Ubuntu
samba package

debian/changelog (+2687/-0)
debian/control (+30/-4)
debian/rules (+11/-3)
debian/samba-vfs-modules-extra.install (+4/-0)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+123/-1)

Undecided

Fix Released

Link a bug report

Reviewer	Date Requested	Status
git-ubuntu bot		Approve on 2024-02-26
Sergio Durigan Junior (community)	2024-02-26	Approve on 2024-02-26
Canonical Server Reporter	2024-02-26	Pending
Review via email: mp+461236@code.launchpad.net

Description of the change

Last samba merge for noble.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-merge

DEP8: green

No delta dropped. git range-diff is clean.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-02-26:

I'm taking this one.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-02-26:

Thanks, Andreas.

Build is OK. dep8 tests are OK. range-diff is OK.

I checked the changes under the debian/ directory and there's nothing concerning there.

LGTM, +1.

review: Approve

Revision history for this message

git-ubuntu bot (git-ubuntu-bot) wrote on 2024-02-26:

Approvers: ahasenack, sergiodj
Uploaders: ahasenack, sergiodj
MP auto-approved

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-02-27:

Thanks, uploaded:
Uploading samba_4.19.5+dfsg-1ubuntu1.dsc
Uploading samba_4.19.5+dfsg.orig.tar.xz
Uploading samba_4.19.5+dfsg-1ubuntu1.debian.tar.xz
Uploading samba_4.19.5+dfsg-1ubuntu1_source.buildinfo
Uploading samba_4.19.5+dfsg-1ubuntu1_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Paul Smedley

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index fdef744..7f70e48 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,32 @@
++samba (2:4.19.5+dfsg-1ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2054592). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++    - d/control: adjust breaks/replaces for file move that Debian did in
++      4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
++      file conflict in a dist-upgrade from earlier Ubuntu releases, like
++      Kinetic (LP #2024663)
++    - d/control: python3-samba has a runtime dep on python3-markdown
++    - glusterfs is no longer in main, create new binary package in
++      universe to ship the samba glusterfs vfs modules and manpages
++      (LP #2045063):
++      + d/control: new samba-vfs-modules-glusterfs package
++      + d/rules: glusterfs vfs modules and manpages are now in the
++        samba-vfs-modules-extra package
++      + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and
++        manpage
++    - d/t/util: handle breakage introduced by lxd-installer. If on
++      Ubuntu, assume lxd comes from a snap and install it if needed
++    - d/t/util: ignore cloud-init's warning exit status, which is
++      happening because of LP #2048129 (also see LP #2048522)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sun, 25 Feb 2024 14:45:54 -0300
++
  samba (2:4.19.5+dfsg-1) unstable; urgency=medium
    * new upstream stable/bugfix release (4.19.5)
@@ -18,6 +47,36 @@ samba (2:4.19.5+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 19 Feb 2024 15:21:14 +0300
++samba (2:4.19.4+dfsg-3ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2051717). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++    - d/control: adjust breaks/replaces for file move that Debian did in
++      4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
++      file conflict in a dist-upgrade from earlier Ubuntu releases, like
++      Kinetic (LP #2024663)
++    - d/control: python3-samba has a runtime dep on python3-markdown
++    - glusterfs is no longer in main, create new binary package in
++      universe to ship the samba glusterfs vfs modules and manpages
++      (LP #2045063):
++      + d/control: new samba-vfs-modules-glusterfs package
++      + d/rules: glusterfs vfs modules and manpages are now in the
++        samba-vfs-modules-extra package
++      + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and
++        manpage
++  * Added:
++    - d/t/util: handle breakage introduced by lxd-installer. If on
++      Ubuntu, assume lxd comes from a snap and install it if needed
++    - d/t/util: ignore cloud-init's warning exit status, which is
++      happening because of LP #2048129 (also see LP #2048522)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sat, 03 Feb 2024 10:14:42 -0300
++
  samba (2:4.19.4+dfsg-3) unstable; urgency=medium
    * samba,winbind: remove logrotate scripts
@@ -28,6 +87,44 @@ samba (2:4.19.4+dfsg-3) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 30 Jan 2024 12:12:42 +0300
++samba (2:4.19.4+dfsg-2ubuntu2) noble; urgency=medium
++
++  * No-change rebuild with Python 3.12 as default
++
++ -- Graham Inggs <ginggs@ubuntu.com>  Sat, 20 Jan 2024 19:20:19 +0000
++
++samba (2:4.19.4+dfsg-2ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2040363). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++    - d/control: adjust breaks/replaces for file move that Debian did in
++      4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
++      file conflict in a dist-upgrade from earlier Ubuntu releases, like
++      Kinetic (LP #2024663)
++  * Dropped:
++    - d/rules: ceph is not available in Ubuntu i386, disable it
++      [In 2:4.19.1+dfsg-1]
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      [In 2:4.19.1+dfsg-1]
++  * Added:
++    - d/control: python3-samba has a runtime dep on python3-markdown
++    - glusterfs is no longer in main, create new binary package in
++      universe to ship the samba glusterfs vfs modules and manpages
++      (LP: #2045063):
++      + d/control: new samba-vfs-modules-glusterfs package
++      + d/rules: glusterfs vfs modules and manpages are now in the
++        samba-vfs-modules-extra package
++      + d/samba-vfs-modules-extra.install: add glusterfs vfs modules and
++        manpage
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 15 Jan 2024 12:21:28 -0300
++
  samba (2:4.19.4+dfsg-2) unstable; urgency=medium
    * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@
@@ -212,6 +309,71 @@ samba (2:4.19.0+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 04 Sep 2023 22:57:48 +0300
++samba (2:4.18.6+dfsg-1ubuntu2.2) noble; urgency=medium
++
++  * No-change rebuild for ICU soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Tue, 19 Dec 2023 18:41:25 +0100
++
++samba (2:4.18.6+dfsg-1ubuntu2.1) mantic-security; urgency=medium
++
++  * SECURITY UPDATE: SMB clients can truncate files with read-only
++    permissions
++    - debian/patches/CVE-2023-4091-*.patch
++    - CVE-2023-4091
++  * SECURITY UPDATE: Samba AD DC password exposure to privileged users and
++    RODCs
++    - debian/patches/CVE-2023-4154-*.patch
++    - CVE-2023-4154
++  * SECURITY UPDATE: rpcecho development server allows Denial of Service
++    via sleep() call on AD DC
++    - debian/patches/CVE-2023-42669-*.patch
++    - CVE-2023-42669
++  * SECURITY UPDATE: Samba AD DC Busy RPC multiple listener DoS
++    - debian/patches/CVE-2023-42670-*.patch
++    - CVE-2023-42670
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 10 Oct 2023 12:25:20 -0400
++
++samba (2:4.18.6+dfsg-1ubuntu2) mantic; urgency=medium
++
++  * No-change rebuild with glusterfs 10.3 (LP: #2035127)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 13 Sep 2023 09:57:01 -0300
++
++samba (2:4.18.6+dfsg-1ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2031655, LP: #2031619). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++  * Dropped:
++    - build-depend on libglusterfs-dev only on !i386 arches
++      [In 2:4.18.5+dfsg-2]
++    - Add changes to fix uncaught exception when updating old password
++      containing regex metacharacters by simplifying samba-tool password
++      redaction (LP #2002949).
++      + d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
++      + d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
++      + d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
++      + d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
++      + d/p/python-Add-glue.burn_commandline-method.patch
++      + d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
++      + d/p/python-Remove-const-from-PyList_AsStringList.patch
++        [Fixed upstream in 4.18.6]
++  * Added:
++    - d/control: adjust breaks/replaces for file move that Debian did in
++      4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
++      file conflict in a dist-upgrade from earlier Ubuntu releases, like
++      Kinetic (LP: #2024663)
++    - d/rules: ceph is not available in Ubuntu i386, disable it
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 Aug 2023 09:52:00 -0300
++
  samba (2:4.18.6+dfsg-1) unstable; urgency=medium
    * new upstream stable/bugfix release:
@@ -272,6 +434,38 @@ samba (2:4.18.5+dfsg-2) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 04 Aug 2023 17:29:06 +0300
++samba (2:4.18.5+dfsg-1ubuntu2) mantic; urgency=medium
++
++  * Add changes to fix uncaught exception when updating old password
++    containing regex metacharacters by simplifying samba-tool password
++    redaction (LP: #2002949).
++    - d/p/lib-cmdline-Return-if-the-commandline-was-redacted-i.patch
++    - d/p/lib-cmdline-Also-redact-newpassword-in-samba_cmdline.patch
++    - d/p/lib-cmdline-Also-burn-the-password2-parameter-if-giv.patch
++    - d/p/samba-tool-Use-samba.glue.get_burnt_cmdline-rather-t.patch
++    - d/p/python-Add-glue.burn_commandline-method.patch
++    - d/p/python-Move-PyList_AsStringList-to-common-code-so-we.patch
++    - d/p/python-Remove-const-from-PyList_AsStringList.patch
++
++ -- Michal Maloszewski <michal.maloszewski@canonical.com>  Fri, 28 Jul 2023 00:55:03 +0200
++
++samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining
++    changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++      + build-depend on libglusterfs-dev only on !i386 arches
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++    - d/t/util: reload instead of restarting samba, as it's quicker and
++      has the same effect we want in this test
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 20 Jul 2023 10:15:22 -0300
++
  samba (2:4.18.5+dfsg-1) unstable; urgency=medium
    * new upstream stable/security release 4.18.5, including:
@@ -349,6 +543,23 @@ samba (2:4.18.4+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 05 Jul 2023 18:14:20 +0300
++samba (2:4.18.3+dfsg-3ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2018054). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++      + build-depend on libglusterfs-dev only on !i386 arches
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++  * Added changes:
++    - d/t/util: reload instead of restarting samba, as it's quicker and
++      has the same effect we want in this test
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 22 Jun 2023 11:59:19 -0300
++
  samba (2:4.18.3+dfsg-3) unstable; urgency=medium
    * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU,
@@ -507,6 +718,20 @@ samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 09 Mar 2023 14:47:05 +0300
++samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium
++
++  * Merge with Debian unstable (LP: #2014052). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++      + build-depend on libglusterfs-dev only on !i386 arches
++    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
++      samba AD DC provisioning and domain join tests with internal DNS
++      (LP #1977746, LP #2011745)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 31 Mar 2023 15:26:11 -0300
++
  samba (2:4.17.6+dfsg-1) unstable; urgency=medium
    * new upstream stable/bugfix release 4.17.6:
@@ -534,6 +759,38 @@ samba (2:4.17.6+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 09 Mar 2023 12:52:14 +0300
++samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium
++
++  * Add domain join tests (LP: #2011745):
++    - d/t/control: update dependencies for samba AD provisioning test,
++      which now also includes a member server join test
++    - d/t/util, d/t/samba-ad-dc-*: add member server join tests
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 15 Mar 2023 20:49:56 -0300
++
++samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium
++
++  * d/t/samba-ad-dc-provisioning-internal-dns: test improvements
++    (LP: #2009485):
++    - increase kinit timeout, as it also does DNS lookups
++    - add a trap on exit to show logs in the case of some failure
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 06 Mar 2023 11:49:34 -0300
++
++samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium
++
++  * Merge with Debian unstable (LP: #2002181). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + enable the liburing vfs module, except on i386 where liburing is
++        not available
++      + build-depend on libglusterfs-dev only on !i386 arches
++  * Added:
++    - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD
++      DC provisioning test with internal DNS (LP: #1977746)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sun, 05 Feb 2023 13:47:57 -0300
++
  samba (2:4.17.5+dfsg-2) unstable; urgency=medium
    * d/control: samba: depends on exact version of python3-samba
@@ -686,6 +943,43 @@ samba (2:4.17.3+dfsg-4) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 05 Dec 2022 14:39:43 +0300
++samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium
++
++  * No-change rebuild with Python 3.11 as default
++
++ -- Graham Inggs <ginggs@ubuntu.com>  Mon, 26 Dec 2022 18:01:11 +0000
++
++samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium
++
++  * Merge with Debian unstable (LP: #1993380). Remaining changes:
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++  * Dropped:
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++        [In 2:4.16.6+dfsg-1]
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++        [In 2:4.16.6+dfsg-1]
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++      [In 2:4.16.6+dfsg-1, improved]
++    - d/t/util: fix setting the password of the smb test user
++      (LP #1955851)
++      [In 2:4.16.5+dfsg-2]
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++      [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6]
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++      [In 2:4.16.6+dfsg-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 13 Dec 2022 18:36:23 -0300
++
  samba (2:4.17.3+dfsg-3) unstable; urgency=medium
    * d/control: winbind should depend on the same binary:Version
@@ -982,6 +1276,30 @@ samba (2:4.16.5+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 08 Sep 2022 12:44:38 +0300
++samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++    - d/t/util: fix setting the password of the smb test user
++      (LP #1955851)
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 02 Aug 2022 09:30:05 -0300
++
  samba (2:4.16.4+dfsg-2) unstable; urgency=medium
    * d/libldb2.symbols: include newly added symbols
@@ -1010,6 +1328,62 @@ samba (2:4.16.4+dfsg-1) unstable; urgency=high
   -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 27 Jul 2022 18:35:53 +0300
++samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1982116). Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++    - d/t/util: fix setting the password of the smb test user
++      (LP #1955851)
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++  * Dropped:
++    - Update nfs scripts for new nfs.conf config (LP: #1961840):
++      + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
++        nfsconf(8) if it's available, instead of parsing the old config
++        files in /etc/default/nfs-*
++        [In 2:4.16.3+dfsg-1]
++      + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
++        used by the example enable-nfs.sh example script
++        [In 2:4.16.3+dfsg-1]
++      + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
++        used by the example enable-nfs.sh script
++        [In 2:4.16.3+dfsg-1]
++      + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
++        obsolete, replaced by nfs.conf
++        [In 2:4.16.3+dfsg-1]
++      + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
++        nfs.conf and other changes in the new nfs server packages
++        [In 2:4.16.3+dfsg-1]
++    - Fix abort when deleting a file and "fruit:resource = stream" is
++      used.  (LP #1977491)
++      + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
++        Add test that shows smbd crashing when deleting a file while using
++        vfs_fruit with "fruit:resource = stream".
++      + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
++        Handle file deleting when "fruit:resource = stream" is used.
++        [Fixed upstream]
++    - Build dlz module for bind 9.18.x (LP #1964032)
++      + d/p/add-support-for-bind-918.patch: build a dlz module for
++        bind 9.18.x
++      + d/p/add-support-for-bind-918-2.patch: also update the
++        provisioning tool and template config file
++        [Fixed upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 29 Jul 2022 17:09:27 -0300
++
  samba (2:4.16.3+dfsg-1) unstable; urgency=medium
    [ Michael Tokarev ]
@@ -1021,6 +1395,54 @@ samba (2:4.16.3+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 18 Jul 2022 17:15:07 +0300
++samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++    - d/t/util: fix setting the password of the smb test user
++      (LP #1955851)
++    - Update nfs scripts for new nfs.conf config (LP #1961840):
++      + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
++        nfsconf(8) if it's available, instead of parsing the old config
++        files in /etc/default/nfs-*
++      + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
++        used by the example enable-nfs.sh example script
++      + d/ctdb.example/nfs-kernel-server/quota: quota config file to be
++        used by the example enable-nfs.sh script
++      + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
++        obsolete, replaced by nfs.conf
++      + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
++        nfs.conf and other changes in the new nfs server packages
++    - Build dlz module for bind 9.18.x (LP #1964032)
++      + d/p/add-support-for-bind-918.patch: build a dlz module for
++        bind 9.18.x
++      + d/p/add-support-for-bind-918-2.patch: also update the
++        provisioning tool and template config file
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++    - Fix abort when deleting a file and "fruit:resource = stream" is
++      used.  (LP #1977491)
++      + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
++        Add test that shows smbd crashing when deleting a file while using
++        vfs_fruit with "fruit:resource = stream".
++      + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
++        Handle file deleting when "fruit:resource = stream" is used.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 27 Jun 2022 18:32:00 -0300
++
  samba (2:4.16.2+dfsg-1) unstable; urgency=medium
    * new upstream minor/bugfix release.
@@ -1042,6 +1464,111 @@ samba (2:4.16.2+dfsg-1) unstable; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 13 Jun 2022 19:08:44 +0300
++samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
++
++  * Fix abort when deleting a file and "fruit:resource = stream" is
++    used.  (LP: #1977491)
++    - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
++      Add test that shows smbd crashing when deleting a file while using
++      vfs_fruit with "fruit:resource = stream".
++    - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
++      Handle file deleting when "fruit:resource = stream" is used.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 20 Jun 2022 19:09:25 -0400
++
++samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining
++    changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++    - d/t/util: fix setting the password of the smb test user
++      (LP #1955851)
++    - Update nfs scripts for new nfs.conf config (LP #1961840):
++      + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
++        nfsconf(8) if it's available, instead of parsing the old config
++        files in /etc/default/nfs-*
++      + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
++        used by the example enable-nfs.sh example script
++      + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota
++        config file to be used by the example enable-nfs.sh script
++      + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
++        obsolete, replaced by nfs.conf
++      + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
++        nfs.conf and other changes in the new nfs server packages
++    - Build dlz module for bind 9.18.x (LP #1964032)
++      + d/p/add-support-for-bind-918.patch: build a dlz module for
++        bind 9.18.x
++      + d/p/add-support-for-bind-918-2.patch: also update the
++        provisioning tool and template config file
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++  * Dropped:
++    - d/control: add a versioned libgnutls28-dev build-depends to reduce
++      the amount of in-tree crypto code that is built
++      [superfluous, the version in the archive is recent enough]
++    - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195)
++      [Included in 2:4.13.13+dfsg-1]
++    - d/control: bump required build-depends
++      [Included in Debian]
++    - d/samba-libs.install: update list of installed libraries and
++      modules/plugins
++      [Done in Debian]
++    - debian/patches/CVE-2021-20254.patch: removed, applied upstream
++      [Applied upstream, Debian didn't have this patch]
++    - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
++      [Applied usptream, Debian did not have it]
++    - d/{gpb.conf,watch,README.source}: update for 4.15
++      [Debian updated it for 4.16]
++    - d/rules: remove --with-dnsupdate, it was merged with
++      --with-ads in samba 4.15.0
++      [Included in 2:4.16.0+dfsg-1]
++    - d/rules: drop removal of ctdb tests, they are no longer installed
++      [Included in 2:4.16.0+dfsg-1]
++    - Remove findsmb, no longer installed:
++      + d/smbclient.install: remove findsmb
++      + d/rules: drop fixing of findsmb shebang
++      [Included in 2:4.16.0+dfsg-1]
++    - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
++      no longer installed
++      [Included in 2:4.16.0+dfsg-1]
++    - d/ctdb.install: add tdb_mutex_check
++      [Included in 2:4.16.0+dfsg-1]
++    - d/winbind.install: add async_dns_krb5_locator
++      [Included in 2:4.16.0+dfsg-1]
++    - d/samba.install: install samba-bgqd and its manpage
++      [Included in 2:4.16.0+dfsg-1]
++    - d/{libsmbclient,libwbclient0}.symbols: symbols updates
++      [Obsolete, these were for 4.15.5]
++    - d/rules: drop dh_perl override, unneeded
++      [Included in 2:4.16.0+dfsg-1]
++    - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
++      Windows 2021-10 Monthly Rollup patch (LP #1951490)
++      [Included upstream in 4.16.0rc2]
++    - d/rules: install the new/changed ctdb example nfs files
++      [Installed via ctdb.examples]
++  * Added:
++    - rename ctdb example files nfs.conf and quota, to match what the
++      enable-nfs.sh script expects
++    - enable-nfs.sh ctdb example: use debian's filename for the
++      static port sysctl configuration
++    - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was
++      renamed to "cluster lock"
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 08 Jun 2022 11:02:29 -0300
++
  samba (2:4.16.1+dfsg-8) unstable; urgency=medium
    * fix the Breaks/Replaces versions in the previous upload for moving
@@ -1338,6 +1865,95 @@ samba (2:4.16.0+dfsg-1) experimental; urgency=medium
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 05 Apr 2022 16:01:25 +0300
++samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium
++
++  * No-change rebuild against libicu71
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 30 Apr 2022 02:14:39 +0000
++
++samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
++
++  * Enable glusterfs support (LP: #1894618):
++    - d/control: revert disabling of glusterfs, since it's in main now
++    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
++      enable the samba glusterfs vfs mofule in that case
++    - d/control: build-depend on libglusterfs-dev only on !i386 arches
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 09 Mar 2022 17:31:25 -0300
++
++samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium
++
++  * Build dlz module for bind 9.18.x (LP: #1964032)
++    - d/p/add-support-for-bind-918.patch: build a dlz module for
++      bind 9.18.x
++    - d/samba-libs.install: remove fixme comment
++    - d/p/add-support-for-bind-918-2.patch: also update the provisioning
++      tool and template config file
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 25 Mar 2022 14:53:19 -0300
++
++samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium
++
++  * Update nfs scripts for new nfs.conf config (LP: #1961840):
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
++      nfsconf(8) if it's available, instead of parsing the old config
++      files in /etc/default/nfs-*
++    - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
++      enable-nfs.sh example script
++    - d/ctdb.example.quota: quota config file to be used by the example
++      enable-nfs.sh script
++    - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
++      nfs.conf
++    - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
++      changes in the new nfs server packages
++    - d/rules: install the new/changed ctdb example nfs files
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 21 Mar 2022 11:55:54 -0300
++
++samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
++
++  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
++    Windows 2021-10 Monthly Rollup patch (LP: #1951490)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 10 Mar 2022 10:32:59 -0300
++
++samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
++
++  * d/{gpb.conf,watch,README.source}: update for 4.15
++  * New upstream release: 4.15.5 (LP: #1946839)
++  * d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
++  * d/rules: remove --with-dnsupdate, it was merged with
++    --with-ads in samba 4.15.0
++  * d/control: bump required build-depends
++  * d/rules: drop removal of ctdb tests, they are no longer installed
++  * Remove findsmb, no longer installed:
++    - d/smbclient.install: remove findsmb
++    - d/rules: drop fixing of findsmb shebang
++  * d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
++    no longer installed
++  * d/samba-libs.install: update list of installed libraries and
++    modules/plugins
++  * d/ctdb.install: add tdb_mutex_check
++  * d/winbind.install: add async_dns_krb5_locator
++  * d/samba.install: install samba-bgqd and its manpage
++  * d/{libsmbclient,libwbclient0}.symbols: symbols updates
++  * d/control: add python3-markdown to build-depends
++  * d/watch: updated to handle ~dfsg versioning, thanks to
++    Sergio Durigan Junior <sergio.durigan@canonical.com>
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 22 Feb 2022 17:59:22 -0300
++
++samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
++
++  * Update to 4.13.17 as a security update
++    - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
++  * Removed patches included in new version:
++    - debian/patches/trusted_domain_regression_fix.patch
++    - debian/patches/bug14901-*.patch
++    - debian/patches/bug14922.patch
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 14 Feb 2022 10:19:08 -0500
++
  samba (2:4.13.14+dfsg-1) unstable; urgency=high
    * New upstream security release in order to address the following defects:
@@ -1364,6 +1980,52 @@ samba (2:4.13.14+dfsg-1) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Tue, 09 Nov 2021 20:53:03 +0100
++samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium
++
++  * No-change rebuild for icu soname change
++
++ -- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com>  Fri, 11 Feb 2022 11:36:14 -0600
++
++samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
++
++  * d/t/util: fix setting the password of the smb test user
++    (LP: #1955851)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 20 Jan 2022 17:06:13 -0300
++
++samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium
++
++  * No-change rebuild with Python 3.10 as default version
++
++ -- Graham Inggs <ginggs@ubuntu.com>  Sun, 16 Jan 2022 07:01:34 +0000
++
++samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
++
++  * SECURITY REGRESSION: Kerberos authentication on standalone server in
++    MIT realm broken
++    - debian/patches/bug14922.patch: fix MIT Realm regression in
++      source3/auth/user_krb5.c.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 13 Dec 2021 07:09:36 -0500
++
++samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium
++
++  * Update to 4.13.14 as a security update (LP: #1950363)
++    - debian/patches/CVE-2021-20254.patch: removed, included in new
++      version.
++    - debian/control: bump ldb Build-Depends to 2.2.3.
++    - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
++    - debian/patches/trusted_domain_regression_fix.patch: fix regression
++      introduced in 4.13.14.
++    - debian/patches/bug14901-*.patch: upstream patches to fix some
++      mapping issues.
++    - debian/patches/bug14918-*.patch: upstream patches to properly handle
++      dangling symlinks.
++    - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
++      CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 09 Nov 2021 14:52:07 -0500
++
  samba (2:4.13.13+dfsg-1) unstable; urgency=high
    [ Athos Ribeiro ]
@@ -1385,6 +2047,83 @@ samba (2:4.13.13+dfsg-1) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Mon, 01 Nov 2021 08:59:20 +0100
++samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium
++
++  * No-change rebuild against liburing2
++
++ -- Paride Legovini <paride@ubuntu.com>  Mon, 22 Nov 2021 18:08:34 +0100
++
++samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
++
++  * d/samba.postinst: do not populate sambashare from the admin group
++    (Debian packaging cherry-pick. LP: #1942195)
++
++ -- Paride Legovini <paride@ubuntu.com>  Wed, 06 Oct 2021 10:31:14 +0200
++
++samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium
++
++  * No-change rebuild due to OpenLDAP soname bump.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 21 Jun 2021 18:08:36 -0400
++
++samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - d/control: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - d/control: add a versioned libgnutls28-dev build-depends to reduce
++      the amount of in-tree crypto code that is built
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++  * Dropped changes:
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++      [Included in 2:4.13.4+dfsg-1]
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++      [Included in 2:4.13.4+dfsg-1]
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++      [Included in 2:4.13.4+dfsg-1]
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + disable the following binary packages:
++        - ctdb
++        - libnss-winbind
++        - libpam-winbind
++        - python3-samba
++        - samba
++        - samba-common-bin
++        - samba-testsuite
++        - winbind
++      [Included in 2:4.13.4+dfsg-1]
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + re-enable the following binary packages:
++        - libnss-winbind
++        - samba-common-bin
++        - python3-samba
++        - winbind
++      [Included in 2:4.13.4+dfsg-1]
++    - SECURITY UPDATE: wrong group entries via negative idmap cache entries
++      + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
++        source3/passdb/lookup_sid.c.
++      + CVE-2021-20254
++      [Included in 2:4.13.5+dfsg-2]
++
++ -- Athos Ribeiro <athos.ribeiro@canonical.com>  Mon, 17 May 2021 11:51:54 -0300
++
  samba (2:4.13.5+dfsg-2) unstable; urgency=high
    * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
@@ -1416,6 +2155,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Tue, 09 Feb 2021 22:26:43 +0100
++samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
++
++  * SECURITY UPDATE: wrong group entries via negative idmap cache entries
++    - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
++      source3/passdb/lookup_sid.c.
++    - CVE-2021-20254
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 29 Apr 2021 06:48:54 -0400
++
++samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
++
++  * No change rebuild to pick up liburing, and also
++    fix d/t/cifs-share-access-uring. (LP: #1914145)
++
++ -- Mauricio Faria de Oliveira <mfo@canonical.com>  Wed, 03 Feb 2021 09:14:25 -0300
++
++samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + disable the following binary packages:
++        - ctdb
++        - libnss-winbind
++        - libpam-winbind
++        - python3-samba
++        - samba
++        - samba-common-bin
++        - samba-testsuite
++        - winbind
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + re-enable the following binary packages:
++        - libnss-winbind
++        - samba-common-bin
++        - python3-samba
++        - winbind
++    - d/control: add a versioned libgnutls28-dev build-depends to reduce
++      the amount of in-tree crypto code that is built
++    - d/control: enable the liburing vfs module, except on i386 where
++      liburing is not available
++  * Dropped changes, incorporated by Debian:
++    - d/t/smbclient-anonymous-share-list: add set -x and set -e
++    - Factor out common DEP8 test code into d/t/util and change the tests
++      to source from it:
++      + d/t/util: added
++      + d/t/cifs-share-access, d/t/smbclient-share-access: source from
++        util, use random share name and add set -x and set -u
++      + d/t/smbclient-authenticated-share-list: source from util and add
++        set -x and set -u
++    - Add new DEP8 tests for the uring vfs module:
++      + d/t/control: add smbclient-share-access-uring and
++        cifs-share-access-uring tests
++      + d/t/smbclient-share-access-uring: new test
++      + d/t/cifs-share-access-uring: new test
++    - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
++      guard uring tests with a kernel version check and skip if it's too old
++  * Added changes:
++    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
++      Skip running the tests if on i386 platform, because the uring
++      package is not available there.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Wed, 13 Jan 2021 15:44:04 -0500
++
  samba (2:4.13.3+dfsg-1) unstable; urgency=medium
    [ Andreas Hasenack ]
@@ -1431,6 +2250,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Wed, 16 Dec 2020 18:23:09 +0100
++samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable (LP: #1905048). Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + disable the following binary packages:
++        - ctdb
++        - libnss-winbind
++        - libpam-winbind
++        - python3-samba
++        - samba
++        - samba-common-bin
++        - samba-testsuite
++        - winbind
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + re-enable the following binary packages:
++        - libnss-winbind
++        - samba-common-bin
++        - python3-samba
++        - winbind
++    - d/control: add a versioned libgnutls28-dev build-depends to reduce
++      the amount of in-tree crypto code that is built
++  * d/t/smbclient-anonymous-share-list: add set -x and set -e
++  * Factor out common DEP8 test code into d/t/util and change the tests
++    to source from it:
++    - d/t/util: added
++    - d/t/cifs-share-access, d/t/smbclient-share-access: source from
++      util, use random share name and add set -x and set -u
++    - d/t/smbclient-authenticated-share-list: source from util and add
++      set -x and set -u
++  * d/control: enable the liburing vfs module, except on i386 where
++    liburing is not available
++  * Add new DEP8 tests for the uring vfs module:
++    - d/t/control: add smbclient-share-access-uring and
++      cifs-share-access-uring tests
++    - d/t/smbclient-share-access-uring: new test
++    - d/t/cifs-share-access-uring: new test
++  * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
++    guard uring tests with a kernel version check and skip if it's too old
++  * Dropped changes:
++    - SECURITY UPDATE: Unauthenticated domain controller compromise by
++      subverting Netlogon cryptography (ZeroLogon)
++      + debian/patches/zerologon-*.patch: backport upstream patches:
++        + For compatibility reasons, allow specifying an insecure netlogon
++          configuration per machine. See the following link for examples:
++          https://www.samba.org/samba/security/CVE-2020-1472.html
++        + Add additional server checks for the protocol attack in the
++          client-specified challenge to provide some protection when
++          'server schannel = no/auto' and avoid the false-positive results
++          when running the proof-of-concept exploit.
++    [ Incorporated by upstream. ]
++    - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
++      + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
++        get set unless the directory handle is open for SEC_DIR_LIST in
++        source4/torture/smb2/notify.c, source3/smbd/notify.c.
++      + CVE-2020-14318
++    - SECURITY UPDATE: Unprivileged user can crash winbind
++      + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
++        source3/winbindd/winbindd_lookupsids.c,
++        source4/torture/winbind/struct_based.c.
++      + CVE-2020-14323
++    - SECURITY UPDATE: DNS server crash via invalid records
++      - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
++        with NULL  and do not crash when additional data not found in
++        source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
++      + CVE-2020-14383
++    [ Incorporated by upstream. ]
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Tue, 24 Nov 2020 22:12:00 -0500
++
  samba (2:4.13.2+dfsg-3) unstable; urgency=medium
    * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
@@ -1476,6 +2382,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 12 Nov 2020 11:23:01 +0100
++samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
++
++  * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
++    - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
++      get set unless the directory handle is open for SEC_DIR_LIST in
++      source4/torture/smb2/notify.c, source3/smbd/notify.c.
++    - CVE-2020-14318
++  * SECURITY UPDATE: Unprivileged user can crash winbind
++    - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
++      source3/winbindd/winbindd_lookupsids.c,
++      source4/torture/winbind/struct_based.c.
++    - CVE-2020-14323
++  * SECURITY UPDATE: DNS server crash via invalid records
++    - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
++      with NULL  and do not crash when additional data not found in
++      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
++    - CVE-2020-14383
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 16 Oct 2020 06:53:44 -0400
++
++samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
++
++  * SECURITY UPDATE: Unauthenticated domain controller compromise by
++    subverting Netlogon cryptography (ZeroLogon)
++    - debian/patches/zerologon-*.patch: backport upstream patches:
++      + For compatibility reasons, allow specifying an insecure netlogon
++        configuration per machine. See the following link for examples:
++        https://www.samba.org/samba/security/CVE-2020-1472.html
++      + Add additional server checks for the protocol attack in the
++        client-specified challenge to provide some protection when
++        'server schannel = no/auto' and avoid the false-positive results
++        when running the proof-of-concept exploit.
++    - CVE-2020-1472
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 28 Sep 2020 09:46:49 -0400
++
++samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
++
++  * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
++    guard uring tests with a kernel version check and skip if it's too old
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 11 Aug 2020 11:00:35 -0300
++
++samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
++
++  * d/t/smbclient-anonymous-share-list: add set -x and set -e
++  * Factor out common DEP8 test code into d/t/util and change the tests
++    to source from it:
++    - d/t/util: added
++    - d/t/cifs-share-access, d/t/smbclient-share-access: source from
++      util, use random share name and add set -x and set -u
++    - d/t/smbclient-authenticated-share-list: source from util and add
++      set -x and set -u
++  * d/control: enable the liburing vfs module, except on i386 where
++    liburing is not available
++  * Add new DEP8 tests for the uring vfs module:
++    - d/t/control: add smbclient-share-access-uring and
++      cifs-share-access-uring tests
++    - d/t/smbclient-share-access-uring: new test
++    - d/t/cifs-share-access-uring: new test
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 04 Aug 2020 17:20:30 -0300
++
++samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + disable the following binary packages:
++        - ctdb
++        - libnss-winbind
++        - libpam-winbind
++        - python3-samba
++        - samba
++        - samba-common-bin
++        - samba-testsuite
++        - winbind
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + re-enable the following binary packages:
++        - libnss-winbind
++        - samba-common-bin
++        - python3-samba
++        - winbind
++    - d/control: add a versioned libgnutls28-dev build-depends to reduce
++      the amount of in-tree crypto code that is built
++  * Dropped:
++    - d/gbp.conf, d/watch, d/README.source: update for 4.12
++      [In 2:4.12.3+dfsg-1]
++    - d/control: bump build-depends:
++      + ldb: 2.1.2
++      + tevent: 0.10.2
++      + tdb: 1.4.3
++      + talloc: 2.3.1
++      [In 2:4.12.3+dfsg-1]
++    - d/smbclient.install: add new binary mdfind and its manpage
++      [In 2:4.12.3+dfsg-1]
++    - d/samba-dev.install, d/samba-libs.install: new lib
++      libdcerpc-server-core
++      [In 2:4.12.3+dfsg-1]
++    - d/samba-libs.install: new library libtalloc-report-printf
++      [In 2:4.12.3+dfsg-1]
++    - d/libwbclient0.install: remove libaesni, no longer built when
++      gnutls provides AES CMAC
++      [In 2:4.12.3+dfsg-1]
++    - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
++      [In 2:4.12.3+dfsg-1]
++    - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
++      [Dropped in 2:4.12.3+dfsg-1]
++    - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
++      [Dropped in 2:4.12.3+dfsg-1]
++    - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
++      [Dropped in 2:4.12.3+dfsg-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 31 Jul 2020 11:07:47 -0300
++
  samba (2:4.12.5+dfsg-3) unstable; urgency=high
    * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
@@ -1540,6 +2578,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Wed, 24 Jun 2020 23:12:11 +0200
++samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
++
++  * New upstream version: 4.12.2
++  * d/gbp.conf, d/watch, d/README.source: update for 4.12
++  * d/control: bump build-depends:
++    - ldb: 2.1.2
++    - tevent: 0.10.2
++    - tdb: 1.4.3
++    - talloc: 2.3.1
++  * d/smbclient.install: add new binary mdfind and its manpage
++  * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
++  * d/samba-libs.install: new library libtalloc-report-printf
++  * d/libwbclient0.install: remove libaesni, no longer built when
++    gnutls provides AES CMAC
++  * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
++  * d/control: add a versioned libgnutls28-dev build-depends to reduce
++    the amount of in-tree crypto code that is built
++  * Dropped (applied upstream):
++    - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
++    - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
++    - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
++    - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 12 May 2020 10:42:17 -0300
++
++samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
++
++  * SECURITY UPDATE: Use-after-free in AD DC LDAP server
++    - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
++      combination with paged_results in selftest/knownfail.d/asq,
++      source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
++    - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
++      for the GUID search in paged_results in selftest/knownfail.d/asq,
++      source4/dsdb/samdb/ldb_modules/paged_results.c.
++    - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
++      Build-Depends to 2.0.10.
++    - CVE-2020-10700
++  * SECURITY UPDATE: Stack overflow in AD DC LDAP server
++    - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
++      auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
++      lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
++      libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
++      source3/lib/tldap.c, source3/lib/tldap_util.c,
++      source3/libsmb/clispnego.c, source3/torture/torture.c,
++      source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
++      source4/libcli/ldap/ldap_client.c,
++      source4/libcli/ldap/ldap_controls.c.
++    - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
++      lib/util/asn1.c.
++    - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
++      docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
++      docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
++      lib/param/loadparm.c, source3/param/loadparm.c.
++    - debian/patches/CVE-2020-10704-6.patch: limit request sizes in
++      source4/ldap_server/ldap_server.c.
++    - debian/patches/CVE-2020-10704-7.patch: add search size limits to
++      ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
++      lib/param/loadparm.c, libcli/cldap/cldap.c,
++      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
++      source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
++      source4/libcli/ldap/ldap_client.c.
++    - debian/patches/CVE-2020-10704-8.patch: check search request lengths
++      in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
++    - CVE-2020-10704
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Apr 2020 08:08:38 -0400
++
++samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium
++
++  * New upstream release: 4.11.6
++  * d/p/samba-tool-py38-*.patch: dropped, fixed upstream
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 26 Feb 2020 11:55:16 -0300
++
++samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium
++
++  * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sat, 22 Feb 2020 17:22:21 -0300
++
++samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + drop ceph support
++      + disable the following binary packages:
++        - ctdb
++        - libnss-winbind
++        - libpam-winbind
++        - python3-samba
++        - samba
++        - samba-common-bin
++        - samba-testsuite
++        - winbind
++    - debian/control: Ubuntu i386 binary compatibility:
++      + drop ceph support
++    - debian/rules: Ubuntu i386 binary compatibility:
++      + re-enable the following binary packages:
++        - libnss-winbind
++        - samba-common-bin
++        - python3-samba
++        - winbind
++  * Dropped:
++    - d/control: drop python3-matplotlib. It's only used in
++      script/attr_count_read which is not installed with the
++      samba packages.
++      [In 2:4.11.3+dfsg-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 17 Feb 2020 15:29:35 -0300
++
  samba (2:4.11.5+dfsg-1) unstable; urgency=medium
    * New upstream security release
@@ -1567,6 +2730,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Mon, 16 Dec 2019 09:47:45 +0100
++samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium
++
++   * Ubuntu i386 binary compatibility effort: (LP: #1861316)
++    - debian/rules:
++        + re-enable the following binary packages generation:
++          - libnss-winbind
++          - samba-common-bin
++          - python3-samba
++          - winbind
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Thu, 06 Feb 2020 14:42:38 +0000
++
++samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium
++
++  * No-change rebuild to build with python3.8.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 25 Jan 2020 06:06:11 +0000
++
++samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium
++
++  * Ubuntu i386 binary compatibility effort: (LP: #1858479)
++    - debian/control:
++        + drop ceph support
++    - debian/rules:
++        + drop ceph support
++        + disable the following binary packages generation:
++          - ctdb
++          - libnss-winbind
++          - libpam-winbind
++          - python3-samba
++          - samba
++          - samba-common-bin
++          - samba-testsuite
++          - winbind
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Thu, 09 Jan 2020 00:40:31 +0000
++
++samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++      change nfs service name from nfs to nfs-kernel-server
++      (LP #722201)
++      [Adopted the Debian version and added a couple of extra hunks
++      we had]
++    - d/p/ctdb-config-enable-syslog-by-default.patch:
++      enable syslog and systemd journal by default
++  * Dropped:
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++      [In 2:4.9.4+dfsg-2]
++    - Removed patches already applied upstream:
++      + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
++        [Removed in 2:4.10.7+dfsg-1]
++      + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
++        [Removed in 4.9.5+dfsg-1]
++    - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
++      [Refreshed in 2:4.1.17+dfsg-1]
++    - d/control: Updated build dependencies (already updated in Debian):
++      + tdb >= 1.3.17
++      + talloc >= 2.1.15
++      + tevent >= 0.9.38
++      + ldb >= 1.5.3
++    - d/samba-common.docs: README is now README.md
++      [In 2:4.10.7+dfsg-1]
++    - d/libsmbclient.symbols: update symbols for this version
++    - d/libwbclient0.symbols: update symbols for this version
++    - d/ctdb.install: new binary ctdb_local_daemons
++      [In 2:4.10.7+dfsg-1]
++    - d/samba-dev.install: use globbing for the header files with
++      exceptions for wbclient.h and libsmbclient.h, which belong in
++      other packages.
++      [In 2:4.10.7+dfsg-1]
++    - d/rules: fix globbing used to move the dckeytab python module to the
++      samba package, and add a comment explaining why this is being done.
++      [In 2:4.10.7+dfsg-1]
++    - Switch to python3 (in 2:4.10.7+dfsg-1):
++      + d/rules: calculate the ldb version using python3, and drop the
++        "really" bit since the real 1.5.x series is being used now.
++      + d/rules: make sure python3 is used for the build
++      + d/rules: adjust globbing to remove the python3 version of tevent.so
++      + d/rules: drop PYVERS, unused
++      + d/control: adjust dependencies (build and runtime) for python3
++      + d/python3-samba.install, d/control: new python3-samba package
++        (LP #1440381)
++      + d/control, d/python-samba.install: get rid of python-samba, which is py2
++      + d/python3-samba.lintian-overrides: use the same overrides we had for
++        python-samba, now deleted.
++      + d/samba-dev.install, d/samba-libs.install: update file list
++      + d/t/control, d/t/python-smoke: use python3
++      + d/control: use ${python3:Depends} now instead of the python 2
++        counterpart for samba and samba-common-bin.
++    - d/control: drop suggests for python-gpgme, it's no longer available.
++      [In 2:4.10.7+dfsg-1]
++    - d/gbp.conf, d/watch, r/README.source: updated for 4.10
++      [In 2:4.10.7+dfsg-1]
++    - d/control: update cmocka build-depends to >= 1.1.3
++      [In 2:4.10.7+dfsg-1]
++    - d/samba-libs.install: bump passdb minor to 0.27.2
++      [In 2:4.10.7+dfsg-1]
++    - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
++      to allow pid file to exist (LP #1821775)
++      [In 2:4.10.7+dfsg-1]
++    - Allow proper ctdb initalization (LP #1828799):
++      + d/ctdb.dirs: added /var/lib/ctdb/* directories
++      + d/ctdb.postrm: remove leftovers from:
++        /var/lib/ctdb/{state,persistent,volatile,scripts}
++      [In 2:4.10.7+dfsg-1]
++    - d/rules: installing provided config examples and helper scripts
++    - Examples of NFS HA CTDB config files + helper script:
++      + d/ctdb.example.enable.nfs.sh
++      + d/ctdb.example.nfs-common
++      + d/ctdb.example.nfs-kernel-server
++      + d/ctdb.example.services
++      + d/ctdb.example.sysctl-nfs-static-ports.conf
++      [In 2:4.10.7+dfsg-1]
++    - debian/rules: Make DEB_HOST_ARCH_CPU initialized through
++      dpkg-architecture (Closes: #931138)
++      [In 2:4.10.7+dfsg-1]
++    - d/control: update ldb build-deps to 1.5.5
++      [In 2:4.10.7+dfsg-1]
++    - SECURITY UPDATE: restricted share escape by user (LP #1842533)
++      [fixed upstream in 4.11.0rc2]
++      + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
++        out impersonation debug info into a new function.
++      + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
++        change_to_user_internal() always resets current_user.done_chdir
++      + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
++        reset current_user.{need,done}_chdir in become_root()
++      + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
++        fsrvp_share its own independent subdirectory
++      + debian/patches/CVE-2019-10197-05-v4-10.patch:
++        test_smbclient_s3.sh: add regression test for the no permission
++        on share root problem
++      + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
++        change_to_user_impersonate() out of change_to_user_internal()
++      + CVE-2019-10197
++  * Added:
++    - d/control: drop python3-matplotlib. It's only used in
++      script/attr_count_read which is not installed with the
++      samba packages.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 29 Nov 2019 18:00:22 -0300
++
  samba (2:4.11.1+dfsg-3) unstable; urgency=medium
    * Add some python dependencies:
@@ -1775,6 +3093,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 29 Aug 2019 14:32:52 +0200
++samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium
++
++  * No-change rebuild to build with python3.8.
++
++ -- Matthias Klose <doko@ubuntu.com>  Fri, 18 Oct 2019 18:53:34 +0000
++
++samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium
++
++  * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
++    - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
++      out impersonation debug info into a new function.
++    - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
++      change_to_user_internal() always resets current_user.done_chdir
++    - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
++      reset current_user.{need,done}_chdir in become_root()
++    - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
++      fsrvp_share its own independent subdirectory
++    - debian/patches/CVE-2019-10197-05-v4-10.patch:
++      test_smbclient_s3.sh: add regression test for the no permission
++      on share root problem
++    - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
++      change_to_user_impersonate() out of change_to_user_internal()
++    - CVE-2019-10197
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Fri, 30 Aug 2019 11:07:19 -0700
++
++samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium
++
++  * New upstream version: 4.10.7
++    - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped,
++      included upstream in 4.10.7
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 22 Aug 2019 15:03:23 -0300
++
++samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium
++
++  * New upstream version: 4.10.6
++    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update
++      the Debian config and use it.
++    - d/control: update ldb build-deps to 1.5.5
++  * Dropped:
++    - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5
++    - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5
++    - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3
++    - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2
++    - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2
++    - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1
++    - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed
++      upstream in 4.10.5
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 07 Aug 2019 17:20:48 -0300
++
++samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium
++
++  * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++    change service name from nfs to nfs-kernel-server in
++    legacy script 06.nfs.script also (LP: #722201)
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Thu, 11 Jul 2019 21:44:49 +0000
++
++samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium
++
++  * debian/rules: Make DEB_HOST_ARCH_CPU initialized through
++    dpkg-architecture (Closes: #931138)
++  * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch:
++    fix tcp_tw_recycle existence check. (LP: #722201)
++  * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
++    change nfs service name from nfs to nfs-kernel-server
++    (LP: #722201)
++  * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
++    to allow pid file to exist (LP: #1821775)
++  * Allow proper ctdb initialization (LP: #1828799):
++    - d/ctdb.dirs: added /var/lib/ctdb/* directories
++    - d/ctdb.postrm: remove leftovers from:
++      /var/lib/ctdb/{state,persistent,volatile,scripts}
++  * d/rules: installing provided config examples and helper scripts
++  * Examples of NFS HA CTDB config files + helper script:
++    - d/ctdb.example.enable.nfs.sh
++    - d/ctdb.example.nfs-common
++    - d/ctdb.example.nfs-kernel-server
++    - d/ctdb.example.services
++    - d/ctdb.example.sysctl-nfs-static-ports.conf
++  * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch:
++    do not try to start daemon if /etc/ctdb/nodes does not exist
++  * d/p/ctdb-config-enable-syslog-by-default.patch:
++    enable syslog and systemd journal by default
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Fri, 28 Jun 2019 00:14:27 +0000
++
++samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
++
++  * SECURITY UPDATE: zone operations can crash rpc server
++    - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
++      not found in DnssrvOperation in
++      python/samba/tests/dcerpc/dnsserver.py,
++      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
++    - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
++      not found in DnssrvOperation2 in
++      python/samba/tests/dcerpc/dnsserver.py,
++      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
++    - CVE-2019-12435
++  * SECURITY UPDATE: paged_searches crash on LDAP and homes access
++    - debian/patches/CVE-2019-12436.patch: ignore successful results
++      without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
++      source4/dsdb/tests/python/vlv.py.
++    - CVE-2019-12436
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 12 Jun 2019 10:08:44 -0400
++
++samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
++    - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
++      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
++      source4/torture/krb5/kdc-canon-heimdal.c.
++    - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
++      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
++      source4/heimdal/kdc/krb5tgs.c.
++    - CVE-2018-16860
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 14 May 2019 09:10:24 -0400
++
++samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium
++
++  * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
++    - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
++      umask being overwritten in python/samba/tests/ntacls_backup.py,
++      python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
++      selftest/knownfail.d/umask-leak.
++    - debian/patches/CVE-2019-3870-2.patch: add test to check
++      file-permissions are correct after provision in
++      selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
++      source4/setup/tests/provision_fileperms.sh.
++    - debian/patches/CVE-2019-3870-3.patch: include tests to show the
++      outside umask has no impact in python/samba/tests/ntacls_backup.py,
++      python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
++    - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
++      close as possible to users in source3/smbd/pysmbd.c,
++      selftest/knownfail.d/provision_fileperms,
++      selftest/knownfail.d/umask-leak.
++    - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
++      smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
++      source3/smbd/pysmbd.c.
++    - CVE-2019-3870
++  * SECURITY UPDATE: save registry file outside share as unprivileged user
++    - debian/patches/CVE-2019-3880.patch: remove implementations of
++      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
++    - CVE-2019-3880
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 08 Apr 2019 10:32:30 -0400
++
++samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium
++
++  * New upstream version: 4.10.0
++    - d/gbp.conf, d/watch, r/README.source: updated for 4.10
++    - d/control: update cmocka build-depends to >= 1.1.3
++    - d/samba-libs.install: bump passdb minor to 0.27.2
++  * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to
++    Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 21 Mar 2019 14:40:32 -0300
++
++samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium
++
++  * New upstream version 4.10.0rc4 (LP: #1818518):
++    - Removed patches already applied upstream:
++      + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
++      + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
++    - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
++    - d/control: Updated build dependencies:
++      + tdb >= 1.3.17
++      + talloc >= 2.1.15
++      + tevent >= 0.9.38
++      + ldb >= 1.5.3
++    - d/samba-common.docs: README is now README.md
++    - d/libsmbclient.symbols: update symbols for this version
++    - d/libwbclient0.symbols: update symbols for this version
++    - d/ctdb.install: new binary ctdb_local_daemons
++    - d/samba-dev.install: use globbing for the header files with
++      exceptions for wbclient.h and libsmbclient.h, which belong in
++     other packages.
++    - d/rules: fix globbing used to move the dckeytab python module to the
++      samba package, and add a comment explaining why this is being done.
++  * Switch to python3:
++    - d/rules: calculate the ldb version using python3, and drop the
++      "really" bit since the real 1.5.x series is being used now.
++    - d/rules: make sure python3 is used for the build
++    - d/rules: adjust globbing to remove the python3 version of tevent.so
++    - d/rules: drop PYVERS, unused
++    - d/control: adjust dependencies (build and runtime) for python3
++    - d/python3-samba.install, d/control: new python3-samba package
++      (LP: #1440381)
++    - d/control, d/python-samba.install: get rid of python-samba, which is py2
++    - d/python3-samba.lintian-overrides: use the same overrides we had for
++      python-samba, now deleted.
++    - d/samba-dev.install, d/samba-libs.install: update file list
++    - d/t/control, d/t/python-smoke: use python3
++    - d/control: use ${python3:Depends} now instead of the python 2
++      counterpart for samba and samba-common-bin.
++  * d/control: drop suggests for python-gpgme, it's no longer available.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Sat, 09 Mar 2019 12:45:25 +0000
++
  samba (2:4.9.5+dfsg-1) experimental; urgency=medium
    * New upstream release
@@ -1819,6 +3340,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Wed, 23 Jan 2019 20:59:08 +0100
++samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++  * Dropped:
++    - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
++      failing without a valid idmap configuration. This fixes the smbd startup
++      on a standalone server where winbind is available and running. Thanks to
++      Stefan Metzmacher <metze@samba.org>. (LP #1806035)
++      [Fixed in 2:4.9.4+dfsg-1]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 Jan 2019 18:23:52 -0200
++
  samba (2:4.9.4+dfsg-1) unstable; urgency=medium
    * New upstream release
@@ -1829,6 +3375,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Sat, 22 Dec 2018 18:32:00 +0100
++samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Mon, 14 Jan 2019 20:03:58 +0000
++
++samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
++
++  * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
++    failing without a valid idmap configuration. This fixes the smbd startup
++    on a standalone server where winbind is available and running. Thanks to
++    Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 21 Dec 2018 10:39:23 -0200
++
++samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++  * Dropped:
++    - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
++      errors (LP: 1795772)
++      [Fixed upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 28 Nov 2018 20:06:47 -0200
++
  samba (2:4.9.2+dfsg-2) unstable; urgency=high
    * New upstream security release
@@ -1938,6 +3522,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 30 Aug 2018 19:32:24 +0200
++samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium
++
++  * No-change rebuild against libldb1 1.4.2
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 14 Nov 2018 22:46:24 +0000
++
++samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high
++
++  [ Karl Stenerud ]
++  * d/p/fix-rmdir.patch: Fix to make the samba client library report
++    directory-not-empty errors (LP: #1795772)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 09 Oct 2018 14:32:16 -0300
++
++samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1778125). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++  * Drop:
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++      [Accepted by Debian in 2:4.7.4+dfsg-2]
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++      [In Debian since 2:4.7.4+dfsg-2]
++    - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
++      [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
++      Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
++      [Fixed upstream]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 21 Aug 2018 09:57:57 -0300
++
  samba (2:4.8.4+dfsg-2) unstable; urgency=high
    * Fix typo in previous release: s/usefull/useful/
@@ -2095,6 +3731,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Mon, 19 Mar 2018 13:02:51 +0100
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
++
++  * No change rebuild to link with new ldb 1.3.3
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 03 Jul 2018 09:57:24 -0300
++
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
++
++  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
++    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
++    Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 18 Apr 2018 11:49:55 -0300
++
++samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
++
++  * New upstream version:
++    - Fix database corruption bug when upgrading from samba 4.6 or lower
++      AD controllers (LP: #1755057)
++    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
++  * Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 13 Mar 2018 16:58:49 -0300
++
  samba (2:4.7.4+dfsg-2) unstable; urgency=high
    [ Mathieu Parent ]
@@ -2125,6 +3810,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Fri, 02 Mar 2018 20:55:06 +0100
++samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1744779). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
++      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
++        anonymously
++      + d/t/control, d/t/smbclient-authenticated-share-list: list available
++        shares using an authenticated connection
++      + d/t/control, d/t/smbclient-share-access: create a share and download a
++        file from it
++    - d/samba-common.dhcp: If systemctl is available, use it to query the
++      status of the smbd service before trying to reload it. Otherwise,
++      keep the same check as before and reload the service based on the
++      existence of the initscript. (LP #1579597)
++    - d/control, d/rules: Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 22 Jan 2018 16:31:41 -0200
++
  samba (2:4.7.4+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -2141,6 +3857,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 11 Jan 2018 20:49:28 +0100
++samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/source_samba.py: use the new recommended findmnt(8) tool to list
++      mountpoints and correctly filter by the cifs filesystem type.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 05 Dec 2017 12:49:20 -0500
++
  samba (2:4.7.3+dfsg-1) unstable; urgency=high
    * New upstream version
@@ -2164,6 +3916,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Sun, 12 Nov 2017 10:02:19 +0100
++samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++    - d/source_samba.py: use the new recommended findmnt(8) tool to list
++      mountpoints and correctly filter by the cifs filesystem type.
++
++ -- Matthias Klose <doko@ubuntu.com>  Fri, 10 Nov 2017 10:03:57 +0100
++
  samba (2:4.7.1+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -2212,6 +4000,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Tue, 19 Sep 2017 22:00:13 +0200
++samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
++
++  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
++    they should
++    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
++      into a specified one in source3/include/auth_info.h,
++      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
++    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
++      source3/lib/util_cmdline.c.
++    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
++      source3/libsmb/pylibsmb.c.
++    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
++      libgpo/gpo_fetch.c.
++    - debian/patches/CVE-2017-12150-5.patch: add check for
++      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
++    - debian/patches/CVE-2017-12150-6.patch: add
++      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
++    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
++      authentication was not requested in source3/libsmb/clidfs.c.
++    - CVE-2017-12150
++  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
++    redirects
++    - debian/patches/CVE-2017-12151-1.patch: add
++      cli_state_is_encryption_on() helper function to
++      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
++    - debian/patches/CVE-2017-12151-2.patch: make use of
++      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
++      source3/libsmb/libsmb_context.c.
++    - CVE-2017-12151
++  * SECURITY UPDATE: Server memory information leak over SMB1
++    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
++      from writing server memory to file in source3/smbd/reply.c.
++    - CVE-2017-12163
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 21 Sep 2017 08:10:03 -0400
++
++samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
++
++  * d/source_samba.py: use the new recommended findmnt(8) tool to list
++    mountpoints and correctly filter by the cifs filesystem type.
++    (LP: #1703604)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 01 Sep 2017 09:47:58 -0300
++
++samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1710281).
++    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
++      symlinks to directories (LP: #1701073)
++  * Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++    - d/rules: Compile winbindd/winbindd statically.
++    - Disable glusterfs support because it's not in main.
++      MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 21 Aug 2017 17:27:08 -0300
++
  samba (2:4.6.7+dfsg-1) unstable; urgency=medium
    * New upstream version
@@ -2223,6 +4092,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Tue, 15 Aug 2017 23:06:36 +0200
++samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1700644). Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - Add extra DEP8 tests to samba (LP #1696823):
++      + d/t/control: enable the new DEP8 tests
++      + d/t/smbclient-anonymous-share-list: list available shares anonymously
++      + d/t/smbclient-authenticated-share-list: list available shares using
++        an authenticated connection
++      + d/t/smbclient-share-access: create a share and download a file from it
++      + d/t/cifs-share-access: access a file in a share using cifs
++    - Ask the user if we can run testparm against the config file. If yes,
++      include its stderr and exit status in the bug report. Otherwise, only
++      include the exit status. (LP #1694334)
++    - If systemctl is available, use it to query the status of the smbd
++      service before trying to reload it. Otherwise, keep the same check
++      as before and reload the service based on the existence of the
++      initscript. (LP #1579597)
++  * Drop:
++    - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
++      [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
++      fix-1584485.patch was dropped there.]
++    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure
++      [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
++      in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
++    - debian/patches/winbind_trusted_domains.patch: make sure domain
++      members can talk to trusted domains DCs.
++      [Upstream committed a different fix, see updated patch attached to
++      https://bugzilla.samba.org/show_bug.cgi?id=11830]
++    - d/control: add libcephfs-dev as b-d to build vfs_ceph
++      [Adopted by Debian in 2:4.6.5+dfsg-1]
++    - debian/patches/CVE-2017-11103.patch: use encrypted service
++      name rather than unencrypted (and therefore spoofable) version
++      in heimdal
++      [Adopted by Debian as
++      d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
++    - Cherrypick upstream patch to fix FTBFS with new ceph lib.
++      [Merged upstream in 4.6.0rc1]
++  * Disable glusterfs support because it's not in main.
++    MIR bug is https://launchpad.net/bugs/1274247
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 10 Aug 2017 22:20:22 -0300
++
  samba (2:4.6.5+dfsg-8) unstable; urgency=medium
    * Remove dependency on update-inetd, not used anymore
@@ -2342,6 +4265,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Mon, 12 Jun 2017 08:09:43 +0200
++samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
++
++  * Cherrypick upstream patch to fix FTBFS with new ceph lib.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 26 Jul 2017 08:34:24 +0100
++
++samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
++
++  * SECURITY UPDATE: KDC-REP service name impersonation
++    - debian/patches/CVE-2017-11103.patch: use encrypted service
++      name rather than unencrypted (and therefore spoofable) version
++      in heimdal
++    - CVE-2017-11103
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Mon, 17 Jul 2017 16:22:28 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
++
++  * No-change rebuild against libldb 1.1.29
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Jun 2017 16:09:33 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
++
++  * Add extra DEP8 tests to samba (LP: #1696823):
++    - d/t/control: enable the new DEP8 tests
++    - d/t/smbclient-anonymous-share-list: list available shares anonymously
++    - d/t/smbclient-authenticated-share-list: list available shares using
++      an authenticated connection
++    - d/t/smbclient-share-access: create a share and download a file from it
++    - d/t/cifs-share-access: access a file in a share using cifs
++  * Ask the user if we can run testparm against the config file. If yes,
++    include its stderr and exit status in the bug report. Otherwise, only
++    include the exit status. (LP: #1694334)
++  * If systemctl is available, use it to query the status of the smbd
++    service before trying to reload it. Otherwise, keep the same check
++    as before and reload the service based on the existence of the
++    initscript. (LP: #1579597)
++  * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
++    module. There is a fixed version of that patch attached to
++    #1677329 but it has not been vetted yet, so for now it's best
++    to revert (again) so that pam_winbind can be used.
++    (LP: #1677329, LP: #1644428)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 19 Jun 2017 10:49:29 -0700
++
++samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++    - debian/smb.conf;
++      + Add "(Samba, Ubuntu)" to server string.
++      + Comment out the default [homes] share, and add a comment about
++        "valid users = %s" to show users how to restrict access to
++        \\server\username to only username.
++    - debian/samba-common.config:
++      + Do not change priority to high if dhclient3 is installed.
++    - Add apport hook:
++      + Created debian/source_samba.py.
++      + debian/rules, debian/samba-common-bin.install: install hook.
++    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure
++    - debian/patches/winbind_trusted_domains.patch: make sure domain
++      members can talk to trusted domains DCs.
++    - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++      to be statically linked
++    - d/rules: Compile winbindd/winbindd statically.
++    - d/control: add libcephfs-dev as b-d to build vfs_ceph
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 15 Jun 2017 14:17:43 -0400
++
  samba (2:4.5.8+dfsg-2) unstable; urgency=high
    * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -2356,6 +4350,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
   -- Mathieu Parent <sathieu@debian.org>  Sat, 01 Apr 2017 20:39:17 +0200
++samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
++
++  * SECURITY UPDATE: remote code execution from a writable share
++    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
++      slash inside in source3/rpc_server/srv_pipe.c.
++    - CVE-2017-7494
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 24 May 2017 07:39:13 -0400
++
++samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
++
++  * SECURITY UPDATE: Symlink race allows access outside share definition
++    - Updated to new upstream release 4.5.8.
++    - CVE-2017-2619
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 21 Apr 2017 07:33:25 -0400
++
  samba (2:4.5.6+dfsg-2) unstable; urgency=high
    * This is a security release in order to address the following defects:
@@ -2385,6 +4396,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Sun, 05 Mar 2017 23:21:09 +0100
++samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
++
++  * d/control: add libcephfs-dev as b-d to build vfs_ceph
++    (LP: #1668940).
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Mon, 06 Mar 2017 11:13:41 -0800
++
++samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
++
++  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
++    changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
++    + debian/patches/winbind_trusted_domains.patch: make sure domain members
++      can talk to trusted domains DCs.
++      [ update patch based upon upstream discussion ]
++    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++      to be statically linked fixes LP #1584485.
++    + d/rules: Compile winbindd/winbindd statically.
++  * Drop:
++    - Delete debian/.gitignore
++    [ Previously undocumented ]
++    - debian/patches/git_smbclient_cpu.patch:
++      + backport upstream patch to fix smbclient users hanging/eating cpu on
++        trying to contact a machine which is not there (lp #1572260)
++    [ Fixed upstream ]
++    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
++      + debian/patches/CVE-2016-2123.patch: check lengths in
++        librpc/ndr/ndr_dnsp.c.
++      + CVE-2016-2123
++    [ Fixed in Debian ]
++    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
++      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
++        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
++        source4/auth/gensec/gensec_gssapi.c.
++      + CVE-2016-2125
++    [ Fixed in Debian ]
++    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
++      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
++        in auth/kerberos/kerberos_pac.c.
++      + CVE-2016-2126
++    [ Fixed in Debian ]
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Thu, 26 Jan 2017 17:20:15 -0800
++
  samba (2:4.5.4+dfsg-1) unstable; urgency=medium
    [ Mathieu Parent ]
@@ -2512,6 +4578,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Fri, 09 Sep 2016 13:00:54 +0200
++samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
++
++  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
++    - debian/patches/CVE-2016-2123.patch: check lengths in
++      librpc/ndr/ndr_dnsp.c.
++    - CVE-2016-2123
++  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
++    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
++      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
++      source4/auth/gensec/gensec_gssapi.c.
++    - CVE-2016-2125
++  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
++    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
++      in auth/kerberos/kerberos_pac.c.
++    - CVE-2016-2126
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Jan 2017 12:32:25 -0500
++
++samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
++
++  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
++    to be statically linked fixes LP: #1584485.
++
++  * d/rules: Compile winbindd/winbindd statically.
++
++ -- Jorge Niedbalski <jorge.niedbalski@canonical.com>  Wed, 02 Nov 2016 13:59:10 +0100
++
++samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sun, 18 Sep 2016 10:26:52 +0000
++
++samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 17 Sep 2016 12:09:21 +0000
++
++samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
++
++  * debian/patches/git_smbclient_cpu.patch:
++    - backport upstream patch to fix smbclient users hanging/eating cpu on
++      trying to contact a machine which is not there (lp: #1572260)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 05 Aug 2016 17:32:43 +0200
++
++samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/winbind_trusted_domains.patch: make sure domain members
++      can talk to trusted domains DCs.
++  * Dropped changes:
++    - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
++      never done in Debian, revert.
++    - ufw integration: included in Debian.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 14 Jul 2016 17:45:46 -0700
++
  samba (2:4.4.5+dfsg-2) unstable; urgency=medium
    * Disable running of 'make quicktest' during build, as it takes very
@@ -2639,6 +4776,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
   -- Andrew Bartlett <abartlet+debian@catalyst.net.nz>  Wed, 06 Apr 2016 17:08:20 +1200
++samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
++
++  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
++    the previous security updates. (LP: #1577739)
++    - debian/control: bump tevent Build-Depends to 0.9.28.
++  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
++    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
++      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
++    - debian/patches/samba-bug11914.patch: make
++      ntlm_auth_generate_session_info() more complete in
++      source3/utils/ntlm_auth.c.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 May 2016 09:29:15 -0400
++
  samba (2:4.3.8+dfsg-1) unstable; urgency=low
    [ Jelmer Vernooĳ ]
@@ -2653,6 +4804,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
   -- Jelmer Vernooĳ <jelmer@debian.org>  Sat, 16 Apr 2016 01:18:36 +0000
++samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
++
++  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
++    - CVE-2015-5370: Multiple errors in DCE-RPC code
++    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
++    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
++    - CVE-2016-2112: The LDAP client and server don't enforce integrity
++      protection
++    - CVE-2016-2113: Missing TLS certificate validation allows man in the
++      middle attacks
++    - CVE-2016-2114: "server signing = mandatory" not enforced
++    - CVE-2016-2115: SMB client connections for IPC traffic are not
++      integrity protected
++    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
++  * debian/patches/winbind_trusted_domains.patch: make sure domain members
++    can talk to trusted domains DCs.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 12 Apr 2016 07:26:29 -0400
++
  samba (2:4.3.7+dfsg-1) unstable; urgency=high
    * New upstream release.
@@ -2695,6 +4865,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
   -- Mathieu Parent <sathieu@debian.org>  Thu, 31 Mar 2016 22:26:11 +0200
++samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 09 Mar 2016 08:49:12 -0500
++
  samba (2:4.3.6+dfsg-1) unstable; urgency=medium
    * New upstream release.
@@ -2740,6 +4933,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
   -- Mathieu Parent <sathieu@debian.org>  Thu, 04 Feb 2016 13:25:01 +0100
++samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:43 +0000
++
++samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
++
++  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
++    (LP: #1545750)
++
++ -- Dariusz Gadomski <dariusz.gadomski@canonical.com>  Mon, 15 Feb 2016 16:05:12 +0100
++
++samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 06 Jan 2016 07:41:39 -0500
++
  samba (2:4.3.3+dfsg-1) unstable; urgency=medium
    * New upstream release. Closes: #808133.
@@ -2824,6 +5053,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 07 Dec 2014 15:34:36 +0000
++samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
++
++  * Resolve small merge error in the rules
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 16 Dec 2015 12:02:12 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
++
++  * Backport Debian change to remove libpam-smbpasswd, it segfaults
++    leading to non working session (lp: #1515207)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 16 Dec 2015 11:47:44 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
++
++  * Build with the new ldb
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 18 Nov 2015 11:45:32 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
++
++  * debian/samba.logrotate:
++    - revert to Debian version of the logrotate reload command, fix an
++      invalid syntax introduced in the upstart->systemd transition
++      (lp: #1385868)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Tue, 10 Nov 2015 19:01:06 +0100
++
++samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
++
++  * Merge with Debian; remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 24 Oct 2015 14:57:47 +0200
++
  samba (2:4.1.20+dfsg-1) unstable; urgency=medium
    * New upstream release (last compatible with current OpenChange).
@@ -2837,6 +5123,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 20 Sep 2015 13:20:53 +0000
++samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
++
++  * debian/control:
++    - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
++
++ -- Robert Ancell <robert.ancell@canonical.com>  Tue, 11 Aug 2015 11:34:50 +1200
++
++samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/git_timeout_client_error.patch:
++    - don't let smb mounts timeout that leads to errors when trying to
++      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 08 May 2015 10:49:12 +0200
++
  samba (2:4.1.17+dfsg-4) unstable; urgency=medium
    * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -2873,6 +5197,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivodd@debian.org>  Mon, 23 Feb 2015 20:20:21 +0100
++samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
++
++  * debian/patches/git_timeout_client_error.patch:
++    - don't let smb mounts timeout that leads to errors when trying to
++      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Fri, 03 Apr 2015 17:20:06 +0200
++
++samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
++
++  * SECURITY UPDATE: code execution vulnerability in smbd daemon
++    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
++      uninitialized pointer and don't dereference a NULL pointer in
++      source3/rpc_server/netlogon/srv_netlog_nt.c.
++    - CVE-2015-0240
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 23 Feb 2015 08:36:51 -0500
++
++samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    + debian/smb.conf;
++      - Add "(Samba, Ubuntu)" to server string.
++      - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
++      processes such that it works under both upstart and systemd.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++    + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
++
++ -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Wed, 21 Jan 2015 15:48:05 +0100
++
  samba (2:4.1.13+dfsg-4) unstable; urgency=medium
    * Revert previous patch, since ldb has an active module version check.
@@ -2915,6 +5286,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
   -- Jelmer Vernooij <jelmer@debian.org>  Sun, 07 Sep 2014 20:52:27 +0200
++samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
++
++  * SECURITY UPDATE: elevation of privilege to AD Domain Controller
++    - debian/patches/CVE-2014-8143.patch: check for extended access rights
++      before allowing changes to userAccountControl in
++      librpc/idl/security.idl, source4/auth/session.c,
++      source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
++      source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
++      source4/rpc_server/lsa/dcesrv_lsa.c,
++      source4/setup/schema_samba4.ldif.
++    - CVE-2014-8143
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 21 Jan 2015 09:19:12 -0500
++
++samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
++
++  * No-change rebuild against current ldb. Note that I'm not claiming the
++    merging for this package.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 04 Dec 2014 07:50:22 +0100
++
++samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
++
++  * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
++    pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 11 Sep 2014 11:53:36 -0500
++
++samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++
++  * In logrotate, use service command to reload (send SIGHUP) the main
++    processes such that it works under both upstart and systemd.
++  * Drop CVE patches, applied upstream.
++  * Drop patches absent from series: readline-ftbfs.patch,
++    krb5_kt_start_seq.diff, config-bind99.patch
++  * Drop debian/source/include-binaries, pyc files are correctly cleaned up
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 09 Aug 2014 21:26:23 +0100
++
  samba (2:4.1.11+dfsg-1) unstable; urgency=high
    * New upstream release. Fixes:
@@ -2950,6 +5384,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Mon, 23 Jun 2014 18:33:27 +0200
++samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
++
++  * SECURITY UPDATE: remote code execution on unauthenticated nmbd
++    - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
++      lib/util/string_wrappers.h.
++    - CVE-2014-3560
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 01 Aug 2014 17:54:54 -0400
++
++samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
++
++  * SECURITY UPDATE: denial of service on nmbd malformed packet
++    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
++      source3/lib/system.c.
++    - CVE-2014-0244
++  * SECURITY UPDATE: denial of service via bad unicode conversion
++    - debian/patches/CVE-2014-3493.patch: refactor code in
++      source3/lib/charcnv.c, change return code checks in
++      source3/libsmb/clirap.c, source3/smbd/lanman.c.
++    - CVE-2014-3493
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 23 Jun 2014 14:10:12 -0400
++
++samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + Dropped patches:
++      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
++      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
++      - debian/patches/readline-ftbfs.patch: Use the debian version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++      (LP: #1268180)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 18 Jun 2014 10:50:25 -0400
++
  samba (2:4.1.8+dfsg-1) unstable; urgency=medium
    [ Jelmer Vernooij ]
@@ -2987,6 +5477,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Sat, 19 Apr 2014 13:39:09 +0200
++samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
++
++  * Set the stack size to unlimited during the build to avoid a SIGBUS in
++    xsltproc on some architectures.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 02 Jun 2014 23:18:40 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
++
++  * Backport from unstable (Ivo De Decker):
++    - Build-depend on heimdal-dev.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 02 Jun 2014 15:39:54 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
++
++  * No change rebuild against new dh_installinit, to call update-rc.d at
++    postinst.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:41:32 +0100
++
++samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
++
++  * cherrypick upstream patch 1310919 to fix pam_winbind regression
++    (LP: #1310919)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 29 Apr 2014 16:05:44 -0500
++
++samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
++
++  * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
++    upgrade.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 03 Apr 2014 19:08:03 -0700
++
++samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    + debian/VERSION.patch: Update vendor string to "Ubuntu".
++    +  debian/smb.conf;
++       - Add "(Samba, Ubuntu)" to server string.
++       - Comment out the default [homes] share, and add a comment about "valid users = %s"
++         to show users how to restrict access to \\server\username to only username.
++    + debian/samba-common.config:
++      - Do not change prioritiy to high if dhclient3 is installed.
++    + debian/control:
++      - Don't build against or suggest ctdb and tdb.
++    + debian/rules:
++      - Drop explicit configuration options for ctdb and tdb.
++    + Add ufw integration:
++      - Created debian/samba.ufw.profile:
++      - debian/rules, debian/samba.install: install profile
++    + Add apport hook:
++      - Created debian/source_samba.py.
++      - debian/rules, debia/samb-common-bin.install: install hook.
++    + debian/samba.logrotate: call upstart interfaces unconditionally instead
++      of hacking arround with pid files.
++    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++      first dummy transitional package version.
++    + Dropped patches:
++      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
++      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
++      - debian/patches/readline-ftbfs.patch: Use the debian version.
++    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
++      (LP: #1268180)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 02 Apr 2014 13:40:30 -0400
++
  samba (2:4.1.6+dfsg-1) unstable; urgency=high
    * New upstream security release. Fixes:
@@ -3046,6 +5604,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Sat, 18 Jan 2014 14:07:15 +0100
++samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
++
++  * debian/smb.conf: comment back some of the "share definitions"
++    options (including "valid users"). That was an Ubuntu diff and seems to
++    have been dropped in the trusty merge. Those changes seem needed to
++    get the usershare feature working (used by nautilus-share) (lp: #1261873)
++
++ -- Sebastien Bacher <seb128@ubuntu.com>  Tue, 01 Apr 2014 16:01:04 +0200
++
++samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
++
++  * SECURITY UPDATE: Password lockout not enforced for SAMR password
++    changes
++    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
++      source3/auth/check_samsec.c,
++      source3/rpc_server/samr/srv_samr_chgpasswd.c,
++      source3/rpc_server/samr/srv_samr_nt.c,
++      source3/smbd/lanman.c,
++      source4/rpc_server/samr/samr_password.c,
++      source4/torture/rpc/samr.c.
++    - CVE-2013-4496
++  * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
++    mistake
++    - debian/patches/CVE-2013-6442.patch: handle existing ACL in
++      source3/utils/smbcacls.c.
++    - CVE-2013-6442
++  * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Mar 2014 08:32:30 -0400
++
++samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
++
++  * Depend on tdb-tools (LP: #1279593)
++  * Updated generated config for Bind9.9.
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 12 Feb 2014 21:26:00 -0500
++
++samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
++
++  * Add missing python-ntdb dependency to python-samba (spotted by
++    autopkgtest).
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 10 Feb 2014 09:53:01 +0100
++
++samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++    first dummy transitional package version.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 13 Jan 2014 08:52:31 -0500
++
  samba (2:4.1.3+dfsg-2) unstable; urgency=medium
    * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -3088,6 +5717,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
   -- Steve Langasek <vorlon@debian.org>  Mon, 09 Dec 2013 11:13:59 -0800
++samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
++    first dummy transitional package version.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 11 Dec 2013 19:55:47 -0500
++
  samba (2:4.0.13+dfsg-1) unstable; urgency=high
    [ Steve Langasek ]
@@ -3142,6 +5798,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
   -- Ivo De Decker <ivo.dedecker@ugent.be>  Mon, 11 Nov 2013 15:42:40 +0100
++samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
++
++  * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
++
++ -- Dmitrijs Ledkovs <xnox@ubuntu.com>  Wed, 27 Nov 2013 21:50:43 +0000
++
++samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
++
++  * Merge from Debian Unstable:
++    - debian/VERSION.patch: Update vendor string to "Ubuntu".
++  * debian/smb.conf;
++    - Add "(Samba, Ubuntu)" to server string.
++    - Comment out the default [homes] share, and add a comment about "valid users = %s"
++      to show users how to restrict access to \\server\username to only username.
++  + debian/samba-common.config:
++    - Do not change prioritiy to high if dhclient3 is installed.
++  + debian/control:
++    - Don't build against or suggest ctdb and tdb.
++  + debian/rules:
++    - Drop explicit configuration options for ctdb and tdb.
++  + Add ufw integration:
++    - Created debian/samba.ufw.profile:
++    - debian/rules, debian/samba.install: install profile
++  + Add apport hook:
++   - Created debian/source_samba.py.
++   - debian/rules, debia/samb-common-bin.install: install hook.
++  + debian/samba.logrotate: call upstart interfaces unconditionally instead
++    of hacking arround with pid files.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 08 Nov 2013 13:47:46 +0800
++
  samba (2:4.0.10+dfsg-4) unstable; urgency=low
    [ Christian Perrier ]
 diff --git a/debian/control b/debian/control
 index 6fb98ee..c57caa6 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: samba
  Section: net
  Priority: optional
--Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
  Uploaders: Steve Langasek <vorlon@debian.org>,
             Jelmer Vernooĳ <jelmer@debian.org>,
             Mathieu Parent <sathieu@debian.org>,
@@ -59,7 +60,7 @@ Build-Depends-Arch:
  	libsystemd-dev [linux-any],
  	libtasn1-6-dev (>= 3.8),
  	libtasn1-bin,
--	liburing-dev [linux-any],
++	liburing-dev [!i386],
  	xfslibs-dev [linux-any],
  	zlib1g-dev (>= 1:1.2.3),
  # python (+#904999):
@@ -308,6 +309,7 @@ Architecture: any
  Section: python
  Depends: python3-ldb,
           python3-tdb,
++         python3-markdown,
           samba-libs (= ${binary:Version}),
           ${misc:Depends},
           ${python3:Depends},
@@ -370,6 +372,29 @@ Description: Samba Virtual FileSystem plugins
   Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are
   moved to Recommends.
++Package: samba-vfs-modules-extra
++# Since we only ship the glusterfs module so far, exclude 32bit architectures,
++# which glusterfs does not support
++Architecture: amd64 arm64 ppc64el riscv64 s390x
++Multi-Arch: same
++Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
++# glusterfs vfs modules and manpages were moved from samba-vfs-modules to
++# samba-vfs-modules-glusterfs in 2:4.19.4+dfsg-2ubuntu1
++Replaces: samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~)
++Breaks:   samba-vfs-modules (<< 2:4.19.4+dfsg-2ubuntu1~)
++Enhances: samba
++Description: Samba Virtual FileSystem extra modules
++ Samba is an implementation of the SMB/CIFS protocol for Unix systems,
++ providing support for cross-platform file sharing with Microsoft Windows, OS X,
++ and other Unix systems.  Samba can also function as a domain controller
++ or member server in Active Directory or NT4-style domains.
++ .
++ Virtual FileSystem modules are stacked shared libraries extending the
++ functionality of Samba. This package ships some extra VFS modules which
++ were previously shipped in samba-vfs-modules:
++  * vfs_gluterfs
++  * vfs_glusterfs_fuse
++
  Package: libsmbclient
  Section: libs
  Architecture: any
@@ -407,8 +432,9 @@ Depends: samba-common (= ${source:Version}),
  Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5>
  Suggests: libnss-winbind, libpam-winbind
  # 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind
--Breaks:   samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),
--Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~),
++# In Ubuntu, this was first done in 2:4.17.7+dfsg-1ubuntu1. See LP: #2024663
++Breaks:   samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
++Replaces: samba (<< 2:4.17.7+dfsg-1ubuntu1~), samba-libs (<< 2:4.17.7+dfsg-1ubuntu1~),
  Description: service to resolve user and group information from Windows NT servers
   Samba is an implementation of the SMB/CIFS protocol for Unix systems,
   providing support for cross-platform file sharing with Microsoft Windows, OS X,
 diff --git a/debian/rules b/debian/rules
 index 8e55a7b..1bad8a6 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -268,6 +268,15 @@ endif
  	dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \
  	                  /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat
++execute_after_dh_install:
++# gluster vfs modules are in a separate package. Moving the modules here
++# avoids having to list all but the gluster modules in
++# d/samba-vfs-modules.install
++ifeq ($(with-glusterfs), yes)
++	rm debian/samba-vfs-modules/usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs*.so
++	rm debian/samba-vfs-modules/usr/share/man/man8/vfs_glusterfs*.8
++endif
++
  provision-dest := debian/samba-ad-provision/usr/share/samba/setup
  override_dh_auto_install-indep:
@@ -349,7 +358,7 @@ override_dh_shlibdeps:
  # for specific executables/modules, put dependencies in separate variables
  # to change Depends to Recommends for them in d/control
  	dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \
--	    -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
++	    -Xceph.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper
  ifneq (,$(filter ctdb, ${build-pkgs}))
  	echo "rados:Depends=" >> debian/ctdb.substvars
  ifneq (${with-ceph},)
@@ -362,8 +371,7 @@ ifneq (,$(filter samba-vfs-modules,${build-pkgs}))
  ifneq (${with-snapper}${with-ceph}${with-glusterfs},)
  	dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \
  	    $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \
--	    $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \
--	    $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so)
++	    $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so)
  endif
  endif
  # after shlibdeps run, check that we don't have wrong depdendencies
 diff --git a/debian/samba-vfs-modules-extra.install b/debian/samba-vfs-modules-extra.install
 new file mode 100644
 index 0000000..c360548
 --- /dev/null
 +++ b/debian/samba-vfs-modules-extra.install
@@ -0,0 +1,4 @@
++usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs.so
++usr/lib/${DEB_HOST_MULTIARCH}/samba/vfs/glusterfs_fuse.so
++usr/share/man/man8/vfs_glusterfs.8
++usr/share/man/man8/vfs_glusterfs_fuse.8
 diff --git a/debian/tests/control b/debian/tests/control
 index d27e025..b37632e 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -28,3 +28,7 @@ Restrictions: needs-root, allow-stderr, isolation-container, skippable
  Tests: reinstall-samba-common-bin
  Depends: samba-common, samba-common-bin
  Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr
++
++Tests: samba-ad-dc-provisioning-internal-dns
++Depends: samba-ad-dc, samba-ad-provision, smbclient, krb5-user, bind9-dnsutils, lxd | snapd, lsb-release, dctrl-tools
++Restrictions: needs-root, isolation-machine, allow-stderr, breaks-testbed
 diff --git a/debian/tests/samba-ad-dc-provisioning-internal-dns b/debian/tests/samba-ad-dc-provisioning-internal-dns
 new file mode 100755
 index 0000000..f61fa5e
 --- /dev/null
 +++ b/debian/tests/samba-ad-dc-provisioning-internal-dns
@@ -0,0 +1,398 @@
++#!/bin/bash
++
++set -e
++set -o pipefail
++
++source debian/tests/util
++
++declare -r domain="EXAMPLE"
++declare -r realm="EXAMPLE.FAKE"
++declare -r adminpass="Passw0rd"
++declare -r test_user="test_user_${RANDOM}"
++declare -r test_pw="test_user_secret_${RANDOM}"
++declare -A user_pass
++user_pass[Administrator]="${adminpass}"
++user_pass[${test_user}]="${test_pw}"
++declare -A join_method_deps
++# Minimum set of deps: let realmd install the extra dependencies
++# as needed, depending on the join method.
++join_method_deps[realmd_sssd]="realmd krb5-user smbclient"
++join_method_deps[realmd_winbind]="realmd krb5-user smbclient"
++
++
++cleanup() {
++    rc=$?
++    set +e # so we don't exit midcleanup
++    if [ ${rc} -ne 0 ]; then
++        echo "## Something failed, gathering logs"
++        echo
++        echo "## smb.conf"
++        cat /etc/samba/smb.conf
++        echo
++        echo "## resolv.conf"
++        cat /etc/resolv.conf
++        echo
++        echo "## resolvectl status"
++        resolvectl status
++        echo "## journal for samba-ad-dc.service"
++        journalctl -u samba-ad-dc.service --lines 500
++        echo
++        for log in /var/log/samba/log.*; do
++            # skip compressed logrotated files
++            if [ "${log%.gz}" != "${log}" ]; then
++                continue
++            fi
++            [ -s "${log}" ] || continue
++            echo "## $(basename ${log}):"
++            tail -n 500 "${log}"
++            echo
++        done
++        echo "## syslog"
++        tail -n 500 /var/log/syslog
++    fi
++}
++
++trap cleanup EXIT
++
++assert_testparm() {
++    local parameter="${1}"
++    local expected_value="${2}"
++    local current_value=""
++    local -i retval=0
++
++    echo -n "Asserting ${parameter} is ${expected_value}: "
++    current_value=$(testparm -s --parameter-name "${parameter}" 2>/dev/null) || {
++        retval=$?
++        echo "FAIL"
++        return ${retval}
++    }
++    if [ "${current_value}" = "${expected_value}" ]; then
++        echo "OK"
++        return 0
++    else
++        echo "FAIL"
++        return 1
++    fi
++}
++
++basic_config_tests() {
++    echo "## Basic config tests"
++    testparm -s > /dev/null
++    assert_testparm "realm" "${realm}"
++    assert_testparm "workgroup" "${domain}"
++    assert_testparm "server role" "active directory domain controller"
++    echo
++}
++
++dns_tests() {
++    echo "## DNS tests"
++    echo "Obtaining administrator kerberos ticket"
++    echo "${adminpass}" | timeout --verbose 30 kinit Administrator
++    echo
++    echo "Querying server info"
++    samba-tool dns serverinfo "$(hostname)"
++    echo
++    echo "Checking we got a service ticket of type host/"
++    klist | grep "host/$(hostname)"
++    echo
++    echo "Checking specific DNS records"
++    for srv in _ldap._tcp _kerberos._tcp _kerberos._udp _kpasswd._udp; do
++        echo -n "${srv}.${realm,,}: "
++        dig @localhost +short -t SRV ${srv}.${realm,,}
++        echo
++    done
++    echo
++    echo -n "Checking that our hostname \"$(hostname)\" is in DNS: "
++    myip=$(dig @localhost +short -t A "$(hostname).${realm,,}")
++    echo "${myip}"
++    echo
++}
++
++user_creation_tests() {
++    echo "## User creation tests"
++    samba-tool domain passwordsettings set --complexity=off
++    echo "Creating user \"${test_user}\" with password ${test_pw}"
++    samba-tool user add "${test_user}" "${test_pw}"
++    echo
++    echo "Attempting to obtain kerberos ticket for user \"${test_user}\""
++    # just in case it ends up waiting at a prompt, we use "timeout"
++    echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
++    echo "Ticket obtained"
++    klist
++    echo
++}
++
++smbclient_tests() {
++    echo "## smbclient tests"
++    kdestroy || :
++    echo
++    echo "Obtaining a TGT for ${test_user}"
++    echo "${test_pw}" | timeout --verbose 30 kinit "${test_user}"
++    klist | grep krbtgt
++    echo
++    echo "Attempting password-less authentication with smbclient"
++    echo
++    echo "Listing shares"
++    smbclient -L "$(hostname)" --use-kerberos=required -k
++    echo
++    echo "Listing the sysvol share"
++    smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls"
++    echo
++    echo "Listing policies"
++    # lowercase the ${realm}
++    smbclient "//$(hostname)/sysvol" --use-kerberos=required -k -c "ls ${realm,,}/Policies/*"
++    echo
++    echo "Checking that we have a ticket for the cifs service after all these commands"
++    klist | grep cifs/
++    echo
++}
++
++server_join_tests() {
++    local member_server
++    # the join methods are the keys of the join_method_deps dict
++    local -a methods=("${!join_method_deps[@]}")
++    local member_server="member-server"
++
++    echo "## Server join tests"
++    echo "## Initializing lxd"
++    setup_lxd "${realm,,}"
++
++    for method in "${methods[@]}"; do
++        echo "## Setting up member server to join a domain using method ${method}"
++        setup_member_server "${member_server}" "${method}"
++        echo "## Joining domain with method ${method}"
++        join_domain "${member_server}" "${method}"
++        echo
++        echo "## Verifying join with method ${method}"
++        verify_join "${member_server}" "${method}"
++        echo
++        echo "## Leaving domain with method ${method}"
++        leave_domain "${member_server}" "${method}"
++        echo
++        echo "## Destroying member server"
++        lxc delete --force "${member_server}"
++    done
++}
++
++setup_member_server() {
++    local container_name="${1}"
++    local method="${2}"
++    local release
++
++    release="$(lsb_release -cs)"
++    if [ -z "${join_method_deps[${method}]}" ]; then
++        echo "## INTERNAL ERROR, invalid join method: ${method}"
++        return 1
++    fi
++    echo "## Got test dependencies: ${join_method_deps[${method}]}"
++    # can't use cloud-init here to install packages, because we first need to
++    # sync the apt config from the host to the container
++    echo "## Launching ${release} container"
++    lxc launch "ubuntu-daily:${release}" "${container_name}" -q
++    wait_container_ready "${container_name}"
++    send_apt_config "${container_name}"
++    copy_local_apt_files "${container_name}"
++    echo "## Installing dependencies in test container"
++    install_packages_in_container "${container_name}" ${join_method_deps[${method}]}
++}
++
++join_domain_realmd_winbind() {
++    local server="${1}"
++    local discover_cmd="realm discover -v --membership-software=samba --client-software=winbind ${realm,,}"
++    local join_cmd="realm join -v --membership-software=samba --client-software=winbind ${realm,,}"
++
++    echo "## Domain information"
++    lxc exec "${server}" -- ${discover_cmd}
++    echo
++    echo "## Running join command: ${join_cmd}"
++    echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
++}
++
++verify_join_realmd_winbind() {
++    local server="${1}"
++    local member_domain
++
++    echo -n "## Verifying member server joined domain name: "
++    member_domain=$(lxc exec "${server}" -- wbinfo --own-domain)
++    echo "${member_domain}"
++    if [ "${member_domain}" != "${domain}" ]; then
++        echo "ERROR: expected member server domain to match the joined domain:"
++        echo "member server domain: ${member_domain}"
++        echo "AD domain: ${domain}"
++        return 1
++    fi
++    echo
++    # we just want to see the output, not parse it
++    echo "## Domain status in member server"
++    lxc exec "${server}" -- wbinfo --domain-info "${member_domain}"
++    echo
++    echo "## User status in member server"
++    for u in "${!user_pass[@]}"; do
++        echo "## User \"${u}@${realm}\" information:"
++        lxc exec "${server}" -- wbinfo --user-info "${u}@${realm}"
++        echo
++        echo "## id ${u}@${realm}"
++        lxc exec "${server}" -- id ${u}@${realm}
++        echo
++        echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
++        echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
++        lxc exec "${server}" -- klist
++        echo
++        echo "## Listing shares with the obtained kerberos ticket"
++        lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
++        lxc exec "${server}" -- kdestroy
++        echo
++        echo "## wbinfo authentication check for user \"${u}@${realm}\" inside member server"
++        # non-interactive format for username is user%password
++        lxc exec "${server}" -- wbinfo --authenticate="${u}@${realm}%${user_pass[${u}]}"
++        echo
++        echo "## wbinfo kerberos authentication check for user \"${u}@${realm}\" inside member server"
++        lxc exec "${server}" -- wbinfo --krb5auth="${u}@${realm}%${user_pass[${u}]}"
++        echo
++        echo "## Listing shares with the obtained kerberos ticket"
++        lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
++        lxc exec "${server}" -- kdestroy
++    done
++}
++
++leave_domain_realmd_winbind() {
++    local server="${1}"
++    local leave_cmd="realm leave -v --remove --client-software=winbind"
++
++    echo "## Running leave command: ${leave_cmd}"
++    echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
++}
++
++join_domain_realmd_sssd() {
++    local server="${1}"
++    local discover_cmd="realm discover -v --membership-software=adcli --client-software=sssd ${realm,,}"
++    local join_cmd="realm join -v --membership-software=adcli --client-software=sssd ${realm,,}"
++
++    echo "## Domain information"
++    lxc exec "${server}" -- ${discover_cmd}
++    echo
++    echo "## Running join command: ${join_cmd}"
++    echo "${adminpass}" | lxc exec "${server}" -- ${join_cmd}
++    echo
++}
++
++verify_join_realmd_sssd() {
++    local server="${1}"
++    local samba_domain
++
++    echo -n "## Verifying member server joined domain name: "
++    samba_domain=$(lxc exec "${server}" -- sssctl domain-list)
++    echo "${samba_domain}"
++    if [ "${samba_domain}" != "${realm,,}" ]; then
++        echo "ERROR: expected member server domain to match the joined domain:"
++        echo "member server domain: ${samba_domain}"
++        echo "AD domain: ${realm,,}"
++        return 1
++    fi
++    echo
++    # we just want to see the output, not parse it
++    echo "## Domain status in member server"
++    lxc exec "${server}" -- sssctl domain-status "${realm}"
++    echo
++    echo "## User status in member server"
++    for u in "${!user_pass[@]}"; do
++        echo "## User \"${u}@${realm}\" information:"
++        lxc exec "${server}" -- sssctl user-checks "${u}@${realm}"
++        echo
++        echo "## id ${u}@${realm}"
++        lxc exec "${server}" -- id "${u}@${realm}"
++        echo
++        echo "## kinit authentication check for user \"${u}@${realm}\" inside member server"
++        echo "${user_pass[${u}]}" | lxc exec "${server}" -- timeout --verbose 30 kinit "${u}@${realm}"
++        lxc exec "${server}" -- klist
++        echo
++        echo "## Listing shares with the obtained kerberos ticket"
++        lxc exec "${server}" -- smbclient -L "$(hostname)" --use-kerberos=required -k
++        lxc exec "${server}" -- kdestroy
++    done
++}
++
++leave_domain_realmd_sssd() {
++    local server="${1}"
++    local leave_cmd="realm leave -v --remove --client-software=sssd"
++
++    echo "## Running leave command: ${leave_cmd}"
++    echo "${adminpass}" | lxc exec "${server}" -- ${leave_cmd}
++}
++
++join_domain() {
++    local server="${1}"
++    local m="${2}"
++
++    join_domain_${m} "${server}"
++}
++
++verify_join() {
++    local server="${1}"
++    local m="${2}"
++
++    verify_join_${m} "${server}"
++}
++
++leave_domain() {
++    local server="${1}"
++    local m="${2}"
++
++    leave_domain_${m} "${server}"
++}
++
++systemctl stop smbd nmbd winbind
++systemctl disable smbd nmbd winbind
++systemctl mask smbd nmbd winbind
++
++systemctl unmask samba-ad-dc
++systemctl enable samba-ad-dc
++
++if [ -f /etc/samba/smb.conf ]; then
++    mv /etc/samba/smb.conf{,.orig}
++fi
++
++# make sure we are starting fresh, as previous tests might left things around
++
++rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba/*
++kdestroy || :
++
++samba-tool domain provision \
++    --domain="${domain}" \
++    --realm="${realm}" \
++    --adminpass="${adminpass}" \
++    --server-role=dc \
++    --use-rfc2307 \
++    --dns-backend=SAMBA_INTERNAL
++
++current_dns=$(resolvectl status | grep "^Current DNS Server:" | awk '{print $4}')
++
++if [ -n "${current_dns}" ]; then
++    echo "## Setting dns forwarder to ${current_dns} in smb.conf"
++    sed -r -i "s,dns forwarder = .*,dns forwarder = ${current_dns}," \
++        /etc/samba/smb.conf
++    unlink /etc/resolv.conf
++    echo "nameserver 127.0.0.1" > /etc/resolv.conf
++    # lowercase substitution
++    echo "search ${realm,,}" >> /etc/resolv.conf
++    systemctl stop systemd-resolved
++    systemctl disable systemd-resolved
++else
++    echo "## Warning, couldn't detect the current DNS server to use as forwarder in smb.conf"
++    echo "## resolvectl status:"
++    resolvectl status
++    echo "## Continuing, and hoping for the best"
++fi
++
++cp -f /var/lib/samba/private/krb5.conf /etc/krb5.conf
++
++systemctl start samba-ad-dc
++
++# give it some time, it's a lot of services to start
++sleep 5s
++
++basic_config_tests
++dns_tests
++user_creation_tests
++smbclient_tests
++server_join_tests
 diff --git a/debian/tests/util b/debian/tests/util
 index 4278ee7..13b627b 100644
 --- a/debian/tests/util
 +++ b/debian/tests/util
@@ -16,7 +16,7 @@ EOFEOF
          if [ -n "${vfs}" ]; then
              echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf
          fi
--        systemctl restart smbd.service
++        systemctl reload smbd.service
      else
          echo "Share [${share}] already exists, continuing"
      fi
@@ -66,3 +66,125 @@ ensure_uring_available() {
          exit 77
      fi
+ }
++
++wait_container_ready() {
++    local container="${1}"
++    local -i limit=120 # seconds
++    local -i i=0
++    local -i result=0
++    local ip
++    local output
++
++    while /bin/true; do
++        ip=$(lxc list "${container}" -c 4 --format=compact | tail -1 | awk '{print $1}')
++        if [ -n "${ip}" ]; then
++            break
++        fi
++        i=$((i+1))
++        if [ ${i} -ge ${limit} ]; then
++            return 1
++        fi
++        sleep 1s
++        echo -n "."
++    done
++    while ! nc -z "${ip}" 22; do
++        echo -n "."
++        i=$((i+1))
++        if [ ${i} -ge ${limit} ]; then
++            return 1
++        fi
++        sleep 1s
++    done
++    # cloud-init might still be doing things...
++    # this call blocks, so wrap it in its own little timeout
++    output=$(lxc exec "${container}" -- timeout --verbose $((limit-i)) cloud-init status --wait) || {
++        result=$?
++        # 2 is a warning, we will ignore it
++        # See LP: #2048522
++        if [ ${result} -ne 2 ]; then
++            echo "cloud-init status --wait failed on container ${container}"
++            echo "${output}"
++            return ${result}
++        fi
++    }
++    echo
++}
++
++install_lxd() {
++    # Ubuntu now has the lxd-installer package, which tricks you into thinking
++    # lxd is installed, when in fact it's not, so checking for "lxd" in PATH is
++    # not enough. Let's just assume that in Ubuntu lxd is always a snap.
++    vendor=$(dpkg-vendor --query Vendor)
++    if [ "${vendor}" = "Ubuntu" ]; then
++        # install the snap if needed
++        snap list lxd > /dev/null 2>&1 || {
++            echo "Installing the LXD snap..."
++            snap install lxd
++        }
++    else
++       if ! command -v lxd > /dev/null 2>&1; then
++           echo "ERROR, no lxd found"
++           return 1
++       fi
++    fi
++}
++
++setup_lxd() {
++    local dns_domain="${1}"
++    local network
++    local nic
++    local dns_ip
++
++    install_lxd
++    # Stop samba while lxd is setup, to avoid conflicts on lxdbr0:53
++    systemctl stop samba-ad-dc
++    lxd init --auto
++    lxd waitready --timeout 600
++    network=$(lxc network list --format=compact | grep -E "bridge.*YES.*CREATED")
++    nic=$(echo "${network}" | awk '{print $1}')
++    dns_ip=$(echo "${network}" | awk '{print $4}' | cut -d / -f 1) # strip the cidr
++    # port=0 effectively disables dnsmasq's DNS, so it doesn't conflict with samba's DNS
++    lxc network set "${nic:-lxdbr0}" ipv6.address=none dns.domain="${dns_domain}" raw.dnsmasq="$(echo -e port=0\\ndhcp-option=option:dns-server,${dns_ip})"
++    if [ -n "${http_proxy}" ]; then
++        lxc config set core.proxy_http "${http_proxy}"
++    fi
++    if [ -n "${https_proxy}" ]; then
++        lxc config set core.proxy_https "${https_proxy}"
++    fi
++    if [ -n "${noproxy}" ]; then
++        lxc config set core.proxy_ignore_hosts "${noproxy}"
++    fi
++    systemctl start samba-ad-dc
++    # give it some time, it's a lot of services to start
++    sleep 5s
++}
++
++# Copy the local apt package archive over to the lxd container.
++copy_local_apt_files() {
++    local container_name="${1:-docker}"
++
++    for local_source in $(apt-get indextargets | grep-dctrl -F URI -e '^file:/' -sURI | awk '{print $2}'); do
++        local_source=${local_source#file:}
++        local_dir=$(dirname "${local_source}")
++        lxc exec "${container_name}" -- mkdir -p "${local_dir}"
++        tar -cC "${local_dir}" . | lxc exec "${container_name}" -- tar -xC "${local_dir}"
++    done
++}
++
++send_apt_config() {
++    echo "Copying over /etc/apt to container ${1}"
++    lxc exec "${1}" -- rm -rf /etc/apt
++    lxc exec "${1}" -- mkdir -p /etc/apt
++    tar -cC /etc/apt . | lxc exec "${1}" -- tar -xC /etc/apt
++}
++
++install_packages_in_container() {
++    local container="${1}"
++    shift
++    local packages="${*}"
++
++    echo "### Installing dependencies in member server container: ${packages}"
++    lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get update -q
++    lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get dist-upgrade -q -y
++    lxc exec "${container}" --env DEBIAN_FRONTEND=noninteractive -- apt-get install -q -y ${packages}
++}

Ubuntusamba package

Merge ~ahasenack/ubuntu/+source/samba:noble-samba-merge-3 into ubuntu/+source/samba:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
samba package