ubuntu/+source/samba:ubuntu/artful-proposed

Last commit made on 2017-09-21
Get this branch:
git clone -b ubuntu/artful-proposed https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/artful-proposed
Repository:
lp:ubuntu/+source/samba

Recent commits

8b3f767... by Marc Deslauriers on 2017-09-21

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu3 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: e233207f792582ee515bc230651f355da52fb56e

New changelog entries:
  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

e233207... by Andreas Hasenack on 2017-09-01

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 35577f16dfad23b6b642fa3c185811e0916d8e0d
Upload parent: 088559842c2999d144bd20a66e94101d9ccfbd4d

New changelog entries:
  * d/source_samba.py: use the new recommended findmnt(8) tool to list
    mountpoints and correctly filter by the cifs filesystem type.
    (LP: #1703604)

0885598... by Andreas Hasenack on 2017-09-05

Pass option '-n' to findmnt so we don't get a header line. This makes its
output very much like what we would have had with mount.cifs.

40a47e0... by Andreas Hasenack on 2017-09-05

changelog

d2f38ea... by Andreas Hasenack on 2017-09-05

  * d/source_samba.py: use the new recommended findmnt(8) tool to list
    mountpoints and correctly filter by the cifs filesystem type.
    (LP: #1703604)

9d94681... by Andreas Hasenack on 2017-09-01

changelog

c78cbb7... by Andreas Hasenack on 2017-09-01

  * d/source_samba.py: fix the mount call that lists cifs mountpoints
    (LP: #1703604)

35577f1... by Andreas Hasenack on 2017-08-21

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 783710e73a17f83a139765bae53c5b366288fb21
Upload parent: 7d7237bcaf402259b6b2380d16af077480654a38

New changelog entries:
  * Merge with Debian unstable (LP: #1710281).
    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
      symlinks to directories (LP: #1701073)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

5891bcb... by Andreas Hasenack on 2017-08-21

Update ubuntu/devel from 2:4.6.5+dfsg-8ubuntu1 to 2:4.6.7+dfsg-1ubuntu1

Prior ubuntu/devel commit: 98e4aa55c014291fa41b76844246d0613cf97fb3
New ubuntu/devel commit: 6b06dc595e0c9fbf3f4e82be5589aa902eb230e2

6b06dc5... by Andreas Hasenack on 2017-08-21

Import patches-unapplied version 2:4.6.7+dfsg-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Publish parent: f8a8c215cc4ed8dcf89d0633c10ecc770ddbabd5
Upload parent: 7d7237bcaf402259b6b2380d16af077480654a38

New changelog entries:
  * Merge with Debian unstable (LP: #1710281).
    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
      symlinks to directories (LP: #1701073)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
  * New upstream version
    - Removed CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch,
      merged
    - Remove s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch, merged
  * README.source: Default merge-mode of gbp has changed to replace
  * Fix samba.logrotate (Thanks Thomas A. Reim)