Merge ~ahasenack/ubuntu/+source/samba:mantic-samba-merge-3 into ubuntu/+source/samba:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/samba
- mantic-samba-merge-3
- Merge into debian/sid
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Bryce Harrington (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+449354@code.launchpad.net |
Commit message
Description of the change
Merge from debian.
Some delta dropped, one added to fix https:/
I also had to re-add a delta around ceph i386 which was accidentally broken in debian's 4.18.5+dfsg-2: " * d/rules: make ceph conditional similar to gluster".
PPA: https:/
I'll trigger DEP8 tests after it's done.
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: ahasenack, bryce
Uploaders: ahasenack, bryce
MP auto-approved
Andreas Hasenack (ahasenack) wrote : | # |
Thanks. The upstream release was yesterday, and the debian package appeared in launchpad just overnight :)
I think this would be fine after FF, because the release notes only mention bug fixes, but yeah, better do it before if possible.
Andreas Hasenack (ahasenack) wrote : | # |
Uploaded with rich history:
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Mike Silva (mikesilva) wrote : | # |
Is there a PPA where I can help test the multi-channel bug fix?
Andreas Hasenack (ahasenack) wrote : | # |
You can test it on mantic by enabling the proposed pocket, since samba hasn't migrated yet. I deleted the ppa after I uploaded it.
Let me know if that's ok.
Mike Silva (mikesilva) wrote : | # |
Oh, no problem. I was looking for the FAQ on how to do that over the weekend, if you have a pointer, and wouldn't mind, can you link me to it here?
I'm anxious to see this get into Mantic. It's led to a lot of user pain for some time!
Mike Silva (mikesilva) wrote : | # |
I found the FAQ and setup proposed with selective install, but this is all that I see in proposed. Not, 2:4.18.6.
samba (2:4.18.
* Add changes to fix uncaught exception when updating old password
containing regex metacharacters by simplifying samba-tool password
redaction (LP: #2002949).
- d/p/lib-
- d/p/lib-
- d/p/lib-
- d/p/samba-
- d/p/python-
- d/p/python-
- d/p/python-
-- Michal Maloszewski <email address hidden> Fri, 28 Jul 2023 00:55:03 +0200
Andreas Hasenack (ahasenack) wrote : | # |
That's not proposed indeed. But here it worked:
ubuntu@m-samba:~$ apt-cache policy samba
samba:
Installed: (none)
Candidate: 2:4.18.
Version table:
2:
100 http://
2:
500 http://
ubuntu@m-samba:~$ cat /etc/apt/
deb http://
deb http://
But do note that proposed has a lower priority (100 instead of 500), so to actually install the package from proposed you need to pass "-t mantic-proposed" to apt:
sudo apt install samba -t mantic-proposed
Mike Silva (mikesilva) wrote : | # |
That was the needed incantation. Thanks!
2.4.18.6 is fantastic. I'm seeing none of the mount/dismount problems I had before.
Update scan failed
At least one of the branches involved have failed to scan. You can manually schedule a rescan if required.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 2519a2a..7b4ef63 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,36 @@ | |||
6 | 1 | samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium | ||
7 | 2 | |||
8 | 3 | * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes: | ||
9 | 4 | - debian/control: Ubuntu i386 binary compatibility: | ||
10 | 5 | + drop ceph support | ||
11 | 6 | + enable the liburing vfs module, except on i386 where liburing is | ||
12 | 7 | not available | ||
13 | 8 | - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: | ||
14 | 9 | samba AD DC provisioning and domain join tests with internal DNS | ||
15 | 10 | (LP #1977746, LP #2011745) | ||
16 | 11 | * Dropped: | ||
17 | 12 | - build-depend on libglusterfs-dev only on !i386 arches | ||
18 | 13 | [In 2:4.18.5+dfsg-2] | ||
19 | 14 | - Add changes to fix uncaught exception when updating old password | ||
20 | 15 | containing regex metacharacters by simplifying samba-tool password | ||
21 | 16 | redaction (LP #2002949). | ||
22 | 17 | + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch | ||
23 | 18 | + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch | ||
24 | 19 | + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch | ||
25 | 20 | + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch | ||
26 | 21 | + d/p/python-Add-glue.burn_commandline-method.patch | ||
27 | 22 | + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch | ||
28 | 23 | + d/p/python-Remove-const-from-PyList_AsStringList.patch | ||
29 | 24 | [Fixed upstream in 4.18.6] | ||
30 | 25 | * Added: | ||
31 | 26 | - d/control: adjust breaks/replaces for file move that Debian did in | ||
32 | 27 | 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid | ||
33 | 28 | file conflict in a dist-upgrade from earlier Ubuntu releases, like | ||
34 | 29 | Kinetic (LP: #2024663) | ||
35 | 30 | - d/rules: ceph is not available in Ubuntu i386, disable it | ||
36 | 31 | |||
37 | 32 | -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Aug 2023 09:52:00 -0300 | ||
38 | 33 | |||
39 | 1 | samba (2:4.18.6+dfsg-1) unstable; urgency=medium | 34 | samba (2:4.18.6+dfsg-1) unstable; urgency=medium |
40 | 2 | 35 | ||
41 | 3 | * new upstream stable/bugfix release: | 36 | * new upstream stable/bugfix release: |
42 | @@ -54,6 +87,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium | |||
43 | 54 | 87 | ||
44 | 55 | -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300 | 88 | -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300 |
45 | 56 | 89 | ||
46 | 90 | samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium | ||
47 | 91 | |||
48 | 92 | * Add changes to fix uncaught exception when updating old password | ||
49 | 93 | containing regex metacharacters by simplifying samba-tool password | ||
50 | 94 | redaction (LP: #2002949). | ||
51 | 95 | - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch | ||
52 | 96 | - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch | ||
53 | 97 | - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch | ||
54 | 98 | - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch | ||
55 | 99 | - d/p/python-Add-glue.burn_commandline-method.patch | ||
56 | 100 | - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch | ||
57 | 101 | - d/p/python-Remove-const-from-PyList_AsStringList.patch | ||
58 | 102 | |||
59 | 103 | -- Michal Maloszewski <michal.maloszewski@canonical.com> Fri, 28 Jul 2023 00:55:03 +0200 | ||
60 | 104 | |||
61 | 105 | samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium | ||
62 | 106 | |||
63 | 107 | * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining | ||
64 | 108 | changes: | ||
65 | 109 | - debian/control: Ubuntu i386 binary compatibility: | ||
66 | 110 | + drop ceph support | ||
67 | 111 | + enable the liburing vfs module, except on i386 where liburing is | ||
68 | 112 | not available | ||
69 | 113 | + build-depend on libglusterfs-dev only on !i386 arches | ||
70 | 114 | - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: | ||
71 | 115 | samba AD DC provisioning and domain join tests with internal DNS | ||
72 | 116 | (LP #1977746, LP #2011745) | ||
73 | 117 | - d/t/util: reload instead of restarting samba, as it's quicker and | ||
74 | 118 | has the same effect we want in this test | ||
75 | 119 | |||
76 | 120 | -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jul 2023 10:15:22 -0300 | ||
77 | 121 | |||
78 | 57 | samba (2:4.18.5+dfsg-1) unstable; urgency=medium | 122 | samba (2:4.18.5+dfsg-1) unstable; urgency=medium |
79 | 58 | 123 | ||
80 | 59 | * new upstream stable/security release 4.18.5, including: | 124 | * new upstream stable/security release 4.18.5, including: |
81 | @@ -131,6 +196,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium | |||
82 | 131 | 196 | ||
83 | 132 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300 | 197 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300 |
84 | 133 | 198 | ||
85 | 199 | samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium | ||
86 | 200 | |||
87 | 201 | * Merge with Debian unstable (LP: #2018054). Remaining changes: | ||
88 | 202 | - debian/control: Ubuntu i386 binary compatibility: | ||
89 | 203 | + drop ceph support | ||
90 | 204 | + enable the liburing vfs module, except on i386 where liburing is | ||
91 | 205 | not available | ||
92 | 206 | + build-depend on libglusterfs-dev only on !i386 arches | ||
93 | 207 | - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: | ||
94 | 208 | samba AD DC provisioning and domain join tests with internal DNS | ||
95 | 209 | (LP #1977746, LP #2011745) | ||
96 | 210 | * Added changes: | ||
97 | 211 | - d/t/util: reload instead of restarting samba, as it's quicker and | ||
98 | 212 | has the same effect we want in this test | ||
99 | 213 | |||
100 | 214 | -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Jun 2023 11:59:19 -0300 | ||
101 | 215 | |||
102 | 134 | samba (2:4.18.3+dfsg-3) unstable; urgency=medium | 216 | samba (2:4.18.3+dfsg-3) unstable; urgency=medium |
103 | 135 | 217 | ||
104 | 136 | * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, | 218 | * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, |
105 | @@ -289,6 +371,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium | |||
106 | 289 | 371 | ||
107 | 290 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300 | 372 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300 |
108 | 291 | 373 | ||
109 | 374 | samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium | ||
110 | 375 | |||
111 | 376 | * Merge with Debian unstable (LP: #2014052). Remaining changes: | ||
112 | 377 | - debian/control: Ubuntu i386 binary compatibility: | ||
113 | 378 | + drop ceph support | ||
114 | 379 | + enable the liburing vfs module, except on i386 where liburing is | ||
115 | 380 | not available | ||
116 | 381 | + build-depend on libglusterfs-dev only on !i386 arches | ||
117 | 382 | - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: | ||
118 | 383 | samba AD DC provisioning and domain join tests with internal DNS | ||
119 | 384 | (LP #1977746, LP #2011745) | ||
120 | 385 | |||
121 | 386 | -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Mar 2023 15:26:11 -0300 | ||
122 | 387 | |||
123 | 292 | samba (2:4.17.6+dfsg-1) unstable; urgency=medium | 388 | samba (2:4.17.6+dfsg-1) unstable; urgency=medium |
124 | 293 | 389 | ||
125 | 294 | * new upstream stable/bugfix release 4.17.6: | 390 | * new upstream stable/bugfix release 4.17.6: |
126 | @@ -316,6 +412,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium | |||
127 | 316 | 412 | ||
128 | 317 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300 | 413 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300 |
129 | 318 | 414 | ||
130 | 415 | samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium | ||
131 | 416 | |||
132 | 417 | * Add domain join tests (LP: #2011745): | ||
133 | 418 | - d/t/control: update dependencies for samba AD provisioning test, | ||
134 | 419 | which now also includes a member server join test | ||
135 | 420 | - d/t/util, d/t/samba-ad-dc-*: add member server join tests | ||
136 | 421 | |||
137 | 422 | -- Andreas Hasenack <andreas@canonical.com> Wed, 15 Mar 2023 20:49:56 -0300 | ||
138 | 423 | |||
139 | 424 | samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium | ||
140 | 425 | |||
141 | 426 | * d/t/samba-ad-dc-provisioning-internal-dns: test improvements | ||
142 | 427 | (LP: #2009485): | ||
143 | 428 | - increase kinit timeout, as it also does DNS lookups | ||
144 | 429 | - add a trap on exit to show logs in the case of some failure | ||
145 | 430 | |||
146 | 431 | -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Mar 2023 11:49:34 -0300 | ||
147 | 432 | |||
148 | 433 | samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium | ||
149 | 434 | |||
150 | 435 | * Merge with Debian unstable (LP: #2002181). Remaining changes: | ||
151 | 436 | - debian/control: Ubuntu i386 binary compatibility: | ||
152 | 437 | + drop ceph support | ||
153 | 438 | + enable the liburing vfs module, except on i386 where liburing is | ||
154 | 439 | not available | ||
155 | 440 | + build-depend on libglusterfs-dev only on !i386 arches | ||
156 | 441 | * Added: | ||
157 | 442 | - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD | ||
158 | 443 | DC provisioning test with internal DNS (LP: #1977746) | ||
159 | 444 | |||
160 | 445 | -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300 | ||
161 | 446 | |||
162 | 319 | samba (2:4.17.5+dfsg-2) unstable; urgency=medium | 447 | samba (2:4.17.5+dfsg-2) unstable; urgency=medium |
163 | 320 | 448 | ||
164 | 321 | * d/control: samba: depends on exact version of python3-samba | 449 | * d/control: samba: depends on exact version of python3-samba |
165 | @@ -468,6 +596,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium | |||
166 | 468 | 596 | ||
167 | 469 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300 | 597 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300 |
168 | 470 | 598 | ||
169 | 599 | samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium | ||
170 | 600 | |||
171 | 601 | * No-change rebuild with Python 3.11 as default | ||
172 | 602 | |||
173 | 603 | -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000 | ||
174 | 604 | |||
175 | 605 | samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium | ||
176 | 606 | |||
177 | 607 | * Merge with Debian unstable (LP: #1993380). Remaining changes: | ||
178 | 608 | - debian/control: Ubuntu i386 binary compatibility: | ||
179 | 609 | + drop ceph support | ||
180 | 610 | - d/control: enable the liburing vfs module, except on i386 where | ||
181 | 611 | liburing is not available | ||
182 | 612 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
183 | 613 | * Dropped: | ||
184 | 614 | - debian/smb.conf; | ||
185 | 615 | + Add "(Samba, Ubuntu)" to server string. | ||
186 | 616 | [In 2:4.16.6+dfsg-1] | ||
187 | 617 | + Comment out the default [homes] share, and add a comment about | ||
188 | 618 | "valid users = %s" to show users how to restrict access to | ||
189 | 619 | \\server\username to only username. | ||
190 | 620 | [In 2:4.16.6+dfsg-1] | ||
191 | 621 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
192 | 622 | Skip running the tests if on i386 platform, because the uring | ||
193 | 623 | package is not available there. | ||
194 | 624 | [In 2:4.16.6+dfsg-1, improved] | ||
195 | 625 | - d/t/util: fix setting the password of the smb test user | ||
196 | 626 | (LP #1955851) | ||
197 | 627 | [In 2:4.16.5+dfsg-2] | ||
198 | 628 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
199 | 629 | [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6] | ||
200 | 630 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
201 | 631 | enable the samba glusterfs vfs mofule in that case | ||
202 | 632 | [In 2:4.16.6+dfsg-1] | ||
203 | 633 | |||
204 | 634 | -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300 | ||
205 | 635 | |||
206 | 471 | samba (2:4.17.3+dfsg-3) unstable; urgency=medium | 636 | samba (2:4.17.3+dfsg-3) unstable; urgency=medium |
207 | 472 | 637 | ||
208 | 473 | * d/control: winbind should depend on the same binary:Version | 638 | * d/control: winbind should depend on the same binary:Version |
209 | @@ -764,6 +929,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium | |||
210 | 764 | 929 | ||
211 | 765 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300 | 930 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300 |
212 | 766 | 931 | ||
213 | 932 | samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium | ||
214 | 933 | |||
215 | 934 | * Merge with Debian unstable. Remaining changes: | ||
216 | 935 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
217 | 936 | - debian/smb.conf; | ||
218 | 937 | + Add "(Samba, Ubuntu)" to server string. | ||
219 | 938 | + Comment out the default [homes] share, and add a comment about | ||
220 | 939 | "valid users = %s" to show users how to restrict access to | ||
221 | 940 | \\server\username to only username. | ||
222 | 941 | - debian/control: Ubuntu i386 binary compatibility: | ||
223 | 942 | + drop ceph support | ||
224 | 943 | - d/control: enable the liburing vfs module, except on i386 where | ||
225 | 944 | liburing is not available | ||
226 | 945 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
227 | 946 | Skip running the tests if on i386 platform, because the uring | ||
228 | 947 | package is not available there. | ||
229 | 948 | - d/t/util: fix setting the password of the smb test user | ||
230 | 949 | (LP #1955851) | ||
231 | 950 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
232 | 951 | enable the samba glusterfs vfs mofule in that case | ||
233 | 952 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
234 | 953 | |||
235 | 954 | -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300 | ||
236 | 955 | |||
237 | 767 | samba (2:4.16.4+dfsg-2) unstable; urgency=medium | 956 | samba (2:4.16.4+dfsg-2) unstable; urgency=medium |
238 | 768 | 957 | ||
239 | 769 | * d/libldb2.symbols: include newly added symbols | 958 | * d/libldb2.symbols: include newly added symbols |
240 | @@ -792,6 +981,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high | |||
241 | 792 | 981 | ||
242 | 793 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300 | 982 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300 |
243 | 794 | 983 | ||
244 | 984 | samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium | ||
245 | 985 | |||
246 | 986 | * Merge with Debian unstable (LP: #1982116). Remaining changes: | ||
247 | 987 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
248 | 988 | - debian/smb.conf; | ||
249 | 989 | + Add "(Samba, Ubuntu)" to server string. | ||
250 | 990 | + Comment out the default [homes] share, and add a comment about | ||
251 | 991 | "valid users = %s" to show users how to restrict access to | ||
252 | 992 | \\server\username to only username. | ||
253 | 993 | - debian/control: Ubuntu i386 binary compatibility: | ||
254 | 994 | + drop ceph support | ||
255 | 995 | - d/control: enable the liburing vfs module, except on i386 where | ||
256 | 996 | liburing is not available | ||
257 | 997 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
258 | 998 | Skip running the tests if on i386 platform, because the uring | ||
259 | 999 | package is not available there. | ||
260 | 1000 | - d/t/util: fix setting the password of the smb test user | ||
261 | 1001 | (LP #1955851) | ||
262 | 1002 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
263 | 1003 | enable the samba glusterfs vfs mofule in that case | ||
264 | 1004 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
265 | 1005 | * Dropped: | ||
266 | 1006 | - Update nfs scripts for new nfs.conf config (LP: #1961840): | ||
267 | 1007 | + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use | ||
268 | 1008 | nfsconf(8) if it's available, instead of parsing the old config | ||
269 | 1009 | files in /etc/default/nfs-* | ||
270 | 1010 | [In 2:4.16.3+dfsg-1] | ||
271 | 1011 | + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be | ||
272 | 1012 | used by the example enable-nfs.sh example script | ||
273 | 1013 | [In 2:4.16.3+dfsg-1] | ||
274 | 1014 | + d/ctdb.example/nfs-kernel-server/quota: quota config file to be | ||
275 | 1015 | used by the example enable-nfs.sh script | ||
276 | 1016 | [In 2:4.16.3+dfsg-1] | ||
277 | 1017 | + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: | ||
278 | 1018 | obsolete, replaced by nfs.conf | ||
279 | 1019 | [In 2:4.16.3+dfsg-1] | ||
280 | 1020 | + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new | ||
281 | 1021 | nfs.conf and other changes in the new nfs server packages | ||
282 | 1022 | [In 2:4.16.3+dfsg-1] | ||
283 | 1023 | - Fix abort when deleting a file and "fruit:resource = stream" is | ||
284 | 1024 | used. (LP #1977491) | ||
285 | 1025 | + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: | ||
286 | 1026 | Add test that shows smbd crashing when deleting a file while using | ||
287 | 1027 | vfs_fruit with "fruit:resource = stream". | ||
288 | 1028 | + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: | ||
289 | 1029 | Handle file deleting when "fruit:resource = stream" is used. | ||
290 | 1030 | [Fixed upstream] | ||
291 | 1031 | - Build dlz module for bind 9.18.x (LP #1964032) | ||
292 | 1032 | + d/p/add-support-for-bind-918.patch: build a dlz module for | ||
293 | 1033 | bind 9.18.x | ||
294 | 1034 | + d/p/add-support-for-bind-918-2.patch: also update the | ||
295 | 1035 | provisioning tool and template config file | ||
296 | 1036 | [Fixed upstream] | ||
297 | 1037 | |||
298 | 1038 | -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300 | ||
299 | 1039 | |||
300 | 795 | samba (2:4.16.3+dfsg-1) unstable; urgency=medium | 1040 | samba (2:4.16.3+dfsg-1) unstable; urgency=medium |
301 | 796 | 1041 | ||
302 | 797 | [ Michael Tokarev ] | 1042 | [ Michael Tokarev ] |
303 | @@ -803,6 +1048,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium | |||
304 | 803 | 1048 | ||
305 | 804 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300 | 1049 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300 |
306 | 805 | 1050 | ||
307 | 1051 | samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium | ||
308 | 1052 | |||
309 | 1053 | * Merge with Debian unstable. Remaining changes: | ||
310 | 1054 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
311 | 1055 | - debian/smb.conf; | ||
312 | 1056 | + Add "(Samba, Ubuntu)" to server string. | ||
313 | 1057 | + Comment out the default [homes] share, and add a comment about | ||
314 | 1058 | "valid users = %s" to show users how to restrict access to | ||
315 | 1059 | \\server\username to only username. | ||
316 | 1060 | - debian/control: Ubuntu i386 binary compatibility: | ||
317 | 1061 | + drop ceph support | ||
318 | 1062 | - d/control: enable the liburing vfs module, except on i386 where | ||
319 | 1063 | liburing is not available | ||
320 | 1064 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
321 | 1065 | Skip running the tests if on i386 platform, because the uring | ||
322 | 1066 | package is not available there. | ||
323 | 1067 | - d/t/util: fix setting the password of the smb test user | ||
324 | 1068 | (LP #1955851) | ||
325 | 1069 | - Update nfs scripts for new nfs.conf config (LP #1961840): | ||
326 | 1070 | + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use | ||
327 | 1071 | nfsconf(8) if it's available, instead of parsing the old config | ||
328 | 1072 | files in /etc/default/nfs-* | ||
329 | 1073 | + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be | ||
330 | 1074 | used by the example enable-nfs.sh example script | ||
331 | 1075 | + d/ctdb.example/nfs-kernel-server/quota: quota config file to be | ||
332 | 1076 | used by the example enable-nfs.sh script | ||
333 | 1077 | + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: | ||
334 | 1078 | obsolete, replaced by nfs.conf | ||
335 | 1079 | + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new | ||
336 | 1080 | nfs.conf and other changes in the new nfs server packages | ||
337 | 1081 | - Build dlz module for bind 9.18.x (LP #1964032) | ||
338 | 1082 | + d/p/add-support-for-bind-918.patch: build a dlz module for | ||
339 | 1083 | bind 9.18.x | ||
340 | 1084 | + d/p/add-support-for-bind-918-2.patch: also update the | ||
341 | 1085 | provisioning tool and template config file | ||
342 | 1086 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
343 | 1087 | enable the samba glusterfs vfs mofule in that case | ||
344 | 1088 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
345 | 1089 | - Fix abort when deleting a file and "fruit:resource = stream" is | ||
346 | 1090 | used. (LP #1977491) | ||
347 | 1091 | + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: | ||
348 | 1092 | Add test that shows smbd crashing when deleting a file while using | ||
349 | 1093 | vfs_fruit with "fruit:resource = stream". | ||
350 | 1094 | + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: | ||
351 | 1095 | Handle file deleting when "fruit:resource = stream" is used. | ||
352 | 1096 | |||
353 | 1097 | -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300 | ||
354 | 1098 | |||
355 | 806 | samba (2:4.16.2+dfsg-1) unstable; urgency=medium | 1099 | samba (2:4.16.2+dfsg-1) unstable; urgency=medium |
356 | 807 | 1100 | ||
357 | 808 | * new upstream minor/bugfix release. | 1101 | * new upstream minor/bugfix release. |
358 | @@ -824,6 +1117,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium | |||
359 | 824 | 1117 | ||
360 | 825 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300 | 1118 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300 |
361 | 826 | 1119 | ||
362 | 1120 | samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium | ||
363 | 1121 | |||
364 | 1122 | * Fix abort when deleting a file and "fruit:resource = stream" is | ||
365 | 1123 | used. (LP: #1977491) | ||
366 | 1124 | - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: | ||
367 | 1125 | Add test that shows smbd crashing when deleting a file while using | ||
368 | 1126 | vfs_fruit with "fruit:resource = stream". | ||
369 | 1127 | - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: | ||
370 | 1128 | Handle file deleting when "fruit:resource = stream" is used. | ||
371 | 1129 | |||
372 | 1130 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400 | ||
373 | 1131 | |||
374 | 1132 | samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium | ||
375 | 1133 | |||
376 | 1134 | * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining | ||
377 | 1135 | changes: | ||
378 | 1136 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
379 | 1137 | - debian/smb.conf; | ||
380 | 1138 | + Add "(Samba, Ubuntu)" to server string. | ||
381 | 1139 | + Comment out the default [homes] share, and add a comment about | ||
382 | 1140 | "valid users = %s" to show users how to restrict access to | ||
383 | 1141 | \\server\username to only username. | ||
384 | 1142 | - debian/control: Ubuntu i386 binary compatibility: | ||
385 | 1143 | + drop ceph support | ||
386 | 1144 | - d/control: enable the liburing vfs module, except on i386 where | ||
387 | 1145 | liburing is not available | ||
388 | 1146 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
389 | 1147 | Skip running the tests if on i386 platform, because the uring | ||
390 | 1148 | package is not available there. | ||
391 | 1149 | - d/t/util: fix setting the password of the smb test user | ||
392 | 1150 | (LP #1955851) | ||
393 | 1151 | - Update nfs scripts for new nfs.conf config (LP #1961840): | ||
394 | 1152 | + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use | ||
395 | 1153 | nfsconf(8) if it's available, instead of parsing the old config | ||
396 | 1154 | files in /etc/default/nfs-* | ||
397 | 1155 | + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be | ||
398 | 1156 | used by the example enable-nfs.sh example script | ||
399 | 1157 | + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota | ||
400 | 1158 | config file to be used by the example enable-nfs.sh script | ||
401 | 1159 | + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: | ||
402 | 1160 | obsolete, replaced by nfs.conf | ||
403 | 1161 | + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new | ||
404 | 1162 | nfs.conf and other changes in the new nfs server packages | ||
405 | 1163 | - Build dlz module for bind 9.18.x (LP #1964032) | ||
406 | 1164 | + d/p/add-support-for-bind-918.patch: build a dlz module for | ||
407 | 1165 | bind 9.18.x | ||
408 | 1166 | + d/p/add-support-for-bind-918-2.patch: also update the | ||
409 | 1167 | provisioning tool and template config file | ||
410 | 1168 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
411 | 1169 | enable the samba glusterfs vfs mofule in that case | ||
412 | 1170 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
413 | 1171 | * Dropped: | ||
414 | 1172 | - d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
415 | 1173 | the amount of in-tree crypto code that is built | ||
416 | 1174 | [superfluous, the version in the archive is recent enough] | ||
417 | 1175 | - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195) | ||
418 | 1176 | [Included in 2:4.13.13+dfsg-1] | ||
419 | 1177 | - d/control: bump required build-depends | ||
420 | 1178 | [Included in Debian] | ||
421 | 1179 | - d/samba-libs.install: update list of installed libraries and | ||
422 | 1180 | modules/plugins | ||
423 | 1181 | [Done in Debian] | ||
424 | 1182 | - debian/patches/CVE-2021-20254.patch: removed, applied upstream | ||
425 | 1183 | [Applied upstream, Debian didn't have this patch] | ||
426 | 1184 | - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream | ||
427 | 1185 | [Applied usptream, Debian did not have it] | ||
428 | 1186 | - d/{gpb.conf,watch,README.source}: update for 4.15 | ||
429 | 1187 | [Debian updated it for 4.16] | ||
430 | 1188 | - d/rules: remove --with-dnsupdate, it was merged with | ||
431 | 1189 | --with-ads in samba 4.15.0 | ||
432 | 1190 | [Included in 2:4.16.0+dfsg-1] | ||
433 | 1191 | - d/rules: drop removal of ctdb tests, they are no longer installed | ||
434 | 1192 | [Included in 2:4.16.0+dfsg-1] | ||
435 | 1193 | - Remove findsmb, no longer installed: | ||
436 | 1194 | + d/smbclient.install: remove findsmb | ||
437 | 1195 | + d/rules: drop fixing of findsmb shebang | ||
438 | 1196 | [Included in 2:4.16.0+dfsg-1] | ||
439 | 1197 | - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, | ||
440 | 1198 | no longer installed | ||
441 | 1199 | [Included in 2:4.16.0+dfsg-1] | ||
442 | 1200 | - d/ctdb.install: add tdb_mutex_check | ||
443 | 1201 | [Included in 2:4.16.0+dfsg-1] | ||
444 | 1202 | - d/winbind.install: add async_dns_krb5_locator | ||
445 | 1203 | [Included in 2:4.16.0+dfsg-1] | ||
446 | 1204 | - d/samba.install: install samba-bgqd and its manpage | ||
447 | 1205 | [Included in 2:4.16.0+dfsg-1] | ||
448 | 1206 | - d/{libsmbclient,libwbclient0}.symbols: symbols updates | ||
449 | 1207 | [Obsolete, these were for 4.15.5] | ||
450 | 1208 | - d/rules: drop dh_perl override, unneeded | ||
451 | 1209 | [Included in 2:4.16.0+dfsg-1] | ||
452 | 1210 | - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after | ||
453 | 1211 | Windows 2021-10 Monthly Rollup patch (LP #1951490) | ||
454 | 1212 | [Included upstream in 4.16.0rc2] | ||
455 | 1213 | - d/rules: install the new/changed ctdb example nfs files | ||
456 | 1214 | [Installed via ctdb.examples] | ||
457 | 1215 | * Added: | ||
458 | 1216 | - rename ctdb example files nfs.conf and quota, to match what the | ||
459 | 1217 | enable-nfs.sh script expects | ||
460 | 1218 | - enable-nfs.sh ctdb example: use debian's filename for the | ||
461 | 1219 | static port sysctl configuration | ||
462 | 1220 | - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was | ||
463 | 1221 | renamed to "cluster lock" | ||
464 | 1222 | |||
465 | 1223 | -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300 | ||
466 | 1224 | |||
467 | 827 | samba (2:4.16.1+dfsg-8) unstable; urgency=medium | 1225 | samba (2:4.16.1+dfsg-8) unstable; urgency=medium |
468 | 828 | 1226 | ||
469 | 829 | * fix the Breaks/Replaces versions in the previous upload for moving | 1227 | * fix the Breaks/Replaces versions in the previous upload for moving |
470 | @@ -1120,6 +1518,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium | |||
471 | 1120 | 1518 | ||
472 | 1121 | -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300 | 1519 | -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300 |
473 | 1122 | 1520 | ||
474 | 1521 | samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium | ||
475 | 1522 | |||
476 | 1523 | * No-change rebuild against libicu71 | ||
477 | 1524 | |||
478 | 1525 | -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000 | ||
479 | 1526 | |||
480 | 1527 | samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium | ||
481 | 1528 | |||
482 | 1529 | * Enable glusterfs support (LP: #1894618): | ||
483 | 1530 | - d/control: revert disabling of glusterfs, since it's in main now | ||
484 | 1531 | - d/rules: in Ubuntu, glusterfs is not built for i386, so don't | ||
485 | 1532 | enable the samba glusterfs vfs mofule in that case | ||
486 | 1533 | - d/control: build-depend on libglusterfs-dev only on !i386 arches | ||
487 | 1534 | |||
488 | 1535 | -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300 | ||
489 | 1536 | |||
490 | 1537 | samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium | ||
491 | 1538 | |||
492 | 1539 | * Build dlz module for bind 9.18.x (LP: #1964032) | ||
493 | 1540 | - d/p/add-support-for-bind-918.patch: build a dlz module for | ||
494 | 1541 | bind 9.18.x | ||
495 | 1542 | - d/samba-libs.install: remove fixme comment | ||
496 | 1543 | - d/p/add-support-for-bind-918-2.patch: also update the provisioning | ||
497 | 1544 | tool and template config file | ||
498 | 1545 | |||
499 | 1546 | -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300 | ||
500 | 1547 | |||
501 | 1548 | samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium | ||
502 | 1549 | |||
503 | 1550 | * Update nfs scripts for new nfs.conf config (LP: #1961840): | ||
504 | 1551 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use | ||
505 | 1552 | nfsconf(8) if it's available, instead of parsing the old config | ||
506 | 1553 | files in /etc/default/nfs-* | ||
507 | 1554 | - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example | ||
508 | 1555 | enable-nfs.sh example script | ||
509 | 1556 | - d/ctdb.example.quota: quota config file to be used by the example | ||
510 | 1557 | enable-nfs.sh script | ||
511 | 1558 | - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by | ||
512 | 1559 | nfs.conf | ||
513 | 1560 | - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other | ||
514 | 1561 | changes in the new nfs server packages | ||
515 | 1562 | - d/rules: install the new/changed ctdb example nfs files | ||
516 | 1563 | |||
517 | 1564 | -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300 | ||
518 | 1565 | |||
519 | 1566 | samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium | ||
520 | 1567 | |||
521 | 1568 | * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after | ||
522 | 1569 | Windows 2021-10 Monthly Rollup patch (LP: #1951490) | ||
523 | 1570 | |||
524 | 1571 | -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300 | ||
525 | 1572 | |||
526 | 1573 | samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium | ||
527 | 1574 | |||
528 | 1575 | * d/{gpb.conf,watch,README.source}: update for 4.15 | ||
529 | 1576 | * New upstream release: 4.15.5 (LP: #1946839) | ||
530 | 1577 | * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream | ||
531 | 1578 | * d/rules: remove --with-dnsupdate, it was merged with | ||
532 | 1579 | --with-ads in samba 4.15.0 | ||
533 | 1580 | * d/control: bump required build-depends | ||
534 | 1581 | * d/rules: drop removal of ctdb tests, they are no longer installed | ||
535 | 1582 | * Remove findsmb, no longer installed: | ||
536 | 1583 | - d/smbclient.install: remove findsmb | ||
537 | 1584 | - d/rules: drop fixing of findsmb shebang | ||
538 | 1585 | * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, | ||
539 | 1586 | no longer installed | ||
540 | 1587 | * d/samba-libs.install: update list of installed libraries and | ||
541 | 1588 | modules/plugins | ||
542 | 1589 | * d/ctdb.install: add tdb_mutex_check | ||
543 | 1590 | * d/winbind.install: add async_dns_krb5_locator | ||
544 | 1591 | * d/samba.install: install samba-bgqd and its manpage | ||
545 | 1592 | * d/{libsmbclient,libwbclient0}.symbols: symbols updates | ||
546 | 1593 | * d/control: add python3-markdown to build-depends | ||
547 | 1594 | * d/watch: updated to handle ~dfsg versioning, thanks to | ||
548 | 1595 | Sergio Durigan Junior <sergio.durigan@canonical.com> | ||
549 | 1596 | |||
550 | 1597 | -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300 | ||
551 | 1598 | |||
552 | 1599 | samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium | ||
553 | 1600 | |||
554 | 1601 | * Update to 4.13.17 as a security update | ||
555 | 1602 | - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 | ||
556 | 1603 | * Removed patches included in new version: | ||
557 | 1604 | - debian/patches/trusted_domain_regression_fix.patch | ||
558 | 1605 | - debian/patches/bug14901-*.patch | ||
559 | 1606 | - debian/patches/bug14922.patch | ||
560 | 1607 | |||
561 | 1608 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500 | ||
562 | 1609 | |||
563 | 1123 | samba (2:4.13.14+dfsg-1) unstable; urgency=high | 1610 | samba (2:4.13.14+dfsg-1) unstable; urgency=high |
564 | 1124 | 1611 | ||
565 | 1125 | * New upstream security release in order to address the following defects: | 1612 | * New upstream security release in order to address the following defects: |
566 | @@ -1146,6 +1633,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high | |||
567 | 1146 | 1633 | ||
568 | 1147 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100 | 1634 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100 |
569 | 1148 | 1635 | ||
570 | 1636 | samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium | ||
571 | 1637 | |||
572 | 1638 | * No-change rebuild for icu soname change | ||
573 | 1639 | |||
574 | 1640 | -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600 | ||
575 | 1641 | |||
576 | 1642 | samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium | ||
577 | 1643 | |||
578 | 1644 | * d/t/util: fix setting the password of the smb test user | ||
579 | 1645 | (LP: #1955851) | ||
580 | 1646 | |||
581 | 1647 | -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300 | ||
582 | 1648 | |||
583 | 1649 | samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium | ||
584 | 1650 | |||
585 | 1651 | * No-change rebuild with Python 3.10 as default version | ||
586 | 1652 | |||
587 | 1653 | -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000 | ||
588 | 1654 | |||
589 | 1655 | samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium | ||
590 | 1656 | |||
591 | 1657 | * SECURITY REGRESSION: Kerberos authentication on standalone server in | ||
592 | 1658 | MIT realm broken | ||
593 | 1659 | - debian/patches/bug14922.patch: fix MIT Realm regression in | ||
594 | 1660 | source3/auth/user_krb5.c. | ||
595 | 1661 | |||
596 | 1662 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500 | ||
597 | 1663 | |||
598 | 1664 | samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium | ||
599 | 1665 | |||
600 | 1666 | * Update to 4.13.14 as a security update (LP: #1950363) | ||
601 | 1667 | - debian/patches/CVE-2021-20254.patch: removed, included in new | ||
602 | 1668 | version. | ||
603 | 1669 | - debian/control: bump ldb Build-Depends to 2.2.3. | ||
604 | 1670 | - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. | ||
605 | 1671 | - debian/patches/trusted_domain_regression_fix.patch: fix regression | ||
606 | 1672 | introduced in 4.13.14. | ||
607 | 1673 | - debian/patches/bug14901-*.patch: upstream patches to fix some | ||
608 | 1674 | mapping issues. | ||
609 | 1675 | - debian/patches/bug14918-*.patch: upstream patches to properly handle | ||
610 | 1676 | dangling symlinks. | ||
611 | 1677 | - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, | ||
612 | 1678 | CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 | ||
613 | 1679 | |||
614 | 1680 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500 | ||
615 | 1681 | |||
616 | 1149 | samba (2:4.13.13+dfsg-1) unstable; urgency=high | 1682 | samba (2:4.13.13+dfsg-1) unstable; urgency=high |
617 | 1150 | 1683 | ||
618 | 1151 | [ Athos Ribeiro ] | 1684 | [ Athos Ribeiro ] |
619 | @@ -1167,6 +1700,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high | |||
620 | 1167 | 1700 | ||
621 | 1168 | -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100 | 1701 | -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100 |
622 | 1169 | 1702 | ||
623 | 1703 | samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium | ||
624 | 1704 | |||
625 | 1705 | * No-change rebuild against liburing2 | ||
626 | 1706 | |||
627 | 1707 | -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100 | ||
628 | 1708 | |||
629 | 1709 | samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium | ||
630 | 1710 | |||
631 | 1711 | * d/samba.postinst: do not populate sambashare from the admin group | ||
632 | 1712 | (Debian packaging cherry-pick. LP: #1942195) | ||
633 | 1713 | |||
634 | 1714 | -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200 | ||
635 | 1715 | |||
636 | 1716 | samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium | ||
637 | 1717 | |||
638 | 1718 | * No-change rebuild due to OpenLDAP soname bump. | ||
639 | 1719 | |||
640 | 1720 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400 | ||
641 | 1721 | |||
642 | 1722 | samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium | ||
643 | 1723 | |||
644 | 1724 | * Merge with Debian unstable. Remaining changes: | ||
645 | 1725 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
646 | 1726 | - debian/smb.conf; | ||
647 | 1727 | + Add "(Samba, Ubuntu)" to server string. | ||
648 | 1728 | + Comment out the default [homes] share, and add a comment about | ||
649 | 1729 | "valid users = %s" to show users how to restrict access to | ||
650 | 1730 | \\server\username to only username. | ||
651 | 1731 | - d/control: Disable glusterfs support because it's not in main. | ||
652 | 1732 | MIR bug is https://launchpad.net/bugs/1274247 | ||
653 | 1733 | - debian/control: Ubuntu i386 binary compatibility: | ||
654 | 1734 | + drop ceph support | ||
655 | 1735 | - d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
656 | 1736 | the amount of in-tree crypto code that is built | ||
657 | 1737 | - d/control: enable the liburing vfs module, except on i386 where | ||
658 | 1738 | liburing is not available | ||
659 | 1739 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
660 | 1740 | Skip running the tests if on i386 platform, because the uring | ||
661 | 1741 | package is not available there. | ||
662 | 1742 | * Dropped changes: | ||
663 | 1743 | - debian/samba-common.config: | ||
664 | 1744 | + Do not change priority to high if dhclient3 is installed. | ||
665 | 1745 | [Included in 2:4.13.4+dfsg-1] | ||
666 | 1746 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
667 | 1747 | change nfs service name from nfs to nfs-kernel-server | ||
668 | 1748 | (LP #722201) | ||
669 | 1749 | [Included in 2:4.13.4+dfsg-1] | ||
670 | 1750 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
671 | 1751 | enable syslog and systemd journal by default | ||
672 | 1752 | [Included in 2:4.13.4+dfsg-1] | ||
673 | 1753 | - debian/rules: Ubuntu i386 binary compatibility: | ||
674 | 1754 | + drop ceph support | ||
675 | 1755 | + disable the following binary packages: | ||
676 | 1756 | - ctdb | ||
677 | 1757 | - libnss-winbind | ||
678 | 1758 | - libpam-winbind | ||
679 | 1759 | - python3-samba | ||
680 | 1760 | - samba | ||
681 | 1761 | - samba-common-bin | ||
682 | 1762 | - samba-testsuite | ||
683 | 1763 | - winbind | ||
684 | 1764 | [Included in 2:4.13.4+dfsg-1] | ||
685 | 1765 | - debian/rules: Ubuntu i386 binary compatibility: | ||
686 | 1766 | + re-enable the following binary packages: | ||
687 | 1767 | - libnss-winbind | ||
688 | 1768 | - samba-common-bin | ||
689 | 1769 | - python3-samba | ||
690 | 1770 | - winbind | ||
691 | 1771 | [Included in 2:4.13.4+dfsg-1] | ||
692 | 1772 | - SECURITY UPDATE: wrong group entries via negative idmap cache entries | ||
693 | 1773 | + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in | ||
694 | 1774 | source3/passdb/lookup_sid.c. | ||
695 | 1775 | + CVE-2021-20254 | ||
696 | 1776 | [Included in 2:4.13.5+dfsg-2] | ||
697 | 1777 | |||
698 | 1778 | -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300 | ||
699 | 1779 | |||
700 | 1170 | samba (2:4.13.5+dfsg-2) unstable; urgency=high | 1780 | samba (2:4.13.5+dfsg-2) unstable; urgency=high |
701 | 1171 | 1781 | ||
702 | 1172 | * CVE-2021-20254: Negative idmap cache entries can cause incorrect group | 1782 | * CVE-2021-20254: Negative idmap cache entries can cause incorrect group |
703 | @@ -1198,6 +1808,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium | |||
704 | 1198 | 1808 | ||
705 | 1199 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100 | 1809 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100 |
706 | 1200 | 1810 | ||
707 | 1811 | samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium | ||
708 | 1812 | |||
709 | 1813 | * SECURITY UPDATE: wrong group entries via negative idmap cache entries | ||
710 | 1814 | - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in | ||
711 | 1815 | source3/passdb/lookup_sid.c. | ||
712 | 1816 | - CVE-2021-20254 | ||
713 | 1817 | |||
714 | 1818 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400 | ||
715 | 1819 | |||
716 | 1820 | samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium | ||
717 | 1821 | |||
718 | 1822 | * No change rebuild to pick up liburing, and also | ||
719 | 1823 | fix d/t/cifs-share-access-uring. (LP: #1914145) | ||
720 | 1824 | |||
721 | 1825 | -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300 | ||
722 | 1826 | |||
723 | 1827 | samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium | ||
724 | 1828 | |||
725 | 1829 | * Merge with Debian unstable. Remaining changes: | ||
726 | 1830 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
727 | 1831 | - debian/smb.conf; | ||
728 | 1832 | + Add "(Samba, Ubuntu)" to server string. | ||
729 | 1833 | + Comment out the default [homes] share, and add a comment about | ||
730 | 1834 | "valid users = %s" to show users how to restrict access to | ||
731 | 1835 | \\server\username to only username. | ||
732 | 1836 | - debian/samba-common.config: | ||
733 | 1837 | + Do not change priority to high if dhclient3 is installed. | ||
734 | 1838 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
735 | 1839 | MIR bug is https://launchpad.net/bugs/1274247 | ||
736 | 1840 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
737 | 1841 | change nfs service name from nfs to nfs-kernel-server | ||
738 | 1842 | (LP #722201) | ||
739 | 1843 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
740 | 1844 | enable syslog and systemd journal by default | ||
741 | 1845 | - debian/rules: Ubuntu i386 binary compatibility: | ||
742 | 1846 | + drop ceph support | ||
743 | 1847 | + disable the following binary packages: | ||
744 | 1848 | - ctdb | ||
745 | 1849 | - libnss-winbind | ||
746 | 1850 | - libpam-winbind | ||
747 | 1851 | - python3-samba | ||
748 | 1852 | - samba | ||
749 | 1853 | - samba-common-bin | ||
750 | 1854 | - samba-testsuite | ||
751 | 1855 | - winbind | ||
752 | 1856 | - debian/control: Ubuntu i386 binary compatibility: | ||
753 | 1857 | + drop ceph support | ||
754 | 1858 | - debian/rules: Ubuntu i386 binary compatibility: | ||
755 | 1859 | + re-enable the following binary packages: | ||
756 | 1860 | - libnss-winbind | ||
757 | 1861 | - samba-common-bin | ||
758 | 1862 | - python3-samba | ||
759 | 1863 | - winbind | ||
760 | 1864 | - d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
761 | 1865 | the amount of in-tree crypto code that is built | ||
762 | 1866 | - d/control: enable the liburing vfs module, except on i386 where | ||
763 | 1867 | liburing is not available | ||
764 | 1868 | * Dropped changes, incorporated by Debian: | ||
765 | 1869 | - d/t/smbclient-anonymous-share-list: add set -x and set -e | ||
766 | 1870 | - Factor out common DEP8 test code into d/t/util and change the tests | ||
767 | 1871 | to source from it: | ||
768 | 1872 | + d/t/util: added | ||
769 | 1873 | + d/t/cifs-share-access, d/t/smbclient-share-access: source from | ||
770 | 1874 | util, use random share name and add set -x and set -u | ||
771 | 1875 | + d/t/smbclient-authenticated-share-list: source from util and add | ||
772 | 1876 | set -x and set -u | ||
773 | 1877 | - Add new DEP8 tests for the uring vfs module: | ||
774 | 1878 | + d/t/control: add smbclient-share-access-uring and | ||
775 | 1879 | cifs-share-access-uring tests | ||
776 | 1880 | + d/t/smbclient-share-access-uring: new test | ||
777 | 1881 | + d/t/cifs-share-access-uring: new test | ||
778 | 1882 | - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: | ||
779 | 1883 | guard uring tests with a kernel version check and skip if it's too old | ||
780 | 1884 | * Added changes: | ||
781 | 1885 | - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: | ||
782 | 1886 | Skip running the tests if on i386 platform, because the uring | ||
783 | 1887 | package is not available there. | ||
784 | 1888 | |||
785 | 1889 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500 | ||
786 | 1890 | |||
787 | 1201 | samba (2:4.13.3+dfsg-1) unstable; urgency=medium | 1891 | samba (2:4.13.3+dfsg-1) unstable; urgency=medium |
788 | 1202 | 1892 | ||
789 | 1203 | [ Andreas Hasenack ] | 1893 | [ Andreas Hasenack ] |
790 | @@ -1213,6 +1903,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium | |||
791 | 1213 | 1903 | ||
792 | 1214 | -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100 | 1904 | -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100 |
793 | 1215 | 1905 | ||
794 | 1906 | samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium | ||
795 | 1907 | |||
796 | 1908 | * Merge with Debian unstable (LP: #1905048). Remaining changes: | ||
797 | 1909 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
798 | 1910 | - debian/smb.conf; | ||
799 | 1911 | + Add "(Samba, Ubuntu)" to server string. | ||
800 | 1912 | + Comment out the default [homes] share, and add a comment about | ||
801 | 1913 | "valid users = %s" to show users how to restrict access to | ||
802 | 1914 | \\server\username to only username. | ||
803 | 1915 | - debian/samba-common.config: | ||
804 | 1916 | + Do not change priority to high if dhclient3 is installed. | ||
805 | 1917 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
806 | 1918 | MIR bug is https://launchpad.net/bugs/1274247 | ||
807 | 1919 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
808 | 1920 | change nfs service name from nfs to nfs-kernel-server | ||
809 | 1921 | (LP #722201) | ||
810 | 1922 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
811 | 1923 | enable syslog and systemd journal by default | ||
812 | 1924 | - debian/rules: Ubuntu i386 binary compatibility: | ||
813 | 1925 | + drop ceph support | ||
814 | 1926 | + disable the following binary packages: | ||
815 | 1927 | - ctdb | ||
816 | 1928 | - libnss-winbind | ||
817 | 1929 | - libpam-winbind | ||
818 | 1930 | - python3-samba | ||
819 | 1931 | - samba | ||
820 | 1932 | - samba-common-bin | ||
821 | 1933 | - samba-testsuite | ||
822 | 1934 | - winbind | ||
823 | 1935 | - debian/control: Ubuntu i386 binary compatibility: | ||
824 | 1936 | + drop ceph support | ||
825 | 1937 | - debian/rules: Ubuntu i386 binary compatibility: | ||
826 | 1938 | + re-enable the following binary packages: | ||
827 | 1939 | - libnss-winbind | ||
828 | 1940 | - samba-common-bin | ||
829 | 1941 | - python3-samba | ||
830 | 1942 | - winbind | ||
831 | 1943 | - d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
832 | 1944 | the amount of in-tree crypto code that is built | ||
833 | 1945 | * d/t/smbclient-anonymous-share-list: add set -x and set -e | ||
834 | 1946 | * Factor out common DEP8 test code into d/t/util and change the tests | ||
835 | 1947 | to source from it: | ||
836 | 1948 | - d/t/util: added | ||
837 | 1949 | - d/t/cifs-share-access, d/t/smbclient-share-access: source from | ||
838 | 1950 | util, use random share name and add set -x and set -u | ||
839 | 1951 | - d/t/smbclient-authenticated-share-list: source from util and add | ||
840 | 1952 | set -x and set -u | ||
841 | 1953 | * d/control: enable the liburing vfs module, except on i386 where | ||
842 | 1954 | liburing is not available | ||
843 | 1955 | * Add new DEP8 tests for the uring vfs module: | ||
844 | 1956 | - d/t/control: add smbclient-share-access-uring and | ||
845 | 1957 | cifs-share-access-uring tests | ||
846 | 1958 | - d/t/smbclient-share-access-uring: new test | ||
847 | 1959 | - d/t/cifs-share-access-uring: new test | ||
848 | 1960 | * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: | ||
849 | 1961 | guard uring tests with a kernel version check and skip if it's too old | ||
850 | 1962 | * Dropped changes: | ||
851 | 1963 | - SECURITY UPDATE: Unauthenticated domain controller compromise by | ||
852 | 1964 | subverting Netlogon cryptography (ZeroLogon) | ||
853 | 1965 | + debian/patches/zerologon-*.patch: backport upstream patches: | ||
854 | 1966 | + For compatibility reasons, allow specifying an insecure netlogon | ||
855 | 1967 | configuration per machine. See the following link for examples: | ||
856 | 1968 | https://www.samba.org/samba/security/CVE-2020-1472.html | ||
857 | 1969 | + Add additional server checks for the protocol attack in the | ||
858 | 1970 | client-specified challenge to provide some protection when | ||
859 | 1971 | 'server schannel = no/auto' and avoid the false-positive results | ||
860 | 1972 | when running the proof-of-concept exploit. | ||
861 | 1973 | [ Incorporated by upstream. ] | ||
862 | 1974 | - SECURITY UPDATE: Missing handle permissions check in ChangeNotify | ||
863 | 1975 | + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't | ||
864 | 1976 | get set unless the directory handle is open for SEC_DIR_LIST in | ||
865 | 1977 | source4/torture/smb2/notify.c, source3/smbd/notify.c. | ||
866 | 1978 | + CVE-2020-14318 | ||
867 | 1979 | - SECURITY UPDATE: Unprivileged user can crash winbind | ||
868 | 1980 | + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in | ||
869 | 1981 | source3/winbindd/winbindd_lookupsids.c, | ||
870 | 1982 | source4/torture/winbind/struct_based.c. | ||
871 | 1983 | + CVE-2020-14323 | ||
872 | 1984 | - SECURITY UPDATE: DNS server crash via invalid records | ||
873 | 1985 | - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization | ||
874 | 1986 | with NULL and do not crash when additional data not found in | ||
875 | 1987 | source4/rpc_server/dnsserver/dcerpc_dnsserver.c. | ||
876 | 1988 | + CVE-2020-14383 | ||
877 | 1989 | [ Incorporated by upstream. ] | ||
878 | 1990 | |||
879 | 1991 | -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500 | ||
880 | 1992 | |||
881 | 1216 | samba (2:4.13.2+dfsg-3) unstable; urgency=medium | 1993 | samba (2:4.13.2+dfsg-3) unstable; urgency=medium |
882 | 1217 | 1994 | ||
883 | 1218 | * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) | 1995 | * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) |
884 | @@ -1258,6 +2035,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium | |||
885 | 1258 | 2035 | ||
886 | 1259 | -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100 | 2036 | -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100 |
887 | 1260 | 2037 | ||
888 | 2038 | samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium | ||
889 | 2039 | |||
890 | 2040 | * SECURITY UPDATE: Missing handle permissions check in ChangeNotify | ||
891 | 2041 | - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't | ||
892 | 2042 | get set unless the directory handle is open for SEC_DIR_LIST in | ||
893 | 2043 | source4/torture/smb2/notify.c, source3/smbd/notify.c. | ||
894 | 2044 | - CVE-2020-14318 | ||
895 | 2045 | * SECURITY UPDATE: Unprivileged user can crash winbind | ||
896 | 2046 | - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in | ||
897 | 2047 | source3/winbindd/winbindd_lookupsids.c, | ||
898 | 2048 | source4/torture/winbind/struct_based.c. | ||
899 | 2049 | - CVE-2020-14323 | ||
900 | 2050 | * SECURITY UPDATE: DNS server crash via invalid records | ||
901 | 2051 | - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization | ||
902 | 2052 | with NULL and do not crash when additional data not found in | ||
903 | 2053 | source4/rpc_server/dnsserver/dcerpc_dnsserver.c. | ||
904 | 2054 | - CVE-2020-14383 | ||
905 | 2055 | |||
906 | 2056 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400 | ||
907 | 2057 | |||
908 | 2058 | samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium | ||
909 | 2059 | |||
910 | 2060 | * SECURITY UPDATE: Unauthenticated domain controller compromise by | ||
911 | 2061 | subverting Netlogon cryptography (ZeroLogon) | ||
912 | 2062 | - debian/patches/zerologon-*.patch: backport upstream patches: | ||
913 | 2063 | + For compatibility reasons, allow specifying an insecure netlogon | ||
914 | 2064 | configuration per machine. See the following link for examples: | ||
915 | 2065 | https://www.samba.org/samba/security/CVE-2020-1472.html | ||
916 | 2066 | + Add additional server checks for the protocol attack in the | ||
917 | 2067 | client-specified challenge to provide some protection when | ||
918 | 2068 | 'server schannel = no/auto' and avoid the false-positive results | ||
919 | 2069 | when running the proof-of-concept exploit. | ||
920 | 2070 | - CVE-2020-1472 | ||
921 | 2071 | |||
922 | 2072 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400 | ||
923 | 2073 | |||
924 | 2074 | samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium | ||
925 | 2075 | |||
926 | 2076 | * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: | ||
927 | 2077 | guard uring tests with a kernel version check and skip if it's too old | ||
928 | 2078 | |||
929 | 2079 | -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300 | ||
930 | 2080 | |||
931 | 2081 | samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium | ||
932 | 2082 | |||
933 | 2083 | * d/t/smbclient-anonymous-share-list: add set -x and set -e | ||
934 | 2084 | * Factor out common DEP8 test code into d/t/util and change the tests | ||
935 | 2085 | to source from it: | ||
936 | 2086 | - d/t/util: added | ||
937 | 2087 | - d/t/cifs-share-access, d/t/smbclient-share-access: source from | ||
938 | 2088 | util, use random share name and add set -x and set -u | ||
939 | 2089 | - d/t/smbclient-authenticated-share-list: source from util and add | ||
940 | 2090 | set -x and set -u | ||
941 | 2091 | * d/control: enable the liburing vfs module, except on i386 where | ||
942 | 2092 | liburing is not available | ||
943 | 2093 | * Add new DEP8 tests for the uring vfs module: | ||
944 | 2094 | - d/t/control: add smbclient-share-access-uring and | ||
945 | 2095 | cifs-share-access-uring tests | ||
946 | 2096 | - d/t/smbclient-share-access-uring: new test | ||
947 | 2097 | - d/t/cifs-share-access-uring: new test | ||
948 | 2098 | |||
949 | 2099 | -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300 | ||
950 | 2100 | |||
951 | 2101 | samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium | ||
952 | 2102 | |||
953 | 2103 | * Merge with Debian unstable. Remaining changes: | ||
954 | 2104 | - d/p/VERSION.patch: Update vendor string to "Ubuntu". | ||
955 | 2105 | - debian/smb.conf; | ||
956 | 2106 | + Add "(Samba, Ubuntu)" to server string. | ||
957 | 2107 | + Comment out the default [homes] share, and add a comment about | ||
958 | 2108 | "valid users = %s" to show users how to restrict access to | ||
959 | 2109 | \\server\username to only username. | ||
960 | 2110 | - debian/samba-common.config: | ||
961 | 2111 | + Do not change priority to high if dhclient3 is installed. | ||
962 | 2112 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
963 | 2113 | MIR bug is https://launchpad.net/bugs/1274247 | ||
964 | 2114 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
965 | 2115 | change nfs service name from nfs to nfs-kernel-server | ||
966 | 2116 | (LP #722201) | ||
967 | 2117 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
968 | 2118 | enable syslog and systemd journal by default | ||
969 | 2119 | - debian/rules: Ubuntu i386 binary compatibility: | ||
970 | 2120 | + drop ceph support | ||
971 | 2121 | + disable the following binary packages: | ||
972 | 2122 | - ctdb | ||
973 | 2123 | - libnss-winbind | ||
974 | 2124 | - libpam-winbind | ||
975 | 2125 | - python3-samba | ||
976 | 2126 | - samba | ||
977 | 2127 | - samba-common-bin | ||
978 | 2128 | - samba-testsuite | ||
979 | 2129 | - winbind | ||
980 | 2130 | - debian/control: Ubuntu i386 binary compatibility: | ||
981 | 2131 | + drop ceph support | ||
982 | 2132 | - debian/rules: Ubuntu i386 binary compatibility: | ||
983 | 2133 | + re-enable the following binary packages: | ||
984 | 2134 | - libnss-winbind | ||
985 | 2135 | - samba-common-bin | ||
986 | 2136 | - python3-samba | ||
987 | 2137 | - winbind | ||
988 | 2138 | - d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
989 | 2139 | the amount of in-tree crypto code that is built | ||
990 | 2140 | * Dropped: | ||
991 | 2141 | - d/gbp.conf, d/watch, d/README.source: update for 4.12 | ||
992 | 2142 | [In 2:4.12.3+dfsg-1] | ||
993 | 2143 | - d/control: bump build-depends: | ||
994 | 2144 | + ldb: 2.1.2 | ||
995 | 2145 | + tevent: 0.10.2 | ||
996 | 2146 | + tdb: 1.4.3 | ||
997 | 2147 | + talloc: 2.3.1 | ||
998 | 2148 | [In 2:4.12.3+dfsg-1] | ||
999 | 2149 | - d/smbclient.install: add new binary mdfind and its manpage | ||
1000 | 2150 | [In 2:4.12.3+dfsg-1] | ||
1001 | 2151 | - d/samba-dev.install, d/samba-libs.install: new lib | ||
1002 | 2152 | libdcerpc-server-core | ||
1003 | 2153 | [In 2:4.12.3+dfsg-1] | ||
1004 | 2154 | - d/samba-libs.install: new library libtalloc-report-printf | ||
1005 | 2155 | [In 2:4.12.3+dfsg-1] | ||
1006 | 2156 | - d/libwbclient0.install: remove libaesni, no longer built when | ||
1007 | 2157 | gnutls provides AES CMAC | ||
1008 | 2158 | [In 2:4.12.3+dfsg-1] | ||
1009 | 2159 | - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols | ||
1010 | 2160 | [In 2:4.12.3+dfsg-1] | ||
1011 | 2161 | - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch | ||
1012 | 2162 | [Dropped in 2:4.12.3+dfsg-1] | ||
1013 | 2163 | - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch | ||
1014 | 2164 | [Dropped in 2:4.12.3+dfsg-1] | ||
1015 | 2165 | - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch | ||
1016 | 2166 | [Dropped in 2:4.12.3+dfsg-1] | ||
1017 | 2167 | |||
1018 | 2168 | -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300 | ||
1019 | 2169 | |||
1020 | 1261 | samba (2:4.12.5+dfsg-3) unstable; urgency=high | 2170 | samba (2:4.12.5+dfsg-3) unstable; urgency=high |
1021 | 1262 | 2171 | ||
1022 | 1263 | * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump | 2172 | * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump |
1023 | @@ -1322,6 +2231,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium | |||
1024 | 1322 | 2231 | ||
1025 | 1323 | -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200 | 2232 | -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200 |
1026 | 1324 | 2233 | ||
1027 | 2234 | samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium | ||
1028 | 2235 | |||
1029 | 2236 | * New upstream version: 4.12.2 | ||
1030 | 2237 | * d/gbp.conf, d/watch, d/README.source: update for 4.12 | ||
1031 | 2238 | * d/control: bump build-depends: | ||
1032 | 2239 | - ldb: 2.1.2 | ||
1033 | 2240 | - tevent: 0.10.2 | ||
1034 | 2241 | - tdb: 1.4.3 | ||
1035 | 2242 | - talloc: 2.3.1 | ||
1036 | 2243 | * d/smbclient.install: add new binary mdfind and its manpage | ||
1037 | 2244 | * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core | ||
1038 | 2245 | * d/samba-libs.install: new library libtalloc-report-printf | ||
1039 | 2246 | * d/libwbclient0.install: remove libaesni, no longer built when | ||
1040 | 2247 | gnutls provides AES CMAC | ||
1041 | 2248 | * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols | ||
1042 | 2249 | * d/control: add a versioned libgnutls28-dev build-depends to reduce | ||
1043 | 2250 | the amount of in-tree crypto code that is built | ||
1044 | 2251 | * Dropped (applied upstream): | ||
1045 | 2252 | - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch | ||
1046 | 2253 | - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch | ||
1047 | 2254 | - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch | ||
1048 | 2255 | - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch | ||
1049 | 2256 | |||
1050 | 2257 | -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300 | ||
1051 | 2258 | |||
1052 | 2259 | samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium | ||
1053 | 2260 | |||
1054 | 2261 | * SECURITY UPDATE: Use-after-free in AD DC LDAP server | ||
1055 | 2262 | - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in | ||
1056 | 2263 | combination with paged_results in selftest/knownfail.d/asq, | ||
1057 | 2264 | source4/dsdb/tests/python/asq.py, source4/selftest/tests.py. | ||
1058 | 2265 | - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control | ||
1059 | 2266 | for the GUID search in paged_results in selftest/knownfail.d/asq, | ||
1060 | 2267 | source4/dsdb/samdb/ldb_modules/paged_results.c. | ||
1061 | 2268 | - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev | ||
1062 | 2269 | Build-Depends to 2.0.10. | ||
1063 | 2270 | - CVE-2020-10700 | ||
1064 | 2271 | * SECURITY UPDATE: Stack overflow in AD DC LDAP server | ||
1065 | 2272 | - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in | ||
1066 | 2273 | auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, | ||
1067 | 2274 | lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, | ||
1068 | 2275 | libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, | ||
1069 | 2276 | source3/lib/tldap.c, source3/lib/tldap_util.c, | ||
1070 | 2277 | source3/libsmb/clispnego.c, source3/torture/torture.c, | ||
1071 | 2278 | source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, | ||
1072 | 2279 | source4/libcli/ldap/ldap_client.c, | ||
1073 | 2280 | source4/libcli/ldap/ldap_controls.c. | ||
1074 | 2281 | - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in | ||
1075 | 2282 | lib/util/asn1.c. | ||
1076 | 2283 | - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in | ||
1077 | 2284 | docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, | ||
1078 | 2285 | docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, | ||
1079 | 2286 | lib/param/loadparm.c, source3/param/loadparm.c. | ||
1080 | 2287 | - debian/patches/CVE-2020-10704-6.patch: limit request sizes in | ||
1081 | 2288 | source4/ldap_server/ldap_server.c. | ||
1082 | 2289 | - debian/patches/CVE-2020-10704-7.patch: add search size limits to | ||
1083 | 2290 | ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, | ||
1084 | 2291 | lib/param/loadparm.c, libcli/cldap/cldap.c, | ||
1085 | 2292 | libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, | ||
1086 | 2293 | source3/param/loadparm.c, source4/ldap_server/ldap_server.c, | ||
1087 | 2294 | source4/libcli/ldap/ldap_client.c. | ||
1088 | 2295 | - debian/patches/CVE-2020-10704-8.patch: check search request lengths | ||
1089 | 2296 | in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. | ||
1090 | 2297 | - CVE-2020-10704 | ||
1091 | 2298 | |||
1092 | 2299 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400 | ||
1093 | 2300 | |||
1094 | 2301 | samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium | ||
1095 | 2302 | |||
1096 | 2303 | * New upstream release: 4.11.6 | ||
1097 | 2304 | * d/p/samba-tool-py38-*.patch: dropped, fixed upstream | ||
1098 | 2305 | |||
1099 | 2306 | -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300 | ||
1100 | 2307 | |||
1101 | 2308 | samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium | ||
1102 | 2309 | |||
1103 | 2310 | * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324) | ||
1104 | 2311 | |||
1105 | 2312 | -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300 | ||
1106 | 2313 | |||
1107 | 2314 | samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium | ||
1108 | 2315 | |||
1109 | 2316 | * Merge with Debian unstable. Remaining changes: | ||
1110 | 2317 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1111 | 2318 | - debian/smb.conf; | ||
1112 | 2319 | + Add "(Samba, Ubuntu)" to server string. | ||
1113 | 2320 | + Comment out the default [homes] share, and add a comment about | ||
1114 | 2321 | "valid users = %s" to show users how to restrict access to | ||
1115 | 2322 | \\server\username to only username. | ||
1116 | 2323 | - debian/samba-common.config: | ||
1117 | 2324 | + Do not change priority to high if dhclient3 is installed. | ||
1118 | 2325 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1119 | 2326 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1120 | 2327 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
1121 | 2328 | change nfs service name from nfs to nfs-kernel-server | ||
1122 | 2329 | (LP #722201) | ||
1123 | 2330 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
1124 | 2331 | enable syslog and systemd journal by default | ||
1125 | 2332 | - debian/rules: Ubuntu i386 binary compatibility: | ||
1126 | 2333 | + drop ceph support | ||
1127 | 2334 | + disable the following binary packages: | ||
1128 | 2335 | - ctdb | ||
1129 | 2336 | - libnss-winbind | ||
1130 | 2337 | - libpam-winbind | ||
1131 | 2338 | - python3-samba | ||
1132 | 2339 | - samba | ||
1133 | 2340 | - samba-common-bin | ||
1134 | 2341 | - samba-testsuite | ||
1135 | 2342 | - winbind | ||
1136 | 2343 | - debian/control: Ubuntu i386 binary compatibility: | ||
1137 | 2344 | + drop ceph support | ||
1138 | 2345 | - debian/rules: Ubuntu i386 binary compatibility: | ||
1139 | 2346 | + re-enable the following binary packages: | ||
1140 | 2347 | - libnss-winbind | ||
1141 | 2348 | - samba-common-bin | ||
1142 | 2349 | - python3-samba | ||
1143 | 2350 | - winbind | ||
1144 | 2351 | * Dropped: | ||
1145 | 2352 | - d/control: drop python3-matplotlib. It's only used in | ||
1146 | 2353 | script/attr_count_read which is not installed with the | ||
1147 | 2354 | samba packages. | ||
1148 | 2355 | [In 2:4.11.3+dfsg-1] | ||
1149 | 2356 | |||
1150 | 2357 | -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300 | ||
1151 | 2358 | |||
1152 | 1325 | samba (2:4.11.5+dfsg-1) unstable; urgency=medium | 2359 | samba (2:4.11.5+dfsg-1) unstable; urgency=medium |
1153 | 1326 | 2360 | ||
1154 | 1327 | * New upstream security release | 2361 | * New upstream security release |
1155 | @@ -1349,6 +2383,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high | |||
1156 | 1349 | 2383 | ||
1157 | 1350 | -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100 | 2384 | -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100 |
1158 | 1351 | 2385 | ||
1159 | 2386 | samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium | ||
1160 | 2387 | |||
1161 | 2388 | * Ubuntu i386 binary compatibility effort: (LP: #1861316) | ||
1162 | 2389 | - debian/rules: | ||
1163 | 2390 | + re-enable the following binary packages generation: | ||
1164 | 2391 | - libnss-winbind | ||
1165 | 2392 | - samba-common-bin | ||
1166 | 2393 | - python3-samba | ||
1167 | 2394 | - winbind | ||
1168 | 2395 | |||
1169 | 2396 | -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000 | ||
1170 | 2397 | |||
1171 | 2398 | samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium | ||
1172 | 2399 | |||
1173 | 2400 | * No-change rebuild to build with python3.8. | ||
1174 | 2401 | |||
1175 | 2402 | -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000 | ||
1176 | 2403 | |||
1177 | 2404 | samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium | ||
1178 | 2405 | |||
1179 | 2406 | * Ubuntu i386 binary compatibility effort: (LP: #1858479) | ||
1180 | 2407 | - debian/control: | ||
1181 | 2408 | + drop ceph support | ||
1182 | 2409 | - debian/rules: | ||
1183 | 2410 | + drop ceph support | ||
1184 | 2411 | + disable the following binary packages generation: | ||
1185 | 2412 | - ctdb | ||
1186 | 2413 | - libnss-winbind | ||
1187 | 2414 | - libpam-winbind | ||
1188 | 2415 | - python3-samba | ||
1189 | 2416 | - samba | ||
1190 | 2417 | - samba-common-bin | ||
1191 | 2418 | - samba-testsuite | ||
1192 | 2419 | - winbind | ||
1193 | 2420 | |||
1194 | 2421 | -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000 | ||
1195 | 2422 | |||
1196 | 2423 | samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium | ||
1197 | 2424 | |||
1198 | 2425 | * Merge with Debian unstable. Remaining changes: | ||
1199 | 2426 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1200 | 2427 | - debian/smb.conf; | ||
1201 | 2428 | + Add "(Samba, Ubuntu)" to server string. | ||
1202 | 2429 | + Comment out the default [homes] share, and add a comment about | ||
1203 | 2430 | "valid users = %s" to show users how to restrict access to | ||
1204 | 2431 | \\server\username to only username. | ||
1205 | 2432 | - debian/samba-common.config: | ||
1206 | 2433 | + Do not change priority to high if dhclient3 is installed. | ||
1207 | 2434 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1208 | 2435 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1209 | 2436 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
1210 | 2437 | change nfs service name from nfs to nfs-kernel-server | ||
1211 | 2438 | (LP #722201) | ||
1212 | 2439 | [Adopted the Debian version and added a couple of extra hunks | ||
1213 | 2440 | we had] | ||
1214 | 2441 | - d/p/ctdb-config-enable-syslog-by-default.patch: | ||
1215 | 2442 | enable syslog and systemd journal by default | ||
1216 | 2443 | * Dropped: | ||
1217 | 2444 | - Add apport hook: | ||
1218 | 2445 | + Created debian/source_samba.py. | ||
1219 | 2446 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1220 | 2447 | [In 2:4.9.4+dfsg-2] | ||
1221 | 2448 | - Removed patches already applied upstream: | ||
1222 | 2449 | + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch | ||
1223 | 2450 | [Removed in 2:4.10.7+dfsg-1] | ||
1224 | 2451 | + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch | ||
1225 | 2452 | [Removed in 4.9.5+dfsg-1] | ||
1226 | 2453 | - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz | ||
1227 | 2454 | [Refreshed in 2:4.1.17+dfsg-1] | ||
1228 | 2455 | - d/control: Updated build dependencies (already updated in Debian): | ||
1229 | 2456 | + tdb >= 1.3.17 | ||
1230 | 2457 | + talloc >= 2.1.15 | ||
1231 | 2458 | + tevent >= 0.9.38 | ||
1232 | 2459 | + ldb >= 1.5.3 | ||
1233 | 2460 | - d/samba-common.docs: README is now README.md | ||
1234 | 2461 | [In 2:4.10.7+dfsg-1] | ||
1235 | 2462 | - d/libsmbclient.symbols: update symbols for this version | ||
1236 | 2463 | - d/libwbclient0.symbols: update symbols for this version | ||
1237 | 2464 | - d/ctdb.install: new binary ctdb_local_daemons | ||
1238 | 2465 | [In 2:4.10.7+dfsg-1] | ||
1239 | 2466 | - d/samba-dev.install: use globbing for the header files with | ||
1240 | 2467 | exceptions for wbclient.h and libsmbclient.h, which belong in | ||
1241 | 2468 | other packages. | ||
1242 | 2469 | [In 2:4.10.7+dfsg-1] | ||
1243 | 2470 | - d/rules: fix globbing used to move the dckeytab python module to the | ||
1244 | 2471 | samba package, and add a comment explaining why this is being done. | ||
1245 | 2472 | [In 2:4.10.7+dfsg-1] | ||
1246 | 2473 | - Switch to python3 (in 2:4.10.7+dfsg-1): | ||
1247 | 2474 | + d/rules: calculate the ldb version using python3, and drop the | ||
1248 | 2475 | "really" bit since the real 1.5.x series is being used now. | ||
1249 | 2476 | + d/rules: make sure python3 is used for the build | ||
1250 | 2477 | + d/rules: adjust globbing to remove the python3 version of tevent.so | ||
1251 | 2478 | + d/rules: drop PYVERS, unused | ||
1252 | 2479 | + d/control: adjust dependencies (build and runtime) for python3 | ||
1253 | 2480 | + d/python3-samba.install, d/control: new python3-samba package | ||
1254 | 2481 | (LP #1440381) | ||
1255 | 2482 | + d/control, d/python-samba.install: get rid of python-samba, which is py2 | ||
1256 | 2483 | + d/python3-samba.lintian-overrides: use the same overrides we had for | ||
1257 | 2484 | python-samba, now deleted. | ||
1258 | 2485 | + d/samba-dev.install, d/samba-libs.install: update file list | ||
1259 | 2486 | + d/t/control, d/t/python-smoke: use python3 | ||
1260 | 2487 | + d/control: use ${python3:Depends} now instead of the python 2 | ||
1261 | 2488 | counterpart for samba and samba-common-bin. | ||
1262 | 2489 | - d/control: drop suggests for python-gpgme, it's no longer available. | ||
1263 | 2490 | [In 2:4.10.7+dfsg-1] | ||
1264 | 2491 | - d/gbp.conf, d/watch, r/README.source: updated for 4.10 | ||
1265 | 2492 | [In 2:4.10.7+dfsg-1] | ||
1266 | 2493 | - d/control: update cmocka build-depends to >= 1.1.3 | ||
1267 | 2494 | [In 2:4.10.7+dfsg-1] | ||
1268 | 2495 | - d/samba-libs.install: bump passdb minor to 0.27.2 | ||
1269 | 2496 | [In 2:4.10.7+dfsg-1] | ||
1270 | 2497 | - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d | ||
1271 | 2498 | to allow pid file to exist (LP #1821775) | ||
1272 | 2499 | [In 2:4.10.7+dfsg-1] | ||
1273 | 2500 | - Allow proper ctdb initalization (LP #1828799): | ||
1274 | 2501 | + d/ctdb.dirs: added /var/lib/ctdb/* directories | ||
1275 | 2502 | + d/ctdb.postrm: remove leftovers from: | ||
1276 | 2503 | /var/lib/ctdb/{state,persistent,volatile,scripts} | ||
1277 | 2504 | [In 2:4.10.7+dfsg-1] | ||
1278 | 2505 | - d/rules: installing provided config examples and helper scripts | ||
1279 | 2506 | - Examples of NFS HA CTDB config files + helper script: | ||
1280 | 2507 | + d/ctdb.example.enable.nfs.sh | ||
1281 | 2508 | + d/ctdb.example.nfs-common | ||
1282 | 2509 | + d/ctdb.example.nfs-kernel-server | ||
1283 | 2510 | + d/ctdb.example.services | ||
1284 | 2511 | + d/ctdb.example.sysctl-nfs-static-ports.conf | ||
1285 | 2512 | [In 2:4.10.7+dfsg-1] | ||
1286 | 2513 | - debian/rules: Make DEB_HOST_ARCH_CPU initialized through | ||
1287 | 2514 | dpkg-architecture (Closes: #931138) | ||
1288 | 2515 | [In 2:4.10.7+dfsg-1] | ||
1289 | 2516 | - d/control: update ldb build-deps to 1.5.5 | ||
1290 | 2517 | [In 2:4.10.7+dfsg-1] | ||
1291 | 2518 | - SECURITY UPDATE: restricted share escape by user (LP #1842533) | ||
1292 | 2519 | [fixed upstream in 4.11.0rc2] | ||
1293 | 2520 | + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate | ||
1294 | 2521 | out impersonation debug info into a new function. | ||
1295 | 2522 | + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that | ||
1296 | 2523 | change_to_user_internal() always resets current_user.done_chdir | ||
1297 | 2524 | + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we | ||
1298 | 2525 | reset current_user.{need,done}_chdir in become_root() | ||
1299 | 2526 | + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make | ||
1300 | 2527 | fsrvp_share its own independent subdirectory | ||
1301 | 2528 | + debian/patches/CVE-2019-10197-05-v4-10.patch: | ||
1302 | 2529 | test_smbclient_s3.sh: add regression test for the no permission | ||
1303 | 2530 | on share root problem | ||
1304 | 2531 | + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split | ||
1305 | 2532 | change_to_user_impersonate() out of change_to_user_internal() | ||
1306 | 2533 | + CVE-2019-10197 | ||
1307 | 2534 | * Added: | ||
1308 | 2535 | - d/control: drop python3-matplotlib. It's only used in | ||
1309 | 2536 | script/attr_count_read which is not installed with the | ||
1310 | 2537 | samba packages. | ||
1311 | 2538 | |||
1312 | 2539 | -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300 | ||
1313 | 2540 | |||
1314 | 1352 | samba (2:4.11.1+dfsg-3) unstable; urgency=medium | 2541 | samba (2:4.11.1+dfsg-3) unstable; urgency=medium |
1315 | 1353 | 2542 | ||
1316 | 1354 | * Add some python dependencies: | 2543 | * Add some python dependencies: |
1317 | @@ -1557,6 +2746,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium | |||
1318 | 1557 | 2746 | ||
1319 | 1558 | -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200 | 2747 | -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200 |
1320 | 1559 | 2748 | ||
1321 | 2749 | samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium | ||
1322 | 2750 | |||
1323 | 2751 | * No-change rebuild to build with python3.8. | ||
1324 | 2752 | |||
1325 | 2753 | -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000 | ||
1326 | 2754 | |||
1327 | 2755 | samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium | ||
1328 | 2756 | |||
1329 | 2757 | * SECURITY UPDATE: restricted share escape by user (LP: #1842533) | ||
1330 | 2758 | - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate | ||
1331 | 2759 | out impersonation debug info into a new function. | ||
1332 | 2760 | - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that | ||
1333 | 2761 | change_to_user_internal() always resets current_user.done_chdir | ||
1334 | 2762 | - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we | ||
1335 | 2763 | reset current_user.{need,done}_chdir in become_root() | ||
1336 | 2764 | - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make | ||
1337 | 2765 | fsrvp_share its own independent subdirectory | ||
1338 | 2766 | - debian/patches/CVE-2019-10197-05-v4-10.patch: | ||
1339 | 2767 | test_smbclient_s3.sh: add regression test for the no permission | ||
1340 | 2768 | on share root problem | ||
1341 | 2769 | - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split | ||
1342 | 2770 | change_to_user_impersonate() out of change_to_user_internal() | ||
1343 | 2771 | - CVE-2019-10197 | ||
1344 | 2772 | |||
1345 | 2773 | -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 | ||
1346 | 2774 | |||
1347 | 2775 | samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium | ||
1348 | 2776 | |||
1349 | 2777 | * New upstream version: 4.10.7 | ||
1350 | 2778 | - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped, | ||
1351 | 2779 | included upstream in 4.10.7 | ||
1352 | 2780 | |||
1353 | 2781 | -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300 | ||
1354 | 2782 | |||
1355 | 2783 | samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium | ||
1356 | 2784 | |||
1357 | 2785 | * New upstream version: 4.10.6 | ||
1358 | 2786 | - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update | ||
1359 | 2787 | the Debian config and use it. | ||
1360 | 2788 | - d/control: update ldb build-deps to 1.5.5 | ||
1361 | 2789 | * Dropped: | ||
1362 | 2790 | - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5 | ||
1363 | 2791 | - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5 | ||
1364 | 2792 | - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3 | ||
1365 | 2793 | - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2 | ||
1366 | 2794 | - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2 | ||
1367 | 2795 | - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1 | ||
1368 | 2796 | - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed | ||
1369 | 2797 | upstream in 4.10.5 | ||
1370 | 2798 | |||
1371 | 2799 | -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300 | ||
1372 | 2800 | |||
1373 | 2801 | samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium | ||
1374 | 2802 | |||
1375 | 2803 | * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
1376 | 2804 | change service name from nfs to nfs-kernel-server in | ||
1377 | 2805 | legacy script 06.nfs.script also (LP: #722201) | ||
1378 | 2806 | |||
1379 | 2807 | -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000 | ||
1380 | 2808 | |||
1381 | 2809 | samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium | ||
1382 | 2810 | |||
1383 | 2811 | * debian/rules: Make DEB_HOST_ARCH_CPU initialized through | ||
1384 | 2812 | dpkg-architecture (Closes: #931138) | ||
1385 | 2813 | * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: | ||
1386 | 2814 | fix tcp_tw_recycle existence check. (LP: #722201) | ||
1387 | 2815 | * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: | ||
1388 | 2816 | change nfs service name from nfs to nfs-kernel-server | ||
1389 | 2817 | (LP: #722201) | ||
1390 | 2818 | * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d | ||
1391 | 2819 | to allow pid file to exist (LP: #1821775) | ||
1392 | 2820 | * Allow proper ctdb initialization (LP: #1828799): | ||
1393 | 2821 | - d/ctdb.dirs: added /var/lib/ctdb/* directories | ||
1394 | 2822 | - d/ctdb.postrm: remove leftovers from: | ||
1395 | 2823 | /var/lib/ctdb/{state,persistent,volatile,scripts} | ||
1396 | 2824 | * d/rules: installing provided config examples and helper scripts | ||
1397 | 2825 | * Examples of NFS HA CTDB config files + helper script: | ||
1398 | 2826 | - d/ctdb.example.enable.nfs.sh | ||
1399 | 2827 | - d/ctdb.example.nfs-common | ||
1400 | 2828 | - d/ctdb.example.nfs-kernel-server | ||
1401 | 2829 | - d/ctdb.example.services | ||
1402 | 2830 | - d/ctdb.example.sysctl-nfs-static-ports.conf | ||
1403 | 2831 | * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: | ||
1404 | 2832 | do not try to start daemon if /etc/ctdb/nodes does not exist | ||
1405 | 2833 | * d/p/ctdb-config-enable-syslog-by-default.patch: | ||
1406 | 2834 | enable syslog and systemd journal by default | ||
1407 | 2835 | |||
1408 | 2836 | -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000 | ||
1409 | 2837 | |||
1410 | 2838 | samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium | ||
1411 | 2839 | |||
1412 | 2840 | * SECURITY UPDATE: zone operations can crash rpc server | ||
1413 | 2841 | - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone | ||
1414 | 2842 | not found in DnssrvOperation in | ||
1415 | 2843 | python/samba/tests/dcerpc/dnsserver.py, | ||
1416 | 2844 | source4/rpc_server/dnsserver/dcerpc_dnsserver.c. | ||
1417 | 2845 | - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone | ||
1418 | 2846 | not found in DnssrvOperation2 in | ||
1419 | 2847 | python/samba/tests/dcerpc/dnsserver.py, | ||
1420 | 2848 | source4/rpc_server/dnsserver/dcerpc_dnsserver.c. | ||
1421 | 2849 | - CVE-2019-12435 | ||
1422 | 2850 | * SECURITY UPDATE: paged_searches crash on LDAP and homes access | ||
1423 | 2851 | - debian/patches/CVE-2019-12436.patch: ignore successful results | ||
1424 | 2852 | without messages in source4/dsdb/samdb/ldb_modules/paged_results.c, | ||
1425 | 2853 | source4/dsdb/tests/python/vlv.py. | ||
1426 | 2854 | - CVE-2019-12436 | ||
1427 | 2855 | |||
1428 | 2856 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400 | ||
1429 | 2857 | |||
1430 | 2858 | samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium | ||
1431 | 2859 | |||
1432 | 2860 | * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum | ||
1433 | 2861 | - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with | ||
1434 | 2862 | unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, | ||
1435 | 2863 | source4/torture/krb5/kdc-canon-heimdal.c. | ||
1436 | 2864 | - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with | ||
1437 | 2865 | unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, | ||
1438 | 2866 | source4/heimdal/kdc/krb5tgs.c. | ||
1439 | 2867 | - CVE-2018-16860 | ||
1440 | 2868 | |||
1441 | 2869 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400 | ||
1442 | 2870 | |||
1443 | 2871 | samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium | ||
1444 | 2872 | |||
1445 | 2873 | * SECURITY UPDATE: world writable files in Samba AD DC private/ dir | ||
1446 | 2874 | - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for | ||
1447 | 2875 | umask being overwritten in python/samba/tests/ntacls_backup.py, | ||
1448 | 2876 | python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py, | ||
1449 | 2877 | selftest/knownfail.d/umask-leak. | ||
1450 | 2878 | - debian/patches/CVE-2019-3870-2.patch: add test to check | ||
1451 | 2879 | file-permissions are correct after provision in | ||
1452 | 2880 | selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py, | ||
1453 | 2881 | source4/setup/tests/provision_fileperms.sh. | ||
1454 | 2882 | - debian/patches/CVE-2019-3870-3.patch: include tests to show the | ||
1455 | 2883 | outside umask has no impact in python/samba/tests/ntacls_backup.py, | ||
1456 | 2884 | python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask. | ||
1457 | 2885 | - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as | ||
1458 | 2886 | close as possible to users in source3/smbd/pysmbd.c, | ||
1459 | 2887 | selftest/knownfail.d/provision_fileperms, | ||
1460 | 2888 | selftest/knownfail.d/umask-leak. | ||
1461 | 2889 | - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for | ||
1462 | 2890 | smbd.mkdir() in selftest/knownfail.d/pymkdir-umask, | ||
1463 | 2891 | source3/smbd/pysmbd.c. | ||
1464 | 2892 | - CVE-2019-3870 | ||
1465 | 2893 | * SECURITY UPDATE: save registry file outside share as unprivileged user | ||
1466 | 2894 | - debian/patches/CVE-2019-3880.patch: remove implementations of | ||
1467 | 2895 | SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c. | ||
1468 | 2896 | - CVE-2019-3880 | ||
1469 | 2897 | |||
1470 | 2898 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400 | ||
1471 | 2899 | |||
1472 | 2900 | samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium | ||
1473 | 2901 | |||
1474 | 2902 | * New upstream version: 4.10.0 | ||
1475 | 2903 | - d/gbp.conf, d/watch, r/README.source: updated for 4.10 | ||
1476 | 2904 | - d/control: update cmocka build-depends to >= 1.1.3 | ||
1477 | 2905 | - d/samba-libs.install: bump passdb minor to 0.27.2 | ||
1478 | 2906 | * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to | ||
1479 | 2907 | Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846) | ||
1480 | 2908 | |||
1481 | 2909 | -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300 | ||
1482 | 2910 | |||
1483 | 2911 | samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium | ||
1484 | 2912 | |||
1485 | 2913 | * New upstream version 4.10.0rc4 (LP: #1818518): | ||
1486 | 2914 | - Removed patches already applied upstream: | ||
1487 | 2915 | + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch | ||
1488 | 2916 | + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch | ||
1489 | 2917 | - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz | ||
1490 | 2918 | - d/control: Updated build dependencies: | ||
1491 | 2919 | + tdb >= 1.3.17 | ||
1492 | 2920 | + talloc >= 2.1.15 | ||
1493 | 2921 | + tevent >= 0.9.38 | ||
1494 | 2922 | + ldb >= 1.5.3 | ||
1495 | 2923 | - d/samba-common.docs: README is now README.md | ||
1496 | 2924 | - d/libsmbclient.symbols: update symbols for this version | ||
1497 | 2925 | - d/libwbclient0.symbols: update symbols for this version | ||
1498 | 2926 | - d/ctdb.install: new binary ctdb_local_daemons | ||
1499 | 2927 | - d/samba-dev.install: use globbing for the header files with | ||
1500 | 2928 | exceptions for wbclient.h and libsmbclient.h, which belong in | ||
1501 | 2929 | other packages. | ||
1502 | 2930 | - d/rules: fix globbing used to move the dckeytab python module to the | ||
1503 | 2931 | samba package, and add a comment explaining why this is being done. | ||
1504 | 2932 | * Switch to python3: | ||
1505 | 2933 | - d/rules: calculate the ldb version using python3, and drop the | ||
1506 | 2934 | "really" bit since the real 1.5.x series is being used now. | ||
1507 | 2935 | - d/rules: make sure python3 is used for the build | ||
1508 | 2936 | - d/rules: adjust globbing to remove the python3 version of tevent.so | ||
1509 | 2937 | - d/rules: drop PYVERS, unused | ||
1510 | 2938 | - d/control: adjust dependencies (build and runtime) for python3 | ||
1511 | 2939 | - d/python3-samba.install, d/control: new python3-samba package | ||
1512 | 2940 | (LP: #1440381) | ||
1513 | 2941 | - d/control, d/python-samba.install: get rid of python-samba, which is py2 | ||
1514 | 2942 | - d/python3-samba.lintian-overrides: use the same overrides we had for | ||
1515 | 2943 | python-samba, now deleted. | ||
1516 | 2944 | - d/samba-dev.install, d/samba-libs.install: update file list | ||
1517 | 2945 | - d/t/control, d/t/python-smoke: use python3 | ||
1518 | 2946 | - d/control: use ${python3:Depends} now instead of the python 2 | ||
1519 | 2947 | counterpart for samba and samba-common-bin. | ||
1520 | 2948 | * d/control: drop suggests for python-gpgme, it's no longer available. | ||
1521 | 2949 | |||
1522 | 2950 | -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000 | ||
1523 | 2951 | |||
1524 | 1560 | samba (2:4.9.5+dfsg-1) experimental; urgency=medium | 2952 | samba (2:4.9.5+dfsg-1) experimental; urgency=medium |
1525 | 1561 | 2953 | ||
1526 | 1562 | * New upstream release | 2954 | * New upstream release |
1527 | @@ -1601,6 +2993,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium | |||
1528 | 1601 | 2993 | ||
1529 | 1602 | -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100 | 2994 | -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100 |
1530 | 1603 | 2995 | ||
1531 | 2996 | samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium | ||
1532 | 2997 | |||
1533 | 2998 | * Merge with Debian unstable. Remaining changes: | ||
1534 | 2999 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1535 | 3000 | - debian/smb.conf; | ||
1536 | 3001 | + Add "(Samba, Ubuntu)" to server string. | ||
1537 | 3002 | + Comment out the default [homes] share, and add a comment about | ||
1538 | 3003 | "valid users = %s" to show users how to restrict access to | ||
1539 | 3004 | \\server\username to only username. | ||
1540 | 3005 | - debian/samba-common.config: | ||
1541 | 3006 | + Do not change priority to high if dhclient3 is installed. | ||
1542 | 3007 | - Add apport hook: | ||
1543 | 3008 | + Created debian/source_samba.py. | ||
1544 | 3009 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1545 | 3010 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1546 | 3011 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1547 | 3012 | * Dropped: | ||
1548 | 3013 | - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() | ||
1549 | 3014 | failing without a valid idmap configuration. This fixes the smbd startup | ||
1550 | 3015 | on a standalone server where winbind is available and running. Thanks to | ||
1551 | 3016 | Stefan Metzmacher <metze@samba.org>. (LP #1806035) | ||
1552 | 3017 | [Fixed in 2:4.9.4+dfsg-1] | ||
1553 | 3018 | |||
1554 | 3019 | -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200 | ||
1555 | 3020 | |||
1556 | 1604 | samba (2:4.9.4+dfsg-1) unstable; urgency=medium | 3021 | samba (2:4.9.4+dfsg-1) unstable; urgency=medium |
1557 | 1605 | 3022 | ||
1558 | 1606 | * New upstream release | 3023 | * New upstream release |
1559 | @@ -1611,6 +3028,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium | |||
1560 | 1611 | 3028 | ||
1561 | 1612 | -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100 | 3029 | -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100 |
1562 | 1613 | 3030 | ||
1563 | 3031 | samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium | ||
1564 | 3032 | |||
1565 | 3033 | * No-change rebuild for readline soname change. | ||
1566 | 3034 | |||
1567 | 3035 | -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000 | ||
1568 | 3036 | |||
1569 | 3037 | samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium | ||
1570 | 3038 | |||
1571 | 3039 | * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() | ||
1572 | 3040 | failing without a valid idmap configuration. This fixes the smbd startup | ||
1573 | 3041 | on a standalone server where winbind is available and running. Thanks to | ||
1574 | 3042 | Stefan Metzmacher <metze@samba.org>. (LP: #1806035) | ||
1575 | 3043 | |||
1576 | 3044 | -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200 | ||
1577 | 3045 | |||
1578 | 3046 | samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium | ||
1579 | 3047 | |||
1580 | 3048 | * Merge with Debian unstable. Remaining changes: | ||
1581 | 3049 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1582 | 3050 | - debian/smb.conf; | ||
1583 | 3051 | + Add "(Samba, Ubuntu)" to server string. | ||
1584 | 3052 | + Comment out the default [homes] share, and add a comment about | ||
1585 | 3053 | "valid users = %s" to show users how to restrict access to | ||
1586 | 3054 | \\server\username to only username. | ||
1587 | 3055 | - debian/samba-common.config: | ||
1588 | 3056 | + Do not change priority to high if dhclient3 is installed. | ||
1589 | 3057 | - Add apport hook: | ||
1590 | 3058 | + Created debian/source_samba.py. | ||
1591 | 3059 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1592 | 3060 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1593 | 3061 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1594 | 3062 | * Dropped: | ||
1595 | 3063 | - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty | ||
1596 | 3064 | errors (LP: 1795772) | ||
1597 | 3065 | [Fixed upstream] | ||
1598 | 3066 | |||
1599 | 3067 | -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200 | ||
1600 | 3068 | |||
1601 | 1614 | samba (2:4.9.2+dfsg-2) unstable; urgency=high | 3069 | samba (2:4.9.2+dfsg-2) unstable; urgency=high |
1602 | 1615 | 3070 | ||
1603 | 1616 | * New upstream security release | 3071 | * New upstream security release |
1604 | @@ -1720,6 +3175,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium | |||
1605 | 1720 | 3175 | ||
1606 | 1721 | -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200 | 3176 | -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200 |
1607 | 1722 | 3177 | ||
1608 | 3178 | samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium | ||
1609 | 3179 | |||
1610 | 3180 | * No-change rebuild against libldb1 1.4.2 | ||
1611 | 3181 | |||
1612 | 3182 | -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000 | ||
1613 | 3183 | |||
1614 | 3184 | samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high | ||
1615 | 3185 | |||
1616 | 3186 | [ Karl Stenerud ] | ||
1617 | 3187 | * d/p/fix-rmdir.patch: Fix to make the samba client library report | ||
1618 | 3188 | directory-not-empty errors (LP: #1795772) | ||
1619 | 3189 | |||
1620 | 3190 | -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300 | ||
1621 | 3191 | |||
1622 | 3192 | samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium | ||
1623 | 3193 | |||
1624 | 3194 | * Merge with Debian unstable (LP: #1778125). Remaining changes: | ||
1625 | 3195 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1626 | 3196 | - debian/smb.conf; | ||
1627 | 3197 | + Add "(Samba, Ubuntu)" to server string. | ||
1628 | 3198 | + Comment out the default [homes] share, and add a comment about | ||
1629 | 3199 | "valid users = %s" to show users how to restrict access to | ||
1630 | 3200 | \\server\username to only username. | ||
1631 | 3201 | - debian/samba-common.config: | ||
1632 | 3202 | + Do not change priority to high if dhclient3 is installed. | ||
1633 | 3203 | - Add apport hook: | ||
1634 | 3204 | + Created debian/source_samba.py. | ||
1635 | 3205 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1636 | 3206 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1637 | 3207 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1638 | 3208 | * Drop: | ||
1639 | 3209 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1640 | 3210 | + d/t/control, d/t/cifs-share-access: access a file in a share using cifs | ||
1641 | 3211 | + d/t/control, d/t/smbclient-anonymous-share-list: list available shares | ||
1642 | 3212 | anonymously | ||
1643 | 3213 | + d/t/control, d/t/smbclient-authenticated-share-list: list available | ||
1644 | 3214 | shares using an authenticated connection | ||
1645 | 3215 | + d/t/control, d/t/smbclient-share-access: create a share and download a | ||
1646 | 3216 | file from it | ||
1647 | 3217 | [Accepted by Debian in 2:4.7.4+dfsg-2] | ||
1648 | 3218 | - d/samba-common.dhcp: If systemctl is available, use it to query the | ||
1649 | 3219 | status of the smbd service before trying to reload it. Otherwise, | ||
1650 | 3220 | keep the same check as before and reload the service based on the | ||
1651 | 3221 | existence of the initscript. (LP #1579597) | ||
1652 | 3222 | [In Debian since 2:4.7.4+dfsg-2] | ||
1653 | 3223 | - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: | ||
1654 | 3224 | [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. | ||
1655 | 3225 | Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737) | ||
1656 | 3226 | [Fixed upstream] | ||
1657 | 3227 | |||
1658 | 3228 | -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300 | ||
1659 | 3229 | |||
1660 | 1723 | samba (2:4.8.4+dfsg-2) unstable; urgency=high | 3230 | samba (2:4.8.4+dfsg-2) unstable; urgency=high |
1661 | 1724 | 3231 | ||
1662 | 1725 | * Fix typo in previous release: s/usefull/useful/ | 3232 | * Fix typo in previous release: s/usefull/useful/ |
1663 | @@ -1877,6 +3384,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium | |||
1664 | 1877 | 3384 | ||
1665 | 1878 | -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100 | 3385 | -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100 |
1666 | 1879 | 3386 | ||
1667 | 3387 | samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium | ||
1668 | 3388 | |||
1669 | 3389 | * No change rebuild to link with new ldb 1.3.3 | ||
1670 | 3390 | |||
1671 | 3391 | -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300 | ||
1672 | 3392 | |||
1673 | 3393 | samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium | ||
1674 | 3394 | |||
1675 | 3395 | * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: | ||
1676 | 3396 | [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. | ||
1677 | 3397 | Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737) | ||
1678 | 3398 | |||
1679 | 3399 | -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300 | ||
1680 | 3400 | |||
1681 | 3401 | samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium | ||
1682 | 3402 | |||
1683 | 3403 | * New upstream version: | ||
1684 | 3404 | - Fix database corruption bug when upgrading from samba 4.6 or lower | ||
1685 | 3405 | AD controllers (LP: #1755057) | ||
1686 | 3406 | - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059) | ||
1687 | 3407 | * Remaining changes: | ||
1688 | 3408 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1689 | 3409 | - debian/smb.conf; | ||
1690 | 3410 | + Add "(Samba, Ubuntu)" to server string. | ||
1691 | 3411 | + Comment out the default [homes] share, and add a comment about | ||
1692 | 3412 | "valid users = %s" to show users how to restrict access to | ||
1693 | 3413 | \\server\username to only username. | ||
1694 | 3414 | - debian/samba-common.config: | ||
1695 | 3415 | + Do not change priority to high if dhclient3 is installed. | ||
1696 | 3416 | - Add apport hook: | ||
1697 | 3417 | + Created debian/source_samba.py. | ||
1698 | 3418 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1699 | 3419 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1700 | 3420 | + d/t/control, d/t/cifs-share-access: access a file in a share using cifs | ||
1701 | 3421 | + d/t/control, d/t/smbclient-anonymous-share-list: list available shares | ||
1702 | 3422 | anonymously | ||
1703 | 3423 | + d/t/control, d/t/smbclient-authenticated-share-list: list available | ||
1704 | 3424 | shares using an authenticated connection | ||
1705 | 3425 | + d/t/control, d/t/smbclient-share-access: create a share and download a | ||
1706 | 3426 | file from it | ||
1707 | 3427 | - d/samba-common.dhcp: If systemctl is available, use it to query the | ||
1708 | 3428 | status of the smbd service before trying to reload it. Otherwise, | ||
1709 | 3429 | keep the same check as before and reload the service based on the | ||
1710 | 3430 | existence of the initscript. (LP #1579597) | ||
1711 | 3431 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1712 | 3432 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1713 | 3433 | |||
1714 | 3434 | -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300 | ||
1715 | 3435 | |||
1716 | 1880 | samba (2:4.7.4+dfsg-2) unstable; urgency=high | 3436 | samba (2:4.7.4+dfsg-2) unstable; urgency=high |
1717 | 1881 | 3437 | ||
1718 | 1882 | [ Mathieu Parent ] | 3438 | [ Mathieu Parent ] |
1719 | @@ -1907,6 +3463,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high | |||
1720 | 1907 | 3463 | ||
1721 | 1908 | -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100 | 3464 | -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100 |
1722 | 1909 | 3465 | ||
1723 | 3466 | samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium | ||
1724 | 3467 | |||
1725 | 3468 | * Merge with Debian unstable (LP: #1744779). Remaining changes: | ||
1726 | 3469 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1727 | 3470 | - debian/smb.conf; | ||
1728 | 3471 | + Add "(Samba, Ubuntu)" to server string. | ||
1729 | 3472 | + Comment out the default [homes] share, and add a comment about | ||
1730 | 3473 | "valid users = %s" to show users how to restrict access to | ||
1731 | 3474 | \\server\username to only username. | ||
1732 | 3475 | - debian/samba-common.config: | ||
1733 | 3476 | + Do not change priority to high if dhclient3 is installed. | ||
1734 | 3477 | - Add apport hook: | ||
1735 | 3478 | + Created debian/source_samba.py. | ||
1736 | 3479 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1737 | 3480 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1738 | 3481 | + d/t/control, d/t/cifs-share-access: access a file in a share using cifs | ||
1739 | 3482 | + d/t/control, d/t/smbclient-anonymous-share-list: list available shares | ||
1740 | 3483 | anonymously | ||
1741 | 3484 | + d/t/control, d/t/smbclient-authenticated-share-list: list available | ||
1742 | 3485 | shares using an authenticated connection | ||
1743 | 3486 | + d/t/control, d/t/smbclient-share-access: create a share and download a | ||
1744 | 3487 | file from it | ||
1745 | 3488 | - d/samba-common.dhcp: If systemctl is available, use it to query the | ||
1746 | 3489 | status of the smbd service before trying to reload it. Otherwise, | ||
1747 | 3490 | keep the same check as before and reload the service based on the | ||
1748 | 3491 | existence of the initscript. (LP #1579597) | ||
1749 | 3492 | - d/control, d/rules: Disable glusterfs support because it's not in main. | ||
1750 | 3493 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1751 | 3494 | |||
1752 | 3495 | -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200 | ||
1753 | 3496 | |||
1754 | 1910 | samba (2:4.7.4+dfsg-1) unstable; urgency=medium | 3497 | samba (2:4.7.4+dfsg-1) unstable; urgency=medium |
1755 | 1911 | 3498 | ||
1756 | 1912 | * New upstream version | 3499 | * New upstream version |
1757 | @@ -1923,6 +3510,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium | |||
1758 | 1923 | 3510 | ||
1759 | 1924 | -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100 | 3511 | -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100 |
1760 | 1925 | 3512 | ||
1761 | 3513 | samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium | ||
1762 | 3514 | |||
1763 | 3515 | * Merge with Debian; remaining changes: | ||
1764 | 3516 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1765 | 3517 | - debian/smb.conf; | ||
1766 | 3518 | + Add "(Samba, Ubuntu)" to server string. | ||
1767 | 3519 | + Comment out the default [homes] share, and add a comment about | ||
1768 | 3520 | "valid users = %s" to show users how to restrict access to | ||
1769 | 3521 | \\server\username to only username. | ||
1770 | 3522 | - debian/samba-common.config: | ||
1771 | 3523 | + Do not change priority to high if dhclient3 is installed. | ||
1772 | 3524 | - Add apport hook: | ||
1773 | 3525 | + Created debian/source_samba.py. | ||
1774 | 3526 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1775 | 3527 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1776 | 3528 | + d/t/control: enable the new DEP8 tests | ||
1777 | 3529 | + d/t/smbclient-anonymous-share-list: list available shares anonymously | ||
1778 | 3530 | + d/t/smbclient-authenticated-share-list: list available shares using | ||
1779 | 3531 | an authenticated connection | ||
1780 | 3532 | + d/t/smbclient-share-access: create a share and download a file from it | ||
1781 | 3533 | + d/t/cifs-share-access: access a file in a share using cifs | ||
1782 | 3534 | - Ask the user if we can run testparm against the config file. If yes, | ||
1783 | 3535 | include its stderr and exit status in the bug report. Otherwise, only | ||
1784 | 3536 | include the exit status. (LP #1694334) | ||
1785 | 3537 | - If systemctl is available, use it to query the status of the smbd | ||
1786 | 3538 | service before trying to reload it. Otherwise, keep the same check | ||
1787 | 3539 | as before and reload the service based on the existence of the | ||
1788 | 3540 | initscript. (LP #1579597) | ||
1789 | 3541 | - d/rules: Compile winbindd/winbindd statically. | ||
1790 | 3542 | - Disable glusterfs support because it's not in main. | ||
1791 | 3543 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1792 | 3544 | - d/source_samba.py: use the new recommended findmnt(8) tool to list | ||
1793 | 3545 | mountpoints and correctly filter by the cifs filesystem type. | ||
1794 | 3546 | |||
1795 | 3547 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500 | ||
1796 | 3548 | |||
1797 | 1926 | samba (2:4.7.3+dfsg-1) unstable; urgency=high | 3549 | samba (2:4.7.3+dfsg-1) unstable; urgency=high |
1798 | 1927 | 3550 | ||
1799 | 1928 | * New upstream version | 3551 | * New upstream version |
1800 | @@ -1946,6 +3569,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high | |||
1801 | 1946 | 3569 | ||
1802 | 1947 | -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100 | 3570 | -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100 |
1803 | 1948 | 3571 | ||
1804 | 3572 | samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium | ||
1805 | 3573 | |||
1806 | 3574 | * Merge with Debian; remaining changes: | ||
1807 | 3575 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1808 | 3576 | - debian/smb.conf; | ||
1809 | 3577 | + Add "(Samba, Ubuntu)" to server string. | ||
1810 | 3578 | + Comment out the default [homes] share, and add a comment about | ||
1811 | 3579 | "valid users = %s" to show users how to restrict access to | ||
1812 | 3580 | \\server\username to only username. | ||
1813 | 3581 | - debian/samba-common.config: | ||
1814 | 3582 | + Do not change priority to high if dhclient3 is installed. | ||
1815 | 3583 | - Add apport hook: | ||
1816 | 3584 | + Created debian/source_samba.py. | ||
1817 | 3585 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1818 | 3586 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1819 | 3587 | + d/t/control: enable the new DEP8 tests | ||
1820 | 3588 | + d/t/smbclient-anonymous-share-list: list available shares anonymously | ||
1821 | 3589 | + d/t/smbclient-authenticated-share-list: list available shares using | ||
1822 | 3590 | an authenticated connection | ||
1823 | 3591 | + d/t/smbclient-share-access: create a share and download a file from it | ||
1824 | 3592 | + d/t/cifs-share-access: access a file in a share using cifs | ||
1825 | 3593 | - Ask the user if we can run testparm against the config file. If yes, | ||
1826 | 3594 | include its stderr and exit status in the bug report. Otherwise, only | ||
1827 | 3595 | include the exit status. (LP #1694334) | ||
1828 | 3596 | - If systemctl is available, use it to query the status of the smbd | ||
1829 | 3597 | service before trying to reload it. Otherwise, keep the same check | ||
1830 | 3598 | as before and reload the service based on the existence of the | ||
1831 | 3599 | initscript. (LP #1579597) | ||
1832 | 3600 | - d/rules: Compile winbindd/winbindd statically. | ||
1833 | 3601 | - Disable glusterfs support because it's not in main. | ||
1834 | 3602 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1835 | 3603 | - d/source_samba.py: use the new recommended findmnt(8) tool to list | ||
1836 | 3604 | mountpoints and correctly filter by the cifs filesystem type. | ||
1837 | 3605 | |||
1838 | 3606 | -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100 | ||
1839 | 3607 | |||
1840 | 1949 | samba (2:4.7.1+dfsg-1) unstable; urgency=medium | 3608 | samba (2:4.7.1+dfsg-1) unstable; urgency=medium |
1841 | 1950 | 3609 | ||
1842 | 1951 | * New upstream version | 3610 | * New upstream version |
1843 | @@ -1994,6 +3653,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high | |||
1844 | 1994 | 3653 | ||
1845 | 1995 | -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200 | 3654 | -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200 |
1846 | 1996 | 3655 | ||
1847 | 3656 | samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium | ||
1848 | 3657 | |||
1849 | 3658 | * SECURITY UPDATE: SMB1/2/3 connections may not require signing where | ||
1850 | 3659 | they should | ||
1851 | 3660 | - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username | ||
1852 | 3661 | into a specified one in source3/include/auth_info.h, | ||
1853 | 3662 | source3/lib/popt_common.c, source3/lib/util_cmdline.c. | ||
1854 | 3663 | - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to | ||
1855 | 3664 | source3/lib/util_cmdline.c. | ||
1856 | 3665 | - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to | ||
1857 | 3666 | source3/libsmb/pylibsmb.c. | ||
1858 | 3667 | - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to | ||
1859 | 3668 | libgpo/gpo_fetch.c. | ||
1860 | 3669 | - debian/patches/CVE-2017-12150-5.patch: add check for | ||
1861 | 3670 | NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c. | ||
1862 | 3671 | - debian/patches/CVE-2017-12150-6.patch: add | ||
1863 | 3672 | smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*. | ||
1864 | 3673 | - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if | ||
1865 | 3674 | authentication was not requested in source3/libsmb/clidfs.c. | ||
1866 | 3675 | - CVE-2017-12150 | ||
1867 | 3676 | * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS | ||
1868 | 3677 | redirects | ||
1869 | 3678 | - debian/patches/CVE-2017-12151-1.patch: add | ||
1870 | 3679 | cli_state_is_encryption_on() helper function to | ||
1871 | 3680 | source3/libsmb/clientgen.c, source3/libsmb/proto.h. | ||
1872 | 3681 | - debian/patches/CVE-2017-12151-2.patch: make use of | ||
1873 | 3682 | cli_state_is_encryption_on() in source3/libsmb/clidfs.c, | ||
1874 | 3683 | source3/libsmb/libsmb_context.c. | ||
1875 | 3684 | - CVE-2017-12151 | ||
1876 | 3685 | * SECURITY UPDATE: Server memory information leak over SMB1 | ||
1877 | 3686 | - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write | ||
1878 | 3687 | from writing server memory to file in source3/smbd/reply.c. | ||
1879 | 3688 | - CVE-2017-12163 | ||
1880 | 3689 | |||
1881 | 3690 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400 | ||
1882 | 3691 | |||
1883 | 3692 | samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium | ||
1884 | 3693 | |||
1885 | 3694 | * d/source_samba.py: use the new recommended findmnt(8) tool to list | ||
1886 | 3695 | mountpoints and correctly filter by the cifs filesystem type. | ||
1887 | 3696 | (LP: #1703604) | ||
1888 | 3697 | |||
1889 | 3698 | -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300 | ||
1890 | 3699 | |||
1891 | 3700 | samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium | ||
1892 | 3701 | |||
1893 | 3702 | * Merge with Debian unstable (LP: #1710281). | ||
1894 | 3703 | - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide | ||
1895 | 3704 | symlinks to directories (LP: #1701073) | ||
1896 | 3705 | * Remaining changes: | ||
1897 | 3706 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1898 | 3707 | - debian/smb.conf; | ||
1899 | 3708 | + Add "(Samba, Ubuntu)" to server string. | ||
1900 | 3709 | + Comment out the default [homes] share, and add a comment about | ||
1901 | 3710 | "valid users = %s" to show users how to restrict access to | ||
1902 | 3711 | \\server\username to only username. | ||
1903 | 3712 | - debian/samba-common.config: | ||
1904 | 3713 | + Do not change priority to high if dhclient3 is installed. | ||
1905 | 3714 | - Add apport hook: | ||
1906 | 3715 | + Created debian/source_samba.py. | ||
1907 | 3716 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1908 | 3717 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1909 | 3718 | + d/t/control: enable the new DEP8 tests | ||
1910 | 3719 | + d/t/smbclient-anonymous-share-list: list available shares anonymously | ||
1911 | 3720 | + d/t/smbclient-authenticated-share-list: list available shares using | ||
1912 | 3721 | an authenticated connection | ||
1913 | 3722 | + d/t/smbclient-share-access: create a share and download a file from it | ||
1914 | 3723 | + d/t/cifs-share-access: access a file in a share using cifs | ||
1915 | 3724 | - Ask the user if we can run testparm against the config file. If yes, | ||
1916 | 3725 | include its stderr and exit status in the bug report. Otherwise, only | ||
1917 | 3726 | include the exit status. (LP #1694334) | ||
1918 | 3727 | - If systemctl is available, use it to query the status of the smbd | ||
1919 | 3728 | service before trying to reload it. Otherwise, keep the same check | ||
1920 | 3729 | as before and reload the service based on the existence of the | ||
1921 | 3730 | initscript. (LP #1579597) | ||
1922 | 3731 | - d/rules: Compile winbindd/winbindd statically. | ||
1923 | 3732 | - Disable glusterfs support because it's not in main. | ||
1924 | 3733 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1925 | 3734 | |||
1926 | 3735 | -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300 | ||
1927 | 3736 | |||
1928 | 1997 | samba (2:4.6.7+dfsg-1) unstable; urgency=medium | 3737 | samba (2:4.6.7+dfsg-1) unstable; urgency=medium |
1929 | 1998 | 3738 | ||
1930 | 1999 | * New upstream version | 3739 | * New upstream version |
1931 | @@ -2005,6 +3745,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium | |||
1932 | 2005 | 3745 | ||
1933 | 2006 | -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200 | 3746 | -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200 |
1934 | 2007 | 3747 | ||
1935 | 3748 | samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium | ||
1936 | 3749 | |||
1937 | 3750 | * Merge with Debian unstable (LP: #1700644). Remaining changes: | ||
1938 | 3751 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
1939 | 3752 | - debian/smb.conf; | ||
1940 | 3753 | + Add "(Samba, Ubuntu)" to server string. | ||
1941 | 3754 | + Comment out the default [homes] share, and add a comment about | ||
1942 | 3755 | "valid users = %s" to show users how to restrict access to | ||
1943 | 3756 | \\server\username to only username. | ||
1944 | 3757 | - debian/samba-common.config: | ||
1945 | 3758 | + Do not change priority to high if dhclient3 is installed. | ||
1946 | 3759 | - Add apport hook: | ||
1947 | 3760 | + Created debian/source_samba.py. | ||
1948 | 3761 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
1949 | 3762 | - Add extra DEP8 tests to samba (LP #1696823): | ||
1950 | 3763 | + d/t/control: enable the new DEP8 tests | ||
1951 | 3764 | + d/t/smbclient-anonymous-share-list: list available shares anonymously | ||
1952 | 3765 | + d/t/smbclient-authenticated-share-list: list available shares using | ||
1953 | 3766 | an authenticated connection | ||
1954 | 3767 | + d/t/smbclient-share-access: create a share and download a file from it | ||
1955 | 3768 | + d/t/cifs-share-access: access a file in a share using cifs | ||
1956 | 3769 | - Ask the user if we can run testparm against the config file. If yes, | ||
1957 | 3770 | include its stderr and exit status in the bug report. Otherwise, only | ||
1958 | 3771 | include the exit status. (LP #1694334) | ||
1959 | 3772 | - If systemctl is available, use it to query the status of the smbd | ||
1960 | 3773 | service before trying to reload it. Otherwise, keep the same check | ||
1961 | 3774 | as before and reload the service based on the existence of the | ||
1962 | 3775 | initscript. (LP #1579597) | ||
1963 | 3776 | * Drop: | ||
1964 | 3777 | - d/rules: Compile winbindd/winbindd statically. (LP: #1700527) | ||
1965 | 3778 | [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch | ||
1966 | 3779 | fix-1584485.patch was dropped there.] | ||
1967 | 3780 | - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
1968 | 3781 | pam_winbind krb5_ccache_type=FILE failure | ||
1969 | 3782 | [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch | ||
1970 | 3783 | in 2:4.6.5+dfsg-3 that closed Debian's bug #739768] | ||
1971 | 3784 | - debian/patches/winbind_trusted_domains.patch: make sure domain | ||
1972 | 3785 | members can talk to trusted domains DCs. | ||
1973 | 3786 | [Upstream committed a different fix, see updated patch attached to | ||
1974 | 3787 | https://bugzilla.samba.org/show_bug.cgi?id=11830] | ||
1975 | 3788 | - d/control: add libcephfs-dev as b-d to build vfs_ceph | ||
1976 | 3789 | [Adopted by Debian in 2:4.6.5+dfsg-1] | ||
1977 | 3790 | - debian/patches/CVE-2017-11103.patch: use encrypted service | ||
1978 | 3791 | name rather than unencrypted (and therefore spoofable) version | ||
1979 | 3792 | in heimdal | ||
1980 | 3793 | [Adopted by Debian as | ||
1981 | 3794 | d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch] | ||
1982 | 3795 | - Cherrypick upstream patch to fix FTBFS with new ceph lib. | ||
1983 | 3796 | [Merged upstream in 4.6.0rc1] | ||
1984 | 3797 | * Disable glusterfs support because it's not in main. | ||
1985 | 3798 | MIR bug is https://launchpad.net/bugs/1274247 | ||
1986 | 3799 | |||
1987 | 3800 | -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300 | ||
1988 | 3801 | |||
1989 | 2008 | samba (2:4.6.5+dfsg-8) unstable; urgency=medium | 3802 | samba (2:4.6.5+dfsg-8) unstable; urgency=medium |
1990 | 2009 | 3803 | ||
1991 | 2010 | * Remove dependency on update-inetd, not used anymore | 3804 | * Remove dependency on update-inetd, not used anymore |
1992 | @@ -2124,6 +3918,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium | |||
1993 | 2124 | 3918 | ||
1994 | 2125 | -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200 | 3919 | -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200 |
1995 | 2126 | 3920 | ||
1996 | 3921 | samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium | ||
1997 | 3922 | |||
1998 | 3923 | * Cherrypick upstream patch to fix FTBFS with new ceph lib. | ||
1999 | 3924 | |||
2000 | 3925 | -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100 | ||
2001 | 3926 | |||
2002 | 3927 | samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium | ||
2003 | 3928 | |||
2004 | 3929 | * SECURITY UPDATE: KDC-REP service name impersonation | ||
2005 | 3930 | - debian/patches/CVE-2017-11103.patch: use encrypted service | ||
2006 | 3931 | name rather than unencrypted (and therefore spoofable) version | ||
2007 | 3932 | in heimdal | ||
2008 | 3933 | - CVE-2017-11103 | ||
2009 | 3934 | |||
2010 | 3935 | -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700 | ||
2011 | 3936 | |||
2012 | 3937 | samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium | ||
2013 | 3938 | |||
2014 | 3939 | * No-change rebuild against libldb 1.1.29 | ||
2015 | 3940 | |||
2016 | 3941 | -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700 | ||
2017 | 3942 | |||
2018 | 3943 | samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium | ||
2019 | 3944 | |||
2020 | 3945 | * Add extra DEP8 tests to samba (LP: #1696823): | ||
2021 | 3946 | - d/t/control: enable the new DEP8 tests | ||
2022 | 3947 | - d/t/smbclient-anonymous-share-list: list available shares anonymously | ||
2023 | 3948 | - d/t/smbclient-authenticated-share-list: list available shares using | ||
2024 | 3949 | an authenticated connection | ||
2025 | 3950 | - d/t/smbclient-share-access: create a share and download a file from it | ||
2026 | 3951 | - d/t/cifs-share-access: access a file in a share using cifs | ||
2027 | 3952 | * Ask the user if we can run testparm against the config file. If yes, | ||
2028 | 3953 | include its stderr and exit status in the bug report. Otherwise, only | ||
2029 | 3954 | include the exit status. (LP: #1694334) | ||
2030 | 3955 | * If systemctl is available, use it to query the status of the smbd | ||
2031 | 3956 | service before trying to reload it. Otherwise, keep the same check | ||
2032 | 3957 | as before and reload the service based on the existence of the | ||
2033 | 3958 | initscript. (LP: #1579597) | ||
2034 | 3959 | * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind | ||
2035 | 3960 | module. There is a fixed version of that patch attached to | ||
2036 | 3961 | #1677329 but it has not been vetted yet, so for now it's best | ||
2037 | 3962 | to revert (again) so that pam_winbind can be used. | ||
2038 | 3963 | (LP: #1677329, LP: #1644428) | ||
2039 | 3964 | |||
2040 | 3965 | -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700 | ||
2041 | 3966 | |||
2042 | 3967 | samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium | ||
2043 | 3968 | |||
2044 | 3969 | * Merge from Debian unstable. Remaining changes: | ||
2045 | 3970 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2046 | 3971 | - debian/smb.conf; | ||
2047 | 3972 | + Add "(Samba, Ubuntu)" to server string. | ||
2048 | 3973 | + Comment out the default [homes] share, and add a comment about | ||
2049 | 3974 | "valid users = %s" to show users how to restrict access to | ||
2050 | 3975 | \\server\username to only username. | ||
2051 | 3976 | - debian/samba-common.config: | ||
2052 | 3977 | + Do not change priority to high if dhclient3 is installed. | ||
2053 | 3978 | - Add apport hook: | ||
2054 | 3979 | + Created debian/source_samba.py. | ||
2055 | 3980 | + debian/rules, debian/samba-common-bin.install: install hook. | ||
2056 | 3981 | - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2057 | 3982 | pam_winbind krb5_ccache_type=FILE failure | ||
2058 | 3983 | - debian/patches/winbind_trusted_domains.patch: make sure domain | ||
2059 | 3984 | members can talk to trusted domains DCs. | ||
2060 | 3985 | - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind | ||
2061 | 3986 | to be statically linked | ||
2062 | 3987 | - d/rules: Compile winbindd/winbindd statically. | ||
2063 | 3988 | - d/control: add libcephfs-dev as b-d to build vfs_ceph | ||
2064 | 3989 | |||
2065 | 3990 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400 | ||
2066 | 3991 | |||
2067 | 2127 | samba (2:4.5.8+dfsg-2) unstable; urgency=high | 3992 | samba (2:4.5.8+dfsg-2) unstable; urgency=high |
2068 | 2128 | 3993 | ||
2069 | 2129 | * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside | 3994 | * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside |
2070 | @@ -2138,6 +4003,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high | |||
2071 | 2138 | 4003 | ||
2072 | 2139 | -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200 | 4004 | -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200 |
2073 | 2140 | 4005 | ||
2074 | 4006 | samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium | ||
2075 | 4007 | |||
2076 | 4008 | * SECURITY UPDATE: remote code execution from a writable share | ||
2077 | 4009 | - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a | ||
2078 | 4010 | slash inside in source3/rpc_server/srv_pipe.c. | ||
2079 | 4011 | - CVE-2017-7494 | ||
2080 | 4012 | |||
2081 | 4013 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400 | ||
2082 | 4014 | |||
2083 | 4015 | samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium | ||
2084 | 4016 | |||
2085 | 4017 | * SECURITY UPDATE: Symlink race allows access outside share definition | ||
2086 | 4018 | - Updated to new upstream release 4.5.8. | ||
2087 | 4019 | - CVE-2017-2619 | ||
2088 | 4020 | |||
2089 | 4021 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400 | ||
2090 | 4022 | |||
2091 | 2141 | samba (2:4.5.6+dfsg-2) unstable; urgency=high | 4023 | samba (2:4.5.6+dfsg-2) unstable; urgency=high |
2092 | 2142 | 4024 | ||
2093 | 2143 | * This is a security release in order to address the following defects: | 4025 | * This is a security release in order to address the following defects: |
2094 | @@ -2167,6 +4049,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium | |||
2095 | 2167 | 4049 | ||
2096 | 2168 | -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100 | 4050 | -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100 |
2097 | 2169 | 4051 | ||
2098 | 4052 | samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium | ||
2099 | 4053 | |||
2100 | 4054 | * d/control: add libcephfs-dev as b-d to build vfs_ceph | ||
2101 | 4055 | (LP: #1668940). | ||
2102 | 4056 | |||
2103 | 4057 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800 | ||
2104 | 4058 | |||
2105 | 4059 | samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium | ||
2106 | 4060 | |||
2107 | 4061 | * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining | ||
2108 | 4062 | changes: | ||
2109 | 4063 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2110 | 4064 | + debian/smb.conf; | ||
2111 | 4065 | - Add "(Samba, Ubuntu)" to server string. | ||
2112 | 4066 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2113 | 4067 | to show users how to restrict access to \\server\username to only username. | ||
2114 | 4068 | + debian/samba-common.config: | ||
2115 | 4069 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2116 | 4070 | + Add apport hook: | ||
2117 | 4071 | - Created debian/source_samba.py. | ||
2118 | 4072 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2119 | 4073 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2120 | 4074 | pam_winbind krb5_ccache_type=FILE failure (LP #1310919) | ||
2121 | 4075 | + debian/patches/winbind_trusted_domains.patch: make sure domain members | ||
2122 | 4076 | can talk to trusted domains DCs. | ||
2123 | 4077 | [ update patch based upon upstream discussion ] | ||
2124 | 4078 | + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind | ||
2125 | 4079 | to be statically linked fixes LP #1584485. | ||
2126 | 4080 | + d/rules: Compile winbindd/winbindd statically. | ||
2127 | 4081 | * Drop: | ||
2128 | 4082 | - Delete debian/.gitignore | ||
2129 | 4083 | [ Previously undocumented ] | ||
2130 | 4084 | - debian/patches/git_smbclient_cpu.patch: | ||
2131 | 4085 | + backport upstream patch to fix smbclient users hanging/eating cpu on | ||
2132 | 4086 | trying to contact a machine which is not there (lp #1572260) | ||
2133 | 4087 | [ Fixed upstream ] | ||
2134 | 4088 | - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing | ||
2135 | 4089 | + debian/patches/CVE-2016-2123.patch: check lengths in | ||
2136 | 4090 | librpc/ndr/ndr_dnsp.c. | ||
2137 | 4091 | + CVE-2016-2123 | ||
2138 | 4092 | [ Fixed in Debian ] | ||
2139 | 4093 | - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers | ||
2140 | 4094 | + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in | ||
2141 | 4095 | source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, | ||
2142 | 4096 | source4/auth/gensec/gensec_gssapi.c. | ||
2143 | 4097 | + CVE-2016-2125 | ||
2144 | 4098 | [ Fixed in Debian ] | ||
2145 | 4099 | - SECURITY UPDATE: privilege elevation in Kerberos PAC validation | ||
2146 | 4100 | + debian/patches/CVE-2016-2126.patch: only allow known checksum types | ||
2147 | 4101 | in auth/kerberos/kerberos_pac.c. | ||
2148 | 4102 | + CVE-2016-2126 | ||
2149 | 4103 | [ Fixed in Debian ] | ||
2150 | 4104 | |||
2151 | 4105 | -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800 | ||
2152 | 4106 | |||
2153 | 2170 | samba (2:4.5.4+dfsg-1) unstable; urgency=medium | 4107 | samba (2:4.5.4+dfsg-1) unstable; urgency=medium |
2154 | 2171 | 4108 | ||
2155 | 2172 | [ Mathieu Parent ] | 4109 | [ Mathieu Parent ] |
2156 | @@ -2294,6 +4231,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium | |||
2157 | 2294 | 4231 | ||
2158 | 2295 | -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200 | 4232 | -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200 |
2159 | 2296 | 4233 | ||
2160 | 4234 | samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium | ||
2161 | 4235 | |||
2162 | 4236 | * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing | ||
2163 | 4237 | - debian/patches/CVE-2016-2123.patch: check lengths in | ||
2164 | 4238 | librpc/ndr/ndr_dnsp.c. | ||
2165 | 4239 | - CVE-2016-2123 | ||
2166 | 4240 | * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers | ||
2167 | 4241 | - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in | ||
2168 | 4242 | source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, | ||
2169 | 4243 | source4/auth/gensec/gensec_gssapi.c. | ||
2170 | 4244 | - CVE-2016-2125 | ||
2171 | 4245 | * SECURITY UPDATE: privilege elevation in Kerberos PAC validation | ||
2172 | 4246 | - debian/patches/CVE-2016-2126.patch: only allow known checksum types | ||
2173 | 4247 | in auth/kerberos/kerberos_pac.c. | ||
2174 | 4248 | - CVE-2016-2126 | ||
2175 | 4249 | |||
2176 | 4250 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500 | ||
2177 | 4251 | |||
2178 | 4252 | samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high | ||
2179 | 4253 | |||
2180 | 4254 | * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind | ||
2181 | 4255 | to be statically linked fixes LP: #1584485. | ||
2182 | 4256 | |||
2183 | 4257 | * d/rules: Compile winbindd/winbindd statically. | ||
2184 | 4258 | |||
2185 | 4259 | -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100 | ||
2186 | 4260 | |||
2187 | 4261 | samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium | ||
2188 | 4262 | |||
2189 | 4263 | * No-change rebuild for readline soname change. | ||
2190 | 4264 | |||
2191 | 4265 | -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000 | ||
2192 | 4266 | |||
2193 | 4267 | samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium | ||
2194 | 4268 | |||
2195 | 4269 | * No-change rebuild for readline soname change. | ||
2196 | 4270 | |||
2197 | 4271 | -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000 | ||
2198 | 4272 | |||
2199 | 4273 | samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium | ||
2200 | 4274 | |||
2201 | 4275 | * debian/patches/git_smbclient_cpu.patch: | ||
2202 | 4276 | - backport upstream patch to fix smbclient users hanging/eating cpu on | ||
2203 | 4277 | trying to contact a machine which is not there (lp: #1572260) | ||
2204 | 4278 | |||
2205 | 4279 | -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200 | ||
2206 | 4280 | |||
2207 | 4281 | samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low | ||
2208 | 4282 | |||
2209 | 4283 | * Merge from Debian unstable. Remaining changes: | ||
2210 | 4284 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2211 | 4285 | + debian/smb.conf; | ||
2212 | 4286 | - Add "(Samba, Ubuntu)" to server string. | ||
2213 | 4287 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2214 | 4288 | to show users how to restrict access to \\server\username to only username. | ||
2215 | 4289 | + debian/samba-common.config: | ||
2216 | 4290 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2217 | 4291 | + Add apport hook: | ||
2218 | 4292 | - Created debian/source_samba.py. | ||
2219 | 4293 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2220 | 4294 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2221 | 4295 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2222 | 4296 | + debian/patches/winbind_trusted_domains.patch: make sure domain members | ||
2223 | 4297 | can talk to trusted domains DCs. | ||
2224 | 4298 | * Dropped changes: | ||
2225 | 4299 | - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was | ||
2226 | 4300 | never done in Debian, revert. | ||
2227 | 4301 | - ufw integration: included in Debian. | ||
2228 | 4302 | |||
2229 | 4303 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700 | ||
2230 | 4304 | |||
2231 | 2297 | samba (2:4.4.5+dfsg-2) unstable; urgency=medium | 4305 | samba (2:4.4.5+dfsg-2) unstable; urgency=medium |
2232 | 2298 | 4306 | ||
2233 | 2299 | * Disable running of 'make quicktest' during build, as it takes very | 4307 | * Disable running of 'make quicktest' during build, as it takes very |
2234 | @@ -2421,6 +4429,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium | |||
2235 | 2421 | 4429 | ||
2236 | 2422 | -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200 | 4430 | -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200 |
2237 | 2423 | 4431 | ||
2238 | 4432 | samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium | ||
2239 | 4433 | |||
2240 | 4434 | * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in | ||
2241 | 4435 | the previous security updates. (LP: #1577739) | ||
2242 | 4436 | - debian/control: bump tevent Build-Depends to 0.9.28. | ||
2243 | 4437 | * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576) | ||
2244 | 4438 | - debian/patches/samba-bug11912.patch: let msrpc_parse() return | ||
2245 | 4439 | talloc'ed empty strings in libcli/auth/msrpc_parse.c. | ||
2246 | 4440 | - debian/patches/samba-bug11914.patch: make | ||
2247 | 4441 | ntlm_auth_generate_session_info() more complete in | ||
2248 | 4442 | source3/utils/ntlm_auth.c. | ||
2249 | 4443 | |||
2250 | 4444 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400 | ||
2251 | 4445 | |||
2252 | 2424 | samba (2:4.3.8+dfsg-1) unstable; urgency=low | 4446 | samba (2:4.3.8+dfsg-1) unstable; urgency=low |
2253 | 2425 | 4447 | ||
2254 | 2426 | [ Jelmer Vernooij ] | 4448 | [ Jelmer Vernooij ] |
2255 | @@ -2435,6 +4457,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low | |||
2256 | 2435 | 4457 | ||
2257 | 2436 | -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000 | 4458 | -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000 |
2258 | 2437 | 4459 | ||
2259 | 4460 | samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium | ||
2260 | 4461 | |||
2261 | 4462 | * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues | ||
2262 | 4463 | - CVE-2015-5370: Multiple errors in DCE-RPC code | ||
2263 | 4464 | - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP | ||
2264 | 4465 | - CVE-2016-2111: NETLOGON Spoofing Vulnerability | ||
2265 | 4466 | - CVE-2016-2112: The LDAP client and server don't enforce integrity | ||
2266 | 4467 | protection | ||
2267 | 4468 | - CVE-2016-2113: Missing TLS certificate validation allows man in the | ||
2268 | 4469 | middle attacks | ||
2269 | 4470 | - CVE-2016-2114: "server signing = mandatory" not enforced | ||
2270 | 4471 | - CVE-2016-2115: SMB client connections for IPC traffic are not | ||
2271 | 4472 | integrity protected | ||
2272 | 4473 | - CVE-2016-2118: SAMR and LSA man in the middle attacks possible | ||
2273 | 4474 | * debian/patches/winbind_trusted_domains.patch: make sure domain members | ||
2274 | 4475 | can talk to trusted domains DCs. | ||
2275 | 4476 | |||
2276 | 4477 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400 | ||
2277 | 4478 | |||
2278 | 2438 | samba (2:4.3.7+dfsg-1) unstable; urgency=high | 4479 | samba (2:4.3.7+dfsg-1) unstable; urgency=high |
2279 | 2439 | 4480 | ||
2280 | 2440 | * New upstream release. | 4481 | * New upstream release. |
2281 | @@ -2477,6 +4518,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low | |||
2282 | 2477 | 4518 | ||
2283 | 2478 | -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200 | 4519 | -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200 |
2284 | 2479 | 4520 | ||
2285 | 4521 | samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium | ||
2286 | 4522 | |||
2287 | 4523 | * Merge with Debian; remaining changes: | ||
2288 | 4524 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2289 | 4525 | + debian/smb.conf; | ||
2290 | 4526 | - Add "(Samba, Ubuntu)" to server string. | ||
2291 | 4527 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2292 | 4528 | to show users how to restrict access to \\server\username to only username. | ||
2293 | 4529 | + debian/samba-common.config: | ||
2294 | 4530 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2295 | 4531 | + debian/control: | ||
2296 | 4532 | - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev | ||
2297 | 4533 | + Add ufw integration: | ||
2298 | 4534 | - Created debian/samba.ufw.profile: | ||
2299 | 4535 | - debian/rules, debian/samba.install: install profile | ||
2300 | 4536 | + Add apport hook: | ||
2301 | 4537 | - Created debian/source_samba.py. | ||
2302 | 4538 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2303 | 4539 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2304 | 4540 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2305 | 4541 | |||
2306 | 4542 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500 | ||
2307 | 4543 | |||
2308 | 2480 | samba (2:4.3.6+dfsg-1) unstable; urgency=medium | 4544 | samba (2:4.3.6+dfsg-1) unstable; urgency=medium |
2309 | 2481 | 4545 | ||
2310 | 2482 | * New upstream release. | 4546 | * New upstream release. |
2311 | @@ -2522,6 +4586,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium | |||
2312 | 2522 | 4586 | ||
2313 | 2523 | -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100 | 4587 | -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100 |
2314 | 2524 | 4588 | ||
2315 | 4589 | samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium | ||
2316 | 4590 | |||
2317 | 4591 | * No-change rebuild for gnutls transition. | ||
2318 | 4592 | |||
2319 | 4593 | -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000 | ||
2320 | 4594 | |||
2321 | 4595 | samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium | ||
2322 | 4596 | |||
2323 | 4597 | * Fixes regression introduced by debian/patches/CVE-2015-5252.patch. | ||
2324 | 4598 | (LP: #1545750) | ||
2325 | 4599 | |||
2326 | 4600 | -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100 | ||
2327 | 4601 | |||
2328 | 4602 | samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium | ||
2329 | 4603 | |||
2330 | 4604 | * Merge with Debian; remaining changes: | ||
2331 | 4605 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2332 | 4606 | + debian/smb.conf; | ||
2333 | 4607 | - Add "(Samba, Ubuntu)" to server string. | ||
2334 | 4608 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2335 | 4609 | to show users how to restrict access to \\server\username to only username. | ||
2336 | 4610 | + debian/samba-common.config: | ||
2337 | 4611 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2338 | 4612 | + debian/control: | ||
2339 | 4613 | - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev | ||
2340 | 4614 | + Add ufw integration: | ||
2341 | 4615 | - Created debian/samba.ufw.profile: | ||
2342 | 4616 | - debian/rules, debian/samba.install: install profile | ||
2343 | 4617 | + Add apport hook: | ||
2344 | 4618 | - Created debian/source_samba.py. | ||
2345 | 4619 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2346 | 4620 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2347 | 4621 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2348 | 4622 | |||
2349 | 4623 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500 | ||
2350 | 4624 | |||
2351 | 2525 | samba (2:4.3.3+dfsg-1) unstable; urgency=medium | 4625 | samba (2:4.3.3+dfsg-1) unstable; urgency=medium |
2352 | 2526 | 4626 | ||
2353 | 2527 | * New upstream release. Closes: #808133. | 4627 | * New upstream release. Closes: #808133. |
2354 | @@ -2606,6 +4706,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium | |||
2355 | 2606 | 4706 | ||
2356 | 2607 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000 | 4707 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000 |
2357 | 2608 | 4708 | ||
2358 | 4709 | samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium | ||
2359 | 4710 | |||
2360 | 4711 | * Resolve small merge error in the rules | ||
2361 | 4712 | |||
2362 | 4713 | -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100 | ||
2363 | 4714 | |||
2364 | 4715 | samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium | ||
2365 | 4716 | |||
2366 | 4717 | * Backport Debian change to remove libpam-smbpasswd, it segfaults | ||
2367 | 4718 | leading to non working session (lp: #1515207) | ||
2368 | 4719 | |||
2369 | 4720 | -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100 | ||
2370 | 4721 | |||
2371 | 4722 | samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium | ||
2372 | 4723 | |||
2373 | 4724 | * Build with the new ldb | ||
2374 | 4725 | |||
2375 | 4726 | -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100 | ||
2376 | 4727 | |||
2377 | 4728 | samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium | ||
2378 | 4729 | |||
2379 | 4730 | * debian/samba.logrotate: | ||
2380 | 4731 | - revert to Debian version of the logrotate reload command, fix an | ||
2381 | 4732 | invalid syntax introduced in the upstart->systemd transition | ||
2382 | 4733 | (lp: #1385868) | ||
2383 | 4734 | |||
2384 | 4735 | -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100 | ||
2385 | 4736 | |||
2386 | 4737 | samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium | ||
2387 | 4738 | |||
2388 | 4739 | * Merge with Debian; remaining changes: | ||
2389 | 4740 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2390 | 4741 | + debian/smb.conf; | ||
2391 | 4742 | - Add "(Samba, Ubuntu)" to server string. | ||
2392 | 4743 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2393 | 4744 | to show users how to restrict access to \\server\username to only username. | ||
2394 | 4745 | + debian/samba-common.config: | ||
2395 | 4746 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2396 | 4747 | + debian/control: | ||
2397 | 4748 | - Don't build against or suggest ctdb and tdb. | ||
2398 | 4749 | - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev | ||
2399 | 4750 | + debian/rules: | ||
2400 | 4751 | - Drop explicit configuration options for ctdb and tdb. | ||
2401 | 4752 | + Add ufw integration: | ||
2402 | 4753 | - Created debian/samba.ufw.profile: | ||
2403 | 4754 | - debian/rules, debian/samba.install: install profile | ||
2404 | 4755 | + Add apport hook: | ||
2405 | 4756 | - Created debian/source_samba.py. | ||
2406 | 4757 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2407 | 4758 | + debian/samba.logrotate: use service command to reload (send SIGHUP) the main | ||
2408 | 4759 | processes such that it works under both upstart and systemd. | ||
2409 | 4760 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2410 | 4761 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2411 | 4762 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2412 | 4763 | |||
2413 | 4764 | -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200 | ||
2414 | 4765 | |||
2415 | 2609 | samba (2:4.1.20+dfsg-1) unstable; urgency=medium | 4766 | samba (2:4.1.20+dfsg-1) unstable; urgency=medium |
2416 | 2610 | 4767 | ||
2417 | 2611 | * New upstream release (last compatible with current OpenChange). | 4768 | * New upstream release (last compatible with current OpenChange). |
2418 | @@ -2619,6 +4776,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium | |||
2419 | 2619 | 4776 | ||
2420 | 2620 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000 | 4777 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000 |
2421 | 2621 | 4778 | ||
2422 | 4779 | samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium | ||
2423 | 4780 | |||
2424 | 4781 | * debian/control: | ||
2425 | 4782 | - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev | ||
2426 | 4783 | |||
2427 | 4784 | -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200 | ||
2428 | 4785 | |||
2429 | 4786 | samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium | ||
2430 | 4787 | |||
2431 | 4788 | * Merge from Debian unstable. Remaining changes: | ||
2432 | 4789 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2433 | 4790 | + debian/smb.conf; | ||
2434 | 4791 | - Add "(Samba, Ubuntu)" to server string. | ||
2435 | 4792 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2436 | 4793 | to show users how to restrict access to \\server\username to only username. | ||
2437 | 4794 | + debian/samba-common.config: | ||
2438 | 4795 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2439 | 4796 | + debian/control: | ||
2440 | 4797 | - Don't build against or suggest ctdb and tdb. | ||
2441 | 4798 | + debian/rules: | ||
2442 | 4799 | - Drop explicit configuration options for ctdb and tdb. | ||
2443 | 4800 | + Add ufw integration: | ||
2444 | 4801 | - Created debian/samba.ufw.profile: | ||
2445 | 4802 | - debian/rules, debian/samba.install: install profile | ||
2446 | 4803 | + Add apport hook: | ||
2447 | 4804 | - Created debian/source_samba.py. | ||
2448 | 4805 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2449 | 4806 | + debian/samba.logrotate: use service command to reload (send SIGHUP) the main | ||
2450 | 4807 | processes such that it works under both upstart and systemd. | ||
2451 | 4808 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2452 | 4809 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2453 | 4810 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2454 | 4811 | + debian/patches/git_timeout_client_error.patch: | ||
2455 | 4812 | - don't let smb mounts timeout that leads to errors when trying to | ||
2456 | 4813 | reuse a mount after idling for a while in e.g nautilus (lp: #310932) | ||
2457 | 4814 | |||
2458 | 4815 | -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200 | ||
2459 | 4816 | |||
2460 | 2622 | samba (2:4.1.17+dfsg-4) unstable; urgency=medium | 4817 | samba (2:4.1.17+dfsg-4) unstable; urgency=medium |
2461 | 2623 | 4818 | ||
2462 | 2624 | * Add pidl_reproducible.patch: Make pidl output reproducible. | 4819 | * Add pidl_reproducible.patch: Make pidl output reproducible. |
2463 | @@ -2655,6 +4850,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high | |||
2464 | 2655 | 4850 | ||
2465 | 2656 | -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100 | 4851 | -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100 |
2466 | 2657 | 4852 | ||
2467 | 4853 | samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium | ||
2468 | 4854 | |||
2469 | 4855 | * debian/patches/git_timeout_client_error.patch: | ||
2470 | 4856 | - don't let smb mounts timeout that leads to errors when trying to | ||
2471 | 4857 | reuse a mount after idling for a while in e.g nautilus (lp: #310932) | ||
2472 | 4858 | |||
2473 | 4859 | -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200 | ||
2474 | 4860 | |||
2475 | 4861 | samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium | ||
2476 | 4862 | |||
2477 | 4863 | * SECURITY UPDATE: code execution vulnerability in smbd daemon | ||
2478 | 4864 | - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an | ||
2479 | 4865 | uninitialized pointer and don't dereference a NULL pointer in | ||
2480 | 4866 | source3/rpc_server/netlogon/srv_netlog_nt.c. | ||
2481 | 4867 | - CVE-2015-0240 | ||
2482 | 4868 | |||
2483 | 4869 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500 | ||
2484 | 4870 | |||
2485 | 4871 | samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low | ||
2486 | 4872 | |||
2487 | 4873 | * Merge from Debian unstable. Remaining changes: | ||
2488 | 4874 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2489 | 4875 | + debian/smb.conf; | ||
2490 | 4876 | - Add "(Samba, Ubuntu)" to server string. | ||
2491 | 4877 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2492 | 4878 | to show users how to restrict access to \\server\username to only username. | ||
2493 | 4879 | + debian/samba-common.config: | ||
2494 | 4880 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2495 | 4881 | + debian/control: | ||
2496 | 4882 | - Don't build against or suggest ctdb and tdb. | ||
2497 | 4883 | + debian/rules: | ||
2498 | 4884 | - Drop explicit configuration options for ctdb and tdb. | ||
2499 | 4885 | + Add ufw integration: | ||
2500 | 4886 | - Created debian/samba.ufw.profile: | ||
2501 | 4887 | - debian/rules, debian/samba.install: install profile | ||
2502 | 4888 | + Add apport hook: | ||
2503 | 4889 | - Created debian/source_samba.py. | ||
2504 | 4890 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2505 | 4891 | + debian/samba.logrotate: use service command to reload (send SIGHUP) the main | ||
2506 | 4892 | processes such that it works under both upstart and systemd. | ||
2507 | 4893 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2508 | 4894 | + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2509 | 4895 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2510 | 4896 | + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143. | ||
2511 | 4897 | |||
2512 | 4898 | -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100 | ||
2513 | 4899 | |||
2514 | 2658 | samba (2:4.1.13+dfsg-4) unstable; urgency=medium | 4900 | samba (2:4.1.13+dfsg-4) unstable; urgency=medium |
2515 | 2659 | 4901 | ||
2516 | 2660 | * Revert previous patch, since ldb has an active module version check. | 4902 | * Revert previous patch, since ldb has an active module version check. |
2517 | @@ -2697,6 +4939,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium | |||
2518 | 2697 | 4939 | ||
2519 | 2698 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200 | 4940 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200 |
2520 | 2699 | 4941 | ||
2521 | 4942 | samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium | ||
2522 | 4943 | |||
2523 | 4944 | * SECURITY UPDATE: elevation of privilege to AD Domain Controller | ||
2524 | 4945 | - debian/patches/CVE-2014-8143.patch: check for extended access rights | ||
2525 | 4946 | before allowing changes to userAccountControl in | ||
2526 | 4947 | librpc/idl/security.idl, source4/auth/session.c, | ||
2527 | 4948 | source4/dsdb/common/util.c, source4/dsdb/pydsdb.c, | ||
2528 | 4949 | source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h, | ||
2529 | 4950 | source4/rpc_server/lsa/dcesrv_lsa.c, | ||
2530 | 4951 | source4/setup/schema_samba4.ldif. | ||
2531 | 4952 | - CVE-2014-8143 | ||
2532 | 4953 | |||
2533 | 4954 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500 | ||
2534 | 4955 | |||
2535 | 4956 | samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium | ||
2536 | 4957 | |||
2537 | 4958 | * No-change rebuild against current ldb. Note that I'm not claiming the | ||
2538 | 4959 | merging for this package. | ||
2539 | 4960 | |||
2540 | 4961 | -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100 | ||
2541 | 4962 | |||
2542 | 4963 | samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium | ||
2543 | 4964 | |||
2544 | 4965 | * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for | ||
2545 | 4966 | pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) | ||
2546 | 4967 | |||
2547 | 4968 | -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500 | ||
2548 | 4969 | |||
2549 | 4970 | samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium | ||
2550 | 4971 | |||
2551 | 4972 | * Merge from Debian unstable. Remaining changes: | ||
2552 | 4973 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2553 | 4974 | + debian/smb.conf; | ||
2554 | 4975 | - Add "(Samba, Ubuntu)" to server string. | ||
2555 | 4976 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2556 | 4977 | to show users how to restrict access to \\server\username to only username. | ||
2557 | 4978 | + debian/samba-common.config: | ||
2558 | 4979 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2559 | 4980 | + debian/control: | ||
2560 | 4981 | - Don't build against or suggest ctdb and tdb. | ||
2561 | 4982 | + debian/rules: | ||
2562 | 4983 | - Drop explicit configuration options for ctdb and tdb. | ||
2563 | 4984 | + Add ufw integration: | ||
2564 | 4985 | - Created debian/samba.ufw.profile: | ||
2565 | 4986 | - debian/rules, debian/samba.install: install profile | ||
2566 | 4987 | + Add apport hook: | ||
2567 | 4988 | - Created debian/source_samba.py. | ||
2568 | 4989 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2569 | 4990 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2570 | 4991 | of hacking arround with pid files. | ||
2571 | 4992 | + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, | ||
2572 | 4993 | first dummy transitional package version. | ||
2573 | 4994 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2574 | 4995 | |||
2575 | 4996 | * In logrotate, use service command to reload (send SIGHUP) the main | ||
2576 | 4997 | processes such that it works under both upstart and systemd. | ||
2577 | 4998 | * Drop CVE patches, applied upstream. | ||
2578 | 4999 | * Drop patches absent from series: readline-ftbfs.patch, | ||
2579 | 5000 | krb5_kt_start_seq.diff, config-bind99.patch | ||
2580 | 5001 | * Drop debian/source/include-binaries, pyc files are correctly cleaned up | ||
2581 | 5002 | |||
2582 | 5003 | -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100 | ||
2583 | 5004 | |||
2584 | 2700 | samba (2:4.1.11+dfsg-1) unstable; urgency=high | 5005 | samba (2:4.1.11+dfsg-1) unstable; urgency=high |
2585 | 2701 | 5006 | ||
2586 | 2702 | * New upstream release. Fixes: | 5007 | * New upstream release. Fixes: |
2587 | @@ -2732,6 +5037,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high | |||
2588 | 2732 | 5037 | ||
2589 | 2733 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200 | 5038 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200 |
2590 | 2734 | 5039 | ||
2591 | 5040 | samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium | ||
2592 | 5041 | |||
2593 | 5042 | * SECURITY UPDATE: remote code execution on unauthenticated nmbd | ||
2594 | 5043 | - debian/patches/CVE-2014-3560.patch: fix unstrcpy in | ||
2595 | 5044 | lib/util/string_wrappers.h. | ||
2596 | 5045 | - CVE-2014-3560 | ||
2597 | 5046 | |||
2598 | 5047 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400 | ||
2599 | 5048 | |||
2600 | 5049 | samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium | ||
2601 | 5050 | |||
2602 | 5051 | * SECURITY UPDATE: denial of service on nmbd malformed packet | ||
2603 | 5052 | - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in | ||
2604 | 5053 | source3/lib/system.c. | ||
2605 | 5054 | - CVE-2014-0244 | ||
2606 | 5055 | * SECURITY UPDATE: denial of service via bad unicode conversion | ||
2607 | 5056 | - debian/patches/CVE-2014-3493.patch: refactor code in | ||
2608 | 5057 | source3/lib/charcnv.c, change return code checks in | ||
2609 | 5058 | source3/libsmb/clirap.c, source3/smbd/lanman.c. | ||
2610 | 5059 | - CVE-2014-3493 | ||
2611 | 5060 | |||
2612 | 5061 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400 | ||
2613 | 5062 | |||
2614 | 5063 | samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low | ||
2615 | 5064 | |||
2616 | 5065 | * Merge from Debian unstable. Remaining changes: | ||
2617 | 5066 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2618 | 5067 | + debian/smb.conf; | ||
2619 | 5068 | - Add "(Samba, Ubuntu)" to server string. | ||
2620 | 5069 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2621 | 5070 | to show users how to restrict access to \\server\username to only username. | ||
2622 | 5071 | + debian/samba-common.config: | ||
2623 | 5072 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2624 | 5073 | + debian/control: | ||
2625 | 5074 | - Don't build against or suggest ctdb and tdb. | ||
2626 | 5075 | + debian/rules: | ||
2627 | 5076 | - Drop explicit configuration options for ctdb and tdb. | ||
2628 | 5077 | + Add ufw integration: | ||
2629 | 5078 | - Created debian/samba.ufw.profile: | ||
2630 | 5079 | - debian/rules, debian/samba.install: install profile | ||
2631 | 5080 | + Add apport hook: | ||
2632 | 5081 | - Created debian/source_samba.py. | ||
2633 | 5082 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2634 | 5083 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2635 | 5084 | of hacking arround with pid files. | ||
2636 | 5085 | + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, | ||
2637 | 5086 | first dummy transitional package version. | ||
2638 | 5087 | + Dropped patches: | ||
2639 | 5088 | - debian/patches/CVE-2013-4496.patch: Dropped no longer needed | ||
2640 | 5089 | - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. | ||
2641 | 5090 | - debian/patches/readline-ftbfs.patch: Use the debian version. | ||
2642 | 5091 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2643 | 5092 | (LP: #1268180) | ||
2644 | 5093 | |||
2645 | 5094 | -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400 | ||
2646 | 5095 | |||
2647 | 2735 | samba (2:4.1.8+dfsg-1) unstable; urgency=medium | 5096 | samba (2:4.1.8+dfsg-1) unstable; urgency=medium |
2648 | 2736 | 5097 | ||
2649 | 2737 | [ Jelmer Vernooij ] | 5098 | [ Jelmer Vernooij ] |
2650 | @@ -2769,6 +5130,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium | |||
2651 | 2769 | 5130 | ||
2652 | 2770 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200 | 5131 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200 |
2653 | 2771 | 5132 | ||
2654 | 5133 | samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium | ||
2655 | 5134 | |||
2656 | 5135 | * Set the stack size to unlimited during the build to avoid a SIGBUS in | ||
2657 | 5136 | xsltproc on some architectures. | ||
2658 | 5137 | |||
2659 | 5138 | -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100 | ||
2660 | 5139 | |||
2661 | 5140 | samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium | ||
2662 | 5141 | |||
2663 | 5142 | * Backport from unstable (Ivo De Decker): | ||
2664 | 5143 | - Build-depend on heimdal-dev. | ||
2665 | 5144 | |||
2666 | 5145 | -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100 | ||
2667 | 5146 | |||
2668 | 5147 | samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high | ||
2669 | 5148 | |||
2670 | 5149 | * No change rebuild against new dh_installinit, to call update-rc.d at | ||
2671 | 5150 | postinst. | ||
2672 | 5151 | |||
2673 | 5152 | -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100 | ||
2674 | 5153 | |||
2675 | 5154 | samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium | ||
2676 | 5155 | |||
2677 | 5156 | * cherrypick upstream patch 1310919 to fix pam_winbind regression | ||
2678 | 5157 | (LP: #1310919) | ||
2679 | 5158 | |||
2680 | 5159 | -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500 | ||
2681 | 5160 | |||
2682 | 5161 | samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium | ||
2683 | 5162 | |||
2684 | 5163 | * Fix a grammatical error in smb.conf that showed up in a ucf prompt on | ||
2685 | 5164 | upgrade. | ||
2686 | 5165 | |||
2687 | 5166 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700 | ||
2688 | 5167 | |||
2689 | 5168 | samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low | ||
2690 | 5169 | |||
2691 | 5170 | * Merge from Debian unstable. Remaining changes: | ||
2692 | 5171 | + debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2693 | 5172 | + debian/smb.conf; | ||
2694 | 5173 | - Add "(Samba, Ubuntu)" to server string. | ||
2695 | 5174 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2696 | 5175 | to show users how to restrict access to \\server\username to only username. | ||
2697 | 5176 | + debian/samba-common.config: | ||
2698 | 5177 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2699 | 5178 | + debian/control: | ||
2700 | 5179 | - Don't build against or suggest ctdb and tdb. | ||
2701 | 5180 | + debian/rules: | ||
2702 | 5181 | - Drop explicit configuration options for ctdb and tdb. | ||
2703 | 5182 | + Add ufw integration: | ||
2704 | 5183 | - Created debian/samba.ufw.profile: | ||
2705 | 5184 | - debian/rules, debian/samba.install: install profile | ||
2706 | 5185 | + Add apport hook: | ||
2707 | 5186 | - Created debian/source_samba.py. | ||
2708 | 5187 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2709 | 5188 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2710 | 5189 | of hacking arround with pid files. | ||
2711 | 5190 | + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, | ||
2712 | 5191 | first dummy transitional package version. | ||
2713 | 5192 | + Dropped patches: | ||
2714 | 5193 | - debian/patches/CVE-2013-4496.patch: Dropped no longer needed | ||
2715 | 5194 | - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. | ||
2716 | 5195 | - debian/patches/readline-ftbfs.patch: Use the debian version. | ||
2717 | 5196 | + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. | ||
2718 | 5197 | (LP: #1268180) | ||
2719 | 5198 | |||
2720 | 5199 | -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400 | ||
2721 | 5200 | |||
2722 | 2772 | samba (2:4.1.6+dfsg-1) unstable; urgency=high | 5201 | samba (2:4.1.6+dfsg-1) unstable; urgency=high |
2723 | 2773 | 5202 | ||
2724 | 2774 | * New upstream security release. Fixes: | 5203 | * New upstream security release. Fixes: |
2725 | @@ -2828,6 +5257,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium | |||
2726 | 2828 | 5257 | ||
2727 | 2829 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100 | 5258 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100 |
2728 | 2830 | 5259 | ||
2729 | 5260 | samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium | ||
2730 | 5261 | |||
2731 | 5262 | * debian/smb.conf: comment back some of the "share definitions" | ||
2732 | 5263 | options (including "valid users"). That was an Ubuntu diff and seems to | ||
2733 | 5264 | have been dropped in the trusty merge. Those changes seem needed to | ||
2734 | 5265 | get the usershare feature working (used by nautilus-share) (lp: #1261873) | ||
2735 | 5266 | |||
2736 | 5267 | -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200 | ||
2737 | 5268 | |||
2738 | 5269 | samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium | ||
2739 | 5270 | |||
2740 | 5271 | * SECURITY UPDATE: Password lockout not enforced for SAMR password | ||
2741 | 5272 | changes | ||
2742 | 5273 | - debian/patches/CVE-2013-4496.patch: refactor password lockout code in | ||
2743 | 5274 | source3/auth/check_samsec.c, | ||
2744 | 5275 | source3/rpc_server/samr/srv_samr_chgpasswd.c, | ||
2745 | 5276 | source3/rpc_server/samr/srv_samr_nt.c, | ||
2746 | 5277 | source3/smbd/lanman.c, | ||
2747 | 5278 | source4/rpc_server/samr/samr_password.c, | ||
2748 | 5279 | source4/torture/rpc/samr.c. | ||
2749 | 5280 | - CVE-2013-4496 | ||
2750 | 5281 | * SECURITY UPDATE: smbcacls can remove a file or directory ACL by | ||
2751 | 5282 | mistake | ||
2752 | 5283 | - debian/patches/CVE-2013-6442.patch: handle existing ACL in | ||
2753 | 5284 | source3/utils/smbcacls.c. | ||
2754 | 5285 | - CVE-2013-6442 | ||
2755 | 5286 | * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6. | ||
2756 | 5287 | |||
2757 | 5288 | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400 | ||
2758 | 5289 | |||
2759 | 5290 | samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium | ||
2760 | 5291 | |||
2761 | 5292 | * Depend on tdb-tools (LP: #1279593) | ||
2762 | 5293 | * Updated generated config for Bind9.9. | ||
2763 | 5294 | |||
2764 | 5295 | -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500 | ||
2765 | 5296 | |||
2766 | 5297 | samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium | ||
2767 | 5298 | |||
2768 | 5299 | * Add missing python-ntdb dependency to python-samba (spotted by | ||
2769 | 5300 | autopkgtest). | ||
2770 | 5301 | |||
2771 | 5302 | -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100 | ||
2772 | 5303 | |||
2773 | 5304 | samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low | ||
2774 | 5305 | |||
2775 | 5306 | * Merge from Debian Unstable: | ||
2776 | 5307 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2777 | 5308 | * debian/smb.conf; | ||
2778 | 5309 | - Add "(Samba, Ubuntu)" to server string. | ||
2779 | 5310 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2780 | 5311 | to show users how to restrict access to \\server\username to only username. | ||
2781 | 5312 | + debian/samba-common.config: | ||
2782 | 5313 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2783 | 5314 | + debian/control: | ||
2784 | 5315 | - Don't build against or suggest ctdb and tdb. | ||
2785 | 5316 | + debian/rules: | ||
2786 | 5317 | - Drop explicit configuration options for ctdb and tdb. | ||
2787 | 5318 | + Add ufw integration: | ||
2788 | 5319 | - Created debian/samba.ufw.profile: | ||
2789 | 5320 | - debian/rules, debian/samba.install: install profile | ||
2790 | 5321 | + Add apport hook: | ||
2791 | 5322 | - Created debian/source_samba.py. | ||
2792 | 5323 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2793 | 5324 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2794 | 5325 | of hacking arround with pid files. | ||
2795 | 5326 | + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, | ||
2796 | 5327 | first dummy transitional package version. | ||
2797 | 5328 | |||
2798 | 5329 | -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500 | ||
2799 | 5330 | |||
2800 | 2831 | samba (2:4.1.3+dfsg-2) unstable; urgency=medium | 5331 | samba (2:4.1.3+dfsg-2) unstable; urgency=medium |
2801 | 2832 | 5332 | ||
2802 | 2833 | * Add debug symbols for all binaries to samba-dbg. Closes: #732493 | 5333 | * Add debug symbols for all binaries to samba-dbg. Closes: #732493 |
2803 | @@ -2870,6 +5370,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low | |||
2804 | 2870 | 5370 | ||
2805 | 2871 | -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800 | 5371 | -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800 |
2806 | 2872 | 5372 | ||
2807 | 5373 | samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low | ||
2808 | 5374 | |||
2809 | 5375 | * Merge from Debian Unstable: | ||
2810 | 5376 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2811 | 5377 | * debian/smb.conf; | ||
2812 | 5378 | - Add "(Samba, Ubuntu)" to server string. | ||
2813 | 5379 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2814 | 5380 | to show users how to restrict access to \\server\username to only username. | ||
2815 | 5381 | + debian/samba-common.config: | ||
2816 | 5382 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2817 | 5383 | + debian/control: | ||
2818 | 5384 | - Don't build against or suggest ctdb and tdb. | ||
2819 | 5385 | + debian/rules: | ||
2820 | 5386 | - Drop explicit configuration options for ctdb and tdb. | ||
2821 | 5387 | + Add ufw integration: | ||
2822 | 5388 | - Created debian/samba.ufw.profile: | ||
2823 | 5389 | - debian/rules, debian/samba.install: install profile | ||
2824 | 5390 | + Add apport hook: | ||
2825 | 5391 | - Created debian/source_samba.py. | ||
2826 | 5392 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2827 | 5393 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2828 | 5394 | of hacking arround with pid files. | ||
2829 | 5395 | + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, | ||
2830 | 5396 | first dummy transitional package version. | ||
2831 | 5397 | |||
2832 | 5398 | -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500 | ||
2833 | 5399 | |||
2834 | 2873 | samba (2:4.0.13+dfsg-1) unstable; urgency=high | 5400 | samba (2:4.0.13+dfsg-1) unstable; urgency=high |
2835 | 2874 | 5401 | ||
2836 | 2875 | [ Steve Langasek ] | 5402 | [ Steve Langasek ] |
2837 | @@ -2924,6 +5451,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high | |||
2838 | 2924 | 5451 | ||
2839 | 2925 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100 | 5452 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100 |
2840 | 2926 | 5453 | ||
2841 | 5454 | samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low | ||
2842 | 5455 | |||
2843 | 5456 | * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version. | ||
2844 | 5457 | |||
2845 | 5458 | -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000 | ||
2846 | 5459 | |||
2847 | 5460 | samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low | ||
2848 | 5461 | |||
2849 | 5462 | * Merge from Debian Unstable: | ||
2850 | 5463 | - debian/VERSION.patch: Update vendor string to "Ubuntu". | ||
2851 | 5464 | * debian/smb.conf; | ||
2852 | 5465 | - Add "(Samba, Ubuntu)" to server string. | ||
2853 | 5466 | - Comment out the default [homes] share, and add a comment about "valid users = %s" | ||
2854 | 5467 | to show users how to restrict access to \\server\username to only username. | ||
2855 | 5468 | + debian/samba-common.config: | ||
2856 | 5469 | - Do not change prioritiy to high if dhclient3 is installed. | ||
2857 | 5470 | + debian/control: | ||
2858 | 5471 | - Don't build against or suggest ctdb and tdb. | ||
2859 | 5472 | + debian/rules: | ||
2860 | 5473 | - Drop explicit configuration options for ctdb and tdb. | ||
2861 | 5474 | + Add ufw integration: | ||
2862 | 5475 | - Created debian/samba.ufw.profile: | ||
2863 | 5476 | - debian/rules, debian/samba.install: install profile | ||
2864 | 5477 | + Add apport hook: | ||
2865 | 5478 | - Created debian/source_samba.py. | ||
2866 | 5479 | - debian/rules, debia/samb-common-bin.install: install hook. | ||
2867 | 5480 | + debian/samba.logrotate: call upstart interfaces unconditionally instead | ||
2868 | 5481 | of hacking arround with pid files. | ||
2869 | 5482 | |||
2870 | 5483 | -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800 | ||
2871 | 5484 | |||
2872 | 2927 | samba (2:4.0.10+dfsg-4) unstable; urgency=low | 5485 | samba (2:4.0.10+dfsg-4) unstable; urgency=low |
2873 | 2928 | 5486 | ||
2874 | 2929 | [ Christian Perrier ] | 5487 | [ Christian Perrier ] |
2875 | diff --git a/debian/control b/debian/control | |||
2876 | index 480a7bb..3671d97 100644 | |||
2877 | --- a/debian/control | |||
2878 | +++ b/debian/control | |||
2879 | @@ -1,7 +1,8 @@ | |||
2880 | 1 | Source: samba | 1 | Source: samba |
2881 | 2 | Section: net | 2 | Section: net |
2882 | 3 | Priority: optional | 3 | Priority: optional |
2884 | 4 | Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> | 4 | Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2885 | 5 | XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> | ||
2886 | 5 | Uploaders: Steve Langasek <vorlon@debian.org>, | 6 | Uploaders: Steve Langasek <vorlon@debian.org>, |
2887 | 6 | Jelmer Vernooij <jelmer@debian.org>, | 7 | Jelmer Vernooij <jelmer@debian.org>, |
2888 | 7 | Mathieu Parent <sathieu@debian.org>, | 8 | Mathieu Parent <sathieu@debian.org>, |
2889 | @@ -35,7 +36,7 @@ Build-Depends-Arch: | |||
2890 | 35 | libblkid-dev, | 36 | libblkid-dev, |
2891 | 36 | libbsd-dev, | 37 | libbsd-dev, |
2892 | 37 | libcap-dev [linux-any], | 38 | libcap-dev [linux-any], |
2894 | 38 | libcephfs-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x], | 39 | libcephfs-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x], |
2895 | 39 | libcmocka-dev (>= 1.1.3), | 40 | libcmocka-dev (>= 1.1.3), |
2896 | 40 | libcups2-dev, | 41 | libcups2-dev, |
2897 | 41 | libdbus-1-dev, | 42 | libdbus-1-dev, |
2898 | @@ -53,12 +54,12 @@ Build-Depends-Arch: | |||
2899 | 53 | libparse-yapp-perl, | 54 | libparse-yapp-perl, |
2900 | 54 | libpcap-dev [hurd-i386 kfreebsd-any], | 55 | libpcap-dev [hurd-i386 kfreebsd-any], |
2901 | 55 | libpopt-dev, | 56 | libpopt-dev, |
2903 | 56 | librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x], | 57 | librados-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x], |
2904 | 57 | libreadline-dev, | 58 | libreadline-dev, |
2905 | 58 | libsystemd-dev [linux-any], | 59 | libsystemd-dev [linux-any], |
2906 | 59 | libtasn1-6-dev (>= 3.8), | 60 | libtasn1-6-dev (>= 3.8), |
2907 | 60 | libtasn1-bin, | 61 | libtasn1-bin, |
2909 | 61 | liburing-dev [linux-any] <!pkg.samba.nouring>, | 62 | liburing-dev [!i386] <!pkg.samba.nouring>, |
2910 | 62 | xfslibs-dev [linux-any], | 63 | xfslibs-dev [linux-any], |
2911 | 63 | zlib1g-dev (>= 1:1.2.3), | 64 | zlib1g-dev (>= 1:1.2.3), |
2912 | 64 | # python (+#904999): | 65 | # python (+#904999): |
2913 | @@ -395,8 +396,9 @@ Depends: samba-common (= ${source:Version}), | |||
2914 | 395 | Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5> | 396 | Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5> |
2915 | 396 | Suggests: libnss-winbind, libpam-winbind | 397 | Suggests: libnss-winbind, libpam-winbind |
2916 | 397 | # 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind | 398 | # 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind |
2919 | 398 | Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), | 399 | # In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663 |
2920 | 399 | Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), | 400 | Breaks: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), |
2921 | 401 | Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), | ||
2922 | 400 | Description: service to resolve user and group information from Windows NT servers | 402 | Description: service to resolve user and group information from Windows NT servers |
2923 | 401 | Samba is an implementation of the SMB/CIFS protocol for Unix systems, | 403 | Samba is an implementation of the SMB/CIFS protocol for Unix systems, |
2924 | 402 | providing support for cross-platform file sharing with Microsoft Windows, OS X, | 404 | providing support for cross-platform file sharing with Microsoft Windows, OS X, |
2925 | diff --git a/debian/rules b/debian/rules | |||
2926 | index f9fd816..adfc3cf 100755 | |||
2927 | --- a/debian/rules | |||
2928 | +++ b/debian/rules | |||
2929 | @@ -81,7 +81,7 @@ config-args = \ | |||
2930 | 81 | 81 | ||
2931 | 82 | ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features | 82 | ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features |
2932 | 83 | with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes) | 83 | with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes) |
2934 | 84 | with-ceph = $(if $(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes) | 84 | with-ceph = $(if $(filter amd64 arm64 armel armhf mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes) |
2935 | 85 | with-snapper = yes | 85 | with-snapper = yes |
2936 | 86 | 86 | ||
2937 | 87 | config-args += \ | 87 | config-args += \ |
2938 | diff --git a/debian/tests/control b/debian/tests/control | |||
2939 | index d27e025..b37632e 100644 | |||
2940 | --- a/debian/tests/control | |||
2941 | +++ b/debian/tests/control | |||
2942 | @@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable | |||
2943 | 28 | Tests: reinstall-samba-common-bin | 28 | Tests: reinstall-samba-common-bin |
2944 | 29 | Depends: samba-common, samba-common-bin | 29 | Depends: samba-common, samba-common-bin |
2945 | 30 | Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr | 30 | Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr |
2946 | 31 | |||
2947 | 32 | Tests: samba-ad-dc-provisioning-internal-dns | ||
2948 | 33 | Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools | ||
2949 | 34 | Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed | ||
2950 | diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns | |||
2951 | 31 | new file mode 100755 | 35 | new file mode 100755 |
2952 | index 0000000..f61fa5e | |||
2953 | --- /dev/null | |||
2954 | +++ b/debian/tests/samba-ad-dc-provisioning-internal-dns | |||
2955 | @@ -0,0 +1,398 @@ | |||
2956 | 1 | #!/bin/bash | ||
2957 | 2 | |||
2958 | 3 | set -e | ||
2959 | 4 | set -o pipefail | ||
2960 | 5 | |||
2961 | 6 | source debian/tests/util | ||
2962 | 7 | |||
2963 | 8 | declare -r domain="EXAMPLE" | ||
2964 | 9 | declare -r realm="EXAMPLE.FAKE" | ||
2965 | 10 | declare -r adminpass="Passw0rd" | ||
2966 | 11 | declare -r test_user="test_user_${RANDOM}" | ||
2967 | 12 | declare -r test_pw="test_user_secret_${RANDOM}" | ||
2968 | 13 | declare -A user_pass | ||
2969 | 14 | user_pass[Administrator]="${adminpass}" | ||
2970 | 15 | user_pass[${test_user}]="${test_pw}" | ||
2971 | 16 | declare -A join_method_deps | ||
2972 | 17 | # Minimum set of deps: let realmd install the extra dependencies | ||
2973 | 18 | # as needed, depending on the join method. | ||
2974 | 19 | join_method_deps[realmd_sssd]="realmd krb5-user smbclient" | ||
2975 | 20 | join_method_deps[realmd_winbind]="realmd krb5-user smbclient" | ||
2976 | 21 | |||
2977 | 22 | |||
2978 | 23 | cleanup() { | ||
2979 | 24 | rc=$? | ||
2980 | 25 | set +e # so we don't exit midcleanup | ||
2981 | 26 | if [ ${rc} -ne 0 ]; then | ||
2982 | 27 | echo "## Something failed, gathering logs" | ||
2983 | 28 | echo | ||
2984 | 29 | echo "## smb.conf" | ||
2985 | 30 | cat /etc/samba/smb.conf | ||
2986 | 31 | echo | ||
2987 | 32 | echo "## resolv.conf" | ||
2988 | 33 | cat /etc/resolv.conf | ||
2989 | 34 | echo | ||
2990 | 35 | echo "## resolvectl status" | ||
2991 | 36 | resolvectl status | ||
2992 | 37 | echo "## journal for samba-ad-dc.service" | ||
2993 | 38 | journalctl -u samba-ad-dc.service --lines 500 | ||
2994 | 39 | echo | ||
2995 | 40 | for log in /var/log/samba/log.*; do | ||
2996 | 41 | # skip compressed logrotated files | ||
2997 | 42 | if [ "${log%.gz}" != "${log}" ]; then | ||
2998 | 43 | continue | ||
2999 | 44 | fi | ||
3000 | 45 | [ -s "${log}" ] || continue | ||
3001 | 46 | echo "## $(basename ${log}):" | ||
3002 | 47 | tail -n 500 "${log}" | ||
3003 | 48 | echo | ||
3004 | 49 | done | ||
3005 | 50 | echo "## syslog" | ||
3006 | 51 | tail -n 500 /var/log/syslog | ||
3007 | 52 | fi | ||
3008 | 53 | } | ||
3009 | 54 | |||
3010 | 55 | trap cleanup EXIT | ||
3011 | 56 | |||
3012 | 57 | assert_testparm() { | ||
3013 | 58 | local parameter="${1}" | ||
3014 | 59 | local expected_value="${2}" | ||
3015 | 60 | local current_value="" | ||
3016 | 61 | local -i retval=0 | ||
3017 | 62 | |||
3018 | 63 | echo -n "Asserting ${parameter} is ${expected_value}: " | ||
3019 | 64 | current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || { | ||
3020 | 65 | retval=$? | ||
3021 | 66 | echo "FAIL" | ||
3022 | 67 | return ${retval} | ||
3023 | 68 | } | ||
3024 | 69 | if [ "${current_value}" = "${expected_value}" ]; then | ||
3025 | 70 | echo "OK" | ||
3026 | 71 | return 0 | ||
3027 | 72 | else | ||
3028 | 73 | echo "FAIL" | ||
3029 | 74 | return 1 | ||
3030 | 75 | fi | ||
3031 | 76 | } | ||
3032 | 77 | |||
3033 | 78 | basic_config_tests() { | ||
3034 | 79 | echo "## Basic config tests" | ||
3035 | 80 | testparm -s > /dev/null | ||
3036 | 81 | assert_testparm "realm" "${realm}" | ||
3037 | 82 | assert_testparm "workgroup" "${domain}" | ||
3038 | 83 | assert_testparm "server role" "active directory domain controller" | ||
3039 | 84 | echo | ||
3040 | 85 | } | ||
3041 | 86 | |||
3042 | 87 | dns_tests() { | ||
3043 | 88 | echo "## DNS tests" | ||
3044 | 89 | echo "Obtaining administrator kerberos ticket" | ||
3045 | 90 | echo "${adminpass}" | timeout --verbose 30 kinit Administrator | ||
3046 | 91 | echo | ||
3047 | 92 | echo "Querying server info" | ||
3048 | 93 | samba-tool dns serverinfo "$(hostname)" | ||
3049 | 94 | echo | ||
3050 | 95 | echo "Checking we got a service ticket of type host/" | ||
3051 | 96 | klist | grep "host/$(hostname)" | ||
3052 | 97 | echo | ||
3053 | 98 | echo "Checking specific DNS records" | ||
3054 | 99 | for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do | ||
3055 | 100 | echo -n "${srv}.${realm,,}: " | ||
3056 | 101 | dig @localhost +short -t SRV ${srv}.${realm,,} | ||
3057 | 102 | echo | ||
3058 | 103 | done | ||
3059 | 104 | echo | ||
3060 | 105 | echo -n "Checking that our hostname \"$(hostname)\" is in DNS: " | ||
3061 | 106 | myip=$(dig @localhost +short -t A "$(hostname).${realm,,}") | ||
3062 | 107 | echo "${myip}" | ||
3063 | 108 | echo | ||
3064 | 109 | } | ||
3065 | 110 | |||
3066 | 111 | user_creation_tests() { | ||
3067 | 112 | echo "## User creation tests" | ||
3068 | 113 | samba-tool domain passwordsettings set --complexity=off | ||
3069 | 114 | echo "Creating user \"${test_user}\" with password ${test_pw}" | ||
3070 | 115 | samba-tool user add "${test_user}" "${test_pw}" | ||
3071 | 116 | echo | ||
3072 | 117 | echo "Attempting to obtain kerberos ticket for user \"${test_user}\"" | ||
3073 | 118 | # just in case it ends up waiting at a prompt, we use "timeout" | ||
3074 | 119 | echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" | ||
3075 | 120 | echo "Ticket obtained" | ||
3076 | 121 | klist | ||
3077 | 122 | echo | ||
3078 | 123 | } | ||
3079 | 124 | |||
3080 | 125 | smbclient_tests() { | ||
3081 | 126 | echo "## smbclient tests" | ||
3082 | 127 | kdestroy || : | ||
3083 | 128 | echo | ||
3084 | 129 | echo "Obtaining a TGT for ${test_user}" | ||
3085 | 130 | echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" | ||
3086 | 131 | klist | grep krbtgt | ||
3087 | 132 | echo | ||
3088 | 133 | echo "Attempting password-less authentication with smbclient" | ||
3089 | 134 | echo | ||
3090 | 135 | echo "Listing shares" | ||
3091 | 136 | smbclient -L "$(hostname)" --use-kerberos=required -k | ||
3092 | 137 | echo | ||
3093 | 138 | echo "Listing the sysvol share" | ||
3094 | 139 | smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls" | ||
3095 | 140 | echo | ||
3096 | 141 | echo "Listing policies" | ||
3097 | 142 | # lowercase the ${realm} | ||
3098 | 143 | smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*" | ||
3099 | 144 | echo | ||
3100 | 145 | echo "Checking that we have a ticket for the cifs service after all these commands" | ||
3101 | 146 | klist | grep cifs/ | ||
3102 | 147 | echo | ||
3103 | 148 | } | ||
3104 | 149 | |||
3105 | 150 | server_join_tests() { | ||
3106 | 151 | local member_server | ||
3107 | 152 | # the join methods are the keys of the join_method_deps dict | ||
3108 | 153 | local -a methods=("${!join_method_deps[@]}") | ||
3109 | 154 | local member_server="member-server" | ||
3110 | 155 | |||
3111 | 156 | echo "## Server join tests" | ||
3112 | 157 | echo "## Initializing lxd" | ||
3113 | 158 | setup_lxd "${realm,,}" | ||
3114 | 159 | |||
3115 | 160 | for method in "${methods[@]}"; do | ||
3116 | 161 | echo "## Setting up member server to join a domain using method ${method}" | ||
3117 | 162 | setup_member_server "${member_server}" "${method}" | ||
3118 | 163 | echo "## Joining domain with method ${method}" | ||
3119 | 164 | join_domain "${member_server}" "${method}" | ||
3120 | 165 | echo | ||
3121 | 166 | echo "## Verifying join with method ${method}" | ||
3122 | 167 | verify_join "${member_server}" "${method}" | ||
3123 | 168 | echo | ||
3124 | 169 | echo "## Leaving domain with method ${method}" | ||
3125 | 170 | leave_domain "${member_server}" "${method}" | ||
3126 | 171 | echo | ||
3127 | 172 | echo "## Destroying member server" | ||
3128 | 173 | lxc delete --force "${member_server}" | ||
3129 | 174 | done | ||
3130 | 175 | } | ||
3131 | 176 | |||
3132 | 177 | setup_member_server() { | ||
3133 | 178 | local container_name="${1}" | ||
3134 | 179 | local method="${2}" | ||
3135 | 180 | local release | ||
3136 | 181 | |||
3137 | 182 | release="$(lsb_release -cs)" | ||
3138 | 183 | if [ -z "${join_method_deps[${method}]}" ]; then | ||
3139 | 184 | echo "## INTERNAL ERROR, invalid join method: ${method}" | ||
3140 | 185 | return 1 | ||
3141 | 186 | fi | ||
3142 | 187 | echo "## Got test dependencies: ${join_method_deps[${method}]}" | ||
3143 | 188 | # can't use cloud-init here to install packages, because we first need to | ||
3144 | 189 | # sync the apt config from the host to the container | ||
3145 | 190 | echo "## Launching ${release} container" | ||
3146 | 191 | lxc launch "ubuntu-daily:${release}" "${container_name}" -q | ||
3147 | 192 | wait_container_ready "${container_name}" | ||
3148 | 193 | send_apt_config "${container_name}" | ||
3149 | 194 | copy_local_apt_files "${container_name}" | ||
3150 | 195 | echo "## Installing dependencies in test container" | ||
3151 | 196 | install_packages_in_container "${container_name}" ${join_method_deps[${method}]} | ||
3152 | 197 | } | ||
3153 | 198 | |||
3154 | 199 | join_domain_realmd_winbind() { | ||
3155 | 200 | local server="${1}" | ||
3156 | 201 | local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}" | ||
3157 | 202 | local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}" | ||
3158 | 203 | |||
3159 | 204 | echo "## Domain information" | ||
3160 | 205 | lxc exec "${server}" -- ${discover_cmd} | ||
3161 | 206 | echo | ||
3162 | 207 | echo "## Running join command: ${join_cmd}" | ||
3163 | 208 | echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} | ||
3164 | 209 | } | ||
3165 | 210 | |||
3166 | 211 | verify_join_realmd_winbind() { | ||
3167 | 212 | local server="${1}" | ||
3168 | 213 | local member_domain | ||
3169 | 214 | |||
3170 | 215 | echo -n "## Verifying member server joined domain name: " | ||
3171 | 216 | member_domain=$(lxc exec "${server}" -- wbinfo --own-domain) | ||
3172 | 217 | echo "${member_domain}" | ||
3173 | 218 | if [ "${member_domain}" != "${domain}" ]; then | ||
3174 | 219 | echo "ERROR: expected member server domain to match the joined domain:" | ||
3175 | 220 | echo "member server domain: ${member_domain}" | ||
3176 | 221 | echo "AD domain: ${domain}" | ||
3177 | 222 | return 1 | ||
3178 | 223 | fi | ||
3179 | 224 | echo | ||
3180 | 225 | # we just want to see the output, not parse it | ||
3181 | 226 | echo "## Domain status in member server" | ||
3182 | 227 | lxc exec "${server}" -- wbinfo --domain-info "${member_domain}" | ||
3183 | 228 | echo | ||
3184 | 229 | echo "## User status in member server" | ||
3185 | 230 | for u in "${!user_pass[@]}"; do | ||
3186 | 231 | echo "## User \"${u}@${realm}\" information:" | ||
3187 | 232 | lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}" | ||
3188 | 233 | echo | ||
3189 | 234 | echo "## id ${u}@${realm}" | ||
3190 | 235 | lxc exec "${server}" -- id ${u}@${realm} | ||
3191 | 236 | echo | ||
3192 | 237 | echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" | ||
3193 | 238 | echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" | ||
3194 | 239 | lxc exec "${server}" -- klist | ||
3195 | 240 | echo | ||
3196 | 241 | echo "## Listing shares with the obtained kerberos ticket" | ||
3197 | 242 | lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k | ||
3198 | 243 | lxc exec "${server}" -- kdestroy | ||
3199 | 244 | echo | ||
3200 | 245 | echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server" | ||
3201 | 246 | # non-interactive format for username is user%password | ||
3202 | 247 | lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}" | ||
3203 | 248 | echo | ||
3204 | 249 | echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server" | ||
3205 | 250 | lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}" | ||
3206 | 251 | echo | ||
3207 | 252 | echo "## Listing shares with the obtained kerberos ticket" | ||
3208 | 253 | lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k | ||
3209 | 254 | lxc exec "${server}" -- kdestroy | ||
3210 | 255 | done | ||
3211 | 256 | } | ||
3212 | 257 | |||
3213 | 258 | leave_domain_realmd_winbind() { | ||
3214 | 259 | local server="${1}" | ||
3215 | 260 | local leave_cmd="realm leave -v --remove --client-software=winbind" | ||
3216 | 261 | |||
3217 | 262 | echo "## Running leave command: ${leave_cmd}" | ||
3218 | 263 | echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} | ||
3219 | 264 | } | ||
3220 | 265 | |||
3221 | 266 | join_domain_realmd_sssd() { | ||
3222 | 267 | local server="${1}" | ||
3223 | 268 | local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}" | ||
3224 | 269 | local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}" | ||
3225 | 270 | |||
3226 | 271 | echo "## Domain information" | ||
3227 | 272 | lxc exec "${server}" -- ${discover_cmd} | ||
3228 | 273 | echo | ||
3229 | 274 | echo "## Running join command: ${join_cmd}" | ||
3230 | 275 | echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} | ||
3231 | 276 | echo | ||
3232 | 277 | } | ||
3233 | 278 | |||
3234 | 279 | verify_join_realmd_sssd() { | ||
3235 | 280 | local server="${1}" | ||
3236 | 281 | local samba_domain | ||
3237 | 282 | |||
3238 | 283 | echo -n "## Verifying member server joined domain name: " | ||
3239 | 284 | samba_domain=$(lxc exec "${server}" -- sssctl domain-list) | ||
3240 | 285 | echo "${samba_domain}" | ||
3241 | 286 | if [ "${samba_domain}" != "${realm,,}" ]; then | ||
3242 | 287 | echo "ERROR: expected member server domain to match the joined domain:" | ||
3243 | 288 | echo "member server domain: ${samba_domain}" | ||
3244 | 289 | echo "AD domain: ${realm,,}" | ||
3245 | 290 | return 1 | ||
3246 | 291 | fi | ||
3247 | 292 | echo | ||
3248 | 293 | # we just want to see the output, not parse it | ||
3249 | 294 | echo "## Domain status in member server" | ||
3250 | 295 | lxc exec "${server}" -- sssctl domain-status "${realm}" | ||
3251 | 296 | echo | ||
3252 | 297 | echo "## User status in member server" | ||
3253 | 298 | for u in "${!user_pass[@]}"; do | ||
3254 | 299 | echo "## User \"${u}@${realm}\" information:" | ||
3255 | 300 | lxc exec "${server}" -- sssctl user-checks "${u}@${realm}" | ||
3256 | 301 | echo | ||
3257 | 302 | echo "## id ${u}@${realm}" | ||
3258 | 303 | lxc exec "${server}" -- id "${u}@${realm}" | ||
3259 | 304 | echo | ||
3260 | 305 | echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" | ||
3261 | 306 | echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" | ||
3262 | 307 | lxc exec "${server}" -- klist | ||
3263 | 308 | echo | ||
3264 | 309 | echo "## Listing shares with the obtained kerberos ticket" | ||
3265 | 310 | lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k | ||
3266 | 311 | lxc exec "${server}" -- kdestroy | ||
3267 | 312 | done | ||
3268 | 313 | } | ||
3269 | 314 | |||
3270 | 315 | leave_domain_realmd_sssd() { | ||
3271 | 316 | local server="${1}" | ||
3272 | 317 | local leave_cmd="realm leave -v --remove --client-software=sssd" | ||
3273 | 318 | |||
3274 | 319 | echo "## Running leave command: ${leave_cmd}" | ||
3275 | 320 | echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} | ||
3276 | 321 | } | ||
3277 | 322 | |||
3278 | 323 | join_domain() { | ||
3279 | 324 | local server="${1}" | ||
3280 | 325 | local m="${2}" | ||
3281 | 326 | |||
3282 | 327 | join_domain_${m} "${server}" | ||
3283 | 328 | } | ||
3284 | 329 | |||
3285 | 330 | verify_join() { | ||
3286 | 331 | local server="${1}" | ||
3287 | 332 | local m="${2}" | ||
3288 | 333 | |||
3289 | 334 | verify_join_${m} "${server}" | ||
3290 | 335 | } | ||
3291 | 336 | |||
3292 | 337 | leave_domain() { | ||
3293 | 338 | local server="${1}" | ||
3294 | 339 | local m="${2}" | ||
3295 | 340 | |||
3296 | 341 | leave_domain_${m} "${server}" | ||
3297 | 342 | } | ||
3298 | 343 | |||
3299 | 344 | systemctl stop smbd nmbd winbind | ||
3300 | 345 | systemctl disable smbd nmbd winbind | ||
3301 | 346 | systemctl mask smbd nmbd winbind | ||
3302 | 347 | |||
3303 | 348 | systemctl unmask samba-ad-dc | ||
3304 | 349 | systemctl enable samba-ad-dc | ||
3305 | 350 | |||
3306 | 351 | if [ -f /etc/samba/smb.conf ]; then | ||
3307 | 352 | mv /etc/samba/smb.conf{,.orig} | ||
3308 | 353 | fi | ||
3309 | 354 | |||
3310 | 355 | # make sure we are starting fresh, as previous tests might left things around | ||
3311 | 356 | |||
3312 | 357 | rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/* | ||
3313 | 358 | kdestroy || : | ||
3314 | 359 | |||
3315 | 360 | samba-tool domain provision \ | ||
3316 | 361 | --domain="${domain}" \ | ||
3317 | 362 | --realm="${realm}" \ | ||
3318 | 363 | --adminpass="${adminpass}" \ | ||
3319 | 364 | --server-role=dc \ | ||
3320 | 365 | --use-rfc2307 \ | ||
3321 | 366 | --dns-backend=SAMBA_INTERNAL | ||
3322 | 367 | |||
3323 | 368 | current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}') | ||
3324 | 369 | |||
3325 | 370 | if [ -n "${current_dns}" ]; then | ||
3326 | 371 | echo "## Setting dns forwarder to ${current_dns} in smb.conf" | ||
3327 | 372 | sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \ | ||
3328 | 373 | /etc/samba/smb.conf | ||
3329 | 374 | unlink /etc/resolv.conf | ||
3330 | 375 | echo "nameserver 127.0.0.1" > /etc/resolv.conf | ||
3331 | 376 | # lowercase substitution | ||
3332 | 377 | echo "search ${realm,,}" >> /etc/resolv.conf | ||
3333 | 378 | systemctl stop systemd-resolved | ||
3334 | 379 | systemctl disable systemd-resolved | ||
3335 | 380 | else | ||
3336 | 381 | echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf" | ||
3337 | 382 | echo "## resolvectl status:" | ||
3338 | 383 | resolvectl status | ||
3339 | 384 | echo "## Continuing, and hoping for the best" | ||
3340 | 385 | fi | ||
3341 | 386 | |||
3342 | 387 | cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf | ||
3343 | 388 | |||
3344 | 389 | systemctl start samba-ad-dc | ||
3345 | 390 | |||
3346 | 391 | # give it some time, it's a lot of services to start | ||
3347 | 392 | sleep 5s | ||
3348 | 393 | |||
3349 | 394 | basic_config_tests | ||
3350 | 395 | dns_tests | ||
3351 | 396 | user_creation_tests | ||
3352 | 397 | smbclient_tests | ||
3353 | 398 | server_join_tests | ||
3354 | diff --git a/debian/tests/util b/debian/tests/util | |||
3355 | index 4278ee7..298b321 100644 | |||
3356 | --- a/debian/tests/util | |||
3357 | +++ b/debian/tests/util | |||
3358 | @@ -16,7 +16,7 @@ EOFEOF | |||
3359 | 16 | if [ -n "${vfs}" ]; then | 16 | if [ -n "${vfs}" ]; then |
3360 | 17 | echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf | 17 | echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf |
3361 | 18 | fi | 18 | fi |
3363 | 19 | systemctl restart smbd.service | 19 | systemctl reload smbd.service |
3364 | 20 | else | 20 | else |
3365 | 21 | echo "Share [${share}] already exists, continuing" | 21 | echo "Share [${share}] already exists, continuing" |
3366 | 22 | fi | 22 | fi |
3367 | @@ -66,3 +66,113 @@ ensure_uring_available() { | |||
3368 | 66 | exit 77 | 66 | exit 77 |
3369 | 67 | fi | 67 | fi |
3370 | 68 | } | 68 | } |
3371 | 69 | |||
3372 | 70 | wait_container_ready() { | ||
3373 | 71 | local container="${1}" | ||
3374 | 72 | local -i limit=120 # seconds | ||
3375 | 73 | local -i i=0 | ||
3376 | 74 | local -i result=0 | ||
3377 | 75 | local ip | ||
3378 | 76 | local output | ||
3379 | 77 | |||
3380 | 78 | while /bin/true; do | ||
3381 | 79 | ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}') | ||
3382 | 80 | if [ -n "${ip}" ]; then | ||
3383 | 81 | break | ||
3384 | 82 | fi | ||
3385 | 83 | i=$((i+1)) | ||
3386 | 84 | if [ ${i} -ge ${limit} ]; then | ||
3387 | 85 | return 1 | ||
3388 | 86 | fi | ||
3389 | 87 | sleep 1s | ||
3390 | 88 | echo -n "." | ||
3391 | 89 | done | ||
3392 | 90 | while ! nc -z "${ip}" 22; do | ||
3393 | 91 | echo -n "." | ||
3394 | 92 | i=$((i+1)) | ||
3395 | 93 | if [ ${i} -ge ${limit} ]; then | ||
3396 | 94 | return 1 | ||
3397 | 95 | fi | ||
3398 | 96 | sleep 1s | ||
3399 | 97 | done | ||
3400 | 98 | # cloud-init might still be doing things... | ||
3401 | 99 | # this call blocks, so wrap it in its own little timeout | ||
3402 | 100 | output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || { | ||
3403 | 101 | result=$? | ||
3404 | 102 | echo "cloud-init status --wait failed on container ${container}" | ||
3405 | 103 | echo "${output}" | ||
3406 | 104 | return ${result} | ||
3407 | 105 | } | ||
3408 | 106 | echo | ||
3409 | 107 | } | ||
3410 | 108 | |||
3411 | 109 | install_lxd() { | ||
3412 | 110 | if ! command -v lxd > /dev/null 2>&1; then | ||
3413 | 111 | # the test depends has "lxd | snapd", so if we don't have lxd, we must | ||
3414 | 112 | # install the snap | ||
3415 | 113 | snap list lxd > /dev/null 2>&1 || { | ||
3416 | 114 | echo "Installing the LXD snap..." | ||
3417 | 115 | snap install lxd | ||
3418 | 116 | } | ||
3419 | 117 | fi | ||
3420 | 118 | } | ||
3421 | 119 | |||
3422 | 120 | setup_lxd() { | ||
3423 | 121 | local dns_domain="${1}" | ||
3424 | 122 | local network | ||
3425 | 123 | local nic | ||
3426 | 124 | local dns_ip | ||
3427 | 125 | |||
3428 | 126 | install_lxd | ||
3429 | 127 | # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53 | ||
3430 | 128 | systemctl stop samba-ad-dc | ||
3431 | 129 | lxd init --auto | ||
3432 | 130 | lxd waitready --timeout 600 | ||
3433 | 131 | network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED") | ||
3434 | 132 | nic=$(echo "${network}" | awk '{print $1}') | ||
3435 | 133 | dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr | ||
3436 | 134 | # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS | ||
3437 | 135 | lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})" | ||
3438 | 136 | if [ -n "${http_proxy}" ]; then | ||
3439 | 137 | lxc config set core.proxy_http "${http_proxy}" | ||
3440 | 138 | fi | ||
3441 | 139 | if [ -n "${https_proxy}" ]; then | ||
3442 | 140 | lxc config set core.proxy_https "${https_proxy}" | ||
3443 | 141 | fi | ||
3444 | 142 | if [ -n "${noproxy}" ]; then | ||
3445 | 143 | lxc config set core.proxy_ignore_hosts "${noproxy}" | ||
3446 | 144 | fi | ||
3447 | 145 | systemctl start samba-ad-dc | ||
3448 | 146 | # give it some time, it's a lot of services to start | ||
3449 | 147 | sleep 5s | ||
3450 | 148 | } | ||
3451 | 149 | |||
3452 | 150 | # Copy the local apt package archive over to the lxd container. | ||
3453 | 151 | copy_local_apt_files() { | ||
3454 | 152 | local container_name="${1:-docker}" | ||
3455 | 153 | |||
3456 | 154 | for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do | ||
3457 | 155 | local_source=${local_source#file:} | ||
3458 | 156 | local_dir=$(dirname "${local_source}") | ||
3459 | 157 | lxc exec "${container_name}" -- mkdir -p "${local_dir}" | ||
3460 | 158 | tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}" | ||
3461 | 159 | done | ||
3462 | 160 | } | ||
3463 | 161 | |||
3464 | 162 | send_apt_config() { | ||
3465 | 163 | echo "Copying over /etc/apt to container ${1}" | ||
3466 | 164 | lxc exec "${1}" -- rm -rf /etc/apt | ||
3467 | 165 | lxc exec "${1}" -- mkdir -p /etc/apt | ||
3468 | 166 | tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt | ||
3469 | 167 | } | ||
3470 | 168 | |||
3471 | 169 | install_packages_in_container() { | ||
3472 | 170 | local container="${1}" | ||
3473 | 171 | shift | ||
3474 | 172 | local packages="${*}" | ||
3475 | 173 | |||
3476 | 174 | echo "### Installing dependencies in member server container: ${packages}" | ||
3477 | 175 | lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q | ||
3478 | 176 | lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y | ||
3479 | 177 | lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages} | ||
3480 | 178 | } |
Cutting FF close I see :-)
Since I imagine you're trying to get this in quickly, this is a very expedient review. The test results seem to be coming in ok:
* Results: 4.18.6+ dfsg-1ubuntu1~ ppa2 samba-mantic- merge samba/2: 4.18.6+ dfsg-1ubuntu1~ ppa2
- samba/2:
+ ✅ samba on mantic for amd64 @ 17.08.23 16:38:06 Log️ 🗒️
+ ✅ samba on mantic for armhf @ 17.08.23 15:46:05 Log️ 🗒️
+ ✅ samba on mantic for ppc64el @ 17.08.23 16:13:59 Log️ 🗒️
+ ✅ samba on mantic for s390x @ 17.08.23 16:04:16 Log️ 🗒️
* Running:
# time pkg release arch ppa trigger
- 1314 samba mantic arm64 ahasenack/
* Waiting: (none)
Packaging all looks fine.
A LP # for the various 386 delta would be useful in order to keep track of if/when that can be dropped, and the general status/expectation of Samba support for arch i386, but that's super unimportant for this merge and can be in the "maybe someday" pile.
Rest LGTM, +1