Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:cosmic-smb-browse-nt1-1778322 into ubuntu/+source/samba:ubuntu/cosmic-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. cosmic-smb-browse-nt1-1778322
  4. Merge into ubuntu/cosmic-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 8a2846583c8e402ca2782c2211d435e4b4821969
Merged at revision: 8a2846583c8e402ca2782c2211d435e4b4821969
Proposed branch: ~ahasenack/ubuntu/+source/samba:cosmic-smb-browse-nt1-1778322
Merge into: ubuntu/+source/samba:ubuntu/cosmic-devel
Diff against target: 105 lines (+72/-0)
4 files modified
debian/changelog (+9/-0)
debian/libsmbclient.symbols (+1/-0)
debian/patches/add-smbc_setOptionProtocols.patch (+61/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+365298@code.launchpad.net

Description of the change

This branch brings a new function into the cosmic samba packages. This function can be used by applications linked against libsmbclient in order to set the SMB protocol version they want to use.

gvfs in bionic and cosmic (and later) has already been changed to use this function if it is detected at build time. When that happens, this will close bug #1778322, allowing the gnome desktop (via gvfs) to display windows and samba machines from the local network.

Key points for this update:
- it's adding a new function, so the symbols file update includes the full version of the ubuntu package, and not just the upstream version
- gvfs needs to be rebuilt *after* the samba package has landed in proposed. I'm not adding any strict build-depends.
- gvfs build log *must* contain this line:
Checking for function "smbc_setOptionProtocols": YES
- gvfs, when rebuilt with this samba version, will change its depdendency on libsmbclient from a generic one to a very specific one. In bionic, for example, gvfs-backends currently depends on "libsmbclient (>= 2:4.0.3+dfsg1)". In the PPA I have for testing, that changed to "libsmbclient (>= 2:4.7.6+dfsg~ubuntu-0ubuntu2.8~)", following the symbols file change.

I tried to come up with testing instructions that didn't require the installation of ubuntu desktop, but manipulating gvfsd and gio (command-line tool) didn't work unless I also had the desktop installed. And I did start a dbus session, so I don't know what else was missing. The bug has the SRU template filled out and testing instructions.

PPA with test builds: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-browse-nt1-1778322

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The same as said on Bionic MP applies here, so copy&paste ...

We already discussed about this last week.
So a lot is already resolved in this MP (e.g. the details of the symbols handling).

I checked the formats and styles in the patch/changelog that LGTM.

Furthermore I have checked Cosmic and Bionic build logs and agree that the GVFS build detected the new feature and as well picked up the new version dependency.
No "breaks" are needed since the new SMB won't break an old GVFS and vice versa the dependency is autogenerated by make shlibs.

The test steps also seem ok for me, more complex than preferred but working.
All of the above sums up to +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded:

$ git push pkg upload/2%4.8.4+dfsg-2ubuntu2.2
Enumerating objects: 21, done.
Counting objects: 100% (21/21), done.
Delta compression using up to 4 threads
Compressing objects: 100% (15/15), done.
Writing objects: 100% (15/15), 2.48 KiB | 110.00 KiB/s, done.
Total 15 (delta 10), reused 0 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/samba
 * [new tag] upload/2%4.8.4+dfsg-2ubuntu2.2 -> upload/2%4.8.4+dfsg-2ubuntu2.2

$ dput ubuntu ../samba_4.8.4+dfsg-2ubuntu2.2_source.changes
Checking signature on .changes
gpg: ../samba_4.8.4+dfsg-2ubuntu2.2_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../samba_4.8.4+dfsg-2ubuntu2.2.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading samba_4.8.4+dfsg-2ubuntu2.2.dsc: done.
  Uploading samba_4.8.4+dfsg-2ubuntu2.2.debian.tar.xz: done.
  Uploading samba_4.8.4+dfsg-2ubuntu2.2_source.buildinfo: done.
  Uploading samba_4.8.4+dfsg-2ubuntu2.2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index ded72ea..9f7f214 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
1samba (2:4.8.4+dfsg-2ubuntu2.2) cosmic; urgency=medium
2
3 * Backport function to set protocol levels (LP: #1778322):
4 - d/p/add-smbc_setOptionProtocols.patch: add function to set protocol
5 levels
6 - d/libsmbclient.symbols: add smbc_setOptionProtocols
7
8 -- Andreas Hasenack <andreas@canonical.com> Thu, 28 Mar 2019 21:45:02 -0300
9
1samba (2:4.8.4+dfsg-2ubuntu2.1) cosmic-security; urgency=medium10samba (2:4.8.4+dfsg-2ubuntu2.1) cosmic-security; urgency=medium
211
3 * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD12 * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
diff --git a/debian/libsmbclient.symbols b/debian/libsmbclient.symbols
index d88c61e..f539b3f 100644
--- a/debian/libsmbclient.symbols
+++ b/debian/libsmbclient.symbols
@@ -160,6 +160,7 @@ libsmbclient.so.0 libsmbclient #MINVER#
160 smbc_setOptionNoAutoAnonymousLogin@SMBCLIENT_0.1.0 2:4.0.3+dfsg1160 smbc_setOptionNoAutoAnonymousLogin@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
161 smbc_setOptionOneSharePerServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1161 smbc_setOptionOneSharePerServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
162 smbc_setOptionOpenShareMode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1162 smbc_setOptionOpenShareMode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
163 smbc_setOptionProtocols@SMBCLIENT_0.3.1 2:4.8.4+dfsg-2ubuntu2.2~
163 smbc_setOptionSmbEncryptionLevel@SMBCLIENT_0.1.0 2:4.0.3+dfsg1164 smbc_setOptionSmbEncryptionLevel@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
164 smbc_setOptionUrlEncodeReaddirEntries@SMBCLIENT_0.1.0 2:4.0.3+dfsg1165 smbc_setOptionUrlEncodeReaddirEntries@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
165 smbc_setOptionUseCCache@SMBCLIENT_0.1.0 2:4.0.3+dfsg1166 smbc_setOptionUseCCache@SMBCLIENT_0.1.0 2:4.0.3+dfsg1
diff --git a/debian/patches/add-smbc_setOptionProtocols.patch b/debian/patches/add-smbc_setOptionProtocols.patch
166new file mode 100644167new file mode 100644
index 0000000..c430b1c
--- /dev/null
+++ b/debian/patches/add-smbc_setOptionProtocols.patch
@@ -0,0 +1,61 @@
1Description: s3:libsmbclient: Add function to set protocol levels
2Author: Andreas Schneider <asn@samba.org>
3Origin: https://github.com/samba-team/samba/commit/0dae4e2f5c65167fdb2405e232436921a0bb17e6
4Origin: https://github.com/samba-team/samba/commit/885435e8a4dc561749b880f8be7a32041fa954ec
5Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1778322
6Last-Update: 2019-03-28
7--- a/source3/include/libsmbclient.h
8+++ b/source3/include/libsmbclient.h
9@@ -775,7 +775,24 @@
10 void
11 smbc_setOptionUseNTHash(SMBCCTX *c, smbc_bool b);
12
13-
14+/**
15+ * @brief Set the 'client min protocol' and the 'client max protocol'.
16+ *
17+ * IMPORTANT: This overrrides the values 'client min protocol' and 'client max
18+ * protocol' set in the smb.conf file!
19+ *
20+ * @param[in] c The smbc context to use.
21+ *
22+ * @param[in] min_proto The minimal protocol to use or NULL for leaving it
23+ * untouched.
24+ *
25+ * @param[in] max_proto The maximum protocol to use or NULL for leaving it
26+ * untouched.
27+ *
28+ * @returns true for success, false otherwise
29+ */
30+smbc_bool
31+smbc_setOptionProtocols(SMBCCTX *c, const char *min_proto, const char *max_proto);
32
33 /*************************************
34 * Getters and setters for FUNCTIONS *
35--- a/source3/libsmb/libsmb_setget.c
36+++ b/source3/libsmb/libsmb_setget.c
37@@ -503,6 +503,24 @@
38 }
39 }
40
41+smbc_bool
42+smbc_setOptionProtocols(SMBCCTX *c,
43+ const char *min_proto,
44+ const char *max_proto)
45+{
46+ bool ok = true;
47+
48+ if (min_proto != NULL) {
49+ ok = lp_set_cmdline("client min protocol", min_proto);
50+ }
51+
52+ if (max_proto != NULL) {
53+ ok &= lp_set_cmdline("client max protocol", max_proto);
54+ }
55+
56+ return ok;
57+}
58+
59 /** Get the function for obtaining authentication data */
60 smbc_get_auth_data_fn
61 smbc_getFunctionAuthData(SMBCCTX *c)
diff --git a/debian/patches/series b/debian/patches/series
index c653080..ed62c14 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@ CVE-2018-14629.patch
14CVE-2018-16841-1.patch14CVE-2018-16841-1.patch
15CVE-2018-16841-2.patch15CVE-2018-16841-2.patch
16CVE-2018-16851.patch16CVE-2018-16851.patch
17add-smbc_setOptionProtocols.patch

Subscribers

People subscribed via source and target branches