From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZK0BH3LWSz332J for ; Fri, 21 Mar 2025 11:11:19 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZK0BC6FBbz32vw for ; Fri, 21 Mar 2025 11:11:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZK0BC1SJFz5m7; Fri, 21 Mar 2025 11:11:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742555475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kcYbGYU0TH4akdRK54cbyjOSdsefimaaNvCSopF/2lw=; b=RsQeD5mBUE2GI46+Fn/RAdjdmAHFJO6ypHR56gD55PeAH5uClpqLxeKBqnKv47vzGgX7dI wdm2+qyxtzoxOqDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742555475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kcYbGYU0TH4akdRK54cbyjOSdsefimaaNvCSopF/2lw=; b=hHxNmdkCy8RNE2eZD5alFnYyAUmkWE5tq6ObtbmJw43S039kHAVjIEAYJYtinj22TRalF7 xy3eiBCQh3Gt7nuMOdkQqBvl5mzkbvCjB3GTTiu/0OFcmd10MOnuvaUNPc2V/NvGda+kTq ZQeKxhib8xdt5yQeOTGZtdff5a2QLDWWNX58wVEg73mW96doQdvTsnzXKraqfhBIAUUUzg /I18ejTRzOER9XBzdr4uvNDkoPbGzNlrTiBGn159WsqvZCSaV/SwdXFHYoTPOC1hZ8ztnt KNeJsii89XgkpM8wPFv7yhTN2EhDQgT1nu6/ZKisYZVsJm/hGUXKr9y04P3/bA== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: [PATCH] samba: Update to version 4.22.0 From: Michael Tremer In-Reply-To: <20250321102456.5735-1-adolf.belka@ipfire.org> Date: Fri, 21 Mar 2025 11:11:14 +0000 Cc: development@lists.ipfire.org Content-Transfer-Encoding: quoted-printable Message-Id: <709AAFF3-3FB6-42BD-BDE3-E736DB255F5A@ipfire.org> References: <20250321102456.5735-1-adolf.belka@ipfire.org> To: Adolf Belka Thank you. There have been some issues with the riscv64 root file which I fixed = here: = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D2c6dbe05755d= 81aa0a56969df825915c9df8c739 -Michael > On 21 Mar 2025, at 10:24, Adolf Belka wrote: >=20 > - Update from version 4.21.4 > - Update of rootfile for all three architectures > - Changelog > 4.22.0 > NEW FEATURES/CHANGES > SMB3 Directory Leases > Starting with Samba 4.22 SMB3 Directory Leases are supported. The new > global option "smb3 directory leases" controls whether the feature is > enabled or not. By default, SMB3 Directory Leases are enabled on > non-clustered Samba and disabled on clustered Samba, based on the > "clustering" option. See man smb.conf for more details. > SMB3 Directory Leases allow clients to cache directory listings and, > depending on the workload, result in a decent reduction in SMB > requests from clients. > Netlogon Ping over LDAP and LDAPS > Samba must query domain controller information via simple queries on > the AD rootdse's netlogon attribute. Typically this is done via > connectionless LDAP, using UDP on port 389. The same information is > also available via classic LDAP rootdse queries over TCP. Samba can > now be configured to use TCP via the new "client netlogon ping > protocol" parameter to enable running in environments where firewalls > completely block port 389 or UDP traffic to domain controllers. > Experimental Himmelblaud Authentication in Samba > Samba now includes experimental support for Azure Entra ID > authentication via `himmelblaud`, located in the `rust/` directory. > This implementation provides basic authentication and is configured > through `smb.conf`, utilizing options such as `realm`, > `winbindd_socket_directory`, and `template_homedir`. New global > parameters include `himmelblaud_sfa_fallback`, > `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`. > To enable, configure Samba with `--enable-rust --with-himmelblau`. > AD DC schema upgrade and provision performance improvements > By increasing the LDB index cache size for certain offline operations > that are likely to require large transactions, these are now several > times faster. > REMOVED FEATURES > The "nmbd proxy logon" feature was removed. This was used before > Samba4 acquired a NBT server. > The parameter "cldap port" has been removed. CLDAP runs over UDP port > 389, we don't see a reason why this should ever be changed to a > different port. Moreover, we had several places in the code where > Samba did not respect this parameter, so the behaviour was at least > inconsistent. > fruit:posix_rename > This option of the vfs_fruit VFS module that could be used to enable > POSIX directory rename behaviour for OS X clients has been removed > as it could result in severe problems for Windows clients. > As a possible workaround it is possible to prevent creation of > .DS_Store files (a Finder thingy to store directory view settings) > on network mounts by running > $ defaults write com.apple.desktopservices DSDontWriteNetworkStores = true > on the Mac. > smb.conf changes > Parameter Name Description Default > -------------- ----------- ------- > smb3 directory leases New Auto > vfs mkdir use tmp name New Auto > client netlogon ping protocol New cldap > himmelblaud hello enabled New no > himmelblaud hsm pin path New default hsm = pin path > himmelblaud sfa fallback New no > client use krb5 netlogon Experimental no > reject aes netlogon servers Experimental no > server reject aes schannel Experimental no > server support krb5 netlogon Experimental no > fruit:posix_rename Removed > cldap port Removed > CHANGES SINCE 4.22.0rc4 > * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on = OpenBSD. > * BUG 15797: Unable to connect to CephFS subvolume shares with > vfs_shadow_copy2. > * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on = OpenBSD. > * BUG 15820: Incorrect FSF address in ctdb pcp scripts. > * BUG 15804: "samba-tool domain backup offline" hangs. > CHANGES SINCE 4.22.0rc3 > * BUG 15815: client use krb5 netlogon is experimental and should not = be used > in production. > CHANGES SINCE 4.22.0rc2 > * BUG 15738: Creation of GPOs applicable to more than one group is = impossible > with Samba 4.20.0 and later. > * BUG 15806: samba-tool acl commands broken for relative path names > * BUG 15807: pysmbd seg faults when file is not found. > * BUG 15796: Spotlight search results don't show file size and = creation date. > * BUG 15759: net ads create/join/winbind producing unix = dysfunctional > keytabs. > * BUG 15806: samba-tool acl commands broken for relative path names. > * BUG 15807: pysmbd seg faults when file is not found. > * BUG 15680: Trust domains are not created. > * BUG 15680: Trust domains are not created. > * BUG 15703: General improvements for vfs_ceph_new module. > CHANGES SINCE 4.22.0rc1 > * BUG 15798: libnet4: seg fault after dc lookup failure >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/packages/aarch64/samba | 7 +++++-- > config/rootfiles/packages/riscv64/samba | 15 ++++++++++----- > config/rootfiles/packages/x86_64/samba | 7 +++++-- > lfs/samba | 6 +++--- > 4 files changed, 23 insertions(+), 12 deletions(-) >=20 > diff --git a/config/rootfiles/packages/aarch64/samba = b/config/rootfiles/packages/aarch64/samba > index 7d261bc58..045459b57 100644 > --- a/config/rootfiles/packages/aarch64/samba > +++ b/config/rootfiles/packages/aarch64/samba > @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so > usr/lib/libndr-standard.so.0 > usr/lib/libndr-standard.so.0.0.1 > usr/lib/libndr.so > -usr/lib/libndr.so.5 > -usr/lib/libndr.so.5.0.0 > +usr/lib/libndr.so.6 > +usr/lib/libndr.so.6.0.0 > usr/lib/libnetapi.so > usr/lib/libnetapi.so.1 > usr/lib/libnetapi.so.1.0.0 > @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py > = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py > +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py > @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py > #usr/lib/python3.10/site-packages/samba/tests/registry.py > #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py > +#usr/lib/python3.10/site-packages/samba/tests/rust.py > #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py > #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py > #usr/lib/python3.10/site-packages/samba/tests/s3param.py > @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so > usr/lib/samba/libsocket-blocking-private-samba.so > usr/lib/samba/libstable-sort-private-samba.so > usr/lib/samba/libsys-rw-private-samba.so > +usr/lib/samba/libtalloc-private-samba.so > usr/lib/samba/libtalloc-report-printf-private-samba.so > usr/lib/samba/libtalloc-report-private-samba.so > usr/lib/samba/libtdb-private-samba.so > diff --git a/config/rootfiles/packages/riscv64/samba = b/config/rootfiles/packages/riscv64/samba > index bf7d3f069..563cef020 100644 > --- a/config/rootfiles/packages/riscv64/samba > +++ b/config/rootfiles/packages/riscv64/samba > @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so > usr/lib/libndr-standard.so.0 > usr/lib/libndr-standard.so.0.0.1 > usr/lib/libndr.so > -usr/lib/libndr.so.5 > -usr/lib/libndr.so.5.0.0 > ++usr/lib/libndr.so.6 > ++usr/lib/libndr.so.6.0.0 > usr/lib/libnetapi.so > usr/lib/libnetapi.so.1 > usr/lib/libnetapi.so.1.0.0 > @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py > = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py > ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py > @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py > #usr/lib/python3.10/site-packages/samba/tests/registry.py > #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py > ++usr/lib/python3.10/site-packages/samba/tests/rust.py > #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py > #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py > #usr/lib/python3.10/site-packages/samba/tests/s3param.py > @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so > usr/lib/samba/libsocket-blocking-private-samba.so > usr/lib/samba/libstable-sort-private-samba.so > usr/lib/samba/libsys-rw-private-samba.so > ++usr/lib/samba/libtalloc-private-samba.so > usr/lib/samba/libtalloc-report-printf-private-samba.so > usr/lib/samba/libtalloc-report-private-samba.so > usr/lib/samba/libtdb-private-samba.so > @@ -1025,6 +1028,8 @@ var/lib/samba/private > var/lib/samba/winbindd_privileged > var/log/samba > var/spool/samba > -srv/web/ipfire/cgi-bin/samba.cgi > -var/ipfire/menu.d/EX-samba.menu > -usr/local/bin/sambactrl > +-usr/lib/libndr.so.5 > +-usr/lib/libndr.so.5.0.0 > +-srv/web/ipfire/cgi-bin/samba.cgi > +-var/ipfire/menu.d/EX-samba.menu > +-usr/local/bin/sambactrl > diff --git a/config/rootfiles/packages/x86_64/samba = b/config/rootfiles/packages/x86_64/samba > index 988370a16..c545835eb 100644 > --- a/config/rootfiles/packages/x86_64/samba > +++ b/config/rootfiles/packages/x86_64/samba > @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so > usr/lib/libndr-standard.so.0 > usr/lib/libndr-standard.so.0.0.1 > usr/lib/libndr.so > -usr/lib/libndr.so.5 > -usr/lib/libndr.so.5.0.0 > +usr/lib/libndr.so.6 > +usr/lib/libndr.so.6.0.0 > usr/lib/libnetapi.so > usr/lib/libnetapi.so.1 > usr/lib/libnetapi.so.1.0.0 > @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py > = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py > +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py > #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py > @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py > #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py > #usr/lib/python3.10/site-packages/samba/tests/registry.py > #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py > +#usr/lib/python3.10/site-packages/samba/tests/rust.py > #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py > #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py > #usr/lib/python3.10/site-packages/samba/tests/s3param.py > @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so > usr/lib/samba/libsocket-blocking-private-samba.so > usr/lib/samba/libstable-sort-private-samba.so > usr/lib/samba/libsys-rw-private-samba.so > +usr/lib/samba/libtalloc-private-samba.so > usr/lib/samba/libtalloc-report-printf-private-samba.so > usr/lib/samba/libtalloc-report-private-samba.so > usr/lib/samba/libtdb-private-samba.so > diff --git a/lfs/samba b/lfs/samba > index e9529a176..5101244b3 100644 > --- a/lfs/samba > +++ b/lfs/samba > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 4.21.4 > +VER =3D 4.22.0 > SUMMARY =3D A SMB/CIFS File, Print, and Authentication Server >=20 > THISAPP =3D samba-$(VER) > @@ -33,7 +33,7 @@ DL_FROM =3D $(URL_IPFIRE) > DIR_APP =3D $(DIR_SRC)/$(THISAPP) > TARGET =3D $(DIR_INFO)/$(THISAPP) > PROG =3D samba > -PAK_VER =3D 111 > +PAK_VER =3D 112 >=20 > DEPS =3D avahi libtalloc perl-Parse-Yapp wsdd >=20 > @@ -47,7 +47,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_BLAKE2 =3D = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a= 82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb > +$(DL_FILE)_BLAKE2 =3D = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea= 91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585 >=20 > install : $(TARGET) >=20 > --=20 > 2.49.0 >=20 >=20