============================== Release Notes for Samba 4.17.9 July 06, 2023 ============================== This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.8 -------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 15404: Backport --pidl-developer fixes. o Ralph Boehme <slow@samba.org> * BUG 15275: smbd_scavenger crashes when service smbd is stopped. * BUG 15378: vfs_fruit might cause a failing open for delete. o Samuel Cabrero <scabrero@samba.org> * BUG 14030: named crashes on DLZ zone update. o Volker Lendecke <vl@samba.org> * BUG 15361: winbind recurses into itself via rpcd_lsad. * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. * BUG 15391: smbclient leaks fds with showacls. o Stefan Metzmacher <metze@samba.org> * BUG 15374: aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(). * BUG 15413: winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR. o Jones Syue <jonessyue@qnap.com> * BUG 15403: smbget memory leak if failed to download files recursively. ============================== Release Notes for Samba 4.18.4 July 05, 2023 ============================== This is the latest stable release of the Samba 4.18 release series. Changes since 4.18.3 -------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 15404: Backport --pidl-developer fixes. o Samuel Cabrero <scabrero@samba.org> * BUG 14030: Named crashes on DLZ zone update. o Björn Jacke <bj@sernet.de> * BUG 2312: smbcacls and smbcquotas do not check // before the server. o Volker Lendecke <vl@samba.org> * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. * BUG 15391: smbclient leaks fds with showacls. * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. o Stefan Metzmacher <metze@samba.org> * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts. o Noel Power <noel.power@suse.com> * BUG 15384: net ads lookup (with unspecified realm) fails. o Christof Schmitt <cs@samba.org> * BUG 15381: Register Samba processes with GPFS. o Andreas Schneider <asn@samba.org> * BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation). * BUG 15398: The winbind child segfaults when listing users with `winbind scan trusted domains = yes`. o Jones Syue <jonessyue@qnap.com> * BUG 15383: Remove comments about deprecated 'write cache size'. * BUG 15403: smbget memory leak if failed to download files recursively.
Note that when bumping, we need to add a patch for bug 910306 too.
Ah, thanks for the pointer. Just filled https://bugs.gentoo.org/910335, will ask to dup it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c580697941c0090848274bea073c0d3ef555032a commit c580697941c0090848274bea073c0d3ef555032a Author: David Seifert <soap@gentoo.org> AuthorDate: 2023-07-16 10:32:23 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-07-16 10:32:23 +0000 net-fs/samba: add 4.18.4 Bug: https://bugs.gentoo.org/910306 Bug: https://bugs.gentoo.org/910334 Signed-off-by: David Seifert <soap@gentoo.org> net-fs/samba/Manifest | 1 + ...4-bug-15418-windows-update-secure-channel.patch | 56 +++ net-fs/samba/files/samba-4.18.4-pam.patch | 29 ++ net-fs/samba/samba-4.18.4.ebuild | 384 +++++++++++++++++++++ 4 files changed, 470 insertions(+)
Initially, this bug request bumping packages to to net-fs/samba-4.17.9 *and* net-fs/samba-4.18.4. Seems like 4.18.4 has been taken care of, but not net-fs/samba-4.17. Should I file a separate bug for net-fs/samba-4.17.9 (or maybe there is one already?) or can we also that one? And while we are here - 4.17 still needs the patch to fix domain logon issues. Not sure if the 4.18 versio forks, but I we can use https://bugzilla.samba.org/attachment.cgi?id=17986 which seems to be the final version of the fix for 4.17 now [slowly] marching through the review / commit / test path, already included in the "master" head.
(In reply to Krzysztof Olędzki from comment #4) > Initially, this bug request bumping packages to to net-fs/samba-4.17.9 *and* > net-fs/samba-4.18.4. Seems like 4.18.4 has been taken care of, but not > net-fs/samba-4.17. > > Should I file a separate bug for net-fs/samba-4.17.9 (or maybe there is one > already?) or can we also that one? > Do you really need the older branches? The intention was to not keep maintaining a million branches in tree given the manpower issues with maintaining Samba.
No need to keep million branches - perhaps we can just follow the upstream and limit to the non-EOL ones, which means typically three at at a given time: https://wiki.samba.org/index.php/Samba_Release_Planning#General_information As of today, that would be 4.16, 4.17 and 4.18. Soon also 4.19 but at that time we should drop 4.16 (EOL). Note that samba is a very large and complex system, and like other similar systems (kernel, glibc, etc) someones new versions include regressions - for example, 4.16 was completely unusable on 32-bit systems as an AD DC until samba-4.16.8. The same bug impacted samba-4.17 and was fixed in samba-4.17.4. During that time (over a year), only 4.15 was usable. I also just noticed that 4.17.8 just got dropped, which means that now we only have 4.16.8 (old and with known bugs), 4.16.10 (still old and as mentioned above, will EOL in 2 months) and 4.18.10 (released just 4 months ago), while missing 4.17, which is very well tested. It is also even less than a year old.
Yeah, I can appreciate that. It's complex software and there's often regressions. But being realistic, I think if we're going to support 2 or 3 branches, someone (possibly you) is going to have to volunteer to help.
(Keep in mind that each branch supported means having to sit there & diff the changes for each, build it (and Samba is painfully slow because of its WAF parallelism problems), and ideally keep on top of any patches which need backporting for which nobody made a release upstream.)
Sure, let me know how I can help! In particular, what do I need to do to get 4.17 back to the tree. :)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d32095b165e0f127a89bbf6af1d99b0c7386cfa2 commit d32095b165e0f127a89bbf6af1d99b0c7386cfa2 Author: David Seifert <soap@gentoo.org> AuthorDate: 2023-08-03 15:33:46 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2023-08-03 15:33:46 +0000 net-fs/samba: drop 4.16.8 Bug: https://bugs.gentoo.org/910306 Bug: https://bugs.gentoo.org/910334 Signed-off-by: David Seifert <soap@gentoo.org> net-fs/samba/Manifest | 1 - .../files/samba-4.15.12-configure-clang16.patch | 117 ------- .../files/samba-4.15.9-libunwind-automagic.patch | 118 ------- .../samba/files/samba-4.16.1-netdb-defines.patch | 25 -- .../samba-4.16.2-fix-musl-without-innetgr.patch | 25 -- net-fs/samba/files/samba-4.4.0-pam.patch | 29 -- net-fs/samba/samba-4.16.8.ebuild | 387 --------------------- 7 files changed, 702 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:56:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:56:46 +0000 [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/820566 Bug: https://bugs.gentoo.org/821688 Bug: https://bugs.gentoo.org/830983 Bug: https://bugs.gentoo.org/832433 Bug: https://bugs.gentoo.org/861512 Bug: https://bugs.gentoo.org/866225 Bug: https://bugs.gentoo.org/869122 Bug: https://bugs.gentoo.org/878273 Bug: https://bugs.gentoo.org/880437 Bug: https://bugs.gentoo.org/886153 Bug: https://bugs.gentoo.org/903621 Bug: https://bugs.gentoo.org/905320 Bug: https://bugs.gentoo.org/910334 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+)