ubuntu/+source/samba:ubuntu/gutsy-security

Last commit made on 2008-06-30
Get this branch:
git clone -b ubuntu/gutsy-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/gutsy-security
Repository:
lp:ubuntu/+source/samba

Recent commits

7c162ce... by Jamie Strandboge on 2008-06-28

Import patches-unapplied version 3.0.26a-1ubuntu2.5 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 6e97b9bf94a70b27a8804fe5e44a989a979f122d

New changelog entries:
  * RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
    with certain client and server interactions with large file sizes.
  * debian/patches/security-CVE-2008-1105_pt2.patch: adjust cli_negprot()
    to properly calculate buffer sizes
  * References
    LP: #241448
    https://bugzilla.samba.org/show_bug.cgi?id=5517

6e97b9b... by Jamie Strandboge on 2008-06-03

Import patches-unapplied version 3.0.26a-1ubuntu2.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: b0ca305cf147b8b993797f045bc016694d825561

New changelog entries:
  * SECURITY UPDATE: heap overflow when processing crafted SMB responses
  * debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
    specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
    and process.c for these changes
  * SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
    mailslot requests
  * debian/patches/security_CVE-2007-4572.patch: check return values and
    sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
    Backport regression fixes from upstream.
  * References:
    CVE-2008-1105
    CVE-2007-4572
    LP: #235912

b0ca305... by Kees Cook on 2007-12-15

Import patches-unapplied version 3.0.26a-1ubuntu2.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 20d9d7c10fc5337a11b67568ae24ca5ba14f32ed

New changelog entries:
  * SECURITY UPDATE: remote code execution via GETDC mailslot request.
  * Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
  * References
    CVE-2007-6015

20d9d7c... by Jamie Strandboge on 2007-11-16

Import patches-unapplied version 3.0.26a-1ubuntu2.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 7e10684fb1fbb9e4e4aa435536f393965ee49c9a

New changelog entries:
  * removed debian/patches/security_CVE-2007-4572.patch as it
    caused regressions. This is believed to be a non-exploitable
    DoS, but will provide updated packages when a suitable fix
    is found.
  * References:
    LP #163042
    LP #163116
    https://bugzilla.samba.org/show_bug.cgi?id=5087

7e10684... by Jamie Strandboge on 2007-11-14

Import patches-unapplied version 3.0.26a-1ubuntu2.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: ed6073c982a3137199449b813d54075077fcffc5

New changelog entries:
  * SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
    mailslot requests
  * debian/patches/security_CVE-2007-4572.patch: check return values and
    sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
  * SECURITY UPDATE: arbitrary code execution in nmbd when configured as
    a WINS server when processing name registration and name query requests
  * debian/patches/security_CVE-2007-5398.patch: properly check len in
    nmbd_packets.c
  * References
    CVE-2007-4572
    CVE-2007-5398

ed6073c... by Steve Langasek on 2007-10-02

Import patches-unapplied version 3.0.26a-1ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 3c9f5388d7deb4b2bfaaca4e651629ccbbcb842f

New changelog entries:
  * debian/patches/chgpasswd.patch:
    - Also set the locale to 'C' when using PAM for password changes,
      since the PAM conversation is equally affected by PAM l10n support
      (LP: #139265).

3c9f538... by Andrew Mitchell on 2007-09-17

Import patches-unapplied version 3.0.26a-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: f9bd7963bfd5237042994bca190c3611d04f11ea

New changelog entries:
  * debian/patches/chgpasswd.patch:
    - Set locale to 'C' while calling the passwd change program
  * Merge from debian unstable, remaining changes:
    * debian/patches/VERSION.patch:
      - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
    * debian/control:
      - Remove typehandling (not used in Ubuntu)
    * debian/samba-common.templates:
      - Set default workgroup to MSHOME
    * debian/rules:
      - Remove type-handling.
    * debian/samba.init:
      - Make sure $PIDDIR exists (/var/run is a tmpfs)
      - Ubuntu's log_progress_msg is a no-op, so to avoid confusion, don't
        say specifically which daemons we're handling. (LP #25803)
    * debian/smb.conf:
      - Add "(Samba, Ubuntu)" to server string.
      - Change the (commented-out) "printer admin" example to use "@lpadmin"
        instead of "@ntadmin", since the lpadmin group is used for spool admin.
      - Comment out the default [homes] shares and add more verbose comments to
        explain what they do and how they work (LP #27608). Also, add a
        comment about "valid users = %S" to show users how to restrict access
        to \\server\username to only username.
    * debian/panic-action:
      - Bail out if there's no "mail" command.
      - Alter the panic-action script to link to the samba bug reporting page
        on Launchpad.
    * debian/samba-common.config:
      - do not change priority to HIGH if dhclient3 is installed
  * New upstream release.
  * Remove the samba-common/unsupported-passdb debconf template and
    the associated code in samba-common.postinst, that deals with pre-etch
    versions transition
  * Remove the samba/tdbsam template and the remaining line referencing
    it (for no need) in samba.postinst. That code was removed in 3.0.23c-2
    and was dealing with pre-3.0 transitions.
  * New upstream release: security update for CVE-2007-4138:
    incorrect primary group assignment for domain users using the rfc2307 or
    sfu winbind nss info plugin.
  [ Noèl Köthe ]
  * new upstream released from 2007-08-20
    - added smbfs deprecation information to help and manpage
      Closes: #360384
    - fixed winbind leaking file descriptors
      Closes: #410663
    - fixed smbpasswd fails with errorcode SUCCESS as normal user
      Closes: #155345
  [ Christian Perrier ]
  * Drop the (upstream unmaintained) python bindings (python-samba package)
  * swat: turn the dependency on samba-doc to a Recommends:
    Thanks to Peter Eisentraut for dealing with that issue and bringing it
    back. Closes: #391742
  [ Steve Langasek ]
  * Don't start nmbd if 'disable netbios' is set in the config.
    Closes: #429429.
  * missing_userspace_bugzilla999.patch: always use opt_gid and opt_uid,
    set to those of the invoking user, when called as non-root.
    Closes: #431661.
  * Fix up fhs.patch for some new FHS regressions:
    - make sure all references to winbindd_idmap.tdb look in /var/lib/samba
    - make sure all references to winbindd_cache.tdb look in /var/cache/samba
    - share_info.tdb belongs in /var/lib/samba; this is a regression
      introduced in 3.0.23-1, so fix up this path on samba upgrade
    - move the ADS "gpo" cache directory to /var/cache/samba
    - move idmap_cache.tdb to /var/cache/samba, and fix up the path on
      winbind upgrade
  * linux-cifs-user-perms.patch: also support setting a default uid and gid
    value when mount.cifs is called as non-root
  * cifs-umount-trailing-slashes.patch: canonicalize mount point names when
    umount.cifs is called, to avoid unnecessarily leaving entries behind in
    /etc/mtab if invoked with a trailing slash in the mount point name
  * cifs-umount-same-user.patch: the CIFS_IOC_CHECKMOUNT ioctl check
    in umount.cifs assumed that errors would return a value > 0, when in fact
    the return value on failure is -1. Correct this assumption, which was
    allowing any user to unmount shares mounted by other users.
  * smbpasswd-syslog.patch: Fix pam_smbpass to no longer call openlog()
    and closelog(), since this will interfere with syslogging behavior
    of the calling application. Closes: #434372.
  * swat should depend only on inet-superserver, not update-inetd, per
    Marco d'Itri.
  [ Christian Perrier ]
  * debian/panic-action: bail out if there's no "mail" command
    Patch from the Ubuntu samba packagers.
  * debian/smb.conf: use the comment from Ubuntu package for the "valid users"
    setting of [homes] as a basis for ours. Ubuntu's wording is better.
  [ Peter Eisentraut ]
  * Don't ignore errors from make distclean, as per lintian check
  [ Debconf translations ]
  * Gujarati updated. Closes: #436215

f9bd796... by Mathias Gug on 2007-08-17

Import patches-unapplied version 3.0.25b-1ubuntu4 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 76ebe3024b4cfc56f8f4a09e9ed4e60cfb921f0e

New changelog entries:
  * debian/rules:
    - add error-handler=true to samba dh_installinit. Fixes LP: #85194.

76ebe30... by Matthias Klose on 2007-08-14

Import patches-unapplied version 3.0.25b-1ubuntu3 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 8811ac58b00a8310dbf3b955d326ba3aab4c588e

New changelog entries:
  * Build depend on libacl1-dev on lpia.

8811ac5... by Mathias Gug on 2007-08-10

Import patches-unapplied version 3.0.25b-1ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 56007c81a6c120d4631cf464e24bd9923b100b6e

New changelog entries:
  * debian/smb.conf:
    - Fix 'valid users =' option in smb.conf. LP: #131419.