lp:ubuntu/lucid-security/samba

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/samba
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

108. By Tyler Hicks

* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
  and directories
  - debian/patches/CVE-2012-2111.patch: Remove excessive permissions granted
    in account related Local Security Authority remote procedure calls.
    Based on upstream patch.
  - CVE-2012-2111

107. By Tyler Hicks

* SECURITY UPDATE: Unauthenticated remote code execution via
  RPC calls (LP: #978458)
  - debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code
    that uses the same value for array allocation and array length checks.
    Based on upstream patch.
  - debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with
    the patched PIDL compiler
  - CVE-2012-1182

106. By Marc Deslauriers

* SECURITY UPDATE: denial of service via stale mtab lockfile
  - debian/patches/security-mask-signals.patch: mask signals while
    updating the mtab file in source3/client/mount.cifs.c.
  - CVE-2011-3585
* SECURITY UPDATE: mtab corruption via resource limits
  - debian/patches/CVE-2011-1678.patch: truncate mtab file if updating it
    failed in source3/client/{mount.cifs.c,mount.h,mtab.c}.
  - CVE-2011-1678
* SECURITY UPDATE: mtab corruption via incorrect new line check
  - debian/patches/CVE-2011-2724.patch: check proper return codes in
    source3/client/mount.cifs.c.
  - CVE-2011-2724

105. By Marc Deslauriers

* SECURITY UPDATE: cross-site scripting in SWAT
  - debian/patches/CVE-2011-2694.patch: don't display username in
    source3/web/swat.c.
  - CVE-2011-2694
* SECURITY UPDATE: cross-site request forgery in SWAT
  - debian/patches/CVE-2011-2522.patch: implement nonce in
    source3/web/{cgi.c,statuspage.c,swat.c,swat_proto.h}.
  - CVE-2011-2522

104. By Marc Deslauriers

* SECURITY UPDATE: denial of service via missing range checks on file
  descriptors
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

103. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via large number of SID sub authorities
  - debian/patches/security-CVE-2010-3069.patch: limit number of SID
    sub authorities in libcli/security/dom_sid.*, source3/lib/util_sid.c,
    source3/libads/ldap.c, source3/libsmb/cliquota.c,
    source3/smbd/nttrans.c.
  - CVE-2010-3069

102. By Thierry Carrez

debian/winbind.pam-config: Fix potential breakage with stacking of
lower-priority modules in common-passwd (LP: #556996)

101. By Thierry Carrez

* debian/winbind.pam-config: Fix password PAM profile for winbind, thanks to
  Steve Langasek for investigation and fix (LP: #546874)
* debian/winbind.prerm, debian/winbind.postinst: Enable and disable winbind
  PAM profile on package install/removal (LP: #556342)

100. By Chuck Short

* Merge from debian testing. Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apport hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572)
  + debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741)
  + debian/samba.logrotate: Make it upstart compatible (LP: #529290)
  + debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
  + Dropped:
    debian/patches/debian/patches/security-CVE-2010-0728.patch: Included upstream.

99. By Thierry Carrez

[Thierry Carrez]
* debian/samba.postinst: Avoid scary pdbedit warnings on first import
  (LP: #24741)

[Chuck Short]
* debian/samba.logrotate: Make it upstart compatible (LP: #529290)
* debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/samba
This branch contains Public information 
Everyone can see this information.

Subscribers