1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108904: samba: Windows security hardening locks out schannel'ed ne

    From Salvatore Bonaccorso@21:1/5 to All on Mon Jul 7 15:50:01 2025
    Source: samba
    Version: 2:4.22.2+dfsg-1
    Severity: serious
    Tags: upstream
    Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=15876 https://gitlab.com/samba-team/samba/-/merge_requests/4086
    X-Debbugs-Cc: [email protected]

    Hi Michael,

    Yesterday the following heads up was posted to the Samba announce
    list:
    https://lists.samba.org/archive/samba-announce/2025/000693.html https://bugzilla.samba.org/show_bug.cgi?id=15876 https://gitlab.com/samba-team/samba/-/merge_requests/4086

    To be on the safe side I make this RC level, since my understanding is
    that samba servers acting s AD members in such environments will stop
    working properly if tomorrows Windows updates are deployed, is this
    correct?

    The upstream bug contains references to the two upstream changes.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Salvatore Bonaccorso on Mon Jul 7 16:20:01 2025
    Hi Michael,

    On Mon, Jul 07, 2025 at 03:38:31PM +0200, Salvatore Bonaccorso wrote:
    Source: samba
    Version: 2:4.22.2+dfsg-1
    Severity: serious
    Tags: upstream
    Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=15876 https://gitlab.com/samba-team/samba/-/merge_requests/4086
    X-Debbugs-Cc: [email protected]

    Hi Michael,

    Yesterday the following heads up was posted to the Samba announce
    list:
    https://lists.samba.org/archive/samba-announce/2025/000693.html https://bugzilla.samba.org/show_bug.cgi?id=15876 https://gitlab.com/samba-team/samba/-/merge_requests/4086

    To be on the safe side I make this RC level, since my understanding is
    that samba servers acting s AD members in such environments will stop
    working properly if tomorrows Windows updates are deployed, is this
    correct?

    The upstream bug contains references to the two upstream changes.

    Proposed MRs (but untested so far!)

    https://salsa.debian.org/samba-team/samba/-/merge_requests/67 (unstable,trixie) https://salsa.debian.org/samba-team/samba/-/merge_requests/68 (bookworm)

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Jul 7 23:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Mon, 07 Jul 2025 21:30:28 +0000
    with message-id <[email protected]>
    and subject line Bug#1108904: fixed in samba 2:4.22.3+dfsg-1
    has caused the Debian Bug report #1108904,
    regarding samba: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1108904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108904
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 7 Jul 2025 13:38:37 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.0 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 123; neutral, 39; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*M:valinor, 0.000-+--merge_requests Return-path: <[email protected]>
    Received: from elende.valinor.li ([2a01:4f9:6a:1c47::2]:57310)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-from <[email protected]>)
    id 1uYm3H-002VUv-30
    for [email protected]
  • From Debian Bug Tracking System@21:1/5 to All on Sat Jul 12 00:50:01 2025
    This is a multi-part message in MIME format...

    Your message dated Fri, 11 Jul 2025 22:47:09 +0000
    with message-id <[email protected]>
    and subject line Bug#1108904: fixed in samba 2:4.17.12+dfsg-0+deb12u2
    has caused the Debian Bug report #1108904,
    regarding samba: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1108904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108904
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 7 Jul 2025 13:38:37 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.0 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 123; neutral, 39; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*M:valinor, 0.000-+--merge_requests Return-path: <[email protected]>
    Received: from elende.valinor.li ([2a01:4f9:6a:1c47::2]:57310)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-from <[email protected]>)
    id 1uYm3H-002VUv-30
    for [email protected]