Merge ~ahasenack/ubuntu/+source/samba:noble-samba-merge-3 into ubuntu/+source/samba:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/samba
- noble-samba-merge-3
- Merge into debian/sid
Proposed by
Andreas Hasenack
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merge reported by: | git-ubuntu bot | ||||
Merged at revision: | d26c32c49c55f4ae63ee9dbc137950980d1397ff | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/samba:noble-samba-merge-3 | ||||
Merge into: | ubuntu/+source/samba:debian/sid | ||||
Diff against target: |
3701 lines (+3257/-8) 7 files modified
debian/changelog (+2687/-0) debian/control (+30/-4) debian/rules (+11/-3) debian/samba-vfs-modules-extra.install (+4/-0) debian/tests/control (+4/-0) debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0) debian/tests/util (+123/-1) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Sergio Durigan Junior (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email:
|
Commit message
Description of the change
Last samba merge for noble.
PPA: https:/
DEP8: green
No delta dropped. git range-diff is clean.
To post a comment you must log in.
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Sergio Durigan Junior (sergiodj) wrote : | # |
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks, Andreas.
Build is OK. dep8 tests are OK. range-diff is OK.
I checked the changes under the debian/ directory and there's nothing concerning there.
LGTM, +1.
review:
Approve
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: ahasenack, sergiodj
Uploaders: ahasenack, sergiodj
MP auto-approved
review:
Approve
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Andreas Hasenack (ahasenack) wrote : | # |
Thanks, uploaded:
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Uploading samba_4.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index fdef744..7f70e48 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,32 @@ |
6 | +samba (2:4.19.5+dfsg-1ubuntu1) noble; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2054592). Remaining changes: |
9 | + - debian/control: Ubuntu i386 binary compatibility: |
10 | + + enable the liburing vfs module, except on i386 where liburing is |
11 | + not available |
12 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
13 | + samba AD DC provisioning and domain join tests with internal DNS |
14 | + (LP #1977746, LP #2011745) |
15 | + - d/control: adjust breaks/replaces for file move that Debian did in |
16 | + 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid |
17 | + file conflict in a dist-upgrade from earlier Ubuntu releases, like |
18 | + Kinetic (LP #2024663) |
19 | + - d/control: python3-samba has a runtime dep on python3-markdown |
20 | + - glusterfs is no longer in main, create new binary package in |
21 | + universe to ship the samba glusterfs vfs modules and manpages |
22 | + (LP #2045063): |
23 | + + d/control: new samba-vfs-modules-glusterfs package |
24 | + + d/rules: glusterfs vfs modules and manpages are now in the |
25 | + samba-vfs-modules-extra package |
26 | + + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and |
27 | + manpage |
28 | + - d/t/util: handle breakage introduced by lxd-installer. If on |
29 | + Ubuntu, assume lxd comes from a snap and install it if needed |
30 | + - d/t/util: ignore cloud-init's warning exit status, which is |
31 | + happening because of LP #2048129 (also see LP #2048522) |
32 | + |
33 | + -- Andreas Hasenack <andreas@canonical.com> Sun, 25 Feb 2024 14:45:54 -0300 |
34 | + |
35 | samba (2:4.19.5+dfsg-1) unstable; urgency=medium |
36 | |
37 | * new upstream stable/bugfix release (4.19.5) |
38 | @@ -18,6 +47,36 @@ samba (2:4.19.5+dfsg-1) unstable; urgency=medium |
39 | |
40 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 19 Feb 2024 15:21:14 +0300 |
41 | |
42 | +samba (2:4.19.4+dfsg-3ubuntu1) noble; urgency=medium |
43 | + |
44 | + * Merge with Debian unstable (LP: #2051717). Remaining changes: |
45 | + - debian/control: Ubuntu i386 binary compatibility: |
46 | + + enable the liburing vfs module, except on i386 where liburing is |
47 | + not available |
48 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
49 | + samba AD DC provisioning and domain join tests with internal DNS |
50 | + (LP #1977746, LP #2011745) |
51 | + - d/control: adjust breaks/replaces for file move that Debian did in |
52 | + 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid |
53 | + file conflict in a dist-upgrade from earlier Ubuntu releases, like |
54 | + Kinetic (LP #2024663) |
55 | + - d/control: python3-samba has a runtime dep on python3-markdown |
56 | + - glusterfs is no longer in main, create new binary package in |
57 | + universe to ship the samba glusterfs vfs modules and manpages |
58 | + (LP #2045063): |
59 | + + d/control: new samba-vfs-modules-glusterfs package |
60 | + + d/rules: glusterfs vfs modules and manpages are now in the |
61 | + samba-vfs-modules-extra package |
62 | + + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and |
63 | + manpage |
64 | + * Added: |
65 | + - d/t/util: handle breakage introduced by lxd-installer. If on |
66 | + Ubuntu, assume lxd comes from a snap and install it if needed |
67 | + - d/t/util: ignore cloud-init's warning exit status, which is |
68 | + happening because of LP #2048129 (also see LP #2048522) |
69 | + |
70 | + -- Andreas Hasenack <andreas@canonical.com> Sat, 03 Feb 2024 10:14:42 -0300 |
71 | + |
72 | samba (2:4.19.4+dfsg-3) unstable; urgency=medium |
73 | |
74 | * samba,winbind: remove logrotate scripts |
75 | @@ -28,6 +87,44 @@ samba (2:4.19.4+dfsg-3) unstable; urgency=medium |
76 | |
77 | -- Michael Tokarev <mjt@tls.msk.ru> Tue, 30 Jan 2024 12:12:42 +0300 |
78 | |
79 | +samba (2:4.19.4+dfsg-2ubuntu2) noble; urgency=medium |
80 | + |
81 | + * No-change rebuild with Python 3.12 as default |
82 | + |
83 | + -- Graham Inggs <ginggs@ubuntu.com> Sat, 20 Jan 2024 19:20:19 +0000 |
84 | + |
85 | +samba (2:4.19.4+dfsg-2ubuntu1) noble; urgency=medium |
86 | + |
87 | + * Merge with Debian unstable (LP: #2040363). Remaining changes: |
88 | + - debian/control: Ubuntu i386 binary compatibility: |
89 | + + enable the liburing vfs module, except on i386 where liburing is |
90 | + not available |
91 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
92 | + samba AD DC provisioning and domain join tests with internal DNS |
93 | + (LP #1977746, LP #2011745) |
94 | + - d/control: adjust breaks/replaces for file move that Debian did in |
95 | + 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid |
96 | + file conflict in a dist-upgrade from earlier Ubuntu releases, like |
97 | + Kinetic (LP #2024663) |
98 | + * Dropped: |
99 | + - d/rules: ceph is not available in Ubuntu i386, disable it |
100 | + [In 2:4.19.1+dfsg-1] |
101 | + - debian/control: Ubuntu i386 binary compatibility: |
102 | + + drop ceph support |
103 | + [In 2:4.19.1+dfsg-1] |
104 | + * Added: |
105 | + - d/control: python3-samba has a runtime dep on python3-markdown |
106 | + - glusterfs is no longer in main, create new binary package in |
107 | + universe to ship the samba glusterfs vfs modules and manpages |
108 | + (LP: #2045063): |
109 | + + d/control: new samba-vfs-modules-glusterfs package |
110 | + + d/rules: glusterfs vfs modules and manpages are now in the |
111 | + samba-vfs-modules-extra package |
112 | + + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and |
113 | + manpage |
114 | + |
115 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 15 Jan 2024 12:21:28 -0300 |
116 | + |
117 | samba (2:4.19.4+dfsg-2) unstable; urgency=medium |
118 | |
119 | * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@ |
120 | @@ -212,6 +309,71 @@ samba (2:4.19.0+dfsg-1) unstable; urgency=medium |
121 | |
122 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 04 Sep 2023 22:57:48 +0300 |
123 | |
124 | +samba (2:4.18.6+dfsg-1ubuntu2.2) noble; urgency=medium |
125 | + |
126 | + * No-change rebuild for ICU soname change. |
127 | + |
128 | + -- Matthias Klose <doko@ubuntu.com> Tue, 19 Dec 2023 18:41:25 +0100 |
129 | + |
130 | +samba (2:4.18.6+dfsg-1ubuntu2.1) mantic-security; urgency=medium |
131 | + |
132 | + * SECURITY UPDATE: SMB clients can truncate files with read-only |
133 | + permissions |
134 | + - debian/patches/CVE-2023-4091-*.patch |
135 | + - CVE-2023-4091 |
136 | + * SECURITY UPDATE: Samba AD DC password exposure to privileged users and |
137 | + RODCs |
138 | + - debian/patches/CVE-2023-4154-*.patch |
139 | + - CVE-2023-4154 |
140 | + * SECURITY UPDATE: rpcecho development server allows Denial of Service |
141 | + via sleep() call on AD DC |
142 | + - debian/patches/CVE-2023-42669-*.patch |
143 | + - CVE-2023-42669 |
144 | + * SECURITY UPDATE: Samba AD DC Busy RPC multiple listener DoS |
145 | + - debian/patches/CVE-2023-42670-*.patch |
146 | + - CVE-2023-42670 |
147 | + |
148 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 10 Oct 2023 12:25:20 -0400 |
149 | + |
150 | +samba (2:4.18.6+dfsg-1ubuntu2) mantic; urgency=medium |
151 | + |
152 | + * No-change rebuild with glusterfs 10.3 (LP: #2035127) |
153 | + |
154 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 13 Sep 2023 09:57:01 -0300 |
155 | + |
156 | +samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium |
157 | + |
158 | + * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes: |
159 | + - debian/control: Ubuntu i386 binary compatibility: |
160 | + + drop ceph support |
161 | + + enable the liburing vfs module, except on i386 where liburing is |
162 | + not available |
163 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
164 | + samba AD DC provisioning and domain join tests with internal DNS |
165 | + (LP #1977746, LP #2011745) |
166 | + * Dropped: |
167 | + - build-depend on libglusterfs-dev only on !i386 arches |
168 | + [In 2:4.18.5+dfsg-2] |
169 | + - Add changes to fix uncaught exception when updating old password |
170 | + containing regex metacharacters by simplifying samba-tool password |
171 | + redaction (LP #2002949). |
172 | + + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch |
173 | + + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch |
174 | + + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch |
175 | + + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch |
176 | + + d/p/python-Add-glue.burn_commandline-method.patch |
177 | + + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch |
178 | + + d/p/python-Remove-const-from-PyList_AsStringList.patch |
179 | + [Fixed upstream in 4.18.6] |
180 | + * Added: |
181 | + - d/control: adjust breaks/replaces for file move that Debian did in |
182 | + 4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid |
183 | + file conflict in a dist-upgrade from earlier Ubuntu releases, like |
184 | + Kinetic (LP: #2024663) |
185 | + - d/rules: ceph is not available in Ubuntu i386, disable it |
186 | + |
187 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Aug 2023 09:52:00 -0300 |
188 | + |
189 | samba (2:4.18.6+dfsg-1) unstable; urgency=medium |
190 | |
191 | * new upstream stable/bugfix release: |
192 | @@ -272,6 +434,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium |
193 | |
194 | -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300 |
195 | |
196 | +samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium |
197 | + |
198 | + * Add changes to fix uncaught exception when updating old password |
199 | + containing regex metacharacters by simplifying samba-tool password |
200 | + redaction (LP: #2002949). |
201 | + - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch |
202 | + - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch |
203 | + - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch |
204 | + - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch |
205 | + - d/p/python-Add-glue.burn_commandline-method.patch |
206 | + - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch |
207 | + - d/p/python-Remove-const-from-PyList_AsStringList.patch |
208 | + |
209 | + -- Michal Maloszewski <michal.maloszewski@canonical.com> Fri, 28 Jul 2023 00:55:03 +0200 |
210 | + |
211 | +samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium |
212 | + |
213 | + * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining |
214 | + changes: |
215 | + - debian/control: Ubuntu i386 binary compatibility: |
216 | + + drop ceph support |
217 | + + enable the liburing vfs module, except on i386 where liburing is |
218 | + not available |
219 | + + build-depend on libglusterfs-dev only on !i386 arches |
220 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
221 | + samba AD DC provisioning and domain join tests with internal DNS |
222 | + (LP #1977746, LP #2011745) |
223 | + - d/t/util: reload instead of restarting samba, as it's quicker and |
224 | + has the same effect we want in this test |
225 | + |
226 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jul 2023 10:15:22 -0300 |
227 | + |
228 | samba (2:4.18.5+dfsg-1) unstable; urgency=medium |
229 | |
230 | * new upstream stable/security release 4.18.5, including: |
231 | @@ -349,6 +543,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium |
232 | |
233 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300 |
234 | |
235 | +samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium |
236 | + |
237 | + * Merge with Debian unstable (LP: #2018054). Remaining changes: |
238 | + - debian/control: Ubuntu i386 binary compatibility: |
239 | + + drop ceph support |
240 | + + enable the liburing vfs module, except on i386 where liburing is |
241 | + not available |
242 | + + build-depend on libglusterfs-dev only on !i386 arches |
243 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
244 | + samba AD DC provisioning and domain join tests with internal DNS |
245 | + (LP #1977746, LP #2011745) |
246 | + * Added changes: |
247 | + - d/t/util: reload instead of restarting samba, as it's quicker and |
248 | + has the same effect we want in this test |
249 | + |
250 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Jun 2023 11:59:19 -0300 |
251 | + |
252 | samba (2:4.18.3+dfsg-3) unstable; urgency=medium |
253 | |
254 | * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, |
255 | @@ -507,6 +718,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium |
256 | |
257 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300 |
258 | |
259 | +samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium |
260 | + |
261 | + * Merge with Debian unstable (LP: #2014052). Remaining changes: |
262 | + - debian/control: Ubuntu i386 binary compatibility: |
263 | + + drop ceph support |
264 | + + enable the liburing vfs module, except on i386 where liburing is |
265 | + not available |
266 | + + build-depend on libglusterfs-dev only on !i386 arches |
267 | + - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns: |
268 | + samba AD DC provisioning and domain join tests with internal DNS |
269 | + (LP #1977746, LP #2011745) |
270 | + |
271 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Mar 2023 15:26:11 -0300 |
272 | + |
273 | samba (2:4.17.6+dfsg-1) unstable; urgency=medium |
274 | |
275 | * new upstream stable/bugfix release 4.17.6: |
276 | @@ -534,6 +759,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium |
277 | |
278 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300 |
279 | |
280 | +samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium |
281 | + |
282 | + * Add domain join tests (LP: #2011745): |
283 | + - d/t/control: update dependencies for samba AD provisioning test, |
284 | + which now also includes a member server join test |
285 | + - d/t/util, d/t/samba-ad-dc-*: add member server join tests |
286 | + |
287 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 15 Mar 2023 20:49:56 -0300 |
288 | + |
289 | +samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium |
290 | + |
291 | + * d/t/samba-ad-dc-provisioning-internal-dns: test improvements |
292 | + (LP: #2009485): |
293 | + - increase kinit timeout, as it also does DNS lookups |
294 | + - add a trap on exit to show logs in the case of some failure |
295 | + |
296 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 06 Mar 2023 11:49:34 -0300 |
297 | + |
298 | +samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium |
299 | + |
300 | + * Merge with Debian unstable (LP: #2002181). Remaining changes: |
301 | + - debian/control: Ubuntu i386 binary compatibility: |
302 | + + drop ceph support |
303 | + + enable the liburing vfs module, except on i386 where liburing is |
304 | + not available |
305 | + + build-depend on libglusterfs-dev only on !i386 arches |
306 | + * Added: |
307 | + - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD |
308 | + DC provisioning test with internal DNS (LP: #1977746) |
309 | + |
310 | + -- Andreas Hasenack <andreas@canonical.com> Sun, 05 Feb 2023 13:47:57 -0300 |
311 | + |
312 | samba (2:4.17.5+dfsg-2) unstable; urgency=medium |
313 | |
314 | * d/control: samba: depends on exact version of python3-samba |
315 | @@ -686,6 +943,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium |
316 | |
317 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300 |
318 | |
319 | +samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium |
320 | + |
321 | + * No-change rebuild with Python 3.11 as default |
322 | + |
323 | + -- Graham Inggs <ginggs@ubuntu.com> Mon, 26 Dec 2022 18:01:11 +0000 |
324 | + |
325 | +samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium |
326 | + |
327 | + * Merge with Debian unstable (LP: #1993380). Remaining changes: |
328 | + - debian/control: Ubuntu i386 binary compatibility: |
329 | + + drop ceph support |
330 | + - d/control: enable the liburing vfs module, except on i386 where |
331 | + liburing is not available |
332 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
333 | + * Dropped: |
334 | + - debian/smb.conf; |
335 | + + Add "(Samba, Ubuntu)" to server string. |
336 | + [In 2:4.16.6+dfsg-1] |
337 | + + Comment out the default [homes] share, and add a comment about |
338 | + "valid users = %s" to show users how to restrict access to |
339 | + \\server\username to only username. |
340 | + [In 2:4.16.6+dfsg-1] |
341 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
342 | + Skip running the tests if on i386 platform, because the uring |
343 | + package is not available there. |
344 | + [In 2:4.16.6+dfsg-1, improved] |
345 | + - d/t/util: fix setting the password of the smb test user |
346 | + (LP #1955851) |
347 | + [In 2:4.16.5+dfsg-2] |
348 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
349 | + [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6] |
350 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
351 | + enable the samba glusterfs vfs mofule in that case |
352 | + [In 2:4.16.6+dfsg-1] |
353 | + |
354 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Dec 2022 18:36:23 -0300 |
355 | + |
356 | samba (2:4.17.3+dfsg-3) unstable; urgency=medium |
357 | |
358 | * d/control: winbind should depend on the same binary:Version |
359 | @@ -982,6 +1276,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium |
360 | |
361 | -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300 |
362 | |
363 | +samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium |
364 | + |
365 | + * Merge with Debian unstable. Remaining changes: |
366 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
367 | + - debian/smb.conf; |
368 | + + Add "(Samba, Ubuntu)" to server string. |
369 | + + Comment out the default [homes] share, and add a comment about |
370 | + "valid users = %s" to show users how to restrict access to |
371 | + \\server\username to only username. |
372 | + - debian/control: Ubuntu i386 binary compatibility: |
373 | + + drop ceph support |
374 | + - d/control: enable the liburing vfs module, except on i386 where |
375 | + liburing is not available |
376 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
377 | + Skip running the tests if on i386 platform, because the uring |
378 | + package is not available there. |
379 | + - d/t/util: fix setting the password of the smb test user |
380 | + (LP #1955851) |
381 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
382 | + enable the samba glusterfs vfs mofule in that case |
383 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
384 | + |
385 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 02 Aug 2022 09:30:05 -0300 |
386 | + |
387 | samba (2:4.16.4+dfsg-2) unstable; urgency=medium |
388 | |
389 | * d/libldb2.symbols: include newly added symbols |
390 | @@ -1010,6 +1328,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high |
391 | |
392 | -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300 |
393 | |
394 | +samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium |
395 | + |
396 | + * Merge with Debian unstable (LP: #1982116). Remaining changes: |
397 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
398 | + - debian/smb.conf; |
399 | + + Add "(Samba, Ubuntu)" to server string. |
400 | + + Comment out the default [homes] share, and add a comment about |
401 | + "valid users = %s" to show users how to restrict access to |
402 | + \\server\username to only username. |
403 | + - debian/control: Ubuntu i386 binary compatibility: |
404 | + + drop ceph support |
405 | + - d/control: enable the liburing vfs module, except on i386 where |
406 | + liburing is not available |
407 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
408 | + Skip running the tests if on i386 platform, because the uring |
409 | + package is not available there. |
410 | + - d/t/util: fix setting the password of the smb test user |
411 | + (LP #1955851) |
412 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
413 | + enable the samba glusterfs vfs mofule in that case |
414 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
415 | + * Dropped: |
416 | + - Update nfs scripts for new nfs.conf config (LP: #1961840): |
417 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
418 | + nfsconf(8) if it's available, instead of parsing the old config |
419 | + files in /etc/default/nfs-* |
420 | + [In 2:4.16.3+dfsg-1] |
421 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
422 | + used by the example enable-nfs.sh example script |
423 | + [In 2:4.16.3+dfsg-1] |
424 | + + d/ctdb.example/nfs-kernel-server/quota: quota config file to be |
425 | + used by the example enable-nfs.sh script |
426 | + [In 2:4.16.3+dfsg-1] |
427 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
428 | + obsolete, replaced by nfs.conf |
429 | + [In 2:4.16.3+dfsg-1] |
430 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
431 | + nfs.conf and other changes in the new nfs server packages |
432 | + [In 2:4.16.3+dfsg-1] |
433 | + - Fix abort when deleting a file and "fruit:resource = stream" is |
434 | + used. (LP #1977491) |
435 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
436 | + Add test that shows smbd crashing when deleting a file while using |
437 | + vfs_fruit with "fruit:resource = stream". |
438 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
439 | + Handle file deleting when "fruit:resource = stream" is used. |
440 | + [Fixed upstream] |
441 | + - Build dlz module for bind 9.18.x (LP #1964032) |
442 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
443 | + bind 9.18.x |
444 | + + d/p/add-support-for-bind-918-2.patch: also update the |
445 | + provisioning tool and template config file |
446 | + [Fixed upstream] |
447 | + |
448 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Jul 2022 17:09:27 -0300 |
449 | + |
450 | samba (2:4.16.3+dfsg-1) unstable; urgency=medium |
451 | |
452 | [ Michael Tokarev ] |
453 | @@ -1021,6 +1395,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium |
454 | |
455 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300 |
456 | |
457 | +samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium |
458 | + |
459 | + * Merge with Debian unstable. Remaining changes: |
460 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
461 | + - debian/smb.conf; |
462 | + + Add "(Samba, Ubuntu)" to server string. |
463 | + + Comment out the default [homes] share, and add a comment about |
464 | + "valid users = %s" to show users how to restrict access to |
465 | + \\server\username to only username. |
466 | + - debian/control: Ubuntu i386 binary compatibility: |
467 | + + drop ceph support |
468 | + - d/control: enable the liburing vfs module, except on i386 where |
469 | + liburing is not available |
470 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
471 | + Skip running the tests if on i386 platform, because the uring |
472 | + package is not available there. |
473 | + - d/t/util: fix setting the password of the smb test user |
474 | + (LP #1955851) |
475 | + - Update nfs scripts for new nfs.conf config (LP #1961840): |
476 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
477 | + nfsconf(8) if it's available, instead of parsing the old config |
478 | + files in /etc/default/nfs-* |
479 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
480 | + used by the example enable-nfs.sh example script |
481 | + + d/ctdb.example/nfs-kernel-server/quota: quota config file to be |
482 | + used by the example enable-nfs.sh script |
483 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
484 | + obsolete, replaced by nfs.conf |
485 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
486 | + nfs.conf and other changes in the new nfs server packages |
487 | + - Build dlz module for bind 9.18.x (LP #1964032) |
488 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
489 | + bind 9.18.x |
490 | + + d/p/add-support-for-bind-918-2.patch: also update the |
491 | + provisioning tool and template config file |
492 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
493 | + enable the samba glusterfs vfs mofule in that case |
494 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
495 | + - Fix abort when deleting a file and "fruit:resource = stream" is |
496 | + used. (LP #1977491) |
497 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
498 | + Add test that shows smbd crashing when deleting a file while using |
499 | + vfs_fruit with "fruit:resource = stream". |
500 | + + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
501 | + Handle file deleting when "fruit:resource = stream" is used. |
502 | + |
503 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jun 2022 18:32:00 -0300 |
504 | + |
505 | samba (2:4.16.2+dfsg-1) unstable; urgency=medium |
506 | |
507 | * new upstream minor/bugfix release. |
508 | @@ -1042,6 +1464,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium |
509 | |
510 | -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300 |
511 | |
512 | +samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium |
513 | + |
514 | + * Fix abort when deleting a file and "fruit:resource = stream" is |
515 | + used. (LP: #1977491) |
516 | + - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: |
517 | + Add test that shows smbd crashing when deleting a file while using |
518 | + vfs_fruit with "fruit:resource = stream". |
519 | + - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: |
520 | + Handle file deleting when "fruit:resource = stream" is used. |
521 | + |
522 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 20 Jun 2022 19:09:25 -0400 |
523 | + |
524 | +samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium |
525 | + |
526 | + * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining |
527 | + changes: |
528 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
529 | + - debian/smb.conf; |
530 | + + Add "(Samba, Ubuntu)" to server string. |
531 | + + Comment out the default [homes] share, and add a comment about |
532 | + "valid users = %s" to show users how to restrict access to |
533 | + \\server\username to only username. |
534 | + - debian/control: Ubuntu i386 binary compatibility: |
535 | + + drop ceph support |
536 | + - d/control: enable the liburing vfs module, except on i386 where |
537 | + liburing is not available |
538 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
539 | + Skip running the tests if on i386 platform, because the uring |
540 | + package is not available there. |
541 | + - d/t/util: fix setting the password of the smb test user |
542 | + (LP #1955851) |
543 | + - Update nfs scripts for new nfs.conf config (LP #1961840): |
544 | + + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
545 | + nfsconf(8) if it's available, instead of parsing the old config |
546 | + files in /etc/default/nfs-* |
547 | + + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be |
548 | + used by the example enable-nfs.sh example script |
549 | + + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota |
550 | + config file to be used by the example enable-nfs.sh script |
551 | + + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: |
552 | + obsolete, replaced by nfs.conf |
553 | + + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new |
554 | + nfs.conf and other changes in the new nfs server packages |
555 | + - Build dlz module for bind 9.18.x (LP #1964032) |
556 | + + d/p/add-support-for-bind-918.patch: build a dlz module for |
557 | + bind 9.18.x |
558 | + + d/p/add-support-for-bind-918-2.patch: also update the |
559 | + provisioning tool and template config file |
560 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
561 | + enable the samba glusterfs vfs mofule in that case |
562 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
563 | + * Dropped: |
564 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
565 | + the amount of in-tree crypto code that is built |
566 | + [superfluous, the version in the archive is recent enough] |
567 | + - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195) |
568 | + [Included in 2:4.13.13+dfsg-1] |
569 | + - d/control: bump required build-depends |
570 | + [Included in Debian] |
571 | + - d/samba-libs.install: update list of installed libraries and |
572 | + modules/plugins |
573 | + [Done in Debian] |
574 | + - debian/patches/CVE-2021-20254.patch: removed, applied upstream |
575 | + [Applied upstream, Debian didn't have this patch] |
576 | + - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream |
577 | + [Applied usptream, Debian did not have it] |
578 | + - d/{gpb.conf,watch,README.source}: update for 4.15 |
579 | + [Debian updated it for 4.16] |
580 | + - d/rules: remove --with-dnsupdate, it was merged with |
581 | + --with-ads in samba 4.15.0 |
582 | + [Included in 2:4.16.0+dfsg-1] |
583 | + - d/rules: drop removal of ctdb tests, they are no longer installed |
584 | + [Included in 2:4.16.0+dfsg-1] |
585 | + - Remove findsmb, no longer installed: |
586 | + + d/smbclient.install: remove findsmb |
587 | + + d/rules: drop fixing of findsmb shebang |
588 | + [Included in 2:4.16.0+dfsg-1] |
589 | + - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, |
590 | + no longer installed |
591 | + [Included in 2:4.16.0+dfsg-1] |
592 | + - d/ctdb.install: add tdb_mutex_check |
593 | + [Included in 2:4.16.0+dfsg-1] |
594 | + - d/winbind.install: add async_dns_krb5_locator |
595 | + [Included in 2:4.16.0+dfsg-1] |
596 | + - d/samba.install: install samba-bgqd and its manpage |
597 | + [Included in 2:4.16.0+dfsg-1] |
598 | + - d/{libsmbclient,libwbclient0}.symbols: symbols updates |
599 | + [Obsolete, these were for 4.15.5] |
600 | + - d/rules: drop dh_perl override, unneeded |
601 | + [Included in 2:4.16.0+dfsg-1] |
602 | + - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after |
603 | + Windows 2021-10 Monthly Rollup patch (LP #1951490) |
604 | + [Included upstream in 4.16.0rc2] |
605 | + - d/rules: install the new/changed ctdb example nfs files |
606 | + [Installed via ctdb.examples] |
607 | + * Added: |
608 | + - rename ctdb example files nfs.conf and quota, to match what the |
609 | + enable-nfs.sh script expects |
610 | + - enable-nfs.sh ctdb example: use debian's filename for the |
611 | + static port sysctl configuration |
612 | + - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was |
613 | + renamed to "cluster lock" |
614 | + |
615 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 08 Jun 2022 11:02:29 -0300 |
616 | + |
617 | samba (2:4.16.1+dfsg-8) unstable; urgency=medium |
618 | |
619 | * fix the Breaks/Replaces versions in the previous upload for moving |
620 | @@ -1338,6 +1865,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium |
621 | |
622 | -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300 |
623 | |
624 | +samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium |
625 | + |
626 | + * No-change rebuild against libicu71 |
627 | + |
628 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Apr 2022 02:14:39 +0000 |
629 | + |
630 | +samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium |
631 | + |
632 | + * Enable glusterfs support (LP: #1894618): |
633 | + - d/control: revert disabling of glusterfs, since it's in main now |
634 | + - d/rules: in Ubuntu, glusterfs is not built for i386, so don't |
635 | + enable the samba glusterfs vfs mofule in that case |
636 | + - d/control: build-depend on libglusterfs-dev only on !i386 arches |
637 | + |
638 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 09 Mar 2022 17:31:25 -0300 |
639 | + |
640 | +samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium |
641 | + |
642 | + * Build dlz module for bind 9.18.x (LP: #1964032) |
643 | + - d/p/add-support-for-bind-918.patch: build a dlz module for |
644 | + bind 9.18.x |
645 | + - d/samba-libs.install: remove fixme comment |
646 | + - d/p/add-support-for-bind-918-2.patch: also update the provisioning |
647 | + tool and template config file |
648 | + |
649 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 25 Mar 2022 14:53:19 -0300 |
650 | + |
651 | +samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium |
652 | + |
653 | + * Update nfs scripts for new nfs.conf config (LP: #1961840): |
654 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use |
655 | + nfsconf(8) if it's available, instead of parsing the old config |
656 | + files in /etc/default/nfs-* |
657 | + - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example |
658 | + enable-nfs.sh example script |
659 | + - d/ctdb.example.quota: quota config file to be used by the example |
660 | + enable-nfs.sh script |
661 | + - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by |
662 | + nfs.conf |
663 | + - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other |
664 | + changes in the new nfs server packages |
665 | + - d/rules: install the new/changed ctdb example nfs files |
666 | + |
667 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Mar 2022 11:55:54 -0300 |
668 | + |
669 | +samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium |
670 | + |
671 | + * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after |
672 | + Windows 2021-10 Monthly Rollup patch (LP: #1951490) |
673 | + |
674 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Mar 2022 10:32:59 -0300 |
675 | + |
676 | +samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium |
677 | + |
678 | + * d/{gpb.conf,watch,README.source}: update for 4.15 |
679 | + * New upstream release: 4.15.5 (LP: #1946839) |
680 | + * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream |
681 | + * d/rules: remove --with-dnsupdate, it was merged with |
682 | + --with-ads in samba 4.15.0 |
683 | + * d/control: bump required build-depends |
684 | + * d/rules: drop removal of ctdb tests, they are no longer installed |
685 | + * Remove findsmb, no longer installed: |
686 | + - d/smbclient.install: remove findsmb |
687 | + - d/rules: drop fixing of findsmb shebang |
688 | + * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, |
689 | + no longer installed |
690 | + * d/samba-libs.install: update list of installed libraries and |
691 | + modules/plugins |
692 | + * d/ctdb.install: add tdb_mutex_check |
693 | + * d/winbind.install: add async_dns_krb5_locator |
694 | + * d/samba.install: install samba-bgqd and its manpage |
695 | + * d/{libsmbclient,libwbclient0}.symbols: symbols updates |
696 | + * d/control: add python3-markdown to build-depends |
697 | + * d/watch: updated to handle ~dfsg versioning, thanks to |
698 | + Sergio Durigan Junior <sergio.durigan@canonical.com> |
699 | + |
700 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 22 Feb 2022 17:59:22 -0300 |
701 | + |
702 | +samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium |
703 | + |
704 | + * Update to 4.13.17 as a security update |
705 | + - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 |
706 | + * Removed patches included in new version: |
707 | + - debian/patches/trusted_domain_regression_fix.patch |
708 | + - debian/patches/bug14901-*.patch |
709 | + - debian/patches/bug14922.patch |
710 | + |
711 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 14 Feb 2022 10:19:08 -0500 |
712 | + |
713 | samba (2:4.13.14+dfsg-1) unstable; urgency=high |
714 | |
715 | * New upstream security release in order to address the following defects: |
716 | @@ -1364,6 +1980,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high |
717 | |
718 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100 |
719 | |
720 | +samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium |
721 | + |
722 | + * No-change rebuild for icu soname change |
723 | + |
724 | + -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 11 Feb 2022 11:36:14 -0600 |
725 | + |
726 | +samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium |
727 | + |
728 | + * d/t/util: fix setting the password of the smb test user |
729 | + (LP: #1955851) |
730 | + |
731 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 20 Jan 2022 17:06:13 -0300 |
732 | + |
733 | +samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium |
734 | + |
735 | + * No-change rebuild with Python 3.10 as default version |
736 | + |
737 | + -- Graham Inggs <ginggs@ubuntu.com> Sun, 16 Jan 2022 07:01:34 +0000 |
738 | + |
739 | +samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium |
740 | + |
741 | + * SECURITY REGRESSION: Kerberos authentication on standalone server in |
742 | + MIT realm broken |
743 | + - debian/patches/bug14922.patch: fix MIT Realm regression in |
744 | + source3/auth/user_krb5.c. |
745 | + |
746 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 13 Dec 2021 07:09:36 -0500 |
747 | + |
748 | +samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium |
749 | + |
750 | + * Update to 4.13.14 as a security update (LP: #1950363) |
751 | + - debian/patches/CVE-2021-20254.patch: removed, included in new |
752 | + version. |
753 | + - debian/control: bump ldb Build-Depends to 2.2.3. |
754 | + - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. |
755 | + - debian/patches/trusted_domain_regression_fix.patch: fix regression |
756 | + introduced in 4.13.14. |
757 | + - debian/patches/bug14901-*.patch: upstream patches to fix some |
758 | + mapping issues. |
759 | + - debian/patches/bug14918-*.patch: upstream patches to properly handle |
760 | + dangling symlinks. |
761 | + - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, |
762 | + CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 |
763 | + |
764 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 09 Nov 2021 14:52:07 -0500 |
765 | + |
766 | samba (2:4.13.13+dfsg-1) unstable; urgency=high |
767 | |
768 | [ Athos Ribeiro ] |
769 | @@ -1385,6 +2047,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high |
770 | |
771 | -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100 |
772 | |
773 | +samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium |
774 | + |
775 | + * No-change rebuild against liburing2 |
776 | + |
777 | + -- Paride Legovini <paride@ubuntu.com> Mon, 22 Nov 2021 18:08:34 +0100 |
778 | + |
779 | +samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium |
780 | + |
781 | + * d/samba.postinst: do not populate sambashare from the admin group |
782 | + (Debian packaging cherry-pick. LP: #1942195) |
783 | + |
784 | + -- Paride Legovini <paride@ubuntu.com> Wed, 06 Oct 2021 10:31:14 +0200 |
785 | + |
786 | +samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium |
787 | + |
788 | + * No-change rebuild due to OpenLDAP soname bump. |
789 | + |
790 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 21 Jun 2021 18:08:36 -0400 |
791 | + |
792 | +samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium |
793 | + |
794 | + * Merge with Debian unstable. Remaining changes: |
795 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
796 | + - debian/smb.conf; |
797 | + + Add "(Samba, Ubuntu)" to server string. |
798 | + + Comment out the default [homes] share, and add a comment about |
799 | + "valid users = %s" to show users how to restrict access to |
800 | + \\server\username to only username. |
801 | + - d/control: Disable glusterfs support because it's not in main. |
802 | + MIR bug is https://launchpad.net/bugs/1274247 |
803 | + - debian/control: Ubuntu i386 binary compatibility: |
804 | + + drop ceph support |
805 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
806 | + the amount of in-tree crypto code that is built |
807 | + - d/control: enable the liburing vfs module, except on i386 where |
808 | + liburing is not available |
809 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
810 | + Skip running the tests if on i386 platform, because the uring |
811 | + package is not available there. |
812 | + * Dropped changes: |
813 | + - debian/samba-common.config: |
814 | + + Do not change priority to high if dhclient3 is installed. |
815 | + [Included in 2:4.13.4+dfsg-1] |
816 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
817 | + change nfs service name from nfs to nfs-kernel-server |
818 | + (LP #722201) |
819 | + [Included in 2:4.13.4+dfsg-1] |
820 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
821 | + enable syslog and systemd journal by default |
822 | + [Included in 2:4.13.4+dfsg-1] |
823 | + - debian/rules: Ubuntu i386 binary compatibility: |
824 | + + drop ceph support |
825 | + + disable the following binary packages: |
826 | + - ctdb |
827 | + - libnss-winbind |
828 | + - libpam-winbind |
829 | + - python3-samba |
830 | + - samba |
831 | + - samba-common-bin |
832 | + - samba-testsuite |
833 | + - winbind |
834 | + [Included in 2:4.13.4+dfsg-1] |
835 | + - debian/rules: Ubuntu i386 binary compatibility: |
836 | + + re-enable the following binary packages: |
837 | + - libnss-winbind |
838 | + - samba-common-bin |
839 | + - python3-samba |
840 | + - winbind |
841 | + [Included in 2:4.13.4+dfsg-1] |
842 | + - SECURITY UPDATE: wrong group entries via negative idmap cache entries |
843 | + + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in |
844 | + source3/passdb/lookup_sid.c. |
845 | + + CVE-2021-20254 |
846 | + [Included in 2:4.13.5+dfsg-2] |
847 | + |
848 | + -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300 |
849 | + |
850 | samba (2:4.13.5+dfsg-2) unstable; urgency=high |
851 | |
852 | * CVE-2021-20254: Negative idmap cache entries can cause incorrect group |
853 | @@ -1416,6 +2155,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium |
854 | |
855 | -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100 |
856 | |
857 | +samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium |
858 | + |
859 | + * SECURITY UPDATE: wrong group entries via negative idmap cache entries |
860 | + - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in |
861 | + source3/passdb/lookup_sid.c. |
862 | + - CVE-2021-20254 |
863 | + |
864 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400 |
865 | + |
866 | +samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium |
867 | + |
868 | + * No change rebuild to pick up liburing, and also |
869 | + fix d/t/cifs-share-access-uring. (LP: #1914145) |
870 | + |
871 | + -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300 |
872 | + |
873 | +samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium |
874 | + |
875 | + * Merge with Debian unstable. Remaining changes: |
876 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
877 | + - debian/smb.conf; |
878 | + + Add "(Samba, Ubuntu)" to server string. |
879 | + + Comment out the default [homes] share, and add a comment about |
880 | + "valid users = %s" to show users how to restrict access to |
881 | + \\server\username to only username. |
882 | + - debian/samba-common.config: |
883 | + + Do not change priority to high if dhclient3 is installed. |
884 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
885 | + MIR bug is https://launchpad.net/bugs/1274247 |
886 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
887 | + change nfs service name from nfs to nfs-kernel-server |
888 | + (LP #722201) |
889 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
890 | + enable syslog and systemd journal by default |
891 | + - debian/rules: Ubuntu i386 binary compatibility: |
892 | + + drop ceph support |
893 | + + disable the following binary packages: |
894 | + - ctdb |
895 | + - libnss-winbind |
896 | + - libpam-winbind |
897 | + - python3-samba |
898 | + - samba |
899 | + - samba-common-bin |
900 | + - samba-testsuite |
901 | + - winbind |
902 | + - debian/control: Ubuntu i386 binary compatibility: |
903 | + + drop ceph support |
904 | + - debian/rules: Ubuntu i386 binary compatibility: |
905 | + + re-enable the following binary packages: |
906 | + - libnss-winbind |
907 | + - samba-common-bin |
908 | + - python3-samba |
909 | + - winbind |
910 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
911 | + the amount of in-tree crypto code that is built |
912 | + - d/control: enable the liburing vfs module, except on i386 where |
913 | + liburing is not available |
914 | + * Dropped changes, incorporated by Debian: |
915 | + - d/t/smbclient-anonymous-share-list: add set -x and set -e |
916 | + - Factor out common DEP8 test code into d/t/util and change the tests |
917 | + to source from it: |
918 | + + d/t/util: added |
919 | + + d/t/cifs-share-access, d/t/smbclient-share-access: source from |
920 | + util, use random share name and add set -x and set -u |
921 | + + d/t/smbclient-authenticated-share-list: source from util and add |
922 | + set -x and set -u |
923 | + - Add new DEP8 tests for the uring vfs module: |
924 | + + d/t/control: add smbclient-share-access-uring and |
925 | + cifs-share-access-uring tests |
926 | + + d/t/smbclient-share-access-uring: new test |
927 | + + d/t/cifs-share-access-uring: new test |
928 | + - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
929 | + guard uring tests with a kernel version check and skip if it's too old |
930 | + * Added changes: |
931 | + - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: |
932 | + Skip running the tests if on i386 platform, because the uring |
933 | + package is not available there. |
934 | + |
935 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500 |
936 | + |
937 | samba (2:4.13.3+dfsg-1) unstable; urgency=medium |
938 | |
939 | [ Andreas Hasenack ] |
940 | @@ -1431,6 +2250,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium |
941 | |
942 | -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100 |
943 | |
944 | +samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium |
945 | + |
946 | + * Merge with Debian unstable (LP: #1905048). Remaining changes: |
947 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
948 | + - debian/smb.conf; |
949 | + + Add "(Samba, Ubuntu)" to server string. |
950 | + + Comment out the default [homes] share, and add a comment about |
951 | + "valid users = %s" to show users how to restrict access to |
952 | + \\server\username to only username. |
953 | + - debian/samba-common.config: |
954 | + + Do not change priority to high if dhclient3 is installed. |
955 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
956 | + MIR bug is https://launchpad.net/bugs/1274247 |
957 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
958 | + change nfs service name from nfs to nfs-kernel-server |
959 | + (LP #722201) |
960 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
961 | + enable syslog and systemd journal by default |
962 | + - debian/rules: Ubuntu i386 binary compatibility: |
963 | + + drop ceph support |
964 | + + disable the following binary packages: |
965 | + - ctdb |
966 | + - libnss-winbind |
967 | + - libpam-winbind |
968 | + - python3-samba |
969 | + - samba |
970 | + - samba-common-bin |
971 | + - samba-testsuite |
972 | + - winbind |
973 | + - debian/control: Ubuntu i386 binary compatibility: |
974 | + + drop ceph support |
975 | + - debian/rules: Ubuntu i386 binary compatibility: |
976 | + + re-enable the following binary packages: |
977 | + - libnss-winbind |
978 | + - samba-common-bin |
979 | + - python3-samba |
980 | + - winbind |
981 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
982 | + the amount of in-tree crypto code that is built |
983 | + * d/t/smbclient-anonymous-share-list: add set -x and set -e |
984 | + * Factor out common DEP8 test code into d/t/util and change the tests |
985 | + to source from it: |
986 | + - d/t/util: added |
987 | + - d/t/cifs-share-access, d/t/smbclient-share-access: source from |
988 | + util, use random share name and add set -x and set -u |
989 | + - d/t/smbclient-authenticated-share-list: source from util and add |
990 | + set -x and set -u |
991 | + * d/control: enable the liburing vfs module, except on i386 where |
992 | + liburing is not available |
993 | + * Add new DEP8 tests for the uring vfs module: |
994 | + - d/t/control: add smbclient-share-access-uring and |
995 | + cifs-share-access-uring tests |
996 | + - d/t/smbclient-share-access-uring: new test |
997 | + - d/t/cifs-share-access-uring: new test |
998 | + * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
999 | + guard uring tests with a kernel version check and skip if it's too old |
1000 | + * Dropped changes: |
1001 | + - SECURITY UPDATE: Unauthenticated domain controller compromise by |
1002 | + subverting Netlogon cryptography (ZeroLogon) |
1003 | + + debian/patches/zerologon-*.patch: backport upstream patches: |
1004 | + + For compatibility reasons, allow specifying an insecure netlogon |
1005 | + configuration per machine. See the following link for examples: |
1006 | + https://www.samba.org/samba/security/CVE-2020-1472.html |
1007 | + + Add additional server checks for the protocol attack in the |
1008 | + client-specified challenge to provide some protection when |
1009 | + 'server schannel = no/auto' and avoid the false-positive results |
1010 | + when running the proof-of-concept exploit. |
1011 | + [ Incorporated by upstream. ] |
1012 | + - SECURITY UPDATE: Missing handle permissions check in ChangeNotify |
1013 | + + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't |
1014 | + get set unless the directory handle is open for SEC_DIR_LIST in |
1015 | + source4/torture/smb2/notify.c, source3/smbd/notify.c. |
1016 | + + CVE-2020-14318 |
1017 | + - SECURITY UPDATE: Unprivileged user can crash winbind |
1018 | + + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in |
1019 | + source3/winbindd/winbindd_lookupsids.c, |
1020 | + source4/torture/winbind/struct_based.c. |
1021 | + + CVE-2020-14323 |
1022 | + - SECURITY UPDATE: DNS server crash via invalid records |
1023 | + - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization |
1024 | + with NULL and do not crash when additional data not found in |
1025 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1026 | + + CVE-2020-14383 |
1027 | + [ Incorporated by upstream. ] |
1028 | + |
1029 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500 |
1030 | + |
1031 | samba (2:4.13.2+dfsg-3) unstable; urgency=medium |
1032 | |
1033 | * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) |
1034 | @@ -1476,6 +2382,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium |
1035 | |
1036 | -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100 |
1037 | |
1038 | +samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium |
1039 | + |
1040 | + * SECURITY UPDATE: Missing handle permissions check in ChangeNotify |
1041 | + - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't |
1042 | + get set unless the directory handle is open for SEC_DIR_LIST in |
1043 | + source4/torture/smb2/notify.c, source3/smbd/notify.c. |
1044 | + - CVE-2020-14318 |
1045 | + * SECURITY UPDATE: Unprivileged user can crash winbind |
1046 | + - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in |
1047 | + source3/winbindd/winbindd_lookupsids.c, |
1048 | + source4/torture/winbind/struct_based.c. |
1049 | + - CVE-2020-14323 |
1050 | + * SECURITY UPDATE: DNS server crash via invalid records |
1051 | + - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization |
1052 | + with NULL and do not crash when additional data not found in |
1053 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1054 | + - CVE-2020-14383 |
1055 | + |
1056 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400 |
1057 | + |
1058 | +samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium |
1059 | + |
1060 | + * SECURITY UPDATE: Unauthenticated domain controller compromise by |
1061 | + subverting Netlogon cryptography (ZeroLogon) |
1062 | + - debian/patches/zerologon-*.patch: backport upstream patches: |
1063 | + + For compatibility reasons, allow specifying an insecure netlogon |
1064 | + configuration per machine. See the following link for examples: |
1065 | + https://www.samba.org/samba/security/CVE-2020-1472.html |
1066 | + + Add additional server checks for the protocol attack in the |
1067 | + client-specified challenge to provide some protection when |
1068 | + 'server schannel = no/auto' and avoid the false-positive results |
1069 | + when running the proof-of-concept exploit. |
1070 | + - CVE-2020-1472 |
1071 | + |
1072 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400 |
1073 | + |
1074 | +samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium |
1075 | + |
1076 | + * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: |
1077 | + guard uring tests with a kernel version check and skip if it's too old |
1078 | + |
1079 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300 |
1080 | + |
1081 | +samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium |
1082 | + |
1083 | + * d/t/smbclient-anonymous-share-list: add set -x and set -e |
1084 | + * Factor out common DEP8 test code into d/t/util and change the tests |
1085 | + to source from it: |
1086 | + - d/t/util: added |
1087 | + - d/t/cifs-share-access, d/t/smbclient-share-access: source from |
1088 | + util, use random share name and add set -x and set -u |
1089 | + - d/t/smbclient-authenticated-share-list: source from util and add |
1090 | + set -x and set -u |
1091 | + * d/control: enable the liburing vfs module, except on i386 where |
1092 | + liburing is not available |
1093 | + * Add new DEP8 tests for the uring vfs module: |
1094 | + - d/t/control: add smbclient-share-access-uring and |
1095 | + cifs-share-access-uring tests |
1096 | + - d/t/smbclient-share-access-uring: new test |
1097 | + - d/t/cifs-share-access-uring: new test |
1098 | + |
1099 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300 |
1100 | + |
1101 | +samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium |
1102 | + |
1103 | + * Merge with Debian unstable. Remaining changes: |
1104 | + - d/p/VERSION.patch: Update vendor string to "Ubuntu". |
1105 | + - debian/smb.conf; |
1106 | + + Add "(Samba, Ubuntu)" to server string. |
1107 | + + Comment out the default [homes] share, and add a comment about |
1108 | + "valid users = %s" to show users how to restrict access to |
1109 | + \\server\username to only username. |
1110 | + - debian/samba-common.config: |
1111 | + + Do not change priority to high if dhclient3 is installed. |
1112 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1113 | + MIR bug is https://launchpad.net/bugs/1274247 |
1114 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1115 | + change nfs service name from nfs to nfs-kernel-server |
1116 | + (LP #722201) |
1117 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
1118 | + enable syslog and systemd journal by default |
1119 | + - debian/rules: Ubuntu i386 binary compatibility: |
1120 | + + drop ceph support |
1121 | + + disable the following binary packages: |
1122 | + - ctdb |
1123 | + - libnss-winbind |
1124 | + - libpam-winbind |
1125 | + - python3-samba |
1126 | + - samba |
1127 | + - samba-common-bin |
1128 | + - samba-testsuite |
1129 | + - winbind |
1130 | + - debian/control: Ubuntu i386 binary compatibility: |
1131 | + + drop ceph support |
1132 | + - debian/rules: Ubuntu i386 binary compatibility: |
1133 | + + re-enable the following binary packages: |
1134 | + - libnss-winbind |
1135 | + - samba-common-bin |
1136 | + - python3-samba |
1137 | + - winbind |
1138 | + - d/control: add a versioned libgnutls28-dev build-depends to reduce |
1139 | + the amount of in-tree crypto code that is built |
1140 | + * Dropped: |
1141 | + - d/gbp.conf, d/watch, d/README.source: update for 4.12 |
1142 | + [In 2:4.12.3+dfsg-1] |
1143 | + - d/control: bump build-depends: |
1144 | + + ldb: 2.1.2 |
1145 | + + tevent: 0.10.2 |
1146 | + + tdb: 1.4.3 |
1147 | + + talloc: 2.3.1 |
1148 | + [In 2:4.12.3+dfsg-1] |
1149 | + - d/smbclient.install: add new binary mdfind and its manpage |
1150 | + [In 2:4.12.3+dfsg-1] |
1151 | + - d/samba-dev.install, d/samba-libs.install: new lib |
1152 | + libdcerpc-server-core |
1153 | + [In 2:4.12.3+dfsg-1] |
1154 | + - d/samba-libs.install: new library libtalloc-report-printf |
1155 | + [In 2:4.12.3+dfsg-1] |
1156 | + - d/libwbclient0.install: remove libaesni, no longer built when |
1157 | + gnutls provides AES CMAC |
1158 | + [In 2:4.12.3+dfsg-1] |
1159 | + - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols |
1160 | + [In 2:4.12.3+dfsg-1] |
1161 | + - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch |
1162 | + [Dropped in 2:4.12.3+dfsg-1] |
1163 | + - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch |
1164 | + [Dropped in 2:4.12.3+dfsg-1] |
1165 | + - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch |
1166 | + [Dropped in 2:4.12.3+dfsg-1] |
1167 | + |
1168 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300 |
1169 | + |
1170 | samba (2:4.12.5+dfsg-3) unstable; urgency=high |
1171 | |
1172 | * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump |
1173 | @@ -1540,6 +2578,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium |
1174 | |
1175 | -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200 |
1176 | |
1177 | +samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium |
1178 | + |
1179 | + * New upstream version: 4.12.2 |
1180 | + * d/gbp.conf, d/watch, d/README.source: update for 4.12 |
1181 | + * d/control: bump build-depends: |
1182 | + - ldb: 2.1.2 |
1183 | + - tevent: 0.10.2 |
1184 | + - tdb: 1.4.3 |
1185 | + - talloc: 2.3.1 |
1186 | + * d/smbclient.install: add new binary mdfind and its manpage |
1187 | + * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core |
1188 | + * d/samba-libs.install: new library libtalloc-report-printf |
1189 | + * d/libwbclient0.install: remove libaesni, no longer built when |
1190 | + gnutls provides AES CMAC |
1191 | + * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols |
1192 | + * d/control: add a versioned libgnutls28-dev build-depends to reduce |
1193 | + the amount of in-tree crypto code that is built |
1194 | + * Dropped (applied upstream): |
1195 | + - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch |
1196 | + - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch |
1197 | + - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch |
1198 | + - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch |
1199 | + |
1200 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300 |
1201 | + |
1202 | +samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium |
1203 | + |
1204 | + * SECURITY UPDATE: Use-after-free in AD DC LDAP server |
1205 | + - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in |
1206 | + combination with paged_results in selftest/knownfail.d/asq, |
1207 | + source4/dsdb/tests/python/asq.py, source4/selftest/tests.py. |
1208 | + - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control |
1209 | + for the GUID search in paged_results in selftest/knownfail.d/asq, |
1210 | + source4/dsdb/samdb/ldb_modules/paged_results.c. |
1211 | + - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev |
1212 | + Build-Depends to 2.0.10. |
1213 | + - CVE-2020-10700 |
1214 | + * SECURITY UPDATE: Stack overflow in AD DC LDAP server |
1215 | + - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in |
1216 | + auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, |
1217 | + lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, |
1218 | + libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, |
1219 | + source3/lib/tldap.c, source3/lib/tldap_util.c, |
1220 | + source3/libsmb/clispnego.c, source3/torture/torture.c, |
1221 | + source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, |
1222 | + source4/libcli/ldap/ldap_client.c, |
1223 | + source4/libcli/ldap/ldap_controls.c. |
1224 | + - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in |
1225 | + lib/util/asn1.c. |
1226 | + - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in |
1227 | + docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, |
1228 | + docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, |
1229 | + lib/param/loadparm.c, source3/param/loadparm.c. |
1230 | + - debian/patches/CVE-2020-10704-6.patch: limit request sizes in |
1231 | + source4/ldap_server/ldap_server.c. |
1232 | + - debian/patches/CVE-2020-10704-7.patch: add search size limits to |
1233 | + ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, |
1234 | + lib/param/loadparm.c, libcli/cldap/cldap.c, |
1235 | + libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, |
1236 | + source3/param/loadparm.c, source4/ldap_server/ldap_server.c, |
1237 | + source4/libcli/ldap/ldap_client.c. |
1238 | + - debian/patches/CVE-2020-10704-8.patch: check search request lengths |
1239 | + in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. |
1240 | + - CVE-2020-10704 |
1241 | + |
1242 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400 |
1243 | + |
1244 | +samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium |
1245 | + |
1246 | + * New upstream release: 4.11.6 |
1247 | + * d/p/samba-tool-py38-*.patch: dropped, fixed upstream |
1248 | + |
1249 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300 |
1250 | + |
1251 | +samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium |
1252 | + |
1253 | + * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324) |
1254 | + |
1255 | + -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300 |
1256 | + |
1257 | +samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium |
1258 | + |
1259 | + * Merge with Debian unstable. Remaining changes: |
1260 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1261 | + - debian/smb.conf; |
1262 | + + Add "(Samba, Ubuntu)" to server string. |
1263 | + + Comment out the default [homes] share, and add a comment about |
1264 | + "valid users = %s" to show users how to restrict access to |
1265 | + \\server\username to only username. |
1266 | + - debian/samba-common.config: |
1267 | + + Do not change priority to high if dhclient3 is installed. |
1268 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1269 | + MIR bug is https://launchpad.net/bugs/1274247 |
1270 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1271 | + change nfs service name from nfs to nfs-kernel-server |
1272 | + (LP #722201) |
1273 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
1274 | + enable syslog and systemd journal by default |
1275 | + - debian/rules: Ubuntu i386 binary compatibility: |
1276 | + + drop ceph support |
1277 | + + disable the following binary packages: |
1278 | + - ctdb |
1279 | + - libnss-winbind |
1280 | + - libpam-winbind |
1281 | + - python3-samba |
1282 | + - samba |
1283 | + - samba-common-bin |
1284 | + - samba-testsuite |
1285 | + - winbind |
1286 | + - debian/control: Ubuntu i386 binary compatibility: |
1287 | + + drop ceph support |
1288 | + - debian/rules: Ubuntu i386 binary compatibility: |
1289 | + + re-enable the following binary packages: |
1290 | + - libnss-winbind |
1291 | + - samba-common-bin |
1292 | + - python3-samba |
1293 | + - winbind |
1294 | + * Dropped: |
1295 | + - d/control: drop python3-matplotlib. It's only used in |
1296 | + script/attr_count_read which is not installed with the |
1297 | + samba packages. |
1298 | + [In 2:4.11.3+dfsg-1] |
1299 | + |
1300 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300 |
1301 | + |
1302 | samba (2:4.11.5+dfsg-1) unstable; urgency=medium |
1303 | |
1304 | * New upstream security release |
1305 | @@ -1567,6 +2730,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high |
1306 | |
1307 | -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100 |
1308 | |
1309 | +samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium |
1310 | + |
1311 | + * Ubuntu i386 binary compatibility effort: (LP: #1861316) |
1312 | + - debian/rules: |
1313 | + + re-enable the following binary packages generation: |
1314 | + - libnss-winbind |
1315 | + - samba-common-bin |
1316 | + - python3-samba |
1317 | + - winbind |
1318 | + |
1319 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000 |
1320 | + |
1321 | +samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium |
1322 | + |
1323 | + * No-change rebuild to build with python3.8. |
1324 | + |
1325 | + -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000 |
1326 | + |
1327 | +samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium |
1328 | + |
1329 | + * Ubuntu i386 binary compatibility effort: (LP: #1858479) |
1330 | + - debian/control: |
1331 | + + drop ceph support |
1332 | + - debian/rules: |
1333 | + + drop ceph support |
1334 | + + disable the following binary packages generation: |
1335 | + - ctdb |
1336 | + - libnss-winbind |
1337 | + - libpam-winbind |
1338 | + - python3-samba |
1339 | + - samba |
1340 | + - samba-common-bin |
1341 | + - samba-testsuite |
1342 | + - winbind |
1343 | + |
1344 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000 |
1345 | + |
1346 | +samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium |
1347 | + |
1348 | + * Merge with Debian unstable. Remaining changes: |
1349 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1350 | + - debian/smb.conf; |
1351 | + + Add "(Samba, Ubuntu)" to server string. |
1352 | + + Comment out the default [homes] share, and add a comment about |
1353 | + "valid users = %s" to show users how to restrict access to |
1354 | + \\server\username to only username. |
1355 | + - debian/samba-common.config: |
1356 | + + Do not change priority to high if dhclient3 is installed. |
1357 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1358 | + MIR bug is https://launchpad.net/bugs/1274247 |
1359 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1360 | + change nfs service name from nfs to nfs-kernel-server |
1361 | + (LP #722201) |
1362 | + [Adopted the Debian version and added a couple of extra hunks |
1363 | + we had] |
1364 | + - d/p/ctdb-config-enable-syslog-by-default.patch: |
1365 | + enable syslog and systemd journal by default |
1366 | + * Dropped: |
1367 | + - Add apport hook: |
1368 | + + Created debian/source_samba.py. |
1369 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1370 | + [In 2:4.9.4+dfsg-2] |
1371 | + - Removed patches already applied upstream: |
1372 | + + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch |
1373 | + [Removed in 2:4.10.7+dfsg-1] |
1374 | + + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch |
1375 | + [Removed in 4.9.5+dfsg-1] |
1376 | + - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz |
1377 | + [Refreshed in 2:4.1.17+dfsg-1] |
1378 | + - d/control: Updated build dependencies (already updated in Debian): |
1379 | + + tdb >= 1.3.17 |
1380 | + + talloc >= 2.1.15 |
1381 | + + tevent >= 0.9.38 |
1382 | + + ldb >= 1.5.3 |
1383 | + - d/samba-common.docs: README is now README.md |
1384 | + [In 2:4.10.7+dfsg-1] |
1385 | + - d/libsmbclient.symbols: update symbols for this version |
1386 | + - d/libwbclient0.symbols: update symbols for this version |
1387 | + - d/ctdb.install: new binary ctdb_local_daemons |
1388 | + [In 2:4.10.7+dfsg-1] |
1389 | + - d/samba-dev.install: use globbing for the header files with |
1390 | + exceptions for wbclient.h and libsmbclient.h, which belong in |
1391 | + other packages. |
1392 | + [In 2:4.10.7+dfsg-1] |
1393 | + - d/rules: fix globbing used to move the dckeytab python module to the |
1394 | + samba package, and add a comment explaining why this is being done. |
1395 | + [In 2:4.10.7+dfsg-1] |
1396 | + - Switch to python3 (in 2:4.10.7+dfsg-1): |
1397 | + + d/rules: calculate the ldb version using python3, and drop the |
1398 | + "really" bit since the real 1.5.x series is being used now. |
1399 | + + d/rules: make sure python3 is used for the build |
1400 | + + d/rules: adjust globbing to remove the python3 version of tevent.so |
1401 | + + d/rules: drop PYVERS, unused |
1402 | + + d/control: adjust dependencies (build and runtime) for python3 |
1403 | + + d/python3-samba.install, d/control: new python3-samba package |
1404 | + (LP #1440381) |
1405 | + + d/control, d/python-samba.install: get rid of python-samba, which is py2 |
1406 | + + d/python3-samba.lintian-overrides: use the same overrides we had for |
1407 | + python-samba, now deleted. |
1408 | + + d/samba-dev.install, d/samba-libs.install: update file list |
1409 | + + d/t/control, d/t/python-smoke: use python3 |
1410 | + + d/control: use ${python3:Depends} now instead of the python 2 |
1411 | + counterpart for samba and samba-common-bin. |
1412 | + - d/control: drop suggests for python-gpgme, it's no longer available. |
1413 | + [In 2:4.10.7+dfsg-1] |
1414 | + - d/gbp.conf, d/watch, r/README.source: updated for 4.10 |
1415 | + [In 2:4.10.7+dfsg-1] |
1416 | + - d/control: update cmocka build-depends to >= 1.1.3 |
1417 | + [In 2:4.10.7+dfsg-1] |
1418 | + - d/samba-libs.install: bump passdb minor to 0.27.2 |
1419 | + [In 2:4.10.7+dfsg-1] |
1420 | + - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d |
1421 | + to allow pid file to exist (LP #1821775) |
1422 | + [In 2:4.10.7+dfsg-1] |
1423 | + - Allow proper ctdb initalization (LP #1828799): |
1424 | + + d/ctdb.dirs: added /var/lib/ctdb/* directories |
1425 | + + d/ctdb.postrm: remove leftovers from: |
1426 | + /var/lib/ctdb/{state,persistent,volatile,scripts} |
1427 | + [In 2:4.10.7+dfsg-1] |
1428 | + - d/rules: installing provided config examples and helper scripts |
1429 | + - Examples of NFS HA CTDB config files + helper script: |
1430 | + + d/ctdb.example.enable.nfs.sh |
1431 | + + d/ctdb.example.nfs-common |
1432 | + + d/ctdb.example.nfs-kernel-server |
1433 | + + d/ctdb.example.services |
1434 | + + d/ctdb.example.sysctl-nfs-static-ports.conf |
1435 | + [In 2:4.10.7+dfsg-1] |
1436 | + - debian/rules: Make DEB_HOST_ARCH_CPU initialized through |
1437 | + dpkg-architecture (Closes: #931138) |
1438 | + [In 2:4.10.7+dfsg-1] |
1439 | + - d/control: update ldb build-deps to 1.5.5 |
1440 | + [In 2:4.10.7+dfsg-1] |
1441 | + - SECURITY UPDATE: restricted share escape by user (LP #1842533) |
1442 | + [fixed upstream in 4.11.0rc2] |
1443 | + + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate |
1444 | + out impersonation debug info into a new function. |
1445 | + + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that |
1446 | + change_to_user_internal() always resets current_user.done_chdir |
1447 | + + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we |
1448 | + reset current_user.{need,done}_chdir in become_root() |
1449 | + + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make |
1450 | + fsrvp_share its own independent subdirectory |
1451 | + + debian/patches/CVE-2019-10197-05-v4-10.patch: |
1452 | + test_smbclient_s3.sh: add regression test for the no permission |
1453 | + on share root problem |
1454 | + + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split |
1455 | + change_to_user_impersonate() out of change_to_user_internal() |
1456 | + + CVE-2019-10197 |
1457 | + * Added: |
1458 | + - d/control: drop python3-matplotlib. It's only used in |
1459 | + script/attr_count_read which is not installed with the |
1460 | + samba packages. |
1461 | + |
1462 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300 |
1463 | + |
1464 | samba (2:4.11.1+dfsg-3) unstable; urgency=medium |
1465 | |
1466 | * Add some python dependencies: |
1467 | @@ -1775,6 +3093,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium |
1468 | |
1469 | -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200 |
1470 | |
1471 | +samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium |
1472 | + |
1473 | + * No-change rebuild to build with python3.8. |
1474 | + |
1475 | + -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000 |
1476 | + |
1477 | +samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium |
1478 | + |
1479 | + * SECURITY UPDATE: restricted share escape by user (LP: #1842533) |
1480 | + - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate |
1481 | + out impersonation debug info into a new function. |
1482 | + - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that |
1483 | + change_to_user_internal() always resets current_user.done_chdir |
1484 | + - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we |
1485 | + reset current_user.{need,done}_chdir in become_root() |
1486 | + - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make |
1487 | + fsrvp_share its own independent subdirectory |
1488 | + - debian/patches/CVE-2019-10197-05-v4-10.patch: |
1489 | + test_smbclient_s3.sh: add regression test for the no permission |
1490 | + on share root problem |
1491 | + - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split |
1492 | + change_to_user_impersonate() out of change_to_user_internal() |
1493 | + - CVE-2019-10197 |
1494 | + |
1495 | + -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700 |
1496 | + |
1497 | +samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium |
1498 | + |
1499 | + * New upstream version: 4.10.7 |
1500 | + - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped, |
1501 | + included upstream in 4.10.7 |
1502 | + |
1503 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300 |
1504 | + |
1505 | +samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium |
1506 | + |
1507 | + * New upstream version: 4.10.6 |
1508 | + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update |
1509 | + the Debian config and use it. |
1510 | + - d/control: update ldb build-deps to 1.5.5 |
1511 | + * Dropped: |
1512 | + - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5 |
1513 | + - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5 |
1514 | + - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3 |
1515 | + - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2 |
1516 | + - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2 |
1517 | + - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1 |
1518 | + - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed |
1519 | + upstream in 4.10.5 |
1520 | + |
1521 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300 |
1522 | + |
1523 | +samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium |
1524 | + |
1525 | + * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1526 | + change service name from nfs to nfs-kernel-server in |
1527 | + legacy script 06.nfs.script also (LP: #722201) |
1528 | + |
1529 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000 |
1530 | + |
1531 | +samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium |
1532 | + |
1533 | + * debian/rules: Make DEB_HOST_ARCH_CPU initialized through |
1534 | + dpkg-architecture (Closes: #931138) |
1535 | + * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: |
1536 | + fix tcp_tw_recycle existence check. (LP: #722201) |
1537 | + * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: |
1538 | + change nfs service name from nfs to nfs-kernel-server |
1539 | + (LP: #722201) |
1540 | + * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d |
1541 | + to allow pid file to exist (LP: #1821775) |
1542 | + * Allow proper ctdb initialization (LP: #1828799): |
1543 | + - d/ctdb.dirs: added /var/lib/ctdb/* directories |
1544 | + - d/ctdb.postrm: remove leftovers from: |
1545 | + /var/lib/ctdb/{state,persistent,volatile,scripts} |
1546 | + * d/rules: installing provided config examples and helper scripts |
1547 | + * Examples of NFS HA CTDB config files + helper script: |
1548 | + - d/ctdb.example.enable.nfs.sh |
1549 | + - d/ctdb.example.nfs-common |
1550 | + - d/ctdb.example.nfs-kernel-server |
1551 | + - d/ctdb.example.services |
1552 | + - d/ctdb.example.sysctl-nfs-static-ports.conf |
1553 | + * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: |
1554 | + do not try to start daemon if /etc/ctdb/nodes does not exist |
1555 | + * d/p/ctdb-config-enable-syslog-by-default.patch: |
1556 | + enable syslog and systemd journal by default |
1557 | + |
1558 | + -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000 |
1559 | + |
1560 | +samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium |
1561 | + |
1562 | + * SECURITY UPDATE: zone operations can crash rpc server |
1563 | + - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone |
1564 | + not found in DnssrvOperation in |
1565 | + python/samba/tests/dcerpc/dnsserver.py, |
1566 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1567 | + - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone |
1568 | + not found in DnssrvOperation2 in |
1569 | + python/samba/tests/dcerpc/dnsserver.py, |
1570 | + source4/rpc_server/dnsserver/dcerpc_dnsserver.c. |
1571 | + - CVE-2019-12435 |
1572 | + * SECURITY UPDATE: paged_searches crash on LDAP and homes access |
1573 | + - debian/patches/CVE-2019-12436.patch: ignore successful results |
1574 | + without messages in source4/dsdb/samdb/ldb_modules/paged_results.c, |
1575 | + source4/dsdb/tests/python/vlv.py. |
1576 | + - CVE-2019-12436 |
1577 | + |
1578 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400 |
1579 | + |
1580 | +samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium |
1581 | + |
1582 | + * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum |
1583 | + - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with |
1584 | + unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, |
1585 | + source4/torture/krb5/kdc-canon-heimdal.c. |
1586 | + - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with |
1587 | + unkeyed checksum in selftest/knownfail.d/mitm-s4u2self, |
1588 | + source4/heimdal/kdc/krb5tgs.c. |
1589 | + - CVE-2018-16860 |
1590 | + |
1591 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400 |
1592 | + |
1593 | +samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium |
1594 | + |
1595 | + * SECURITY UPDATE: world writable files in Samba AD DC private/ dir |
1596 | + - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for |
1597 | + umask being overwritten in python/samba/tests/ntacls_backup.py, |
1598 | + python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py, |
1599 | + selftest/knownfail.d/umask-leak. |
1600 | + - debian/patches/CVE-2019-3870-2.patch: add test to check |
1601 | + file-permissions are correct after provision in |
1602 | + selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py, |
1603 | + source4/setup/tests/provision_fileperms.sh. |
1604 | + - debian/patches/CVE-2019-3870-3.patch: include tests to show the |
1605 | + outside umask has no impact in python/samba/tests/ntacls_backup.py, |
1606 | + python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask. |
1607 | + - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as |
1608 | + close as possible to users in source3/smbd/pysmbd.c, |
1609 | + selftest/knownfail.d/provision_fileperms, |
1610 | + selftest/knownfail.d/umask-leak. |
1611 | + - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for |
1612 | + smbd.mkdir() in selftest/knownfail.d/pymkdir-umask, |
1613 | + source3/smbd/pysmbd.c. |
1614 | + - CVE-2019-3870 |
1615 | + * SECURITY UPDATE: save registry file outside share as unprivileged user |
1616 | + - debian/patches/CVE-2019-3880.patch: remove implementations of |
1617 | + SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c. |
1618 | + - CVE-2019-3880 |
1619 | + |
1620 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400 |
1621 | + |
1622 | +samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium |
1623 | + |
1624 | + * New upstream version: 4.10.0 |
1625 | + - d/gbp.conf, d/watch, r/README.source: updated for 4.10 |
1626 | + - d/control: update cmocka build-depends to >= 1.1.3 |
1627 | + - d/samba-libs.install: bump passdb minor to 0.27.2 |
1628 | + * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to |
1629 | + Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846) |
1630 | + |
1631 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300 |
1632 | + |
1633 | +samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium |
1634 | + |
1635 | + * New upstream version 4.10.0rc4 (LP: #1818518): |
1636 | + - Removed patches already applied upstream: |
1637 | + + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch |
1638 | + + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch |
1639 | + - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz |
1640 | + - d/control: Updated build dependencies: |
1641 | + + tdb >= 1.3.17 |
1642 | + + talloc >= 2.1.15 |
1643 | + + tevent >= 0.9.38 |
1644 | + + ldb >= 1.5.3 |
1645 | + - d/samba-common.docs: README is now README.md |
1646 | + - d/libsmbclient.symbols: update symbols for this version |
1647 | + - d/libwbclient0.symbols: update symbols for this version |
1648 | + - d/ctdb.install: new binary ctdb_local_daemons |
1649 | + - d/samba-dev.install: use globbing for the header files with |
1650 | + exceptions for wbclient.h and libsmbclient.h, which belong in |
1651 | + other packages. |
1652 | + - d/rules: fix globbing used to move the dckeytab python module to the |
1653 | + samba package, and add a comment explaining why this is being done. |
1654 | + * Switch to python3: |
1655 | + - d/rules: calculate the ldb version using python3, and drop the |
1656 | + "really" bit since the real 1.5.x series is being used now. |
1657 | + - d/rules: make sure python3 is used for the build |
1658 | + - d/rules: adjust globbing to remove the python3 version of tevent.so |
1659 | + - d/rules: drop PYVERS, unused |
1660 | + - d/control: adjust dependencies (build and runtime) for python3 |
1661 | + - d/python3-samba.install, d/control: new python3-samba package |
1662 | + (LP: #1440381) |
1663 | + - d/control, d/python-samba.install: get rid of python-samba, which is py2 |
1664 | + - d/python3-samba.lintian-overrides: use the same overrides we had for |
1665 | + python-samba, now deleted. |
1666 | + - d/samba-dev.install, d/samba-libs.install: update file list |
1667 | + - d/t/control, d/t/python-smoke: use python3 |
1668 | + - d/control: use ${python3:Depends} now instead of the python 2 |
1669 | + counterpart for samba and samba-common-bin. |
1670 | + * d/control: drop suggests for python-gpgme, it's no longer available. |
1671 | + |
1672 | + -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000 |
1673 | + |
1674 | samba (2:4.9.5+dfsg-1) experimental; urgency=medium |
1675 | |
1676 | * New upstream release |
1677 | @@ -1819,6 +3340,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium |
1678 | |
1679 | -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100 |
1680 | |
1681 | +samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium |
1682 | + |
1683 | + * Merge with Debian unstable. Remaining changes: |
1684 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1685 | + - debian/smb.conf; |
1686 | + + Add "(Samba, Ubuntu)" to server string. |
1687 | + + Comment out the default [homes] share, and add a comment about |
1688 | + "valid users = %s" to show users how to restrict access to |
1689 | + \\server\username to only username. |
1690 | + - debian/samba-common.config: |
1691 | + + Do not change priority to high if dhclient3 is installed. |
1692 | + - Add apport hook: |
1693 | + + Created debian/source_samba.py. |
1694 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1695 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1696 | + MIR bug is https://launchpad.net/bugs/1274247 |
1697 | + * Dropped: |
1698 | + - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() |
1699 | + failing without a valid idmap configuration. This fixes the smbd startup |
1700 | + on a standalone server where winbind is available and running. Thanks to |
1701 | + Stefan Metzmacher <metze@samba.org>. (LP #1806035) |
1702 | + [Fixed in 2:4.9.4+dfsg-1] |
1703 | + |
1704 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200 |
1705 | + |
1706 | samba (2:4.9.4+dfsg-1) unstable; urgency=medium |
1707 | |
1708 | * New upstream release |
1709 | @@ -1829,6 +3375,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium |
1710 | |
1711 | -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100 |
1712 | |
1713 | +samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium |
1714 | + |
1715 | + * No-change rebuild for readline soname change. |
1716 | + |
1717 | + -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000 |
1718 | + |
1719 | +samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium |
1720 | + |
1721 | + * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests() |
1722 | + failing without a valid idmap configuration. This fixes the smbd startup |
1723 | + on a standalone server where winbind is available and running. Thanks to |
1724 | + Stefan Metzmacher <metze@samba.org>. (LP: #1806035) |
1725 | + |
1726 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200 |
1727 | + |
1728 | +samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium |
1729 | + |
1730 | + * Merge with Debian unstable. Remaining changes: |
1731 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1732 | + - debian/smb.conf; |
1733 | + + Add "(Samba, Ubuntu)" to server string. |
1734 | + + Comment out the default [homes] share, and add a comment about |
1735 | + "valid users = %s" to show users how to restrict access to |
1736 | + \\server\username to only username. |
1737 | + - debian/samba-common.config: |
1738 | + + Do not change priority to high if dhclient3 is installed. |
1739 | + - Add apport hook: |
1740 | + + Created debian/source_samba.py. |
1741 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1742 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1743 | + MIR bug is https://launchpad.net/bugs/1274247 |
1744 | + * Dropped: |
1745 | + - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty |
1746 | + errors (LP: 1795772) |
1747 | + [Fixed upstream] |
1748 | + |
1749 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200 |
1750 | + |
1751 | samba (2:4.9.2+dfsg-2) unstable; urgency=high |
1752 | |
1753 | * New upstream security release |
1754 | @@ -1938,6 +3522,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium |
1755 | |
1756 | -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200 |
1757 | |
1758 | +samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium |
1759 | + |
1760 | + * No-change rebuild against libldb1 1.4.2 |
1761 | + |
1762 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000 |
1763 | + |
1764 | +samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high |
1765 | + |
1766 | + [ Karl Stenerud ] |
1767 | + * d/p/fix-rmdir.patch: Fix to make the samba client library report |
1768 | + directory-not-empty errors (LP: #1795772) |
1769 | + |
1770 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300 |
1771 | + |
1772 | +samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium |
1773 | + |
1774 | + * Merge with Debian unstable (LP: #1778125). Remaining changes: |
1775 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1776 | + - debian/smb.conf; |
1777 | + + Add "(Samba, Ubuntu)" to server string. |
1778 | + + Comment out the default [homes] share, and add a comment about |
1779 | + "valid users = %s" to show users how to restrict access to |
1780 | + \\server\username to only username. |
1781 | + - debian/samba-common.config: |
1782 | + + Do not change priority to high if dhclient3 is installed. |
1783 | + - Add apport hook: |
1784 | + + Created debian/source_samba.py. |
1785 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1786 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1787 | + MIR bug is https://launchpad.net/bugs/1274247 |
1788 | + * Drop: |
1789 | + - Add extra DEP8 tests to samba (LP #1696823): |
1790 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1791 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1792 | + anonymously |
1793 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1794 | + shares using an authenticated connection |
1795 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1796 | + file from it |
1797 | + [Accepted by Debian in 2:4.7.4+dfsg-2] |
1798 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1799 | + status of the smbd service before trying to reload it. Otherwise, |
1800 | + keep the same check as before and reload the service based on the |
1801 | + existence of the initscript. (LP #1579597) |
1802 | + [In Debian since 2:4.7.4+dfsg-2] |
1803 | + - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: |
1804 | + [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. |
1805 | + Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737) |
1806 | + [Fixed upstream] |
1807 | + |
1808 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300 |
1809 | + |
1810 | samba (2:4.8.4+dfsg-2) unstable; urgency=high |
1811 | |
1812 | * Fix typo in previous release: s/usefull/useful/ |
1813 | @@ -2095,6 +3731,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium |
1814 | |
1815 | -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100 |
1816 | |
1817 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium |
1818 | + |
1819 | + * No change rebuild to link with new ldb 1.3.3 |
1820 | + |
1821 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300 |
1822 | + |
1823 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium |
1824 | + |
1825 | + * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch: |
1826 | + [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled. |
1827 | + Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737) |
1828 | + |
1829 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300 |
1830 | + |
1831 | +samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium |
1832 | + |
1833 | + * New upstream version: |
1834 | + - Fix database corruption bug when upgrading from samba 4.6 or lower |
1835 | + AD controllers (LP: #1755057) |
1836 | + - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059) |
1837 | + * Remaining changes: |
1838 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1839 | + - debian/smb.conf; |
1840 | + + Add "(Samba, Ubuntu)" to server string. |
1841 | + + Comment out the default [homes] share, and add a comment about |
1842 | + "valid users = %s" to show users how to restrict access to |
1843 | + \\server\username to only username. |
1844 | + - debian/samba-common.config: |
1845 | + + Do not change priority to high if dhclient3 is installed. |
1846 | + - Add apport hook: |
1847 | + + Created debian/source_samba.py. |
1848 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1849 | + - Add extra DEP8 tests to samba (LP #1696823): |
1850 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1851 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1852 | + anonymously |
1853 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1854 | + shares using an authenticated connection |
1855 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1856 | + file from it |
1857 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1858 | + status of the smbd service before trying to reload it. Otherwise, |
1859 | + keep the same check as before and reload the service based on the |
1860 | + existence of the initscript. (LP #1579597) |
1861 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1862 | + MIR bug is https://launchpad.net/bugs/1274247 |
1863 | + |
1864 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300 |
1865 | + |
1866 | samba (2:4.7.4+dfsg-2) unstable; urgency=high |
1867 | |
1868 | [ Mathieu Parent ] |
1869 | @@ -2125,6 +3810,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high |
1870 | |
1871 | -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100 |
1872 | |
1873 | +samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium |
1874 | + |
1875 | + * Merge with Debian unstable (LP: #1744779). Remaining changes: |
1876 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1877 | + - debian/smb.conf; |
1878 | + + Add "(Samba, Ubuntu)" to server string. |
1879 | + + Comment out the default [homes] share, and add a comment about |
1880 | + "valid users = %s" to show users how to restrict access to |
1881 | + \\server\username to only username. |
1882 | + - debian/samba-common.config: |
1883 | + + Do not change priority to high if dhclient3 is installed. |
1884 | + - Add apport hook: |
1885 | + + Created debian/source_samba.py. |
1886 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1887 | + - Add extra DEP8 tests to samba (LP #1696823): |
1888 | + + d/t/control, d/t/cifs-share-access: access a file in a share using cifs |
1889 | + + d/t/control, d/t/smbclient-anonymous-share-list: list available shares |
1890 | + anonymously |
1891 | + + d/t/control, d/t/smbclient-authenticated-share-list: list available |
1892 | + shares using an authenticated connection |
1893 | + + d/t/control, d/t/smbclient-share-access: create a share and download a |
1894 | + file from it |
1895 | + - d/samba-common.dhcp: If systemctl is available, use it to query the |
1896 | + status of the smbd service before trying to reload it. Otherwise, |
1897 | + keep the same check as before and reload the service based on the |
1898 | + existence of the initscript. (LP #1579597) |
1899 | + - d/control, d/rules: Disable glusterfs support because it's not in main. |
1900 | + MIR bug is https://launchpad.net/bugs/1274247 |
1901 | + |
1902 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200 |
1903 | + |
1904 | samba (2:4.7.4+dfsg-1) unstable; urgency=medium |
1905 | |
1906 | * New upstream version |
1907 | @@ -2141,6 +3857,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium |
1908 | |
1909 | -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100 |
1910 | |
1911 | +samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium |
1912 | + |
1913 | + * Merge with Debian; remaining changes: |
1914 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1915 | + - debian/smb.conf; |
1916 | + + Add "(Samba, Ubuntu)" to server string. |
1917 | + + Comment out the default [homes] share, and add a comment about |
1918 | + "valid users = %s" to show users how to restrict access to |
1919 | + \\server\username to only username. |
1920 | + - debian/samba-common.config: |
1921 | + + Do not change priority to high if dhclient3 is installed. |
1922 | + - Add apport hook: |
1923 | + + Created debian/source_samba.py. |
1924 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1925 | + - Add extra DEP8 tests to samba (LP #1696823): |
1926 | + + d/t/control: enable the new DEP8 tests |
1927 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1928 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1929 | + an authenticated connection |
1930 | + + d/t/smbclient-share-access: create a share and download a file from it |
1931 | + + d/t/cifs-share-access: access a file in a share using cifs |
1932 | + - Ask the user if we can run testparm against the config file. If yes, |
1933 | + include its stderr and exit status in the bug report. Otherwise, only |
1934 | + include the exit status. (LP #1694334) |
1935 | + - If systemctl is available, use it to query the status of the smbd |
1936 | + service before trying to reload it. Otherwise, keep the same check |
1937 | + as before and reload the service based on the existence of the |
1938 | + initscript. (LP #1579597) |
1939 | + - d/rules: Compile winbindd/winbindd statically. |
1940 | + - Disable glusterfs support because it's not in main. |
1941 | + MIR bug is https://launchpad.net/bugs/1274247 |
1942 | + - d/source_samba.py: use the new recommended findmnt(8) tool to list |
1943 | + mountpoints and correctly filter by the cifs filesystem type. |
1944 | + |
1945 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500 |
1946 | + |
1947 | samba (2:4.7.3+dfsg-1) unstable; urgency=high |
1948 | |
1949 | * New upstream version |
1950 | @@ -2164,6 +3916,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high |
1951 | |
1952 | -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100 |
1953 | |
1954 | +samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium |
1955 | + |
1956 | + * Merge with Debian; remaining changes: |
1957 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
1958 | + - debian/smb.conf; |
1959 | + + Add "(Samba, Ubuntu)" to server string. |
1960 | + + Comment out the default [homes] share, and add a comment about |
1961 | + "valid users = %s" to show users how to restrict access to |
1962 | + \\server\username to only username. |
1963 | + - debian/samba-common.config: |
1964 | + + Do not change priority to high if dhclient3 is installed. |
1965 | + - Add apport hook: |
1966 | + + Created debian/source_samba.py. |
1967 | + + debian/rules, debian/samba-common-bin.install: install hook. |
1968 | + - Add extra DEP8 tests to samba (LP #1696823): |
1969 | + + d/t/control: enable the new DEP8 tests |
1970 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
1971 | + + d/t/smbclient-authenticated-share-list: list available shares using |
1972 | + an authenticated connection |
1973 | + + d/t/smbclient-share-access: create a share and download a file from it |
1974 | + + d/t/cifs-share-access: access a file in a share using cifs |
1975 | + - Ask the user if we can run testparm against the config file. If yes, |
1976 | + include its stderr and exit status in the bug report. Otherwise, only |
1977 | + include the exit status. (LP #1694334) |
1978 | + - If systemctl is available, use it to query the status of the smbd |
1979 | + service before trying to reload it. Otherwise, keep the same check |
1980 | + as before and reload the service based on the existence of the |
1981 | + initscript. (LP #1579597) |
1982 | + - d/rules: Compile winbindd/winbindd statically. |
1983 | + - Disable glusterfs support because it's not in main. |
1984 | + MIR bug is https://launchpad.net/bugs/1274247 |
1985 | + - d/source_samba.py: use the new recommended findmnt(8) tool to list |
1986 | + mountpoints and correctly filter by the cifs filesystem type. |
1987 | + |
1988 | + -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100 |
1989 | + |
1990 | samba (2:4.7.1+dfsg-1) unstable; urgency=medium |
1991 | |
1992 | * New upstream version |
1993 | @@ -2212,6 +4000,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high |
1994 | |
1995 | -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200 |
1996 | |
1997 | +samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium |
1998 | + |
1999 | + * SECURITY UPDATE: SMB1/2/3 connections may not require signing where |
2000 | + they should |
2001 | + - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username |
2002 | + into a specified one in source3/include/auth_info.h, |
2003 | + source3/lib/popt_common.c, source3/lib/util_cmdline.c. |
2004 | + - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to |
2005 | + source3/lib/util_cmdline.c. |
2006 | + - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to |
2007 | + source3/libsmb/pylibsmb.c. |
2008 | + - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to |
2009 | + libgpo/gpo_fetch.c. |
2010 | + - debian/patches/CVE-2017-12150-5.patch: add check for |
2011 | + NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c. |
2012 | + - debian/patches/CVE-2017-12150-6.patch: add |
2013 | + smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*. |
2014 | + - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if |
2015 | + authentication was not requested in source3/libsmb/clidfs.c. |
2016 | + - CVE-2017-12150 |
2017 | + * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS |
2018 | + redirects |
2019 | + - debian/patches/CVE-2017-12151-1.patch: add |
2020 | + cli_state_is_encryption_on() helper function to |
2021 | + source3/libsmb/clientgen.c, source3/libsmb/proto.h. |
2022 | + - debian/patches/CVE-2017-12151-2.patch: make use of |
2023 | + cli_state_is_encryption_on() in source3/libsmb/clidfs.c, |
2024 | + source3/libsmb/libsmb_context.c. |
2025 | + - CVE-2017-12151 |
2026 | + * SECURITY UPDATE: Server memory information leak over SMB1 |
2027 | + - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write |
2028 | + from writing server memory to file in source3/smbd/reply.c. |
2029 | + - CVE-2017-12163 |
2030 | + |
2031 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400 |
2032 | + |
2033 | +samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium |
2034 | + |
2035 | + * d/source_samba.py: use the new recommended findmnt(8) tool to list |
2036 | + mountpoints and correctly filter by the cifs filesystem type. |
2037 | + (LP: #1703604) |
2038 | + |
2039 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300 |
2040 | + |
2041 | +samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium |
2042 | + |
2043 | + * Merge with Debian unstable (LP: #1710281). |
2044 | + - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide |
2045 | + symlinks to directories (LP: #1701073) |
2046 | + * Remaining changes: |
2047 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2048 | + - debian/smb.conf; |
2049 | + + Add "(Samba, Ubuntu)" to server string. |
2050 | + + Comment out the default [homes] share, and add a comment about |
2051 | + "valid users = %s" to show users how to restrict access to |
2052 | + \\server\username to only username. |
2053 | + - debian/samba-common.config: |
2054 | + + Do not change priority to high if dhclient3 is installed. |
2055 | + - Add apport hook: |
2056 | + + Created debian/source_samba.py. |
2057 | + + debian/rules, debian/samba-common-bin.install: install hook. |
2058 | + - Add extra DEP8 tests to samba (LP #1696823): |
2059 | + + d/t/control: enable the new DEP8 tests |
2060 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
2061 | + + d/t/smbclient-authenticated-share-list: list available shares using |
2062 | + an authenticated connection |
2063 | + + d/t/smbclient-share-access: create a share and download a file from it |
2064 | + + d/t/cifs-share-access: access a file in a share using cifs |
2065 | + - Ask the user if we can run testparm against the config file. If yes, |
2066 | + include its stderr and exit status in the bug report. Otherwise, only |
2067 | + include the exit status. (LP #1694334) |
2068 | + - If systemctl is available, use it to query the status of the smbd |
2069 | + service before trying to reload it. Otherwise, keep the same check |
2070 | + as before and reload the service based on the existence of the |
2071 | + initscript. (LP #1579597) |
2072 | + - d/rules: Compile winbindd/winbindd statically. |
2073 | + - Disable glusterfs support because it's not in main. |
2074 | + MIR bug is https://launchpad.net/bugs/1274247 |
2075 | + |
2076 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300 |
2077 | + |
2078 | samba (2:4.6.7+dfsg-1) unstable; urgency=medium |
2079 | |
2080 | * New upstream version |
2081 | @@ -2223,6 +4092,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium |
2082 | |
2083 | -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200 |
2084 | |
2085 | +samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium |
2086 | + |
2087 | + * Merge with Debian unstable (LP: #1700644). Remaining changes: |
2088 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2089 | + - debian/smb.conf; |
2090 | + + Add "(Samba, Ubuntu)" to server string. |
2091 | + + Comment out the default [homes] share, and add a comment about |
2092 | + "valid users = %s" to show users how to restrict access to |
2093 | + \\server\username to only username. |
2094 | + - debian/samba-common.config: |
2095 | + + Do not change priority to high if dhclient3 is installed. |
2096 | + - Add apport hook: |
2097 | + + Created debian/source_samba.py. |
2098 | + + debian/rules, debian/samba-common-bin.install: install hook. |
2099 | + - Add extra DEP8 tests to samba (LP #1696823): |
2100 | + + d/t/control: enable the new DEP8 tests |
2101 | + + d/t/smbclient-anonymous-share-list: list available shares anonymously |
2102 | + + d/t/smbclient-authenticated-share-list: list available shares using |
2103 | + an authenticated connection |
2104 | + + d/t/smbclient-share-access: create a share and download a file from it |
2105 | + + d/t/cifs-share-access: access a file in a share using cifs |
2106 | + - Ask the user if we can run testparm against the config file. If yes, |
2107 | + include its stderr and exit status in the bug report. Otherwise, only |
2108 | + include the exit status. (LP #1694334) |
2109 | + - If systemctl is available, use it to query the status of the smbd |
2110 | + service before trying to reload it. Otherwise, keep the same check |
2111 | + as before and reload the service based on the existence of the |
2112 | + initscript. (LP #1579597) |
2113 | + * Drop: |
2114 | + - d/rules: Compile winbindd/winbindd statically. (LP: #1700527) |
2115 | + [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch |
2116 | + fix-1584485.patch was dropped there.] |
2117 | + - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2118 | + pam_winbind krb5_ccache_type=FILE failure |
2119 | + [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch |
2120 | + in 2:4.6.5+dfsg-3 that closed Debian's bug #739768] |
2121 | + - debian/patches/winbind_trusted_domains.patch: make sure domain |
2122 | + members can talk to trusted domains DCs. |
2123 | + [Upstream committed a different fix, see updated patch attached to |
2124 | + https://bugzilla.samba.org/show_bug.cgi?id=11830] |
2125 | + - d/control: add libcephfs-dev as b-d to build vfs_ceph |
2126 | + [Adopted by Debian in 2:4.6.5+dfsg-1] |
2127 | + - debian/patches/CVE-2017-11103.patch: use encrypted service |
2128 | + name rather than unencrypted (and therefore spoofable) version |
2129 | + in heimdal |
2130 | + [Adopted by Debian as |
2131 | + d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch] |
2132 | + - Cherrypick upstream patch to fix FTBFS with new ceph lib. |
2133 | + [Merged upstream in 4.6.0rc1] |
2134 | + * Disable glusterfs support because it's not in main. |
2135 | + MIR bug is https://launchpad.net/bugs/1274247 |
2136 | + |
2137 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300 |
2138 | + |
2139 | samba (2:4.6.5+dfsg-8) unstable; urgency=medium |
2140 | |
2141 | * Remove dependency on update-inetd, not used anymore |
2142 | @@ -2342,6 +4265,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium |
2143 | |
2144 | -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200 |
2145 | |
2146 | +samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium |
2147 | + |
2148 | + * Cherrypick upstream patch to fix FTBFS with new ceph lib. |
2149 | + |
2150 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100 |
2151 | + |
2152 | +samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium |
2153 | + |
2154 | + * SECURITY UPDATE: KDC-REP service name impersonation |
2155 | + - debian/patches/CVE-2017-11103.patch: use encrypted service |
2156 | + name rather than unencrypted (and therefore spoofable) version |
2157 | + in heimdal |
2158 | + - CVE-2017-11103 |
2159 | + |
2160 | + -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700 |
2161 | + |
2162 | +samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium |
2163 | + |
2164 | + * No-change rebuild against libldb 1.1.29 |
2165 | + |
2166 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700 |
2167 | + |
2168 | +samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium |
2169 | + |
2170 | + * Add extra DEP8 tests to samba (LP: #1696823): |
2171 | + - d/t/control: enable the new DEP8 tests |
2172 | + - d/t/smbclient-anonymous-share-list: list available shares anonymously |
2173 | + - d/t/smbclient-authenticated-share-list: list available shares using |
2174 | + an authenticated connection |
2175 | + - d/t/smbclient-share-access: create a share and download a file from it |
2176 | + - d/t/cifs-share-access: access a file in a share using cifs |
2177 | + * Ask the user if we can run testparm against the config file. If yes, |
2178 | + include its stderr and exit status in the bug report. Otherwise, only |
2179 | + include the exit status. (LP: #1694334) |
2180 | + * If systemctl is available, use it to query the status of the smbd |
2181 | + service before trying to reload it. Otherwise, keep the same check |
2182 | + as before and reload the service based on the existence of the |
2183 | + initscript. (LP: #1579597) |
2184 | + * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind |
2185 | + module. There is a fixed version of that patch attached to |
2186 | + #1677329 but it has not been vetted yet, so for now it's best |
2187 | + to revert (again) so that pam_winbind can be used. |
2188 | + (LP: #1677329, LP: #1644428) |
2189 | + |
2190 | + -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700 |
2191 | + |
2192 | +samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium |
2193 | + |
2194 | + * Merge from Debian unstable. Remaining changes: |
2195 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2196 | + - debian/smb.conf; |
2197 | + + Add "(Samba, Ubuntu)" to server string. |
2198 | + + Comment out the default [homes] share, and add a comment about |
2199 | + "valid users = %s" to show users how to restrict access to |
2200 | + \\server\username to only username. |
2201 | + - debian/samba-common.config: |
2202 | + + Do not change priority to high if dhclient3 is installed. |
2203 | + - Add apport hook: |
2204 | + + Created debian/source_samba.py. |
2205 | + + debian/rules, debian/samba-common-bin.install: install hook. |
2206 | + - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2207 | + pam_winbind krb5_ccache_type=FILE failure |
2208 | + - debian/patches/winbind_trusted_domains.patch: make sure domain |
2209 | + members can talk to trusted domains DCs. |
2210 | + - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2211 | + to be statically linked |
2212 | + - d/rules: Compile winbindd/winbindd statically. |
2213 | + - d/control: add libcephfs-dev as b-d to build vfs_ceph |
2214 | + |
2215 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400 |
2216 | + |
2217 | samba (2:4.5.8+dfsg-2) unstable; urgency=high |
2218 | |
2219 | * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside |
2220 | @@ -2356,6 +4350,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high |
2221 | |
2222 | -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200 |
2223 | |
2224 | +samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium |
2225 | + |
2226 | + * SECURITY UPDATE: remote code execution from a writable share |
2227 | + - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a |
2228 | + slash inside in source3/rpc_server/srv_pipe.c. |
2229 | + - CVE-2017-7494 |
2230 | + |
2231 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400 |
2232 | + |
2233 | +samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium |
2234 | + |
2235 | + * SECURITY UPDATE: Symlink race allows access outside share definition |
2236 | + - Updated to new upstream release 4.5.8. |
2237 | + - CVE-2017-2619 |
2238 | + |
2239 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400 |
2240 | + |
2241 | samba (2:4.5.6+dfsg-2) unstable; urgency=high |
2242 | |
2243 | * This is a security release in order to address the following defects: |
2244 | @@ -2385,6 +4396,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium |
2245 | |
2246 | -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100 |
2247 | |
2248 | +samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium |
2249 | + |
2250 | + * d/control: add libcephfs-dev as b-d to build vfs_ceph |
2251 | + (LP: #1668940). |
2252 | + |
2253 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800 |
2254 | + |
2255 | +samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium |
2256 | + |
2257 | + * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining |
2258 | + changes: |
2259 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2260 | + + debian/smb.conf; |
2261 | + - Add "(Samba, Ubuntu)" to server string. |
2262 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2263 | + to show users how to restrict access to \\server\username to only username. |
2264 | + + debian/samba-common.config: |
2265 | + - Do not change prioritiy to high if dhclient3 is installed. |
2266 | + + Add apport hook: |
2267 | + - Created debian/source_samba.py. |
2268 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2269 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2270 | + pam_winbind krb5_ccache_type=FILE failure (LP #1310919) |
2271 | + + debian/patches/winbind_trusted_domains.patch: make sure domain members |
2272 | + can talk to trusted domains DCs. |
2273 | + [ update patch based upon upstream discussion ] |
2274 | + + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2275 | + to be statically linked fixes LP #1584485. |
2276 | + + d/rules: Compile winbindd/winbindd statically. |
2277 | + * Drop: |
2278 | + - Delete debian/.gitignore |
2279 | + [ Previously undocumented ] |
2280 | + - debian/patches/git_smbclient_cpu.patch: |
2281 | + + backport upstream patch to fix smbclient users hanging/eating cpu on |
2282 | + trying to contact a machine which is not there (lp #1572260) |
2283 | + [ Fixed upstream ] |
2284 | + - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing |
2285 | + + debian/patches/CVE-2016-2123.patch: check lengths in |
2286 | + librpc/ndr/ndr_dnsp.c. |
2287 | + + CVE-2016-2123 |
2288 | + [ Fixed in Debian ] |
2289 | + - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers |
2290 | + + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in |
2291 | + source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, |
2292 | + source4/auth/gensec/gensec_gssapi.c. |
2293 | + + CVE-2016-2125 |
2294 | + [ Fixed in Debian ] |
2295 | + - SECURITY UPDATE: privilege elevation in Kerberos PAC validation |
2296 | + + debian/patches/CVE-2016-2126.patch: only allow known checksum types |
2297 | + in auth/kerberos/kerberos_pac.c. |
2298 | + + CVE-2016-2126 |
2299 | + [ Fixed in Debian ] |
2300 | + |
2301 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800 |
2302 | + |
2303 | samba (2:4.5.4+dfsg-1) unstable; urgency=medium |
2304 | |
2305 | [ Mathieu Parent ] |
2306 | @@ -2512,6 +4578,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium |
2307 | |
2308 | -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200 |
2309 | |
2310 | +samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium |
2311 | + |
2312 | + * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing |
2313 | + - debian/patches/CVE-2016-2123.patch: check lengths in |
2314 | + librpc/ndr/ndr_dnsp.c. |
2315 | + - CVE-2016-2123 |
2316 | + * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers |
2317 | + - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in |
2318 | + source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c, |
2319 | + source4/auth/gensec/gensec_gssapi.c. |
2320 | + - CVE-2016-2125 |
2321 | + * SECURITY UPDATE: privilege elevation in Kerberos PAC validation |
2322 | + - debian/patches/CVE-2016-2126.patch: only allow known checksum types |
2323 | + in auth/kerberos/kerberos_pac.c. |
2324 | + - CVE-2016-2126 |
2325 | + |
2326 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500 |
2327 | + |
2328 | +samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high |
2329 | + |
2330 | + * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind |
2331 | + to be statically linked fixes LP: #1584485. |
2332 | + |
2333 | + * d/rules: Compile winbindd/winbindd statically. |
2334 | + |
2335 | + -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100 |
2336 | + |
2337 | +samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium |
2338 | + |
2339 | + * No-change rebuild for readline soname change. |
2340 | + |
2341 | + -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000 |
2342 | + |
2343 | +samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium |
2344 | + |
2345 | + * No-change rebuild for readline soname change. |
2346 | + |
2347 | + -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000 |
2348 | + |
2349 | +samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium |
2350 | + |
2351 | + * debian/patches/git_smbclient_cpu.patch: |
2352 | + - backport upstream patch to fix smbclient users hanging/eating cpu on |
2353 | + trying to contact a machine which is not there (lp: #1572260) |
2354 | + |
2355 | + -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200 |
2356 | + |
2357 | +samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low |
2358 | + |
2359 | + * Merge from Debian unstable. Remaining changes: |
2360 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2361 | + + debian/smb.conf; |
2362 | + - Add "(Samba, Ubuntu)" to server string. |
2363 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2364 | + to show users how to restrict access to \\server\username to only username. |
2365 | + + debian/samba-common.config: |
2366 | + - Do not change prioritiy to high if dhclient3 is installed. |
2367 | + + Add apport hook: |
2368 | + - Created debian/source_samba.py. |
2369 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2370 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2371 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2372 | + + debian/patches/winbind_trusted_domains.patch: make sure domain members |
2373 | + can talk to trusted domains DCs. |
2374 | + * Dropped changes: |
2375 | + - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was |
2376 | + never done in Debian, revert. |
2377 | + - ufw integration: included in Debian. |
2378 | + |
2379 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700 |
2380 | + |
2381 | samba (2:4.4.5+dfsg-2) unstable; urgency=medium |
2382 | |
2383 | * Disable running of 'make quicktest' during build, as it takes very |
2384 | @@ -2639,6 +4776,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium |
2385 | |
2386 | -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200 |
2387 | |
2388 | +samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium |
2389 | + |
2390 | + * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in |
2391 | + the previous security updates. (LP: #1577739) |
2392 | + - debian/control: bump tevent Build-Depends to 0.9.28. |
2393 | + * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576) |
2394 | + - debian/patches/samba-bug11912.patch: let msrpc_parse() return |
2395 | + talloc'ed empty strings in libcli/auth/msrpc_parse.c. |
2396 | + - debian/patches/samba-bug11914.patch: make |
2397 | + ntlm_auth_generate_session_info() more complete in |
2398 | + source3/utils/ntlm_auth.c. |
2399 | + |
2400 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400 |
2401 | + |
2402 | samba (2:4.3.8+dfsg-1) unstable; urgency=low |
2403 | |
2404 | [ Jelmer Vernooij ] |
2405 | @@ -2653,6 +4804,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low |
2406 | |
2407 | -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000 |
2408 | |
2409 | +samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium |
2410 | + |
2411 | + * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues |
2412 | + - CVE-2015-5370: Multiple errors in DCE-RPC code |
2413 | + - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP |
2414 | + - CVE-2016-2111: NETLOGON Spoofing Vulnerability |
2415 | + - CVE-2016-2112: The LDAP client and server don't enforce integrity |
2416 | + protection |
2417 | + - CVE-2016-2113: Missing TLS certificate validation allows man in the |
2418 | + middle attacks |
2419 | + - CVE-2016-2114: "server signing = mandatory" not enforced |
2420 | + - CVE-2016-2115: SMB client connections for IPC traffic are not |
2421 | + integrity protected |
2422 | + - CVE-2016-2118: SAMR and LSA man in the middle attacks possible |
2423 | + * debian/patches/winbind_trusted_domains.patch: make sure domain members |
2424 | + can talk to trusted domains DCs. |
2425 | + |
2426 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400 |
2427 | + |
2428 | samba (2:4.3.7+dfsg-1) unstable; urgency=high |
2429 | |
2430 | * New upstream release. |
2431 | @@ -2695,6 +4865,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low |
2432 | |
2433 | -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200 |
2434 | |
2435 | +samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium |
2436 | + |
2437 | + * Merge with Debian; remaining changes: |
2438 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2439 | + + debian/smb.conf; |
2440 | + - Add "(Samba, Ubuntu)" to server string. |
2441 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2442 | + to show users how to restrict access to \\server\username to only username. |
2443 | + + debian/samba-common.config: |
2444 | + - Do not change prioritiy to high if dhclient3 is installed. |
2445 | + + debian/control: |
2446 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2447 | + + Add ufw integration: |
2448 | + - Created debian/samba.ufw.profile: |
2449 | + - debian/rules, debian/samba.install: install profile |
2450 | + + Add apport hook: |
2451 | + - Created debian/source_samba.py. |
2452 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2453 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2454 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2455 | + |
2456 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500 |
2457 | + |
2458 | samba (2:4.3.6+dfsg-1) unstable; urgency=medium |
2459 | |
2460 | * New upstream release. |
2461 | @@ -2740,6 +4933,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium |
2462 | |
2463 | -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100 |
2464 | |
2465 | +samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium |
2466 | + |
2467 | + * No-change rebuild for gnutls transition. |
2468 | + |
2469 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000 |
2470 | + |
2471 | +samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium |
2472 | + |
2473 | + * Fixes regression introduced by debian/patches/CVE-2015-5252.patch. |
2474 | + (LP: #1545750) |
2475 | + |
2476 | + -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100 |
2477 | + |
2478 | +samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium |
2479 | + |
2480 | + * Merge with Debian; remaining changes: |
2481 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2482 | + + debian/smb.conf; |
2483 | + - Add "(Samba, Ubuntu)" to server string. |
2484 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2485 | + to show users how to restrict access to \\server\username to only username. |
2486 | + + debian/samba-common.config: |
2487 | + - Do not change prioritiy to high if dhclient3 is installed. |
2488 | + + debian/control: |
2489 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2490 | + + Add ufw integration: |
2491 | + - Created debian/samba.ufw.profile: |
2492 | + - debian/rules, debian/samba.install: install profile |
2493 | + + Add apport hook: |
2494 | + - Created debian/source_samba.py. |
2495 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2496 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2497 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2498 | + |
2499 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500 |
2500 | + |
2501 | samba (2:4.3.3+dfsg-1) unstable; urgency=medium |
2502 | |
2503 | * New upstream release. Closes: #808133. |
2504 | @@ -2824,6 +5053,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium |
2505 | |
2506 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000 |
2507 | |
2508 | +samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium |
2509 | + |
2510 | + * Resolve small merge error in the rules |
2511 | + |
2512 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100 |
2513 | + |
2514 | +samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium |
2515 | + |
2516 | + * Backport Debian change to remove libpam-smbpasswd, it segfaults |
2517 | + leading to non working session (lp: #1515207) |
2518 | + |
2519 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100 |
2520 | + |
2521 | +samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium |
2522 | + |
2523 | + * Build with the new ldb |
2524 | + |
2525 | + -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100 |
2526 | + |
2527 | +samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium |
2528 | + |
2529 | + * debian/samba.logrotate: |
2530 | + - revert to Debian version of the logrotate reload command, fix an |
2531 | + invalid syntax introduced in the upstart->systemd transition |
2532 | + (lp: #1385868) |
2533 | + |
2534 | + -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100 |
2535 | + |
2536 | +samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium |
2537 | + |
2538 | + * Merge with Debian; remaining changes: |
2539 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2540 | + + debian/smb.conf; |
2541 | + - Add "(Samba, Ubuntu)" to server string. |
2542 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2543 | + to show users how to restrict access to \\server\username to only username. |
2544 | + + debian/samba-common.config: |
2545 | + - Do not change prioritiy to high if dhclient3 is installed. |
2546 | + + debian/control: |
2547 | + - Don't build against or suggest ctdb and tdb. |
2548 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2549 | + + debian/rules: |
2550 | + - Drop explicit configuration options for ctdb and tdb. |
2551 | + + Add ufw integration: |
2552 | + - Created debian/samba.ufw.profile: |
2553 | + - debian/rules, debian/samba.install: install profile |
2554 | + + Add apport hook: |
2555 | + - Created debian/source_samba.py. |
2556 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2557 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2558 | + processes such that it works under both upstart and systemd. |
2559 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2560 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2561 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2562 | + |
2563 | + -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200 |
2564 | + |
2565 | samba (2:4.1.20+dfsg-1) unstable; urgency=medium |
2566 | |
2567 | * New upstream release (last compatible with current OpenChange). |
2568 | @@ -2837,6 +5123,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium |
2569 | |
2570 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000 |
2571 | |
2572 | +samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium |
2573 | + |
2574 | + * debian/control: |
2575 | + - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev |
2576 | + |
2577 | + -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200 |
2578 | + |
2579 | +samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium |
2580 | + |
2581 | + * Merge from Debian unstable. Remaining changes: |
2582 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2583 | + + debian/smb.conf; |
2584 | + - Add "(Samba, Ubuntu)" to server string. |
2585 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2586 | + to show users how to restrict access to \\server\username to only username. |
2587 | + + debian/samba-common.config: |
2588 | + - Do not change prioritiy to high if dhclient3 is installed. |
2589 | + + debian/control: |
2590 | + - Don't build against or suggest ctdb and tdb. |
2591 | + + debian/rules: |
2592 | + - Drop explicit configuration options for ctdb and tdb. |
2593 | + + Add ufw integration: |
2594 | + - Created debian/samba.ufw.profile: |
2595 | + - debian/rules, debian/samba.install: install profile |
2596 | + + Add apport hook: |
2597 | + - Created debian/source_samba.py. |
2598 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2599 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2600 | + processes such that it works under both upstart and systemd. |
2601 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2602 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2603 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2604 | + + debian/patches/git_timeout_client_error.patch: |
2605 | + - don't let smb mounts timeout that leads to errors when trying to |
2606 | + reuse a mount after idling for a while in e.g nautilus (lp: #310932) |
2607 | + |
2608 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200 |
2609 | + |
2610 | samba (2:4.1.17+dfsg-4) unstable; urgency=medium |
2611 | |
2612 | * Add pidl_reproducible.patch: Make pidl output reproducible. |
2613 | @@ -2873,6 +5197,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high |
2614 | |
2615 | -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100 |
2616 | |
2617 | +samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium |
2618 | + |
2619 | + * debian/patches/git_timeout_client_error.patch: |
2620 | + - don't let smb mounts timeout that leads to errors when trying to |
2621 | + reuse a mount after idling for a while in e.g nautilus (lp: #310932) |
2622 | + |
2623 | + -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200 |
2624 | + |
2625 | +samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium |
2626 | + |
2627 | + * SECURITY UPDATE: code execution vulnerability in smbd daemon |
2628 | + - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an |
2629 | + uninitialized pointer and don't dereference a NULL pointer in |
2630 | + source3/rpc_server/netlogon/srv_netlog_nt.c. |
2631 | + - CVE-2015-0240 |
2632 | + |
2633 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500 |
2634 | + |
2635 | +samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low |
2636 | + |
2637 | + * Merge from Debian unstable. Remaining changes: |
2638 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2639 | + + debian/smb.conf; |
2640 | + - Add "(Samba, Ubuntu)" to server string. |
2641 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2642 | + to show users how to restrict access to \\server\username to only username. |
2643 | + + debian/samba-common.config: |
2644 | + - Do not change prioritiy to high if dhclient3 is installed. |
2645 | + + debian/control: |
2646 | + - Don't build against or suggest ctdb and tdb. |
2647 | + + debian/rules: |
2648 | + - Drop explicit configuration options for ctdb and tdb. |
2649 | + + Add ufw integration: |
2650 | + - Created debian/samba.ufw.profile: |
2651 | + - debian/rules, debian/samba.install: install profile |
2652 | + + Add apport hook: |
2653 | + - Created debian/source_samba.py. |
2654 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2655 | + + debian/samba.logrotate: use service command to reload (send SIGHUP) the main |
2656 | + processes such that it works under both upstart and systemd. |
2657 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2658 | + + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2659 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2660 | + + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143. |
2661 | + |
2662 | + -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100 |
2663 | + |
2664 | samba (2:4.1.13+dfsg-4) unstable; urgency=medium |
2665 | |
2666 | * Revert previous patch, since ldb has an active module version check. |
2667 | @@ -2915,6 +5286,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium |
2668 | |
2669 | -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200 |
2670 | |
2671 | +samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium |
2672 | + |
2673 | + * SECURITY UPDATE: elevation of privilege to AD Domain Controller |
2674 | + - debian/patches/CVE-2014-8143.patch: check for extended access rights |
2675 | + before allowing changes to userAccountControl in |
2676 | + librpc/idl/security.idl, source4/auth/session.c, |
2677 | + source4/dsdb/common/util.c, source4/dsdb/pydsdb.c, |
2678 | + source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h, |
2679 | + source4/rpc_server/lsa/dcesrv_lsa.c, |
2680 | + source4/setup/schema_samba4.ldif. |
2681 | + - CVE-2014-8143 |
2682 | + |
2683 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500 |
2684 | + |
2685 | +samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium |
2686 | + |
2687 | + * No-change rebuild against current ldb. Note that I'm not claiming the |
2688 | + merging for this package. |
2689 | + |
2690 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100 |
2691 | + |
2692 | +samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium |
2693 | + |
2694 | + * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for |
2695 | + pam_winbind krb5_ccache_type=FILE failure (LP: #1310919) |
2696 | + |
2697 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500 |
2698 | + |
2699 | +samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium |
2700 | + |
2701 | + * Merge from Debian unstable. Remaining changes: |
2702 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2703 | + + debian/smb.conf; |
2704 | + - Add "(Samba, Ubuntu)" to server string. |
2705 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2706 | + to show users how to restrict access to \\server\username to only username. |
2707 | + + debian/samba-common.config: |
2708 | + - Do not change prioritiy to high if dhclient3 is installed. |
2709 | + + debian/control: |
2710 | + - Don't build against or suggest ctdb and tdb. |
2711 | + + debian/rules: |
2712 | + - Drop explicit configuration options for ctdb and tdb. |
2713 | + + Add ufw integration: |
2714 | + - Created debian/samba.ufw.profile: |
2715 | + - debian/rules, debian/samba.install: install profile |
2716 | + + Add apport hook: |
2717 | + - Created debian/source_samba.py. |
2718 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2719 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2720 | + of hacking arround with pid files. |
2721 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2722 | + first dummy transitional package version. |
2723 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2724 | + |
2725 | + * In logrotate, use service command to reload (send SIGHUP) the main |
2726 | + processes such that it works under both upstart and systemd. |
2727 | + * Drop CVE patches, applied upstream. |
2728 | + * Drop patches absent from series: readline-ftbfs.patch, |
2729 | + krb5_kt_start_seq.diff, config-bind99.patch |
2730 | + * Drop debian/source/include-binaries, pyc files are correctly cleaned up |
2731 | + |
2732 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100 |
2733 | + |
2734 | samba (2:4.1.11+dfsg-1) unstable; urgency=high |
2735 | |
2736 | * New upstream release. Fixes: |
2737 | @@ -2950,6 +5384,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high |
2738 | |
2739 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200 |
2740 | |
2741 | +samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium |
2742 | + |
2743 | + * SECURITY UPDATE: remote code execution on unauthenticated nmbd |
2744 | + - debian/patches/CVE-2014-3560.patch: fix unstrcpy in |
2745 | + lib/util/string_wrappers.h. |
2746 | + - CVE-2014-3560 |
2747 | + |
2748 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400 |
2749 | + |
2750 | +samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium |
2751 | + |
2752 | + * SECURITY UPDATE: denial of service on nmbd malformed packet |
2753 | + - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in |
2754 | + source3/lib/system.c. |
2755 | + - CVE-2014-0244 |
2756 | + * SECURITY UPDATE: denial of service via bad unicode conversion |
2757 | + - debian/patches/CVE-2014-3493.patch: refactor code in |
2758 | + source3/lib/charcnv.c, change return code checks in |
2759 | + source3/libsmb/clirap.c, source3/smbd/lanman.c. |
2760 | + - CVE-2014-3493 |
2761 | + |
2762 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400 |
2763 | + |
2764 | +samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low |
2765 | + |
2766 | + * Merge from Debian unstable. Remaining changes: |
2767 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2768 | + + debian/smb.conf; |
2769 | + - Add "(Samba, Ubuntu)" to server string. |
2770 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2771 | + to show users how to restrict access to \\server\username to only username. |
2772 | + + debian/samba-common.config: |
2773 | + - Do not change prioritiy to high if dhclient3 is installed. |
2774 | + + debian/control: |
2775 | + - Don't build against or suggest ctdb and tdb. |
2776 | + + debian/rules: |
2777 | + - Drop explicit configuration options for ctdb and tdb. |
2778 | + + Add ufw integration: |
2779 | + - Created debian/samba.ufw.profile: |
2780 | + - debian/rules, debian/samba.install: install profile |
2781 | + + Add apport hook: |
2782 | + - Created debian/source_samba.py. |
2783 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2784 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2785 | + of hacking arround with pid files. |
2786 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2787 | + first dummy transitional package version. |
2788 | + + Dropped patches: |
2789 | + - debian/patches/CVE-2013-4496.patch: Dropped no longer needed |
2790 | + - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. |
2791 | + - debian/patches/readline-ftbfs.patch: Use the debian version. |
2792 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2793 | + (LP: #1268180) |
2794 | + |
2795 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400 |
2796 | + |
2797 | samba (2:4.1.8+dfsg-1) unstable; urgency=medium |
2798 | |
2799 | [ Jelmer Vernooij ] |
2800 | @@ -2987,6 +5477,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium |
2801 | |
2802 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200 |
2803 | |
2804 | +samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium |
2805 | + |
2806 | + * Set the stack size to unlimited during the build to avoid a SIGBUS in |
2807 | + xsltproc on some architectures. |
2808 | + |
2809 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100 |
2810 | + |
2811 | +samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium |
2812 | + |
2813 | + * Backport from unstable (Ivo De Decker): |
2814 | + - Build-depend on heimdal-dev. |
2815 | + |
2816 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100 |
2817 | + |
2818 | +samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high |
2819 | + |
2820 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
2821 | + postinst. |
2822 | + |
2823 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100 |
2824 | + |
2825 | +samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium |
2826 | + |
2827 | + * cherrypick upstream patch 1310919 to fix pam_winbind regression |
2828 | + (LP: #1310919) |
2829 | + |
2830 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500 |
2831 | + |
2832 | +samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium |
2833 | + |
2834 | + * Fix a grammatical error in smb.conf that showed up in a ucf prompt on |
2835 | + upgrade. |
2836 | + |
2837 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700 |
2838 | + |
2839 | +samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low |
2840 | + |
2841 | + * Merge from Debian unstable. Remaining changes: |
2842 | + + debian/VERSION.patch: Update vendor string to "Ubuntu". |
2843 | + + debian/smb.conf; |
2844 | + - Add "(Samba, Ubuntu)" to server string. |
2845 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2846 | + to show users how to restrict access to \\server\username to only username. |
2847 | + + debian/samba-common.config: |
2848 | + - Do not change prioritiy to high if dhclient3 is installed. |
2849 | + + debian/control: |
2850 | + - Don't build against or suggest ctdb and tdb. |
2851 | + + debian/rules: |
2852 | + - Drop explicit configuration options for ctdb and tdb. |
2853 | + + Add ufw integration: |
2854 | + - Created debian/samba.ufw.profile: |
2855 | + - debian/rules, debian/samba.install: install profile |
2856 | + + Add apport hook: |
2857 | + - Created debian/source_samba.py. |
2858 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2859 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2860 | + of hacking arround with pid files. |
2861 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2862 | + first dummy transitional package version. |
2863 | + + Dropped patches: |
2864 | + - debian/patches/CVE-2013-4496.patch: Dropped no longer needed |
2865 | + - debian/patches/CVE-2013-6442.patch: Dropped no longer needed. |
2866 | + - debian/patches/readline-ftbfs.patch: Use the debian version. |
2867 | + + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs. |
2868 | + (LP: #1268180) |
2869 | + |
2870 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400 |
2871 | + |
2872 | samba (2:4.1.6+dfsg-1) unstable; urgency=high |
2873 | |
2874 | * New upstream security release. Fixes: |
2875 | @@ -3046,6 +5604,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium |
2876 | |
2877 | -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100 |
2878 | |
2879 | +samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium |
2880 | + |
2881 | + * debian/smb.conf: comment back some of the "share definitions" |
2882 | + options (including "valid users"). That was an Ubuntu diff and seems to |
2883 | + have been dropped in the trusty merge. Those changes seem needed to |
2884 | + get the usershare feature working (used by nautilus-share) (lp: #1261873) |
2885 | + |
2886 | + -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200 |
2887 | + |
2888 | +samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium |
2889 | + |
2890 | + * SECURITY UPDATE: Password lockout not enforced for SAMR password |
2891 | + changes |
2892 | + - debian/patches/CVE-2013-4496.patch: refactor password lockout code in |
2893 | + source3/auth/check_samsec.c, |
2894 | + source3/rpc_server/samr/srv_samr_chgpasswd.c, |
2895 | + source3/rpc_server/samr/srv_samr_nt.c, |
2896 | + source3/smbd/lanman.c, |
2897 | + source4/rpc_server/samr/samr_password.c, |
2898 | + source4/torture/rpc/samr.c. |
2899 | + - CVE-2013-4496 |
2900 | + * SECURITY UPDATE: smbcacls can remove a file or directory ACL by |
2901 | + mistake |
2902 | + - debian/patches/CVE-2013-6442.patch: handle existing ACL in |
2903 | + source3/utils/smbcacls.c. |
2904 | + - CVE-2013-6442 |
2905 | + * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6. |
2906 | + |
2907 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400 |
2908 | + |
2909 | +samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium |
2910 | + |
2911 | + * Depend on tdb-tools (LP: #1279593) |
2912 | + * Updated generated config for Bind9.9. |
2913 | + |
2914 | + -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500 |
2915 | + |
2916 | +samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium |
2917 | + |
2918 | + * Add missing python-ntdb dependency to python-samba (spotted by |
2919 | + autopkgtest). |
2920 | + |
2921 | + -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100 |
2922 | + |
2923 | +samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low |
2924 | + |
2925 | + * Merge from Debian Unstable: |
2926 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2927 | + * debian/smb.conf; |
2928 | + - Add "(Samba, Ubuntu)" to server string. |
2929 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2930 | + to show users how to restrict access to \\server\username to only username. |
2931 | + + debian/samba-common.config: |
2932 | + - Do not change prioritiy to high if dhclient3 is installed. |
2933 | + + debian/control: |
2934 | + - Don't build against or suggest ctdb and tdb. |
2935 | + + debian/rules: |
2936 | + - Drop explicit configuration options for ctdb and tdb. |
2937 | + + Add ufw integration: |
2938 | + - Created debian/samba.ufw.profile: |
2939 | + - debian/rules, debian/samba.install: install profile |
2940 | + + Add apport hook: |
2941 | + - Created debian/source_samba.py. |
2942 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2943 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2944 | + of hacking arround with pid files. |
2945 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2946 | + first dummy transitional package version. |
2947 | + |
2948 | + -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500 |
2949 | + |
2950 | samba (2:4.1.3+dfsg-2) unstable; urgency=medium |
2951 | |
2952 | * Add debug symbols for all binaries to samba-dbg. Closes: #732493 |
2953 | @@ -3088,6 +5717,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low |
2954 | |
2955 | -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800 |
2956 | |
2957 | +samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low |
2958 | + |
2959 | + * Merge from Debian Unstable: |
2960 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
2961 | + * debian/smb.conf; |
2962 | + - Add "(Samba, Ubuntu)" to server string. |
2963 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
2964 | + to show users how to restrict access to \\server\username to only username. |
2965 | + + debian/samba-common.config: |
2966 | + - Do not change prioritiy to high if dhclient3 is installed. |
2967 | + + debian/control: |
2968 | + - Don't build against or suggest ctdb and tdb. |
2969 | + + debian/rules: |
2970 | + - Drop explicit configuration options for ctdb and tdb. |
2971 | + + Add ufw integration: |
2972 | + - Created debian/samba.ufw.profile: |
2973 | + - debian/rules, debian/samba.install: install profile |
2974 | + + Add apport hook: |
2975 | + - Created debian/source_samba.py. |
2976 | + - debian/rules, debia/samb-common-bin.install: install hook. |
2977 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
2978 | + of hacking arround with pid files. |
2979 | + + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, |
2980 | + first dummy transitional package version. |
2981 | + |
2982 | + -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500 |
2983 | + |
2984 | samba (2:4.0.13+dfsg-1) unstable; urgency=high |
2985 | |
2986 | [ Steve Langasek ] |
2987 | @@ -3142,6 +5798,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high |
2988 | |
2989 | -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100 |
2990 | |
2991 | +samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low |
2992 | + |
2993 | + * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version. |
2994 | + |
2995 | + -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000 |
2996 | + |
2997 | +samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low |
2998 | + |
2999 | + * Merge from Debian Unstable: |
3000 | + - debian/VERSION.patch: Update vendor string to "Ubuntu". |
3001 | + * debian/smb.conf; |
3002 | + - Add "(Samba, Ubuntu)" to server string. |
3003 | + - Comment out the default [homes] share, and add a comment about "valid users = %s" |
3004 | + to show users how to restrict access to \\server\username to only username. |
3005 | + + debian/samba-common.config: |
3006 | + - Do not change prioritiy to high if dhclient3 is installed. |
3007 | + + debian/control: |
3008 | + - Don't build against or suggest ctdb and tdb. |
3009 | + + debian/rules: |
3010 | + - Drop explicit configuration options for ctdb and tdb. |
3011 | + + Add ufw integration: |
3012 | + - Created debian/samba.ufw.profile: |
3013 | + - debian/rules, debian/samba.install: install profile |
3014 | + + Add apport hook: |
3015 | + - Created debian/source_samba.py. |
3016 | + - debian/rules, debia/samb-common-bin.install: install hook. |
3017 | + + debian/samba.logrotate: call upstart interfaces unconditionally instead |
3018 | + of hacking arround with pid files. |
3019 | + |
3020 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800 |
3021 | + |
3022 | samba (2:4.0.10+dfsg-4) unstable; urgency=low |
3023 | |
3024 | [ Christian Perrier ] |
3025 | diff --git a/debian/control b/debian/control |
3026 | index 6fb98ee..c57caa6 100644 |
3027 | --- a/debian/control |
3028 | +++ b/debian/control |
3029 | @@ -1,7 +1,8 @@ |
3030 | Source: samba |
3031 | Section: net |
3032 | Priority: optional |
3033 | -Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> |
3034 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
3035 | +XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> |
3036 | Uploaders: Steve Langasek <vorlon@debian.org>, |
3037 | Jelmer Vernooij <jelmer@debian.org>, |
3038 | Mathieu Parent <sathieu@debian.org>, |
3039 | @@ -59,7 +60,7 @@ Build-Depends-Arch: |
3040 | libsystemd-dev [linux-any], |
3041 | libtasn1-6-dev (>= 3.8), |
3042 | libtasn1-bin, |
3043 | - liburing-dev [linux-any], |
3044 | + liburing-dev [!i386], |
3045 | xfslibs-dev [linux-any], |
3046 | zlib1g-dev (>= 1:1.2.3), |
3047 | # python (+#904999): |
3048 | @@ -308,6 +309,7 @@ Architecture: any |
3049 | Section: python |
3050 | Depends: python3-ldb, |
3051 | python3-tdb, |
3052 | + python3-markdown, |
3053 | samba-libs (= ${binary:Version}), |
3054 | ${misc:Depends}, |
3055 | ${python3:Depends}, |
3056 | @@ -370,6 +372,29 @@ Description: Samba Virtual FileSystem plugins |
3057 | Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are |
3058 | moved to Recommends. |
3059 | |
3060 | +Package: samba-vfs-modules-extra |
3061 | +# Since we only ship the glusterfs module so far, exclude 32bit architectures, |
3062 | +# which glusterfs does not support |
3063 | +Architecture: amd64 arm64 ppc64el riscv64 s390x |
3064 | +Multi-Arch: same |
3065 | +Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} |
3066 | +# glusterfs vfs modules and manpages were moved from samba-vfs-modules to |
3067 | +# samba-vfs-modules-glusterfs in 2:4.19.4+dfsg-2ubuntu1 |
3068 | +Replaces: samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~) |
3069 | +Breaks: samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~) |
3070 | +Enhances: samba |
3071 | +Description: Samba Virtual FileSystem extra modules |
3072 | + Samba is an implementation of the SMB/CIFS protocol for Unix systems, |
3073 | + providing support for cross-platform file sharing with Microsoft Windows, OS X, |
3074 | + and other Unix systems. Samba can also function as a domain controller |
3075 | + or member server in Active Directory or NT4-style domains. |
3076 | + . |
3077 | + Virtual FileSystem modules are stacked shared libraries extending the |
3078 | + functionality of Samba. This package ships some extra VFS modules which |
3079 | + were previously shipped in samba-vfs-modules: |
3080 | + * vfs_gluterfs |
3081 | + * vfs_glusterfs_fuse |
3082 | + |
3083 | Package: libsmbclient |
3084 | Section: libs |
3085 | Architecture: any |
3086 | @@ -407,8 +432,9 @@ Depends: samba-common (= ${source:Version}), |
3087 | Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5> |
3088 | Suggests: libnss-winbind, libpam-winbind |
3089 | # 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind |
3090 | -Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), |
3091 | -Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), |
3092 | +# In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663 |
3093 | +Breaks: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), |
3094 | +Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~), |
3095 | Description: service to resolve user and group information from Windows NT servers |
3096 | Samba is an implementation of the SMB/CIFS protocol for Unix systems, |
3097 | providing support for cross-platform file sharing with Microsoft Windows, OS X, |
3098 | diff --git a/debian/rules b/debian/rules |
3099 | index 8e55a7b..1bad8a6 100755 |
3100 | --- a/debian/rules |
3101 | +++ b/debian/rules |
3102 | @@ -268,6 +268,15 @@ endif |
3103 | dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \ |
3104 | /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat |
3105 | |
3106 | +execute_after_dh_install: |
3107 | +# gluster vfs modules are in a separate package. Moving the modules here |
3108 | +# avoids having to list all but the gluster modules in |
3109 | +# d/samba-vfs-modules.install |
3110 | +ifeq ($(with-glusterfs), yes) |
3111 | + rm debian/samba-vfs-modules/usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs*.so |
3112 | + rm debian/samba-vfs-modules/usr/share/man/man8/vfs_glusterfs*.8 |
3113 | +endif |
3114 | + |
3115 | provision-dest := debian/samba-ad-provision/usr/share/samba/setup |
3116 | |
3117 | override_dh_auto_install-indep: |
3118 | @@ -349,7 +358,7 @@ override_dh_shlibdeps: |
3119 | # for specific executables/modules, put dependencies in separate variables |
3120 | # to change Depends to Recommends for them in d/control |
3121 | dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \ |
3122 | - -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper |
3123 | + -Xceph.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper |
3124 | ifneq (,$(filter ctdb, ${build-pkgs})) |
3125 | echo "rados:Depends=" >> debian/ctdb.substvars |
3126 | ifneq (${with-ceph},) |
3127 | @@ -362,8 +371,7 @@ ifneq (,$(filter samba-vfs-modules,${build-pkgs})) |
3128 | ifneq (${with-snapper}${with-ceph}${with-glusterfs},) |
3129 | dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \ |
3130 | $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \ |
3131 | - $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \ |
3132 | - $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so) |
3133 | + $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) |
3134 | endif |
3135 | endif |
3136 | # after shlibdeps run, check that we don't have wrong depdendencies |
3137 | diff --git a/debian/samba-vfs-modules-extra.install b/debian/samba-vfs-modules-extra.install |
3138 | new file mode 100644 |
3139 | index 0000000..c360548 |
3140 | --- /dev/null |
3141 | +++ b/debian/samba-vfs-modules-extra.install |
3142 | @@ -0,0 +1,4 @@ |
3143 | +usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs.so |
3144 | +usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs_fuse.so |
3145 | +usr/share/man/man8/vfs_glusterfs.8 |
3146 | +usr/share/man/man8/vfs_glusterfs_fuse.8 |
3147 | diff --git a/debian/tests/control b/debian/tests/control |
3148 | index d27e025..b37632e 100644 |
3149 | --- a/debian/tests/control |
3150 | +++ b/debian/tests/control |
3151 | @@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable |
3152 | Tests: reinstall-samba-common-bin |
3153 | Depends: samba-common, samba-common-bin |
3154 | Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr |
3155 | + |
3156 | +Tests: samba-ad-dc-provisioning-internal-dns |
3157 | +Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools |
3158 | +Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed |
3159 | diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns |
3160 | new file mode 100755 |
3161 | index 0000000..f61fa5e |
3162 | --- /dev/null |
3163 | +++ b/debian/tests/samba-ad-dc-provisioning-internal-dns |
3164 | @@ -0,0 +1,398 @@ |
3165 | +#!/bin/bash |
3166 | + |
3167 | +set -e |
3168 | +set -o pipefail |
3169 | + |
3170 | +source debian/tests/util |
3171 | + |
3172 | +declare -r domain="EXAMPLE" |
3173 | +declare -r realm="EXAMPLE.FAKE" |
3174 | +declare -r adminpass="Passw0rd" |
3175 | +declare -r test_user="test_user_${RANDOM}" |
3176 | +declare -r test_pw="test_user_secret_${RANDOM}" |
3177 | +declare -A user_pass |
3178 | +user_pass[Administrator]="${adminpass}" |
3179 | +user_pass[${test_user}]="${test_pw}" |
3180 | +declare -A join_method_deps |
3181 | +# Minimum set of deps: let realmd install the extra dependencies |
3182 | +# as needed, depending on the join method. |
3183 | +join_method_deps[realmd_sssd]="realmd krb5-user smbclient" |
3184 | +join_method_deps[realmd_winbind]="realmd krb5-user smbclient" |
3185 | + |
3186 | + |
3187 | +cleanup() { |
3188 | + rc=$? |
3189 | + set +e # so we don't exit midcleanup |
3190 | + if [ ${rc} -ne 0 ]; then |
3191 | + echo "## Something failed, gathering logs" |
3192 | + echo |
3193 | + echo "## smb.conf" |
3194 | + cat /etc/samba/smb.conf |
3195 | + echo |
3196 | + echo "## resolv.conf" |
3197 | + cat /etc/resolv.conf |
3198 | + echo |
3199 | + echo "## resolvectl status" |
3200 | + resolvectl status |
3201 | + echo "## journal for samba-ad-dc.service" |
3202 | + journalctl -u samba-ad-dc.service --lines 500 |
3203 | + echo |
3204 | + for log in /var/log/samba/log.*; do |
3205 | + # skip compressed logrotated files |
3206 | + if [ "${log%.gz}" != "${log}" ]; then |
3207 | + continue |
3208 | + fi |
3209 | + [ -s "${log}" ] || continue |
3210 | + echo "## $(basename ${log}):" |
3211 | + tail -n 500 "${log}" |
3212 | + echo |
3213 | + done |
3214 | + echo "## syslog" |
3215 | + tail -n 500 /var/log/syslog |
3216 | + fi |
3217 | +} |
3218 | + |
3219 | +trap cleanup EXIT |
3220 | + |
3221 | +assert_testparm() { |
3222 | + local parameter="${1}" |
3223 | + local expected_value="${2}" |
3224 | + local current_value="" |
3225 | + local -i retval=0 |
3226 | + |
3227 | + echo -n "Asserting ${parameter} is ${expected_value}: " |
3228 | + current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || { |
3229 | + retval=$? |
3230 | + echo "FAIL" |
3231 | + return ${retval} |
3232 | + } |
3233 | + if [ "${current_value}" = "${expected_value}" ]; then |
3234 | + echo "OK" |
3235 | + return 0 |
3236 | + else |
3237 | + echo "FAIL" |
3238 | + return 1 |
3239 | + fi |
3240 | +} |
3241 | + |
3242 | +basic_config_tests() { |
3243 | + echo "## Basic config tests" |
3244 | + testparm -s > /dev/null |
3245 | + assert_testparm "realm" "${realm}" |
3246 | + assert_testparm "workgroup" "${domain}" |
3247 | + assert_testparm "server role" "active directory domain controller" |
3248 | + echo |
3249 | +} |
3250 | + |
3251 | +dns_tests() { |
3252 | + echo "## DNS tests" |
3253 | + echo "Obtaining administrator kerberos ticket" |
3254 | + echo "${adminpass}" | timeout --verbose 30 kinit Administrator |
3255 | + echo |
3256 | + echo "Querying server info" |
3257 | + samba-tool dns serverinfo "$(hostname)" |
3258 | + echo |
3259 | + echo "Checking we got a service ticket of type host/" |
3260 | + klist | grep "host/$(hostname)" |
3261 | + echo |
3262 | + echo "Checking specific DNS records" |
3263 | + for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do |
3264 | + echo -n "${srv}.${realm,,}: " |
3265 | + dig @localhost +short -t SRV ${srv}.${realm,,} |
3266 | + echo |
3267 | + done |
3268 | + echo |
3269 | + echo -n "Checking that our hostname \"$(hostname)\" is in DNS: " |
3270 | + myip=$(dig @localhost +short -t A "$(hostname).${realm,,}") |
3271 | + echo "${myip}" |
3272 | + echo |
3273 | +} |
3274 | + |
3275 | +user_creation_tests() { |
3276 | + echo "## User creation tests" |
3277 | + samba-tool domain passwordsettings set --complexity=off |
3278 | + echo "Creating user \"${test_user}\" with password ${test_pw}" |
3279 | + samba-tool user add "${test_user}" "${test_pw}" |
3280 | + echo |
3281 | + echo "Attempting to obtain kerberos ticket for user \"${test_user}\"" |
3282 | + # just in case it ends up waiting at a prompt, we use "timeout" |
3283 | + echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" |
3284 | + echo "Ticket obtained" |
3285 | + klist |
3286 | + echo |
3287 | +} |
3288 | + |
3289 | +smbclient_tests() { |
3290 | + echo "## smbclient tests" |
3291 | + kdestroy || : |
3292 | + echo |
3293 | + echo "Obtaining a TGT for ${test_user}" |
3294 | + echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}" |
3295 | + klist | grep krbtgt |
3296 | + echo |
3297 | + echo "Attempting password-less authentication with smbclient" |
3298 | + echo |
3299 | + echo "Listing shares" |
3300 | + smbclient -L "$(hostname)" --use-kerberos=required -k |
3301 | + echo |
3302 | + echo "Listing the sysvol share" |
3303 | + smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls" |
3304 | + echo |
3305 | + echo "Listing policies" |
3306 | + # lowercase the ${realm} |
3307 | + smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*" |
3308 | + echo |
3309 | + echo "Checking that we have a ticket for the cifs service after all these commands" |
3310 | + klist | grep cifs/ |
3311 | + echo |
3312 | +} |
3313 | + |
3314 | +server_join_tests() { |
3315 | + local member_server |
3316 | + # the join methods are the keys of the join_method_deps dict |
3317 | + local -a methods=("${!join_method_deps[@]}") |
3318 | + local member_server="member-server" |
3319 | + |
3320 | + echo "## Server join tests" |
3321 | + echo "## Initializing lxd" |
3322 | + setup_lxd "${realm,,}" |
3323 | + |
3324 | + for method in "${methods[@]}"; do |
3325 | + echo "## Setting up member server to join a domain using method ${method}" |
3326 | + setup_member_server "${member_server}" "${method}" |
3327 | + echo "## Joining domain with method ${method}" |
3328 | + join_domain "${member_server}" "${method}" |
3329 | + echo |
3330 | + echo "## Verifying join with method ${method}" |
3331 | + verify_join "${member_server}" "${method}" |
3332 | + echo |
3333 | + echo "## Leaving domain with method ${method}" |
3334 | + leave_domain "${member_server}" "${method}" |
3335 | + echo |
3336 | + echo "## Destroying member server" |
3337 | + lxc delete --force "${member_server}" |
3338 | + done |
3339 | +} |
3340 | + |
3341 | +setup_member_server() { |
3342 | + local container_name="${1}" |
3343 | + local method="${2}" |
3344 | + local release |
3345 | + |
3346 | + release="$(lsb_release -cs)" |
3347 | + if [ -z "${join_method_deps[${method}]}" ]; then |
3348 | + echo "## INTERNAL ERROR, invalid join method: ${method}" |
3349 | + return 1 |
3350 | + fi |
3351 | + echo "## Got test dependencies: ${join_method_deps[${method}]}" |
3352 | + # can't use cloud-init here to install packages, because we first need to |
3353 | + # sync the apt config from the host to the container |
3354 | + echo "## Launching ${release} container" |
3355 | + lxc launch "ubuntu-daily:${release}" "${container_name}" -q |
3356 | + wait_container_ready "${container_name}" |
3357 | + send_apt_config "${container_name}" |
3358 | + copy_local_apt_files "${container_name}" |
3359 | + echo "## Installing dependencies in test container" |
3360 | + install_packages_in_container "${container_name}" ${join_method_deps[${method}]} |
3361 | +} |
3362 | + |
3363 | +join_domain_realmd_winbind() { |
3364 | + local server="${1}" |
3365 | + local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}" |
3366 | + local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}" |
3367 | + |
3368 | + echo "## Domain information" |
3369 | + lxc exec "${server}" -- ${discover_cmd} |
3370 | + echo |
3371 | + echo "## Running join command: ${join_cmd}" |
3372 | + echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} |
3373 | +} |
3374 | + |
3375 | +verify_join_realmd_winbind() { |
3376 | + local server="${1}" |
3377 | + local member_domain |
3378 | + |
3379 | + echo -n "## Verifying member server joined domain name: " |
3380 | + member_domain=$(lxc exec "${server}" -- wbinfo --own-domain) |
3381 | + echo "${member_domain}" |
3382 | + if [ "${member_domain}" != "${domain}" ]; then |
3383 | + echo "ERROR: expected member server domain to match the joined domain:" |
3384 | + echo "member server domain: ${member_domain}" |
3385 | + echo "AD domain: ${domain}" |
3386 | + return 1 |
3387 | + fi |
3388 | + echo |
3389 | + # we just want to see the output, not parse it |
3390 | + echo "## Domain status in member server" |
3391 | + lxc exec "${server}" -- wbinfo --domain-info "${member_domain}" |
3392 | + echo |
3393 | + echo "## User status in member server" |
3394 | + for u in "${!user_pass[@]}"; do |
3395 | + echo "## User \"${u}@${realm}\" information:" |
3396 | + lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}" |
3397 | + echo |
3398 | + echo "## id ${u}@${realm}" |
3399 | + lxc exec "${server}" -- id ${u}@${realm} |
3400 | + echo |
3401 | + echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" |
3402 | + echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" |
3403 | + lxc exec "${server}" -- klist |
3404 | + echo |
3405 | + echo "## Listing shares with the obtained kerberos ticket" |
3406 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3407 | + lxc exec "${server}" -- kdestroy |
3408 | + echo |
3409 | + echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server" |
3410 | + # non-interactive format for username is user%password |
3411 | + lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}" |
3412 | + echo |
3413 | + echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server" |
3414 | + lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}" |
3415 | + echo |
3416 | + echo "## Listing shares with the obtained kerberos ticket" |
3417 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3418 | + lxc exec "${server}" -- kdestroy |
3419 | + done |
3420 | +} |
3421 | + |
3422 | +leave_domain_realmd_winbind() { |
3423 | + local server="${1}" |
3424 | + local leave_cmd="realm leave -v --remove --client-software=winbind" |
3425 | + |
3426 | + echo "## Running leave command: ${leave_cmd}" |
3427 | + echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} |
3428 | +} |
3429 | + |
3430 | +join_domain_realmd_sssd() { |
3431 | + local server="${1}" |
3432 | + local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}" |
3433 | + local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}" |
3434 | + |
3435 | + echo "## Domain information" |
3436 | + lxc exec "${server}" -- ${discover_cmd} |
3437 | + echo |
3438 | + echo "## Running join command: ${join_cmd}" |
3439 | + echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd} |
3440 | + echo |
3441 | +} |
3442 | + |
3443 | +verify_join_realmd_sssd() { |
3444 | + local server="${1}" |
3445 | + local samba_domain |
3446 | + |
3447 | + echo -n "## Verifying member server joined domain name: " |
3448 | + samba_domain=$(lxc exec "${server}" -- sssctl domain-list) |
3449 | + echo "${samba_domain}" |
3450 | + if [ "${samba_domain}" != "${realm,,}" ]; then |
3451 | + echo "ERROR: expected member server domain to match the joined domain:" |
3452 | + echo "member server domain: ${samba_domain}" |
3453 | + echo "AD domain: ${realm,,}" |
3454 | + return 1 |
3455 | + fi |
3456 | + echo |
3457 | + # we just want to see the output, not parse it |
3458 | + echo "## Domain status in member server" |
3459 | + lxc exec "${server}" -- sssctl domain-status "${realm}" |
3460 | + echo |
3461 | + echo "## User status in member server" |
3462 | + for u in "${!user_pass[@]}"; do |
3463 | + echo "## User \"${u}@${realm}\" information:" |
3464 | + lxc exec "${server}" -- sssctl user-checks "${u}@${realm}" |
3465 | + echo |
3466 | + echo "## id ${u}@${realm}" |
3467 | + lxc exec "${server}" -- id "${u}@${realm}" |
3468 | + echo |
3469 | + echo "## kinit authentication check for user \"${u}@${realm}\" inside member server" |
3470 | + echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}" |
3471 | + lxc exec "${server}" -- klist |
3472 | + echo |
3473 | + echo "## Listing shares with the obtained kerberos ticket" |
3474 | + lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k |
3475 | + lxc exec "${server}" -- kdestroy |
3476 | + done |
3477 | +} |
3478 | + |
3479 | +leave_domain_realmd_sssd() { |
3480 | + local server="${1}" |
3481 | + local leave_cmd="realm leave -v --remove --client-software=sssd" |
3482 | + |
3483 | + echo "## Running leave command: ${leave_cmd}" |
3484 | + echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd} |
3485 | +} |
3486 | + |
3487 | +join_domain() { |
3488 | + local server="${1}" |
3489 | + local m="${2}" |
3490 | + |
3491 | + join_domain_${m} "${server}" |
3492 | +} |
3493 | + |
3494 | +verify_join() { |
3495 | + local server="${1}" |
3496 | + local m="${2}" |
3497 | + |
3498 | + verify_join_${m} "${server}" |
3499 | +} |
3500 | + |
3501 | +leave_domain() { |
3502 | + local server="${1}" |
3503 | + local m="${2}" |
3504 | + |
3505 | + leave_domain_${m} "${server}" |
3506 | +} |
3507 | + |
3508 | +systemctl stop smbd nmbd winbind |
3509 | +systemctl disable smbd nmbd winbind |
3510 | +systemctl mask smbd nmbd winbind |
3511 | + |
3512 | +systemctl unmask samba-ad-dc |
3513 | +systemctl enable samba-ad-dc |
3514 | + |
3515 | +if [ -f /etc/samba/smb.conf ]; then |
3516 | + mv /etc/samba/smb.conf{,.orig} |
3517 | +fi |
3518 | + |
3519 | +# make sure we are starting fresh, as previous tests might left things around |
3520 | + |
3521 | +rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/* |
3522 | +kdestroy || : |
3523 | + |
3524 | +samba-tool domain provision \ |
3525 | + --domain="${domain}" \ |
3526 | + --realm="${realm}" \ |
3527 | + --adminpass="${adminpass}" \ |
3528 | + --server-role=dc \ |
3529 | + --use-rfc2307 \ |
3530 | + --dns-backend=SAMBA_INTERNAL |
3531 | + |
3532 | +current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}') |
3533 | + |
3534 | +if [ -n "${current_dns}" ]; then |
3535 | + echo "## Setting dns forwarder to ${current_dns} in smb.conf" |
3536 | + sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \ |
3537 | + /etc/samba/smb.conf |
3538 | + unlink /etc/resolv.conf |
3539 | + echo "nameserver 127.0.0.1" > /etc/resolv.conf |
3540 | + # lowercase substitution |
3541 | + echo "search ${realm,,}" >> /etc/resolv.conf |
3542 | + systemctl stop systemd-resolved |
3543 | + systemctl disable systemd-resolved |
3544 | +else |
3545 | + echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf" |
3546 | + echo "## resolvectl status:" |
3547 | + resolvectl status |
3548 | + echo "## Continuing, and hoping for the best" |
3549 | +fi |
3550 | + |
3551 | +cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf |
3552 | + |
3553 | +systemctl start samba-ad-dc |
3554 | + |
3555 | +# give it some time, it's a lot of services to start |
3556 | +sleep 5s |
3557 | + |
3558 | +basic_config_tests |
3559 | +dns_tests |
3560 | +user_creation_tests |
3561 | +smbclient_tests |
3562 | +server_join_tests |
3563 | diff --git a/debian/tests/util b/debian/tests/util |
3564 | index 4278ee7..13b627b 100644 |
3565 | --- a/debian/tests/util |
3566 | +++ b/debian/tests/util |
3567 | @@ -16,7 +16,7 @@ EOFEOF |
3568 | if [ -n "${vfs}" ]; then |
3569 | echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf |
3570 | fi |
3571 | - systemctl restart smbd.service |
3572 | + systemctl reload smbd.service |
3573 | else |
3574 | echo "Share [${share}] already exists, continuing" |
3575 | fi |
3576 | @@ -66,3 +66,125 @@ ensure_uring_available() { |
3577 | exit 77 |
3578 | fi |
3579 | } |
3580 | + |
3581 | +wait_container_ready() { |
3582 | + local container="${1}" |
3583 | + local -i limit=120 # seconds |
3584 | + local -i i=0 |
3585 | + local -i result=0 |
3586 | + local ip |
3587 | + local output |
3588 | + |
3589 | + while /bin/true; do |
3590 | + ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}') |
3591 | + if [ -n "${ip}" ]; then |
3592 | + break |
3593 | + fi |
3594 | + i=$((i+1)) |
3595 | + if [ ${i} -ge ${limit} ]; then |
3596 | + return 1 |
3597 | + fi |
3598 | + sleep 1s |
3599 | + echo -n "." |
3600 | + done |
3601 | + while ! nc -z "${ip}" 22; do |
3602 | + echo -n "." |
3603 | + i=$((i+1)) |
3604 | + if [ ${i} -ge ${limit} ]; then |
3605 | + return 1 |
3606 | + fi |
3607 | + sleep 1s |
3608 | + done |
3609 | + # cloud-init might still be doing things... |
3610 | + # this call blocks, so wrap it in its own little timeout |
3611 | + output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || { |
3612 | + result=$? |
3613 | + # 2 is a warning, we will ignore it |
3614 | + # See LP: #2048522 |
3615 | + if [ ${result} -ne 2 ]; then |
3616 | + echo "cloud-init status --wait failed on container ${container}" |
3617 | + echo "${output}" |
3618 | + return ${result} |
3619 | + fi |
3620 | + } |
3621 | + echo |
3622 | +} |
3623 | + |
3624 | +install_lxd() { |
3625 | + # Ubuntu now has the lxd-installer package, which tricks you into thinking |
3626 | + # lxd is installed, when in fact it's not, so checking for "lxd" in PATH is |
3627 | + # not enough. Let's just assume that in Ubuntu lxd is always a snap. |
3628 | + vendor=$(dpkg-vendor --query Vendor) |
3629 | + if [ "${vendor}" = "Ubuntu" ]; then |
3630 | + # install the snap if needed |
3631 | + snap list lxd > /dev/null 2>&1 || { |
3632 | + echo "Installing the LXD snap..." |
3633 | + snap install lxd |
3634 | + } |
3635 | + else |
3636 | + if ! command -v lxd > /dev/null 2>&1; then |
3637 | + echo "ERROR, no lxd found" |
3638 | + return 1 |
3639 | + fi |
3640 | + fi |
3641 | +} |
3642 | + |
3643 | +setup_lxd() { |
3644 | + local dns_domain="${1}" |
3645 | + local network |
3646 | + local nic |
3647 | + local dns_ip |
3648 | + |
3649 | + install_lxd |
3650 | + # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53 |
3651 | + systemctl stop samba-ad-dc |
3652 | + lxd init --auto |
3653 | + lxd waitready --timeout 600 |
3654 | + network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED") |
3655 | + nic=$(echo "${network}" | awk '{print $1}') |
3656 | + dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr |
3657 | + # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS |
3658 | + lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})" |
3659 | + if [ -n "${http_proxy}" ]; then |
3660 | + lxc config set core.proxy_http "${http_proxy}" |
3661 | + fi |
3662 | + if [ -n "${https_proxy}" ]; then |
3663 | + lxc config set core.proxy_https "${https_proxy}" |
3664 | + fi |
3665 | + if [ -n "${noproxy}" ]; then |
3666 | + lxc config set core.proxy_ignore_hosts "${noproxy}" |
3667 | + fi |
3668 | + systemctl start samba-ad-dc |
3669 | + # give it some time, it's a lot of services to start |
3670 | + sleep 5s |
3671 | +} |
3672 | + |
3673 | +# Copy the local apt package archive over to the lxd container. |
3674 | +copy_local_apt_files() { |
3675 | + local container_name="${1:-docker}" |
3676 | + |
3677 | + for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do |
3678 | + local_source=${local_source#file:} |
3679 | + local_dir=$(dirname "${local_source}") |
3680 | + lxc exec "${container_name}" -- mkdir -p "${local_dir}" |
3681 | + tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}" |
3682 | + done |
3683 | +} |
3684 | + |
3685 | +send_apt_config() { |
3686 | + echo "Copying over /etc/apt to container ${1}" |
3687 | + lxc exec "${1}" -- rm -rf /etc/apt |
3688 | + lxc exec "${1}" -- mkdir -p /etc/apt |
3689 | + tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt |
3690 | +} |
3691 | + |
3692 | +install_packages_in_container() { |
3693 | + local container="${1}" |
3694 | + shift |
3695 | + local packages="${*}" |
3696 | + |
3697 | + echo "### Installing dependencies in member server container: ${packages}" |
3698 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q |
3699 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y |
3700 | + lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages} |
3701 | +} |
I'm taking this one.