ubuntu/+source/samba:ubuntu/jaunty-security

Last commit made on 2010-09-14
Get this branch:
git clone -b ubuntu/jaunty-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/jaunty-security
Repository:
lp:ubuntu/+source/samba

Recent commits

733ff67... by Marc Deslauriers on 2010-09-09

Import patches-unapplied version 2:3.3.2-1ubuntu3.6 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 729a74e310e38916ecf88d54eeedef861727d81c

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via large number of SID sub authorities
    - debian/patches/security-CVE-2010-3069.patch: limit number of SID
      sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
      source/libsmb/cliquota.c, source/smbd/nttrans.c.
    - CVE-2010-3069

729a74e... by Kees Cook on 2010-06-15

Import patches-unapplied version 2:3.3.2-1ubuntu3.5 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 6a84da1663482dc14d5acd9a51a740dd7a144d32

New changelog entries:
  * SECURITY UPDATE: arbitrary remote code execution.
    - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

6a84da1... by Marc Deslauriers on 2010-03-18

Import patches-unapplied version 2:3.3.2-1ubuntu3.4 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: e9e8dc1a0c5ab9df04118ec8b429e16b2ee415a3

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/include/proto.h,
      source/param/loadparm.c, source/smbd/service.c, source/smbd/trans2.c,
      source/smbd/vfs.c, docs/htmldocs/manpages/smb.conf.5.html and
      docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

e9e8dc1... by Marc Deslauriers on 2010-01-26

Import patches-unapplied version 2:3.3.2-1ubuntu3.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 778af24fbc3e2dabe6c4af42c8cc41357c1d102a

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

778af24... by Marc Deslauriers on 2009-10-01

Import patches-unapplied version 2:3.3.2-1ubuntu3.2 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 8a1f7cd03fd4fae8dbb7845ff88e25e9b5b6edae

New changelog entries:
  * SECURITY UPDATE: access control list modification when dos filemode is
    enabled
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906

8a1f7cd... by Chuck Short on 2009-06-29

Import patches-unapplied version 2:3.3.2-1ubuntu3.1 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 3944f909890fc93a23950ab92ed94a020f16f3f1

New changelog entries:
  * debian/patches/fix-password-expiry-calculation.patch: Use correct
    value for password expiry calculation. (LP: #393450)

3944f90... by Chuck Short on 2009-03-27

Import patches-unapplied version 2:3.3.2-1ubuntu3 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: fe8fda9986d4759e2eac522bf46a100b9587ca4d

New changelog entries:
  [Thierry Carrez]
  * debian/samba-common.postinst: Add more informative error message for
    the case where smb.conf was manually deleted (LP: #312449)
  [Chuck Short]
  * debian/control: Add suggests keyutils for smbfs. (LP: #300221)

fe8fda9... by Chuck Short on 2009-03-26

Import patches-unapplied version 2:3.3.2-1ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: b34c18614ba50416ef0f72eab240d63e48ed70ee

New changelog entries:
  * debian/patches/fix-upstream-bug-6186.patch: Fix for data loss
    with roaming profiles. (https://bugzilla.samba.org/show_bug.cgi?id=6186)

b34c186... by Chuck Short on 2009-03-16

Import patches-unapplied version 2:3.3.2-1ubuntu1 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: a09d48d56823b0cdb4e1cd2fbded211082536834

New changelog entries:
  * Merge from debian unstable, remaining changes:
    + debian/patches/VERSION.patch:
      - setup SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
      - Set 'usershare allow guests', so that usershare admins are
        allowed to create public shares in addition to authenticated
        ones.
      - add map to guest = Bad user, maps bad username to guest access.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    * debian/mksambapasswd.awk:
      - Do not add user with UID less than 1000 to smbpasswd.
    * debian/control:
      - Make libwbclient0 replace/conflict with hardy's likewise-open.
      - Don't build against ctdb.
    * debian/rules:
      - enable "native" PIE hardening.
    * Add ufw integration:
      - Created debian/samba.ufw profile.
      - debian/rules, debian/samba.dirs, debian/samba.files: install
        profile
      - debian/contorl: have samba sugguest ufw.

a09d48d... by Christian Perrier on 2009-03-15

Import patches-unapplied version 2:3.3.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9038259fc9681ff8fe51eac791e24ffeafe5354e

New changelog entries:
  [ Christian Perrier ]
  * New upstream release. Closes: #519626
    - mounts with -o guest will now automatically try to connect anonymously.
      Closes: #423971.
    - fix for brokenness when using 'force group'. Closes: #517760.
    - fix for saving files on Samba shares using MS Office 2007.
      LP: #337037.
  * Re-fix slave links for manual pages in samba-common. Closes: #517204.
  [ Steve Langasek ]
  * Add missing debhelper token to libpam-smbpass.prerm.