Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:mantic-samba-merge-3 into ubuntu/+source/samba:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. mantic-samba-merge-3
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 7b56970dca7b822697a56ca8209fbc1b0855f484
Proposed branch: ~ahasenack/ubuntu/+source/samba:mantic-samba-merge-3
Merge into: ubuntu/+source/samba:debian/sid
Diff against target: 3480 lines (+3080/-8)
6 files modified
debian/changelog (+2558/-0)
debian/control (+8/-6)
debian/rules (+1/-1)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+111/-1)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+449354@code.launchpad.net

Description of the change

Merge from debian.

Some delta dropped, one added to fix https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2024663. Originally I had it as its own MP, but then this new upstream samba version came along, and I'm fixing both. The test is described in the bug.

I also had to re-add a delta around ceph i386 which was accidentally broken in debian's 4.18.5+dfsg-2: " * d/rules: make ceph conditional similar to gluster".

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-mantic-merge/+packages (still building)

I'll trigger DEP8 tests after it's done.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Cutting FF close I see :-)

Since I imagine you're trying to get this in quickly, this is a very expedient review. The test results seem to be coming in ok:

* Results:
  - samba/2:4.18.6+dfsg-1ubuntu1~ppa2
    + ✅ samba on mantic for amd64 @ 17.08.23 16:38:06 Log️ 🗒️
    + ✅ samba on mantic for armhf @ 17.08.23 15:46:05 Log️ 🗒️
    + ✅ samba on mantic for ppc64el @ 17.08.23 16:13:59 Log️ 🗒️
    + ✅ samba on mantic for s390x @ 17.08.23 16:04:16 Log️ 🗒️
* Running:
  # time pkg release arch ppa trigger
  - 1314 samba mantic arm64 ahasenack/samba-mantic-merge samba/2:4.18.6+dfsg-1ubuntu1~ppa2
* Waiting: (none)

Packaging all looks fine.

A LP # for the various 386 delta would be useful in order to keep track of if/when that can be dropped, and the general status/expectation of Samba support for arch i386, but that's super unimportant for this merge and can be in the "maybe someday" pile.

Rest LGTM, +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, bryce
Uploaders: ahasenack, bryce
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks. The upstream release was yesterday, and the debian package appeared in launchpad just overnight :)

I think this would be fine after FF, because the release notes only mention bug fixes, but yeah, better do it before if possible.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uploaded with rich history:

Uploading samba_4.18.6+dfsg-1ubuntu1.dsc
Uploading samba_4.18.6+dfsg.orig.tar.xz
Uploading samba_4.18.6+dfsg-1ubuntu1.debian.tar.xz
Uploading samba_4.18.6+dfsg-1ubuntu1_source.buildinfo
Uploading samba_4.18.6+dfsg-1ubuntu1_source.changes

Revision history for this message
Mike Silva (mikesilva) wrote :

Is there a PPA where I can help test the multi-channel bug fix?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

You can test it on mantic by enabling the proposed pocket, since samba hasn't migrated yet. I deleted the ppa after I uploaded it.

Let me know if that's ok.

Revision history for this message
Mike Silva (mikesilva) wrote :

Oh, no problem. I was looking for the FAQ on how to do that over the weekend, if you have a pointer, and wouldn't mind, can you link me to it here?

I'm anxious to see this get into Mantic. It's led to a lot of user pain for some time!

Revision history for this message
Mike Silva (mikesilva) wrote :

I found the FAQ and setup proposed with selective install, but this is all that I see in proposed. Not, 2:4.18.6.

samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium

  * Add changes to fix uncaught exception when updating old password
    containing regex metacharacters by simplifying samba-tool password
    redaction (LP: #2002949).
    - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
    - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
    - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
    - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
    - d/p/python-Add-glue.burn_commandline-method.patch
    - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
    - d/p/python-Remove-const-from-PyList_AsStringList.patch

 -- Michal Maloszewski <email address hidden> Fri, 28 Jul 2023 00:55:03 +0200

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

That's not proposed indeed. But here it worked:

ubuntu@m-samba:~$ apt-cache policy samba
samba:
  Installed: (none)
  Candidate: 2:4.18.5+dfsg-1ubuntu2
  Version table:
     2:4.18.6+dfsg-1ubuntu1 100
        100 http://br.archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages
     2:4.18.5+dfsg-1ubuntu2 500
        500 http://br.archive.ubuntu.com/ubuntu mantic/main amd64 Packages

ubuntu@m-samba:~$ cat /etc/apt/sources.list
deb http://br.archive.ubuntu.com/ubuntu mantic main restricted universe multiverse
deb http://br.archive.ubuntu.com/ubuntu mantic-proposed main restricted universe multiverse

But do note that proposed has a lower priority (100 instead of 500), so to actually install the package from proposed you need to pass "-t mantic-proposed" to apt:

sudo apt install samba -t mantic-proposed

Revision history for this message
Mike Silva (mikesilva) wrote :

That was the needed incantation. Thanks!

2.4.18.6 is fantastic. I'm seeing none of the mount/dismount problems I had before.

Update scan failed

At least one of the branches involved have failed to scan. You can manually schedule a rescan if required.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 2519a2a..7b4ef63 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,36 @@
1samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium
2
3 * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes:
4 - debian/control: Ubuntu i386 binary compatibility:
5 + drop ceph support
6 + enable the liburing vfs module, except on i386 where liburing is
7 not available
8 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
9 samba AD DC provisioning and domain join tests with internal DNS
10 (LP #1977746, LP #2011745)
11 * Dropped:
12 - build-depend on libglusterfs-dev only on !i386 arches
13 [In 2:4.18.5+dfsg-2]
14 - Add changes to fix uncaught exception when updating old password
15 containing regex metacharacters by simplifying samba-tool password
16 redaction (LP #2002949).
17 + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
18 + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
19 + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
20 + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
21 + d/p/python-Add-glue.burn_commandline-method.patch
22 + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
23 + d/p/python-Remove-const-from-PyList_AsStringList.patch
24 [Fixed upstream in 4.18.6]
25 * Added:
26 - d/control: adjust breaks/replaces for file move that Debian did in
27 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
28 file conflict in a dist-upgrade from earlier Ubuntu releases, like
29 Kinetic (LP: #2024663)
30 - d/rules: ceph is not available in Ubuntu i386, disable it
31
32 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Aug 2023 09:52:00 -0300
33
1samba (2:4.18.6+dfsg-1) unstable; urgency=medium34samba (2:4.18.6+dfsg-1) unstable; urgency=medium
235
3 * new upstream stable/bugfix release:36 * new upstream stable/bugfix release:
@@ -54,6 +87,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium
5487
55 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +030088 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300
5689
90samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium
91
92 * Add changes to fix uncaught exception when updating old password
93 containing regex metacharacters by simplifying samba-tool password
94 redaction (LP: #2002949).
95 - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
96 - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
97 - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
98 - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
99 - d/p/python-Add-glue.burn_commandline-method.patch
100 - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
101 - d/p/python-Remove-const-from-PyList_AsStringList.patch
102
103 -- Michal Maloszewski <michal.maloszewski@canonical.com> Fri, 28 Jul 2023 00:55:03 +0200
104
105samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium
106
107 * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining
108 changes:
109 - debian/control: Ubuntu i386 binary compatibility:
110 + drop ceph support
111 + enable the liburing vfs module, except on i386 where liburing is
112 not available
113 + build-depend on libglusterfs-dev only on !i386 arches
114 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
115 samba AD DC provisioning and domain join tests with internal DNS
116 (LP #1977746, LP #2011745)
117 - d/t/util: reload instead of restarting samba, as it's quicker and
118 has the same effect we want in this test
119
120 -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jul 2023 10:15:22 -0300
121
57samba (2:4.18.5+dfsg-1) unstable; urgency=medium122samba (2:4.18.5+dfsg-1) unstable; urgency=medium
58123
59 * new upstream stable/security release 4.18.5, including:124 * new upstream stable/security release 4.18.5, including:
@@ -131,6 +196,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium
131196
132 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300197 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300
133198
199samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium
200
201 * Merge with Debian unstable (LP: #2018054). Remaining changes:
202 - debian/control: Ubuntu i386 binary compatibility:
203 + drop ceph support
204 + enable the liburing vfs module, except on i386 where liburing is
205 not available
206 + build-depend on libglusterfs-dev only on !i386 arches
207 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
208 samba AD DC provisioning and domain join tests with internal DNS
209 (LP #1977746, LP #2011745)
210 * Added changes:
211 - d/t/util: reload instead of restarting samba, as it's quicker and
212 has the same effect we want in this test
213
214 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Jun 2023 11:59:19 -0300
215
134samba (2:4.18.3+dfsg-3) unstable; urgency=medium216samba (2:4.18.3+dfsg-3) unstable; urgency=medium
135217
136 * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU,218 * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU,
@@ -289,6 +371,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium
289371
290 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300372 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300
291373
374samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium
375
376 * Merge with Debian unstable (LP: #2014052). Remaining changes:
377 - debian/control: Ubuntu i386 binary compatibility:
378 + drop ceph support
379 + enable the liburing vfs module, except on i386 where liburing is
380 not available
381 + build-depend on libglusterfs-dev only on !i386 arches
382 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
383 samba AD DC provisioning and domain join tests with internal DNS
384 (LP #1977746, LP #2011745)
385
386 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Mar 2023 15:26:11 -0300
387
292samba (2:4.17.6+dfsg-1) unstable; urgency=medium388samba (2:4.17.6+dfsg-1) unstable; urgency=medium
293389
294 * new upstream stable/bugfix release 4.17.6:390 * new upstream stable/bugfix release 4.17.6:
@@ -316,6 +412,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium
316412
317 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300413 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300
318414
415samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium
416
417 * Add domain join tests (LP: #2011745):
418 - d/t/control: update dependencies for samba AD provisioning test,
419 which now also includes a member server join test
420 - d/t/util, d/t/samba-ad-dc-*: add member server join tests
421
422 -- Andreas Hasenack <andreas@canonical.com> Wed, 15 Mar 2023 20:49:56 -0300
423
424samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium
425
426 * d/t/samba-ad-dc-provisioning-internal-dns: test improvements
427 (LP: #2009485):
428 - increase kinit timeout, as it also does DNS lookups
429 - add a trap on exit to show logs in the case of some failure
430
431 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Mar 2023 11:49:34 -0300
432
433samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium
434
435 * Merge with Debian unstable (LP: #2002181). Remaining changes:
436 - debian/control: Ubuntu i386 binary compatibility:
437 + drop ceph support
438 + enable the liburing vfs module, except on i386 where liburing is
439 not available
440 + build-depend on libglusterfs-dev only on !i386 arches
441 * Added:
442 - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD
443 DC provisioning test with internal DNS (LP: #1977746)
444
445 -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300
446
319samba (2:4.17.5+dfsg-2) unstable; urgency=medium447samba (2:4.17.5+dfsg-2) unstable; urgency=medium
320448
321 * d/control: samba: depends on exact version of python3-samba449 * d/control: samba: depends on exact version of python3-samba
@@ -468,6 +596,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium
468596
469 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300597 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300
470598
599samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium
600
601 * No-change rebuild with Python 3.11 as default
602
603 -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000
604
605samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium
606
607 * Merge with Debian unstable (LP: #1993380). Remaining changes:
608 - debian/control: Ubuntu i386 binary compatibility:
609 + drop ceph support
610 - d/control: enable the liburing vfs module, except on i386 where
611 liburing is not available
612 - d/control: build-depend on libglusterfs-dev only on !i386 arches
613 * Dropped:
614 - debian/smb.conf;
615 + Add "(Samba, Ubuntu)" to server string.
616 [In 2:4.16.6+dfsg-1]
617 + Comment out the default [homes] share, and add a comment about
618 "valid users = %s" to show users how to restrict access to
619 \\server\username to only username.
620 [In 2:4.16.6+dfsg-1]
621 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
622 Skip running the tests if on i386 platform, because the uring
623 package is not available there.
624 [In 2:4.16.6+dfsg-1, improved]
625 - d/t/util: fix setting the password of the smb test user
626 (LP #1955851)
627 [In 2:4.16.5+dfsg-2]
628 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
629 [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6]
630 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
631 enable the samba glusterfs vfs mofule in that case
632 [In 2:4.16.6+dfsg-1]
633
634 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300
635
471samba (2:4.17.3+dfsg-3) unstable; urgency=medium636samba (2:4.17.3+dfsg-3) unstable; urgency=medium
472637
473 * d/control: winbind should depend on the same binary:Version638 * d/control: winbind should depend on the same binary:Version
@@ -764,6 +929,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium
764929
765 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300930 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300
766931
932samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
933
934 * Merge with Debian unstable. Remaining changes:
935 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
936 - debian/smb.conf;
937 + Add "(Samba, Ubuntu)" to server string.
938 + Comment out the default [homes] share, and add a comment about
939 "valid users = %s" to show users how to restrict access to
940 \\server\username to only username.
941 - debian/control: Ubuntu i386 binary compatibility:
942 + drop ceph support
943 - d/control: enable the liburing vfs module, except on i386 where
944 liburing is not available
945 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
946 Skip running the tests if on i386 platform, because the uring
947 package is not available there.
948 - d/t/util: fix setting the password of the smb test user
949 (LP #1955851)
950 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
951 enable the samba glusterfs vfs mofule in that case
952 - d/control: build-depend on libglusterfs-dev only on !i386 arches
953
954 -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300
955
767samba (2:4.16.4+dfsg-2) unstable; urgency=medium956samba (2:4.16.4+dfsg-2) unstable; urgency=medium
768957
769 * d/libldb2.symbols: include newly added symbols958 * d/libldb2.symbols: include newly added symbols
@@ -792,6 +981,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high
792981
793 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300982 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300
794983
984samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium
985
986 * Merge with Debian unstable (LP: #1982116). Remaining changes:
987 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
988 - debian/smb.conf;
989 + Add "(Samba, Ubuntu)" to server string.
990 + Comment out the default [homes] share, and add a comment about
991 "valid users = %s" to show users how to restrict access to
992 \\server\username to only username.
993 - debian/control: Ubuntu i386 binary compatibility:
994 + drop ceph support
995 - d/control: enable the liburing vfs module, except on i386 where
996 liburing is not available
997 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
998 Skip running the tests if on i386 platform, because the uring
999 package is not available there.
1000 - d/t/util: fix setting the password of the smb test user
1001 (LP #1955851)
1002 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1003 enable the samba glusterfs vfs mofule in that case
1004 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1005 * Dropped:
1006 - Update nfs scripts for new nfs.conf config (LP: #1961840):
1007 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1008 nfsconf(8) if it's available, instead of parsing the old config
1009 files in /etc/default/nfs-*
1010 [In 2:4.16.3+dfsg-1]
1011 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1012 used by the example enable-nfs.sh example script
1013 [In 2:4.16.3+dfsg-1]
1014 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
1015 used by the example enable-nfs.sh script
1016 [In 2:4.16.3+dfsg-1]
1017 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1018 obsolete, replaced by nfs.conf
1019 [In 2:4.16.3+dfsg-1]
1020 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1021 nfs.conf and other changes in the new nfs server packages
1022 [In 2:4.16.3+dfsg-1]
1023 - Fix abort when deleting a file and "fruit:resource = stream" is
1024 used. (LP #1977491)
1025 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1026 Add test that shows smbd crashing when deleting a file while using
1027 vfs_fruit with "fruit:resource = stream".
1028 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1029 Handle file deleting when "fruit:resource = stream" is used.
1030 [Fixed upstream]
1031 - Build dlz module for bind 9.18.x (LP #1964032)
1032 + d/p/add-support-for-bind-918.patch: build a dlz module for
1033 bind 9.18.x
1034 + d/p/add-support-for-bind-918-2.patch: also update the
1035 provisioning tool and template config file
1036 [Fixed upstream]
1037
1038 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300
1039
795samba (2:4.16.3+dfsg-1) unstable; urgency=medium1040samba (2:4.16.3+dfsg-1) unstable; urgency=medium
7961041
797 [ Michael Tokarev ]1042 [ Michael Tokarev ]
@@ -803,6 +1048,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium
8031048
804 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +03001049 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300
8051050
1051samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
1052
1053 * Merge with Debian unstable. Remaining changes:
1054 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1055 - debian/smb.conf;
1056 + Add "(Samba, Ubuntu)" to server string.
1057 + Comment out the default [homes] share, and add a comment about
1058 "valid users = %s" to show users how to restrict access to
1059 \\server\username to only username.
1060 - debian/control: Ubuntu i386 binary compatibility:
1061 + drop ceph support
1062 - d/control: enable the liburing vfs module, except on i386 where
1063 liburing is not available
1064 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1065 Skip running the tests if on i386 platform, because the uring
1066 package is not available there.
1067 - d/t/util: fix setting the password of the smb test user
1068 (LP #1955851)
1069 - Update nfs scripts for new nfs.conf config (LP #1961840):
1070 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1071 nfsconf(8) if it's available, instead of parsing the old config
1072 files in /etc/default/nfs-*
1073 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1074 used by the example enable-nfs.sh example script
1075 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
1076 used by the example enable-nfs.sh script
1077 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1078 obsolete, replaced by nfs.conf
1079 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1080 nfs.conf and other changes in the new nfs server packages
1081 - Build dlz module for bind 9.18.x (LP #1964032)
1082 + d/p/add-support-for-bind-918.patch: build a dlz module for
1083 bind 9.18.x
1084 + d/p/add-support-for-bind-918-2.patch: also update the
1085 provisioning tool and template config file
1086 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1087 enable the samba glusterfs vfs mofule in that case
1088 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1089 - Fix abort when deleting a file and "fruit:resource = stream" is
1090 used. (LP #1977491)
1091 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1092 Add test that shows smbd crashing when deleting a file while using
1093 vfs_fruit with "fruit:resource = stream".
1094 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1095 Handle file deleting when "fruit:resource = stream" is used.
1096
1097 -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300
1098
806samba (2:4.16.2+dfsg-1) unstable; urgency=medium1099samba (2:4.16.2+dfsg-1) unstable; urgency=medium
8071100
808 * new upstream minor/bugfix release.1101 * new upstream minor/bugfix release.
@@ -824,6 +1117,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium
8241117
825 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +03001118 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300
8261119
1120samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
1121
1122 * Fix abort when deleting a file and "fruit:resource = stream" is
1123 used. (LP: #1977491)
1124 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1125 Add test that shows smbd crashing when deleting a file while using
1126 vfs_fruit with "fruit:resource = stream".
1127 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1128 Handle file deleting when "fruit:resource = stream" is used.
1129
1130 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400
1131
1132samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium
1133
1134 * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining
1135 changes:
1136 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1137 - debian/smb.conf;
1138 + Add "(Samba, Ubuntu)" to server string.
1139 + Comment out the default [homes] share, and add a comment about
1140 "valid users = %s" to show users how to restrict access to
1141 \\server\username to only username.
1142 - debian/control: Ubuntu i386 binary compatibility:
1143 + drop ceph support
1144 - d/control: enable the liburing vfs module, except on i386 where
1145 liburing is not available
1146 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1147 Skip running the tests if on i386 platform, because the uring
1148 package is not available there.
1149 - d/t/util: fix setting the password of the smb test user
1150 (LP #1955851)
1151 - Update nfs scripts for new nfs.conf config (LP #1961840):
1152 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1153 nfsconf(8) if it's available, instead of parsing the old config
1154 files in /etc/default/nfs-*
1155 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1156 used by the example enable-nfs.sh example script
1157 + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota
1158 config file to be used by the example enable-nfs.sh script
1159 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1160 obsolete, replaced by nfs.conf
1161 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1162 nfs.conf and other changes in the new nfs server packages
1163 - Build dlz module for bind 9.18.x (LP #1964032)
1164 + d/p/add-support-for-bind-918.patch: build a dlz module for
1165 bind 9.18.x
1166 + d/p/add-support-for-bind-918-2.patch: also update the
1167 provisioning tool and template config file
1168 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1169 enable the samba glusterfs vfs mofule in that case
1170 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1171 * Dropped:
1172 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1173 the amount of in-tree crypto code that is built
1174 [superfluous, the version in the archive is recent enough]
1175 - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195)
1176 [Included in 2:4.13.13+dfsg-1]
1177 - d/control: bump required build-depends
1178 [Included in Debian]
1179 - d/samba-libs.install: update list of installed libraries and
1180 modules/plugins
1181 [Done in Debian]
1182 - debian/patches/CVE-2021-20254.patch: removed, applied upstream
1183 [Applied upstream, Debian didn't have this patch]
1184 - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
1185 [Applied usptream, Debian did not have it]
1186 - d/{gpb.conf,watch,README.source}: update for 4.15
1187 [Debian updated it for 4.16]
1188 - d/rules: remove --with-dnsupdate, it was merged with
1189 --with-ads in samba 4.15.0
1190 [Included in 2:4.16.0+dfsg-1]
1191 - d/rules: drop removal of ctdb tests, they are no longer installed
1192 [Included in 2:4.16.0+dfsg-1]
1193 - Remove findsmb, no longer installed:
1194 + d/smbclient.install: remove findsmb
1195 + d/rules: drop fixing of findsmb shebang
1196 [Included in 2:4.16.0+dfsg-1]
1197 - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
1198 no longer installed
1199 [Included in 2:4.16.0+dfsg-1]
1200 - d/ctdb.install: add tdb_mutex_check
1201 [Included in 2:4.16.0+dfsg-1]
1202 - d/winbind.install: add async_dns_krb5_locator
1203 [Included in 2:4.16.0+dfsg-1]
1204 - d/samba.install: install samba-bgqd and its manpage
1205 [Included in 2:4.16.0+dfsg-1]
1206 - d/{libsmbclient,libwbclient0}.symbols: symbols updates
1207 [Obsolete, these were for 4.15.5]
1208 - d/rules: drop dh_perl override, unneeded
1209 [Included in 2:4.16.0+dfsg-1]
1210 - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
1211 Windows 2021-10 Monthly Rollup patch (LP #1951490)
1212 [Included upstream in 4.16.0rc2]
1213 - d/rules: install the new/changed ctdb example nfs files
1214 [Installed via ctdb.examples]
1215 * Added:
1216 - rename ctdb example files nfs.conf and quota, to match what the
1217 enable-nfs.sh script expects
1218 - enable-nfs.sh ctdb example: use debian's filename for the
1219 static port sysctl configuration
1220 - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was
1221 renamed to "cluster lock"
1222
1223 -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300
1224
827samba (2:4.16.1+dfsg-8) unstable; urgency=medium1225samba (2:4.16.1+dfsg-8) unstable; urgency=medium
8281226
829 * fix the Breaks/Replaces versions in the previous upload for moving1227 * fix the Breaks/Replaces versions in the previous upload for moving
@@ -1120,6 +1518,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium
11201518
1121 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +03001519 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300
11221520
1521samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium
1522
1523 * No-change rebuild against libicu71
1524
1525 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000
1526
1527samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
1528
1529 * Enable glusterfs support (LP: #1894618):
1530 - d/control: revert disabling of glusterfs, since it's in main now
1531 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1532 enable the samba glusterfs vfs mofule in that case
1533 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1534
1535 -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300
1536
1537samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium
1538
1539 * Build dlz module for bind 9.18.x (LP: #1964032)
1540 - d/p/add-support-for-bind-918.patch: build a dlz module for
1541 bind 9.18.x
1542 - d/samba-libs.install: remove fixme comment
1543 - d/p/add-support-for-bind-918-2.patch: also update the provisioning
1544 tool and template config file
1545
1546 -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300
1547
1548samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium
1549
1550 * Update nfs scripts for new nfs.conf config (LP: #1961840):
1551 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1552 nfsconf(8) if it's available, instead of parsing the old config
1553 files in /etc/default/nfs-*
1554 - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
1555 enable-nfs.sh example script
1556 - d/ctdb.example.quota: quota config file to be used by the example
1557 enable-nfs.sh script
1558 - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
1559 nfs.conf
1560 - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
1561 changes in the new nfs server packages
1562 - d/rules: install the new/changed ctdb example nfs files
1563
1564 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300
1565
1566samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
1567
1568 * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
1569 Windows 2021-10 Monthly Rollup patch (LP: #1951490)
1570
1571 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300
1572
1573samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
1574
1575 * d/{gpb.conf,watch,README.source}: update for 4.15
1576 * New upstream release: 4.15.5 (LP: #1946839)
1577 * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
1578 * d/rules: remove --with-dnsupdate, it was merged with
1579 --with-ads in samba 4.15.0
1580 * d/control: bump required build-depends
1581 * d/rules: drop removal of ctdb tests, they are no longer installed
1582 * Remove findsmb, no longer installed:
1583 - d/smbclient.install: remove findsmb
1584 - d/rules: drop fixing of findsmb shebang
1585 * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
1586 no longer installed
1587 * d/samba-libs.install: update list of installed libraries and
1588 modules/plugins
1589 * d/ctdb.install: add tdb_mutex_check
1590 * d/winbind.install: add async_dns_krb5_locator
1591 * d/samba.install: install samba-bgqd and its manpage
1592 * d/{libsmbclient,libwbclient0}.symbols: symbols updates
1593 * d/control: add python3-markdown to build-depends
1594 * d/watch: updated to handle ~dfsg versioning, thanks to
1595 Sergio Durigan Junior <sergio.durigan@canonical.com>
1596
1597 -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300
1598
1599samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
1600
1601 * Update to 4.13.17 as a security update
1602 - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
1603 * Removed patches included in new version:
1604 - debian/patches/trusted_domain_regression_fix.patch
1605 - debian/patches/bug14901-*.patch
1606 - debian/patches/bug14922.patch
1607
1608 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500
1609
1123samba (2:4.13.14+dfsg-1) unstable; urgency=high1610samba (2:4.13.14+dfsg-1) unstable; urgency=high
11241611
1125 * New upstream security release in order to address the following defects:1612 * New upstream security release in order to address the following defects:
@@ -1146,6 +1633,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high
11461633
1147 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +01001634 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100
11481635
1636samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium
1637
1638 * No-change rebuild for icu soname change
1639
1640 -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600
1641
1642samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
1643
1644 * d/t/util: fix setting the password of the smb test user
1645 (LP: #1955851)
1646
1647 -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300
1648
1649samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium
1650
1651 * No-change rebuild with Python 3.10 as default version
1652
1653 -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000
1654
1655samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
1656
1657 * SECURITY REGRESSION: Kerberos authentication on standalone server in
1658 MIT realm broken
1659 - debian/patches/bug14922.patch: fix MIT Realm regression in
1660 source3/auth/user_krb5.c.
1661
1662 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500
1663
1664samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium
1665
1666 * Update to 4.13.14 as a security update (LP: #1950363)
1667 - debian/patches/CVE-2021-20254.patch: removed, included in new
1668 version.
1669 - debian/control: bump ldb Build-Depends to 2.2.3.
1670 - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
1671 - debian/patches/trusted_domain_regression_fix.patch: fix regression
1672 introduced in 4.13.14.
1673 - debian/patches/bug14901-*.patch: upstream patches to fix some
1674 mapping issues.
1675 - debian/patches/bug14918-*.patch: upstream patches to properly handle
1676 dangling symlinks.
1677 - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
1678 CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
1679
1680 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500
1681
1149samba (2:4.13.13+dfsg-1) unstable; urgency=high1682samba (2:4.13.13+dfsg-1) unstable; urgency=high
11501683
1151 [ Athos Ribeiro ]1684 [ Athos Ribeiro ]
@@ -1167,6 +1700,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high
11671700
1168 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +01001701 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100
11691702
1703samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium
1704
1705 * No-change rebuild against liburing2
1706
1707 -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100
1708
1709samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
1710
1711 * d/samba.postinst: do not populate sambashare from the admin group
1712 (Debian packaging cherry-pick. LP: #1942195)
1713
1714 -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200
1715
1716samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium
1717
1718 * No-change rebuild due to OpenLDAP soname bump.
1719
1720 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400
1721
1722samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
1723
1724 * Merge with Debian unstable. Remaining changes:
1725 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1726 - debian/smb.conf;
1727 + Add "(Samba, Ubuntu)" to server string.
1728 + Comment out the default [homes] share, and add a comment about
1729 "valid users = %s" to show users how to restrict access to
1730 \\server\username to only username.
1731 - d/control: Disable glusterfs support because it's not in main.
1732 MIR bug is https://launchpad.net/bugs/1274247
1733 - debian/control: Ubuntu i386 binary compatibility:
1734 + drop ceph support
1735 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1736 the amount of in-tree crypto code that is built
1737 - d/control: enable the liburing vfs module, except on i386 where
1738 liburing is not available
1739 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1740 Skip running the tests if on i386 platform, because the uring
1741 package is not available there.
1742 * Dropped changes:
1743 - debian/samba-common.config:
1744 + Do not change priority to high if dhclient3 is installed.
1745 [Included in 2:4.13.4+dfsg-1]
1746 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1747 change nfs service name from nfs to nfs-kernel-server
1748 (LP #722201)
1749 [Included in 2:4.13.4+dfsg-1]
1750 - d/p/ctdb-config-enable-syslog-by-default.patch:
1751 enable syslog and systemd journal by default
1752 [Included in 2:4.13.4+dfsg-1]
1753 - debian/rules: Ubuntu i386 binary compatibility:
1754 + drop ceph support
1755 + disable the following binary packages:
1756 - ctdb
1757 - libnss-winbind
1758 - libpam-winbind
1759 - python3-samba
1760 - samba
1761 - samba-common-bin
1762 - samba-testsuite
1763 - winbind
1764 [Included in 2:4.13.4+dfsg-1]
1765 - debian/rules: Ubuntu i386 binary compatibility:
1766 + re-enable the following binary packages:
1767 - libnss-winbind
1768 - samba-common-bin
1769 - python3-samba
1770 - winbind
1771 [Included in 2:4.13.4+dfsg-1]
1772 - SECURITY UPDATE: wrong group entries via negative idmap cache entries
1773 + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
1774 source3/passdb/lookup_sid.c.
1775 + CVE-2021-20254
1776 [Included in 2:4.13.5+dfsg-2]
1777
1778 -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300
1779
1170samba (2:4.13.5+dfsg-2) unstable; urgency=high1780samba (2:4.13.5+dfsg-2) unstable; urgency=high
11711781
1172 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group1782 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
@@ -1198,6 +1808,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium
11981808
1199 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +01001809 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100
12001810
1811samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
1812
1813 * SECURITY UPDATE: wrong group entries via negative idmap cache entries
1814 - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
1815 source3/passdb/lookup_sid.c.
1816 - CVE-2021-20254
1817
1818 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400
1819
1820samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
1821
1822 * No change rebuild to pick up liburing, and also
1823 fix d/t/cifs-share-access-uring. (LP: #1914145)
1824
1825 -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300
1826
1827samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
1828
1829 * Merge with Debian unstable. Remaining changes:
1830 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1831 - debian/smb.conf;
1832 + Add "(Samba, Ubuntu)" to server string.
1833 + Comment out the default [homes] share, and add a comment about
1834 "valid users = %s" to show users how to restrict access to
1835 \\server\username to only username.
1836 - debian/samba-common.config:
1837 + Do not change priority to high if dhclient3 is installed.
1838 - d/control, d/rules: Disable glusterfs support because it's not in main.
1839 MIR bug is https://launchpad.net/bugs/1274247
1840 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1841 change nfs service name from nfs to nfs-kernel-server
1842 (LP #722201)
1843 - d/p/ctdb-config-enable-syslog-by-default.patch:
1844 enable syslog and systemd journal by default
1845 - debian/rules: Ubuntu i386 binary compatibility:
1846 + drop ceph support
1847 + disable the following binary packages:
1848 - ctdb
1849 - libnss-winbind
1850 - libpam-winbind
1851 - python3-samba
1852 - samba
1853 - samba-common-bin
1854 - samba-testsuite
1855 - winbind
1856 - debian/control: Ubuntu i386 binary compatibility:
1857 + drop ceph support
1858 - debian/rules: Ubuntu i386 binary compatibility:
1859 + re-enable the following binary packages:
1860 - libnss-winbind
1861 - samba-common-bin
1862 - python3-samba
1863 - winbind
1864 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1865 the amount of in-tree crypto code that is built
1866 - d/control: enable the liburing vfs module, except on i386 where
1867 liburing is not available
1868 * Dropped changes, incorporated by Debian:
1869 - d/t/smbclient-anonymous-share-list: add set -x and set -e
1870 - Factor out common DEP8 test code into d/t/util and change the tests
1871 to source from it:
1872 + d/t/util: added
1873 + d/t/cifs-share-access, d/t/smbclient-share-access: source from
1874 util, use random share name and add set -x and set -u
1875 + d/t/smbclient-authenticated-share-list: source from util and add
1876 set -x and set -u
1877 - Add new DEP8 tests for the uring vfs module:
1878 + d/t/control: add smbclient-share-access-uring and
1879 cifs-share-access-uring tests
1880 + d/t/smbclient-share-access-uring: new test
1881 + d/t/cifs-share-access-uring: new test
1882 - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
1883 guard uring tests with a kernel version check and skip if it's too old
1884 * Added changes:
1885 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1886 Skip running the tests if on i386 platform, because the uring
1887 package is not available there.
1888
1889 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500
1890
1201samba (2:4.13.3+dfsg-1) unstable; urgency=medium1891samba (2:4.13.3+dfsg-1) unstable; urgency=medium
12021892
1203 [ Andreas Hasenack ]1893 [ Andreas Hasenack ]
@@ -1213,6 +1903,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium
12131903
1214 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +01001904 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100
12151905
1906samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium
1907
1908 * Merge with Debian unstable (LP: #1905048). Remaining changes:
1909 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1910 - debian/smb.conf;
1911 + Add "(Samba, Ubuntu)" to server string.
1912 + Comment out the default [homes] share, and add a comment about
1913 "valid users = %s" to show users how to restrict access to
1914 \\server\username to only username.
1915 - debian/samba-common.config:
1916 + Do not change priority to high if dhclient3 is installed.
1917 - d/control, d/rules: Disable glusterfs support because it's not in main.
1918 MIR bug is https://launchpad.net/bugs/1274247
1919 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1920 change nfs service name from nfs to nfs-kernel-server
1921 (LP #722201)
1922 - d/p/ctdb-config-enable-syslog-by-default.patch:
1923 enable syslog and systemd journal by default
1924 - debian/rules: Ubuntu i386 binary compatibility:
1925 + drop ceph support
1926 + disable the following binary packages:
1927 - ctdb
1928 - libnss-winbind
1929 - libpam-winbind
1930 - python3-samba
1931 - samba
1932 - samba-common-bin
1933 - samba-testsuite
1934 - winbind
1935 - debian/control: Ubuntu i386 binary compatibility:
1936 + drop ceph support
1937 - debian/rules: Ubuntu i386 binary compatibility:
1938 + re-enable the following binary packages:
1939 - libnss-winbind
1940 - samba-common-bin
1941 - python3-samba
1942 - winbind
1943 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1944 the amount of in-tree crypto code that is built
1945 * d/t/smbclient-anonymous-share-list: add set -x and set -e
1946 * Factor out common DEP8 test code into d/t/util and change the tests
1947 to source from it:
1948 - d/t/util: added
1949 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
1950 util, use random share name and add set -x and set -u
1951 - d/t/smbclient-authenticated-share-list: source from util and add
1952 set -x and set -u
1953 * d/control: enable the liburing vfs module, except on i386 where
1954 liburing is not available
1955 * Add new DEP8 tests for the uring vfs module:
1956 - d/t/control: add smbclient-share-access-uring and
1957 cifs-share-access-uring tests
1958 - d/t/smbclient-share-access-uring: new test
1959 - d/t/cifs-share-access-uring: new test
1960 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
1961 guard uring tests with a kernel version check and skip if it's too old
1962 * Dropped changes:
1963 - SECURITY UPDATE: Unauthenticated domain controller compromise by
1964 subverting Netlogon cryptography (ZeroLogon)
1965 + debian/patches/zerologon-*.patch: backport upstream patches:
1966 + For compatibility reasons, allow specifying an insecure netlogon
1967 configuration per machine. See the following link for examples:
1968 https://www.samba.org/samba/security/CVE-2020-1472.html
1969 + Add additional server checks for the protocol attack in the
1970 client-specified challenge to provide some protection when
1971 'server schannel = no/auto' and avoid the false-positive results
1972 when running the proof-of-concept exploit.
1973 [ Incorporated by upstream. ]
1974 - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
1975 + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
1976 get set unless the directory handle is open for SEC_DIR_LIST in
1977 source4/torture/smb2/notify.c, source3/smbd/notify.c.
1978 + CVE-2020-14318
1979 - SECURITY UPDATE: Unprivileged user can crash winbind
1980 + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
1981 source3/winbindd/winbindd_lookupsids.c,
1982 source4/torture/winbind/struct_based.c.
1983 + CVE-2020-14323
1984 - SECURITY UPDATE: DNS server crash via invalid records
1985 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
1986 with NULL and do not crash when additional data not found in
1987 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
1988 + CVE-2020-14383
1989 [ Incorporated by upstream. ]
1990
1991 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500
1992
1216samba (2:4.13.2+dfsg-3) unstable; urgency=medium1993samba (2:4.13.2+dfsg-3) unstable; urgency=medium
12171994
1218 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)1995 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
@@ -1258,6 +2035,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium
12582035
1259 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +01002036 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100
12602037
2038samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
2039
2040 * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
2041 - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
2042 get set unless the directory handle is open for SEC_DIR_LIST in
2043 source4/torture/smb2/notify.c, source3/smbd/notify.c.
2044 - CVE-2020-14318
2045 * SECURITY UPDATE: Unprivileged user can crash winbind
2046 - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
2047 source3/winbindd/winbindd_lookupsids.c,
2048 source4/torture/winbind/struct_based.c.
2049 - CVE-2020-14323
2050 * SECURITY UPDATE: DNS server crash via invalid records
2051 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
2052 with NULL and do not crash when additional data not found in
2053 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2054 - CVE-2020-14383
2055
2056 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400
2057
2058samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
2059
2060 * SECURITY UPDATE: Unauthenticated domain controller compromise by
2061 subverting Netlogon cryptography (ZeroLogon)
2062 - debian/patches/zerologon-*.patch: backport upstream patches:
2063 + For compatibility reasons, allow specifying an insecure netlogon
2064 configuration per machine. See the following link for examples:
2065 https://www.samba.org/samba/security/CVE-2020-1472.html
2066 + Add additional server checks for the protocol attack in the
2067 client-specified challenge to provide some protection when
2068 'server schannel = no/auto' and avoid the false-positive results
2069 when running the proof-of-concept exploit.
2070 - CVE-2020-1472
2071
2072 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400
2073
2074samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
2075
2076 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
2077 guard uring tests with a kernel version check and skip if it's too old
2078
2079 -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300
2080
2081samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
2082
2083 * d/t/smbclient-anonymous-share-list: add set -x and set -e
2084 * Factor out common DEP8 test code into d/t/util and change the tests
2085 to source from it:
2086 - d/t/util: added
2087 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
2088 util, use random share name and add set -x and set -u
2089 - d/t/smbclient-authenticated-share-list: source from util and add
2090 set -x and set -u
2091 * d/control: enable the liburing vfs module, except on i386 where
2092 liburing is not available
2093 * Add new DEP8 tests for the uring vfs module:
2094 - d/t/control: add smbclient-share-access-uring and
2095 cifs-share-access-uring tests
2096 - d/t/smbclient-share-access-uring: new test
2097 - d/t/cifs-share-access-uring: new test
2098
2099 -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300
2100
2101samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
2102
2103 * Merge with Debian unstable. Remaining changes:
2104 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
2105 - debian/smb.conf;
2106 + Add "(Samba, Ubuntu)" to server string.
2107 + Comment out the default [homes] share, and add a comment about
2108 "valid users = %s" to show users how to restrict access to
2109 \\server\username to only username.
2110 - debian/samba-common.config:
2111 + Do not change priority to high if dhclient3 is installed.
2112 - d/control, d/rules: Disable glusterfs support because it's not in main.
2113 MIR bug is https://launchpad.net/bugs/1274247
2114 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2115 change nfs service name from nfs to nfs-kernel-server
2116 (LP #722201)
2117 - d/p/ctdb-config-enable-syslog-by-default.patch:
2118 enable syslog and systemd journal by default
2119 - debian/rules: Ubuntu i386 binary compatibility:
2120 + drop ceph support
2121 + disable the following binary packages:
2122 - ctdb
2123 - libnss-winbind
2124 - libpam-winbind
2125 - python3-samba
2126 - samba
2127 - samba-common-bin
2128 - samba-testsuite
2129 - winbind
2130 - debian/control: Ubuntu i386 binary compatibility:
2131 + drop ceph support
2132 - debian/rules: Ubuntu i386 binary compatibility:
2133 + re-enable the following binary packages:
2134 - libnss-winbind
2135 - samba-common-bin
2136 - python3-samba
2137 - winbind
2138 - d/control: add a versioned libgnutls28-dev build-depends to reduce
2139 the amount of in-tree crypto code that is built
2140 * Dropped:
2141 - d/gbp.conf, d/watch, d/README.source: update for 4.12
2142 [In 2:4.12.3+dfsg-1]
2143 - d/control: bump build-depends:
2144 + ldb: 2.1.2
2145 + tevent: 0.10.2
2146 + tdb: 1.4.3
2147 + talloc: 2.3.1
2148 [In 2:4.12.3+dfsg-1]
2149 - d/smbclient.install: add new binary mdfind and its manpage
2150 [In 2:4.12.3+dfsg-1]
2151 - d/samba-dev.install, d/samba-libs.install: new lib
2152 libdcerpc-server-core
2153 [In 2:4.12.3+dfsg-1]
2154 - d/samba-libs.install: new library libtalloc-report-printf
2155 [In 2:4.12.3+dfsg-1]
2156 - d/libwbclient0.install: remove libaesni, no longer built when
2157 gnutls provides AES CMAC
2158 [In 2:4.12.3+dfsg-1]
2159 - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
2160 [In 2:4.12.3+dfsg-1]
2161 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
2162 [Dropped in 2:4.12.3+dfsg-1]
2163 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
2164 [Dropped in 2:4.12.3+dfsg-1]
2165 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
2166 [Dropped in 2:4.12.3+dfsg-1]
2167
2168 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300
2169
1261samba (2:4.12.5+dfsg-3) unstable; urgency=high2170samba (2:4.12.5+dfsg-3) unstable; urgency=high
12622171
1263 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump2172 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
@@ -1322,6 +2231,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium
13222231
1323 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +02002232 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200
13242233
2234samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
2235
2236 * New upstream version: 4.12.2
2237 * d/gbp.conf, d/watch, d/README.source: update for 4.12
2238 * d/control: bump build-depends:
2239 - ldb: 2.1.2
2240 - tevent: 0.10.2
2241 - tdb: 1.4.3
2242 - talloc: 2.3.1
2243 * d/smbclient.install: add new binary mdfind and its manpage
2244 * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
2245 * d/samba-libs.install: new library libtalloc-report-printf
2246 * d/libwbclient0.install: remove libaesni, no longer built when
2247 gnutls provides AES CMAC
2248 * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
2249 * d/control: add a versioned libgnutls28-dev build-depends to reduce
2250 the amount of in-tree crypto code that is built
2251 * Dropped (applied upstream):
2252 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
2253 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
2254 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
2255 - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
2256
2257 -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300
2258
2259samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
2260
2261 * SECURITY UPDATE: Use-after-free in AD DC LDAP server
2262 - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
2263 combination with paged_results in selftest/knownfail.d/asq,
2264 source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
2265 - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
2266 for the GUID search in paged_results in selftest/knownfail.d/asq,
2267 source4/dsdb/samdb/ldb_modules/paged_results.c.
2268 - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
2269 Build-Depends to 2.0.10.
2270 - CVE-2020-10700
2271 * SECURITY UPDATE: Stack overflow in AD DC LDAP server
2272 - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
2273 auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
2274 lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
2275 libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
2276 source3/lib/tldap.c, source3/lib/tldap_util.c,
2277 source3/libsmb/clispnego.c, source3/torture/torture.c,
2278 source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
2279 source4/libcli/ldap/ldap_client.c,
2280 source4/libcli/ldap/ldap_controls.c.
2281 - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
2282 lib/util/asn1.c.
2283 - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
2284 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
2285 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
2286 lib/param/loadparm.c, source3/param/loadparm.c.
2287 - debian/patches/CVE-2020-10704-6.patch: limit request sizes in
2288 source4/ldap_server/ldap_server.c.
2289 - debian/patches/CVE-2020-10704-7.patch: add search size limits to
2290 ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
2291 lib/param/loadparm.c, libcli/cldap/cldap.c,
2292 libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
2293 source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
2294 source4/libcli/ldap/ldap_client.c.
2295 - debian/patches/CVE-2020-10704-8.patch: check search request lengths
2296 in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
2297 - CVE-2020-10704
2298
2299 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400
2300
2301samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium
2302
2303 * New upstream release: 4.11.6
2304 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream
2305
2306 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300
2307
2308samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium
2309
2310 * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324)
2311
2312 -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300
2313
2314samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
2315
2316 * Merge with Debian unstable. Remaining changes:
2317 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2318 - debian/smb.conf;
2319 + Add "(Samba, Ubuntu)" to server string.
2320 + Comment out the default [homes] share, and add a comment about
2321 "valid users = %s" to show users how to restrict access to
2322 \\server\username to only username.
2323 - debian/samba-common.config:
2324 + Do not change priority to high if dhclient3 is installed.
2325 - d/control, d/rules: Disable glusterfs support because it's not in main.
2326 MIR bug is https://launchpad.net/bugs/1274247
2327 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2328 change nfs service name from nfs to nfs-kernel-server
2329 (LP #722201)
2330 - d/p/ctdb-config-enable-syslog-by-default.patch:
2331 enable syslog and systemd journal by default
2332 - debian/rules: Ubuntu i386 binary compatibility:
2333 + drop ceph support
2334 + disable the following binary packages:
2335 - ctdb
2336 - libnss-winbind
2337 - libpam-winbind
2338 - python3-samba
2339 - samba
2340 - samba-common-bin
2341 - samba-testsuite
2342 - winbind
2343 - debian/control: Ubuntu i386 binary compatibility:
2344 + drop ceph support
2345 - debian/rules: Ubuntu i386 binary compatibility:
2346 + re-enable the following binary packages:
2347 - libnss-winbind
2348 - samba-common-bin
2349 - python3-samba
2350 - winbind
2351 * Dropped:
2352 - d/control: drop python3-matplotlib. It's only used in
2353 script/attr_count_read which is not installed with the
2354 samba packages.
2355 [In 2:4.11.3+dfsg-1]
2356
2357 -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300
2358
1325samba (2:4.11.5+dfsg-1) unstable; urgency=medium2359samba (2:4.11.5+dfsg-1) unstable; urgency=medium
13262360
1327 * New upstream security release2361 * New upstream security release
@@ -1349,6 +2383,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high
13492383
1350 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +01002384 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100
13512385
2386samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium
2387
2388 * Ubuntu i386 binary compatibility effort: (LP: #1861316)
2389 - debian/rules:
2390 + re-enable the following binary packages generation:
2391 - libnss-winbind
2392 - samba-common-bin
2393 - python3-samba
2394 - winbind
2395
2396 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000
2397
2398samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium
2399
2400 * No-change rebuild to build with python3.8.
2401
2402 -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000
2403
2404samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium
2405
2406 * Ubuntu i386 binary compatibility effort: (LP: #1858479)
2407 - debian/control:
2408 + drop ceph support
2409 - debian/rules:
2410 + drop ceph support
2411 + disable the following binary packages generation:
2412 - ctdb
2413 - libnss-winbind
2414 - libpam-winbind
2415 - python3-samba
2416 - samba
2417 - samba-common-bin
2418 - samba-testsuite
2419 - winbind
2420
2421 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000
2422
2423samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium
2424
2425 * Merge with Debian unstable. Remaining changes:
2426 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2427 - debian/smb.conf;
2428 + Add "(Samba, Ubuntu)" to server string.
2429 + Comment out the default [homes] share, and add a comment about
2430 "valid users = %s" to show users how to restrict access to
2431 \\server\username to only username.
2432 - debian/samba-common.config:
2433 + Do not change priority to high if dhclient3 is installed.
2434 - d/control, d/rules: Disable glusterfs support because it's not in main.
2435 MIR bug is https://launchpad.net/bugs/1274247
2436 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2437 change nfs service name from nfs to nfs-kernel-server
2438 (LP #722201)
2439 [Adopted the Debian version and added a couple of extra hunks
2440 we had]
2441 - d/p/ctdb-config-enable-syslog-by-default.patch:
2442 enable syslog and systemd journal by default
2443 * Dropped:
2444 - Add apport hook:
2445 + Created debian/source_samba.py.
2446 + debian/rules, debian/samba-common-bin.install: install hook.
2447 [In 2:4.9.4+dfsg-2]
2448 - Removed patches already applied upstream:
2449 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
2450 [Removed in 2:4.10.7+dfsg-1]
2451 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
2452 [Removed in 4.9.5+dfsg-1]
2453 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
2454 [Refreshed in 2:4.1.17+dfsg-1]
2455 - d/control: Updated build dependencies (already updated in Debian):
2456 + tdb >= 1.3.17
2457 + talloc >= 2.1.15
2458 + tevent >= 0.9.38
2459 + ldb >= 1.5.3
2460 - d/samba-common.docs: README is now README.md
2461 [In 2:4.10.7+dfsg-1]
2462 - d/libsmbclient.symbols: update symbols for this version
2463 - d/libwbclient0.symbols: update symbols for this version
2464 - d/ctdb.install: new binary ctdb_local_daemons
2465 [In 2:4.10.7+dfsg-1]
2466 - d/samba-dev.install: use globbing for the header files with
2467 exceptions for wbclient.h and libsmbclient.h, which belong in
2468 other packages.
2469 [In 2:4.10.7+dfsg-1]
2470 - d/rules: fix globbing used to move the dckeytab python module to the
2471 samba package, and add a comment explaining why this is being done.
2472 [In 2:4.10.7+dfsg-1]
2473 - Switch to python3 (in 2:4.10.7+dfsg-1):
2474 + d/rules: calculate the ldb version using python3, and drop the
2475 "really" bit since the real 1.5.x series is being used now.
2476 + d/rules: make sure python3 is used for the build
2477 + d/rules: adjust globbing to remove the python3 version of tevent.so
2478 + d/rules: drop PYVERS, unused
2479 + d/control: adjust dependencies (build and runtime) for python3
2480 + d/python3-samba.install, d/control: new python3-samba package
2481 (LP #1440381)
2482 + d/control, d/python-samba.install: get rid of python-samba, which is py2
2483 + d/python3-samba.lintian-overrides: use the same overrides we had for
2484 python-samba, now deleted.
2485 + d/samba-dev.install, d/samba-libs.install: update file list
2486 + d/t/control, d/t/python-smoke: use python3
2487 + d/control: use ${python3:Depends} now instead of the python 2
2488 counterpart for samba and samba-common-bin.
2489 - d/control: drop suggests for python-gpgme, it's no longer available.
2490 [In 2:4.10.7+dfsg-1]
2491 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
2492 [In 2:4.10.7+dfsg-1]
2493 - d/control: update cmocka build-depends to >= 1.1.3
2494 [In 2:4.10.7+dfsg-1]
2495 - d/samba-libs.install: bump passdb minor to 0.27.2
2496 [In 2:4.10.7+dfsg-1]
2497 - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
2498 to allow pid file to exist (LP #1821775)
2499 [In 2:4.10.7+dfsg-1]
2500 - Allow proper ctdb initalization (LP #1828799):
2501 + d/ctdb.dirs: added /var/lib/ctdb/* directories
2502 + d/ctdb.postrm: remove leftovers from:
2503 /var/lib/ctdb/{state,persistent,volatile,scripts}
2504 [In 2:4.10.7+dfsg-1]
2505 - d/rules: installing provided config examples and helper scripts
2506 - Examples of NFS HA CTDB config files + helper script:
2507 + d/ctdb.example.enable.nfs.sh
2508 + d/ctdb.example.nfs-common
2509 + d/ctdb.example.nfs-kernel-server
2510 + d/ctdb.example.services
2511 + d/ctdb.example.sysctl-nfs-static-ports.conf
2512 [In 2:4.10.7+dfsg-1]
2513 - debian/rules: Make DEB_HOST_ARCH_CPU initialized through
2514 dpkg-architecture (Closes: #931138)
2515 [In 2:4.10.7+dfsg-1]
2516 - d/control: update ldb build-deps to 1.5.5
2517 [In 2:4.10.7+dfsg-1]
2518 - SECURITY UPDATE: restricted share escape by user (LP #1842533)
2519 [fixed upstream in 4.11.0rc2]
2520 + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
2521 out impersonation debug info into a new function.
2522 + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
2523 change_to_user_internal() always resets current_user.done_chdir
2524 + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
2525 reset current_user.{need,done}_chdir in become_root()
2526 + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
2527 fsrvp_share its own independent subdirectory
2528 + debian/patches/CVE-2019-10197-05-v4-10.patch:
2529 test_smbclient_s3.sh: add regression test for the no permission
2530 on share root problem
2531 + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
2532 change_to_user_impersonate() out of change_to_user_internal()
2533 + CVE-2019-10197
2534 * Added:
2535 - d/control: drop python3-matplotlib. It's only used in
2536 script/attr_count_read which is not installed with the
2537 samba packages.
2538
2539 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300
2540
1352samba (2:4.11.1+dfsg-3) unstable; urgency=medium2541samba (2:4.11.1+dfsg-3) unstable; urgency=medium
13532542
1354 * Add some python dependencies:2543 * Add some python dependencies:
@@ -1557,6 +2746,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium
15572746
1558 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +02002747 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200
15592748
2749samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium
2750
2751 * No-change rebuild to build with python3.8.
2752
2753 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000
2754
2755samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium
2756
2757 * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
2758 - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
2759 out impersonation debug info into a new function.
2760 - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
2761 change_to_user_internal() always resets current_user.done_chdir
2762 - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
2763 reset current_user.{need,done}_chdir in become_root()
2764 - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
2765 fsrvp_share its own independent subdirectory
2766 - debian/patches/CVE-2019-10197-05-v4-10.patch:
2767 test_smbclient_s3.sh: add regression test for the no permission
2768 on share root problem
2769 - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
2770 change_to_user_impersonate() out of change_to_user_internal()
2771 - CVE-2019-10197
2772
2773 -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700
2774
2775samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium
2776
2777 * New upstream version: 4.10.7
2778 - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped,
2779 included upstream in 4.10.7
2780
2781 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300
2782
2783samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium
2784
2785 * New upstream version: 4.10.6
2786 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update
2787 the Debian config and use it.
2788 - d/control: update ldb build-deps to 1.5.5
2789 * Dropped:
2790 - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5
2791 - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5
2792 - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3
2793 - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2
2794 - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2
2795 - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1
2796 - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed
2797 upstream in 4.10.5
2798
2799 -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300
2800
2801samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium
2802
2803 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2804 change service name from nfs to nfs-kernel-server in
2805 legacy script 06.nfs.script also (LP: #722201)
2806
2807 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000
2808
2809samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium
2810
2811 * debian/rules: Make DEB_HOST_ARCH_CPU initialized through
2812 dpkg-architecture (Closes: #931138)
2813 * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch:
2814 fix tcp_tw_recycle existence check. (LP: #722201)
2815 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2816 change nfs service name from nfs to nfs-kernel-server
2817 (LP: #722201)
2818 * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
2819 to allow pid file to exist (LP: #1821775)
2820 * Allow proper ctdb initialization (LP: #1828799):
2821 - d/ctdb.dirs: added /var/lib/ctdb/* directories
2822 - d/ctdb.postrm: remove leftovers from:
2823 /var/lib/ctdb/{state,persistent,volatile,scripts}
2824 * d/rules: installing provided config examples and helper scripts
2825 * Examples of NFS HA CTDB config files + helper script:
2826 - d/ctdb.example.enable.nfs.sh
2827 - d/ctdb.example.nfs-common
2828 - d/ctdb.example.nfs-kernel-server
2829 - d/ctdb.example.services
2830 - d/ctdb.example.sysctl-nfs-static-ports.conf
2831 * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch:
2832 do not try to start daemon if /etc/ctdb/nodes does not exist
2833 * d/p/ctdb-config-enable-syslog-by-default.patch:
2834 enable syslog and systemd journal by default
2835
2836 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000
2837
2838samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
2839
2840 * SECURITY UPDATE: zone operations can crash rpc server
2841 - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
2842 not found in DnssrvOperation in
2843 python/samba/tests/dcerpc/dnsserver.py,
2844 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2845 - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
2846 not found in DnssrvOperation2 in
2847 python/samba/tests/dcerpc/dnsserver.py,
2848 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2849 - CVE-2019-12435
2850 * SECURITY UPDATE: paged_searches crash on LDAP and homes access
2851 - debian/patches/CVE-2019-12436.patch: ignore successful results
2852 without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
2853 source4/dsdb/tests/python/vlv.py.
2854 - CVE-2019-12436
2855
2856 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400
2857
2858samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium
2859
2860 * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
2861 - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
2862 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
2863 source4/torture/krb5/kdc-canon-heimdal.c.
2864 - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
2865 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
2866 source4/heimdal/kdc/krb5tgs.c.
2867 - CVE-2018-16860
2868
2869 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400
2870
2871samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium
2872
2873 * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
2874 - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
2875 umask being overwritten in python/samba/tests/ntacls_backup.py,
2876 python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
2877 selftest/knownfail.d/umask-leak.
2878 - debian/patches/CVE-2019-3870-2.patch: add test to check
2879 file-permissions are correct after provision in
2880 selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
2881 source4/setup/tests/provision_fileperms.sh.
2882 - debian/patches/CVE-2019-3870-3.patch: include tests to show the
2883 outside umask has no impact in python/samba/tests/ntacls_backup.py,
2884 python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
2885 - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
2886 close as possible to users in source3/smbd/pysmbd.c,
2887 selftest/knownfail.d/provision_fileperms,
2888 selftest/knownfail.d/umask-leak.
2889 - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
2890 smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
2891 source3/smbd/pysmbd.c.
2892 - CVE-2019-3870
2893 * SECURITY UPDATE: save registry file outside share as unprivileged user
2894 - debian/patches/CVE-2019-3880.patch: remove implementations of
2895 SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
2896 - CVE-2019-3880
2897
2898 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400
2899
2900samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium
2901
2902 * New upstream version: 4.10.0
2903 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
2904 - d/control: update cmocka build-depends to >= 1.1.3
2905 - d/samba-libs.install: bump passdb minor to 0.27.2
2906 * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to
2907 Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846)
2908
2909 -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300
2910
2911samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium
2912
2913 * New upstream version 4.10.0rc4 (LP: #1818518):
2914 - Removed patches already applied upstream:
2915 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
2916 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
2917 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
2918 - d/control: Updated build dependencies:
2919 + tdb >= 1.3.17
2920 + talloc >= 2.1.15
2921 + tevent >= 0.9.38
2922 + ldb >= 1.5.3
2923 - d/samba-common.docs: README is now README.md
2924 - d/libsmbclient.symbols: update symbols for this version
2925 - d/libwbclient0.symbols: update symbols for this version
2926 - d/ctdb.install: new binary ctdb_local_daemons
2927 - d/samba-dev.install: use globbing for the header files with
2928 exceptions for wbclient.h and libsmbclient.h, which belong in
2929 other packages.
2930 - d/rules: fix globbing used to move the dckeytab python module to the
2931 samba package, and add a comment explaining why this is being done.
2932 * Switch to python3:
2933 - d/rules: calculate the ldb version using python3, and drop the
2934 "really" bit since the real 1.5.x series is being used now.
2935 - d/rules: make sure python3 is used for the build
2936 - d/rules: adjust globbing to remove the python3 version of tevent.so
2937 - d/rules: drop PYVERS, unused
2938 - d/control: adjust dependencies (build and runtime) for python3
2939 - d/python3-samba.install, d/control: new python3-samba package
2940 (LP: #1440381)
2941 - d/control, d/python-samba.install: get rid of python-samba, which is py2
2942 - d/python3-samba.lintian-overrides: use the same overrides we had for
2943 python-samba, now deleted.
2944 - d/samba-dev.install, d/samba-libs.install: update file list
2945 - d/t/control, d/t/python-smoke: use python3
2946 - d/control: use ${python3:Depends} now instead of the python 2
2947 counterpart for samba and samba-common-bin.
2948 * d/control: drop suggests for python-gpgme, it's no longer available.
2949
2950 -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000
2951
1560samba (2:4.9.5+dfsg-1) experimental; urgency=medium2952samba (2:4.9.5+dfsg-1) experimental; urgency=medium
15612953
1562 * New upstream release2954 * New upstream release
@@ -1601,6 +2993,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium
16012993
1602 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +01002994 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100
16032995
2996samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium
2997
2998 * Merge with Debian unstable. Remaining changes:
2999 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3000 - debian/smb.conf;
3001 + Add "(Samba, Ubuntu)" to server string.
3002 + Comment out the default [homes] share, and add a comment about
3003 "valid users = %s" to show users how to restrict access to
3004 \\server\username to only username.
3005 - debian/samba-common.config:
3006 + Do not change priority to high if dhclient3 is installed.
3007 - Add apport hook:
3008 + Created debian/source_samba.py.
3009 + debian/rules, debian/samba-common-bin.install: install hook.
3010 - d/control, d/rules: Disable glusterfs support because it's not in main.
3011 MIR bug is https://launchpad.net/bugs/1274247
3012 * Dropped:
3013 - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
3014 failing without a valid idmap configuration. This fixes the smbd startup
3015 on a standalone server where winbind is available and running. Thanks to
3016 Stefan Metzmacher <metze@samba.org>. (LP #1806035)
3017 [Fixed in 2:4.9.4+dfsg-1]
3018
3019 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200
3020
1604samba (2:4.9.4+dfsg-1) unstable; urgency=medium3021samba (2:4.9.4+dfsg-1) unstable; urgency=medium
16053022
1606 * New upstream release3023 * New upstream release
@@ -1611,6 +3028,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium
16113028
1612 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +01003029 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100
16133030
3031samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium
3032
3033 * No-change rebuild for readline soname change.
3034
3035 -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000
3036
3037samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
3038
3039 * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
3040 failing without a valid idmap configuration. This fixes the smbd startup
3041 on a standalone server where winbind is available and running. Thanks to
3042 Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
3043
3044 -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
3045
3046samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
3047
3048 * Merge with Debian unstable. Remaining changes:
3049 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3050 - debian/smb.conf;
3051 + Add "(Samba, Ubuntu)" to server string.
3052 + Comment out the default [homes] share, and add a comment about
3053 "valid users = %s" to show users how to restrict access to
3054 \\server\username to only username.
3055 - debian/samba-common.config:
3056 + Do not change priority to high if dhclient3 is installed.
3057 - Add apport hook:
3058 + Created debian/source_samba.py.
3059 + debian/rules, debian/samba-common-bin.install: install hook.
3060 - d/control, d/rules: Disable glusterfs support because it's not in main.
3061 MIR bug is https://launchpad.net/bugs/1274247
3062 * Dropped:
3063 - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
3064 errors (LP: 1795772)
3065 [Fixed upstream]
3066
3067 -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200
3068
1614samba (2:4.9.2+dfsg-2) unstable; urgency=high3069samba (2:4.9.2+dfsg-2) unstable; urgency=high
16153070
1616 * New upstream security release3071 * New upstream security release
@@ -1720,6 +3175,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium
17203175
1721 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +02003176 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200
17223177
3178samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium
3179
3180 * No-change rebuild against libldb1 1.4.2
3181
3182 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000
3183
3184samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high
3185
3186 [ Karl Stenerud ]
3187 * d/p/fix-rmdir.patch: Fix to make the samba client library report
3188 directory-not-empty errors (LP: #1795772)
3189
3190 -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300
3191
3192samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
3193
3194 * Merge with Debian unstable (LP: #1778125). Remaining changes:
3195 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3196 - debian/smb.conf;
3197 + Add "(Samba, Ubuntu)" to server string.
3198 + Comment out the default [homes] share, and add a comment about
3199 "valid users = %s" to show users how to restrict access to
3200 \\server\username to only username.
3201 - debian/samba-common.config:
3202 + Do not change priority to high if dhclient3 is installed.
3203 - Add apport hook:
3204 + Created debian/source_samba.py.
3205 + debian/rules, debian/samba-common-bin.install: install hook.
3206 - d/control, d/rules: Disable glusterfs support because it's not in main.
3207 MIR bug is https://launchpad.net/bugs/1274247
3208 * Drop:
3209 - Add extra DEP8 tests to samba (LP #1696823):
3210 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3211 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3212 anonymously
3213 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3214 shares using an authenticated connection
3215 + d/t/control, d/t/smbclient-share-access: create a share and download a
3216 file from it
3217 [Accepted by Debian in 2:4.7.4+dfsg-2]
3218 - d/samba-common.dhcp: If systemctl is available, use it to query the
3219 status of the smbd service before trying to reload it. Otherwise,
3220 keep the same check as before and reload the service based on the
3221 existence of the initscript. (LP #1579597)
3222 [In Debian since 2:4.7.4+dfsg-2]
3223 - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
3224 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
3225 Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
3226 [Fixed upstream]
3227
3228 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300
3229
1723samba (2:4.8.4+dfsg-2) unstable; urgency=high3230samba (2:4.8.4+dfsg-2) unstable; urgency=high
17243231
1725 * Fix typo in previous release: s/usefull/useful/3232 * Fix typo in previous release: s/usefull/useful/
@@ -1877,6 +3384,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
18773384
1878 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +01003385 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100
18793386
3387samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
3388
3389 * No change rebuild to link with new ldb 1.3.3
3390
3391 -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300
3392
3393samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
3394
3395 * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
3396 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
3397 Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
3398
3399 -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300
3400
3401samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
3402
3403 * New upstream version:
3404 - Fix database corruption bug when upgrading from samba 4.6 or lower
3405 AD controllers (LP: #1755057)
3406 - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
3407 * Remaining changes:
3408 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3409 - debian/smb.conf;
3410 + Add "(Samba, Ubuntu)" to server string.
3411 + Comment out the default [homes] share, and add a comment about
3412 "valid users = %s" to show users how to restrict access to
3413 \\server\username to only username.
3414 - debian/samba-common.config:
3415 + Do not change priority to high if dhclient3 is installed.
3416 - Add apport hook:
3417 + Created debian/source_samba.py.
3418 + debian/rules, debian/samba-common-bin.install: install hook.
3419 - Add extra DEP8 tests to samba (LP #1696823):
3420 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3421 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3422 anonymously
3423 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3424 shares using an authenticated connection
3425 + d/t/control, d/t/smbclient-share-access: create a share and download a
3426 file from it
3427 - d/samba-common.dhcp: If systemctl is available, use it to query the
3428 status of the smbd service before trying to reload it. Otherwise,
3429 keep the same check as before and reload the service based on the
3430 existence of the initscript. (LP #1579597)
3431 - d/control, d/rules: Disable glusterfs support because it's not in main.
3432 MIR bug is https://launchpad.net/bugs/1274247
3433
3434 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300
3435
1880samba (2:4.7.4+dfsg-2) unstable; urgency=high3436samba (2:4.7.4+dfsg-2) unstable; urgency=high
18813437
1882 [ Mathieu Parent ]3438 [ Mathieu Parent ]
@@ -1907,6 +3463,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
19073463
1908 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +01003464 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100
19093465
3466samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
3467
3468 * Merge with Debian unstable (LP: #1744779). Remaining changes:
3469 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3470 - debian/smb.conf;
3471 + Add "(Samba, Ubuntu)" to server string.
3472 + Comment out the default [homes] share, and add a comment about
3473 "valid users = %s" to show users how to restrict access to
3474 \\server\username to only username.
3475 - debian/samba-common.config:
3476 + Do not change priority to high if dhclient3 is installed.
3477 - Add apport hook:
3478 + Created debian/source_samba.py.
3479 + debian/rules, debian/samba-common-bin.install: install hook.
3480 - Add extra DEP8 tests to samba (LP #1696823):
3481 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3482 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3483 anonymously
3484 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3485 shares using an authenticated connection
3486 + d/t/control, d/t/smbclient-share-access: create a share and download a
3487 file from it
3488 - d/samba-common.dhcp: If systemctl is available, use it to query the
3489 status of the smbd service before trying to reload it. Otherwise,
3490 keep the same check as before and reload the service based on the
3491 existence of the initscript. (LP #1579597)
3492 - d/control, d/rules: Disable glusterfs support because it's not in main.
3493 MIR bug is https://launchpad.net/bugs/1274247
3494
3495 -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200
3496
1910samba (2:4.7.4+dfsg-1) unstable; urgency=medium3497samba (2:4.7.4+dfsg-1) unstable; urgency=medium
19113498
1912 * New upstream version3499 * New upstream version
@@ -1923,6 +3510,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
19233510
1924 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +01003511 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100
19253512
3513samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
3514
3515 * Merge with Debian; remaining changes:
3516 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3517 - debian/smb.conf;
3518 + Add "(Samba, Ubuntu)" to server string.
3519 + Comment out the default [homes] share, and add a comment about
3520 "valid users = %s" to show users how to restrict access to
3521 \\server\username to only username.
3522 - debian/samba-common.config:
3523 + Do not change priority to high if dhclient3 is installed.
3524 - Add apport hook:
3525 + Created debian/source_samba.py.
3526 + debian/rules, debian/samba-common-bin.install: install hook.
3527 - Add extra DEP8 tests to samba (LP #1696823):
3528 + d/t/control: enable the new DEP8 tests
3529 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3530 + d/t/smbclient-authenticated-share-list: list available shares using
3531 an authenticated connection
3532 + d/t/smbclient-share-access: create a share and download a file from it
3533 + d/t/cifs-share-access: access a file in a share using cifs
3534 - Ask the user if we can run testparm against the config file. If yes,
3535 include its stderr and exit status in the bug report. Otherwise, only
3536 include the exit status. (LP #1694334)
3537 - If systemctl is available, use it to query the status of the smbd
3538 service before trying to reload it. Otherwise, keep the same check
3539 as before and reload the service based on the existence of the
3540 initscript. (LP #1579597)
3541 - d/rules: Compile winbindd/winbindd statically.
3542 - Disable glusterfs support because it's not in main.
3543 MIR bug is https://launchpad.net/bugs/1274247
3544 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3545 mountpoints and correctly filter by the cifs filesystem type.
3546
3547 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500
3548
1926samba (2:4.7.3+dfsg-1) unstable; urgency=high3549samba (2:4.7.3+dfsg-1) unstable; urgency=high
19273550
1928 * New upstream version3551 * New upstream version
@@ -1946,6 +3569,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
19463569
1947 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +01003570 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100
19483571
3572samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
3573
3574 * Merge with Debian; remaining changes:
3575 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3576 - debian/smb.conf;
3577 + Add "(Samba, Ubuntu)" to server string.
3578 + Comment out the default [homes] share, and add a comment about
3579 "valid users = %s" to show users how to restrict access to
3580 \\server\username to only username.
3581 - debian/samba-common.config:
3582 + Do not change priority to high if dhclient3 is installed.
3583 - Add apport hook:
3584 + Created debian/source_samba.py.
3585 + debian/rules, debian/samba-common-bin.install: install hook.
3586 - Add extra DEP8 tests to samba (LP #1696823):
3587 + d/t/control: enable the new DEP8 tests
3588 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3589 + d/t/smbclient-authenticated-share-list: list available shares using
3590 an authenticated connection
3591 + d/t/smbclient-share-access: create a share and download a file from it
3592 + d/t/cifs-share-access: access a file in a share using cifs
3593 - Ask the user if we can run testparm against the config file. If yes,
3594 include its stderr and exit status in the bug report. Otherwise, only
3595 include the exit status. (LP #1694334)
3596 - If systemctl is available, use it to query the status of the smbd
3597 service before trying to reload it. Otherwise, keep the same check
3598 as before and reload the service based on the existence of the
3599 initscript. (LP #1579597)
3600 - d/rules: Compile winbindd/winbindd statically.
3601 - Disable glusterfs support because it's not in main.
3602 MIR bug is https://launchpad.net/bugs/1274247
3603 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3604 mountpoints and correctly filter by the cifs filesystem type.
3605
3606 -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100
3607
1949samba (2:4.7.1+dfsg-1) unstable; urgency=medium3608samba (2:4.7.1+dfsg-1) unstable; urgency=medium
19503609
1951 * New upstream version3610 * New upstream version
@@ -1994,6 +3653,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
19943653
1995 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +02003654 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200
19963655
3656samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
3657
3658 * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
3659 they should
3660 - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
3661 into a specified one in source3/include/auth_info.h,
3662 source3/lib/popt_common.c, source3/lib/util_cmdline.c.
3663 - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
3664 source3/lib/util_cmdline.c.
3665 - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
3666 source3/libsmb/pylibsmb.c.
3667 - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
3668 libgpo/gpo_fetch.c.
3669 - debian/patches/CVE-2017-12150-5.patch: add check for
3670 NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
3671 - debian/patches/CVE-2017-12150-6.patch: add
3672 smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
3673 - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
3674 authentication was not requested in source3/libsmb/clidfs.c.
3675 - CVE-2017-12150
3676 * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
3677 redirects
3678 - debian/patches/CVE-2017-12151-1.patch: add
3679 cli_state_is_encryption_on() helper function to
3680 source3/libsmb/clientgen.c, source3/libsmb/proto.h.
3681 - debian/patches/CVE-2017-12151-2.patch: make use of
3682 cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
3683 source3/libsmb/libsmb_context.c.
3684 - CVE-2017-12151
3685 * SECURITY UPDATE: Server memory information leak over SMB1
3686 - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
3687 from writing server memory to file in source3/smbd/reply.c.
3688 - CVE-2017-12163
3689
3690 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400
3691
3692samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
3693
3694 * d/source_samba.py: use the new recommended findmnt(8) tool to list
3695 mountpoints and correctly filter by the cifs filesystem type.
3696 (LP: #1703604)
3697
3698 -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300
3699
3700samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
3701
3702 * Merge with Debian unstable (LP: #1710281).
3703 - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
3704 symlinks to directories (LP: #1701073)
3705 * Remaining changes:
3706 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3707 - debian/smb.conf;
3708 + Add "(Samba, Ubuntu)" to server string.
3709 + Comment out the default [homes] share, and add a comment about
3710 "valid users = %s" to show users how to restrict access to
3711 \\server\username to only username.
3712 - debian/samba-common.config:
3713 + Do not change priority to high if dhclient3 is installed.
3714 - Add apport hook:
3715 + Created debian/source_samba.py.
3716 + debian/rules, debian/samba-common-bin.install: install hook.
3717 - Add extra DEP8 tests to samba (LP #1696823):
3718 + d/t/control: enable the new DEP8 tests
3719 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3720 + d/t/smbclient-authenticated-share-list: list available shares using
3721 an authenticated connection
3722 + d/t/smbclient-share-access: create a share and download a file from it
3723 + d/t/cifs-share-access: access a file in a share using cifs
3724 - Ask the user if we can run testparm against the config file. If yes,
3725 include its stderr and exit status in the bug report. Otherwise, only
3726 include the exit status. (LP #1694334)
3727 - If systemctl is available, use it to query the status of the smbd
3728 service before trying to reload it. Otherwise, keep the same check
3729 as before and reload the service based on the existence of the
3730 initscript. (LP #1579597)
3731 - d/rules: Compile winbindd/winbindd statically.
3732 - Disable glusterfs support because it's not in main.
3733 MIR bug is https://launchpad.net/bugs/1274247
3734
3735 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300
3736
1997samba (2:4.6.7+dfsg-1) unstable; urgency=medium3737samba (2:4.6.7+dfsg-1) unstable; urgency=medium
19983738
1999 * New upstream version3739 * New upstream version
@@ -2005,6 +3745,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
20053745
2006 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +02003746 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200
20073747
3748samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
3749
3750 * Merge with Debian unstable (LP: #1700644). Remaining changes:
3751 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3752 - debian/smb.conf;
3753 + Add "(Samba, Ubuntu)" to server string.
3754 + Comment out the default [homes] share, and add a comment about
3755 "valid users = %s" to show users how to restrict access to
3756 \\server\username to only username.
3757 - debian/samba-common.config:
3758 + Do not change priority to high if dhclient3 is installed.
3759 - Add apport hook:
3760 + Created debian/source_samba.py.
3761 + debian/rules, debian/samba-common-bin.install: install hook.
3762 - Add extra DEP8 tests to samba (LP #1696823):
3763 + d/t/control: enable the new DEP8 tests
3764 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3765 + d/t/smbclient-authenticated-share-list: list available shares using
3766 an authenticated connection
3767 + d/t/smbclient-share-access: create a share and download a file from it
3768 + d/t/cifs-share-access: access a file in a share using cifs
3769 - Ask the user if we can run testparm against the config file. If yes,
3770 include its stderr and exit status in the bug report. Otherwise, only
3771 include the exit status. (LP #1694334)
3772 - If systemctl is available, use it to query the status of the smbd
3773 service before trying to reload it. Otherwise, keep the same check
3774 as before and reload the service based on the existence of the
3775 initscript. (LP #1579597)
3776 * Drop:
3777 - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
3778 [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
3779 fix-1584485.patch was dropped there.]
3780 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3781 pam_winbind krb5_ccache_type=FILE failure
3782 [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
3783 in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
3784 - debian/patches/winbind_trusted_domains.patch: make sure domain
3785 members can talk to trusted domains DCs.
3786 [Upstream committed a different fix, see updated patch attached to
3787 https://bugzilla.samba.org/show_bug.cgi?id=11830]
3788 - d/control: add libcephfs-dev as b-d to build vfs_ceph
3789 [Adopted by Debian in 2:4.6.5+dfsg-1]
3790 - debian/patches/CVE-2017-11103.patch: use encrypted service
3791 name rather than unencrypted (and therefore spoofable) version
3792 in heimdal
3793 [Adopted by Debian as
3794 d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
3795 - Cherrypick upstream patch to fix FTBFS with new ceph lib.
3796 [Merged upstream in 4.6.0rc1]
3797 * Disable glusterfs support because it's not in main.
3798 MIR bug is https://launchpad.net/bugs/1274247
3799
3800 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300
3801
2008samba (2:4.6.5+dfsg-8) unstable; urgency=medium3802samba (2:4.6.5+dfsg-8) unstable; urgency=medium
20093803
2010 * Remove dependency on update-inetd, not used anymore3804 * Remove dependency on update-inetd, not used anymore
@@ -2124,6 +3918,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
21243918
2125 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +02003919 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200
21263920
3921samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
3922
3923 * Cherrypick upstream patch to fix FTBFS with new ceph lib.
3924
3925 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100
3926
3927samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
3928
3929 * SECURITY UPDATE: KDC-REP service name impersonation
3930 - debian/patches/CVE-2017-11103.patch: use encrypted service
3931 name rather than unencrypted (and therefore spoofable) version
3932 in heimdal
3933 - CVE-2017-11103
3934
3935 -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700
3936
3937samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
3938
3939 * No-change rebuild against libldb 1.1.29
3940
3941 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700
3942
3943samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
3944
3945 * Add extra DEP8 tests to samba (LP: #1696823):
3946 - d/t/control: enable the new DEP8 tests
3947 - d/t/smbclient-anonymous-share-list: list available shares anonymously
3948 - d/t/smbclient-authenticated-share-list: list available shares using
3949 an authenticated connection
3950 - d/t/smbclient-share-access: create a share and download a file from it
3951 - d/t/cifs-share-access: access a file in a share using cifs
3952 * Ask the user if we can run testparm against the config file. If yes,
3953 include its stderr and exit status in the bug report. Otherwise, only
3954 include the exit status. (LP: #1694334)
3955 * If systemctl is available, use it to query the status of the smbd
3956 service before trying to reload it. Otherwise, keep the same check
3957 as before and reload the service based on the existence of the
3958 initscript. (LP: #1579597)
3959 * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
3960 module. There is a fixed version of that patch attached to
3961 #1677329 but it has not been vetted yet, so for now it's best
3962 to revert (again) so that pam_winbind can be used.
3963 (LP: #1677329, LP: #1644428)
3964
3965 -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700
3966
3967samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
3968
3969 * Merge from Debian unstable. Remaining changes:
3970 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3971 - debian/smb.conf;
3972 + Add "(Samba, Ubuntu)" to server string.
3973 + Comment out the default [homes] share, and add a comment about
3974 "valid users = %s" to show users how to restrict access to
3975 \\server\username to only username.
3976 - debian/samba-common.config:
3977 + Do not change priority to high if dhclient3 is installed.
3978 - Add apport hook:
3979 + Created debian/source_samba.py.
3980 + debian/rules, debian/samba-common-bin.install: install hook.
3981 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3982 pam_winbind krb5_ccache_type=FILE failure
3983 - debian/patches/winbind_trusted_domains.patch: make sure domain
3984 members can talk to trusted domains DCs.
3985 - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
3986 to be statically linked
3987 - d/rules: Compile winbindd/winbindd statically.
3988 - d/control: add libcephfs-dev as b-d to build vfs_ceph
3989
3990 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400
3991
2127samba (2:4.5.8+dfsg-2) unstable; urgency=high3992samba (2:4.5.8+dfsg-2) unstable; urgency=high
21283993
2129 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside3994 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -2138,6 +4003,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
21384003
2139 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +02004004 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200
21404005
4006samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
4007
4008 * SECURITY UPDATE: remote code execution from a writable share
4009 - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
4010 slash inside in source3/rpc_server/srv_pipe.c.
4011 - CVE-2017-7494
4012
4013 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400
4014
4015samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
4016
4017 * SECURITY UPDATE: Symlink race allows access outside share definition
4018 - Updated to new upstream release 4.5.8.
4019 - CVE-2017-2619
4020
4021 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400
4022
2141samba (2:4.5.6+dfsg-2) unstable; urgency=high4023samba (2:4.5.6+dfsg-2) unstable; urgency=high
21424024
2143 * This is a security release in order to address the following defects:4025 * This is a security release in order to address the following defects:
@@ -2167,6 +4049,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
21674049
2168 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +01004050 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100
21694051
4052samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
4053
4054 * d/control: add libcephfs-dev as b-d to build vfs_ceph
4055 (LP: #1668940).
4056
4057 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800
4058
4059samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
4060
4061 * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
4062 changes:
4063 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4064 + debian/smb.conf;
4065 - Add "(Samba, Ubuntu)" to server string.
4066 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4067 to show users how to restrict access to \\server\username to only username.
4068 + debian/samba-common.config:
4069 - Do not change prioritiy to high if dhclient3 is installed.
4070 + Add apport hook:
4071 - Created debian/source_samba.py.
4072 - debian/rules, debia/samb-common-bin.install: install hook.
4073 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4074 pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
4075 + debian/patches/winbind_trusted_domains.patch: make sure domain members
4076 can talk to trusted domains DCs.
4077 [ update patch based upon upstream discussion ]
4078 + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
4079 to be statically linked fixes LP #1584485.
4080 + d/rules: Compile winbindd/winbindd statically.
4081 * Drop:
4082 - Delete debian/.gitignore
4083 [ Previously undocumented ]
4084 - debian/patches/git_smbclient_cpu.patch:
4085 + backport upstream patch to fix smbclient users hanging/eating cpu on
4086 trying to contact a machine which is not there (lp #1572260)
4087 [ Fixed upstream ]
4088 - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
4089 + debian/patches/CVE-2016-2123.patch: check lengths in
4090 librpc/ndr/ndr_dnsp.c.
4091 + CVE-2016-2123
4092 [ Fixed in Debian ]
4093 - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
4094 + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
4095 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
4096 source4/auth/gensec/gensec_gssapi.c.
4097 + CVE-2016-2125
4098 [ Fixed in Debian ]
4099 - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
4100 + debian/patches/CVE-2016-2126.patch: only allow known checksum types
4101 in auth/kerberos/kerberos_pac.c.
4102 + CVE-2016-2126
4103 [ Fixed in Debian ]
4104
4105 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800
4106
2170samba (2:4.5.4+dfsg-1) unstable; urgency=medium4107samba (2:4.5.4+dfsg-1) unstable; urgency=medium
21714108
2172 [ Mathieu Parent ]4109 [ Mathieu Parent ]
@@ -2294,6 +4231,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
22944231
2295 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +02004232 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200
22964233
4234samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
4235
4236 * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
4237 - debian/patches/CVE-2016-2123.patch: check lengths in
4238 librpc/ndr/ndr_dnsp.c.
4239 - CVE-2016-2123
4240 * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
4241 - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
4242 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
4243 source4/auth/gensec/gensec_gssapi.c.
4244 - CVE-2016-2125
4245 * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
4246 - debian/patches/CVE-2016-2126.patch: only allow known checksum types
4247 in auth/kerberos/kerberos_pac.c.
4248 - CVE-2016-2126
4249
4250 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500
4251
4252samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
4253
4254 * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
4255 to be statically linked fixes LP: #1584485.
4256
4257 * d/rules: Compile winbindd/winbindd statically.
4258
4259 -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100
4260
4261samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
4262
4263 * No-change rebuild for readline soname change.
4264
4265 -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000
4266
4267samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
4268
4269 * No-change rebuild for readline soname change.
4270
4271 -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000
4272
4273samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
4274
4275 * debian/patches/git_smbclient_cpu.patch:
4276 - backport upstream patch to fix smbclient users hanging/eating cpu on
4277 trying to contact a machine which is not there (lp: #1572260)
4278
4279 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200
4280
4281samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
4282
4283 * Merge from Debian unstable. Remaining changes:
4284 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4285 + debian/smb.conf;
4286 - Add "(Samba, Ubuntu)" to server string.
4287 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4288 to show users how to restrict access to \\server\username to only username.
4289 + debian/samba-common.config:
4290 - Do not change prioritiy to high if dhclient3 is installed.
4291 + Add apport hook:
4292 - Created debian/source_samba.py.
4293 - debian/rules, debia/samb-common-bin.install: install hook.
4294 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4295 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4296 + debian/patches/winbind_trusted_domains.patch: make sure domain members
4297 can talk to trusted domains DCs.
4298 * Dropped changes:
4299 - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
4300 never done in Debian, revert.
4301 - ufw integration: included in Debian.
4302
4303 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700
4304
2297samba (2:4.4.5+dfsg-2) unstable; urgency=medium4305samba (2:4.4.5+dfsg-2) unstable; urgency=medium
22984306
2299 * Disable running of 'make quicktest' during build, as it takes very4307 * Disable running of 'make quicktest' during build, as it takes very
@@ -2421,6 +4429,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
24214429
2422 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +12004430 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200
24234431
4432samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
4433
4434 * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
4435 the previous security updates. (LP: #1577739)
4436 - debian/control: bump tevent Build-Depends to 0.9.28.
4437 * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
4438 - debian/patches/samba-bug11912.patch: let msrpc_parse() return
4439 talloc'ed empty strings in libcli/auth/msrpc_parse.c.
4440 - debian/patches/samba-bug11914.patch: make
4441 ntlm_auth_generate_session_info() more complete in
4442 source3/utils/ntlm_auth.c.
4443
4444 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400
4445
2424samba (2:4.3.8+dfsg-1) unstable; urgency=low4446samba (2:4.3.8+dfsg-1) unstable; urgency=low
24254447
2426 [ Jelmer Vernooij ]4448 [ Jelmer Vernooij ]
@@ -2435,6 +4457,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
24354457
2436 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +00004458 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000
24374459
4460samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
4461
4462 * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
4463 - CVE-2015-5370: Multiple errors in DCE-RPC code
4464 - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
4465 - CVE-2016-2111: NETLOGON Spoofing Vulnerability
4466 - CVE-2016-2112: The LDAP client and server don't enforce integrity
4467 protection
4468 - CVE-2016-2113: Missing TLS certificate validation allows man in the
4469 middle attacks
4470 - CVE-2016-2114: "server signing = mandatory" not enforced
4471 - CVE-2016-2115: SMB client connections for IPC traffic are not
4472 integrity protected
4473 - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
4474 * debian/patches/winbind_trusted_domains.patch: make sure domain members
4475 can talk to trusted domains DCs.
4476
4477 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400
4478
2438samba (2:4.3.7+dfsg-1) unstable; urgency=high4479samba (2:4.3.7+dfsg-1) unstable; urgency=high
24394480
2440 * New upstream release.4481 * New upstream release.
@@ -2477,6 +4518,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
24774518
2478 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +02004519 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200
24794520
4521samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
4522
4523 * Merge with Debian; remaining changes:
4524 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4525 + debian/smb.conf;
4526 - Add "(Samba, Ubuntu)" to server string.
4527 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4528 to show users how to restrict access to \\server\username to only username.
4529 + debian/samba-common.config:
4530 - Do not change prioritiy to high if dhclient3 is installed.
4531 + debian/control:
4532 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4533 + Add ufw integration:
4534 - Created debian/samba.ufw.profile:
4535 - debian/rules, debian/samba.install: install profile
4536 + Add apport hook:
4537 - Created debian/source_samba.py.
4538 - debian/rules, debia/samb-common-bin.install: install hook.
4539 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4540 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4541
4542 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500
4543
2480samba (2:4.3.6+dfsg-1) unstable; urgency=medium4544samba (2:4.3.6+dfsg-1) unstable; urgency=medium
24814545
2482 * New upstream release.4546 * New upstream release.
@@ -2522,6 +4586,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
25224586
2523 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +01004587 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100
25244588
4589samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
4590
4591 * No-change rebuild for gnutls transition.
4592
4593 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000
4594
4595samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
4596
4597 * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
4598 (LP: #1545750)
4599
4600 -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100
4601
4602samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
4603
4604 * Merge with Debian; remaining changes:
4605 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4606 + debian/smb.conf;
4607 - Add "(Samba, Ubuntu)" to server string.
4608 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4609 to show users how to restrict access to \\server\username to only username.
4610 + debian/samba-common.config:
4611 - Do not change prioritiy to high if dhclient3 is installed.
4612 + debian/control:
4613 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4614 + Add ufw integration:
4615 - Created debian/samba.ufw.profile:
4616 - debian/rules, debian/samba.install: install profile
4617 + Add apport hook:
4618 - Created debian/source_samba.py.
4619 - debian/rules, debia/samb-common-bin.install: install hook.
4620 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4621 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4622
4623 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500
4624
2525samba (2:4.3.3+dfsg-1) unstable; urgency=medium4625samba (2:4.3.3+dfsg-1) unstable; urgency=medium
25264626
2527 * New upstream release. Closes: #808133.4627 * New upstream release. Closes: #808133.
@@ -2606,6 +4706,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
26064706
2607 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +00004707 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000
26084708
4709samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
4710
4711 * Resolve small merge error in the rules
4712
4713 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100
4714
4715samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
4716
4717 * Backport Debian change to remove libpam-smbpasswd, it segfaults
4718 leading to non working session (lp: #1515207)
4719
4720 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100
4721
4722samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
4723
4724 * Build with the new ldb
4725
4726 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100
4727
4728samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
4729
4730 * debian/samba.logrotate:
4731 - revert to Debian version of the logrotate reload command, fix an
4732 invalid syntax introduced in the upstart->systemd transition
4733 (lp: #1385868)
4734
4735 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100
4736
4737samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
4738
4739 * Merge with Debian; remaining changes:
4740 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4741 + debian/smb.conf;
4742 - Add "(Samba, Ubuntu)" to server string.
4743 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4744 to show users how to restrict access to \\server\username to only username.
4745 + debian/samba-common.config:
4746 - Do not change prioritiy to high if dhclient3 is installed.
4747 + debian/control:
4748 - Don't build against or suggest ctdb and tdb.
4749 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4750 + debian/rules:
4751 - Drop explicit configuration options for ctdb and tdb.
4752 + Add ufw integration:
4753 - Created debian/samba.ufw.profile:
4754 - debian/rules, debian/samba.install: install profile
4755 + Add apport hook:
4756 - Created debian/source_samba.py.
4757 - debian/rules, debia/samb-common-bin.install: install hook.
4758 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4759 processes such that it works under both upstart and systemd.
4760 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4761 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4762 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4763
4764 -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200
4765
2609samba (2:4.1.20+dfsg-1) unstable; urgency=medium4766samba (2:4.1.20+dfsg-1) unstable; urgency=medium
26104767
2611 * New upstream release (last compatible with current OpenChange).4768 * New upstream release (last compatible with current OpenChange).
@@ -2619,6 +4776,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
26194776
2620 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +00004777 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000
26214778
4779samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
4780
4781 * debian/control:
4782 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4783
4784 -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200
4785
4786samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
4787
4788 * Merge from Debian unstable. Remaining changes:
4789 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4790 + debian/smb.conf;
4791 - Add "(Samba, Ubuntu)" to server string.
4792 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4793 to show users how to restrict access to \\server\username to only username.
4794 + debian/samba-common.config:
4795 - Do not change prioritiy to high if dhclient3 is installed.
4796 + debian/control:
4797 - Don't build against or suggest ctdb and tdb.
4798 + debian/rules:
4799 - Drop explicit configuration options for ctdb and tdb.
4800 + Add ufw integration:
4801 - Created debian/samba.ufw.profile:
4802 - debian/rules, debian/samba.install: install profile
4803 + Add apport hook:
4804 - Created debian/source_samba.py.
4805 - debian/rules, debia/samb-common-bin.install: install hook.
4806 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4807 processes such that it works under both upstart and systemd.
4808 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4809 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4810 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4811 + debian/patches/git_timeout_client_error.patch:
4812 - don't let smb mounts timeout that leads to errors when trying to
4813 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
4814
4815 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200
4816
2622samba (2:4.1.17+dfsg-4) unstable; urgency=medium4817samba (2:4.1.17+dfsg-4) unstable; urgency=medium
26234818
2624 * Add pidl_reproducible.patch: Make pidl output reproducible.4819 * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -2655,6 +4850,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
26554850
2656 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +01004851 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100
26574852
4853samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
4854
4855 * debian/patches/git_timeout_client_error.patch:
4856 - don't let smb mounts timeout that leads to errors when trying to
4857 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
4858
4859 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200
4860
4861samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
4862
4863 * SECURITY UPDATE: code execution vulnerability in smbd daemon
4864 - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
4865 uninitialized pointer and don't dereference a NULL pointer in
4866 source3/rpc_server/netlogon/srv_netlog_nt.c.
4867 - CVE-2015-0240
4868
4869 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500
4870
4871samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
4872
4873 * Merge from Debian unstable. Remaining changes:
4874 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4875 + debian/smb.conf;
4876 - Add "(Samba, Ubuntu)" to server string.
4877 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4878 to show users how to restrict access to \\server\username to only username.
4879 + debian/samba-common.config:
4880 - Do not change prioritiy to high if dhclient3 is installed.
4881 + debian/control:
4882 - Don't build against or suggest ctdb and tdb.
4883 + debian/rules:
4884 - Drop explicit configuration options for ctdb and tdb.
4885 + Add ufw integration:
4886 - Created debian/samba.ufw.profile:
4887 - debian/rules, debian/samba.install: install profile
4888 + Add apport hook:
4889 - Created debian/source_samba.py.
4890 - debian/rules, debia/samb-common-bin.install: install hook.
4891 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
4892 processes such that it works under both upstart and systemd.
4893 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4894 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4895 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4896 + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
4897
4898 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100
4899
2658samba (2:4.1.13+dfsg-4) unstable; urgency=medium4900samba (2:4.1.13+dfsg-4) unstable; urgency=medium
26594901
2660 * Revert previous patch, since ldb has an active module version check.4902 * Revert previous patch, since ldb has an active module version check.
@@ -2697,6 +4939,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
26974939
2698 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +02004940 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200
26994941
4942samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
4943
4944 * SECURITY UPDATE: elevation of privilege to AD Domain Controller
4945 - debian/patches/CVE-2014-8143.patch: check for extended access rights
4946 before allowing changes to userAccountControl in
4947 librpc/idl/security.idl, source4/auth/session.c,
4948 source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
4949 source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
4950 source4/rpc_server/lsa/dcesrv_lsa.c,
4951 source4/setup/schema_samba4.ldif.
4952 - CVE-2014-8143
4953
4954 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500
4955
4956samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
4957
4958 * No-change rebuild against current ldb. Note that I'm not claiming the
4959 merging for this package.
4960
4961 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100
4962
4963samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
4964
4965 * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4966 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4967
4968 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500
4969
4970samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
4971
4972 * Merge from Debian unstable. Remaining changes:
4973 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4974 + debian/smb.conf;
4975 - Add "(Samba, Ubuntu)" to server string.
4976 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4977 to show users how to restrict access to \\server\username to only username.
4978 + debian/samba-common.config:
4979 - Do not change prioritiy to high if dhclient3 is installed.
4980 + debian/control:
4981 - Don't build against or suggest ctdb and tdb.
4982 + debian/rules:
4983 - Drop explicit configuration options for ctdb and tdb.
4984 + Add ufw integration:
4985 - Created debian/samba.ufw.profile:
4986 - debian/rules, debian/samba.install: install profile
4987 + Add apport hook:
4988 - Created debian/source_samba.py.
4989 - debian/rules, debia/samb-common-bin.install: install hook.
4990 + debian/samba.logrotate: call upstart interfaces unconditionally instead
4991 of hacking arround with pid files.
4992 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
4993 first dummy transitional package version.
4994 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
4995
4996 * In logrotate, use service command to reload (send SIGHUP) the main
4997 processes such that it works under both upstart and systemd.
4998 * Drop CVE patches, applied upstream.
4999 * Drop patches absent from series: readline-ftbfs.patch,
5000 krb5_kt_start_seq.diff, config-bind99.patch
5001 * Drop debian/source/include-binaries, pyc files are correctly cleaned up
5002
5003 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100
5004
2700samba (2:4.1.11+dfsg-1) unstable; urgency=high5005samba (2:4.1.11+dfsg-1) unstable; urgency=high
27015006
2702 * New upstream release. Fixes:5007 * New upstream release. Fixes:
@@ -2732,6 +5037,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
27325037
2733 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +02005038 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200
27345039
5040samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
5041
5042 * SECURITY UPDATE: remote code execution on unauthenticated nmbd
5043 - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
5044 lib/util/string_wrappers.h.
5045 - CVE-2014-3560
5046
5047 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400
5048
5049samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
5050
5051 * SECURITY UPDATE: denial of service on nmbd malformed packet
5052 - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
5053 source3/lib/system.c.
5054 - CVE-2014-0244
5055 * SECURITY UPDATE: denial of service via bad unicode conversion
5056 - debian/patches/CVE-2014-3493.patch: refactor code in
5057 source3/lib/charcnv.c, change return code checks in
5058 source3/libsmb/clirap.c, source3/smbd/lanman.c.
5059 - CVE-2014-3493
5060
5061 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400
5062
5063samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
5064
5065 * Merge from Debian unstable. Remaining changes:
5066 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5067 + debian/smb.conf;
5068 - Add "(Samba, Ubuntu)" to server string.
5069 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5070 to show users how to restrict access to \\server\username to only username.
5071 + debian/samba-common.config:
5072 - Do not change prioritiy to high if dhclient3 is installed.
5073 + debian/control:
5074 - Don't build against or suggest ctdb and tdb.
5075 + debian/rules:
5076 - Drop explicit configuration options for ctdb and tdb.
5077 + Add ufw integration:
5078 - Created debian/samba.ufw.profile:
5079 - debian/rules, debian/samba.install: install profile
5080 + Add apport hook:
5081 - Created debian/source_samba.py.
5082 - debian/rules, debia/samb-common-bin.install: install hook.
5083 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5084 of hacking arround with pid files.
5085 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5086 first dummy transitional package version.
5087 + Dropped patches:
5088 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
5089 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
5090 - debian/patches/readline-ftbfs.patch: Use the debian version.
5091 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5092 (LP: #1268180)
5093
5094 -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400
5095
2735samba (2:4.1.8+dfsg-1) unstable; urgency=medium5096samba (2:4.1.8+dfsg-1) unstable; urgency=medium
27365097
2737 [ Jelmer Vernooij ]5098 [ Jelmer Vernooij ]
@@ -2769,6 +5130,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
27695130
2770 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +02005131 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200
27715132
5133samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
5134
5135 * Set the stack size to unlimited during the build to avoid a SIGBUS in
5136 xsltproc on some architectures.
5137
5138 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100
5139
5140samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
5141
5142 * Backport from unstable (Ivo De Decker):
5143 - Build-depend on heimdal-dev.
5144
5145 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100
5146
5147samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
5148
5149 * No change rebuild against new dh_installinit, to call update-rc.d at
5150 postinst.
5151
5152 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100
5153
5154samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
5155
5156 * cherrypick upstream patch 1310919 to fix pam_winbind regression
5157 (LP: #1310919)
5158
5159 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500
5160
5161samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
5162
5163 * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
5164 upgrade.
5165
5166 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700
5167
5168samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
5169
5170 * Merge from Debian unstable. Remaining changes:
5171 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5172 + debian/smb.conf;
5173 - Add "(Samba, Ubuntu)" to server string.
5174 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5175 to show users how to restrict access to \\server\username to only username.
5176 + debian/samba-common.config:
5177 - Do not change prioritiy to high if dhclient3 is installed.
5178 + debian/control:
5179 - Don't build against or suggest ctdb and tdb.
5180 + debian/rules:
5181 - Drop explicit configuration options for ctdb and tdb.
5182 + Add ufw integration:
5183 - Created debian/samba.ufw.profile:
5184 - debian/rules, debian/samba.install: install profile
5185 + Add apport hook:
5186 - Created debian/source_samba.py.
5187 - debian/rules, debia/samb-common-bin.install: install hook.
5188 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5189 of hacking arround with pid files.
5190 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5191 first dummy transitional package version.
5192 + Dropped patches:
5193 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
5194 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
5195 - debian/patches/readline-ftbfs.patch: Use the debian version.
5196 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5197 (LP: #1268180)
5198
5199 -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400
5200
2772samba (2:4.1.6+dfsg-1) unstable; urgency=high5201samba (2:4.1.6+dfsg-1) unstable; urgency=high
27735202
2774 * New upstream security release. Fixes:5203 * New upstream security release. Fixes:
@@ -2828,6 +5257,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
28285257
2829 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +01005258 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100
28305259
5260samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
5261
5262 * debian/smb.conf: comment back some of the "share definitions"
5263 options (including "valid users"). That was an Ubuntu diff and seems to
5264 have been dropped in the trusty merge. Those changes seem needed to
5265 get the usershare feature working (used by nautilus-share) (lp: #1261873)
5266
5267 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200
5268
5269samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
5270
5271 * SECURITY UPDATE: Password lockout not enforced for SAMR password
5272 changes
5273 - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
5274 source3/auth/check_samsec.c,
5275 source3/rpc_server/samr/srv_samr_chgpasswd.c,
5276 source3/rpc_server/samr/srv_samr_nt.c,
5277 source3/smbd/lanman.c,
5278 source4/rpc_server/samr/samr_password.c,
5279 source4/torture/rpc/samr.c.
5280 - CVE-2013-4496
5281 * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
5282 mistake
5283 - debian/patches/CVE-2013-6442.patch: handle existing ACL in
5284 source3/utils/smbcacls.c.
5285 - CVE-2013-6442
5286 * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
5287
5288 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400
5289
5290samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
5291
5292 * Depend on tdb-tools (LP: #1279593)
5293 * Updated generated config for Bind9.9.
5294
5295 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500
5296
5297samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
5298
5299 * Add missing python-ntdb dependency to python-samba (spotted by
5300 autopkgtest).
5301
5302 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100
5303
5304samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
5305
5306 * Merge from Debian Unstable:
5307 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5308 * debian/smb.conf;
5309 - Add "(Samba, Ubuntu)" to server string.
5310 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5311 to show users how to restrict access to \\server\username to only username.
5312 + debian/samba-common.config:
5313 - Do not change prioritiy to high if dhclient3 is installed.
5314 + debian/control:
5315 - Don't build against or suggest ctdb and tdb.
5316 + debian/rules:
5317 - Drop explicit configuration options for ctdb and tdb.
5318 + Add ufw integration:
5319 - Created debian/samba.ufw.profile:
5320 - debian/rules, debian/samba.install: install profile
5321 + Add apport hook:
5322 - Created debian/source_samba.py.
5323 - debian/rules, debia/samb-common-bin.install: install hook.
5324 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5325 of hacking arround with pid files.
5326 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5327 first dummy transitional package version.
5328
5329 -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500
5330
2831samba (2:4.1.3+dfsg-2) unstable; urgency=medium5331samba (2:4.1.3+dfsg-2) unstable; urgency=medium
28325332
2833 * Add debug symbols for all binaries to samba-dbg. Closes: #7324935333 * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -2870,6 +5370,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
28705370
2871 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -08005371 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800
28725372
5373samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
5374
5375 * Merge from Debian Unstable:
5376 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5377 * debian/smb.conf;
5378 - Add "(Samba, Ubuntu)" to server string.
5379 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5380 to show users how to restrict access to \\server\username to only username.
5381 + debian/samba-common.config:
5382 - Do not change prioritiy to high if dhclient3 is installed.
5383 + debian/control:
5384 - Don't build against or suggest ctdb and tdb.
5385 + debian/rules:
5386 - Drop explicit configuration options for ctdb and tdb.
5387 + Add ufw integration:
5388 - Created debian/samba.ufw.profile:
5389 - debian/rules, debian/samba.install: install profile
5390 + Add apport hook:
5391 - Created debian/source_samba.py.
5392 - debian/rules, debia/samb-common-bin.install: install hook.
5393 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5394 of hacking arround with pid files.
5395 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5396 first dummy transitional package version.
5397
5398 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500
5399
2873samba (2:4.0.13+dfsg-1) unstable; urgency=high5400samba (2:4.0.13+dfsg-1) unstable; urgency=high
28745401
2875 [ Steve Langasek ]5402 [ Steve Langasek ]
@@ -2924,6 +5451,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
29245451
2925 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +01005452 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100
29265453
5454samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
5455
5456 * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
5457
5458 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000
5459
5460samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
5461
5462 * Merge from Debian Unstable:
5463 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5464 * debian/smb.conf;
5465 - Add "(Samba, Ubuntu)" to server string.
5466 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5467 to show users how to restrict access to \\server\username to only username.
5468 + debian/samba-common.config:
5469 - Do not change prioritiy to high if dhclient3 is installed.
5470 + debian/control:
5471 - Don't build against or suggest ctdb and tdb.
5472 + debian/rules:
5473 - Drop explicit configuration options for ctdb and tdb.
5474 + Add ufw integration:
5475 - Created debian/samba.ufw.profile:
5476 - debian/rules, debian/samba.install: install profile
5477 + Add apport hook:
5478 - Created debian/source_samba.py.
5479 - debian/rules, debia/samb-common-bin.install: install hook.
5480 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5481 of hacking arround with pid files.
5482
5483 -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800
5484
2927samba (2:4.0.10+dfsg-4) unstable; urgency=low5485samba (2:4.0.10+dfsg-4) unstable; urgency=low
29285486
2929 [ Christian Perrier ]5487 [ Christian Perrier ]
diff --git a/debian/control b/debian/control
index 480a7bb..3671d97 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: samba1Source: samba
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Jelmer Vernooij <jelmer@debian.org>,7 Jelmer Vernooij <jelmer@debian.org>,
7 Mathieu Parent <sathieu@debian.org>,8 Mathieu Parent <sathieu@debian.org>,
@@ -35,7 +36,7 @@ Build-Depends-Arch:
35 libblkid-dev,36 libblkid-dev,
36 libbsd-dev,37 libbsd-dev,
37 libcap-dev [linux-any],38 libcap-dev [linux-any],
38 libcephfs-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x],39 libcephfs-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x],
39 libcmocka-dev (>= 1.1.3),40 libcmocka-dev (>= 1.1.3),
40 libcups2-dev,41 libcups2-dev,
41 libdbus-1-dev,42 libdbus-1-dev,
@@ -53,12 +54,12 @@ Build-Depends-Arch:
53 libparse-yapp-perl,54 libparse-yapp-perl,
54 libpcap-dev [hurd-i386 kfreebsd-any],55 libpcap-dev [hurd-i386 kfreebsd-any],
55 libpopt-dev,56 libpopt-dev,
56 librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x],57 librados-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el s390x],
57 libreadline-dev,58 libreadline-dev,
58 libsystemd-dev [linux-any],59 libsystemd-dev [linux-any],
59 libtasn1-6-dev (>= 3.8),60 libtasn1-6-dev (>= 3.8),
60 libtasn1-bin,61 libtasn1-bin,
61 liburing-dev [linux-any] <!pkg.samba.nouring>,62 liburing-dev [!i386] <!pkg.samba.nouring>,
62 xfslibs-dev [linux-any],63 xfslibs-dev [linux-any],
63 zlib1g-dev (>= 1:1.2.3),64 zlib1g-dev (>= 1:1.2.3),
64# python (+#904999):65# python (+#904999):
@@ -395,8 +396,9 @@ Depends: samba-common (= ${source:Version}),
395Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5>396Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5>
396Suggests: libnss-winbind, libpam-winbind397Suggests: libnss-winbind, libpam-winbind
397# 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind398# 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind
398Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),399# In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663
399Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),400Breaks: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
401Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
400Description: service to resolve user and group information from Windows NT servers402Description: service to resolve user and group information from Windows NT servers
401 Samba is an implementation of the SMB/CIFS protocol for Unix systems,403 Samba is an implementation of the SMB/CIFS protocol for Unix systems,
402 providing support for cross-platform file sharing with Microsoft Windows, OS X,404 providing support for cross-platform file sharing with Microsoft Windows, OS X,
diff --git a/debian/rules b/debian/rules
index f9fd816..adfc3cf 100755
--- a/debian/rules
+++ b/debian/rules
@@ -81,7 +81,7 @@ config-args = \
8181
82ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features82ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features
83with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes)83with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes)
84with-ceph = $(if $(filter amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes)84with-ceph = $(if $(filter amd64 arm64 armel armhf mips64el mipsel ppc64el s390x, ${DEB_HOST_ARCH}),yes)
85with-snapper = yes85with-snapper = yes
8686
87config-args += \87config-args += \
diff --git a/debian/tests/control b/debian/tests/control
index d27e025..b37632e 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable
28Tests: reinstall-samba-common-bin28Tests: reinstall-samba-common-bin
29Depends: samba-common, samba-common-bin29Depends: samba-common, samba-common-bin
30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr
31
32Tests: samba-ad-dc-provisioning-internal-dns
33Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools
34Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed
diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns
31new file mode 10075535new file mode 100755
index 0000000..f61fa5e
--- /dev/null
+++ b/debian/tests/samba-ad-dc-provisioning-internal-dns
@@ -0,0 +1,398 @@
1#!/bin/bash
2
3set -e
4set -o pipefail
5
6source debian/tests/util
7
8declare -r domain="EXAMPLE"
9declare -r realm="EXAMPLE.FAKE"
10declare -r adminpass="Passw0rd"
11declare -r test_user="test_user_${RANDOM}"
12declare -r test_pw="test_user_secret_${RANDOM}"
13declare -A user_pass
14user_pass[Administrator]="${adminpass}"
15user_pass[${test_user}]="${test_pw}"
16declare -A join_method_deps
17# Minimum set of deps: let realmd install the extra dependencies
18# as needed, depending on the join method.
19join_method_deps[realmd_sssd]="realmd krb5-user smbclient"
20join_method_deps[realmd_winbind]="realmd krb5-user smbclient"
21
22
23cleanup() {
24 rc=$?
25 set +e # so we don't exit midcleanup
26 if [ ${rc} -ne 0 ]; then
27 echo "## Something failed, gathering logs"
28 echo
29 echo "## smb.conf"
30 cat /etc/samba/smb.conf
31 echo
32 echo "## resolv.conf"
33 cat /etc/resolv.conf
34 echo
35 echo "## resolvectl status"
36 resolvectl status
37 echo "## journal for samba-ad-dc.service"
38 journalctl -u samba-ad-dc.service --lines 500
39 echo
40 for log in /var/log/samba/log.*; do
41 # skip compressed logrotated files
42 if [ "${log%.gz}" != "${log}" ]; then
43 continue
44 fi
45 [ -s "${log}" ] || continue
46 echo "## $(basename ${log}):"
47 tail -n 500 "${log}"
48 echo
49 done
50 echo "## syslog"
51 tail -n 500 /var/log/syslog
52 fi
53}
54
55trap cleanup EXIT
56
57assert_testparm() {
58 local parameter="${1}"
59 local expected_value="${2}"
60 local current_value=""
61 local -i retval=0
62
63 echo -n "Asserting ${parameter} is ${expected_value}: "
64 current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || {
65 retval=$?
66 echo "FAIL"
67 return ${retval}
68 }
69 if [ "${current_value}" = "${expected_value}" ]; then
70 echo "OK"
71 return 0
72 else
73 echo "FAIL"
74 return 1
75 fi
76}
77
78basic_config_tests() {
79 echo "## Basic config tests"
80 testparm -s > /dev/null
81 assert_testparm "realm" "${realm}"
82 assert_testparm "workgroup" "${domain}"
83 assert_testparm "server role" "active directory domain controller"
84 echo
85}
86
87dns_tests() {
88 echo "## DNS tests"
89 echo "Obtaining administrator kerberos ticket"
90 echo "${adminpass}" | timeout --verbose 30 kinit Administrator
91 echo
92 echo "Querying server info"
93 samba-tool dns serverinfo "$(hostname)"
94 echo
95 echo "Checking we got a service ticket of type host/"
96 klist | grep "host/$(hostname)"
97 echo
98 echo "Checking specific DNS records"
99 for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do
100 echo -n "${srv}.${realm,,}: "
101 dig @localhost +short -t SRV ${srv}.${realm,,}
102 echo
103 done
104 echo
105 echo -n "Checking that our hostname \"$(hostname)\" is in DNS: "
106 myip=$(dig @localhost +short -t A "$(hostname).${realm,,}")
107 echo "${myip}"
108 echo
109}
110
111user_creation_tests() {
112 echo "## User creation tests"
113 samba-tool domain passwordsettings set --complexity=off
114 echo "Creating user \"${test_user}\" with password ${test_pw}"
115 samba-tool user add "${test_user}" "${test_pw}"
116 echo
117 echo "Attempting to obtain kerberos ticket for user \"${test_user}\""
118 # just in case it ends up waiting at a prompt, we use "timeout"
119 echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
120 echo "Ticket obtained"
121 klist
122 echo
123}
124
125smbclient_tests() {
126 echo "## smbclient tests"
127 kdestroy || :
128 echo
129 echo "Obtaining a TGT for ${test_user}"
130 echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
131 klist | grep krbtgt
132 echo
133 echo "Attempting password-less authentication with smbclient"
134 echo
135 echo "Listing shares"
136 smbclient -L "$(hostname)" --use-kerberos=required -k
137 echo
138 echo "Listing the sysvol share"
139 smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls"
140 echo
141 echo "Listing policies"
142 # lowercase the ${realm}
143 smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*"
144 echo
145 echo "Checking that we have a ticket for the cifs service after all these commands"
146 klist | grep cifs/
147 echo
148}
149
150server_join_tests() {
151 local member_server
152 # the join methods are the keys of the join_method_deps dict
153 local -a methods=("${!join_method_deps[@]}")
154 local member_server="member-server"
155
156 echo "## Server join tests"
157 echo "## Initializing lxd"
158 setup_lxd "${realm,,}"
159
160 for method in "${methods[@]}"; do
161 echo "## Setting up member server to join a domain using method ${method}"
162 setup_member_server "${member_server}" "${method}"
163 echo "## Joining domain with method ${method}"
164 join_domain "${member_server}" "${method}"
165 echo
166 echo "## Verifying join with method ${method}"
167 verify_join "${member_server}" "${method}"
168 echo
169 echo "## Leaving domain with method ${method}"
170 leave_domain "${member_server}" "${method}"
171 echo
172 echo "## Destroying member server"
173 lxc delete --force "${member_server}"
174 done
175}
176
177setup_member_server() {
178 local container_name="${1}"
179 local method="${2}"
180 local release
181
182 release="$(lsb_release -cs)"
183 if [ -z "${join_method_deps[${method}]}" ]; then
184 echo "## INTERNAL ERROR, invalid join method: ${method}"
185 return 1
186 fi
187 echo "## Got test dependencies: ${join_method_deps[${method}]}"
188 # can't use cloud-init here to install packages, because we first need to
189 # sync the apt config from the host to the container
190 echo "## Launching ${release} container"
191 lxc launch "ubuntu-daily:${release}" "${container_name}" -q
192 wait_container_ready "${container_name}"
193 send_apt_config "${container_name}"
194 copy_local_apt_files "${container_name}"
195 echo "## Installing dependencies in test container"
196 install_packages_in_container "${container_name}" ${join_method_deps[${method}]}
197}
198
199join_domain_realmd_winbind() {
200 local server="${1}"
201 local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}"
202 local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}"
203
204 echo "## Domain information"
205 lxc exec "${server}" -- ${discover_cmd}
206 echo
207 echo "## Running join command: ${join_cmd}"
208 echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
209}
210
211verify_join_realmd_winbind() {
212 local server="${1}"
213 local member_domain
214
215 echo -n "## Verifying member server joined domain name: "
216 member_domain=$(lxc exec "${server}" -- wbinfo --own-domain)
217 echo "${member_domain}"
218 if [ "${member_domain}" != "${domain}" ]; then
219 echo "ERROR: expected member server domain to match the joined domain:"
220 echo "member server domain: ${member_domain}"
221 echo "AD domain: ${domain}"
222 return 1
223 fi
224 echo
225 # we just want to see the output, not parse it
226 echo "## Domain status in member server"
227 lxc exec "${server}" -- wbinfo --domain-info "${member_domain}"
228 echo
229 echo "## User status in member server"
230 for u in "${!user_pass[@]}"; do
231 echo "## User \"${u}@${realm}\" information:"
232 lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}"
233 echo
234 echo "## id ${u}@${realm}"
235 lxc exec "${server}" -- id ${u}@${realm}
236 echo
237 echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
238 echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
239 lxc exec "${server}" -- klist
240 echo
241 echo "## Listing shares with the obtained kerberos ticket"
242 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
243 lxc exec "${server}" -- kdestroy
244 echo
245 echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server"
246 # non-interactive format for username is user%password
247 lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}"
248 echo
249 echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server"
250 lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}"
251 echo
252 echo "## Listing shares with the obtained kerberos ticket"
253 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
254 lxc exec "${server}" -- kdestroy
255 done
256}
257
258leave_domain_realmd_winbind() {
259 local server="${1}"
260 local leave_cmd="realm leave -v --remove --client-software=winbind"
261
262 echo "## Running leave command: ${leave_cmd}"
263 echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
264}
265
266join_domain_realmd_sssd() {
267 local server="${1}"
268 local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}"
269 local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}"
270
271 echo "## Domain information"
272 lxc exec "${server}" -- ${discover_cmd}
273 echo
274 echo "## Running join command: ${join_cmd}"
275 echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
276 echo
277}
278
279verify_join_realmd_sssd() {
280 local server="${1}"
281 local samba_domain
282
283 echo -n "## Verifying member server joined domain name: "
284 samba_domain=$(lxc exec "${server}" -- sssctl domain-list)
285 echo "${samba_domain}"
286 if [ "${samba_domain}" != "${realm,,}" ]; then
287 echo "ERROR: expected member server domain to match the joined domain:"
288 echo "member server domain: ${samba_domain}"
289 echo "AD domain: ${realm,,}"
290 return 1
291 fi
292 echo
293 # we just want to see the output, not parse it
294 echo "## Domain status in member server"
295 lxc exec "${server}" -- sssctl domain-status "${realm}"
296 echo
297 echo "## User status in member server"
298 for u in "${!user_pass[@]}"; do
299 echo "## User \"${u}@${realm}\" information:"
300 lxc exec "${server}" -- sssctl user-checks "${u}@${realm}"
301 echo
302 echo "## id ${u}@${realm}"
303 lxc exec "${server}" -- id "${u}@${realm}"
304 echo
305 echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
306 echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
307 lxc exec "${server}" -- klist
308 echo
309 echo "## Listing shares with the obtained kerberos ticket"
310 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
311 lxc exec "${server}" -- kdestroy
312 done
313}
314
315leave_domain_realmd_sssd() {
316 local server="${1}"
317 local leave_cmd="realm leave -v --remove --client-software=sssd"
318
319 echo "## Running leave command: ${leave_cmd}"
320 echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
321}
322
323join_domain() {
324 local server="${1}"
325 local m="${2}"
326
327 join_domain_${m} "${server}"
328}
329
330verify_join() {
331 local server="${1}"
332 local m="${2}"
333
334 verify_join_${m} "${server}"
335}
336
337leave_domain() {
338 local server="${1}"
339 local m="${2}"
340
341 leave_domain_${m} "${server}"
342}
343
344systemctl stop smbd nmbd winbind
345systemctl disable smbd nmbd winbind
346systemctl mask smbd nmbd winbind
347
348systemctl unmask samba-ad-dc
349systemctl enable samba-ad-dc
350
351if [ -f /etc/samba/smb.conf ]; then
352 mv /etc/samba/smb.conf{,.orig}
353fi
354
355# make sure we are starting fresh, as previous tests might left things around
356
357rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/*
358kdestroy || :
359
360samba-tool domain provision \
361 --domain="${domain}" \
362 --realm="${realm}" \
363 --adminpass="${adminpass}" \
364 --server-role=dc \
365 --use-rfc2307 \
366 --dns-backend=SAMBA_INTERNAL
367
368current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}')
369
370if [ -n "${current_dns}" ]; then
371 echo "## Setting dns forwarder to ${current_dns} in smb.conf"
372 sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \
373 /etc/samba/smb.conf
374 unlink /etc/resolv.conf
375 echo "nameserver 127.0.0.1" > /etc/resolv.conf
376 # lowercase substitution
377 echo "search ${realm,,}" >> /etc/resolv.conf
378 systemctl stop systemd-resolved
379 systemctl disable systemd-resolved
380else
381 echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf"
382 echo "## resolvectl status:"
383 resolvectl status
384 echo "## Continuing, and hoping for the best"
385fi
386
387cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf
388
389systemctl start samba-ad-dc
390
391# give it some time, it's a lot of services to start
392sleep 5s
393
394basic_config_tests
395dns_tests
396user_creation_tests
397smbclient_tests
398server_join_tests
diff --git a/debian/tests/util b/debian/tests/util
index 4278ee7..298b321 100644
--- a/debian/tests/util
+++ b/debian/tests/util
@@ -16,7 +16,7 @@ EOFEOF
16 if [ -n "${vfs}" ]; then16 if [ -n "${vfs}" ]; then
17 echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf17 echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf
18 fi18 fi
19 systemctl restart smbd.service19 systemctl reload smbd.service
20 else20 else
21 echo "Share [${share}] already exists, continuing"21 echo "Share [${share}] already exists, continuing"
22 fi22 fi
@@ -66,3 +66,113 @@ ensure_uring_available() {
66 exit 7766 exit 77
67 fi67 fi
68}68}
69
70wait_container_ready() {
71 local container="${1}"
72 local -i limit=120 # seconds
73 local -i i=0
74 local -i result=0
75 local ip
76 local output
77
78 while /bin/true; do
79 ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}')
80 if [ -n "${ip}" ]; then
81 break
82 fi
83 i=$((i+1))
84 if [ ${i} -ge ${limit} ]; then
85 return 1
86 fi
87 sleep 1s
88 echo -n "."
89 done
90 while ! nc -z "${ip}" 22; do
91 echo -n "."
92 i=$((i+1))
93 if [ ${i} -ge ${limit} ]; then
94 return 1
95 fi
96 sleep 1s
97 done
98 # cloud-init might still be doing things...
99 # this call blocks, so wrap it in its own little timeout
100 output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || {
101 result=$?
102 echo "cloud-init status --wait failed on container ${container}"
103 echo "${output}"
104 return ${result}
105 }
106 echo
107}
108
109install_lxd() {
110 if ! command -v lxd > /dev/null 2>&1; then
111 # the test depends has "lxd | snapd", so if we don't have lxd, we must
112 # install the snap
113 snap list lxd > /dev/null 2>&1 || {
114 echo "Installing the LXD snap..."
115 snap install lxd
116 }
117 fi
118}
119
120setup_lxd() {
121 local dns_domain="${1}"
122 local network
123 local nic
124 local dns_ip
125
126 install_lxd
127 # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53
128 systemctl stop samba-ad-dc
129 lxd init --auto
130 lxd waitready --timeout 600
131 network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED")
132 nic=$(echo "${network}" | awk '{print $1}')
133 dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr
134 # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS
135 lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})"
136 if [ -n "${http_proxy}" ]; then
137 lxc config set core.proxy_http "${http_proxy}"
138 fi
139 if [ -n "${https_proxy}" ]; then
140 lxc config set core.proxy_https "${https_proxy}"
141 fi
142 if [ -n "${noproxy}" ]; then
143 lxc config set core.proxy_ignore_hosts "${noproxy}"
144 fi
145 systemctl start samba-ad-dc
146 # give it some time, it's a lot of services to start
147 sleep 5s
148}
149
150# Copy the local apt package archive over to the lxd container.
151copy_local_apt_files() {
152 local container_name="${1:-docker}"
153
154 for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do
155 local_source=${local_source#file:}
156 local_dir=$(dirname "${local_source}")
157 lxc exec "${container_name}" -- mkdir -p "${local_dir}"
158 tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}"
159 done
160}
161
162send_apt_config() {
163 echo "Copying over /etc/apt to container ${1}"
164 lxc exec "${1}" -- rm -rf /etc/apt
165 lxc exec "${1}" -- mkdir -p /etc/apt
166 tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt
167}
168
169install_packages_in_container() {
170 local container="${1}"
171 shift
172 local packages="${*}"
173
174 echo "### Installing dependencies in member server container: ${packages}"
175 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q
176 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y
177 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages}
178}

Subscribers

People subscribed via source and target branches