ubuntu/+source/samba:applied/ubuntu/jaunty-devel

Last commit made on 2010-09-14
Get this branch:
git clone -b applied/ubuntu/jaunty-devel https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/jaunty-devel
Repository:
lp:ubuntu/+source/samba

Recent commits

8503a05... by Marc Deslauriers on 2010-09-09

Import patches-applied version 2:3.3.2-1ubuntu3.6 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: a4a2510114ca0c612163a693e99091d01d4fafec
Unapplied parent: 733ff6750977969948a5c05ff3ec6d7d448df3c0

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via large number of SID sub authorities
    - debian/patches/security-CVE-2010-3069.patch: limit number of SID
      sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
      source/libsmb/cliquota.c, source/smbd/nttrans.c.
    - CVE-2010-3069

733ff67... by Marc Deslauriers on 2010-09-09

Import patches-unapplied version 2:3.3.2-1ubuntu3.6 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 729a74e310e38916ecf88d54eeedef861727d81c

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via large number of SID sub authorities
    - debian/patches/security-CVE-2010-3069.patch: limit number of SID
      sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
      source/libsmb/cliquota.c, source/smbd/nttrans.c.
    - CVE-2010-3069

a4a2510... by Kees Cook on 2010-06-15

Import patches-applied version 2:3.3.2-1ubuntu3.5 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 0eed77b0fbc70ef32693997256233789085e4973
Unapplied parent: 729a74e310e38916ecf88d54eeedef861727d81c

New changelog entries:
  * SECURITY UPDATE: arbitrary remote code execution.
    - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

729a74e... by Kees Cook on 2010-06-15

Import patches-unapplied version 2:3.3.2-1ubuntu3.5 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 6a84da1663482dc14d5acd9a51a740dd7a144d32

New changelog entries:
  * SECURITY UPDATE: arbitrary remote code execution.
    - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

0eed77b... by Marc Deslauriers on 2010-03-18

Import patches-applied version 2:3.3.2-1ubuntu3.4 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 6fc91408fea671337415f892510562135ebbe113
Unapplied parent: 6a84da1663482dc14d5acd9a51a740dd7a144d32

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/include/proto.h,
      source/param/loadparm.c, source/smbd/service.c, source/smbd/trans2.c,
      source/smbd/vfs.c, docs/htmldocs/manpages/smb.conf.5.html and
      docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

6a84da1... by Marc Deslauriers on 2010-03-18

Import patches-unapplied version 2:3.3.2-1ubuntu3.4 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: e9e8dc1a0c5ab9df04118ec8b429e16b2ee415a3

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/include/proto.h,
      source/param/loadparm.c, source/smbd/service.c, source/smbd/trans2.c,
      source/smbd/vfs.c, docs/htmldocs/manpages/smb.conf.5.html and
      docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

6fc9140... by Marc Deslauriers on 2010-01-26

Import patches-applied version 2:3.3.2-1ubuntu3.3 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: ca0af8924822850ace43c46fa4391d0294f2b72f
Unapplied parent: e9e8dc1a0c5ab9df04118ec8b429e16b2ee415a3

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

e9e8dc1... by Marc Deslauriers on 2010-01-26

Import patches-unapplied version 2:3.3.2-1ubuntu3.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 778af24fbc3e2dabe6c4af42c8cc41357c1d102a

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

ca0af89... by Marc Deslauriers on 2009-10-01

Import patches-applied version 2:3.3.2-1ubuntu3.2 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: d4f427df511af0150210eef1c931c923976be3c2
Unapplied parent: 778af24fbc3e2dabe6c4af42c8cc41357c1d102a

New changelog entries:
  * SECURITY UPDATE: access control list modification when dos filemode is
    enabled
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906

778af24... by Marc Deslauriers on 2009-10-01

Import patches-unapplied version 2:3.3.2-1ubuntu3.2 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 8a1f7cd03fd4fae8dbb7845ff88e25e9b5b6edae

New changelog entries:
  * SECURITY UPDATE: access control list modification when dos filemode is
    enabled
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906