Your message dated Tue, 15 Nov 2022 16:50:35 +0000 with message-id <[email protected]> and subject line Bug#1023759: fixed in samba 2:4.17.3+dfsg-1 has caused the Debian Bug report #1023759, regarding winbind, samba: runs groupadd without a dependency on passwd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1023759: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023759 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: winbind Version: 2:4.17.2+dfsg-9 Severity: normal I happened to notice in the samba changelog that samba and winbind now use groupadd instead of addgroup, as a way to create a system group without extra dependencies. While reporting a missing dependency on adduser in an unrelated package (#1023758 in pipewire) I thought this could be a useful technique and looked at it in more detail. Unfortunately, groupadd is in a non-Essential package, so using it without a dependency is technically a Policy violation (IMO not a release-critical one, but opinions might vary on this). Specifically, it's in passwd, which is Priority: required (therefore is preinstalled in even minimal debootstrap chroots, preventing piuparts from detecting this bug) but is technically something that sysadmins are allowed to remove. Steps to reproduce: $ podman run --pull=always --rm -it debian:sid-slim # apt update # apt upgrade # apt purge adduser passwd # apt install --no-install-recommends winbind (or use your favourite minimal container/chroot instead of podman) Expected result: successful installation; winbind might not be practically useful without its Recommends, but should install OK Actual result: > Setting up winbind (2:4.17.2+dfsg-9) ... > /var/lib/dpkg/info/winbind.postinst: 38: groupadd: not found > dpkg: error processing package winbind (--configure): > installed winbind package post-installation script subprocess returned error > exit status 127 The obvious solution is "Depends: passwd" in the winbind and samba packages (and any others that use groupadd in this way). See #1023758 for some alternatives to this, involving sysusers.d. Thanks, smcv
--- End Message ---
--- Begin Message ---Source: samba Source-Version: 2:4.17.3+dfsg-1 Done: Michael Tokarev <[email protected]> We believe that the bug you reported is fixed in the latest version of samba, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <[email protected]> (supplier of updated samba package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 15 Nov 2022 19:26:10 +0300 Source: samba Architecture: source Version: 2:4.17.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Samba Maintainers <[email protected]> Changed-By: Michael Tokarev <[email protected]> Closes: 1023759 Changes: samba (2:4.17.3+dfsg-1) unstable; urgency=medium . * new upstream security release 4.17.3, fixing the following issue: CVE-2022-42898: Heimdal Kerberos libraries suffers from an integer multiplication overflow vulnerability which affects 32bit platforms, see https://www.samba.org/samba/security/CVE-2022-42898.html This changes third_party/heimdal/, it does not affect mitkrb5 builds. * d/rules: stop stripping +dfsg suffix from ldb version * d/control: declare dependency on password (for groupadd in postinst) for winbind and samba (Closes: #1023759) * implement pkg.samba.mitkrb5 build profile to build with system mit-krb5 (with "mitkrb5" version suffix in some packages for now) * d/control: mark libufing-dev build dep with <!pkg.samba.nouring> (to simplify out-of-archive builds for older systems) * d/rules: parametrise list of packages to omit (eg on ubuntu-i386) with ${omit-pkgs} * d/rules: use variables in a more consistent way, use single ${config-args} * d/control: tdb-tools and lmdb-utils packages are also needed for tests (everything is commented out for now anyway) * d/rules: update knownfail tests * d/rules: stop exporting buildflags, export compiler options when needed * d/rules: always define rados:Depends & vfsmods:Depends substvars * unwrap-getresgid-typo.patch - fix crash during p11-kit execution (https://bugzilla.samba.org/show_bug.cgi?id=15227) (for the testsuite only) * nsswitch-pam-data-time_t.patch - fix time_t not fit in a pointer (eg x32) (https://bugzilla.samba.org/show_bug.cgi?id=15224) Checksums-Sha1: 7a907a906806a16638fd563ca7968691059d8007 4268 samba_4.17.3+dfsg-1.dsc 25631db18fe67096b36ffd0d9b186195ed2a3155 18395732 samba_4.17.3+dfsg.orig.tar.xz ebab90ff555df0008a09f7e34c6bb9f2060259f0 265696 samba_4.17.3+dfsg-1.debian.tar.xz 9d24f15b970defc7a22b1d0197f4ca05e85af1a3 5957 samba_4.17.3+dfsg-1_source.buildinfo Checksums-Sha256: 06427fb6c905a25d2d766a4f2abe16a0129c70d5a5043a56874ee80ca59db582 4268 samba_4.17.3+dfsg-1.dsc 8629a5ac6bb674bcbec0ecd0054989c5ee17210e426354b3b8830decf1c6cb98 18395732 samba_4.17.3+dfsg.orig.tar.xz 8af75351f186181c3d6e0abfb8871dc0f7dcbe674c01407ae863b944b3bede4e 265696 samba_4.17.3+dfsg-1.debian.tar.xz b524b7092053b9ccab8062db75945f27e59ec83d8330f49235f940f442754276 5957 samba_4.17.3+dfsg-1_source.buildinfo Files: f707471631a90fb31e2c10626541c3cd 4268 net optional samba_4.17.3+dfsg-1.dsc 67816b7170f96cfe62204047af012e50 18395732 net optional samba_4.17.3+dfsg.orig.tar.xz 81f925755dfcd23caadf7771698835d3 265696 net optional samba_4.17.3+dfsg-1.debian.tar.xz e391a0e793c528ef6993ed7bb342817d 5957 net optional samba_4.17.3+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmNzvc0PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5Z5DUH/2jfpjOrqqa6yVqarT1DBjDLUCqZlWa/Ha1e ZdlLMu58Da+6RrRKF/oxK6ha9i0vq5TlHA5u4mcCllGO3Lg6HiL7Rxh4cjWYxalW MZZjVPNgRuy/z1KqkQukYc0yPI2ZbMO2O0j/qNDoFSK7he8ewHnyLL15jc5rRwe+ EHzWxzqRo2O7y16o/Yz/7YyN/OV74KWyW4FFMPoOg5w3LE6San56OhyMV4kZH+U7 V2U/tVSixWNZ6Dz1ePxUGSeL4PSV3TYj7Hmee3kUKJv70dh/GE7RIiUwQwfgCVj6 BZw1Ug2kmsCLnOjlC+eU12lgiwdyVrXQp4osYuCPJOry6nm54T0= =P3H2 -----END PGP SIGNATURE-----
--- End Message ---
