Marked this as "critical" as the release fixes a regression introduced in 4.18 that broke libnss_winbind making 4.18 unusable for a number of environments, see for example https://support.zabbix.com/browse/ZBX-22658, and at the same time 4.17 was dropped form the Gentoo tree some time ago, leaving us with only the broken one. Changes since 4.18.6 -------------------- o Jeremy Allison <jra@samba.org> * BUG 15419: Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink(). * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE. * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized pointer. o Andrew Bartlett <abartlet@samba.org> * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect. * BUG 15407: Samba replication logs show (null) DN. o Ralph Boehme <slow@samba.org> * BUG 15463: macOS mdfind returns only 50 results. o Remi Collet <rcollet@redhat.com> * BUG 14808: smbc_getxattr() return value is incorrect. o Volker Lendecke <vl@samba.org> * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value. o Stefan Metzmacher <metze@samba.org> * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more. o MikeLiu <mikeliu@qnap.com> * BUG 15453: File doesn't show when user doesn't have permission if aio_pthread is loaded. o Martin Schwenke <mschwenke@ddn.com> * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with empty claims pac blobs (from Samba 4.19 or Windows). * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is in use.
It if helps, the ebuild for samba-4.18.6 (samba-4.18.6-r1.ebuild) just works if used as "samba-4.18.7.ebuild".
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3a40c2350f7c822f054ae847123f6473ee4199e commit a3a40c2350f7c822f054ae847123f6473ee4199e Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2023-10-03 15:29:26 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2023-10-03 16:08:39 +0000 net-fs/samba: add 4.18.7 Closes: https://bugs.gentoo.org/914842 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.18.7.ebuild | 383 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 384 insertions(+)
Thanks! How do we initiate / drive stabilization for samba packages these days? samba-4.18.7.ebuild (as expected) has been added with KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" The latest with KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ppc ppc64 ~riscv sparc x86" is samba-4.18.4-r1.ebuild but it is affected by a number of functional bugs, including critical security issues. We should mark 4.18.7 as stable and remove all of samba-4.18.4-r1.ebuild, samba-4.18.5-r1.ebuild, samba-4.18.6-r1.ebuild.
(In reply to Krzysztof Olędzki from comment #3) > Thanks! > > How do we initiate / drive stabilization for samba packages these days? > > samba-4.18.7.ebuild (as expected) has been added with KEYWORDS="~alpha > ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" > > The latest with KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ppc > ppc64 ~riscv sparc x86" is samba-4.18.4-r1.ebuild but it is affected by a > number of functional bugs, including critical security issues. > > We should mark 4.18.7 as stable and remove all of samba-4.18.4-r1.ebuild, > samba-4.18.5-r1.ebuild, samba-4.18.6-r1.ebuild. Samba 4.18.8 just got out, perhaps stable that one instead ? ------------------------------------------------------------ This is a security release in order to address the following defects: o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html o CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html
Thanks, filled https://bugs.gentoo.org/915556 for this.
