We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1005642@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 05 Apr 2022 16:01:25 +0300
Source: samba
Architecture: source
Version: 2:4.16.0+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 862338 878612 953530 975882 988197 998423 1004690 1004691 1004692 1005642 1006875
Changes:
samba (2:4.16.0+dfsg-1) experimental; urgency=medium
.
* New upstream major release.
Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
the outside target of a symlink exists
Closes: #1005642 (windows client data corruption due to cache poisoning)
Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
Closes: #998423 (coredump connecting from macos to shares with var substs)
* Notable changes in 4.16 series compared to 4.13:
- modular VFS (see The_New_VFS.txt)
- publishing printers in AD is more complete
- group policies for winbindd cilents (like linux systems)
- certificate auto enrollement in AD group policy
- large list of improvements in samba-tool
- SMB1 protocol has been deprecated, some subcommands has been removed
- more consistend options/subcommands in samba commands
* d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
debian-specific failures to go away, by preserving order of waf hashes
* refresh patches, update build-depend versions (talloc, tdb, tevent)
* refresh lintian-overrides files, add many new overrides
* build-depend on python3-markdown
* build-depend on libjson-perl for new heimdal bits
* more consistent internal lib naming; refresh file lists everywhere
* samba: install new rpc_* services, install samba-dcerpc
* refresh symbols files
* build libldb from samba sources, not from separate source
(this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to
/usr/lib/$triple/samba/ldb/ - the same where dsdb modules are).
* optimizations for d/make_shlibs; also allow one to specify explicit
version for some packages
* as per clarifications for waf --{bundled,builtin}-libraries, remove
now-wrong usage there. This also fixes build failures with current
samba sources
* d/rules: various optimizations to reduce startup costs by eliminating
unnecessary external command calls during d/rules read by make.
Including caching of LDB version information in d/ldb-version.mk file.
This does not affect the buildd processing much (and does not affect
runtime at all), but helps with build procedure debugging.
* d/rules: numerous small fixes, cleanups and other changes, including:
- clean up the install target
- remove some now-irrelevant parts
- fix no-glusterfs-build on non-linux
* change build procedure: instead of `waf build', run `waf install'.
`waf build' builds samba to be run from the build dir, and `waf install'
rebuilds/relinks everything again for production. Build the production
variant only, no build-dir one.
* samba-common-bin.postinst: explicitly mkdir /run/samba before invoking
samba binaries (Closes: #953530)
* in the salsa git repository of samba, stop keeping debian patches in
applied form, keep them in d/patches/ only as most other packages do.
* move single python (helper) module, libsamba-policy, together with
2 internal libraries used by it, from samba-libs package to python3-samba.
This makes samba-libs to be free from python-related files, and makes
python3-samba to be the only python-providing package.
Closes: #1006875, #878612, #862338
* also move dckeytab python module from samba to python3-samba
(actually stop moving it from python3-samba to samba to incorrectly
avoid a circular dependency). Also verify that python3-samba does
not depend on samba package.
* weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
testparm message (Closes: #975882)
* spelling.patch: fix many common spelling mistakes in the source
* ctdb: simplify/cleanup instllation of READMEs/examples
* d/control: remove breaks/replaces/depends on ancient versions of some
packages (ancient dpkg version in Pre-Depends, ancient samba-libs)
* d/rules: rework wrong shlibdeps handling
* move helper programs from /usr/lib/$multiarch/ to /usr/libexec/
where they belongs. This should not affect users.
* smbclient: re-do the fix for an old bug, #221618. The original "fix"
did not fix anything (it is too late already to #define _FILE_OFFSET_BITS
when all types has already been defined). From now on, raise an error
if off_t is less than 64bits (it should >=64 when #include'ing
<libsmbclient.h> with proper LFS defines). In theory this can break
some sources which either included libsmbclient.h without a reason or
which didn't use any of the functions which deals with off_t (smbc_lseek
etc), - which did not explicitly enable LFS on a 32bit system.
Please email us if you faced such situation.
* drop 07_private_lib patch: we do not need to force rpath for
private libraries into every samba binary, upstream build system
does a good job here.
Checksums-Sha1:
ac4dcf7872c3fd7367b88b8e3065a93f1b26d2c8 4265 samba_4.16.0+dfsg-1.dsc
41afac83620ded6de15b3fe74f7505f0a0cc5148 18124712 samba_4.16.0+dfsg.orig.tar.xz
81d9b4f61332ec1a04a578cd9b98ea8fb8770967 259416 samba_4.16.0+dfsg-1.debian.tar.xz
176ab81041f9d7e7a31bba072d87eb5395273f01 8757 samba_4.16.0+dfsg-1_source.buildinfo
Checksums-Sha256:
14d65b1408a4c0b3c2a6eb128f741b741b08291431cc6f17cb6ae19a7ec010f8 4265 samba_4.16.0+dfsg-1.dsc
440096f6743ab83a838a0a736c74f3505b9a5e0a416d01c616e47c260ed8058d 18124712 samba_4.16.0+dfsg.orig.tar.xz
16715dee5a9ac1dbd21f885894c82f4d67b2ffb1fc318165d957231aa1d0f075 259416 samba_4.16.0+dfsg-1.debian.tar.xz
8d1b3100872eeee8342557bb51a196f053e39858ea1ba1475d93c489423ab82c 8757 samba_4.16.0+dfsg-1_source.buildinfo
Files:
17cdb99e5329eea8c1ee694614d8f25d 4265 net optional samba_4.16.0+dfsg-1.dsc
fd69b391b0ba348d61c243dab194efbc 18124712 net optional samba_4.16.0+dfsg.orig.tar.xz
2aedfb68b3005f957ad30f29cd1722cc 259416 net optional samba_4.16.0+dfsg-1.debian.tar.xz
355fc7b692fea393d738ce05b6a391ca 8757 net optional samba_4.16.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJMPngPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZZucH/RGoWcAz9XjQmtApfhBdSxMniHVy/eNYDeoR
u4u/33oU/Kwtm2keIxzeAjr88HEIxU9vCPKhreE/7skioclvQHS4/OfZNOSa7q0z
Qj8RKMo3qoNhZaYrPZJ12zkj+cmnIoqEVa8mgMnvVl4VGg9TfegxMbtNN0sWGtAk
yICDIJcn3IQ6/BTfXt2SVstiIHKz5L56xHVBx2LRfZZQfynGP9d/VHxWIo2EBHhi
Q6BVTcrqk3BJ436oKe3QDOL08aCOFypLTh9+zhov56WkbcN5aVqd5qQSNM6ng4Xp
2veROWwV9ngzPF3H+G8WyXZo9aJesRlqFOPr2/jDd3tARkgjL70=
=f4yZ
-----END PGP SIGNATURE-----