Merge ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125 into ubuntu/+source/samba:debian/sid

Proposed by Andreas Hasenack on 2018-06-22
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 7bbdf71f4f230e588045d039f9e0912e5ed4ed77
Proposed branch: ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125
Merge into: ubuntu/+source/samba:debian/sid
Diff against target: 1601 lines (+1289/-21)
8 files modified
debian/changelog (+1089/-0)
debian/control (+4/-4)
debian/patches/VERSION.patch (+2/-2)
debian/rules (+4/-2)
debian/samba-common-bin.install (+1/-0)
debian/samba-common.config (+4/-4)
debian/smb.conf (+15/-9)
debian/source_samba.py (+170/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  2018-06-22 Approve on 2018-08-22
Canonical Server Team 2018-06-22 Pending
Review via email: mp+348424@code.launchpad.net

Description of the change

Merge from Debian's 4.8.2.

This is a package where git ubuntu merge start crashed, so I did that part manually.

This merge has some interesting aspects:
- our old delta included an upstream version bump (debian had 4.7.4, we went with 4.7.6). This can be seen in the git logs, and was of course dropped when rebasing on new/debian
- samba 4.8.x requires a newer libldb, which is already in cosmic-proposed for a month but hasn't migrated because samba needs to be rebuilt with it, so it's stuck. Any new upload of samba would unstuck it, even a 4.7.x one, but so will this 4.8 MP.
- here is a PPA with test packages for all architectures where samba was built with the new libldb: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-merge-4.8-1778125/+packages (ppa:ahasenack/samba-merge-4.8-1778125)
- debian fixed bugs that also affected our package, so these bugs will be marked as fix released manually:
  https://pad.lv/1773679 samba-dbg not found
  https://pad.lv/1748267 dep8 test user
- this one was fixed upstream in samba 4.8:
  https://pad.lv/1752878 fullsync support for timemachine

I added a fix for a logrotate issue (#1760855) and also submitted it to debian (#902149)

Here are DEP8 tests run with the packages from that PPA: http://people.ubuntu.com/~ahasenack/dep8-samba-4.8-1778125/

To post a comment you must log in.
Christian Ehrhardt  (paelzer) wrote :

Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "syslog" option is deprecated

Should we do something about this on the merge?

review: Needs Information
Andreas Hasenack (ahasenack) wrote :

Yes, I can finally tackle that now I think.

Christian Ehrhardt  (paelzer) wrote :

Some changes needed to be adapted like dhclient3, but all LGTM.
Overall retained Delta - all in and as-is or correctly adapted.
Dropped Delta - acl to what was dropped

Christian Ehrhardt  (paelzer) wrote :

acl => ack

Christian Ehrhardt  (paelzer) wrote :

I did some install/upgrade tests and hit no issues.

As discussed please also run the qa-regresssion-test against the new upload.

Under the condition that these tests work as well and some minor changelog cleanup as we discussed on IRC +1

review: Approve
Andreas Hasenack (ahasenack) wrote :
Andreas Hasenack (ahasenack) wrote :

What is failing with 4.8.2, and passing with 4.7.6, is this simple construct on a cifs mountpoint:

root@ubuntu:~# echo hello > $(mktemp /mnt/hello.XXXXXX)
-su: $(mktemp /mnt/hello.XXXXXX): Permission denied
root@ubuntu:~# l /mnt/hello.JJocjv
-rw-------+ 1 nobody nogroup 0 Jun 25 17:56 /mnt/hello.JJocjv
root@ubuntu:~#

The share is just:
[tmp]
 comment = Temp Directory
 guest ok = Yes
 path = /tmp
 read only = No

Since it's a guest connection, the user on the server side is effectively nobody/nogroup, so he should be able to write to the file.

I emailed samba@.

Andreas Hasenack (ahasenack) wrote :

Reading from that file also fails.

Andreas Hasenack (ahasenack) wrote :

I submitted a bug upstream: https://bugzilla.samba.org/show_bug.cgi?id=13486

I'm not sure what we do now. I don't know when this bug will get attention.

libldb is still stuck in proposed as it needs a samba build. It could be the current 4.7.6 one, we just need to upload it again with a version bump. Or we wait.

Andreas Hasenack (ahasenack) wrote :

Another MP to just rebuild cosmic's current samba (4.7.6) with the stuck ldb: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348888

Robie Basak (racb) wrote :

Blocked on samba upstream bug but otherwise ready to merge. Ask Andreas before uploading.

Christian Ehrhardt  (paelzer) wrote :

This is an ugly dead-lock :-/
The adoption of the new code would be good for so many things CVEs and normal fixes/improvements.

Since the smb bug tracker user creation takes a while, could you poll there please?

I wonder how critical that new bug is in comparison to the improvements. Maybe we want to merge as is and be more pressing on the upstream bug to backport something hopefully between FF and Release.
But upstream had nothing so far after a few initial "could you try this" :-/

Andreas Hasenack (ahasenack) wrote :

Reopening this, after I rebased it on 4.8.4. Given that the regression bug is also present in 4.7.7, and in 4.8.1 and later in the 4.8.x series, I believe either not many people are affected, or it's not important enough, because these releases have been out there for some time now. The benefits outweigh the cons here in my opinion.

Bileto ticket: https://bileto.ubuntu.com/#/ticket/3373

There is a nagging gvfs s390x test failure: http://autopkgtest.ubuntu.com/packages/gvfs/cosmic/s390x looks like it "never" passed and is not related to samba. I will try it in s390x later to see if I can reproduce it, file a bug upstream if that's the case, etc, we know the drill.

Andreas Hasenack (ahasenack) wrote :

Actually, the gvfs s390x failure is a force-badtest already, so it's expected and won't block this migration:
andreas@nsnx:~/bzr/hints-ubuntu$ grep gvfs *
ubuntu-release:force-badtest gvfs/1.36.1-0ubuntu1/ppc64el gvfs/1.36.1-0ubuntu1/s390x gvfs/1.36.1-0ubuntu3/ppc64el gvfs/1.36.1-0ubuntu3/s390x

Andreas Hasenack (ahasenack) wrote :

Everything is in place in cosmic-proposed for this upload: ldb is currently just waiting on a samba rebuild (http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#ldb)

trying: ldb
skipped: ldb (15, 3, 7)
    got: 22+0: a-4:a-3:a-5:i-3:p-3:s-4
    * s390x: samba-dsdb-modules

Christian Ehrhardt  (paelzer) wrote :

With your logrotate and syslog changes in Debian this looks even better :-)
Tests are good - I checked a bit on my own and the links are as you said onle the gvfs which doesn't matter.

The corner case issue we found in testing really should not stop all these new things from going in. And we have plenty of time to work on that once upstream replies on your bugs.

So what is the state now - still as approved as before?

review: Approve
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/samba
 * [new tag] upload/2%4.8.4+dfsg-2ubuntu1 -> upload/2%4.8.4+dfsg-2ubuntu1

Christian Ehrhardt  (paelzer) wrote :

You are still not an uplader of samba :-/
But I don't want to push on my own without your final call to do so.
I made the tag ready, so that anyone can sponsor in case I'm not available.

Andreas Hasenack (ahasenack) wrote :

Thanks, I'll do a final check first thing when I get in

On Wed, Aug 22, 2018, 06:29  Christian Ehrhardt  <
<email address hidden>> wrote:

> You are still not an uplader of samba :-/
> But I don't want to push on my own without your final call to do so.
> I made the tag ready, so that anyone can sponsor in case I'm not available.
> --
>
> https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
> You are the owner of
> ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125.
>
> Launchpad-Message-Rationale: Owner
> Launchpad-Message-For: ahasenack
> Launchpad-Notification-Type: code-review
> Launchpad-Branch:
> ~ahasenack/ubuntu/+source/samba/+git/samba:cosmic-samba-merge-4.8-1778125
>

Andreas Hasenack (ahasenack) wrote :

Please proceed with the upload/sponsorship, thanks

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 0f793e2..cbab972 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,41 @@
6+samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #1778125). Remaining changes:
9+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
10+ - debian/smb.conf;
11+ + Add "(Samba, Ubuntu)" to server string.
12+ + Comment out the default [homes] share, and add a comment about
13+ "valid users = %s" to show users how to restrict access to
14+ \\server\username to only username.
15+ - debian/samba-common.config:
16+ + Do not change priority to high if dhclient3 is installed.
17+ - Add apport hook:
18+ + Created debian/source_samba.py.
19+ + debian/rules, debian/samba-common-bin.install: install hook.
20+ - d/control, d/rules: Disable glusterfs support because it's not in main.
21+ MIR bug is https://launchpad.net/bugs/1274247
22+ * Drop:
23+ - Add extra DEP8 tests to samba (LP #1696823):
24+ + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
25+ + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
26+ anonymously
27+ + d/t/control, d/t/smbclient-authenticated-share-list: list available
28+ shares using an authenticated connection
29+ + d/t/control, d/t/smbclient-share-access: create a share and download a
30+ file from it
31+ [Accepted by Debian in 2:4.7.4+dfsg-2]
32+ - d/samba-common.dhcp: If systemctl is available, use it to query the
33+ status of the smbd service before trying to reload it. Otherwise,
34+ keep the same check as before and reload the service based on the
35+ existence of the initscript. (LP #1579597)
36+ [In Debian since 2:4.7.4+dfsg-2]
37+ - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
38+ [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
39+ Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
40+ [Fixed upstream]
41+
42+ -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300
43+
44 samba (2:4.8.4+dfsg-2) unstable; urgency=high
45
46 * Fix typo in previous release: s/usefull/useful/
47@@ -155,6 +193,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
48
49 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100
50
51+samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
52+
53+ * No change rebuild to link with new ldb 1.3.3
54+
55+ -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300
56+
57+samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
58+
59+ * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
60+ [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
61+ Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
62+
63+ -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300
64+
65+samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
66+
67+ * New upstream version:
68+ - Fix database corruption bug when upgrading from samba 4.6 or lower
69+ AD controllers (LP: #1755057)
70+ - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
71+ * Remaining changes:
72+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
73+ - debian/smb.conf;
74+ + Add "(Samba, Ubuntu)" to server string.
75+ + Comment out the default [homes] share, and add a comment about
76+ "valid users = %s" to show users how to restrict access to
77+ \\server\username to only username.
78+ - debian/samba-common.config:
79+ + Do not change priority to high if dhclient3 is installed.
80+ - Add apport hook:
81+ + Created debian/source_samba.py.
82+ + debian/rules, debian/samba-common-bin.install: install hook.
83+ - Add extra DEP8 tests to samba (LP #1696823):
84+ + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
85+ + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
86+ anonymously
87+ + d/t/control, d/t/smbclient-authenticated-share-list: list available
88+ shares using an authenticated connection
89+ + d/t/control, d/t/smbclient-share-access: create a share and download a
90+ file from it
91+ - d/samba-common.dhcp: If systemctl is available, use it to query the
92+ status of the smbd service before trying to reload it. Otherwise,
93+ keep the same check as before and reload the service based on the
94+ existence of the initscript. (LP #1579597)
95+ - d/control, d/rules: Disable glusterfs support because it's not in main.
96+ MIR bug is https://launchpad.net/bugs/1274247
97+
98+ -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300
99+
100 samba (2:4.7.4+dfsg-2) unstable; urgency=high
101
102 [ Mathieu Parent ]
103@@ -185,6 +272,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
104
105 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100
106
107+samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
108+
109+ * Merge with Debian unstable (LP: #1744779). Remaining changes:
110+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
111+ - debian/smb.conf;
112+ + Add "(Samba, Ubuntu)" to server string.
113+ + Comment out the default [homes] share, and add a comment about
114+ "valid users = %s" to show users how to restrict access to
115+ \\server\username to only username.
116+ - debian/samba-common.config:
117+ + Do not change priority to high if dhclient3 is installed.
118+ - Add apport hook:
119+ + Created debian/source_samba.py.
120+ + debian/rules, debian/samba-common-bin.install: install hook.
121+ - Add extra DEP8 tests to samba (LP #1696823):
122+ + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
123+ + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
124+ anonymously
125+ + d/t/control, d/t/smbclient-authenticated-share-list: list available
126+ shares using an authenticated connection
127+ + d/t/control, d/t/smbclient-share-access: create a share and download a
128+ file from it
129+ - d/samba-common.dhcp: If systemctl is available, use it to query the
130+ status of the smbd service before trying to reload it. Otherwise,
131+ keep the same check as before and reload the service based on the
132+ existence of the initscript. (LP #1579597)
133+ - d/control, d/rules: Disable glusterfs support because it's not in main.
134+ MIR bug is https://launchpad.net/bugs/1274247
135+
136+ -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200
137+
138 samba (2:4.7.4+dfsg-1) unstable; urgency=medium
139
140 * New upstream version
141@@ -201,6 +319,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
142
143 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100
144
145+samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
146+
147+ * Merge with Debian; remaining changes:
148+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
149+ - debian/smb.conf;
150+ + Add "(Samba, Ubuntu)" to server string.
151+ + Comment out the default [homes] share, and add a comment about
152+ "valid users = %s" to show users how to restrict access to
153+ \\server\username to only username.
154+ - debian/samba-common.config:
155+ + Do not change priority to high if dhclient3 is installed.
156+ - Add apport hook:
157+ + Created debian/source_samba.py.
158+ + debian/rules, debian/samba-common-bin.install: install hook.
159+ - Add extra DEP8 tests to samba (LP #1696823):
160+ + d/t/control: enable the new DEP8 tests
161+ + d/t/smbclient-anonymous-share-list: list available shares anonymously
162+ + d/t/smbclient-authenticated-share-list: list available shares using
163+ an authenticated connection
164+ + d/t/smbclient-share-access: create a share and download a file from it
165+ + d/t/cifs-share-access: access a file in a share using cifs
166+ - Ask the user if we can run testparm against the config file. If yes,
167+ include its stderr and exit status in the bug report. Otherwise, only
168+ include the exit status. (LP #1694334)
169+ - If systemctl is available, use it to query the status of the smbd
170+ service before trying to reload it. Otherwise, keep the same check
171+ as before and reload the service based on the existence of the
172+ initscript. (LP #1579597)
173+ - d/rules: Compile winbindd/winbindd statically.
174+ - Disable glusterfs support because it's not in main.
175+ MIR bug is https://launchpad.net/bugs/1274247
176+ - d/source_samba.py: use the new recommended findmnt(8) tool to list
177+ mountpoints and correctly filter by the cifs filesystem type.
178+
179+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500
180+
181 samba (2:4.7.3+dfsg-1) unstable; urgency=high
182
183 * New upstream version
184@@ -224,6 +378,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
185
186 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100
187
188+samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
189+
190+ * Merge with Debian; remaining changes:
191+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
192+ - debian/smb.conf;
193+ + Add "(Samba, Ubuntu)" to server string.
194+ + Comment out the default [homes] share, and add a comment about
195+ "valid users = %s" to show users how to restrict access to
196+ \\server\username to only username.
197+ - debian/samba-common.config:
198+ + Do not change priority to high if dhclient3 is installed.
199+ - Add apport hook:
200+ + Created debian/source_samba.py.
201+ + debian/rules, debian/samba-common-bin.install: install hook.
202+ - Add extra DEP8 tests to samba (LP #1696823):
203+ + d/t/control: enable the new DEP8 tests
204+ + d/t/smbclient-anonymous-share-list: list available shares anonymously
205+ + d/t/smbclient-authenticated-share-list: list available shares using
206+ an authenticated connection
207+ + d/t/smbclient-share-access: create a share and download a file from it
208+ + d/t/cifs-share-access: access a file in a share using cifs
209+ - Ask the user if we can run testparm against the config file. If yes,
210+ include its stderr and exit status in the bug report. Otherwise, only
211+ include the exit status. (LP #1694334)
212+ - If systemctl is available, use it to query the status of the smbd
213+ service before trying to reload it. Otherwise, keep the same check
214+ as before and reload the service based on the existence of the
215+ initscript. (LP #1579597)
216+ - d/rules: Compile winbindd/winbindd statically.
217+ - Disable glusterfs support because it's not in main.
218+ MIR bug is https://launchpad.net/bugs/1274247
219+ - d/source_samba.py: use the new recommended findmnt(8) tool to list
220+ mountpoints and correctly filter by the cifs filesystem type.
221+
222+ -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100
223+
224 samba (2:4.7.1+dfsg-1) unstable; urgency=medium
225
226 * New upstream version
227@@ -272,6 +462,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
228
229 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200
230
231+samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
232+
233+ * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
234+ they should
235+ - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
236+ into a specified one in source3/include/auth_info.h,
237+ source3/lib/popt_common.c, source3/lib/util_cmdline.c.
238+ - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
239+ source3/lib/util_cmdline.c.
240+ - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
241+ source3/libsmb/pylibsmb.c.
242+ - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
243+ libgpo/gpo_fetch.c.
244+ - debian/patches/CVE-2017-12150-5.patch: add check for
245+ NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
246+ - debian/patches/CVE-2017-12150-6.patch: add
247+ smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
248+ - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
249+ authentication was not requested in source3/libsmb/clidfs.c.
250+ - CVE-2017-12150
251+ * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
252+ redirects
253+ - debian/patches/CVE-2017-12151-1.patch: add
254+ cli_state_is_encryption_on() helper function to
255+ source3/libsmb/clientgen.c, source3/libsmb/proto.h.
256+ - debian/patches/CVE-2017-12151-2.patch: make use of
257+ cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
258+ source3/libsmb/libsmb_context.c.
259+ - CVE-2017-12151
260+ * SECURITY UPDATE: Server memory information leak over SMB1
261+ - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
262+ from writing server memory to file in source3/smbd/reply.c.
263+ - CVE-2017-12163
264+
265+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400
266+
267+samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
268+
269+ * d/source_samba.py: use the new recommended findmnt(8) tool to list
270+ mountpoints and correctly filter by the cifs filesystem type.
271+ (LP: #1703604)
272+
273+ -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300
274+
275+samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
276+
277+ * Merge with Debian unstable (LP: #1710281).
278+ - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
279+ symlinks to directories (LP: #1701073)
280+ * Remaining changes:
281+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
282+ - debian/smb.conf;
283+ + Add "(Samba, Ubuntu)" to server string.
284+ + Comment out the default [homes] share, and add a comment about
285+ "valid users = %s" to show users how to restrict access to
286+ \\server\username to only username.
287+ - debian/samba-common.config:
288+ + Do not change priority to high if dhclient3 is installed.
289+ - Add apport hook:
290+ + Created debian/source_samba.py.
291+ + debian/rules, debian/samba-common-bin.install: install hook.
292+ - Add extra DEP8 tests to samba (LP #1696823):
293+ + d/t/control: enable the new DEP8 tests
294+ + d/t/smbclient-anonymous-share-list: list available shares anonymously
295+ + d/t/smbclient-authenticated-share-list: list available shares using
296+ an authenticated connection
297+ + d/t/smbclient-share-access: create a share and download a file from it
298+ + d/t/cifs-share-access: access a file in a share using cifs
299+ - Ask the user if we can run testparm against the config file. If yes,
300+ include its stderr and exit status in the bug report. Otherwise, only
301+ include the exit status. (LP #1694334)
302+ - If systemctl is available, use it to query the status of the smbd
303+ service before trying to reload it. Otherwise, keep the same check
304+ as before and reload the service based on the existence of the
305+ initscript. (LP #1579597)
306+ - d/rules: Compile winbindd/winbindd statically.
307+ - Disable glusterfs support because it's not in main.
308+ MIR bug is https://launchpad.net/bugs/1274247
309+
310+ -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300
311+
312 samba (2:4.6.7+dfsg-1) unstable; urgency=medium
313
314 * New upstream version
315@@ -283,6 +554,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
316
317 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200
318
319+samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
320+
321+ * Merge with Debian unstable (LP: #1700644). Remaining changes:
322+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
323+ - debian/smb.conf;
324+ + Add "(Samba, Ubuntu)" to server string.
325+ + Comment out the default [homes] share, and add a comment about
326+ "valid users = %s" to show users how to restrict access to
327+ \\server\username to only username.
328+ - debian/samba-common.config:
329+ + Do not change priority to high if dhclient3 is installed.
330+ - Add apport hook:
331+ + Created debian/source_samba.py.
332+ + debian/rules, debian/samba-common-bin.install: install hook.
333+ - Add extra DEP8 tests to samba (LP #1696823):
334+ + d/t/control: enable the new DEP8 tests
335+ + d/t/smbclient-anonymous-share-list: list available shares anonymously
336+ + d/t/smbclient-authenticated-share-list: list available shares using
337+ an authenticated connection
338+ + d/t/smbclient-share-access: create a share and download a file from it
339+ + d/t/cifs-share-access: access a file in a share using cifs
340+ - Ask the user if we can run testparm against the config file. If yes,
341+ include its stderr and exit status in the bug report. Otherwise, only
342+ include the exit status. (LP #1694334)
343+ - If systemctl is available, use it to query the status of the smbd
344+ service before trying to reload it. Otherwise, keep the same check
345+ as before and reload the service based on the existence of the
346+ initscript. (LP #1579597)
347+ * Drop:
348+ - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
349+ [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
350+ fix-1584485.patch was dropped there.]
351+ - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
352+ pam_winbind krb5_ccache_type=FILE failure
353+ [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
354+ in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
355+ - debian/patches/winbind_trusted_domains.patch: make sure domain
356+ members can talk to trusted domains DCs.
357+ [Upstream committed a different fix, see updated patch attached to
358+ https://bugzilla.samba.org/show_bug.cgi?id=11830]
359+ - d/control: add libcephfs-dev as b-d to build vfs_ceph
360+ [Adopted by Debian in 2:4.6.5+dfsg-1]
361+ - debian/patches/CVE-2017-11103.patch: use encrypted service
362+ name rather than unencrypted (and therefore spoofable) version
363+ in heimdal
364+ [Adopted by Debian as
365+ d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
366+ - Cherrypick upstream patch to fix FTBFS with new ceph lib.
367+ [Merged upstream in 4.6.0rc1]
368+ * Disable glusterfs support because it's not in main.
369+ MIR bug is https://launchpad.net/bugs/1274247
370+
371+ -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300
372+
373 samba (2:4.6.5+dfsg-8) unstable; urgency=medium
374
375 * Remove dependency on update-inetd, not used anymore
376@@ -402,6 +727,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
377
378 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200
379
380+samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
381+
382+ * Cherrypick upstream patch to fix FTBFS with new ceph lib.
383+
384+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100
385+
386+samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
387+
388+ * SECURITY UPDATE: KDC-REP service name impersonation
389+ - debian/patches/CVE-2017-11103.patch: use encrypted service
390+ name rather than unencrypted (and therefore spoofable) version
391+ in heimdal
392+ - CVE-2017-11103
393+
394+ -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700
395+
396+samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
397+
398+ * No-change rebuild against libldb 1.1.29
399+
400+ -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700
401+
402+samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
403+
404+ * Add extra DEP8 tests to samba (LP: #1696823):
405+ - d/t/control: enable the new DEP8 tests
406+ - d/t/smbclient-anonymous-share-list: list available shares anonymously
407+ - d/t/smbclient-authenticated-share-list: list available shares using
408+ an authenticated connection
409+ - d/t/smbclient-share-access: create a share and download a file from it
410+ - d/t/cifs-share-access: access a file in a share using cifs
411+ * Ask the user if we can run testparm against the config file. If yes,
412+ include its stderr and exit status in the bug report. Otherwise, only
413+ include the exit status. (LP: #1694334)
414+ * If systemctl is available, use it to query the status of the smbd
415+ service before trying to reload it. Otherwise, keep the same check
416+ as before and reload the service based on the existence of the
417+ initscript. (LP: #1579597)
418+ * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
419+ module. There is a fixed version of that patch attached to
420+ #1677329 but it has not been vetted yet, so for now it's best
421+ to revert (again) so that pam_winbind can be used.
422+ (LP: #1677329, LP: #1644428)
423+
424+ -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700
425+
426+samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
427+
428+ * Merge from Debian unstable. Remaining changes:
429+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
430+ - debian/smb.conf;
431+ + Add "(Samba, Ubuntu)" to server string.
432+ + Comment out the default [homes] share, and add a comment about
433+ "valid users = %s" to show users how to restrict access to
434+ \\server\username to only username.
435+ - debian/samba-common.config:
436+ + Do not change priority to high if dhclient3 is installed.
437+ - Add apport hook:
438+ + Created debian/source_samba.py.
439+ + debian/rules, debian/samba-common-bin.install: install hook.
440+ - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
441+ pam_winbind krb5_ccache_type=FILE failure
442+ - debian/patches/winbind_trusted_domains.patch: make sure domain
443+ members can talk to trusted domains DCs.
444+ - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
445+ to be statically linked
446+ - d/rules: Compile winbindd/winbindd statically.
447+ - d/control: add libcephfs-dev as b-d to build vfs_ceph
448+
449+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400
450+
451 samba (2:4.5.8+dfsg-2) unstable; urgency=high
452
453 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
454@@ -416,6 +812,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
455
456 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200
457
458+samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
459+
460+ * SECURITY UPDATE: remote code execution from a writable share
461+ - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
462+ slash inside in source3/rpc_server/srv_pipe.c.
463+ - CVE-2017-7494
464+
465+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400
466+
467+samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
468+
469+ * SECURITY UPDATE: Symlink race allows access outside share definition
470+ - Updated to new upstream release 4.5.8.
471+ - CVE-2017-2619
472+
473+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400
474+
475 samba (2:4.5.6+dfsg-2) unstable; urgency=high
476
477 * This is a security release in order to address the following defects:
478@@ -445,6 +858,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
479
480 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100
481
482+samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
483+
484+ * d/control: add libcephfs-dev as b-d to build vfs_ceph
485+ (LP: #1668940).
486+
487+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800
488+
489+samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
490+
491+ * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
492+ changes:
493+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
494+ + debian/smb.conf;
495+ - Add "(Samba, Ubuntu)" to server string.
496+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
497+ to show users how to restrict access to \\server\username to only username.
498+ + debian/samba-common.config:
499+ - Do not change prioritiy to high if dhclient3 is installed.
500+ + Add apport hook:
501+ - Created debian/source_samba.py.
502+ - debian/rules, debia/samb-common-bin.install: install hook.
503+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
504+ pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
505+ + debian/patches/winbind_trusted_domains.patch: make sure domain members
506+ can talk to trusted domains DCs.
507+ [ update patch based upon upstream discussion ]
508+ + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
509+ to be statically linked fixes LP #1584485.
510+ + d/rules: Compile winbindd/winbindd statically.
511+ * Drop:
512+ - Delete debian/.gitignore
513+ [ Previously undocumented ]
514+ - debian/patches/git_smbclient_cpu.patch:
515+ + backport upstream patch to fix smbclient users hanging/eating cpu on
516+ trying to contact a machine which is not there (lp #1572260)
517+ [ Fixed upstream ]
518+ - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
519+ + debian/patches/CVE-2016-2123.patch: check lengths in
520+ librpc/ndr/ndr_dnsp.c.
521+ + CVE-2016-2123
522+ [ Fixed in Debian ]
523+ - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
524+ + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
525+ source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
526+ source4/auth/gensec/gensec_gssapi.c.
527+ + CVE-2016-2125
528+ [ Fixed in Debian ]
529+ - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
530+ + debian/patches/CVE-2016-2126.patch: only allow known checksum types
531+ in auth/kerberos/kerberos_pac.c.
532+ + CVE-2016-2126
533+ [ Fixed in Debian ]
534+
535+ -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800
536+
537 samba (2:4.5.4+dfsg-1) unstable; urgency=medium
538
539 [ Mathieu Parent ]
540@@ -572,6 +1040,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
541
542 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200
543
544+samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
545+
546+ * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
547+ - debian/patches/CVE-2016-2123.patch: check lengths in
548+ librpc/ndr/ndr_dnsp.c.
549+ - CVE-2016-2123
550+ * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
551+ - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
552+ source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
553+ source4/auth/gensec/gensec_gssapi.c.
554+ - CVE-2016-2125
555+ * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
556+ - debian/patches/CVE-2016-2126.patch: only allow known checksum types
557+ in auth/kerberos/kerberos_pac.c.
558+ - CVE-2016-2126
559+
560+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500
561+
562+samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
563+
564+ * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
565+ to be statically linked fixes LP: #1584485.
566+
567+ * d/rules: Compile winbindd/winbindd statically.
568+
569+ -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100
570+
571+samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
572+
573+ * No-change rebuild for readline soname change.
574+
575+ -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000
576+
577+samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
578+
579+ * No-change rebuild for readline soname change.
580+
581+ -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000
582+
583+samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
584+
585+ * debian/patches/git_smbclient_cpu.patch:
586+ - backport upstream patch to fix smbclient users hanging/eating cpu on
587+ trying to contact a machine which is not there (lp: #1572260)
588+
589+ -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200
590+
591+samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
592+
593+ * Merge from Debian unstable. Remaining changes:
594+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
595+ + debian/smb.conf;
596+ - Add "(Samba, Ubuntu)" to server string.
597+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
598+ to show users how to restrict access to \\server\username to only username.
599+ + debian/samba-common.config:
600+ - Do not change prioritiy to high if dhclient3 is installed.
601+ + Add apport hook:
602+ - Created debian/source_samba.py.
603+ - debian/rules, debia/samb-common-bin.install: install hook.
604+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
605+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
606+ + debian/patches/winbind_trusted_domains.patch: make sure domain members
607+ can talk to trusted domains DCs.
608+ * Dropped changes:
609+ - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
610+ never done in Debian, revert.
611+ - ufw integration: included in Debian.
612+
613+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700
614+
615 samba (2:4.4.5+dfsg-2) unstable; urgency=medium
616
617 * Disable running of 'make quicktest' during build, as it takes very
618@@ -699,6 +1238,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
619
620 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200
621
622+samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
623+
624+ * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
625+ the previous security updates. (LP: #1577739)
626+ - debian/control: bump tevent Build-Depends to 0.9.28.
627+ * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
628+ - debian/patches/samba-bug11912.patch: let msrpc_parse() return
629+ talloc'ed empty strings in libcli/auth/msrpc_parse.c.
630+ - debian/patches/samba-bug11914.patch: make
631+ ntlm_auth_generate_session_info() more complete in
632+ source3/utils/ntlm_auth.c.
633+
634+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400
635+
636 samba (2:4.3.8+dfsg-1) unstable; urgency=low
637
638 [ Jelmer Vernooij ]
639@@ -713,6 +1266,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
640
641 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000
642
643+samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
644+
645+ * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
646+ - CVE-2015-5370: Multiple errors in DCE-RPC code
647+ - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
648+ - CVE-2016-2111: NETLOGON Spoofing Vulnerability
649+ - CVE-2016-2112: The LDAP client and server don't enforce integrity
650+ protection
651+ - CVE-2016-2113: Missing TLS certificate validation allows man in the
652+ middle attacks
653+ - CVE-2016-2114: "server signing = mandatory" not enforced
654+ - CVE-2016-2115: SMB client connections for IPC traffic are not
655+ integrity protected
656+ - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
657+ * debian/patches/winbind_trusted_domains.patch: make sure domain members
658+ can talk to trusted domains DCs.
659+
660+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400
661+
662 samba (2:4.3.7+dfsg-1) unstable; urgency=high
663
664 * New upstream release.
665@@ -755,6 +1327,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
666
667 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200
668
669+samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
670+
671+ * Merge with Debian; remaining changes:
672+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
673+ + debian/smb.conf;
674+ - Add "(Samba, Ubuntu)" to server string.
675+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
676+ to show users how to restrict access to \\server\username to only username.
677+ + debian/samba-common.config:
678+ - Do not change prioritiy to high if dhclient3 is installed.
679+ + debian/control:
680+ - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
681+ + Add ufw integration:
682+ - Created debian/samba.ufw.profile:
683+ - debian/rules, debian/samba.install: install profile
684+ + Add apport hook:
685+ - Created debian/source_samba.py.
686+ - debian/rules, debia/samb-common-bin.install: install hook.
687+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
688+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
689+
690+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500
691+
692 samba (2:4.3.6+dfsg-1) unstable; urgency=medium
693
694 * New upstream release.
695@@ -800,6 +1395,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
696
697 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100
698
699+samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
700+
701+ * No-change rebuild for gnutls transition.
702+
703+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000
704+
705+samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
706+
707+ * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
708+ (LP: #1545750)
709+
710+ -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100
711+
712+samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
713+
714+ * Merge with Debian; remaining changes:
715+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
716+ + debian/smb.conf;
717+ - Add "(Samba, Ubuntu)" to server string.
718+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
719+ to show users how to restrict access to \\server\username to only username.
720+ + debian/samba-common.config:
721+ - Do not change prioritiy to high if dhclient3 is installed.
722+ + debian/control:
723+ - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
724+ + Add ufw integration:
725+ - Created debian/samba.ufw.profile:
726+ - debian/rules, debian/samba.install: install profile
727+ + Add apport hook:
728+ - Created debian/source_samba.py.
729+ - debian/rules, debia/samb-common-bin.install: install hook.
730+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
731+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
732+
733+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500
734+
735 samba (2:4.3.3+dfsg-1) unstable; urgency=medium
736
737 * New upstream release. Closes: #808133.
738@@ -884,6 +1515,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
739
740 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000
741
742+samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
743+
744+ * Resolve small merge error in the rules
745+
746+ -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100
747+
748+samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
749+
750+ * Backport Debian change to remove libpam-smbpasswd, it segfaults
751+ leading to non working session (lp: #1515207)
752+
753+ -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100
754+
755+samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
756+
757+ * Build with the new ldb
758+
759+ -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100
760+
761+samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
762+
763+ * debian/samba.logrotate:
764+ - revert to Debian version of the logrotate reload command, fix an
765+ invalid syntax introduced in the upstart->systemd transition
766+ (lp: #1385868)
767+
768+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100
769+
770+samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
771+
772+ * Merge with Debian; remaining changes:
773+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
774+ + debian/smb.conf;
775+ - Add "(Samba, Ubuntu)" to server string.
776+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
777+ to show users how to restrict access to \\server\username to only username.
778+ + debian/samba-common.config:
779+ - Do not change prioritiy to high if dhclient3 is installed.
780+ + debian/control:
781+ - Don't build against or suggest ctdb and tdb.
782+ - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
783+ + debian/rules:
784+ - Drop explicit configuration options for ctdb and tdb.
785+ + Add ufw integration:
786+ - Created debian/samba.ufw.profile:
787+ - debian/rules, debian/samba.install: install profile
788+ + Add apport hook:
789+ - Created debian/source_samba.py.
790+ - debian/rules, debia/samb-common-bin.install: install hook.
791+ + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
792+ processes such that it works under both upstart and systemd.
793+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
794+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
795+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
796+
797+ -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200
798+
799 samba (2:4.1.20+dfsg-1) unstable; urgency=medium
800
801 * New upstream release (last compatible with current OpenChange).
802@@ -897,6 +1585,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
803
804 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000
805
806+samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
807+
808+ * debian/control:
809+ - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
810+
811+ -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200
812+
813+samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
814+
815+ * Merge from Debian unstable. Remaining changes:
816+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
817+ + debian/smb.conf;
818+ - Add "(Samba, Ubuntu)" to server string.
819+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
820+ to show users how to restrict access to \\server\username to only username.
821+ + debian/samba-common.config:
822+ - Do not change prioritiy to high if dhclient3 is installed.
823+ + debian/control:
824+ - Don't build against or suggest ctdb and tdb.
825+ + debian/rules:
826+ - Drop explicit configuration options for ctdb and tdb.
827+ + Add ufw integration:
828+ - Created debian/samba.ufw.profile:
829+ - debian/rules, debian/samba.install: install profile
830+ + Add apport hook:
831+ - Created debian/source_samba.py.
832+ - debian/rules, debia/samb-common-bin.install: install hook.
833+ + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
834+ processes such that it works under both upstart and systemd.
835+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
836+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
837+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
838+ + debian/patches/git_timeout_client_error.patch:
839+ - don't let smb mounts timeout that leads to errors when trying to
840+ reuse a mount after idling for a while in e.g nautilus (lp: #310932)
841+
842+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200
843+
844 samba (2:4.1.17+dfsg-4) unstable; urgency=medium
845
846 * Add pidl_reproducible.patch: Make pidl output reproducible.
847@@ -933,6 +1659,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
848
849 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100
850
851+samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
852+
853+ * debian/patches/git_timeout_client_error.patch:
854+ - don't let smb mounts timeout that leads to errors when trying to
855+ reuse a mount after idling for a while in e.g nautilus (lp: #310932)
856+
857+ -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200
858+
859+samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
860+
861+ * SECURITY UPDATE: code execution vulnerability in smbd daemon
862+ - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
863+ uninitialized pointer and don't dereference a NULL pointer in
864+ source3/rpc_server/netlogon/srv_netlog_nt.c.
865+ - CVE-2015-0240
866+
867+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500
868+
869+samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
870+
871+ * Merge from Debian unstable. Remaining changes:
872+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
873+ + debian/smb.conf;
874+ - Add "(Samba, Ubuntu)" to server string.
875+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
876+ to show users how to restrict access to \\server\username to only username.
877+ + debian/samba-common.config:
878+ - Do not change prioritiy to high if dhclient3 is installed.
879+ + debian/control:
880+ - Don't build against or suggest ctdb and tdb.
881+ + debian/rules:
882+ - Drop explicit configuration options for ctdb and tdb.
883+ + Add ufw integration:
884+ - Created debian/samba.ufw.profile:
885+ - debian/rules, debian/samba.install: install profile
886+ + Add apport hook:
887+ - Created debian/source_samba.py.
888+ - debian/rules, debia/samb-common-bin.install: install hook.
889+ + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
890+ processes such that it works under both upstart and systemd.
891+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
892+ + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
893+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
894+ + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
895+
896+ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100
897+
898 samba (2:4.1.13+dfsg-4) unstable; urgency=medium
899
900 * Revert previous patch, since ldb has an active module version check.
901@@ -975,6 +1748,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
902
903 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200
904
905+samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
906+
907+ * SECURITY UPDATE: elevation of privilege to AD Domain Controller
908+ - debian/patches/CVE-2014-8143.patch: check for extended access rights
909+ before allowing changes to userAccountControl in
910+ librpc/idl/security.idl, source4/auth/session.c,
911+ source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
912+ source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
913+ source4/rpc_server/lsa/dcesrv_lsa.c,
914+ source4/setup/schema_samba4.ldif.
915+ - CVE-2014-8143
916+
917+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500
918+
919+samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
920+
921+ * No-change rebuild against current ldb. Note that I'm not claiming the
922+ merging for this package.
923+
924+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100
925+
926+samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
927+
928+ * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
929+ pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
930+
931+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500
932+
933+samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
934+
935+ * Merge from Debian unstable. Remaining changes:
936+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
937+ + debian/smb.conf;
938+ - Add "(Samba, Ubuntu)" to server string.
939+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
940+ to show users how to restrict access to \\server\username to only username.
941+ + debian/samba-common.config:
942+ - Do not change prioritiy to high if dhclient3 is installed.
943+ + debian/control:
944+ - Don't build against or suggest ctdb and tdb.
945+ + debian/rules:
946+ - Drop explicit configuration options for ctdb and tdb.
947+ + Add ufw integration:
948+ - Created debian/samba.ufw.profile:
949+ - debian/rules, debian/samba.install: install profile
950+ + Add apport hook:
951+ - Created debian/source_samba.py.
952+ - debian/rules, debia/samb-common-bin.install: install hook.
953+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
954+ of hacking arround with pid files.
955+ + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
956+ first dummy transitional package version.
957+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
958+
959+ * In logrotate, use service command to reload (send SIGHUP) the main
960+ processes such that it works under both upstart and systemd.
961+ * Drop CVE patches, applied upstream.
962+ * Drop patches absent from series: readline-ftbfs.patch,
963+ krb5_kt_start_seq.diff, config-bind99.patch
964+ * Drop debian/source/include-binaries, pyc files are correctly cleaned up
965+
966+ -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100
967+
968 samba (2:4.1.11+dfsg-1) unstable; urgency=high
969
970 * New upstream release. Fixes:
971@@ -1010,6 +1846,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
972
973 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200
974
975+samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
976+
977+ * SECURITY UPDATE: remote code execution on unauthenticated nmbd
978+ - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
979+ lib/util/string_wrappers.h.
980+ - CVE-2014-3560
981+
982+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400
983+
984+samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
985+
986+ * SECURITY UPDATE: denial of service on nmbd malformed packet
987+ - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
988+ source3/lib/system.c.
989+ - CVE-2014-0244
990+ * SECURITY UPDATE: denial of service via bad unicode conversion
991+ - debian/patches/CVE-2014-3493.patch: refactor code in
992+ source3/lib/charcnv.c, change return code checks in
993+ source3/libsmb/clirap.c, source3/smbd/lanman.c.
994+ - CVE-2014-3493
995+
996+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400
997+
998+samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
999+
1000+ * Merge from Debian unstable. Remaining changes:
1001+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
1002+ + debian/smb.conf;
1003+ - Add "(Samba, Ubuntu)" to server string.
1004+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
1005+ to show users how to restrict access to \\server\username to only username.
1006+ + debian/samba-common.config:
1007+ - Do not change prioritiy to high if dhclient3 is installed.
1008+ + debian/control:
1009+ - Don't build against or suggest ctdb and tdb.
1010+ + debian/rules:
1011+ - Drop explicit configuration options for ctdb and tdb.
1012+ + Add ufw integration:
1013+ - Created debian/samba.ufw.profile:
1014+ - debian/rules, debian/samba.install: install profile
1015+ + Add apport hook:
1016+ - Created debian/source_samba.py.
1017+ - debian/rules, debia/samb-common-bin.install: install hook.
1018+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
1019+ of hacking arround with pid files.
1020+ + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
1021+ first dummy transitional package version.
1022+ + Dropped patches:
1023+ - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
1024+ - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
1025+ - debian/patches/readline-ftbfs.patch: Use the debian version.
1026+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
1027+ (LP: #1268180)
1028+
1029+ -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400
1030+
1031 samba (2:4.1.8+dfsg-1) unstable; urgency=medium
1032
1033 [ Jelmer Vernooij ]
1034@@ -1047,6 +1939,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
1035
1036 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200
1037
1038+samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
1039+
1040+ * Set the stack size to unlimited during the build to avoid a SIGBUS in
1041+ xsltproc on some architectures.
1042+
1043+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100
1044+
1045+samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
1046+
1047+ * Backport from unstable (Ivo De Decker):
1048+ - Build-depend on heimdal-dev.
1049+
1050+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100
1051+
1052+samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
1053+
1054+ * No change rebuild against new dh_installinit, to call update-rc.d at
1055+ postinst.
1056+
1057+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100
1058+
1059+samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
1060+
1061+ * cherrypick upstream patch 1310919 to fix pam_winbind regression
1062+ (LP: #1310919)
1063+
1064+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500
1065+
1066+samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
1067+
1068+ * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
1069+ upgrade.
1070+
1071+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700
1072+
1073+samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
1074+
1075+ * Merge from Debian unstable. Remaining changes:
1076+ + debian/VERSION.patch: Update vendor string to "Ubuntu".
1077+ + debian/smb.conf;
1078+ - Add "(Samba, Ubuntu)" to server string.
1079+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
1080+ to show users how to restrict access to \\server\username to only username.
1081+ + debian/samba-common.config:
1082+ - Do not change prioritiy to high if dhclient3 is installed.
1083+ + debian/control:
1084+ - Don't build against or suggest ctdb and tdb.
1085+ + debian/rules:
1086+ - Drop explicit configuration options for ctdb and tdb.
1087+ + Add ufw integration:
1088+ - Created debian/samba.ufw.profile:
1089+ - debian/rules, debian/samba.install: install profile
1090+ + Add apport hook:
1091+ - Created debian/source_samba.py.
1092+ - debian/rules, debia/samb-common-bin.install: install hook.
1093+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
1094+ of hacking arround with pid files.
1095+ + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
1096+ first dummy transitional package version.
1097+ + Dropped patches:
1098+ - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
1099+ - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
1100+ - debian/patches/readline-ftbfs.patch: Use the debian version.
1101+ + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
1102+ (LP: #1268180)
1103+
1104+ -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400
1105+
1106 samba (2:4.1.6+dfsg-1) unstable; urgency=high
1107
1108 * New upstream security release. Fixes:
1109@@ -1106,6 +2066,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
1110
1111 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100
1112
1113+samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
1114+
1115+ * debian/smb.conf: comment back some of the "share definitions"
1116+ options (including "valid users"). That was an Ubuntu diff and seems to
1117+ have been dropped in the trusty merge. Those changes seem needed to
1118+ get the usershare feature working (used by nautilus-share) (lp: #1261873)
1119+
1120+ -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200
1121+
1122+samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
1123+
1124+ * SECURITY UPDATE: Password lockout not enforced for SAMR password
1125+ changes
1126+ - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
1127+ source3/auth/check_samsec.c,
1128+ source3/rpc_server/samr/srv_samr_chgpasswd.c,
1129+ source3/rpc_server/samr/srv_samr_nt.c,
1130+ source3/smbd/lanman.c,
1131+ source4/rpc_server/samr/samr_password.c,
1132+ source4/torture/rpc/samr.c.
1133+ - CVE-2013-4496
1134+ * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
1135+ mistake
1136+ - debian/patches/CVE-2013-6442.patch: handle existing ACL in
1137+ source3/utils/smbcacls.c.
1138+ - CVE-2013-6442
1139+ * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
1140+
1141+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400
1142+
1143+samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
1144+
1145+ * Depend on tdb-tools (LP: #1279593)
1146+ * Updated generated config for Bind9.9.
1147+
1148+ -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500
1149+
1150+samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
1151+
1152+ * Add missing python-ntdb dependency to python-samba (spotted by
1153+ autopkgtest).
1154+
1155+ -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100
1156+
1157+samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
1158+
1159+ * Merge from Debian Unstable:
1160+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
1161+ * debian/smb.conf;
1162+ - Add "(Samba, Ubuntu)" to server string.
1163+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
1164+ to show users how to restrict access to \\server\username to only username.
1165+ + debian/samba-common.config:
1166+ - Do not change prioritiy to high if dhclient3 is installed.
1167+ + debian/control:
1168+ - Don't build against or suggest ctdb and tdb.
1169+ + debian/rules:
1170+ - Drop explicit configuration options for ctdb and tdb.
1171+ + Add ufw integration:
1172+ - Created debian/samba.ufw.profile:
1173+ - debian/rules, debian/samba.install: install profile
1174+ + Add apport hook:
1175+ - Created debian/source_samba.py.
1176+ - debian/rules, debia/samb-common-bin.install: install hook.
1177+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
1178+ of hacking arround with pid files.
1179+ + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
1180+ first dummy transitional package version.
1181+
1182+ -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500
1183+
1184 samba (2:4.1.3+dfsg-2) unstable; urgency=medium
1185
1186 * Add debug symbols for all binaries to samba-dbg. Closes: #732493
1187@@ -1148,6 +2179,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
1188
1189 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800
1190
1191+samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
1192+
1193+ * Merge from Debian Unstable:
1194+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
1195+ * debian/smb.conf;
1196+ - Add "(Samba, Ubuntu)" to server string.
1197+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
1198+ to show users how to restrict access to \\server\username to only username.
1199+ + debian/samba-common.config:
1200+ - Do not change prioritiy to high if dhclient3 is installed.
1201+ + debian/control:
1202+ - Don't build against or suggest ctdb and tdb.
1203+ + debian/rules:
1204+ - Drop explicit configuration options for ctdb and tdb.
1205+ + Add ufw integration:
1206+ - Created debian/samba.ufw.profile:
1207+ - debian/rules, debian/samba.install: install profile
1208+ + Add apport hook:
1209+ - Created debian/source_samba.py.
1210+ - debian/rules, debia/samb-common-bin.install: install hook.
1211+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
1212+ of hacking arround with pid files.
1213+ + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
1214+ first dummy transitional package version.
1215+
1216+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500
1217+
1218 samba (2:4.0.13+dfsg-1) unstable; urgency=high
1219
1220 [ Steve Langasek ]
1221@@ -1202,6 +2260,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
1222
1223 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100
1224
1225+samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
1226+
1227+ * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
1228+
1229+ -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000
1230+
1231+samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
1232+
1233+ * Merge from Debian Unstable:
1234+ - debian/VERSION.patch: Update vendor string to "Ubuntu".
1235+ * debian/smb.conf;
1236+ - Add "(Samba, Ubuntu)" to server string.
1237+ - Comment out the default [homes] share, and add a comment about "valid users = %s"
1238+ to show users how to restrict access to \\server\username to only username.
1239+ + debian/samba-common.config:
1240+ - Do not change prioritiy to high if dhclient3 is installed.
1241+ + debian/control:
1242+ - Don't build against or suggest ctdb and tdb.
1243+ + debian/rules:
1244+ - Drop explicit configuration options for ctdb and tdb.
1245+ + Add ufw integration:
1246+ - Created debian/samba.ufw.profile:
1247+ - debian/rules, debian/samba.install: install profile
1248+ + Add apport hook:
1249+ - Created debian/source_samba.py.
1250+ - debian/rules, debia/samb-common-bin.install: install hook.
1251+ + debian/samba.logrotate: call upstart interfaces unconditionally instead
1252+ of hacking arround with pid files.
1253+
1254+ -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800
1255+
1256 samba (2:4.0.10+dfsg-4) unstable; urgency=low
1257
1258 [ Christian Perrier ]
1259diff --git a/debian/control b/debian/control
1260index 75b3bbf..7ccd503 100644
1261--- a/debian/control
1262+++ b/debian/control
1263@@ -1,7 +1,8 @@
1264 Source: samba
1265 Section: net
1266 Priority: optional
1267-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
1268+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
1269+XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
1270 Uploaders: Steve Langasek <vorlon@debian.org>,
1271 Jelmer Vernooij <jelmer@debian.org>,
1272 Ivo De Decker <ivodd@debian.org>,
1273@@ -16,7 +17,6 @@ Build-Depends: bison,
1274 docbook-xml,
1275 docbook-xsl,
1276 flex,
1277- glusterfs-common [linux-any],
1278 libacl1-dev,
1279 libarchive-dev,
1280 libattr1-dev,
1281@@ -301,8 +301,8 @@ Description: Samba Virtual FileSystem plugins
1282 * vfs_shadow_copy2: Expose snapshots to Windows clients as shadow copies
1283 * vfs_worm: Disallow writes for older file
1284 .
1285- Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are
1286- moved to Recommends.
1287+ Note: The runtime dependencies of vfs_ceph and vfs_snapper are moved to
1288+ Recommends.
1289
1290 Package: libsmbclient
1291 Section: libs
1292diff --git a/debian/patches/VERSION.patch b/debian/patches/VERSION.patch
1293index d50c4c9..b92d155 100644
1294--- a/debian/patches/VERSION.patch
1295+++ b/debian/patches/VERSION.patch
1296@@ -1,5 +1,5 @@
1297 From: Eloy A. Paris <peloy@debian.org>
1298-Subject: Add "Debian" as vendor suffix
1299+Subject: Add "Ubuntu" as vendor suffix
1300
1301 Forwarded: not-needed
1302 ---
1303@@ -15,5 +15,5 @@ index d91963a..2650887 100644
1304 # #
1305 ########################################################
1306 -SAMBA_VERSION_VENDOR_SUFFIX=
1307-+SAMBA_VERSION_VENDOR_SUFFIX=Debian
1308++SAMBA_VERSION_VENDOR_SUFFIX=Ubuntu
1309 SAMBA_VERSION_VENDOR_PATCH=
1310diff --git a/debian/rules b/debian/rules
1311index cd86965..065266f 100755
1312--- a/debian/rules
1313+++ b/debian/rules
1314@@ -130,6 +130,9 @@ override_dh_auto_install:
1315 cp debian/gdbcommands $(DESTDIR)/etc/samba/
1316 mkdir -p $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d
1317 install -m755 debian/samba-common.dhcp $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d/samba
1318+ # Ubuntu things
1319+ mkdir -p $(DESTDIR)/usr/share/apport/package-hooks
1320+ install -D -m 644 debian/source_samba.py $(DESTDIR)/usr/share/apport/package-hooks/source_samba.py
1321 install -m 0755 debian/mksmbpasswd.awk $(DESTDIR)/usr/sbin/mksmbpasswd
1322 mkdir -p $(DESTDIR)/etc/ufw/applications.d
1323 install -m644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
1324@@ -238,12 +241,11 @@ override_dh_makeshlibs:
1325
1326 override_dh_shlibdeps:
1327 LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
1328- dh_shlibdeps -a -Xceph.so -Xglusterfs.so -Xsnapper.so
1329+ dh_shlibdeps -a -Xceph.so -Xsnapper.so
1330 ifeq ($(DEB_HOST_ARCH_OS), linux)
1331 LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
1332 dh_shlibdeps -a -- -pvfsmods -dRecommends \
1333 -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so \
1334- -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so \
1335 -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so
1336 else
1337 LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
1338diff --git a/debian/samba-common-bin.install b/debian/samba-common-bin.install
1339index e28e290..44c32ce 100644
1340--- a/debian/samba-common-bin.install
1341+++ b/debian/samba-common-bin.install
1342@@ -20,3 +20,4 @@ usr/share/man/man8/samba-tool.8
1343 usr/share/man/man8/smbpasswd.8
1344 usr/share/samba/addshare.py
1345 usr/share/samba/setoption.py
1346+usr/share/apport/package-hooks/source_samba.py
1347diff --git a/debian/samba-common.config b/debian/samba-common.config
1348index e9fc02d..4800015 100644
1349--- a/debian/samba-common.config
1350+++ b/debian/samba-common.config
1351@@ -64,15 +64,15 @@ db_go
1352
1353 DHCPPRIORITY=medium
1354 #if [ "$DEBCONF_RECONFIGURE" = 1 ] && [ -f /sbin/dhclient ]
1355-if [ -f /sbin/dhclient ]
1356-then
1357- DHCPPRIORITY=high
1358+#if [ -f /sbin/dhclient ]
1359+#then
1360+# DHCPPRIORITY=high
1361 # TODO: see if we can detect that dhcp-client is *going* to be installed,
1362 # even if it isn't yet.
1363 #elif dpkg-query -W --showformat='${Status}\n' dhcp-client | grep ???
1364 # unknown ok not-installed ?
1365 # DHCPPRIORITY=high
1366-fi
1367+#fi
1368
1369 FOUND=false
1370 if [ -f $FILE ]; then
1371diff --git a/debian/smb.conf b/debian/smb.conf
1372index 3ebc154..31b9080 100644
1373--- a/debian/smb.conf
1374+++ b/debian/smb.conf
1375@@ -28,6 +28,9 @@
1376 # Change this to the workgroup/NT-domain name your Samba server will part of
1377 workgroup = WORKGROUP
1378
1379+# server string is the equivalent of the NT Description field
1380+ server string = %h server (Samba, Ubuntu)
1381+
1382 #### Networking ####
1383
1384 # The specific set of interfaces / networks to bind to
1385@@ -166,28 +169,31 @@
1386
1387 #======================= Share Definitions =======================
1388
1389-[homes]
1390- comment = Home Directories
1391- browseable = no
1392+# Un-comment the following (and tweak the other settings below to suit)
1393+# to enable the default home directory shares. This will share each
1394+# user's home directory as \\server\username
1395+;[homes]
1396+; comment = Home Directories
1397+; browseable = no
1398
1399 # By default, the home directories are exported read-only. Change the
1400 # next parameter to 'no' if you want to be able to write to them.
1401- read only = yes
1402+; read only = yes
1403
1404 # File creation mask is set to 0700 for security reasons. If you want to
1405 # create files with group=rw permissions, set next parameter to 0775.
1406- create mask = 0700
1407+; create mask = 0700
1408
1409 # Directory creation mask is set to 0700 for security reasons. If you want to
1410 # create dirs. with group=rw permissions, set next parameter to 0775.
1411- directory mask = 0700
1412+; directory mask = 0700
1413
1414 # By default, \\server\username shares can be connected to by anyone
1415 # with access to the samba server.
1416-# The following parameter makes sure that only "username" can connect
1417-# to \\server\username
1418+# Un-comment the following parameter to make sure that only "username"
1419+# can connect to \\server\username
1420 # This might need tweaking when using external authentication schemes
1421- valid users = %S
1422+; valid users = %S
1423
1424 # Un-comment the following and create the netlogon directory for Domain Logons
1425 # (you need to configure Samba to act as a domain controller too.)
1426diff --git a/debian/source_samba.py b/debian/source_samba.py
1427new file mode 100644
1428index 0000000..9f0b46e
1429--- /dev/null
1430+++ b/debian/source_samba.py
1431@@ -0,0 +1,170 @@
1432+#!/usr/bin/python
1433+
1434+'''Samba Apport interface
1435+
1436+Copyright (C) 2010 Canonical Ltd/
1437+Author: Chuck Short <chuck.short@canonical.com>
1438+
1439+This program is free software; you can redistribute it and/or modify it
1440+under the terms of the GNU General Public License as published by the
1441+Free Software Foundation; either version 2 of the License, or (at your
1442+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
1443+the full text of the license.
1444+'''
1445+
1446+import os
1447+from subprocess import PIPE, Popen
1448+from apport.hookutils import *
1449+
1450+def run_testparm():
1451+ '''
1452+ Run the samba testparm(1) utility against /etc/samba/smb.conf.
1453+
1454+ We do not use apport's command_output() method here because:
1455+ - we need to discard stdout, as that includes smb.conf
1456+ - we want to know if its exit status is not zero, but that in itself
1457+ is not an error in the test itself. command_output() would say the
1458+ command failed and that would be confusing.
1459+
1460+ Returns stderr and the exit code (as a string) of testparm as a tuple or
1461+ None in the case of an error.
1462+ '''
1463+ command = ['testparm', '-s', '/etc/samba/smb.conf']
1464+ try:
1465+ testparm = Popen(command, stdout=PIPE, stderr=PIPE)
1466+ except OSError:
1467+ return None
1468+ _, err = testparm.communicate()
1469+ exit_code = testparm.wait()
1470+ return (err, str(exit_code))
1471+
1472+
1473+def recent_smblog(pattern):
1474+ '''Extract recent messages from log.smbd or messages which match a regex
1475+ pattern should be a "re" object. '''
1476+ lines = ''
1477+ if os.path.exists('/var/log/samba/log.smbd'):
1478+ file = '/var/log/samba/log.smbd'
1479+ else:
1480+ return lines
1481+
1482+ for line in open(file):
1483+ if pattern.search(line):
1484+ lines += line
1485+ return lines
1486+
1487+def recent_nmbdlog(pattern):
1488+ ''' Extract recent messages from log.nmbd or messages which match regex
1489+ pattern should be a "re" object. '''
1490+ lines = ''
1491+ if os.path.exists('/var/log/samba/log.nmbd'):
1492+ file = '/var/log/samba/log.nmbd'
1493+ else:
1494+ return lines
1495+
1496+ for line in open(file):
1497+ if pattern.search(line):
1498+ lines += line
1499+ return lines
1500+
1501+def add_info(report, ui):
1502+ packages = ['samba', 'samba-common-bin', 'samba-common', 'samba-tools', 'smbclient', 'swat',
1503+ 'samba-doc', 'samba-doc-pdf', 'smbfs', 'libpam-smbpass', 'libsmbclient', 'libsmbclient-dev',
1504+ 'winbind', 'samba-dbg', 'libwbclient0']
1505+
1506+ versions = ''
1507+ for package in packages:
1508+ try:
1509+ version = packaging.get_version(package)
1510+ except ValueError:
1511+ version = 'N/A'
1512+ if version is None:
1513+ version = 'N/A'
1514+ versions += '%s %s\n' %(package, version)
1515+ report['SambaInstalledVersions'] = versions
1516+
1517+
1518+ # Interactive report
1519+ # start by checking if /etc/samba/smb.conf exists
1520+ if not os.path.exists ('/etc/samba/smb.conf'):
1521+ ui.information("The configuration file '/etc/samba/smb.conf' does not exist. This file, and its contents, are critical for the operation of the SAMBA package(s). A common situation for this is:\n * you removed (but did not purge) SAMBA;\n * later on, you (or somebody) manually deleted '/etc/samba/smb.conf;\n * you reinstalled SAMBA.\nAs a result, this file is *not* reinstalled. If this is your case, please purge samba-common (e.g., sudo apt-get purge samba-common) and then reinstall SAMBA.\nYou may want to check other sources, like: https://answers.launchpad.net, https://help.ubuntu.com, and http://ubuntuforums.org. Please press any key to end apport's bug collection.")
1522+ raise StopIteration # we are out
1523+
1524+ ui.information("As a part of the bug reporting process, you'll be asked as series of questions to help provide a more descriptive bug report. Please answer the following questions to the best of your abilities. Afterwards, a browser will be opened to finish filing this as a bug in the Launchpad bug tracking system.")
1525+
1526+ response = ui.choice("How would you best describe your setup?", ["I am running a Windows File Server.", "I am connecting to a Windows File Server."], False)
1527+
1528+ if response == None:
1529+ raise StopIteration # user has canceled
1530+ elif response[0] == 0: #its a server
1531+ response = ui.yesno("Did this used to work properly with a previous release?")
1532+ if response == None: # user has canceled
1533+ raise StopIteration
1534+ if response == False:
1535+ report['SambaServerRegression'] = "No"
1536+ if response == True:
1537+ report['SambaServerRegression'] = 'Yes'
1538+
1539+ response = ui.choice("Which clients are failing to connect?", ["Windows", "Ubuntu", "Both", "Other"], False)
1540+ if response == None:
1541+ raise StopIteration # user has canceled
1542+ if response[0] == 0:
1543+ report['UbuntuFailedConnect'] = 'Yes'
1544+ if response[0] == 1:
1545+ report['WindowsFailedConnect'] = 'Yes'
1546+ if response[0] == 2:
1547+ report['BothFailedConnect'] = 'Yes'
1548+ if response[0] == 3:
1549+ report['OtherFailedConnect'] = 'Yes'
1550+
1551+ response = ui.yesno("The contents of your /etc/samba/smb.conf file may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?")
1552+ if response == None:
1553+ raise StopIteration
1554+ if response == False:
1555+ report['SmbConfIncluded'] = 'No'
1556+ if response == True:
1557+ report['SmbConfIncluded'] = 'Yes'
1558+ attach_file_if_exists(report, '/etc/samba/smb.conf', key='SMBConf')
1559+ if command_available('testparm') and os.path.exists('/etc/samba/smb.conf'):
1560+ testparm_result = run_testparm()
1561+ testparm_response = ui.yesno("testparm(1) is a samba utility that will check /etc/samba/smb.conf for correctness and report issues it may find. Do you want to include its stderr output in your bug report? If you answer no, then we will only include its numeric exit status.")
1562+ if testparm_response == None:
1563+ raise StopIteration
1564+ if testparm_response == True:
1565+ if testparm_result:
1566+ report['TestparmStderr'], report['TestparmExitCode'] = testparm_result
1567+ else: # only include the exit code
1568+ report['TestparmExitCode'] = testparm_result[1]
1569+
1570+ response = ui.yesno("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?")
1571+ if response == None:
1572+ raise StopIteration
1573+ elif response == False:
1574+ ui.information("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd will NOT be included in the bug report.")
1575+ elif response == True:
1576+ sec_re = re.compile('failed', re.IGNORECASE)
1577+ report['SmbLog'] = recent_smblog(sec_re)
1578+ report['NmbdLog'] = recent_nmbdlog(sec_re)
1579+
1580+ elif response[0] == 1: #its a client
1581+ response = ui.yesno("Did this used to work properly with a previous release?")
1582+ if response == None: #user has canceled
1583+ raise StopIteration
1584+ if response == False:
1585+ report['SambaClientRegression'] = "No"
1586+ if response == True:
1587+ report['SambaClientRegression'] = "Yes"
1588+
1589+ response = ui.choice("How is the remote share accessed from the Ubuntu system?", ["Nautilus (or other GUI Client)", "smbclient (from the command line)", "cifs filesystem mount (from /etc/fstab or a mount command)"], False)
1590+ if response == None: #user has canceled
1591+ raise StopIteration
1592+ if response[0] == 0:
1593+ attach_related_packages(report, ['nautilus', 'gvfs'])
1594+ if response[0] == 1:
1595+ ui.information("Please attach the output of 'smbclient -L localhost' to the end of this bug report.")
1596+ if response[0] == 2:
1597+ report['CIFSMounts'] = command_output(['findmnt', '-n', '-t', 'cifs'])
1598+ if os.path.exists('/proc/fs/cifs/DebugData'):
1599+ report['CifsVersion'] = command_output(['cat', '/proc/fs/cifs/DebugData'])
1600+
1601+ ui.information("After apport finishes collecting information, please document your steps to reproduce the issue when filling out the bug report.")

Subscribers

People subscribed via source and target branches