lp:ubuntu/intrepid-updates/samba
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/samba
Branch merges
Branch information
Recent revisions
- 61. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary file disclosure via wide links
- debian/patches/ security- CVE-2010- 0926.patch: disable wide links when
UNIX extensions are enabled in source/param/loadparm. c,
source/smbd/service. c, source/ smbd/trans2. c, source/smbd/vfs.c,
docs/htmldocs/ manpages/ smb.conf. 5.html and docs/manpages/ smb.conf. 5.
- CVE-2010-0926
* WARNING: This changes the default samba behaviour. For security
reasons, it is no longer possible to use wide links and UNIX
extensions at the same time. After applying this security update, wide
links will be disabled automatically as UNIX extensions are turned on
by default. If wide links are required, you may re-enable them by
adding "unix extensions = no" to the [global] section of
the /etc/samba/smb.conf configuration file. - 60. By Marc Deslauriers
-
* SECURITY UPDATE: privilege escalation via mount.cifs race
- debian/patches/ security- CVE-2009- 3297.patch: validate mount point and
perform mount in "." to prevent race in source/client/ mount.cifs. c.
- CVE-2009-3297 - 59. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via string vulnerabilities in
smbclient
- debian/patches/ security- CVE-2009- 1886.patch: fix string format
vulnerabilities in source/client/ client. c.
- CVE-2009-1886
* SECURITY UPDATE: access control list modification when dos filemode is
enabled
- debian/patches/ security- CVE-2009- 1888.patch: fix group checking in
acl_group_override in source/ smbd/posix_ acls.c.
- CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
- debian/patches/ security- CVE-2009- 2813.patch: make sure home directory
is set in source/param/loadparm. c, source/ smbd/service. c.
- CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
setuid mount.cifs
- debian/patches/ security- CVE-2009- 2948.patch: don't open credentials
file if user doesn't have permission, and don't print password when
using verbose option in source/client/ mount.cifs. c.
- CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
notification reply
- debian/patches/ security- CVE-2009- 2906.patch: track messages already
processed in source/include/ smb.h, source/ smbd/process. c.
- CVE-2009-2906 - 58. By Marc Deslauriers
-
* SECURITY UPDATE: potential access to the root filesystem when using an
empty string share name.
- debian/patches/ security- CVE-2009- 0022.patch: make sure a non-empty share
name is used in load_registry_service( ) in source/ smbd/service. c.
- CVE-2009-0022 - 57. By Marc Deslauriers
-
* SECURITY UPDATE: potential arbitrary memory leak and crash via secondary
trans, trans2 and nttrans requests.
- debian/patches/ security- CVE-2008- 4314.patch: fix the offset checks in the
trans routines in source/smbd/{ipc. c,nttrans. c,trans2. c}.
- CVE-2008-4314
* debian/rules: do not update po tree for security updates. - 56. By Thierry Carrez
-
* Fix pam-smbpass.so crashing because it misses /var/lib/samba (LP: #260687)
- debian/samba-common. dirs: create /var/lib/samba in samba-common
- debian/samba.postrm: don't completely remove /var/lib/samba on purge
(just let samba-common postrm do it) - 54. By Chuck Short
-
* Merge from debian unstable, remaining changes:
- debian/patches/ VERSION. patch:
+ set SAMBA_VERSION_SUFFIX to Ubuntu.
- debian/smb.conf:
+ add "(Samba, Ubuntu)" to server string.
+ comment on the default [homes] shares, and add a comment about "valid user = %s"
to show users how to restrict access to \\server\username to only username.
+ add map to guest = Bad user, maps bad username to guest access. (LP: #32067)
- debian/samba-common. postinst:
+ Fix upgrade from a first installation done with feisty, edgy, or dapper.
(LP: #201059)
+ When populating the new sambashare group, it's not an error if the user
simply doesn't exist; test for this case and the install continue instead
of aborting. (LP: #206036)
- debian/samba-common. config:
+ do not change priority to HIGH if dhclient3 is installed.
+ use priority medium instead of HIGH for the workgroup question.
- debian/winbind. files:
+ include additional files
- debian/mksambapasswd. awk:
+ Don't add user with UID less than 1000 to smbpasswd.
- debian/control:
+ Depend on lsb-base >= 3.2-14, which has the status_of_proc() function.
+ Make libpam-smbpass depend on libpam-runtime for allowing libpam-smbpasss
to auto-configure itself.
- debian/samba.init:
+ Replace the previous 'status' gathering mechanism with the common one
now provided by status_of_proc() (LP: #247087).
- debian/winbind. init:
+ Add a pid variable and a 'status' action.
- debian/libpam- smbpass. pam-config, debian/ libpam- smbpass. postinst,
debian/libpam- smbpass. files, debian/rules: provide a config block for the
new PAM framework, allowing his PAM module to auto-configure itself.
- debian/libpam- smbpass. prerm: call pam-auth-update --remove on removal,
to clean up after ourselves.
- debian/rules: enable "native" PIE hardening.[Jamie Strandboge]
* Add ufw integration (thanks Nicolas Valcárcel) (LP: #261544)
- Created debian/samba.ufw. profile
- debian/rules: install profile
- debian/control: have samba Suggests ufw
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/samba