Debian Patches

Status for samba/2:4.21.2+dfsg-3~bpo12+1

Patch Description Author Forwarded Bugs Origin Last update
hurd-compat.patch hurd compatibility changes
Hurd does not define PIPE_BUF, so lib/tevent/testsuite.c fails to compile
(yes, this file is used as part of *samba* testsuite, not tevent testsuite).
Define it to a safe minimal value like 512 bytes.

Hurd does not provide SA_NOCLDWAIT define, so lib/util/tests/tfork.c does
not compile. This is only needed during testing to omit zombie process
generation, which has only cosmetic effect. Define it to be 0.

Based on prior work and ideas by Samuel Thibault.

diff --git a/lib/tevent/testsuite.c b/lib/tevent/testsuite.c
index 492b8807996..0bbfc2ed280 100644
Michael Tokarev <mjt@tls.msk.ru> no 2022-11-03
README_nosmbldap-tools.patch Mention smbldap-tools package in examples/LDAP/README Christian Perrier <bubulle@debian.org> not-needed debian
smbclient-pager.patch Use the pager alternative as pager is PAGER is undefined Steve Langasek <vorlon@debian.org> not-needed debian
usershare.patch Enable net usershares by default at build time
Enable net usershares by default at build time, with a limit of 100, and update
the corresponding documentation.
Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debian.org> not-needed debian
heimdal-rfc3454.txt Patch in symbol table from rfc3454, for Heimdal scripts Brian May <bam@debian.org> not-needed
add-so-version-to-private-libraries Add so version number to private libraries for dpkg-shlibdeps
We also want dpkg-shlibdeps to generate correct dependency information
for the private libraries in our binary packages, but dpkg-shlibdeps
only works when the library has a version number.
Jeroen Dekkers <jeroen@dekkers.ch> not-needed vendor
ldb-no-replace.diff drop "replace" dependency from libldb
When building as a sub-library within samba, where
libreplace is a private library, libldb.so will
have rpath pointing to the private samba dir. Since
ldb actually does not use anything from libreplace,
just remove the dependency.

diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index ab33f7784a6..41675c7ebe9 100644
Michael Tokarev <mjt@tls.msk.ru> not-needed 2024-11-27
libsmbclient-ensure-lfs-221618.patch ensure libsmbclient.h is being used with LFS enabled
We build samba with LFS (Large File Support) even on 32bits.
This means some types like off_t are 64-bit wide, again,
even on a 32bit host. libsmbclient.h uses off_t in function
prototypes, and thes prototypes muct match those which were
used at samba compile time - if some other source includes
libsmbclient.h without LFS, it'll get wrong prototypes and
the resulting binary will most likely crash when using
libsmbclient functions.

Detect and error-out this at compile time.

We can not do anything with this in the public header since
it is alredy too late to redefine things, since we can't
guarantee we're the first header a program #includes, and
at the time this libsmbclient.h is included, off_t can
already be defined so our (re)define of _FILE_OFFSET_BITS
does nothing already.

Patching libsmbclient.h to use off64_t means client program
should change their off_t to off64_t too when storing
file offsets returning from libsmbclient, so this is not
an option too.

With this change, we will error out even if the user source
does not use any off_t-related functions. Namely, it was ok
to #include <libsmbclient.h> and use smbc_open/smbc_read/
smbc_write/smbc_close without _F_O_B=64, - neither of these
functions uses off_t. smbc_lseek and others doesn't work,
but if a program does not use them anyway, whole thing will
just work even without enabling LFS. Ideally we can probably
check each individual function which is being affected, by
replacing it with #error if sizeof(off_t) < 8. But this
requires quite some hackery...

diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 84c98089251..1a6ea599cfa 100644
Michael Tokarev <mjt@tls.msk.ru> not-needed debian 2022-04-02
fix-nfs-service-name-to-nfs-kernel-server.patch fix nfs related service names
Upstream defines nfs related service names based on the Linux
distribution. This patch fixes the names for Debian and derivatives.

Update by Andreas Hasenack <andreas@canonical.com> (LP: #1961840):
Use nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*


diff --git a/ctdb/config/events/legacy/60.nfs.script b/ctdb/config/events/legacy/60.nfs.script
index 246a856bca8..e9bf697a43a 100755
Rafael David Tinoco <rafaeldtinoco@gmail.com> no debian 2024-07-30
ctdb-config-enable-syslog-by-default.patch ctdb-config: enable syslog by default
CTDB uses /var/log/ctdb/ directory for the default log files. With
syslog disabled, systemd journal is not able to correctly inform
errors happening during service initialization.

Upstream community creates generic config files to be used by different
distributions, so this change makes no big difference to be accepted by
upstream.

With this patch the end user will be able to identify initialization
errors by executing:

systemctl status ctdb.service

or to follow ctdb logs by executing:

journalctl -f -u ctdb
Rafael David Tinoco <rafaeldtinoco@ubuntu.com> not-needed debian 2022-03-24
use-bzero-instead-of-memset_s.diff use bzero() instead of memset_s()
lib/replace/replace.h header defines ZERO_STRUCT macro
which uses memset_s() function (which is similar to
memset() but can not be optimized out by the compiler).
Glibc has bzero() with similar property, while memset_s()
have is implemented in lib/replace/replace.c, - this way,
some binaries needlessly link with libreplace-samba4 just
to get rep_memset_s() symbol. By using bzero() instead,
this endless linkage is eliminated, so we can package,
for example, libldb (which uses ZERO_STRUCT) without it
linking to libreplace-samba4.

out by the compiler - this is the original goal of using
memset_s().

diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 8609d84322c..28db8d425a3 100644
no
ctdb_etcd_lock-path.patch fix pathname for ctdb_etcd_lock
Specify the actual installation path for this helper script.

This is a quick hack, this issue should be addressed
upstream in a more generic way.

diff --git a/ctdb/doc/ctdb-etcd.7.xml b/ctdb/doc/ctdb-etcd.7.xml
index f84989f854f..fcb3d0c3b5f 100644
Michael Tokarev <mjt@tls.msk.ru> not-needed 2022-04-02
ctdb-create-piddir.patch create ctdb pid directory
(which is /run/ctdb/). Create it in the systemd service
file (using RuntimeDirectory directive) and in the sysv-init
script.

diff --git a/ctdb/config/ctdb.init b/ctdb/config/ctdb.init
index 7fe8f0085ae..57fd0dda63d 100755
Michael Tokarev <mjt@tls.msk.ru> no 2022-09-09
silence-waf-uselib_local.diff silence uselib_local warning produced by waf
During config/build process in verbose mode, waf produces
about 2k repetitions of this warning:

compat: "uselib_local" is deprecated, replace by "use"

which clutters the build log.

Comment this warning out for now until it will be
fixed properly.

diff --git a/buildtools/wafsamba/samba_waf18.py b/buildtools/wafsamba/samba_waf18.py
index e2a078bd3a0..dfd53a012d1 100644
Michael Tokarev <mjt@tls.msk.ru> no 2022-04-03
disable-setuid-confchecks.patch disable setuid configure checks
For some strange reason, when running reprotest test on salsa-ci,
which apparently is running as root, - on the *second* build only
the configure fails (after successfully built package the first
time). The configure test tries to change gid and verifies it
actually changed (not that the syscall exist), - and that fails.
Since it is extremely uncommon to configure the build process as
root, salsa-ci test environment details are quite deep down the line,
and we know the syscall actually works, just disable the probe,
pretending we are not root.

For upstream, this probably should be done by removing a *lot* of
configure-time checks which are useless these days.

diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 30a29f535b1..451ad396965 100644
Michael Tokarev <mjt@tls.msk.ru> not-needed 2022-04-08
move-msg.sock-from-var-lib-samba-to-run-samba.patch move msg.sock from /var/lib/samba to /run/samba
Move socket directory from /var/lib/samba to /run/samba,
exactly like msg.lock. This directory is only used by various
samba components to communicate with each other (smbcontrol),
there's no place for it in /var/lib.

Also remove msg.sock subdir in various tests.

It'd be nice to also move ntp socket and similar somewhere to
/run/samba too, but this is a bit more difficult since it is
used in other software.

https://lists.samba.org/archive/samba-technical/2022-April/137322.html
Michael Tokarev <mjt@tls.msk.ru> no 2022-04-26
testparm-do-not-fail-if-pid-dir-does-not-exist.patch testparm: do not fail if /run/samba does not exist
testparm explicitly fails if $piddir or $lockdir does not exist.
However, the daemons which actually use these directories, will
create it on demand, there is no need to fail even simple testparm
operations if the dirs are not there.

This change lets to (pre)configure samba without bothering to
pre-create the directories which are overwise needed only to fulfil
testparm criteria.
Michael Tokarev <mjt@tls.msk.ru> no 2022-04-26
add-missing-libs-deps.diff specify some deps on private libs actually used directly
Lots of samba libraries has incomplete dependencies listed
in wscript files. This usually is not a problem since the
link line includes dependencies of their dependencies of
their dependencies, and somewhere down that line all immediate
dependencies which are missing are actually present. But
sometimes this becomes a problem when a library does not
declare direct dependency on at least one private library
which it actually uses: in case no private library is
listed as direct dependency, private library directory is
not put into RUNPATH of the resulting binary, so the binary
can not find its own dependencies.

Fix a few such places, including some libraries which are
a part of public abi (libsmbldap, libndr).
Michael Tokarev <mjt@tls.msk.ru> yes 2022-05-19
fruit-disable-useless-size_t-overflow-check.patch fruit: disable useless size_t overflow check
As has been said several times in
https://bugzilla.samba.org/show_bug.cgi?id=13622 ,
the check 'bandsize > SIZE_MAX/nbands' is useless. But it
is also wrong, in 2 ways: first, nbands might be 0 (when
no bands has been allocated yet), and second, there's no
point in comparing this with SIZE_MAX, since size_t on 32bit
platforms is a 32bit integer, while bandsize is off_t which
is 64bits (samba always enables LFS).

This check causes the module to fail when bandsize*nbands
exceeds 32bits, which has been reported for example at
https://bugs.debian.org/974868 .

Whole thing can't overflow because it is already guarded
by time_machine_max_size. Or at the very least, by current
disk sizes... :)
Michael Tokarev <mjt@tls.msk.ru> yes debian 2022-11-17
meaningful-error-if-no-samba-ad-provision.patch print meaningful error message if samba-ad-provision is not installed Michael Tokarev <mjt@tls.msk.ru> not-needed 2022-12-02
meaningful-error-if-no-python3-markdown.patch print meaningful error message if python3-markdown is not installed
diff --git a/python/samba/netcmd/domain/schemaupgrade.py b/python/samba/netcmd/domain/schemaupgrade.py
index 1d67ab58c15..858802635a2 100644
Michael Tokarev <mjt@tls.msk.ru> not-needed 2022-12-02
ctdb-use-run-instead-of-var-run.patch ctdb: use /run/ctdb instead of /var/run/ctdb
Whole upstream path assignment needs a review.
Michael Tokarev <mjt@tls.msk.ru> not-needed 2022-12-02
silence-can-not-convert-group-sid.diff silence "Can not convert group sid" warnings in the log
/var/log/samba/log.winbind is full of messages like:

[2024/02/09 06:25:04.788182, 1, pid=74620] source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED

On a busy server these are logged several 1000s times per minute,
making any other messages basically invisible.


diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index c2603cc7026..f252e14bf95 100644
Michael Tokarev <mjt@tls.msk.ru> invalid 2024-02-14
edns0.patch Minimal EDNS0 support for built-in DNS client
Currently, samba built-in DNS client is UDP-only (it does
support TCP mode, but not all components use it). In
particular, when winbind queries list of AD DCs (SRV
record) which can be quite large, it uses UDP-only query.
And at the same time, samba DNS client does not support
EDNS0 at all, so the reply is limited to standard DNS
packet size which is 512 bytes.

Add minimal EDNS0 OPT record to ADDITIONAL section when
sending a DNS request out, indicating we can accept
DNS packets up to 4Kb in size.

Since DNSSEC is in wide use today and DNSSEC requires
EDNS0, it is okay to assume ENDS0 is widely supported
these days, so there should be no regressions when
enabling EDNS0.


diff --git a/libcli/dns/dns.c b/libcli/dns/dns.c
index 943b4d5b33e..81144601bb8 100644
Michael Tokarev <mjt@tls.msk.ru> yes upstream 2024-02-26
passchange-error-message.patch passchange: error message fix
Missing space and newline.


diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 716bfa39a3b..4049ad0fea1 100644
Michael Tokarev <mjt@tls.msk.ru> invalid 2024-02-26
lower-dns-lookup-mismatch-messages.patch lower dns lookup mismatch messages
There's just too much useless noise in the logs,
especially when the PTR record just doesn't exist.


diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 5ff875c230d..b9237c3797e 100644
Michael Tokarev <mjt@tls.msk.ru> yes 2024-03-01

All known versions for source package 'samba'

Links