Can't print after update to 4.13

Status changed to 'Confirmed' because the bug affects multiple users.

Thanks for taking the time to report this bug and trying to make Ubuntu better.

In the upstream bug there is no reply yet from the maintainers but it might be a valid bug. This will need some investigation, I'll be subscribing ubuntu-server and adding the server-todo tag to see if the Ubuntu Server team can find some time to work on it.

There have been patches provided for testing and the latest master already has the changes in there.

For some reason the remote bug watcher for samba seems to be broken aswell, I'm seeing "Launchpad couldn't connect to Samba Bugzilla." above.

Thanks Florian for checking, there are indeed patches for samba 4.14, 4.15, 4.16. No patches for samba 4.13, but maybe that's because upstream only ships security fixes for it at the moment [1].

A bit confusingly the upstream patches mention that:

  Note this is only really needed for 4.15 and older, as
  we no longer run the rpc_server embedded in smbd,
  but we better be consistent for now.

but a patch *does* exist for samba 4.16. We should verify if those patches apply to what we have in >= Focal and if they actually fix the bug.

[1] https://wiki.samba.org/index.php/Samba_Release_Planning

I've uploaded a test package for focal into the security team ppa here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Could you please test it and see if it fixes your printing problem?

Thanks!

We are still waiting for the bug reporter to test the packages, thanks!

The test packages solve the problem for us.
thanks!

After talking with Marc and reading into the case a bit more this is a coincidence that it fails with the 4.17 update [1] in Nov 2021. Instead it seems it is caused by the "Windows 7 with 2021-10 monthly rollup patch (KB5006743)" and similar in the same time-frame.

Nevertheless worth to be fixed, just it will have to be a normal SRU.
Taking back the security assignment and the Server Team will try to drive a normal SRU for this.

Since the upload by mdeslaur to the security PPA is now partially in Focal already (the 2:4.13.17~dfsg-0ubuntu0.21.04.1 part of it) the LP debdiff is odd. I'm hereby attaching just the added delta on top that worked. IMHO that is almost ready, just some deb3-headers and creating a good SRU template here in the bug.

@Sebastian - thanks for testing, when this is going to be released we might need you again for this. To be clear, is this just "print from normal windows user to a samba printer" or is there anything more complex to this?

[1]: https://launchpad.net/ubuntu/+source/samba/2:4.13.14+dfsg-0ubuntu0.20.04.1

"print from normal windows user to a samba printer"
-> yes, for us it was only this bug which was solved by the patch
i can test again if you release this

BTW one thing to be careful to not mix is here is minor and sub-minor version.
The patch mentions to only be for 4.15 and earlier.
This matches [1] saying "rpc_server Removed".
But while the .17 might be misleading at first it is 4.13.17 that it in focal and impish - so the .13 matters here. And those need a fix. You can also see that in the man-page which for all these (pre 4.16) will mention "Default: rpc_server:SERVER = embedded".

We can see that Upstream prepares those for the next stable releases, but not 4.13 AFAICS:

$ git log --all --grep="dcesrv_core: wrap gensec_" --oneline
# plus adding which branch they are on:
v4-16-stable 20f84f11651 dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
v4-15-test e26270cbe58 dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
v4-14-test 9e3c363030d dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
master 0651fa474cd dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
dev-branch ed345c6bc34 dcesrv_core: wrap gensec_*() calls in [un]become_root() calls

So for 4.15 (jammy) we could just wait to 4.15.6 - but then the SRU requires it to be fixed there first and we do not know when this will be released.

So the approach from here should IMHO be to prep:
9e3c363030d -> 4.13.17 -> Focal
9e3c363030d -> 4.13.17 -> Impish
e26270cbe58 -> 4.15.5 -> Jammy

Based on the backport by Marc I have prepared how I'd think a Focal upload could look like.
=> https://code.launchpad.net/~paelzer/ubuntu/+source/samba/+git/samba/+ref/fix-printing-1951490-focal

TODO:
- check and adopt my branch
- map the same for Impish and Jammy
- upload for Jammy
- Prepare SRU template
- upload to -unapproved

[1]: https://wiki.samba.org/index.php/Samba_4.16_Features_added/changed

This bug was fixed in the package samba - 2:4.15.5~dfsg-0ubuntu2

---------------
samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium

  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
    Windows 2021-10 Monthly Rollup patch (LP: #1951490)

 -- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:32:59 -0300

This one looks okay. Since the fix involves some privilege bumping in various parts of the code, I'm happy this change has been prepared in cooperation with the security team - this would be my main point of concern (requiring a security review). So I will be accepting this to -proposed.

I assume it's intended only for -updates, right? Or do we want to fix this regression in the -security pocket as well? It would require a rebuild then though.

Hello Florian, or anyone else affected,

Accepted samba into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/samba/2:4.13.17~dfsg-0ubuntu0.21.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Florian, or anyone else affected,

Accepted samba into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/samba/2:4.13.17~dfsg-0ubuntu0.21.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

the packages in focal-proposed (2:4.13.17~dfsg-0ubuntu0.21.04.2) work for me
thanks

All autopkgtests for the newly accepted samba (2:4.13.17~dfsg-0ubuntu0.21.04.2) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.44.1-1ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#samba

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The failed test from comment #16 was retried and resolved. Everything is green for this update in focal.

Hello dear community,

just a reminder that we are relying on you to perform the SRU verification for ubuntu impish and focal, because the environment where the bug happens is rather complex to setup from scratch.

> the packages in focal-proposed (2:4.13.17~dfsg-0ubuntu0.21.04.2) work for me
> thanks

Hello Sebastian,

can you please adjust the bug tags according to the instructions in comment #14, and elaborate a bit on the testing you did?

Okay, I also think we aged this long enough now in -proposed. Let's proceed.

This bug was fixed in the package samba - 2:4.13.17~dfsg-0ubuntu0.21.04.2

---------------
samba (2:4.13.17~dfsg-0ubuntu0.21.04.2) focal; urgency=medium

  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
    Windows 2021-10 Monthly Rollup patch (LP: #1951490)

 -- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:48:01 -0300

The verification of the Stable Release Update for samba has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

We still need an Ubuntu Impish verification, any volunteers?

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.