lp:ubuntu/lucid-security/samba
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/samba
Branch merges
Branch information
Recent revisions
- 108. By Tyler Hicks
-
* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
and directories
- debian/patches/ CVE-2012- 2111.patch: Remove excessive permissions granted
in account related Local Security Authority remote procedure calls.
Based on upstream patch.
- CVE-2012-2111 - 107. By Tyler Hicks
-
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/ CVE-2012- 1182-1. patch: Fix PIDL compiler to generate code
that uses the same value for array allocation and array length checks.
Based on upstream patch.
- debian/patches/ CVE-2012- 1182-2. patch: Regenerate PIDL generated files with
the patched PIDL compiler
- CVE-2012-1182 - 106. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via stale mtab lockfile
- debian/patches/ security- mask-signals. patch: mask signals while
updating the mtab file in source3/client/ mount.cifs. c.
- CVE-2011-3585
* SECURITY UPDATE: mtab corruption via resource limits
- debian/patches/ CVE-2011- 1678.patch: truncate mtab file if updating it
failed in source3/client/ {mount. cifs.c, mount.h, mtab.c} .
- CVE-2011-1678
* SECURITY UPDATE: mtab corruption via incorrect new line check
- debian/patches/ CVE-2011- 2724.patch: check proper return codes in
source3/client/ mount.cifs. c.
- CVE-2011-2724 - 105. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting in SWAT
- debian/patches/ CVE-2011- 2694.patch: don't display username in
source3/web/swat. c.
- CVE-2011-2694
* SECURITY UPDATE: cross-site request forgery in SWAT
- debian/patches/ CVE-2011- 2522.patch: implement nonce in
source3/web/{cgi. c,statuspage. c,swat. c,swat_ proto.h} .
- CVE-2011-2522 - 104. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via missing range checks on file
descriptors
- debian/patches/ security- CVE-2011- 0719.patch: validate miscellaneous
file descriptors.
- CVE-2011-0719 - 103. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via large number of SID sub authorities
- debian/patches/ security- CVE-2010- 3069.patch: limit number of SID
sub authorities in libcli/security/ dom_sid. *, source3/ lib/util_ sid.c,
source3/libads/ ldap.c, source3/ libsmb/ cliquota. c,
source3/smbd/nttrans. c.
- CVE-2010-3069 - 102. By Thierry Carrez
-
debian/
winbind. pam-config: Fix potential breakage with stacking of
lower-priority modules in common-passwd (LP: #556996) - 101. By Thierry Carrez
-
* debian/
winbind. pam-config: Fix password PAM profile for winbind, thanks to
Steve Langasek for investigation and fix (LP: #546874)
* debian/winbind. prerm, debian/ winbind. postinst: Enable and disable winbind
PAM profile on package install/removal (LP: #556342) - 100. By Chuck Short
-
* Merge from debian testing. Remaining changes:
+ debian/patches/ VERSION. patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are allowed to create
public shares in additon to authenticated ones.
- add map to guest = Bad user, maps bad username to gues access.
+ debian/samba-common. conf:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd. awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libswbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb, since its not in main yet.
+ debian/rules:
- Enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw. profile.
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ Add apport hook:
- Created debian/source_ samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common- bin.files: install
+ debian/control: Recommend keyutils for smbfs (LP: #493565)
+ debian/patches/ ubuntu- gecos-fix. patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572)
+ debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741)
+ debian/samba.logrotate : Make it upstart compatible (LP: #529290)
+ debian/samba-common. dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
+ Dropped:
debian/patches/ debian/ patches/ security- CVE-2010- 0728.patch: Included upstream. - 99. By Thierry Carrez
-
[Thierry Carrez]
* debian/samba.postinst: Avoid scary pdbedit warnings on first import
(LP: #24741)[Chuck Short]
* debian/samba.logrotate : Make it upstart compatible (LP: #529290)
* debian/samba-common. dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/samba