From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] samba: Update to version 4.22.3
Date: Wed, 23 Jul 2025 12:08:03 +0200 [thread overview]
Message-ID: <20250723100803.7854-1-adolf.belka@ipfire.org> (raw)
- Update from version 4.22.2 to 4.22.3
- Update of rootfiles for all architectures
- Changelog
4.22.3
Important Change in Upcoming Microsoft Update
On 8th of July, Microsoft will release an important security update for
Active Directory Domain Controllers for Windows Server versions prior to
2025.
This update includes a change to the Microsoft RPC Netlogon protocol,
which improves security by tightening access checks for a set of RPC
requests. Samba running as domain members in these environments will be
impacted by this change if a specific configuration is used, see below
for which configuration is affected.
Windows Server version 2025 is already equipped with these specific
security hardenings, and Microsoft is now planning to deploy them to all
supported Windows Server versions down to Windows Server 2008.
Who is affected?
Samba installations acting as member servers in Windows AD domains will
be affected if they are configured to use the 'ad' idmapping backend.
Samba servers not using this configuration will not be affected by the
change – at least to our current knowledge and understanding of the
change – and no further action is required.
Current versions of Samba with the affected configuration will no longer
function correctly once the Microsoft update has been applied. Users
will not be able to connect to the SMB service provided by Samba for any
domain configured to use the 'ad' idmapping backend.
See https://bugzilla.samba.org/show_bug.cgi?id=15876.
* BUG 15854: samba-tool cannot add user to group whose name is exactly 16
characters long.
* BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName.
* BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName.
* BUG 15869: Startup messages of rpc deamons fills /var/log/messages.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/packages/aarch64/samba | 1 -
config/rootfiles/packages/riscv64/samba | 1 -
config/rootfiles/packages/x86_64/samba | 1 -
lfs/samba | 6 +++---
4 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index 045459b57..60fe69020 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
-usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
index e6ec03deb..ea29891d1 100644
--- a/config/rootfiles/packages/riscv64/samba
+++ b/config/rootfiles/packages/riscv64/samba
@@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
-usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index c545835eb..d712b325d 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
-usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
diff --git a/lfs/samba b/lfs/samba
index 42ce431bf..afea3f979 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 4.22.2
+VER = 4.22.3
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 113
+PAK_VER = 114
DEPS = avahi libtalloc perl-Parse-Yapp wsdd
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 33c173a855f2a573e93891345727a48d13ac042d35fc2d568472a52dcd06b365d986a947271d21fa6dfb73588068958daab0751b95b54fdf7b15421fdbdfc78c
+$(DL_FILE)_BLAKE2 = 9ad02f617df307d6a7e0f88d030a4e3884d221ad2862f42af0cf8fb7cc595578fea9ce210b4bad2521634bd3b9752a58a077905f82ce5e9ef4eb8331a8044efc
install : $(TARGET)
--
2.50.1
reply other threads:[~2025-07-23 10:08 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250723100803.7854-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox