Bug 5059 - Upgrade Samba version to 4.1.16
: Upgrade Samba version to 4.1.16
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-16 17:02 MSK by Alexey Ivanov
Modified: 2015-03-17 08:53 MSK (History)
3 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
denis.silakov: secteam_verified+
denis.silakov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Ivanov 2015-02-16 17:02:40 MSK
Description of problem:

This new version addresses two security issues:
CVE-2014-8143
CVE-2014-3560
and a number of lesser bugs.

Version-Release number of selected component (if applicable):
4.1.16

Build lists:
https://abf.io/build_lists/2425475
https://abf.io/build_lists/2425476

Advisory:
Upgrade Samba version to 2.1.16

This upgrade does not bring any new functionality. Just bug fixes.

Note: build lists mention post-build tests as failed. I have asked Denis for advice on this problem. He says it seems more like test problem than package issue. So the package should be OK.
Comment 2 Denis Silakov 2015-02-27 16:49:03 MSK
It turned out that one more samba update is being prepared right now. Let's wait for it.
Comment 3 Alexey Ivanov 2015-02-27 19:20:29 MSK
There it is.

This new version addresses three security issues:
CVE-2014-8143
CVE-2014-3560
CVE-2015-0240
and a number of lesser bugs.

Build lists:
https://abf.io/build_lists/2442573
https://abf.io/build_lists/2442572

Advisory:
Upgrade Samba version to 4.1.17

It uses all the same additional containers.
There are no serious changes, just bug fixes.
Additional tests failed the same way they did with previous build. I suspect test problem. It's for QA to decide if it is really so.
Comment 4 Vladimir Potapov 2015-03-03 11:35:57 MSK
> Additional tests failed the same way they did with previous build. I suspect
> test problem. It's for QA to decide if it is really so.
Следующий пакет будет удалён для обновления остальных:
nss_wins-4.1.9-13-rosa2014.1.x86_64
 (из-за отсутствия libgse.so(SAMBA_4.1.9)(64bit),
  из-за отсутствия libreplace.so(SAMBA_4.1.9)(64bit)) (y/N)
Comment 5 Alexey Ivanov 2015-03-03 12:33:04 MSK
So this is my bad. I beg your pardon.
Working on it.
Comment 6 Vladimir Potapov 2015-03-04 11:37:14 MSK
Please, re-set QA query flag after the issue correction
******************
QA Denied
Comment 7 Alexey Ivanov 2015-03-12 16:22:07 MSK
Check new build please.

Build lists:
https://abf.io/build_lists/2470079
https://abf.io/build_lists/2470078

Advisory:
Upgrade Samba version to 4.1.17

Additional containers used (note: talloc container has changed):

(tdb)
https://abf.io/build_lists/2424676
https://abf.io/build_lists/2424677

(talloc)
https://abf.io/build_lists/2470054
https://abf.io/build_lists/2470055

(tevent)
https://abf.io/build_lists/2424693
https://abf.io/build_lists/2424694

(ldb)
https://abf.io/build_lists/2424703
https://abf.io/build_lists/2424704

I have addressed installation and upgrade issues that have been found with your help las time. There also were problems with dependency loops that took some time to fix.
Now it seems to be OK.
Automatic tests still throw the same errors though. Can't figure out why but it seems like they are not connected to previous error.
Comment 8 Vladimir Potapov 2015-03-12 20:24:23 MSK
The update route to expanded testing
************************************
Comment 10 Zombie Ryushu 2015-03-17 00:54:02 MSK
It looks as if this build has AD Support compiled in, due to my existing OpenLDAP/Heimdal Kerberos/Samba Domain for now, I cannot provision a new Domain to see what the results will be. Anyone with the resources to do so should attempt to Provision a new Domain and see if the results are positive. Criteria for success:

A Fully functioning Samba 4 AD Should:

1. Provision an initial AD with samba-tool with rfc 2307 support and xattrs turned on.
2. the resulting AD should create an LDAP tree, a Kerberos KDC, and Samba server.
3. Create the Bind Flat Files for DNS SRV Detection of an AD with non-integrated look up zones.

4. kinit from either krb5-workstation should detect the Samba 4 AD as a valid Kerberos realm based on functioning DNS information and get a valid ticket.
5. LDAP search should return a Positive result when CN=Administrator at a bare minimum.
6. Samba should accept an NTLM Login from an instance of smbclient.
7. oLschema2ldif should be able to convert a Supplementary (not a core) LDAP Schema from OpenLDAP and survive a Restart of the service. (Schema extension can crash a service!)
8. Samba 4 must survive a Reboot.
Comment 11 Alexey Ivanov 2015-03-17 08:50:21 MSK
I'll check Samba against your testing scenario. AD functionality and improvements to Samba packages is my responsibility.
And I think it is good idea to start another bug report so that QA team could close this one.
Comment 12 Alexey Ivanov 2015-03-17 08:53:58 MSK
Here it goes: bug 5187