From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bn8wC08xJz346b for ; Wed, 23 Jul 2025 10:08:11 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bn8w73HQCz2xQW for ; Wed, 23 Jul 2025 10:08:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bn8w55cRzz4pH; Wed, 23 Jul 2025 10:08:05 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1753265286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W5wPGO+TkqNB3HzwwiKwirtApWJVNQ2vkp6auVQncS8=; b=p509gW4q9RVjPPkpckE3WE9Htkqf31t6tZWJIfVUf6SPJCQwZiJDqbI8XA0YQK4Sgf9dwu hnqvst7O/5wG7KCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1753265286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W5wPGO+TkqNB3HzwwiKwirtApWJVNQ2vkp6auVQncS8=; b=LP6WNOpZCtcvFzg4ADSFQtWJ/sMmqNVjs+zBxfLol5kZzD6zxDIm/oiMmWLkWVPbHmxMcj WEj6NOXINBgHX3n9PML0ZnVKJmBR3gQWjoPqy7sWwDYOaqQ9DYSylrQdeHeBzRWo9PndX0 TtEx4fsJFXANRr1u/YsFPCzOAZ8GLcdfrd2dLoAwD7kV6PWDO5egwkhjyKF8IRfR9HkJVp vA7nc7KkfurLItSqXOshDBNpOESxfJUQ13QrAeKOLWM4j9zdTH1nG1A6rWmH1fg6JY9Pc9 RnkHwJ8/oXwvlXfReouqPnqAh/H5C8T0BjXf3ja4xFPdrQEDISStbleRR1C0Zg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] samba: Update to version 4.22.3 Date: Wed, 23 Jul 2025 12:08:03 +0200 Message-ID: <20250723100803.7854-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update from version 4.22.2 to 4.22.3 - Update of rootfiles for all architectures - Changelog 4.22.3 Important Change in Upcoming Microsoft Update On 8th of July, Microsoft will release an important security update for Active Directory Domain Controllers for Windows Server versions prior to 2025. This update includes a change to the Microsoft RPC Netlogon protocol, which improves security by tightening access checks for a set of RPC requests. Samba running as domain members in these environments will be impacted by this change if a specific configuration is used, see below for which configuration is affected. Windows Server version 2025 is already equipped with these specific security hardenings, and Microsoft is now planning to deploy them to all supported Windows Server versions down to Windows Server 2008. Who is affected? Samba installations acting as member servers in Windows AD domains will be affected if they are configured to use the 'ad' idmapping backend. Samba servers not using this configuration will not be affected by the change – at least to our current knowledge and understanding of the change – and no further action is required. Current versions of Samba with the affected configuration will no longer function correctly once the Microsoft update has been applied. Users will not be able to connect to the SMB service provided by Samba for any domain configured to use the 'ad' idmapping backend. See https://bugzilla.samba.org/show_bug.cgi?id=15876. * BUG 15854: samba-tool cannot add user to group whose name is exactly 16 characters long. * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName. * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName. * BUG 15869: Startup messages of rpc deamons fills /var/log/messages. Signed-off-by: Adolf Belka --- config/rootfiles/packages/aarch64/samba | 1 - config/rootfiles/packages/riscv64/samba | 1 - config/rootfiles/packages/x86_64/samba | 1 - lfs/samba | 6 +++--- 4 files changed, 3 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba index 045459b57..60fe69020 100644 --- a/config/rootfiles/packages/aarch64/samba +++ b/config/rootfiles/packages/aarch64/samba @@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so -usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba index e6ec03deb..ea29891d1 100644 --- a/config/rootfiles/packages/riscv64/samba +++ b/config/rootfiles/packages/riscv64/samba @@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so -usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index c545835eb..d712b325d 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -933,7 +933,6 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so usr/lib/samba/libsocket-blocking-private-samba.so usr/lib/samba/libstable-sort-private-samba.so usr/lib/samba/libsys-rw-private-samba.so -usr/lib/samba/libtalloc-private-samba.so usr/lib/samba/libtalloc-report-printf-private-samba.so usr/lib/samba/libtalloc-report-private-samba.so usr/lib/samba/libtdb-private-samba.so diff --git a/lfs/samba b/lfs/samba index 42ce431bf..afea3f979 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.22.2 +VER = 4.22.3 SUMMARY = A SMB/CIFS File, Print, and Authentication Server THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 113 +PAK_VER = 114 DEPS = avahi libtalloc perl-Parse-Yapp wsdd @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 33c173a855f2a573e93891345727a48d13ac042d35fc2d568472a52dcd06b365d986a947271d21fa6dfb73588068958daab0751b95b54fdf7b15421fdbdfc78c +$(DL_FILE)_BLAKE2 = 9ad02f617df307d6a7e0f88d030a4e3884d221ad2862f42af0cf8fb7cc595578fea9ce210b4bad2521634bd3b9752a58a077905f82ce5e9ef4eb8331a8044efc install : $(TARGET) -- 2.50.1