ubuntu/+source/samba:ubuntu/bionic-proposed

Last commit made on 2019-04-02
Get this branch:
git clone -b ubuntu/bionic-proposed https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/bionic-proposed
Repository:
lp:ubuntu/+source/samba

Recent commits

4835c83... by Andreas Hasenack on 2019-03-29

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.8 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: ae2696b847e6a1bea0cfa231ab7451150da1ac46

New changelog entries:
  * Backport function to set protocol levels (LP: #1778322):
    - d/p/add-smbc_setOptionProtocols.patch: add function to set protocol
      levels
    - d/libsmbclient.symbols: add smbc_setOptionProtocols

ae2696b... by Andreas Hasenack on 2019-02-04

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.7 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d5c56bc1dfa13286d7b59b6f5a51ec7732b9640b

New changelog entries:
  * d/p/memleak-fix-13372.patch: Fix memory leak in vfswrap_getwd().
    (LP: #1814532)

d5c56bc... by Karl Stenerud on 2018-11-23

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f4ad6b84ccbbaebd6bc9a340e6a33a88199f1bbd

New changelog entries:
  * d/p/auth-fail-eexist.diff: smbc_opendir should not return EEXIST with
    invalid login credentials. Thanks to David Mulder. (LP: #1801227)

f4ad6b8... by Marc Deslauriers on 2018-11-16

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b731e5555d62b55685274c7952e82cbbd6ed93da

New changelog entries:
  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
    - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
      counter in python/samba/tests/dns.py, selftest/knownfail.d/dns,
      source4/dns_server/dns_query.c.
    - CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
    - debian/patches/CVE-2018-16841-1.patch: fix segfault on PKINIT with
      mis-matching principal in source4/kdc/db-glue.c.
    - debian/patches/CVE-2018-16841-2.patch: check for mismatching
      principal in testprogs/blackbox/test_pkinit_heimdal.sh.
    - CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
    - debian/patches/CVE-2018-16851.patch: check ret before manipulating
      blob in source4/ldap_server/ldap_server.c.
    - CVE-2018-16851

b731e55... by Andreas Hasenack on 2018-11-08

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a84a32b83285e6c0ab6775b63763f7e8d6341d24

New changelog entries:
  * d/p/fix-rmdir.patch: fix the patch to not apply with offset, which
    previously made it change the wrong, almost identical, function.
    (LP: #1795772)

a84a32b... by Andreas Hasenack on 2018-10-11

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d610344c8183790777728b57b680973645cb52b1

New changelog entries:
  * d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
    errors (LP: #1795772)

d610344... by Marc Deslauriers on 2018-08-06

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: e5340817476d59b9a34901d246d478243fefe51f

New changelog entries:
  * SECURITY UPDATE: Insufficient input validation on client directory
    listing in libsmbclient
    - debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
      buffer in source3/libsmb/libsmb_path.c, add checks to
      source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
    - CVE-2018-10858
  * SECURITY UPDATE: Denial of Service Attack on AD DC DRSUAPI server
    - debian/patches/CVE-2018-10918.patch: fix null pointer dereference in
      source4/dsdb/samdb/cracknames.c, add test to
      source4/torture/drs/python/cracknames.py.
    - CVE-2018-10918
  * SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
    - debian/patches/CVE-2018-10919-*.patch: fix access checks and add
      tests.
    - CVE-2018-10919
  * SECURITY UPDATE: Weak authentication protocol allowed
    - debian/patches/CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
      and add tests.
    - CVE-2018-1139

e534081... by Andreas Hasenack on 2018-04-18

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: d5440066d851bdcebee5399a1029b95fa7357261

New changelog entries:
  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
    Thanks to Andreas Schneider <email address hidden>. (LP: #1761737)

d544006... by Andreas Hasenack on 2018-03-13

Import patches-unapplied version 2:4.7.6+dfsg~ubuntu-0ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: bd07768c0557a15181a3e1f0e015b3b852290a81

New changelog entries:
  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

bd07768... by Andreas Hasenack on 2018-01-22

Import patches-unapplied version 2:4.7.4+dfsg-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: fbd55dea54e5c24673ec8303c77934c46a15a4e3
Upload parent: ded23ad6f41a89fb7a563840e3267272a047b57d

New changelog entries:
  * Merge with Debian unstable (LP: #1744779). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247