From: Michael Tremer <michael.tremer@ipfire.org>
To: Adolf Belka <adolf.belka@ipfire.org>
Cc: development@lists.ipfire.org
Subject: Re: [PATCH] samba: Update to version 4.22.0
Date: Fri, 21 Mar 2025 11:11:14 +0000 [thread overview]
Message-ID: <709AAFF3-3FB6-42BD-BDE3-E736DB255F5A@ipfire.org> (raw)
In-Reply-To: <20250321102456.5735-1-adolf.belka@ipfire.org>
Thank you.
There have been some issues with the riscv64 root file which I fixed here:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=2c6dbe05755d81aa0a56969df825915c9df8c739
-Michael
> On 21 Mar 2025, at 10:24, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
> - Update from version 4.21.4
> - Update of rootfile for all three architectures
> - Changelog
> 4.22.0
> NEW FEATURES/CHANGES
> SMB3 Directory Leases
> Starting with Samba 4.22 SMB3 Directory Leases are supported. The new
> global option "smb3 directory leases" controls whether the feature is
> enabled or not. By default, SMB3 Directory Leases are enabled on
> non-clustered Samba and disabled on clustered Samba, based on the
> "clustering" option. See man smb.conf for more details.
> SMB3 Directory Leases allow clients to cache directory listings and,
> depending on the workload, result in a decent reduction in SMB
> requests from clients.
> Netlogon Ping over LDAP and LDAPS
> Samba must query domain controller information via simple queries on
> the AD rootdse's netlogon attribute. Typically this is done via
> connectionless LDAP, using UDP on port 389. The same information is
> also available via classic LDAP rootdse queries over TCP. Samba can
> now be configured to use TCP via the new "client netlogon ping
> protocol" parameter to enable running in environments where firewalls
> completely block port 389 or UDP traffic to domain controllers.
> Experimental Himmelblaud Authentication in Samba
> Samba now includes experimental support for Azure Entra ID
> authentication via `himmelblaud`, located in the `rust/` directory.
> This implementation provides basic authentication and is configured
> through `smb.conf`, utilizing options such as `realm`,
> `winbindd_socket_directory`, and `template_homedir`. New global
> parameters include `himmelblaud_sfa_fallback`,
> `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`.
> To enable, configure Samba with `--enable-rust --with-himmelblau`.
> AD DC schema upgrade and provision performance improvements
> By increasing the LDB index cache size for certain offline operations
> that are likely to require large transactions, these are now several
> times faster.
> REMOVED FEATURES
> The "nmbd proxy logon" feature was removed. This was used before
> Samba4 acquired a NBT server.
> The parameter "cldap port" has been removed. CLDAP runs over UDP port
> 389, we don't see a reason why this should ever be changed to a
> different port. Moreover, we had several places in the code where
> Samba did not respect this parameter, so the behaviour was at least
> inconsistent.
> fruit:posix_rename
> This option of the vfs_fruit VFS module that could be used to enable
> POSIX directory rename behaviour for OS X clients has been removed
> as it could result in severe problems for Windows clients.
> As a possible workaround it is possible to prevent creation of
> .DS_Store files (a Finder thingy to store directory view settings)
> on network mounts by running
> $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
> on the Mac.
> smb.conf changes
> Parameter Name Description Default
> -------------- ----------- -------
> smb3 directory leases New Auto
> vfs mkdir use tmp name New Auto
> client netlogon ping protocol New cldap
> himmelblaud hello enabled New no
> himmelblaud hsm pin path New default hsm pin path
> himmelblaud sfa fallback New no
> client use krb5 netlogon Experimental no
> reject aes netlogon servers Experimental no
> server reject aes schannel Experimental no
> server support krb5 netlogon Experimental no
> fruit:posix_rename Removed
> cldap port Removed
> CHANGES SINCE 4.22.0rc4
> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
> * BUG 15797: Unable to connect to CephFS subvolume shares with
> vfs_shadow_copy2.
> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
> * BUG 15820: Incorrect FSF address in ctdb pcp scripts.
> * BUG 15804: "samba-tool domain backup offline" hangs.
> CHANGES SINCE 4.22.0rc3
> * BUG 15815: client use krb5 netlogon is experimental and should not be used
> in production.
> CHANGES SINCE 4.22.0rc2
> * BUG 15738: Creation of GPOs applicable to more than one group is impossible
> with Samba 4.20.0 and later.
> * BUG 15806: samba-tool acl commands broken for relative path names
> * BUG 15807: pysmbd seg faults when file is not found.
> * BUG 15796: Spotlight search results don't show file size and creation date.
> * BUG 15759: net ads create/join/winbind producing unix dysfunctional
> keytabs.
> * BUG 15806: samba-tool acl commands broken for relative path names.
> * BUG 15807: pysmbd seg faults when file is not found.
> * BUG 15680: Trust domains are not created.
> * BUG 15680: Trust domains are not created.
> * BUG 15703: General improvements for vfs_ceph_new module.
> CHANGES SINCE 4.22.0rc1
> * BUG 15798: libnet4: seg fault after dc lookup failure
>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/packages/aarch64/samba | 7 +++++--
> config/rootfiles/packages/riscv64/samba | 15 ++++++++++-----
> config/rootfiles/packages/x86_64/samba | 7 +++++--
> lfs/samba | 6 +++---
> 4 files changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
> index 7d261bc58..045459b57 100644
> --- a/config/rootfiles/packages/aarch64/samba
> +++ b/config/rootfiles/packages/aarch64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> +usr/lib/libndr.so.6
> +usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> +usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
> index bf7d3f069..563cef020 100644
> --- a/config/rootfiles/packages/riscv64/samba
> +++ b/config/rootfiles/packages/riscv64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> ++usr/lib/libndr.so.6
> ++usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> ++usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> ++usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> @@ -1025,6 +1028,8 @@ var/lib/samba/private
> var/lib/samba/winbindd_privileged
> var/log/samba
> var/spool/samba
> -srv/web/ipfire/cgi-bin/samba.cgi
> -var/ipfire/menu.d/EX-samba.menu
> -usr/local/bin/sambactrl
> +-usr/lib/libndr.so.5
> +-usr/lib/libndr.so.5.0.0
> +-srv/web/ipfire/cgi-bin/samba.cgi
> +-var/ipfire/menu.d/EX-samba.menu
> +-usr/local/bin/sambactrl
> diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
> index 988370a16..c545835eb 100644
> --- a/config/rootfiles/packages/x86_64/samba
> +++ b/config/rootfiles/packages/x86_64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> +usr/lib/libndr.so.6
> +usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> +usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> diff --git a/lfs/samba b/lfs/samba
> index e9529a176..5101244b3 100644
> --- a/lfs/samba
> +++ b/lfs/samba
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 4.21.4
> +VER = 4.22.0
> SUMMARY = A SMB/CIFS File, Print, and Authentication Server
>
> THISAPP = samba-$(VER)
> @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = samba
> -PAK_VER = 111
> +PAK_VER = 112
>
> DEPS = avahi libtalloc perl-Parse-Yapp wsdd
>
> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb
> +$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585
>
> install : $(TARGET)
>
> --
> 2.49.0
>
>
next prev parent reply other threads:[~2025-03-21 11:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-21 10:24 Adolf Belka
2025-03-21 11:11 ` Michael Tremer [this message]
2025-03-21 12:27 ` Adolf Belka
2025-03-21 12:34 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=709AAFF3-3FB6-42BD-BDE3-E736DB255F5A@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox