Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:lunar-samba-merge-4175 into ubuntu/+source/samba:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. lunar-samba-merge-4175
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 0ee9ad0ef051c528d61e8b4216f7720bf060fbc4
Proposed branch: ~ahasenack/ubuntu/+source/samba:lunar-samba-merge-4175
Merge into: ubuntu/+source/samba:debian/sid
Diff against target: 2950 lines (+2611/-5)
4 files modified
debian/changelog (+2444/-0)
debian/control (+6/-5)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+157/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+436871@code.launchpad.net

Description of the change

Merge from debian.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/samba/+packages

DEP8 tests ran on an older version of the branch. The only difference is I added a sleep 5s right after starting the samba-ad-dc services.

Noteworthy changes:
- from Debian, it's two new packages related to AD DC provisioning. These will become NEW packages once I upload this. I tested an upgrades from a samba AD DC provisioned before these new packages existed, to a samba version with these new packages, and it worked fine.
- new DEP8 test to provision an AD DC server. Still in this cycle I plan to increment this test even further, and register samba member servers with this AD DC.

I can send this DEP8 test to debian now, but it won't run there, as it requires a VM, and Debian AFAIK only uses LXC.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

  - samba/2:4.17.5+dfsg-2ubuntu1~ppa1
    + ❌ samba on lunar for amd64 @ 05.02.23 21:57:57 Log️ 🗒️
      • cifs-share-access PASS 🟩
      • cifs-share-access-uring PASS 🟩
      • python-smoke PASS 🟩
      • smbclient-anonymous-share-list PASS 🟩
      • smbclient-authenticated-share-list PASS 🟩
      • smbclient-share-access PASS 🟩
      • smbclient-share-access-uring PASS 🟩
      • reinstall-samba-common-bin PASS 🟩
      • samba-ad-dc-provisioning-internal-dns FAIL 🟥
    + ✅ samba on lunar for amd64 @ 05.02.23 23:19:08 Log️ 🗒️
    + ✅ samba on lunar for arm64 @ 05.02.23 20:51:10 Log️ 🗒️
    + ✅ samba on lunar for armhf @ 05.02.23 20:19:09 Log️ 🗒️
    + ✅ samba on lunar for ppc64el @ 05.02.23 20:36:31 Log️ 🗒️
    + ✅ samba on lunar for s390x @ 05.02.23 20:36:37 Log️ 🗒️

So it looks like the new test failed initially but passed on a re-trigger? Is that what you meant by it ran on an earlier version of the branch (so same version number, but changed contents)? I take it the 5 sec sleep is to allow the server to finish initializing, prior to the administrator password prompt?

More review comments on the new test inline below. I don't know Samba well enough to judge if the test is testing all the right things, but the logic looks great. The code looks correct too, my suggestions are mainly formatting and little tweaks and nits, so feel free to take or ignore as makes sense to you. While I hope you can incorporate some of my suggestions, I didn't spot anything crucially in need of fixing, so I'm marking this as approved. The rest of the packaging looks good, delta is carried as usual and commits all match to changelog entries.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, bryce
Uploaders: ahasenack, bryce
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> So it looks like the new test failed initially but passed on a re-trigger?

Correct, that's why I added the sleep 5s (but the retrigger was without this sleep).

The failure was in getting the Administrator's kerberos ticket, i.e., a plain echo $password | timeout 5 kinit Administrator. The exit status 124 tells me it the kinit was killed by the "timeout 5s" prefix, so kinit was still thinking after 5s.

(...)
## DNS tests
Obtaining administrator kerberos ticket
Password for <email address hidden>:
autopkgtest [21:57:23]: test samba-ad-dc-provisioning-internal-dns: -----------------------]
samba-ad-dc-provisioning-internal-dns FAIL non-zero exit status 124

I rarely use the timeout command prefix, I just didn't want for a command like kinit to wait for user input forever at a prompt due to a mistake or some other failure. If it turns out this is what makes the test flaky in the future, I'll remove it.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> judge if the test is testing all the right things

There are definitely more things to test, and I will add more of those in the future. This can happen after feature freeze, though.

Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks Bryce! Since I did many changes, even though simple, I'll reupload the package to the ppa and trigger another round of tests, and upload if they pass.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

All tests passed (arm64 is stuck, but should be ok).

Squashing the extra commits and uploading.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uploaded:
Uploading samba_4.17.5+dfsg-2ubuntu1.dsc
Uploading samba_4.17.5+dfsg.orig.tar.xz
Uploading samba_4.17.5+dfsg-2ubuntu1.debian.tar.xz
Uploading samba_4.17.5+dfsg-2ubuntu1_source.buildinfo
Uploading samba_4.17.5+dfsg-2ubuntu1_source.changes

Update scan failed

At least one of the branches involved have failed to scan. You can manually schedule a rescan if required.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 4cc9ab1..93d3589 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
1samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium
2
3 * Merge with Debian unstable (LP: #2002181). Remaining changes:
4 - debian/control: Ubuntu i386 binary compatibility:
5 + drop ceph support
6 + enable the liburing vfs module, except on i386 where liburing is
7 not available
8 + build-depend on libglusterfs-dev only on !i386 arches
9 * Added:
10 - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD
11 DC provisioning test with internal DNS (LP: #1977746)
12
13 -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300
14
1samba (2:4.17.5+dfsg-2) unstable; urgency=medium15samba (2:4.17.5+dfsg-2) unstable; urgency=medium
216
3 * d/control: samba: depends on exact version of python3-samba17 * d/control: samba: depends on exact version of python3-samba
@@ -150,6 +164,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium
150164
151 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300165 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300
152166
167samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium
168
169 * No-change rebuild with Python 3.11 as default
170
171 -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000
172
173samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium
174
175 * Merge with Debian unstable (LP: #1993380). Remaining changes:
176 - debian/control: Ubuntu i386 binary compatibility:
177 + drop ceph support
178 - d/control: enable the liburing vfs module, except on i386 where
179 liburing is not available
180 - d/control: build-depend on libglusterfs-dev only on !i386 arches
181 * Dropped:
182 - debian/smb.conf;
183 + Add "(Samba, Ubuntu)" to server string.
184 [In 2:4.16.6+dfsg-1]
185 + Comment out the default [homes] share, and add a comment about
186 "valid users = %s" to show users how to restrict access to
187 \\server\username to only username.
188 [In 2:4.16.6+dfsg-1]
189 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
190 Skip running the tests if on i386 platform, because the uring
191 package is not available there.
192 [In 2:4.16.6+dfsg-1, improved]
193 - d/t/util: fix setting the password of the smb test user
194 (LP #1955851)
195 [In 2:4.16.5+dfsg-2]
196 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
197 [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6]
198 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
199 enable the samba glusterfs vfs mofule in that case
200 [In 2:4.16.6+dfsg-1]
201
202 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300
203
153samba (2:4.17.3+dfsg-3) unstable; urgency=medium204samba (2:4.17.3+dfsg-3) unstable; urgency=medium
154205
155 * d/control: winbind should depend on the same binary:Version206 * d/control: winbind should depend on the same binary:Version
@@ -446,6 +497,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium
446497
447 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300498 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300
448499
500samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
501
502 * Merge with Debian unstable. Remaining changes:
503 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
504 - debian/smb.conf;
505 + Add "(Samba, Ubuntu)" to server string.
506 + Comment out the default [homes] share, and add a comment about
507 "valid users = %s" to show users how to restrict access to
508 \\server\username to only username.
509 - debian/control: Ubuntu i386 binary compatibility:
510 + drop ceph support
511 - d/control: enable the liburing vfs module, except on i386 where
512 liburing is not available
513 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
514 Skip running the tests if on i386 platform, because the uring
515 package is not available there.
516 - d/t/util: fix setting the password of the smb test user
517 (LP #1955851)
518 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
519 enable the samba glusterfs vfs mofule in that case
520 - d/control: build-depend on libglusterfs-dev only on !i386 arches
521
522 -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300
523
449samba (2:4.16.4+dfsg-2) unstable; urgency=medium524samba (2:4.16.4+dfsg-2) unstable; urgency=medium
450525
451 * d/libldb2.symbols: include newly added symbols526 * d/libldb2.symbols: include newly added symbols
@@ -474,6 +549,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high
474549
475 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300550 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300
476551
552samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium
553
554 * Merge with Debian unstable (LP: #1982116). Remaining changes:
555 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
556 - debian/smb.conf;
557 + Add "(Samba, Ubuntu)" to server string.
558 + Comment out the default [homes] share, and add a comment about
559 "valid users = %s" to show users how to restrict access to
560 \\server\username to only username.
561 - debian/control: Ubuntu i386 binary compatibility:
562 + drop ceph support
563 - d/control: enable the liburing vfs module, except on i386 where
564 liburing is not available
565 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
566 Skip running the tests if on i386 platform, because the uring
567 package is not available there.
568 - d/t/util: fix setting the password of the smb test user
569 (LP #1955851)
570 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
571 enable the samba glusterfs vfs mofule in that case
572 - d/control: build-depend on libglusterfs-dev only on !i386 arches
573 * Dropped:
574 - Update nfs scripts for new nfs.conf config (LP: #1961840):
575 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
576 nfsconf(8) if it's available, instead of parsing the old config
577 files in /etc/default/nfs-*
578 [In 2:4.16.3+dfsg-1]
579 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
580 used by the example enable-nfs.sh example script
581 [In 2:4.16.3+dfsg-1]
582 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
583 used by the example enable-nfs.sh script
584 [In 2:4.16.3+dfsg-1]
585 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
586 obsolete, replaced by nfs.conf
587 [In 2:4.16.3+dfsg-1]
588 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
589 nfs.conf and other changes in the new nfs server packages
590 [In 2:4.16.3+dfsg-1]
591 - Fix abort when deleting a file and "fruit:resource = stream" is
592 used. (LP #1977491)
593 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
594 Add test that shows smbd crashing when deleting a file while using
595 vfs_fruit with "fruit:resource = stream".
596 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
597 Handle file deleting when "fruit:resource = stream" is used.
598 [Fixed upstream]
599 - Build dlz module for bind 9.18.x (LP #1964032)
600 + d/p/add-support-for-bind-918.patch: build a dlz module for
601 bind 9.18.x
602 + d/p/add-support-for-bind-918-2.patch: also update the
603 provisioning tool and template config file
604 [Fixed upstream]
605
606 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300
607
477samba (2:4.16.3+dfsg-1) unstable; urgency=medium608samba (2:4.16.3+dfsg-1) unstable; urgency=medium
478609
479 [ Michael Tokarev ]610 [ Michael Tokarev ]
@@ -485,6 +616,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium
485616
486 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300617 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300
487618
619samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
620
621 * Merge with Debian unstable. Remaining changes:
622 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
623 - debian/smb.conf;
624 + Add "(Samba, Ubuntu)" to server string.
625 + Comment out the default [homes] share, and add a comment about
626 "valid users = %s" to show users how to restrict access to
627 \\server\username to only username.
628 - debian/control: Ubuntu i386 binary compatibility:
629 + drop ceph support
630 - d/control: enable the liburing vfs module, except on i386 where
631 liburing is not available
632 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
633 Skip running the tests if on i386 platform, because the uring
634 package is not available there.
635 - d/t/util: fix setting the password of the smb test user
636 (LP #1955851)
637 - Update nfs scripts for new nfs.conf config (LP #1961840):
638 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
639 nfsconf(8) if it's available, instead of parsing the old config
640 files in /etc/default/nfs-*
641 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
642 used by the example enable-nfs.sh example script
643 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
644 used by the example enable-nfs.sh script
645 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
646 obsolete, replaced by nfs.conf
647 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
648 nfs.conf and other changes in the new nfs server packages
649 - Build dlz module for bind 9.18.x (LP #1964032)
650 + d/p/add-support-for-bind-918.patch: build a dlz module for
651 bind 9.18.x
652 + d/p/add-support-for-bind-918-2.patch: also update the
653 provisioning tool and template config file
654 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
655 enable the samba glusterfs vfs mofule in that case
656 - d/control: build-depend on libglusterfs-dev only on !i386 arches
657 - Fix abort when deleting a file and "fruit:resource = stream" is
658 used. (LP #1977491)
659 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
660 Add test that shows smbd crashing when deleting a file while using
661 vfs_fruit with "fruit:resource = stream".
662 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
663 Handle file deleting when "fruit:resource = stream" is used.
664
665 -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300
666
488samba (2:4.16.2+dfsg-1) unstable; urgency=medium667samba (2:4.16.2+dfsg-1) unstable; urgency=medium
489668
490 * new upstream minor/bugfix release.669 * new upstream minor/bugfix release.
@@ -506,6 +685,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium
506685
507 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300686 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300
508687
688samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
689
690 * Fix abort when deleting a file and "fruit:resource = stream" is
691 used. (LP: #1977491)
692 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
693 Add test that shows smbd crashing when deleting a file while using
694 vfs_fruit with "fruit:resource = stream".
695 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
696 Handle file deleting when "fruit:resource = stream" is used.
697
698 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400
699
700samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium
701
702 * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining
703 changes:
704 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
705 - debian/smb.conf;
706 + Add "(Samba, Ubuntu)" to server string.
707 + Comment out the default [homes] share, and add a comment about
708 "valid users = %s" to show users how to restrict access to
709 \\server\username to only username.
710 - debian/control: Ubuntu i386 binary compatibility:
711 + drop ceph support
712 - d/control: enable the liburing vfs module, except on i386 where
713 liburing is not available
714 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
715 Skip running the tests if on i386 platform, because the uring
716 package is not available there.
717 - d/t/util: fix setting the password of the smb test user
718 (LP #1955851)
719 - Update nfs scripts for new nfs.conf config (LP #1961840):
720 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
721 nfsconf(8) if it's available, instead of parsing the old config
722 files in /etc/default/nfs-*
723 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
724 used by the example enable-nfs.sh example script
725 + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota
726 config file to be used by the example enable-nfs.sh script
727 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
728 obsolete, replaced by nfs.conf
729 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
730 nfs.conf and other changes in the new nfs server packages
731 - Build dlz module for bind 9.18.x (LP #1964032)
732 + d/p/add-support-for-bind-918.patch: build a dlz module for
733 bind 9.18.x
734 + d/p/add-support-for-bind-918-2.patch: also update the
735 provisioning tool and template config file
736 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
737 enable the samba glusterfs vfs mofule in that case
738 - d/control: build-depend on libglusterfs-dev only on !i386 arches
739 * Dropped:
740 - d/control: add a versioned libgnutls28-dev build-depends to reduce
741 the amount of in-tree crypto code that is built
742 [superfluous, the version in the archive is recent enough]
743 - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195)
744 [Included in 2:4.13.13+dfsg-1]
745 - d/control: bump required build-depends
746 [Included in Debian]
747 - d/samba-libs.install: update list of installed libraries and
748 modules/plugins
749 [Done in Debian]
750 - debian/patches/CVE-2021-20254.patch: removed, applied upstream
751 [Applied upstream, Debian didn't have this patch]
752 - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
753 [Applied usptream, Debian did not have it]
754 - d/{gpb.conf,watch,README.source}: update for 4.15
755 [Debian updated it for 4.16]
756 - d/rules: remove --with-dnsupdate, it was merged with
757 --with-ads in samba 4.15.0
758 [Included in 2:4.16.0+dfsg-1]
759 - d/rules: drop removal of ctdb tests, they are no longer installed
760 [Included in 2:4.16.0+dfsg-1]
761 - Remove findsmb, no longer installed:
762 + d/smbclient.install: remove findsmb
763 + d/rules: drop fixing of findsmb shebang
764 [Included in 2:4.16.0+dfsg-1]
765 - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
766 no longer installed
767 [Included in 2:4.16.0+dfsg-1]
768 - d/ctdb.install: add tdb_mutex_check
769 [Included in 2:4.16.0+dfsg-1]
770 - d/winbind.install: add async_dns_krb5_locator
771 [Included in 2:4.16.0+dfsg-1]
772 - d/samba.install: install samba-bgqd and its manpage
773 [Included in 2:4.16.0+dfsg-1]
774 - d/{libsmbclient,libwbclient0}.symbols: symbols updates
775 [Obsolete, these were for 4.15.5]
776 - d/rules: drop dh_perl override, unneeded
777 [Included in 2:4.16.0+dfsg-1]
778 - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
779 Windows 2021-10 Monthly Rollup patch (LP #1951490)
780 [Included upstream in 4.16.0rc2]
781 - d/rules: install the new/changed ctdb example nfs files
782 [Installed via ctdb.examples]
783 * Added:
784 - rename ctdb example files nfs.conf and quota, to match what the
785 enable-nfs.sh script expects
786 - enable-nfs.sh ctdb example: use debian's filename for the
787 static port sysctl configuration
788 - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was
789 renamed to "cluster lock"
790
791 -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300
792
509samba (2:4.16.1+dfsg-8) unstable; urgency=medium793samba (2:4.16.1+dfsg-8) unstable; urgency=medium
510794
511 * fix the Breaks/Replaces versions in the previous upload for moving795 * fix the Breaks/Replaces versions in the previous upload for moving
@@ -802,6 +1086,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium
8021086
803 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +03001087 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300
8041088
1089samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium
1090
1091 * No-change rebuild against libicu71
1092
1093 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000
1094
1095samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
1096
1097 * Enable glusterfs support (LP: #1894618):
1098 - d/control: revert disabling of glusterfs, since it's in main now
1099 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1100 enable the samba glusterfs vfs mofule in that case
1101 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1102
1103 -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300
1104
1105samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium
1106
1107 * Build dlz module for bind 9.18.x (LP: #1964032)
1108 - d/p/add-support-for-bind-918.patch: build a dlz module for
1109 bind 9.18.x
1110 - d/samba-libs.install: remove fixme comment
1111 - d/p/add-support-for-bind-918-2.patch: also update the provisioning
1112 tool and template config file
1113
1114 -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300
1115
1116samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium
1117
1118 * Update nfs scripts for new nfs.conf config (LP: #1961840):
1119 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1120 nfsconf(8) if it's available, instead of parsing the old config
1121 files in /etc/default/nfs-*
1122 - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
1123 enable-nfs.sh example script
1124 - d/ctdb.example.quota: quota config file to be used by the example
1125 enable-nfs.sh script
1126 - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
1127 nfs.conf
1128 - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
1129 changes in the new nfs server packages
1130 - d/rules: install the new/changed ctdb example nfs files
1131
1132 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300
1133
1134samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
1135
1136 * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
1137 Windows 2021-10 Monthly Rollup patch (LP: #1951490)
1138
1139 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300
1140
1141samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
1142
1143 * d/{gpb.conf,watch,README.source}: update for 4.15
1144 * New upstream release: 4.15.5 (LP: #1946839)
1145 * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
1146 * d/rules: remove --with-dnsupdate, it was merged with
1147 --with-ads in samba 4.15.0
1148 * d/control: bump required build-depends
1149 * d/rules: drop removal of ctdb tests, they are no longer installed
1150 * Remove findsmb, no longer installed:
1151 - d/smbclient.install: remove findsmb
1152 - d/rules: drop fixing of findsmb shebang
1153 * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
1154 no longer installed
1155 * d/samba-libs.install: update list of installed libraries and
1156 modules/plugins
1157 * d/ctdb.install: add tdb_mutex_check
1158 * d/winbind.install: add async_dns_krb5_locator
1159 * d/samba.install: install samba-bgqd and its manpage
1160 * d/{libsmbclient,libwbclient0}.symbols: symbols updates
1161 * d/control: add python3-markdown to build-depends
1162 * d/watch: updated to handle ~dfsg versioning, thanks to
1163 Sergio Durigan Junior <sergio.durigan@canonical.com>
1164
1165 -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300
1166
1167samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
1168
1169 * Update to 4.13.17 as a security update
1170 - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
1171 * Removed patches included in new version:
1172 - debian/patches/trusted_domain_regression_fix.patch
1173 - debian/patches/bug14901-*.patch
1174 - debian/patches/bug14922.patch
1175
1176 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500
1177
805samba (2:4.13.14+dfsg-1) unstable; urgency=high1178samba (2:4.13.14+dfsg-1) unstable; urgency=high
8061179
807 * New upstream security release in order to address the following defects:1180 * New upstream security release in order to address the following defects:
@@ -828,6 +1201,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high
8281201
829 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +01001202 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100
8301203
1204samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium
1205
1206 * No-change rebuild for icu soname change
1207
1208 -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600
1209
1210samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
1211
1212 * d/t/util: fix setting the password of the smb test user
1213 (LP: #1955851)
1214
1215 -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300
1216
1217samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium
1218
1219 * No-change rebuild with Python 3.10 as default version
1220
1221 -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000
1222
1223samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
1224
1225 * SECURITY REGRESSION: Kerberos authentication on standalone server in
1226 MIT realm broken
1227 - debian/patches/bug14922.patch: fix MIT Realm regression in
1228 source3/auth/user_krb5.c.
1229
1230 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500
1231
1232samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium
1233
1234 * Update to 4.13.14 as a security update (LP: #1950363)
1235 - debian/patches/CVE-2021-20254.patch: removed, included in new
1236 version.
1237 - debian/control: bump ldb Build-Depends to 2.2.3.
1238 - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
1239 - debian/patches/trusted_domain_regression_fix.patch: fix regression
1240 introduced in 4.13.14.
1241 - debian/patches/bug14901-*.patch: upstream patches to fix some
1242 mapping issues.
1243 - debian/patches/bug14918-*.patch: upstream patches to properly handle
1244 dangling symlinks.
1245 - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
1246 CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
1247
1248 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500
1249
831samba (2:4.13.13+dfsg-1) unstable; urgency=high1250samba (2:4.13.13+dfsg-1) unstable; urgency=high
8321251
833 [ Athos Ribeiro ]1252 [ Athos Ribeiro ]
@@ -849,6 +1268,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high
8491268
850 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +01001269 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100
8511270
1271samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium
1272
1273 * No-change rebuild against liburing2
1274
1275 -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100
1276
1277samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
1278
1279 * d/samba.postinst: do not populate sambashare from the admin group
1280 (Debian packaging cherry-pick. LP: #1942195)
1281
1282 -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200
1283
1284samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium
1285
1286 * No-change rebuild due to OpenLDAP soname bump.
1287
1288 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400
1289
1290samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
1291
1292 * Merge with Debian unstable. Remaining changes:
1293 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1294 - debian/smb.conf;
1295 + Add "(Samba, Ubuntu)" to server string.
1296 + Comment out the default [homes] share, and add a comment about
1297 "valid users = %s" to show users how to restrict access to
1298 \\server\username to only username.
1299 - d/control: Disable glusterfs support because it's not in main.
1300 MIR bug is https://launchpad.net/bugs/1274247
1301 - debian/control: Ubuntu i386 binary compatibility:
1302 + drop ceph support
1303 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1304 the amount of in-tree crypto code that is built
1305 - d/control: enable the liburing vfs module, except on i386 where
1306 liburing is not available
1307 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1308 Skip running the tests if on i386 platform, because the uring
1309 package is not available there.
1310 * Dropped changes:
1311 - debian/samba-common.config:
1312 + Do not change priority to high if dhclient3 is installed.
1313 [Included in 2:4.13.4+dfsg-1]
1314 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1315 change nfs service name from nfs to nfs-kernel-server
1316 (LP #722201)
1317 [Included in 2:4.13.4+dfsg-1]
1318 - d/p/ctdb-config-enable-syslog-by-default.patch:
1319 enable syslog and systemd journal by default
1320 [Included in 2:4.13.4+dfsg-1]
1321 - debian/rules: Ubuntu i386 binary compatibility:
1322 + drop ceph support
1323 + disable the following binary packages:
1324 - ctdb
1325 - libnss-winbind
1326 - libpam-winbind
1327 - python3-samba
1328 - samba
1329 - samba-common-bin
1330 - samba-testsuite
1331 - winbind
1332 [Included in 2:4.13.4+dfsg-1]
1333 - debian/rules: Ubuntu i386 binary compatibility:
1334 + re-enable the following binary packages:
1335 - libnss-winbind
1336 - samba-common-bin
1337 - python3-samba
1338 - winbind
1339 [Included in 2:4.13.4+dfsg-1]
1340 - SECURITY UPDATE: wrong group entries via negative idmap cache entries
1341 + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
1342 source3/passdb/lookup_sid.c.
1343 + CVE-2021-20254
1344 [Included in 2:4.13.5+dfsg-2]
1345
1346 -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300
1347
852samba (2:4.13.5+dfsg-2) unstable; urgency=high1348samba (2:4.13.5+dfsg-2) unstable; urgency=high
8531349
854 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group1350 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
@@ -880,6 +1376,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium
8801376
881 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +01001377 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100
8821378
1379samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
1380
1381 * SECURITY UPDATE: wrong group entries via negative idmap cache entries
1382 - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
1383 source3/passdb/lookup_sid.c.
1384 - CVE-2021-20254
1385
1386 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400
1387
1388samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
1389
1390 * No change rebuild to pick up liburing, and also
1391 fix d/t/cifs-share-access-uring. (LP: #1914145)
1392
1393 -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300
1394
1395samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
1396
1397 * Merge with Debian unstable. Remaining changes:
1398 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1399 - debian/smb.conf;
1400 + Add "(Samba, Ubuntu)" to server string.
1401 + Comment out the default [homes] share, and add a comment about
1402 "valid users = %s" to show users how to restrict access to
1403 \\server\username to only username.
1404 - debian/samba-common.config:
1405 + Do not change priority to high if dhclient3 is installed.
1406 - d/control, d/rules: Disable glusterfs support because it's not in main.
1407 MIR bug is https://launchpad.net/bugs/1274247
1408 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1409 change nfs service name from nfs to nfs-kernel-server
1410 (LP #722201)
1411 - d/p/ctdb-config-enable-syslog-by-default.patch:
1412 enable syslog and systemd journal by default
1413 - debian/rules: Ubuntu i386 binary compatibility:
1414 + drop ceph support
1415 + disable the following binary packages:
1416 - ctdb
1417 - libnss-winbind
1418 - libpam-winbind
1419 - python3-samba
1420 - samba
1421 - samba-common-bin
1422 - samba-testsuite
1423 - winbind
1424 - debian/control: Ubuntu i386 binary compatibility:
1425 + drop ceph support
1426 - debian/rules: Ubuntu i386 binary compatibility:
1427 + re-enable the following binary packages:
1428 - libnss-winbind
1429 - samba-common-bin
1430 - python3-samba
1431 - winbind
1432 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1433 the amount of in-tree crypto code that is built
1434 - d/control: enable the liburing vfs module, except on i386 where
1435 liburing is not available
1436 * Dropped changes, incorporated by Debian:
1437 - d/t/smbclient-anonymous-share-list: add set -x and set -e
1438 - Factor out common DEP8 test code into d/t/util and change the tests
1439 to source from it:
1440 + d/t/util: added
1441 + d/t/cifs-share-access, d/t/smbclient-share-access: source from
1442 util, use random share name and add set -x and set -u
1443 + d/t/smbclient-authenticated-share-list: source from util and add
1444 set -x and set -u
1445 - Add new DEP8 tests for the uring vfs module:
1446 + d/t/control: add smbclient-share-access-uring and
1447 cifs-share-access-uring tests
1448 + d/t/smbclient-share-access-uring: new test
1449 + d/t/cifs-share-access-uring: new test
1450 - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
1451 guard uring tests with a kernel version check and skip if it's too old
1452 * Added changes:
1453 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1454 Skip running the tests if on i386 platform, because the uring
1455 package is not available there.
1456
1457 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500
1458
883samba (2:4.13.3+dfsg-1) unstable; urgency=medium1459samba (2:4.13.3+dfsg-1) unstable; urgency=medium
8841460
885 [ Andreas Hasenack ]1461 [ Andreas Hasenack ]
@@ -895,6 +1471,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium
8951471
896 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +01001472 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100
8971473
1474samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium
1475
1476 * Merge with Debian unstable (LP: #1905048). Remaining changes:
1477 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1478 - debian/smb.conf;
1479 + Add "(Samba, Ubuntu)" to server string.
1480 + Comment out the default [homes] share, and add a comment about
1481 "valid users = %s" to show users how to restrict access to
1482 \\server\username to only username.
1483 - debian/samba-common.config:
1484 + Do not change priority to high if dhclient3 is installed.
1485 - d/control, d/rules: Disable glusterfs support because it's not in main.
1486 MIR bug is https://launchpad.net/bugs/1274247
1487 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1488 change nfs service name from nfs to nfs-kernel-server
1489 (LP #722201)
1490 - d/p/ctdb-config-enable-syslog-by-default.patch:
1491 enable syslog and systemd journal by default
1492 - debian/rules: Ubuntu i386 binary compatibility:
1493 + drop ceph support
1494 + disable the following binary packages:
1495 - ctdb
1496 - libnss-winbind
1497 - libpam-winbind
1498 - python3-samba
1499 - samba
1500 - samba-common-bin
1501 - samba-testsuite
1502 - winbind
1503 - debian/control: Ubuntu i386 binary compatibility:
1504 + drop ceph support
1505 - debian/rules: Ubuntu i386 binary compatibility:
1506 + re-enable the following binary packages:
1507 - libnss-winbind
1508 - samba-common-bin
1509 - python3-samba
1510 - winbind
1511 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1512 the amount of in-tree crypto code that is built
1513 * d/t/smbclient-anonymous-share-list: add set -x and set -e
1514 * Factor out common DEP8 test code into d/t/util and change the tests
1515 to source from it:
1516 - d/t/util: added
1517 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
1518 util, use random share name and add set -x and set -u
1519 - d/t/smbclient-authenticated-share-list: source from util and add
1520 set -x and set -u
1521 * d/control: enable the liburing vfs module, except on i386 where
1522 liburing is not available
1523 * Add new DEP8 tests for the uring vfs module:
1524 - d/t/control: add smbclient-share-access-uring and
1525 cifs-share-access-uring tests
1526 - d/t/smbclient-share-access-uring: new test
1527 - d/t/cifs-share-access-uring: new test
1528 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
1529 guard uring tests with a kernel version check and skip if it's too old
1530 * Dropped changes:
1531 - SECURITY UPDATE: Unauthenticated domain controller compromise by
1532 subverting Netlogon cryptography (ZeroLogon)
1533 + debian/patches/zerologon-*.patch: backport upstream patches:
1534 + For compatibility reasons, allow specifying an insecure netlogon
1535 configuration per machine. See the following link for examples:
1536 https://www.samba.org/samba/security/CVE-2020-1472.html
1537 + Add additional server checks for the protocol attack in the
1538 client-specified challenge to provide some protection when
1539 'server schannel = no/auto' and avoid the false-positive results
1540 when running the proof-of-concept exploit.
1541 [ Incorporated by upstream. ]
1542 - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
1543 + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
1544 get set unless the directory handle is open for SEC_DIR_LIST in
1545 source4/torture/smb2/notify.c, source3/smbd/notify.c.
1546 + CVE-2020-14318
1547 - SECURITY UPDATE: Unprivileged user can crash winbind
1548 + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
1549 source3/winbindd/winbindd_lookupsids.c,
1550 source4/torture/winbind/struct_based.c.
1551 + CVE-2020-14323
1552 - SECURITY UPDATE: DNS server crash via invalid records
1553 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
1554 with NULL and do not crash when additional data not found in
1555 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
1556 + CVE-2020-14383
1557 [ Incorporated by upstream. ]
1558
1559 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500
1560
898samba (2:4.13.2+dfsg-3) unstable; urgency=medium1561samba (2:4.13.2+dfsg-3) unstable; urgency=medium
8991562
900 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)1563 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
@@ -940,6 +1603,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium
9401603
941 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +01001604 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100
9421605
1606samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
1607
1608 * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
1609 - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
1610 get set unless the directory handle is open for SEC_DIR_LIST in
1611 source4/torture/smb2/notify.c, source3/smbd/notify.c.
1612 - CVE-2020-14318
1613 * SECURITY UPDATE: Unprivileged user can crash winbind
1614 - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
1615 source3/winbindd/winbindd_lookupsids.c,
1616 source4/torture/winbind/struct_based.c.
1617 - CVE-2020-14323
1618 * SECURITY UPDATE: DNS server crash via invalid records
1619 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
1620 with NULL and do not crash when additional data not found in
1621 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
1622 - CVE-2020-14383
1623
1624 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400
1625
1626samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
1627
1628 * SECURITY UPDATE: Unauthenticated domain controller compromise by
1629 subverting Netlogon cryptography (ZeroLogon)
1630 - debian/patches/zerologon-*.patch: backport upstream patches:
1631 + For compatibility reasons, allow specifying an insecure netlogon
1632 configuration per machine. See the following link for examples:
1633 https://www.samba.org/samba/security/CVE-2020-1472.html
1634 + Add additional server checks for the protocol attack in the
1635 client-specified challenge to provide some protection when
1636 'server schannel = no/auto' and avoid the false-positive results
1637 when running the proof-of-concept exploit.
1638 - CVE-2020-1472
1639
1640 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400
1641
1642samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
1643
1644 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
1645 guard uring tests with a kernel version check and skip if it's too old
1646
1647 -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300
1648
1649samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
1650
1651 * d/t/smbclient-anonymous-share-list: add set -x and set -e
1652 * Factor out common DEP8 test code into d/t/util and change the tests
1653 to source from it:
1654 - d/t/util: added
1655 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
1656 util, use random share name and add set -x and set -u
1657 - d/t/smbclient-authenticated-share-list: source from util and add
1658 set -x and set -u
1659 * d/control: enable the liburing vfs module, except on i386 where
1660 liburing is not available
1661 * Add new DEP8 tests for the uring vfs module:
1662 - d/t/control: add smbclient-share-access-uring and
1663 cifs-share-access-uring tests
1664 - d/t/smbclient-share-access-uring: new test
1665 - d/t/cifs-share-access-uring: new test
1666
1667 -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300
1668
1669samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
1670
1671 * Merge with Debian unstable. Remaining changes:
1672 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1673 - debian/smb.conf;
1674 + Add "(Samba, Ubuntu)" to server string.
1675 + Comment out the default [homes] share, and add a comment about
1676 "valid users = %s" to show users how to restrict access to
1677 \\server\username to only username.
1678 - debian/samba-common.config:
1679 + Do not change priority to high if dhclient3 is installed.
1680 - d/control, d/rules: Disable glusterfs support because it's not in main.
1681 MIR bug is https://launchpad.net/bugs/1274247
1682 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1683 change nfs service name from nfs to nfs-kernel-server
1684 (LP #722201)
1685 - d/p/ctdb-config-enable-syslog-by-default.patch:
1686 enable syslog and systemd journal by default
1687 - debian/rules: Ubuntu i386 binary compatibility:
1688 + drop ceph support
1689 + disable the following binary packages:
1690 - ctdb
1691 - libnss-winbind
1692 - libpam-winbind
1693 - python3-samba
1694 - samba
1695 - samba-common-bin
1696 - samba-testsuite
1697 - winbind
1698 - debian/control: Ubuntu i386 binary compatibility:
1699 + drop ceph support
1700 - debian/rules: Ubuntu i386 binary compatibility:
1701 + re-enable the following binary packages:
1702 - libnss-winbind
1703 - samba-common-bin
1704 - python3-samba
1705 - winbind
1706 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1707 the amount of in-tree crypto code that is built
1708 * Dropped:
1709 - d/gbp.conf, d/watch, d/README.source: update for 4.12
1710 [In 2:4.12.3+dfsg-1]
1711 - d/control: bump build-depends:
1712 + ldb: 2.1.2
1713 + tevent: 0.10.2
1714 + tdb: 1.4.3
1715 + talloc: 2.3.1
1716 [In 2:4.12.3+dfsg-1]
1717 - d/smbclient.install: add new binary mdfind and its manpage
1718 [In 2:4.12.3+dfsg-1]
1719 - d/samba-dev.install, d/samba-libs.install: new lib
1720 libdcerpc-server-core
1721 [In 2:4.12.3+dfsg-1]
1722 - d/samba-libs.install: new library libtalloc-report-printf
1723 [In 2:4.12.3+dfsg-1]
1724 - d/libwbclient0.install: remove libaesni, no longer built when
1725 gnutls provides AES CMAC
1726 [In 2:4.12.3+dfsg-1]
1727 - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
1728 [In 2:4.12.3+dfsg-1]
1729 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
1730 [Dropped in 2:4.12.3+dfsg-1]
1731 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
1732 [Dropped in 2:4.12.3+dfsg-1]
1733 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
1734 [Dropped in 2:4.12.3+dfsg-1]
1735
1736 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300
1737
943samba (2:4.12.5+dfsg-3) unstable; urgency=high1738samba (2:4.12.5+dfsg-3) unstable; urgency=high
9441739
945 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump1740 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
@@ -1004,6 +1799,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium
10041799
1005 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +02001800 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200
10061801
1802samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
1803
1804 * New upstream version: 4.12.2
1805 * d/gbp.conf, d/watch, d/README.source: update for 4.12
1806 * d/control: bump build-depends:
1807 - ldb: 2.1.2
1808 - tevent: 0.10.2
1809 - tdb: 1.4.3
1810 - talloc: 2.3.1
1811 * d/smbclient.install: add new binary mdfind and its manpage
1812 * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
1813 * d/samba-libs.install: new library libtalloc-report-printf
1814 * d/libwbclient0.install: remove libaesni, no longer built when
1815 gnutls provides AES CMAC
1816 * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
1817 * d/control: add a versioned libgnutls28-dev build-depends to reduce
1818 the amount of in-tree crypto code that is built
1819 * Dropped (applied upstream):
1820 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
1821 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
1822 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
1823 - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
1824
1825 -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300
1826
1827samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
1828
1829 * SECURITY UPDATE: Use-after-free in AD DC LDAP server
1830 - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
1831 combination with paged_results in selftest/knownfail.d/asq,
1832 source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
1833 - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
1834 for the GUID search in paged_results in selftest/knownfail.d/asq,
1835 source4/dsdb/samdb/ldb_modules/paged_results.c.
1836 - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
1837 Build-Depends to 2.0.10.
1838 - CVE-2020-10700
1839 * SECURITY UPDATE: Stack overflow in AD DC LDAP server
1840 - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
1841 auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
1842 lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
1843 libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
1844 source3/lib/tldap.c, source3/lib/tldap_util.c,
1845 source3/libsmb/clispnego.c, source3/torture/torture.c,
1846 source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
1847 source4/libcli/ldap/ldap_client.c,
1848 source4/libcli/ldap/ldap_controls.c.
1849 - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
1850 lib/util/asn1.c.
1851 - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
1852 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
1853 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
1854 lib/param/loadparm.c, source3/param/loadparm.c.
1855 - debian/patches/CVE-2020-10704-6.patch: limit request sizes in
1856 source4/ldap_server/ldap_server.c.
1857 - debian/patches/CVE-2020-10704-7.patch: add search size limits to
1858 ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
1859 lib/param/loadparm.c, libcli/cldap/cldap.c,
1860 libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
1861 source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
1862 source4/libcli/ldap/ldap_client.c.
1863 - debian/patches/CVE-2020-10704-8.patch: check search request lengths
1864 in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
1865 - CVE-2020-10704
1866
1867 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400
1868
1869samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium
1870
1871 * New upstream release: 4.11.6
1872 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream
1873
1874 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300
1875
1876samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium
1877
1878 * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324)
1879
1880 -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300
1881
1882samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
1883
1884 * Merge with Debian unstable. Remaining changes:
1885 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1886 - debian/smb.conf;
1887 + Add "(Samba, Ubuntu)" to server string.
1888 + Comment out the default [homes] share, and add a comment about
1889 "valid users = %s" to show users how to restrict access to
1890 \\server\username to only username.
1891 - debian/samba-common.config:
1892 + Do not change priority to high if dhclient3 is installed.
1893 - d/control, d/rules: Disable glusterfs support because it's not in main.
1894 MIR bug is https://launchpad.net/bugs/1274247
1895 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1896 change nfs service name from nfs to nfs-kernel-server
1897 (LP #722201)
1898 - d/p/ctdb-config-enable-syslog-by-default.patch:
1899 enable syslog and systemd journal by default
1900 - debian/rules: Ubuntu i386 binary compatibility:
1901 + drop ceph support
1902 + disable the following binary packages:
1903 - ctdb
1904 - libnss-winbind
1905 - libpam-winbind
1906 - python3-samba
1907 - samba
1908 - samba-common-bin
1909 - samba-testsuite
1910 - winbind
1911 - debian/control: Ubuntu i386 binary compatibility:
1912 + drop ceph support
1913 - debian/rules: Ubuntu i386 binary compatibility:
1914 + re-enable the following binary packages:
1915 - libnss-winbind
1916 - samba-common-bin
1917 - python3-samba
1918 - winbind
1919 * Dropped:
1920 - d/control: drop python3-matplotlib. It's only used in
1921 script/attr_count_read which is not installed with the
1922 samba packages.
1923 [In 2:4.11.3+dfsg-1]
1924
1925 -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300
1926
1007samba (2:4.11.5+dfsg-1) unstable; urgency=medium1927samba (2:4.11.5+dfsg-1) unstable; urgency=medium
10081928
1009 * New upstream security release1929 * New upstream security release
@@ -1031,6 +1951,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high
10311951
1032 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +01001952 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100
10331953
1954samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium
1955
1956 * Ubuntu i386 binary compatibility effort: (LP: #1861316)
1957 - debian/rules:
1958 + re-enable the following binary packages generation:
1959 - libnss-winbind
1960 - samba-common-bin
1961 - python3-samba
1962 - winbind
1963
1964 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000
1965
1966samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium
1967
1968 * No-change rebuild to build with python3.8.
1969
1970 -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000
1971
1972samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium
1973
1974 * Ubuntu i386 binary compatibility effort: (LP: #1858479)
1975 - debian/control:
1976 + drop ceph support
1977 - debian/rules:
1978 + drop ceph support
1979 + disable the following binary packages generation:
1980 - ctdb
1981 - libnss-winbind
1982 - libpam-winbind
1983 - python3-samba
1984 - samba
1985 - samba-common-bin
1986 - samba-testsuite
1987 - winbind
1988
1989 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000
1990
1991samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium
1992
1993 * Merge with Debian unstable. Remaining changes:
1994 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1995 - debian/smb.conf;
1996 + Add "(Samba, Ubuntu)" to server string.
1997 + Comment out the default [homes] share, and add a comment about
1998 "valid users = %s" to show users how to restrict access to
1999 \\server\username to only username.
2000 - debian/samba-common.config:
2001 + Do not change priority to high if dhclient3 is installed.
2002 - d/control, d/rules: Disable glusterfs support because it's not in main.
2003 MIR bug is https://launchpad.net/bugs/1274247
2004 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2005 change nfs service name from nfs to nfs-kernel-server
2006 (LP #722201)
2007 [Adopted the Debian version and added a couple of extra hunks
2008 we had]
2009 - d/p/ctdb-config-enable-syslog-by-default.patch:
2010 enable syslog and systemd journal by default
2011 * Dropped:
2012 - Add apport hook:
2013 + Created debian/source_samba.py.
2014 + debian/rules, debian/samba-common-bin.install: install hook.
2015 [In 2:4.9.4+dfsg-2]
2016 - Removed patches already applied upstream:
2017 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
2018 [Removed in 2:4.10.7+dfsg-1]
2019 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
2020 [Removed in 4.9.5+dfsg-1]
2021 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
2022 [Refreshed in 2:4.1.17+dfsg-1]
2023 - d/control: Updated build dependencies (already updated in Debian):
2024 + tdb >= 1.3.17
2025 + talloc >= 2.1.15
2026 + tevent >= 0.9.38
2027 + ldb >= 1.5.3
2028 - d/samba-common.docs: README is now README.md
2029 [In 2:4.10.7+dfsg-1]
2030 - d/libsmbclient.symbols: update symbols for this version
2031 - d/libwbclient0.symbols: update symbols for this version
2032 - d/ctdb.install: new binary ctdb_local_daemons
2033 [In 2:4.10.7+dfsg-1]
2034 - d/samba-dev.install: use globbing for the header files with
2035 exceptions for wbclient.h and libsmbclient.h, which belong in
2036 other packages.
2037 [In 2:4.10.7+dfsg-1]
2038 - d/rules: fix globbing used to move the dckeytab python module to the
2039 samba package, and add a comment explaining why this is being done.
2040 [In 2:4.10.7+dfsg-1]
2041 - Switch to python3 (in 2:4.10.7+dfsg-1):
2042 + d/rules: calculate the ldb version using python3, and drop the
2043 "really" bit since the real 1.5.x series is being used now.
2044 + d/rules: make sure python3 is used for the build
2045 + d/rules: adjust globbing to remove the python3 version of tevent.so
2046 + d/rules: drop PYVERS, unused
2047 + d/control: adjust dependencies (build and runtime) for python3
2048 + d/python3-samba.install, d/control: new python3-samba package
2049 (LP #1440381)
2050 + d/control, d/python-samba.install: get rid of python-samba, which is py2
2051 + d/python3-samba.lintian-overrides: use the same overrides we had for
2052 python-samba, now deleted.
2053 + d/samba-dev.install, d/samba-libs.install: update file list
2054 + d/t/control, d/t/python-smoke: use python3
2055 + d/control: use ${python3:Depends} now instead of the python 2
2056 counterpart for samba and samba-common-bin.
2057 - d/control: drop suggests for python-gpgme, it's no longer available.
2058 [In 2:4.10.7+dfsg-1]
2059 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
2060 [In 2:4.10.7+dfsg-1]
2061 - d/control: update cmocka build-depends to >= 1.1.3
2062 [In 2:4.10.7+dfsg-1]
2063 - d/samba-libs.install: bump passdb minor to 0.27.2
2064 [In 2:4.10.7+dfsg-1]
2065 - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
2066 to allow pid file to exist (LP #1821775)
2067 [In 2:4.10.7+dfsg-1]
2068 - Allow proper ctdb initalization (LP #1828799):
2069 + d/ctdb.dirs: added /var/lib/ctdb/* directories
2070 + d/ctdb.postrm: remove leftovers from:
2071 /var/lib/ctdb/{state,persistent,volatile,scripts}
2072 [In 2:4.10.7+dfsg-1]
2073 - d/rules: installing provided config examples and helper scripts
2074 - Examples of NFS HA CTDB config files + helper script:
2075 + d/ctdb.example.enable.nfs.sh
2076 + d/ctdb.example.nfs-common
2077 + d/ctdb.example.nfs-kernel-server
2078 + d/ctdb.example.services
2079 + d/ctdb.example.sysctl-nfs-static-ports.conf
2080 [In 2:4.10.7+dfsg-1]
2081 - debian/rules: Make DEB_HOST_ARCH_CPU initialized through
2082 dpkg-architecture (Closes: #931138)
2083 [In 2:4.10.7+dfsg-1]
2084 - d/control: update ldb build-deps to 1.5.5
2085 [In 2:4.10.7+dfsg-1]
2086 - SECURITY UPDATE: restricted share escape by user (LP #1842533)
2087 [fixed upstream in 4.11.0rc2]
2088 + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
2089 out impersonation debug info into a new function.
2090 + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
2091 change_to_user_internal() always resets current_user.done_chdir
2092 + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
2093 reset current_user.{need,done}_chdir in become_root()
2094 + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
2095 fsrvp_share its own independent subdirectory
2096 + debian/patches/CVE-2019-10197-05-v4-10.patch:
2097 test_smbclient_s3.sh: add regression test for the no permission
2098 on share root problem
2099 + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
2100 change_to_user_impersonate() out of change_to_user_internal()
2101 + CVE-2019-10197
2102 * Added:
2103 - d/control: drop python3-matplotlib. It's only used in
2104 script/attr_count_read which is not installed with the
2105 samba packages.
2106
2107 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300
2108
1034samba (2:4.11.1+dfsg-3) unstable; urgency=medium2109samba (2:4.11.1+dfsg-3) unstable; urgency=medium
10352110
1036 * Add some python dependencies:2111 * Add some python dependencies:
@@ -1239,6 +2314,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium
12392314
1240 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +02002315 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200
12412316
2317samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium
2318
2319 * No-change rebuild to build with python3.8.
2320
2321 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000
2322
2323samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium
2324
2325 * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
2326 - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
2327 out impersonation debug info into a new function.
2328 - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
2329 change_to_user_internal() always resets current_user.done_chdir
2330 - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
2331 reset current_user.{need,done}_chdir in become_root()
2332 - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
2333 fsrvp_share its own independent subdirectory
2334 - debian/patches/CVE-2019-10197-05-v4-10.patch:
2335 test_smbclient_s3.sh: add regression test for the no permission
2336 on share root problem
2337 - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
2338 change_to_user_impersonate() out of change_to_user_internal()
2339 - CVE-2019-10197
2340
2341 -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700
2342
2343samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium
2344
2345 * New upstream version: 4.10.7
2346 - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped,
2347 included upstream in 4.10.7
2348
2349 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300
2350
2351samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium
2352
2353 * New upstream version: 4.10.6
2354 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update
2355 the Debian config and use it.
2356 - d/control: update ldb build-deps to 1.5.5
2357 * Dropped:
2358 - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5
2359 - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5
2360 - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3
2361 - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2
2362 - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2
2363 - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1
2364 - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed
2365 upstream in 4.10.5
2366
2367 -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300
2368
2369samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium
2370
2371 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2372 change service name from nfs to nfs-kernel-server in
2373 legacy script 06.nfs.script also (LP: #722201)
2374
2375 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000
2376
2377samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium
2378
2379 * debian/rules: Make DEB_HOST_ARCH_CPU initialized through
2380 dpkg-architecture (Closes: #931138)
2381 * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch:
2382 fix tcp_tw_recycle existence check. (LP: #722201)
2383 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2384 change nfs service name from nfs to nfs-kernel-server
2385 (LP: #722201)
2386 * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
2387 to allow pid file to exist (LP: #1821775)
2388 * Allow proper ctdb initialization (LP: #1828799):
2389 - d/ctdb.dirs: added /var/lib/ctdb/* directories
2390 - d/ctdb.postrm: remove leftovers from:
2391 /var/lib/ctdb/{state,persistent,volatile,scripts}
2392 * d/rules: installing provided config examples and helper scripts
2393 * Examples of NFS HA CTDB config files + helper script:
2394 - d/ctdb.example.enable.nfs.sh
2395 - d/ctdb.example.nfs-common
2396 - d/ctdb.example.nfs-kernel-server
2397 - d/ctdb.example.services
2398 - d/ctdb.example.sysctl-nfs-static-ports.conf
2399 * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch:
2400 do not try to start daemon if /etc/ctdb/nodes does not exist
2401 * d/p/ctdb-config-enable-syslog-by-default.patch:
2402 enable syslog and systemd journal by default
2403
2404 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000
2405
2406samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
2407
2408 * SECURITY UPDATE: zone operations can crash rpc server
2409 - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
2410 not found in DnssrvOperation in
2411 python/samba/tests/dcerpc/dnsserver.py,
2412 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2413 - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
2414 not found in DnssrvOperation2 in
2415 python/samba/tests/dcerpc/dnsserver.py,
2416 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2417 - CVE-2019-12435
2418 * SECURITY UPDATE: paged_searches crash on LDAP and homes access
2419 - debian/patches/CVE-2019-12436.patch: ignore successful results
2420 without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
2421 source4/dsdb/tests/python/vlv.py.
2422 - CVE-2019-12436
2423
2424 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400
2425
2426samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium
2427
2428 * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
2429 - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
2430 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
2431 source4/torture/krb5/kdc-canon-heimdal.c.
2432 - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
2433 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
2434 source4/heimdal/kdc/krb5tgs.c.
2435 - CVE-2018-16860
2436
2437 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400
2438
2439samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium
2440
2441 * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
2442 - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
2443 umask being overwritten in python/samba/tests/ntacls_backup.py,
2444 python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
2445 selftest/knownfail.d/umask-leak.
2446 - debian/patches/CVE-2019-3870-2.patch: add test to check
2447 file-permissions are correct after provision in
2448 selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
2449 source4/setup/tests/provision_fileperms.sh.
2450 - debian/patches/CVE-2019-3870-3.patch: include tests to show the
2451 outside umask has no impact in python/samba/tests/ntacls_backup.py,
2452 python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
2453 - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
2454 close as possible to users in source3/smbd/pysmbd.c,
2455 selftest/knownfail.d/provision_fileperms,
2456 selftest/knownfail.d/umask-leak.
2457 - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
2458 smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
2459 source3/smbd/pysmbd.c.
2460 - CVE-2019-3870
2461 * SECURITY UPDATE: save registry file outside share as unprivileged user
2462 - debian/patches/CVE-2019-3880.patch: remove implementations of
2463 SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
2464 - CVE-2019-3880
2465
2466 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400
2467
2468samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium
2469
2470 * New upstream version: 4.10.0
2471 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
2472 - d/control: update cmocka build-depends to >= 1.1.3
2473 - d/samba-libs.install: bump passdb minor to 0.27.2
2474 * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to
2475 Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846)
2476
2477 -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300
2478
2479samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium
2480
2481 * New upstream version 4.10.0rc4 (LP: #1818518):
2482 - Removed patches already applied upstream:
2483 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
2484 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
2485 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
2486 - d/control: Updated build dependencies:
2487 + tdb >= 1.3.17
2488 + talloc >= 2.1.15
2489 + tevent >= 0.9.38
2490 + ldb >= 1.5.3
2491 - d/samba-common.docs: README is now README.md
2492 - d/libsmbclient.symbols: update symbols for this version
2493 - d/libwbclient0.symbols: update symbols for this version
2494 - d/ctdb.install: new binary ctdb_local_daemons
2495 - d/samba-dev.install: use globbing for the header files with
2496 exceptions for wbclient.h and libsmbclient.h, which belong in
2497 other packages.
2498 - d/rules: fix globbing used to move the dckeytab python module to the
2499 samba package, and add a comment explaining why this is being done.
2500 * Switch to python3:
2501 - d/rules: calculate the ldb version using python3, and drop the
2502 "really" bit since the real 1.5.x series is being used now.
2503 - d/rules: make sure python3 is used for the build
2504 - d/rules: adjust globbing to remove the python3 version of tevent.so
2505 - d/rules: drop PYVERS, unused
2506 - d/control: adjust dependencies (build and runtime) for python3
2507 - d/python3-samba.install, d/control: new python3-samba package
2508 (LP: #1440381)
2509 - d/control, d/python-samba.install: get rid of python-samba, which is py2
2510 - d/python3-samba.lintian-overrides: use the same overrides we had for
2511 python-samba, now deleted.
2512 - d/samba-dev.install, d/samba-libs.install: update file list
2513 - d/t/control, d/t/python-smoke: use python3
2514 - d/control: use ${python3:Depends} now instead of the python 2
2515 counterpart for samba and samba-common-bin.
2516 * d/control: drop suggests for python-gpgme, it's no longer available.
2517
2518 -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000
2519
1242samba (2:4.9.5+dfsg-1) experimental; urgency=medium2520samba (2:4.9.5+dfsg-1) experimental; urgency=medium
12432521
1244 * New upstream release2522 * New upstream release
@@ -1283,6 +2561,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium
12832561
1284 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +01002562 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100
12852563
2564samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium
2565
2566 * Merge with Debian unstable. Remaining changes:
2567 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2568 - debian/smb.conf;
2569 + Add "(Samba, Ubuntu)" to server string.
2570 + Comment out the default [homes] share, and add a comment about
2571 "valid users = %s" to show users how to restrict access to
2572 \\server\username to only username.
2573 - debian/samba-common.config:
2574 + Do not change priority to high if dhclient3 is installed.
2575 - Add apport hook:
2576 + Created debian/source_samba.py.
2577 + debian/rules, debian/samba-common-bin.install: install hook.
2578 - d/control, d/rules: Disable glusterfs support because it's not in main.
2579 MIR bug is https://launchpad.net/bugs/1274247
2580 * Dropped:
2581 - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
2582 failing without a valid idmap configuration. This fixes the smbd startup
2583 on a standalone server where winbind is available and running. Thanks to
2584 Stefan Metzmacher <metze@samba.org>. (LP #1806035)
2585 [Fixed in 2:4.9.4+dfsg-1]
2586
2587 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200
2588
1286samba (2:4.9.4+dfsg-1) unstable; urgency=medium2589samba (2:4.9.4+dfsg-1) unstable; urgency=medium
12872590
1288 * New upstream release2591 * New upstream release
@@ -1293,6 +2596,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium
12932596
1294 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +01002597 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100
12952598
2599samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium
2600
2601 * No-change rebuild for readline soname change.
2602
2603 -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000
2604
2605samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
2606
2607 * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
2608 failing without a valid idmap configuration. This fixes the smbd startup
2609 on a standalone server where winbind is available and running. Thanks to
2610 Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
2611
2612 -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
2613
2614samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
2615
2616 * Merge with Debian unstable. Remaining changes:
2617 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2618 - debian/smb.conf;
2619 + Add "(Samba, Ubuntu)" to server string.
2620 + Comment out the default [homes] share, and add a comment about
2621 "valid users = %s" to show users how to restrict access to
2622 \\server\username to only username.
2623 - debian/samba-common.config:
2624 + Do not change priority to high if dhclient3 is installed.
2625 - Add apport hook:
2626 + Created debian/source_samba.py.
2627 + debian/rules, debian/samba-common-bin.install: install hook.
2628 - d/control, d/rules: Disable glusterfs support because it's not in main.
2629 MIR bug is https://launchpad.net/bugs/1274247
2630 * Dropped:
2631 - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
2632 errors (LP: 1795772)
2633 [Fixed upstream]
2634
2635 -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200
2636
1296samba (2:4.9.2+dfsg-2) unstable; urgency=high2637samba (2:4.9.2+dfsg-2) unstable; urgency=high
12972638
1298 * New upstream security release2639 * New upstream security release
@@ -1402,6 +2743,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium
14022743
1403 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +02002744 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200
14042745
2746samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium
2747
2748 * No-change rebuild against libldb1 1.4.2
2749
2750 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000
2751
2752samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high
2753
2754 [ Karl Stenerud ]
2755 * d/p/fix-rmdir.patch: Fix to make the samba client library report
2756 directory-not-empty errors (LP: #1795772)
2757
2758 -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300
2759
2760samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
2761
2762 * Merge with Debian unstable (LP: #1778125). Remaining changes:
2763 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2764 - debian/smb.conf;
2765 + Add "(Samba, Ubuntu)" to server string.
2766 + Comment out the default [homes] share, and add a comment about
2767 "valid users = %s" to show users how to restrict access to
2768 \\server\username to only username.
2769 - debian/samba-common.config:
2770 + Do not change priority to high if dhclient3 is installed.
2771 - Add apport hook:
2772 + Created debian/source_samba.py.
2773 + debian/rules, debian/samba-common-bin.install: install hook.
2774 - d/control, d/rules: Disable glusterfs support because it's not in main.
2775 MIR bug is https://launchpad.net/bugs/1274247
2776 * Drop:
2777 - Add extra DEP8 tests to samba (LP #1696823):
2778 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
2779 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
2780 anonymously
2781 + d/t/control, d/t/smbclient-authenticated-share-list: list available
2782 shares using an authenticated connection
2783 + d/t/control, d/t/smbclient-share-access: create a share and download a
2784 file from it
2785 [Accepted by Debian in 2:4.7.4+dfsg-2]
2786 - d/samba-common.dhcp: If systemctl is available, use it to query the
2787 status of the smbd service before trying to reload it. Otherwise,
2788 keep the same check as before and reload the service based on the
2789 existence of the initscript. (LP #1579597)
2790 [In Debian since 2:4.7.4+dfsg-2]
2791 - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
2792 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
2793 Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
2794 [Fixed upstream]
2795
2796 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300
2797
1405samba (2:4.8.4+dfsg-2) unstable; urgency=high2798samba (2:4.8.4+dfsg-2) unstable; urgency=high
14062799
1407 * Fix typo in previous release: s/usefull/useful/2800 * Fix typo in previous release: s/usefull/useful/
@@ -1559,6 +2952,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
15592952
1560 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +01002953 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100
15612954
2955samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
2956
2957 * No change rebuild to link with new ldb 1.3.3
2958
2959 -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300
2960
2961samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
2962
2963 * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
2964 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
2965 Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
2966
2967 -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300
2968
2969samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
2970
2971 * New upstream version:
2972 - Fix database corruption bug when upgrading from samba 4.6 or lower
2973 AD controllers (LP: #1755057)
2974 - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
2975 * Remaining changes:
2976 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2977 - debian/smb.conf;
2978 + Add "(Samba, Ubuntu)" to server string.
2979 + Comment out the default [homes] share, and add a comment about
2980 "valid users = %s" to show users how to restrict access to
2981 \\server\username to only username.
2982 - debian/samba-common.config:
2983 + Do not change priority to high if dhclient3 is installed.
2984 - Add apport hook:
2985 + Created debian/source_samba.py.
2986 + debian/rules, debian/samba-common-bin.install: install hook.
2987 - Add extra DEP8 tests to samba (LP #1696823):
2988 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
2989 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
2990 anonymously
2991 + d/t/control, d/t/smbclient-authenticated-share-list: list available
2992 shares using an authenticated connection
2993 + d/t/control, d/t/smbclient-share-access: create a share and download a
2994 file from it
2995 - d/samba-common.dhcp: If systemctl is available, use it to query the
2996 status of the smbd service before trying to reload it. Otherwise,
2997 keep the same check as before and reload the service based on the
2998 existence of the initscript. (LP #1579597)
2999 - d/control, d/rules: Disable glusterfs support because it's not in main.
3000 MIR bug is https://launchpad.net/bugs/1274247
3001
3002 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300
3003
1562samba (2:4.7.4+dfsg-2) unstable; urgency=high3004samba (2:4.7.4+dfsg-2) unstable; urgency=high
15633005
1564 [ Mathieu Parent ]3006 [ Mathieu Parent ]
@@ -1589,6 +3031,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
15893031
1590 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +01003032 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100
15913033
3034samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
3035
3036 * Merge with Debian unstable (LP: #1744779). Remaining changes:
3037 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3038 - debian/smb.conf;
3039 + Add "(Samba, Ubuntu)" to server string.
3040 + Comment out the default [homes] share, and add a comment about
3041 "valid users = %s" to show users how to restrict access to
3042 \\server\username to only username.
3043 - debian/samba-common.config:
3044 + Do not change priority to high if dhclient3 is installed.
3045 - Add apport hook:
3046 + Created debian/source_samba.py.
3047 + debian/rules, debian/samba-common-bin.install: install hook.
3048 - Add extra DEP8 tests to samba (LP #1696823):
3049 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3050 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3051 anonymously
3052 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3053 shares using an authenticated connection
3054 + d/t/control, d/t/smbclient-share-access: create a share and download a
3055 file from it
3056 - d/samba-common.dhcp: If systemctl is available, use it to query the
3057 status of the smbd service before trying to reload it. Otherwise,
3058 keep the same check as before and reload the service based on the
3059 existence of the initscript. (LP #1579597)
3060 - d/control, d/rules: Disable glusterfs support because it's not in main.
3061 MIR bug is https://launchpad.net/bugs/1274247
3062
3063 -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200
3064
1592samba (2:4.7.4+dfsg-1) unstable; urgency=medium3065samba (2:4.7.4+dfsg-1) unstable; urgency=medium
15933066
1594 * New upstream version3067 * New upstream version
@@ -1605,6 +3078,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
16053078
1606 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +01003079 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100
16073080
3081samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
3082
3083 * Merge with Debian; remaining changes:
3084 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3085 - debian/smb.conf;
3086 + Add "(Samba, Ubuntu)" to server string.
3087 + Comment out the default [homes] share, and add a comment about
3088 "valid users = %s" to show users how to restrict access to
3089 \\server\username to only username.
3090 - debian/samba-common.config:
3091 + Do not change priority to high if dhclient3 is installed.
3092 - Add apport hook:
3093 + Created debian/source_samba.py.
3094 + debian/rules, debian/samba-common-bin.install: install hook.
3095 - Add extra DEP8 tests to samba (LP #1696823):
3096 + d/t/control: enable the new DEP8 tests
3097 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3098 + d/t/smbclient-authenticated-share-list: list available shares using
3099 an authenticated connection
3100 + d/t/smbclient-share-access: create a share and download a file from it
3101 + d/t/cifs-share-access: access a file in a share using cifs
3102 - Ask the user if we can run testparm against the config file. If yes,
3103 include its stderr and exit status in the bug report. Otherwise, only
3104 include the exit status. (LP #1694334)
3105 - If systemctl is available, use it to query the status of the smbd
3106 service before trying to reload it. Otherwise, keep the same check
3107 as before and reload the service based on the existence of the
3108 initscript. (LP #1579597)
3109 - d/rules: Compile winbindd/winbindd statically.
3110 - Disable glusterfs support because it's not in main.
3111 MIR bug is https://launchpad.net/bugs/1274247
3112 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3113 mountpoints and correctly filter by the cifs filesystem type.
3114
3115 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500
3116
1608samba (2:4.7.3+dfsg-1) unstable; urgency=high3117samba (2:4.7.3+dfsg-1) unstable; urgency=high
16093118
1610 * New upstream version3119 * New upstream version
@@ -1628,6 +3137,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
16283137
1629 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +01003138 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100
16303139
3140samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
3141
3142 * Merge with Debian; remaining changes:
3143 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3144 - debian/smb.conf;
3145 + Add "(Samba, Ubuntu)" to server string.
3146 + Comment out the default [homes] share, and add a comment about
3147 "valid users = %s" to show users how to restrict access to
3148 \\server\username to only username.
3149 - debian/samba-common.config:
3150 + Do not change priority to high if dhclient3 is installed.
3151 - Add apport hook:
3152 + Created debian/source_samba.py.
3153 + debian/rules, debian/samba-common-bin.install: install hook.
3154 - Add extra DEP8 tests to samba (LP #1696823):
3155 + d/t/control: enable the new DEP8 tests
3156 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3157 + d/t/smbclient-authenticated-share-list: list available shares using
3158 an authenticated connection
3159 + d/t/smbclient-share-access: create a share and download a file from it
3160 + d/t/cifs-share-access: access a file in a share using cifs
3161 - Ask the user if we can run testparm against the config file. If yes,
3162 include its stderr and exit status in the bug report. Otherwise, only
3163 include the exit status. (LP #1694334)
3164 - If systemctl is available, use it to query the status of the smbd
3165 service before trying to reload it. Otherwise, keep the same check
3166 as before and reload the service based on the existence of the
3167 initscript. (LP #1579597)
3168 - d/rules: Compile winbindd/winbindd statically.
3169 - Disable glusterfs support because it's not in main.
3170 MIR bug is https://launchpad.net/bugs/1274247
3171 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3172 mountpoints and correctly filter by the cifs filesystem type.
3173
3174 -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100
3175
1631samba (2:4.7.1+dfsg-1) unstable; urgency=medium3176samba (2:4.7.1+dfsg-1) unstable; urgency=medium
16323177
1633 * New upstream version3178 * New upstream version
@@ -1676,6 +3221,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
16763221
1677 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +02003222 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200
16783223
3224samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
3225
3226 * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
3227 they should
3228 - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
3229 into a specified one in source3/include/auth_info.h,
3230 source3/lib/popt_common.c, source3/lib/util_cmdline.c.
3231 - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
3232 source3/lib/util_cmdline.c.
3233 - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
3234 source3/libsmb/pylibsmb.c.
3235 - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
3236 libgpo/gpo_fetch.c.
3237 - debian/patches/CVE-2017-12150-5.patch: add check for
3238 NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
3239 - debian/patches/CVE-2017-12150-6.patch: add
3240 smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
3241 - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
3242 authentication was not requested in source3/libsmb/clidfs.c.
3243 - CVE-2017-12150
3244 * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
3245 redirects
3246 - debian/patches/CVE-2017-12151-1.patch: add
3247 cli_state_is_encryption_on() helper function to
3248 source3/libsmb/clientgen.c, source3/libsmb/proto.h.
3249 - debian/patches/CVE-2017-12151-2.patch: make use of
3250 cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
3251 source3/libsmb/libsmb_context.c.
3252 - CVE-2017-12151
3253 * SECURITY UPDATE: Server memory information leak over SMB1
3254 - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
3255 from writing server memory to file in source3/smbd/reply.c.
3256 - CVE-2017-12163
3257
3258 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400
3259
3260samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
3261
3262 * d/source_samba.py: use the new recommended findmnt(8) tool to list
3263 mountpoints and correctly filter by the cifs filesystem type.
3264 (LP: #1703604)
3265
3266 -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300
3267
3268samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
3269
3270 * Merge with Debian unstable (LP: #1710281).
3271 - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
3272 symlinks to directories (LP: #1701073)
3273 * Remaining changes:
3274 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3275 - debian/smb.conf;
3276 + Add "(Samba, Ubuntu)" to server string.
3277 + Comment out the default [homes] share, and add a comment about
3278 "valid users = %s" to show users how to restrict access to
3279 \\server\username to only username.
3280 - debian/samba-common.config:
3281 + Do not change priority to high if dhclient3 is installed.
3282 - Add apport hook:
3283 + Created debian/source_samba.py.
3284 + debian/rules, debian/samba-common-bin.install: install hook.
3285 - Add extra DEP8 tests to samba (LP #1696823):
3286 + d/t/control: enable the new DEP8 tests
3287 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3288 + d/t/smbclient-authenticated-share-list: list available shares using
3289 an authenticated connection
3290 + d/t/smbclient-share-access: create a share and download a file from it
3291 + d/t/cifs-share-access: access a file in a share using cifs
3292 - Ask the user if we can run testparm against the config file. If yes,
3293 include its stderr and exit status in the bug report. Otherwise, only
3294 include the exit status. (LP #1694334)
3295 - If systemctl is available, use it to query the status of the smbd
3296 service before trying to reload it. Otherwise, keep the same check
3297 as before and reload the service based on the existence of the
3298 initscript. (LP #1579597)
3299 - d/rules: Compile winbindd/winbindd statically.
3300 - Disable glusterfs support because it's not in main.
3301 MIR bug is https://launchpad.net/bugs/1274247
3302
3303 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300
3304
1679samba (2:4.6.7+dfsg-1) unstable; urgency=medium3305samba (2:4.6.7+dfsg-1) unstable; urgency=medium
16803306
1681 * New upstream version3307 * New upstream version
@@ -1687,6 +3313,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
16873313
1688 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +02003314 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200
16893315
3316samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
3317
3318 * Merge with Debian unstable (LP: #1700644). Remaining changes:
3319 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3320 - debian/smb.conf;
3321 + Add "(Samba, Ubuntu)" to server string.
3322 + Comment out the default [homes] share, and add a comment about
3323 "valid users = %s" to show users how to restrict access to
3324 \\server\username to only username.
3325 - debian/samba-common.config:
3326 + Do not change priority to high if dhclient3 is installed.
3327 - Add apport hook:
3328 + Created debian/source_samba.py.
3329 + debian/rules, debian/samba-common-bin.install: install hook.
3330 - Add extra DEP8 tests to samba (LP #1696823):
3331 + d/t/control: enable the new DEP8 tests
3332 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3333 + d/t/smbclient-authenticated-share-list: list available shares using
3334 an authenticated connection
3335 + d/t/smbclient-share-access: create a share and download a file from it
3336 + d/t/cifs-share-access: access a file in a share using cifs
3337 - Ask the user if we can run testparm against the config file. If yes,
3338 include its stderr and exit status in the bug report. Otherwise, only
3339 include the exit status. (LP #1694334)
3340 - If systemctl is available, use it to query the status of the smbd
3341 service before trying to reload it. Otherwise, keep the same check
3342 as before and reload the service based on the existence of the
3343 initscript. (LP #1579597)
3344 * Drop:
3345 - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
3346 [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
3347 fix-1584485.patch was dropped there.]
3348 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3349 pam_winbind krb5_ccache_type=FILE failure
3350 [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
3351 in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
3352 - debian/patches/winbind_trusted_domains.patch: make sure domain
3353 members can talk to trusted domains DCs.
3354 [Upstream committed a different fix, see updated patch attached to
3355 https://bugzilla.samba.org/show_bug.cgi?id=11830]
3356 - d/control: add libcephfs-dev as b-d to build vfs_ceph
3357 [Adopted by Debian in 2:4.6.5+dfsg-1]
3358 - debian/patches/CVE-2017-11103.patch: use encrypted service
3359 name rather than unencrypted (and therefore spoofable) version
3360 in heimdal
3361 [Adopted by Debian as
3362 d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
3363 - Cherrypick upstream patch to fix FTBFS with new ceph lib.
3364 [Merged upstream in 4.6.0rc1]
3365 * Disable glusterfs support because it's not in main.
3366 MIR bug is https://launchpad.net/bugs/1274247
3367
3368 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300
3369
1690samba (2:4.6.5+dfsg-8) unstable; urgency=medium3370samba (2:4.6.5+dfsg-8) unstable; urgency=medium
16913371
1692 * Remove dependency on update-inetd, not used anymore3372 * Remove dependency on update-inetd, not used anymore
@@ -1806,6 +3486,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
18063486
1807 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +02003487 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200
18083488
3489samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
3490
3491 * Cherrypick upstream patch to fix FTBFS with new ceph lib.
3492
3493 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100
3494
3495samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
3496
3497 * SECURITY UPDATE: KDC-REP service name impersonation
3498 - debian/patches/CVE-2017-11103.patch: use encrypted service
3499 name rather than unencrypted (and therefore spoofable) version
3500 in heimdal
3501 - CVE-2017-11103
3502
3503 -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700
3504
3505samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
3506
3507 * No-change rebuild against libldb 1.1.29
3508
3509 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700
3510
3511samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
3512
3513 * Add extra DEP8 tests to samba (LP: #1696823):
3514 - d/t/control: enable the new DEP8 tests
3515 - d/t/smbclient-anonymous-share-list: list available shares anonymously
3516 - d/t/smbclient-authenticated-share-list: list available shares using
3517 an authenticated connection
3518 - d/t/smbclient-share-access: create a share and download a file from it
3519 - d/t/cifs-share-access: access a file in a share using cifs
3520 * Ask the user if we can run testparm against the config file. If yes,
3521 include its stderr and exit status in the bug report. Otherwise, only
3522 include the exit status. (LP: #1694334)
3523 * If systemctl is available, use it to query the status of the smbd
3524 service before trying to reload it. Otherwise, keep the same check
3525 as before and reload the service based on the existence of the
3526 initscript. (LP: #1579597)
3527 * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
3528 module. There is a fixed version of that patch attached to
3529 #1677329 but it has not been vetted yet, so for now it's best
3530 to revert (again) so that pam_winbind can be used.
3531 (LP: #1677329, LP: #1644428)
3532
3533 -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700
3534
3535samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
3536
3537 * Merge from Debian unstable. Remaining changes:
3538 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3539 - debian/smb.conf;
3540 + Add "(Samba, Ubuntu)" to server string.
3541 + Comment out the default [homes] share, and add a comment about
3542 "valid users = %s" to show users how to restrict access to
3543 \\server\username to only username.
3544 - debian/samba-common.config:
3545 + Do not change priority to high if dhclient3 is installed.
3546 - Add apport hook:
3547 + Created debian/source_samba.py.
3548 + debian/rules, debian/samba-common-bin.install: install hook.
3549 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3550 pam_winbind krb5_ccache_type=FILE failure
3551 - debian/patches/winbind_trusted_domains.patch: make sure domain
3552 members can talk to trusted domains DCs.
3553 - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
3554 to be statically linked
3555 - d/rules: Compile winbindd/winbindd statically.
3556 - d/control: add libcephfs-dev as b-d to build vfs_ceph
3557
3558 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400
3559
1809samba (2:4.5.8+dfsg-2) unstable; urgency=high3560samba (2:4.5.8+dfsg-2) unstable; urgency=high
18103561
1811 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside3562 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -1820,6 +3571,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
18203571
1821 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +02003572 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200
18223573
3574samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
3575
3576 * SECURITY UPDATE: remote code execution from a writable share
3577 - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
3578 slash inside in source3/rpc_server/srv_pipe.c.
3579 - CVE-2017-7494
3580
3581 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400
3582
3583samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
3584
3585 * SECURITY UPDATE: Symlink race allows access outside share definition
3586 - Updated to new upstream release 4.5.8.
3587 - CVE-2017-2619
3588
3589 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400
3590
1823samba (2:4.5.6+dfsg-2) unstable; urgency=high3591samba (2:4.5.6+dfsg-2) unstable; urgency=high
18243592
1825 * This is a security release in order to address the following defects:3593 * This is a security release in order to address the following defects:
@@ -1849,6 +3617,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
18493617
1850 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +01003618 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100
18513619
3620samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
3621
3622 * d/control: add libcephfs-dev as b-d to build vfs_ceph
3623 (LP: #1668940).
3624
3625 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800
3626
3627samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
3628
3629 * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
3630 changes:
3631 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3632 + debian/smb.conf;
3633 - Add "(Samba, Ubuntu)" to server string.
3634 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3635 to show users how to restrict access to \\server\username to only username.
3636 + debian/samba-common.config:
3637 - Do not change prioritiy to high if dhclient3 is installed.
3638 + Add apport hook:
3639 - Created debian/source_samba.py.
3640 - debian/rules, debia/samb-common-bin.install: install hook.
3641 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3642 pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
3643 + debian/patches/winbind_trusted_domains.patch: make sure domain members
3644 can talk to trusted domains DCs.
3645 [ update patch based upon upstream discussion ]
3646 + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
3647 to be statically linked fixes LP #1584485.
3648 + d/rules: Compile winbindd/winbindd statically.
3649 * Drop:
3650 - Delete debian/.gitignore
3651 [ Previously undocumented ]
3652 - debian/patches/git_smbclient_cpu.patch:
3653 + backport upstream patch to fix smbclient users hanging/eating cpu on
3654 trying to contact a machine which is not there (lp #1572260)
3655 [ Fixed upstream ]
3656 - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
3657 + debian/patches/CVE-2016-2123.patch: check lengths in
3658 librpc/ndr/ndr_dnsp.c.
3659 + CVE-2016-2123
3660 [ Fixed in Debian ]
3661 - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
3662 + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
3663 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
3664 source4/auth/gensec/gensec_gssapi.c.
3665 + CVE-2016-2125
3666 [ Fixed in Debian ]
3667 - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
3668 + debian/patches/CVE-2016-2126.patch: only allow known checksum types
3669 in auth/kerberos/kerberos_pac.c.
3670 + CVE-2016-2126
3671 [ Fixed in Debian ]
3672
3673 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800
3674
1852samba (2:4.5.4+dfsg-1) unstable; urgency=medium3675samba (2:4.5.4+dfsg-1) unstable; urgency=medium
18533676
1854 [ Mathieu Parent ]3677 [ Mathieu Parent ]
@@ -1976,6 +3799,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
19763799
1977 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +02003800 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200
19783801
3802samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
3803
3804 * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
3805 - debian/patches/CVE-2016-2123.patch: check lengths in
3806 librpc/ndr/ndr_dnsp.c.
3807 - CVE-2016-2123
3808 * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
3809 - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
3810 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
3811 source4/auth/gensec/gensec_gssapi.c.
3812 - CVE-2016-2125
3813 * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
3814 - debian/patches/CVE-2016-2126.patch: only allow known checksum types
3815 in auth/kerberos/kerberos_pac.c.
3816 - CVE-2016-2126
3817
3818 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500
3819
3820samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
3821
3822 * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
3823 to be statically linked fixes LP: #1584485.
3824
3825 * d/rules: Compile winbindd/winbindd statically.
3826
3827 -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100
3828
3829samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
3830
3831 * No-change rebuild for readline soname change.
3832
3833 -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000
3834
3835samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
3836
3837 * No-change rebuild for readline soname change.
3838
3839 -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000
3840
3841samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
3842
3843 * debian/patches/git_smbclient_cpu.patch:
3844 - backport upstream patch to fix smbclient users hanging/eating cpu on
3845 trying to contact a machine which is not there (lp: #1572260)
3846
3847 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200
3848
3849samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
3850
3851 * Merge from Debian unstable. Remaining changes:
3852 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3853 + debian/smb.conf;
3854 - Add "(Samba, Ubuntu)" to server string.
3855 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3856 to show users how to restrict access to \\server\username to only username.
3857 + debian/samba-common.config:
3858 - Do not change prioritiy to high if dhclient3 is installed.
3859 + Add apport hook:
3860 - Created debian/source_samba.py.
3861 - debian/rules, debia/samb-common-bin.install: install hook.
3862 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3863 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
3864 + debian/patches/winbind_trusted_domains.patch: make sure domain members
3865 can talk to trusted domains DCs.
3866 * Dropped changes:
3867 - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
3868 never done in Debian, revert.
3869 - ufw integration: included in Debian.
3870
3871 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700
3872
1979samba (2:4.4.5+dfsg-2) unstable; urgency=medium3873samba (2:4.4.5+dfsg-2) unstable; urgency=medium
19803874
1981 * Disable running of 'make quicktest' during build, as it takes very3875 * Disable running of 'make quicktest' during build, as it takes very
@@ -2103,6 +3997,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
21033997
2104 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +12003998 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200
21053999
4000samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
4001
4002 * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
4003 the previous security updates. (LP: #1577739)
4004 - debian/control: bump tevent Build-Depends to 0.9.28.
4005 * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
4006 - debian/patches/samba-bug11912.patch: let msrpc_parse() return
4007 talloc'ed empty strings in libcli/auth/msrpc_parse.c.
4008 - debian/patches/samba-bug11914.patch: make
4009 ntlm_auth_generate_session_info() more complete in
4010 source3/utils/ntlm_auth.c.
4011
4012 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400
4013
2106samba (2:4.3.8+dfsg-1) unstable; urgency=low4014samba (2:4.3.8+dfsg-1) unstable; urgency=low
21074015
2108 [ Jelmer Vernooij ]4016 [ Jelmer Vernooij ]
@@ -2117,6 +4025,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
21174025
2118 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +00004026 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000
21194027
4028samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
4029
4030 * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
4031 - CVE-2015-5370: Multiple errors in DCE-RPC code
4032 - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
4033 - CVE-2016-2111: NETLOGON Spoofing Vulnerability
4034 - CVE-2016-2112: The LDAP client and server don't enforce integrity
4035 protection
4036 - CVE-2016-2113: Missing TLS certificate validation allows man in the
4037 middle attacks
4038 - CVE-2016-2114: "server signing = mandatory" not enforced
4039 - CVE-2016-2115: SMB client connections for IPC traffic are not
4040 integrity protected
4041 - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
4042 * debian/patches/winbind_trusted_domains.patch: make sure domain members
4043 can talk to trusted domains DCs.
4044
4045 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400
4046
2120samba (2:4.3.7+dfsg-1) unstable; urgency=high4047samba (2:4.3.7+dfsg-1) unstable; urgency=high
21214048
2122 * New upstream release.4049 * New upstream release.
@@ -2159,6 +4086,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
21594086
2160 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +02004087 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200
21614088
4089samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
4090
4091 * Merge with Debian; remaining changes:
4092 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4093 + debian/smb.conf;
4094 - Add "(Samba, Ubuntu)" to server string.
4095 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4096 to show users how to restrict access to \\server\username to only username.
4097 + debian/samba-common.config:
4098 - Do not change prioritiy to high if dhclient3 is installed.
4099 + debian/control:
4100 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4101 + Add ufw integration:
4102 - Created debian/samba.ufw.profile:
4103 - debian/rules, debian/samba.install: install profile
4104 + Add apport hook:
4105 - Created debian/source_samba.py.
4106 - debian/rules, debia/samb-common-bin.install: install hook.
4107 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4108 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4109
4110 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500
4111
2162samba (2:4.3.6+dfsg-1) unstable; urgency=medium4112samba (2:4.3.6+dfsg-1) unstable; urgency=medium
21634113
2164 * New upstream release.4114 * New upstream release.
@@ -2204,6 +4154,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
22044154
2205 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +01004155 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100
22064156
4157samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
4158
4159 * No-change rebuild for gnutls transition.
4160
4161 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000
4162
4163samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
4164
4165 * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
4166 (LP: #1545750)
4167
4168 -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100
4169
4170samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
4171
4172 * Merge with Debian; remaining changes:
4173 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4174 + debian/smb.conf;
4175 - Add "(Samba, Ubuntu)" to server string.
4176 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4177 to show users how to restrict access to \\server\username to only username.
4178 + debian/samba-common.config:
4179 - Do not change prioritiy to high if dhclient3 is installed.
4180 + debian/control:
4181 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4182 + Add ufw integration:
4183 - Created debian/samba.ufw.profile:
4184 - debian/rules, debian/samba.install: install profile
4185 + Add apport hook:
4186 - Created debian/source_samba.py.
4187 - debian/rules, debia/samb-common-bin.install: install hook.
4188 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4189 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4190
4191 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500
4192
2207samba (2:4.3.3+dfsg-1) unstable; urgency=medium4193samba (2:4.3.3+dfsg-1) unstable; urgency=medium
22084194
2209 * New upstream release. Closes: #808133.4195 * New upstream release. Closes: #808133.
@@ -2288,6 +4274,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
22884274
2289 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +00004275 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000
22904276
4277samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
4278
4279 * Resolve small merge error in the rules
4280
4281 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100
4282
4283samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
4284
4285 * Backport Debian change to remove libpam-smbpasswd, it segfaults
4286 leading to non working session (lp: #1515207)
4287
4288 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100
4289
4290samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
4291
4292 * Build with the new ldb
4293
4294 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100
4295
4296samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
4297
4298 * debian/samba.logrotate:
4299 - revert to Debian version of the logrotate reload command, fix an
4300 invalid syntax introduced in the upstart->systemd transition
4301 (lp: #1385868)
4302
4303 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100
4304
4305samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
4306
4307 * Merge with Debian; remaining changes:
4308 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4309 + debian/smb.conf;
4310 - Add "(Samba, Ubuntu)" to server string.
4311 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4312 to show users how to restrict access to \\server\username to only username.
4313 + debian/samba-common.config:
4314 - Do not change prioritiy to high if dhclient3 is installed.
4315 + debian/control:
4316 - Don't build against or suggest ctdb and tdb.
4317 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4318 + debian/rules:
4319 - Drop explicit configuration options for ctdb and tdb.
4320 + Add ufw integration:
4321 - Created debian/samba.ufw.profile:
4322 - debian/rules, debian/samba.install: install profile
4323 + Add apport hook:
4324 - Created debian/source_samba.py.
4325 - debian/rules, debia/samb-common-bin.install: install hook.
4326 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4327 processes such that it works under both upstart and systemd.
4328 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4329 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4330 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4331
4332 -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200
4333
2291samba (2:4.1.20+dfsg-1) unstable; urgency=medium4334samba (2:4.1.20+dfsg-1) unstable; urgency=medium
22924335
2293 * New upstream release (last compatible with current OpenChange).4336 * New upstream release (last compatible with current OpenChange).
@@ -2301,6 +4344,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
23014344
2302 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +00004345 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000
23034346
4347samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
4348
4349 * debian/control:
4350 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4351
4352 -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200
4353
4354samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
4355
4356 * Merge from Debian unstable. Remaining changes:
4357 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4358 + debian/smb.conf;
4359 - Add "(Samba, Ubuntu)" to server string.
4360 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4361 to show users how to restrict access to \\server\username to only username.
4362 + debian/samba-common.config:
4363 - Do not change prioritiy to high if dhclient3 is installed.
4364 + debian/control:
4365 - Don't build against or suggest ctdb and tdb.
4366 + debian/rules:
4367 - Drop explicit configuration options for ctdb and tdb.
4368 + Add ufw integration:
4369 - Created debian/samba.ufw.profile:
4370 - debian/rules, debian/samba.install: install profile
4371 + Add apport hook:
4372 - Created debian/source_samba.py.
4373 - debian/rules, debia/samb-common-bin.install: install hook.
4374 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4375 processes such that it works under both upstart and systemd.
4376 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4377 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4378 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4379 + debian/patches/git_timeout_client_error.patch:
4380 - don't let smb mounts timeout that leads to errors when trying to
4381 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
4382
4383 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200
4384
2304samba (2:4.1.17+dfsg-4) unstable; urgency=medium4385samba (2:4.1.17+dfsg-4) unstable; urgency=medium
23054386
2306 * Add pidl_reproducible.patch: Make pidl output reproducible.4387 * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -2337,6 +4418,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
23374418
2338 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +01004419 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100
23394420
4421samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
4422
4423 * debian/patches/git_timeout_client_error.patch:
4424 - don't let smb mounts timeout that leads to errors when trying to
4425 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
4426
4427 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200
4428
4429samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
4430
4431 * SECURITY UPDATE: code execution vulnerability in smbd daemon
4432 - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
4433 uninitialized pointer and don't dereference a NULL pointer in
4434 source3/rpc_server/netlogon/srv_netlog_nt.c.
4435 - CVE-2015-0240
4436
4437 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500
4438
4439samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
4440
4441 * Merge from Debian unstable. Remaining changes:
4442 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4443 + debian/smb.conf;
4444 - Add "(Samba, Ubuntu)" to server string.
4445 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4446 to show users how to restrict access to \\server\username to only username.
4447 + debian/samba-common.config:
4448 - Do not change prioritiy to high if dhclient3 is installed.
4449 + debian/control:
4450 - Don't build against or suggest ctdb and tdb.
4451 + debian/rules:
4452 - Drop explicit configuration options for ctdb and tdb.
4453 + Add ufw integration:
4454 - Created debian/samba.ufw.profile:
4455 - debian/rules, debian/samba.install: install profile
4456 + Add apport hook:
4457 - Created debian/source_samba.py.
4458 - debian/rules, debia/samb-common-bin.install: install hook.
4459 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4460 processes such that it works under both upstart and systemd.
4461 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4462 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4463 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4464 + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
4465
4466 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100
4467
2340samba (2:4.1.13+dfsg-4) unstable; urgency=medium4468samba (2:4.1.13+dfsg-4) unstable; urgency=medium
23414469
2342 * Revert previous patch, since ldb has an active module version check.4470 * Revert previous patch, since ldb has an active module version check.
@@ -2379,6 +4507,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
23794507
2380 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +02004508 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200
23814509
4510samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
4511
4512 * SECURITY UPDATE: elevation of privilege to AD Domain Controller
4513 - debian/patches/CVE-2014-8143.patch: check for extended access rights
4514 before allowing changes to userAccountControl in
4515 librpc/idl/security.idl, source4/auth/session.c,
4516 source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
4517 source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
4518 source4/rpc_server/lsa/dcesrv_lsa.c,
4519 source4/setup/schema_samba4.ldif.
4520 - CVE-2014-8143
4521
4522 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500
4523
4524samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
4525
4526 * No-change rebuild against current ldb. Note that I'm not claiming the
4527 merging for this package.
4528
4529 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100
4530
4531samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
4532
4533 * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4534 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4535
4536 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500
4537
4538samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
4539
4540 * Merge from Debian unstable. Remaining changes:
4541 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4542 + debian/smb.conf;
4543 - Add "(Samba, Ubuntu)" to server string.
4544 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4545 to show users how to restrict access to \\server\username to only username.
4546 + debian/samba-common.config:
4547 - Do not change prioritiy to high if dhclient3 is installed.
4548 + debian/control:
4549 - Don't build against or suggest ctdb and tdb.
4550 + debian/rules:
4551 - Drop explicit configuration options for ctdb and tdb.
4552 + Add ufw integration:
4553 - Created debian/samba.ufw.profile:
4554 - debian/rules, debian/samba.install: install profile
4555 + Add apport hook:
4556 - Created debian/source_samba.py.
4557 - debian/rules, debia/samb-common-bin.install: install hook.
4558 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4559 of hacking arround with pid files.
4560 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4561 first dummy transitional package version.
4562 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4563
4564 * In logrotate, use service command to reload (send SIGHUP) the main
4565 processes such that it works under both upstart and systemd.
4566 * Drop CVE patches, applied upstream.
4567 * Drop patches absent from series: readline-ftbfs.patch,
4568 krb5_kt_start_seq.diff, config-bind99.patch
4569 * Drop debian/source/include-binaries, pyc files are correctly cleaned up
4570
4571 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100
4572
2382samba (2:4.1.11+dfsg-1) unstable; urgency=high4573samba (2:4.1.11+dfsg-1) unstable; urgency=high
23834574
2384 * New upstream release. Fixes:4575 * New upstream release. Fixes:
@@ -2414,6 +4605,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
24144605
2415 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +02004606 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200
24164607
4608samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
4609
4610 * SECURITY UPDATE: remote code execution on unauthenticated nmbd
4611 - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
4612 lib/util/string_wrappers.h.
4613 - CVE-2014-3560
4614
4615 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400
4616
4617samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
4618
4619 * SECURITY UPDATE: denial of service on nmbd malformed packet
4620 - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
4621 source3/lib/system.c.
4622 - CVE-2014-0244
4623 * SECURITY UPDATE: denial of service via bad unicode conversion
4624 - debian/patches/CVE-2014-3493.patch: refactor code in
4625 source3/lib/charcnv.c, change return code checks in
4626 source3/libsmb/clirap.c, source3/smbd/lanman.c.
4627 - CVE-2014-3493
4628
4629 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400
4630
4631samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
4632
4633 * Merge from Debian unstable. Remaining changes:
4634 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4635 + debian/smb.conf;
4636 - Add "(Samba, Ubuntu)" to server string.
4637 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4638 to show users how to restrict access to \\server\username to only username.
4639 + debian/samba-common.config:
4640 - Do not change prioritiy to high if dhclient3 is installed.
4641 + debian/control:
4642 - Don't build against or suggest ctdb and tdb.
4643 + debian/rules:
4644 - Drop explicit configuration options for ctdb and tdb.
4645 + Add ufw integration:
4646 - Created debian/samba.ufw.profile:
4647 - debian/rules, debian/samba.install: install profile
4648 + Add apport hook:
4649 - Created debian/source_samba.py.
4650 - debian/rules, debia/samb-common-bin.install: install hook.
4651 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4652 of hacking arround with pid files.
4653 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4654 first dummy transitional package version.
4655 + Dropped patches:
4656 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
4657 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
4658 - debian/patches/readline-ftbfs.patch: Use the debian version.
4659 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4660 (LP: #1268180)
4661
4662 -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400
4663
2417samba (2:4.1.8+dfsg-1) unstable; urgency=medium4664samba (2:4.1.8+dfsg-1) unstable; urgency=medium
24184665
2419 [ Jelmer Vernooij ]4666 [ Jelmer Vernooij ]
@@ -2451,6 +4698,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
24514698
2452 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +02004699 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200
24534700
4701samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
4702
4703 * Set the stack size to unlimited during the build to avoid a SIGBUS in
4704 xsltproc on some architectures.
4705
4706 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100
4707
4708samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
4709
4710 * Backport from unstable (Ivo De Decker):
4711 - Build-depend on heimdal-dev.
4712
4713 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100
4714
4715samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
4716
4717 * No change rebuild against new dh_installinit, to call update-rc.d at
4718 postinst.
4719
4720 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100
4721
4722samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
4723
4724 * cherrypick upstream patch 1310919 to fix pam_winbind regression
4725 (LP: #1310919)
4726
4727 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500
4728
4729samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
4730
4731 * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
4732 upgrade.
4733
4734 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700
4735
4736samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
4737
4738 * Merge from Debian unstable. Remaining changes:
4739 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4740 + debian/smb.conf;
4741 - Add "(Samba, Ubuntu)" to server string.
4742 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4743 to show users how to restrict access to \\server\username to only username.
4744 + debian/samba-common.config:
4745 - Do not change prioritiy to high if dhclient3 is installed.
4746 + debian/control:
4747 - Don't build against or suggest ctdb and tdb.
4748 + debian/rules:
4749 - Drop explicit configuration options for ctdb and tdb.
4750 + Add ufw integration:
4751 - Created debian/samba.ufw.profile:
4752 - debian/rules, debian/samba.install: install profile
4753 + Add apport hook:
4754 - Created debian/source_samba.py.
4755 - debian/rules, debia/samb-common-bin.install: install hook.
4756 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4757 of hacking arround with pid files.
4758 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4759 first dummy transitional package version.
4760 + Dropped patches:
4761 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
4762 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
4763 - debian/patches/readline-ftbfs.patch: Use the debian version.
4764 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4765 (LP: #1268180)
4766
4767 -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400
4768
2454samba (2:4.1.6+dfsg-1) unstable; urgency=high4769samba (2:4.1.6+dfsg-1) unstable; urgency=high
24554770
2456 * New upstream security release. Fixes:4771 * New upstream security release. Fixes:
@@ -2510,6 +4825,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
25104825
2511 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +01004826 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100
25124827
4828samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
4829
4830 * debian/smb.conf: comment back some of the "share definitions"
4831 options (including "valid users"). That was an Ubuntu diff and seems to
4832 have been dropped in the trusty merge. Those changes seem needed to
4833 get the usershare feature working (used by nautilus-share) (lp: #1261873)
4834
4835 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200
4836
4837samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
4838
4839 * SECURITY UPDATE: Password lockout not enforced for SAMR password
4840 changes
4841 - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
4842 source3/auth/check_samsec.c,
4843 source3/rpc_server/samr/srv_samr_chgpasswd.c,
4844 source3/rpc_server/samr/srv_samr_nt.c,
4845 source3/smbd/lanman.c,
4846 source4/rpc_server/samr/samr_password.c,
4847 source4/torture/rpc/samr.c.
4848 - CVE-2013-4496
4849 * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
4850 mistake
4851 - debian/patches/CVE-2013-6442.patch: handle existing ACL in
4852 source3/utils/smbcacls.c.
4853 - CVE-2013-6442
4854 * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
4855
4856 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400
4857
4858samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
4859
4860 * Depend on tdb-tools (LP: #1279593)
4861 * Updated generated config for Bind9.9.
4862
4863 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500
4864
4865samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
4866
4867 * Add missing python-ntdb dependency to python-samba (spotted by
4868 autopkgtest).
4869
4870 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100
4871
4872samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
4873
4874 * Merge from Debian Unstable:
4875 - debian/VERSION.patch: Update vendor string to "Ubuntu".
4876 * debian/smb.conf;
4877 - Add "(Samba, Ubuntu)" to server string.
4878 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4879 to show users how to restrict access to \\server\username to only username.
4880 + debian/samba-common.config:
4881 - Do not change prioritiy to high if dhclient3 is installed.
4882 + debian/control:
4883 - Don't build against or suggest ctdb and tdb.
4884 + debian/rules:
4885 - Drop explicit configuration options for ctdb and tdb.
4886 + Add ufw integration:
4887 - Created debian/samba.ufw.profile:
4888 - debian/rules, debian/samba.install: install profile
4889 + Add apport hook:
4890 - Created debian/source_samba.py.
4891 - debian/rules, debia/samb-common-bin.install: install hook.
4892 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4893 of hacking arround with pid files.
4894 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4895 first dummy transitional package version.
4896
4897 -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500
4898
2513samba (2:4.1.3+dfsg-2) unstable; urgency=medium4899samba (2:4.1.3+dfsg-2) unstable; urgency=medium
25144900
2515 * Add debug symbols for all binaries to samba-dbg. Closes: #7324934901 * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -2552,6 +4938,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
25524938
2553 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -08004939 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800
25544940
4941samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
4942
4943 * Merge from Debian Unstable:
4944 - debian/VERSION.patch: Update vendor string to "Ubuntu".
4945 * debian/smb.conf;
4946 - Add "(Samba, Ubuntu)" to server string.
4947 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4948 to show users how to restrict access to \\server\username to only username.
4949 + debian/samba-common.config:
4950 - Do not change prioritiy to high if dhclient3 is installed.
4951 + debian/control:
4952 - Don't build against or suggest ctdb and tdb.
4953 + debian/rules:
4954 - Drop explicit configuration options for ctdb and tdb.
4955 + Add ufw integration:
4956 - Created debian/samba.ufw.profile:
4957 - debian/rules, debian/samba.install: install profile
4958 + Add apport hook:
4959 - Created debian/source_samba.py.
4960 - debian/rules, debia/samb-common-bin.install: install hook.
4961 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4962 of hacking arround with pid files.
4963 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4964 first dummy transitional package version.
4965
4966 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500
4967
2555samba (2:4.0.13+dfsg-1) unstable; urgency=high4968samba (2:4.0.13+dfsg-1) unstable; urgency=high
25564969
2557 [ Steve Langasek ]4970 [ Steve Langasek ]
@@ -2606,6 +5019,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
26065019
2607 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +01005020 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100
26085021
5022samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
5023
5024 * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
5025
5026 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000
5027
5028samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
5029
5030 * Merge from Debian Unstable:
5031 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5032 * debian/smb.conf;
5033 - Add "(Samba, Ubuntu)" to server string.
5034 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5035 to show users how to restrict access to \\server\username to only username.
5036 + debian/samba-common.config:
5037 - Do not change prioritiy to high if dhclient3 is installed.
5038 + debian/control:
5039 - Don't build against or suggest ctdb and tdb.
5040 + debian/rules:
5041 - Drop explicit configuration options for ctdb and tdb.
5042 + Add ufw integration:
5043 - Created debian/samba.ufw.profile:
5044 - debian/rules, debian/samba.install: install profile
5045 + Add apport hook:
5046 - Created debian/source_samba.py.
5047 - debian/rules, debia/samb-common-bin.install: install hook.
5048 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5049 of hacking arround with pid files.
5050
5051 -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800
5052
2609samba (2:4.0.10+dfsg-4) unstable; urgency=low5053samba (2:4.0.10+dfsg-4) unstable; urgency=low
26105054
2611 [ Christian Perrier ]5055 [ Christian Perrier ]
diff --git a/debian/control b/debian/control
index a24c26f..8a0a5bc 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: samba1Source: samba
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Jelmer Vernooij <jelmer@debian.org>,7 Jelmer Vernooij <jelmer@debian.org>,
7 Mathieu Parent <sathieu@debian.org>,8 Mathieu Parent <sathieu@debian.org>,
@@ -35,11 +36,11 @@ Build-Depends-Arch:
35 libblkid-dev,36 libblkid-dev,
36 libbsd-dev,37 libbsd-dev,
37 libcap-dev [linux-any],38 libcap-dev [linux-any],
38 libcephfs-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x],39 libcephfs-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x],
39 libcmocka-dev (>= 1.1.3),40 libcmocka-dev (>= 1.1.3),
40 libcups2-dev,41 libcups2-dev,
41 libdbus-1-dev,42 libdbus-1-dev,
42 libglusterfs-dev [linux-any],43 libglusterfs-dev [!i386],
43 libgnutls28-dev,44 libgnutls28-dev,
44 libgpgme11-dev,45 libgpgme11-dev,
45 libicu-dev,46 libicu-dev,
@@ -52,12 +53,12 @@ Build-Depends-Arch:
52 libparse-yapp-perl,53 libparse-yapp-perl,
53 libpcap-dev [hurd-i386 kfreebsd-any],54 libpcap-dev [hurd-i386 kfreebsd-any],
54 libpopt-dev,55 libpopt-dev,
55 librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x],56 librados-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x],
56 libreadline-dev,57 libreadline-dev,
57 libsystemd-dev [linux-any],58 libsystemd-dev [linux-any],
58 libtasn1-6-dev (>= 3.8),59 libtasn1-6-dev (>= 3.8),
59 libtasn1-bin,60 libtasn1-bin,
60 liburing-dev [linux-any] <!pkg.samba.nouring>,61 liburing-dev [!i386] <!pkg.samba.nouring>,
61 xfslibs-dev [linux-any],62 xfslibs-dev [linux-any],
62 zlib1g-dev (>= 1:1.2.3),63 zlib1g-dev (>= 1:1.2.3),
63# python (+#904999):64# python (+#904999):
diff --git a/debian/tests/control b/debian/tests/control
index d27e025..eec1f23 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable
28Tests: reinstall-samba-common-bin28Tests: reinstall-samba-common-bin
29Depends: samba-common, samba-common-bin29Depends: samba-common, samba-common-bin
30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr
31
32Tests: samba-ad-dc-provisioning-internal-dns
33Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils
34Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed
diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns
31new file mode 10075535new file mode 100755
index 0000000..6e1e1e9
--- /dev/null
+++ b/debian/tests/samba-ad-dc-provisioning-internal-dns
@@ -0,0 +1,157 @@
1#!/bin/bash
2
3set -e
4set -u
5set -o pipefail
6
7assert_testparm() {
8 local parameter="${1}"
9 local expected_value="${2}"
10 local current_value=""
11 local -i retval=0
12
13 echo -n "Asserting ${parameter} is ${expected_value}: "
14 current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || {
15 retval=$?
16 echo "FAIL"
17 return ${retval}
18 }
19 if [ "${current_value}" = "${expected_value}" ]; then
20 echo "OK"
21 return 0
22 else
23 echo "FAIL"
24 return 1
25 fi
26}
27
28basic_config_tests() {
29 echo "## Basic config tests"
30 testparm -s > /dev/null
31 assert_testparm "realm" "${realm}"
32 assert_testparm "workgroup" "${domain}"
33 assert_testparm "server role" "active directory domain controller"
34 echo
35}
36
37dns_tests() {
38 echo "## DNS tests"
39 echo "Obtaining administrator kerberos ticket"
40 echo "${adminpass}" | timeout 5 kinit Administrator
41 echo
42 echo "Querying server info"
43 samba-tool dns serverinfo $(hostname)
44 echo
45 echo "Checking we got a service ticket of type host/"
46 klist | grep host/$(hostname)
47 echo
48 echo "Checking specific DNS records"
49 for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do
50 echo -n "${srv}.${realm,,}: "
51 dig @localhost +short -t SRV ${srv}.${realm,,}
52 echo
53 done
54 echo
55 echo -n "Checking that our hostname \"$(hostname)\" is in DNS: "
56 myip=$(dig @localhost +short -t A $(hostname).${realm,,})
57 echo "${myip}"
58 echo
59}
60
61user_creation_tests() {
62 echo "## User creation tests"
63 samba-tool domain passwordsettings set --complexity=off
64 echo "Creating user \"${test_user}\" with password ${test_pw}"
65 samba-tool user add "${test_user}" "${test_pw}"
66 echo
67 echo "Attempting to obtain kerberos ticket for user \"${test_user}\""
68 # just in case it ends up waiting at a prompt, we use "timeout"
69 echo "${test_pw}" | timeout 5 kinit "${test_user}"
70 echo "Ticket obtained"
71 klist
72 echo
73}
74
75smbclient_tests() {
76 echo "## smbclient tests"
77 kdestroy || :
78 echo
79 echo "Obtaining a TGT for ${test_user}"
80 echo "${test_pw}" | timeout 5 kinit "${test_user}"
81 klist | grep krbtgt
82 echo
83 echo "Attempting password-less authentication with smbclient"
84 echo
85 echo "Listing shares"
86 smbclient -L $(hostname) --use-kerberos=required -k
87 echo
88 echo "Listing the sysvol share"
89 smbclient //$(hostname)/sysvol --use-kerberos=required -k -c "ls"
90 echo
91 echo "Listing policies"
92 # lowercase the ${realm}
93 smbclient //$(hostname)/sysvol --use-kerberos=required -k -c "ls ${realm,,}/Policies/*"
94 echo
95 echo "Checking that we have a ticket for the cifs service after all these commands"
96 klist | grep cifs/
97 echo
98}
99
100
101domain="EXAMPLE"
102realm="EXAMPLE.FAKE"
103adminpass="Passw0rd"
104test_user="test_user_${RANDOM}"
105test_pw="test_user_secret_${RANDOM}"
106
107systemctl stop smbd nmbd winbind
108systemctl disable smbd nmbd winbind
109systemctl mask smbd nmbd winbind
110
111systemctl unmask samba-ad-dc
112systemctl enable samba-ad-dc
113
114if [ -f /etc/samba/smb.conf ]; then
115 mv /etc/samba/smb.conf{,.orig}
116fi
117
118# make sure we are starting fresh, as previous tests might left things around
119
120rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/*
121kdestroy || :
122
123samba-tool domain provision \
124 --domain="${domain}" \
125 --realm="${realm}" \
126 --adminpass="${adminpass}" \
127 --server-role=dc \
128 --use-rfc2307 \
129 --dns-backend=SAMBA_INTERNAL
130
131current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}')
132
133if [ -n "${current_dns}" ]; then
134 sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \
135 /etc/samba/smb.conf
136 unlink /etc/resolv.conf
137 echo "nameserver 127.0.0.1" > /etc/resolv.conf
138 # lowercase substitution
139 echo "search ${realm,,}" >> /etc/resolv.conf
140 systemctl stop systemd-resolved
141 systemctl disable systemd-resolved
142else
143 echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf"
144 echo "## Continuing, and hoping for the best"
145fi
146
147cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf
148
149systemctl start samba-ad-dc
150
151# give it some time, it's a lot of services to start
152sleep 5s
153
154basic_config_tests
155dns_tests
156user_creation_tests
157smbclient_tests

Subscribers

People subscribed via source and target branches