2023-03-31 18:05:49 |
Marc Deslauriers |
bug |
|
|
added bug |
2023-03-31 18:05:58 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Lunar |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
bug task added |
|
samba (Ubuntu Lunar) |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Jammy |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
bug task added |
|
samba (Ubuntu Jammy) |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Focal |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
bug task added |
|
samba (Ubuntu Focal) |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Kinetic |
|
2023-03-31 18:05:58 |
Marc Deslauriers |
bug task added |
|
samba (Ubuntu Kinetic) |
|
2023-03-31 18:06:05 |
Marc Deslauriers |
samba (Ubuntu Focal): status |
New |
In Progress |
|
2023-03-31 18:06:08 |
Marc Deslauriers |
samba (Ubuntu Focal): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2023-03-31 18:06:10 |
Marc Deslauriers |
samba (Ubuntu Jammy): status |
New |
In Progress |
|
2023-03-31 18:06:12 |
Marc Deslauriers |
samba (Ubuntu Jammy): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2023-03-31 18:06:15 |
Marc Deslauriers |
samba (Ubuntu Kinetic): status |
New |
In Progress |
|
2023-03-31 18:06:19 |
Marc Deslauriers |
samba (Ubuntu Kinetic): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2023-03-31 18:19:29 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ |
|
2023-03-31 18:27:03 |
Andreas Hasenack |
merge proposal linked |
|
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/440180 |
|
2023-03-31 18:34:05 |
Andreas Hasenack |
attachment added |
|
4.17.5_2ubuntu3-4.17.7-1ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2014052/+attachment/5659632/+files/4.17.5_2ubuntu3-4.17.7-1ubuntu1.debdiff |
|
2023-03-31 18:38:17 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/ |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 18:46:30 |
Andreas Hasenack |
samba (Ubuntu Lunar): status |
New |
In Progress |
|
2023-03-31 18:46:33 |
Andreas Hasenack |
samba (Ubuntu Lunar): assignee |
|
Andreas Hasenack (ahasenack) |
|
2023-03-31 18:46:35 |
Andreas Hasenack |
samba (Ubuntu Lunar): importance |
Undecided |
High |
|
2023-03-31 19:03:35 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:04:32 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:10:47 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
DIFF:
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:12:08 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
DIFF:
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
DEP8 results with above PPA:
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
DIFF:
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:12:50 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
DEP8 results with above PPA:
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
DIFF:
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## DEP8 results with above PPA:
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:14:53 |
Andreas Hasenack |
bug |
|
|
added subscriber Ubuntu Release Team |
2023-03-31 19:15:00 |
Andreas Hasenack |
summary |
Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
|
2023-03-31 19:15:21 |
Andreas Hasenack |
summary |
FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
[Lunar FFE]: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
|
2023-03-31 19:19:18 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## DEP8 results with above PPA:
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## DEP8 results with above PPA
Recent updates to the samba package in lunar added more DEP8 test coverage, namely:
- Active Directory Domain Controller provisioning
- server join tests using a lxd container. These are done using adcli/sssd, and winbind
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-03-31 19:21:19 |
Andreas Hasenack |
description |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## DEP8 results with above PPA
Recent updates to the samba package in lunar added more DEP8 test coverage, namely:
- Active Directory Domain Controller provisioning
- server join tests using a lxd container. These are done using adcli/sssd, and winbind
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https://www.samba.org/samba/history/samba-4.17.6.html
https://www.samba.org/samba/history/samba-4.17.7.html
CVE-2023-0225: https://bugzilla.samba.org/show_bug.cgi?id=15276
CVE-2023-0922: https://bugzilla.samba.org/show_bug.cgi?id=15315
CVE-2023-0614: https://bugzilla.samba.org/show_bug.cgi?id=15270 (276kb patch)
## PPA with a lunar update: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge/
## DEP8 results with above PPA
Recent updates to the samba package in lunar added more DEP8 test coverage, namely:
- Active Directory Domain Controller provisioning
- server join tests using a lxd container. These are done using adcli/sssd, and winbind
What's definitely lacking in these tests is interoperability with actual Windows machines.
$ lp-test-ppa -l -r lunar ppa:ahasenack/lunar-samba-4177-merge -u
Tests for PPA lunar-samba-4177-merge: https://launchpad.net/~ahasenack/+archive/ubuntu/lunar-samba-4177-merge
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.7+dfsg-1ubuntu1~ppa1 - Published
Triggers on published Sources:
Using Release Packages ♻️
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=amd64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=s390x&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=ppc64el&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=arm64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=armhf&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
http://autopkgtest.ubuntu.com/request.cgi?release=lunar&package=samba&ppa=ahasenack/lunar-samba-4177-merge&arch=riscv64&trigger=samba/2%3A4.17.7%2Bdfsg-1ubuntu1~ppa1
(...)
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/?format=plain)
samba @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/samba/20230331_174545_44c99@/log.gz
31.03.23 17:45:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ amd64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/amd64/s/sssd/20230331_165534_492f7@/log.gz
31.03.23 16:55:34 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/samba/20230331_182212_a1240@/log.gz
31.03.23 18:22:12 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ arm64:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/arm64/s/sssd/20230331_170544_f64b1@/log.gz
31.03.23 17:05:44 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/samba/20230331_165310_a1240@/log.gz
31.03.23 16:53:10 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ armhf:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/armhf/s/sssd/20230331_165759_62e4f@/log.gz
31.03.23 16:57:59 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/samba/20230331_190345_0edba@/log.gz
31.03.23 19:03:45 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ ppc64el:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/ppc64el/s/sssd/20230331_182600_d9745@/log.gz
31.03.23 18:26:00 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
samba @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/samba/20230331_181255_11351@/log.gz
31.03.23 18:12:55 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
sssd @ s390x:
http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-lunar-samba-4177-merge/lunar/s390x/s/sssd/20230331_175403_929c5@/log.gz
31.03.23 17:54:03 ✅ Triggers: samba/2:4.17.7+dfsg-1ubuntu1~ppa1
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/2%4.17.5+dfsg-2ubuntu3 ahasenack/lunar-samba-4177-merge -- debian/*.symbols*
diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols
index 45054de99c4..f042df4c639 100644
--- a/debian/libldb2.symbols
+++ b/debian/libldb2.symbols
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.5.0@LDB_2.5.0 2:2.5.0
LDB_2.6.0@LDB_2.6.0 2:2.6.0
LDB_2.6.1@LDB_2.6.1 2:2.6.1
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_critical_controls@LDB_0.9.22 0.9.22
ldb_controls_except_specified@LDB_0.9.22 0.9.22
ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@LDB_0.9.10 0.9.21
ldb_extended_default_callback@LDB_0.9.10 0.9.21
ldb_filter_attrs@LDB_2.0.1 2:2.0.1
+ ldb_filter_attrs_in_place@LDB_2.6.2 2:2.6.2
ldb_filter_from_tree@LDB_0.9.10 0.9.21
ldb_get_config_basedn@LDB_0.9.10 0.9.21
ldb_get_create_perms@LDB_0.9.10 0.9.21
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_msg@LDB_0.9.10 0.9.21
ldb_match_msg_error@LDB_0.9.15 0.9.21
ldb_match_msg_objectclass@LDB_0.9.10 0.9.21
+ ldb_match_scope@LDB_2.6.2 2:2.6.2
ldb_mod_register_control@LDB_0.9.10 0.9.21
ldb_modify@LDB_0.9.10 0.9.21
ldb_modify_default_callback@LDB_0.9.12 0.9.21
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_list_from_string@LDB_0.9.10 0.9.21
ldb_modules_load@LDB_0.9.18 0.9.21
ldb_msg_add@LDB_0.9.10 0.9.21
+ ldb_msg_add_distinguished_name@LDB_2.6.2 2:2.6.2
ldb_msg_add_empty@LDB_0.9.10 0.9.21
ldb_msg_add_fmt@LDB_0.9.10 0.9.21
ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_element_compare@LDB_0.9.10 0.9.21
ldb_msg_element_compare_name@LDB_0.9.10 0.9.21
ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6
+ ldb_msg_element_is_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_element_mark_inaccessible@LDB_2.6.2 2:2.6.2
+ ldb_msg_elements_take_ownership@LDB_2.6.2 2:2.6.2
ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21
ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_normalize@LDB_0.9.15 0.9.21
ldb_msg_remove_attr@LDB_0.9.10 0.9.21
ldb_msg_remove_element@LDB_0.9.10 0.9.21
+ ldb_msg_remove_inaccessible@LDB_2.6.2 2:2.6.2
ldb_msg_rename_attr@LDB_0.9.10 0.9.21
ldb_msg_sanity_check@LDB_0.9.10 0.9.21
+ ldb_msg_shrink_to_fit@LDB_2.6.2 2:2.6.2
ldb_msg_sort_elements@LDB_0.9.10 0.9.21
ldb_next_del_trans@LDB_0.9.10 0.9.21
ldb_next_end_trans@LDB_0.9.10 0.9.21
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_tree@LDB_0.9.10 0.9.21
ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21
ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21
+ ldb_parse_tree_get_attr@LDB_2.6.2 2:2.6.2
ldb_parse_tree_walk@LDB_1.1.2 1.1.2~
ldb_qsort@LDB_0.9.10 0.9.21
ldb_register_backend@LDB_0.9.10 0.9.21
ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20
ldb_register_hook@LDB_0.9.18 0.9.21
ldb_register_module@LDB_0.9.10 0.9.21
+ ldb_register_redact_callback@LDB_2.6.2 2:2.6.2
ldb_rename@LDB_0.9.10 0.9.21
ldb_reply_add_control@LDB_0.9.10 0.9.21
ldb_reply_get_control@LDB_0.9.10 0.9.21
diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in
index df81fbd55f3..da17a512468 100755
--- a/debian/python3-ldb.symbols.in
+++ b/debian/python3-ldb.symbols.in
@@ -61,6 +61,7 @@
PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0
PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0
PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1
+ PYLDB_UTIL_2.6.2@PYLDB_UTIL_2.6.2 2:2.6.2
pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7
pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 |
|
2023-04-03 13:18:10 |
Graham Inggs |
samba (Ubuntu Lunar): status |
In Progress |
Triaged |
|
2023-04-05 20:12:15 |
Launchpad Janitor |
samba (Ubuntu Lunar): status |
Triaged |
Fix Released |
|