lp:ubuntu/karmic-security/samba

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

87. By Marc Deslauriers on 2011-02-23

* SECURITY UPDATE: denial of service via missing range checks on file
  descriptors
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

86. By Marc Deslauriers on 2010-09-09

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via large number of SID sub authorities
  - debian/patches/security-CVE-2010-3069.patch: limit number of SID
    sub authorities in libcli/security/dom_sid.*, source3/lib/util_sid.c,
    source3/libads/ldap.c, source3/libsmb/cliquota.c,
    source3/smbd/nttrans.c.
  - CVE-2010-3069

85. By Marc Deslauriers on 2010-03-22

* SECURITY UPDATE: arbitrary file disclosure via wide links
  - debian/patches/security-CVE-2010-0926.patch: disable wide links when
    UNIX extensions are enabled in source3/include/proto.h,
    source3/param/loadparm.c, source3/smbd/service.c,
    source3/smbd/trans2.c, source3/smbd/vfs.c,
    docs/htmldocs/manpages/smb.conf.5.html and docs/manpages/smb.conf.5.
  - CVE-2010-0926
* WARNING: This changes the default samba behaviour. For security
  reasons, it is no longer possible to use wide links and UNIX
  extensions at the same time. After applying this security update, wide
  links will be disabled automatically as UNIX extensions are turned on
  by default. If wide links are required, you may re-enable them by
  adding "unix extensions = no" to the [global] section of
  the /etc/samba/smb.conf configuration file.

84. By Marc Deslauriers on 2010-01-26

* SECURITY UPDATE: privilege escalation via mount.cifs race
  - debian/patches/security-CVE-2009-3297.patch: validate mount point and
    perform mount in "." to prevent race in source3/client/mount.cifs.c.
  - CVE-2009-3297

83. By Marc Deslauriers on 2009-10-01

* SECURITY UPDATE: whole filesystem share via user with no home directory
  - debian/patches/security-CVE-2009-2813.patch: make sure home directory
    is set in source3/param/loadparm.c, source3/smbd/service.c.
  - CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
  setuid mount.cifs
  - debian/patches/security-CVE-2009-2948.patch: don't open credentials
    file if user doesn't have permission, and don't print password when
    using verbose option in source3/client/mount.cifs.c.
  - CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
  notification reply
  - debian/patches/security-CVE-2009-2906.patch: track messages already
    processed in source3/include/smb.h, source3/smbd/process.c.
  - CVE-2009-2906

82. By Matthias Klose on 2009-09-19

Build-depend on libreadline-dev instead of libreadline5-dev.

81. By Chuck Short on 2009-09-18

* Fix FTBFS: fix libtalloc detection. (cherry picked from Debian)
  + debian/control: Add pkg-config as a dependency, needed to fix libtalloc detection
  + debian/patches/external-talloc-support.patch: fix the Makefile so it works
    when using external talloc instead of giving a missing-depend error.
  + debian/patches/autoconf.pach: Resurrect needed to fix the libtalloc errors.
  + debian/rules: build with --without-libtalloc and --enale-external-libtalloc
* debian/patches/fix-crash-when-loading-interfaces.patch: Fix segfault when loading
  some wonky configuration files. (LP: #421419)

80. By Mike Pontillo on 2009-09-03

Apply patch for "net usershare list" to stop it from crashing (LP: #423854)

79. By Chuck Short on 2009-08-21

* Merge from debian unstable, remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samaba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment
      about "valid users = $s" to show users how to restrict access
      to \\server\username to only username.
    - Set 'usershare allow guests' so that usershare admins are
      allowed to create public shares to authenticated ones.
    - Add 'map to gues = Bad user', maps bad username to guest access.
 + debian/samba-common.conf:
   - Do not change priority to hight if dhclient3 is installed.
   - Use priority medium instead of high for the workgroup question.
 + debian/samba-common.postinst: Add more informative error message for the case
   where smb.conf was manually deleted. (LP: #312449)
 + debian/mksambapasswd.awk: Do not add user with UID less than 1000 to smbpasswd.
 + debian/control:
   - Make libwbclient0 replace/conflict with hardy's likewise-open.
   - Don't build against ctdb.
   - Add suggests keyutils for smbfs. (LP: #300221)
 + debian/rules:
   - enable "native" PIE hardening.
   - remove --with-ctdb and --with-cluster-support=yes
 + Add ufw integration:
   - Created debian/samba.ufw profile.
   - debian/rules, debian/samba.dirs, debian/samba.files: install profile
   - debian/control: have samba suggest ufw.

78. By Chuck Short on 2009-07-15

debian/control: Suggest ufw, (LP: #399468)