Back to samba PTS page

Accepted samba 2:4.16.0+dfsg-1 (source) into experimental

Hash: SHA256

Format: 1.8
Date: Tue, 05 Apr 2022 16:01:25 +0300
Source: samba
Architecture: source
Version: 2:4.16.0+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Samba Maintainers <>
Changed-By: Michael Tokarev <>
Closes: 862338 878612 953530 975882 988197 998423 1004690 1004691 1004692 1005642 1006875
 samba (2:4.16.0+dfsg-1) experimental; urgency=medium
   * New upstream major release.
     Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
     Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
     Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
      the outside target of a symlink exists
     Closes: #1005642 (windows client data corruption due to cache poisoning)
     Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
     Closes: #998423 (coredump connecting from macos to shares with var substs)
   * Notable changes in 4.16 series compared to 4.13:
     - modular VFS (see The_New_VFS.txt)
     - publishing printers in AD is more complete
     - group policies for winbindd cilents (like linux systems)
     - certificate auto enrollement in AD group policy
     - large list of improvements in samba-tool
     - SMB1 protocol has been deprecated, some subcommands has been removed
     - more consistend options/subcommands in samba commands
   * d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
     debian-specific failures to go away, by preserving order of waf hashes
   * refresh patches, update build-depend versions (talloc, tdb, tevent)
   * refresh lintian-overrides files, add many new overrides
   * build-depend on python3-markdown
   * build-depend on libjson-perl for new heimdal bits
   * more consistent internal lib naming; refresh file lists everywhere
   * samba: install new rpc_* services, install samba-dcerpc
   * refresh symbols files
   * build libldb from samba sources, not from separate source
     (this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to
      /usr/lib/$triple/samba/ldb/ - the same where dsdb modules are).
   * optimizations for d/make_shlibs; also allow one to specify explicit
     version for some packages
   * as per clarifications for waf --{bundled,builtin}-libraries, remove
     now-wrong usage there. This also fixes build failures with current
     samba sources
   * d/rules: various optimizations to reduce startup costs by eliminating
     unnecessary external command calls during d/rules read by make.
     Including caching of LDB version information in d/ file.
     This does not affect the buildd processing much (and does not affect
     runtime at all), but helps with build procedure debugging.
   * d/rules: numerous small fixes, cleanups and other changes, including:
     - clean up the install target
     - remove some now-irrelevant parts
     - fix no-glusterfs-build on non-linux
   * change build procedure: instead of `waf build', run `waf install'.
     `waf build' builds samba to be run from the build dir, and `waf install'
     rebuilds/relinks everything again for production. Build the production
     variant only, no build-dir one.
   * samba-common-bin.postinst: explicitly mkdir /run/samba before invoking
     samba binaries (Closes: #953530)
   * in the salsa git repository of samba, stop keeping debian patches in
     applied form, keep them in d/patches/ only as most other packages do.
   * move single python (helper) module, libsamba-policy, together with
     2 internal libraries used by it, from samba-libs package to python3-samba.
     This makes samba-libs to be free from python-related files, and makes
     python3-samba to be the only python-providing package.
     Closes: #1006875, #878612, #862338
   * also move dckeytab python module from samba to python3-samba
     (actually stop moving it from python3-samba to samba to incorrectly
     avoid a circular dependency). Also verify that python3-samba does
     not depend on samba package.
   * weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
     testparm message (Closes: #975882)
   * spelling.patch: fix many common spelling mistakes in the source
   * ctdb: simplify/cleanup instllation of READMEs/examples
   * d/control: remove breaks/replaces/depends on ancient versions of some
     packages (ancient dpkg version in Pre-Depends, ancient samba-libs)
   * d/rules: rework wrong shlibdeps handling
   * move helper programs from /usr/lib/$multiarch/ to /usr/libexec/
     where they belongs. This should not affect users.
   * smbclient: re-do the fix for an old bug, #221618. The original "fix"
     did not fix anything (it is too late already to #define _FILE_OFFSET_BITS
     when all types has already been defined).  From now on, raise an error
     if off_t is less than 64bits (it should >=64 when #include'ing
     <libsmbclient.h> with proper LFS defines).  In theory this can break
     some sources which either included libsmbclient.h without a reason or
     which didn't use any of the functions which deals with off_t (smbc_lseek
     etc), - which did not explicitly enable LFS on a 32bit system.
     Please email us if you faced such situation.
   * drop 07_private_lib patch: we do not need to force rpath for
     private libraries into every samba binary, upstream build system
     does a good job here.
 ac4dcf7872c3fd7367b88b8e3065a93f1b26d2c8 4265 samba_4.16.0+dfsg-1.dsc
 41afac83620ded6de15b3fe74f7505f0a0cc5148 18124712 samba_4.16.0+dfsg.orig.tar.xz
 81d9b4f61332ec1a04a578cd9b98ea8fb8770967 259416 samba_4.16.0+dfsg-1.debian.tar.xz
 176ab81041f9d7e7a31bba072d87eb5395273f01 8757 samba_4.16.0+dfsg-1_source.buildinfo
 14d65b1408a4c0b3c2a6eb128f741b741b08291431cc6f17cb6ae19a7ec010f8 4265 samba_4.16.0+dfsg-1.dsc
 440096f6743ab83a838a0a736c74f3505b9a5e0a416d01c616e47c260ed8058d 18124712 samba_4.16.0+dfsg.orig.tar.xz
 16715dee5a9ac1dbd21f885894c82f4d67b2ffb1fc318165d957231aa1d0f075 259416 samba_4.16.0+dfsg-1.debian.tar.xz
 8d1b3100872eeee8342557bb51a196f053e39858ea1ba1475d93c489423ab82c 8757 samba_4.16.0+dfsg-1_source.buildinfo
 17cdb99e5329eea8c1ee694614d8f25d 4265 net optional samba_4.16.0+dfsg-1.dsc
 fd69b391b0ba348d61c243dab194efbc 18124712 net optional samba_4.16.0+dfsg.orig.tar.xz
 2aedfb68b3005f957ad30f29cd1722cc 259416 net optional samba_4.16.0+dfsg-1.debian.tar.xz
 355fc7b692fea393d738ce05b6a391ca 8757 net optional samba_4.16.0+dfsg-1_source.buildinfo