[Samba] updated samba 4.18 & 4.17 packages for debian & ubuntu to address trust issue with windows 10/11 update 07/2023

Michael Tokarev mjt at tls.msk.ru
Fri Jul 14 16:52:37 UTC 2023

Replying here as well, since this is a frequent question.

I uploaded the updated samba packages to the official debian archives
in parallel with updating my repository - exactly the same source
packages as are used to build samba for my repository. 4.18 should
already be available on sid/unstable, I think. In trixie/testing it
will migrate within 5 days if nothing other breaks.

Updated bookworm packages has been accepted into bookworm-proposed-updates
and are now building:
They'll be part of the official debian release on Jul-22, I guess, as a
part of bookworm 12.1 point release.  Or maybe bookworm-security will
catch it earlier, I dunno yet.

bookworm-backports isn't open yet, I don't know what's up with that part.
https://lists.debian.org/debian-backports/2023/06/msg00017.html is the last
news about the matter which I know.  So there's no 4.18 official packages
for bookworm yet.

bullseye-backports - once the updated packages in bookworm-pu hits bookworm,
I'll made them available as bullseye-backports.  By debian rules, oldtable-
backports don't receive software from testing, only from stable, so it has
to be in stable first.

Speaking of the original bullseye packages (based on samba 4.13) - yes it
can be rebuilt to include the fixes for the current situation with win10/11
updates, but in my opinion it is better to move on from that version entirely,
the faster the better, as it has other unfixed issues and fixing them there
is not worth the efforts.

So basically, I did everything I can for now on the Debian side.

Maybe it is possible to push bookworm updates for this issue faster than
waiting for the next point release, - after all it is a security-related
issue, so maybe security.debian.org might help.  Talking with them now.

Meanwhile, whole set of packages for Debian and Ubuntu is available on my
site today already.  I'm not in any way recommend to switch from official
Debian archives, - on the contrary, I do *not* recommend doing that, because
I alone can't promise to keep this repository updated for a long time, while
Debian has much more resources for this.  It just so happens that sometimes
an urgent fix is easier to do outside of the usual Debian processing.  I hope
to make it better within Debian.

BTW, I noticed that quite a lot of people still using old URLs within my
repository, more than half a year since they return 404.  I wonder if people
just ignore error notifications their ubuntu (focal or jammy) systems sending
them about missing repositories...  but ok.


More information about the samba mailing list