Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125 into ubuntu/+source/samba:debian/sid

Proposed by Andreas Hasenack on 2018-06-22

Status:

Merged

Merge reported by:

Christian Ehrhardt 

Merged at revision:

7bbdf71f4f230e588045d039f9e0912e5ed4ed77

Proposed branch:

~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125

Merge into:

ubuntu/+source/samba:debian/sid

Diff against target:

1601 lines (+1289/-21)

8 files modified

debian/changelog (+1089/-0)
debian/control (+4/-4)
debian/patches/VERSION.patch (+2/-2)
debian/rules (+4/-2)
debian/samba-common-bin.install (+1/-0)
debian/samba-common.config (+4/-4)
debian/smb.conf (+15/-9)
debian/source_samba.py (+170/-0)

Related bugs:

Bug #1748267: smbclient-share-access dep8 test should create the user it needs	Low	Fix Released
Bug #1752878: fullsync support for time-machine	Wishlist	Fix Released
Bug #1760855: logrotate rules do not allow for samba being disabled.	Low	Fix Released
Bug #1761737: [bionic] samba PANIC, INTERNAL ERROR: Signal 11	Undecided	Fix Released
Bug #1773679: Samba panics; samba-dbg package not found	Low	Fix Released
Bug #1778125: Please merge from debian's 4.8.2	Medium	Fix Released
Bug #1778859: vfs_aio_linux manpage incorrectly shipped in package on bionic	Low	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Christian Ehrhardt  (community)	2018-06-22	Approve on 2018-08-22
Canonical Server	2018-06-22	Pending
Review via email: mp+348424@code.launchpad.net

Description of the change

Merge from Debian's 4.8.2.

This is a package where git ubuntu merge start crashed, so I did that part manually.

This merge has some interesting aspects:
- our old delta included an upstream version bump (debian had 4.7.4, we went with 4.7.6). This can be seen in the git logs, and was of course dropped when rebasing on new/debian
- samba 4.8.x requires a newer libldb, which is already in cosmic-proposed for a month but hasn't migrated because samba needs to be rebuilt with it, so it's stuck. Any new upload of samba would unstuck it, even a 4.7.x one, but so will this 4.8 MP.
- here is a PPA with test packages for all architectures where samba was built with the new libldb: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-merge-4.8-1778125/+packages (ppa:ahasenack/samba-merge-4.8-1778125)
- debian fixed bugs that also affected our package, so these bugs will be marked as fix released manually:
  https://pad.lv/1773679 samba-dbg not found
  https://pad.lv/1748267 dep8 test user
- this one was fixed upstream in samba 4.8:
  https://pad.lv/1752878 fullsync support for timemachine

I added a fix for a logrotate issue (#1760855) and also submitted it to debian (#902149)

Here are DEP8 tests run with the packages from that PPA: http://people.ubuntu.com/~ahasenack/dep8-samba-4.8-1778125/

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-06-25:

Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "syslog" option is deprecated

Should we do something about this on the merge?

review: Needs Information

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-25:

Yes, I can finally tackle that now I think.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-06-25:

Some changes needed to be adapted like dhclient3, but all LGTM.
Overall retained Delta - all in and as-is or correctly adapted.
Dropped Delta - acl to what was dropped

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-06-25:

acl => ack

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-06-25:

I did some install/upgrade tests and hit no issues.

As discussed please also run the qa-regresssion-test against the new upload.

Under the condition that these tests work as well and some minor changelog cleanup as we discussed on IRC +1

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-25:

Salsa MP about the syslog changes: https://salsa.debian.org/samba-team/samba/merge_requests/7

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-25:

What is failing with 4.8.2, and passing with 4.7.6, is this simple construct on a cifs mountpoint:

root@ubuntu:~# echo hello > $(mktemp /mnt/hello.XXXXXX)
-su: $(mktemp /mnt/hello.XXXXXX): Permission denied
root@ubuntu:~# l /mnt/hello.JJocjv
-rw-------+ 1 nobody nogroup 0 Jun 25 17:56 /mnt/hello.JJocjv
root@ubuntu:~#

The share is just:
[tmp]
comment = Temp Directory
guest ok = Yes
path = /tmp
read only = No

Since it's a guest connection, the user on the server side is effectively nobody/nogroup, so he should be able to write to the file.

I emailed samba@.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-25:

Reading from that file also fails.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-26:

I submitted a bug upstream: https://bugzilla.samba.org/show_bug.cgi?id=13486

I'm not sure what we do now. I don't know when this bug will get attention.

libldb is still stuck in proposed as it needs a samba build. It could be the current 4.7.6 one, we just need to upload it again with a version bump. Or we wait.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-06-26:

Bug also filed with Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902431

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-07-03:

Another MP to just rebuild cosmic's current samba (4.7.6) with the stuck ldb: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348888

Revision history for this message

Robie Basak (racb) wrote on 2018-07-03:

Blocked on samba upstream bug but otherwise ready to merge. Ask Andreas before uploading.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-21:

This is an ugly dead-lock :-/
The adoption of the new code would be good for so many things CVEs and normal fixes/improvements.

Since the smb bug tracker user creation takes a while, could you poll there please?

I wonder how critical that new bug is in comparison to the improvements. Maybe we want to merge as is and be more pressing on the upstream bug to backport something hopefully between FF and Release.
But upstream had nothing so far after a few initial "could you try this" :-/

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-21:

Maybe in addition call for help in https://lists.samba.org/archive/samba/2018-August/thread.html or https://lists.samba.org/archive/samba-technical/2018-August/thread.html ?

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-08-21:

Reopening this, after I rebased it on 4.8.4. Given that the regression bug is also present in 4.7.7, and in 4.8.1 and later in the 4.8.x series, I believe either not many people are affected, or it's not important enough, because these releases have been out there for some time now. The benefits outweigh the cons here in my opinion.

Bileto ticket: https://bileto.ubuntu.com/#/ticket/3373

There is a nagging gvfs s390x test failure: http://autopkgtest.ubuntu.com/packages/gvfs/cosmic/s390x looks like it "never" passed and is not related to samba. I will try it in s390x later to see if I can reproduce it, file a bug upstream if that's the case, etc, we know the drill.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-08-21:

Actually, the gvfs s390x failure is a force-badtest already, so it's expected and won't block this migration:
andreas@nsnx:~/bzr/hints-ubuntu$ grep gvfs *
ubuntu-release:force-badtest gvfs/1.36.1-0ubuntu1/ppc64el gvfs/1.36.1-0ubuntu1/s390x gvfs/1.36.1-0ubuntu3/ppc64el gvfs/1.36.1-0ubuntu3/s390x

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-08-21:

Everything is in place in cosmic-proposed for this upload: ldb is currently just waiting on a samba rebuild (http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#ldb)

trying: ldb
skipped: ldb (15, 3, 7)
got: 22+0: a-4:a-3:a-5:i-3:p-3:s-4
* s390x: samba-dsdb-modules

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-22:

With your logrotate and syslog changes in Debian this looks even better :-)
Tests are good - I checked a bit on my own and the links are as you said onle the gvfs which doesn't matter.

The corner case issue we found in testing really should not stop all these new things from going in. And we have plenty of time to work on that once upstream replies on your bugs.

So what is the state now - still as approved as before?

review: Approve

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-22:

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/samba
* [new tag] upload/2%4.8.4+dfsg-2ubuntu1 -> upload/2%4.8.4+dfsg-2ubuntu1

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-22:

You are still not an uplader of samba :-/
But I don't want to push on my own without your final call to do so.
I made the tag ready, so that anyone can sponsor in case I'm not available.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-08-22:

Thanks, I'll do a final check first thing when I get in

On Wed, Aug 22, 2018, 06:29  Christian Ehrhardt  <
<email address hidden>> wrote:

> You are still not an uplader of samba :-/
> But I don't want to push on my own without your final call to do so.
> I made the tag ready, so that anyone can sponsor in case I'm not available.
> --
>
> https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
> You are the owner of
> ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125.
>
> Launchpad-Message-Rationale: Owner
> Launchpad-Message-For: ahasenack
> Launchpad-Notification-Type: code-review
> Launchpad-Branch:
> ~ahasenack/ubuntu/+source/samba/+git/samba:cosmic-samba-merge-4.8-1778125
>

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-08-22:

Please proceed with the upload/sponsorship, thanks

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-22:

https://launchpad.net/ubuntu/+source/samba/2:4.8.4+dfsg-2ubuntu1 is building

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Paul Smedley

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 0f793e2..cbab972 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,41 @@
++samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1778125). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++  * Drop:
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++      [Accepted by Debian in 2:4.7.4+dfsg-2]
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++      [In Debian since 2:4.7.4+dfsg-2]
++    - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
++      [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
++      Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
++      [Fixed upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 21 Aug 2018 09:57:57 -0300
++
  samba (2:4.8.4+dfsg-2) unstable; urgency=high
    * Fix typo in previous release: s/usefull/useful/
@@ -155,6 +193,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Mon, 19 Mar 2018 13:02:51 +0100
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
++
++  * No change rebuild to link with new ldb 1.3.3
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 03 Jul 2018 09:57:24 -0300
++
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
++
++  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
++    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
++    Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 18 Apr 2018 11:49:55 -0300
++
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
++
++  * New upstream version:
++    - Fix database corruption bug when upgrading from samba 4.6 or lower
++      AD controllers (LP: #1755057)
++    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
++  * Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 13 Mar 2018 16:58:49 -0300
++
  samba (2:4.7.4+dfsg-2) unstable; urgency=high
    [ Mathieu Parent ]
@@ -185,6 +272,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Fri, 02 Mar 2018 20:55:06 +0100
++samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1744779). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 22 Jan 2018 16:31:41 -0200
++
  samba (2:4.7.4+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -201,6 +319,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 11 Jan 2018 20:49:28 +0100
++samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/source_samba.py: use the new recommended findmnt(8) tool to list
++      mountpoints and correctly filter by the cifs filesystem type.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 05 Dec 2017 12:49:20 -0500
++
  samba (2:4.7.3+dfsg-1) unstable; urgency=high
    * New upstream version
@@ -224,6 +378,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Sun, 12 Nov 2017 10:02:19 +0100
++samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/source_samba.py: use the new recommended findmnt(8) tool to list
++      mountpoints and correctly filter by the cifs filesystem type.
++
++ -- Matthias Klose <doko@ubuntu.com>  Fri, 10 Nov 2017 10:03:57 +0100
++
  samba (2:4.7.1+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -272,6 +462,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Tue, 19 Sep 2017 22:00:13 +0200
++samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
++    they should
++    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
++      into a specified one in source3/include/auth_info.h,
++      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
++    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
++      source3/lib/util_cmdline.c.
++    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
++      source3/libsmb/pylibsmb.c.
++    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
++      libgpo/gpo_fetch.c.
++    - debian/patches/CVE-2017-12150-5.patch: add check for
++      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
++    - debian/patches/CVE-2017-12150-6.patch: add
++      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
++    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
++      authentication was not requested in source3/libsmb/clidfs.c.
++    - CVE-2017-12150
++  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
++    redirects
++    - debian/patches/CVE-2017-12151-1.patch: add
++      cli_state_is_encryption_on() helper function to
++      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
++    - debian/patches/CVE-2017-12151-2.patch: make use of
++      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
++      source3/libsmb/libsmb_context.c.
++    - CVE-2017-12151
++  * SECURITY UPDATE: Server memory information leak over SMB1
++    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
++      from writing server memory to file in source3/smbd/reply.c.
++    - CVE-2017-12163
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Sep 2017 08:10:03 -0400
++
++samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
++
++  * d/source_samba.py: use the new recommended findmnt(8) tool to list
++    mountpoints and correctly filter by the cifs filesystem type.
++    (LP: #1703604)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 01 Sep 2017 09:47:58 -0300
++
++samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1710281).
++    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
++      symlinks to directories (LP: #1701073)
++  * Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 21 Aug 2017 17:27:08 -0300
++
  samba (2:4.6.7+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -283,6 +554,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Tue, 15 Aug 2017 23:06:36 +0200
++samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1700644). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++  * Drop:
++    - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
++      [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
++      fix-1584485.patch was dropped there.]
++    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure
++      [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
++      in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
++    - debian/patches/winbind_trusted_domains.patch: make sure domain
++      members can talk to trusted domains DCs.
++      [Upstream committed a different fix, see updated patch attached to
++      https://bugzilla.samba.org/show_bug.cgi?id=11830]
++    - d/control: add libcephfs-dev as b-d to build vfs_ceph
++      [Adopted by Debian in 2:4.6.5+dfsg-1]
++    - debian/patches/CVE-2017-11103.patch: use encrypted service
++      name rather than unencrypted (and therefore spoofable) version
++      in heimdal
++      [Adopted by Debian as
++      d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
++    - Cherrypick upstream patch to fix FTBFS with new ceph lib.
++      [Merged upstream in 4.6.0rc1]
++  * Disable glusterfs support because it's not in main.
++    MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 10 Aug 2017 22:20:22 -0300
++
  samba (2:4.6.5+dfsg-8) unstable; urgency=medium
    * Remove dependency on update-inetd, not used anymore
@@ -402,6 +727,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Mon, 12 Jun 2017 08:09:43 +0200
++samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
++
++  * Cherrypick upstream patch to fix FTBFS with new ceph lib.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 26 Jul 2017 08:34:24 +0100
++
++samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
++
++  * SECURITY UPDATE: KDC-REP service name impersonation
++    - debian/patches/CVE-2017-11103.patch: use encrypted service
++      name rather than unencrypted (and therefore spoofable) version
++      in heimdal
++    - CVE-2017-11103
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 17 Jul 2017 16:22:28 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
++
++  * No-change rebuild against libldb 1.1.29
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Jun 2017 16:09:33 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
++
++  * Add extra DEP8 tests to samba (LP: #1696823):
++    - d/t/control: enable the new DEP8 tests
++    - d/t/smbclient-anonymous-share-list: list available shares anonymously
++    - d/t/smbclient-authenticated-share-list: list available shares using
++      an authenticated connection
++    - d/t/smbclient-share-access: create a share and download a file from it
++    - d/t/cifs-share-access: access a file in a share using cifs
++  * Ask the user if we can run testparm against the config file. If yes,
++    include its stderr and exit status in the bug report. Otherwise, only
++    include the exit status. (LP: #1694334)
++  * If systemctl is available, use it to query the status of the smbd
++    service before trying to reload it. Otherwise, keep the same check
++    as before and reload the service based on the existence of the
++    initscript. (LP: #1579597)
++  * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
++    module. There is a fixed version of that patch attached to
++    #1677329 but it has not been vetted yet, so for now it's best
++    to revert (again) so that pam_winbind can be used.
++    (LP: #1677329, LP: #1644428)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 19 Jun 2017 10:49:29 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure
++    - debian/patches/winbind_trusted_domains.patch: make sure domain
++      members can talk to trusted domains DCs.
++    - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++      to be statically linked
++    - d/rules: Compile winbindd/winbindd statically.
++    - d/control: add libcephfs-dev as b-d to build vfs_ceph
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 15 Jun 2017 14:17:43 -0400
++
  samba (2:4.5.8+dfsg-2) unstable; urgency=high
    * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -416,6 +812,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Sat, 01 Apr 2017 20:39:17 +0200
++samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
++
++  * SECURITY UPDATE: remote code execution from a writable share
++    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
++      slash inside in source3/rpc_server/srv_pipe.c.
++    - CVE-2017-7494
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 24 May 2017 07:39:13 -0400
++
++samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
++
++  * SECURITY UPDATE: Symlink race allows access outside share definition
++    - Updated to new upstream release 4.5.8.
++    - CVE-2017-2619
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 21 Apr 2017 07:33:25 -0400
++
  samba (2:4.5.6+dfsg-2) unstable; urgency=high
    * This is a security release in order to address the following defects:
@@ -445,6 +858,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Sun, 05 Mar 2017 23:21:09 +0100
++samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
++
++  * d/control: add libcephfs-dev as b-d to build vfs_ceph
++    (LP: #1668940).
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 06 Mar 2017 11:13:41 -0800
++
++samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
++    changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
++    + debian/patches/winbind_trusted_domains.patch: make sure domain members
++      can talk to trusted domains DCs.
++      [ update patch based upon upstream discussion ]
++    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++      to be statically linked fixes LP #1584485.
++    + d/rules: Compile winbindd/winbindd statically.
++  * Drop:
++    - Delete debian/.gitignore
++    [ Previously undocumented ]
++    - debian/patches/git_smbclient_cpu.patch:
++      + backport upstream patch to fix smbclient users hanging/eating cpu on
++        trying to contact a machine which is not there (lp #1572260)
++    [ Fixed upstream ]
++    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
++      + debian/patches/CVE-2016-2123.patch: check lengths in
++        librpc/ndr/ndr_dnsp.c.
++      + CVE-2016-2123
++    [ Fixed in Debian ]
++    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
++      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
++        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
++        source4/auth/gensec/gensec_gssapi.c.
++      + CVE-2016-2125
++    [ Fixed in Debian ]
++    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
++      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
++        in auth/kerberos/kerberos_pac.c.
++      + CVE-2016-2126
++    [ Fixed in Debian ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 26 Jan 2017 17:20:15 -0800
++
  samba (2:4.5.4+dfsg-1) unstable; urgency=medium
    [ Mathieu Parent ]
@@ -572,6 +1040,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Fri, 09 Sep 2016 13:00:54 +0200
++samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
++
++  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
++    - debian/patches/CVE-2016-2123.patch: check lengths in
++      librpc/ndr/ndr_dnsp.c.
++    - CVE-2016-2123
++  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
++    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
++      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
++      source4/auth/gensec/gensec_gssapi.c.
++    - CVE-2016-2125
++  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
++    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
++      in auth/kerberos/kerberos_pac.c.
++    - CVE-2016-2126
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Jan 2017 12:32:25 -0500
++
++samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
++
++  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++    to be statically linked fixes LP: #1584485.
++
++  * d/rules: Compile winbindd/winbindd statically.
++
++ -- Jorge Niedbalski <jorge.niedbalski@canonical.com>  Wed, 02 Nov 2016 13:59:10 +0100
++
++samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sun, 18 Sep 2016 10:26:52 +0000
++
++samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 17 Sep 2016 12:09:21 +0000
++
++samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
++
++  * debian/patches/git_smbclient_cpu.patch:
++    - backport upstream patch to fix smbclient users hanging/eating cpu on
++      trying to contact a machine which is not there (lp: #1572260)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 05 Aug 2016 17:32:43 +0200
++
++samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/winbind_trusted_domains.patch: make sure domain members
++      can talk to trusted domains DCs.
++  * Dropped changes:
++    - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
++      never done in Debian, revert.
++    - ufw integration: included in Debian.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 14 Jul 2016 17:45:46 -0700
++
  samba (2:4.4.5+dfsg-2) unstable; urgency=medium
    * Disable running of 'make quicktest' during build, as it takes very
@@ -699,6 +1238,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
   -- Andrew Bartlett <abartlet+debian@catalyst.net.nz>  Wed, 06 Apr 2016 17:08:20 +1200
++samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
++
++  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
++    the previous security updates. (LP: #1577739)
++    - debian/control: bump tevent Build-Depends to 0.9.28.
++  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
++    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
++      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
++    - debian/patches/samba-bug11914.patch: make
++      ntlm_auth_generate_session_info() more complete in
++      source3/utils/ntlm_auth.c.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 May 2016 09:29:15 -0400
++
  samba (2:4.3.8+dfsg-1) unstable; urgency=low
    [ Jelmer Vernooĳ ]
@@ -713,6 +1266,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
   -- Jelmer Vernooĳ <jelmer@debian.org>  Sat, 16 Apr 2016 01:18:36 +0000
++samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
++
++  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
++    - CVE-2015-5370: Multiple errors in DCE-RPC code
++    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
++    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
++    - CVE-2016-2112: The LDAP client and server don't enforce integrity
++      protection
++    - CVE-2016-2113: Missing TLS certificate validation allows man in the
++      middle attacks
++    - CVE-2016-2114: "server signing = mandatory" not enforced
++    - CVE-2016-2115: SMB client connections for IPC traffic are not
++      integrity protected
++    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
++  * debian/patches/winbind_trusted_domains.patch: make sure domain members
++    can talk to trusted domains DCs.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 12 Apr 2016 07:26:29 -0400
++
  samba (2:4.3.7+dfsg-1) unstable; urgency=high
    * New upstream release.
@@ -755,6 +1327,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
   -- Mathieu Parent <sathieu@debian.org>  Thu, 31 Mar 2016 22:26:11 +0200
++samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 09 Mar 2016 08:49:12 -0500
++
  samba (2:4.3.6+dfsg-1) unstable; urgency=medium
    * New upstream release.
@@ -800,6 +1395,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 04 Feb 2016 13:25:01 +0100
++samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:43 +0000
++
++samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
++
++  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
++    (LP: #1545750)
++
++ -- Dariusz Gadomski <dariusz.gadomski@canonical.com>  Mon, 15 Feb 2016 16:05:12 +0100
++
++samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 06 Jan 2016 07:41:39 -0500
++
  samba (2:4.3.3+dfsg-1) unstable; urgency=medium
    * New upstream release. Closes: #808133.
@@ -884,6 +1515,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 07 Dec 2014 15:34:36 +0000
++samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
++
++  * Resolve small merge error in the rules
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 16 Dec 2015 12:02:12 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
++
++  * Backport Debian change to remove libpam-smbpasswd, it segfaults
++    leading to non working session (lp: #1515207)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 16 Dec 2015 11:47:44 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
++
++  * Build with the new ldb
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 18 Nov 2015 11:45:32 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
++
++  * debian/samba.logrotate:
++    - revert to Debian version of the logrotate reload command, fix an
++      invalid syntax introduced in the upstart->systemd transition
++      (lp: #1385868)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Tue, 10 Nov 2015 19:01:06 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 24 Oct 2015 14:57:47 +0200
++
  samba (2:4.1.20+dfsg-1) unstable; urgency=medium
    * New upstream release (last compatible with current OpenChange).
@@ -897,6 +1585,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 20 Sep 2015 13:20:53 +0000
++samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
++
++  * debian/control:
++    - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++
++ -- Robert Ancell <robert.ancell@canonical.com>  Tue, 11 Aug 2015 11:34:50 +1200
++
++samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/git_timeout_client_error.patch:
++    - don't let smb mounts timeout that leads to errors when trying to
++      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 08 May 2015 10:49:12 +0200
++
  samba (2:4.1.17+dfsg-4) unstable; urgency=medium
    * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -933,6 +1659,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivodd@debian.org>  Mon, 23 Feb 2015 20:20:21 +0100
++samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
++
++  * debian/patches/git_timeout_client_error.patch:
++    - don't let smb mounts timeout that leads to errors when trying to
++      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 03 Apr 2015 17:20:06 +0200
++
++samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
++
++  * SECURITY UPDATE: code execution vulnerability in smbd daemon
++    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
++      uninitialized pointer and don't dereference a NULL pointer in
++      source3/rpc_server/netlogon/srv_netlog_nt.c.
++    - CVE-2015-0240
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 23 Feb 2015 08:36:51 -0500
++
++samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
++
++ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Wed, 21 Jan 2015 15:48:05 +0100
++
  samba (2:4.1.13+dfsg-4) unstable; urgency=medium
    * Revert previous patch, since ldb has an active module version check.
@@ -975,6 +1748,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 07 Sep 2014 20:52:27 +0200
++samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
++
++  * SECURITY UPDATE: elevation of privilege to AD Domain Controller
++    - debian/patches/CVE-2014-8143.patch: check for extended access rights
++      before allowing changes to userAccountControl in
++      librpc/idl/security.idl, source4/auth/session.c,
++      source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
++      source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
++      source4/rpc_server/lsa/dcesrv_lsa.c,
++      source4/setup/schema_samba4.ldif.
++    - CVE-2014-8143
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 21 Jan 2015 09:19:12 -0500
++
++samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
++
++  * No-change rebuild against current ldb. Note that I'm not claiming the
++    merging for this package.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 04 Dec 2014 07:50:22 +0100
++
++samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
++
++  * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++    pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 11 Sep 2014 11:53:36 -0500
++
++samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++
++  * In logrotate, use service command to reload (send SIGHUP) the main
++    processes such that it works under both upstart and systemd.
++  * Drop CVE patches, applied upstream.
++  * Drop patches absent from series: readline-ftbfs.patch,
++    krb5_kt_start_seq.diff, config-bind99.patch
++  * Drop debian/source/include-binaries, pyc files are correctly cleaned up
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 09 Aug 2014 21:26:23 +0100
++
  samba (2:4.1.11+dfsg-1) unstable; urgency=high
    * New upstream release. Fixes:
@@ -1010,6 +1846,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Mon, 23 Jun 2014 18:33:27 +0200
++samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
++
++  * SECURITY UPDATE: remote code execution on unauthenticated nmbd
++    - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
++      lib/util/string_wrappers.h.
++    - CVE-2014-3560
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 01 Aug 2014 17:54:54 -0400
++
++samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
++
++  * SECURITY UPDATE: denial of service on nmbd malformed packet
++    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
++      source3/lib/system.c.
++    - CVE-2014-0244
++  * SECURITY UPDATE: denial of service via bad unicode conversion
++    - debian/patches/CVE-2014-3493.patch: refactor code in
++      source3/lib/charcnv.c, change return code checks in
++      source3/libsmb/clirap.c, source3/smbd/lanman.c.
++    - CVE-2014-3493
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 23 Jun 2014 14:10:12 -0400
++
++samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + Dropped patches:
++      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
++      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
++      - debian/patches/readline-ftbfs.patch: Use the debian version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++      (LP: #1268180)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 18 Jun 2014 10:50:25 -0400
++
  samba (2:4.1.8+dfsg-1) unstable; urgency=medium
    [ Jelmer Vernooij ]
@@ -1047,6 +1939,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Sat, 19 Apr 2014 13:39:09 +0200
++samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
++
++  * Set the stack size to unlimited during the build to avoid a SIGBUS in
++    xsltproc on some architectures.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 02 Jun 2014 23:18:40 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
++
++  * Backport from unstable (Ivo De Decker):
++    - Build-depend on heimdal-dev.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 02 Jun 2014 15:39:54 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
++
++  * No change rebuild against new dh_installinit, to call update-rc.d at
++    postinst.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:41:32 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
++
++  * cherrypick upstream patch 1310919 to fix pam_winbind regression
++    (LP: #1310919)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 29 Apr 2014 16:05:44 -0500
++
++samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
++
++  * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
++    upgrade.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 03 Apr 2014 19:08:03 -0700
++
++samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + Dropped patches:
++      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
++      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
++      - debian/patches/readline-ftbfs.patch: Use the debian version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++      (LP: #1268180)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 02 Apr 2014 13:40:30 -0400
++
  samba (2:4.1.6+dfsg-1) unstable; urgency=high
    * New upstream security release. Fixes:
@@ -1106,6 +2066,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Sat, 18 Jan 2014 14:07:15 +0100
++samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
++
++  * debian/smb.conf: comment back some of the "share definitions"
++    options (including "valid users"). That was an Ubuntu diff and seems to
++    have been dropped in the trusty merge. Those changes seem needed to
++    get the usershare feature working (used by nautilus-share) (lp: #1261873)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Tue, 01 Apr 2014 16:01:04 +0200
++
++samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
++
++  * SECURITY UPDATE: Password lockout not enforced for SAMR password
++    changes
++    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
++      source3/auth/check_samsec.c,
++      source3/rpc_server/samr/srv_samr_chgpasswd.c,
++      source3/rpc_server/samr/srv_samr_nt.c,
++      source3/smbd/lanman.c,
++      source4/rpc_server/samr/samr_password.c,
++      source4/torture/rpc/samr.c.
++    - CVE-2013-4496
++  * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
++    mistake
++    - debian/patches/CVE-2013-6442.patch: handle existing ACL in
++      source3/utils/smbcacls.c.
++    - CVE-2013-6442
++  * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Mar 2014 08:32:30 -0400
++
++samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
++
++  * Depend on tdb-tools (LP: #1279593)
++  * Updated generated config for Bind9.9.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 12 Feb 2014 21:26:00 -0500
++
++samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
++
++  * Add missing python-ntdb dependency to python-samba (spotted by
++    autopkgtest).
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 10 Feb 2014 09:53:01 +0100
++
++samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++    first dummy transitional package version.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 13 Jan 2014 08:52:31 -0500
++
  samba (2:4.1.3+dfsg-2) unstable; urgency=medium
    * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -1148,6 +2179,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
   -- Steve Langasek <vorlon@debian.org>  Mon, 09 Dec 2013 11:13:59 -0800
++samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++    first dummy transitional package version.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 11 Dec 2013 19:55:47 -0500
++
  samba (2:4.0.13+dfsg-1) unstable; urgency=high
    [ Steve Langasek ]
@@ -1202,6 +2260,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Mon, 11 Nov 2013 15:42:40 +0100
++samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
++
++  * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
++
++ -- Dmitrijs Ledkovs <xnox@ubuntu.com>  Wed, 27 Nov 2013 21:50:43 +0000
++
++samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 08 Nov 2013 13:47:46 +0800
++
  samba (2:4.0.10+dfsg-4) unstable; urgency=low
    [ Christian Perrier ]
 diff --git a/debian/control b/debian/control
 index 75b3bbf..7ccd503 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: samba
  Section: net
  Priority: optional
--Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
  Uploaders: Steve Langasek <vorlon@debian.org>,
             Jelmer Vernooĳ <jelmer@debian.org>,
             Ivo De Decker <ivodd@debian.org>,
@@ -16,7 +17,6 @@ Build-Depends: bison,
                 docbook-xml,
                 docbook-xsl,
                 flex,
--               glusterfs-common [linux-any],
                 libacl1-dev,
                 libarchive-dev,
                 libattr1-dev,
@@ -301,8 +301,8 @@ Description: Samba Virtual FileSystem plugins
    * vfs_shadow_copy2: Expose snapshots to Windows clients as shadow copies
    * vfs_worm: Disallow writes for older file
+  .
-- Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are
-- moved to Recommends.
++ Note: The runtime dependencies of vfs_ceph and vfs_snapper are moved to
++ Recommends.
  Package: libsmbclient
  Section: libs
 diff --git a/debian/patches/VERSION.patch b/debian/patches/VERSION.patch
 index d50c4c9..b92d155 100644
 --- a/debian/patches/VERSION.patch
 +++ b/debian/patches/VERSION.patch
@@ -1,5 +1,5 @@
  From: Eloy A. Paris <peloy@debian.org>
--Subject: Add "Debian" as vendor suffix
++Subject: Add "Ubuntu" as vendor suffix
  Forwarded: not-needed
  ---
@@ -15,5 +15,5 @@ index d91963a..2650887 100644
   #                                                      #
   ########################################################
  -SAMBA_VERSION_VENDOR_SUFFIX=
--+SAMBA_VERSION_VENDOR_SUFFIX=Debian
+++SAMBA_VERSION_VENDOR_SUFFIX=Ubuntu
   SAMBA_VERSION_VENDOR_PATCH=
 diff --git a/debian/rules b/debian/rules
 index cd86965..065266f 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -130,6 +130,9 @@ override_dh_auto_install:
  	cp debian/gdbcommands $(DESTDIR)/etc/samba/
  	mkdir -p $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d
  	install -m755 debian/samba-common.dhcp $(DESTDIR)/etc/dhcp/dhclient-enter-hooks.d/samba
++	# Ubuntu things
++	mkdir -p $(DESTDIR)/usr/share/apport/package-hooks
++	install -D -m 644 debian/source_samba.py $(DESTDIR)/usr/share/apport/package-hooks/source_samba.py
  	install -m 0755 debian/mksmbpasswd.awk $(DESTDIR)/usr/sbin/mksmbpasswd
  	mkdir -p $(DESTDIR)/etc/ufw/applications.d
  	install -m644 debian/samba.ufw.profile $(DESTDIR)/etc/ufw/applications.d/samba
@@ -238,12 +241,11 @@ override_dh_makeshlibs:
  override_dh_shlibdeps:
  	LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
--	  dh_shlibdeps -a -Xceph.so -Xglusterfs.so -Xsnapper.so
++	  dh_shlibdeps -a -Xceph.so -Xsnapper.so
  ifeq ($(DEB_HOST_ARCH_OS), linux)
  	LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
  	  dh_shlibdeps -a -- -pvfsmods -dRecommends \
  	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so \
--	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so \
  	    -e debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so
  else
  	LD_LIBRARY_PATH=$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba:$$LD_LIBRARY_PATH \
 diff --git a/debian/samba-common-bin.install b/debian/samba-common-bin.install
 index e28e290..44c32ce 100644
 --- a/debian/samba-common-bin.install
 +++ b/debian/samba-common-bin.install
@@ -20,3 +20,4 @@ usr/share/man/man8/samba-tool.8
  usr/share/man/man8/smbpasswd.8
  usr/share/samba/addshare.py
  usr/share/samba/setoption.py
++usr/share/apport/package-hooks/source_samba.py
 diff --git a/debian/samba-common.config b/debian/samba-common.config
 index e9fc02d..4800015 100644
 --- a/debian/samba-common.config
 +++ b/debian/samba-common.config
@@ -64,15 +64,15 @@ db_go
  DHCPPRIORITY=medium
  #if [ "$DEBCONF_RECONFIGURE" = 1 ] && [ -f /sbin/dhclient ]
--if [ -f /sbin/dhclient ]
--then
--	DHCPPRIORITY=high
++#if [ -f /sbin/dhclient ]
++#then
++#	DHCPPRIORITY=high
  # TODO: see if we can detect that dhcp-client is *going* to be installed,
  # even if it isn't yet.
  #elif dpkg-query -W --showformat='${Status}\n' dhcp-client | grep ???
  # unknown ok not-installed ?
  #	DHCPPRIORITY=high
--fi
++#fi
  FOUND=false
  if [ -f $FILE ]; then
 diff --git a/debian/smb.conf b/debian/smb.conf
 index 3ebc154..31b9080 100644
 --- a/debian/smb.conf
 +++ b/debian/smb.conf
@@ -28,6 +28,9 @@
  # Change this to the workgroup/NT-domain name your Samba server will part of
     workgroup = WORKGROUP
++# server string is the equivalent of the NT Description field
++   server string = %h server (Samba, Ubuntu)
++
  #### Networking ####
  # The specific set of interfaces / networks to bind to
@@ -166,28 +169,31 @@
  #======================= Share Definitions =======================
--[homes]
--   comment = Home Directories
--   browseable = no
++# Un-comment the following (and tweak the other settings below to suit)
++# to enable the default home directory shares. This will share each
++# user's home directory as \\server\username
++;[homes]
++;   comment = Home Directories
++;   browseable = no
  # By default, the home directories are exported read-only. Change the
  # next parameter to 'no' if you want to be able to write to them.
--   read only = yes
++;   read only = yes
  # File creation mask is set to 0700 for security reasons. If you want to
  # create files with group=rw permissions, set next parameter to 0775.
--   create mask = 0700
++;   create mask = 0700
  # Directory creation mask is set to 0700 for security reasons. If you want to
  # create dirs. with group=rw permissions, set next parameter to 0775.
--   directory mask = 0700
++;   directory mask = 0700
  # By default, \\server\username shares can be connected to by anyone
  # with access to the samba server.
--# The following parameter makes sure that only "username" can connect
--# to \\server\username
++# Un-comment the following parameter to make sure that only "username"
++# can connect to \\server\username
  # This might need tweaking when using external authentication schemes
--   valid users = %S
++;   valid users = %S
  # Un-comment the following and create the netlogon directory for Domain Logons
  # (you need to configure Samba to act as a domain controller too.)
 diff --git a/debian/source_samba.py b/debian/source_samba.py
 new file mode 100644
 index 0000000..9f0b46e
 --- /dev/null
 +++ b/debian/source_samba.py
@@ -0,0 +1,170 @@
++#!/usr/bin/python
++
++'''Samba Apport interface
++
++Copyright (C) 2010 Canonical Ltd/
++Author: Chuck Short <chuck.short@canonical.com>
++
++This program is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published by the
++Free Software Foundation; either version 2 of the License, or (at your
++option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
++the full text of the license.
++'''
++
++import os
++from subprocess import PIPE, Popen
++from apport.hookutils import *
++
++def run_testparm():
++	'''
++	Run the samba testparm(1) utility against /etc/samba/smb.conf.
++
++	We do not use apport's command_output() method here because:
++	- we need to discard stdout, as that includes smb.conf
++	- we want to know if its exit status is not zero, but that in itself
++	  is not an error in the test itself. command_output() would say the
++	  command failed and that would be confusing.
++
++	Returns stderr and the exit code (as a string) of testparm as a tuple or
++	None in the case of an error.
++	'''
++	command = ['testparm', '-s', '/etc/samba/smb.conf']
++	try:
++		testparm = Popen(command, stdout=PIPE, stderr=PIPE)
++	except OSError:
++		return None
++	_, err = testparm.communicate()
++	exit_code = testparm.wait()
++	return (err, str(exit_code))
++
++
++def recent_smblog(pattern):
++	'''Extract recent messages from log.smbd or messages which match a regex
++	   pattern should be a "re" object. '''
++	lines = ''
++	if os.path.exists('/var/log/samba/log.smbd'):
++		file = '/var/log/samba/log.smbd'
++	else:
++		return lines
++
++	for line in open(file):
++		if pattern.search(line):
++			lines += line
++	return lines
++
++def recent_nmbdlog(pattern):
++	''' Extract recent messages from log.nmbd or messages which match regex
++	    pattern should be a "re" object. '''
++	lines = ''
++	if os.path.exists('/var/log/samba/log.nmbd'):
++		file = '/var/log/samba/log.nmbd'
++	else:
++		return lines
++
++	for line in open(file):
++		if pattern.search(line):
++			lines += line
++	return lines
++
++def add_info(report, ui):
++	packages = ['samba', 'samba-common-bin', 'samba-common', 'samba-tools', 'smbclient', 'swat',
++		'samba-doc', 'samba-doc-pdf', 'smbfs', 'libpam-smbpass', 'libsmbclient', 'libsmbclient-dev',
++		'winbind', 'samba-dbg', 'libwbclient0']
++
++	versions = ''
++	for package in packages:
++		try:
++			version = packaging.get_version(package)
++		except ValueError:
++			version = 'N/A'
++		if version is None:
++			version = 'N/A'
++		versions += '%s %s\n' %(package, version)
++	report['SambaInstalledVersions'] = versions
++
++
++	# Interactive report
++	# start by checking if /etc/samba/smb.conf exists
++	if not os.path.exists ('/etc/samba/smb.conf'):
++		ui.information("The configuration file '/etc/samba/smb.conf' does not exist. This file, and its contents, are critical for the operation of the SAMBA package(s). A common situation for this is:\n  * you removed (but did not purge) SAMBA;\n  * later on, you (or somebody) manually deleted '/etc/samba/smb.conf;\n  * you reinstalled SAMBA.\nAs a result, this file is *not* reinstalled. If this is your case, please purge samba-common (e.g., sudo apt-get purge samba-common) and then reinstall SAMBA.\nYou may want to check other sources, like: https://answers.launchpad.net, https://help.ubuntu.com, and http://ubuntuforums.org. Please press any key to end apport's bug collection.")
++		raise StopIteration # we are out
++
++	ui.information("As a part of the bug reporting process, you'll be asked as series of questions to help provide a more descriptive bug report. Please answer the following questions to the best of your abilities. Afterwards, a browser will be opened to finish filing this as a bug in the Launchpad bug tracking system.")
++
++	response = ui.choice("How would you best describe your setup?", ["I am running a Windows File Server.", "I am connecting to a Windows File Server."], False)
++
++	if response == None:
++		raise StopIteration # user has canceled
++	elif response[0] == 0: #its a server
++		response = ui.yesno("Did this used to work properly with a previous release?")
++		if response == None: # user has canceled
++			raise StopIteration
++		if response == False:
++			report['SambaServerRegression'] = "No"
++		if response == True:
++			report['SambaServerRegression'] = 'Yes'
++
++		response = ui.choice("Which clients are failing to connect?", ["Windows", "Ubuntu", "Both", "Other"], False)
++		if response == None:
++			raise StopIteration # user has canceled
++		if response[0] == 0:
++			report['UbuntuFailedConnect'] = 'Yes'
++		if response[0] == 1:
++			report['WindowsFailedConnect'] = 'Yes'
++		if response[0] == 2:
++			report['BothFailedConnect']  = 'Yes'
++		if response[0] == 3:
++			report['OtherFailedConnect'] = 'Yes'
++
++		response = ui.yesno("The contents of your /etc/samba/smb.conf file may help developers diagnose your bug more quickly. However, it may contain sensitive information.  Do you want to include it in your bug report?")
++		if response == None:
++			raise StopIteration
++		if response == False:
++			report['SmbConfIncluded'] = 'No'
++		if response == True:
++			report['SmbConfIncluded'] = 'Yes'
++			attach_file_if_exists(report, '/etc/samba/smb.conf', key='SMBConf')
++		if command_available('testparm') and os.path.exists('/etc/samba/smb.conf'):
++			testparm_result = run_testparm()
++			testparm_response = ui.yesno("testparm(1) is a samba utility that will check /etc/samba/smb.conf for correctness and report issues it may find.  Do you want to include its stderr output in your bug report? If you answer no, then we will only include its numeric exit status.")
++			if testparm_response == None:
++				raise StopIteration
++			if testparm_response == True:
++				if testparm_result:
++					report['TestparmStderr'], report['TestparmExitCode'] = testparm_result
++			else: # only include the exit code
++				report['TestparmExitCode'] = testparm_result[1]
++
++		response = ui.yesno("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?")
++		if response == None:
++			raise StopIteration
++		elif response == False:
++			ui.information("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd will NOT be included in the bug report.")
++		elif response == True:
++			sec_re = re.compile('failed', re.IGNORECASE)
++			report['SmbLog'] = recent_smblog(sec_re)
++			report['NmbdLog'] = recent_nmbdlog(sec_re)
++
++	elif response[0] == 1: #its a client
++		response = ui.yesno("Did this used to work properly with a previous release?")
++		if response == None: #user has canceled
++			raise StopIteration
++		if response == False:
++			report['SambaClientRegression'] = "No"
++		if response == True:
++			report['SambaClientRegression'] = "Yes"
++
++		response = ui.choice("How is the remote share accessed from the Ubuntu system?", ["Nautilus (or other GUI Client)", "smbclient (from the command line)", "cifs filesystem mount (from /etc/fstab or a mount command)"], False)
++		if response == None: #user has canceled
++			raise StopIteration
++		if response[0] == 0:
++			attach_related_packages(report, ['nautilus', 'gvfs'])
++		if response[0] == 1:
++			ui.information("Please attach the output of 'smbclient -L localhost' to the end of this bug report.")
++		if response[0] == 2:
++			report['CIFSMounts'] = command_output(['findmnt', '-n', '-t', 'cifs'])
++			if os.path.exists('/proc/fs/cifs/DebugData'):
++				report['CifsVersion'] = command_output(['cat', '/proc/fs/cifs/DebugData'])
++
++	ui.information("After apport finishes collecting information, please document your steps to reproduce the issue when filling out the bug report.")

Ubuntusamba package

Merge ~ahasenack/ubuntu/+source/samba:cosmic-samba-merge-4.8-1778125 into ubuntu/+source/samba:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
samba package