Univention Bugzilla – Bug 51121
samba: Multiple issues (4.4)
Last modified: 2020-05-04 11:27:07 CEST
Security update scheduled by upsteam for: Tuesday, April 28th 2020
Part of the upstream patches affect lib/ldb wich in Debian and UCS are provided by a separate dedicated source package. I've updated our ldb source package with the currently latest public version of the upstream tar ball and built the package with all of our svn patches: svn r18808 | Add 04_symbols.patch for new upstream version svn r18809 | fix typo in 04_symbols.patch svn r18810 | add another new symbol to 04_symbols.patch Successful build Package: ldb Version: 2:1.5.6-1A~4.4.0.202004211422 Branch: ucs_4.4-0 Scope: errata4.4-4 That was not good enough for Samba to find the new lib version (1.5.7), so I updated the source package once again to include the new security patches: svn r18822 | add another new symbol to 04_symbols.patch Successful build Package: ldb Version: 2:1.5.7-1A~4.4.0.202004211800 Branch: ucs_4.4-0 Scope: errata4.4-4 Then I cherry-picked samba from errata4.4-3 to errata4.4-4 and had to experiment a but with the upstream patches (in parallel to the ldb source package work): r18806 | New upstream patches r18811 | Update lib/ldb to 1.5.6 for new upstream patch r18812 | Revert to upstream ldb 1.5.6 based patch r18813 | try Debian Samba team WAF_NO_PARALLEL patch r18814 | Fix patch r18815 | Adjust patch context to 4.10.1 r18816 | Move commit to other quilt file r18817 | Move commit to other quilt file r18818 | Temporarily remove binary patch parts (test data) r18819 | Adjust patch context to 4.10.1 r18820 | Remove WAF_NO_PARALLEL patch, doesn't help Finally the samba Package has built successfully: Package: samba Version: 2:4.10.1-1A~4.4.0.202004212102 Branch: ucs_4.4-0 Scope: errata4.4-4 After that I cherry-picked univention-ldb-modules from errata4.4-0 to errata4.4-4. Package: univention-ldb-modules Version: 7.0.0-4A~4.4.0.202004212249 Branch: ucs_4.4-0 Scope: errata4.4-4
All S4 Test machines failed to run ucs-test tonight, there seems to be a Samba4 database problem: [master091] 2020-04-22T00:07:42.686586 ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: No such file or directory e.g. here: https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-4/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/38/artifact/test/autotest-091-master-s4.log
Ok, test failure seem to have been a result of the updated univention-ldb-modules not yet included in that test run 7202fcd1f2 | Preliminary Advisories 3cb5d4d08f | Preliminary advisory Ready for functional QA, please reopen to finalize Advisroy with CVE details.
1ef31c8323 | Advisory
OK: new Patches, applied OK: Jenkins tests OK: advisories for samba, ldb, univention-ldb-modules (i fixed the line length) Verified
<http://errata.software-univention.de/ucs/4.4/549.html> <http://errata.software-univention.de/ucs/4.4/550.html> <http://errata.software-univention.de/ucs/4.4/551.html>