lp:ubuntu/feisty-security/samba
- Get this branch:
- bzr branch lp:ubuntu/feisty-security/samba
Branch merges
Branch information
Recent revisions
- 27. By Jamie Strandboge
-
* RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
with certain client and server interactions with large file sizes.
* debian/patches/ security- CVE-2008- 1105_pt2. patch: adjust cli_negprot()
to properly calculate buffer sizes
* References
LP: #241448
https://bugzilla. samba.org/ show_bug. cgi?id= 5517 - 26. By Jamie Strandboge
-
* SECURITY UPDATE: heap overflow when processing crafted SMB responses
* debian/patches/ security- CVE-2008- 1105.patch: update util_sock.c to require
specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
and process.c for these changes
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
mailslot requests
* debian/patches/ security_ CVE-2007- 4572.patch: check return values and
sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
Backport regression fixes from upstream.
* References:
CVE-2008-1105
CVE-2007-4572
LP: #235912 - 25. By Kees Cook
-
* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007- 6015.patch: thanks to Steve Langasek.
* References
CVE-2007-6015 - 24. By Jamie Strandboge
-
* removed debian/
patches/ security_ CVE-2007- 4572.patch as it
caused regressions. This is believed to be a non-exploitable
DoS, but will provide updated packages when a suitable fix
is found.
* References:
LP #163042
LP #163116
https://bugzilla. samba.org/ show_bug. cgi?id= 5087 - 23. By Jamie Strandboge
-
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
mailslot requests
* debian/patches/ security_ CVE-2007- 4572.patch: check return values and
sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
* SECURITY UPDATE: arbitrary code execution in nmbd when configured as
a WINS server when processing name registration and name query requests
* debian/patches/ security_ CVE-2007- 5398.patch: properly check len in
nmbd_packets.c
* References
CVE-2007-4572
CVE-2007-5398 - 22. By Kees Cook
-
* SECURITY UPDATE: regression in "force group" configured shares.
* security-regression_ fix-force- group.patch: upstream fixes.
* References
http://bugs.debian. org/424629 - 21. By Kees Cook
-
* SECURITY UPDATE: local priv escalation, remote heap overflows, remote
command execution.
* security_local-sid- translation- priv-elevation. patch: upstream fixes
(CVE-2007-2444)
* security_ndr-heap- overflows. patch: upstream fixes (CVE-2007-2446)
* security_remote- command- execution. patch: upstream fixed (CVE-2007-2447) - 20. By Kees Cook
-
* Merge from debian unstable, remaining changes:
* debian/smb.conf:
- Do not show the version number by default
- Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
- Add a "valid users = %S" stanza to the commented-out [homes] section,
to show users how to restrict access to \\server\username to only
username.
- Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin.
* debian/panic-action:
- Alter the panic-action script to encourage users to report their
bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
Modify text to more closely match the Debian script
* debian/samba-common. templates:
- Set default workgroup to MSHOME
* debian/control:
- remove typehandling
- add update-inetd to Depends
* debian/patches/ VERSION. patch:
- set SAMBA_VERSION_VENDOR_ SUFFIX to Ubuntu
* debian/samba-common. config:
- do not change priority to HIGH if dhclient3 is installed
* debian/samba.init:
- use of PIDDIR instead of hardcoding it
- Munge our init script to deal with the fact that our implementation
(or lack thereof) of log_daemon_msg and log_progress_msg differs
from Debian's implementation of the same (Ubuntu #19691)
* debian/rules:
- remove type-handling
- properly clean on make clean
- do not install mount.cifs and umount.cifs as suid
* debian/patches/ ubuntu- auxsrc. patch:
- some auxilliary sources (undocumented in previous changelogs)
* Really drop debian/patches/ ubuntu- fix-ldap. patch:
- Fixed upstream, see Debian #274155 - 18. By Michael Vogt
-
* Merge from debian unstable, remaining changes:
* debian/smb.conf:
- Do not show the version number by default
- Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
- Add a "valid users = %S" stanza to the commented-out [homes] section,
to show users how to restrict access to \\server\username to only
username.
- Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin.
* debian/panic-action:
- Alter the panic-action script to encourage users to report their
bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
Modify text to more closely match the Debian script
* debian/samba-common. templates:
- Set default workgroup to MSHOME
* debian/control:
- remove typehandling
- add update-inetd to Depends
* debian/patches/ VERSION. patch:
- set SAMBA_VERSION_VENDOR_ SUFFIX to Ubuntu
* debian/samba-common. config:
- do not change priority to HIGH if dhclient3 is installed
* debian/samba.init:
- use of PIDDIR instead of hardcoding it
- Munge our init script to deal with the fact that our implementation
(or lack thereof) of log_daemon_msg and log_progress_msg differs
from Debian's implementation of the same (Ubuntu #19691)
* debian/rules:
- remove type-handling
- properly clean on make clean
- do not install mount.cifs and umount.cifs as suid
* debian/patches/ ubuntu- auxsrc. patch:
- some auxilliary sources (undocumented in previous changelogs)
* debian/patches/ ubuntu- fix-ldap. patch:
- fix LDAP backend, see Ubuntu #1905, Debian #274155
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/samba