ubuntu/+source/samba:ubuntu/bionic-devel

Last commit made on 2019-05-23
Get this branch:
git clone -b ubuntu/bionic-devel https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic-devel
Repository:
lp:ubuntu/+source/samba

Recent commits

522fee8... by Marc Deslauriers on 2019-05-23

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 16472e3a83f82751396d32ead31916fc7d64cc62

New changelog entries:
  * SECURITY REGRESSION: panics following recent update (LP: #1827924)
    - debian/patches/bug13315.patch: do not crash if we fail to init the
      session table in source3/smbd/negprot.c.

16472e3... by Marc Deslauriers on 2019-05-08

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 204a8544c8a1cd886686194f48c139a29e604be0

New changelog entries:
  * SECURITY UPDATE: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
    - debian/patches/CVE-2018-16860-1.patch: add test for S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/torture/krb5/kdc-canon-heimdal.c.
    - debian/patches/CVE-2018-16860-2.patch: reject PA-S4U2Self with
      unkeyed checksum in selftest/knownfail.d/mitm-s4u2self,
      source4/heimdal/kdc/krb5tgs.c.
    - CVE-2018-16860

204a854... by Marc Deslauriers on 2019-04-04

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 4835c8339db397b8a5087095c94a3604c8576403

New changelog entries:
  * SECURITY UPDATE: save registry file outside share as unprivileged user
    - debian/patches/CVE-2019-3880.patch: remove implementations of
      SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
    - CVE-2019-3880

4835c83... by Andreas Hasenack on 2019-03-29

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.8 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: ae2696b847e6a1bea0cfa231ab7451150da1ac46

New changelog entries:
  * Backport function to set protocol levels (LP: #1778322):
    - d/p/add-smbc_setOptionProtocols.patch: add function to set protocol
      levels
    - d/libsmbclient.symbols: add smbc_setOptionProtocols

ae2696b... by Andreas Hasenack on 2019-02-04

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.7 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d5c56bc1dfa13286d7b59b6f5a51ec7732b9640b

New changelog entries:
  * d/p/memleak-fix-13372.patch: Fix memory leak in vfswrap_getwd().
    (LP: #1814532)

d5c56bc... by Karl Stenerud on 2018-11-23

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f4ad6b84ccbbaebd6bc9a340e6a33a88199f1bbd

New changelog entries:
  * d/p/auth-fail-eexist.diff: smbc_opendir should not return EEXIST with
    invalid login credentials. Thanks to David Mulder. (LP: #1801227)

f4ad6b8... by Marc Deslauriers on 2018-11-16

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b731e5555d62b55685274c7952e82cbbd6ed93da

New changelog entries:
  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
    - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
      counter in python/samba/tests/dns.py, selftest/knownfail.d/dns,
      source4/dns_server/dns_query.c.
    - CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
    - debian/patches/CVE-2018-16841-1.patch: fix segfault on PKINIT with
      mis-matching principal in source4/kdc/db-glue.c.
    - debian/patches/CVE-2018-16841-2.patch: check for mismatching
      principal in testprogs/blackbox/test_pkinit_heimdal.sh.
    - CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
    - debian/patches/CVE-2018-16851.patch: check ret before manipulating
      blob in source4/ldap_server/ldap_server.c.
    - CVE-2018-16851

b731e55... by Andreas Hasenack on 2018-11-08

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a84a32b83285e6c0ab6775b63763f7e8d6341d24

New changelog entries:
  * d/p/fix-rmdir.patch: fix the patch to not apply with offset, which
    previously made it change the wrong, almost identical, function.
    (LP: #1795772)

a84a32b... by Andreas Hasenack on 2018-10-11

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d610344c8183790777728b57b680973645cb52b1

New changelog entries:
  * d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
    errors (LP: #1795772)

d610344... by Marc Deslauriers on 2018-08-06

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: e5340817476d59b9a34901d246d478243fefe51f

New changelog entries:
  * SECURITY UPDATE: Insufficient input validation on client directory
    listing in libsmbclient
    - debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
      buffer in source3/libsmb/libsmb_path.c, add checks to
      source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
    - CVE-2018-10858
  * SECURITY UPDATE: Denial of Service Attack on AD DC DRSUAPI server
    - debian/patches/CVE-2018-10918.patch: fix null pointer dereference in
      source4/dsdb/samdb/cracknames.c, add test to
      source4/torture/drs/python/cracknames.py.
    - CVE-2018-10918
  * SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
    - debian/patches/CVE-2018-10919-*.patch: fix access checks and add
      tests.
    - CVE-2018-10919
  * SECURITY UPDATE: Weak authentication protocol allowed
    - debian/patches/CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
      and add tests.
    - CVE-2018-1139