Re: Samba security releases for CVE-2025-10230 and CVE-2025-9640

[Douglas Bagnall <douglas.bagnall () catalyst net nz>]

On 17/10/25 07:37, Demi Marie Obenour wrote:
> On 10/15/25 22:18, Douglas Bagnall wrote:
> > Anyway, the summary is the Samba 3/4 history has left us with
> > unmaintained pockets within our codebase that we ignore because we
> > assume nobody is using them, but which we don't delete because maybe
> > somebody is using them. There may not be very many more.
>
> Would it make sense to announce that they are deprecated, and then
> remove them in the next release?

Yes. That is vaguely the plan in this case:

[ excerpt from https://bugzilla.samba.org/show_bug.cgi?id=15903#c8 ]
> > We should do things in this order:
> >
> > 1. backport the fix.
> > 2. remove source4 wins hook from master/4.next.

though I did not put deprecated markers in the security patch, and now 
there is no urgency...

We will probably deprecate in the next release, and remove after that, 
depending on whether users show up.

As for other bits, we are slowly deduplicating where we can, for example:

https://gitlab.com/samba-team/samba/-/merge_requests/4219

Douglas