[Samba] updated samba 4.18 & 4.17 packages for debian & ubuntu to address trust issue with windows 10/11 update 07/2023

Gregory Sloop gregs at sloop.net
Fri Jul 14 17:04:47 UTC 2023

First, thanks so much for doing this.
I used Louis's packages previously and was in a quandary about what to do when those stopped getting updates. Having you fill that gap has been super nice.
I'm on Ubuntu (22.04)
I'm currently using your MJT repo.
I note you list official debian repos that are part of the official debian system...
And that would perhaps be better for me too.
Is there a "non-MJT" repo that's appropriate for Ubuntu? (Can I use one of the Debian ones, or something else?)

> Replying here as well, since this is a frequent question.

> I uploaded the updated samba packages to the official debian archives
> in parallel with updating my repository - exactly the same source
> packages as are used to build samba for my repository. 4.18 should
> already be available on sid/unstable, I think. In trixie/testing it
> will migrate within 5 days if nothing other breaks.

> Updated bookworm packages has been accepted into bookworm-proposed-updates
> and are now building:
>   https://buildd.debian.org/status/package.php?p=samba&suite=bookworm
> They'll be part of the official debian release on Jul-22, I guess, as a
> part of bookworm 12.1 point release.  Or maybe bookworm-security will
> catch it earlier, I dunno yet.

> bookworm-backports isn't open yet, I don't know what's up with that part.
> https://lists.debian.org/debian-backports/2023/06/msg00017.html is the last
> news about the matter which I know.  So there's no 4.18 official packages
> for bookworm yet.

> bullseye-backports - once the updated packages in bookworm-pu hits bookworm,
> I'll made them available as bullseye-backports.  By debian rules, oldtable-
> backports don't receive software from testing, only from stable, so it has
> to be in stable first.

> Speaking of the original bullseye packages (based on samba 4.13) - yes it
> can be rebuilt to include the fixes for the current situation with win10/11
> updates, but in my opinion it is better to move on from that version entirely,
> the faster the better, as it has other unfixed issues and fixing them there
> is not worth the efforts.

> So basically, I did everything I can for now on the Debian side.

> Maybe it is possible to push bookworm updates for this issue faster than
> waiting for the next point release, - after all it is a security-related
> issue, so maybe security.debian.org might help.  Talking with them now.

> Meanwhile, whole set of packages for Debian and Ubuntu is available on my
> site today already.  I'm not in any way recommend to switch from official
> Debian archives, - on the contrary, I do *not* recommend doing that, because
> I alone can't promise to keep this repository updated for a long time, while
> Debian has much more resources for this.  It just so happens that sometimes
> an urgent fix is easier to do outside of the usual Debian processing.  I hope
> to make it better within Debian.

> BTW, I noticed that quite a lot of people still using old URLs within my
> repository, more than half a year since they return 404.  I wonder if people
> just ignore error notifications their ubuntu (focal or jammy) systems sending
> them about missing repositories...  but ok.

> /mjt

More information about the samba mailing list