Last commit made on 2010-03-24
Get this branch:
git clone -b ubuntu/intrepid-devel https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

4d07c93... by Marc Deslauriers on 2010-03-18

Import patches-unapplied version 2:3.2.3-1ubuntu3.8 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 95f1532cd63027ba2936789bbac2b5b8ef933cc4

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/param/loadparm.c,
      source/smbd/service.c, source/smbd/trans2.c, source/smbd/vfs.c,
      docs/htmldocs/manpages/smb.conf.5.html and docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

95f1532... by Marc Deslauriers on 2010-01-26

Import patches-unapplied version 2:3.2.3-1ubuntu3.7 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 23b1790d72543d5dab920c876b4deaa490a2ca55

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

23b1790... by Marc Deslauriers on 2009-10-01

Import patches-unapplied version 2:3.2.3-1ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 1f74b1acfe97a49ad6eacc1825feffa7dc7e1606

New changelog entries:
  * SECURITY UPDATE: denial of service via string vulnerabilities in
    - debian/patches/security-CVE-2009-1886.patch: fix string format
      vulnerabilities in source/client/client.c.
    - CVE-2009-1886
  * SECURITY UPDATE: access control list modification when dos filemode is
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906

1f74b1a... by Chuck Short on 2009-01-12

Import patches-unapplied version 2:3.2.3-1ubuntu3.5 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: c5c1282c1cf134c59cad8ec72ad0032131700ed0

New changelog entries:
  * debian/patches/fix-libnss-sigabrt.patch: Fix sigabort when using
    wins client. Taken from upstream. (LP: #286119)
  * debian/patches/ Fix sigsev when using old NAS devices. Taken
    from upstream. Thanks to Thierry Carrez for tracking this down.
    (LP: #264943)

c5c1282... by Marc Deslauriers on 2009-01-05

Import patches-unapplied version 2:3.2.3-1ubuntu3.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 0d8bfefa1ead6cd632c10e413dde43d646782624

New changelog entries:
  * SECURITY UPDATE: potential access to the root filesystem when using an
    empty string share name.
    - debian/patches/security-CVE-2009-0022.patch: make sure a non-empty share
      name is used in load_registry_service() in source/smbd/service.c.
    - CVE-2009-0022

0d8bfef... by Marc Deslauriers on 2008-11-26

Import patches-unapplied version 2:3.2.3-1ubuntu3.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 28dca4d717e3ebca8832b631cb2c7b65e5362800

New changelog entries:
  * SECURITY UPDATE: potential arbitrary memory leak and crash via secondary
    trans, trans2 and nttrans requests.
    - debian/patches/security-CVE-2008-4314.patch: fix the offset checks in the
      trans routines in source/smbd/{ipc.c,nttrans.c,trans2.c}.
    - CVE-2008-4314
  * debian/rules: do not update po tree for security updates.

28dca4d... by Thierry Carrez on 2008-11-17

Import patches-unapplied version 2:3.2.3-1ubuntu3.1 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: 1631e50aee64f64c4feec704ff6cf32762e9408c

New changelog entries:
  * debian/patches/last-char-truncation.patch: Fix compatibility issue with
    NAS boxes still using Samba 2.2 or before (fixes LP: #282298)

1631e50... by Thierry Carrez on 2008-10-10

Import patches-unapplied version 2:3.2.3-1ubuntu3 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: a470df2640435a6e74cf174ee24b2b6ffdb55a46

New changelog entries:
  * Fix pam-smbpass.so crashing because it misses /var/lib/samba (LP: #260687)
    - debian/samba-common.dirs: create /var/lib/samba in samba-common
    - debian/samba.postrm: don't completely remove /var/lib/samba on purge
      (just let samba-common postrm do it)

a470df2... by Thierry Carrez on 2008-09-12

Import patches-unapplied version 2:3.2.3-1ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 531cdc3d8de0c961e6129a125e2cf0ad4b75b50d

New changelog entries:
  * Make libwbclient0 replace/conflict with hardy's likewise-open (LP: #254434)

531cdc3... by Chuck Short on 2008-08-27

Import patches-unapplied version 2:3.2.3-1ubuntu1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 80d7e6d3c55cac2030112a6e917c5785f89c219c

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/patches/VERSION.patch:
      + set SAMBA_VERSION_SUFFIX to Ubuntu.
    - debian/smb.conf:
      + add "(Samba, Ubuntu)" to server string.
      + comment on the default [homes] shares, and add a comment about "valid user = %s"
        to show users how to restrict access to \\server\username to only username.
      + add map to guest = Bad user, maps bad username to guest access. (LP: #32067)
    - debian/samba-common.postinst:
      + Fix upgrade from a first installation done with feisty, edgy, or dapper.
       (LP: #201059)
      + When populating the new sambashare group, it's not an error if the user
        simply doesn't exist; test for this case and the install continue instead
        of aborting. (LP: #206036)
    - debian/samba-common.config:
      + do not change priority to HIGH if dhclient3 is installed.
      + use priority medium instead of HIGH for the workgroup question.
    - debian/winbind.files:
      + include additional files
    - debian/mksambapasswd.awk:
      + Don't add user with UID less than 1000 to smbpasswd.
    - debian/control:
      + Depend on lsb-base >= 3.2-14, which has the status_of_proc() function.
      + Make libpam-smbpass depend on libpam-runtime for allowing libpam-smbpasss
        to auto-configure itself.
    - debian/samba.init:
      + Replace the previous 'status' gathering mechanism with the common one
        now provided by status_of_proc() (LP: #247087).
    - debian/winbind.init:
      + Add a pid variable and a 'status' action.
    - debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
      debian/libpam-smbpass.files, debian/rules: provide a config block for the
      new PAM framework, allowing his PAM module to auto-configure itself.
    - debian/libpam-smbpass.prerm: call pam-auth-update --remove on removal,
      to clean up after ourselves.
    - debian/rules: enable "native" PIE hardening.
  [Jamie Strandboge]
  * Add ufw integration (thanks Nicolas Valcárcel) (LP: #261544)
    - Created debian/samba.ufw.profile
    - debian/rules: install profile
    - debian/control: have samba Suggests ufw
  * High-urgency upload for security fix
  * New upstream release
    - Fix "/usr/lib/cups/backend/smb does not try port 139 anymore by default"
      Closes: #491881
    - Fix the default permissions on ldb databases. Addresses
      CVE-2008-3789; closes: #496073.
    - debian/rules, debian/smbfs.files: build with cifs.upcall,
      newly introduced to replace cifs.spnego
    - debian/rules: no more need to rename libsmbclient.so to
      libsmbclient.so.0, or libwbclient.so to libwbclient.so.0
  [ Noèl Köthe ]
  * fixing lintian warning "build-depends-on-1-revision"