to the fixed versions, it still applies to unstable and testing. I *assume* this has been fixed in the mean time in unstable. It would be great if somebody could confirm that, ideally with the appropriate "Control: -1 fixed ." line at the start of the mail. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1001068: samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid (part of CVE-2020-25717)
Hi Jörg, On Fri, Dec 03, 2021 at 03:44:02PM +0100, Jörg Behrmann wrote: > Package: samba > Version: 2:4.13.13+dfsg-1~deb11u2 > Severity: important > X-Debbugs-Cc: t...@security.debian.org > > The upstream samba commit 0a546be0 is included in the buster security release > 2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is missing > in the bullseye security release 2:4.13.13+dfsg-1~deb11u2. > > Pleae apply that patch in bullseye as well, so that the idmap_nss fallback via > SID mapping works. In case you have the possiblity, can you test the packages from https://people.debian.org/~carnil/tmp/samba/2022-01-31/bullseye/ ? Regards, Salvatore
Bug#1001068: samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid (part of CVE-2020-25717)
On Fri, Dec 03, 2021 at 03:44:02PM +0100, Jörg Behrmann wrote: > Package: samba > Version: 2:4.13.13+dfsg-1~deb11u2 > Severity: important > X-Debbugs-Cc: t...@security.debian.org > > The upstream samba commit 0a546be0 is included in the buster security release > 2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is missing > in the bullseye security release 2:4.13.13+dfsg-1~deb11u2. > > Pleae apply that patch in bullseye as well, so that the idmap_nss fallback via > SID mapping works. It would be sensible indeed to apply https://bugzilla.samba.org/show_bug.cgi?id=14901#c9 as well for bullseye to not regress in this case. Can you push such a change to bullseye-pu (not via security) given the point release window for uploads is closing on next weekend? https://lists.debian.org/795fc739fd9f27e75975ecfd07bfc1c0a36f2a25.ca...@adam-barratt.org.uk Regards, Salvatore
Bug#1001068: samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid (part of CVE-2020-25717)
Package: samba Version: 2:4.13.13+dfsg-1~deb11u2 Severity: important X-Debbugs-Cc: t...@security.debian.org The upstream samba commit 0a546be0 is included in the buster security release 2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is missing in the bullseye security release 2:4.13.13+dfsg-1~deb11u2. Pleae apply that patch in bullseye as well, so that the idmap_nss fallback via SID mapping works. -- Package-specific info: * /etc/samba/smb.conf present, but not attached * /var/lib/samba/dhcp.conf not present -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/48 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages samba depends on: ii adduser 3.118 ii dpkg 1.20.9 ii init-system-helpers 1.60 ii libbsd0 0.11.3-1 ii libc62.31-13+deb11u2 ii libgnutls30 3.7.1-5 ii libldb2 2:2.2.3-2~deb11u1 ii libpam-modules 1.4.0-9+deb11u1 ii libpam-runtime 1.4.0-9+deb11u1 ii libpopt0 1.18-2 ii libpython3.9 3.9.2-1 ii libtalloc2 2.3.1-2+b1 ii libtasn1-6 4.16.0-2 ii libtdb1 1.4.3-1+b1 ii libtevent0 0.10.2-1 ii libwbclient0 2:4.13.13+dfsg-1~deb11u2 ii lsb-base 11.1.0 ii procps 2:3.3.17-5 ii python3 3.9.2-3 ii python3-dnspython2.0.0-1 ii python3-samba2:4.13.13+dfsg-1~deb11u2 ii samba-common 2:4.13.13+dfsg-1~deb11u2 ii samba-common-bin 2:4.13.13+dfsg-1~deb11u2 ii samba-libs 2:4.13.13+dfsg-1~deb11u2 ii tdb-tools1.4.3-1+b1 Versions of packages samba recommends: ii attr1:2.4.48-6 ii logrotate 3.18.0-2 ii python3-markdown3.3.4-1 pn samba-dsdb-modules pn samba-vfs-modules Versions of packages samba suggests: pn bind9 pn bind9utils pn ctdb pn ldb-tools pn ntp | chrony pn smbldap-tools pn ufw ii winbind2:4.13.13+dfsg-1~deb11u2 -- no debconf information