[Samba] updated samba 4.18 & 4.17 packages for debian & ubuntu to address trust issue with windows 10/11 update 07/2023

Gregory Sloop gregs at sloop.net
Fri Jul 14 17:04:47 UTC 2023 

First, thanks so much for doing this.
I used Louis's packages previously and was in a quandary about what to do when those stopped getting updates. Having you fill that gap has been super nice.
Thanks!
 
Second.
I'm on Ubuntu (22.04)
I'm currently using your MJT repo.
 
I note you list official debian repos that are part of the official debian system...
And that would perhaps be better for me too.
Is there a "non-MJT" repo that's appropriate for Ubuntu? (Can I use one of the Debian ones, or something else?)
 
TIA
 
-Greg
  


> Replying here as well, since this is a frequent question.

> I uploaded the updated samba packages to the official debian archives
> in parallel with updating my repository - exactly the same source
> packages as are used to build samba for my repository. 4.18 should
> already be available on sid/unstable, I think. In trixie/testing it
> will migrate within 5 days if nothing other breaks.

> Updated bookworm packages has been accepted into bookworm-proposed-updates
> and are now building:
>   https://buildd.debian.org/status/package.php?p=samba&suite=bookworm
> They'll be part of the official debian release on Jul-22, I guess, as a
> part of bookworm 12.1 point release.  Or maybe bookworm-security will
> catch it earlier, I dunno yet.

> bookworm-backports isn't open yet, I don't know what's up with that part.
> https://lists.debian.org/debian-backports/2023/06/msg00017.html is the last
> news about the matter which I know.  So there's no 4.18 official packages
> for bookworm yet.

> bullseye-backports - once the updated packages in bookworm-pu hits bookworm,
> I'll made them available as bullseye-backports.  By debian rules, oldtable-
> backports don't receive software from testing, only from stable, so it has
> to be in stable first.

> Speaking of the original bullseye packages (based on samba 4.13) - yes it
> can be rebuilt to include the fixes for the current situation with win10/11
> updates, but in my opinion it is better to move on from that version entirely,
> the faster the better, as it has other unfixed issues and fixing them there
> is not worth the efforts.

> So basically, I did everything I can for now on the Debian side.

> Maybe it is possible to push bookworm updates for this issue faster than
> waiting for the next point release, - after all it is a security-related
> issue, so maybe security.debian.org might help.  Talking with them now.

> Meanwhile, whole set of packages for Debian and Ubuntu is available on my
> site today already.  I'm not in any way recommend to switch from official
> Debian archives, - on the contrary, I do *not* recommend doing that, because
> I alone can't promise to keep this repository updated for a long time, while
> Debian has much more resources for this.  It just so happens that sometimes
> an urgent fix is easier to do outside of the usual Debian processing.  I hope
> to make it better within Debian.

> BTW, I noticed that quite a lot of people still using old URLs within my
> repository, more than half a year since they return 404.  I wonder if people
> just ignore error notifications their ubuntu (focal or jammy) systems sending
> them about missing repositories...  but ok.

> /mjt

More information about the samba mailing list