-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 05 Apr 2022 16:01:25 +0300 Source: samba Architecture: source Version: 2:4.16.0+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 862338 878612 953530 975882 988197 998423 1004690 1004691 1004692 1005642 1006875 Changes: samba (2:4.16.0+dfsg-1) experimental; urgency=medium . * New upstream major release. Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists Closes: #1005642 (windows client data corruption due to cache poisoning) Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2) Closes: #998423 (coredump connecting from macos to shares with var substs) * Notable changes in 4.16 series compared to 4.13: - modular VFS (see The_New_VFS.txt) - publishing printers in AD is more complete - group policies for winbindd cilents (like linux systems) - certificate auto enrollement in AD group policy - large list of improvements in samba-tool - SMB1 protocol has been deprecated, some subcommands has been removed - more consistend options/subcommands in samba commands * d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time debian-specific failures to go away, by preserving order of waf hashes * refresh patches, update build-depend versions (talloc, tdb, tevent) * refresh lintian-overrides files, add many new overrides * build-depend on python3-markdown * build-depend on libjson-perl for new heimdal bits * more consistent internal lib naming; refresh file lists everywhere * samba: install new rpc_* services, install samba-dcerpc * refresh symbols files * build libldb from samba sources, not from separate source (this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to /usr/lib/$triple/samba/ldb/ - the same where dsdb modules are). * optimizations for d/make_shlibs; also allow one to specify explicit version for some packages * as per clarifications for waf --{bundled,builtin}-libraries, remove now-wrong usage there. This also fixes build failures with current samba sources * d/rules: various optimizations to reduce startup costs by eliminating unnecessary external command calls during d/rules read by make. Including caching of LDB version information in d/ldb-version.mk file. This does not affect the buildd processing much (and does not affect runtime at all), but helps with build procedure debugging. * d/rules: numerous small fixes, cleanups and other changes, including: - clean up the install target - remove some now-irrelevant parts - fix no-glusterfs-build on non-linux * change build procedure: instead of `waf build', run `waf install'. `waf build' builds samba to be run from the build dir, and `waf install' rebuilds/relinks everything again for production. Build the production variant only, no build-dir one. * samba-common-bin.postinst: explicitly mkdir /run/samba before invoking samba binaries (Closes: #953530) * in the salsa git repository of samba, stop keeping debian patches in applied form, keep them in d/patches/ only as most other packages do. * move single python (helper) module, libsamba-policy, together with 2 internal libraries used by it, from samba-libs package to python3-samba. This makes samba-libs to be free from python-related files, and makes python3-samba to be the only python-providing package. Closes: #1006875, #878612, #862338 * also move dckeytab python module from samba to python3-samba (actually stop moving it from python3-samba to samba to incorrectly avoid a circular dependency). Also verify that python3-samba does not depend on samba package. * weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed" testparm message (Closes: #975882) * spelling.patch: fix many common spelling mistakes in the source * ctdb: simplify/cleanup instllation of READMEs/examples * d/control: remove breaks/replaces/depends on ancient versions of some packages (ancient dpkg version in Pre-Depends, ancient samba-libs) * d/rules: rework wrong shlibdeps handling * move helper programs from /usr/lib/$multiarch/ to /usr/libexec/ where they belongs. This should not affect users. * smbclient: re-do the fix for an old bug, #221618. The original "fix" did not fix anything (it is too late already to #define _FILE_OFFSET_BITS when all types has already been defined). From now on, raise an error if off_t is less than 64bits (it should >=64 when #include'ing <libsmbclient.h> with proper LFS defines). In theory this can break some sources which either included libsmbclient.h without a reason or which didn't use any of the functions which deals with off_t (smbc_lseek etc), - which did not explicitly enable LFS on a 32bit system. Please email us if you faced such situation. * drop 07_private_lib patch: we do not need to force rpath for private libraries into every samba binary, upstream build system does a good job here. Checksums-Sha1: ac4dcf7872c3fd7367b88b8e3065a93f1b26d2c8 4265 samba_4.16.0+dfsg-1.dsc 41afac83620ded6de15b3fe74f7505f0a0cc5148 18124712 samba_4.16.0+dfsg.orig.tar.xz 81d9b4f61332ec1a04a578cd9b98ea8fb8770967 259416 samba_4.16.0+dfsg-1.debian.tar.xz 176ab81041f9d7e7a31bba072d87eb5395273f01 8757 samba_4.16.0+dfsg-1_source.buildinfo Checksums-Sha256: 14d65b1408a4c0b3c2a6eb128f741b741b08291431cc6f17cb6ae19a7ec010f8 4265 samba_4.16.0+dfsg-1.dsc 440096f6743ab83a838a0a736c74f3505b9a5e0a416d01c616e47c260ed8058d 18124712 samba_4.16.0+dfsg.orig.tar.xz 16715dee5a9ac1dbd21f885894c82f4d67b2ffb1fc318165d957231aa1d0f075 259416 samba_4.16.0+dfsg-1.debian.tar.xz 8d1b3100872eeee8342557bb51a196f053e39858ea1ba1475d93c489423ab82c 8757 samba_4.16.0+dfsg-1_source.buildinfo Files: 17cdb99e5329eea8c1ee694614d8f25d 4265 net optional samba_4.16.0+dfsg-1.dsc fd69b391b0ba348d61c243dab194efbc 18124712 net optional samba_4.16.0+dfsg.orig.tar.xz 2aedfb68b3005f957ad30f29cd1722cc 259416 net optional samba_4.16.0+dfsg-1.debian.tar.xz 355fc7b692fea393d738ce05b6a391ca 8757 net optional samba_4.16.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmJMPngPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZZucH/RGoWcAz9XjQmtApfhBdSxMniHVy/eNYDeoR u4u/33oU/Kwtm2keIxzeAjr88HEIxU9vCPKhreE/7skioclvQHS4/OfZNOSa7q0z Qj8RKMo3qoNhZaYrPZJ12zkj+cmnIoqEVa8mgMnvVl4VGg9TfegxMbtNN0sWGtAk yICDIJcn3IQ6/BTfXt2SVstiIHKz5L56xHVBx2LRfZZQfynGP9d/VHxWIo2EBHhi Q6BVTcrqk3BJ436oKe3QDOL08aCOFypLTh9+zhov56WkbcN5aVqd5qQSNM6ng4Xp 2veROWwV9ngzPF3H+G8WyXZo9aJesRlqFOPr2/jDd3tARkgjL70= =f4yZ -----END PGP SIGNATURE-----