Ubuntu
samba package

Merge ~athos-ribeiro/ubuntu/+source/samba:merge-2%4.13.5+dfsg-2-impish into ubuntu/+source/samba:debian/sid

  1. Git
  2. lp:~athos-ribeiro/ubuntu/+source/samba
  3. merge-2%4.13.5+dfsg-2-impish
  4. Merge into debian/sid
Proposed by Athos Ribeiro
Status: Merged
Approved by: Lucas Kanashiro
Approved revision: 7670f12942f8766327d24d89d15a30a420af4e55
Merge reported by: Christian Ehrhardt 
Merged at revision: 7670f12942f8766327d24d89d15a30a420af4e55
Proposed branch: ~athos-ribeiro/ubuntu/+source/samba:merge-2%4.13.5+dfsg-2-impish
Merge into: ubuntu/+source/samba:debian/sid
Diff against target: 2412 lines (+2044/-20)
6 files modified
debian/changelog (+2006/-0)
debian/control (+9/-9)
debian/patches/VERSION.patch (+2/-2)
debian/smb.conf (+15/-9)
debian/tests/cifs-share-access-uring (+6/-0)
debian/tests/smbclient-share-access-uring (+6/-0)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Canonical Server Pending
Sergio Durigan Junior Pending
Review via email: mp+402774@code.launchpad.net

Description of the change

Hi,

This is the MP for samba 2:4.13.5+dfsg-2.

A PPA build for this MP is available at https://launchpad.net/~athos-ribeiro/+archive/ubuntu/merge-samba-4.13.5+dfsg-2-impish/+packages

I did run autopkgtest tests locally. Here is the test result summary:

autopkgtest [18:09:54]: @@@@@@@@@@@@@@@@@@@@ summary
cifs-share-access PASS
cifs-share-access-uring PASS
python-smoke PASS
smbclient-anonymous-share-list PASS
smbclient-authenticated-share-list PASS
smbclient-share-access PASS
smbclient-share-access-uring PASS

Complete test results are also available at https://autopkgtest.ubuntu.com/results/autopkgtest-impish-athos-ribeiro-merge-samba-4.13.5+dfsg-2-impish/?format=plain

Note that i386 tests are failing due to missing binary packages for that arch (which were explicitly removed in our delta). This has been the state of these tests since focal: https://autopkgtest.ubuntu.com/packages/samba

For this merge, I consolidated the delta changes on disbling/re-enabling some of the i386 binaries in d/rules. The commits were re-ordered and squashed to avoid disabling and then re-enabling some of the i386 binary packages, making a single operation to only disable some of them. This patch was latter dropped in the merge process since it was handled in Debian.

The patch that disables glusterfs support was changed. Debian added support for doing it in the package, therefore, the patch got a bit simpler.

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

* Changelog:
  - [√] old content and logical tag match as expected
  - [√] changelog entry correct version and targeted codename
  - [√] changelog entries correct
  - [√] update-maintainer has been run

* Actual changes:
  - [√] no upstream changes to consider
  - [√] no further upstream version to consider
     + Upstream has some release ahead of Debian but we should not diverge.
  - [√] debian changes look safe

* Old Delta:
  - [√] dropped changes are ok to be dropped
  - [√] nothing else to drop
  - [-] changes forwarded upstream/debian (if appropriate)

* New Delta:
  - [√] no new patches added
  - [-] patches match what was proposed upstream
  - [-] patches correctly included in debian/patches/series
  - [-] patches have correct DEP3 metadata

* Build/Test:
  - [√] build is ok
  - [√] verified PPA package installs/uninstalls
  - [√] autopkgtest against the PPA package passes
  - [√] sanity checks test fine

Thanks for the MP Athos, LGTM.

If I were you I would avoid to add " * Drop change:" in all commit messages dropping changes, just the first one, with that git-ubuntu can generate the changelog for you in the right format (and avoiding an extra commit just fixing those things). Related to this I would remove " * Added changes:" from Sergio's commit, the first time I saw I thought you were adding this change :)

 172961d... by Sergio Durigan Junior on 2021-01-13

      * Added changes:
        - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
          Skip running the tests if on i386 platform, because the uring
          package is not available there.

I've been picky here but the commit messages in the right format can help a lot in the next merge, avoiding manual changes. However, this is not a big deal, I am approving this MP. Let me know when you want me to sponsor this upload for you.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP Athos, and thanks for the review, Lucas!

I would like to have a session with Athos to discuss a few things I noticed that could be improved, so you can leave the upload to me, Lucas. I will get in touch with him and set something up (for next week, probably).

Cheers.

~athos-ribeiro/ubuntu/+source/samba:merge-2%4.13.5+dfsg-2-impish updated
53df51d... by Athos Ribeiro

    - SECURITY UPDATE: wrong group entries via negative idmap cache entries
      + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
        source3/passdb/lookup_sid.c.
      + CVE-2021-20254
      [Included in 2:4.13.5+dfsg-2]

00ee2ee... by Athos Ribeiro

  * Dropped changes:
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
      [Included in 2:4.13.4+dfsg-1]

0c1775f... by Athos Ribeiro

    - d/p/ctdb-config-enable-syslog-by-default.patch:
      enable syslog and systemd journal by default
      [Included in 2:4.13.4+dfsg-1]

7e22994... by Athos Ribeiro

    - debian/rules: Ubuntu i386 binary compatibility:
      + drop ceph support
      + disable the following binary packages:
        - ctdb
        - libnss-winbind
        - libpam-winbind
        - python3-samba
        - samba
        - samba-common-bin
        - samba-testsuite
        - winbind
      [Included in 2:4.13.4+dfsg-1]

9808bd3... by Athos Ribeiro

merge-changelogs

0450c2f... by Athos Ribeiro

reconstruct-changelog

7670f12... by Athos Ribeiro

update-maintainer

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Sergio and I re-worked some bits of this merge. In special we were able to completely drop another patch of the delta (instead of just reducing its size) and improved the changelog.

A PPA build for this MP is still available at https://launchpad.net/~athos-ribeiro/+archive/ubuntu/merge-samba-4.13.5+dfsg-2-impish/+packages (with a new build for the recent changes)

I did run autopkgtest tests locally again. Here is the test result summary:

autopkgtest [08:47:54]: @@@@@@@@@@@@@@@@@@@@ summary
cifs-share-access PASS
cifs-share-access-uring PASS
python-smoke PASS
smbclient-anonymous-share-list PASS
smbclient-authenticated-share-list PASS
smbclient-share-access PASS
smbclient-share-access-uring PASS

Revision history for this message
Lucas Kanashiro (lucaskanashiro) :
review: Abstain
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for the changes Athos and Sergio. LGTM, +1.

Would you want me to sponsor this upload? Or Sergio wants to do it?

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

I was told I can upload it. Please track its migration to the release pocket.

$ git push pkg upload/2%4.13.5+dfsg-2ubuntu1
Enumerating objects: 63, done.
Counting objects: 100% (63/63), done.
Delta compression using up to 32 threads
Compressing objects: 100% (18/18), done.
Writing objects: 100% (54/54), 22.65 KiB | 1.62 MiB/s, done.
Total 54 (delta 37), reused 51 (delta 36)
To ssh://git.launchpad.net/ubuntu/+source/samba
 * [new tag] upload/2%4.13.5+dfsg-2ubuntu1 -> upload/2%4.13.5+dfsg-2ubuntu1
$ dput ubuntu ../samba_4.13.5+dfsg-2ubuntu1_source.changes
Checking signature on .changes
gpg: ../samba_4.13.5+dfsg-2ubuntu1_source.changes: Valid signature from F823A2729883C97C
Checking signature on .dsc
gpg: ../samba_4.13.5+dfsg-2ubuntu1.dsc: Valid signature from F823A2729883C97C
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading samba_4.13.5+dfsg-2ubuntu1.dsc: done.
  Uploading samba_4.13.5+dfsg-2ubuntu1.debian.tar.xz: done.
  Uploading samba_4.13.5+dfsg-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

 samba | 2:4.13.5+dfsg-2ubuntu1 | impish | source, amd64, arm64, armhf, ppc64el, riscv64, s390x

A later rebuild for openldap is still stuck but this one is complete , setting merged status

Update scan failed

At least one of the branches involved have failed to scan. You can manually schedule a rescan if required.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index d05dfc2..8642a87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,61 @@
1samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
5 - debian/smb.conf;
6 + Add "(Samba, Ubuntu)" to server string.
7 + Comment out the default [homes] share, and add a comment about
8 "valid users = %s" to show users how to restrict access to
9 \\server\username to only username.
10 - d/control: Disable glusterfs support because it's not in main.
11 MIR bug is https://launchpad.net/bugs/1274247
12 - debian/control: Ubuntu i386 binary compatibility:
13 + drop ceph support
14 - d/control: add a versioned libgnutls28-dev build-depends to reduce
15 the amount of in-tree crypto code that is built
16 - d/control: enable the liburing vfs module, except on i386 where
17 liburing is not available
18 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
19 Skip running the tests if on i386 platform, because the uring
20 package is not available there.
21 * Dropped changes:
22 - debian/samba-common.config:
23 + Do not change priority to high if dhclient3 is installed.
24 [Included in 2:4.13.4+dfsg-1]
25 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
26 change nfs service name from nfs to nfs-kernel-server
27 (LP #722201)
28 [Included in 2:4.13.4+dfsg-1]
29 - d/p/ctdb-config-enable-syslog-by-default.patch:
30 enable syslog and systemd journal by default
31 [Included in 2:4.13.4+dfsg-1]
32 - debian/rules: Ubuntu i386 binary compatibility:
33 + drop ceph support
34 + disable the following binary packages:
35 - ctdb
36 - libnss-winbind
37 - libpam-winbind
38 - python3-samba
39 - samba
40 - samba-common-bin
41 - samba-testsuite
42 - winbind
43 [Included in 2:4.13.4+dfsg-1]
44 - debian/rules: Ubuntu i386 binary compatibility:
45 + re-enable the following binary packages:
46 - libnss-winbind
47 - samba-common-bin
48 - python3-samba
49 - winbind
50 [Included in 2:4.13.4+dfsg-1]
51 - SECURITY UPDATE: wrong group entries via negative idmap cache entries
52 + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
53 source3/passdb/lookup_sid.c.
54 + CVE-2021-20254
55 [Included in 2:4.13.5+dfsg-2]
56
57 -- Athos Ribeiro <athos.ribeiro@canonical.com> Mon, 17 May 2021 11:51:54 -0300
58
1samba (2:4.13.5+dfsg-2) unstable; urgency=high59samba (2:4.13.5+dfsg-2) unstable; urgency=high
260
3 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group61 * CVE-2021-20254: Negative idmap cache entries can cause incorrect group
@@ -29,6 +87,86 @@ samba (2:4.13.4+dfsg-1) unstable; urgency=medium
2987
30 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +010088 -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100
3189
90samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
91
92 * SECURITY UPDATE: wrong group entries via negative idmap cache entries
93 - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
94 source3/passdb/lookup_sid.c.
95 - CVE-2021-20254
96
97 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Apr 2021 06:48:54 -0400
98
99samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
100
101 * No change rebuild to pick up liburing, and also
102 fix d/t/cifs-share-access-uring. (LP: #1914145)
103
104 -- Mauricio Faria de Oliveira <mfo@canonical.com> Wed, 03 Feb 2021 09:14:25 -0300
105
106samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
107
108 * Merge with Debian unstable. Remaining changes:
109 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
110 - debian/smb.conf;
111 + Add "(Samba, Ubuntu)" to server string.
112 + Comment out the default [homes] share, and add a comment about
113 "valid users = %s" to show users how to restrict access to
114 \\server\username to only username.
115 - debian/samba-common.config:
116 + Do not change priority to high if dhclient3 is installed.
117 - d/control, d/rules: Disable glusterfs support because it's not in main.
118 MIR bug is https://launchpad.net/bugs/1274247
119 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
120 change nfs service name from nfs to nfs-kernel-server
121 (LP #722201)
122 - d/p/ctdb-config-enable-syslog-by-default.patch:
123 enable syslog and systemd journal by default
124 - debian/rules: Ubuntu i386 binary compatibility:
125 + drop ceph support
126 + disable the following binary packages:
127 - ctdb
128 - libnss-winbind
129 - libpam-winbind
130 - python3-samba
131 - samba
132 - samba-common-bin
133 - samba-testsuite
134 - winbind
135 - debian/control: Ubuntu i386 binary compatibility:
136 + drop ceph support
137 - debian/rules: Ubuntu i386 binary compatibility:
138 + re-enable the following binary packages:
139 - libnss-winbind
140 - samba-common-bin
141 - python3-samba
142 - winbind
143 - d/control: add a versioned libgnutls28-dev build-depends to reduce
144 the amount of in-tree crypto code that is built
145 - d/control: enable the liburing vfs module, except on i386 where
146 liburing is not available
147 * Dropped changes, incorporated by Debian:
148 - d/t/smbclient-anonymous-share-list: add set -x and set -e
149 - Factor out common DEP8 test code into d/t/util and change the tests
150 to source from it:
151 + d/t/util: added
152 + d/t/cifs-share-access, d/t/smbclient-share-access: source from
153 util, use random share name and add set -x and set -u
154 + d/t/smbclient-authenticated-share-list: source from util and add
155 set -x and set -u
156 - Add new DEP8 tests for the uring vfs module:
157 + d/t/control: add smbclient-share-access-uring and
158 cifs-share-access-uring tests
159 + d/t/smbclient-share-access-uring: new test
160 + d/t/cifs-share-access-uring: new test
161 - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
162 guard uring tests with a kernel version check and skip if it's too old
163 * Added changes:
164 - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
165 Skip running the tests if on i386 platform, because the uring
166 package is not available there.
167
168 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Wed, 13 Jan 2021 15:44:04 -0500
169
32samba (2:4.13.3+dfsg-1) unstable; urgency=medium170samba (2:4.13.3+dfsg-1) unstable; urgency=medium
33171
34 [ Andreas Hasenack ]172 [ Andreas Hasenack ]
@@ -44,6 +182,93 @@ samba (2:4.13.3+dfsg-1) unstable; urgency=medium
44182
45 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100183 -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100
46184
185samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium
186
187 * Merge with Debian unstable (LP: #1905048). Remaining changes:
188 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
189 - debian/smb.conf;
190 + Add "(Samba, Ubuntu)" to server string.
191 + Comment out the default [homes] share, and add a comment about
192 "valid users = %s" to show users how to restrict access to
193 \\server\username to only username.
194 - debian/samba-common.config:
195 + Do not change priority to high if dhclient3 is installed.
196 - d/control, d/rules: Disable glusterfs support because it's not in main.
197 MIR bug is https://launchpad.net/bugs/1274247
198 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
199 change nfs service name from nfs to nfs-kernel-server
200 (LP #722201)
201 - d/p/ctdb-config-enable-syslog-by-default.patch:
202 enable syslog and systemd journal by default
203 - debian/rules: Ubuntu i386 binary compatibility:
204 + drop ceph support
205 + disable the following binary packages:
206 - ctdb
207 - libnss-winbind
208 - libpam-winbind
209 - python3-samba
210 - samba
211 - samba-common-bin
212 - samba-testsuite
213 - winbind
214 - debian/control: Ubuntu i386 binary compatibility:
215 + drop ceph support
216 - debian/rules: Ubuntu i386 binary compatibility:
217 + re-enable the following binary packages:
218 - libnss-winbind
219 - samba-common-bin
220 - python3-samba
221 - winbind
222 - d/control: add a versioned libgnutls28-dev build-depends to reduce
223 the amount of in-tree crypto code that is built
224 * d/t/smbclient-anonymous-share-list: add set -x and set -e
225 * Factor out common DEP8 test code into d/t/util and change the tests
226 to source from it:
227 - d/t/util: added
228 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
229 util, use random share name and add set -x and set -u
230 - d/t/smbclient-authenticated-share-list: source from util and add
231 set -x and set -u
232 * d/control: enable the liburing vfs module, except on i386 where
233 liburing is not available
234 * Add new DEP8 tests for the uring vfs module:
235 - d/t/control: add smbclient-share-access-uring and
236 cifs-share-access-uring tests
237 - d/t/smbclient-share-access-uring: new test
238 - d/t/cifs-share-access-uring: new test
239 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
240 guard uring tests with a kernel version check and skip if it's too old
241 * Dropped changes:
242 - SECURITY UPDATE: Unauthenticated domain controller compromise by
243 subverting Netlogon cryptography (ZeroLogon)
244 + debian/patches/zerologon-*.patch: backport upstream patches:
245 + For compatibility reasons, allow specifying an insecure netlogon
246 configuration per machine. See the following link for examples:
247 https://www.samba.org/samba/security/CVE-2020-1472.html
248 + Add additional server checks for the protocol attack in the
249 client-specified challenge to provide some protection when
250 'server schannel = no/auto' and avoid the false-positive results
251 when running the proof-of-concept exploit.
252 [ Incorporated by upstream. ]
253 - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
254 + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
255 get set unless the directory handle is open for SEC_DIR_LIST in
256 source4/torture/smb2/notify.c, source3/smbd/notify.c.
257 + CVE-2020-14318
258 - SECURITY UPDATE: Unprivileged user can crash winbind
259 + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
260 source3/winbindd/winbindd_lookupsids.c,
261 source4/torture/winbind/struct_based.c.
262 + CVE-2020-14323
263 - SECURITY UPDATE: DNS server crash via invalid records
264 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
265 with NULL and do not crash when additional data not found in
266 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
267 + CVE-2020-14383
268 [ Incorporated by upstream. ]
269
270 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 24 Nov 2020 22:12:00 -0500
271
47samba (2:4.13.2+dfsg-3) unstable; urgency=medium272samba (2:4.13.2+dfsg-3) unstable; urgency=medium
48273
49 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)274 * Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
@@ -89,6 +314,138 @@ samba (2:4.13.2+dfsg-1) experimental; urgency=medium
89314
90 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100315 -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100
91316
317samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
318
319 * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
320 - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
321 get set unless the directory handle is open for SEC_DIR_LIST in
322 source4/torture/smb2/notify.c, source3/smbd/notify.c.
323 - CVE-2020-14318
324 * SECURITY UPDATE: Unprivileged user can crash winbind
325 - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
326 source3/winbindd/winbindd_lookupsids.c,
327 source4/torture/winbind/struct_based.c.
328 - CVE-2020-14323
329 * SECURITY UPDATE: DNS server crash via invalid records
330 - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
331 with NULL and do not crash when additional data not found in
332 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
333 - CVE-2020-14383
334
335 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Oct 2020 06:53:44 -0400
336
337samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
338
339 * SECURITY UPDATE: Unauthenticated domain controller compromise by
340 subverting Netlogon cryptography (ZeroLogon)
341 - debian/patches/zerologon-*.patch: backport upstream patches:
342 + For compatibility reasons, allow specifying an insecure netlogon
343 configuration per machine. See the following link for examples:
344 https://www.samba.org/samba/security/CVE-2020-1472.html
345 + Add additional server checks for the protocol attack in the
346 client-specified challenge to provide some protection when
347 'server schannel = no/auto' and avoid the false-positive results
348 when running the proof-of-concept exploit.
349 - CVE-2020-1472
350
351 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 28 Sep 2020 09:46:49 -0400
352
353samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
354
355 * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
356 guard uring tests with a kernel version check and skip if it's too old
357
358 -- Andreas Hasenack <andreas@canonical.com> Tue, 11 Aug 2020 11:00:35 -0300
359
360samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
361
362 * d/t/smbclient-anonymous-share-list: add set -x and set -e
363 * Factor out common DEP8 test code into d/t/util and change the tests
364 to source from it:
365 - d/t/util: added
366 - d/t/cifs-share-access, d/t/smbclient-share-access: source from
367 util, use random share name and add set -x and set -u
368 - d/t/smbclient-authenticated-share-list: source from util and add
369 set -x and set -u
370 * d/control: enable the liburing vfs module, except on i386 where
371 liburing is not available
372 * Add new DEP8 tests for the uring vfs module:
373 - d/t/control: add smbclient-share-access-uring and
374 cifs-share-access-uring tests
375 - d/t/smbclient-share-access-uring: new test
376 - d/t/cifs-share-access-uring: new test
377
378 -- Andreas Hasenack <andreas@canonical.com> Tue, 04 Aug 2020 17:20:30 -0300
379
380samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
381
382 * Merge with Debian unstable. Remaining changes:
383 - d/p/VERSION.patch: Update vendor string to "Ubuntu".
384 - debian/smb.conf;
385 + Add "(Samba, Ubuntu)" to server string.
386 + Comment out the default [homes] share, and add a comment about
387 "valid users = %s" to show users how to restrict access to
388 \\server\username to only username.
389 - debian/samba-common.config:
390 + Do not change priority to high if dhclient3 is installed.
391 - d/control, d/rules: Disable glusterfs support because it's not in main.
392 MIR bug is https://launchpad.net/bugs/1274247
393 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
394 change nfs service name from nfs to nfs-kernel-server
395 (LP #722201)
396 - d/p/ctdb-config-enable-syslog-by-default.patch:
397 enable syslog and systemd journal by default
398 - debian/rules: Ubuntu i386 binary compatibility:
399 + drop ceph support
400 + disable the following binary packages:
401 - ctdb
402 - libnss-winbind
403 - libpam-winbind
404 - python3-samba
405 - samba
406 - samba-common-bin
407 - samba-testsuite
408 - winbind
409 - debian/control: Ubuntu i386 binary compatibility:
410 + drop ceph support
411 - debian/rules: Ubuntu i386 binary compatibility:
412 + re-enable the following binary packages:
413 - libnss-winbind
414 - samba-common-bin
415 - python3-samba
416 - winbind
417 - d/control: add a versioned libgnutls28-dev build-depends to reduce
418 the amount of in-tree crypto code that is built
419 * Dropped:
420 - d/gbp.conf, d/watch, d/README.source: update for 4.12
421 [In 2:4.12.3+dfsg-1]
422 - d/control: bump build-depends:
423 + ldb: 2.1.2
424 + tevent: 0.10.2
425 + tdb: 1.4.3
426 + talloc: 2.3.1
427 [In 2:4.12.3+dfsg-1]
428 - d/smbclient.install: add new binary mdfind and its manpage
429 [In 2:4.12.3+dfsg-1]
430 - d/samba-dev.install, d/samba-libs.install: new lib
431 libdcerpc-server-core
432 [In 2:4.12.3+dfsg-1]
433 - d/samba-libs.install: new library libtalloc-report-printf
434 [In 2:4.12.3+dfsg-1]
435 - d/libwbclient0.install: remove libaesni, no longer built when
436 gnutls provides AES CMAC
437 [In 2:4.12.3+dfsg-1]
438 - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
439 [In 2:4.12.3+dfsg-1]
440 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
441 [Dropped in 2:4.12.3+dfsg-1]
442 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
443 [Dropped in 2:4.12.3+dfsg-1]
444 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
445 [Dropped in 2:4.12.3+dfsg-1]
446
447 -- Andreas Hasenack <andreas@canonical.com> Fri, 31 Jul 2020 11:07:47 -0300
448
92samba (2:4.12.5+dfsg-3) unstable; urgency=high449samba (2:4.12.5+dfsg-3) unstable; urgency=high
93450
94 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump451 * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
@@ -153,6 +510,131 @@ samba (2:4.12.3+dfsg-1) experimental; urgency=medium
153510
154 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200511 -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200
155512
513samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
514
515 * New upstream version: 4.12.2
516 * d/gbp.conf, d/watch, d/README.source: update for 4.12
517 * d/control: bump build-depends:
518 - ldb: 2.1.2
519 - tevent: 0.10.2
520 - tdb: 1.4.3
521 - talloc: 2.3.1
522 * d/smbclient.install: add new binary mdfind and its manpage
523 * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
524 * d/samba-libs.install: new library libtalloc-report-printf
525 * d/libwbclient0.install: remove libaesni, no longer built when
526 gnutls provides AES CMAC
527 * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
528 * d/control: add a versioned libgnutls28-dev build-depends to reduce
529 the amount of in-tree crypto code that is built
530 * Dropped (applied upstream):
531 - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
532 - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
533 - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
534 - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
535
536 -- Andreas Hasenack <andreas@canonical.com> Tue, 12 May 2020 10:42:17 -0300
537
538samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
539
540 * SECURITY UPDATE: Use-after-free in AD DC LDAP server
541 - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
542 combination with paged_results in selftest/knownfail.d/asq,
543 source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
544 - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
545 for the GUID search in paged_results in selftest/knownfail.d/asq,
546 source4/dsdb/samdb/ldb_modules/paged_results.c.
547 - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
548 Build-Depends to 2.0.10.
549 - CVE-2020-10700
550 * SECURITY UPDATE: Stack overflow in AD DC LDAP server
551 - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
552 auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
553 lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
554 libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
555 source3/lib/tldap.c, source3/lib/tldap_util.c,
556 source3/libsmb/clispnego.c, source3/torture/torture.c,
557 source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
558 source4/libcli/ldap/ldap_client.c,
559 source4/libcli/ldap/ldap_controls.c.
560 - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
561 lib/util/asn1.c.
562 - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
563 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
564 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
565 lib/param/loadparm.c, source3/param/loadparm.c.
566 - debian/patches/CVE-2020-10704-6.patch: limit request sizes in
567 source4/ldap_server/ldap_server.c.
568 - debian/patches/CVE-2020-10704-7.patch: add search size limits to
569 ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
570 lib/param/loadparm.c, libcli/cldap/cldap.c,
571 libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
572 source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
573 source4/libcli/ldap/ldap_client.c.
574 - debian/patches/CVE-2020-10704-8.patch: check search request lengths
575 in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
576 - CVE-2020-10704
577
578 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 24 Apr 2020 08:08:38 -0400
579
580samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium
581
582 * New upstream release: 4.11.6
583 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream
584
585 -- Andreas Hasenack <andreas@canonical.com> Wed, 26 Feb 2020 11:55:16 -0300
586
587samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium
588
589 * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324)
590
591 -- Andreas Hasenack <andreas@canonical.com> Sat, 22 Feb 2020 17:22:21 -0300
592
593samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
594
595 * Merge with Debian unstable. Remaining changes:
596 - debian/VERSION.patch: Update vendor string to "Ubuntu".
597 - debian/smb.conf;
598 + Add "(Samba, Ubuntu)" to server string.
599 + Comment out the default [homes] share, and add a comment about
600 "valid users = %s" to show users how to restrict access to
601 \\server\username to only username.
602 - debian/samba-common.config:
603 + Do not change priority to high if dhclient3 is installed.
604 - d/control, d/rules: Disable glusterfs support because it's not in main.
605 MIR bug is https://launchpad.net/bugs/1274247
606 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
607 change nfs service name from nfs to nfs-kernel-server
608 (LP #722201)
609 - d/p/ctdb-config-enable-syslog-by-default.patch:
610 enable syslog and systemd journal by default
611 - debian/rules: Ubuntu i386 binary compatibility:
612 + drop ceph support
613 + disable the following binary packages:
614 - ctdb
615 - libnss-winbind
616 - libpam-winbind
617 - python3-samba
618 - samba
619 - samba-common-bin
620 - samba-testsuite
621 - winbind
622 - debian/control: Ubuntu i386 binary compatibility:
623 + drop ceph support
624 - debian/rules: Ubuntu i386 binary compatibility:
625 + re-enable the following binary packages:
626 - libnss-winbind
627 - samba-common-bin
628 - python3-samba
629 - winbind
630 * Dropped:
631 - d/control: drop python3-matplotlib. It's only used in
632 script/attr_count_read which is not installed with the
633 samba packages.
634 [In 2:4.11.3+dfsg-1]
635
636 -- Andreas Hasenack <andreas@canonical.com> Mon, 17 Feb 2020 15:29:35 -0300
637
156samba (2:4.11.5+dfsg-1) unstable; urgency=medium638samba (2:4.11.5+dfsg-1) unstable; urgency=medium
157639
158 * New upstream security release640 * New upstream security release
@@ -180,6 +662,161 @@ samba (2:4.11.3+dfsg-1) unstable; urgency=high
180662
181 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100663 -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100
182664
665samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium
666
667 * Ubuntu i386 binary compatibility effort: (LP: #1861316)
668 - debian/rules:
669 + re-enable the following binary packages generation:
670 - libnss-winbind
671 - samba-common-bin
672 - python3-samba
673 - winbind
674
675 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 06 Feb 2020 14:42:38 +0000
676
677samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium
678
679 * No-change rebuild to build with python3.8.
680
681 -- Matthias Klose <doko@ubuntu.com> Sat, 25 Jan 2020 06:06:11 +0000
682
683samba (2:4.11.1+dfsg-3ubuntu2) focal; urgency=medium
684
685 * Ubuntu i386 binary compatibility effort: (LP: #1858479)
686 - debian/control:
687 + drop ceph support
688 - debian/rules:
689 + drop ceph support
690 + disable the following binary packages generation:
691 - ctdb
692 - libnss-winbind
693 - libpam-winbind
694 - python3-samba
695 - samba
696 - samba-common-bin
697 - samba-testsuite
698 - winbind
699
700 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 09 Jan 2020 00:40:31 +0000
701
702samba (2:4.11.1+dfsg-3ubuntu1) focal; urgency=medium
703
704 * Merge with Debian unstable. Remaining changes:
705 - debian/VERSION.patch: Update vendor string to "Ubuntu".
706 - debian/smb.conf;
707 + Add "(Samba, Ubuntu)" to server string.
708 + Comment out the default [homes] share, and add a comment about
709 "valid users = %s" to show users how to restrict access to
710 \\server\username to only username.
711 - debian/samba-common.config:
712 + Do not change priority to high if dhclient3 is installed.
713 - d/control, d/rules: Disable glusterfs support because it's not in main.
714 MIR bug is https://launchpad.net/bugs/1274247
715 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
716 change nfs service name from nfs to nfs-kernel-server
717 (LP #722201)
718 [Adopted the Debian version and added a couple of extra hunks
719 we had]
720 - d/p/ctdb-config-enable-syslog-by-default.patch:
721 enable syslog and systemd journal by default
722 * Dropped:
723 - Add apport hook:
724 + Created debian/source_samba.py.
725 + debian/rules, debian/samba-common-bin.install: install hook.
726 [In 2:4.9.4+dfsg-2]
727 - Removed patches already applied upstream:
728 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
729 [Removed in 2:4.10.7+dfsg-1]
730 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
731 [Removed in 4.9.5+dfsg-1]
732 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
733 [Refreshed in 2:4.1.17+dfsg-1]
734 - d/control: Updated build dependencies (already updated in Debian):
735 + tdb >= 1.3.17
736 + talloc >= 2.1.15
737 + tevent >= 0.9.38
738 + ldb >= 1.5.3
739 - d/samba-common.docs: README is now README.md
740 [In 2:4.10.7+dfsg-1]
741 - d/libsmbclient.symbols: update symbols for this version
742 - d/libwbclient0.symbols: update symbols for this version
743 - d/ctdb.install: new binary ctdb_local_daemons
744 [In 2:4.10.7+dfsg-1]
745 - d/samba-dev.install: use globbing for the header files with
746 exceptions for wbclient.h and libsmbclient.h, which belong in
747 other packages.
748 [In 2:4.10.7+dfsg-1]
749 - d/rules: fix globbing used to move the dckeytab python module to the
750 samba package, and add a comment explaining why this is being done.
751 [In 2:4.10.7+dfsg-1]
752 - Switch to python3 (in 2:4.10.7+dfsg-1):
753 + d/rules: calculate the ldb version using python3, and drop the
754 "really" bit since the real 1.5.x series is being used now.
755 + d/rules: make sure python3 is used for the build
756 + d/rules: adjust globbing to remove the python3 version of tevent.so
757 + d/rules: drop PYVERS, unused
758 + d/control: adjust dependencies (build and runtime) for python3
759 + d/python3-samba.install, d/control: new python3-samba package
760 (LP #1440381)
761 + d/control, d/python-samba.install: get rid of python-samba, which is py2
762 + d/python3-samba.lintian-overrides: use the same overrides we had for
763 python-samba, now deleted.
764 + d/samba-dev.install, d/samba-libs.install: update file list
765 + d/t/control, d/t/python-smoke: use python3
766 + d/control: use ${python3:Depends} now instead of the python 2
767 counterpart for samba and samba-common-bin.
768 - d/control: drop suggests for python-gpgme, it's no longer available.
769 [In 2:4.10.7+dfsg-1]
770 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
771 [In 2:4.10.7+dfsg-1]
772 - d/control: update cmocka build-depends to >= 1.1.3
773 [In 2:4.10.7+dfsg-1]
774 - d/samba-libs.install: bump passdb minor to 0.27.2
775 [In 2:4.10.7+dfsg-1]
776 - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
777 to allow pid file to exist (LP #1821775)
778 [In 2:4.10.7+dfsg-1]
779 - Allow proper ctdb initalization (LP #1828799):
780 + d/ctdb.dirs: added /var/lib/ctdb/* directories
781 + d/ctdb.postrm: remove leftovers from:
782 /var/lib/ctdb/{state,persistent,volatile,scripts}
783 [In 2:4.10.7+dfsg-1]
784 - d/rules: installing provided config examples and helper scripts
785 - Examples of NFS HA CTDB config files + helper script:
786 + d/ctdb.example.enable.nfs.sh
787 + d/ctdb.example.nfs-common
788 + d/ctdb.example.nfs-kernel-server
789 + d/ctdb.example.services
790 + d/ctdb.example.sysctl-nfs-static-ports.conf
791 [In 2:4.10.7+dfsg-1]
792 - debian/rules: Make DEB_HOST_ARCH_CPU initialized through
793 dpkg-architecture (Closes: #931138)
794 [In 2:4.10.7+dfsg-1]
795 - d/control: update ldb build-deps to 1.5.5
796 [In 2:4.10.7+dfsg-1]
797 - SECURITY UPDATE: restricted share escape by user (LP #1842533)
798 [fixed upstream in 4.11.0rc2]
799 + debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
800 out impersonation debug info into a new function.
801 + debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
802 change_to_user_internal() always resets current_user.done_chdir
803 + debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
804 reset current_user.{need,done}_chdir in become_root()
805 + debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
806 fsrvp_share its own independent subdirectory
807 + debian/patches/CVE-2019-10197-05-v4-10.patch:
808 test_smbclient_s3.sh: add regression test for the no permission
809 on share root problem
810 + debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
811 change_to_user_impersonate() out of change_to_user_internal()
812 + CVE-2019-10197
813 * Added:
814 - d/control: drop python3-matplotlib. It's only used in
815 script/attr_count_read which is not installed with the
816 samba packages.
817
818 -- Andreas Hasenack <andreas@canonical.com> Fri, 29 Nov 2019 18:00:22 -0300
819
183samba (2:4.11.1+dfsg-3) unstable; urgency=medium820samba (2:4.11.1+dfsg-3) unstable; urgency=medium
184821
185 * Add some python dependencies:822 * Add some python dependencies:
@@ -388,6 +1025,209 @@ samba (2:4.10.7+dfsg-1) experimental; urgency=medium
3881025
389 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +02001026 -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200
3901027
1028samba (2:4.10.7+dfsg-0ubuntu3) focal; urgency=medium
1029
1030 * No-change rebuild to build with python3.8.
1031
1032 -- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 18:53:34 +0000
1033
1034samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium
1035
1036 * SECURITY UPDATE: restricted share escape by user (LP: #1842533)
1037 - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
1038 out impersonation debug info into a new function.
1039 - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
1040 change_to_user_internal() always resets current_user.done_chdir
1041 - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
1042 reset current_user.{need,done}_chdir in become_root()
1043 - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
1044 fsrvp_share its own independent subdirectory
1045 - debian/patches/CVE-2019-10197-05-v4-10.patch:
1046 test_smbclient_s3.sh: add regression test for the no permission
1047 on share root problem
1048 - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
1049 change_to_user_impersonate() out of change_to_user_internal()
1050 - CVE-2019-10197
1051
1052 -- Steve Beattie <sbeattie@ubuntu.com> Fri, 30 Aug 2019 11:07:19 -0700
1053
1054samba (2:4.10.7+dfsg-0ubuntu1) eoan; urgency=medium
1055
1056 * New upstream version: 4.10.7
1057 - d/p/ctdb-config-depend-on-etc-default-nodes-file.patch: dropped,
1058 included upstream in 4.10.7
1059
1060 -- Andreas Hasenack <andreas@canonical.com> Thu, 22 Aug 2019 15:03:23 -0300
1061
1062samba (2:4.10.6+dfsg-0ubuntu1) eoan; urgency=medium
1063
1064 * New upstream version: 4.10.6
1065 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: changed to update
1066 the Debian config and use it.
1067 - d/control: update ldb build-deps to 1.5.5
1068 * Dropped:
1069 - d/p/CVE-2019-12436.patch: fixed upstream in 4.10.5
1070 - d/p/CVE-2019-12435-*.patch: fixed upstream in 4.10.5
1071 - d/p/CVE-2018-16860-*.patch: fixed upstream in 4.10.3
1072 - d/p/CVE-2019-3880.patch: fixed upstream in 4.10.2
1073 - d/p/CVE-2019-3870-*.patch: fixed upstream in 4.10.2
1074 - d/p/dlz_bind_zone_update.patch: fixed upstream in 4.10.1
1075 - d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch: fixed
1076 upstream in 4.10.5
1077
1078 -- Andreas Hasenack <andreas@canonical.com> Wed, 07 Aug 2019 17:20:48 -0300
1079
1080samba (2:4.10.0+dfsg-0ubuntu6) eoan; urgency=medium
1081
1082 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1083 change service name from nfs to nfs-kernel-server in
1084 legacy script 06.nfs.script also (LP: #722201)
1085
1086 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 11 Jul 2019 21:44:49 +0000
1087
1088samba (2:4.10.0+dfsg-0ubuntu5) eoan; urgency=medium
1089
1090 * debian/rules: Make DEB_HOST_ARCH_CPU initialized through
1091 dpkg-architecture (Closes: #931138)
1092 * d/p/ctdb-scripts-fix-tcp_tw_recycle-existence-check.patch:
1093 fix tcp_tw_recycle existence check. (LP: #722201)
1094 * d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
1095 change nfs service name from nfs to nfs-kernel-server
1096 (LP: #722201)
1097 * d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d
1098 to allow pid file to exist (LP: #1821775)
1099 * Allow proper ctdb initialization (LP: #1828799):
1100 - d/ctdb.dirs: added /var/lib/ctdb/* directories
1101 - d/ctdb.postrm: remove leftovers from:
1102 /var/lib/ctdb/{state,persistent,volatile,scripts}
1103 * d/rules: installing provided config examples and helper scripts
1104 * Examples of NFS HA CTDB config files + helper script:
1105 - d/ctdb.example.enable.nfs.sh
1106 - d/ctdb.example.nfs-common
1107 - d/ctdb.example.nfs-kernel-server
1108 - d/ctdb.example.services
1109 - d/ctdb.example.sysctl-nfs-static-ports.conf
1110 * d/p/ctdb-config-depend-on-etc-default-nodes-file.patch:
1111 do not try to start daemon if /etc/ctdb/nodes does not exist
1112 * d/p/ctdb-config-enable-syslog-by-default.patch:
1113 enable syslog and systemd journal by default
1114
1115 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 28 Jun 2019 00:14:27 +0000
1116
1117samba (2:4.10.0+dfsg-0ubuntu4) eoan; urgency=medium
1118
1119 * SECURITY UPDATE: zone operations can crash rpc server
1120 - debian/patches/CVE-2019-12435-1.patch: avoid NULL deference if zone
1121 not found in DnssrvOperation in
1122 python/samba/tests/dcerpc/dnsserver.py,
1123 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
1124 - debian/patches/CVE-2019-12435-2.patch: avoid NULL deference if zone
1125 not found in DnssrvOperation2 in
1126 python/samba/tests/dcerpc/dnsserver.py,
1127 source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
1128 - CVE-2019-12435
1129 * SECURITY UPDATE: paged_searches crash on LDAP and homes access
1130 - debian/patches/CVE-2019-12436.patch: ignore successful results
1131 without messages in source4/dsdb/samdb/ldb_modules/paged_results.c,
1132 source4/dsdb/tests/python/vlv.py.
1133 - CVE-2019-12436
1134
1135 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Jun 2019 10:08:44 -0400
1136
1137samba (2:4.10.0+dfsg-0ubuntu3) eoan; urgency=medium
1138
1139 * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
1140 - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
1141 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
1142 source4/torture/krb5/kdc-canon-heimdal.c.
1143 - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
1144 unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
1145 source4/heimdal/kdc/krb5tgs.c.
1146 - CVE-2018-16860
1147
1148 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 09:10:24 -0400
1149
1150samba (2:4.10.0+dfsg-0ubuntu2) disco; urgency=medium
1151
1152 * SECURITY UPDATE: world writable files in Samba AD DC private/ dir
1153 - debian/patches/CVE-2019-3870-1.patch: extend smbd tests to check for
1154 umask being overwritten in python/samba/tests/ntacls_backup.py,
1155 python/samba/tests/posixacl.py, python/samba/tests/smbd_base.py,
1156 selftest/knownfail.d/umask-leak.
1157 - debian/patches/CVE-2019-3870-2.patch: add test to check
1158 file-permissions are correct after provision in
1159 selftest/knownfail.d/provision_fileperms, source4/selftest/tests.py,
1160 source4/setup/tests/provision_fileperms.sh.
1161 - debian/patches/CVE-2019-3870-3.patch: include tests to show the
1162 outside umask has no impact in python/samba/tests/ntacls_backup.py,
1163 python/samba/tests/smbd_base.py, selftest/knownfail.d/pymkdir-umask.
1164 - debian/patches/CVE-2019-3870-4.patch: move umask manipuations as
1165 close as possible to users in source3/smbd/pysmbd.c,
1166 selftest/knownfail.d/provision_fileperms,
1167 selftest/knownfail.d/umask-leak.
1168 - debian/patches/CVE-2019-3870-5.patch: ensure a zero umask is set for
1169 smbd.mkdir() in selftest/knownfail.d/pymkdir-umask,
1170 source3/smbd/pysmbd.c.
1171 - CVE-2019-3870
1172 * SECURITY UPDATE: save registry file outside share as unprivileged user
1173 - debian/patches/CVE-2019-3880.patch: remove implementations of
1174 SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
1175 - CVE-2019-3880
1176
1177 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 08 Apr 2019 10:32:30 -0400
1178
1179samba (2:4.10.0+dfsg-0ubuntu1) disco; urgency=medium
1180
1181 * New upstream version: 4.10.0
1182 - d/gbp.conf, d/watch, r/README.source: updated for 4.10
1183 - d/control: update cmocka build-depends to >= 1.1.3
1184 - d/samba-libs.install: bump passdb minor to 0.27.2
1185 * d/p/dlz_bind_zone_update.patch: make b9_has_soa check dc=@ node. Thanks to
1186 Michael Saxl <mike@mwsys.mine.bz>. (LP: #1820846)
1187
1188 -- Andreas Hasenack <andreas@canonical.com> Thu, 21 Mar 2019 14:40:32 -0300
1189
1190samba (2:4.10.0~rc4+dfsg-0ubuntu1) disco; urgency=medium
1191
1192 * New upstream version 4.10.0rc4 (LP: #1818518):
1193 - Removed patches already applied upstream:
1194 + d/p/nsswitch-Add-try_authtok-option-to-pam_winbind.patch
1195 + d/p/s3-auth-ignore-create_builtin_guests-failing-without.patch
1196 - d/p/add-so-version-to-private-libraries: refreshed to remove fuzz
1197 - d/control: Updated build dependencies:
1198 + tdb >= 1.3.17
1199 + talloc >= 2.1.15
1200 + tevent >= 0.9.38
1201 + ldb >= 1.5.3
1202 - d/samba-common.docs: README is now README.md
1203 - d/libsmbclient.symbols: update symbols for this version
1204 - d/libwbclient0.symbols: update symbols for this version
1205 - d/ctdb.install: new binary ctdb_local_daemons
1206 - d/samba-dev.install: use globbing for the header files with
1207 exceptions for wbclient.h and libsmbclient.h, which belong in
1208 other packages.
1209 - d/rules: fix globbing used to move the dckeytab python module to the
1210 samba package, and add a comment explaining why this is being done.
1211 * Switch to python3:
1212 - d/rules: calculate the ldb version using python3, and drop the
1213 "really" bit since the real 1.5.x series is being used now.
1214 - d/rules: make sure python3 is used for the build
1215 - d/rules: adjust globbing to remove the python3 version of tevent.so
1216 - d/rules: drop PYVERS, unused
1217 - d/control: adjust dependencies (build and runtime) for python3
1218 - d/python3-samba.install, d/control: new python3-samba package
1219 (LP: #1440381)
1220 - d/control, d/python-samba.install: get rid of python-samba, which is py2
1221 - d/python3-samba.lintian-overrides: use the same overrides we had for
1222 python-samba, now deleted.
1223 - d/samba-dev.install, d/samba-libs.install: update file list
1224 - d/t/control, d/t/python-smoke: use python3
1225 - d/control: use ${python3:Depends} now instead of the python 2
1226 counterpart for samba and samba-common-bin.
1227 * d/control: drop suggests for python-gpgme, it's no longer available.
1228
1229 -- Andreas Hasenack <andreas@canonical.com> Sat, 09 Mar 2019 12:45:25 +0000
1230
391samba (2:4.9.5+dfsg-1) experimental; urgency=medium1231samba (2:4.9.5+dfsg-1) experimental; urgency=medium
3921232
393 * New upstream release1233 * New upstream release
@@ -432,6 +1272,31 @@ samba (2:4.9.4+dfsg-2) unstable; urgency=medium
4321272
433 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +01001273 -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100
4341274
1275samba (2:4.9.4+dfsg-1ubuntu1) disco; urgency=medium
1276
1277 * Merge with Debian unstable. Remaining changes:
1278 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1279 - debian/smb.conf;
1280 + Add "(Samba, Ubuntu)" to server string.
1281 + Comment out the default [homes] share, and add a comment about
1282 "valid users = %s" to show users how to restrict access to
1283 \\server\username to only username.
1284 - debian/samba-common.config:
1285 + Do not change priority to high if dhclient3 is installed.
1286 - Add apport hook:
1287 + Created debian/source_samba.py.
1288 + debian/rules, debian/samba-common-bin.install: install hook.
1289 - d/control, d/rules: Disable glusterfs support because it's not in main.
1290 MIR bug is https://launchpad.net/bugs/1274247
1291 * Dropped:
1292 - d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
1293 failing without a valid idmap configuration. This fixes the smbd startup
1294 on a standalone server where winbind is available and running. Thanks to
1295 Stefan Metzmacher <metze@samba.org>. (LP #1806035)
1296 [Fixed in 2:4.9.4+dfsg-1]
1297
1298 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:23:52 -0200
1299
435samba (2:4.9.4+dfsg-1) unstable; urgency=medium1300samba (2:4.9.4+dfsg-1) unstable; urgency=medium
4361301
437 * New upstream release1302 * New upstream release
@@ -442,6 +1307,44 @@ samba (2:4.9.4+dfsg-1) unstable; urgency=medium
4421307
443 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +01001308 -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100
4441309
1310samba (2:4.9.2+dfsg-2ubuntu3) disco; urgency=medium
1311
1312 * No-change rebuild for readline soname change.
1313
1314 -- Matthias Klose <doko@ubuntu.com> Mon, 14 Jan 2019 20:03:58 +0000
1315
1316samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
1317
1318 * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
1319 failing without a valid idmap configuration. This fixes the smbd startup
1320 on a standalone server where winbind is available and running. Thanks to
1321 Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
1322
1323 -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
1324
1325samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
1326
1327 * Merge with Debian unstable. Remaining changes:
1328 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1329 - debian/smb.conf;
1330 + Add "(Samba, Ubuntu)" to server string.
1331 + Comment out the default [homes] share, and add a comment about
1332 "valid users = %s" to show users how to restrict access to
1333 \\server\username to only username.
1334 - debian/samba-common.config:
1335 + Do not change priority to high if dhclient3 is installed.
1336 - Add apport hook:
1337 + Created debian/source_samba.py.
1338 + debian/rules, debian/samba-common-bin.install: install hook.
1339 - d/control, d/rules: Disable glusterfs support because it's not in main.
1340 MIR bug is https://launchpad.net/bugs/1274247
1341 * Dropped:
1342 - d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
1343 errors (LP: 1795772)
1344 [Fixed upstream]
1345
1346 -- Andreas Hasenack <andreas@canonical.com> Wed, 28 Nov 2018 20:06:47 -0200
1347
445samba (2:4.9.2+dfsg-2) unstable; urgency=high1348samba (2:4.9.2+dfsg-2) unstable; urgency=high
4461349
447 * New upstream security release1350 * New upstream security release
@@ -551,6 +1454,58 @@ samba (2:4.8.5+dfsg-1) unstable; urgency=medium
5511454
552 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +02001455 -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200
5531456
1457samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium
1458
1459 * No-change rebuild against libldb1 1.4.2
1460
1461 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 14 Nov 2018 22:46:24 +0000
1462
1463samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high
1464
1465 [ Karl Stenerud ]
1466 * d/p/fix-rmdir.patch: Fix to make the samba client library report
1467 directory-not-empty errors (LP: #1795772)
1468
1469 -- Andreas Hasenack <andreas@canonical.com> Tue, 09 Oct 2018 14:32:16 -0300
1470
1471samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium
1472
1473 * Merge with Debian unstable (LP: #1778125). Remaining changes:
1474 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1475 - debian/smb.conf;
1476 + Add "(Samba, Ubuntu)" to server string.
1477 + Comment out the default [homes] share, and add a comment about
1478 "valid users = %s" to show users how to restrict access to
1479 \\server\username to only username.
1480 - debian/samba-common.config:
1481 + Do not change priority to high if dhclient3 is installed.
1482 - Add apport hook:
1483 + Created debian/source_samba.py.
1484 + debian/rules, debian/samba-common-bin.install: install hook.
1485 - d/control, d/rules: Disable glusterfs support because it's not in main.
1486 MIR bug is https://launchpad.net/bugs/1274247
1487 * Drop:
1488 - Add extra DEP8 tests to samba (LP #1696823):
1489 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
1490 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
1491 anonymously
1492 + d/t/control, d/t/smbclient-authenticated-share-list: list available
1493 shares using an authenticated connection
1494 + d/t/control, d/t/smbclient-share-access: create a share and download a
1495 file from it
1496 [Accepted by Debian in 2:4.7.4+dfsg-2]
1497 - d/samba-common.dhcp: If systemctl is available, use it to query the
1498 status of the smbd service before trying to reload it. Otherwise,
1499 keep the same check as before and reload the service based on the
1500 existence of the initscript. (LP #1579597)
1501 [In Debian since 2:4.7.4+dfsg-2]
1502 - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
1503 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
1504 Thanks to Andreas Schneider <asn@samba.org>. (LP #1761737)
1505 [Fixed upstream]
1506
1507 -- Andreas Hasenack <andreas@canonical.com> Tue, 21 Aug 2018 09:57:57 -0300
1508
554samba (2:4.8.4+dfsg-2) unstable; urgency=high1509samba (2:4.8.4+dfsg-2) unstable; urgency=high
5551510
556 * Fix typo in previous release: s/usefull/useful/1511 * Fix typo in previous release: s/usefull/useful/
@@ -708,6 +1663,55 @@ samba (2:4.8.0+dfsg-1) experimental; urgency=medium
7081663
709 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +01001664 -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100
7101665
1666samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium
1667
1668 * No change rebuild to link with new ldb 1.3.3
1669
1670 -- Andreas Hasenack <andreas@canonical.com> Tue, 03 Jul 2018 09:57:24 -0300
1671
1672samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium
1673
1674 * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
1675 [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
1676 Thanks to Andreas Schneider <asn@samba.org>. (LP: #1761737)
1677
1678 -- Andreas Hasenack <andreas@canonical.com> Wed, 18 Apr 2018 11:49:55 -0300
1679
1680samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium
1681
1682 * New upstream version:
1683 - Fix database corruption bug when upgrading from samba 4.6 or lower
1684 AD controllers (LP: #1755057)
1685 - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
1686 * Remaining changes:
1687 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1688 - debian/smb.conf;
1689 + Add "(Samba, Ubuntu)" to server string.
1690 + Comment out the default [homes] share, and add a comment about
1691 "valid users = %s" to show users how to restrict access to
1692 \\server\username to only username.
1693 - debian/samba-common.config:
1694 + Do not change priority to high if dhclient3 is installed.
1695 - Add apport hook:
1696 + Created debian/source_samba.py.
1697 + debian/rules, debian/samba-common-bin.install: install hook.
1698 - Add extra DEP8 tests to samba (LP #1696823):
1699 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
1700 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
1701 anonymously
1702 + d/t/control, d/t/smbclient-authenticated-share-list: list available
1703 shares using an authenticated connection
1704 + d/t/control, d/t/smbclient-share-access: create a share and download a
1705 file from it
1706 - d/samba-common.dhcp: If systemctl is available, use it to query the
1707 status of the smbd service before trying to reload it. Otherwise,
1708 keep the same check as before and reload the service based on the
1709 existence of the initscript. (LP #1579597)
1710 - d/control, d/rules: Disable glusterfs support because it's not in main.
1711 MIR bug is https://launchpad.net/bugs/1274247
1712
1713 -- Andreas Hasenack <andreas@canonical.com> Tue, 13 Mar 2018 16:58:49 -0300
1714
711samba (2:4.7.4+dfsg-2) unstable; urgency=high1715samba (2:4.7.4+dfsg-2) unstable; urgency=high
7121716
713 [ Mathieu Parent ]1717 [ Mathieu Parent ]
@@ -738,6 +1742,37 @@ samba (2:4.7.4+dfsg-2) unstable; urgency=high
7381742
739 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +01001743 -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100
7401744
1745samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium
1746
1747 * Merge with Debian unstable (LP: #1744779). Remaining changes:
1748 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1749 - debian/smb.conf;
1750 + Add "(Samba, Ubuntu)" to server string.
1751 + Comment out the default [homes] share, and add a comment about
1752 "valid users = %s" to show users how to restrict access to
1753 \\server\username to only username.
1754 - debian/samba-common.config:
1755 + Do not change priority to high if dhclient3 is installed.
1756 - Add apport hook:
1757 + Created debian/source_samba.py.
1758 + debian/rules, debian/samba-common-bin.install: install hook.
1759 - Add extra DEP8 tests to samba (LP #1696823):
1760 + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
1761 + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
1762 anonymously
1763 + d/t/control, d/t/smbclient-authenticated-share-list: list available
1764 shares using an authenticated connection
1765 + d/t/control, d/t/smbclient-share-access: create a share and download a
1766 file from it
1767 - d/samba-common.dhcp: If systemctl is available, use it to query the
1768 status of the smbd service before trying to reload it. Otherwise,
1769 keep the same check as before and reload the service based on the
1770 existence of the initscript. (LP #1579597)
1771 - d/control, d/rules: Disable glusterfs support because it's not in main.
1772 MIR bug is https://launchpad.net/bugs/1274247
1773
1774 -- Andreas Hasenack <andreas@canonical.com> Mon, 22 Jan 2018 16:31:41 -0200
1775
741samba (2:4.7.4+dfsg-1) unstable; urgency=medium1776samba (2:4.7.4+dfsg-1) unstable; urgency=medium
7421777
743 * New upstream version1778 * New upstream version
@@ -754,6 +1789,42 @@ samba (2:4.7.4+dfsg-1) unstable; urgency=medium
7541789
755 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +01001790 -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100
7561791
1792samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium
1793
1794 * Merge with Debian; remaining changes:
1795 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1796 - debian/smb.conf;
1797 + Add "(Samba, Ubuntu)" to server string.
1798 + Comment out the default [homes] share, and add a comment about
1799 "valid users = %s" to show users how to restrict access to
1800 \\server\username to only username.
1801 - debian/samba-common.config:
1802 + Do not change priority to high if dhclient3 is installed.
1803 - Add apport hook:
1804 + Created debian/source_samba.py.
1805 + debian/rules, debian/samba-common-bin.install: install hook.
1806 - Add extra DEP8 tests to samba (LP #1696823):
1807 + d/t/control: enable the new DEP8 tests
1808 + d/t/smbclient-anonymous-share-list: list available shares anonymously
1809 + d/t/smbclient-authenticated-share-list: list available shares using
1810 an authenticated connection
1811 + d/t/smbclient-share-access: create a share and download a file from it
1812 + d/t/cifs-share-access: access a file in a share using cifs
1813 - Ask the user if we can run testparm against the config file. If yes,
1814 include its stderr and exit status in the bug report. Otherwise, only
1815 include the exit status. (LP #1694334)
1816 - If systemctl is available, use it to query the status of the smbd
1817 service before trying to reload it. Otherwise, keep the same check
1818 as before and reload the service based on the existence of the
1819 initscript. (LP #1579597)
1820 - d/rules: Compile winbindd/winbindd statically.
1821 - Disable glusterfs support because it's not in main.
1822 MIR bug is https://launchpad.net/bugs/1274247
1823 - d/source_samba.py: use the new recommended findmnt(8) tool to list
1824 mountpoints and correctly filter by the cifs filesystem type.
1825
1826 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Dec 2017 12:49:20 -0500
1827
757samba (2:4.7.3+dfsg-1) unstable; urgency=high1828samba (2:4.7.3+dfsg-1) unstable; urgency=high
7581829
759 * New upstream version1830 * New upstream version
@@ -777,6 +1848,42 @@ samba (2:4.7.1+dfsg-2) unstable; urgency=high
7771848
778 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +01001849 -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100
7791850
1851samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium
1852
1853 * Merge with Debian; remaining changes:
1854 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1855 - debian/smb.conf;
1856 + Add "(Samba, Ubuntu)" to server string.
1857 + Comment out the default [homes] share, and add a comment about
1858 "valid users = %s" to show users how to restrict access to
1859 \\server\username to only username.
1860 - debian/samba-common.config:
1861 + Do not change priority to high if dhclient3 is installed.
1862 - Add apport hook:
1863 + Created debian/source_samba.py.
1864 + debian/rules, debian/samba-common-bin.install: install hook.
1865 - Add extra DEP8 tests to samba (LP #1696823):
1866 + d/t/control: enable the new DEP8 tests
1867 + d/t/smbclient-anonymous-share-list: list available shares anonymously
1868 + d/t/smbclient-authenticated-share-list: list available shares using
1869 an authenticated connection
1870 + d/t/smbclient-share-access: create a share and download a file from it
1871 + d/t/cifs-share-access: access a file in a share using cifs
1872 - Ask the user if we can run testparm against the config file. If yes,
1873 include its stderr and exit status in the bug report. Otherwise, only
1874 include the exit status. (LP #1694334)
1875 - If systemctl is available, use it to query the status of the smbd
1876 service before trying to reload it. Otherwise, keep the same check
1877 as before and reload the service based on the existence of the
1878 initscript. (LP #1579597)
1879 - d/rules: Compile winbindd/winbindd statically.
1880 - Disable glusterfs support because it's not in main.
1881 MIR bug is https://launchpad.net/bugs/1274247
1882 - d/source_samba.py: use the new recommended findmnt(8) tool to list
1883 mountpoints and correctly filter by the cifs filesystem type.
1884
1885 -- Matthias Klose <doko@ubuntu.com> Fri, 10 Nov 2017 10:03:57 +0100
1886
780samba (2:4.7.1+dfsg-1) unstable; urgency=medium1887samba (2:4.7.1+dfsg-1) unstable; urgency=medium
7811888
782 * New upstream version1889 * New upstream version
@@ -825,6 +1932,87 @@ samba (2:4.6.7+dfsg-2) unstable; urgency=high
8251932
826 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +02001933 -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200
8271934
1935samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
1936
1937 * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
1938 they should
1939 - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
1940 into a specified one in source3/include/auth_info.h,
1941 source3/lib/popt_common.c, source3/lib/util_cmdline.c.
1942 - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
1943 source3/lib/util_cmdline.c.
1944 - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
1945 source3/libsmb/pylibsmb.c.
1946 - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
1947 libgpo/gpo_fetch.c.
1948 - debian/patches/CVE-2017-12150-5.patch: add check for
1949 NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
1950 - debian/patches/CVE-2017-12150-6.patch: add
1951 smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
1952 - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
1953 authentication was not requested in source3/libsmb/clidfs.c.
1954 - CVE-2017-12150
1955 * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
1956 redirects
1957 - debian/patches/CVE-2017-12151-1.patch: add
1958 cli_state_is_encryption_on() helper function to
1959 source3/libsmb/clientgen.c, source3/libsmb/proto.h.
1960 - debian/patches/CVE-2017-12151-2.patch: make use of
1961 cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
1962 source3/libsmb/libsmb_context.c.
1963 - CVE-2017-12151
1964 * SECURITY UPDATE: Server memory information leak over SMB1
1965 - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
1966 from writing server memory to file in source3/smbd/reply.c.
1967 - CVE-2017-12163
1968
1969 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 21 Sep 2017 08:10:03 -0400
1970
1971samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium
1972
1973 * d/source_samba.py: use the new recommended findmnt(8) tool to list
1974 mountpoints and correctly filter by the cifs filesystem type.
1975 (LP: #1703604)
1976
1977 -- Andreas Hasenack <andreas@canonical.com> Fri, 01 Sep 2017 09:47:58 -0300
1978
1979samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium
1980
1981 * Merge with Debian unstable (LP: #1710281).
1982 - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
1983 symlinks to directories (LP: #1701073)
1984 * Remaining changes:
1985 - debian/VERSION.patch: Update vendor string to "Ubuntu".
1986 - debian/smb.conf;
1987 + Add "(Samba, Ubuntu)" to server string.
1988 + Comment out the default [homes] share, and add a comment about
1989 "valid users = %s" to show users how to restrict access to
1990 \\server\username to only username.
1991 - debian/samba-common.config:
1992 + Do not change priority to high if dhclient3 is installed.
1993 - Add apport hook:
1994 + Created debian/source_samba.py.
1995 + debian/rules, debian/samba-common-bin.install: install hook.
1996 - Add extra DEP8 tests to samba (LP #1696823):
1997 + d/t/control: enable the new DEP8 tests
1998 + d/t/smbclient-anonymous-share-list: list available shares anonymously
1999 + d/t/smbclient-authenticated-share-list: list available shares using
2000 an authenticated connection
2001 + d/t/smbclient-share-access: create a share and download a file from it
2002 + d/t/cifs-share-access: access a file in a share using cifs
2003 - Ask the user if we can run testparm against the config file. If yes,
2004 include its stderr and exit status in the bug report. Otherwise, only
2005 include the exit status. (LP #1694334)
2006 - If systemctl is available, use it to query the status of the smbd
2007 service before trying to reload it. Otherwise, keep the same check
2008 as before and reload the service based on the existence of the
2009 initscript. (LP #1579597)
2010 - d/rules: Compile winbindd/winbindd statically.
2011 - Disable glusterfs support because it's not in main.
2012 MIR bug is https://launchpad.net/bugs/1274247
2013
2014 -- Andreas Hasenack <andreas@canonical.com> Mon, 21 Aug 2017 17:27:08 -0300
2015
828samba (2:4.6.7+dfsg-1) unstable; urgency=medium2016samba (2:4.6.7+dfsg-1) unstable; urgency=medium
8292017
830 * New upstream version2018 * New upstream version
@@ -836,6 +2024,60 @@ samba (2:4.6.7+dfsg-1) unstable; urgency=medium
8362024
837 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +02002025 -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200
8382026
2027samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium
2028
2029 * Merge with Debian unstable (LP: #1700644). Remaining changes:
2030 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2031 - debian/smb.conf;
2032 + Add "(Samba, Ubuntu)" to server string.
2033 + Comment out the default [homes] share, and add a comment about
2034 "valid users = %s" to show users how to restrict access to
2035 \\server\username to only username.
2036 - debian/samba-common.config:
2037 + Do not change priority to high if dhclient3 is installed.
2038 - Add apport hook:
2039 + Created debian/source_samba.py.
2040 + debian/rules, debian/samba-common-bin.install: install hook.
2041 - Add extra DEP8 tests to samba (LP #1696823):
2042 + d/t/control: enable the new DEP8 tests
2043 + d/t/smbclient-anonymous-share-list: list available shares anonymously
2044 + d/t/smbclient-authenticated-share-list: list available shares using
2045 an authenticated connection
2046 + d/t/smbclient-share-access: create a share and download a file from it
2047 + d/t/cifs-share-access: access a file in a share using cifs
2048 - Ask the user if we can run testparm against the config file. If yes,
2049 include its stderr and exit status in the bug report. Otherwise, only
2050 include the exit status. (LP #1694334)
2051 - If systemctl is available, use it to query the status of the smbd
2052 service before trying to reload it. Otherwise, keep the same check
2053 as before and reload the service based on the existence of the
2054 initscript. (LP #1579597)
2055 * Drop:
2056 - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
2057 [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
2058 fix-1584485.patch was dropped there.]
2059 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2060 pam_winbind krb5_ccache_type=FILE failure
2061 [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
2062 in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
2063 - debian/patches/winbind_trusted_domains.patch: make sure domain
2064 members can talk to trusted domains DCs.
2065 [Upstream committed a different fix, see updated patch attached to
2066 https://bugzilla.samba.org/show_bug.cgi?id=11830]
2067 - d/control: add libcephfs-dev as b-d to build vfs_ceph
2068 [Adopted by Debian in 2:4.6.5+dfsg-1]
2069 - debian/patches/CVE-2017-11103.patch: use encrypted service
2070 name rather than unencrypted (and therefore spoofable) version
2071 in heimdal
2072 [Adopted by Debian as
2073 d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
2074 - Cherrypick upstream patch to fix FTBFS with new ceph lib.
2075 [Merged upstream in 4.6.0rc1]
2076 * Disable glusterfs support because it's not in main.
2077 MIR bug is https://launchpad.net/bugs/1274247
2078
2079 -- Andreas Hasenack <andreas@canonical.com> Thu, 10 Aug 2017 22:20:22 -0300
2080
839samba (2:4.6.5+dfsg-8) unstable; urgency=medium2081samba (2:4.6.5+dfsg-8) unstable; urgency=medium
8402082
841 * Remove dependency on update-inetd, not used anymore2083 * Remove dependency on update-inetd, not used anymore
@@ -955,6 +2197,77 @@ samba (2:4.6.5+dfsg-1) experimental; urgency=medium
9552197
956 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +02002198 -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200
9572199
2200samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium
2201
2202 * Cherrypick upstream patch to fix FTBFS with new ceph lib.
2203
2204 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:34:24 +0100
2205
2206samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium
2207
2208 * SECURITY UPDATE: KDC-REP service name impersonation
2209 - debian/patches/CVE-2017-11103.patch: use encrypted service
2210 name rather than unencrypted (and therefore spoofable) version
2211 in heimdal
2212 - CVE-2017-11103
2213
2214 -- Steve Beattie <sbeattie@ubuntu.com> Mon, 17 Jul 2017 16:22:28 -0700
2215
2216samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium
2217
2218 * No-change rebuild against libldb 1.1.29
2219
2220 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Jun 2017 16:09:33 -0700
2221
2222samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium
2223
2224 * Add extra DEP8 tests to samba (LP: #1696823):
2225 - d/t/control: enable the new DEP8 tests
2226 - d/t/smbclient-anonymous-share-list: list available shares anonymously
2227 - d/t/smbclient-authenticated-share-list: list available shares using
2228 an authenticated connection
2229 - d/t/smbclient-share-access: create a share and download a file from it
2230 - d/t/cifs-share-access: access a file in a share using cifs
2231 * Ask the user if we can run testparm against the config file. If yes,
2232 include its stderr and exit status in the bug report. Otherwise, only
2233 include the exit status. (LP: #1694334)
2234 * If systemctl is available, use it to query the status of the smbd
2235 service before trying to reload it. Otherwise, keep the same check
2236 as before and reload the service based on the existence of the
2237 initscript. (LP: #1579597)
2238 * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
2239 module. There is a fixed version of that patch attached to
2240 #1677329 but it has not been vetted yet, so for now it's best
2241 to revert (again) so that pam_winbind can be used.
2242 (LP: #1677329, LP: #1644428)
2243
2244 -- Andreas Hasenack <andreas@canonical.com> Mon, 19 Jun 2017 10:49:29 -0700
2245
2246samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium
2247
2248 * Merge from Debian unstable. Remaining changes:
2249 - debian/VERSION.patch: Update vendor string to "Ubuntu".
2250 - debian/smb.conf;
2251 + Add "(Samba, Ubuntu)" to server string.
2252 + Comment out the default [homes] share, and add a comment about
2253 "valid users = %s" to show users how to restrict access to
2254 \\server\username to only username.
2255 - debian/samba-common.config:
2256 + Do not change priority to high if dhclient3 is installed.
2257 - Add apport hook:
2258 + Created debian/source_samba.py.
2259 + debian/rules, debian/samba-common-bin.install: install hook.
2260 - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2261 pam_winbind krb5_ccache_type=FILE failure
2262 - debian/patches/winbind_trusted_domains.patch: make sure domain
2263 members can talk to trusted domains DCs.
2264 - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
2265 to be statically linked
2266 - d/rules: Compile winbindd/winbindd statically.
2267 - d/control: add libcephfs-dev as b-d to build vfs_ceph
2268
2269 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 15 Jun 2017 14:17:43 -0400
2270
958samba (2:4.5.8+dfsg-2) unstable; urgency=high2271samba (2:4.5.8+dfsg-2) unstable; urgency=high
9592272
960 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside2273 * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
@@ -969,6 +2282,23 @@ samba (2:4.5.8+dfsg-1) unstable; urgency=high
9692282
970 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +02002283 -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200
9712284
2285samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium
2286
2287 * SECURITY UPDATE: remote code execution from a writable share
2288 - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
2289 slash inside in source3/rpc_server/srv_pipe.c.
2290 - CVE-2017-7494
2291
2292 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2017 07:39:13 -0400
2293
2294samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium
2295
2296 * SECURITY UPDATE: Symlink race allows access outside share definition
2297 - Updated to new upstream release 4.5.8.
2298 - CVE-2017-2619
2299
2300 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 21 Apr 2017 07:33:25 -0400
2301
972samba (2:4.5.6+dfsg-2) unstable; urgency=high2302samba (2:4.5.6+dfsg-2) unstable; urgency=high
9732303
974 * This is a security release in order to address the following defects:2304 * This is a security release in order to address the following defects:
@@ -998,6 +2328,61 @@ samba (2:4.5.5+dfsg-1) unstable; urgency=medium
9982328
999 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +01002329 -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100
10002330
2331samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium
2332
2333 * d/control: add libcephfs-dev as b-d to build vfs_ceph
2334 (LP: #1668940).
2335
2336 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Mon, 06 Mar 2017 11:13:41 -0800
2337
2338samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
2339
2340 * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
2341 changes:
2342 + debian/VERSION.patch: Update vendor string to "Ubuntu".
2343 + debian/smb.conf;
2344 - Add "(Samba, Ubuntu)" to server string.
2345 - Comment out the default [homes] share, and add a comment about "valid users = %s"
2346 to show users how to restrict access to \\server\username to only username.
2347 + debian/samba-common.config:
2348 - Do not change prioritiy to high if dhclient3 is installed.
2349 + Add apport hook:
2350 - Created debian/source_samba.py.
2351 - debian/rules, debia/samb-common-bin.install: install hook.
2352 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2353 pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
2354 + debian/patches/winbind_trusted_domains.patch: make sure domain members
2355 can talk to trusted domains DCs.
2356 [ update patch based upon upstream discussion ]
2357 + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
2358 to be statically linked fixes LP #1584485.
2359 + d/rules: Compile winbindd/winbindd statically.
2360 * Drop:
2361 - Delete debian/.gitignore
2362 [ Previously undocumented ]
2363 - debian/patches/git_smbclient_cpu.patch:
2364 + backport upstream patch to fix smbclient users hanging/eating cpu on
2365 trying to contact a machine which is not there (lp #1572260)
2366 [ Fixed upstream ]
2367 - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
2368 + debian/patches/CVE-2016-2123.patch: check lengths in
2369 librpc/ndr/ndr_dnsp.c.
2370 + CVE-2016-2123
2371 [ Fixed in Debian ]
2372 - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
2373 + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
2374 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
2375 source4/auth/gensec/gensec_gssapi.c.
2376 + CVE-2016-2125
2377 [ Fixed in Debian ]
2378 - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
2379 + debian/patches/CVE-2016-2126.patch: only allow known checksum types
2380 in auth/kerberos/kerberos_pac.c.
2381 + CVE-2016-2126
2382 [ Fixed in Debian ]
2383
2384 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 26 Jan 2017 17:20:15 -0800
2385
1001samba (2:4.5.4+dfsg-1) unstable; urgency=medium2386samba (2:4.5.4+dfsg-1) unstable; urgency=medium
10022387
1003 [ Mathieu Parent ]2388 [ Mathieu Parent ]
@@ -1125,6 +2510,77 @@ samba (2:4.4.5+dfsg-3) unstable; urgency=medium
11252510
1126 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +02002511 -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200
11272512
2513samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium
2514
2515 * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
2516 - debian/patches/CVE-2016-2123.patch: check lengths in
2517 librpc/ndr/ndr_dnsp.c.
2518 - CVE-2016-2123
2519 * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
2520 - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
2521 source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
2522 source4/auth/gensec/gensec_gssapi.c.
2523 - CVE-2016-2125
2524 * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
2525 - debian/patches/CVE-2016-2126.patch: only allow known checksum types
2526 in auth/kerberos/kerberos_pac.c.
2527 - CVE-2016-2126
2528
2529 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Jan 2017 12:32:25 -0500
2530
2531samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high
2532
2533 * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
2534 to be statically linked fixes LP: #1584485.
2535
2536 * d/rules: Compile winbindd/winbindd statically.
2537
2538 -- Jorge Niedbalski <jorge.niedbalski@canonical.com> Wed, 02 Nov 2016 13:59:10 +0100
2539
2540samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium
2541
2542 * No-change rebuild for readline soname change.
2543
2544 -- Matthias Klose <doko@ubuntu.com> Sun, 18 Sep 2016 10:26:52 +0000
2545
2546samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium
2547
2548 * No-change rebuild for readline soname change.
2549
2550 -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:09:21 +0000
2551
2552samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium
2553
2554 * debian/patches/git_smbclient_cpu.patch:
2555 - backport upstream patch to fix smbclient users hanging/eating cpu on
2556 trying to contact a machine which is not there (lp: #1572260)
2557
2558 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 05 Aug 2016 17:32:43 +0200
2559
2560samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low
2561
2562 * Merge from Debian unstable. Remaining changes:
2563 + debian/VERSION.patch: Update vendor string to "Ubuntu".
2564 + debian/smb.conf;
2565 - Add "(Samba, Ubuntu)" to server string.
2566 - Comment out the default [homes] share, and add a comment about "valid users = %s"
2567 to show users how to restrict access to \\server\username to only username.
2568 + debian/samba-common.config:
2569 - Do not change prioritiy to high if dhclient3 is installed.
2570 + Add apport hook:
2571 - Created debian/source_samba.py.
2572 - debian/rules, debia/samb-common-bin.install: install hook.
2573 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2574 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
2575 + debian/patches/winbind_trusted_domains.patch: make sure domain members
2576 can talk to trusted domains DCs.
2577 * Dropped changes:
2578 - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
2579 never done in Debian, revert.
2580 - ufw integration: included in Debian.
2581
2582 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 14 Jul 2016 17:45:46 -0700
2583
1128samba (2:4.4.5+dfsg-2) unstable; urgency=medium2584samba (2:4.4.5+dfsg-2) unstable; urgency=medium
11292585
1130 * Disable running of 'make quicktest' during build, as it takes very2586 * Disable running of 'make quicktest' during build, as it takes very
@@ -1252,6 +2708,20 @@ samba (2:4.4.0+dfsg-1) experimental; urgency=medium
12522708
1253 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +12002709 -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200
12542710
2711samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium
2712
2713 * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
2714 the previous security updates. (LP: #1577739)
2715 - debian/control: bump tevent Build-Depends to 0.9.28.
2716 * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
2717 - debian/patches/samba-bug11912.patch: let msrpc_parse() return
2718 talloc'ed empty strings in libcli/auth/msrpc_parse.c.
2719 - debian/patches/samba-bug11914.patch: make
2720 ntlm_auth_generate_session_info() more complete in
2721 source3/utils/ntlm_auth.c.
2722
2723 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 May 2016 09:29:15 -0400
2724
1255samba (2:4.3.8+dfsg-1) unstable; urgency=low2725samba (2:4.3.8+dfsg-1) unstable; urgency=low
12562726
1257 [ Jelmer Vernooij ]2727 [ Jelmer Vernooij ]
@@ -1266,6 +2736,25 @@ samba (2:4.3.8+dfsg-1) unstable; urgency=low
12662736
1267 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +00002737 -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000
12682738
2739samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
2740
2741 * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
2742 - CVE-2015-5370: Multiple errors in DCE-RPC code
2743 - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
2744 - CVE-2016-2111: NETLOGON Spoofing Vulnerability
2745 - CVE-2016-2112: The LDAP client and server don't enforce integrity
2746 protection
2747 - CVE-2016-2113: Missing TLS certificate validation allows man in the
2748 middle attacks
2749 - CVE-2016-2114: "server signing = mandatory" not enforced
2750 - CVE-2016-2115: SMB client connections for IPC traffic are not
2751 integrity protected
2752 - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
2753 * debian/patches/winbind_trusted_domains.patch: make sure domain members
2754 can talk to trusted domains DCs.
2755
2756 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400
2757
1269samba (2:4.3.7+dfsg-1) unstable; urgency=high2758samba (2:4.3.7+dfsg-1) unstable; urgency=high
12702759
1271 * New upstream release.2760 * New upstream release.
@@ -1308,6 +2797,29 @@ samba (2:4.3.6+dfsg-2) unstable; urgency=low
13082797
1309 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +02002798 -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200
13102799
2800samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium
2801
2802 * Merge with Debian; remaining changes:
2803 + debian/VERSION.patch: Update vendor string to "Ubuntu".
2804 + debian/smb.conf;
2805 - Add "(Samba, Ubuntu)" to server string.
2806 - Comment out the default [homes] share, and add a comment about "valid users = %s"
2807 to show users how to restrict access to \\server\username to only username.
2808 + debian/samba-common.config:
2809 - Do not change prioritiy to high if dhclient3 is installed.
2810 + debian/control:
2811 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
2812 + Add ufw integration:
2813 - Created debian/samba.ufw.profile:
2814 - debian/rules, debian/samba.install: install profile
2815 + Add apport hook:
2816 - Created debian/source_samba.py.
2817 - debian/rules, debia/samb-common-bin.install: install hook.
2818 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2819 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
2820
2821 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Mar 2016 08:49:12 -0500
2822
1311samba (2:4.3.6+dfsg-1) unstable; urgency=medium2823samba (2:4.3.6+dfsg-1) unstable; urgency=medium
13122824
1313 * New upstream release.2825 * New upstream release.
@@ -1353,6 +2865,42 @@ samba (2:4.3.3+dfsg-2) unstable; urgency=medium
13532865
1354 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +01002866 -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100
13552867
2868samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium
2869
2870 * No-change rebuild for gnutls transition.
2871
2872 -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:43 +0000
2873
2874samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium
2875
2876 * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
2877 (LP: #1545750)
2878
2879 -- Dariusz Gadomski <dariusz.gadomski@canonical.com> Mon, 15 Feb 2016 16:05:12 +0100
2880
2881samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium
2882
2883 * Merge with Debian; remaining changes:
2884 + debian/VERSION.patch: Update vendor string to "Ubuntu".
2885 + debian/smb.conf;
2886 - Add "(Samba, Ubuntu)" to server string.
2887 - Comment out the default [homes] share, and add a comment about "valid users = %s"
2888 to show users how to restrict access to \\server\username to only username.
2889 + debian/samba-common.config:
2890 - Do not change prioritiy to high if dhclient3 is installed.
2891 + debian/control:
2892 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
2893 + Add ufw integration:
2894 - Created debian/samba.ufw.profile:
2895 - debian/rules, debian/samba.install: install profile
2896 + Add apport hook:
2897 - Created debian/source_samba.py.
2898 - debian/rules, debia/samb-common-bin.install: install hook.
2899 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
2900 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
2901
2902 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Jan 2016 07:41:39 -0500
2903
1356samba (2:4.3.3+dfsg-1) unstable; urgency=medium2904samba (2:4.3.3+dfsg-1) unstable; urgency=medium
13572905
1358 * New upstream release. Closes: #808133.2906 * New upstream release. Closes: #808133.
@@ -1437,6 +2985,63 @@ samba (2:4.2.1+dfsg-1) experimental; urgency=medium
14372985
1438 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +00002986 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000
14392987
2988samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium
2989
2990 * Resolve small merge error in the rules
2991
2992 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 12:02:12 +0100
2993
2994samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium
2995
2996 * Backport Debian change to remove libpam-smbpasswd, it segfaults
2997 leading to non working session (lp: #1515207)
2998
2999 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 16 Dec 2015 11:47:44 +0100
3000
3001samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium
3002
3003 * Build with the new ldb
3004
3005 -- Sebastien Bacher <seb128@ubuntu.com> Wed, 18 Nov 2015 11:45:32 +0100
3006
3007samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium
3008
3009 * debian/samba.logrotate:
3010 - revert to Debian version of the logrotate reload command, fix an
3011 invalid syntax introduced in the upstart->systemd transition
3012 (lp: #1385868)
3013
3014 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 10 Nov 2015 19:01:06 +0100
3015
3016samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium
3017
3018 * Merge with Debian; remaining changes:
3019 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3020 + debian/smb.conf;
3021 - Add "(Samba, Ubuntu)" to server string.
3022 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3023 to show users how to restrict access to \\server\username to only username.
3024 + debian/samba-common.config:
3025 - Do not change prioritiy to high if dhclient3 is installed.
3026 + debian/control:
3027 - Don't build against or suggest ctdb and tdb.
3028 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
3029 + debian/rules:
3030 - Drop explicit configuration options for ctdb and tdb.
3031 + Add ufw integration:
3032 - Created debian/samba.ufw.profile:
3033 - debian/rules, debian/samba.install: install profile
3034 + Add apport hook:
3035 - Created debian/source_samba.py.
3036 - debian/rules, debia/samb-common-bin.install: install hook.
3037 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
3038 processes such that it works under both upstart and systemd.
3039 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3040 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3041 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
3042
3043 -- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2015 14:57:47 +0200
3044
1440samba (2:4.1.20+dfsg-1) unstable; urgency=medium3045samba (2:4.1.20+dfsg-1) unstable; urgency=medium
14413046
1442 * New upstream release (last compatible with current OpenChange).3047 * New upstream release (last compatible with current OpenChange).
@@ -1450,6 +3055,44 @@ samba (2:4.1.17+dfsg-5) unstable; urgency=medium
14503055
1451 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +00003056 -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000
14523057
3058samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium
3059
3060 * debian/control:
3061 - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
3062
3063 -- Robert Ancell <robert.ancell@canonical.com> Tue, 11 Aug 2015 11:34:50 +1200
3064
3065samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium
3066
3067 * Merge from Debian unstable. Remaining changes:
3068 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3069 + debian/smb.conf;
3070 - Add "(Samba, Ubuntu)" to server string.
3071 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3072 to show users how to restrict access to \\server\username to only username.
3073 + debian/samba-common.config:
3074 - Do not change prioritiy to high if dhclient3 is installed.
3075 + debian/control:
3076 - Don't build against or suggest ctdb and tdb.
3077 + debian/rules:
3078 - Drop explicit configuration options for ctdb and tdb.
3079 + Add ufw integration:
3080 - Created debian/samba.ufw.profile:
3081 - debian/rules, debian/samba.install: install profile
3082 + Add apport hook:
3083 - Created debian/source_samba.py.
3084 - debian/rules, debia/samb-common-bin.install: install hook.
3085 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
3086 processes such that it works under both upstart and systemd.
3087 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3088 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3089 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
3090 + debian/patches/git_timeout_client_error.patch:
3091 - don't let smb mounts timeout that leads to errors when trying to
3092 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
3093
3094 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 08 May 2015 10:49:12 +0200
3095
1453samba (2:4.1.17+dfsg-4) unstable; urgency=medium3096samba (2:4.1.17+dfsg-4) unstable; urgency=medium
14543097
1455 * Add pidl_reproducible.patch: Make pidl output reproducible.3098 * Add pidl_reproducible.patch: Make pidl output reproducible.
@@ -1486,6 +3129,53 @@ samba (2:4.1.17+dfsg-1) unstable; urgency=high
14863129
1487 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +01003130 -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100
14883131
3132samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium
3133
3134 * debian/patches/git_timeout_client_error.patch:
3135 - don't let smb mounts timeout that leads to errors when trying to
3136 reuse a mount after idling for a while in e.g nautilus (lp: #310932)
3137
3138 -- Sebastien Bacher <seb128@ubuntu.com> Fri, 03 Apr 2015 17:20:06 +0200
3139
3140samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium
3141
3142 * SECURITY UPDATE: code execution vulnerability in smbd daemon
3143 - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
3144 uninitialized pointer and don't dereference a NULL pointer in
3145 source3/rpc_server/netlogon/srv_netlog_nt.c.
3146 - CVE-2015-0240
3147
3148 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Feb 2015 08:36:51 -0500
3149
3150samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low
3151
3152 * Merge from Debian unstable. Remaining changes:
3153 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3154 + debian/smb.conf;
3155 - Add "(Samba, Ubuntu)" to server string.
3156 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3157 to show users how to restrict access to \\server\username to only username.
3158 + debian/samba-common.config:
3159 - Do not change prioritiy to high if dhclient3 is installed.
3160 + debian/control:
3161 - Don't build against or suggest ctdb and tdb.
3162 + debian/rules:
3163 - Drop explicit configuration options for ctdb and tdb.
3164 + Add ufw integration:
3165 - Created debian/samba.ufw.profile:
3166 - debian/rules, debian/samba.install: install profile
3167 + Add apport hook:
3168 - Created debian/source_samba.py.
3169 - debian/rules, debia/samb-common-bin.install: install hook.
3170 + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
3171 processes such that it works under both upstart and systemd.
3172 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3173 + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3174 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
3175 + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
3176
3177 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it> Wed, 21 Jan 2015 15:48:05 +0100
3178
1489samba (2:4.1.13+dfsg-4) unstable; urgency=medium3179samba (2:4.1.13+dfsg-4) unstable; urgency=medium
14903180
1491 * Revert previous patch, since ldb has an active module version check.3181 * Revert previous patch, since ldb has an active module version check.
@@ -1528,6 +3218,69 @@ samba (2:4.1.11+dfsg-2) unstable; urgency=medium
15283218
1529 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +02003219 -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200
15303220
3221samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium
3222
3223 * SECURITY UPDATE: elevation of privilege to AD Domain Controller
3224 - debian/patches/CVE-2014-8143.patch: check for extended access rights
3225 before allowing changes to userAccountControl in
3226 librpc/idl/security.idl, source4/auth/session.c,
3227 source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
3228 source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
3229 source4/rpc_server/lsa/dcesrv_lsa.c,
3230 source4/setup/schema_samba4.ldif.
3231 - CVE-2014-8143
3232
3233 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2015 09:19:12 -0500
3234
3235samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium
3236
3237 * No-change rebuild against current ldb. Note that I'm not claiming the
3238 merging for this package.
3239
3240 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 04 Dec 2014 07:50:22 +0100
3241
3242samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
3243
3244 * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
3245 pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
3246
3247 -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 11 Sep 2014 11:53:36 -0500
3248
3249samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
3250
3251 * Merge from Debian unstable. Remaining changes:
3252 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3253 + debian/smb.conf;
3254 - Add "(Samba, Ubuntu)" to server string.
3255 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3256 to show users how to restrict access to \\server\username to only username.
3257 + debian/samba-common.config:
3258 - Do not change prioritiy to high if dhclient3 is installed.
3259 + debian/control:
3260 - Don't build against or suggest ctdb and tdb.
3261 + debian/rules:
3262 - Drop explicit configuration options for ctdb and tdb.
3263 + Add ufw integration:
3264 - Created debian/samba.ufw.profile:
3265 - debian/rules, debian/samba.install: install profile
3266 + Add apport hook:
3267 - Created debian/source_samba.py.
3268 - debian/rules, debia/samb-common-bin.install: install hook.
3269 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3270 of hacking arround with pid files.
3271 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
3272 first dummy transitional package version.
3273 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3274
3275 * In logrotate, use service command to reload (send SIGHUP) the main
3276 processes such that it works under both upstart and systemd.
3277 * Drop CVE patches, applied upstream.
3278 * Drop patches absent from series: readline-ftbfs.patch,
3279 krb5_kt_start_seq.diff, config-bind99.patch
3280 * Drop debian/source/include-binaries, pyc files are correctly cleaned up
3281
3282 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 09 Aug 2014 21:26:23 +0100
3283
1531samba (2:4.1.11+dfsg-1) unstable; urgency=high3284samba (2:4.1.11+dfsg-1) unstable; urgency=high
15323285
1533 * New upstream release. Fixes:3286 * New upstream release. Fixes:
@@ -1563,6 +3316,62 @@ samba (2:4.1.9+dfsg-1) unstable; urgency=high
15633316
1564 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +02003317 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200
15653318
3319samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
3320
3321 * SECURITY UPDATE: remote code execution on unauthenticated nmbd
3322 - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
3323 lib/util/string_wrappers.h.
3324 - CVE-2014-3560
3325
3326 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 Aug 2014 17:54:54 -0400
3327
3328samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
3329
3330 * SECURITY UPDATE: denial of service on nmbd malformed packet
3331 - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
3332 source3/lib/system.c.
3333 - CVE-2014-0244
3334 * SECURITY UPDATE: denial of service via bad unicode conversion
3335 - debian/patches/CVE-2014-3493.patch: refactor code in
3336 source3/lib/charcnv.c, change return code checks in
3337 source3/libsmb/clirap.c, source3/smbd/lanman.c.
3338 - CVE-2014-3493
3339
3340 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Jun 2014 14:10:12 -0400
3341
3342samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
3343
3344 * Merge from Debian unstable. Remaining changes:
3345 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3346 + debian/smb.conf;
3347 - Add "(Samba, Ubuntu)" to server string.
3348 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3349 to show users how to restrict access to \\server\username to only username.
3350 + debian/samba-common.config:
3351 - Do not change prioritiy to high if dhclient3 is installed.
3352 + debian/control:
3353 - Don't build against or suggest ctdb and tdb.
3354 + debian/rules:
3355 - Drop explicit configuration options for ctdb and tdb.
3356 + Add ufw integration:
3357 - Created debian/samba.ufw.profile:
3358 - debian/rules, debian/samba.install: install profile
3359 + Add apport hook:
3360 - Created debian/source_samba.py.
3361 - debian/rules, debia/samb-common-bin.install: install hook.
3362 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3363 of hacking arround with pid files.
3364 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
3365 first dummy transitional package version.
3366 + Dropped patches:
3367 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
3368 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
3369 - debian/patches/readline-ftbfs.patch: Use the debian version.
3370 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3371 (LP: #1268180)
3372
3373 -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jun 2014 10:50:25 -0400
3374
1566samba (2:4.1.8+dfsg-1) unstable; urgency=medium3375samba (2:4.1.8+dfsg-1) unstable; urgency=medium
15673376
1568 [ Jelmer Vernooij ]3377 [ Jelmer Vernooij ]
@@ -1600,6 +3409,74 @@ samba (2:4.1.7+dfsg-1) unstable; urgency=medium
16003409
1601 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +02003410 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200
16023411
3412samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
3413
3414 * Set the stack size to unlimited during the build to avoid a SIGBUS in
3415 xsltproc on some architectures.
3416
3417 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 23:18:40 +0100
3418
3419samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
3420
3421 * Backport from unstable (Ivo De Decker):
3422 - Build-depend on heimdal-dev.
3423
3424 -- Colin Watson <cjwatson@ubuntu.com> Mon, 02 Jun 2014 15:39:54 +0100
3425
3426samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
3427
3428 * No change rebuild against new dh_installinit, to call update-rc.d at
3429 postinst.
3430
3431 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:41:32 +0100
3432
3433samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
3434
3435 * cherrypick upstream patch 1310919 to fix pam_winbind regression
3436 (LP: #1310919)
3437
3438 -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Apr 2014 16:05:44 -0500
3439
3440samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
3441
3442 * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
3443 upgrade.
3444
3445 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 03 Apr 2014 19:08:03 -0700
3446
3447samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
3448
3449 * Merge from Debian unstable. Remaining changes:
3450 + debian/VERSION.patch: Update vendor string to "Ubuntu".
3451 + debian/smb.conf;
3452 - Add "(Samba, Ubuntu)" to server string.
3453 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3454 to show users how to restrict access to \\server\username to only username.
3455 + debian/samba-common.config:
3456 - Do not change prioritiy to high if dhclient3 is installed.
3457 + debian/control:
3458 - Don't build against or suggest ctdb and tdb.
3459 + debian/rules:
3460 - Drop explicit configuration options for ctdb and tdb.
3461 + Add ufw integration:
3462 - Created debian/samba.ufw.profile:
3463 - debian/rules, debian/samba.install: install profile
3464 + Add apport hook:
3465 - Created debian/source_samba.py.
3466 - debian/rules, debia/samb-common-bin.install: install hook.
3467 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3468 of hacking arround with pid files.
3469 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
3470 first dummy transitional package version.
3471 + Dropped patches:
3472 - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
3473 - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
3474 - debian/patches/readline-ftbfs.patch: Use the debian version.
3475 + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
3476 (LP: #1268180)
3477
3478 -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 13:40:30 -0400
3479
1603samba (2:4.1.6+dfsg-1) unstable; urgency=high3480samba (2:4.1.6+dfsg-1) unstable; urgency=high
16043481
1605 * New upstream security release. Fixes:3482 * New upstream security release. Fixes:
@@ -1659,6 +3536,77 @@ samba (2:4.1.4+dfsg-1) unstable; urgency=medium
16593536
1660 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +01003537 -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100
16613538
3539samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
3540
3541 * debian/smb.conf: comment back some of the "share definitions"
3542 options (including "valid users"). That was an Ubuntu diff and seems to
3543 have been dropped in the trusty merge. Those changes seem needed to
3544 get the usershare feature working (used by nautilus-share) (lp: #1261873)
3545
3546 -- Sebastien Bacher <seb128@ubuntu.com> Tue, 01 Apr 2014 16:01:04 +0200
3547
3548samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
3549
3550 * SECURITY UPDATE: Password lockout not enforced for SAMR password
3551 changes
3552 - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
3553 source3/auth/check_samsec.c,
3554 source3/rpc_server/samr/srv_samr_chgpasswd.c,
3555 source3/rpc_server/samr/srv_samr_nt.c,
3556 source3/smbd/lanman.c,
3557 source4/rpc_server/samr/samr_password.c,
3558 source4/torture/rpc/samr.c.
3559 - CVE-2013-4496
3560 * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
3561 mistake
3562 - debian/patches/CVE-2013-6442.patch: handle existing ACL in
3563 source3/utils/smbcacls.c.
3564 - CVE-2013-6442
3565 * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
3566
3567 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2014 08:32:30 -0400
3568
3569samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
3570
3571 * Depend on tdb-tools (LP: #1279593)
3572 * Updated generated config for Bind9.9.
3573
3574 -- Stéphane Graber <stgraber@ubuntu.com> Wed, 12 Feb 2014 21:26:00 -0500
3575
3576samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
3577
3578 * Add missing python-ntdb dependency to python-samba (spotted by
3579 autopkgtest).
3580
3581 -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 10 Feb 2014 09:53:01 +0100
3582
3583samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
3584
3585 * Merge from Debian Unstable:
3586 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3587 * debian/smb.conf;
3588 - Add "(Samba, Ubuntu)" to server string.
3589 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3590 to show users how to restrict access to \\server\username to only username.
3591 + debian/samba-common.config:
3592 - Do not change prioritiy to high if dhclient3 is installed.
3593 + debian/control:
3594 - Don't build against or suggest ctdb and tdb.
3595 + debian/rules:
3596 - Drop explicit configuration options for ctdb and tdb.
3597 + Add ufw integration:
3598 - Created debian/samba.ufw.profile:
3599 - debian/rules, debian/samba.install: install profile
3600 + Add apport hook:
3601 - Created debian/source_samba.py.
3602 - debian/rules, debia/samb-common-bin.install: install hook.
3603 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3604 of hacking arround with pid files.
3605 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
3606 first dummy transitional package version.
3607
3608 -- Chuck Short <zulcss@ubuntu.com> Mon, 13 Jan 2014 08:52:31 -0500
3609
1662samba (2:4.1.3+dfsg-2) unstable; urgency=medium3610samba (2:4.1.3+dfsg-2) unstable; urgency=medium
16633611
1664 * Add debug symbols for all binaries to samba-dbg. Closes: #7324933612 * Add debug symbols for all binaries to samba-dbg. Closes: #732493
@@ -1701,6 +3649,33 @@ samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
17013649
1702 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -08003650 -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800
17033651
3652samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
3653
3654 * Merge from Debian Unstable:
3655 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3656 * debian/smb.conf;
3657 - Add "(Samba, Ubuntu)" to server string.
3658 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3659 to show users how to restrict access to \\server\username to only username.
3660 + debian/samba-common.config:
3661 - Do not change prioritiy to high if dhclient3 is installed.
3662 + debian/control:
3663 - Don't build against or suggest ctdb and tdb.
3664 + debian/rules:
3665 - Drop explicit configuration options for ctdb and tdb.
3666 + Add ufw integration:
3667 - Created debian/samba.ufw.profile:
3668 - debian/rules, debian/samba.install: install profile
3669 + Add apport hook:
3670 - Created debian/source_samba.py.
3671 - debian/rules, debia/samb-common-bin.install: install hook.
3672 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3673 of hacking arround with pid files.
3674 + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
3675 first dummy transitional package version.
3676
3677 -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Dec 2013 19:55:47 -0500
3678
1704samba (2:4.0.13+dfsg-1) unstable; urgency=high3679samba (2:4.0.13+dfsg-1) unstable; urgency=high
17053680
1706 [ Steve Langasek ]3681 [ Steve Langasek ]
@@ -1755,6 +3730,37 @@ samba (2:4.0.11+dfsg-1) unstable; urgency=high
17553730
1756 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +01003731 -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100
17573732
3733samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
3734
3735 * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
3736
3737 -- Dmitrijs Ledkovs <xnox@ubuntu.com> Wed, 27 Nov 2013 21:50:43 +0000
3738
3739samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
3740
3741 * Merge from Debian Unstable:
3742 - debian/VERSION.patch: Update vendor string to "Ubuntu".
3743 * debian/smb.conf;
3744 - Add "(Samba, Ubuntu)" to server string.
3745 - Comment out the default [homes] share, and add a comment about "valid users = %s"
3746 to show users how to restrict access to \\server\username to only username.
3747 + debian/samba-common.config:
3748 - Do not change prioritiy to high if dhclient3 is installed.
3749 + debian/control:
3750 - Don't build against or suggest ctdb and tdb.
3751 + debian/rules:
3752 - Drop explicit configuration options for ctdb and tdb.
3753 + Add ufw integration:
3754 - Created debian/samba.ufw.profile:
3755 - debian/rules, debian/samba.install: install profile
3756 + Add apport hook:
3757 - Created debian/source_samba.py.
3758 - debian/rules, debia/samb-common-bin.install: install hook.
3759 + debian/samba.logrotate: call upstart interfaces unconditionally instead
3760 of hacking arround with pid files.
3761
3762 -- Chuck Short <zulcss@ubuntu.com> Fri, 08 Nov 2013 13:47:46 +0800
3763
1758samba (2:4.0.10+dfsg-4) unstable; urgency=low3764samba (2:4.0.10+dfsg-4) unstable; urgency=low
17593765
1760 [ Christian Perrier ]3766 [ Christian Perrier ]
diff --git a/debian/control b/debian/control
index dbf7d5e..dfca457 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: samba1Source: samba
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
5Uploaders: Steve Langasek <vorlon@debian.org>,6Uploaders: Steve Langasek <vorlon@debian.org>,
6 Jelmer Vernooij <jelmer@debian.org>,7 Jelmer Vernooij <jelmer@debian.org>,
7 Mathieu Parent <sathieu@debian.org>,8 Mathieu Parent <sathieu@debian.org>,
@@ -22,12 +23,11 @@ Build-Depends: bison,
22 libblkid-dev,23 libblkid-dev,
23 libbsd-dev,24 libbsd-dev,
24 libcap-dev [linux-any],25 libcap-dev [linux-any],
25 libcephfs-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el ppc64 s390x x32],26 libcephfs-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el ppc64 s390x x32],
26 libcmocka-dev (>= 1.1.3),27 libcmocka-dev (>= 1.1.3),
27 libcups2-dev,28 libcups2-dev,
28 libdbus-1-dev,29 libdbus-1-dev,
29 libglusterfs-dev [linux-any],30 libgnutls28-dev (>= 3.6.5),
30 libgnutls28-dev,
31 libgpgme11-dev,31 libgpgme11-dev,
32 libicu-dev,32 libicu-dev,
33 libjansson-dev,33 libjansson-dev,
@@ -38,7 +38,7 @@ Build-Depends: bison,
38 libparse-yapp-perl,38 libparse-yapp-perl,
39 libpcap-dev [hurd-i386 kfreebsd-any],39 libpcap-dev [hurd-i386 kfreebsd-any],
40 libpopt-dev,40 libpopt-dev,
41 librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el ppc64 s390x x32],41 librados-dev [amd64 arm64 armel armhf mips64el mipsel ppc64el ppc64 s390x x32],
42 libreadline-dev,42 libreadline-dev,
43 libsystemd-dev [linux-any],43 libsystemd-dev [linux-any],
44 libtalloc-dev (>= 2.3.1~),44 libtalloc-dev (>= 2.3.1~),
@@ -46,7 +46,7 @@ Build-Depends: bison,
46 libtasn1-bin,46 libtasn1-bin,
47 libtdb-dev (>= 1.4.3~),47 libtdb-dev (>= 1.4.3~),
48 libtevent-dev (>= 0.10.2~),48 libtevent-dev (>= 0.10.2~),
49 liburing-dev [linux-any],49 liburing-dev [!i386],
50 perl,50 perl,
51 pkg-config,51 pkg-config,
52 po-debconf,52 po-debconf,
@@ -288,7 +288,7 @@ Multi-Arch: same
288Breaks: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)288Breaks: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)
289Replaces: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)289Replaces: samba (<< 2:4.3.2+dfsg-1), samba-libs (<< 2:4.3.2+dfsg-1)
290Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}290Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
291Recommends: ${vfsceph:Recommends}, ${vfsglusterfs:Recommends}, ${vfssnapper:Recommends}291Recommends: ${vfsceph:Recommends}, ${vfssnapper:Recommends}
292Enhances: samba292Enhances: samba
293Description: Samba Virtual FileSystem plugins293Description: Samba Virtual FileSystem plugins
294 Samba is an implementation of the SMB/CIFS protocol for Unix systems,294 Samba is an implementation of the SMB/CIFS protocol for Unix systems,
@@ -305,8 +305,8 @@ Description: Samba Virtual FileSystem plugins
305 * vfs_shadow_copy2: Expose snapshots to Windows clients as shadow copies305 * vfs_shadow_copy2: Expose snapshots to Windows clients as shadow copies
306 * vfs_worm: Disallow writes for older file306 * vfs_worm: Disallow writes for older file
307 .307 .
308 Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are308 Note: The runtime dependencies of vfs_ceph and vfs_snapper are moved to
309 moved to Recommends.309 Recommends.
310310
311Package: libsmbclient311Package: libsmbclient
312Section: libs312Section: libs
diff --git a/debian/patches/VERSION.patch b/debian/patches/VERSION.patch
index d50c4c9..b92d155 100644
--- a/debian/patches/VERSION.patch
+++ b/debian/patches/VERSION.patch
@@ -1,5 +1,5 @@
1From: Eloy A. Paris <peloy@debian.org>1From: Eloy A. Paris <peloy@debian.org>
2Subject: Add "Debian" as vendor suffix2Subject: Add "Ubuntu" as vendor suffix
33
4Forwarded: not-needed4Forwarded: not-needed
5---5---
@@ -15,5 +15,5 @@ index d91963a..2650887 100644
15 # #15 # #
16 ########################################################16 ########################################################
17-SAMBA_VERSION_VENDOR_SUFFIX=17-SAMBA_VERSION_VENDOR_SUFFIX=
18+SAMBA_VERSION_VENDOR_SUFFIX=Debian18+SAMBA_VERSION_VENDOR_SUFFIX=Ubuntu
19 SAMBA_VERSION_VENDOR_PATCH=19 SAMBA_VERSION_VENDOR_PATCH=
diff --git a/debian/smb.conf b/debian/smb.conf
index 6a184f9..8c38ffa 100644
--- a/debian/smb.conf
+++ b/debian/smb.conf
@@ -28,6 +28,9 @@
28# Change this to the workgroup/NT-domain name your Samba server will part of28# Change this to the workgroup/NT-domain name your Samba server will part of
29 workgroup = WORKGROUP29 workgroup = WORKGROUP
3030
31# server string is the equivalent of the NT Description field
32 server string = %h server (Samba, Ubuntu)
33
31#### Networking ####34#### Networking ####
3235
33# The specific set of interfaces / networks to bind to36# The specific set of interfaces / networks to bind to
@@ -166,28 +169,31 @@
166169
167#======================= Share Definitions =======================170#======================= Share Definitions =======================
168171
169[homes]172# Un-comment the following (and tweak the other settings below to suit)
170 comment = Home Directories173# to enable the default home directory shares. This will share each
171 browseable = no174# user's home directory as \\server\username
175;[homes]
176; comment = Home Directories
177; browseable = no
172178
173# By default, the home directories are exported read-only. Change the179# By default, the home directories are exported read-only. Change the
174# next parameter to 'no' if you want to be able to write to them.180# next parameter to 'no' if you want to be able to write to them.
175 read only = yes181; read only = yes
176182
177# File creation mask is set to 0700 for security reasons. If you want to183# File creation mask is set to 0700 for security reasons. If you want to
178# create files with group=rw permissions, set next parameter to 0775.184# create files with group=rw permissions, set next parameter to 0775.
179 create mask = 0700185; create mask = 0700
180186
181# Directory creation mask is set to 0700 for security reasons. If you want to187# Directory creation mask is set to 0700 for security reasons. If you want to
182# create dirs. with group=rw permissions, set next parameter to 0775.188# create dirs. with group=rw permissions, set next parameter to 0775.
183 directory mask = 0700189; directory mask = 0700
184190
185# By default, \\server\username shares can be connected to by anyone191# By default, \\server\username shares can be connected to by anyone
186# with access to the samba server.192# with access to the samba server.
187# The following parameter makes sure that only "username" can connect193# Un-comment the following parameter to make sure that only "username"
188# to \\server\username194# can connect to \\server\username
189# This might need tweaking when using external authentication schemes195# This might need tweaking when using external authentication schemes
190 valid users = %S196; valid users = %S
191197
192# Un-comment the following and create the netlogon directory for Domain Logons198# Un-comment the following and create the netlogon directory for Domain Logons
193# (you need to configure Samba to act as a domain controller too.)199# (you need to configure Samba to act as a domain controller too.)
diff --git a/debian/tests/cifs-share-access-uring b/debian/tests/cifs-share-access-uring
index 013d12c..11a1914 100644
--- a/debian/tests/cifs-share-access-uring
+++ b/debian/tests/cifs-share-access-uring
@@ -3,6 +3,12 @@
3set -x3set -x
4set -e4set -e
55
6ARCH=$(dpkg --print-architecture)
7if [ "$ARCH" = "i386" ]; then
8 echo "liburing not available on $ARCH, skipping test"
9 exit 77
10fi
11
6. debian/tests/util12. debian/tests/util
713
8k_ver=$(uname -r | cut -d - -f 1)14k_ver=$(uname -r | cut -d - -f 1)
diff --git a/debian/tests/smbclient-share-access-uring b/debian/tests/smbclient-share-access-uring
index 27d69e0..07eab66 100644
--- a/debian/tests/smbclient-share-access-uring
+++ b/debian/tests/smbclient-share-access-uring
@@ -3,6 +3,12 @@
3set -x3set -x
4set -e4set -e
55
6ARCH=$(dpkg --print-architecture)
7if [ "$ARCH" = "i386" ]; then
8 echo "liburing not available on $ARCH, skipping test"
9 exit 77
10fi
11
6. debian/tests/util12. debian/tests/util
713
8k_ver=$(uname -r | cut -d - -f 1)14k_ver=$(uname -r | cut -d - -f 1)

Subscribers

People subscribed via source and target branches