| Summary: | Upgrade Samba version to 4.1.16 | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Alexey Ivanov <a.ivanov> |
| Component: | Packages from Main | Assignee: | ROSA Linux Bugs <bugs> |
| Status: | VERIFIED FIXED | QA Contact: | ROSA Linux Bugs <bugs> |
| Severity: | normal | ||
| Priority: | Normal | CC: | denis.silakov, v.potapov, zombie.ryushu |
| Version: | Fresh | Flags: | v.potapov:
qa_verified+
denis.silakov: secteam_verified+ denis.silakov: published+ |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Platform: | --- | ROSA Vulnerability identifier: | |
| RPM Package: | ISO-related: | ||
| Bad POT generating: | Upstream: | ||
|
Description
Alexey Ivanov
2015-02-16 17:02:40 MSK
Note that additional containers are used in these samba builds: (tdb) https://abf.io/build_lists/2424676 https://abf.io/build_lists/2424677 (talloc) https://abf.io/build_lists/2424685 https://abf.io/build_lists/2424686 (tevent) https://abf.io/build_lists/2424693 https://abf.io/build_lists/2424694 (ldb) https://abf.io/build_lists/2424703 https://abf.io/build_lists/2424704 It turned out that one more samba update is being prepared right now. Let's wait for it. There it is. This new version addresses three security issues: CVE-2014-8143 CVE-2014-3560 CVE-2015-0240 and a number of lesser bugs. Build lists: https://abf.io/build_lists/2442573 https://abf.io/build_lists/2442572 Advisory: Upgrade Samba version to 4.1.17 It uses all the same additional containers. There are no serious changes, just bug fixes. Additional tests failed the same way they did with previous build. I suspect test problem. It's for QA to decide if it is really so.
> Additional tests failed the same way they did with previous build. I suspect
> test problem. It's for QA to decide if it is really so.
Следующий пакет будет удалён для обновления остальных:
nss_wins-4.1.9-13-rosa2014.1.x86_64
(из-за отсутствия libgse.so(SAMBA_4.1.9)(64bit),
из-за отсутствия libreplace.so(SAMBA_4.1.9)(64bit)) (y/N)
So this is my bad. I beg your pardon. Working on it. Please, re-set QA query flag after the issue correction ****************** QA Denied Check new build please. Build lists: https://abf.io/build_lists/2470079 https://abf.io/build_lists/2470078 Advisory: Upgrade Samba version to 4.1.17 Additional containers used (note: talloc container has changed): (tdb) https://abf.io/build_lists/2424676 https://abf.io/build_lists/2424677 (talloc) https://abf.io/build_lists/2470054 https://abf.io/build_lists/2470055 (tevent) https://abf.io/build_lists/2424693 https://abf.io/build_lists/2424694 (ldb) https://abf.io/build_lists/2424703 https://abf.io/build_lists/2424704 I have addressed installation and upgrade issues that have been found with your help las time. There also were problems with dependency loops that took some time to fix. Now it seems to be OK. Automatic tests still throw the same errors though. Can't figure out why but it seems like they are not connected to previous error. The update route to expanded testing ************************************ samba-4.1.17-4 http://abf-downloads.rosalinux.ru/rosa2014.1/container/2470079/x86_64/main/release/ http://abf-downloads.rosalinux.ru/rosa2014.1/container/2470078/i586/main/release/ tdb-1.3.4-1 http://abf-downloads.rosalinux.ru/rosa2014.1/container/2424676/i586/main/release/ http://abf-downloads.rosalinux.ru/rosa2014.1/container/2424677/x86_64/main/release/ talloc-2.1.1-2 http://abf-downloads.rosalinux.ru/rosa2014.1/container/2470054/i586/main/release/ http://abf-downloads.rosalinux.ru/rosa2014.1/container/2470055/x86_64/main/release/ tevent-0.9.22-1 http://abf-downloads.rosalinux.ru/rosa2014.1/container/2424693/i586/main/release/ http://abf-downloads.rosalinux.ru/rosa2014.1/container/2424694/x86_64/main/release/ ************************ Advisory ******************** Upgrade Samba version to 4.1.17 This new version addresses two security issues: CVE-2014-8143 CVE-2014-3560 and a number of lesser bugs ****************************************************** QA Verified It looks as if this build has AD Support compiled in, due to my existing OpenLDAP/Heimdal Kerberos/Samba Domain for now, I cannot provision a new Domain to see what the results will be. Anyone with the resources to do so should attempt to Provision a new Domain and see if the results are positive. Criteria for success: A Fully functioning Samba 4 AD Should: 1. Provision an initial AD with samba-tool with rfc 2307 support and xattrs turned on. 2. the resulting AD should create an LDAP tree, a Kerberos KDC, and Samba server. 3. Create the Bind Flat Files for DNS SRV Detection of an AD with non-integrated look up zones. 4. kinit from either krb5-workstation should detect the Samba 4 AD as a valid Kerberos realm based on functioning DNS information and get a valid ticket. 5. LDAP search should return a Positive result when CN=Administrator at a bare minimum. 6. Samba should accept an NTLM Login from an instance of smbclient. 7. oLschema2ldif should be able to convert a Supplementary (not a core) LDAP Schema from OpenLDAP and survive a Restart of the service. (Schema extension can crash a service!) 8. Samba 4 must survive a Reboot. I'll check Samba against your testing scenario. AD functionality and improvements to Samba packages is my responsibility. And I think it is good idea to start another bug report so that QA team could close this one. Here it goes: bug 5187 |