ubuntu/+source/samba:ubuntu/precise-security

Last commit made on 2017-03-30
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/samba

Recent commits

d6167a2... by Marc Deslauriers on 2017-03-28

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 069455890bb2ad4cfe1af1b2827929cdeb7edb5f

New changelog entries:
  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

0694558... by Marc Deslauriers on 2017-03-21

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.9 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b54838b9da9e26d8deb417878bc2f2a334046caf

New changelog entries:
  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619-*.patch: security fix and prerequisite
      patches from upstream.
    - CVE-2017-2619

b54838b... by Steve Beattie on 2016-12-13

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f8cec656bd55316a4818eddf1514f62a798c4de1

New changelog entries:
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125-v3.6.patch: don't use GSS_C_DELEG_FLAG in
      source3/librpc/crypto/gse.c and source3/libsmb/clifsinfo.c.
    - CVE-2016-2125

f8cec65... by Marc Deslauriers on 2016-05-12

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e0d45be8d06cb4fb8e5c30686e0c1299d9516efb

New changelog entries:
  * SECURITY REGRESSION: compatibility with NetAPP SAN (LP: #1576109)
    - debian/patches/fix_netapp.patch: don't require NTLMSSP_SIGN for smb
      connections in source3/libsmb/ntlmssp.c.
  * SECURITY REGRESSION: compatibility with 3.6 servers (LP: #1574403)
    - debian/patches/relax_client_ipc_signing.patch: relax the
      "client ipc signing" parameter to "auto" so a 3.6 client can still
      connect to a 3.6 server. Administrators in environments that
      exclusively connect to more recent servers might want to manually
      configure this back to "mandatory".

e0d45be... by Marc Deslauriers on 2016-05-03

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: d1a0fe668052bd3c93f712a8866d609f648a3f34

New changelog entries:
  * SECURITY REGRESSION: Add additional backported commits to fix
    regressions in the previous security updates. (LP: #1577739)
    - debian/patches/security_trailer_regression.patch: fix a regression
      verifying the security trailer in source3/rpc_server/srv_pipe.c.
    - debian/patches/bug9669_regression.patch: fix a crash when running
      net rpc join against an older Samba PDC in
      source3/rpc_client/cli_pipe.c.
    - debian/patches/netlogon_credentials_regression.patch: fix updating
      netlogon credentials in source3/rpc_client/cli_pipe.c.
    - Thanks to Andreas Schneider for the additional backports to
      Samba 3.6!

d1a0fe6... by Marc Deslauriers on 2016-04-12

Import patches-unapplied version 2:3.6.25-0ubuntu0.12.04.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b6451a1ef3e01c69ab6c0a76652786cc6c5ae0a7

New changelog entries:
  * SECURITY UPDATE: fix multiple security issues
    - debian/patches/CVE-preparation-v3-6.patch: code changes required
      for security patches.
    - debian/patches/CVE-2016-2110-v3-6.patch: Man in the middle attacks
      possible with NTLMSSP.
    - debian/patches/CVE-2016-2111-v3-6.patch: NETLOGON Spoofing
      Vulnerability.
    - debian/patches/CVE-2016-2112-v3-6.patch: The LDAP client and server
      don't enforce integrity protection.
    - debian/patches/CVE-2016-2115-v3-6.patch: SMB client connections for
      IPC traffic are not integrity protected.
    - debian/patches/CVE-2016-2118-v3-6.patch: SAMR and LSA man in the
      middle attacks possible.
    - debian/patches/CVE-2015-5370-v3-6.patch: Multiple errors in DCE-RPC
      code
    - Thanks to Andreas Schneider, Ralph Böhme, Stefan Metzmacher,
      Günther Deschner and Aurélien Aptel for the patch backports to
      Samba 3.6!
  * Updated to upstream 3.6.25
    - Removed upstreamed patches: initialize_password_db-null-deref,
      fix-samba.ldip-syntax.patch, CVE-2012-1182-1.patch,
      CVE-2012-1182-2.patch, CVE-2012-2111.patch,
      lp_970679_fix-large-groups.patch,
      net-rpc-share-allowedusers-with-2008r2.patch,
      lp_967410_fix-cups-printer-not-added-to-registry.patch,
      lp_1016895_setgroups_3.5.patch, winbind-kerberos-refresh.patch,
      CVE-2013-0454.patch,
      lp_1003296_fix-login-with-expiring-user-passwords.patch,
      CVE-2013-4124.patch, CVE-2013-4475.patch, CVE-2012-6150.patch,
      CVE-2013-4408.patch, CVE-2013-4496.patch, CVE-2014-0244.patch,
      CVE-2014-3493.patch, CVE-2015-0240.patch,
      security-CVE-2013-0213.patch, security-CVE-2013-0214.patch.
    - debian/rules: don't build external libtevent
    - debian/rules: add idl_full to dh_auto_build

b6451a1... by Marc Deslauriers on 2016-03-07

Import patches-unapplied version 2:3.6.3-2ubuntu2.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0c4f356baea75fb2f64ddc8543694fa4f7f6e9ae

New changelog entries:
  * SECURITY UPDATE: incorrect ACL get/set allowed on symlink path
    - debian/patches/CVE-2015-7560.patch: properly handle symlinks in
      source3/smbd/nttrans.c, source3/smbd/trans2.c.
    - CVE-2015-7560
  * SECURITY UPDATE: clickjacking vulnerability in SWAT
    - debian/patches/security-CVE-2013-0213.patch: use X-Frame-Options
      header in source3/web/swat.c.
    - CVE-2013-0213
  * SECURITY UPDATE: CSRF vulnerability in SWAT
    - debian/patches/security-CVE-2013-0214.patch: use additional nonce on
      XSRF protection in source3/web/cgi.c, source3/web/swat.c,
      source3/web/swat_proto.h.
    - CVE-2013-0214

0c4f356... by Dariusz Gadomski on 2016-02-15

Import patches-unapplied version 2:3.6.3-2ubuntu2.14 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 13ed8090d64f56b1b1c85148f8b4e88de4f3a092

New changelog entries:
  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
    (LP: #1545750)

13ed809... by Marc Deslauriers on 2016-01-04

Import patches-unapplied version 2:3.6.3-2ubuntu2.13 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5a8f911254de26280c559fa5548df45dec59f66a

New changelog entries:
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      source3/libsmb/clidfs.c, source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/util/charset/charset.h, lib/util/charset/codepoints.c,
      lib/util/charset/util_unistr.c, source3/lib/util_str.c.
    - CVE-2015-5330

5a8f911... by Marc Deslauriers on 2015-02-23

Import patches-unapplied version 2:3.6.3-2ubuntu2.12 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b87d3bb73502de890f771c9fffc501075e54af45

New changelog entries:
  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c, initialize creds_out in
      libcli/auth/schannel_state_tdb.c.
    - CVE-2015-0240