Debian
samba package

Change logs for samba source package in Bookworm

  1. Bookworm (12)
  2. Change log 
  • samba (2:4.17.12+dfsg-0+deb12u1) bookworm-security; urgency=medium

  * new stable security bugfix release:
    o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html
      Unsanitized pipe names allow SMB clients to connect as root
      to existing unix domain sockets on the file system.
    o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html
      SMB client can truncate files to 0 bytes by opening files with OVERWRITE
      disposition when using the acl_xattr Samba VFS module with the smb.conf
      setting "acl_xattr:ignore system acls = yes"
    o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html
      An RODC and a user with the GET_CHANGES right can view all attributes,
      including secrets and passwords.  Additionally, the access check fails
      open on error conditions.
    o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html
      Calls to the rpcecho server on the AD DC can request that the server
      block for a user-defined amount of time, denying service.
    o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html
      Samba can be made to start multiple incompatible RPC listeners,
      disrupting service on the AD DC.

 -- Michael Tokarev <email address hidden>  Tue, 10 Oct 2023 18:17:19 +0300
  • samba (2:4.17.11+dfsg-0+deb12u1) bookworm; urgency=medium

  * new upstream stable/bugfix release 4.17.11, including:
   o https://bugzilla.samba.org/show_bug.cgi?id=9959
     Windows client join fails if a second container CN=System exists somewhere
   o https://bugzilla.samba.org/show_bug.cgi?id=15342
     Spotlight sometimes returns no results on latest macOS
   o https://bugzilla.samba.org/show_bug.cgi?id=15346
     2-3min delays at reconnect with smb2_validate_sequence_number:
     bad message_id 2
   o https://bugzilla.samba.org/show_bug.cgi?id=15384
     net ads lookup (with unspecified realm) fails
   o https://bugzilla.samba.org/show_bug.cgi?id=15401
     Improve GetNChanges to address some (but not all "Azure AD Connect")
     syncronisation tool looping during the initial user sync phase
   o https://bugzilla.samba.org/show_bug.cgi?id=15407
     Samba replication logs show (null) DN
   o https://bugzilla.samba.org/show_bug.cgi?id=15417
     Renaming results in NT_STATUS_SHARING_VIOLATION
     if previously attempted to remove the destination
   o https://bugzilla.samba.org/show_bug.cgi?id=15419
     Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink()
   o https://bugzilla.samba.org/show_bug.cgi?id=15420
     reply_sesssetup_and_X() can dereference uninitialized tmp pointer
   o https://bugzilla.samba.org/show_bug.cgi?id=15427
     Spotlight results return wrong date in result list
   o https://bugzilla.samba.org/show_bug.cgi?id=15430
     Missing return in reply_exit_done()
   o https://bugzilla.samba.org/show_bug.cgi?id=15432
     TREE_CONNECT without SETUP causes smbd to use uninitialized pointer
   o https://bugzilla.samba.org/show_bug.cgi?id=15435
     Regression DFS not working with widelinks = true
   o https://bugzilla.samba.org/show_bug.cgi?id=15441
     samba-tool ntacl get segfault if aio_pthread appended
   o https://bugzilla.samba.org/show_bug.cgi?id=15446
     DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed
   o https://bugzilla.samba.org/show_bug.cgi?id=15449
     mdssvc: Do an early talloc_free() in _mdssvc_open()
   o https://bugzilla.samba.org/show_bug.cgi?id=15451
     ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1
   o https://bugzilla.samba.org/show_bug.cgi?id=15453
     File doesn't show when user doesn't have permission
     if aio_pthread is loaded
   o https://bugzilla.samba.org/show_bug.cgi?id=15463
     macOS mdfind returns only 50 results
  * d/control: indicate the git branch in Vcs-Git URL (-b bookworm)
  * d/control: fix description of samba-common-bin (samba-client)
  * d/salsa-ci.yml: set RELEASE to bookworm

 -- Michael Tokarev <email address hidden>  Tue, 12 Sep 2023 15:55:41 +0300
  • samba (2:4.17.9+dfsg-0+deb12u3) bookworm; urgency=medium

  * +fix-unsupported-netr_LogonGetCapabilities-l2.patch
    Fix windows logon/trust issues with 2023-07 windows updates:
    https://bugzilla.samba.org/show_bug.cgi?id=15418

 -- Michael Tokarev <email address hidden>  Fri, 14 Jul 2023 12:34:30 +0300
  • samba (2:4.17.8+dfsg-2) unstable; urgency=medium

  * dnsserver-rename-dns_name_equal.patch
    (forgotten) patch from upstream targetting next stable
    Fixes crashes of named with samba DLZ plugin due to
    symbol name conflict (dns_name_equal() function).
    There's no resulting code changes, just a symbol
    rename.
    https://bugzilla.samba.org/show_bug.cgi?id=14030
    Closes: #1036587, #927747

 -- Michael Tokarev <email address hidden>  Wed, 24 May 2023 22:54:43 +0300