ubuntu/+source/samba:ubuntu/feisty-security

Last commit made on 2008-06-30
Get this branch:
git clone -b ubuntu/feisty-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/feisty-security
Repository:
lp:ubuntu/+source/samba

Recent commits

d864ce6... by Jamie Strandboge on 2008-06-28

Import patches-unapplied version 3.0.24-2ubuntu1.7 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 97f19d56d685eb13a5dfa4efce964e75399839ed

New changelog entries:
  * RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
    with certain client and server interactions with large file sizes.
  * debian/patches/security-CVE-2008-1105_pt2.patch: adjust cli_negprot()
    to properly calculate buffer sizes
  * References
    LP: #241448
    https://bugzilla.samba.org/show_bug.cgi?id=5517

97f19d5... by Jamie Strandboge on 2008-06-16

Import patches-unapplied version 3.0.24-2ubuntu1.6 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 3abbb304fa1f9e186e6e8fda7068da8edb755408

New changelog entries:
  * SECURITY UPDATE: heap overflow when processing crafted SMB responses
  * debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
    specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
    and process.c for these changes
  * SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
    mailslot requests
  * debian/patches/security_CVE-2007-4572.patch: check return values and
    sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
    Backport regression fixes from upstream.
  * References:
    CVE-2008-1105
    CVE-2007-4572
    LP: #235912

3abbb30... by Kees Cook on 2007-12-15

Import patches-unapplied version 3.0.24-2ubuntu1.5 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: fd89b5115f5e429fe7b0f75f98f9274fe4b5e08f

New changelog entries:
  * SECURITY UPDATE: remote code execution via GETDC mailslot request.
  * Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
  * References
    CVE-2007-6015

fd89b51... by Jamie Strandboge on 2007-11-16

Import patches-unapplied version 3.0.24-2ubuntu1.4 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: e5834638e6f75391caf8148d0b35415b3c8008ef

New changelog entries:
  * removed debian/patches/security_CVE-2007-4572.patch as it
    caused regressions. This is believed to be a non-exploitable
    DoS, but will provide updated packages when a suitable fix
    is found.
  * References:
    LP #163042
    LP #163116
    https://bugzilla.samba.org/show_bug.cgi?id=5087

e583463... by Jamie Strandboge on 2007-11-14

Import patches-unapplied version 3.0.24-2ubuntu1.3 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 50a3e33b34902cbca0521b2aafb987aff20875a8

New changelog entries:
  * SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
    mailslot requests
  * debian/patches/security_CVE-2007-4572.patch: check return values and
    sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
  * SECURITY UPDATE: arbitrary code execution in nmbd when configured as
    a WINS server when processing name registration and name query requests
  * debian/patches/security_CVE-2007-5398.patch: properly check len in
    nmbd_packets.c
  * References
    CVE-2007-4572
    CVE-2007-5398

50a3e33... by Kees Cook on 2007-05-22

Import patches-unapplied version 3.0.24-2ubuntu1.2 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 8a62bd8f8e781050621f511e9f3df7ec68257137

New changelog entries:
  * SECURITY UPDATE: regression in "force group" configured shares.
  * security-regression_fix-force-group.patch: upstream fixes.
  * References
    http://bugs.debian.org/424629

8a62bd8... by Kees Cook on 2007-05-15

Import patches-unapplied version 3.0.24-2ubuntu1.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 0991b6b17c9e871f421fac85966c10e7b14d39ef

New changelog entries:
  * SECURITY UPDATE: local priv escalation, remote heap overflows, remote
    command execution.
  * security_local-sid-translation-priv-elevation.patch: upstream fixes
    (CVE-2007-2444)
  * security_ndr-heap-overflows.patch: upstream fixes (CVE-2007-2446)
  * security_remote-command-execution.patch: upstream fixed (CVE-2007-2447)

0991b6b... by Kees Cook on 2007-02-07

Import patches-unapplied version 3.0.24-2ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 5cda2badf0091c51e231eb2440898cdab4ba84f1

New changelog entries:
  * Merge from debian unstable, remaining changes:
    * debian/smb.conf:
      - Do not show the version number by default
      - Comment out the default [homes] shares and add more verbose comments to
        explain what they do and how they work (closes: launchpad.net/27608)
      - Add a "valid users = %S" stanza to the commented-out [homes] section,
        to show users how to restrict access to \\server\username to only
        username.
      - Change the (commented-out) "printer admin" example to use "@lpadmin"
        instead of "@ntadmin", since the lpadmin group is used for spool admin.
    * debian/panic-action:
      - Alter the panic-action script to encourage users to report their
        bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
        Modify text to more closely match the Debian script
    * debian/samba-common.templates:
      - Set default workgroup to MSHOME
    * debian/control:
      - remove typehandling
      - add update-inetd to Depends
    * debian/patches/VERSION.patch:
      - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
    * debian/samba-common.config:
      - do not change priority to HIGH if dhclient3 is installed
    * debian/samba.init:
      - use of PIDDIR instead of hardcoding it
      - Munge our init script to deal with the fact that our implementation
        (or lack thereof) of log_daemon_msg and log_progress_msg differs
        from Debian's implementation of the same (Ubuntu #19691)
    * debian/rules:
      - remove type-handling
      - properly clean on make clean
      - do not install mount.cifs and umount.cifs as suid
    * debian/patches/ubuntu-auxsrc.patch:
      - some auxilliary sources (undocumented in previous changelogs)
    * Really drop debian/patches/ubuntu-fix-ldap.patch:
      - Fixed upstream, see Debian #274155
  * Re-upload with a proper .orig.tar.gz.
  * New upstream release, security update
  * Fixes for the following security advisories:
    - Directly affecting Debian:
      - CVE-2007-0452 (Potential Denial of Service bug in smbd)
    - Not affecting Debian:
      - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
        NSS library on Solaris)
      - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
  * Correct paths for the documentation pointers in the default smb.conf
    file. Thanks to Ted Percival for his care reporting this. Closes: #408898
  * Debconf translation updates:
    - Slovenian added.
  * Debconf translation updates:
    - Malayalam added. Closes: #403107
    - Tamil added. Closes: #403353

5cda2ba... by Matthias Klose on 2007-01-12

Import patches-unapplied version 3.0.23d-2ubuntu2 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 5fd4c1d8f22a26ce4607bd8d933edf79761313dd

New changelog entries:
  * Rebuild for python2.5 as the default python version.

5fd4c1d... by Michael Vogt on 2006-12-18

Import patches-unapplied version 3.0.23d-2ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: f14f5f5b1976cbe8a17a4b186cd901f0416bbbfa

New changelog entries:
  * Merge from debian unstable, remaining changes:
    * debian/smb.conf:
      - Do not show the version number by default
      - Comment out the default [homes] shares and add more verbose comments to
        explain what they do and how they work (closes: launchpad.net/27608)
      - Add a "valid users = %S" stanza to the commented-out [homes] section,
        to show users how to restrict access to \\server\username to only
        username.
      - Change the (commented-out) "printer admin" example to use "@lpadmin"
        instead of "@ntadmin", since the lpadmin group is used for spool admin.
    * debian/panic-action:
      - Alter the panic-action script to encourage users to report their
        bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
        Modify text to more closely match the Debian script
    * debian/samba-common.templates:
      - Set default workgroup to MSHOME
    * debian/control:
      - remove typehandling
      - add update-inetd to Depends
    * debian/patches/VERSION.patch:
      - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
    * debian/samba-common.config:
      - do not change priority to HIGH if dhclient3 is installed
    * debian/samba.init:
      - use of PIDDIR instead of hardcoding it
      - Munge our init script to deal with the fact that our implementation
        (or lack thereof) of log_daemon_msg and log_progress_msg differs
        from Debian's implementation of the same (Ubuntu #19691)
    * debian/rules:
      - remove type-handling
      - properly clean on make clean
      - do not install mount.cifs and umount.cifs as suid
    * debian/patches/ubuntu-auxsrc.patch:
      - some auxilliary sources (undocumented in previous changelogs)
    * debian/patches/ubuntu-fix-ldap.patch:
      - fix LDAP backend, see Ubuntu #1905, Debian #274155

  * Build-Conflicts: libfam-dev to avoid problems accessing shares
    when using GAMIN. Closes: #400617
  * Lintian fixes:
    - Run debconf-updatepo in the clean target to ensure up-to-date PO
      and POT files
    - debian/patches/no_unbreakable_spaces_in_man.patch:
      Replace all non-breakable spaces by regular spaces in man pages.
      They are encoded in ISO-8859-1 which is not recommended in man pages.
      This should be submitted upstream.
    - reformat too long lines in package description