From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZK27G4npDz332J for ; Fri, 21 Mar 2025 12:38:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZK27C01jNz332H for ; Fri, 21 Mar 2025 12:38:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZK27B2Sryz5jx; Fri, 21 Mar 2025 12:38:46 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742560726; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nn73Bq2cyqo5Khd/wwwAJ2nl9wOmiikPXsGM5eATUls=; b=iWWTuqeZ3puy/QJ3a8JEEuwyE5L9qRWxzaoJYvzqKgf20AUSQcQ9/KSyrpfuYLfVh4givC geqCcPfdY+ZESkDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742560726; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nn73Bq2cyqo5Khd/wwwAJ2nl9wOmiikPXsGM5eATUls=; b=p/yBDRLZJ8dwik9d5/7aoF+GIoEj0lA7qlXFj+zlGIXhqyKGeaOCV6UbtPhND2d/rpPlCA 8+zhFUTCfKBsbwVY36Ls3/doKOnWLvqoiLum1Iks8YIVB5tW6+3R+fuuC/FE2ERbogyqVi J6DzGUQ2E7EuwzQIE7lrvmLESRmUC16FA1LRkdvk5wxoIZNCjNEQzD0g5tegcqFbQ1/oHS xu+FTplWvUVzI8jjMpBPQLDhSRsDUTJy7rwK9ri3GtwpfMqCbGn4CQnpIJfM2x8Amuv3e9 1q4C1pZFkSTV/tYLT8K8q3PUwLLsVUvWgnInG/9I7BfCjRtzLTT+UcfDD5e/Tg== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: [PATCH] samba: Update to version 4.22.0 From: Michael Tremer In-Reply-To: Date: Fri, 21 Mar 2025 12:34:49 +0000 Cc: development@lists.ipfire.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20250321102456.5735-1-adolf.belka@ipfire.org> <709AAFF3-3FB6-42BD-BDE3-E736DB255F5A@ipfire.org> To: Adolf Belka Not a problem at all. It was a quick fix. > On 21 Mar 2025, at 12:27, Adolf Belka wrote: >=20 >=20 >=20 > On 21/03/2025 12:11, Michael Tremer wrote: >> Thank you. >> There have been some issues with the riscv64 root file which I fixed = here: >=20 > Sorry about that. Thanks for fixing it. I know what I did wrong. I = copied the samba-4.22.0 file from the log directory on the riscv64 = builder but I then forgot to go into it and edit it to deal with the + = lines etc before I added it to my samba commit. >=20 > I did it correctly for the aarch64 rootfile but missed out checking = anything on the riscv64 one and then obviously did not read through the = contents of the commit message well enough. >=20 > Hopefully I won't repeat it too often. >=20 > Regards, > Adolf.> >> = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D2c6dbe05755d= 81aa0a56969df825915c9df8c739 >> -Michael >>> On 21 Mar 2025, at 10:24, Adolf Belka = wrote: >>>=20 >>> - Update from version 4.21.4 >>> - Update of rootfile for all three architectures >>> - Changelog >>> 4.22.0 >>> NEW FEATURES/CHANGES >>> SMB3 Directory Leases >>> Starting with Samba 4.22 SMB3 Directory Leases are supported. The = new >>> global option "smb3 directory leases" controls whether the feature = is >>> enabled or not. By default, SMB3 Directory Leases are enabled on >>> non-clustered Samba and disabled on clustered Samba, based on the >>> "clustering" option. See man smb.conf for more details. >>> SMB3 Directory Leases allow clients to cache directory listings and, >>> depending on the workload, result in a decent reduction in SMB >>> requests from clients. >>> Netlogon Ping over LDAP and LDAPS >>> Samba must query domain controller information via simple queries on >>> the AD rootdse's netlogon attribute. Typically this is done via >>> connectionless LDAP, using UDP on port 389. The same information is >>> also available via classic LDAP rootdse queries over TCP. Samba can >>> now be configured to use TCP via the new "client netlogon ping >>> protocol" parameter to enable running in environments where = firewalls >>> completely block port 389 or UDP traffic to domain controllers. >>> Experimental Himmelblaud Authentication in Samba >>> Samba now includes experimental support for Azure Entra ID >>> authentication via `himmelblaud`, located in the `rust/` directory. >>> This implementation provides basic authentication and is configured >>> through `smb.conf`, utilizing options such as `realm`, >>> `winbindd_socket_directory`, and `template_homedir`. New global >>> parameters include `himmelblaud_sfa_fallback`, >>> `himmelblaud_hello_enabled`, and `himmelblaud_hsm_pin_path`. >>> To enable, configure Samba with `--enable-rust --with-himmelblau`. >>> AD DC schema upgrade and provision performance improvements >>> By increasing the LDB index cache size for certain offline = operations >>> that are likely to require large transactions, these are now several >>> times faster. >>> REMOVED FEATURES >>> The "nmbd proxy logon" feature was removed. This was used before >>> Samba4 acquired a NBT server. >>> The parameter "cldap port" has been removed. CLDAP runs over UDP = port >>> 389, we don't see a reason why this should ever be changed to a >>> different port. Moreover, we had several places in the code where >>> Samba did not respect this parameter, so the behaviour was at least >>> inconsistent. >>> fruit:posix_rename >>> This option of the vfs_fruit VFS module that could be used to = enable >>> POSIX directory rename behaviour for OS X clients has been removed >>> as it could result in severe problems for Windows clients. >>> As a possible workaround it is possible to prevent creation of >>> .DS_Store files (a Finder thingy to store directory view settings) >>> on network mounts by running >>> $ defaults write com.apple.desktopservices DSDontWriteNetworkStores = true >>> on the Mac. >>> smb.conf changes >>> Parameter Name Description Default >>> -------------- ----------- ------- >>> smb3 directory leases New Auto >>> vfs mkdir use tmp name New Auto >>> client netlogon ping protocol New cldap >>> himmelblaud hello enabled New no >>> himmelblaud hsm pin path New default hsm = pin path >>> himmelblaud sfa fallback New no >>> client use krb5 netlogon Experimental no >>> reject aes netlogon servers Experimental no >>> server reject aes schannel Experimental no >>> server support krb5 netlogon Experimental no >>> fruit:posix_rename Removed >>> cldap port Removed >>> CHANGES SINCE 4.22.0rc4 >>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on = OpenBSD. >>> * BUG 15797: Unable to connect to CephFS subvolume shares with >>> vfs_shadow_copy2. >>> * BUG 15801: `NT_STATUS_ACCESS_DENIED making remote directory` on = OpenBSD. >>> * BUG 15820: Incorrect FSF address in ctdb pcp scripts. >>> * BUG 15804: "samba-tool domain backup offline" hangs. >>> CHANGES SINCE 4.22.0rc3 >>> * BUG 15815: client use krb5 netlogon is experimental and should = not be used >>> in production. >>> CHANGES SINCE 4.22.0rc2 >>> * BUG 15738: Creation of GPOs applicable to more than one group is = impossible >>> with Samba 4.20.0 and later. >>> * BUG 15806: samba-tool acl commands broken for relative path = names >>> * BUG 15807: pysmbd seg faults when file is not found. >>> * BUG 15796: Spotlight search results don't show file size and = creation date. >>> * BUG 15759: net ads create/join/winbind producing unix = dysfunctional >>> keytabs. >>> * BUG 15806: samba-tool acl commands broken for relative path = names. >>> * BUG 15807: pysmbd seg faults when file is not found. >>> * BUG 15680: Trust domains are not created. >>> * BUG 15680: Trust domains are not created. >>> * BUG 15703: General improvements for vfs_ceph_new module. >>> CHANGES SINCE 4.22.0rc1 >>> * BUG 15798: libnet4: seg fault after dc lookup failure >>>=20 >>> Signed-off-by: Adolf Belka >>> --- >>> config/rootfiles/packages/aarch64/samba | 7 +++++-- >>> config/rootfiles/packages/riscv64/samba | 15 ++++++++++----- >>> config/rootfiles/packages/x86_64/samba | 7 +++++-- >>> lfs/samba | 6 +++--- >>> 4 files changed, 23 insertions(+), 12 deletions(-) >>>=20 >>> diff --git a/config/rootfiles/packages/aarch64/samba = b/config/rootfiles/packages/aarch64/samba >>> index 7d261bc58..045459b57 100644 >>> --- a/config/rootfiles/packages/aarch64/samba >>> +++ b/config/rootfiles/packages/aarch64/samba >>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so >>> usr/lib/libndr-standard.so.0 >>> usr/lib/libndr-standard.so.0.0.1 >>> usr/lib/libndr.so >>> -usr/lib/libndr.so.5 >>> -usr/lib/libndr.so.5.0.0 >>> +usr/lib/libndr.so.6 >>> +usr/lib/libndr.so.6.0.0 >>> usr/lib/libnetapi.so >>> usr/lib/libnetapi.so.1 >>> usr/lib/libnetapi.so.1.0.0 >>> @@ -626,6 +626,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py >>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py >>> @@ -695,6 +696,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py >>> #usr/lib/python3.10/site-packages/samba/tests/registry.py >>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py >>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py >>> @@ -931,6 +933,7 @@ = usr/lib/samba/libsmbpasswdparser-private-samba.so >>> usr/lib/samba/libsocket-blocking-private-samba.so >>> usr/lib/samba/libstable-sort-private-samba.so >>> usr/lib/samba/libsys-rw-private-samba.so >>> +usr/lib/samba/libtalloc-private-samba.so >>> usr/lib/samba/libtalloc-report-printf-private-samba.so >>> usr/lib/samba/libtalloc-report-private-samba.so >>> usr/lib/samba/libtdb-private-samba.so >>> diff --git a/config/rootfiles/packages/riscv64/samba = b/config/rootfiles/packages/riscv64/samba >>> index bf7d3f069..563cef020 100644 >>> --- a/config/rootfiles/packages/riscv64/samba >>> +++ b/config/rootfiles/packages/riscv64/samba >>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so >>> usr/lib/libndr-standard.so.0 >>> usr/lib/libndr-standard.so.0.0.1 >>> usr/lib/libndr.so >>> -usr/lib/libndr.so.5 >>> -usr/lib/libndr.so.5.0.0 >>> ++usr/lib/libndr.so.6 >>> ++usr/lib/libndr.so.6.0.0 >>> usr/lib/libnetapi.so >>> usr/lib/libnetapi.so.1 >>> usr/lib/libnetapi.so.1.0.0 >>> @@ -626,6 +626,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py >>> ++usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py >>> @@ -695,6 +696,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py >>> #usr/lib/python3.10/site-packages/samba/tests/registry.py >>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py >>> ++usr/lib/python3.10/site-packages/samba/tests/rust.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py >>> @@ -931,6 +933,7 @@ = usr/lib/samba/libsmbpasswdparser-private-samba.so >>> usr/lib/samba/libsocket-blocking-private-samba.so >>> usr/lib/samba/libstable-sort-private-samba.so >>> usr/lib/samba/libsys-rw-private-samba.so >>> ++usr/lib/samba/libtalloc-private-samba.so >>> usr/lib/samba/libtalloc-report-printf-private-samba.so >>> usr/lib/samba/libtalloc-report-private-samba.so >>> usr/lib/samba/libtdb-private-samba.so >>> @@ -1025,6 +1028,8 @@ var/lib/samba/private >>> var/lib/samba/winbindd_privileged >>> var/log/samba >>> var/spool/samba >>> -srv/web/ipfire/cgi-bin/samba.cgi >>> -var/ipfire/menu.d/EX-samba.menu >>> -usr/local/bin/sambactrl >>> +-usr/lib/libndr.so.5 >>> +-usr/lib/libndr.so.5.0.0 >>> +-srv/web/ipfire/cgi-bin/samba.cgi >>> +-var/ipfire/menu.d/EX-samba.menu >>> +-usr/local/bin/sambactrl >>> diff --git a/config/rootfiles/packages/x86_64/samba = b/config/rootfiles/packages/x86_64/samba >>> index 988370a16..c545835eb 100644 >>> --- a/config/rootfiles/packages/x86_64/samba >>> +++ b/config/rootfiles/packages/x86_64/samba >>> @@ -144,8 +144,8 @@ usr/lib/libndr-standard.so >>> usr/lib/libndr-standard.so.0 >>> usr/lib/libndr-standard.so.0.0.1 >>> usr/lib/libndr.so >>> -usr/lib/libndr.so.5 >>> -usr/lib/libndr.so.5.0.0 >>> +usr/lib/libndr.so.6 >>> +usr/lib/libndr.so.6.0.0 >>> usr/lib/libnetapi.so >>> usr/lib/libnetapi.so.1 >>> usr/lib/libnetapi.so.1.0.0 >>> @@ -626,6 +626,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principa= l_lookup_tests.py >>> +#usr/lib/python3.10/site-packages/samba/tests/krb5/netlogon.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py >>> = #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py >>> #usr/lib/python3.10/site-packages/samba/tests/krb5/pkinit_tests.py >>> @@ -695,6 +696,7 @@ = usr/lib/python3.10/site-packages/samba/tdb_util.py >>> #usr/lib/python3.10/site-packages/samba/tests/py_credentials.py >>> #usr/lib/python3.10/site-packages/samba/tests/registry.py >>> #usr/lib/python3.10/site-packages/samba/tests/reparsepoints.py >>> +#usr/lib/python3.10/site-packages/samba/tests/rust.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3_net_join.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3idmapdb.py >>> #usr/lib/python3.10/site-packages/samba/tests/s3param.py >>> @@ -931,6 +933,7 @@ = usr/lib/samba/libsmbpasswdparser-private-samba.so >>> usr/lib/samba/libsocket-blocking-private-samba.so >>> usr/lib/samba/libstable-sort-private-samba.so >>> usr/lib/samba/libsys-rw-private-samba.so >>> +usr/lib/samba/libtalloc-private-samba.so >>> usr/lib/samba/libtalloc-report-printf-private-samba.so >>> usr/lib/samba/libtalloc-report-private-samba.so >>> usr/lib/samba/libtdb-private-samba.so >>> diff --git a/lfs/samba b/lfs/samba >>> index e9529a176..5101244b3 100644 >>> --- a/lfs/samba >>> +++ b/lfs/samba >>> @@ -24,7 +24,7 @@ >>>=20 >>> include Config >>>=20 >>> -VER =3D 4.21.4 >>> +VER =3D 4.22.0 >>> SUMMARY =3D A SMB/CIFS File, Print, and Authentication Server >>>=20 >>> THISAPP =3D samba-$(VER) >>> @@ -33,7 +33,7 @@ DL_FROM =3D $(URL_IPFIRE) >>> DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>> TARGET =3D $(DIR_INFO)/$(THISAPP) >>> PROG =3D samba >>> -PAK_VER =3D 111 >>> +PAK_VER =3D 112 >>>=20 >>> DEPS =3D avahi libtalloc perl-Parse-Yapp wsdd >>>=20 >>> @@ -47,7 +47,7 @@ objects =3D $(DL_FILE) >>>=20 >>> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>>=20 >>> -$(DL_FILE)_BLAKE2 =3D = 37c3b924799369dfe7a9ac208d3e470d4c41c45eb725f973e6948c3581523abe5fe768ea0a= 82e38c5a1cf5ad238896ddfd1783a1adebc9fa6d42fbb6769e9bdb >>> +$(DL_FILE)_BLAKE2 =3D = 27997ad025cbdc246c906bb05bf1c67749decc8e760c68cd4837b5121295613824b11f0eea= 91de6e7cb551ccc5193d189d5742dc7096305565ca8794baa7b585 >>>=20 >>> install : $(TARGET) >>>=20 >>> --=20 >>> 2.49.0 >>>=20 >>>=20 >=20 >=20