Merge samba from Debian unstable for kinetic

Upstream: 4.15.7
Debian: 2:4.16.1+dfsg-3
Ubuntu: 2:4.15.5~dfsg-0ubuntu5

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### New Debian Changes ###

samba (2:4.16.1+dfsg-3) unstable; urgency=medium

  * fix ldb package version generation in d/make_shlibs
    which was wrong in 2 previous uploads.
    Will I *ever* make it actually work someday?

 -- Michael Tokarev <email address hidden> Mon, 02 May 2022 18:32:24 +0300

samba (2:4.16.1+dfsg-2) unstable; urgency=medium

  * rethink ldb version *again*, to be 2.5.0+smb4.16.1-2
    or else 2.5.0+smb-1 from samba-4.16.1-2 sorts before
    2.5.0+smb-7 from samba-4.16.0-7.

 -- Michael Tokarev <email address hidden> Mon, 02 May 2022 17:02:16 +0300

samba (2:4.16.1+dfsg-1) unstable; urgency=medium

  * new upstream minor release 4.16.1
  * move-msg.sock-from-var-lib-samba-to-run-samba.patch:
    move /var/lib/samba/private/msg.sock/ to /run/samba/msg.sock/.
    This is a (private) socket directory for IPC, it should not be in /var.
  * Remove /var/lib/samba/private/msg.sock/ in postinst
  * testparm-do-not-fail-if-pid-dir-does-not-exist.patch:
    testparm deliberately fails if /run/samba does not exist,
    while testparam itself does not use it and daemons will
    create it on demand. Just make it a warning instead of a
    fatal error, and we'll not need to pre-create this dir
    in a random place using hackish ways
  * ctdb-create-piddir.patch: create /run/ctdb/ in ctdb.service
    and ctdb.init before invoking ctdbd (as the latter does not
    create its pid directory on demand).
  * stop (ab)using tmpfiles.d to pre-create /run/samba/ and /run/ctdb/
    and stop creating /run/samba/ in samba-common-bin.postinst just to
    make testparam happy.
  * d/rules: minor tweaks

 -- Michael Tokarev <email address hidden> Mon, 02 May 2022 13:16:12 +0300

samba (2:4.16.0+dfsg-7) unstable; urgency=medium

  * another bunch of small tweaks to d/rules:
   - set SHELL to /bin/sh -e
   - rework the clean target
   - provide fast replacement of architecture.mk
   - better expression for DEB_REVISION
   - rearrange configure options
  * do not disable glusterfs on ubuntu-i386 (glusterfs is now in main)
  * mention closing of #1001053 by the 4.16 upload
  * change the ldb version string again, removing te '+samba*' suffix
    to allow bin-NMUs +b1 (Closes: #1010100)

 -- Michael Tokarev <email address hidden> Sun, 24 Apr 2022 16:56:34 +0300

samba (2:4.16.0+dfsg-6) unstable; urgency=medium

  * another attempt to fix/work around #221618. Re-enable
    libsmbclient-ensure-lfs-221618.patch and change it to just define
    an extra type array int[sizeof(off_t)-7]. If off_t is small it will
    become a compile error. It is an ugly way to do it, but it should
    actually work, unlike various static_assert/_Static_assert which are
    language (C/C++) and standard-dependent. Closes: #221618.

 -- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 17:27:09 +0300

samba (2:4.16.0+dfsg-5) unstable; urgency=medium

  * disable libsmbclient-ensure-lfs-221618.patch for now.
    It throws errors in one or another configuration no matter what.
    Repoens: #221618
  * d/salsa-ci.yml: re-allow blhc salsa-ci test to fail again
    due to different bug in blhc

 -- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 16:33:57 +0300

samba (2:4.16.0+dfsg-4) unstable; urgency=medium

  * libsmbclient-ensure-lfs-221618.patch: replace _Static_assert with
    static_assert (and include <assert.h> to make C++ happy too
    (Closes: #1009211)
  * disable-setuid-confchecks.patch: when running configure tests,
    samba tries to verify setuid/setgid etc calls are actually
    *working*, not just exists. This is only possible when the
    configure is running as root. But it turns out in some salsa-ci
    configuration (namely in the reprotest), the second build is
    actually running as root, and in that environment, actual
    setegid call is failing somehow. Just disable the config-time
    check for correctly working setgid and assume it 'just works'
    if present, exactly like non-root build will do.
  * d/salsa-ci.yml: do not expect failure in blhc test (the original
    prob has been fixed long ago), and stop requiring experimental
  * mention closing of #999876 by 4.16

 -- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 00:42:38 +0300

samba (2:4.16.0+dfsg-3) unstable; urgency=medium

  * d/control: comment out the selftest-mode build deps for now
  * d/control: forgotten python3-samba:Replaces against samba package too,
    not just samba-libs, when moving dckeytab python lib (Closes: #1009175)

### Old Ubuntu Delta ###

samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium

  * Enable glusterfs support (LP: #1894618):
    - d/control: revert disabling of glusterfs, since it's in main now
    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
      enable the samba glusterfs vfs mofule in that case
    - d/control: build-depend on libglusterfs-dev only on !i386 arches

 -- Andreas Hasenack <email address hidden> Wed, 09 Mar 2022 17:31:25 -0300

samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium

  * Build dlz module for bind 9.18.x (LP: #1964032)
    - d/p/add-support-for-bind-918.patch: build a dlz module for
      bind 9.18.x
    - d/samba-libs.install: remove fixme comment
    - d/p/add-support-for-bind-918-2.patch: also update the provisioning
      tool and template config file

 -- Andreas Hasenack <email address hidden> Fri, 25 Mar 2022 14:53:19 -0300

samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium

  * Update nfs scripts for new nfs.conf config (LP: #1961840):
    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
      nfsconf(8) if it's available, instead of parsing the old config
      files in /etc/default/nfs-*
    - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
      enable-nfs.sh example script
    - d/ctdb.example.quota: quota config file to be used by the example
      enable-nfs.sh script
    - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
      nfs.conf
    - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
      changes in the new nfs server packages
    - d/rules: install the new/changed ctdb example nfs files

 -- Andreas Hasenack <email address hidden> Mon, 21 Mar 2022 11:55:54 -0300

samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium

  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
    Windows 2021-10 Monthly Rollup patch (LP: #1951490)

 -- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:32:59 -0300

samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium

  * d/{gpb.conf,watch,README.source}: update for 4.15
  * New upstream release: 4.15.5 (LP: #1946839)
  * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
  * d/rules: remove --with-dnsupdate, it was merged with
    --with-ads in samba 4.15.0
  * d/control: bump required build-depends
  * d/rules: drop removal of ctdb tests, they are no longer installed
  * Remove findsmb, no longer installed:
    - d/smbclient.install: remove findsmb
    - d/rules: drop fixing of findsmb shebang
  * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
    no longer installed
  * d/samba-libs.install: update list of installed libraries and
    modules/plugins
  * d/ctdb.install: add tdb_mutex_check
  * d/winbind.install: add async_dns_krb5_locator
  * d/samba.install: install samba-bgqd and its manpage
  * d/{libsmbclient,libwbclient0}.symbols: symbols updates
  * d/control: add python3-markdown to build-depends
  * d/watch: updated to handle ~dfsg versioning, thanks to
    Sergio Durigan Junior <email address hidden>

 -- Andreas Hasenack <email address hidden> Tue, 22 Feb 2022 17:59:22 -0300

samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium

  * Update to 4.13.17 as a security update
    - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
  * Removed patches included in new version:
    - debian/patches/trusted_domain_regression_fix.patch
    - debian/patches/bug14901-*.patch
    - debian/patches/bug14922.patch

 -- Marc Deslauriers <email address hidden> Mon, 14 Feb 2022 10:19:08 -0500

samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium

  * No-change rebuild for icu soname change

 -- William 'jawn-smith' Wilson <email address hidden> Fri, 11 Feb 2022 11:36:14 -0600

samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium

  * d/t/util: fix setting the password of the smb test user
    (LP: #1955851)

 -- Andreas Hasenack <email address hidden> Thu, 20 Jan 2022 17:06:13 -0300

samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium

  * No-change rebuild with Python 3.10 as default version

 -- Graham Inggs <email address hidden> Sun, 16 Jan 2022 07:01:34 +0000

samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium

  * SECURITY REGRESSION: Kerberos authentication on standalone server in
    MIT realm broken
    - debian/patches/bug14922.patch: fix MIT Realm regression in
      source3/auth/user_krb5.c.

 -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:09:36 -0500

samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium

  * Update to 4.13.14 as a security update (LP: #1950363)
    - debian/patches/CVE-2021-20254.patch: removed, included in new
      version.
    - debian/control: bump ldb Build-Depends to 2.2.3.
    - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
    - debian/patches/trusted_domain_regression_fix.patch: fix regression
      introduced in 4.13.14.
    - debian/patches/bug14901-*.patch: upstream patches to fix some
      mapping issues.
    - debian/patches/bug14918-*.patch: upstream patches to properly handle
      dangling symlinks.
    - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
      CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192

 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500

samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium

  * No-change rebuild against liburing2

 -- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:08:34 +0100

samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium

  * d/samba.postinst: do not populate sambashare from the admin group
    (Debian packaging cherry-pick. LP: #1942195)

 -- Paride Legovini <email address hidden> Wed, 06 Oct 2021 10:31:14 +0200

samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium

  * No-change rebuild due to OpenLDAP soname bump.

 -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400

samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/VERSION.patch: Update vendor string to 'Ubuntu'.
    - debian/smb.conf;
      + Add '(Samba, Ubuntu)' to server string.
      + Comment out the default [homes] share, and add a comment about
        'valid users = %s' to show users how to restrict access to
        /server/username to only username.
    - d/control: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
    - d/control: add a versioned libgnutls28-dev build-depends to reduce
      the amount of in-tree crypto code that is built
    - d/control: enable the liburing vfs module, except on i386 where
      liburing is not available
    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
      Skip running the tests if on i386 platform, because the uring
      package is not available there.
  * Dropped changes:
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
      [Included in 2:4.13.4+dfsg-1]
    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
      change nfs service name from nfs to nfs-kernel-server
      (LP #722201)
      [Included in 2:4.13.4+dfsg-1]
    - d/p/ctdb-config-enable-syslog-by-default.patch:
      enable syslog and systemd journal by default
      [Included in 2:4.13.4+dfsg-1]
    - debian/rules: Ubuntu i386 binary compatibility:
      + drop ceph support
      + disable the following binary packages:
        - ctdb
        - libnss-winbind
        - libpam-winbind
        - python3-samba
        - samba
        - samba-common-bin
        - samba-testsuite
        - winbind
      [Included in 2:4.13.4+dfsg-1]
    - debian/rules: Ubuntu i386 binary compatibility:
      + re-enable the following binary packages:
        - libnss-winbind
        - samba-common-bin
        - python3-samba
        - winbind
      [Included in 2:4.13.4+dfsg-1]
    - SECURITY UPDATE: wrong group entries via negative idmap cache entries
      + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
        source3/passdb/lookup_sid.c.
      + CVE-2021-20254
      [Included in 2:4.13.5+dfsg-2]

 -- Athos Ribeiro <email address hidden> Mon, 17 May 2021 11:51:54 -0300