[Samba] Big problems with 3.0.24-6etch6 Debian packages

[Christian Perrier]

Quoting Marco De Vitis (starless at spin.it):


> What's happening with Samba packages for Debian Etch?

We're trying to keep up with upstream's security announcements and
regressions they induce.


> I saw a security announce yesterday by Steve Kemp, but it's a bit 
> confusing, for Etch it lists some 6etch6 packages and some 6etch7 others.
> Are the current packages broken?

3.0.24-etch5 is the first roll-up of packages fixing CVE-2007-5398 and
CVE-2007-4572

3.0.24-etch6 fixes a regression introduced in -etch5 (indeed introduced in
upstream's initial published fixes). That regression affects those
people who use smbfs only.

Apparently, however, another regression which seems to affect long
directory listings is present in -etch6 and might lead to -etch7 packages.

And, given the recent updates we're receiving (#453050, #453102,
#453145: I love when people don't even read the BTS when reporting
issues), it's not finished.

And, sorry for this, but the time given to these issues by the samba
package maintainers (these days mostly Steve Langasek and me) is
currently very short. Steve spent days of work on these recent updates
and can't currently work on them. So you're quite likely to need
waiting some time before this is fixed. In the meantim, you should
revert back to -etch5


>
> And... is there anyone officially working on more up-to-date Samba packages 
> for Debian Etch? Or will we have to live with 3.0.24 until the next Debian 
> stable upgrade?


This is not new in Debian. You will never get a new upstream version
update for the stable distribution. Updates only include security
fixes. 

You might want to get packages built by the Samba team if you want to
keep your samba server with the bleeding edge samba.