* [PATCH] samba: Update to version 4.22.0
@ 2025-03-21 10:24 Adolf Belka
2025-03-21 11:11 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Adolf Belka @ 2025-03-21 10:24 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- Update from version 4.21.4
- Update of rootfile for all three architectures
- Changelog
4.22.0
NEW FEATURES/CHANGES
SMB3 Directory Leases
Starting with Samba 4.22 SMB3 Directory Leases are supported. The new
global option "smb3 directory leases" controls whether the feature is
enabled or not. By default, SMB3 Directory Leases are enabled on
non-clustered Samba and disabled on clustered Samba, based on the
"clustering" option. See man smb.conf for more details.
SMB3 Directory Leases allow clients to cache directory listings and,
depending on the workload, result in a decent reduction in SMB
requests from clients.
Netlogon Ping over LDAP and LDAPS
Samba must query domain controller information via simple queries on
the AD rootdse's netlogon attribute. Typically this is done via
connectionless LDAP, using UDP on port 389. The same information is
also available via classic LDAP rootdse queries over TCP. Samba can
now be configured to use TCP via the new "client netlogon ping
protocol" parameter to enable running in environments where firewalls
completely block port 389 or UDP traffic to domain controllers.
Experimental Himmelblaud Authentication in Samba
Samba now includes experimental support for Azure Entra ID
authentication via `himmelblaud`, located in the `rust/` directory.
This implementation provides basic authentication and is configured
through `smb.conf`, utilizing options such as `realm`,
`winbindd_socket_directory`, and `template_homedir`. New global
parameters include `himmelblaud_sfa_fallback`,
`himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`.
To enable, configure Samba with `--enable-rust --with-himmelblau`.
AD DC schema upgrade and provision performance improvements
By increasing the LDB index cache size for certain offline operations
that are likely to require large transactions, these are now several
times faster.
REMOVED FEATURES
The "nmbd proxy logon" feature was removed. This was used before
Samba4 acquired a NBT server.
The parameter "cldap port" has been removed. CLDAP runs over UDP port
389, we don't see a reason why this should ever be changed to a
different port. Moreover, we had several places in the code where
Samba did not respect this parameter, so the behaviour was at least
inconsistent.
fruit:posix_rename
This option of the vfs_fruit VFS module that could be used to enable
POSIX directory rename behaviour for OS X clients has been removed
as it could result in severe problems for Windows clients.
As a possible workaround it is possible to prevent creation of
.DS_Store files (a Finder thingy to store directory view settings)
on network mounts by running
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
on the Mac.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
smb3 directory leases New Auto
vfs mkdir use tmp name New Auto
client netlogon ping protocol New cldap
himmelblaud hello enabled New no
himmelblaud hsm pin path New default hsm pin path
himmelblaud sfa fallback New no
client use krb5 netlogon Experimental no
reject aes netlogon servers Experimental no
server reject aes schannel Experimental no
server support krb5 netlogon Experimental no
fruit:posix_rename Removed
cldap port Removed
CHANGES SINCE 4.22.0rc4
* BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
* BUG 15797: Unable to connect to CephFS subvolume shares with
vfs_shadow_copy2.
* BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
* BUG 15820: Incorrect FSF address in ctdb pcp scripts.
* BUG 15804: "samba-tool domain backup offline" hangs.
CHANGES SINCE 4.22.0rc3
* BUG 15815: client use krb5 netlogon is experimental and should not be used
in production.
CHANGES SINCE 4.22.0rc2
* BUG 15738: Creation of GPOs applicable to more than one group is impossible
with Samba 4.20.0 and later.
* BUG 15806: samba-tool acl commands broken for relative path names
* BUG 15807: pysmbd seg faults when file is not found.
* BUG 15796: Spotlight search results don't show file size and creation date.
* BUG 15759: net ads create/join/winbind producing unix dysfunctional
keytabs.
* BUG 15806: samba-tool acl commands broken for relative path names.
* BUG 15807: pysmbd seg faults when file is not found.
* BUG 15680: Trust domains are not created.
* BUG 15680: Trust domains are not created.
* BUG 15703: General improvements for vfs_ceph_new module.
CHANGES SINCE 4.22.0rc1
* BUG 15798: libnet4: seg fault after dc lookup failure
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/packages/aarch64/samba | 7 +++++--
config/rootfiles/packages/riscv64/samba | 15 ++++++++++-----
config/rootfiles/packages/x86_64/samba | 7 +++++--
lfs/samba | 6 +++---
4 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
index 7d261bc58..045459b57 100644
--- a/config/rootfiles/packages/aarch64/samba
+++ b/config/rootfiles/packages/aarch64/samba
@@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.5
-usr/lib/libndr.so.5.0.0
+usr/lib/libndr.so.6
+usr/lib/libndr.so.6.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
@@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
@@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
#usr/lib/python3.10/site-packages/samba/tests/registry.py
#usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
+#usr/lib/python3.10/site-packages/samba/tests/rust.py
#usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
#usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
#usr/lib/python3.10/site-packages/samba/tests/s3param.py
@@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
+usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
index bf7d3f069..563cef020 100644
--- a/config/rootfiles/packages/riscv64/samba
+++ b/config/rootfiles/packages/riscv64/samba
@@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.5
-usr/lib/libndr.so.5.0.0
++usr/lib/libndr.so.6
++usr/lib/libndr.so.6.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
@@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
@@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
#usr/lib/python3.10/site-packages/samba/tests/registry.py
#usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
++usr/lib/python3.10/site-packages/samba/tests/rust.py
#usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
#usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
#usr/lib/python3.10/site-packages/samba/tests/s3param.py
@@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
++usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
@@ -1025,6 +1028,8 @@ var/lib/samba/private
var/lib/samba/winbindd_privileged
var/log/samba
var/spool/samba
-srv/web/ipfire/cgi-bin/samba.cgi
-var/ipfire/menu.d/EX-samba.menu
-usr/local/bin/sambactrl
+-usr/lib/libndr.so.5
+-usr/lib/libndr.so.5.0.0
+-srv/web/ipfire/cgi-bin/samba.cgi
+-var/ipfire/menu.d/EX-samba.menu
+-usr/local/bin/sambactrl
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
index 988370a16..c545835eb 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
usr/lib/libndr-standard.so.0
usr/lib/libndr-standard.so.0.0.1
usr/lib/libndr.so
-usr/lib/libndr.so.5
-usr/lib/libndr.so.5.0.0
+usr/lib/libndr.so.6
+usr/lib/libndr.so.6.0.0
usr/lib/libnetapi.so
usr/lib/libnetapi.so.1
usr/lib/libnetapi.so.1.0.0
@@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
#usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
@@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
#usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
#usr/lib/python3.10/site-packages/samba/tests/registry.py
#usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
+#usr/lib/python3.10/site-packages/samba/tests/rust.py
#usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
#usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
#usr/lib/python3.10/site-packages/samba/tests/s3param.py
@@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
usr/lib/samba/libsocket-blocking-private-samba.so
usr/lib/samba/libstable-sort-private-samba.so
usr/lib/samba/libsys-rw-private-samba.so
+usr/lib/samba/libtalloc-private-samba.so
usr/lib/samba/libtalloc-report-printf-private-samba.so
usr/lib/samba/libtalloc-report-private-samba.so
usr/lib/samba/libtdb-private-samba.so
diff --git a/lfs/samba b/lfs/samba
index e9529a176..5101244b3 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 4.21.4
+VER = 4.22.0
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 111
+PAK_VER = 112
DEPS = avahi libtalloc perl-Parse-Yapp wsdd
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb
+$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585
install : $(TARGET)
--
2.49.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] samba: Update to version 4.22.0
2025-03-21 10:24 [PATCH] samba: Update to version 4.22.0 Adolf Belka
@ 2025-03-21 11:11 ` Michael Tremer
2025-03-21 12:27 ` Adolf Belka
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2025-03-21 11:11 UTC (permalink / raw)
To: Adolf Belka; +Cc: development
Thank you.
There have been some issues with the riscv64 root file which I fixed here:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=2c6dbe05755d81aa0a56969df825915c9df8c739
-Michael
> On 21 Mar 2025, at 10:24, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
> - Update from version 4.21.4
> - Update of rootfile for all three architectures
> - Changelog
> 4.22.0
> NEW FEATURES/CHANGES
> SMB3 Directory Leases
> Starting with Samba 4.22 SMB3 Directory Leases are supported. The new
> global option "smb3 directory leases" controls whether the feature is
> enabled or not. By default, SMB3 Directory Leases are enabled on
> non-clustered Samba and disabled on clustered Samba, based on the
> "clustering" option. See man smb.conf for more details.
> SMB3 Directory Leases allow clients to cache directory listings and,
> depending on the workload, result in a decent reduction in SMB
> requests from clients.
> Netlogon Ping over LDAP and LDAPS
> Samba must query domain controller information via simple queries on
> the AD rootdse's netlogon attribute. Typically this is done via
> connectionless LDAP, using UDP on port 389. The same information is
> also available via classic LDAP rootdse queries over TCP. Samba can
> now be configured to use TCP via the new "client netlogon ping
> protocol" parameter to enable running in environments where firewalls
> completely block port 389 or UDP traffic to domain controllers.
> Experimental Himmelblaud Authentication in Samba
> Samba now includes experimental support for Azure Entra ID
> authentication via `himmelblaud`, located in the `rust/` directory.
> This implementation provides basic authentication and is configured
> through `smb.conf`, utilizing options such as `realm`,
> `winbindd_socket_directory`, and `template_homedir`. New global
> parameters include `himmelblaud_sfa_fallback`,
> `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`.
> To enable, configure Samba with `--enable-rust --with-himmelblau`.
> AD DC schema upgrade and provision performance improvements
> By increasing the LDB index cache size for certain offline operations
> that are likely to require large transactions, these are now several
> times faster.
> REMOVED FEATURES
> The "nmbd proxy logon" feature was removed. This was used before
> Samba4 acquired a NBT server.
> The parameter "cldap port" has been removed. CLDAP runs over UDP port
> 389, we don't see a reason why this should ever be changed to a
> different port. Moreover, we had several places in the code where
> Samba did not respect this parameter, so the behaviour was at least
> inconsistent.
> fruit:posix_rename
> This option of the vfs_fruit VFS module that could be used to enable
> POSIX directory rename behaviour for OS X clients has been removed
> as it could result in severe problems for Windows clients.
> As a possible workaround it is possible to prevent creation of
> .DS_Store files (a Finder thingy to store directory view settings)
> on network mounts by running
> $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
> on the Mac.
> smb.conf changes
> Parameter Name Description Default
> -------------- ----------- -------
> smb3 directory leases New Auto
> vfs mkdir use tmp name New Auto
> client netlogon ping protocol New cldap
> himmelblaud hello enabled New no
> himmelblaud hsm pin path New default hsm pin path
> himmelblaud sfa fallback New no
> client use krb5 netlogon Experimental no
> reject aes netlogon servers Experimental no
> server reject aes schannel Experimental no
> server support krb5 netlogon Experimental no
> fruit:posix_rename Removed
> cldap port Removed
> CHANGES SINCE 4.22.0rc4
> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
> * BUG 15797: Unable to connect to CephFS subvolume shares with
> vfs_shadow_copy2.
> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
> * BUG 15820: Incorrect FSF address in ctdb pcp scripts.
> * BUG 15804: "samba-tool domain backup offline" hangs.
> CHANGES SINCE 4.22.0rc3
> * BUG 15815: client use krb5 netlogon is experimental and should not be used
> in production.
> CHANGES SINCE 4.22.0rc2
> * BUG 15738: Creation of GPOs applicable to more than one group is impossible
> with Samba 4.20.0 and later.
> * BUG 15806: samba-tool acl commands broken for relative path names
> * BUG 15807: pysmbd seg faults when file is not found.
> * BUG 15796: Spotlight search results don't show file size and creation date.
> * BUG 15759: net ads create/join/winbind producing unix dysfunctional
> keytabs.
> * BUG 15806: samba-tool acl commands broken for relative path names.
> * BUG 15807: pysmbd seg faults when file is not found.
> * BUG 15680: Trust domains are not created.
> * BUG 15680: Trust domains are not created.
> * BUG 15703: General improvements for vfs_ceph_new module.
> CHANGES SINCE 4.22.0rc1
> * BUG 15798: libnet4: seg fault after dc lookup failure
>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/packages/aarch64/samba | 7 +++++--
> config/rootfiles/packages/riscv64/samba | 15 ++++++++++-----
> config/rootfiles/packages/x86_64/samba | 7 +++++--
> lfs/samba | 6 +++---
> 4 files changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
> index 7d261bc58..045459b57 100644
> --- a/config/rootfiles/packages/aarch64/samba
> +++ b/config/rootfiles/packages/aarch64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> +usr/lib/libndr.so.6
> +usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> +usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
> index bf7d3f069..563cef020 100644
> --- a/config/rootfiles/packages/riscv64/samba
> +++ b/config/rootfiles/packages/riscv64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> ++usr/lib/libndr.so.6
> ++usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> ++usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> ++usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> @@ -1025,6 +1028,8 @@ var/lib/samba/private
> var/lib/samba/winbindd_privileged
> var/log/samba
> var/spool/samba
> -srv/web/ipfire/cgi-bin/samba.cgi
> -var/ipfire/menu.d/EX-samba.menu
> -usr/local/bin/sambactrl
> +-usr/lib/libndr.so.5
> +-usr/lib/libndr.so.5.0.0
> +-srv/web/ipfire/cgi-bin/samba.cgi
> +-var/ipfire/menu.d/EX-samba.menu
> +-usr/local/bin/sambactrl
> diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
> index 988370a16..c545835eb 100644
> --- a/config/rootfiles/packages/x86_64/samba
> +++ b/config/rootfiles/packages/x86_64/samba
> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
> usr/lib/libndr-standard.so.0
> usr/lib/libndr-standard.so.0.0.1
> usr/lib/libndr.so
> -usr/lib/libndr.so.5
> -usr/lib/libndr.so.5.0.0
> +usr/lib/libndr.so.6
> +usr/lib/libndr.so.6.0.0
> usr/lib/libnetapi.so
> usr/lib/libnetapi.so.1
> usr/lib/libnetapi.so.1.0.0
> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
> #usr/lib/python3.10/site-packages/samba/tests/registry.py
> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
> usr/lib/samba/libsocket-blocking-private-samba.so
> usr/lib/samba/libstable-sort-private-samba.so
> usr/lib/samba/libsys-rw-private-samba.so
> +usr/lib/samba/libtalloc-private-samba.so
> usr/lib/samba/libtalloc-report-printf-private-samba.so
> usr/lib/samba/libtalloc-report-private-samba.so
> usr/lib/samba/libtdb-private-samba.so
> diff --git a/lfs/samba b/lfs/samba
> index e9529a176..5101244b3 100644
> --- a/lfs/samba
> +++ b/lfs/samba
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 4.21.4
> +VER = 4.22.0
> SUMMARY = A SMB/CIFS File, Print, and Authentication Server
>
> THISAPP = samba-$(VER)
> @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = samba
> -PAK_VER = 111
> +PAK_VER = 112
>
> DEPS = avahi libtalloc perl-Parse-Yapp wsdd
>
> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb
> +$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585
>
> install : $(TARGET)
>
> --
> 2.49.0
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] samba: Update to version 4.22.0
2025-03-21 11:11 ` Michael Tremer
@ 2025-03-21 12:27 ` Adolf Belka
2025-03-21 12:34 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Adolf Belka @ 2025-03-21 12:27 UTC (permalink / raw)
To: Michael Tremer; +Cc: development
On 21/03/2025 12:11, Michael Tremer wrote:
> Thank you.
>
> There have been some issues with the riscv64 root file which I fixed here:
Sorry about that. Thanks for fixing it. I know what I did wrong. I copied the samba-4.22.0 file from the log directory on the riscv64 builder but I then forgot to go into it and edit it to deal with the + lines etc before I added it to my samba commit.
I did it correctly for the aarch64 rootfile but missed out checking anything on the riscv64 one and then obviously did not read through the contents of the commit message well enough.
Hopefully I won't repeat it too often.
Regards,
Adolf.>
> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=2c6dbe05755d81aa0a56969df825915c9df8c739
>
> -Michael
>
>> On 21 Mar 2025, at 10:24, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>
>> - Update from version 4.21.4
>> - Update of rootfile for all three architectures
>> - Changelog
>> 4.22.0
>> NEW FEATURES/CHANGES
>> SMB3 Directory Leases
>> Starting with Samba 4.22 SMB3 Directory Leases are supported. The new
>> global option "smb3 directory leases" controls whether the feature is
>> enabled or not. By default, SMB3 Directory Leases are enabled on
>> non-clustered Samba and disabled on clustered Samba, based on the
>> "clustering" option. See man smb.conf for more details.
>> SMB3 Directory Leases allow clients to cache directory listings and,
>> depending on the workload, result in a decent reduction in SMB
>> requests from clients.
>> Netlogon Ping over LDAP and LDAPS
>> Samba must query domain controller information via simple queries on
>> the AD rootdse's netlogon attribute. Typically this is done via
>> connectionless LDAP, using UDP on port 389. The same information is
>> also available via classic LDAP rootdse queries over TCP. Samba can
>> now be configured to use TCP via the new "client netlogon ping
>> protocol" parameter to enable running in environments where firewalls
>> completely block port 389 or UDP traffic to domain controllers.
>> Experimental Himmelblaud Authentication in Samba
>> Samba now includes experimental support for Azure Entra ID
>> authentication via `himmelblaud`, located in the `rust/` directory.
>> This implementation provides basic authentication and is configured
>> through `smb.conf`, utilizing options such as `realm`,
>> `winbindd_socket_directory`, and `template_homedir`. New global
>> parameters include `himmelblaud_sfa_fallback`,
>> `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`.
>> To enable, configure Samba with `--enable-rust --with-himmelblau`.
>> AD DC schema upgrade and provision performance improvements
>> By increasing the LDB index cache size for certain offline operations
>> that are likely to require large transactions, these are now several
>> times faster.
>> REMOVED FEATURES
>> The "nmbd proxy logon" feature was removed. This was used before
>> Samba4 acquired a NBT server.
>> The parameter "cldap port" has been removed. CLDAP runs over UDP port
>> 389, we don't see a reason why this should ever be changed to a
>> different port. Moreover, we had several places in the code where
>> Samba did not respect this parameter, so the behaviour was at least
>> inconsistent.
>> fruit:posix_rename
>> This option of the vfs_fruit VFS module that could be used to enable
>> POSIX directory rename behaviour for OS X clients has been removed
>> as it could result in severe problems for Windows clients.
>> As a possible workaround it is possible to prevent creation of
>> .DS_Store files (a Finder thingy to store directory view settings)
>> on network mounts by running
>> $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
>> on the Mac.
>> smb.conf changes
>> Parameter Name Description Default
>> -------------- ----------- -------
>> smb3 directory leases New Auto
>> vfs mkdir use tmp name New Auto
>> client netlogon ping protocol New cldap
>> himmelblaud hello enabled New no
>> himmelblaud hsm pin path New default hsm pin path
>> himmelblaud sfa fallback New no
>> client use krb5 netlogon Experimental no
>> reject aes netlogon servers Experimental no
>> server reject aes schannel Experimental no
>> server support krb5 netlogon Experimental no
>> fruit:posix_rename Removed
>> cldap port Removed
>> CHANGES SINCE 4.22.0rc4
>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
>> * BUG 15797: Unable to connect to CephFS subvolume shares with
>> vfs_shadow_copy2.
>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
>> * BUG 15820: Incorrect FSF address in ctdb pcp scripts.
>> * BUG 15804: "samba-tool domain backup offline" hangs.
>> CHANGES SINCE 4.22.0rc3
>> * BUG 15815: client use krb5 netlogon is experimental and should not be used
>> in production.
>> CHANGES SINCE 4.22.0rc2
>> * BUG 15738: Creation of GPOs applicable to more than one group is impossible
>> with Samba 4.20.0 and later.
>> * BUG 15806: samba-tool acl commands broken for relative path names
>> * BUG 15807: pysmbd seg faults when file is not found.
>> * BUG 15796: Spotlight search results don't show file size and creation date.
>> * BUG 15759: net ads create/join/winbind producing unix dysfunctional
>> keytabs.
>> * BUG 15806: samba-tool acl commands broken for relative path names.
>> * BUG 15807: pysmbd seg faults when file is not found.
>> * BUG 15680: Trust domains are not created.
>> * BUG 15680: Trust domains are not created.
>> * BUG 15703: General improvements for vfs_ceph_new module.
>> CHANGES SINCE 4.22.0rc1
>> * BUG 15798: libnet4: seg fault after dc lookup failure
>>
>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
>> ---
>> config/rootfiles/packages/aarch64/samba | 7 +++++--
>> config/rootfiles/packages/riscv64/samba | 15 ++++++++++-----
>> config/rootfiles/packages/x86_64/samba | 7 +++++--
>> lfs/samba | 6 +++---
>> 4 files changed, 23 insertions(+), 12 deletions(-)
>>
>> diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
>> index 7d261bc58..045459b57 100644
>> --- a/config/rootfiles/packages/aarch64/samba
>> +++ b/config/rootfiles/packages/aarch64/samba
>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>> usr/lib/libndr-standard.so.0
>> usr/lib/libndr-standard.so.0.0.1
>> usr/lib/libndr.so
>> -usr/lib/libndr.so.5
>> -usr/lib/libndr.so.5.0.0
>> +usr/lib/libndr.so.6
>> +usr/lib/libndr.so.6.0.0
>> usr/lib/libnetapi.so
>> usr/lib/libnetapi.so.1
>> usr/lib/libnetapi.so.1.0.0
>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>> usr/lib/samba/libsocket-blocking-private-samba.so
>> usr/lib/samba/libstable-sort-private-samba.so
>> usr/lib/samba/libsys-rw-private-samba.so
>> +usr/lib/samba/libtalloc-private-samba.so
>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>> usr/lib/samba/libtalloc-report-private-samba.so
>> usr/lib/samba/libtdb-private-samba.so
>> diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
>> index bf7d3f069..563cef020 100644
>> --- a/config/rootfiles/packages/riscv64/samba
>> +++ b/config/rootfiles/packages/riscv64/samba
>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>> usr/lib/libndr-standard.so.0
>> usr/lib/libndr-standard.so.0.0.1
>> usr/lib/libndr.so
>> -usr/lib/libndr.so.5
>> -usr/lib/libndr.so.5.0.0
>> ++usr/lib/libndr.so.6
>> ++usr/lib/libndr.so.6.0.0
>> usr/lib/libnetapi.so
>> usr/lib/libnetapi.so.1
>> usr/lib/libnetapi.so.1.0.0
>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>> ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>> ++usr/lib/python3.10/site-packages/samba/tests/rust.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>> usr/lib/samba/libsocket-blocking-private-samba.so
>> usr/lib/samba/libstable-sort-private-samba.so
>> usr/lib/samba/libsys-rw-private-samba.so
>> ++usr/lib/samba/libtalloc-private-samba.so
>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>> usr/lib/samba/libtalloc-report-private-samba.so
>> usr/lib/samba/libtdb-private-samba.so
>> @@ -1025,6 +1028,8 @@ var/lib/samba/private
>> var/lib/samba/winbindd_privileged
>> var/log/samba
>> var/spool/samba
>> -srv/web/ipfire/cgi-bin/samba.cgi
>> -var/ipfire/menu.d/EX-samba.menu
>> -usr/local/bin/sambactrl
>> +-usr/lib/libndr.so.5
>> +-usr/lib/libndr.so.5.0.0
>> +-srv/web/ipfire/cgi-bin/samba.cgi
>> +-var/ipfire/menu.d/EX-samba.menu
>> +-usr/local/bin/sambactrl
>> diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
>> index 988370a16..c545835eb 100644
>> --- a/config/rootfiles/packages/x86_64/samba
>> +++ b/config/rootfiles/packages/x86_64/samba
>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>> usr/lib/libndr-standard.so.0
>> usr/lib/libndr-standard.so.0.0.1
>> usr/lib/libndr.so
>> -usr/lib/libndr.so.5
>> -usr/lib/libndr.so.5.0.0
>> +usr/lib/libndr.so.6
>> +usr/lib/libndr.so.6.0.0
>> usr/lib/libnetapi.so
>> usr/lib/libnetapi.so.1
>> usr/lib/libnetapi.so.1.0.0
>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>> usr/lib/samba/libsocket-blocking-private-samba.so
>> usr/lib/samba/libstable-sort-private-samba.so
>> usr/lib/samba/libsys-rw-private-samba.so
>> +usr/lib/samba/libtalloc-private-samba.so
>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>> usr/lib/samba/libtalloc-report-private-samba.so
>> usr/lib/samba/libtdb-private-samba.so
>> diff --git a/lfs/samba b/lfs/samba
>> index e9529a176..5101244b3 100644
>> --- a/lfs/samba
>> +++ b/lfs/samba
>> @@ -24,7 +24,7 @@
>>
>> include Config
>>
>> -VER = 4.21.4
>> +VER = 4.22.0
>> SUMMARY = A SMB/CIFS File, Print, and Authentication Server
>>
>> THISAPP = samba-$(VER)
>> @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>> PROG = samba
>> -PAK_VER = 111
>> +PAK_VER = 112
>>
>> DEPS = avahi libtalloc perl-Parse-Yapp wsdd
>>
>> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>>
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>
>> -$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb
>> +$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585
>>
>> install : $(TARGET)
>>
>> --
>> 2.49.0
>>
>>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] samba: Update to version 4.22.0
2025-03-21 12:27 ` Adolf Belka
@ 2025-03-21 12:34 ` Michael Tremer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2025-03-21 12:34 UTC (permalink / raw)
To: Adolf Belka; +Cc: development
Not a problem at all. It was a quick fix.
> On 21 Mar 2025, at 12:27, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
>
>
> On 21/03/2025 12:11, Michael Tremer wrote:
>> Thank you.
>> There have been some issues with the riscv64 root file which I fixed here:
>
> Sorry about that. Thanks for fixing it. I know what I did wrong. I copied the samba-4.22.0 file from the log directory on the riscv64 builder but I then forgot to go into it and edit it to deal with the + lines etc before I added it to my samba commit.
>
> I did it correctly for the aarch64 rootfile but missed out checking anything on the riscv64 one and then obviously did not read through the contents of the commit message well enough.
>
> Hopefully I won't repeat it too often.
>
> Regards,
> Adolf.>
>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=2c6dbe05755d81aa0a56969df825915c9df8c739
>> -Michael
>>> On 21 Mar 2025, at 10:24, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>>
>>> - Update from version 4.21.4
>>> - Update of rootfile for all three architectures
>>> - Changelog
>>> 4.22.0
>>> NEW FEATURES/CHANGES
>>> SMB3 Directory Leases
>>> Starting with Samba 4.22 SMB3 Directory Leases are supported. The new
>>> global option "smb3 directory leases" controls whether the feature is
>>> enabled or not. By default, SMB3 Directory Leases are enabled on
>>> non-clustered Samba and disabled on clustered Samba, based on the
>>> "clustering" option. See man smb.conf for more details.
>>> SMB3 Directory Leases allow clients to cache directory listings and,
>>> depending on the workload, result in a decent reduction in SMB
>>> requests from clients.
>>> Netlogon Ping over LDAP and LDAPS
>>> Samba must query domain controller information via simple queries on
>>> the AD rootdse's netlogon attribute. Typically this is done via
>>> connectionless LDAP, using UDP on port 389. The same information is
>>> also available via classic LDAP rootdse queries over TCP. Samba can
>>> now be configured to use TCP via the new "client netlogon ping
>>> protocol" parameter to enable running in environments where firewalls
>>> completely block port 389 or UDP traffic to domain controllers.
>>> Experimental Himmelblaud Authentication in Samba
>>> Samba now includes experimental support for Azure Entra ID
>>> authentication via `himmelblaud`, located in the `rust/` directory.
>>> This implementation provides basic authentication and is configured
>>> through `smb.conf`, utilizing options such as `realm`,
>>> `winbindd_socket_directory`, and `template_homedir`. New global
>>> parameters include `himmelblaud_sfa_fallback`,
>>> `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`.
>>> To enable, configure Samba with `--enable-rust --with-himmelblau`.
>>> AD DC schema upgrade and provision performance improvements
>>> By increasing the LDB index cache size for certain offline operations
>>> that are likely to require large transactions, these are now several
>>> times faster.
>>> REMOVED FEATURES
>>> The "nmbd proxy logon" feature was removed. This was used before
>>> Samba4 acquired a NBT server.
>>> The parameter "cldap port" has been removed. CLDAP runs over UDP port
>>> 389, we don't see a reason why this should ever be changed to a
>>> different port. Moreover, we had several places in the code where
>>> Samba did not respect this parameter, so the behaviour was at least
>>> inconsistent.
>>> fruit:posix_rename
>>> This option of the vfs_fruit VFS module that could be used to enable
>>> POSIX directory rename behaviour for OS X clients has been removed
>>> as it could result in severe problems for Windows clients.
>>> As a possible workaround it is possible to prevent creation of
>>> .DS_Store files (a Finder thingy to store directory view settings)
>>> on network mounts by running
>>> $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
>>> on the Mac.
>>> smb.conf changes
>>> Parameter Name Description Default
>>> -------------- ----------- -------
>>> smb3 directory leases New Auto
>>> vfs mkdir use tmp name New Auto
>>> client netlogon ping protocol New cldap
>>> himmelblaud hello enabled New no
>>> himmelblaud hsm pin path New default hsm pin path
>>> himmelblaud sfa fallback New no
>>> client use krb5 netlogon Experimental no
>>> reject aes netlogon servers Experimental no
>>> server reject aes schannel Experimental no
>>> server support krb5 netlogon Experimental no
>>> fruit:posix_rename Removed
>>> cldap port Removed
>>> CHANGES SINCE 4.22.0rc4
>>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
>>> * BUG 15797: Unable to connect to CephFS subvolume shares with
>>> vfs_shadow_copy2.
>>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on OpenBSD.
>>> * BUG 15820: Incorrect FSF address in ctdb pcp scripts.
>>> * BUG 15804: "samba-tool domain backup offline" hangs.
>>> CHANGES SINCE 4.22.0rc3
>>> * BUG 15815: client use krb5 netlogon is experimental and should not be used
>>> in production.
>>> CHANGES SINCE 4.22.0rc2
>>> * BUG 15738: Creation of GPOs applicable to more than one group is impossible
>>> with Samba 4.20.0 and later.
>>> * BUG 15806: samba-tool acl commands broken for relative path names
>>> * BUG 15807: pysmbd seg faults when file is not found.
>>> * BUG 15796: Spotlight search results don't show file size and creation date.
>>> * BUG 15759: net ads create/join/winbind producing unix dysfunctional
>>> keytabs.
>>> * BUG 15806: samba-tool acl commands broken for relative path names.
>>> * BUG 15807: pysmbd seg faults when file is not found.
>>> * BUG 15680: Trust domains are not created.
>>> * BUG 15680: Trust domains are not created.
>>> * BUG 15703: General improvements for vfs_ceph_new module.
>>> CHANGES SINCE 4.22.0rc1
>>> * BUG 15798: libnet4: seg fault after dc lookup failure
>>>
>>> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
>>> ---
>>> config/rootfiles/packages/aarch64/samba | 7 +++++--
>>> config/rootfiles/packages/riscv64/samba | 15 ++++++++++-----
>>> config/rootfiles/packages/x86_64/samba | 7 +++++--
>>> lfs/samba | 6 +++---
>>> 4 files changed, 23 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/config/rootfiles/packages/aarch64/samba b/config/rootfiles/packages/aarch64/samba
>>> index 7d261bc58..045459b57 100644
>>> --- a/config/rootfiles/packages/aarch64/samba
>>> +++ b/config/rootfiles/packages/aarch64/samba
>>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>>> usr/lib/libndr-standard.so.0
>>> usr/lib/libndr-standard.so.0.0.1
>>> usr/lib/libndr.so
>>> -usr/lib/libndr.so.5
>>> -usr/lib/libndr.so.5.0.0
>>> +usr/lib/libndr.so.6
>>> +usr/lib/libndr.so.6.0.0
>>> usr/lib/libnetapi.so
>>> usr/lib/libnetapi.so.1
>>> usr/lib/libnetapi.so.1.0.0
>>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>>> usr/lib/samba/libsocket-blocking-private-samba.so
>>> usr/lib/samba/libstable-sort-private-samba.so
>>> usr/lib/samba/libsys-rw-private-samba.so
>>> +usr/lib/samba/libtalloc-private-samba.so
>>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>>> usr/lib/samba/libtalloc-report-private-samba.so
>>> usr/lib/samba/libtdb-private-samba.so
>>> diff --git a/config/rootfiles/packages/riscv64/samba b/config/rootfiles/packages/riscv64/samba
>>> index bf7d3f069..563cef020 100644
>>> --- a/config/rootfiles/packages/riscv64/samba
>>> +++ b/config/rootfiles/packages/riscv64/samba
>>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>>> usr/lib/libndr-standard.so.0
>>> usr/lib/libndr-standard.so.0.0.1
>>> usr/lib/libndr.so
>>> -usr/lib/libndr.so.5
>>> -usr/lib/libndr.so.5.0.0
>>> ++usr/lib/libndr.so.6
>>> ++usr/lib/libndr.so.6.0.0
>>> usr/lib/libnetapi.so
>>> usr/lib/libnetapi.so.1
>>> usr/lib/libnetapi.so.1.0.0
>>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>>> ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>>> ++usr/lib/python3.10/site-packages/samba/tests/rust.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>>> usr/lib/samba/libsocket-blocking-private-samba.so
>>> usr/lib/samba/libstable-sort-private-samba.so
>>> usr/lib/samba/libsys-rw-private-samba.so
>>> ++usr/lib/samba/libtalloc-private-samba.so
>>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>>> usr/lib/samba/libtalloc-report-private-samba.so
>>> usr/lib/samba/libtdb-private-samba.so
>>> @@ -1025,6 +1028,8 @@ var/lib/samba/private
>>> var/lib/samba/winbindd_privileged
>>> var/log/samba
>>> var/spool/samba
>>> -srv/web/ipfire/cgi-bin/samba.cgi
>>> -var/ipfire/menu.d/EX-samba.menu
>>> -usr/local/bin/sambactrl
>>> +-usr/lib/libndr.so.5
>>> +-usr/lib/libndr.so.5.0.0
>>> +-srv/web/ipfire/cgi-bin/samba.cgi
>>> +-var/ipfire/menu.d/EX-samba.menu
>>> +-usr/local/bin/sambactrl
>>> diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
>>> index 988370a16..c545835eb 100644
>>> --- a/config/rootfiles/packages/x86_64/samba
>>> +++ b/config/rootfiles/packages/x86_64/samba
>>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so
>>> usr/lib/libndr-standard.so.0
>>> usr/lib/libndr-standard.so.0.0.1
>>> usr/lib/libndr.so
>>> -usr/lib/libndr.so.5
>>> -usr/lib/libndr.so.5.0.0
>>> +usr/lib/libndr.so.6
>>> +usr/lib/libndr.so.6.0.0
>>> usr/lib/libnetapi.so
>>> usr/lib/libnetapi.so.1
>>> usr/lib/libnetapi.so.1.0.0
>>> @@ -626,6 +626,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
>>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
>>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py
>>> @@ -695,6 +696,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
>>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py
>>> #usr/lib/python3.10/site-packages/samba/tests/registry.py
>>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py
>>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py
>>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py
>>> @@ -931,6 +933,7 @@ usr/lib/samba/libsmbpasswdparser-private-samba.so
>>> usr/lib/samba/libsocket-blocking-private-samba.so
>>> usr/lib/samba/libstable-sort-private-samba.so
>>> usr/lib/samba/libsys-rw-private-samba.so
>>> +usr/lib/samba/libtalloc-private-samba.so
>>> usr/lib/samba/libtalloc-report-printf-private-samba.so
>>> usr/lib/samba/libtalloc-report-private-samba.so
>>> usr/lib/samba/libtdb-private-samba.so
>>> diff --git a/lfs/samba b/lfs/samba
>>> index e9529a176..5101244b3 100644
>>> --- a/lfs/samba
>>> +++ b/lfs/samba
>>> @@ -24,7 +24,7 @@
>>>
>>> include Config
>>>
>>> -VER = 4.21.4
>>> +VER = 4.22.0
>>> SUMMARY = A SMB/CIFS File, Print, and Authentication Server
>>>
>>> THISAPP = samba-$(VER)
>>> @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
>>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>>> TARGET = $(DIR_INFO)/$(THISAPP)
>>> PROG = samba
>>> -PAK_VER = 111
>>> +PAK_VER = 112
>>>
>>> DEPS = avahi libtalloc perl-Parse-Yapp wsdd
>>>
>>> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>>>
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>
>>> -$(DL_FILE)_BLAKE2 = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb
>>> +$(DL_FILE)_BLAKE2 = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585
>>>
>>> install : $(TARGET)
>>>
>>> --
>>> 2.49.0
>>>
>>>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-03-21 12:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-21 10:24 [PATCH] samba: Update to version 4.22.0 Adolf Belka
2025-03-21 11:11 ` Michael Tremer
2025-03-21 12:27 ` Adolf Belka
2025-03-21 12:34 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox