-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 28 May 2022 22:52:59 +0300 Source: samba Architecture: source Version: 2:4.13.13+dfsg-1~deb11u4 Distribution: bullseye-proposed-updates Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 953530 998423 999876 1001053 1004691 1005642 1006935 1009855 Changes: samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium . * fix the order of everything during build by exporting PYTHONHASHSEED=1 for waf. This should fix the broken i386 build of the last security upload. Closes: #1006935, #1009855 * Import the left-over patches from 4.13.17 upstream stable branch: - s3-winbindd-fix-allow-trusted-domains-no-regression.patch https://bugzilla.samba.org/show_bug.cgi?id=14899 Closes: #999876, winbind fails to start with `allow trusted domains: no` - IPA-DC-add-missing-checks.patch https://bugzilla.samba.org/show_bug.cgi?id=14903 - CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch https://bugzilla.samba.org/show_bug.cgi?id=14922 Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2 - dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch https://bugzilla.samba.org/show_bug.cgi?id=14656 https://bugzilla.samba.org/show_bug.cgi?id=14902 - s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch https://bugzilla.samba.org/show_bug.cgi?id=13979 Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape * 4 patches from upstream to fix possible serious data corruption issue with windows client cache poisoning, Closes: #1005642 https://bugzilla.samba.org/show_bug.cgi?id=14928 * two patches from upstream to fix coredump when connecting to shares with var substitutions, Closes: #998423 https://bugzilla.samba.org/show_bug.cgi?id=14809 * samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries Closes: #953530 * remove file creation+deletion from previously applied combined patches CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch to make patch deapply happy (quilt does not notice this situation) * d/salsa-ci.yml: target bullseye Checksums-Sha1: 0ca51aa2da29720bbd031f3312a2cd9b1510e2e1 4034 samba_4.13.13+dfsg-1~deb11u4.dsc 3a47efcafa28d4822f1255a013a5f6e969c08fd9 473752 samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz 5fdee37732717fb03c62f3a1192e362e33d9dfd1 8990 samba_4.13.13+dfsg-1~deb11u4_source.buildinfo Checksums-Sha256: 8a73f505c06f019493f5f072849883f91225d153dc04cf29b0c842db95f2f122 4034 samba_4.13.13+dfsg-1~deb11u4.dsc 400ee978570b9e4660504dd78134cc48c49976f7779c0d91d50759194fdb577b 473752 samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz acd609e8ea1a52aae286c1b4c8627786fc8e942318ab37aaf1647441929933e9 8990 samba_4.13.13+dfsg-1~deb11u4_source.buildinfo Files: a6145bfa833244fe4cb634424a6788a0 4034 net optional samba_4.13.13+dfsg-1~deb11u4.dsc 608b6314448bc0d7caf365567f1ceade 473752 net optional samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz a91c6e2d38554116a6032357bb70bcdd 8990 net optional samba_4.13.13+dfsg-1~deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmKSfjIPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZNgUH/0jEPHRjiCZG3HXAYsOvT4W8c++knegy0qEM GWJen2oFCCNQQCGcxzATDPOk2YuzFjgWBnvxsTKDqPXtZCZxIomzr/rAmf5UmIc6 y2Qlbl9CnrgTlQbfUiUEEuvd306VDg3zff0ttsEAkiSp/PmBPpTqA2dnXZuPfnZo l/3xfq936EdjeTaHAsZkerH5+4W34W8ZM2PqGJ2gjWGCfWaK450UAWJIMEFK6hFB 8SdmE4M8PmK3eEhe8bSt1IRoYS0/juTRdpaZnP5dJ9qSiDy9Rf5zk4YQjFTAoTJP +giD8JgtrzCcoQ1GSy2N6TuulsG1ipafxSpYg9he/J6FT79qS8U= =ssEN -----END PGP SIGNATURE-----
