Ubuntu
samba package

lp:ubuntu/feisty-security/samba

  1. Feisty (7.04)
  2. feisty-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/feisty-security/samba
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

27. By Jamie Strandboge

* RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
  with certain client and server interactions with large file sizes.
* debian/patches/security-CVE-2008-1105_pt2.patch: adjust cli_negprot()
  to properly calculate buffer sizes
* References
  LP: #241448
  https://bugzilla.samba.org/show_bug.cgi?id=5517

26. By Jamie Strandboge

* SECURITY UPDATE: heap overflow when processing crafted SMB responses
* debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
  specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
  and process.c for these changes
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
  mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
  sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
  Backport regression fixes from upstream.
* References:
  CVE-2008-1105
  CVE-2007-4572
  LP: #235912

25. By Kees Cook

* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
* References
  CVE-2007-6015

24. By Jamie Strandboge

* removed debian/patches/security_CVE-2007-4572.patch as it
  caused regressions. This is believed to be a non-exploitable
  DoS, but will provide updated packages when a suitable fix
  is found.
* References:
  LP #163042
  LP #163116
  https://bugzilla.samba.org/show_bug.cgi?id=5087

23. By Jamie Strandboge

* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
  mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
  sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
* SECURITY UPDATE: arbitrary code execution in nmbd when configured as
  a WINS server when processing name registration and name query requests
* debian/patches/security_CVE-2007-5398.patch: properly check len in
  nmbd_packets.c
* References
  CVE-2007-4572
  CVE-2007-5398

22. By Kees Cook

* SECURITY UPDATE: regression in "force group" configured shares.
* security-regression_fix-force-group.patch: upstream fixes.
* References
  http://bugs.debian.org/424629

21. By Kees Cook

* SECURITY UPDATE: local priv escalation, remote heap overflows, remote
  command execution.
* security_local-sid-translation-priv-elevation.patch: upstream fixes
  (CVE-2007-2444)
* security_ndr-heap-overflows.patch: upstream fixes (CVE-2007-2446)
* security_remote-command-execution.patch: upstream fixed (CVE-2007-2447)

20. By Kees Cook

* Merge from debian unstable, remaining changes:
  * debian/smb.conf:
    - Do not show the version number by default
    - Comment out the default [homes] shares and add more verbose comments to
      explain what they do and how they work (closes: launchpad.net/27608)
    - Add a "valid users = %S" stanza to the commented-out [homes] section,
      to show users how to restrict access to \\server\username to only
      username.
    - Change the (commented-out) "printer admin" example to use "@lpadmin"
      instead of "@ntadmin", since the lpadmin group is used for spool admin.
  * debian/panic-action:
    - Alter the panic-action script to encourage users to report their
      bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
      Modify text to more closely match the Debian script
  * debian/samba-common.templates:
    - Set default workgroup to MSHOME
  * debian/control:
    - remove typehandling
    - add update-inetd to Depends
  * debian/patches/VERSION.patch:
    - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
  * debian/samba-common.config:
    - do not change priority to HIGH if dhclient3 is installed
  * debian/samba.init:
    - use of PIDDIR instead of hardcoding it
    - Munge our init script to deal with the fact that our implementation
      (or lack thereof) of log_daemon_msg and log_progress_msg differs
      from Debian's implementation of the same (Ubuntu #19691)
  * debian/rules:
    - remove type-handling
    - properly clean on make clean
    - do not install mount.cifs and umount.cifs as suid
  * debian/patches/ubuntu-auxsrc.patch:
    - some auxilliary sources (undocumented in previous changelogs)
  * Really drop debian/patches/ubuntu-fix-ldap.patch:
    - Fixed upstream, see Debian #274155

19. By Matthias Klose

Rebuild for python2.5 as the default python version.

18. By Michael Vogt

* Merge from debian unstable, remaining changes:
  * debian/smb.conf:
    - Do not show the version number by default
    - Comment out the default [homes] shares and add more verbose comments to
      explain what they do and how they work (closes: launchpad.net/27608)
    - Add a "valid users = %S" stanza to the commented-out [homes] section,
      to show users how to restrict access to \\server\username to only
      username.
    - Change the (commented-out) "printer admin" example to use "@lpadmin"
      instead of "@ntadmin", since the lpadmin group is used for spool admin.
  * debian/panic-action:
    - Alter the panic-action script to encourage users to report their
      bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
      Modify text to more closely match the Debian script
  * debian/samba-common.templates:
    - Set default workgroup to MSHOME
  * debian/control:
    - remove typehandling
    - add update-inetd to Depends
  * debian/patches/VERSION.patch:
    - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
  * debian/samba-common.config:
    - do not change priority to HIGH if dhclient3 is installed
  * debian/samba.init:
    - use of PIDDIR instead of hardcoding it
    - Munge our init script to deal with the fact that our implementation
      (or lack thereof) of log_daemon_msg and log_progress_msg differs
      from Debian's implementation of the same (Ubuntu #19691)
  * debian/rules:
    - remove type-handling
    - properly clean on make clean
    - do not install mount.cifs and umount.cifs as suid
  * debian/patches/ubuntu-auxsrc.patch:
    - some auxilliary sources (undocumented in previous changelogs)
  * debian/patches/ubuntu-fix-ldap.patch:
    - fix LDAP backend, see Ubuntu #1905, Debian #274155

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/samba
This branch contains Public information 
Everyone can see this information.

Subscribers