Ubuntu
samba package

lp:ubuntu/jaunty-updates/samba

  1. Jaunty (9.04)
  2. jaunty-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/jaunty-updates/samba
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

76. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via large number of SID sub authorities
  - debian/patches/security-CVE-2010-3069.patch: limit number of SID
    sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
    source/libsmb/cliquota.c, source/smbd/nttrans.c.
  - CVE-2010-3069

75. By Kees Cook

* SECURITY UPDATE: arbitrary remote code execution.
  - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

74. By Marc Deslauriers

* SECURITY UPDATE: arbitrary file disclosure via wide links
  - debian/patches/security-CVE-2010-0926.patch: disable wide links when
    UNIX extensions are enabled in source/include/proto.h,
    source/param/loadparm.c, source/smbd/service.c, source/smbd/trans2.c,
    source/smbd/vfs.c, docs/htmldocs/manpages/smb.conf.5.html and
    docs/manpages/smb.conf.5.
  - CVE-2010-0926
* WARNING: This changes the default samba behaviour. For security
  reasons, it is no longer possible to use wide links and UNIX
  extensions at the same time. After applying this security update, wide
  links will be disabled automatically as UNIX extensions are turned on
  by default. If wide links are required, you may re-enable them by
  adding "unix extensions = no" to the [global] section of
  the /etc/samba/smb.conf configuration file.

73. By Marc Deslauriers

* SECURITY UPDATE: privilege escalation via mount.cifs race
  - debian/patches/security-CVE-2009-3297.patch: validate mount point and
    perform mount in "." to prevent race in source/client/mount.cifs.c.
  - CVE-2009-3297

72. By Marc Deslauriers

* SECURITY UPDATE: access control list modification when dos filemode is
  enabled
  - debian/patches/security-CVE-2009-1888.patch: fix group checking in
    acl_group_override in source/smbd/posix_acls.c.
  - CVE-2009-1888
* SECURITY UPDATE: whole filesystem share via user with no home directory
  - debian/patches/security-CVE-2009-2813.patch: make sure home directory
    is set in source/param/loadparm.c, source/smbd/service.c.
  - CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
  setuid mount.cifs
  - debian/patches/security-CVE-2009-2948.patch: don't open credentials
    file if user doesn't have permission, and don't print password when
    using verbose option in source/client/mount.cifs.c.
  - CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
  notification reply
  - debian/patches/security-CVE-2009-2906.patch: track messages already
    processed in source/include/smb.h, source/smbd/process.c.
  - CVE-2009-2906

71. By Chuck Short

[Thierry Carrez]
* debian/samba-common.postinst: Add more informative error message for
  the case where smb.conf was manually deleted (LP: #312449)

[Chuck Short]
* debian/control: Add suggests keyutils for smbfs. (LP: #300221)

70. By Chuck Short

debian/patches/fix-upstream-bug-6186.patch: Fix for data loss
with roaming profiles. (https://bugzilla.samba.org/show_bug.cgi?id=6186)

69. By Chuck Short

* Merge from debian unstable, remaining changes:
  + debian/patches/VERSION.patch:
    - setup SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - add "(Samba, Ubuntu)" to server string.
    - comment out the default [homes] share, and add a comment about
      "valid users = %S" to show users how to restrict access to
      \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are
      allowed to create public shares in addition to authenticated
      ones.
    - add map to guest = Bad user, maps bad username to guest access.
  + debian/samba-common.config:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  * debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  * debian/control:
    - Make libwbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb.
  * debian/rules:
    - enable "native" PIE hardening.
  * Add ufw integration:
    - Created debian/samba.ufw profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
      profile
    - debian/contorl: have samba sugguest ufw.

68. By Steve Langasek

* Merge from Debian unstable (LP: #337094), remaining changes:
  + debian/patches/VERSION.patch:
    - setup SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - add "(Samba, Ubuntu)" to server string.
    - comment out the default [homes] share, and add a comment about
      "valid users = %S" to show users how to restrict access to
      \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are
      allowed to create public shares in addition to authenticated
      ones.
    - add map to guest = Bad user, maps bad username to guest access.
  + debian/samba-common.config:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libwbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb.
  + debian/rules:
    - enable "native" PIE hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile
    - debian/rules, debian/samba.dirs, debian/samba.files: install
      profile
    - debian/control: have samba suggest ufw
* Dropped changes, merged in Debian:
  + debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
    debian/libpam-smbpass.prerm, debian/libpam-smbpass.files,
    debian/rules:
    - Make libpam-smbpasswd depend on libpam-runtime to allow
      libpam-smbpasswd for auto-configuration.
  + debian/control:
    - Provide a config block for the new PAM framework to auto-configure
      itself
  + debian/samba.postinst:
    - When populating the new sambashare group, it is not an error
      if the user simply does not exist; test for this case and let
      the install continue instead of aborting.
  + debian/winbind.files:
    - include additional files

67. By Chuck Short

debian/rules, debian/control: Remove ctdb support.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/samba
This branch contains Public information 
Everyone can see this information.

Subscribers