Merge ~ahasenack/ubuntu/+source/samba:zesty-revert-static-winbind-1677329 into ~usd-import-team/ubuntu/+source/samba:ubuntu/zesty-devel

Proposed by Andreas Hasenack on 2017-06-21
Status: Work in progress
Proposed branch: ~ahasenack/ubuntu/+source/samba:zesty-revert-static-winbind-1677329
Merge into: ~usd-import-team/ubuntu/+source/samba:ubuntu/zesty-devel
Diff against target: 144 lines (+12/-96)
4 files modified
debian/changelog (+12/-0)
debian/patches/series (+0/-1)
debian/rules (+0/-1)
dev/null (+0/-94)
Reviewer Review Type Date Requested Status
ChristianEhrhardt 2017-06-21 Approve on 2017-07-13
Canonical Server Core Reviewers 2017-08-03 Pending
Canonical Server Team 2017-08-03 Pending
Review via email: mp+326073@code.launchpad.net

Description of the Change

Remove the fix for LP #1584485 as it builds a broken pam_winbind module. There is a revised version of that patch attached to #1584485 but it has not been vetted yet, so for now it's best to revert (again) so that pam_winbind can be used. (LP: #1677329, LP: #1644428)
  - d/p/fix-1584485.patch: drop
  - d/rules: remove winbind static build option

I just attached the revised patch to #1584485 and reopened the artful (devel) task with a comment, but in the "incomplete" state because of the clarifications I asked in comment #43.

To post a comment you must log in.
ChristianEhrhardt (paelzer) wrote :

Still nothing happened upstream :-/
You are waiting on https://lists.samba.org/archive/samba-technical/2017-June/121139.html right?

If anything I'm a bit lost on "There is a fixed version of that patch attached" - since there is no attachement. You either mean one of the branches you linked or the upstream discussion that is linked. If you want to fix this uncertainty you might update the changelog here before a merge and upload pointing to the suggested final fix in a way clear to somebody not involved so far.

Anyway I agree with reverting it in general to make it "as usable as before" for now.

I can not upload that for you yet (core-dev only), but I can approve the change.
And you can ping Nish/Robie to do the merge and sponsoring rather soon IMHO.

One thing to be sure on that - will you follow on to this under the banner of bug 1584485 to fix it the right way eventually?

review: Approve
Andreas Hasenack (ahasenack) wrote :

> Still nothing happened upstream :-/
> You are waiting on https://lists.samba.org/archive/samba-
> technical/2017-June/121139.html right?

Yes, I doubt it will get traction.

> If anything I'm a bit lost on "There is a fixed version of that patch
> attached" - since there is no attachement. You either mean one of the branches

I meant attached to the bug, but in the form of an MP. This one:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/323767

> you linked or the upstream discussion that is linked. If you want to fix this
> uncertainty you might update the changelog here before a merge and upload
> pointing to the suggested final fix in a way clear to somebody not involved so
> far.

Good idea, will do.

>
> Anyway I agree with reverting it in general to make it "as usable as before"
> for now.
>
> I can not upload that for you yet (core-dev only), but I can approve the
> change.
> And you can ping Nish/Robie to do the merge and sponsoring rather soon IMHO.
>
> One thing to be sure on that - will you follow on to this under the banner of
> bug 1584485 to fix it the right way eventually?

I will have to reopen it. Do you agree with that approach? It might be best even to attach my reworked patch there.

ChristianEhrhardt (paelzer) wrote :

On Thu, Jul 13, 2017 at 3:29 PM, Andreas Hasenack <email address hidden>
wrote:

> > One thing to be sure on that - will you follow on to this under the
> banner of
> > bug 1584485 to fix it the right way eventually?
>
> I will have to reopen it. Do you agree with that approach? It might be
> best even to attach my reworked patch there.

Yes exactly that - reopen, explain, attach (there)

--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Andreas Hasenack (ahasenack) wrote :

I had to push again because in the meantime zesty got a new update, so my changelog entry conflicted.

24e5c1b... by Steve Beattie on 2017-07-13

Update ubuntu/zesty-devel from 2:4.5.8+dfsg-0ubuntu0.17.04.3 to 2:4.5.8+dfsg-0ubuntu0.17.04.4

Prior ubuntu/zesty-devel commit: 6cb1945b8af46a47aab9a39f2f4a1803c2ef6e3e
New ubuntu/zesty-devel commit: 569f5199d8c4e49cf890bef61406b64f685579f4

Andreas Hasenack (ahasenack) wrote :

Another rebase due to an upload by the security team, this time we are at 0.17.04.5.

Nish Aravamudan (nacc) wrote :

FYI, 0.17.04.5 was uploaded to zesty-p, I'm running the importer now to catchup and if it applies cleanly, I'll rebase your branch and fix up the changelog.

Nish Aravamudan (nacc) wrote :

Ah actually, I see this was already sponsored.

Nish Aravamudan (nacc) wrote :

Taking this off the active review queue.

Robie, can you decide (if you remember) what to do with sponsored but not tagged uploads? Do we want to affect future re-imports?

Unmerged commits

9045a6f... by Andreas Hasenack on 2017-06-21

changelog

4a1f1ce... by Andreas Hasenack on 2017-06-21

  * Remove the fix for LP #1584485 as it builds a broken pam_winbind
    module. There is a revised version of that patch attached to
    #1584485 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)
    - d/p/fix-1584485.patch: drop
    - d/rules: remove winbind static build option

24e5c1b... by Steve Beattie on 2017-07-13

Update ubuntu/zesty-devel from 2:4.5.8+dfsg-0ubuntu0.17.04.3 to 2:4.5.8+dfsg-0ubuntu0.17.04.4

Prior ubuntu/zesty-devel commit: 6cb1945b8af46a47aab9a39f2f4a1803c2ef6e3e
New ubuntu/zesty-devel commit: 569f5199d8c4e49cf890bef61406b64f685579f4

6cb1945... by Andreas Hasenack on 2017-06-30

Update ubuntu/zesty-devel from 2:4.5.8+dfsg-0ubuntu0.17.04.2 to 2:4.5.8+dfsg-0ubuntu0.17.04.3

Prior ubuntu/zesty-devel commit: 0bcfc0416dc36172551e8cb126192141525b548c
New ubuntu/zesty-devel commit: 58da745264ace59c4b6d554c8ac9c53db1448578

0bcfc04... by Marc Deslauriers on 2017-05-19

Update ubuntu/zesty-devel from 2:4.5.8+dfsg-0ubuntu0.17.04.1 to 2:4.5.8+dfsg-0ubuntu0.17.04.2

Prior ubuntu/zesty-devel commit: 42c867a6850d96b55b8d00b369a06c7821239b61
New ubuntu/zesty-devel commit: 88ffe933ac78bef22c5e227540c7e2cebe1f73ac

42c867a... by Marc Deslauriers on 2017-04-21

Update lpusip/ubuntu/zesty-devel from 2:4.5.4+dfsg-1ubuntu2 to 2:4.5.8+dfsg-0ubuntu0.17.04.1

Prior lpusip/ubuntu/zesty-devel commit: dda1d84e2f349bce00b61788a724f49157d33891
New lpusip/ubuntu/zesty-devel commit: 84a9aa9cdfcd48fee8b98f22ca1ee19ab98e8bb7

dda1d84... by Nish Aravamudan on 2017-03-06

Updating lpusip/ubuntu/zesty-devel from 9e52d3838f678402bab6ddf5e369a9034b824891 to da4dae051e104cf622a4e088174c2660016749c5

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index db3269c..2b164da 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,15 @@
6+samba (2:4.5.8+dfsg-0ubuntu0.17.04.5) zesty; urgency=medium
7+
8+ * Remove the fix for LP #1584485 as it builds a broken pam_winbind
9+ module. There is a revised version of that patch attached to
10+ #1584485 but it has not been vetted yet, so for now it's best
11+ to revert (again) so that pam_winbind can be used.
12+ (LP: #1677329, LP: #1644428)
13+ - d/p/fix-1584485.patch: drop
14+ - d/rules: remove winbind static build option
15+
16+ -- Andreas Hasenack <andreas@canonical.com> Thu, 13 Jul 2017 14:44:16 -0300
17+
18 samba (2:4.5.8+dfsg-0ubuntu0.17.04.4) zesty-security; urgency=medium
19
20 * SECURITY UPDATE: KDC-REP service name impersonation
21diff --git a/debian/patches/fix-1584485.patch b/debian/patches/fix-1584485.patch
22deleted file mode 100644
23index 37fa744..0000000
24--- a/debian/patches/fix-1584485.patch
25+++ /dev/null
26@@ -1,94 +0,0 @@
27---- samba-4.4.5+dfsg.orig/buildtools/wafsamba/wafsamba.py
28-+++ samba-4.4.5+dfsg/buildtools/wafsamba/wafsamba.py
29-@@ -140,7 +140,8 @@ def SAMBA_LIBRARY(bld, libname, source,
30- grouping_library=False,
31- allow_undefined_symbols=False,
32- allow_warnings=False,
33-- enabled=True):
34-+ enabled=True,
35-+ static=False):
36- '''define a Samba library'''
37-
38- if pyembed and bld.env['IS_EXTRA_PYTHON']:
39-@@ -253,7 +254,12 @@ def SAMBA_LIBRARY(bld, libname, source,
40- if bld.env['ENABLE_RELRO'] is True:
41- ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now'))
42-
43-- features = 'c cshlib symlink_lib install_lib'
44-+ features = 'c symlink_lib install_lib'
45-+ if static:
46-+ features += ' cstaticlib'
47-+ else:
48-+ features += ' cshlib'
49-+
50- if pyext:
51- features += ' pyext'
52- if pyembed:
53---- samba-4.4.5+dfsg.orig/nsswitch/wscript_build
54-+++ samba-4.4.5+dfsg/nsswitch/wscript_build
55-@@ -10,6 +10,13 @@ bld.SAMBA_LIBRARY('winbind-client',
56- private_library=True
57- )
58-
59-+bld.SAMBA_LIBRARY('winbind-client-static',
60-+ source='wb_common.c',
61-+ deps='replace',
62-+ cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
63-+ private_library=True, static=True, install=False
64-+ )
65-+
66-
67- bld.SAMBA_BINARY('nsstest',
68- source='nsstest.c',
69-@@ -33,11 +40,12 @@ if (Utils.unversioned_sys_platform() ==
70- bld.SAMBA_LIBRARY('nss_winbind',
71- keep_underscore=True,
72- source='winbind_nss_linux.c',
73-- deps='winbind-client',
74-+ deps='winbind-client-static',
75- public_headers=[],
76- public_headers_install=False,
77- pc_files=[],
78-- vnum='2')
79-+ vnum='2',
80-+ allow_undefined_symbols=True)
81-
82- bld.SAMBA3_LIBRARY('nss_wins',
83- keep_underscore=True,
84-@@ -87,21 +95,32 @@ elif Utils.unversioned_sys_platform() ==
85- elif (host_os.rfind('hpux') > -1):
86- bld.SAMBA_LIBRARY('nss_winbind',
87- source='winbind_nss_linux.c',
88-- deps='winbind-client',
89-+ deps='winbind-client',
90- realname='libnss_winbind.so')
91- elif (host_os.rfind('aix') > -1):
92- bld.SAMBA_LIBRARY('nss_winbind',
93- source='winbind_nss_aix.c',
94-- deps='winbind-client',
95-+ deps='winbind-client',
96- realname='WINBIND')
97-
98- if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
99-+ bld.SAMBA_LIBRARY('pamwinbind-static',
100-+ source='pam_winbind.c',
101-+ deps='talloc wbclient winbind-client-static tiniparser pam samba_intl',
102-+ cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
103-+ realname='pam_winbind.so',
104-+ install_path='${PAMMODULESDIR}',
105-+ static=True,
106-+ install=False
107-+ )
108-+
109- bld.SAMBA_LIBRARY('pamwinbind',
110- source='pam_winbind.c',
111-- deps='talloc wbclient winbind-client tiniparser pam samba_intl',
112-+ deps='pamwinbind-static',
113- cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
114- realname='pam_winbind.so',
115-- install_path='${PAMMODULESDIR}'
116-+ install_path='${PAMMODULESDIR}',
117-+ allow_undefined_symbols=True
118- )
119-
120- if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
121diff --git a/debian/patches/series b/debian/patches/series
122index 4eaa932..ff38521 100644
123--- a/debian/patches/series
124+++ b/debian/patches/series
125@@ -17,7 +17,6 @@ fix_kill_path_in_units.patch
126 nmbd-requires-a-working-network.patch
127 krb_zero_cursor.patch
128 winbind_trusted_domains.patch
129-fix-1584485.patch
130 CVE-2017-7494.patch
131 non-wide-symlinks-to-directories-12860.patch
132 CVE-2017-11103.patch
133diff --git a/debian/rules b/debian/rules
134index 807e5ae..c8557fd 100755
135--- a/debian/rules
136+++ b/debian/rules
137@@ -66,7 +66,6 @@ conf_args = \
138 --disable-avahi \
139 --disable-rpath \
140 --disable-rpath-install \
141- --nonshared-binary=winbindd/winbindd \
142 --bundled-libraries=NONE,pytevent,iniparser,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,com_err,compile_et,asn1_compile \
143 --builtin-libraries=replace,ccan,samba-cluster-support \
144 --minimum-library-version="$(shell ./debian/autodeps.py --minimum-library-version)" \

Subscribers

People subscribed via source and target branches