[Samba] GnuTLS, modern Samba and RHEL Re: Samba rpms now available from CentOS Storage SIG

Anoop C S anoopcs at samba.org
Mon Aug 24 11:44:07 UTC 2020

On Thu, 2020-08-20 at 20:04 +1200, Andrew Bartlett via samba wrote:
> On Mon, 2020-08-17 at 12:05 +0530, Anoop C S via samba wrote:
> > Hi all,
> > 
> > This is to announce the availability of Samba(and CTDB) rpms from
> > Storage SIG[1] on CentOS 7 and 8. Visit Samba's CentOS wiki page[2]
> > for
> > more details on installation steps.
> > 
> > [1] https://wiki.centos.org/SpecialInterestGroup/Storage
> > [2] https://wiki.centos.org/SpecialInterestGroup/Storage/Samba
> G'Day Anoop,
> I'm wondering how you plan to handle the need for a modern GnuTLS for
> these builds?
> I take it that you plan to just avoid Samba 4.12 and later on RHEL 8
> /
> CentOS 8?

Yes and I hope you meant RHEL 7/CentOS 7 as they do not have minimum
required GnuTLS version for building Samba 4.12 or later.

> Initially this sounds like a reasonable option but there is a further
> wrinkle:  Samba 4.12 exposes a GnuTLS bug:
> https://bugzilla.samba.org/show_bug.cgi?id=14399
> https://bugzilla.redhat.com/show_bug.cgi?id=1845083
> https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
> Is there some way this is dodged or are you in a position to ensure
> CentOS gets this fixed in that package (I can't see a patch in the
> CentOS repo).

Build process for those Samba packages are currently dependant on the
GnuTLS version with default RHEL 8/CentOS 8 repositories. I am hopeful
that with the following bug, we will have the fix available eventually
with CentOS 8 too.


> If you plan to write a compat-gnutls package do let me know as I
> would
> like to exchange notes...

Not yet.

> On the Samba side of things, how should we handle this?  Can we even
> detect this somehow and refuse to use the leaky routines?

I haven't thought about it. I will communicate when I have something to

More information about the samba mailing list