lp:ubuntu/natty-security/samba
- Get this branch:
- bzr branch lp:ubuntu/natty-security/samba
Branch merges
Branch information
Recent revisions
- 141. By Tyler Hicks
-
* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
and directories
- debian/patches/ CVE-2012- 2111.patch: Remove excessive permissions granted
in account related Local Security Authority remote procedure calls.
Based on upstream patch.
- CVE-2012-2111 - 140. By Tyler Hicks
-
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/ CVE-2012- 1182-1. patch: Fix PIDL compiler to generate code
that uses the same value for array allocation and array length checks.
Based on upstream patch.
- debian/patches/ CVE-2012- 1182-2. patch: Regenerate PIDL generated files with
the patched PIDL compiler
- CVE-2012-1182 - 139. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting in SWAT
- debian/patches/ CVE-2011- 2694.patch: don't display username in
source3/web/swat. c.
- CVE-2011-2694
* SECURITY UPDATE: cross-site request forgery in SWAT
- debian/patches/ CVE-2011- 2522.patch: implement nonce in
source3/web/{cgi. c,statuspage. c,swat. c,swat_ proto.h} .
- CVE-2011-2522 - 138. By Chuck Short
-
debian/
patches/ fix-upstream- lp-738968. patch: Fix connection
to EMC Celerra NAS version 5.6.50. (LP: #738968) - 137. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
+ debian/patches/ VERSION. patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\ username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common. config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksmbpasswd. awk:
- Do not add user with UID less than 1000 to smbpasswd
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
- Add cuups breaks to push the package to aslo upgrade cups (LP: #639768)
+ debian/rules:
- enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw. profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_ samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common- bin.files: install
+ Switch to upstart:
- Add debian/samba.{ nmbd,smbd} .upstart.
- Don't ship the /etc/network/if-up.d file.
+ debian/samba.postinst:
- Fixed bashism.
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common. postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/samba.logrotate : Make it upstart compatible
+ debian/samba-common. dhcp: Fix typo to get a proper parsing in
/etc/samba/dhcp.
+ Dropped:
- debian/patches/ fix-windows7- print-connectio n.patch: Merged upstream.
- debian/patches/ security- CVE-2011- 0719.patch: Merged upstream. - 136. By Chuck Short
-
* debian/
patches/ fix-windows7- print-connectio n.patch: Fix
error "0x000003e6" when trying to connect a Windows 7 printer
to a domain. (LP: #674216)
* debian/samba-common. dhcp: Take in account of the upstart script.
(LP: #652065) - 135. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via missing range checks on file
descriptors
- debian/patches/ security- CVE-2011- 0719.patch: validate miscellaneous
file descriptors.
- CVE-2011-0719 - 134. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
+ debian/patches/ VERSION. patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\ username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common. config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksmbpasswd. awk:
- Do not add user with UID less than 1000 to smbpasswd
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
- Add cuups breaks to push the package to aslo upgrade cups (LP: #639768)
+ debian/rules:
- enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw. profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_ samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common- bin.files: install
+ Switch to upstart:
- Add debian/samba.{ nmbd,smbd} .upstart.
- Don't ship the /etc/network/if-up.d file.
+ debian/samba.postinst:
- Fixed bashism.
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common. postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/samba.logrotate : Make it upstart compatible
+ debian/samba-common. dhcp: Fix typo to get a proper parsing in
/etc/samba/dhcp. - 133. By Jelmer Vernooij
-
* Fix exit code of pre-start script in nmbd upstart script. (LP: #707563)
* Skip testparm run if smb.conf does not exist in nmbd upstart script. - 132. By Chuck Short
-
debian/
samba.nmbd. upstart: create /var/run/samba directory before running
testparm. Fixes start-up of nmb after boot. (LP: #596064)
Thanks to Jelmer Vernooij.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/samba