Activity log for bug #2014052

Date Who What changed Old value New value Message
2023-03-31 18:05:49 Marc Deslauriers bug added bug
2023-03-31 18:05:58 Marc Deslauriers nominated for series Ubuntu Lunar
2023-03-31 18:05:58 Marc Deslauriers bug task added samba (Ubuntu Lunar)
2023-03-31 18:05:58 Marc Deslauriers nominated for series Ubuntu Jammy
2023-03-31 18:05:58 Marc Deslauriers bug task added samba (Ubuntu Jammy)
2023-03-31 18:05:58 Marc Deslauriers nominated for series Ubuntu Focal
2023-03-31 18:05:58 Marc Deslauriers bug task added samba (Ubuntu Focal)
2023-03-31 18:05:58 Marc Deslauriers nominated for series Ubuntu Kinetic
2023-03-31 18:05:58 Marc Deslauriers bug task added samba (Ubuntu Kinetic)
2023-03-31 18:06:05 Marc Deslauriers samba (Ubuntu Focal): status New In Progress
2023-03-31 18:06:08 Marc Deslauriers samba (Ubuntu Focal): assignee Marc Deslauriers (mdeslaur)
2023-03-31 18:06:10 Marc Deslauriers samba (Ubuntu Jammy): status New In Progress
2023-03-31 18:06:12 Marc Deslauriers samba (Ubuntu Jammy): assignee Marc Deslauriers (mdeslaur)
2023-03-31 18:06:15 Marc Deslauriers samba (Ubuntu Kinetic): status New In Progress
2023-03-31 18:06:19 Marc Deslauriers samba (Ubuntu Kinetic): assignee Marc Deslauriers (mdeslaur)
2023-03-31 18:19:29 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
2023-03-31 18:27:03 Andreas Hasenack merge proposal linked https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/440180
2023-03-31 18:34:05 Andreas Hasenack attachment added 4.17.5_2ubuntu3-4.17.7-1ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2014052/+attachment/5659632/+files/4.17.5_2ubuntu3-4.17.7-1ubuntu1.debdiff
2023-03-31 18:38:17 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER# LDB_2.5.0@LDB_2.5.0 2:2.5.0 LDB_2.6.0@LDB_2.6.0 2:2.6.0 LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2 ldb_check_critical_controls@LDB_0.9.22 0.9.22 ldb_controls_except_specified@LDB_0.9.22 0.9.22 ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_extended@LDB_0.9.10 0.9.21 ldb_extended_default_callback@LDB_0.9.10 0.9.21 ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2 ldb_filter_from_tree@LDB_0.9.10 0.9.21 ldb_get_config_basedn@LDB_0.9.10 0.9.21 ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_match_msg@LDB_0.9.10 0.9.21 ldb_match_msg_error@LDB_0.9.15 0.9.21 ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2 ldb_mod_register_control@LDB_0.9.10 0.9.21 ldb_modify@LDB_0.9.10 0.9.21 ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_modules_list_from_string@LDB_0.9.10 0.9.21 ldb_modules_load@LDB_0.9.18 0.9.21 ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2 ldb_msg_add_empty@LDB_0.9.10 0.9.21 ldb_msg_add_fmt@LDB_0.9.10 0.9.21 ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_msg_element_compare@LDB_0.9.10 0.9.21 ldb_msg_element_compare_name@LDB_0.9.10 0.9.21 ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2 ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21 ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21 ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_msg_normalize@LDB_0.9.15 0.9.21 ldb_msg_remove_attr@LDB_0.9.10 0.9.21 ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2 ldb_msg_rename_attr@LDB_0.9.10 0.9.21 ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2 ldb_msg_sort_elements@LDB_0.9.10 0.9.21 ldb_next_del_trans@LDB_0.9.10 0.9.21 ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_parse_tree@LDB_0.9.10 0.9.21 ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21 ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2 ldb_parse_tree_walk@LDB_1.1.2 1.1.2~ ldb_qsort@LDB_0.9.10 0.9.21 ldb_register_backend@LDB_0.9.10 0.9.21 ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20 ldb_register_hook@LDB_0.9.18 0.9.21 ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2 ldb_rename@LDB_0.9.10 0.9.21 ldb_reply_add_control@LDB_0.9.10 0.9.21 ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@ PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0 PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0 PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2 pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7 pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7 pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 18:46:30 Andreas Hasenack samba (Ubuntu Lunar): status New In Progress
2023-03-31 18:46:33 Andreas Hasenack samba (Ubuntu Lunar): assignee Andreas Hasenack (ahasenack)
2023-03-31 18:46:35 Andreas Hasenack samba (Ubuntu Lunar): importance Undecided High
2023-03-31 19:03:35 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER# LDB_2.5.0@LDB_2.5.0 2:2.5.0 LDB_2.6.0@LDB_2.6.0 2:2.6.0 LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2 ldb_check_critical_controls@LDB_0.9.22 0.9.22 ldb_controls_except_specified@LDB_0.9.22 0.9.22 ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_extended@LDB_0.9.10 0.9.21 ldb_extended_default_callback@LDB_0.9.10 0.9.21 ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2 ldb_filter_from_tree@LDB_0.9.10 0.9.21 ldb_get_config_basedn@LDB_0.9.10 0.9.21 ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_match_msg@LDB_0.9.10 0.9.21 ldb_match_msg_error@LDB_0.9.15 0.9.21 ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2 ldb_mod_register_control@LDB_0.9.10 0.9.21 ldb_modify@LDB_0.9.10 0.9.21 ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_modules_list_from_string@LDB_0.9.10 0.9.21 ldb_modules_load@LDB_0.9.18 0.9.21 ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2 ldb_msg_add_empty@LDB_0.9.10 0.9.21 ldb_msg_add_fmt@LDB_0.9.10 0.9.21 ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_msg_element_compare@LDB_0.9.10 0.9.21 ldb_msg_element_compare_name@LDB_0.9.10 0.9.21 ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2 ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21 ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21 ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_msg_normalize@LDB_0.9.15 0.9.21 ldb_msg_remove_attr@LDB_0.9.10 0.9.21 ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2 ldb_msg_rename_attr@LDB_0.9.10 0.9.21 ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2 ldb_msg_sort_elements@LDB_0.9.10 0.9.21 ldb_next_del_trans@LDB_0.9.10 0.9.21 ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER# ldb_parse_tree@LDB_0.9.10 0.9.21 ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21 ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2 ldb_parse_tree_walk@LDB_1.1.2 1.1.2~ ldb_qsort@LDB_0.9.10 0.9.21 ldb_register_backend@LDB_0.9.10 0.9.21 ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20 ldb_register_hook@LDB_0.9.18 0.9.21 ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2 ldb_rename@LDB_0.9.10 0.9.21 ldb_reply_add_control@LDB_0.9.10 0.9.21 ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@ PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0 PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0 PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2 pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7 pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7 pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:04:32 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:10:47 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ DIFF: debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:12:08 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ DIFF: debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ DEP8 results with above PPA: $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources: SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️ http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain) samba @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz 31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz 31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz 31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz 31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz 31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz 31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz 31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz 31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz 31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz 31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) DIFF: debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:12:50 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ DEP8 results with above PPA: $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources: SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️ http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain) samba @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz 31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz 31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz 31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz 31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz 31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz 31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz 31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz 31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 samba @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz 31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 sssd @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz 31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) DIFF: debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) ## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## DEP8 results with above PPA: $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources:   SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)   samba @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz     31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz     31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz     31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz     31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz     31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz     31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz     31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz     31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz     31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz     31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) ## DIFF debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:14:53 Andreas Hasenack bug added subscriber Ubuntu Release Team
2023-03-31 19:15:00 Andreas Hasenack summary Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases
2023-03-31 19:15:21 Andreas Hasenack summary FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases [Lunar FFE]: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases
2023-03-31 19:19:18 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) ## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## DEP8 results with above PPA: $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources:   SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)   samba @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz     31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz     31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz     31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz     31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz     31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz     31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz     31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz     31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz     31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz     31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) ## DIFF debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) ## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## DEP8 results with above PPA Recent updates to the samba package in lunar added more DEP8 test coverage, namely: - Active Directory Domain Controller provisioning - server join tests using a lxd container. These are done using adcli/sssd, and winbind $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources:   SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)   samba @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz     31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz     31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz     31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz     31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz     31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz     31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz     31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz     31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz     31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz     31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) ## DIFF debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-03-31 19:21:19 Andreas Hasenack description Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) ## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## DEP8 results with above PPA Recent updates to the samba package in lunar added more DEP8 test coverage, namely: - Active Directory Domain Controller provisioning - server join tests using a lxd container. These are done using adcli/sssd, and winbind $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources:   SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)   samba @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz     31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz     31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz     31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz     31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz     31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz     31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz     31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz     31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz     31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz     31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) ## DIFF debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614. We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5. Release notes are here: https://www.samba.org/samba/history/samba-4.17.6.html https://www.samba.org/samba/history/samba-4.17.7.html CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276 CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315 CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch) ## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ ## DEP8 results with above PPA Recent updates to the samba package in lunar added more DEP8 test coverage, namely: - Active Directory Domain Controller provisioning - server join tests using a lxd container. These are done using adcli/sssd, and winbind What's definitely lacking in these tests is interoperability with actual Windows machines. $ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge ---- ---- ---- ---- Release: lunar Sources:   SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published Triggers on published Sources: Using Release Packages ♻️   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1   http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1 (...) Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)   samba @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz     31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ amd64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz     31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz     31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ arm64:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz     31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz     31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ armhf:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz     31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz     31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ ppc64el:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz     31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   samba @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz     31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1   sssd @ s390x:     http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz     31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1 Running: (none) Waiting: (none) ## DIFF debdiff attached, or: git ubuntu clone samba cd samba git ubuntu remote add ahasenack git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge ## REMARKS DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green. THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB. The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe. $ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols index 45054de99c4..f042df4c639 100644 --- a/debian/libldb2.symbols +++ b/debian/libldb2.symbols @@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#   LDB_2.5.0@LDB_2.5.0 2:2.5.0   LDB_2.6.0@LDB_2.6.0 2:2.6.0   LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.6.2@LDB_2.6.2 2:2.6.2   ldb_check_critical_controls@LDB_0.9.22 0.9.22   ldb_controls_except_specified@LDB_0.9.22 0.9.22   ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 @@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_extended@LDB_0.9.10 0.9.21   ldb_extended_default_callback@LDB_0.9.10 0.9.21   ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2   ldb_filter_from_tree@LDB_0.9.10 0.9.21   ldb_get_config_basedn@LDB_0.9.10 0.9.21   ldb_get_create_perms@LDB_0.9.10 0.9.21 @@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_match_msg@LDB_0.9.10 0.9.21   ldb_match_msg_error@LDB_0.9.15 0.9.21   ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.6.2 2:2.6.2   ldb_mod_register_control@LDB_0.9.10 0.9.21   ldb_modify@LDB_0.9.10 0.9.21   ldb_modify_default_callback@LDB_0.9.12 0.9.21 @@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_modules_list_from_string@LDB_0.9.10 0.9.21   ldb_modules_load@LDB_0.9.18 0.9.21   ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2   ldb_msg_add_empty@LDB_0.9.10 0.9.21   ldb_msg_add_fmt@LDB_0.9.10 0.9.21   ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 @@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_element_compare@LDB_0.9.10 0.9.21   ldb_msg_element_compare_name@LDB_0.9.10 0.9.21   ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2 + ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2   ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21   ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 @@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_msg_normalize@LDB_0.9.15 0.9.21   ldb_msg_remove_attr@LDB_0.9.10 0.9.21   ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2   ldb_msg_rename_attr@LDB_0.9.10 0.9.21   ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2   ldb_msg_sort_elements@LDB_0.9.10 0.9.21   ldb_next_del_trans@LDB_0.9.10 0.9.21   ldb_next_end_trans@LDB_0.9.10 0.9.21 @@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#   ldb_parse_tree@LDB_0.9.10 0.9.21   ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21   ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2   ldb_parse_tree_walk@LDB_1.1.2 1.1.2~   ldb_qsort@LDB_0.9.10 0.9.21   ldb_register_backend@LDB_0.9.10 0.9.21   ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20   ldb_register_hook@LDB_0.9.18 0.9.21   ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.6.2 2:2.6.2   ldb_rename@LDB_0.9.10 0.9.21   ldb_reply_add_control@LDB_0.9.10 0.9.21   ldb_reply_get_control@LDB_0.9.10 0.9.21 diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in index df81fbd55f3..da17a512468 100755 --- a/debian/python3-ldb.symbols.in +++ b/debian/python3-ldb.symbols.in @@ -61,6 +61,7 @@   PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0   PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0   PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2   pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7   pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0
2023-04-03 13:18:10 Graham Inggs samba (Ubuntu Lunar): status In Progress Triaged
2023-04-05 20:12:15 Launchpad Janitor samba (Ubuntu Lunar): status Triaged Fix Released