ubuntu/+source/samba:debian/stretch

Last commit made on 2019-09-07
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/samba

Recent commits

d9e3a9c... by Mathieu Parent on 2019-05-08

Import patches-unapplied version 2:4.5.16+dfsg-1+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: db473a7b814f01c04cffd24a0b2369f635a2eb37

New changelog entries:
  * This is a security release in order to address the following defect:
    - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

db473a7... by Mathieu Parent on 2019-04-05

Import patches-unapplied version 2:4.5.16+dfsg-1+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 4e7adeaa63fd638cdf67f720059be6bafc2e2dbc

New changelog entries:
  * This is a security release in order to address the following defect:
    - CVE-2019-3880 Save registry file outside share as unprivileged user

4e7adea... by Mathieu Parent on 2019-01-31

Import patches-unapplied version 2:4.5.16+dfsg-1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: e57771e98c53ee8066d3f9deb225d7668c8fe88c

New changelog entries:
  * New upstream release (latest 4.5.x)
    - Drop merged patches
  * Fix CVE-2018-14629 regression when there're more than 20 records on a non
    CNAME record.
  * Fix rmdir on non-empty samba directory (Closes: #915248)
  * Ignore nmbd start errors when there is no non-loopback interface
    (Closes: #893762)
  * Ignore nmbd start errors when there is no local IPv4 non-loopback interface
    (Closes: #859526)
  * s3:ntlm_auth: fix memory leak in manage_gensec_request() (Closes: #919611)
  * Add debian/gitlab-ci.yml
  * New upstream security release
    - CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD
      Internal DNS server
    - CVE-2018-16841 Double-free in Samba AD DC KDC with PKINIT
    - CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server

e57771e... by Salvatore Bonaccorso on 2018-08-13

Import patches-unapplied version 2:4.5.12+dfsg-2+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: cebf09f1b891a85d4b6618c4d71fe308dbfcfc88

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Confidential attribute disclosure from the AD LDAP server (CVE-2018-10919)
  * Insufficient input validation on client directory listing in libsmbclient
    (CVE-2018-10858)

cebf09f... by Mathieu Parent on 2018-03-05

Import patches-unapplied version 2:4.5.12+dfsg-2+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: e3c47384bfcf10ed7b7b55ca51f21fead9ea931b

New changelog entries:
  * This is a security release in order to address the following defects:
    - CVE-2018-1050: Codenomicon crashes in spoolss server code
    - CVE-2018-1057: Unprivileged user can change any user (and admin) password

e3c4738... by Mathieu Parent on 2017-11-20

Import patches-unapplied version 2:4.5.12+dfsg-2+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 0ffdd76f18d4e614530e265dc1250e0ee8ff1221

New changelog entries:
  * This is a security release in order to address the following defects:
    - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when
      talloc buffer is grown.
    - CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.

0ffdd76... by Mathieu Parent on 2017-09-25

Import patches-unapplied version 2:4.5.12+dfsg-2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 41e62a3440db7b8b130e5f66dbbda742359a8472

New changelog entries:
  * This is a security release in order to address the following defects:
    - CVE-2017-12150: Some code path don't enforce smb signing, when they should
    - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects
    - CVE-2017-12163: Server memory information leak over SMB1
  * gbp.conf: change debian-branch to stretch
  * New upstream version
    - Remove CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch, merged
    - Remove CVE-2017-7494.patch, merged
    - Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is
      configured in PAM" (Closes: #739768)
  * Stability fixes backported from sid:
    - Properly quote subshell invocation in samba-common.preinst
      (Closes: #771689)
    - Fix typo s/DESTIDR/DESTDIR/ in d/rules
    - sysv: Use --pidfile in addition to --exec to avoid matching daemons in
      containers (Closes: #810794)
    - Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
    - Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
    - Fix outdated DNS Root servers (Closes: #865406)
    - Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
      of the service (systemd only)
    - Fix samba.logrotate (Thanks Thomas A. Reim)
  * This is a security release in order to address the following defect:
    - CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
      (Closes: #868209)

41e62a3... by Mathieu Parent on 2017-05-18

Import patches-unapplied version 2:4.5.8+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bfafe2ca82b5e3a1b017a1e4a8b1d0e3850b8530

New changelog entries:
  * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside

bfafe2c... by Mathieu Parent on 2017-04-01

Import patches-unapplied version 2:4.5.8+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 69c776e8e26ee5313dd81baefe6d5bd2aa2f7d15

New changelog entries:
  * New upstream version
    - Drop CVE-2017-2619.patch: merged upstream
    - Fix CVE-2017-2619 regression with "follow symlink = no" (Closes: #858564)

69c776e... by Mathieu Parent on 2017-03-22

Import patches-unapplied version 2:4.5.6+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ec0247cbbb661408ab7387cb2fbf20cdcd2abaab

New changelog entries:
  * This is a security release in order to address the following defects:
    - CVE-2017-2619: symlink race permits opening files outside share directory