[Lunar FFE]: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack | ||
Focal |
In Progress
|
Undecided
|
Marc Deslauriers | ||
Jammy |
In Progress
|
Undecided
|
Marc Deslauriers | ||
Kinetic |
In Progress
|
Undecided
|
Marc Deslauriers | ||
Lunar |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
Samba has released updates on 2023-03-29 that fix CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
We should update Lunar to 4.17.7 as it only contains bug fixes since 4.17.5.
Release notes are here:
https:/
https:/
CVE-2023-0225: https:/
CVE-2023-0922: https:/
CVE-2023-0614: https:/
## PPA with a lunar update: https:/
## DEP8 results with above PPA
Recent updates to the samba package in lunar added more DEP8 test coverage, namely:
- Active Directory Domain Controller provisioning
- server join tests using a lxd container. These are done using adcli/sssd, and winbind
What's definitely lacking in these tests is interoperability with actual Windows machines.
$ lp-test-ppa -l -r lunar ppa:ahasenack/
Tests for PPA lunar-samba-
---- ---- ---- ----
Release: lunar
Sources:
SRC: samba @ 2:4.17.
Triggers on published Sources:
Using Release Packages ♻️
http://
http://
http://
http://
http://
http://
(...)
Results: (from http://
samba @ amd64:
http://
31.03.23 17:45:45 ✅ Triggers: samba/2:
sssd @ amd64:
http://
31.03.23 16:55:34 ✅ Triggers: samba/2:
samba @ arm64:
http://
31.03.23 18:22:12 ✅ Triggers: samba/2:
sssd @ arm64:
http://
31.03.23 17:05:44 ✅ Triggers: samba/2:
samba @ armhf:
http://
31.03.23 16:53:10 ✅ Triggers: samba/2:
sssd @ armhf:
http://
31.03.23 16:57:59 ✅ Triggers: samba/2:
samba @ ppc64el:
http://
31.03.23 19:03:45 ✅ Triggers: samba/2:
sssd @ ppc64el:
http://
31.03.23 18:26:00 ✅ Triggers: samba/2:
samba @ s390x:
http://
31.03.23 18:12:55 ✅ Triggers: samba/2:
sssd @ s390x:
http://
31.03.23 17:54:03 ✅ Triggers: samba/2:
Running: (none)
Waiting: (none)
## DIFF
debdiff attached, or:
git ubuntu clone samba
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/
## REMARKS
DEP8 tests of samba and sssd (the latter, without a rebuild: it's sssd from the lunar archive) are green.
THERE ARE symbols additions to libldb2, which is getting bumped. In fact, the CVEs fixed in 4.17.7 are all about LDB.
The only non-samba reverse-dep of libldb2 is sssd. If this is accepted, maybe we should rebuild it just to be safe.
$ git diff pkg/import/
diff --git a/debian/
index 45054de99c4.
--- a/debian/
+++ b/debian/
@@ -78,6 +78,7 @@ libldb.so.2 #PACKAGE# #MINVER#
LDB_2.
LDB_2.
LDB_2.
+ LDB_2.6.2@LDB_2.6.2 2:2.6.2
ldb_check_
ldb_controls_
ldb_control_
@@ -167,6 +168,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_extended@
ldb_extended_
ldb_filter_
+ ldb_filter_
ldb_filter_
ldb_get_
ldb_get_
@@ -206,6 +208,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_match_
ldb_match_
ldb_match_
+ ldb_match_
ldb_mod_
ldb_modify@
ldb_modify_
@@ -230,6 +233,7 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_modules_
ldb_modules_
ldb_msg_
+ ldb_msg_
ldb_msg_
ldb_msg_
ldb_msg_
@@ -255,6 +259,9 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_
ldb_msg_
ldb_msg_
+ ldb_msg_
+ ldb_msg_
+ ldb_msg_
ldb_msg_
ldb_msg_
ldb_msg_
@@ -272,8 +279,10 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_msg_
ldb_msg_
ldb_msg_
+ ldb_msg_
ldb_msg_
ldb_msg_
+ ldb_msg_
ldb_msg_
ldb_next_
ldb_next_
@@ -294,12 +303,14 @@ libldb.so.2 #PACKAGE# #MINVER#
ldb_parse_
ldb_parse_
ldb_parse_
+ ldb_parse_
ldb_parse_
ldb_qsort@
ldb_register_
ldb_register_
ldb_register_
ldb_register_
+ ldb_register_
ldb_rename@
ldb_reply_
ldb_reply_
diff --git a/debian/
index df81fbd55f3.
--- a/debian/
+++ b/debian/
@@ -61,6 +61,7 @@
PYLDB_
PYLDB_
PYLDB_
+ PYLDB_UTIL_
pyldb_
pyldb_
pyldb_
Related branches
- git-ubuntu bot: Approve
- Robie Basak: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 3348 lines (+2994/-5)5 files modifieddebian/changelog (+2476/-0)
debian/control (+6/-5)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+110/-0)
Changed in samba (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in samba (Ubuntu Jammy): | |
status: | New → In Progress |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in samba (Ubuntu Kinetic): | |
status: | New → In Progress |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
description: | updated |
Changed in samba (Ubuntu Lunar): | |
status: | New → In Progress |
assignee: | nobody → Andreas Hasenack (ahasenack) |
importance: | Undecided → High |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
summary: |
- Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases + FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
summary: |
- FFE: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases + [Lunar FFE]: Samba 4.18.1, 4.17.7 and 4.16.10 Security Releases |
description: | updated |
description: | updated |
debdiff
You can also see it in git, with something like:
git ubuntu clone samba 2%4.17. 5+dfsg- 2ubuntu3 ahasenack/ lunar-samba- 4177-merge
cd samba
git ubuntu remote add ahasenack
git diff pkg/import/
or your preferred workflow/cmdline options.