Merge ~ahasenack/ubuntu/+source/samba:mantic-samba-merge-3 into ubuntu/+source/samba:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/samba
- mantic-samba-merge-3
- Merge into debian/sid
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Bryce Harrington (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+449354@code.launchpad.net |
Commit message
Description of the change
Merge from debian.
Some delta dropped, one added to fix https:/
I also had to re-add a delta around ceph i386 which was accidentally broken in debian's 4.18.5+dfsg-2: " * d/rules: make ceph conditional similar to gluster".
PPA: https:/
I'll trigger DEP8 tests after it's done.
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: ahasenack, bryce
Uploaders: ahasenack, bryce
MP auto-approved
Andreas Hasenack (ahasenack) wrote : | # |
Thanks. The upstream release was yesterday, and the debian package appeared in launchpad just overnight :)
I think this would be fine after FF, because the release notes only mention bug fixes, but yeah, better do it before if possible.
Andreas Hasenack (ahasenack) wrote : | # |
Uploaded with rich history:
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Mike Silva (mikesilva) wrote : | # |
Is there a PPA where I can help test the multi-channel bug fix?
Andreas Hasenack (ahasenack) wrote : | # |
You can test it on mantic by enabling the proposed pocket, since samba hasn't migrated yet. I deleted the ppa after I uploaded it.
Let me know if that's ok.
Mike Silva (mikesilva) wrote : | # |
Oh, no problem. I was looking for the FAQ on how to do that over the weekend, if you have a pointer, and wouldn't mind, can you link me to it here?
I'm anxious to see this get into Mantic. It's led to a lot of user pain for some time!
Mike Silva (mikesilva) wrote : | # |
I found the FAQ and setup proposed with selective install, but this is all that I see in proposed. Not, 2:4.18.6.
samba (2:4.18.
* Add changes to fix uncaught exception when updating old password
containing regex metacharacters by simplifying samba-tool password
redaction (LP: #2002949).
- d/p/lib-
- d/p/lib-
- d/p/lib-
- d/p/samba-
- d/p/python-
- d/p/python-
- d/p/python-
-- Michal Maloszewski <email address hidden> Fri, 28 Jul 2023 00:55:03 +0200
Andreas Hasenack (ahasenack) wrote : | # |
That's not proposed indeed. But here it worked:
ubuntu@m-samba:~$ apt-cache policy samba
samba:
Installed: (none)
Candidate: 2:4.18.
Version table:
2:
100 http://
2:
500 http://
ubuntu@m-samba:~$ cat /etc/apt/
deb http://
deb http://
But do note that proposed has a lower priority (100 instead of 500), so to actually install the package from proposed you need to pass "-t mantic-proposed" to apt:
sudo apt install samba -t mantic-proposed
Mike Silva (mikesilva) wrote : | # |
That was the needed incantation. Thanks!
2.4.18.6 is fantastic. I'm seeing none of the mount/dismount problems I had before.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 2519a2a..7b4ef63 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,36 @@ |
6 | +samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes: |
9 | + - debian/control: Ubuntu i386 binary compatibility: |
10 | + + drop ceph support |
11 | + + enable the liburing vfs module, except on i386 where liburing is |
12 | + not available |
13 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
14 | + samba AD DC provisioning and domain join tests with internal DNS |
15 | + (LP #1977746, LP #2011745) |
16 | + * Dropped: |
17 | + - build-depend on libglusterfs-dev only on !i386 arches |
18 | + [In 2:4.18.5+dfsg-2] |
19 | + - Add changes to fix uncaught exception when updating old password |
20 | + containing regex metacharacters by simplifying samba-tool password |
21 | + redaction (LP #2002949). |
22 | + + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch |
23 | + + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch |
24 | + + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch |
25 | + + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch |
26 | + + d/p/python-Add-glue.burn_commandline-method.patch |
27 | + + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch |
28 | + + d/p/python-Remove-const-from-PyList_AsStringList.patch |
29 | + [Fixed upstream in 4.18.6] |
30 | + * Added: |
31 | + - d/control: adjust breaks/replaces for file move that Debian did in |
32 | + 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid |
33 | + file conflict in a dist-upgrade from earlier Ubuntu releases, like |
34 | + Kinetic (LP: #2024663) |
35 | + - d/rules: ceph is not available in Ubuntu i386, disable it |
36 | + |
37 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Aug 2023 09:52:00 -0300 |
38 | + |
39 | samba (2:4.18.6+dfsg-1) unstable; urgency=medium |
40 | |
41 | * new upstream stable/bugfix release: |
42 | @@ -54,6 +87,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium |
43 | |
44 | -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300 |
45 | |
46 | +samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium |
47 | + |
48 | + * Add changes to fix uncaught exception when updating old password |
49 | + containing regex metacharacters by simplifying samba-tool password |
50 | + redaction (LP: #2002949). |
51 | + - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch |
52 | + - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch |
53 | + - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch |
54 | + - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch |
55 | + - d/p/python-Add-glue.burn_commandline-method.patch |
56 | + - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch |
57 | + - d/p/python-Remove-const-from-PyList_AsStringList.patch |
58 | + |
59 | + -- Michal Maloszewski <michal.maloszewski@canonical.com> Fri, 28 Jul 2023 00:55:03 +0200 |
60 | + |
61 | +samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium |
62 | + |
63 | + * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining |
64 | + changes: |
65 | + - debian/control: Ubuntu i386 binary compatibility: |
66 | + + drop ceph support |
67 | + + enable the liburing vfs module, except on i386 where liburing is |
68 | + not available |
69 | + + build-depend on libglusterfs-dev only on !i386 arches |
70 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
71 | + samba AD DC provisioning and domain join tests with internal DNS |
72 | + (LP #1977746, LP #2011745) |
73 | + - d/t/util: reload instead of restarting samba, as it's quicker and |
74 | + has the same effect we want in this test |
75 | + |
76 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jul 2023 10:15:22 -0300 |
77 | + |
78 | samba (2:4.18.5+dfsg-1) unstable; urgency=medium |
79 | |
80 | * new upstream stable/security release 4.18.5, including: |
81 | @@ -131,6 +196,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium |
82 | |
83 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300 |
84 | |
85 | +samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium |
86 | + |
87 | + * Merge with Debian unstable (LP: #2018054). Remaining changes: |
88 | + - debian/control: Ubuntu i386 binary compatibility: |
89 | + + drop ceph support |
90 | + + enable the liburing vfs module, except on i386 where liburing is |
91 | + not available |
92 | + + build-depend on libglusterfs-dev only on !i386 arches |
93 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
94 | + samba AD DC provisioning and domain join tests with internal DNS |
95 | + (LP #1977746, LP #2011745) |
96 | + * Added changes: |
97 | + - d/t/util: reload instead of restarting samba, as it's quicker and |
98 | + has the same effect we want in this test |
99 | + |
100 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Jun 2023 11:59:19 -0300 |
101 | + |
102 | samba (2:4.18.3+dfsg-3) unstable; urgency=medium |
103 | |
104 | * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, |
105 | @@ -289,6 +371,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium |
106 | |
107 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300 |
108 | |
109 | +samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium |
110 | + |
111 | + * Merge with Debian unstable (LP: #2014052). Remaining changes: |
112 | + - debian/control: Ubuntu i386 binary compatibility: |
113 | + + drop ceph support |
114 | + + enable the liburing vfs module, except on i386 where liburing is |
115 | + not available |
116 | + + build-depend on libglusterfs-dev only on !i386 arches |
117 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
118 | + samba AD DC provisioning and domain join tests with internal DNS |
119 | + (LP #1977746, LP #2011745) |
120 | + |
121 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Mar 2023 15:26:11 -0300 |
122 | + |
123 | samba (2:4.17.6+dfsg-1) unstable; urgency=medium |
124 | |
125 | * new upstream stable/bugfix release 4.17.6: |
126 | @@ -316,6 +412,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium |
127 | |
128 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300 |
129 | |
130 | +samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium |
131 | + |
132 | + * Add domain join tests (LP: #2011745): |
133 | + - d/t/control: update dependencies for samba AD provisioning test, |
134 | + which now also includes a member server join test |
135 | + - d/t/util, d/t/samba-ad-dc-*: add member server join tests |
136 | + |
137 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 15 Mar 2023 20:49:56 -0300 |
138 | + |
139 | +samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium |
140 | + |
141 | + * d/t/samba-ad-dc-provisioning-internal-dns: test improvements |
142 | + (LP: #2009485): |
143 | + - increase kinit timeout, as it also does DNS lookups |
144 | + - add a trap on exit to show logs in the case of some failure |
145 | + |
146 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Mar 2023 11:49:34 -0300 |
147 | + |
148 | +samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium |
149 | + |
150 | + * Merge with Debian unstable (LP: #2002181). Remaining changes: |
151 | + - debian/control: Ubuntu i386 binary compatibility: |
152 | + + drop ceph support |
153 | + + enable the liburing vfs module, except on i386 where liburing is |
154 | + not available |
155 | + + build-depend on libglusterfs-dev only on !i386 arches |
156 | + * Added: |
157 | + - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD |
158 | + DC provisioning test with internal DNS (LP: #1977746) |
159 | + |
160 | + -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300 |
161 | + |
162 | samba (2:4.17.5+dfsg-2) unstable; urgency=medium |
163 | |
164 | * d/control: samba: depends on exact version of python3-samba |
165 | @@ -468,6 +596,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium |
166 | |
167 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300 |
168 | |
169 | +samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium |
170 | + |
171 | + * No-change rebuild with Python 3.11 as default |
172 | + |
173 | + -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000 |
174 | + |
175 | +samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium |
176 | + |
177 | + * Merge with Debian unstable (LP: #1993380). Remaining changes: |
178 | + - debian/control: Ubuntu i386 binary compatibility: |
179 | + + drop ceph support |
180 | + - d/control: enable the liburing vfs module, except on i386 where |
181 | + liburing is not available |
182 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
183 | + * Dropped: |
184 | + - debian/smb.conf; |
185 | + + Add "(Samba, Ubuntu)" to server string. |
186 | + [In 2:4.16.6+dfsg-1] |
187 | + + Comment out the default [homes] share, and add a comment about |
188 | + "valid users = %s" to show users how to restrict access to |
189 | + \\server\username to only username. |
190 | + [In 2:4.16.6+dfsg-1] |
191 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
192 | + Skip running the tests if on i386 platform, because the uring |
193 | + package is not available there. |
194 | + [In 2:4.16.6+dfsg-1, improved] |
195 | + - d/t/util: fix setting the password of the smb test user |
196 | + (LP #1955851) |
197 | + [In 2:4.16.5+dfsg-2] |
198 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
199 | + [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6] |
200 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
201 | + enable the samba glusterfs vfs mofule in that case |
202 | + [In 2:4.16.6+dfsg-1] |
203 | + |
204 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300 |
205 | + |
206 | samba (2:4.17.3+dfsg-3) unstable; urgency=medium |
207 | |
208 | * d/control: winbind should depend on the same binary:Version |
209 | @@ -764,6 +929,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium |
210 | |
211 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300 |
212 | |
213 | +samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium |
214 | + |
215 | + * Merge with Debian unstable. Remaining changes: |
216 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
217 | + - debian/smb.conf; |
218 | + + Add "(Samba, Ubuntu)" to server string. |
219 | + + Comment out the default [homes] share, and add a comment about |
220 | + "valid users = %s" to show users how to restrict access to |
221 | + \\server\username to only username. |
222 | + - debian/control: Ubuntu i386 binary compatibility: |
223 | + + drop ceph support |
224 | + - d/control: enable the liburing vfs module, except on i386 where |
225 | + liburing is not available |
226 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
227 | + Skip running the tests if on i386 platform, because the uring |
228 | + package is not available there. |
229 | + - d/t/util: fix setting the password of the smb test user |
230 | + (LP #1955851) |
231 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
232 | + enable the samba glusterfs vfs mofule in that case |
233 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
234 | + |
235 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300 |
236 | + |
237 | samba (2:4.16.4+dfsg-2) unstable; urgency=medium |
238 | |
239 | * d/libldb2.symbols: include newly added symbols |
240 | @@ -792,6 +981,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high |
241 | |
242 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300 |
243 | |
244 | +samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium |
245 | + |
246 | + * Merge with Debian unstable (LP: #1982116). Remaining changes: |
247 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
248 | + - debian/smb.conf; |
249 | + + Add "(Samba, Ubuntu)" to server string. |
250 | + + Comment out the default [homes] share, and add a comment about |
251 | + "valid users = %s" to show users how to restrict access to |
252 | + \\server\username to only username. |
253 | + - debian/control: Ubuntu i386 binary compatibility: |
254 | + + drop ceph support |
255 | + - d/control: enable the liburing vfs module, except on i386 where |
256 | + liburing is not available |
257 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
258 | + Skip running the tests if on i386 platform, because the uring |
259 | + package is not available there. |
260 | + - d/t/util: fix setting the password of the smb test user |
261 | + (LP #1955851) |
262 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
263 | + enable the samba glusterfs vfs mofule in that case |
264 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
265 | + * Dropped: |
266 | + - Update nfs scripts for new nfs.conf config (LP: #1961840): |
267 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
268 | + nfsconf(8) if it's available, instead of parsing the old config |
269 | + files in /etc/default/nfs-* |
270 | + [In 2:4.16.3+dfsg-1] |
271 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
272 | + used by the example enable-nfs.sh example script |
273 | + [In 2:4.16.3+dfsg-1] |
274 | + + d/ctdb.example/nfs-kernel-server/quota: quota config file to be |
275 | + used by the example enable-nfs.sh script |
276 | + [In 2:4.16.3+dfsg-1] |
277 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
278 | + obsolete, replaced by nfs.conf |
279 | + [In 2:4.16.3+dfsg-1] |
280 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
281 | + nfs.conf and other changes in the new nfs server packages |
282 | + [In 2:4.16.3+dfsg-1] |
283 | + - Fix abort when deleting a file and "fruit:resource = stream" is |
284 | + used. (LP #1977491) |
285 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
286 | + Add test that shows smbd crashing when deleting a file while using |
287 | + vfs_fruit with "fruit:resource = stream". |
288 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
289 | + Handle file deleting when "fruit:resource = stream" is used. |
290 | + [Fixed upstream] |
291 | + - Build dlz module for bind 9.18.x (LP #1964032) |
292 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
293 | + bind 9.18.x |
294 | + + d/p/add-support-for-bind-918-2.patch: also update the |
295 | + provisioning tool and template config file |
296 | + [Fixed upstream] |
297 | + |
298 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300 |
299 | + |
300 | samba (2:4.16.3+dfsg-1) unstable; urgency=medium |
301 | |
302 | [ Michael Tokarev ] |
303 | @@ -803,6 +1048,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium |
304 | |
305 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300 |
306 | |
307 | +samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium |
308 | + |
309 | + * Merge with Debian unstable. Remaining changes: |
310 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
311 | + - debian/smb.conf; |
312 | + + Add "(Samba, Ubuntu)" to server string. |
313 | + + Comment out the default [homes] share, and add a comment about |
314 | + "valid users = %s" to show users how to restrict access to |
315 | + \\server\username to only username. |
316 | + - debian/control: Ubuntu i386 binary compatibility: |
317 | + + drop ceph support |
318 | + - d/control: enable the liburing vfs module, except on i386 where |
319 | + liburing is not available |
320 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
321 | + Skip running the tests if on i386 platform, because the uring |
322 | + package is not available there. |
323 | + - d/t/util: fix setting the password of the smb test user |
324 | + (LP #1955851) |
325 | + - Update nfs scripts for new nfs.conf config (LP #1961840): |
326 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
327 | + nfsconf(8) if it's available, instead of parsing the old config |
328 | + files in /etc/default/nfs-* |
329 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
330 | + used by the example enable-nfs.sh example script |
331 | + + d/ctdb.example/nfs-kernel-server/quota: quota config file to be |
332 | + used by the example enable-nfs.sh script |
333 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
334 | + obsolete, replaced by nfs.conf |
335 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
336 | + nfs.conf and other changes in the new nfs server packages |
337 | + - Build dlz module for bind 9.18.x (LP #1964032) |
338 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
339 | + bind 9.18.x |
340 | + + d/p/add-support-for-bind-918-2.patch: also update the |
341 | + provisioning tool and template config file |
342 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
343 | + enable the samba glusterfs vfs mofule in that case |
344 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
345 | + - Fix abort when deleting a file and "fruit:resource = stream" is |
346 | + used. (LP #1977491) |
347 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
348 | + Add test that shows smbd crashing when deleting a file while using |
349 | + vfs_fruit with "fruit:resource = stream". |
350 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
351 | + Handle file deleting when "fruit:resource = stream" is used. |
352 | + |
353 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300 |
354 | + |
355 | samba (2:4.16.2+dfsg-1) unstable; urgency=medium |
356 | |
357 | * new upstream minor/bugfix release. |
358 | @@ -824,6 +1117,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium |
359 | |
360 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300 |
361 | |
362 | +samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium |
363 | + |
364 | + * Fix abort when deleting a file and "fruit:resource = stream" is |
365 | + used. (LP: #1977491) |
366 | + - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
367 | + Add test that shows smbd crashing when deleting a file while using |
368 | + vfs_fruit with "fruit:resource = stream". |
369 | + - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
370 | + Handle file deleting when "fruit:resource = stream" is used. |
371 | + |
372 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400 |
373 | + |
374 | +samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium |
375 | + |
376 | + * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining |
377 | + changes: |
378 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
379 | + - debian/smb.conf; |
380 | + + Add "(Samba, Ubuntu)" to server string. |
381 | + + Comment out the default [homes] share, and add a comment about |
382 | + "valid users = %s" to show users how to restrict access to |
383 | + \\server\username to only username. |
384 | + - debian/control: Ubuntu i386 binary compatibility: |
385 | + + drop ceph support |
386 | + - d/control: enable the liburing vfs module, except on i386 where |
387 | + liburing is not available |
388 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
389 | + Skip running the tests if on i386 platform, because the uring |
390 | + package is not available there. |
391 | + - d/t/util: fix setting the password of the smb test user |
392 | + (LP #1955851) |
393 | + - Update nfs scripts for new nfs.conf config (LP #1961840): |
394 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
395 | + nfsconf(8) if it's available, instead of parsing the old config |
396 | + files in /etc/default/nfs-* |
397 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
398 | + used by the example enable-nfs.sh example script |
399 | + + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota |
400 | + config file to be used by the example enable-nfs.sh script |
401 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
402 | + obsolete, replaced by nfs.conf |
403 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
404 | + nfs.conf and other changes in the new nfs server packages |
405 | + - Build dlz module for bind 9.18.x (LP #1964032) |
406 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
407 | + bind 9.18.x |
408 | + + d/p/add-support-for-bind-918-2.patch: also update the |
409 | + provisioning tool and template config file |
410 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
411 | + enable the samba glusterfs vfs mofule in that case |
412 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
413 | + * Dropped: |
414 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
415 | + the amount of in-tree crypto code that is built |
416 | + [superfluous, the version in the archive is recent enough] |
417 | + - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195) |
418 | + [Included in 2:4.13.13+dfsg-1] |
419 | + - d/control: bump required build-depends |
420 | + [Included in Debian] |
421 | + - d/samba-libs.install: update list of installed libraries and |
422 | + modules/plugins |
423 | + [Done in Debian] |
424 | + - debian/patches/CVE-2021-20254.patch: removed, applied upstream |
425 | + [Applied upstream, Debian didn't have this patch] |
426 | + - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream |
427 | + [Applied usptream, Debian did not have it] |
428 | + - d/{gpb.conf,watch,README.source}: update for 4.15 |
429 | + [Debian updated it for 4.16] |
430 | + - d/rules: remove --with-dnsupdate, it was merged with |
431 | + --with-ads in samba 4.15.0 |
432 | + [Included in 2:4.16.0+dfsg-1] |
433 | + - d/rules: drop removal of ctdb tests, they are no longer installed |
434 | + [Included in 2:4.16.0+dfsg-1] |
435 | + - Remove findsmb, no longer installed: |
436 | + + d/smbclient.install: remove findsmb |
437 | + + d/rules: drop fixing of findsmb shebang |
438 | + [Included in 2:4.16.0+dfsg-1] |
439 | + - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, |
440 | + no longer installed |
441 | + [Included in 2:4.16.0+dfsg-1] |
442 | + - d/ctdb.install: add tdb_mutex_check |
443 | + [Included in 2:4.16.0+dfsg-1] |
444 | + - d/winbind.install: add async_dns_krb5_locator |
445 | + [Included in 2:4.16.0+dfsg-1] |
446 | + - d/samba.install: install samba-bgqd and its manpage |
447 | + [Included in 2:4.16.0+dfsg-1] |
448 | + - d/{libsmbclient,libwbclient0}.symbols: symbols updates |
449 | + [Obsolete, these were for 4.15.5] |
450 | + - d/rules: drop dh_perl override, unneeded |
451 | + [Included in 2:4.16.0+dfsg-1] |
452 | + - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after |
453 | + Windows 2021-10 Monthly Rollup patch (LP #1951490) |
454 | + [Included upstream in 4.16.0rc2] |
455 | + - d/rules: install the new/changed ctdb example nfs files |
456 | + [Installed via ctdb.examples] |
457 | + * Added: |
458 | + - rename ctdb example files nfs.conf and quota, to match what the |
459 | + enable-nfs.sh script expects |
460 | + - enable-nfs.sh ctdb example: use debian's filename for the |
461 | + static port sysctl configuration |
462 | + - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was |
463 | + renamed to "cluster lock" |
464 | + |
465 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300 |
466 | + |
467 | samba (2:4.16.1+dfsg-8) unstable; urgency=medium |
468 | |
469 | * fix the Breaks/Replaces versions in the previous upload for moving |
470 | @@ -1120,6 +1518,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium |
471 | |
472 | -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300 |
473 | |
474 | +samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium |
475 | + |
476 | + * No-change rebuild against libicu71 |
477 | + |
478 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000 |
479 | + |
480 | +samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium |
481 | + |
482 | + * Enable glusterfs support (LP: #1894618): |
483 | + - d/control: revert disabling of glusterfs, since it's in main now |
484 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
485 | + enable the samba glusterfs vfs mofule in that case |
486 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
487 | + |
488 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300 |
489 | + |
490 | +samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium |
491 | + |
492 | + * Build dlz module for bind 9.18.x (LP: #1964032) |
493 | + - d/p/add-support-for-bind-918.patch: build a dlz module for |
494 | + bind 9.18.x |
495 | + - d/samba-libs.install: remove fixme comment |
496 | + - d/p/add-support-for-bind-918-2.patch: also update the provisioning |
497 | + tool and template config file |
498 | + |
499 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300 |
500 | + |
501 | +samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium |
502 | + |
503 | + * Update nfs scripts for new nfs.conf config (LP: #1961840): |
504 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
505 | + nfsconf(8) if it's available, instead of parsing the old config |
506 | + files in /etc/default/nfs-* |
507 | + - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example |
508 | + enable-nfs.sh example script |
509 | + - d/ctdb.example.quota: quota config file to be used by the example |
510 | + enable-nfs.sh script |
511 | + - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by |
512 | + nfs.conf |
513 | + - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other |
514 | + changes in the new nfs server packages |
515 | + - d/rules: install the new/changed ctdb example nfs files |
516 | + |
517 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300 |
518 | + |
519 | +samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium |
520 | + |
521 | + * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after |
522 | + Windows 2021-10 Monthly Rollup patch (LP: #1951490) |
523 | + |
524 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300 |
525 | + |
526 | +samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium |
527 | + |
528 | + * d/{gpb.conf,watch,README.source}: update for 4.15 |
529 | + * New upstream release: 4.15.5 (LP: #1946839) |
530 | + * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream |
531 | + * d/rules: remove --with-dnsupdate, it was merged with |
532 | + --with-ads in samba 4.15.0 |
533 | + * d/control: bump required build-depends |
534 | + * d/rules: drop removal of ctdb tests, they are no longer installed |
535 | + * Remove findsmb, no longer installed: |
536 | + - d/smbclient.install: remove findsmb |
537 | + - d/rules: drop fixing of findsmb shebang |
538 | + * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, |
539 | + no longer installed |
540 | + * d/samba-libs.install: update list of installed libraries and |
541 | + modules/plugins |
542 | + * d/ctdb.install: add tdb_mutex_check |
543 | + * d/winbind.install: add async_dns_krb5_locator |
544 | + * d/samba.install: install samba-bgqd and its manpage |
545 | + * d/{libsmbclient,libwbclient0}.symbols: symbols updates |
546 | + * d/control: add python3-markdown to build-depends |
547 | + * d/watch: updated to handle ~dfsg versioning, thanks to |
548 | + Sergio Durigan Junior <sergio.durigan@canonical.com> |
549 | + |
550 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300 |
551 | + |
552 | +samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium |
553 | + |
554 | + * Update to 4.13.17 as a security update |
555 | + - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 |
556 | + * Removed patches included in new version: |
557 | + - debian/patches/trusted_domain_regression_fix.patch |
558 | + - debian/patches/bug14901-*.patch |
559 | + - debian/patches/bug14922.patch |
560 | + |
561 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500 |
562 | + |
563 | samba (2:4.13.14+dfsg-1) unstable; urgency=high |
564 | |
565 | * New upstream security release in order to address the following defects: |
566 | @@ -1146,6 +1633,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high |
567 | |
568 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100 |
569 | |
570 | +samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium |
571 | + |
572 | + * No-change rebuild for icu soname change |
573 | + |
574 | + -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600 |
575 | + |
576 | +samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium |
577 | + |
578 | + * d/t/util: fix setting the password of the smb test user |
579 | + (LP: #1955851) |
580 | + |
581 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300 |
582 | + |
583 | +samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium |
584 | + |
585 | + * No-change rebuild with Python 3.10 as default version |
586 | + |
587 | + -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000 |
588 | + |
589 | +samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium |
590 | + |
591 | + * SECURITY REGRESSION: Kerberos authentication on standalone server in |
592 | + MIT realm broken |
593 | + - debian/patches/bug14922.patch: fix MIT Realm regression in |
594 | + source3/auth/user_krb5.c. |
595 | + |
596 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500 |
597 | + |
598 | +samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium |
599 | + |
600 | + * Update to 4.13.14 as a security update (LP: #1950363) |
601 | + - debian/patches/CVE-2021-20254.patch: removed, included in new |
602 | + version. |
603 | + - debian/control: bump ldb Build-Depends to 2.2.3. |
604 | + - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. |
605 | + - debian/patches/trusted_domain_regression_fix.patch: fix regression |
606 | + introduced in 4.13.14. |
607 | + - debian/patches/bug14901-*.patch: upstream patches to fix some |
608 | + mapping issues. |
609 | + - debian/patches/bug14918-*.patch: upstream patches to properly handle |
610 | + dangling symlinks. |
611 | + - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, |
612 | + CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 |
613 | + |
614 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500 |
615 | + |
616 | samba (2:4.13.13+dfsg-1) unstable; urgency=high |
617 | |
618 | [ Athos Ribeiro ] |
619 | @@ -1167,6 +1700,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high |
620 | |
621 | -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100 |
622 | |
623 | +samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium |
624 | + |
625 | + * No-change rebuild against liburing2 |
626 | + |
627 | + -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100 |
628 | + |
629 | +samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium |
630 | + |
631 | + * d/samba.postinst: do not populate sambashare from the admin group |
632 | + (Debian packaging cherry-pick. LP: #1942195) |
633 | + |
634 | + -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200 |
635 | + |
636 | +samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium |
637 | + |
638 | + * No-change rebuild due to OpenLDAP soname bump. |
639 | + |
640 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400 |
641 | + |
642 | +samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium |
643 | + |
644 | + * Merge with Debian unstable. Remaining changes: |
645 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
646 | + - debian/smb.conf; |
647 | + + Add "(Samba, Ubuntu)" to server string. |
648 | + + Comment out the default [homes] share, and add a comment about |
649 | + "valid users = %s" to show users how to restrict access to |
650 | + \\server\username to only username. |
651 | + - d/control: Disable glusterfs support because it's not in main. |
652 | + MIR bug is https://launchpad.net/bugs/1274247 |
653 | + - debian/control: Ubuntu i386 binary compatibility: |
654 | + + drop ceph support |
655 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
656 | + the amount of in-tree crypto code that is built |
657 | + - d/control: enable the liburing vfs module, except on i386 where |
658 | + liburing is not available |
659 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
660 | + Skip running the tests if on i386 platform, because the uring |
661 | + package is not available there. |
662 | + * Dropped changes: |
663 | + - debian/samba-common.config: |
664 | + + Do not change priority to high if dhclient3 is installed. |
665 | + [Included in 2:4.13.4+dfsg-1] |
666 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
667 | + change nfs service name from nfs to nfs-kernel-server |
668 | + (LP #722201) |
669 | + [Included in 2:4.13.4+dfsg-1] |
670 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
671 | + enable syslog and systemd journal by default |
672 | + [Included in 2:4.13.4+dfsg-1] |
673 | + - debian/rules: Ubuntu i386 binary compatibility: |
674 | + + drop ceph support |
675 | + + disable the following binary packages: |
676 | + - ctdb |
677 | + - libnss-winbind |
678 | + - libpam-winbind |
679 | + - python3-samba |
680 | + - samba |
681 | + - samba-common-bin |
682 | + - samba-testsuite |
683 | + - winbind |
684 | + [Included in 2:4.13.4+dfsg-1] |
685 | + - debian/rules: Ubuntu i386 binary compatibility: |
686 | + + re-enable the following binary packages: |
687 | + - libnss-winbind |
688 | + - samba-common-bin |
689 | + - python3-samba |
690 | + - winbind |
691 | + [Included in 2:4.13.4+dfsg-1] |
692 | + - SECURITY UPDATE: wrong group entries via negative idmap cache entries |
693 | + + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in |
694 | + source3/passdb/lookup_sid.c. |
695 | + + CVE-2021-20254 |
696 | + [Included in 2:4.13.5+dfsg-2] |
697 | + |
698 | + -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300 |
699 | + |
700 | samba (2:4.13.5+dfsg-2) unstable; urgency=high |
701 | |
702 | * CVE-2021-20254: Negative idmap cache entries can cause incorrect group |
703 | @@ -1198,6 +1808,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium |
704 | |
705 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100 |
706 | |
707 | +samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium |
708 | + |
709 | + * SECURITY UPDATE: wrong group entries via negative idmap cache entries |
710 | + - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in |
711 | + source3/passdb/lookup_sid.c. |
712 | + - CVE-2021-20254 |
713 | + |
714 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400 |
715 | + |
716 | +samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium |
717 | + |
718 | + * No change rebuild to pick up liburing, and also |
719 | + fix d/t/cifs-share-access-uring. (LP: #1914145) |
720 | + |
721 | + -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300 |
722 | + |
723 | +samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium |
724 | + |
725 | + * Merge with Debian unstable. Remaining changes: |
726 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
727 | + - debian/smb.conf; |
728 | + + Add "(Samba, Ubuntu)" to server string. |
729 | + + Comment out the default [homes] share, and add a comment about |
730 | + "valid users = %s" to show users how to restrict access to |
731 | + \\server\username to only username. |
732 | + - debian/samba-common.config: |
733 | + + Do not change priority to high if dhclient3 is installed. |
734 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
735 | + MIR bug is https://launchpad.net/bugs/1274247 |
736 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
737 | + change nfs service name from nfs to nfs-kernel-server |
738 | + (LP #722201) |
739 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
740 | + enable syslog and systemd journal by default |
741 | + - debian/rules: Ubuntu i386 binary compatibility: |
742 | + + drop ceph support |
743 | + + disable the following binary packages: |
744 | + - ctdb |
745 | + - libnss-winbind |
746 | + - libpam-winbind |
747 | + - python3-samba |
748 | + - samba |
749 | + - samba-common-bin |
750 | + - samba-testsuite |
751 | + - winbind |
752 | + - debian/control: Ubuntu i386 binary compatibility: |
753 | + + drop ceph support |
754 | + - debian/rules: Ubuntu i386 binary compatibility: |
755 | + + re-enable the following binary packages: |
756 | + - libnss-winbind |
757 | + - samba-common-bin |
758 | + - python3-samba |
759 | + - winbind |
760 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
761 | + the amount of in-tree crypto code that is built |
762 | + - d/control: enable the liburing vfs module, except on i386 where |
763 | + liburing is not available |
764 | + * Dropped changes, incorporated by Debian: |
765 | + - d/t/smbclient-anonymous-share-list: add set -x and set -e |
766 | + - Factor out common DEP8 test code into d/t/util and change the tests |
767 | + to source from it: |
768 | + + d/t/util: added |
769 | + + d/t/cifs-share-access, d/t/smbclient-share-access: source from |
770 | + util, use random share name and add set -x and set -u |
771 | + + d/t/smbclient-authenticated-share-list: source from util and add |
772 | + set -x and set -u |
773 | + - Add new DEP8 tests for the uring vfs module: |
774 | + + d/t/control: add smbclient-share-access-uring and |
775 | + cifs-share-access-uring tests |
776 | + + d/t/smbclient-share-access-uring: new test |
777 | + + d/t/cifs-share-access-uring: new test |
778 | + - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
779 | + guard uring tests with a kernel version check and skip if it's too old |
780 | + * Added changes: |
781 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
782 | + Skip running the tests if on i386 platform, because the uring |
783 | + package is not available there. |
784 | + |
785 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500 |
786 | + |
787 | samba (2:4.13.3+dfsg-1) unstable; urgency=medium |
788 | |
789 | [ Andreas Hasenack ] |
790 | @@ -1213,6 +1903,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium |
791 | |
792 | -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100 |
793 | |
794 | +samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium |
795 | + |
796 | + * Merge with Debian unstable (LP: #1905048). Remaining changes: |
797 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
798 | + - debian/smb.conf; |
799 | + + Add "(Samba, Ubuntu)" to server string. |
800 | + + Comment out the default [homes] share, and add a comment about |
801 | + "valid users = %s" to show users how to restrict access to |
802 | + \\server\username to only username. |
803 | + - debian/samba-common.config: |
804 | + + Do not change priority to high if dhclient3 is installed. |
805 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
806 | + MIR bug is https://launchpad.net/bugs/1274247 |
807 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
808 | + change nfs service name from nfs to nfs-kernel-server |
809 | + (LP #722201) |
810 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
811 | + enable syslog and systemd journal by default |
812 | + - debian/rules: Ubuntu i386 binary compatibility: |
813 | + + drop ceph support |
814 | + + disable the following binary packages: |
815 | + - ctdb |
816 | + - libnss-winbind |
817 | + - libpam-winbind |
818 | + - python3-samba |
819 | + - samba |
820 | + - samba-common-bin |
821 | + - samba-testsuite |
822 | + - winbind |
823 | + - debian/control: Ubuntu i386 binary compatibility: |
824 | + + drop ceph support |
825 | + - debian/rules: Ubuntu i386 binary compatibility: |
826 | + + re-enable the following binary packages: |
827 | + - libnss-winbind |
828 | + - samba-common-bin |
829 | + - python3-samba |
830 | + - winbind |
831 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
832 | + the amount of in-tree crypto code that is built |
833 | + * d/t/smbclient-anonymous-share-list: add set -x and set -e |
834 | + * Factor out common DEP8 test code into d/t/util and change the tests |
835 | + to source from it: |
836 | + - d/t/util: added |
837 | + - d/t/cifs-share-access, d/t/smbclient-share-access: source from |
838 | + util, use random share name and add set -x and set -u |
839 | + - d/t/smbclient-authenticated-share-list: source from util and add |
840 | + set -x and set -u |
841 | + * d/control: enable the liburing vfs module, except on i386 where |
842 | + liburing is not available |
843 | + * Add new DEP8 tests for the uring vfs module: |
844 | + - d/t/control: add smbclient-share-access-uring and |
845 | + cifs-share-access-uring tests |
846 | + - d/t/smbclient-share-access-uring: new test |
847 | + - d/t/cifs-share-access-uring: new test |
848 | + * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
849 | + guard uring tests with a kernel version check and skip if it's too old |
850 | + * Dropped changes: |
851 | + - SECURITY UPDATE: Unauthenticated domain controller compromise by |
852 | + subverting Netlogon cryptography (ZeroLogon) |
853 | + + debian/patches/zerologon-*.patch: backport upstream patches: |
854 | + + For compatibility reasons, allow specifying an insecure netlogon |
855 | + configuration per machine. See the following link for examples: |
856 | + https://www.samba.org/samba/security/CVE-2020-1472.html |
857 | + + Add additional server checks for the protocol attack in the |
858 | + client-specified challenge to provide some protection when |
859 | + 'server schannel = no/auto' and avoid the false-positive results |
860 | + when running the proof-of-concept exploit. |
861 | + [ Incorporated by upstream. ] |
862 | + - SECURITY UPDATE: Missing handle permissions check in ChangeNotify |
863 | + + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't |
864 | + get set unless the directory handle is open for SEC_DIR_LIST in |
865 | + source4/torture/smb2/notify.c, source3/smbd/notify.c. |
866 | + + CVE-2020-14318 |
867 | + - SECURITY UPDATE: Unprivileged user can crash winbind |
868 | + + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in |
869 | + source3/winbindd/winbindd_lookupsids.c, |
870 | + source4/torture/winbind/struct_based.c. |
871 | + + CVE-2020-14323 |
872 | + - SECURITY UPDATE: DNS server crash via invalid records |
873 | + - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization |
874 | + with NULL and do not crash when additional data not found in |
875 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
876 | + + CVE-2020-14383 |
877 | + [ Incorporated by upstream. ] |
878 | + |
879 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500 |
880 | + |
881 | samba (2:4.13.2+dfsg-3) unstable; urgency=medium |
882 | |
883 | * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) |
884 | @@ -1258,6 +2035,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium |
885 | |
886 | -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100 |
887 | |
888 | +samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium |
889 | + |
890 | + * SECURITY UPDATE: Missing handle permissions check in ChangeNotify |
891 | + - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't |
892 | + get set unless the directory handle is open for SEC_DIR_LIST in |
893 | + source4/torture/smb2/notify.c, source3/smbd/notify.c. |
894 | + - CVE-2020-14318 |
895 | + * SECURITY UPDATE: Unprivileged user can crash winbind |
896 | + - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in |
897 | + source3/winbindd/winbindd_lookupsids.c, |
898 | + source4/torture/winbind/struct_based.c. |
899 | + - CVE-2020-14323 |
900 | + * SECURITY UPDATE: DNS server crash via invalid records |
901 | + - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization |
902 | + with NULL and do not crash when additional data not found in |
903 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
904 | + - CVE-2020-14383 |
905 | + |
906 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400 |
907 | + |
908 | +samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium |
909 | + |
910 | + * SECURITY UPDATE: Unauthenticated domain controller compromise by |
911 | + subverting Netlogon cryptography (ZeroLogon) |
912 | + - debian/patches/zerologon-*.patch: backport upstream patches: |
913 | + + For compatibility reasons, allow specifying an insecure netlogon |
914 | + configuration per machine. See the following link for examples: |
915 | + https://www.samba.org/samba/security/CVE-2020-1472.html |
916 | + + Add additional server checks for the protocol attack in the |
917 | + client-specified challenge to provide some protection when |
918 | + 'server schannel = no/auto' and avoid the false-positive results |
919 | + when running the proof-of-concept exploit. |
920 | + - CVE-2020-1472 |
921 | + |
922 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400 |
923 | + |
924 | +samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium |
925 | + |
926 | + * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
927 | + guard uring tests with a kernel version check and skip if it's too old |
928 | + |
929 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300 |
930 | + |
931 | +samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium |
932 | + |
933 | + * d/t/smbclient-anonymous-share-list: add set -x and set -e |
934 | + * Factor out common DEP8 test code into d/t/util and change the tests |
935 | + to source from it: |
936 | + - d/t/util: added |
937 | + - d/t/cifs-share-access, d/t/smbclient-share-access: source from |
938 | + util, use random share name and add set -x and set -u |
939 | + - d/t/smbclient-authenticated-share-list: source from util and add |
940 | + set -x and set -u |
941 | + * d/control: enable the liburing vfs module, except on i386 where |
942 | + liburing is not available |
943 | + * Add new DEP8 tests for the uring vfs module: |
944 | + - d/t/control: add smbclient-share-access-uring and |
945 | + cifs-share-access-uring tests |
946 | + - d/t/smbclient-share-access-uring: new test |
947 | + - d/t/cifs-share-access-uring: new test |
948 | + |
949 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300 |
950 | + |
951 | +samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium |
952 | + |
953 | + * Merge with Debian unstable. Remaining changes: |
954 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
955 | + - debian/smb.conf; |
956 | + + Add "(Samba, Ubuntu)" to server string. |
957 | + + Comment out the default [homes] share, and add a comment about |
958 | + "valid users = %s" to show users how to restrict access to |
959 | + \\server\username to only username. |
960 | + - debian/samba-common.config: |
961 | + + Do not change priority to high if dhclient3 is installed. |
962 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
963 | + MIR bug is https://launchpad.net/bugs/1274247 |
964 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
965 | + change nfs service name from nfs to nfs-kernel-server |
966 | + (LP #722201) |
967 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
968 | + enable syslog and systemd journal by default |
969 | + - debian/rules: Ubuntu i386 binary compatibility: |
970 | + + drop ceph support |
971 | + + disable the following binary packages: |
972 | + - ctdb |
973 | + - libnss-winbind |
974 | + - libpam-winbind |
975 | + - python3-samba |
976 | + - samba |
977 | + - samba-common-bin |
978 | + - samba-testsuite |
979 | + - winbind |
980 | + - debian/control: Ubuntu i386 binary compatibility: |
981 | + + drop ceph support |
982 | + - debian/rules: Ubuntu i386 binary compatibility: |
983 | + + re-enable the following binary packages: |
984 | + - libnss-winbind |
985 | + - samba-common-bin |
986 | + - python3-samba |
987 | + - winbind |
988 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
989 | + the amount of in-tree crypto code that is built |
990 | + * Dropped: |
991 | + - d/gbp.conf, d/watch, d/README.source: update for 4.12 |
992 | + [In 2:4.12.3+dfsg-1] |
993 | + - d/control: bump build-depends: |
994 | + + ldb: 2.1.2 |
995 | + + tevent: 0.10.2 |
996 | + + tdb: 1.4.3 |
997 | + + talloc: 2.3.1 |
998 | + [In 2:4.12.3+dfsg-1] |
999 | + - d/smbclient.install: add new binary mdfind and its manpage |
1000 | + [In 2:4.12.3+dfsg-1] |
1001 | + - d/samba-dev.install, d/samba-libs.install: new lib |
1002 | + libdcerpc-server-core |
1003 | + [In 2:4.12.3+dfsg-1] |
1004 | + - d/samba-libs.install: new library libtalloc-report-printf |
1005 | + [In 2:4.12.3+dfsg-1] |
1006 | + - d/libwbclient0.install: remove libaesni, no longer built when |
1007 | + gnutls provides AES CMAC |
1008 | + [In 2:4.12.3+dfsg-1] |
1009 | + - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols |
1010 | + [In 2:4.12.3+dfsg-1] |
1011 | + - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch |
1012 | + [Dropped in 2:4.12.3+dfsg-1] |
1013 | + - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch |
1014 | + [Dropped in 2:4.12.3+dfsg-1] |
1015 | + - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch |
1016 | + [Dropped in 2:4.12.3+dfsg-1] |
1017 | + |
1018 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300 |
1019 | + |
1020 | samba (2:4.12.5+dfsg-3) unstable; urgency=high |
1021 | |
1022 | * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump |
1023 | @@ -1322,6 +2231,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium |
1024 | |
1025 | -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200 |
1026 | |
1027 | +samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium |
1028 | + |
1029 | + * New upstream version: 4.12.2 |
1030 | + * d/gbp.conf, d/watch, d/README.source: update for 4.12 |
1031 | + * d/control: bump build-depends: |
1032 | + - ldb: 2.1.2 |
1033 | + - tevent: 0.10.2 |
1034 | + - tdb: 1.4.3 |
1035 | + - talloc: 2.3.1 |
1036 | + * d/smbclient.install: add new binary mdfind and its manpage |
1037 | + * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core |
1038 | + * d/samba-libs.install: new library libtalloc-report-printf |
1039 | + * d/libwbclient0.install: remove libaesni, no longer built when |
1040 | + gnutls provides AES CMAC |
1041 | + * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols |
1042 | + * d/control: add a versioned libgnutls28-dev build-depends to reduce |
1043 | + the amount of in-tree crypto code that is built |
1044 | + * Dropped (applied upstream): |
1045 | + - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch |
1046 | + - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch |
1047 | + - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch |
1048 | + - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch |
1049 | + |
1050 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300 |
1051 | + |
1052 | +samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium |
1053 | + |
1054 | + * SECURITY UPDATE: Use-after-free in AD DC LDAP server |
1055 | + - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in |
1056 | + combination with paged_results in selftest/knownfail.d/asq, |
1057 | + source4/dsdb/tests/python/asq.py, source4/selftest/tests.py. |
1058 | + - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control |
1059 | + for the GUID search in paged_results in selftest/knownfail.d/asq, |
1060 | + source4/dsdb/samdb/ldb_modules/paged_results.c. |
1061 | + - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev |
1062 | + Build-Depends to 2.0.10. |
1063 | + - CVE-2020-10700 |
1064 | + * SECURITY UPDATE: Stack overflow in AD DC LDAP server |
1065 | + - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in |
1066 | + auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, |
1067 | + lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, |
1068 | + libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, |
1069 | + source3/lib/tldap.c, source3/lib/tldap_util.c, |
1070 | + source3/libsmb/clispnego.c, source3/torture/torture.c, |
1071 | + source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, |
1072 | + source4/libcli/ldap/ldap_client.c, |
1073 | + source4/libcli/ldap/ldap_controls.c. |
1074 | + - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in |
1075 | + lib/util/asn1.c. |
1076 | + - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in |
1077 | + docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, |
1078 | + docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, |
1079 | + lib/param/loadparm.c, source3/param/loadparm.c. |
1080 | + - debian/patches/CVE-2020-10704-6.patch: limit request sizes in |
1081 | + source4/ldap_server/ldap_server.c. |
1082 | + - debian/patches/CVE-2020-10704-7.patch: add search size limits to |
1083 | + ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, |
1084 | + lib/param/loadparm.c, libcli/cldap/cldap.c, |
1085 | + libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, |
1086 | + source3/param/loadparm.c, source4/ldap_server/ldap_server.c, |
1087 | + source4/libcli/ldap/ldap_client.c. |
1088 | + - debian/patches/CVE-2020-10704-8.patch: check search request lengths |
1089 | + in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. |
1090 | + - CVE-2020-10704 |
1091 | + |
1092 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400 |
1093 | + |
1094 | +samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium |
1095 | + |
1096 | + * New upstream release: 4.11.6 |
1097 | + * d/p/samba-tool-py38-*.patch: dropped, fixed upstream |
1098 | + |
1099 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300 |
1100 | + |
1101 | +samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium |
1102 | + |
1103 | + * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324) |
1104 | + |
1105 | + -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300 |
1106 | + |
1107 | +samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium |
1108 | + |
1109 | + * Merge with Debian unstable. Remaining changes: |
1110 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1111 | + - debian/smb.conf; |
1112 | + + Add "(Samba, Ubuntu)" to server string. |
1113 | + + Comment out the default [homes] share, and add a comment about |
1114 | + "valid users = %s" to show users how to restrict access to |
1115 | + \\server\username to only username. |
1116 | + - debian/samba-common.config: |
1117 | + + Do not change priority to high if dhclient3 is installed. |
1118 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1119 | + MIR bug is https://launchpad.net/bugs/1274247 |
1120 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1121 | + change nfs service name from nfs to nfs-kernel-server |
1122 | + (LP #722201) |
1123 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
1124 | + enable syslog and systemd journal by default |
1125 | + - debian/rules: Ubuntu i386 binary compatibility: |
1126 | + + drop ceph support |
1127 | + + disable the following binary packages: |
1128 | + - ctdb |
1129 | + - libnss-winbind |
1130 | + - libpam-winbind |
1131 | + - python3-samba |
1132 | + - samba |
1133 | + - samba-common-bin |
1134 | + - samba-testsuite |
1135 | + - winbind |
1136 | + - debian/control: Ubuntu i386 binary compatibility: |
1137 | + + drop ceph support |
1138 | + - debian/rules: Ubuntu i386 binary compatibility: |
1139 | + + re-enable the following binary packages: |
1140 | + - libnss-winbind |
1141 | + - samba-common-bin |
1142 | + - python3-samba |
1143 | + - winbind |
1144 | + * Dropped: |
1145 | + - d/control: drop python3-matplotlib. It's only used in |
1146 | + script/attr_count_read which is not installed with the |
1147 | + samba packages. |
1148 | + [In 2:4.11.3+dfsg-1] |
1149 | + |
1150 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300 |
1151 | + |
1152 | samba (2:4.11.5+dfsg-1) unstable; urgency=medium |
1153 | |
1154 | * New upstream security release |
1155 | @@ -1349,6 +2383,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high |
1156 | |
1157 | -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100 |
1158 | |
1159 | +samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium |
1160 | + |
1161 | + * Ubuntu i386 binary compatibility effort: (LP: #1861316) |
1162 | + - debian/rules: |
1163 | + + re-enable the following binary packages generation: |
1164 | + - libnss-winbind |
1165 | + - samba-common-bin |
1166 | + - python3-samba |
1167 | + - winbind |
1168 | + |
1169 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000 |
1170 | + |
1171 | +samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium |
1172 | + |
1173 | + * No-change rebuild to build with python3.8. |
1174 | + |
1175 | + -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000 |
1176 | + |
1177 | +samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium |
1178 | + |
1179 | + * Ubuntu i386 binary compatibility effort: (LP: #1858479) |
1180 | + - debian/control: |
1181 | + + drop ceph support |
1182 | + - debian/rules: |
1183 | + + drop ceph support |
1184 | + + disable the following binary packages generation: |
1185 | + - ctdb |
1186 | + - libnss-winbind |
1187 | + - libpam-winbind |
1188 | + - python3-samba |
1189 | + - samba |
1190 | + - samba-common-bin |
1191 | + - samba-testsuite |
1192 | + - winbind |
1193 | + |
1194 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000 |
1195 | + |
1196 | +samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium |
1197 | + |
1198 | + * Merge with Debian unstable. Remaining changes: |
1199 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1200 | + - debian/smb.conf; |
1201 | + + Add "(Samba, Ubuntu)" to server string. |
1202 | + + Comment out the default [homes] share, and add a comment about |
1203 | + "valid users = %s" to show users how to restrict access to |
1204 | + \\server\username to only username. |
1205 | + - debian/samba-common.config: |
1206 | + + Do not change priority to high if dhclient3 is installed. |
1207 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1208 | + MIR bug is https://launchpad.net/bugs/1274247 |
1209 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1210 | + change nfs service name from nfs to nfs-kernel-server |
1211 | + (LP #722201) |
1212 | + [Adopted the Debian version and added a couple of extra hunks |
1213 | + we had] |
1214 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
1215 | + enable syslog and systemd journal by default |
1216 | + * Dropped: |
1217 | + - Add apport hook: |
1218 | + + Created debian/source_samba.py. |
1219 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1220 | + [In 2:4.9.4+dfsg-2] |
1221 | + - Removed patches already applied upstream: |
1222 | + + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch |
1223 | + [Removed in 2:4.10.7+dfsg-1] |
1224 | + + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch |
1225 | + [Removed in 4.9.5+dfsg-1] |
1226 | + - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz |
1227 | + [Refreshed in 2:4.1.17+dfsg-1] |
1228 | + - d/control: Updated build dependencies (already updated in Debian): |
1229 | + + tdb >= 1.3.17 |
1230 | + + talloc >= 2.1.15 |
1231 | + + tevent >= 0.9.38 |
1232 | + + ldb >= 1.5.3 |
1233 | + - d/samba-common.docs: README is now README.md |
1234 | + [In 2:4.10.7+dfsg-1] |
1235 | + - d/libsmbclient.symbols: update symbols for this version |
1236 | + - d/libwbclient0.symbols: update symbols for this version |
1237 | + - d/ctdb.install: new binary ctdb_local_daemons |
1238 | + [In 2:4.10.7+dfsg-1] |
1239 | + - d/samba-dev.install: use globbing for the header files with |
1240 | + exceptions for wbclient.h and libsmbclient.h, which belong in |
1241 | + other packages. |
1242 | + [In 2:4.10.7+dfsg-1] |
1243 | + - d/rules: fix globbing used to move the dckeytab python module to the |
1244 | + samba package, and add a comment explaining why this is being done. |
1245 | + [In 2:4.10.7+dfsg-1] |
1246 | + - Switch to python3 (in 2:4.10.7+dfsg-1): |
1247 | + + d/rules: calculate the ldb version using python3, and drop the |
1248 | + "really" bit since the real 1.5.x series is being used now. |
1249 | + + d/rules: make sure python3 is used for the build |
1250 | + + d/rules: adjust globbing to remove the python3 version of tevent.so |
1251 | + + d/rules: drop PYVERS, unused |
1252 | + + d/control: adjust dependencies (build and runtime) for python3 |
1253 | + + d/python3-samba.install, d/control: new python3-samba package |
1254 | + (LP #1440381) |
1255 | + + d/control, d/python-samba.install: get rid of python-samba, which is py2 |
1256 | + + d/python3-samba.lintian-overrides: use the same overrides we had for |
1257 | + python-samba, now deleted. |
1258 | + + d/samba-dev.install, d/samba-libs.install: update file list |
1259 | + + d/t/control, d/t/python-smoke: use python3 |
1260 | + + d/control: use ${python3:Depends} now instead of the python 2 |
1261 | + counterpart for samba and samba-common-bin. |
1262 | + - d/control: drop suggests for python-gpgme, it's no longer available. |
1263 | + [In 2:4.10.7+dfsg-1] |
1264 | + - d/gbp.conf, d/watch, r/README.source: updated for 4.10 |
1265 | + [In 2:4.10.7+dfsg-1] |
1266 | + - d/control: update cmocka build-depends to >= 1.1.3 |
1267 | + [In 2:4.10.7+dfsg-1] |
1268 | + - d/samba-libs.install: bump passdb minor to 0.27.2 |
1269 | + [In 2:4.10.7+dfsg-1] |
1270 | + - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d |
1271 | + to allow pid file to exist (LP #1821775) |
1272 | + [In 2:4.10.7+dfsg-1] |
1273 | + - Allow proper ctdb initalization (LP #1828799): |
1274 | + + d/ctdb.dirs: added /var/lib/ctdb/* directories |
1275 | + + d/ctdb.postrm: remove leftovers from: |
1276 | + /var/lib/ctdb/{state,persistent,volatile,scripts} |
1277 | + [In 2:4.10.7+dfsg-1] |
1278 | + - d/rules: installing provided config examples and helper scripts |
1279 | + - Examples of NFS HA CTDB config files + helper script: |
1280 | + + d/ctdb.example.enable.nfs.sh |
1281 | + + d/ctdb.example.nfs-common |
1282 | + + d/ctdb.example.nfs-kernel-server |
1283 | + + d/ctdb.example.services |
1284 | + + d/ctdb.example.sysctl-nfs-static-ports.conf |
1285 | + [In 2:4.10.7+dfsg-1] |
1286 | + - debian/rules: Make DEB_HOST_ARCH_CPU initialized through |
1287 | + dpkg-architecture (Closes: #931138) |
1288 | + [In 2:4.10.7+dfsg-1] |
1289 | + - d/control: update ldb build-deps to 1.5.5 |
1290 | + [In 2:4.10.7+dfsg-1] |
1291 | + - SECURITY UPDATE: restricted share escape by user (LP #1842533) |
1292 | + [fixed upstream in 4.11.0rc2] |
1293 | + + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate |
1294 | + out impersonation debug info into a new function. |
1295 | + + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that |
1296 | + change_to_user_internal() always resets current_user.done_chdir |
1297 | + + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we |
1298 | + reset current_user.{need,done}_chdir in become_root() |
1299 | + + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make |
1300 | + fsrvp_share its own independent subdirectory |
1301 | + + debian/patches/CVE-2019-10197-05-v4-10.patch: |
1302 | + test_smbclient_s3.sh: add regression test for the no permission |
1303 | + on share root problem |
1304 | + + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split |
1305 | + change_to_user_impersonate() out of change_to_user_internal() |
1306 | + + CVE-2019-10197 |
1307 | + * Added: |
1308 | + - d/control: drop python3-matplotlib. It's only used in |
1309 | + script/attr_count_read which is not installed with the |
1310 | + samba packages. |
1311 | + |
1312 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300 |
1313 | + |
1314 | samba (2:4.11.1+dfsg-3) unstable; urgency=medium |
1315 | |
1316 | * Add some python dependencies: |
1317 | @@ -1557,6 +2746,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium |
1318 | |
1319 | -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200 |
1320 | |
1321 | +samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium |
1322 | + |
1323 | + * No-change rebuild to build with python3.8. |
1324 | + |
1325 | + -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000 |
1326 | + |
1327 | +samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium |
1328 | + |
1329 | + * SECURITY UPDATE: restricted share escape by user (LP: #1842533) |
1330 | + - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate |
1331 | + out impersonation debug info into a new function. |
1332 | + - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that |
1333 | + change_to_user_internal() always resets current_user.done_chdir |
1334 | + - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we |
1335 | + reset current_user.{need,done}_chdir in become_root() |
1336 | + - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make |
1337 | + fsrvp_share its own independent subdirectory |
1338 | + - debian/patches/CVE-2019-10197-05-v4-10.patch: |
1339 | + test_smbclient_s3.sh: add regression test for the no permission |
1340 | + on share root problem |
1341 | + - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split |
1342 | + change_to_user_impersonate() out of change_to_user_internal() |
1343 | + - CVE-2019-10197 |
1344 | + |
1345 | + -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 |
1346 | + |
1347 | +samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium |
1348 | + |
1349 | + * New upstream version: 4.10.7 |
1350 | + - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped, |
1351 | + included upstream in 4.10.7 |
1352 | + |
1353 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300 |
1354 | + |
1355 | +samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium |
1356 | + |
1357 | + * New upstream version: 4.10.6 |
1358 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update |
1359 | + the Debian config and use it. |
1360 | + - d/control: update ldb build-deps to 1.5.5 |
1361 | + * Dropped: |
1362 | + - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5 |
1363 | + - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5 |
1364 | + - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3 |
1365 | + - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2 |
1366 | + - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2 |
1367 | + - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1 |
1368 | + - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed |
1369 | + upstream in 4.10.5 |
1370 | + |
1371 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300 |
1372 | + |
1373 | +samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium |
1374 | + |
1375 | + * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1376 | + change service name from nfs to nfs-kernel-server in |
1377 | + legacy script 06.nfs.script also (LP: #722201) |
1378 | + |
1379 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000 |
1380 | + |
1381 | +samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium |
1382 | + |
1383 | + * debian/rules: Make DEB_HOST_ARCH_CPU initialized through |
1384 | + dpkg-architecture (Closes: #931138) |
1385 | + * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: |
1386 | + fix tcp_tw_recycle existence check. (LP: #722201) |
1387 | + * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1388 | + change nfs service name from nfs to nfs-kernel-server |
1389 | + (LP: #722201) |
1390 | + * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d |
1391 | + to allow pid file to exist (LP: #1821775) |
1392 | + * Allow proper ctdb initialization (LP: #1828799): |
1393 | + - d/ctdb.dirs: added /var/lib/ctdb/* directories |
1394 | + - d/ctdb.postrm: remove leftovers from: |
1395 | + /var/lib/ctdb/{state,persistent,volatile,scripts} |
1396 | + * d/rules: installing provided config examples and helper scripts |
1397 | + * Examples of NFS HA CTDB config files + helper script: |
1398 | + - d/ctdb.example.enable.nfs.sh |
1399 | + - d/ctdb.example.nfs-common |
1400 | + - d/ctdb.example.nfs-kernel-server |
1401 | + - d/ctdb.example.services |
1402 | + - d/ctdb.example.sysctl-nfs-static-ports.conf |
1403 | + * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: |
1404 | + do not try to start daemon if /etc/ctdb/nodes does not exist |
1405 | + * d/p/ctdb-config-enable-syslog-by-default.patch: |
1406 | + enable syslog and systemd journal by default |
1407 | + |
1408 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000 |
1409 | + |
1410 | +samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium |
1411 | + |
1412 | + * SECURITY UPDATE: zone operations can crash rpc server |
1413 | + - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone |
1414 | + not found in DnssrvOperation in |
1415 | + python/samba/tests/dcerpc/dnsserver.py, |
1416 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1417 | + - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone |
1418 | + not found in DnssrvOperation2 in |
1419 | + python/samba/tests/dcerpc/dnsserver.py, |
1420 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1421 | + - CVE-2019-12435 |
1422 | + * SECURITY UPDATE: paged_searches crash on LDAP and homes access |
1423 | + - debian/patches/CVE-2019-12436.patch: ignore successful results |
1424 | + without messages in source4/dsdb/samdb/ldb_modules/paged_results.c, |
1425 | + source4/dsdb/tests/python/vlv.py. |
1426 | + - CVE-2019-12436 |
1427 | + |
1428 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400 |
1429 | + |
1430 | +samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium |
1431 | + |
1432 | + * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum |
1433 | + - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with |
1434 | + unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, |
1435 | + source4/torture/krb5/kdc-canon-heimdal.c. |
1436 | + - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with |
1437 | + unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, |
1438 | + source4/heimdal/kdc/krb5tgs.c. |
1439 | + - CVE-2018-16860 |
1440 | + |
1441 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400 |
1442 | + |
1443 | +samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium |
1444 | + |
1445 | + * SECURITY UPDATE: world writable files in Samba AD DC private/ dir |
1446 | + - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for |
1447 | + umask being overwritten in python/samba/tests/ntacls_backup.py, |
1448 | + python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py, |
1449 | + selftest/knownfail.d/umask-leak. |
1450 | + - debian/patches/CVE-2019-3870-2.patch: add test to check |
1451 | + file-permissions are correct after provision in |
1452 | + selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py, |
1453 | + source4/setup/tests/provision_fileperms.sh. |
1454 | + - debian/patches/CVE-2019-3870-3.patch: include tests to show the |
1455 | + outside umask has no impact in python/samba/tests/ntacls_backup.py, |
1456 | + python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask. |
1457 | + - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as |
1458 | + close as possible to users in source3/smbd/pysmbd.c, |
1459 | + selftest/knownfail.d/provision_fileperms, |
1460 | + selftest/knownfail.d/umask-leak. |
1461 | + - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for |
1462 | + smbd.mkdir() in selftest/knownfail.d/pymkdir-umask, |
1463 | + source3/smbd/pysmbd.c. |
1464 | + - CVE-2019-3870 |
1465 | + * SECURITY UPDATE: save registry file outside share as unprivileged user |
1466 | + - debian/patches/CVE-2019-3880.patch: remove implementations of |
1467 | + SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c. |
1468 | + - CVE-2019-3880 |
1469 | + |
1470 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400 |
1471 | + |
1472 | +samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium |
1473 | + |
1474 | + * New upstream version: 4.10.0 |
1475 | + - d/gbp.conf, d/watch, r/README.source: updated for 4.10 |
1476 | + - d/control: update cmocka build-depends to >= 1.1.3 |
1477 | + - d/samba-libs.install: bump passdb minor to 0.27.2 |
1478 | + * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to |
1479 | + Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846) |
1480 | + |
1481 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300 |
1482 | + |
1483 | +samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium |
1484 | + |
1485 | + * New upstream version 4.10.0rc4 (LP: #1818518): |
1486 | + - Removed patches already applied upstream: |
1487 | + + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch |
1488 | + + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch |
1489 | + - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz |
1490 | + - d/control: Updated build dependencies: |
1491 | + + tdb >= 1.3.17 |
1492 | + + talloc >= 2.1.15 |
1493 | + + tevent >= 0.9.38 |
1494 | + + ldb >= 1.5.3 |
1495 | + - d/samba-common.docs: README is now README.md |
1496 | + - d/libsmbclient.symbols: update symbols for this version |
1497 | + - d/libwbclient0.symbols: update symbols for this version |
1498 | + - d/ctdb.install: new binary ctdb_local_daemons |
1499 | + - d/samba-dev.install: use globbing for the header files with |
1500 | + exceptions for wbclient.h and libsmbclient.h, which belong in |
1501 | + other packages. |
1502 | + - d/rules: fix globbing used to move the dckeytab python module to the |
1503 | + samba package, and add a comment explaining why this is being done. |
1504 | + * Switch to python3: |
1505 | + - d/rules: calculate the ldb version using python3, and drop the |
1506 | + "really" bit since the real 1.5.x series is being used now. |
1507 | + - d/rules: make sure python3 is used for the build |
1508 | + - d/rules: adjust globbing to remove the python3 version of tevent.so |
1509 | + - d/rules: drop PYVERS, unused |
1510 | + - d/control: adjust dependencies (build and runtime) for python3 |
1511 | + - d/python3-samba.install, d/control: new python3-samba package |
1512 | + (LP: #1440381) |
1513 | + - d/control, d/python-samba.install: get rid of python-samba, which is py2 |
1514 | + - d/python3-samba.lintian-overrides: use the same overrides we had for |
1515 | + python-samba, now deleted. |
1516 | + - d/samba-dev.install, d/samba-libs.install: update file list |
1517 | + - d/t/control, d/t/python-smoke: use python3 |
1518 | + - d/control: use ${python3:Depends} now instead of the python 2 |
1519 | + counterpart for samba and samba-common-bin. |
1520 | + * d/control: drop suggests for python-gpgme, it's no longer available. |
1521 | + |
1522 | + -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000 |
1523 | + |
1524 | samba (2:4.9.5+dfsg-1) experimental; urgency=medium |
1525 | |
1526 | * New upstream release |
1527 | @@ -1601,6 +2993,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium |
1528 | |
1529 | -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100 |
1530 | |
1531 | +samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium |
1532 | + |
1533 | + * Merge with Debian unstable. Remaining changes: |
1534 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1535 | + - debian/smb.conf; |
1536 | + + Add "(Samba, Ubuntu)" to server string. |
1537 | + + Comment out the default [homes] share, and add a comment about |
1538 | + "valid users = %s" to show users how to restrict access to |
1539 | + \\server\username to only username. |
1540 | + - debian/samba-common.config: |
1541 | + + Do not change priority to high if dhclient3 is installed. |
1542 | + - Add apport hook: |
1543 | + + Created debian/source_samba.py. |
1544 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1545 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1546 | + MIR bug is https://launchpad.net/bugs/1274247 |
1547 | + * Dropped: |
1548 | + - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() |
1549 | + failing without a valid idmap configuration. This fixes the smbd startup |
1550 | + on a standalone server where winbind is available and running. Thanks to |
1551 | + Stefan Metzmacher <metze@samba.org>. (LP #1806035) |
1552 | + [Fixed in 2:4.9.4+dfsg-1] |
1553 | + |
1554 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200 |
1555 | + |
1556 | samba (2:4.9.4+dfsg-1) unstable; urgency=medium |
1557 | |
1558 | * New upstream release |
1559 | @@ -1611,6 +3028,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium |
1560 | |
1561 | -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100 |
1562 | |
1563 | +samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium |
1564 | + |
1565 | + * No-change rebuild for readline soname change. |
1566 | + |
1567 | + -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000 |
1568 | + |
1569 | +samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium |
1570 | + |
1571 | + * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() |
1572 | + failing without a valid idmap configuration. This fixes the smbd startup |
1573 | + on a standalone server where winbind is available and running. Thanks to |
1574 | + Stefan Metzmacher <metze@samba.org>. (LP: #1806035) |
1575 | + |
1576 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200 |
1577 | + |
1578 | +samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium |
1579 | + |
1580 | + * Merge with Debian unstable. Remaining changes: |
1581 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1582 | + - debian/smb.conf; |
1583 | + + Add "(Samba, Ubuntu)" to server string. |
1584 | + + Comment out the default [homes] share, and add a comment about |
1585 | + "valid users = %s" to show users how to restrict access to |
1586 | + \\server\username to only username. |
1587 | + - debian/samba-common.config: |
1588 | + + Do not change priority to high if dhclient3 is installed. |
1589 | + - Add apport hook: |
1590 | + + Created debian/source_samba.py. |
1591 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1592 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1593 | + MIR bug is https://launchpad.net/bugs/1274247 |
1594 | + * Dropped: |
1595 | + - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty |
1596 | + errors (LP: 1795772) |
1597 | + [Fixed upstream] |
1598 | + |
1599 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200 |
1600 | + |
1601 | samba (2:4.9.2+dfsg-2) unstable; urgency=high |
1602 | |
1603 | * New upstream security release |
1604 | @@ -1720,6 +3175,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium |
1605 | |
1606 | -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200 |
1607 | |
1608 | +samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium |
1609 | + |
1610 | + * No-change rebuild against libldb1 1.4.2 |
1611 | + |
1612 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000 |
1613 | + |
1614 | +samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high |
1615 | + |
1616 | + [ Karl Stenerud ] |
1617 | + * d/p/fix-rmdir.patch: Fix to make the samba client library report |
1618 | + directory-not-empty errors (LP: #1795772) |
1619 | + |
1620 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300 |
1621 | + |
1622 | +samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium |
1623 | + |
1624 | + * Merge with Debian unstable (LP: #1778125). Remaining changes: |
1625 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1626 | + - debian/smb.conf; |
1627 | + + Add "(Samba, Ubuntu)" to server string. |
1628 | + + Comment out the default [homes] share, and add a comment about |
1629 | + "valid users = %s" to show users how to restrict access to |
1630 | + \\server\username to only username. |
1631 | + - debian/samba-common.config: |
1632 | + + Do not change priority to high if dhclient3 is installed. |
1633 | + - Add apport hook: |
1634 | + + Created debian/source_samba.py. |
1635 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1636 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1637 | + MIR bug is https://launchpad.net/bugs/1274247 |
1638 | + * Drop: |
1639 | + - Add extra DEP8 tests to samba (LP #1696823): |
1640 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1641 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1642 | + anonymously |
1643 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1644 | + shares using an authenticated connection |
1645 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1646 | + file from it |
1647 | + [Accepted by Debian in 2:4.7.4+dfsg-2] |
1648 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1649 | + status of the smbd service before trying to reload it. Otherwise, |
1650 | + keep the same check as before and reload the service based on the |
1651 | + existence of the initscript. (LP #1579597) |
1652 | + [In Debian since 2:4.7.4+dfsg-2] |
1653 | + - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: |
1654 | + [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. |
1655 | + Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737) |
1656 | + [Fixed upstream] |
1657 | + |
1658 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300 |
1659 | + |
1660 | samba (2:4.8.4+dfsg-2) unstable; urgency=high |
1661 | |
1662 | * Fix typo in previous release: s/usefull/useful/ |
1663 | @@ -1877,6 +3384,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium |
1664 | |
1665 | -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100 |
1666 | |
1667 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium |
1668 | + |
1669 | + * No change rebuild to link with new ldb 1.3.3 |
1670 | + |
1671 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300 |
1672 | + |
1673 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium |
1674 | + |
1675 | + * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: |
1676 | + [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. |
1677 | + Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737) |
1678 | + |
1679 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300 |
1680 | + |
1681 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium |
1682 | + |
1683 | + * New upstream version: |
1684 | + - Fix database corruption bug when upgrading from samba 4.6 or lower |
1685 | + AD controllers (LP: #1755057) |
1686 | + - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059) |
1687 | + * Remaining changes: |
1688 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1689 | + - debian/smb.conf; |
1690 | + + Add "(Samba, Ubuntu)" to server string. |
1691 | + + Comment out the default [homes] share, and add a comment about |
1692 | + "valid users = %s" to show users how to restrict access to |
1693 | + \\server\username to only username. |
1694 | + - debian/samba-common.config: |
1695 | + + Do not change priority to high if dhclient3 is installed. |
1696 | + - Add apport hook: |
1697 | + + Created debian/source_samba.py. |
1698 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1699 | + - Add extra DEP8 tests to samba (LP #1696823): |
1700 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1701 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1702 | + anonymously |
1703 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1704 | + shares using an authenticated connection |
1705 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1706 | + file from it |
1707 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1708 | + status of the smbd service before trying to reload it. Otherwise, |
1709 | + keep the same check as before and reload the service based on the |
1710 | + existence of the initscript. (LP #1579597) |
1711 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1712 | + MIR bug is https://launchpad.net/bugs/1274247 |
1713 | + |
1714 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300 |
1715 | + |
1716 | samba (2:4.7.4+dfsg-2) unstable; urgency=high |
1717 | |
1718 | [ Mathieu Parent ] |
1719 | @@ -1907,6 +3463,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high |
1720 | |
1721 | -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100 |
1722 | |
1723 | +samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium |
1724 | + |
1725 | + * Merge with Debian unstable (LP: #1744779). Remaining changes: |
1726 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1727 | + - debian/smb.conf; |
1728 | + + Add "(Samba, Ubuntu)" to server string. |
1729 | + + Comment out the default [homes] share, and add a comment about |
1730 | + "valid users = %s" to show users how to restrict access to |
1731 | + \\server\username to only username. |
1732 | + - debian/samba-common.config: |
1733 | + + Do not change priority to high if dhclient3 is installed. |
1734 | + - Add apport hook: |
1735 | + + Created debian/source_samba.py. |
1736 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1737 | + - Add extra DEP8 tests to samba (LP #1696823): |
1738 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1739 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1740 | + anonymously |
1741 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1742 | + shares using an authenticated connection |
1743 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1744 | + file from it |
1745 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1746 | + status of the smbd service before trying to reload it. Otherwise, |
1747 | + keep the same check as before and reload the service based on the |
1748 | + existence of the initscript. (LP #1579597) |
1749 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1750 | + MIR bug is https://launchpad.net/bugs/1274247 |
1751 | + |
1752 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200 |
1753 | + |
1754 | samba (2:4.7.4+dfsg-1) unstable; urgency=medium |
1755 | |
1756 | * New upstream version |
1757 | @@ -1923,6 +3510,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium |
1758 | |
1759 | -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100 |
1760 | |
1761 | +samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium |
1762 | + |
1763 | + * Merge with Debian; remaining changes: |
1764 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1765 | + - debian/smb.conf; |
1766 | + + Add "(Samba, Ubuntu)" to server string. |
1767 | + + Comment out the default [homes] share, and add a comment about |
1768 | + "valid users = %s" to show users how to restrict access to |
1769 | + \\server\username to only username. |
1770 | + - debian/samba-common.config: |
1771 | + + Do not change priority to high if dhclient3 is installed. |
1772 | + - Add apport hook: |
1773 | + + Created debian/source_samba.py. |
1774 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1775 | + - Add extra DEP8 tests to samba (LP #1696823): |
1776 | + + d/t/control: enable the new DEP8 tests |
1777 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1778 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1779 | + an authenticated connection |
1780 | + + d/t/smbclient-share-access: create a share and download a file from it |
1781 | + + d/t/cifs-share-access: access a file in a share using cifs |
1782 | + - Ask the user if we can run testparm against the config file. If yes, |
1783 | + include its stderr and exit status in the bug report. Otherwise, only |
1784 | + include the exit status. (LP #1694334) |
1785 | + - If systemctl is available, use it to query the status of the smbd |
1786 | + service before trying to reload it. Otherwise, keep the same check |
1787 | + as before and reload the service based on the existence of the |
1788 | + initscript. (LP #1579597) |
1789 | + - d/rules: Compile winbindd/winbindd statically. |
1790 | + - Disable glusterfs support because it's not in main. |
1791 | + MIR bug is https://launchpad.net/bugs/1274247 |
1792 | + - d/source_samba.py: use the new recommended findmnt(8) tool to list |
1793 | + mountpoints and correctly filter by the cifs filesystem type. |
1794 | + |
1795 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500 |
1796 | + |
1797 | samba (2:4.7.3+dfsg-1) unstable; urgency=high |
1798 | |
1799 | * New upstream version |
1800 | @@ -1946,6 +3569,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high |
1801 | |
1802 | -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100 |
1803 | |
1804 | +samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium |
1805 | + |
1806 | + * Merge with Debian; remaining changes: |
1807 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1808 | + - debian/smb.conf; |
1809 | + + Add "(Samba, Ubuntu)" to server string. |
1810 | + + Comment out the default [homes] share, and add a comment about |
1811 | + "valid users = %s" to show users how to restrict access to |
1812 | + \\server\username to only username. |
1813 | + - debian/samba-common.config: |
1814 | + + Do not change priority to high if dhclient3 is installed. |
1815 | + - Add apport hook: |
1816 | + + Created debian/source_samba.py. |
1817 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1818 | + - Add extra DEP8 tests to samba (LP #1696823): |
1819 | + + d/t/control: enable the new DEP8 tests |
1820 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1821 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1822 | + an authenticated connection |
1823 | + + d/t/smbclient-share-access: create a share and download a file from it |
1824 | + + d/t/cifs-share-access: access a file in a share using cifs |
1825 | + - Ask the user if we can run testparm against the config file. If yes, |
1826 | + include its stderr and exit status in the bug report. Otherwise, only |
1827 | + include the exit status. (LP #1694334) |
1828 | + - If systemctl is available, use it to query the status of the smbd |
1829 | + service before trying to reload it. Otherwise, keep the same check |
1830 | + as before and reload the service based on the existence of the |
1831 | + initscript. (LP #1579597) |
1832 | + - d/rules: Compile winbindd/winbindd statically. |
1833 | + - Disable glusterfs support because it's not in main. |
1834 | + MIR bug is https://launchpad.net/bugs/1274247 |
1835 | + - d/source_samba.py: use the new recommended findmnt(8) tool to list |
1836 | + mountpoints and correctly filter by the cifs filesystem type. |
1837 | + |
1838 | + -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100 |
1839 | + |
1840 | samba (2:4.7.1+dfsg-1) unstable; urgency=medium |
1841 | |
1842 | * New upstream version |
1843 | @@ -1994,6 +3653,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high |
1844 | |
1845 | -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200 |
1846 | |
1847 | +samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium |
1848 | + |
1849 | + * SECURITY UPDATE: SMB1/2/3 connections may not require signing where |
1850 | + they should |
1851 | + - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username |
1852 | + into a specified one in source3/include/auth_info.h, |
1853 | + source3/lib/popt_common.c, source3/lib/util_cmdline.c. |
1854 | + - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to |
1855 | + source3/lib/util_cmdline.c. |
1856 | + - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to |
1857 | + source3/libsmb/pylibsmb.c. |
1858 | + - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to |
1859 | + libgpo/gpo_fetch.c. |
1860 | + - debian/patches/CVE-2017-12150-5.patch: add check for |
1861 | + NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c. |
1862 | + - debian/patches/CVE-2017-12150-6.patch: add |
1863 | + smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*. |
1864 | + - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if |
1865 | + authentication was not requested in source3/libsmb/clidfs.c. |
1866 | + - CVE-2017-12150 |
1867 | + * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS |
1868 | + redirects |
1869 | + - debian/patches/CVE-2017-12151-1.patch: add |
1870 | + cli_state_is_encryption_on() helper function to |
1871 | + source3/libsmb/clientgen.c, source3/libsmb/proto.h. |
1872 | + - debian/patches/CVE-2017-12151-2.patch: make use of |
1873 | + cli_state_is_encryption_on() in source3/libsmb/clidfs.c, |
1874 | + source3/libsmb/libsmb_context.c. |
1875 | + - CVE-2017-12151 |
1876 | + * SECURITY UPDATE: Server memory information leak over SMB1 |
1877 | + - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write |
1878 | + from writing server memory to file in source3/smbd/reply.c. |
1879 | + - CVE-2017-12163 |
1880 | + |
1881 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400 |
1882 | + |
1883 | +samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium |
1884 | + |
1885 | + * d/source_samba.py: use the new recommended findmnt(8) tool to list |
1886 | + mountpoints and correctly filter by the cifs filesystem type. |
1887 | + (LP: #1703604) |
1888 | + |
1889 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300 |
1890 | + |
1891 | +samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium |
1892 | + |
1893 | + * Merge with Debian unstable (LP: #1710281). |
1894 | + - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide |
1895 | + symlinks to directories (LP: #1701073) |
1896 | + * Remaining changes: |
1897 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1898 | + - debian/smb.conf; |
1899 | + + Add "(Samba, Ubuntu)" to server string. |
1900 | + + Comment out the default [homes] share, and add a comment about |
1901 | + "valid users = %s" to show users how to restrict access to |
1902 | + \\server\username to only username. |
1903 | + - debian/samba-common.config: |
1904 | + + Do not change priority to high if dhclient3 is installed. |
1905 | + - Add apport hook: |
1906 | + + Created debian/source_samba.py. |
1907 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1908 | + - Add extra DEP8 tests to samba (LP #1696823): |
1909 | + + d/t/control: enable the new DEP8 tests |
1910 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1911 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1912 | + an authenticated connection |
1913 | + + d/t/smbclient-share-access: create a share and download a file from it |
1914 | + + d/t/cifs-share-access: access a file in a share using cifs |
1915 | + - Ask the user if we can run testparm against the config file. If yes, |
1916 | + include its stderr and exit status in the bug report. Otherwise, only |
1917 | + include the exit status. (LP #1694334) |
1918 | + - If systemctl is available, use it to query the status of the smbd |
1919 | + service before trying to reload it. Otherwise, keep the same check |
1920 | + as before and reload the service based on the existence of the |
1921 | + initscript. (LP #1579597) |
1922 | + - d/rules: Compile winbindd/winbindd statically. |
1923 | + - Disable glusterfs support because it's not in main. |
1924 | + MIR bug is https://launchpad.net/bugs/1274247 |
1925 | + |
1926 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300 |
1927 | + |
1928 | samba (2:4.6.7+dfsg-1) unstable; urgency=medium |
1929 | |
1930 | * New upstream version |
1931 | @@ -2005,6 +3745,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium |
1932 | |
1933 | -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200 |
1934 | |
1935 | +samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium |
1936 | + |
1937 | + * Merge with Debian unstable (LP: #1700644). Remaining changes: |
1938 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1939 | + - debian/smb.conf; |
1940 | + + Add "(Samba, Ubuntu)" to server string. |
1941 | + + Comment out the default [homes] share, and add a comment about |
1942 | + "valid users = %s" to show users how to restrict access to |
1943 | + \\server\username to only username. |
1944 | + - debian/samba-common.config: |
1945 | + + Do not change priority to high if dhclient3 is installed. |
1946 | + - Add apport hook: |
1947 | + + Created debian/source_samba.py. |
1948 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1949 | + - Add extra DEP8 tests to samba (LP #1696823): |
1950 | + + d/t/control: enable the new DEP8 tests |
1951 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1952 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1953 | + an authenticated connection |
1954 | + + d/t/smbclient-share-access: create a share and download a file from it |
1955 | + + d/t/cifs-share-access: access a file in a share using cifs |
1956 | + - Ask the user if we can run testparm against the config file. If yes, |
1957 | + include its stderr and exit status in the bug report. Otherwise, only |
1958 | + include the exit status. (LP #1694334) |
1959 | + - If systemctl is available, use it to query the status of the smbd |
1960 | + service before trying to reload it. Otherwise, keep the same check |
1961 | + as before and reload the service based on the existence of the |
1962 | + initscript. (LP #1579597) |
1963 | + * Drop: |
1964 | + - d/rules: Compile winbindd/winbindd statically. (LP: #1700527) |
1965 | + [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch |
1966 | + fix-1584485.patch was dropped there.] |
1967 | + - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
1968 | + pam_winbind krb5_ccache_type=FILE failure |
1969 | + [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch |
1970 | + in 2:4.6.5+dfsg-3 that closed Debian's bug #739768] |
1971 | + - debian/patches/winbind_trusted_domains.patch: make sure domain |
1972 | + members can talk to trusted domains DCs. |
1973 | + [Upstream committed a different fix, see updated patch attached to |
1974 | + https://bugzilla.samba.org/show_bug.cgi?id=11830] |
1975 | + - d/control: add libcephfs-dev as b-d to build vfs_ceph |
1976 | + [Adopted by Debian in 2:4.6.5+dfsg-1] |
1977 | + - debian/patches/CVE-2017-11103.patch: use encrypted service |
1978 | + name rather than unencrypted (and therefore spoofable) version |
1979 | + in heimdal |
1980 | + [Adopted by Debian as |
1981 | + d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch] |
1982 | + - Cherrypick upstream patch to fix FTBFS with new ceph lib. |
1983 | + [Merged upstream in 4.6.0rc1] |
1984 | + * Disable glusterfs support because it's not in main. |
1985 | + MIR bug is https://launchpad.net/bugs/1274247 |
1986 | + |
1987 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300 |
1988 | + |
1989 | samba (2:4.6.5+dfsg-8) unstable; urgency=medium |
1990 | |
1991 | * Remove dependency on update-inetd, not used anymore |
1992 | @@ -2124,6 +3918,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium |
1993 | |
1994 | -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200 |
1995 | |
1996 | +samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium |
1997 | + |
1998 | + * Cherrypick upstream patch to fix FTBFS with new ceph lib. |
1999 | + |
2000 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100 |
2001 | + |
2002 | +samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium |
2003 | + |
2004 | + * SECURITY UPDATE: KDC-REP service name impersonation |
2005 | + - debian/patches/CVE-2017-11103.patch: use encrypted service |
2006 | + name rather than unencrypted (and therefore spoofable) version |
2007 | + in heimdal |
2008 | + - CVE-2017-11103 |
2009 | + |
2010 | + -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700 |
2011 | + |
2012 | +samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium |
2013 | + |
2014 | + * No-change rebuild against libldb 1.1.29 |
2015 | + |
2016 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700 |
2017 | + |
2018 | +samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium |
2019 | + |
2020 | + * Add extra DEP8 tests to samba (LP: #1696823): |
2021 | + - d/t/control: enable the new DEP8 tests |
2022 | + - d/t/smbclient-anonymous-share-list: list available shares anonymously |
2023 | + - d/t/smbclient-authenticated-share-list: list available shares using |
2024 | + an authenticated connection |
2025 | + - d/t/smbclient-share-access: create a share and download a file from it |
2026 | + - d/t/cifs-share-access: access a file in a share using cifs |
2027 | + * Ask the user if we can run testparm against the config file. If yes, |
2028 | + include its stderr and exit status in the bug report. Otherwise, only |
2029 | + include the exit status. (LP: #1694334) |
2030 | + * If systemctl is available, use it to query the status of the smbd |
2031 | + service before trying to reload it. Otherwise, keep the same check |
2032 | + as before and reload the service based on the existence of the |
2033 | + initscript. (LP: #1579597) |
2034 | + * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind |
2035 | + module. There is a fixed version of that patch attached to |
2036 | + #1677329 but it has not been vetted yet, so for now it's best |
2037 | + to revert (again) so that pam_winbind can be used. |
2038 | + (LP: #1677329, LP: #1644428) |
2039 | + |
2040 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700 |
2041 | + |
2042 | +samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium |
2043 | + |
2044 | + * Merge from Debian unstable. Remaining changes: |
2045 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2046 | + - debian/smb.conf; |
2047 | + + Add "(Samba, Ubuntu)" to server string. |
2048 | + + Comment out the default [homes] share, and add a comment about |
2049 | + "valid users = %s" to show users how to restrict access to |
2050 | + \\server\username to only username. |
2051 | + - debian/samba-common.config: |
2052 | + + Do not change priority to high if dhclient3 is installed. |
2053 | + - Add apport hook: |
2054 | + + Created debian/source_samba.py. |
2055 | + + debian/rules, debian/samba-common-bin.install: install hook. |
2056 | + - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2057 | + pam_winbind krb5_ccache_type=FILE failure |
2058 | + - debian/patches/winbind_trusted_domains.patch: make sure domain |
2059 | + members can talk to trusted domains DCs. |
2060 | + - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2061 | + to be statically linked |
2062 | + - d/rules: Compile winbindd/winbindd statically. |
2063 | + - d/control: add libcephfs-dev as b-d to build vfs_ceph |
2064 | + |
2065 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400 |
2066 | + |
2067 | samba (2:4.5.8+dfsg-2) unstable; urgency=high |
2068 | |
2069 | * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside |
2070 | @@ -2138,6 +4003,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high |
2071 | |
2072 | -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200 |
2073 | |
2074 | +samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium |
2075 | + |
2076 | + * SECURITY UPDATE: remote code execution from a writable share |
2077 | + - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a |
2078 | + slash inside in source3/rpc_server/srv_pipe.c. |
2079 | + - CVE-2017-7494 |
2080 | + |
2081 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400 |
2082 | + |
2083 | +samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium |
2084 | + |
2085 | + * SECURITY UPDATE: Symlink race allows access outside share definition |
2086 | + - Updated to new upstream release 4.5.8. |
2087 | + - CVE-2017-2619 |
2088 | + |
2089 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400 |
2090 | + |
2091 | samba (2:4.5.6+dfsg-2) unstable; urgency=high |
2092 | |
2093 | * This is a security release in order to address the following defects: |
2094 | @@ -2167,6 +4049,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium |
2095 | |
2096 | -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100 |
2097 | |
2098 | +samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium |
2099 | + |
2100 | + * d/control: add libcephfs-dev as b-d to build vfs_ceph |
2101 | + (LP: #1668940). |
2102 | + |
2103 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800 |
2104 | + |
2105 | +samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium |
2106 | + |
2107 | + * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining |
2108 | + changes: |
2109 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2110 | + + debian/smb.conf; |
2111 | + - Add "(Samba, Ubuntu)" to server string. |
2112 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2113 | + to show users how to restrict access to \\server\username to only username. |
2114 | + + debian/samba-common.config: |
2115 | + - Do not change prioritiy to high if dhclient3 is installed. |
2116 | + + Add apport hook: |
2117 | + - Created debian/source_samba.py. |
2118 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2119 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2120 | + pam_winbind krb5_ccache_type=FILE failure (LP #1310919) |
2121 | + + debian/patches/winbind_trusted_domains.patch: make sure domain members |
2122 | + can talk to trusted domains DCs. |
2123 | + [ update patch based upon upstream discussion ] |
2124 | + + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2125 | + to be statically linked fixes LP #1584485. |
2126 | + + d/rules: Compile winbindd/winbindd statically. |
2127 | + * Drop: |
2128 | + - Delete debian/.gitignore |
2129 | + [ Previously undocumented ] |
2130 | + - debian/patches/git_smbclient_cpu.patch: |
2131 | + + backport upstream patch to fix smbclient users hanging/eating cpu on |
2132 | + trying to contact a machine which is not there (lp #1572260) |
2133 | + [ Fixed upstream ] |
2134 | + - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing |
2135 | + + debian/patches/CVE-2016-2123.patch: check lengths in |
2136 | + librpc/ndr/ndr_dnsp.c. |
2137 | + + CVE-2016-2123 |
2138 | + [ Fixed in Debian ] |
2139 | + - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers |
2140 | + + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in |
2141 | + source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, |
2142 | + source4/auth/gensec/gensec_gssapi.c. |
2143 | + + CVE-2016-2125 |
2144 | + [ Fixed in Debian ] |
2145 | + - SECURITY UPDATE: privilege elevation in Kerberos PAC validation |
2146 | + + debian/patches/CVE-2016-2126.patch: only allow known checksum types |
2147 | + in auth/kerberos/kerberos_pac.c. |
2148 | + + CVE-2016-2126 |
2149 | + [ Fixed in Debian ] |
2150 | + |
2151 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800 |
2152 | + |
2153 | samba (2:4.5.4+dfsg-1) unstable; urgency=medium |
2154 | |
2155 | [ Mathieu Parent ] |
2156 | @@ -2294,6 +4231,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium |
2157 | |
2158 | -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200 |
2159 | |
2160 | +samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium |
2161 | + |
2162 | + * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing |
2163 | + - debian/patches/CVE-2016-2123.patch: check lengths in |
2164 | + librpc/ndr/ndr_dnsp.c. |
2165 | + - CVE-2016-2123 |
2166 | + * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers |
2167 | + - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in |
2168 | + source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, |
2169 | + source4/auth/gensec/gensec_gssapi.c. |
2170 | + - CVE-2016-2125 |
2171 | + * SECURITY UPDATE: privilege elevation in Kerberos PAC validation |
2172 | + - debian/patches/CVE-2016-2126.patch: only allow known checksum types |
2173 | + in auth/kerberos/kerberos_pac.c. |
2174 | + - CVE-2016-2126 |
2175 | + |
2176 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500 |
2177 | + |
2178 | +samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high |
2179 | + |
2180 | + * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2181 | + to be statically linked fixes LP: #1584485. |
2182 | + |
2183 | + * d/rules: Compile winbindd/winbindd statically. |
2184 | + |
2185 | + -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100 |
2186 | + |
2187 | +samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium |
2188 | + |
2189 | + * No-change rebuild for readline soname change. |
2190 | + |
2191 | + -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000 |
2192 | + |
2193 | +samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium |
2194 | + |
2195 | + * No-change rebuild for readline soname change. |
2196 | + |
2197 | + -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000 |
2198 | + |
2199 | +samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium |
2200 | + |
2201 | + * debian/patches/git_smbclient_cpu.patch: |
2202 | + - backport upstream patch to fix smbclient users hanging/eating cpu on |
2203 | + trying to contact a machine which is not there (lp: #1572260) |
2204 | + |
2205 | + -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200 |
2206 | + |
2207 | +samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low |
2208 | + |
2209 | + * Merge from Debian unstable. Remaining changes: |
2210 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2211 | + + debian/smb.conf; |
2212 | + - Add "(Samba, Ubuntu)" to server string. |
2213 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2214 | + to show users how to restrict access to \\server\username to only username. |
2215 | + + debian/samba-common.config: |
2216 | + - Do not change prioritiy to high if dhclient3 is installed. |
2217 | + + Add apport hook: |
2218 | + - Created debian/source_samba.py. |
2219 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2220 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2221 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2222 | + + debian/patches/winbind_trusted_domains.patch: make sure domain members |
2223 | + can talk to trusted domains DCs. |
2224 | + * Dropped changes: |
2225 | + - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was |
2226 | + never done in Debian, revert. |
2227 | + - ufw integration: included in Debian. |
2228 | + |
2229 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700 |
2230 | + |
2231 | samba (2:4.4.5+dfsg-2) unstable; urgency=medium |
2232 | |
2233 | * Disable running of 'make quicktest' during build, as it takes very |
2234 | @@ -2421,6 +4429,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium |
2235 | |
2236 | -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200 |
2237 | |
2238 | +samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium |
2239 | + |
2240 | + * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in |
2241 | + the previous security updates. (LP: #1577739) |
2242 | + - debian/control: bump tevent Build-Depends to 0.9.28. |
2243 | + * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576) |
2244 | + - debian/patches/samba-bug11912.patch: let msrpc_parse() return |
2245 | + talloc'ed empty strings in libcli/auth/msrpc_parse.c. |
2246 | + - debian/patches/samba-bug11914.patch: make |
2247 | + ntlm_auth_generate_session_info() more complete in |
2248 | + source3/utils/ntlm_auth.c. |
2249 | + |
2250 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400 |
2251 | + |
2252 | samba (2:4.3.8+dfsg-1) unstable; urgency=low |
2253 | |
2254 | [ Jelmer Vernooij ] |
2255 | @@ -2435,6 +4457,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low |
2256 | |
2257 | -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000 |
2258 | |
2259 | +samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium |
2260 | + |
2261 | + * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues |
2262 | + - CVE-2015-5370: Multiple errors in DCE-RPC code |
2263 | + - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP |
2264 | + - CVE-2016-2111: NETLOGON Spoofing Vulnerability |
2265 | + - CVE-2016-2112: The LDAP client and server don't enforce integrity |
2266 | + protection |
2267 | + - CVE-2016-2113: Missing TLS certificate validation allows man in the |
2268 | + middle attacks |
2269 | + - CVE-2016-2114: "server signing = mandatory" not enforced |
2270 | + - CVE-2016-2115: SMB client connections for IPC traffic are not |
2271 | + integrity protected |
2272 | + - CVE-2016-2118: SAMR and LSA man in the middle attacks possible |
2273 | + * debian/patches/winbind_trusted_domains.patch: make sure domain members |
2274 | + can talk to trusted domains DCs. |
2275 | + |
2276 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400 |
2277 | + |
2278 | samba (2:4.3.7+dfsg-1) unstable; urgency=high |
2279 | |
2280 | * New upstream release. |
2281 | @@ -2477,6 +4518,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low |
2282 | |
2283 | -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200 |
2284 | |
2285 | +samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium |
2286 | + |
2287 | + * Merge with Debian; remaining changes: |
2288 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2289 | + + debian/smb.conf; |
2290 | + - Add "(Samba, Ubuntu)" to server string. |
2291 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2292 | + to show users how to restrict access to \\server\username to only username. |
2293 | + + debian/samba-common.config: |
2294 | + - Do not change prioritiy to high if dhclient3 is installed. |
2295 | + + debian/control: |
2296 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2297 | + + Add ufw integration: |
2298 | + - Created debian/samba.ufw.profile: |
2299 | + - debian/rules, debian/samba.install: install profile |
2300 | + + Add apport hook: |
2301 | + - Created debian/source_samba.py. |
2302 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2303 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2304 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2305 | + |
2306 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500 |
2307 | + |
2308 | samba (2:4.3.6+dfsg-1) unstable; urgency=medium |
2309 | |
2310 | * New upstream release. |
2311 | @@ -2522,6 +4586,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium |
2312 | |
2313 | -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100 |
2314 | |
2315 | +samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium |
2316 | + |
2317 | + * No-change rebuild for gnutls transition. |
2318 | + |
2319 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000 |
2320 | + |
2321 | +samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium |
2322 | + |
2323 | + * Fixes regression introduced by debian/patches/CVE-2015-5252.patch. |
2324 | + (LP: #1545750) |
2325 | + |
2326 | + -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100 |
2327 | + |
2328 | +samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium |
2329 | + |
2330 | + * Merge with Debian; remaining changes: |
2331 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2332 | + + debian/smb.conf; |
2333 | + - Add "(Samba, Ubuntu)" to server string. |
2334 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2335 | + to show users how to restrict access to \\server\username to only username. |
2336 | + + debian/samba-common.config: |
2337 | + - Do not change prioritiy to high if dhclient3 is installed. |
2338 | + + debian/control: |
2339 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2340 | + + Add ufw integration: |
2341 | + - Created debian/samba.ufw.profile: |
2342 | + - debian/rules, debian/samba.install: install profile |
2343 | + + Add apport hook: |
2344 | + - Created debian/source_samba.py. |
2345 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2346 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2347 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2348 | + |
2349 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500 |
2350 | + |
2351 | samba (2:4.3.3+dfsg-1) unstable; urgency=medium |
2352 | |
2353 | * New upstream release. Closes: #808133. |
2354 | @@ -2606,6 +4706,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium |
2355 | |
2356 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000 |
2357 | |
2358 | +samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium |
2359 | + |
2360 | + * Resolve small merge error in the rules |
2361 | + |
2362 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100 |
2363 | + |
2364 | +samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium |
2365 | + |
2366 | + * Backport Debian change to remove libpam-smbpasswd, it segfaults |
2367 | + leading to non working session (lp: #1515207) |
2368 | + |
2369 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100 |
2370 | + |
2371 | +samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium |
2372 | + |
2373 | + * Build with the new ldb |
2374 | + |
2375 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100 |
2376 | + |
2377 | +samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium |
2378 | + |
2379 | + * debian/samba.logrotate: |
2380 | + - revert to Debian version of the logrotate reload command, fix an |
2381 | + invalid syntax introduced in the upstart->systemd transition |
2382 | + (lp: #1385868) |
2383 | + |
2384 | + -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100 |
2385 | + |
2386 | +samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium |
2387 | + |
2388 | + * Merge with Debian; remaining changes: |
2389 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2390 | + + debian/smb.conf; |
2391 | + - Add "(Samba, Ubuntu)" to server string. |
2392 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2393 | + to show users how to restrict access to \\server\username to only username. |
2394 | + + debian/samba-common.config: |
2395 | + - Do not change prioritiy to high if dhclient3 is installed. |
2396 | + + debian/control: |
2397 | + - Don't build against or suggest ctdb and tdb. |
2398 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2399 | + + debian/rules: |
2400 | + - Drop explicit configuration options for ctdb and tdb. |
2401 | + + Add ufw integration: |
2402 | + - Created debian/samba.ufw.profile: |
2403 | + - debian/rules, debian/samba.install: install profile |
2404 | + + Add apport hook: |
2405 | + - Created debian/source_samba.py. |
2406 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2407 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2408 | + processes such that it works under both upstart and systemd. |
2409 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2410 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2411 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2412 | + |
2413 | + -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200 |
2414 | + |
2415 | samba (2:4.1.20+dfsg-1) unstable; urgency=medium |
2416 | |
2417 | * New upstream release (last compatible with current OpenChange). |
2418 | @@ -2619,6 +4776,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium |
2419 | |
2420 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000 |
2421 | |
2422 | +samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium |
2423 | + |
2424 | + * debian/control: |
2425 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2426 | + |
2427 | + -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200 |
2428 | + |
2429 | +samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium |
2430 | + |
2431 | + * Merge from Debian unstable. Remaining changes: |
2432 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2433 | + + debian/smb.conf; |
2434 | + - Add "(Samba, Ubuntu)" to server string. |
2435 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2436 | + to show users how to restrict access to \\server\username to only username. |
2437 | + + debian/samba-common.config: |
2438 | + - Do not change prioritiy to high if dhclient3 is installed. |
2439 | + + debian/control: |
2440 | + - Don't build against or suggest ctdb and tdb. |
2441 | + + debian/rules: |
2442 | + - Drop explicit configuration options for ctdb and tdb. |
2443 | + + Add ufw integration: |
2444 | + - Created debian/samba.ufw.profile: |
2445 | + - debian/rules, debian/samba.install: install profile |
2446 | + + Add apport hook: |
2447 | + - Created debian/source_samba.py. |
2448 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2449 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2450 | + processes such that it works under both upstart and systemd. |
2451 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2452 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2453 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2454 | + + debian/patches/git_timeout_client_error.patch: |
2455 | + - don't let smb mounts timeout that leads to errors when trying to |
2456 | + reuse a mount after idling for a while in e.g nautilus (lp: #310932) |
2457 | + |
2458 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200 |
2459 | + |
2460 | samba (2:4.1.17+dfsg-4) unstable; urgency=medium |
2461 | |
2462 | * Add pidl_reproducible.patch: Make pidl output reproducible. |
2463 | @@ -2655,6 +4850,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high |
2464 | |
2465 | -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100 |
2466 | |
2467 | +samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium |
2468 | + |
2469 | + * debian/patches/git_timeout_client_error.patch: |
2470 | + - don't let smb mounts timeout that leads to errors when trying to |
2471 | + reuse a mount after idling for a while in e.g nautilus (lp: #310932) |
2472 | + |
2473 | + -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200 |
2474 | + |
2475 | +samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium |
2476 | + |
2477 | + * SECURITY UPDATE: code execution vulnerability in smbd daemon |
2478 | + - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an |
2479 | + uninitialized pointer and don't dereference a NULL pointer in |
2480 | + source3/rpc_server/netlogon/srv_netlog_nt.c. |
2481 | + - CVE-2015-0240 |
2482 | + |
2483 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500 |
2484 | + |
2485 | +samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low |
2486 | + |
2487 | + * Merge from Debian unstable. Remaining changes: |
2488 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2489 | + + debian/smb.conf; |
2490 | + - Add "(Samba, Ubuntu)" to server string. |
2491 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2492 | + to show users how to restrict access to \\server\username to only username. |
2493 | + + debian/samba-common.config: |
2494 | + - Do not change prioritiy to high if dhclient3 is installed. |
2495 | + + debian/control: |
2496 | + - Don't build against or suggest ctdb and tdb. |
2497 | + + debian/rules: |
2498 | + - Drop explicit configuration options for ctdb and tdb. |
2499 | + + Add ufw integration: |
2500 | + - Created debian/samba.ufw.profile: |
2501 | + - debian/rules, debian/samba.install: install profile |
2502 | + + Add apport hook: |
2503 | + - Created debian/source_samba.py. |
2504 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2505 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2506 | + processes such that it works under both upstart and systemd. |
2507 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2508 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2509 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2510 | + + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143. |
2511 | + |
2512 | + -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100 |
2513 | + |
2514 | samba (2:4.1.13+dfsg-4) unstable; urgency=medium |
2515 | |
2516 | * Revert previous patch, since ldb has an active module version check. |
2517 | @@ -2697,6 +4939,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium |
2518 | |
2519 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200 |
2520 | |
2521 | +samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium |
2522 | + |
2523 | + * SECURITY UPDATE: elevation of privilege to AD Domain Controller |
2524 | + - debian/patches/CVE-2014-8143.patch: check for extended access rights |
2525 | + before allowing changes to userAccountControl in |
2526 | + librpc/idl/security.idl, source4/auth/session.c, |
2527 | + source4/dsdb/common/util.c, source4/dsdb/pydsdb.c, |
2528 | + source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h, |
2529 | + source4/rpc_server/lsa/dcesrv_lsa.c, |
2530 | + source4/setup/schema_samba4.ldif. |
2531 | + - CVE-2014-8143 |
2532 | + |
2533 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500 |
2534 | + |
2535 | +samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium |
2536 | + |
2537 | + * No-change rebuild against current ldb. Note that I'm not claiming the |
2538 | + merging for this package. |
2539 | + |
2540 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100 |
2541 | + |
2542 | +samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium |
2543 | + |
2544 | + * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2545 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2546 | + |
2547 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500 |
2548 | + |
2549 | +samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium |
2550 | + |
2551 | + * Merge from Debian unstable. Remaining changes: |
2552 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2553 | + + debian/smb.conf; |
2554 | + - Add "(Samba, Ubuntu)" to server string. |
2555 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2556 | + to show users how to restrict access to \\server\username to only username. |
2557 | + + debian/samba-common.config: |
2558 | + - Do not change prioritiy to high if dhclient3 is installed. |
2559 | + + debian/control: |
2560 | + - Don't build against or suggest ctdb and tdb. |
2561 | + + debian/rules: |
2562 | + - Drop explicit configuration options for ctdb and tdb. |
2563 | + + Add ufw integration: |
2564 | + - Created debian/samba.ufw.profile: |
2565 | + - debian/rules, debian/samba.install: install profile |
2566 | + + Add apport hook: |
2567 | + - Created debian/source_samba.py. |
2568 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2569 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2570 | + of hacking arround with pid files. |
2571 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2572 | + first dummy transitional package version. |
2573 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2574 | + |
2575 | + * In logrotate, use service command to reload (send SIGHUP) the main |
2576 | + processes such that it works under both upstart and systemd. |
2577 | + * Drop CVE patches, applied upstream. |
2578 | + * Drop patches absent from series: readline-ftbfs.patch, |
2579 | + krb5_kt_start_seq.diff, config-bind99.patch |
2580 | + * Drop debian/source/include-binaries, pyc files are correctly cleaned up |
2581 | + |
2582 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100 |
2583 | + |
2584 | samba (2:4.1.11+dfsg-1) unstable; urgency=high |
2585 | |
2586 | * New upstream release. Fixes: |
2587 | @@ -2732,6 +5037,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high |
2588 | |
2589 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200 |
2590 | |
2591 | +samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium |
2592 | + |
2593 | + * SECURITY UPDATE: remote code execution on unauthenticated nmbd |
2594 | + - debian/patches/CVE-2014-3560.patch: fix unstrcpy in |
2595 | + lib/util/string_wrappers.h. |
2596 | + - CVE-2014-3560 |
2597 | + |
2598 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400 |
2599 | + |
2600 | +samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium |
2601 | + |
2602 | + * SECURITY UPDATE: denial of service on nmbd malformed packet |
2603 | + - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in |
2604 | + source3/lib/system.c. |
2605 | + - CVE-2014-0244 |
2606 | + * SECURITY UPDATE: denial of service via bad unicode conversion |
2607 | + - debian/patches/CVE-2014-3493.patch: refactor code in |
2608 | + source3/lib/charcnv.c, change return code checks in |
2609 | + source3/libsmb/clirap.c, source3/smbd/lanman.c. |
2610 | + - CVE-2014-3493 |
2611 | + |
2612 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400 |
2613 | + |
2614 | +samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low |
2615 | + |
2616 | + * Merge from Debian unstable. Remaining changes: |
2617 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2618 | + + debian/smb.conf; |
2619 | + - Add "(Samba, Ubuntu)" to server string. |
2620 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2621 | + to show users how to restrict access to \\server\username to only username. |
2622 | + + debian/samba-common.config: |
2623 | + - Do not change prioritiy to high if dhclient3 is installed. |
2624 | + + debian/control: |
2625 | + - Don't build against or suggest ctdb and tdb. |
2626 | + + debian/rules: |
2627 | + - Drop explicit configuration options for ctdb and tdb. |
2628 | + + Add ufw integration: |
2629 | + - Created debian/samba.ufw.profile: |
2630 | + - debian/rules, debian/samba.install: install profile |
2631 | + + Add apport hook: |
2632 | + - Created debian/source_samba.py. |
2633 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2634 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2635 | + of hacking arround with pid files. |
2636 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2637 | + first dummy transitional package version. |
2638 | + + Dropped patches: |
2639 | + - debian/patches/CVE-2013-4496.patch: Dropped no longer needed |
2640 | + - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. |
2641 | + - debian/patches/readline-ftbfs.patch: Use the debian version. |
2642 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2643 | + (LP: #1268180) |
2644 | + |
2645 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400 |
2646 | + |
2647 | samba (2:4.1.8+dfsg-1) unstable; urgency=medium |
2648 | |
2649 | [ Jelmer Vernooij ] |
2650 | @@ -2769,6 +5130,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium |
2651 | |
2652 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200 |
2653 | |
2654 | +samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium |
2655 | + |
2656 | + * Set the stack size to unlimited during the build to avoid a SIGBUS in |
2657 | + xsltproc on some architectures. |
2658 | + |
2659 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100 |
2660 | + |
2661 | +samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium |
2662 | + |
2663 | + * Backport from unstable (Ivo De Decker): |
2664 | + - Build-depend on heimdal-dev. |
2665 | + |
2666 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100 |
2667 | + |
2668 | +samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high |
2669 | + |
2670 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
2671 | + postinst. |
2672 | + |
2673 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100 |
2674 | + |
2675 | +samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium |
2676 | + |
2677 | + * cherrypick upstream patch 1310919 to fix pam_winbind regression |
2678 | + (LP: #1310919) |
2679 | + |
2680 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500 |
2681 | + |
2682 | +samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium |
2683 | + |
2684 | + * Fix a grammatical error in smb.conf that showed up in a ucf prompt on |
2685 | + upgrade. |
2686 | + |
2687 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700 |
2688 | + |
2689 | +samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low |
2690 | + |
2691 | + * Merge from Debian unstable. Remaining changes: |
2692 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2693 | + + debian/smb.conf; |
2694 | + - Add "(Samba, Ubuntu)" to server string. |
2695 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2696 | + to show users how to restrict access to \\server\username to only username. |
2697 | + + debian/samba-common.config: |
2698 | + - Do not change prioritiy to high if dhclient3 is installed. |
2699 | + + debian/control: |
2700 | + - Don't build against or suggest ctdb and tdb. |
2701 | + + debian/rules: |
2702 | + - Drop explicit configuration options for ctdb and tdb. |
2703 | + + Add ufw integration: |
2704 | + - Created debian/samba.ufw.profile: |
2705 | + - debian/rules, debian/samba.install: install profile |
2706 | + + Add apport hook: |
2707 | + - Created debian/source_samba.py. |
2708 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2709 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2710 | + of hacking arround with pid files. |
2711 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2712 | + first dummy transitional package version. |
2713 | + + Dropped patches: |
2714 | + - debian/patches/CVE-2013-4496.patch: Dropped no longer needed |
2715 | + - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. |
2716 | + - debian/patches/readline-ftbfs.patch: Use the debian version. |
2717 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2718 | + (LP: #1268180) |
2719 | + |
2720 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400 |
2721 | + |
2722 | samba (2:4.1.6+dfsg-1) unstable; urgency=high |
2723 | |
2724 | * New upstream security release. Fixes: |
2725 | @@ -2828,6 +5257,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium |
2726 | |
2727 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100 |
2728 | |
2729 | +samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium |
2730 | + |
2731 | + * debian/smb.conf: comment back some of the "share definitions" |
2732 | + options (including "valid users"). That was an Ubuntu diff and seems to |
2733 | + have been dropped in the trusty merge. Those changes seem needed to |
2734 | + get the usershare feature working (used by nautilus-share) (lp: #1261873) |
2735 | + |
2736 | + -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200 |
2737 | + |
2738 | +samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium |
2739 | + |
2740 | + * SECURITY UPDATE: Password lockout not enforced for SAMR password |
2741 | + changes |
2742 | + - debian/patches/CVE-2013-4496.patch: refactor password lockout code in |
2743 | + source3/auth/check_samsec.c, |
2744 | + source3/rpc_server/samr/srv_samr_chgpasswd.c, |
2745 | + source3/rpc_server/samr/srv_samr_nt.c, |
2746 | + source3/smbd/lanman.c, |
2747 | + source4/rpc_server/samr/samr_password.c, |
2748 | + source4/torture/rpc/samr.c. |
2749 | + - CVE-2013-4496 |
2750 | + * SECURITY UPDATE: smbcacls can remove a file or directory ACL by |
2751 | + mistake |
2752 | + - debian/patches/CVE-2013-6442.patch: handle existing ACL in |
2753 | + source3/utils/smbcacls.c. |
2754 | + - CVE-2013-6442 |
2755 | + * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6. |
2756 | + |
2757 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400 |
2758 | + |
2759 | +samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium |
2760 | + |
2761 | + * Depend on tdb-tools (LP: #1279593) |
2762 | + * Updated generated config for Bind9.9. |
2763 | + |
2764 | + -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500 |
2765 | + |
2766 | +samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium |
2767 | + |
2768 | + * Add missing python-ntdb dependency to python-samba (spotted by |
2769 | + autopkgtest). |
2770 | + |
2771 | + -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100 |
2772 | + |
2773 | +samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low |
2774 | + |
2775 | + * Merge from Debian Unstable: |
2776 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2777 | + * debian/smb.conf; |
2778 | + - Add "(Samba, Ubuntu)" to server string. |
2779 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2780 | + to show users how to restrict access to \\server\username to only username. |
2781 | + + debian/samba-common.config: |
2782 | + - Do not change prioritiy to high if dhclient3 is installed. |
2783 | + + debian/control: |
2784 | + - Don't build against or suggest ctdb and tdb. |
2785 | + + debian/rules: |
2786 | + - Drop explicit configuration options for ctdb and tdb. |
2787 | + + Add ufw integration: |
2788 | + - Created debian/samba.ufw.profile: |
2789 | + - debian/rules, debian/samba.install: install profile |
2790 | + + Add apport hook: |
2791 | + - Created debian/source_samba.py. |
2792 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2793 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2794 | + of hacking arround with pid files. |
2795 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2796 | + first dummy transitional package version. |
2797 | + |
2798 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500 |
2799 | + |
2800 | samba (2:4.1.3+dfsg-2) unstable; urgency=medium |
2801 | |
2802 | * Add debug symbols for all binaries to samba-dbg. Closes: #732493 |
2803 | @@ -2870,6 +5370,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low |
2804 | |
2805 | -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800 |
2806 | |
2807 | +samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low |
2808 | + |
2809 | + * Merge from Debian Unstable: |
2810 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2811 | + * debian/smb.conf; |
2812 | + - Add "(Samba, Ubuntu)" to server string. |
2813 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2814 | + to show users how to restrict access to \\server\username to only username. |
2815 | + + debian/samba-common.config: |
2816 | + - Do not change prioritiy to high if dhclient3 is installed. |
2817 | + + debian/control: |
2818 | + - Don't build against or suggest ctdb and tdb. |
2819 | + + debian/rules: |
2820 | + - Drop explicit configuration options for ctdb and tdb. |
2821 | + + Add ufw integration: |
2822 | + - Created debian/samba.ufw.profile: |
2823 | + - debian/rules, debian/samba.install: install profile |
2824 | + + Add apport hook: |
2825 | + - Created debian/source_samba.py. |
2826 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2827 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2828 | + of hacking arround with pid files. |
2829 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2830 | + first dummy transitional package version. |
2831 | + |
2832 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500 |
2833 | + |
2834 | samba (2:4.0.13+dfsg-1) unstable; urgency=high |
2835 | |
2836 | [ Steve Langasek ] |
2837 | @@ -2924,6 +5451,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high |
2838 | |
2839 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100 |
2840 | |
2841 | +samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low |
2842 | + |
2843 | + * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version. |
2844 | + |
2845 | + -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000 |
2846 | + |
2847 | +samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low |
2848 | + |
2849 | + * Merge from Debian Unstable: |
2850 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2851 | + * debian/smb.conf; |
2852 | + - Add "(Samba, Ubuntu)" to server string. |
2853 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2854 | + to show users how to restrict access to \\server\username to only username. |
2855 | + + debian/samba-common.config: |
2856 | + - Do not change prioritiy to high if dhclient3 is installed. |
2857 | + + debian/control: |
2858 | + - Don't build against or suggest ctdb and tdb. |
2859 | + + debian/rules: |
2860 | + - Drop explicit configuration options for ctdb and tdb. |
2861 | + + Add ufw integration: |
2862 | + - Created debian/samba.ufw.profile: |
2863 | + - debian/rules, debian/samba.install: install profile |
2864 | + + Add apport hook: |
2865 | + - Created debian/source_samba.py. |
2866 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2867 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2868 | + of hacking arround with pid files. |
2869 | + |
2870 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800 |
2871 | + |
2872 | samba (2:4.0.10+dfsg-4) unstable; urgency=low |
2873 | |
2874 | [ Christian Perrier ] |
2875 | diff --git a/debian/control b/debian/control |
2876 | index 480a7bb..3671d97 100644 |
2877 | --- a/debian/control |
2878 | +++ b/debian/control |
2879 | @@ -1,7 +1,8 @@ |
2880 | Source: samba |
2881 | Section: net |
2882 | Priority: optional |
2883 | -Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> |
2884 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2885 | +XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> |
2886 | Uploaders: Steve Langasek <vorlon@debian.org>, |
2887 | Jelmer Vernooij <jelmer@debian.org>, |
2888 | Mathieu Parent <sathieu@debian.org>, |
2889 | @@ -35,7 +36,7 @@ Build-Depends-Arch: |
2890 | libblkid-dev, |
2891 | libbsd-dev, |
2892 | libcap-dev [linux-any], |
2893 | - libcephfs-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x], |
2894 | + libcephfs-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x], |
2895 | libcmocka-dev (>= 1.1.3), |
2896 | libcups2-dev, |
2897 | libdbus-1-dev, |
2898 | @@ -53,12 +54,12 @@ Build-Depends-Arch: |
2899 | libparse-yapp-perl, |
2900 | libpcap-dev [hurd-i386 kfreebsd-any], |
2901 | libpopt-dev, |
2902 | - librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x], |
2903 | + librados-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x], |
2904 | libreadline-dev, |
2905 | libsystemd-dev [linux-any], |
2906 | libtasn1-6-dev (>= 3.8), |
2907 | libtasn1-bin, |
2908 | - liburing-dev [linux-any] <!pkg.samba.nouring>, |
2909 | + liburing-dev [!i386] <!pkg.samba.nouring>, |
2910 | xfslibs-dev [linux-any], |
2911 | zlib1g-dev (>= 1:1.2.3), |
2912 | # python (+#904999): |
2913 | @@ -395,8 +396,9 @@ Depends: samba-common (= ${source:Version}), |
2914 | Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5> |
2915 | Suggests: libnss-winbind, libpam-winbind |
2916 | # 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind |
2917 | -Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), |
2918 | -Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), |
2919 | +# In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663 |
2920 | +Breaks: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), |
2921 | +Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), |
2922 | Description: service to resolve user and group information from Windows NT servers |
2923 | Samba is an implementation of the SMB/CIFS protocol for Unix systems, |
2924 | providing support for cross-platform file sharing with Microsoft Windows, OS X, |
2925 | diff --git a/debian/rules b/debian/rules |
2926 | index f9fd816..adfc3cf 100755 |
2927 | --- a/debian/rules |
2928 | +++ b/debian/rules |
2929 | @@ -81,7 +81,7 @@ config-args = \ |
2930 | |
2931 | ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features |
2932 | with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes) |
2933 | -with-ceph = $(if $(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes) |
2934 | +with-ceph = $(if $(filter amd64 arm64 armel armhf mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes) |
2935 | with-snapper = yes |
2936 | |
2937 | config-args += \ |
2938 | diff --git a/debian/tests/control b/debian/tests/control |
2939 | index d27e025..b37632e 100644 |
2940 | --- a/debian/tests/control |
2941 | +++ b/debian/tests/control |
2942 | @@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable |
2943 | Tests: reinstall-samba-common-bin |
2944 | Depends: samba-common, samba-common-bin |
2945 | Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr |
2946 | + |
2947 | +Tests: samba-ad-dc-provisioning-internal-dns |
2948 | +Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools |
2949 | +Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed |
2950 | diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns |
2951 | new file mode 100755 |
2952 | index 0000000..f61fa5e |
2953 | --- /dev/null |
2954 | +++ b/debian/tests/samba-ad-dc-provisioning-internal-dns |
2955 | @@ -0,0 +1,398 @@ |
2956 | +#!/bin/bash |
2957 | + |
2958 | +set -e |
2959 | +set -o pipefail |
2960 | + |
2961 | +source debian/tests/util |
2962 | + |
2963 | +declare -r domain="EXAMPLE" |
2964 | +declare -r realm="EXAMPLE.FAKE" |
2965 | +declare -r adminpass="Passw0rd" |
2966 | +declare -r test_user="test_user_${RANDOM}" |
2967 | +declare -r test_pw="test_user_secret_${RANDOM}" |
2968 | +declare -A user_pass |
2969 | +user_pass[Administrator]="${adminpass}" |
2970 | +user_pass[${test_user}]="${test_pw}" |
2971 | +declare -A join_method_deps |
2972 | +# Minimum set of deps: let realmd install the extra dependencies |
2973 | +# as needed, depending on the join method. |
2974 | +join_method_deps[realmd_sssd]="realmd krb5-user smbclient" |
2975 | +join_method_deps[realmd_winbind]="realmd krb5-user smbclient" |
2976 | + |
2977 | + |
2978 | +cleanup() { |
2979 | + rc=$? |
2980 | + set +e # so we don't exit midcleanup |
2981 | + if [ ${rc} -ne 0 ]; then |
2982 | + echo "## Something failed, gathering logs" |
2983 | + echo |
2984 | + echo "## smb.conf" |
2985 | + cat /etc/samba/smb.conf |
2986 | + echo |
2987 | + echo "## resolv.conf" |
2988 | + cat /etc/resolv.conf |
2989 | + echo |
2990 | + echo "## resolvectl status" |
2991 | + resolvectl status |
2992 | + echo "## journal for samba-ad-dc.service" |
2993 | + journalctl -u samba-ad-dc.service --lines 500 |
2994 | + echo |
2995 | + for log in /var/log/samba/log.*; do |
2996 | + # skip compressed logrotated files |
2997 | + if [ "${log%.gz}" != "${log}" ]; then |
2998 | + continue |
2999 | + fi |
3000 | + [ -s "${log}" ] || continue |
3001 | + echo "## $(basename ${log}):" |
3002 | + tail -n 500 "${log}" |
3003 | + echo |
3004 | + done |
3005 | + echo "## syslog" |
3006 | + tail -n 500 /var/log/syslog |
3007 | + fi |
3008 | +} |
3009 | + |
3010 | +trap cleanup EXIT |
3011 | + |
3012 | +assert_testparm() { |
3013 | + local parameter="${1}" |
3014 | + local expected_value="${2}" |
3015 | + local current_value="" |
3016 | + local -i retval=0 |
3017 | + |
3018 | + echo -n "Asserting ${parameter} is ${expected_value}: " |
3019 | + current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || { |
3020 | + retval=$? |
3021 | + echo "FAIL" |
3022 | + return ${retval} |
3023 | + } |
3024 | + if [ "${current_value}" = "${expected_value}" ]; then |
3025 | + echo "OK" |
3026 | + return 0 |
3027 | + else |
3028 | + echo "FAIL" |
3029 | + return 1 |
3030 | + fi |
3031 | +} |
3032 | + |
3033 | +basic_config_tests() { |
3034 | + echo "## Basic config tests" |
3035 | + testparm -s > /dev/null |
3036 | + assert_testparm "realm" "${realm}" |
3037 | + assert_testparm "workgroup" "${domain}" |
3038 | + assert_testparm "server role" "active directory domain controller" |
3039 | + echo |
3040 | +} |
3041 | + |
3042 | +dns_tests() { |
3043 | + echo "## DNS tests" |
3044 | + echo "Obtaining administrator kerberos ticket" |
3045 | + echo "${adminpass}" | timeout --verbose 30 kinit Administrator |
3046 | + echo |
3047 | + echo "Querying server info" |
3048 | + samba-tool dns serverinfo "$(hostname)" |
3049 | + echo |
3050 | + echo "Checking we got a service ticket of type host/" |
3051 | + klist | grep "host/$(hostname)" |
3052 | + echo |
3053 | + echo "Checking specific DNS records" |
3054 | + for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do |
3055 | + echo -n "${srv}.${realm,,}: " |
3056 | + dig @localhost +short -t SRV ${srv}.${realm,,} |
3057 | + echo |
3058 | + done |
3059 | + echo |
3060 | + echo -n "Checking that our hostname \"$(hostname)\" is in DNS: " |
3061 | + myip=$(dig @localhost +short -t A "$(hostname).${realm,,}") |
3062 | + echo "${myip}" |
3063 | + echo |
3064 | +} |
3065 | + |
3066 | +user_creation_tests() { |
3067 | + echo "## User creation tests" |
3068 | + samba-tool domain passwordsettings set --complexity=off |
3069 | + echo "Creating user \"${test_user}\" with password ${test_pw}" |
3070 | + samba-tool user add "${test_user}" "${test_pw}" |
3071 | + echo |
3072 | + echo "Attempting to obtain kerberos ticket for user \"${test_user}\"" |
3073 | + # just in case it ends up waiting at a prompt, we use "timeout" |
3074 | + echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" |
3075 | + echo "Ticket obtained" |
3076 | + klist |
3077 | + echo |
3078 | +} |
3079 | + |
3080 | +smbclient_tests() { |
3081 | + echo "## smbclient tests" |
3082 | + kdestroy || : |
3083 | + echo |
3084 | + echo "Obtaining a TGT for ${test_user}" |
3085 | + echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" |
3086 | + klist | grep krbtgt |
3087 | + echo |
3088 | + echo "Attempting password-less authentication with smbclient" |
3089 | + echo |
3090 | + echo "Listing shares" |
3091 | + smbclient -L "$(hostname)" --use-kerberos=required -k |
3092 | + echo |
3093 | + echo "Listing the sysvol share" |
3094 | + smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls" |
3095 | + echo |
3096 | + echo "Listing policies" |
3097 | + # lowercase the ${realm} |
3098 | + smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*" |
3099 | + echo |
3100 | + echo "Checking that we have a ticket for the cifs service after all these commands" |
3101 | + klist | grep cifs/ |
3102 | + echo |
3103 | +} |
3104 | + |
3105 | +server_join_tests() { |
3106 | + local member_server |
3107 | + # the join methods are the keys of the join_method_deps dict |
3108 | + local -a methods=("${!join_method_deps[@]}") |
3109 | + local member_server="member-server" |
3110 | + |
3111 | + echo "## Server join tests" |
3112 | + echo "## Initializing lxd" |
3113 | + setup_lxd "${realm,,}" |
3114 | + |
3115 | + for method in "${methods[@]}"; do |
3116 | + echo "## Setting up member server to join a domain using method ${method}" |
3117 | + setup_member_server "${member_server}" "${method}" |
3118 | + echo "## Joining domain with method ${method}" |
3119 | + join_domain "${member_server}" "${method}" |
3120 | + echo |
3121 | + echo "## Verifying join with method ${method}" |
3122 | + verify_join "${member_server}" "${method}" |
3123 | + echo |
3124 | + echo "## Leaving domain with method ${method}" |
3125 | + leave_domain "${member_server}" "${method}" |
3126 | + echo |
3127 | + echo "## Destroying member server" |
3128 | + lxc delete --force "${member_server}" |
3129 | + done |
3130 | +} |
3131 | + |
3132 | +setup_member_server() { |
3133 | + local container_name="${1}" |
3134 | + local method="${2}" |
3135 | + local release |
3136 | + |
3137 | + release="$(lsb_release -cs)" |
3138 | + if [ -z "${join_method_deps[${method}]}" ]; then |
3139 | + echo "## INTERNAL ERROR, invalid join method: ${method}" |
3140 | + return 1 |
3141 | + fi |
3142 | + echo "## Got test dependencies: ${join_method_deps[${method}]}" |
3143 | + # can't use cloud-init here to install packages, because we first need to |
3144 | + # sync the apt config from the host to the container |
3145 | + echo "## Launching ${release} container" |
3146 | + lxc launch "ubuntu-daily:${release}" "${container_name}" -q |
3147 | + wait_container_ready "${container_name}" |
3148 | + send_apt_config "${container_name}" |
3149 | + copy_local_apt_files "${container_name}" |
3150 | + echo "## Installing dependencies in test container" |
3151 | + install_packages_in_container "${container_name}" ${join_method_deps[${method}]} |
3152 | +} |
3153 | + |
3154 | +join_domain_realmd_winbind() { |
3155 | + local server="${1}" |
3156 | + local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}" |
3157 | + local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}" |
3158 | + |
3159 | + echo "## Domain information" |
3160 | + lxc exec "${server}" -- ${discover_cmd} |
3161 | + echo |
3162 | + echo "## Running join command: ${join_cmd}" |
3163 | + echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} |
3164 | +} |
3165 | + |
3166 | +verify_join_realmd_winbind() { |
3167 | + local server="${1}" |
3168 | + local member_domain |
3169 | + |
3170 | + echo -n "## Verifying member server joined domain name: " |
3171 | + member_domain=$(lxc exec "${server}" -- wbinfo --own-domain) |
3172 | + echo "${member_domain}" |
3173 | + if [ "${member_domain}" != "${domain}" ]; then |
3174 | + echo "ERROR: expected member server domain to match the joined domain:" |
3175 | + echo "member server domain: ${member_domain}" |
3176 | + echo "AD domain: ${domain}" |
3177 | + return 1 |
3178 | + fi |
3179 | + echo |
3180 | + # we just want to see the output, not parse it |
3181 | + echo "## Domain status in member server" |
3182 | + lxc exec "${server}" -- wbinfo --domain-info "${member_domain}" |
3183 | + echo |
3184 | + echo "## User status in member server" |
3185 | + for u in "${!user_pass[@]}"; do |
3186 | + echo "## User \"${u}@${realm}\" information:" |
3187 | + lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}" |
3188 | + echo |
3189 | + echo "## id ${u}@${realm}" |
3190 | + lxc exec "${server}" -- id ${u}@${realm} |
3191 | + echo |
3192 | + echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" |
3193 | + echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" |
3194 | + lxc exec "${server}" -- klist |
3195 | + echo |
3196 | + echo "## Listing shares with the obtained kerberos ticket" |
3197 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3198 | + lxc exec "${server}" -- kdestroy |
3199 | + echo |
3200 | + echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server" |
3201 | + # non-interactive format for username is user%password |
3202 | + lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}" |
3203 | + echo |
3204 | + echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server" |
3205 | + lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}" |
3206 | + echo |
3207 | + echo "## Listing shares with the obtained kerberos ticket" |
3208 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3209 | + lxc exec "${server}" -- kdestroy |
3210 | + done |
3211 | +} |
3212 | + |
3213 | +leave_domain_realmd_winbind() { |
3214 | + local server="${1}" |
3215 | + local leave_cmd="realm leave -v --remove --client-software=winbind" |
3216 | + |
3217 | + echo "## Running leave command: ${leave_cmd}" |
3218 | + echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} |
3219 | +} |
3220 | + |
3221 | +join_domain_realmd_sssd() { |
3222 | + local server="${1}" |
3223 | + local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}" |
3224 | + local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}" |
3225 | + |
3226 | + echo "## Domain information" |
3227 | + lxc exec "${server}" -- ${discover_cmd} |
3228 | + echo |
3229 | + echo "## Running join command: ${join_cmd}" |
3230 | + echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} |
3231 | + echo |
3232 | +} |
3233 | + |
3234 | +verify_join_realmd_sssd() { |
3235 | + local server="${1}" |
3236 | + local samba_domain |
3237 | + |
3238 | + echo -n "## Verifying member server joined domain name: " |
3239 | + samba_domain=$(lxc exec "${server}" -- sssctl domain-list) |
3240 | + echo "${samba_domain}" |
3241 | + if [ "${samba_domain}" != "${realm,,}" ]; then |
3242 | + echo "ERROR: expected member server domain to match the joined domain:" |
3243 | + echo "member server domain: ${samba_domain}" |
3244 | + echo "AD domain: ${realm,,}" |
3245 | + return 1 |
3246 | + fi |
3247 | + echo |
3248 | + # we just want to see the output, not parse it |
3249 | + echo "## Domain status in member server" |
3250 | + lxc exec "${server}" -- sssctl domain-status "${realm}" |
3251 | + echo |
3252 | + echo "## User status in member server" |
3253 | + for u in "${!user_pass[@]}"; do |
3254 | + echo "## User \"${u}@${realm}\" information:" |
3255 | + lxc exec "${server}" -- sssctl user-checks "${u}@${realm}" |
3256 | + echo |
3257 | + echo "## id ${u}@${realm}" |
3258 | + lxc exec "${server}" -- id "${u}@${realm}" |
3259 | + echo |
3260 | + echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" |
3261 | + echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" |
3262 | + lxc exec "${server}" -- klist |
3263 | + echo |
3264 | + echo "## Listing shares with the obtained kerberos ticket" |
3265 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3266 | + lxc exec "${server}" -- kdestroy |
3267 | + done |
3268 | +} |
3269 | + |
3270 | +leave_domain_realmd_sssd() { |
3271 | + local server="${1}" |
3272 | + local leave_cmd="realm leave -v --remove --client-software=sssd" |
3273 | + |
3274 | + echo "## Running leave command: ${leave_cmd}" |
3275 | + echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} |
3276 | +} |
3277 | + |
3278 | +join_domain() { |
3279 | + local server="${1}" |
3280 | + local m="${2}" |
3281 | + |
3282 | + join_domain_${m} "${server}" |
3283 | +} |
3284 | + |
3285 | +verify_join() { |
3286 | + local server="${1}" |
3287 | + local m="${2}" |
3288 | + |
3289 | + verify_join_${m} "${server}" |
3290 | +} |
3291 | + |
3292 | +leave_domain() { |
3293 | + local server="${1}" |
3294 | + local m="${2}" |
3295 | + |
3296 | + leave_domain_${m} "${server}" |
3297 | +} |
3298 | + |
3299 | +systemctl stop smbd nmbd winbind |
3300 | +systemctl disable smbd nmbd winbind |
3301 | +systemctl mask smbd nmbd winbind |
3302 | + |
3303 | +systemctl unmask samba-ad-dc |
3304 | +systemctl enable samba-ad-dc |
3305 | + |
3306 | +if [ -f /etc/samba/smb.conf ]; then |
3307 | + mv /etc/samba/smb.conf{,.orig} |
3308 | +fi |
3309 | + |
3310 | +# make sure we are starting fresh, as previous tests might left things around |
3311 | + |
3312 | +rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/* |
3313 | +kdestroy || : |
3314 | + |
3315 | +samba-tool domain provision \ |
3316 | + --domain="${domain}" \ |
3317 | + --realm="${realm}" \ |
3318 | + --adminpass="${adminpass}" \ |
3319 | + --server-role=dc \ |
3320 | + --use-rfc2307 \ |
3321 | + --dns-backend=SAMBA_INTERNAL |
3322 | + |
3323 | +current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}') |
3324 | + |
3325 | +if [ -n "${current_dns}" ]; then |
3326 | + echo "## Setting dns forwarder to ${current_dns} in smb.conf" |
3327 | + sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \ |
3328 | + /etc/samba/smb.conf |
3329 | + unlink /etc/resolv.conf |
3330 | + echo "nameserver 127.0.0.1" > /etc/resolv.conf |
3331 | + # lowercase substitution |
3332 | + echo "search ${realm,,}" >> /etc/resolv.conf |
3333 | + systemctl stop systemd-resolved |
3334 | + systemctl disable systemd-resolved |
3335 | +else |
3336 | + echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf" |
3337 | + echo "## resolvectl status:" |
3338 | + resolvectl status |
3339 | + echo "## Continuing, and hoping for the best" |
3340 | +fi |
3341 | + |
3342 | +cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf |
3343 | + |
3344 | +systemctl start samba-ad-dc |
3345 | + |
3346 | +# give it some time, it's a lot of services to start |
3347 | +sleep 5s |
3348 | + |
3349 | +basic_config_tests |
3350 | +dns_tests |
3351 | +user_creation_tests |
3352 | +smbclient_tests |
3353 | +server_join_tests |
3354 | diff --git a/debian/tests/util b/debian/tests/util |
3355 | index 4278ee7..298b321 100644 |
3356 | --- a/debian/tests/util |
3357 | +++ b/debian/tests/util |
3358 | @@ -16,7 +16,7 @@ EOFEOF |
3359 | if [ -n "${vfs}" ]; then |
3360 | echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf |
3361 | fi |
3362 | - systemctl restart smbd.service |
3363 | + systemctl reload smbd.service |
3364 | else |
3365 | echo "Share [${share}] already exists, continuing" |
3366 | fi |
3367 | @@ -66,3 +66,113 @@ ensure_uring_available() { |
3368 | exit 77 |
3369 | fi |
3370 | } |
3371 | + |
3372 | +wait_container_ready() { |
3373 | + local container="${1}" |
3374 | + local -i limit=120 # seconds |
3375 | + local -i i=0 |
3376 | + local -i result=0 |
3377 | + local ip |
3378 | + local output |
3379 | + |
3380 | + while /bin/true; do |
3381 | + ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}') |
3382 | + if [ -n "${ip}" ]; then |
3383 | + break |
3384 | + fi |
3385 | + i=$((i+1)) |
3386 | + if [ ${i} -ge ${limit} ]; then |
3387 | + return 1 |
3388 | + fi |
3389 | + sleep 1s |
3390 | + echo -n "." |
3391 | + done |
3392 | + while ! nc -z "${ip}" 22; do |
3393 | + echo -n "." |
3394 | + i=$((i+1)) |
3395 | + if [ ${i} -ge ${limit} ]; then |
3396 | + return 1 |
3397 | + fi |
3398 | + sleep 1s |
3399 | + done |
3400 | + # cloud-init might still be doing things... |
3401 | + # this call blocks, so wrap it in its own little timeout |
3402 | + output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || { |
3403 | + result=$? |
3404 | + echo "cloud-init status --wait failed on container ${container}" |
3405 | + echo "${output}" |
3406 | + return ${result} |
3407 | + } |
3408 | + echo |
3409 | +} |
3410 | + |
3411 | +install_lxd() { |
3412 | + if ! command -v lxd > /dev/null 2>&1; then |
3413 | + # the test depends has "lxd | snapd", so if we don't have lxd, we must |
3414 | + # install the snap |
3415 | + snap list lxd > /dev/null 2>&1 || { |
3416 | + echo "Installing the LXD snap..." |
3417 | + snap install lxd |
3418 | + } |
3419 | + fi |
3420 | +} |
3421 | + |
3422 | +setup_lxd() { |
3423 | + local dns_domain="${1}" |
3424 | + local network |
3425 | + local nic |
3426 | + local dns_ip |
3427 | + |
3428 | + install_lxd |
3429 | + # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53 |
3430 | + systemctl stop samba-ad-dc |
3431 | + lxd init --auto |
3432 | + lxd waitready --timeout 600 |
3433 | + network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED") |
3434 | + nic=$(echo "${network}" | awk '{print $1}') |
3435 | + dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr |
3436 | + # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS |
3437 | + lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})" |
3438 | + if [ -n "${http_proxy}" ]; then |
3439 | + lxc config set core.proxy_http "${http_proxy}" |
3440 | + fi |
3441 | + if [ -n "${https_proxy}" ]; then |
3442 | + lxc config set core.proxy_https "${https_proxy}" |
3443 | + fi |
3444 | + if [ -n "${noproxy}" ]; then |
3445 | + lxc config set core.proxy_ignore_hosts "${noproxy}" |
3446 | + fi |
3447 | + systemctl start samba-ad-dc |
3448 | + # give it some time, it's a lot of services to start |
3449 | + sleep 5s |
3450 | +} |
3451 | + |
3452 | +# Copy the local apt package archive over to the lxd container. |
3453 | +copy_local_apt_files() { |
3454 | + local container_name="${1:-docker}" |
3455 | + |
3456 | + for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do |
3457 | + local_source=${local_source#file:} |
3458 | + local_dir=$(dirname "${local_source}") |
3459 | + lxc exec "${container_name}" -- mkdir -p "${local_dir}" |
3460 | + tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}" |
3461 | + done |
3462 | +} |
3463 | + |
3464 | +send_apt_config() { |
3465 | + echo "Copying over /etc/apt to container ${1}" |
3466 | + lxc exec "${1}" -- rm -rf /etc/apt |
3467 | + lxc exec "${1}" -- mkdir -p /etc/apt |
3468 | + tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt |
3469 | +} |
3470 | + |
3471 | +install_packages_in_container() { |
3472 | + local container="${1}" |
3473 | + shift |
3474 | + local packages="${*}" |
3475 | + |
3476 | + echo "### Installing dependencies in member server container: ${packages}" |
3477 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q |
3478 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y |
3479 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages} |
3480 | +} |
Cutting FF close I see :-)
Since I imagine you're trying to get this in quickly, this is a very expedient review. The test results seem to be coming in ok:
* Results: 4.18.6+ dfsg-1ubuntu1~ ppa2 samba-mantic- merge samba/2: 4.18.6+ dfsg-1ubuntu1~ ppa2
- samba/2:
+ ✅ samba on mantic for amd64 @ 17.08.23 16:38:06 Log️ 🗒️
+ ✅ samba on mantic for armhf @ 17.08.23 15:46:05 Log️ 🗒️
+ ✅ samba on mantic for ppc64el @ 17.08.23 16:13:59 Log️ 🗒️
+ ✅ samba on mantic for s390x @ 17.08.23 16:04:16 Log️ 🗒️
* Running:
# time pkg release arch ppa trigger
- 1314 samba mantic arm64 ahasenack/
* Waiting: (none)
Packaging all looks fine.
A LP # for the various 386 delta would be useful in order to keep track of if/when that can be dropped, and the general status/expectation of Samba support for arch i386, but that's super unimportant for this merge and can be in the "maybe someday" pile.
Rest LGTM, +1