Author: Ubuntu Git Importer
Author Date: 2020-02-25 14:57:39 UTC

DSC file for 2:4.11.5+dfsg-1ubuntu2

Author: Andreas Hasenack
Author Date: 2020-02-22 17:22:21 UTC

Import patches-unapplied version 2:4.11.5+dfsg-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 9ae2d608bd7f25fe3f8fd200d9f5aa4ef8746f78

Author: Andreas Hasenack
Author Date: 2020-02-22 17:22:21 UTC

Import patches-unapplied version 2:4.11.5+dfsg-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 9ae2d608bd7f25fe3f8fd200d9f5aa4ef8746f78

Author: Andreas Hasenack
Author Date: 2020-02-22 17:22:21 UTC

Import patches-unapplied version 2:4.11.5+dfsg-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 9ae2d608bd7f25fe3f8fd200d9f5aa4ef8746f78

Author: Andreas Hasenack
Author Date: 2020-02-22 17:22:21 UTC

Import patches-unapplied version 2:4.11.5+dfsg-1ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Upload parent: 9ae2d608bd7f25fe3f8fd200d9f5aa4ef8746f78

Author: Ubuntu Git Importer
Author Date: 2020-01-28 10:48:17 UTC

DSC file for 2:4.11.5+dfsg-1

Author: Mathieu Parent
Author Date: 2020-01-28 07:19:46 UTC

Import patches-unapplied version 2:4.11.5+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c65a67dd822e69ee06d26112626f00238029b3c4

New changelog entries:
  * New upstream security release
    - CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
      Directory not automatic.
    - CVE-2019-14907: Crash after failed character conversion at log level 3 or
      above.
    - CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
    - Bump build-depends ldb >= 2.0.8

Author: Marc Deslauriers
Author Date: 2020-01-14 11:02:26 UTC

Import patches-unapplied version 2:4.10.0+dfsg-0ubuntu2.8 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: fdb1afa255e50925e862a7fb3fa5a3c45b92fe0a

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Marc Deslauriers
Author Date: 2020-01-14 11:02:26 UTC

Import patches-unapplied version 2:4.10.0+dfsg-0ubuntu2.8 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: fdb1afa255e50925e862a7fb3fa5a3c45b92fe0a

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Marc Deslauriers
Author Date: 2020-01-14 11:02:26 UTC

Import patches-unapplied version 2:4.10.0+dfsg-0ubuntu2.8 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: fdb1afa255e50925e862a7fb3fa5a3c45b92fe0a

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Marc Deslauriers
Author Date: 2020-01-14 11:11:50 UTC

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: fafc011ad4d895ef8a2ddb0283a36cd667b687fb

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-14 11:11:50 UTC

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: fafc011ad4d895ef8a2ddb0283a36cd667b687fb

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-14 11:11:50 UTC

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: fafc011ad4d895ef8a2ddb0283a36cd667b687fb

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-17 08:16:49 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.16.04.25 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b72a2216baa23d942dcc66075f86aa40c0cb3b2a

New changelog entries:
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-17 08:16:49 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.16.04.25 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b72a2216baa23d942dcc66075f86aa40c0cb3b2a

New changelog entries:
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-17 08:16:49 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.16.04.25 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b72a2216baa23d942dcc66075f86aa40c0cb3b2a

New changelog entries:
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907

Author: Marc Deslauriers
Author Date: 2020-01-14 10:56:41 UTC

Import patches-unapplied version 2:4.10.7+dfsg-0ubuntu2.4 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: b436e199c0288d1a0de9e861424f36a0584d0c56

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Marc Deslauriers
Author Date: 2020-01-14 10:56:41 UTC

Import patches-unapplied version 2:4.10.7+dfsg-0ubuntu2.4 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: b436e199c0288d1a0de9e861424f36a0584d0c56

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Marc Deslauriers
Author Date: 2020-01-14 10:56:41 UTC

Import patches-unapplied version 2:4.10.7+dfsg-0ubuntu2.4 to ubuntu/eoan-security

Imported using git-ubuntu import.

Changelog parent: b436e199c0288d1a0de9e861424f36a0584d0c56

New changelog entries:
  * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
    AD Directory not automatic
    - debian/patches/CVE-2019-14902-1.patch: add test for replication of
      inherited security descriptors.
    - debian/patches/CVE-2019-14902-2.patch: add test for a special case
      around replicated renames.
    - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
      inheritance really happens
    - debian/patches/CVE-2019-14902-4.patch: explain that
      descriptor_sd_propagation_recursive() is protected by a transaction.
    - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
      propagation needs to be done here.
    - debian/patches/CVE-2019-14902-6.patch: ensure we honour both
      change->force_self and change->force_children.
    - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
      renamed DN.
    - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
      Security Descriptors were not replicated.
    - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
      SD inheritance) after any rename.
    - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
      deferred processing to be GUIDs.
    - CVE-2019-14902
  * SECURITY UPDATE: Crash after failed character conversion at log level 3
    or above
    - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
      is never read warning.
    - debian/patches/CVE-2019-14907-2.patch: do not print the failed to
      convert string into the logs.
    - CVE-2019-14907
  * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
    - debian/patches/CVE-2019-19344.patch: fix use after free in
      dns_tombstone_records_zone.
    - CVE-2019-19344

Author: Mathieu Parent
Author Date: 2019-09-30 11:37:50 UTC

Import patches-unapplied version 2:4.11.0+dfsg-5 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 5f8948b644d212fc152af4df2ed57cc822b75d2c

New changelog entries:
  * d/gitlabracadabra.yml: only_allow_merge_if_pipeline_succeeds: false
  * Remove patches:
    - "build: Remove tests for _readdir() and __readdir()"
    - "build: Remove tests for rdchk()"
    - "build: Remove tests for _pwrite() and __pwrite()"
  * Add patches by Ralph Boehme:
    - "wscript: remove all checks for _FUNC and __FUNC"
    - "wscript: split function check to one per line and sort alphabetically"

Author: Mathieu Parent
Author Date: 2019-05-08 20:23:37 UTC

Import patches-unapplied version 2:4.5.16+dfsg-1+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: db473a7b814f01c04cffd24a0b2369f635a2eb37

New changelog entries:
  * This is a security release in order to address the following defect:
    - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

Author: Steve Beattie
Author Date: 2019-08-30 18:07:19 UTC

Import patches-unapplied version 2:4.10.7+dfsg-0ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ebf5bd267d52783c68bf662419b69c33785528c

New changelog entries:
  * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
    - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
      out impersonation debug info into a new function.
    - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
      change_to_user_internal() always resets current_user.done_chdir
    - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
      reset current_user.{need,done}_chdir in become_root()
    - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
      fsrvp_share its own independent subdirectory
    - debian/patches/CVE-2019-10197-05-v4-10.patch:
      test_smbclient_s3.sh: add regression test for the no permission
      on share root problem
    - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
      change_to_user_impersonate() out of change_to_user_internal()
    - CVE-2019-10197

Author: Steve Beattie
Author Date: 2019-08-30 18:07:19 UTC

Import patches-unapplied version 2:4.10.7+dfsg-0ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ebf5bd267d52783c68bf662419b69c33785528c

New changelog entries:
  * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
    - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
      out impersonation debug info into a new function.
    - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
      change_to_user_internal() always resets current_user.done_chdir
    - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
      reset current_user.{need,done}_chdir in become_root()
    - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
      fsrvp_share its own independent subdirectory
    - debian/patches/CVE-2019-10197-05-v4-10.patch:
      test_smbclient_s3.sh: add regression test for the no permission
      on share root problem
    - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
      change_to_user_impersonate() out of change_to_user_internal()
    - CVE-2019-10197

Author: Rafael David Tinoco
Author Date: 2019-07-11 18:00:50 UTC

Import patches-unapplied version 2:4.10.0+dfsg-0ubuntu2.3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Upload parent: 3f319f3aa2d6bd6b3d22f5a308f6af414f4dd38c

Author: Mathieu Parent
Author Date: 2019-06-20 05:53:26 UTC

Import patches-unapplied version 2:4.9.5+dfsg-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ef94e0a6ba1e808e55126cc1af095f10f1ffcb1c

New changelog entries:
  * This is a security release in order to address the following defect:
    - CVE-2019-12435 zone operations can crash rpc server
  * Add missing Breaks+Replace found by piuparts (Closes: #929217)
    Thanks Andreas Beckmann!

Author: Marc Deslauriers
Author Date: 2019-05-08 13:41:47 UTC

Import patches-unapplied version 2:4.8.4+dfsg-2ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4c4ad488e6b9cb0e1accb95038fceaeab6467905

New changelog entries:
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/torture/krb5/kdc-canon-heimdal.c.
    - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

Author: Marc Deslauriers
Author Date: 2019-05-08 13:41:47 UTC

Import patches-unapplied version 2:4.8.4+dfsg-2ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4c4ad488e6b9cb0e1accb95038fceaeab6467905

New changelog entries:
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/torture/krb5/kdc-canon-heimdal.c.
    - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

Author: Marc Deslauriers
Author Date: 2019-05-08 13:41:47 UTC

Import patches-unapplied version 2:4.8.4+dfsg-2ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4c4ad488e6b9cb0e1accb95038fceaeab6467905

New changelog entries:
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/torture/krb5/kdc-canon-heimdal.c.
    - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

Author: Marc Deslauriers
Author Date: 2019-04-08 14:32:30 UTC

Import patches-unapplied version 2:4.10.0+dfsg-0ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: d22a1d10b16545b0efecad4440f404eff07e079b

New changelog entries:
  * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
    - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
      umask being overwritten in python/samba/tests/ntacls_backup.py,
      python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
      selftest/knownfail.d/umask-leak.
    - debian/patches/CVE-2019-3870-2.patch: add test to check
      file-permissions are correct after provision in
      selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
      source4/setup/tests/provision_fileperms.sh.
    - debian/patches/CVE-2019-3870-3.patch: include tests to show the
      outside umask has no impact in python/samba/tests/ntacls_backup.py,
      python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
    - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
      close as possible to users in source3/smbd/pysmbd.c,
      selftest/knownfail.d/provision_fileperms,
      selftest/knownfail.d/umask-leak.
    - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
      smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
      source3/smbd/pysmbd.c.
    - CVE-2019-3870
  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

Author: Marc Deslauriers
Author Date: 2019-04-01 14:10:22 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.14.04.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 417fedd5c629f2caf559bab81b9f198f7444e386

New changelog entries:
  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

Author: Marc Deslauriers
Author Date: 2019-04-01 14:10:22 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.14.04.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 417fedd5c629f2caf559bab81b9f198f7444e386

New changelog entries:
  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

Author: Marc Deslauriers
Author Date: 2019-04-01 14:10:22 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.14.04.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 417fedd5c629f2caf559bab81b9f198f7444e386

New changelog entries:
  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

Author: Andreas Hasenack
Author Date: 2019-03-29 19:45:27 UTC

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.8 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: ae2696b847e6a1bea0cfa231ab7451150da1ac46

New changelog entries:
  * Backport function to set protocol levels (LP: #1778322):
    - d/p/add-smbc_setOptionProtocols.patch: add function to set protocol
      levels
    - d/libsmbclient.symbols: add smbc_setOptionProtocols

Author: Andreas Hasenack
Author Date: 2019-03-29 00:45:02 UTC

Import patches-unapplied version 2:4.8.4+dfsg-2ubuntu2.2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 8a2846583c8e402ca2782c2211d435e4b4821969

Author: Christian Ehrhardt 
Author Date: 2018-10-16 07:55:34 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.14.04.18 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Upload parent: 205a6f2bb1852c1b099cdd6fcd7a28e1db390099

Author: Andreas Hasenack
Author Date: 2018-10-09 17:32:16 UTC

Import patches-unapplied version 2:4.8.4+dfsg-2ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: ce0fe6a620fc88cb9b138fec72218137e70db2eb

Author: Christian Ehrhardt 
Author Date: 2018-09-24 10:08:45 UTC

Import patches-unapplied version 2:4.3.11+dfsg-0ubuntu0.16.04.17 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 3aca2a1f657faea494e98734a9744b93a99fe333

New changelog entries:
  * d/samba.nmbd.init, d/samba.samba-ad-dc.init, d/samba.smbd.init, d/winbind.init
    avoid issues due to init scripts misdetecting services (LP: #1792400)
    - use --pidfile on --start to not block on same binaries running in
      containers
    - use --exec on --stop to not cause unintended processes to be acted on,
      if the old process terminated without being able to remove the pid-file.

Author: Andreas Hasenack
Author Date: 2018-04-18 14:49:55 UTC

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d5440066d851bdcebee5399a1029b95fa7357261

New changelog entries:
  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
    Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)

Author: Ubuntu Git Importer
Author Date: 2018-03-20 04:49:57 UTC

pristine-tar data for samba_4.8.0+dfsg.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-16 13:57:12 UTC

pristine-tar data for samba_4.7.6+dfsg~ubuntu.orig.tar.gz

Author: Marc Deslauriers
Author Date: 2018-03-06 15:43:27 UTC

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3.2 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 449990910520d558997c322d0d1c595d82489957

New changelog entries:
  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

Author: Marc Deslauriers
Author Date: 2018-03-06 15:43:27 UTC

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3.2 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 449990910520d558997c322d0d1c595d82489957

New changelog entries:
  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

Author: Marc Deslauriers
Author Date: 2018-03-06 15:43:27 UTC

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3.2 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 449990910520d558997c322d0d1c595d82489957

New changelog entries:
  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

Author: Mathieu Parent
Author Date: 2017-11-12 10:10:53 UTC

Import patches-unapplied version 2:4.2.14+dfsg-0+deb8u9 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: a17b1f40c91997c4632a430bdbb74ba23aeb81e3

New changelog entries:
  * This is a security release in order to address the following defects:
    - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when
      talloc buffer is grown.
    - CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
  * This is a security release in order to address the following defects:
    - CVE-2017-12150: Some code path don't enforce smb signing, when they should
    - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects
    - CVE-2017-12163: Server memory information leak over SMB1
  * This is a security release in order to address the following defect:
    - CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
      (Closes: #868209)

Author: Marc Deslauriers
Author Date: 2017-11-15 20:39:57 UTC

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.8 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 4c9a256a058a3e867677789dd8b74135b4ef79b3

New changelog entries:
  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

Author: Marc Deslauriers
Author Date: 2017-11-15 20:39:57 UTC

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.8 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 4c9a256a058a3e867677789dd8b74135b4ef79b3

New changelog entries:
  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

Author: Marc Deslauriers
Author Date: 2017-11-15 20:39:57 UTC

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.8 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 4c9a256a058a3e867677789dd8b74135b4ef79b3

New changelog entries:
  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

Author: Marc Deslauriers
Author Date: 2017-09-21 12:10:03 UTC

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: e233207f792582ee515bc230651f355da52fb56e

New changelog entries:
  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

Author: Marc Deslauriers
Author Date: 2017-09-21 12:10:03 UTC

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: e233207f792582ee515bc230651f355da52fb56e

New changelog entries:
  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

Author: Dariusz Gadomski
Author Date: 2017-08-23 09:50:15 UTC

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.6 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 6a5b8e810a41c4c473f153b5214c7797103bc306

New changelog entries:
  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

Author: Steve Beattie
Author Date: 2017-07-13 20:27:39 UTC

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.8 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: b19067875b037ec4682bc3e59d9ce0782b015056

New changelog entries:
  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

Author: Steve Beattie
Author Date: 2017-07-13 20:27:39 UTC

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.8 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: b19067875b037ec4682bc3e59d9ce0782b015056

New changelog entries:
  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

Author: Steve Beattie
Author Date: 2017-07-13 20:27:39 UTC

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.8 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: b19067875b037ec4682bc3e59d9ce0782b015056

New changelog entries:
  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

Author: Marc Deslauriers
Author Date: 2017-03-28 13:43:30 UTC

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 069455890bb2ad4cfe1af1b2827929cdeb7edb5f

New changelog entries:
  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

Author: Marc Deslauriers
Author Date: 2017-03-28 13:43:30 UTC

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 069455890bb2ad4cfe1af1b2827929cdeb7edb5f

New changelog entries:
  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

Author: Marc Deslauriers
Author Date: 2017-03-28 13:43:30 UTC

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 069455890bb2ad4cfe1af1b2827929cdeb7edb5f

New changelog entries:
  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

Author: Nish Aravamudan
Author Date: 2017-03-06 19:13:41 UTC

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 23a266d5daf694202eb925859b8c0f203a30bcde
Upload parent: 7db4a22cfd30960224a0c0b3a1dd06c05fc253ee

New changelog entries:
  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

Author: Jorge Niedbalski
Author Date: 2016-11-09 15:00:31 UTC

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 9b4a761534326933f47f322a54742464a9c0d46b

New changelog entries:
  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
    to be statically linked fixes LP: #1584485.
  * d/rules: Compile winbindd/winbindd statically.

Author: Matthias Klose
Author Date: 2016-09-18 10:26:52 UTC

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: fbbc01bd3ed9532d878bc79a951829ede41ef1df

New changelog entries:
  * No-change rebuild for readline soname change.

Author: Marc Deslauriers
Author Date: 2016-05-20 12:09:44 UTC

Import patches-unapplied version 2:4.3.9+dfsg-0ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 20d3f3ec13ee9684e3229a6670eebec6a7b235e2

New changelog entries:
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

Author: Marc Deslauriers
Author Date: 2016-05-20 12:09:44 UTC

Import patches-unapplied version 2:4.3.9+dfsg-0ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 20d3f3ec13ee9684e3229a6670eebec6a7b235e2

New changelog entries:
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

Author: Marc Deslauriers
Author Date: 2016-05-20 12:09:44 UTC

Import patches-unapplied version 2:4.3.9+dfsg-0ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 20d3f3ec13ee9684e3229a6670eebec6a7b235e2

New changelog entries:
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

Author: Marc Deslauriers
Author Date: 2016-04-12 11:26:29 UTC

Import patches-unapplied version 2:4.3.8+dfsg-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: cb1dadeb15264401490ef937bd362ea89d33e697

New changelog entries:
  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
      protection
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

Author: Salvatore Bonaccorso
Author Date: 2016-03-11 20:14:09 UTC

Import patches-unapplied version 2:3.6.6-6+deb7u7 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: a08ebe048002f7b2c236953aa985201b643c1bf9

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * s3:smbd: fix a corner case of the symlink verification.
    Address regression introduced by the patch for CVE-2015-5252. For the
    share path "/", the introduced checks deny all operations in the share.
    (Closes: #812429)
  * CVE-2015-7560: Incorrect ACL get/set allowed on symlink path
  * Non-maintainer upload by the Security Team.
  * Refresh waf-as-source.patch patch
  * Add CVE-2015-5252-v3-6-bso11395.patch patch.
    CVE-2015-5252: Insufficient symlink verification in smbd.
  * Add CVE-2015-5299-v3-6-bso11529.patch patch.
    CVE-2015-5299: Missing access control check in shadow copy code.
  * Add CVE-2015-5296-v3-6-bso11536.patch patch.
    CVE-2015-5296: Samba client requesting encryption vulnerable to
    downgrade attack.

Author: Marc Deslauriers
Author Date: 2016-01-04 15:36:48 UTC

Import patches-unapplied version 2:4.1.13+dfsg-4ubuntu3.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: d9dbb1cfcd80976dce41919f59c7d6424bec600e

New changelog entries:
  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.

Author: Marc Deslauriers
Author Date: 2016-01-04 15:36:48 UTC

Import patches-unapplied version 2:4.1.13+dfsg-4ubuntu3.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: d9dbb1cfcd80976dce41919f59c7d6424bec600e

New changelog entries:
  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.

Author: Marc Deslauriers
Author Date: 2016-01-04 15:36:48 UTC

Import patches-unapplied version 2:4.1.13+dfsg-4ubuntu3.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: d9dbb1cfcd80976dce41919f59c7d6424bec600e

New changelog entries:
  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.

Author: Sebastien Bacher
Author Date: 2015-11-10 18:04:30 UTC

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu3 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: da4455ba698453c60baef155215f9845247ef625

New changelog entries:
  * debian/samba.logrotate:
    - revert to Debian version of the logrotate reload command, fix an
      invalid syntax introduced in the upstart->systemd transition
      (lp: #1385868)

Author: Robert Ancell
Author Date: 2015-08-10 23:34:50 UTC

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: fd9fe4fd53a3f1a3b38ca87a6829e31298669f5e

New changelog entries:
  * debian/control:
    - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

Author: Sebastien Bacher
Author Date: 2015-04-03 15:20:06 UTC

Import patches-unapplied version 2:4.1.13+dfsg-4ubuntu3 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: e1b9833f1d90af3c9cc8e14306871439b662c228

New changelog entries:
  * debian/patches/git_timeout_client_error.patch:
    - don't let smb mounts timeout that leads to errors when trying to
      reuse a mount after idling for a while in e.g nautilus (lp: #310932)

Author: Sebastien Bacher
Author Date: 2015-04-03 15:20:06 UTC

Import patches-unapplied version 2:4.1.13+dfsg-4ubuntu3 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: e1b9833f1d90af3c9cc8e14306871439b662c228

New changelog entries:
  * debian/patches/git_timeout_client_error.patch:
    - don't let smb mounts timeout that leads to errors when trying to
      reuse a mount after idling for a while in e.g nautilus (lp: #310932)

Author: Marc Deslauriers
Author Date: 2015-02-23 14:07:06 UTC

Import patches-unapplied version 2:4.1.11+dfsg-1ubuntu2.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: a557ca93956f9fb17c148768ac55456d6312d60c

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240

Author: Marc Deslauriers
Author Date: 2015-02-23 14:07:06 UTC

Import patches-unapplied version 2:4.1.11+dfsg-1ubuntu2.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: a557ca93956f9fb17c148768ac55456d6312d60c

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240

Author: Marc Deslauriers
Author Date: 2015-02-23 14:07:06 UTC

Import patches-unapplied version 2:4.1.11+dfsg-1ubuntu2.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: a557ca93956f9fb17c148768ac55456d6312d60c

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240

Author: Serge Hallyn
Author Date: 2014-09-11 16:53:36 UTC

Import patches-unapplied version 2:4.1.11+dfsg-1ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 59c3e6413888ee57fce93a89d85b846fc70cd553

New changelog entries:
  * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
    pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)

Author: Serge Hallyn
Author Date: 2014-09-11 16:53:36 UTC

Import patches-unapplied version 2:4.1.11+dfsg-1ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 59c3e6413888ee57fce93a89d85b846fc70cd553

New changelog entries:
  * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
    pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)

Author: Marc Deslauriers
Author Date: 2014-06-23 18:58:05 UTC

Import patches-unapplied version 2:3.6.18-1ubuntu3.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: ad629032b5d1cc7a5b90c3bb013a4511eb2b56f3

New changelog entries:
  * SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
    - debian/patches/CVE-2014-0178.patch: don't return uninitialized data
      and extra bytes in source3/smbd/nttrans.c.
    - CVE-2014-0178
  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Marc Deslauriers
Author Date: 2014-06-23 19:07:40 UTC

Import patches-unapplied version 2:3.4.7~dfsg-1ubuntu3.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 424eaa95425711d3ed5d30e65eb699123bf9e77c

New changelog entries:
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Marc Deslauriers
Author Date: 2014-06-23 19:07:40 UTC

Import patches-unapplied version 2:3.4.7~dfsg-1ubuntu3.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 424eaa95425711d3ed5d30e65eb699123bf9e77c

New changelog entries:
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Marc Deslauriers
Author Date: 2014-06-23 18:58:05 UTC

Import patches-unapplied version 2:3.6.18-1ubuntu3.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: ad629032b5d1cc7a5b90c3bb013a4511eb2b56f3

New changelog entries:
  * SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
    - debian/patches/CVE-2014-0178.patch: don't return uninitialized data
      and extra bytes in source3/smbd/nttrans.c.
    - CVE-2014-0178
  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Marc Deslauriers
Author Date: 2014-06-23 18:58:05 UTC

Import patches-unapplied version 2:3.6.18-1ubuntu3.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: ad629032b5d1cc7a5b90c3bb013a4511eb2b56f3

New changelog entries:
  * SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
    - debian/patches/CVE-2014-0178.patch: don't return uninitialized data
      and extra bytes in source3/smbd/nttrans.c.
    - CVE-2014-0178
  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Marc Deslauriers
Author Date: 2014-06-23 19:07:40 UTC

Import patches-unapplied version 2:3.4.7~dfsg-1ubuntu3.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 424eaa95425711d3ed5d30e65eb699123bf9e77c

New changelog entries:
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493

Author: Steve Langasek
Author Date: 2014-04-04 02:08:03 UTC

Import patches-unapplied version 2:4.1.6+dfsg-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: eac0063ea3fbc50f750588621d77d605e1333973

New changelog entries:
  * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
    upgrade.

Author: Marc Deslauriers
Author Date: 2014-03-17 12:53:51 UTC

Import patches-unapplied version 2:3.6.6-3ubuntu5.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: a7c8d1a2d23d85b0e675247d1686102e3384e3e6

New changelog entries:
  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496

Author: Marc Deslauriers
Author Date: 2014-03-17 12:53:51 UTC

Import patches-unapplied version 2:3.6.6-3ubuntu5.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: a7c8d1a2d23d85b0e675247d1686102e3384e3e6

New changelog entries:
  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496

Author: Marc Deslauriers
Author Date: 2014-03-17 12:53:51 UTC

Import patches-unapplied version 2:3.6.6-3ubuntu5.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: a7c8d1a2d23d85b0e675247d1686102e3384e3e6

New changelog entries:
  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496

Author: Ivo De Decker
Author Date: 2013-12-03 09:27:43 UTC

Import patches-unapplied version 2:3.5.6~dfsg-3squeeze11 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 1827c99e7e62c8f0c54d2a0082871c1f4691521f

New changelog entries:
  * Security update
  * CVE-2013-4408: DCERPC frag_len not checked

Author: Marc Deslauriers
Author Date: 2013-12-09 15:32:37 UTC

Import patches-unapplied version 2:3.6.9-1ubuntu1.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 2ff0c034bcbc22b0e47e16b6e15a3e3dd5429750

New changelog entries:
  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408

Author: Marc Deslauriers
Author Date: 2013-12-09 15:32:37 UTC

Import patches-unapplied version 2:3.6.9-1ubuntu1.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 2ff0c034bcbc22b0e47e16b6e15a3e3dd5429750

New changelog entries:
  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408

Author: Marc Deslauriers
Author Date: 2013-12-09 15:32:37 UTC

Import patches-unapplied version 2:3.6.9-1ubuntu1.2 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 2ff0c034bcbc22b0e47e16b6e15a3e3dd5429750

New changelog entries:
  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408

Author: Matthias Klose
Author Date: 2013-10-09 10:01:48 UTC

Import patches-unapplied version 2:3.6.18-1ubuntu3 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 0776e841ab33f81d771b6c520a6c9fe36b08fd47

New changelog entries:
  * Update config.{guess,sub} for AArch64.

Author: Matthias Klose
Author Date: 2013-10-09 10:01:48 UTC

Import patches-unapplied version 2:3.6.18-1ubuntu3 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 0776e841ab33f81d771b6c520a6c9fe36b08fd47

New changelog entries:
  * Update config.{guess,sub} for AArch64.

Author: Bryan Quigley
Author Date: 2013-07-10 18:45:45 UTC

Import patches-unapplied version 2:3.6.6-3ubuntu5.1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 8b02386def1cf9e2ebd1297d3ef601bbafff62bd

New changelog entries:
  * Fix login with expiring user passwords (LP: #1003296)
    - Fixed in Samba 3.6.9 (Samba bug: 9013)

Author: Bryan Quigley
Author Date: 2013-07-10 16:25:17 UTC

Import patches-unapplied version 2:3.6.3-2ubuntu2.7 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 61c58d605dfd7e789178b99b665801c6d58aeb09

New changelog entries:
  * Fix login with expiring user passwords (LP: #1003296)
    - Fixed in Samba 3.6.9 (Samba bug: 9013)

Author: James Page
Author Date: 2012-11-23 14:34:04 UTC

Import patches-unapplied version 2:3.6.9-1ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 301e2a1116586a985ae082280b656251ddbd05dd

New changelog entries:
  * Merge from Debian experimental, remaining changes:
    + debian/patches/VERSION.patch:
      - set SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/control:
      - Don't build against or suggest ctdb.
      - Add dependency on samba-common-bin to samba.
    + Add ufw integration:
      - Created debian/samba.ufw.profile
      - debian/rules, debian/samba.install: install profile.
      - debian/control: have samba suggest ufw.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debian/samba-common-bin.install: install hook.
    + Switch to upstart:
      - Added debian/samba.{nmbd,smbd}.upstart.
      - Added debian/winbind.upstart.
      - debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
        Make upstart compatible.
    + d/rules: Drop explicit configuration options for ctdb.
  * Dropped changes; included upstream:
    + d/patches/cups-1.6.1_compat.patch: Cherry picked patch from upstream VCS
      for compatibility with cups >= 1.6.
    + Change "net share allowedusers" to use RPC call that works with
      Microsoft Windows 2008 r2.

Author: James Page
Author Date: 2012-11-23 14:34:04 UTC

Import patches-unapplied version 2:3.6.9-1ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 301e2a1116586a985ae082280b656251ddbd05dd

New changelog entries:
  * Merge from Debian experimental, remaining changes:
    + debian/patches/VERSION.patch:
      - set SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/control:
      - Don't build against or suggest ctdb.
      - Add dependency on samba-common-bin to samba.
    + Add ufw integration:
      - Created debian/samba.ufw.profile
      - debian/rules, debian/samba.install: install profile.
      - debian/control: have samba suggest ufw.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debian/samba-common-bin.install: install hook.
    + Switch to upstart:
      - Added debian/samba.{nmbd,smbd}.upstart.
      - Added debian/winbind.upstart.
      - debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
        Make upstart compatible.
    + d/rules: Drop explicit configuration options for ctdb.
  * Dropped changes; included upstream:
    + d/patches/cups-1.6.1_compat.patch: Cherry picked patch from upstream VCS
      for compatibility with cups >= 1.6.
    + Change "net share allowedusers" to use RPC call that works with
      Microsoft Windows 2008 r2.

Author: Olly Betts
Author Date: 2012-10-05 11:52:33 UTC

Import patches-unapplied version 2:3.6.6-3ubuntu5 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: a6169a73ee53f8fefbfbfa59f11c8e254ea6cee4

New changelog entries:
  * Change "net share allowedusers" to use RPC call that works with
    Microsoft Windows 2008 r2 (LP: #1061244).

Author: James Page
Author Date: 2012-06-08 15:25:06 UTC

Import patches-unapplied version 2:3.4.7~dfsg-1ubuntu3.11 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: a832dd4321e27e434a6d00ae128cf31f661e1793

New changelog entries:
  * d/samba.nmbd.upstart: Ignore the return code of testparm in pre-start;
    it's used to query the configuration NOT to validate it in this context
    which generates alot of bug reports for unrelated configuration issues
    (LP: #791944).

Author: Steve Langasek
Author Date: 2012-04-24 05:50:47 UTC

Import patches-applied version 2:3.5.6~dfsg-3squeeze8 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 8080322d53d846c9fcc1a4af26a5a3e3a75e3483
Unapplied parent: 2e100de75b9024fda0eaaa19a5e74eca8400f518

New changelog entries:
  * Security update, fixing CVE-2012-2111: security=ads allows users to
    grant themselves additional privileges on the server.
  * Security update, fixing CVE-2012-1182: PIDL based autogenerated code
    allows overwriting beyond of allocated array

Author: Christian Perrier
Author Date: 2012-05-01 06:07:39 UTC

Import patches-applied version 2:3.6.5-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 8a8520f407475db8e6b57d69c48d1dfdeed4c64b
Unapplied parent: 61b295e8022bbf815ddcd2677b528fafa5c068a8

New changelog entries:
  * New upstream release. Fixes CVE-2012-2111: Incorrect permission
    checks when granting/removing privileges can compromise file
    server security.
  * Build-Depend on debhelper >= 9~ (which is in unstable for a few
    months now)
  * Use "set -e" in maintainer scripts instead of passing -e in the
    shebang line
  * Update Standards to 3.9.3 (checked, no change)