Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:noble-samba-merge-1 into ubuntu/+source/samba:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. noble-samba-merge-1
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 2c0ef4f6a5f92297b8854ff9eecd2b086113dc3c
Merge reported by: git-ubuntu bot
Merged at revision: 2c0ef4f6a5f92297b8854ff9eecd2b086113dc3c
Proposed branch: ~ahasenack/ubuntu/+source/samba:noble-samba-merge-1
Merge into: ubuntu/+source/samba:debian/sid
Diff against target: 3610 lines (+3180/-8)
7 files modified
debian/changelog (+2622/-0)
debian/control (+30/-4)
debian/rules (+11/-3)
debian/samba-vfs-modules-extra.install (+4/-0)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+111/-1)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server Reporter Pending
Review via email: mp+458713@code.launchpad.net

Description of the change

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-merge

Samba merge from debian. Dropped some i386 compatbility changes that debian incorporated by their decision to not ship/build ceph and gluster in 32bit architectures.

The extra dep on python3-markdown was submitted to debian via [3].

Noteworthy in this branch is the split of samba-vfs-modules into samba-vfs-modules and samba-vfs-modules-extra, due to the gluster upcoming demotion to universe.

The gluster fuse module doesn't strictly need to go into universe, and thus samba-vfs-modules-extra, but I felt it would be more confusing if it didn't. I can revert that and move only the actual gluster module that pulls in the gluster dependencies.

Also noteworthy is that the gluster libraries are not available in 32bit architectures (i386 and armhf in ubuntu's case), which means that right now samba-vfs-modules-extra won't exist in 32bit architectures, otherwise it would be an empty package. I *think* the *fuse* gluster module can also not be used in 32bit architectures, because it still requires a gluster mount. But debian still ships[1] it in armhf, for example.

This packaging change will require a change to do-release-upgrade to install samba-vfs-modules-extra in release upgrades to noble, if samba-vfs-modules is installed. That is upcoming, and is a task of the glusterfs demotion bug[2].

1. https://packages.debian.org/sid/armhf/samba-vfs-modules/filelist
2. https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2045063
3. https://salsa.debian.org/samba-team/samba/-/merge_requests/62

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Andreas.

Package builds fine and dep8 tests are OK (although not all architectures have been tested). range-diff seems OK.

I'm impressed by the amount of changes under the debian/ directory. There have been quite a few changes to the maintainer scripts, which makes me a bit anxious. The fact that we have comprehensive tests for the package helps a lot.

I spent some time going through the changes under debian/ and couldn't find anything else to comment. Therefore: LGTM, +1.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded:

Uploading samba_4.19.4+dfsg-2ubuntu1.dsc
Uploading samba_4.19.4+dfsg-2ubuntu1.debian.tar.xz
Uploading samba_4.19.4+dfsg-2ubuntu1_source.buildinfo
Uploading samba_4.19.4+dfsg-2ubuntu1_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 1af5f13..bb64924 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,35 @@
1samba (2:4.19.4+dfsg-2ubuntu1) noble; urgency=medium
2
3 * Merge with Debian unstable (LP: #2040363). Remaining changes:
4 - debian/control: Ubuntu i386 binary compatibility:
5 + enable the liburing vfs module, except on i386 where liburing is
6 not available
7 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
8 samba AD DC provisioning and domain join tests with internal DNS
9 (LP #1977746, LP #2011745)
10 - d/control: adjust breaks/replaces for file move that Debian did in
11 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
12 file conflict in a dist-upgrade from earlier Ubuntu releases, like
13 Kinetic (LP #2024663)
14 * Dropped:
15 - d/rules: ceph is not available in Ubuntu i386, disable it
16 [In 2:4.19.1+dfsg-1]
17 - debian/control: Ubuntu i386 binary compatibility:
18 + drop ceph support
19 [In 2:4.19.1+dfsg-1]
20 * Added:
21 - d/control: python3-samba has a runtime dep on python3-markdown
22 - glusterfs is no longer in main, create new binary package in
23 universe to ship the samba glusterfs vfs modules and manpages
24 (LP: #2045063):
25 + d/control: new samba-vfs-modules-glusterfs package
26 + d/rules: glusterfs vfs modules and manpages are now in the
27 samba-vfs-modules-extra package
28 + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and
29 manpage
30
31 -- Andreas Hasenack <andreas@canonical.com> Mon, 15 Jan 2024 12:21:28 -0300
32
1samba (2:4.19.4+dfsg-2) unstable; urgency=medium33samba (2:4.19.4+dfsg-2) unstable; urgency=medium
234
3 * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@35 * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@
@@ -182,6 +214,71 @@ samba (2:4.19.0+dfsg-1) unstable; urgency=medium
182214
183 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 04 Sep 2023 22:57:48 +0300215 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 04 Sep 2023 22:57:48 +0300
184216
217samba (2:4.18.6+dfsg-1ubuntu2.2) noble; urgency=medium
218
219 * No-change rebuild for ICU soname change.
220
221 -- Matthias Klose <doko@ubuntu.com> Tue, 19 Dec 2023 18:41:25 +0100
222
223samba (2:4.18.6+dfsg-1ubuntu2.1) mantic-security; urgency=medium
224
225 * SECURITY UPDATE: SMB clients can truncate files with read-only
226 permissions
227 - debian/patches/CVE-2023-4091-*.patch
228 - CVE-2023-4091
229 * SECURITY UPDATE: Samba AD DC password exposure to privileged users and
230 RODCs
231 - debian/patches/CVE-2023-4154-*.patch
232 - CVE-2023-4154
233 * SECURITY UPDATE: rpcecho development server allows Denial of Service
234 via sleep() call on AD DC
235 - debian/patches/CVE-2023-42669-*.patch
236 - CVE-2023-42669
237 * SECURITY UPDATE: Samba AD DC Busy RPC multiple listener DoS
238 - debian/patches/CVE-2023-42670-*.patch
239 - CVE-2023-42670
240
241 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 10 Oct 2023 12:25:20 -0400
242
243samba (2:4.18.6+dfsg-1ubuntu2) mantic; urgency=medium
244
245 * No-change rebuild with glusterfs 10.3 (LP: #2035127)
246
247 -- Andreas Hasenack <andreas@canonical.com> Wed, 13 Sep 2023 09:57:01 -0300
248
249samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium
250
251 * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes:
252 - debian/control: Ubuntu i386 binary compatibility:
253 + drop ceph support
254 + enable the liburing vfs module, except on i386 where liburing is
255 not available
256 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
257 samba AD DC provisioning and domain join tests with internal DNS
258 (LP #1977746, LP #2011745)
259 * Dropped:
260 - build-depend on libglusterfs-dev only on !i386 arches
261 [In 2:4.18.5+dfsg-2]
262 - Add changes to fix uncaught exception when updating old password
263 containing regex metacharacters by simplifying samba-tool password
264 redaction (LP #2002949).
265 + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
266 + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
267 + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
268 + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
269 + d/p/python-Add-glue.burn_commandline-method.patch
270 + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
271 + d/p/python-Remove-const-from-PyList_AsStringList.patch
272 [Fixed upstream in 4.18.6]
273 * Added:
274 - d/control: adjust breaks/replaces for file move that Debian did in
275 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
276 file conflict in a dist-upgrade from earlier Ubuntu releases, like
277 Kinetic (LP: #2024663)
278 - d/rules: ceph is not available in Ubuntu i386, disable it
279
280 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Aug 2023 09:52:00 -0300
281
185samba (2:4.18.6+dfsg-1) unstable; urgency=medium282samba (2:4.18.6+dfsg-1) unstable; urgency=medium
186283
187 * new upstream stable/bugfix release:284 * new upstream stable/bugfix release:
@@ -242,6 +339,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium
242339
243 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300340 -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300
244341
342samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium
343
344 * Add changes to fix uncaught exception when updating old password
345 containing regex metacharacters by simplifying samba-tool password
346 redaction (LP: #2002949).
347 - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
348 - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
349 - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
350 - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
351 - d/p/python-Add-glue.burn_commandline-method.patch
352 - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
353 - d/p/python-Remove-const-from-PyList_AsStringList.patch
354
355 -- Michal Maloszewski <michal.maloszewski@canonical.com> Fri, 28 Jul 2023 00:55:03 +0200
356
357samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium
358
359 * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining
360 changes:
361 - debian/control: Ubuntu i386 binary compatibility:
362 + drop ceph support
363 + enable the liburing vfs module, except on i386 where liburing is
364 not available
365 + build-depend on libglusterfs-dev only on !i386 arches
366 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
367 samba AD DC provisioning and domain join tests with internal DNS
368 (LP #1977746, LP #2011745)
369 - d/t/util: reload instead of restarting samba, as it's quicker and
370 has the same effect we want in this test
371
372 -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jul 2023 10:15:22 -0300
373
245samba (2:4.18.5+dfsg-1) unstable; urgency=medium374samba (2:4.18.5+dfsg-1) unstable; urgency=medium
246375
247 * new upstream stable/security release 4.18.5, including:376 * new upstream stable/security release 4.18.5, including:
@@ -319,6 +448,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium
319448
320 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300449 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300
321450
451samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium
452
453 * Merge with Debian unstable (LP: #2018054). Remaining changes:
454 - debian/control: Ubuntu i386 binary compatibility:
455 + drop ceph support
456 + enable the liburing vfs module, except on i386 where liburing is
457 not available
458 + build-depend on libglusterfs-dev only on !i386 arches
459 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
460 samba AD DC provisioning and domain join tests with internal DNS
461 (LP #1977746, LP #2011745)
462 * Added changes:
463 - d/t/util: reload instead of restarting samba, as it's quicker and
464 has the same effect we want in this test
465
466 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Jun 2023 11:59:19 -0300
467
322samba (2:4.18.3+dfsg-3) unstable; urgency=medium468samba (2:4.18.3+dfsg-3) unstable; urgency=medium
323469
324 * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU,470 * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU,
@@ -477,6 +623,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium
477623
478 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300624 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300
479625
626samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium
627
628 * Merge with Debian unstable (LP: #2014052). Remaining changes:
629 - debian/control: Ubuntu i386 binary compatibility:
630 + drop ceph support
631 + enable the liburing vfs module, except on i386 where liburing is
632 not available
633 + build-depend on libglusterfs-dev only on !i386 arches
634 - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
635 samba AD DC provisioning and domain join tests with internal DNS
636 (LP #1977746, LP #2011745)
637
638 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Mar 2023 15:26:11 -0300
639
480samba (2:4.17.6+dfsg-1) unstable; urgency=medium640samba (2:4.17.6+dfsg-1) unstable; urgency=medium
481641
482 * new upstream stable/bugfix release 4.17.6:642 * new upstream stable/bugfix release 4.17.6:
@@ -504,6 +664,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium
504664
505 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300665 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300
506666
667samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium
668
669 * Add domain join tests (LP: #2011745):
670 - d/t/control: update dependencies for samba AD provisioning test,
671 which now also includes a member server join test
672 - d/t/util, d/t/samba-ad-dc-*: add member server join tests
673
674 -- Andreas Hasenack <andreas@canonical.com> Wed, 15 Mar 2023 20:49:56 -0300
675
676samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium
677
678 * d/t/samba-ad-dc-provisioning-internal-dns: test improvements
679 (LP: #2009485):
680 - increase kinit timeout, as it also does DNS lookups
681 - add a trap on exit to show logs in the case of some failure
682
683 -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Mar 2023 11:49:34 -0300
684
685samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium
686
687 * Merge with Debian unstable (LP: #2002181). Remaining changes:
688 - debian/control: Ubuntu i386 binary compatibility:
689 + drop ceph support
690 + enable the liburing vfs module, except on i386 where liburing is
691 not available
692 + build-depend on libglusterfs-dev only on !i386 arches
693 * Added:
694 - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD
695 DC provisioning test with internal DNS (LP: #1977746)
696
697 -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300
698
507samba (2:4.17.5+dfsg-2) unstable; urgency=medium699samba (2:4.17.5+dfsg-2) unstable; urgency=medium
508700
509 * d/control: samba: depends on exact version of python3-samba701 * d/control: samba: depends on exact version of python3-samba
@@ -656,6 +848,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium
656848
657 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300849 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300
658850
851samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium
852
853 * No-change rebuild with Python 3.11 as default
854
855 -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000
856
857samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium
858
859 * Merge with Debian unstable (LP: #1993380). Remaining changes:
860 - debian/control: Ubuntu i386 binary compatibility:
861 + drop ceph support
862 - d/control: enable the liburing vfs module, except on i386 where
863 liburing is not available
864 - d/control: build-depend on libglusterfs-dev only on !i386 arches
865 * Dropped:
866 - debian/smb.conf;
867 + Add "(Samba, Ubuntu)" to server string.
868 [In 2:4.16.6+dfsg-1]
869 + Comment out the default [homes] share, and add a comment about
870 "valid users = %s" to show users how to restrict access to
871 \\server\username to only username.
872 [In 2:4.16.6+dfsg-1]
873 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
874 Skip running the tests if on i386 platform, because the uring
875 package is not available there.
876 [In 2:4.16.6+dfsg-1, improved]
877 - d/t/util: fix setting the password of the smb test user
878 (LP #1955851)
879 [In 2:4.16.5+dfsg-2]
880 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
881 [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6]
882 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
883 enable the samba glusterfs vfs mofule in that case
884 [In 2:4.16.6+dfsg-1]
885
886 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300
887
659samba (2:4.17.3+dfsg-3) unstable; urgency=medium888samba (2:4.17.3+dfsg-3) unstable; urgency=medium
660889
661 * d/control: winbind should depend on the same binary:Version890 * d/control: winbind should depend on the same binary:Version
@@ -952,6 +1181,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium
9521181
953 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +03001182 -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300
9541183
1184samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
1185
1186 * Merge with Debian unstable. Remaining changes:
1187 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1188 - debian/smb.conf;
1189 + Add "(Samba, Ubuntu)" to server string.
1190 + Comment out the default [homes] share, and add a comment about
1191 "valid users = %s" to show users how to restrict access to
1192 \\server\username to only username.
1193 - debian/control: Ubuntu i386 binary compatibility:
1194 + drop ceph support
1195 - d/control: enable the liburing vfs module, except on i386 where
1196 liburing is not available
1197 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1198 Skip running the tests if on i386 platform, because the uring
1199 package is not available there.
1200 - d/t/util: fix setting the password of the smb test user
1201 (LP #1955851)
1202 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1203 enable the samba glusterfs vfs mofule in that case
1204 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1205
1206 -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300
1207
955samba (2:4.16.4+dfsg-2) unstable; urgency=medium1208samba (2:4.16.4+dfsg-2) unstable; urgency=medium
9561209
957 * d/libldb2.symbols: include newly added symbols1210 * d/libldb2.symbols: include newly added symbols
@@ -980,6 +1233,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high
9801233
981 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +03001234 -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300
9821235
1236samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium
1237
1238 * Merge with Debian unstable (LP: #1982116). Remaining changes:
1239 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1240 - debian/smb.conf;
1241 + Add "(Samba, Ubuntu)" to server string.
1242 + Comment out the default [homes] share, and add a comment about
1243 "valid users = %s" to show users how to restrict access to
1244 \\server\username to only username.
1245 - debian/control: Ubuntu i386 binary compatibility:
1246 + drop ceph support
1247 - d/control: enable the liburing vfs module, except on i386 where
1248 liburing is not available
1249 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1250 Skip running the tests if on i386 platform, because the uring
1251 package is not available there.
1252 - d/t/util: fix setting the password of the smb test user
1253 (LP #1955851)
1254 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1255 enable the samba glusterfs vfs mofule in that case
1256 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1257 * Dropped:
1258 - Update nfs scripts for new nfs.conf config (LP: #1961840):
1259 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1260 nfsconf(8) if it's available, instead of parsing the old config
1261 files in /etc/default/nfs-*
1262 [In 2:4.16.3+dfsg-1]
1263 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1264 used by the example enable-nfs.sh example script
1265 [In 2:4.16.3+dfsg-1]
1266 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
1267 used by the example enable-nfs.sh script
1268 [In 2:4.16.3+dfsg-1]
1269 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1270 obsolete, replaced by nfs.conf
1271 [In 2:4.16.3+dfsg-1]
1272 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1273 nfs.conf and other changes in the new nfs server packages
1274 [In 2:4.16.3+dfsg-1]
1275 - Fix abort when deleting a file and "fruit:resource = stream" is
1276 used. (LP #1977491)
1277 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1278 Add test that shows smbd crashing when deleting a file while using
1279 vfs_fruit with "fruit:resource = stream".
1280 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1281 Handle file deleting when "fruit:resource = stream" is used.
1282 [Fixed upstream]
1283 - Build dlz module for bind 9.18.x (LP #1964032)
1284 + d/p/add-support-for-bind-918.patch: build a dlz module for
1285 bind 9.18.x
1286 + d/p/add-support-for-bind-918-2.patch: also update the
1287 provisioning tool and template config file
1288 [Fixed upstream]
1289
1290 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300
1291
983samba (2:4.16.3+dfsg-1) unstable; urgency=medium1292samba (2:4.16.3+dfsg-1) unstable; urgency=medium
9841293
985 [ Michael Tokarev ]1294 [ Michael Tokarev ]
@@ -991,6 +1300,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium
9911300
992 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +03001301 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300
9931302
1303samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
1304
1305 * Merge with Debian unstable. Remaining changes:
1306 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1307 - debian/smb.conf;
1308 + Add "(Samba, Ubuntu)" to server string.
1309 + Comment out the default [homes] share, and add a comment about
1310 "valid users = %s" to show users how to restrict access to
1311 \\server\username to only username.
1312 - debian/control: Ubuntu i386 binary compatibility:
1313 + drop ceph support
1314 - d/control: enable the liburing vfs module, except on i386 where
1315 liburing is not available
1316 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1317 Skip running the tests if on i386 platform, because the uring
1318 package is not available there.
1319 - d/t/util: fix setting the password of the smb test user
1320 (LP #1955851)
1321 - Update nfs scripts for new nfs.conf config (LP #1961840):
1322 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1323 nfsconf(8) if it's available, instead of parsing the old config
1324 files in /etc/default/nfs-*
1325 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1326 used by the example enable-nfs.sh example script
1327 + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
1328 used by the example enable-nfs.sh script
1329 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1330 obsolete, replaced by nfs.conf
1331 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1332 nfs.conf and other changes in the new nfs server packages
1333 - Build dlz module for bind 9.18.x (LP #1964032)
1334 + d/p/add-support-for-bind-918.patch: build a dlz module for
1335 bind 9.18.x
1336 + d/p/add-support-for-bind-918-2.patch: also update the
1337 provisioning tool and template config file
1338 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1339 enable the samba glusterfs vfs mofule in that case
1340 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1341 - Fix abort when deleting a file and "fruit:resource = stream" is
1342 used. (LP #1977491)
1343 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1344 Add test that shows smbd crashing when deleting a file while using
1345 vfs_fruit with "fruit:resource = stream".
1346 + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1347 Handle file deleting when "fruit:resource = stream" is used.
1348
1349 -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300
1350
994samba (2:4.16.2+dfsg-1) unstable; urgency=medium1351samba (2:4.16.2+dfsg-1) unstable; urgency=medium
9951352
996 * new upstream minor/bugfix release.1353 * new upstream minor/bugfix release.
@@ -1012,6 +1369,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium
10121369
1013 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +03001370 -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300
10141371
1372samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
1373
1374 * Fix abort when deleting a file and "fruit:resource = stream" is
1375 used. (LP: #1977491)
1376 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
1377 Add test that shows smbd crashing when deleting a file while using
1378 vfs_fruit with "fruit:resource = stream".
1379 - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
1380 Handle file deleting when "fruit:resource = stream" is used.
1381
1382 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400
1383
1384samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium
1385
1386 * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining
1387 changes:
1388 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1389 - debian/smb.conf;
1390 + Add "(Samba, Ubuntu)" to server string.
1391 + Comment out the default [homes] share, and add a comment about
1392 "valid users = %s" to show users how to restrict access to
1393 \\server\username to only username.
1394 - debian/control: Ubuntu i386 binary compatibility:
1395 + drop ceph support
1396 - d/control: enable the liburing vfs module, except on i386 where
1397 liburing is not available
1398 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1399 Skip running the tests if on i386 platform, because the uring
1400 package is not available there.
1401 - d/t/util: fix setting the password of the smb test user
1402 (LP #1955851)
1403 - Update nfs scripts for new nfs.conf config (LP #1961840):
1404 + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1405 nfsconf(8) if it's available, instead of parsing the old config
1406 files in /etc/default/nfs-*
1407 + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
1408 used by the example enable-nfs.sh example script
1409 + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota
1410 config file to be used by the example enable-nfs.sh script
1411 + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
1412 obsolete, replaced by nfs.conf
1413 + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
1414 nfs.conf and other changes in the new nfs server packages
1415 - Build dlz module for bind 9.18.x (LP #1964032)
1416 + d/p/add-support-for-bind-918.patch: build a dlz module for
1417 bind 9.18.x
1418 + d/p/add-support-for-bind-918-2.patch: also update the
1419 provisioning tool and template config file
1420 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1421 enable the samba glusterfs vfs mofule in that case
1422 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1423 * Dropped:
1424 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1425 the amount of in-tree crypto code that is built
1426 [superfluous, the version in the archive is recent enough]
1427 - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195)
1428 [Included in 2:4.13.13+dfsg-1]
1429 - d/control: bump required build-depends
1430 [Included in Debian]
1431 - d/samba-libs.install: update list of installed libraries and
1432 modules/plugins
1433 [Done in Debian]
1434 - debian/patches/CVE-2021-20254.patch: removed, applied upstream
1435 [Applied upstream, Debian didn't have this patch]
1436 - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
1437 [Applied usptream, Debian did not have it]
1438 - d/{gpb.conf,watch,README.source}: update for 4.15
1439 [Debian updated it for 4.16]
1440 - d/rules: remove --with-dnsupdate, it was merged with
1441 --with-ads in samba 4.15.0
1442 [Included in 2:4.16.0+dfsg-1]
1443 - d/rules: drop removal of ctdb tests, they are no longer installed
1444 [Included in 2:4.16.0+dfsg-1]
1445 - Remove findsmb, no longer installed:
1446 + d/smbclient.install: remove findsmb
1447 + d/rules: drop fixing of findsmb shebang
1448 [Included in 2:4.16.0+dfsg-1]
1449 - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
1450 no longer installed
1451 [Included in 2:4.16.0+dfsg-1]
1452 - d/ctdb.install: add tdb_mutex_check
1453 [Included in 2:4.16.0+dfsg-1]
1454 - d/winbind.install: add async_dns_krb5_locator
1455 [Included in 2:4.16.0+dfsg-1]
1456 - d/samba.install: install samba-bgqd and its manpage
1457 [Included in 2:4.16.0+dfsg-1]
1458 - d/{libsmbclient,libwbclient0}.symbols: symbols updates
1459 [Obsolete, these were for 4.15.5]
1460 - d/rules: drop dh_perl override, unneeded
1461 [Included in 2:4.16.0+dfsg-1]
1462 - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
1463 Windows 2021-10 Monthly Rollup patch (LP #1951490)
1464 [Included upstream in 4.16.0rc2]
1465 - d/rules: install the new/changed ctdb example nfs files
1466 [Installed via ctdb.examples]
1467 * Added:
1468 - rename ctdb example files nfs.conf and quota, to match what the
1469 enable-nfs.sh script expects
1470 - enable-nfs.sh ctdb example: use debian's filename for the
1471 static port sysctl configuration
1472 - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was
1473 renamed to "cluster lock"
1474
1475 -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300
1476
1015samba (2:4.16.1+dfsg-8) unstable; urgency=medium1477samba (2:4.16.1+dfsg-8) unstable; urgency=medium
10161478
1017 * fix the Breaks/Replaces versions in the previous upload for moving1479 * fix the Breaks/Replaces versions in the previous upload for moving
@@ -1308,6 +1770,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium
13081770
1309 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +03001771 -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300
13101772
1773samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium
1774
1775 * No-change rebuild against libicu71
1776
1777 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000
1778
1779samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
1780
1781 * Enable glusterfs support (LP: #1894618):
1782 - d/control: revert disabling of glusterfs, since it's in main now
1783 - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
1784 enable the samba glusterfs vfs mofule in that case
1785 - d/control: build-depend on libglusterfs-dev only on !i386 arches
1786
1787 -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300
1788
1789samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium
1790
1791 * Build dlz module for bind 9.18.x (LP: #1964032)
1792 - d/p/add-support-for-bind-918.patch: build a dlz module for
1793 bind 9.18.x
1794 - d/samba-libs.install: remove fixme comment
1795 - d/p/add-support-for-bind-918-2.patch: also update the provisioning
1796 tool and template config file
1797
1798 -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300
1799
1800samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium
1801
1802 * Update nfs scripts for new nfs.conf config (LP: #1961840):
1803 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
1804 nfsconf(8) if it's available, instead of parsing the old config
1805 files in /etc/default/nfs-*
1806 - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
1807 enable-nfs.sh example script
1808 - d/ctdb.example.quota: quota config file to be used by the example
1809 enable-nfs.sh script
1810 - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
1811 nfs.conf
1812 - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
1813 changes in the new nfs server packages
1814 - d/rules: install the new/changed ctdb example nfs files
1815
1816 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300
1817
1818samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
1819
1820 * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
1821 Windows 2021-10 Monthly Rollup patch (LP: #1951490)
1822
1823 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300
1824
1825samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
1826
1827 * d/{gpb.conf,watch,README.source}: update for 4.15
1828 * New upstream release: 4.15.5 (LP: #1946839)
1829 * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
1830 * d/rules: remove --with-dnsupdate, it was merged with
1831 --with-ads in samba 4.15.0
1832 * d/control: bump required build-depends
1833 * d/rules: drop removal of ctdb tests, they are no longer installed
1834 * Remove findsmb, no longer installed:
1835 - d/smbclient.install: remove findsmb
1836 - d/rules: drop fixing of findsmb shebang
1837 * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
1838 no longer installed
1839 * d/samba-libs.install: update list of installed libraries and
1840 modules/plugins
1841 * d/ctdb.install: add tdb_mutex_check
1842 * d/winbind.install: add async_dns_krb5_locator
1843 * d/samba.install: install samba-bgqd and its manpage
1844 * d/{libsmbclient,libwbclient0}.symbols: symbols updates
1845 * d/control: add python3-markdown to build-depends
1846 * d/watch: updated to handle ~dfsg versioning, thanks to
1847 Sergio Durigan Junior <sergio.durigan@canonical.com>
1848
1849 -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300
1850
1851samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
1852
1853 * Update to 4.13.17 as a security update
1854 - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
1855 * Removed patches included in new version:
1856 - debian/patches/trusted_domain_regression_fix.patch
1857 - debian/patches/bug14901-*.patch
1858 - debian/patches/bug14922.patch
1859
1860 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500
1861
1311samba (2:4.13.14+dfsg-1) unstable; urgency=high1862samba (2:4.13.14+dfsg-1) unstable; urgency=high
13121863
1313 * New upstream security release in order to address the following defects:1864 * New upstream security release in order to address the following defects:
@@ -1334,6 +1885,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high
13341885
1335 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +01001886 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100
13361887
1888samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium
1889
1890 * No-change rebuild for icu soname change
1891
1892 -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600
1893
1894samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
1895
1896 * d/t/util: fix setting the password of the smb test user
1897 (LP: #1955851)
1898
1899 -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300
1900
1901samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium
1902
1903 * No-change rebuild with Python 3.10 as default version
1904
1905 -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000
1906
1907samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
1908
1909 * SECURITY REGRESSION: Kerberos authentication on standalone server in
1910 MIT realm broken
1911 - debian/patches/bug14922.patch: fix MIT Realm regression in
1912 source3/auth/user_krb5.c.
1913
1914 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500
1915
1916samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium
1917
1918 * Update to 4.13.14 as a security update (LP: #1950363)
1919 - debian/patches/CVE-2021-20254.patch: removed, included in new
1920 version.
1921 - debian/control: bump ldb Build-Depends to 2.2.3.
1922 - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
1923 - debian/patches/trusted_domain_regression_fix.patch: fix regression
1924 introduced in 4.13.14.
1925 - debian/patches/bug14901-*.patch: upstream patches to fix some
1926 mapping issues.
1927 - debian/patches/bug14918-*.patch: upstream patches to properly handle
1928 dangling symlinks.
1929 - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
1930 CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
1931
1932 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500
1933
1337samba (2:4.13.13+dfsg-1) unstable; urgency=high1934samba (2:4.13.13+dfsg-1) unstable; urgency=high
13381935
1339 [ Athos Ribeiro ]1936 [ Athos Ribeiro ]
@@ -1355,6 +1952,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high
13551952
1356 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +01001953 -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100
13571954
1955samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium
1956
1957 * No-change rebuild against liburing2
1958
1959 -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100
1960
1961samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
1962
1963 * d/samba.postinst: do not populate sambashare from the admin group
1964 (Debian packaging cherry-pick. LP: #1942195)
1965
1966 -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200
1967
1968samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium
1969
1970 * No-change rebuild due to OpenLDAP soname bump.
1971
1972 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400
1973
1974samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
1975
1976 * Merge with Debian unstable. Remaining changes:
1977 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
1978 - debian/smb.conf;
1979 + Add "(Samba, Ubuntu)" to server string.
1980 + Comment out the default [homes] share, and add a comment about
1981 "valid users = %s" to show users how to restrict access to
1982 \\server\username to only username.
1983 - d/control: Disable glusterfs support because it's not in main.
1984 MIR bug is https://launchpad.net/bugs/1274247
1985 - debian/control: Ubuntu i386 binary compatibility:
1986 + drop ceph support
1987 - d/control: add a versioned libgnutls28-dev build-depends to reduce
1988 the amount of in-tree crypto code that is built
1989 - d/control: enable the liburing vfs module, except on i386 where
1990 liburing is not available
1991 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
1992 Skip running the tests if on i386 platform, because the uring
1993 package is not available there.
1994 * Dropped changes:
1995 - debian/samba-common.config:
1996 + Do not change priority to high if dhclient3 is installed.
1997 [Included in 2:4.13.4+dfsg-1]
1998 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1999 change nfs service name from nfs to nfs-kernel-server
2000 (LP #722201)
2001 [Included in 2:4.13.4+dfsg-1]
2002 - d/p/ctdb-config-enable-syslog-by-default.patch:
2003 enable syslog and systemd journal by default
2004 [Included in 2:4.13.4+dfsg-1]
2005 - debian/rules: Ubuntu i386 binary compatibility:
2006 + drop ceph support
2007 + disable the following binary packages:
2008 - ctdb
2009 - libnss-winbind
2010 - libpam-winbind
2011 - python3-samba
2012 - samba
2013 - samba-common-bin
2014 - samba-testsuite
2015 - winbind
2016 [Included in 2:4.13.4+dfsg-1]
2017 - debian/rules: Ubuntu i386 binary compatibility:
2018 + re-enable the following binary packages:
2019 - libnss-winbind
2020 - samba-common-bin
2021 - python3-samba
2022 - winbind
2023 [Included in 2:4.13.4+dfsg-1]
2024 - SECURITY UPDATE: wrong group entries via negative idmap cache entries
2025 + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
2026 source3/passdb/lookup_sid.c.
2027 + CVE-2021-20254
2028 [Included in 2:4.13.5+dfsg-2]
2029
2030 -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300
2031
1358samba (2:4.13.5+dfsg-2) unstable; urgency=high2032samba (2:4.13.5+dfsg-2) unstable; urgency=high
13592033
1360 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group2034 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
@@ -1386,6 +2060,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium
13862060
1387 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +01002061 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100
13882062
2063samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
2064
2065 * SECURITY UPDATE: wrong group entries via negative idmap cache entries
2066 - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
2067 source3/passdb/lookup_sid.c.
2068 - CVE-2021-20254
2069
2070 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400
2071
2072samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
2073
2074 * No change rebuild to pick up liburing, and also
2075 fix d/t/cifs-share-access-uring. (LP: #1914145)
2076
2077 -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300
2078
2079samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
2080
2081 * Merge with Debian unstable. Remaining changes:
2082 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
2083 - debian/smb.conf;
2084 + Add "(Samba, Ubuntu)" to server string.
2085 + Comment out the default [homes] share, and add a comment about
2086 "valid users = %s" to show users how to restrict access to
2087 \\server\username to only username.
2088 - debian/samba-common.config:
2089 + Do not change priority to high if dhclient3 is installed.
2090 - d/control, d/rules: Disable glusterfs support because it's not in main.
2091 MIR bug is https://launchpad.net/bugs/1274247
2092 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2093 change nfs service name from nfs to nfs-kernel-server
2094 (LP #722201)
2095 - d/p/ctdb-config-enable-syslog-by-default.patch:
2096 enable syslog and systemd journal by default
2097 - debian/rules: Ubuntu i386 binary compatibility:
2098 + drop ceph support
2099 + disable the following binary packages:
2100 - ctdb
2101 - libnss-winbind
2102 - libpam-winbind
2103 - python3-samba
2104 - samba
2105 - samba-common-bin
2106 - samba-testsuite
2107 - winbind
2108 - debian/control: Ubuntu i386 binary compatibility:
2109 + drop ceph support
2110 - debian/rules: Ubuntu i386 binary compatibility:
2111 + re-enable the following binary packages:
2112 - libnss-winbind
2113 - samba-common-bin
2114 - python3-samba
2115 - winbind
2116 - d/control: add a versioned libgnutls28-dev build-depends to reduce
2117 the amount of in-tree crypto code that is built
2118 - d/control: enable the liburing vfs module, except on i386 where
2119 liburing is not available
2120 * Dropped changes, incorporated by Debian:
2121 - d/t/smbclient-anonymous-share-list: add set -x and set -e
2122 - Factor out common DEP8 test code into d/t/util and change the tests
2123 to source from it:
2124 + d/t/util: added
2125 + d/t/cifs-share-access, d/t/smbclient-share-access: source from
2126 util, use random share name and add set -x and set -u
2127 + d/t/smbclient-authenticated-share-list: source from util and add
2128 set -x and set -u
2129 - Add new DEP8 tests for the uring vfs module:
2130 + d/t/control: add smbclient-share-access-uring and
2131 cifs-share-access-uring tests
2132 + d/t/smbclient-share-access-uring: new test
2133 + d/t/cifs-share-access-uring: new test
2134 - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
2135 guard uring tests with a kernel version check and skip if it's too old
2136 * Added changes:
2137 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
2138 Skip running the tests if on i386 platform, because the uring
2139 package is not available there.
2140
2141 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500
2142
1389samba (2:4.13.3+dfsg-1) unstable; urgency=medium2143samba (2:4.13.3+dfsg-1) unstable; urgency=medium
13902144
1391 [ Andreas Hasenack ]2145 [ Andreas Hasenack ]
@@ -1401,6 +2155,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium
14012155
1402 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +01002156 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100
14032157
2158samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium
2159
2160 * Merge with Debian unstable (LP: #1905048). Remaining changes:
2161 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
2162 - debian/smb.conf;
2163 + Add "(Samba, Ubuntu)" to server string.
2164 + Comment out the default [homes] share, and add a comment about
2165 "valid users = %s" to show users how to restrict access to
2166 \\server\username to only username.
2167 - debian/samba-common.config:
2168 + Do not change priority to high if dhclient3 is installed.
2169 - d/control, d/rules: Disable glusterfs support because it's not in main.
2170 MIR bug is https://launchpad.net/bugs/1274247
2171 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2172 change nfs service name from nfs to nfs-kernel-server
2173 (LP #722201)
2174 - d/p/ctdb-config-enable-syslog-by-default.patch:
2175 enable syslog and systemd journal by default
2176 - debian/rules: Ubuntu i386 binary compatibility:
2177 + drop ceph support
2178 + disable the following binary packages:
2179 - ctdb
2180 - libnss-winbind
2181 - libpam-winbind
2182 - python3-samba
2183 - samba
2184 - samba-common-bin
2185 - samba-testsuite
2186 - winbind
2187 - debian/control: Ubuntu i386 binary compatibility:
2188 + drop ceph support
2189 - debian/rules: Ubuntu i386 binary compatibility:
2190 + re-enable the following binary packages:
2191 - libnss-winbind
2192 - samba-common-bin
2193 - python3-samba
2194 - winbind
2195 - d/control: add a versioned libgnutls28-dev build-depends to reduce
2196 the amount of in-tree crypto code that is built
2197 * d/t/smbclient-anonymous-share-list: add set -x and set -e
2198 * Factor out common DEP8 test code into d/t/util and change the tests
2199 to source from it:
2200 - d/t/util: added
2201 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
2202 util, use random share name and add set -x and set -u
2203 - d/t/smbclient-authenticated-share-list: source from util and add
2204 set -x and set -u
2205 * d/control: enable the liburing vfs module, except on i386 where
2206 liburing is not available
2207 * Add new DEP8 tests for the uring vfs module:
2208 - d/t/control: add smbclient-share-access-uring and
2209 cifs-share-access-uring tests
2210 - d/t/smbclient-share-access-uring: new test
2211 - d/t/cifs-share-access-uring: new test
2212 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
2213 guard uring tests with a kernel version check and skip if it's too old
2214 * Dropped changes:
2215 - SECURITY UPDATE: Unauthenticated domain controller compromise by
2216 subverting Netlogon cryptography (ZeroLogon)
2217 + debian/patches/zerologon-*.patch: backport upstream patches:
2218 + For compatibility reasons, allow specifying an insecure netlogon
2219 configuration per machine. See the following link for examples:
2220 https://www.samba.org/samba/security/CVE-2020-1472.html
2221 + Add additional server checks for the protocol attack in the
2222 client-specified challenge to provide some protection when
2223 'server schannel = no/auto' and avoid the false-positive results
2224 when running the proof-of-concept exploit.
2225 [ Incorporated by upstream. ]
2226 - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
2227 + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
2228 get set unless the directory handle is open for SEC_DIR_LIST in
2229 source4/torture/smb2/notify.c, source3/smbd/notify.c.
2230 + CVE-2020-14318
2231 - SECURITY UPDATE: Unprivileged user can crash winbind
2232 + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
2233 source3/winbindd/winbindd_lookupsids.c,
2234 source4/torture/winbind/struct_based.c.
2235 + CVE-2020-14323
2236 - SECURITY UPDATE: DNS server crash via invalid records
2237 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
2238 with NULL and do not crash when additional data not found in
2239 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2240 + CVE-2020-14383
2241 [ Incorporated by upstream. ]
2242
2243 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500
2244
1404samba (2:4.13.2+dfsg-3) unstable; urgency=medium2245samba (2:4.13.2+dfsg-3) unstable; urgency=medium
14052246
1406 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)2247 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
@@ -1446,6 +2287,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium
14462287
1447 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +01002288 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100
14482289
2290samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
2291
2292 * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
2293 - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
2294 get set unless the directory handle is open for SEC_DIR_LIST in
2295 source4/torture/smb2/notify.c, source3/smbd/notify.c.
2296 - CVE-2020-14318
2297 * SECURITY UPDATE: Unprivileged user can crash winbind
2298 - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
2299 source3/winbindd/winbindd_lookupsids.c,
2300 source4/torture/winbind/struct_based.c.
2301 - CVE-2020-14323
2302 * SECURITY UPDATE: DNS server crash via invalid records
2303 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
2304 with NULL and do not crash when additional data not found in
2305 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
2306 - CVE-2020-14383
2307
2308 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400
2309
2310samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
2311
2312 * SECURITY UPDATE: Unauthenticated domain controller compromise by
2313 subverting Netlogon cryptography (ZeroLogon)
2314 - debian/patches/zerologon-*.patch: backport upstream patches:
2315 + For compatibility reasons, allow specifying an insecure netlogon
2316 configuration per machine. See the following link for examples:
2317 https://www.samba.org/samba/security/CVE-2020-1472.html
2318 + Add additional server checks for the protocol attack in the
2319 client-specified challenge to provide some protection when
2320 'server schannel = no/auto' and avoid the false-positive results
2321 when running the proof-of-concept exploit.
2322 - CVE-2020-1472
2323
2324 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400
2325
2326samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
2327
2328 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
2329 guard uring tests with a kernel version check and skip if it's too old
2330
2331 -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300
2332
2333samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
2334
2335 * d/t/smbclient-anonymous-share-list: add set -x and set -e
2336 * Factor out common DEP8 test code into d/t/util and change the tests
2337 to source from it:
2338 - d/t/util: added
2339 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
2340 util, use random share name and add set -x and set -u
2341 - d/t/smbclient-authenticated-share-list: source from util and add
2342 set -x and set -u
2343 * d/control: enable the liburing vfs module, except on i386 where
2344 liburing is not available
2345 * Add new DEP8 tests for the uring vfs module:
2346 - d/t/control: add smbclient-share-access-uring and
2347 cifs-share-access-uring tests
2348 - d/t/smbclient-share-access-uring: new test
2349 - d/t/cifs-share-access-uring: new test
2350
2351 -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300
2352
2353samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
2354
2355 * Merge with Debian unstable. Remaining changes:
2356 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
2357 - debian/smb.conf;
2358 + Add "(Samba, Ubuntu)" to server string.
2359 + Comment out the default [homes] share, and add a comment about
2360 "valid users = %s" to show users how to restrict access to
2361 \\server\username to only username.
2362 - debian/samba-common.config:
2363 + Do not change priority to high if dhclient3 is installed.
2364 - d/control, d/rules: Disable glusterfs support because it's not in main.
2365 MIR bug is https://launchpad.net/bugs/1274247
2366 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2367 change nfs service name from nfs to nfs-kernel-server
2368 (LP #722201)
2369 - d/p/ctdb-config-enable-syslog-by-default.patch:
2370 enable syslog and systemd journal by default
2371 - debian/rules: Ubuntu i386 binary compatibility:
2372 + drop ceph support
2373 + disable the following binary packages:
2374 - ctdb
2375 - libnss-winbind
2376 - libpam-winbind
2377 - python3-samba
2378 - samba
2379 - samba-common-bin
2380 - samba-testsuite
2381 - winbind
2382 - debian/control: Ubuntu i386 binary compatibility:
2383 + drop ceph support
2384 - debian/rules: Ubuntu i386 binary compatibility:
2385 + re-enable the following binary packages:
2386 - libnss-winbind
2387 - samba-common-bin
2388 - python3-samba
2389 - winbind
2390 - d/control: add a versioned libgnutls28-dev build-depends to reduce
2391 the amount of in-tree crypto code that is built
2392 * Dropped:
2393 - d/gbp.conf, d/watch, d/README.source: update for 4.12
2394 [In 2:4.12.3+dfsg-1]
2395 - d/control: bump build-depends:
2396 + ldb: 2.1.2
2397 + tevent: 0.10.2
2398 + tdb: 1.4.3
2399 + talloc: 2.3.1
2400 [In 2:4.12.3+dfsg-1]
2401 - d/smbclient.install: add new binary mdfind and its manpage
2402 [In 2:4.12.3+dfsg-1]
2403 - d/samba-dev.install, d/samba-libs.install: new lib
2404 libdcerpc-server-core
2405 [In 2:4.12.3+dfsg-1]
2406 - d/samba-libs.install: new library libtalloc-report-printf
2407 [In 2:4.12.3+dfsg-1]
2408 - d/libwbclient0.install: remove libaesni, no longer built when
2409 gnutls provides AES CMAC
2410 [In 2:4.12.3+dfsg-1]
2411 - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
2412 [In 2:4.12.3+dfsg-1]
2413 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
2414 [Dropped in 2:4.12.3+dfsg-1]
2415 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
2416 [Dropped in 2:4.12.3+dfsg-1]
2417 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
2418 [Dropped in 2:4.12.3+dfsg-1]
2419
2420 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300
2421
1449samba (2:4.12.5+dfsg-3) unstable; urgency=high2422samba (2:4.12.5+dfsg-3) unstable; urgency=high
14502423
1451 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump2424 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
@@ -1510,6 +2483,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium
15102483
1511 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +02002484 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200
15122485
2486samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
2487
2488 * New upstream version: 4.12.2
2489 * d/gbp.conf, d/watch, d/README.source: update for 4.12
2490 * d/control: bump build-depends:
2491 - ldb: 2.1.2
2492 - tevent: 0.10.2
2493 - tdb: 1.4.3
2494 - talloc: 2.3.1
2495 * d/smbclient.install: add new binary mdfind and its manpage
2496 * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
2497 * d/samba-libs.install: new library libtalloc-report-printf
2498 * d/libwbclient0.install: remove libaesni, no longer built when
2499 gnutls provides AES CMAC
2500 * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
2501 * d/control: add a versioned libgnutls28-dev build-depends to reduce
2502 the amount of in-tree crypto code that is built
2503 * Dropped (applied upstream):
2504 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
2505 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
2506 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
2507 - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
2508
2509 -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300
2510
2511samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
2512
2513 * SECURITY UPDATE: Use-after-free in AD DC LDAP server
2514 - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
2515 combination with paged_results in selftest/knownfail.d/asq,
2516 source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
2517 - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
2518 for the GUID search in paged_results in selftest/knownfail.d/asq,
2519 source4/dsdb/samdb/ldb_modules/paged_results.c.
2520 - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
2521 Build-Depends to 2.0.10.
2522 - CVE-2020-10700
2523 * SECURITY UPDATE: Stack overflow in AD DC LDAP server
2524 - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
2525 auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
2526 lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
2527 libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
2528 source3/lib/tldap.c, source3/lib/tldap_util.c,
2529 source3/libsmb/clispnego.c, source3/torture/torture.c,
2530 source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
2531 source4/libcli/ldap/ldap_client.c,
2532 source4/libcli/ldap/ldap_controls.c.
2533 - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
2534 lib/util/asn1.c.
2535 - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
2536 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
2537 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
2538 lib/param/loadparm.c, source3/param/loadparm.c.
2539 - debian/patches/CVE-2020-10704-6.patch: limit request sizes in
2540 source4/ldap_server/ldap_server.c.
2541 - debian/patches/CVE-2020-10704-7.patch: add search size limits to
2542 ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
2543 lib/param/loadparm.c, libcli/cldap/cldap.c,
2544 libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
2545 source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
2546 source4/libcli/ldap/ldap_client.c.
2547 - debian/patches/CVE-2020-10704-8.patch: check search request lengths
2548 in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
2549 - CVE-2020-10704
2550
2551 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400
2552
2553samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium
2554
2555 * New upstream release: 4.11.6
2556 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream
2557
2558 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300
2559
2560samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium
2561
2562 * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324)
2563
2564 -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300
2565
2566samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
2567
2568 * Merge with Debian unstable. Remaining changes:
2569 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2570 - debian/smb.conf;
2571 + Add "(Samba, Ubuntu)" to server string.
2572 + Comment out the default [homes] share, and add a comment about
2573 "valid users = %s" to show users how to restrict access to
2574 \\server\username to only username.
2575 - debian/samba-common.config:
2576 + Do not change priority to high if dhclient3 is installed.
2577 - d/control, d/rules: Disable glusterfs support because it's not in main.
2578 MIR bug is https://launchpad.net/bugs/1274247
2579 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2580 change nfs service name from nfs to nfs-kernel-server
2581 (LP #722201)
2582 - d/p/ctdb-config-enable-syslog-by-default.patch:
2583 enable syslog and systemd journal by default
2584 - debian/rules: Ubuntu i386 binary compatibility:
2585 + drop ceph support
2586 + disable the following binary packages:
2587 - ctdb
2588 - libnss-winbind
2589 - libpam-winbind
2590 - python3-samba
2591 - samba
2592 - samba-common-bin
2593 - samba-testsuite
2594 - winbind
2595 - debian/control: Ubuntu i386 binary compatibility:
2596 + drop ceph support
2597 - debian/rules: Ubuntu i386 binary compatibility:
2598 + re-enable the following binary packages:
2599 - libnss-winbind
2600 - samba-common-bin
2601 - python3-samba
2602 - winbind
2603 * Dropped:
2604 - d/control: drop python3-matplotlib. It's only used in
2605 script/attr_count_read which is not installed with the
2606 samba packages.
2607 [In 2:4.11.3+dfsg-1]
2608
2609 -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300
2610
1513samba (2:4.11.5+dfsg-1) unstable; urgency=medium2611samba (2:4.11.5+dfsg-1) unstable; urgency=medium
15142612
1515 * New upstream security release2613 * New upstream security release
@@ -1537,6 +2635,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high
15372635
1538 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +01002636 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100
15392637
2638samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium
2639
2640 * Ubuntu i386 binary compatibility effort: (LP: #1861316)
2641 - debian/rules:
2642 + re-enable the following binary packages generation:
2643 - libnss-winbind
2644 - samba-common-bin
2645 - python3-samba
2646 - winbind
2647
2648 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000
2649
2650samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium
2651
2652 * No-change rebuild to build with python3.8.
2653
2654 -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000
2655
2656samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium
2657
2658 * Ubuntu i386 binary compatibility effort: (LP: #1858479)
2659 - debian/control:
2660 + drop ceph support
2661 - debian/rules:
2662 + drop ceph support
2663 + disable the following binary packages generation:
2664 - ctdb
2665 - libnss-winbind
2666 - libpam-winbind
2667 - python3-samba
2668 - samba
2669 - samba-common-bin
2670 - samba-testsuite
2671 - winbind
2672
2673 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000
2674
2675samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium
2676
2677 * Merge with Debian unstable. Remaining changes:
2678 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2679 - debian/smb.conf;
2680 + Add "(Samba, Ubuntu)" to server string.
2681 + Comment out the default [homes] share, and add a comment about
2682 "valid users = %s" to show users how to restrict access to
2683 \\server\username to only username.
2684 - debian/samba-common.config:
2685 + Do not change priority to high if dhclient3 is installed.
2686 - d/control, d/rules: Disable glusterfs support because it's not in main.
2687 MIR bug is https://launchpad.net/bugs/1274247
2688 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
2689 change nfs service name from nfs to nfs-kernel-server
2690 (LP #722201)
2691 [Adopted the Debian version and added a couple of extra hunks
2692 we had]
2693 - d/p/ctdb-config-enable-syslog-by-default.patch:
2694 enable syslog and systemd journal by default
2695 * Dropped:
2696 - Add apport hook:
2697 + Created debian/source_samba.py.
2698 + debian/rules, debian/samba-common-bin.install: install hook.
2699 [In 2:4.9.4+dfsg-2]
2700 - Removed patches already applied upstream:
2701 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
2702 [Removed in 2:4.10.7+dfsg-1]
2703 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
2704 [Removed in 4.9.5+dfsg-1]
2705 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
2706 [Refreshed in 2:4.1.17+dfsg-1]
2707 - d/control: Updated build dependencies (already updated in Debian):
2708 + tdb >= 1.3.17
2709 + talloc >= 2.1.15
2710 + tevent >= 0.9.38
2711 + ldb >= 1.5.3
2712 - d/samba-common.docs: README is now README.md
2713 [In 2:4.10.7+dfsg-1]
2714 - d/libsmbclient.symbols: update symbols for this version
2715 - d/libwbclient0.symbols: update symbols for this version
2716 - d/ctdb.install: new binary ctdb_local_daemons
2717 [In 2:4.10.7+dfsg-1]
2718 - d/samba-dev.install: use globbing for the header files with
2719 exceptions for wbclient.h and libsmbclient.h, which belong in
2720 other packages.
2721 [In 2:4.10.7+dfsg-1]
2722 - d/rules: fix globbing used to move the dckeytab python module to the
2723 samba package, and add a comment explaining why this is being done.
2724 [In 2:4.10.7+dfsg-1]
2725 - Switch to python3 (in 2:4.10.7+dfsg-1):
2726 + d/rules: calculate the ldb version using python3, and drop the
2727 "really" bit since the real 1.5.x series is being used now.
2728 + d/rules: make sure python3 is used for the build
2729 + d/rules: adjust globbing to remove the python3 version of tevent.so
2730 + d/rules: drop PYVERS, unused
2731 + d/control: adjust dependencies (build and runtime) for python3
2732 + d/python3-samba.install, d/control: new python3-samba package
2733 (LP #1440381)
2734 + d/control, d/python-samba.install: get rid of python-samba, which is py2
2735 + d/python3-samba.lintian-overrides: use the same overrides we had for
2736 python-samba, now deleted.
2737 + d/samba-dev.install, d/samba-libs.install: update file list
2738 + d/t/control, d/t/python-smoke: use python3
2739 + d/control: use ${python3:Depends} now instead of the python 2
2740 counterpart for samba and samba-common-bin.
2741 - d/control: drop suggests for python-gpgme, it's no longer available.
2742 [In 2:4.10.7+dfsg-1]
2743 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
2744 [In 2:4.10.7+dfsg-1]
2745 - d/control: update cmocka build-depends to >= 1.1.3
2746 [In 2:4.10.7+dfsg-1]
2747 - d/samba-libs.install: bump passdb minor to 0.27.2
2748 [In 2:4.10.7+dfsg-1]
2749 - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
2750 to allow pid file to exist (LP #1821775)
2751 [In 2:4.10.7+dfsg-1]
2752 - Allow proper ctdb initalization (LP #1828799):
2753 + d/ctdb.dirs: added /var/lib/ctdb/* directories
2754 + d/ctdb.postrm: remove leftovers from:
2755 /var/lib/ctdb/{state,persistent,volatile,scripts}
2756 [In 2:4.10.7+dfsg-1]
2757 - d/rules: installing provided config examples and helper scripts
2758 - Examples of NFS HA CTDB config files + helper script:
2759 + d/ctdb.example.enable.nfs.sh
2760 + d/ctdb.example.nfs-common
2761 + d/ctdb.example.nfs-kernel-server
2762 + d/ctdb.example.services
2763 + d/ctdb.example.sysctl-nfs-static-ports.conf
2764 [In 2:4.10.7+dfsg-1]
2765 - debian/rules: Make DEB_HOST_ARCH_CPU initialized through
2766 dpkg-architecture (Closes: #931138)
2767 [In 2:4.10.7+dfsg-1]
2768 - d/control: update ldb build-deps to 1.5.5
2769 [In 2:4.10.7+dfsg-1]
2770 - SECURITY UPDATE: restricted share escape by user (LP #1842533)
2771 [fixed upstream in 4.11.0rc2]
2772 + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
2773 out impersonation debug info into a new function.
2774 + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
2775 change_to_user_internal() always resets current_user.done_chdir
2776 + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
2777 reset current_user.{need,done}_chdir in become_root()
2778 + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
2779 fsrvp_share its own independent subdirectory
2780 + debian/patches/CVE-2019-10197-05-v4-10.patch:
2781 test_smbclient_s3.sh: add regression test for the no permission
2782 on share root problem
2783 + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
2784 change_to_user_impersonate() out of change_to_user_internal()
2785 + CVE-2019-10197
2786 * Added:
2787 - d/control: drop python3-matplotlib. It's only used in
2788 script/attr_count_read which is not installed with the
2789 samba packages.
2790
2791 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300
2792
1540samba (2:4.11.1+dfsg-3) unstable; urgency=medium2793samba (2:4.11.1+dfsg-3) unstable; urgency=medium
15412794
1542 * Add some python dependencies:2795 * Add some python dependencies:
@@ -1745,6 +2998,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium
17452998
1746 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +02002999 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200
17473000
3001samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium
3002
3003 * No-change rebuild to build with python3.8.
3004
3005 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000
3006
3007samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium
3008
3009 * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
3010 - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
3011 out impersonation debug info into a new function.
3012 - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
3013 change_to_user_internal() always resets current_user.done_chdir
3014 - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
3015 reset current_user.{need,done}_chdir in become_root()
3016 - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
3017 fsrvp_share its own independent subdirectory
3018 - debian/patches/CVE-2019-10197-05-v4-10.patch:
3019 test_smbclient_s3.sh: add regression test for the no permission
3020 on share root problem
3021 - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
3022 change_to_user_impersonate() out of change_to_user_internal()
3023 - CVE-2019-10197
3024
3025 -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700
3026
3027samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium
3028
3029 * New upstream version: 4.10.7
3030 - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped,
3031 included upstream in 4.10.7
3032
3033 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300
3034
3035samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium
3036
3037 * New upstream version: 4.10.6
3038 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update
3039 the Debian config and use it.
3040 - d/control: update ldb build-deps to 1.5.5
3041 * Dropped:
3042 - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5
3043 - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5
3044 - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3
3045 - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2
3046 - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2
3047 - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1
3048 - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed
3049 upstream in 4.10.5
3050
3051 -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300
3052
3053samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium
3054
3055 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
3056 change service name from nfs to nfs-kernel-server in
3057 legacy script 06.nfs.script also (LP: #722201)
3058
3059 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000
3060
3061samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium
3062
3063 * debian/rules: Make DEB_HOST_ARCH_CPU initialized through
3064 dpkg-architecture (Closes: #931138)
3065 * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch:
3066 fix tcp_tw_recycle existence check. (LP: #722201)
3067 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
3068 change nfs service name from nfs to nfs-kernel-server
3069 (LP: #722201)
3070 * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
3071 to allow pid file to exist (LP: #1821775)
3072 * Allow proper ctdb initialization (LP: #1828799):
3073 - d/ctdb.dirs: added /var/lib/ctdb/* directories
3074 - d/ctdb.postrm: remove leftovers from:
3075 /var/lib/ctdb/{state,persistent,volatile,scripts}
3076 * d/rules: installing provided config examples and helper scripts
3077 * Examples of NFS HA CTDB config files + helper script:
3078 - d/ctdb.example.enable.nfs.sh
3079 - d/ctdb.example.nfs-common
3080 - d/ctdb.example.nfs-kernel-server
3081 - d/ctdb.example.services
3082 - d/ctdb.example.sysctl-nfs-static-ports.conf
3083 * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch:
3084 do not try to start daemon if /etc/ctdb/nodes does not exist
3085 * d/p/ctdb-config-enable-syslog-by-default.patch:
3086 enable syslog and systemd journal by default
3087
3088 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000
3089
3090samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
3091
3092 * SECURITY UPDATE: zone operations can crash rpc server
3093 - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
3094 not found in DnssrvOperation in
3095 python/samba/tests/dcerpc/dnsserver.py,
3096 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
3097 - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
3098 not found in DnssrvOperation2 in
3099 python/samba/tests/dcerpc/dnsserver.py,
3100 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
3101 - CVE-2019-12435
3102 * SECURITY UPDATE: paged_searches crash on LDAP and homes access
3103 - debian/patches/CVE-2019-12436.patch: ignore successful results
3104 without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
3105 source4/dsdb/tests/python/vlv.py.
3106 - CVE-2019-12436
3107
3108 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400
3109
3110samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium
3111
3112 * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
3113 - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
3114 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
3115 source4/torture/krb5/kdc-canon-heimdal.c.
3116 - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
3117 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
3118 source4/heimdal/kdc/krb5tgs.c.
3119 - CVE-2018-16860
3120
3121 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400
3122
3123samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium
3124
3125 * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
3126 - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
3127 umask being overwritten in python/samba/tests/ntacls_backup.py,
3128 python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
3129 selftest/knownfail.d/umask-leak.
3130 - debian/patches/CVE-2019-3870-2.patch: add test to check
3131 file-permissions are correct after provision in
3132 selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
3133 source4/setup/tests/provision_fileperms.sh.
3134 - debian/patches/CVE-2019-3870-3.patch: include tests to show the
3135 outside umask has no impact in python/samba/tests/ntacls_backup.py,
3136 python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
3137 - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
3138 close as possible to users in source3/smbd/pysmbd.c,
3139 selftest/knownfail.d/provision_fileperms,
3140 selftest/knownfail.d/umask-leak.
3141 - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
3142 smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
3143 source3/smbd/pysmbd.c.
3144 - CVE-2019-3870
3145 * SECURITY UPDATE: save registry file outside share as unprivileged user
3146 - debian/patches/CVE-2019-3880.patch: remove implementations of
3147 SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
3148 - CVE-2019-3880
3149
3150 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400
3151
3152samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium
3153
3154 * New upstream version: 4.10.0
3155 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
3156 - d/control: update cmocka build-depends to >= 1.1.3
3157 - d/samba-libs.install: bump passdb minor to 0.27.2
3158 * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to
3159 Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846)
3160
3161 -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300
3162
3163samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium
3164
3165 * New upstream version 4.10.0rc4 (LP: #1818518):
3166 - Removed patches already applied upstream:
3167 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
3168 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
3169 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
3170 - d/control: Updated build dependencies:
3171 + tdb >= 1.3.17
3172 + talloc >= 2.1.15
3173 + tevent >= 0.9.38
3174 + ldb >= 1.5.3
3175 - d/samba-common.docs: README is now README.md
3176 - d/libsmbclient.symbols: update symbols for this version
3177 - d/libwbclient0.symbols: update symbols for this version
3178 - d/ctdb.install: new binary ctdb_local_daemons
3179 - d/samba-dev.install: use globbing for the header files with
3180 exceptions for wbclient.h and libsmbclient.h, which belong in
3181 other packages.
3182 - d/rules: fix globbing used to move the dckeytab python module to the
3183 samba package, and add a comment explaining why this is being done.
3184 * Switch to python3:
3185 - d/rules: calculate the ldb version using python3, and drop the
3186 "really" bit since the real 1.5.x series is being used now.
3187 - d/rules: make sure python3 is used for the build
3188 - d/rules: adjust globbing to remove the python3 version of tevent.so
3189 - d/rules: drop PYVERS, unused
3190 - d/control: adjust dependencies (build and runtime) for python3
3191 - d/python3-samba.install, d/control: new python3-samba package
3192 (LP: #1440381)
3193 - d/control, d/python-samba.install: get rid of python-samba, which is py2
3194 - d/python3-samba.lintian-overrides: use the same overrides we had for
3195 python-samba, now deleted.
3196 - d/samba-dev.install, d/samba-libs.install: update file list
3197 - d/t/control, d/t/python-smoke: use python3
3198 - d/control: use ${python3:Depends} now instead of the python 2
3199 counterpart for samba and samba-common-bin.
3200 * d/control: drop suggests for python-gpgme, it's no longer available.
3201
3202 -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000
3203
1748samba (2:4.9.5+dfsg-1) experimental; urgency=medium3204samba (2:4.9.5+dfsg-1) experimental; urgency=medium
17493205
1750 * New upstream release3206 * New upstream release
@@ -1789,6 +3245,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium
17893245
1790 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +01003246 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100
17913247
3248samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium
3249
3250 * Merge with Debian unstable. Remaining changes:
3251 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3252 - debian/smb.conf;
3253 + Add "(Samba, Ubuntu)" to server string.
3254 + Comment out the default [homes] share, and add a comment about
3255 "valid users = %s" to show users how to restrict access to
3256 \\server\username to only username.
3257 - debian/samba-common.config:
3258 + Do not change priority to high if dhclient3 is installed.
3259 - Add apport hook:
3260 + Created debian/source_samba.py.
3261 + debian/rules, debian/samba-common-bin.install: install hook.
3262 - d/control, d/rules: Disable glusterfs support because it's not in main.
3263 MIR bug is https://launchpad.net/bugs/1274247
3264 * Dropped:
3265 - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
3266 failing without a valid idmap configuration. This fixes the smbd startup
3267 on a standalone server where winbind is available and running. Thanks to
3268 Stefan Metzmacher <metze@samba.org>. (LP #1806035)
3269 [Fixed in 2:4.9.4+dfsg-1]
3270
3271 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200
3272
1792samba (2:4.9.4+dfsg-1) unstable; urgency=medium3273samba (2:4.9.4+dfsg-1) unstable; urgency=medium
17933274
1794 * New upstream release3275 * New upstream release
@@ -1799,6 +3280,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium
17993280
1800 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +01003281 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100
18013282
3283samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium
3284
3285 * No-change rebuild for readline soname change.
3286
3287 -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000
3288
3289samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
3290
3291 * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
3292 failing without a valid idmap configuration. This fixes the smbd startup
3293 on a standalone server where winbind is available and running. Thanks to
3294 Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
3295
3296 -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
3297
3298samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
3299
3300 * Merge with Debian unstable. Remaining changes:
3301 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3302 - debian/smb.conf;
3303 + Add "(Samba, Ubuntu)" to server string.
3304 + Comment out the default [homes] share, and add a comment about
3305 "valid users = %s" to show users how to restrict access to
3306 \\server\username to only username.
3307 - debian/samba-common.config:
3308 + Do not change priority to high if dhclient3 is installed.
3309 - Add apport hook:
3310 + Created debian/source_samba.py.
3311 + debian/rules, debian/samba-common-bin.install: install hook.
3312 - d/control, d/rules: Disable glusterfs support because it's not in main.
3313 MIR bug is https://launchpad.net/bugs/1274247
3314 * Dropped:
3315 - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
3316 errors (LP: 1795772)
3317 [Fixed upstream]
3318
3319 -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200
3320
1802samba (2:4.9.2+dfsg-2) unstable; urgency=high3321samba (2:4.9.2+dfsg-2) unstable; urgency=high
18033322
1804 * New upstream security release3323 * New upstream security release
@@ -1908,6 +3427,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium
19083427
1909 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +02003428 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200
19103429
3430samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium
3431
3432 * No-change rebuild against libldb1 1.4.2
3433
3434 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000
3435
3436samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high
3437
3438 [ Karl Stenerud ]
3439 * d/p/fix-rmdir.patch: Fix to make the samba client library report
3440 directory-not-empty errors (LP: #1795772)
3441
3442 -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300
3443
3444samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
3445
3446 * Merge with Debian unstable (LP: #1778125). Remaining changes:
3447 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3448 - debian/smb.conf;
3449 + Add "(Samba, Ubuntu)" to server string.
3450 + Comment out the default [homes] share, and add a comment about
3451 "valid users = %s" to show users how to restrict access to
3452 \\server\username to only username.
3453 - debian/samba-common.config:
3454 + Do not change priority to high if dhclient3 is installed.
3455 - Add apport hook:
3456 + Created debian/source_samba.py.
3457 + debian/rules, debian/samba-common-bin.install: install hook.
3458 - d/control, d/rules: Disable glusterfs support because it's not in main.
3459 MIR bug is https://launchpad.net/bugs/1274247
3460 * Drop:
3461 - Add extra DEP8 tests to samba (LP #1696823):
3462 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3463 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3464 anonymously
3465 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3466 shares using an authenticated connection
3467 + d/t/control, d/t/smbclient-share-access: create a share and download a
3468 file from it
3469 [Accepted by Debian in 2:4.7.4+dfsg-2]
3470 - d/samba-common.dhcp: If systemctl is available, use it to query the
3471 status of the smbd service before trying to reload it. Otherwise,
3472 keep the same check as before and reload the service based on the
3473 existence of the initscript. (LP #1579597)
3474 [In Debian since 2:4.7.4+dfsg-2]
3475 - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
3476 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
3477 Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
3478 [Fixed upstream]
3479
3480 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300
3481
1911samba (2:4.8.4+dfsg-2) unstable; urgency=high3482samba (2:4.8.4+dfsg-2) unstable; urgency=high
19123483
1913 * Fix typo in previous release: s/usefull/useful/3484 * Fix typo in previous release: s/usefull/useful/
@@ -2065,6 +3636,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
20653636
2066 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +01003637 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100
20673638
3639samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
3640
3641 * No change rebuild to link with new ldb 1.3.3
3642
3643 -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300
3644
3645samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
3646
3647 * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
3648 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
3649 Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
3650
3651 -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300
3652
3653samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
3654
3655 * New upstream version:
3656 - Fix database corruption bug when upgrading from samba 4.6 or lower
3657 AD controllers (LP: #1755057)
3658 - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
3659 * Remaining changes:
3660 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3661 - debian/smb.conf;
3662 + Add "(Samba, Ubuntu)" to server string.
3663 + Comment out the default [homes] share, and add a comment about
3664 "valid users = %s" to show users how to restrict access to
3665 \\server\username to only username.
3666 - debian/samba-common.config:
3667 + Do not change priority to high if dhclient3 is installed.
3668 - Add apport hook:
3669 + Created debian/source_samba.py.
3670 + debian/rules, debian/samba-common-bin.install: install hook.
3671 - Add extra DEP8 tests to samba (LP #1696823):
3672 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3673 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3674 anonymously
3675 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3676 shares using an authenticated connection
3677 + d/t/control, d/t/smbclient-share-access: create a share and download a
3678 file from it
3679 - d/samba-common.dhcp: If systemctl is available, use it to query the
3680 status of the smbd service before trying to reload it. Otherwise,
3681 keep the same check as before and reload the service based on the
3682 existence of the initscript. (LP #1579597)
3683 - d/control, d/rules: Disable glusterfs support because it's not in main.
3684 MIR bug is https://launchpad.net/bugs/1274247
3685
3686 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300
3687
2068samba (2:4.7.4+dfsg-2) unstable; urgency=high3688samba (2:4.7.4+dfsg-2) unstable; urgency=high
20693689
2070 [ Mathieu Parent ]3690 [ Mathieu Parent ]
@@ -2095,6 +3715,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
20953715
2096 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +01003716 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100
20973717
3718samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
3719
3720 * Merge with Debian unstable (LP: #1744779). Remaining changes:
3721 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3722 - debian/smb.conf;
3723 + Add "(Samba, Ubuntu)" to server string.
3724 + Comment out the default [homes] share, and add a comment about
3725 "valid users = %s" to show users how to restrict access to
3726 \\server\username to only username.
3727 - debian/samba-common.config:
3728 + Do not change priority to high if dhclient3 is installed.
3729 - Add apport hook:
3730 + Created debian/source_samba.py.
3731 + debian/rules, debian/samba-common-bin.install: install hook.
3732 - Add extra DEP8 tests to samba (LP #1696823):
3733 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
3734 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
3735 anonymously
3736 + d/t/control, d/t/smbclient-authenticated-share-list: list available
3737 shares using an authenticated connection
3738 + d/t/control, d/t/smbclient-share-access: create a share and download a
3739 file from it
3740 - d/samba-common.dhcp: If systemctl is available, use it to query the
3741 status of the smbd service before trying to reload it. Otherwise,
3742 keep the same check as before and reload the service based on the
3743 existence of the initscript. (LP #1579597)
3744 - d/control, d/rules: Disable glusterfs support because it's not in main.
3745 MIR bug is https://launchpad.net/bugs/1274247
3746
3747 -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200
3748
2098samba (2:4.7.4+dfsg-1) unstable; urgency=medium3749samba (2:4.7.4+dfsg-1) unstable; urgency=medium
20993750
2100 * New upstream version3751 * New upstream version
@@ -2111,6 +3762,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
21113762
2112 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +01003763 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100
21133764
3765samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
3766
3767 * Merge with Debian; remaining changes:
3768 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3769 - debian/smb.conf;
3770 + Add "(Samba, Ubuntu)" to server string.
3771 + Comment out the default [homes] share, and add a comment about
3772 "valid users = %s" to show users how to restrict access to
3773 \\server\username to only username.
3774 - debian/samba-common.config:
3775 + Do not change priority to high if dhclient3 is installed.
3776 - Add apport hook:
3777 + Created debian/source_samba.py.
3778 + debian/rules, debian/samba-common-bin.install: install hook.
3779 - Add extra DEP8 tests to samba (LP #1696823):
3780 + d/t/control: enable the new DEP8 tests
3781 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3782 + d/t/smbclient-authenticated-share-list: list available shares using
3783 an authenticated connection
3784 + d/t/smbclient-share-access: create a share and download a file from it
3785 + d/t/cifs-share-access: access a file in a share using cifs
3786 - Ask the user if we can run testparm against the config file. If yes,
3787 include its stderr and exit status in the bug report. Otherwise, only
3788 include the exit status. (LP #1694334)
3789 - If systemctl is available, use it to query the status of the smbd
3790 service before trying to reload it. Otherwise, keep the same check
3791 as before and reload the service based on the existence of the
3792 initscript. (LP #1579597)
3793 - d/rules: Compile winbindd/winbindd statically.
3794 - Disable glusterfs support because it's not in main.
3795 MIR bug is https://launchpad.net/bugs/1274247
3796 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3797 mountpoints and correctly filter by the cifs filesystem type.
3798
3799 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500
3800
2114samba (2:4.7.3+dfsg-1) unstable; urgency=high3801samba (2:4.7.3+dfsg-1) unstable; urgency=high
21153802
2116 * New upstream version3803 * New upstream version
@@ -2134,6 +3821,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
21343821
2135 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +01003822 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100
21363823
3824samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
3825
3826 * Merge with Debian; remaining changes:
3827 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3828 - debian/smb.conf;
3829 + Add "(Samba, Ubuntu)" to server string.
3830 + Comment out the default [homes] share, and add a comment about
3831 "valid users = %s" to show users how to restrict access to
3832 \\server\username to only username.
3833 - debian/samba-common.config:
3834 + Do not change priority to high if dhclient3 is installed.
3835 - Add apport hook:
3836 + Created debian/source_samba.py.
3837 + debian/rules, debian/samba-common-bin.install: install hook.
3838 - Add extra DEP8 tests to samba (LP #1696823):
3839 + d/t/control: enable the new DEP8 tests
3840 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3841 + d/t/smbclient-authenticated-share-list: list available shares using
3842 an authenticated connection
3843 + d/t/smbclient-share-access: create a share and download a file from it
3844 + d/t/cifs-share-access: access a file in a share using cifs
3845 - Ask the user if we can run testparm against the config file. If yes,
3846 include its stderr and exit status in the bug report. Otherwise, only
3847 include the exit status. (LP #1694334)
3848 - If systemctl is available, use it to query the status of the smbd
3849 service before trying to reload it. Otherwise, keep the same check
3850 as before and reload the service based on the existence of the
3851 initscript. (LP #1579597)
3852 - d/rules: Compile winbindd/winbindd statically.
3853 - Disable glusterfs support because it's not in main.
3854 MIR bug is https://launchpad.net/bugs/1274247
3855 - d/source_samba.py: use the new recommended findmnt(8) tool to list
3856 mountpoints and correctly filter by the cifs filesystem type.
3857
3858 -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100
3859
2137samba (2:4.7.1+dfsg-1) unstable; urgency=medium3860samba (2:4.7.1+dfsg-1) unstable; urgency=medium
21383861
2139 * New upstream version3862 * New upstream version
@@ -2182,6 +3905,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
21823905
2183 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +02003906 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200
21843907
3908samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
3909
3910 * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
3911 they should
3912 - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
3913 into a specified one in source3/include/auth_info.h,
3914 source3/lib/popt_common.c, source3/lib/util_cmdline.c.
3915 - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
3916 source3/lib/util_cmdline.c.
3917 - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
3918 source3/libsmb/pylibsmb.c.
3919 - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
3920 libgpo/gpo_fetch.c.
3921 - debian/patches/CVE-2017-12150-5.patch: add check for
3922 NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
3923 - debian/patches/CVE-2017-12150-6.patch: add
3924 smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
3925 - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
3926 authentication was not requested in source3/libsmb/clidfs.c.
3927 - CVE-2017-12150
3928 * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
3929 redirects
3930 - debian/patches/CVE-2017-12151-1.patch: add
3931 cli_state_is_encryption_on() helper function to
3932 source3/libsmb/clientgen.c, source3/libsmb/proto.h.
3933 - debian/patches/CVE-2017-12151-2.patch: make use of
3934 cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
3935 source3/libsmb/libsmb_context.c.
3936 - CVE-2017-12151
3937 * SECURITY UPDATE: Server memory information leak over SMB1
3938 - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
3939 from writing server memory to file in source3/smbd/reply.c.
3940 - CVE-2017-12163
3941
3942 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400
3943
3944samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
3945
3946 * d/source_samba.py: use the new recommended findmnt(8) tool to list
3947 mountpoints and correctly filter by the cifs filesystem type.
3948 (LP: #1703604)
3949
3950 -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300
3951
3952samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
3953
3954 * Merge with Debian unstable (LP: #1710281).
3955 - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
3956 symlinks to directories (LP: #1701073)
3957 * Remaining changes:
3958 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3959 - debian/smb.conf;
3960 + Add "(Samba, Ubuntu)" to server string.
3961 + Comment out the default [homes] share, and add a comment about
3962 "valid users = %s" to show users how to restrict access to
3963 \\server\username to only username.
3964 - debian/samba-common.config:
3965 + Do not change priority to high if dhclient3 is installed.
3966 - Add apport hook:
3967 + Created debian/source_samba.py.
3968 + debian/rules, debian/samba-common-bin.install: install hook.
3969 - Add extra DEP8 tests to samba (LP #1696823):
3970 + d/t/control: enable the new DEP8 tests
3971 + d/t/smbclient-anonymous-share-list: list available shares anonymously
3972 + d/t/smbclient-authenticated-share-list: list available shares using
3973 an authenticated connection
3974 + d/t/smbclient-share-access: create a share and download a file from it
3975 + d/t/cifs-share-access: access a file in a share using cifs
3976 - Ask the user if we can run testparm against the config file. If yes,
3977 include its stderr and exit status in the bug report. Otherwise, only
3978 include the exit status. (LP #1694334)
3979 - If systemctl is available, use it to query the status of the smbd
3980 service before trying to reload it. Otherwise, keep the same check
3981 as before and reload the service based on the existence of the
3982 initscript. (LP #1579597)
3983 - d/rules: Compile winbindd/winbindd statically.
3984 - Disable glusterfs support because it's not in main.
3985 MIR bug is https://launchpad.net/bugs/1274247
3986
3987 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300
3988
2185samba (2:4.6.7+dfsg-1) unstable; urgency=medium3989samba (2:4.6.7+dfsg-1) unstable; urgency=medium
21863990
2187 * New upstream version3991 * New upstream version
@@ -2193,6 +3997,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
21933997
2194 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +02003998 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200
21953999
4000samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
4001
4002 * Merge with Debian unstable (LP: #1700644). Remaining changes:
4003 - debian/VERSION.patch: Update vendor string to "Ubuntu".
4004 - debian/smb.conf;
4005 + Add "(Samba, Ubuntu)" to server string.
4006 + Comment out the default [homes] share, and add a comment about
4007 "valid users = %s" to show users how to restrict access to
4008 \\server\username to only username.
4009 - debian/samba-common.config:
4010 + Do not change priority to high if dhclient3 is installed.
4011 - Add apport hook:
4012 + Created debian/source_samba.py.
4013 + debian/rules, debian/samba-common-bin.install: install hook.
4014 - Add extra DEP8 tests to samba (LP #1696823):
4015 + d/t/control: enable the new DEP8 tests
4016 + d/t/smbclient-anonymous-share-list: list available shares anonymously
4017 + d/t/smbclient-authenticated-share-list: list available shares using
4018 an authenticated connection
4019 + d/t/smbclient-share-access: create a share and download a file from it
4020 + d/t/cifs-share-access: access a file in a share using cifs
4021 - Ask the user if we can run testparm against the config file. If yes,
4022 include its stderr and exit status in the bug report. Otherwise, only
4023 include the exit status. (LP #1694334)
4024 - If systemctl is available, use it to query the status of the smbd
4025 service before trying to reload it. Otherwise, keep the same check
4026 as before and reload the service based on the existence of the
4027 initscript. (LP #1579597)
4028 * Drop:
4029 - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
4030 [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
4031 fix-1584485.patch was dropped there.]
4032 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4033 pam_winbind krb5_ccache_type=FILE failure
4034 [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
4035 in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
4036 - debian/patches/winbind_trusted_domains.patch: make sure domain
4037 members can talk to trusted domains DCs.
4038 [Upstream committed a different fix, see updated patch attached to
4039 https://bugzilla.samba.org/show_bug.cgi?id=11830]
4040 - d/control: add libcephfs-dev as b-d to build vfs_ceph
4041 [Adopted by Debian in 2:4.6.5+dfsg-1]
4042 - debian/patches/CVE-2017-11103.patch: use encrypted service
4043 name rather than unencrypted (and therefore spoofable) version
4044 in heimdal
4045 [Adopted by Debian as
4046 d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
4047 - Cherrypick upstream patch to fix FTBFS with new ceph lib.
4048 [Merged upstream in 4.6.0rc1]
4049 * Disable glusterfs support because it's not in main.
4050 MIR bug is https://launchpad.net/bugs/1274247
4051
4052 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300
4053
2196samba (2:4.6.5+dfsg-8) unstable; urgency=medium4054samba (2:4.6.5+dfsg-8) unstable; urgency=medium
21974055
2198 * Remove dependency on update-inetd, not used anymore4056 * Remove dependency on update-inetd, not used anymore
@@ -2312,6 +4170,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
23124170
2313 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +02004171 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200
23144172
4173samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
4174
4175 * Cherrypick upstream patch to fix FTBFS with new ceph lib.
4176
4177 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100
4178
4179samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
4180
4181 * SECURITY UPDATE: KDC-REP service name impersonation
4182 - debian/patches/CVE-2017-11103.patch: use encrypted service
4183 name rather than unencrypted (and therefore spoofable) version
4184 in heimdal
4185 - CVE-2017-11103
4186
4187 -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700
4188
4189samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
4190
4191 * No-change rebuild against libldb 1.1.29
4192
4193 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700
4194
4195samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
4196
4197 * Add extra DEP8 tests to samba (LP: #1696823):
4198 - d/t/control: enable the new DEP8 tests
4199 - d/t/smbclient-anonymous-share-list: list available shares anonymously
4200 - d/t/smbclient-authenticated-share-list: list available shares using
4201 an authenticated connection
4202 - d/t/smbclient-share-access: create a share and download a file from it
4203 - d/t/cifs-share-access: access a file in a share using cifs
4204 * Ask the user if we can run testparm against the config file. If yes,
4205 include its stderr and exit status in the bug report. Otherwise, only
4206 include the exit status. (LP: #1694334)
4207 * If systemctl is available, use it to query the status of the smbd
4208 service before trying to reload it. Otherwise, keep the same check
4209 as before and reload the service based on the existence of the
4210 initscript. (LP: #1579597)
4211 * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
4212 module. There is a fixed version of that patch attached to
4213 #1677329 but it has not been vetted yet, so for now it's best
4214 to revert (again) so that pam_winbind can be used.
4215 (LP: #1677329, LP: #1644428)
4216
4217 -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700
4218
4219samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
4220
4221 * Merge from Debian unstable. Remaining changes:
4222 - debian/VERSION.patch: Update vendor string to "Ubuntu".
4223 - debian/smb.conf;
4224 + Add "(Samba, Ubuntu)" to server string.
4225 + Comment out the default [homes] share, and add a comment about
4226 "valid users = %s" to show users how to restrict access to
4227 \\server\username to only username.
4228 - debian/samba-common.config:
4229 + Do not change priority to high if dhclient3 is installed.
4230 - Add apport hook:
4231 + Created debian/source_samba.py.
4232 + debian/rules, debian/samba-common-bin.install: install hook.
4233 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4234 pam_winbind krb5_ccache_type=FILE failure
4235 - debian/patches/winbind_trusted_domains.patch: make sure domain
4236 members can talk to trusted domains DCs.
4237 - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
4238 to be statically linked
4239 - d/rules: Compile winbindd/winbindd statically.
4240 - d/control: add libcephfs-dev as b-d to build vfs_ceph
4241
4242 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400
4243
2315samba (2:4.5.8+dfsg-2) unstable; urgency=high4244samba (2:4.5.8+dfsg-2) unstable; urgency=high
23164245
2317 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside4246 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -2326,6 +4255,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
23264255
2327 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +02004256 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200
23284257
4258samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
4259
4260 * SECURITY UPDATE: remote code execution from a writable share
4261 - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
4262 slash inside in source3/rpc_server/srv_pipe.c.
4263 - CVE-2017-7494
4264
4265 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400
4266
4267samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
4268
4269 * SECURITY UPDATE: Symlink race allows access outside share definition
4270 - Updated to new upstream release 4.5.8.
4271 - CVE-2017-2619
4272
4273 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400
4274
2329samba (2:4.5.6+dfsg-2) unstable; urgency=high4275samba (2:4.5.6+dfsg-2) unstable; urgency=high
23304276
2331 * This is a security release in order to address the following defects:4277 * This is a security release in order to address the following defects:
@@ -2355,6 +4301,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
23554301
2356 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +01004302 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100
23574303
4304samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
4305
4306 * d/control: add libcephfs-dev as b-d to build vfs_ceph
4307 (LP: #1668940).
4308
4309 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800
4310
4311samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
4312
4313 * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
4314 changes:
4315 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4316 + debian/smb.conf;
4317 - Add "(Samba, Ubuntu)" to server string.
4318 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4319 to show users how to restrict access to \\server\username to only username.
4320 + debian/samba-common.config:
4321 - Do not change prioritiy to high if dhclient3 is installed.
4322 + Add apport hook:
4323 - Created debian/source_samba.py.
4324 - debian/rules, debia/samb-common-bin.install: install hook.
4325 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4326 pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
4327 + debian/patches/winbind_trusted_domains.patch: make sure domain members
4328 can talk to trusted domains DCs.
4329 [ update patch based upon upstream discussion ]
4330 + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
4331 to be statically linked fixes LP #1584485.
4332 + d/rules: Compile winbindd/winbindd statically.
4333 * Drop:
4334 - Delete debian/.gitignore
4335 [ Previously undocumented ]
4336 - debian/patches/git_smbclient_cpu.patch:
4337 + backport upstream patch to fix smbclient users hanging/eating cpu on
4338 trying to contact a machine which is not there (lp #1572260)
4339 [ Fixed upstream ]
4340 - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
4341 + debian/patches/CVE-2016-2123.patch: check lengths in
4342 librpc/ndr/ndr_dnsp.c.
4343 + CVE-2016-2123
4344 [ Fixed in Debian ]
4345 - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
4346 + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
4347 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
4348 source4/auth/gensec/gensec_gssapi.c.
4349 + CVE-2016-2125
4350 [ Fixed in Debian ]
4351 - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
4352 + debian/patches/CVE-2016-2126.patch: only allow known checksum types
4353 in auth/kerberos/kerberos_pac.c.
4354 + CVE-2016-2126
4355 [ Fixed in Debian ]
4356
4357 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800
4358
2358samba (2:4.5.4+dfsg-1) unstable; urgency=medium4359samba (2:4.5.4+dfsg-1) unstable; urgency=medium
23594360
2360 [ Mathieu Parent ]4361 [ Mathieu Parent ]
@@ -2482,6 +4483,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
24824483
2483 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +02004484 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200
24844485
4486samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
4487
4488 * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
4489 - debian/patches/CVE-2016-2123.patch: check lengths in
4490 librpc/ndr/ndr_dnsp.c.
4491 - CVE-2016-2123
4492 * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
4493 - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
4494 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
4495 source4/auth/gensec/gensec_gssapi.c.
4496 - CVE-2016-2125
4497 * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
4498 - debian/patches/CVE-2016-2126.patch: only allow known checksum types
4499 in auth/kerberos/kerberos_pac.c.
4500 - CVE-2016-2126
4501
4502 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500
4503
4504samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
4505
4506 * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
4507 to be statically linked fixes LP: #1584485.
4508
4509 * d/rules: Compile winbindd/winbindd statically.
4510
4511 -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100
4512
4513samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
4514
4515 * No-change rebuild for readline soname change.
4516
4517 -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000
4518
4519samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
4520
4521 * No-change rebuild for readline soname change.
4522
4523 -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000
4524
4525samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
4526
4527 * debian/patches/git_smbclient_cpu.patch:
4528 - backport upstream patch to fix smbclient users hanging/eating cpu on
4529 trying to contact a machine which is not there (lp: #1572260)
4530
4531 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200
4532
4533samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
4534
4535 * Merge from Debian unstable. Remaining changes:
4536 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4537 + debian/smb.conf;
4538 - Add "(Samba, Ubuntu)" to server string.
4539 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4540 to show users how to restrict access to \\server\username to only username.
4541 + debian/samba-common.config:
4542 - Do not change prioritiy to high if dhclient3 is installed.
4543 + Add apport hook:
4544 - Created debian/source_samba.py.
4545 - debian/rules, debia/samb-common-bin.install: install hook.
4546 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4547 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4548 + debian/patches/winbind_trusted_domains.patch: make sure domain members
4549 can talk to trusted domains DCs.
4550 * Dropped changes:
4551 - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
4552 never done in Debian, revert.
4553 - ufw integration: included in Debian.
4554
4555 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700
4556
2485samba (2:4.4.5+dfsg-2) unstable; urgency=medium4557samba (2:4.4.5+dfsg-2) unstable; urgency=medium
24864558
2487 * Disable running of 'make quicktest' during build, as it takes very4559 * Disable running of 'make quicktest' during build, as it takes very
@@ -2609,6 +4681,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
26094681
2610 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +12004682 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200
26114683
4684samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
4685
4686 * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
4687 the previous security updates. (LP: #1577739)
4688 - debian/control: bump tevent Build-Depends to 0.9.28.
4689 * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
4690 - debian/patches/samba-bug11912.patch: let msrpc_parse() return
4691 talloc'ed empty strings in libcli/auth/msrpc_parse.c.
4692 - debian/patches/samba-bug11914.patch: make
4693 ntlm_auth_generate_session_info() more complete in
4694 source3/utils/ntlm_auth.c.
4695
4696 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400
4697
2612samba (2:4.3.8+dfsg-1) unstable; urgency=low4698samba (2:4.3.8+dfsg-1) unstable; urgency=low
26134699
2614 [ Jelmer Vernooij ]4700 [ Jelmer Vernooij ]
@@ -2623,6 +4709,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
26234709
2624 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +00004710 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000
26254711
4712samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
4713
4714 * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
4715 - CVE-2015-5370: Multiple errors in DCE-RPC code
4716 - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
4717 - CVE-2016-2111: NETLOGON Spoofing Vulnerability
4718 - CVE-2016-2112: The LDAP client and server don't enforce integrity
4719 protection
4720 - CVE-2016-2113: Missing TLS certificate validation allows man in the
4721 middle attacks
4722 - CVE-2016-2114: "server signing = mandatory" not enforced
4723 - CVE-2016-2115: SMB client connections for IPC traffic are not
4724 integrity protected
4725 - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
4726 * debian/patches/winbind_trusted_domains.patch: make sure domain members
4727 can talk to trusted domains DCs.
4728
4729 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400
4730
2626samba (2:4.3.7+dfsg-1) unstable; urgency=high4731samba (2:4.3.7+dfsg-1) unstable; urgency=high
26274732
2628 * New upstream release.4733 * New upstream release.
@@ -2665,6 +4770,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
26654770
2666 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +02004771 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200
26674772
4773samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
4774
4775 * Merge with Debian; remaining changes:
4776 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4777 + debian/smb.conf;
4778 - Add "(Samba, Ubuntu)" to server string.
4779 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4780 to show users how to restrict access to \\server\username to only username.
4781 + debian/samba-common.config:
4782 - Do not change prioritiy to high if dhclient3 is installed.
4783 + debian/control:
4784 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4785 + Add ufw integration:
4786 - Created debian/samba.ufw.profile:
4787 - debian/rules, debian/samba.install: install profile
4788 + Add apport hook:
4789 - Created debian/source_samba.py.
4790 - debian/rules, debia/samb-common-bin.install: install hook.
4791 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4792 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4793
4794 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500
4795
2668samba (2:4.3.6+dfsg-1) unstable; urgency=medium4796samba (2:4.3.6+dfsg-1) unstable; urgency=medium
26694797
2670 * New upstream release.4798 * New upstream release.
@@ -2710,6 +4838,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
27104838
2711 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +01004839 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100
27124840
4841samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
4842
4843 * No-change rebuild for gnutls transition.
4844
4845 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000
4846
4847samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
4848
4849 * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
4850 (LP: #1545750)
4851
4852 -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100
4853
4854samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
4855
4856 * Merge with Debian; remaining changes:
4857 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4858 + debian/smb.conf;
4859 - Add "(Samba, Ubuntu)" to server string.
4860 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4861 to show users how to restrict access to \\server\username to only username.
4862 + debian/samba-common.config:
4863 - Do not change prioritiy to high if dhclient3 is installed.
4864 + debian/control:
4865 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
4866 + Add ufw integration:
4867 - Created debian/samba.ufw.profile:
4868 - debian/rules, debian/samba.install: install profile
4869 + Add apport hook:
4870 - Created debian/source_samba.py.
4871 - debian/rules, debia/samb-common-bin.install: install hook.
4872 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
4873 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
4874
4875 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500
4876
2713samba (2:4.3.3+dfsg-1) unstable; urgency=medium4877samba (2:4.3.3+dfsg-1) unstable; urgency=medium
27144878
2715 * New upstream release. Closes: #808133.4879 * New upstream release. Closes: #808133.
@@ -2794,6 +4958,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
27944958
2795 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +00004959 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000
27964960
4961samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
4962
4963 * Resolve small merge error in the rules
4964
4965 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100
4966
4967samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
4968
4969 * Backport Debian change to remove libpam-smbpasswd, it segfaults
4970 leading to non working session (lp: #1515207)
4971
4972 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100
4973
4974samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
4975
4976 * Build with the new ldb
4977
4978 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100
4979
4980samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
4981
4982 * debian/samba.logrotate:
4983 - revert to Debian version of the logrotate reload command, fix an
4984 invalid syntax introduced in the upstart->systemd transition
4985 (lp: #1385868)
4986
4987 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100
4988
4989samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
4990
4991 * Merge with Debian; remaining changes:
4992 + debian/VERSION.patch: Update vendor string to "Ubuntu".
4993 + debian/smb.conf;
4994 - Add "(Samba, Ubuntu)" to server string.
4995 - Comment out the default [homes] share, and add a comment about "valid users = %s"
4996 to show users how to restrict access to \\server\username to only username.
4997 + debian/samba-common.config:
4998 - Do not change prioritiy to high if dhclient3 is installed.
4999 + debian/control:
5000 - Don't build against or suggest ctdb and tdb.
5001 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
5002 + debian/rules:
5003 - Drop explicit configuration options for ctdb and tdb.
5004 + Add ufw integration:
5005 - Created debian/samba.ufw.profile:
5006 - debian/rules, debian/samba.install: install profile
5007 + Add apport hook:
5008 - Created debian/source_samba.py.
5009 - debian/rules, debia/samb-common-bin.install: install hook.
5010 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
5011 processes such that it works under both upstart and systemd.
5012 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5013 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
5014 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
5015
5016 -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200
5017
2797samba (2:4.1.20+dfsg-1) unstable; urgency=medium5018samba (2:4.1.20+dfsg-1) unstable; urgency=medium
27985019
2799 * New upstream release (last compatible with current OpenChange).5020 * New upstream release (last compatible with current OpenChange).
@@ -2807,6 +5028,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
28075028
2808 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +00005029 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000
28095030
5031samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
5032
5033 * debian/control:
5034 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
5035
5036 -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200
5037
5038samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
5039
5040 * Merge from Debian unstable. Remaining changes:
5041 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5042 + debian/smb.conf;
5043 - Add "(Samba, Ubuntu)" to server string.
5044 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5045 to show users how to restrict access to \\server\username to only username.
5046 + debian/samba-common.config:
5047 - Do not change prioritiy to high if dhclient3 is installed.
5048 + debian/control:
5049 - Don't build against or suggest ctdb and tdb.
5050 + debian/rules:
5051 - Drop explicit configuration options for ctdb and tdb.
5052 + Add ufw integration:
5053 - Created debian/samba.ufw.profile:
5054 - debian/rules, debian/samba.install: install profile
5055 + Add apport hook:
5056 - Created debian/source_samba.py.
5057 - debian/rules, debia/samb-common-bin.install: install hook.
5058 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
5059 processes such that it works under both upstart and systemd.
5060 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5061 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
5062 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
5063 + debian/patches/git_timeout_client_error.patch:
5064 - don't let smb mounts timeout that leads to errors when trying to
5065 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
5066
5067 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200
5068
2810samba (2:4.1.17+dfsg-4) unstable; urgency=medium5069samba (2:4.1.17+dfsg-4) unstable; urgency=medium
28115070
2812 * Add pidl_reproducible.patch: Make pidl output reproducible.5071 * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -2843,6 +5102,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
28435102
2844 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +01005103 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100
28455104
5105samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
5106
5107 * debian/patches/git_timeout_client_error.patch:
5108 - don't let smb mounts timeout that leads to errors when trying to
5109 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
5110
5111 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200
5112
5113samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
5114
5115 * SECURITY UPDATE: code execution vulnerability in smbd daemon
5116 - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
5117 uninitialized pointer and don't dereference a NULL pointer in
5118 source3/rpc_server/netlogon/srv_netlog_nt.c.
5119 - CVE-2015-0240
5120
5121 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500
5122
5123samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
5124
5125 * Merge from Debian unstable. Remaining changes:
5126 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5127 + debian/smb.conf;
5128 - Add "(Samba, Ubuntu)" to server string.
5129 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5130 to show users how to restrict access to \\server\username to only username.
5131 + debian/samba-common.config:
5132 - Do not change prioritiy to high if dhclient3 is installed.
5133 + debian/control:
5134 - Don't build against or suggest ctdb and tdb.
5135 + debian/rules:
5136 - Drop explicit configuration options for ctdb and tdb.
5137 + Add ufw integration:
5138 - Created debian/samba.ufw.profile:
5139 - debian/rules, debian/samba.install: install profile
5140 + Add apport hook:
5141 - Created debian/source_samba.py.
5142 - debian/rules, debia/samb-common-bin.install: install hook.
5143 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
5144 processes such that it works under both upstart and systemd.
5145 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5146 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
5147 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
5148 + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
5149
5150 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100
5151
2846samba (2:4.1.13+dfsg-4) unstable; urgency=medium5152samba (2:4.1.13+dfsg-4) unstable; urgency=medium
28475153
2848 * Revert previous patch, since ldb has an active module version check.5154 * Revert previous patch, since ldb has an active module version check.
@@ -2885,6 +5191,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
28855191
2886 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +02005192 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200
28875193
5194samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
5195
5196 * SECURITY UPDATE: elevation of privilege to AD Domain Controller
5197 - debian/patches/CVE-2014-8143.patch: check for extended access rights
5198 before allowing changes to userAccountControl in
5199 librpc/idl/security.idl, source4/auth/session.c,
5200 source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
5201 source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
5202 source4/rpc_server/lsa/dcesrv_lsa.c,
5203 source4/setup/schema_samba4.ldif.
5204 - CVE-2014-8143
5205
5206 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500
5207
5208samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
5209
5210 * No-change rebuild against current ldb. Note that I'm not claiming the
5211 merging for this package.
5212
5213 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100
5214
5215samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
5216
5217 * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
5218 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
5219
5220 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500
5221
5222samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
5223
5224 * Merge from Debian unstable. Remaining changes:
5225 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5226 + debian/smb.conf;
5227 - Add "(Samba, Ubuntu)" to server string.
5228 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5229 to show users how to restrict access to \\server\username to only username.
5230 + debian/samba-common.config:
5231 - Do not change prioritiy to high if dhclient3 is installed.
5232 + debian/control:
5233 - Don't build against or suggest ctdb and tdb.
5234 + debian/rules:
5235 - Drop explicit configuration options for ctdb and tdb.
5236 + Add ufw integration:
5237 - Created debian/samba.ufw.profile:
5238 - debian/rules, debian/samba.install: install profile
5239 + Add apport hook:
5240 - Created debian/source_samba.py.
5241 - debian/rules, debia/samb-common-bin.install: install hook.
5242 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5243 of hacking arround with pid files.
5244 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5245 first dummy transitional package version.
5246 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5247
5248 * In logrotate, use service command to reload (send SIGHUP) the main
5249 processes such that it works under both upstart and systemd.
5250 * Drop CVE patches, applied upstream.
5251 * Drop patches absent from series: readline-ftbfs.patch,
5252 krb5_kt_start_seq.diff, config-bind99.patch
5253 * Drop debian/source/include-binaries, pyc files are correctly cleaned up
5254
5255 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100
5256
2888samba (2:4.1.11+dfsg-1) unstable; urgency=high5257samba (2:4.1.11+dfsg-1) unstable; urgency=high
28895258
2890 * New upstream release. Fixes:5259 * New upstream release. Fixes:
@@ -2920,6 +5289,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
29205289
2921 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +02005290 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200
29225291
5292samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
5293
5294 * SECURITY UPDATE: remote code execution on unauthenticated nmbd
5295 - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
5296 lib/util/string_wrappers.h.
5297 - CVE-2014-3560
5298
5299 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400
5300
5301samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
5302
5303 * SECURITY UPDATE: denial of service on nmbd malformed packet
5304 - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
5305 source3/lib/system.c.
5306 - CVE-2014-0244
5307 * SECURITY UPDATE: denial of service via bad unicode conversion
5308 - debian/patches/CVE-2014-3493.patch: refactor code in
5309 source3/lib/charcnv.c, change return code checks in
5310 source3/libsmb/clirap.c, source3/smbd/lanman.c.
5311 - CVE-2014-3493
5312
5313 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400
5314
5315samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
5316
5317 * Merge from Debian unstable. Remaining changes:
5318 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5319 + debian/smb.conf;
5320 - Add "(Samba, Ubuntu)" to server string.
5321 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5322 to show users how to restrict access to \\server\username to only username.
5323 + debian/samba-common.config:
5324 - Do not change prioritiy to high if dhclient3 is installed.
5325 + debian/control:
5326 - Don't build against or suggest ctdb and tdb.
5327 + debian/rules:
5328 - Drop explicit configuration options for ctdb and tdb.
5329 + Add ufw integration:
5330 - Created debian/samba.ufw.profile:
5331 - debian/rules, debian/samba.install: install profile
5332 + Add apport hook:
5333 - Created debian/source_samba.py.
5334 - debian/rules, debia/samb-common-bin.install: install hook.
5335 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5336 of hacking arround with pid files.
5337 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5338 first dummy transitional package version.
5339 + Dropped patches:
5340 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
5341 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
5342 - debian/patches/readline-ftbfs.patch: Use the debian version.
5343 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5344 (LP: #1268180)
5345
5346 -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400
5347
2923samba (2:4.1.8+dfsg-1) unstable; urgency=medium5348samba (2:4.1.8+dfsg-1) unstable; urgency=medium
29245349
2925 [ Jelmer Vernooij ]5350 [ Jelmer Vernooij ]
@@ -2957,6 +5382,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
29575382
2958 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +02005383 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200
29595384
5385samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
5386
5387 * Set the stack size to unlimited during the build to avoid a SIGBUS in
5388 xsltproc on some architectures.
5389
5390 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100
5391
5392samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
5393
5394 * Backport from unstable (Ivo De Decker):
5395 - Build-depend on heimdal-dev.
5396
5397 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100
5398
5399samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
5400
5401 * No change rebuild against new dh_installinit, to call update-rc.d at
5402 postinst.
5403
5404 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100
5405
5406samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
5407
5408 * cherrypick upstream patch 1310919 to fix pam_winbind regression
5409 (LP: #1310919)
5410
5411 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500
5412
5413samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
5414
5415 * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
5416 upgrade.
5417
5418 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700
5419
5420samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
5421
5422 * Merge from Debian unstable. Remaining changes:
5423 + debian/VERSION.patch: Update vendor string to "Ubuntu".
5424 + debian/smb.conf;
5425 - Add "(Samba, Ubuntu)" to server string.
5426 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5427 to show users how to restrict access to \\server\username to only username.
5428 + debian/samba-common.config:
5429 - Do not change prioritiy to high if dhclient3 is installed.
5430 + debian/control:
5431 - Don't build against or suggest ctdb and tdb.
5432 + debian/rules:
5433 - Drop explicit configuration options for ctdb and tdb.
5434 + Add ufw integration:
5435 - Created debian/samba.ufw.profile:
5436 - debian/rules, debian/samba.install: install profile
5437 + Add apport hook:
5438 - Created debian/source_samba.py.
5439 - debian/rules, debia/samb-common-bin.install: install hook.
5440 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5441 of hacking arround with pid files.
5442 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5443 first dummy transitional package version.
5444 + Dropped patches:
5445 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
5446 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
5447 - debian/patches/readline-ftbfs.patch: Use the debian version.
5448 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
5449 (LP: #1268180)
5450
5451 -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400
5452
2960samba (2:4.1.6+dfsg-1) unstable; urgency=high5453samba (2:4.1.6+dfsg-1) unstable; urgency=high
29615454
2962 * New upstream security release. Fixes:5455 * New upstream security release. Fixes:
@@ -3016,6 +5509,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
30165509
3017 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +01005510 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100
30185511
5512samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
5513
5514 * debian/smb.conf: comment back some of the "share definitions"
5515 options (including "valid users"). That was an Ubuntu diff and seems to
5516 have been dropped in the trusty merge. Those changes seem needed to
5517 get the usershare feature working (used by nautilus-share) (lp: #1261873)
5518
5519 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200
5520
5521samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
5522
5523 * SECURITY UPDATE: Password lockout not enforced for SAMR password
5524 changes
5525 - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
5526 source3/auth/check_samsec.c,
5527 source3/rpc_server/samr/srv_samr_chgpasswd.c,
5528 source3/rpc_server/samr/srv_samr_nt.c,
5529 source3/smbd/lanman.c,
5530 source4/rpc_server/samr/samr_password.c,
5531 source4/torture/rpc/samr.c.
5532 - CVE-2013-4496
5533 * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
5534 mistake
5535 - debian/patches/CVE-2013-6442.patch: handle existing ACL in
5536 source3/utils/smbcacls.c.
5537 - CVE-2013-6442
5538 * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
5539
5540 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400
5541
5542samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
5543
5544 * Depend on tdb-tools (LP: #1279593)
5545 * Updated generated config for Bind9.9.
5546
5547 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500
5548
5549samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
5550
5551 * Add missing python-ntdb dependency to python-samba (spotted by
5552 autopkgtest).
5553
5554 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100
5555
5556samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
5557
5558 * Merge from Debian Unstable:
5559 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5560 * debian/smb.conf;
5561 - Add "(Samba, Ubuntu)" to server string.
5562 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5563 to show users how to restrict access to \\server\username to only username.
5564 + debian/samba-common.config:
5565 - Do not change prioritiy to high if dhclient3 is installed.
5566 + debian/control:
5567 - Don't build against or suggest ctdb and tdb.
5568 + debian/rules:
5569 - Drop explicit configuration options for ctdb and tdb.
5570 + Add ufw integration:
5571 - Created debian/samba.ufw.profile:
5572 - debian/rules, debian/samba.install: install profile
5573 + Add apport hook:
5574 - Created debian/source_samba.py.
5575 - debian/rules, debia/samb-common-bin.install: install hook.
5576 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5577 of hacking arround with pid files.
5578 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5579 first dummy transitional package version.
5580
5581 -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500
5582
3019samba (2:4.1.3+dfsg-2) unstable; urgency=medium5583samba (2:4.1.3+dfsg-2) unstable; urgency=medium
30205584
3021 * Add debug symbols for all binaries to samba-dbg. Closes: #7324935585 * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -3058,6 +5622,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
30585622
3059 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -08005623 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800
30605624
5625samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
5626
5627 * Merge from Debian Unstable:
5628 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5629 * debian/smb.conf;
5630 - Add "(Samba, Ubuntu)" to server string.
5631 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5632 to show users how to restrict access to \\server\username to only username.
5633 + debian/samba-common.config:
5634 - Do not change prioritiy to high if dhclient3 is installed.
5635 + debian/control:
5636 - Don't build against or suggest ctdb and tdb.
5637 + debian/rules:
5638 - Drop explicit configuration options for ctdb and tdb.
5639 + Add ufw integration:
5640 - Created debian/samba.ufw.profile:
5641 - debian/rules, debian/samba.install: install profile
5642 + Add apport hook:
5643 - Created debian/source_samba.py.
5644 - debian/rules, debia/samb-common-bin.install: install hook.
5645 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5646 of hacking arround with pid files.
5647 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
5648 first dummy transitional package version.
5649
5650 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500
5651
3061samba (2:4.0.13+dfsg-1) unstable; urgency=high5652samba (2:4.0.13+dfsg-1) unstable; urgency=high
30625653
3063 [ Steve Langasek ]5654 [ Steve Langasek ]
@@ -3112,6 +5703,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
31125703
3113 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +01005704 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100
31145705
5706samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
5707
5708 * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
5709
5710 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000
5711
5712samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
5713
5714 * Merge from Debian Unstable:
5715 - debian/VERSION.patch: Update vendor string to "Ubuntu".
5716 * debian/smb.conf;
5717 - Add "(Samba, Ubuntu)" to server string.
5718 - Comment out the default [homes] share, and add a comment about "valid users = %s"
5719 to show users how to restrict access to \\server\username to only username.
5720 + debian/samba-common.config:
5721 - Do not change prioritiy to high if dhclient3 is installed.
5722 + debian/control:
5723 - Don't build against or suggest ctdb and tdb.
5724 + debian/rules:
5725 - Drop explicit configuration options for ctdb and tdb.
5726 + Add ufw integration:
5727 - Created debian/samba.ufw.profile:
5728 - debian/rules, debian/samba.install: install profile
5729 + Add apport hook:
5730 - Created debian/source_samba.py.
5731 - debian/rules, debia/samb-common-bin.install: install hook.
5732 + debian/samba.logrotate: call upstart interfaces unconditionally instead
5733 of hacking arround with pid files.
5734
5735 -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800
5736
3115samba (2:4.0.10+dfsg-4) unstable; urgency=low5737samba (2:4.0.10+dfsg-4) unstable; urgency=low
31165738
3117 [ Christian Perrier ]5739 [ Christian Perrier ]
diff --git a/debian/control b/debian/control
index 8f1176a..e46b7e4 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: samba1Source: samba
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Jelmer Vernooij <jelmer@debian.org>,7 Jelmer Vernooij <jelmer@debian.org>,
7 Mathieu Parent <sathieu@debian.org>,8 Mathieu Parent <sathieu@debian.org>,
@@ -59,7 +60,7 @@ Build-Depends-Arch:
59 libsystemd-dev [linux-any],60 libsystemd-dev [linux-any],
60 libtasn1-6-dev (>= 3.8),61 libtasn1-6-dev (>= 3.8),
61 libtasn1-bin,62 libtasn1-bin,
62 liburing-dev [linux-any],63 liburing-dev [!i386],
63 xfslibs-dev [linux-any],64 xfslibs-dev [linux-any],
64 zlib1g-dev (>= 1:1.2.3),65 zlib1g-dev (>= 1:1.2.3),
65# python (+#904999):66# python (+#904999):
@@ -308,6 +309,7 @@ Architecture: any
308Section: python309Section: python
309Depends: python3-ldb,310Depends: python3-ldb,
310 python3-tdb,311 python3-tdb,
312 python3-markdown,
311 samba-libs (= ${binary:Version}),313 samba-libs (= ${binary:Version}),
312 ${misc:Depends},314 ${misc:Depends},
313 ${python3:Depends},315 ${python3:Depends},
@@ -370,6 +372,29 @@ Description: Samba Virtual FileSystem plugins
370 Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are372 Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are
371 moved to Recommends.373 moved to Recommends.
372374
375Package: samba-vfs-modules-extra
376# Since we only ship the glusterfs module so far, exclude 32bit architectures,
377# which glusterfs does not support
378Architecture: amd64 arm64 ppc64el riscv64 s390x
379Multi-Arch: same
380Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
381# glusterfs vfs modules and manpages were moved from samba-vfs-modules to
382# samba-vfs-modules-glusterfs in 2:4.19.4+dfsg-2ubuntu1
383Replaces: samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~)
384Breaks: samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~)
385Enhances: samba
386Description: Samba Virtual FileSystem extra modules
387 Samba is an implementation of the SMB/CIFS protocol for Unix systems,
388 providing support for cross-platform file sharing with Microsoft Windows, OS X,
389 and other Unix systems. Samba can also function as a domain controller
390 or member server in Active Directory or NT4-style domains.
391 .
392 Virtual FileSystem modules are stacked shared libraries extending the
393 functionality of Samba. This package ships some extra VFS modules which
394 were previously shipped in samba-vfs-modules:
395 * vfs_gluterfs
396 * vfs_glusterfs_fuse
397
373Package: libsmbclient398Package: libsmbclient
374Section: libs399Section: libs
375Architecture: any400Architecture: any
@@ -407,8 +432,9 @@ Depends: samba-common (= ${source:Version}),
407Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5>432Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5>
408Suggests: libnss-winbind, libpam-winbind433Suggests: libnss-winbind, libpam-winbind
409# 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind434# 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind
410Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),435# In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663
411Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),436Breaks: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
437Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
412Description: service to resolve user and group information from Windows NT servers438Description: service to resolve user and group information from Windows NT servers
413 Samba is an implementation of the SMB/CIFS protocol for Unix systems,439 Samba is an implementation of the SMB/CIFS protocol for Unix systems,
414 providing support for cross-platform file sharing with Microsoft Windows, OS X,440 providing support for cross-platform file sharing with Microsoft Windows, OS X,
diff --git a/debian/rules b/debian/rules
index 8ee78b3..d5af1a4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -268,6 +268,15 @@ endif
268 dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \268 dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \
269 /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat269 /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat
270270
271execute_after_dh_install:
272# gluster vfs modules are in a separate package. Moving the modules here
273# avoids having to list all but the gluster modules in
274# d/samba-vfs-modules.install
275ifeq ($(with-glusterfs), yes)
276 rm debian/samba-vfs-modules/usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs*.so
277 rm debian/samba-vfs-modules/usr/share/man/man8/vfs_glusterfs*.8
278endif
279
271provision-dest := debian/samba-ad-provision/usr/share/samba/setup280provision-dest := debian/samba-ad-provision/usr/share/samba/setup
272281
273override_dh_auto_install-indep:282override_dh_auto_install-indep:
@@ -349,7 +358,7 @@ override_dh_shlibdeps:
349# for specific executables/modules, put dependencies in separate variables358# for specific executables/modules, put dependencies in separate variables
350# to change Depends to Recommends for them in d/control359# to change Depends to Recommends for them in d/control
351 dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \360 dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \
352 -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper361 -Xceph.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
353ifneq (,$(filter ctdb, ${build-pkgs}))362ifneq (,$(filter ctdb, ${build-pkgs}))
354 echo "rados:Depends=" >> debian/ctdb.substvars363 echo "rados:Depends=" >> debian/ctdb.substvars
355ifneq (${with-ceph},)364ifneq (${with-ceph},)
@@ -362,8 +371,7 @@ ifneq (,$(filter samba-vfs-modules,${build-pkgs}))
362ifneq (${with-snapper}${with-ceph}${with-glusterfs},)371ifneq (${with-snapper}${with-ceph}${with-glusterfs},)
363 dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \372 dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \
364 $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \373 $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \
365 $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \374 $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so)
366 $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so)
367endif375endif
368endif376endif
369# after shlibdeps run, check that we don't have wrong depdendencies377# after shlibdeps run, check that we don't have wrong depdendencies
diff --git a/debian/samba-vfs-modules-extra.install b/debian/samba-vfs-modules-extra.install
370new file mode 100644378new file mode 100644
index 0000000..c360548
--- /dev/null
+++ b/debian/samba-vfs-modules-extra.install
@@ -0,0 +1,4 @@
1usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs.so
2usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs_fuse.so
3usr/share/man/man8/vfs_glusterfs.8
4usr/share/man/man8/vfs_glusterfs_fuse.8
diff --git a/debian/tests/control b/debian/tests/control
index d27e025..b37632e 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable
28Tests: reinstall-samba-common-bin28Tests: reinstall-samba-common-bin
29Depends: samba-common, samba-common-bin29Depends: samba-common, samba-common-bin
30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr30Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr
31
32Tests: samba-ad-dc-provisioning-internal-dns
33Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools
34Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed
diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns
31new file mode 10075535new file mode 100755
index 0000000..f61fa5e
--- /dev/null
+++ b/debian/tests/samba-ad-dc-provisioning-internal-dns
@@ -0,0 +1,398 @@
1#!/bin/bash
2
3set -e
4set -o pipefail
5
6source debian/tests/util
7
8declare -r domain="EXAMPLE"
9declare -r realm="EXAMPLE.FAKE"
10declare -r adminpass="Passw0rd"
11declare -r test_user="test_user_${RANDOM}"
12declare -r test_pw="test_user_secret_${RANDOM}"
13declare -A user_pass
14user_pass[Administrator]="${adminpass}"
15user_pass[${test_user}]="${test_pw}"
16declare -A join_method_deps
17# Minimum set of deps: let realmd install the extra dependencies
18# as needed, depending on the join method.
19join_method_deps[realmd_sssd]="realmd krb5-user smbclient"
20join_method_deps[realmd_winbind]="realmd krb5-user smbclient"
21
22
23cleanup() {
24 rc=$?
25 set +e # so we don't exit midcleanup
26 if [ ${rc} -ne 0 ]; then
27 echo "## Something failed, gathering logs"
28 echo
29 echo "## smb.conf"
30 cat /etc/samba/smb.conf
31 echo
32 echo "## resolv.conf"
33 cat /etc/resolv.conf
34 echo
35 echo "## resolvectl status"
36 resolvectl status
37 echo "## journal for samba-ad-dc.service"
38 journalctl -u samba-ad-dc.service --lines 500
39 echo
40 for log in /var/log/samba/log.*; do
41 # skip compressed logrotated files
42 if [ "${log%.gz}" != "${log}" ]; then
43 continue
44 fi
45 [ -s "${log}" ] || continue
46 echo "## $(basename ${log}):"
47 tail -n 500 "${log}"
48 echo
49 done
50 echo "## syslog"
51 tail -n 500 /var/log/syslog
52 fi
53}
54
55trap cleanup EXIT
56
57assert_testparm() {
58 local parameter="${1}"
59 local expected_value="${2}"
60 local current_value=""
61 local -i retval=0
62
63 echo -n "Asserting ${parameter} is ${expected_value}: "
64 current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || {
65 retval=$?
66 echo "FAIL"
67 return ${retval}
68 }
69 if [ "${current_value}" = "${expected_value}" ]; then
70 echo "OK"
71 return 0
72 else
73 echo "FAIL"
74 return 1
75 fi
76}
77
78basic_config_tests() {
79 echo "## Basic config tests"
80 testparm -s > /dev/null
81 assert_testparm "realm" "${realm}"
82 assert_testparm "workgroup" "${domain}"
83 assert_testparm "server role" "active directory domain controller"
84 echo
85}
86
87dns_tests() {
88 echo "## DNS tests"
89 echo "Obtaining administrator kerberos ticket"
90 echo "${adminpass}" | timeout --verbose 30 kinit Administrator
91 echo
92 echo "Querying server info"
93 samba-tool dns serverinfo "$(hostname)"
94 echo
95 echo "Checking we got a service ticket of type host/"
96 klist | grep "host/$(hostname)"
97 echo
98 echo "Checking specific DNS records"
99 for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do
100 echo -n "${srv}.${realm,,}: "
101 dig @localhost +short -t SRV ${srv}.${realm,,}
102 echo
103 done
104 echo
105 echo -n "Checking that our hostname \"$(hostname)\" is in DNS: "
106 myip=$(dig @localhost +short -t A "$(hostname).${realm,,}")
107 echo "${myip}"
108 echo
109}
110
111user_creation_tests() {
112 echo "## User creation tests"
113 samba-tool domain passwordsettings set --complexity=off
114 echo "Creating user \"${test_user}\" with password ${test_pw}"
115 samba-tool user add "${test_user}" "${test_pw}"
116 echo
117 echo "Attempting to obtain kerberos ticket for user \"${test_user}\""
118 # just in case it ends up waiting at a prompt, we use "timeout"
119 echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
120 echo "Ticket obtained"
121 klist
122 echo
123}
124
125smbclient_tests() {
126 echo "## smbclient tests"
127 kdestroy || :
128 echo
129 echo "Obtaining a TGT for ${test_user}"
130 echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
131 klist | grep krbtgt
132 echo
133 echo "Attempting password-less authentication with smbclient"
134 echo
135 echo "Listing shares"
136 smbclient -L "$(hostname)" --use-kerberos=required -k
137 echo
138 echo "Listing the sysvol share"
139 smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls"
140 echo
141 echo "Listing policies"
142 # lowercase the ${realm}
143 smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*"
144 echo
145 echo "Checking that we have a ticket for the cifs service after all these commands"
146 klist | grep cifs/
147 echo
148}
149
150server_join_tests() {
151 local member_server
152 # the join methods are the keys of the join_method_deps dict
153 local -a methods=("${!join_method_deps[@]}")
154 local member_server="member-server"
155
156 echo "## Server join tests"
157 echo "## Initializing lxd"
158 setup_lxd "${realm,,}"
159
160 for method in "${methods[@]}"; do
161 echo "## Setting up member server to join a domain using method ${method}"
162 setup_member_server "${member_server}" "${method}"
163 echo "## Joining domain with method ${method}"
164 join_domain "${member_server}" "${method}"
165 echo
166 echo "## Verifying join with method ${method}"
167 verify_join "${member_server}" "${method}"
168 echo
169 echo "## Leaving domain with method ${method}"
170 leave_domain "${member_server}" "${method}"
171 echo
172 echo "## Destroying member server"
173 lxc delete --force "${member_server}"
174 done
175}
176
177setup_member_server() {
178 local container_name="${1}"
179 local method="${2}"
180 local release
181
182 release="$(lsb_release -cs)"
183 if [ -z "${join_method_deps[${method}]}" ]; then
184 echo "## INTERNAL ERROR, invalid join method: ${method}"
185 return 1
186 fi
187 echo "## Got test dependencies: ${join_method_deps[${method}]}"
188 # can't use cloud-init here to install packages, because we first need to
189 # sync the apt config from the host to the container
190 echo "## Launching ${release} container"
191 lxc launch "ubuntu-daily:${release}" "${container_name}" -q
192 wait_container_ready "${container_name}"
193 send_apt_config "${container_name}"
194 copy_local_apt_files "${container_name}"
195 echo "## Installing dependencies in test container"
196 install_packages_in_container "${container_name}" ${join_method_deps[${method}]}
197}
198
199join_domain_realmd_winbind() {
200 local server="${1}"
201 local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}"
202 local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}"
203
204 echo "## Domain information"
205 lxc exec "${server}" -- ${discover_cmd}
206 echo
207 echo "## Running join command: ${join_cmd}"
208 echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
209}
210
211verify_join_realmd_winbind() {
212 local server="${1}"
213 local member_domain
214
215 echo -n "## Verifying member server joined domain name: "
216 member_domain=$(lxc exec "${server}" -- wbinfo --own-domain)
217 echo "${member_domain}"
218 if [ "${member_domain}" != "${domain}" ]; then
219 echo "ERROR: expected member server domain to match the joined domain:"
220 echo "member server domain: ${member_domain}"
221 echo "AD domain: ${domain}"
222 return 1
223 fi
224 echo
225 # we just want to see the output, not parse it
226 echo "## Domain status in member server"
227 lxc exec "${server}" -- wbinfo --domain-info "${member_domain}"
228 echo
229 echo "## User status in member server"
230 for u in "${!user_pass[@]}"; do
231 echo "## User \"${u}@${realm}\" information:"
232 lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}"
233 echo
234 echo "## id ${u}@${realm}"
235 lxc exec "${server}" -- id ${u}@${realm}
236 echo
237 echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
238 echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
239 lxc exec "${server}" -- klist
240 echo
241 echo "## Listing shares with the obtained kerberos ticket"
242 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
243 lxc exec "${server}" -- kdestroy
244 echo
245 echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server"
246 # non-interactive format for username is user%password
247 lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}"
248 echo
249 echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server"
250 lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}"
251 echo
252 echo "## Listing shares with the obtained kerberos ticket"
253 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
254 lxc exec "${server}" -- kdestroy
255 done
256}
257
258leave_domain_realmd_winbind() {
259 local server="${1}"
260 local leave_cmd="realm leave -v --remove --client-software=winbind"
261
262 echo "## Running leave command: ${leave_cmd}"
263 echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
264}
265
266join_domain_realmd_sssd() {
267 local server="${1}"
268 local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}"
269 local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}"
270
271 echo "## Domain information"
272 lxc exec "${server}" -- ${discover_cmd}
273 echo
274 echo "## Running join command: ${join_cmd}"
275 echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
276 echo
277}
278
279verify_join_realmd_sssd() {
280 local server="${1}"
281 local samba_domain
282
283 echo -n "## Verifying member server joined domain name: "
284 samba_domain=$(lxc exec "${server}" -- sssctl domain-list)
285 echo "${samba_domain}"
286 if [ "${samba_domain}" != "${realm,,}" ]; then
287 echo "ERROR: expected member server domain to match the joined domain:"
288 echo "member server domain: ${samba_domain}"
289 echo "AD domain: ${realm,,}"
290 return 1
291 fi
292 echo
293 # we just want to see the output, not parse it
294 echo "## Domain status in member server"
295 lxc exec "${server}" -- sssctl domain-status "${realm}"
296 echo
297 echo "## User status in member server"
298 for u in "${!user_pass[@]}"; do
299 echo "## User \"${u}@${realm}\" information:"
300 lxc exec "${server}" -- sssctl user-checks "${u}@${realm}"
301 echo
302 echo "## id ${u}@${realm}"
303 lxc exec "${server}" -- id "${u}@${realm}"
304 echo
305 echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
306 echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
307 lxc exec "${server}" -- klist
308 echo
309 echo "## Listing shares with the obtained kerberos ticket"
310 lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
311 lxc exec "${server}" -- kdestroy
312 done
313}
314
315leave_domain_realmd_sssd() {
316 local server="${1}"
317 local leave_cmd="realm leave -v --remove --client-software=sssd"
318
319 echo "## Running leave command: ${leave_cmd}"
320 echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
321}
322
323join_domain() {
324 local server="${1}"
325 local m="${2}"
326
327 join_domain_${m} "${server}"
328}
329
330verify_join() {
331 local server="${1}"
332 local m="${2}"
333
334 verify_join_${m} "${server}"
335}
336
337leave_domain() {
338 local server="${1}"
339 local m="${2}"
340
341 leave_domain_${m} "${server}"
342}
343
344systemctl stop smbd nmbd winbind
345systemctl disable smbd nmbd winbind
346systemctl mask smbd nmbd winbind
347
348systemctl unmask samba-ad-dc
349systemctl enable samba-ad-dc
350
351if [ -f /etc/samba/smb.conf ]; then
352 mv /etc/samba/smb.conf{,.orig}
353fi
354
355# make sure we are starting fresh, as previous tests might left things around
356
357rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/*
358kdestroy || :
359
360samba-tool domain provision \
361 --domain="${domain}" \
362 --realm="${realm}" \
363 --adminpass="${adminpass}" \
364 --server-role=dc \
365 --use-rfc2307 \
366 --dns-backend=SAMBA_INTERNAL
367
368current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}')
369
370if [ -n "${current_dns}" ]; then
371 echo "## Setting dns forwarder to ${current_dns} in smb.conf"
372 sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \
373 /etc/samba/smb.conf
374 unlink /etc/resolv.conf
375 echo "nameserver 127.0.0.1" > /etc/resolv.conf
376 # lowercase substitution
377 echo "search ${realm,,}" >> /etc/resolv.conf
378 systemctl stop systemd-resolved
379 systemctl disable systemd-resolved
380else
381 echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf"
382 echo "## resolvectl status:"
383 resolvectl status
384 echo "## Continuing, and hoping for the best"
385fi
386
387cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf
388
389systemctl start samba-ad-dc
390
391# give it some time, it's a lot of services to start
392sleep 5s
393
394basic_config_tests
395dns_tests
396user_creation_tests
397smbclient_tests
398server_join_tests
diff --git a/debian/tests/util b/debian/tests/util
index 4278ee7..298b321 100644
--- a/debian/tests/util
+++ b/debian/tests/util
@@ -16,7 +16,7 @@ EOFEOF
16 if [ -n "${vfs}" ]; then16 if [ -n "${vfs}" ]; then
17 echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf17 echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf
18 fi18 fi
19 systemctl restart smbd.service19 systemctl reload smbd.service
20 else20 else
21 echo "Share [${share}] already exists, continuing"21 echo "Share [${share}] already exists, continuing"
22 fi22 fi
@@ -66,3 +66,113 @@ ensure_uring_available() {
66 exit 7766 exit 77
67 fi67 fi
68}68}
69
70wait_container_ready() {
71 local container="${1}"
72 local -i limit=120 # seconds
73 local -i i=0
74 local -i result=0
75 local ip
76 local output
77
78 while /bin/true; do
79 ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}')
80 if [ -n "${ip}" ]; then
81 break
82 fi
83 i=$((i+1))
84 if [ ${i} -ge ${limit} ]; then
85 return 1
86 fi
87 sleep 1s
88 echo -n "."
89 done
90 while ! nc -z "${ip}" 22; do
91 echo -n "."
92 i=$((i+1))
93 if [ ${i} -ge ${limit} ]; then
94 return 1
95 fi
96 sleep 1s
97 done
98 # cloud-init might still be doing things...
99 # this call blocks, so wrap it in its own little timeout
100 output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || {
101 result=$?
102 echo "cloud-init status --wait failed on container ${container}"
103 echo "${output}"
104 return ${result}
105 }
106 echo
107}
108
109install_lxd() {
110 if ! command -v lxd > /dev/null 2>&1; then
111 # the test depends has "lxd | snapd", so if we don't have lxd, we must
112 # install the snap
113 snap list lxd > /dev/null 2>&1 || {
114 echo "Installing the LXD snap..."
115 snap install lxd
116 }
117 fi
118}
119
120setup_lxd() {
121 local dns_domain="${1}"
122 local network
123 local nic
124 local dns_ip
125
126 install_lxd
127 # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53
128 systemctl stop samba-ad-dc
129 lxd init --auto
130 lxd waitready --timeout 600
131 network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED")
132 nic=$(echo "${network}" | awk '{print $1}')
133 dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr
134 # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS
135 lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})"
136 if [ -n "${http_proxy}" ]; then
137 lxc config set core.proxy_http "${http_proxy}"
138 fi
139 if [ -n "${https_proxy}" ]; then
140 lxc config set core.proxy_https "${https_proxy}"
141 fi
142 if [ -n "${noproxy}" ]; then
143 lxc config set core.proxy_ignore_hosts "${noproxy}"
144 fi
145 systemctl start samba-ad-dc
146 # give it some time, it's a lot of services to start
147 sleep 5s
148}
149
150# Copy the local apt package archive over to the lxd container.
151copy_local_apt_files() {
152 local container_name="${1:-docker}"
153
154 for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do
155 local_source=${local_source#file:}
156 local_dir=$(dirname "${local_source}")
157 lxc exec "${container_name}" -- mkdir -p "${local_dir}"
158 tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}"
159 done
160}
161
162send_apt_config() {
163 echo "Copying over /etc/apt to container ${1}"
164 lxc exec "${1}" -- rm -rf /etc/apt
165 lxc exec "${1}" -- mkdir -p /etc/apt
166 tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt
167}
168
169install_packages_in_container() {
170 local container="${1}"
171 shift
172 local packages="${*}"
173
174 echo "### Installing dependencies in member server container: ${packages}"
175 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q
176 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y
177 lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages}
178}

Subscribers

People subscribed via source and target branches