ubuntu/+source/samba:ubuntu/quantal-security

Last commit made on 2014-03-26
Get this branch:
git clone -b ubuntu/quantal-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/quantal-security
Repository:
lp:ubuntu/+source/samba

Recent commits

f6b7d23... by Marc Deslauriers on 2014-03-17

Import patches-unapplied version 2:3.6.6-3ubuntu5.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: a7c8d1a2d23d85b0e675247d1686102e3384e3e6

New changelog entries:
  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496

a7c8d1a... by Marc Deslauriers on 2013-12-09

Import patches-unapplied version 2:3.6.6-3ubuntu5.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: c764a38d11670fd6b492e8412d051d90c6aa71c6

New changelog entries:
  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408

c764a38... by Marc Deslauriers on 2013-09-23

Import patches-unapplied version 2:3.6.6-3ubuntu5.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 8b02386def1cf9e2ebd1297d3ef601bbafff62bd

New changelog entries:
  * SECURITY UPDATE: denial of service via integer wrap in EA list reading
    - debian/patches/CVE-2013-4124.patch: check offsets in
      source3/smbd/nttrans.c.
    - CVE-2013-4124
  * debian/patches/waf-as-source.patch: removed part that fails to apply
    using saucy's quilt.
  * This package does _not_ contain the changes from 2:3.6.6-3ubuntu5.1 in
    quantal-proposed.

8b02386... by Olly Betts on 2012-10-05

Import patches-unapplied version 2:3.6.6-3ubuntu5 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: a6169a73ee53f8fefbfbfa59f11c8e254ea6cee4

New changelog entries:
  * Change "net share allowedusers" to use RPC call that works with
    Microsoft Windows 2008 r2 (LP: #1061244).

a6169a7... by James Page on 2012-09-12

Import patches-unapplied version 2:3.6.6-3ubuntu4 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 2b258a3615b1266c189b3e7467841649b0bd68ab

New changelog entries:
  * Drop --upstart-only option when installing upstart configuration for
    winbind - its not required in this case.

2b258a3... by James Page on 2012-09-12

Import patches-unapplied version 2:3.6.6-3ubuntu3 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 550dbd0428afa3d3abd554c4ecd922a7a17db908

New changelog entries:
  * Decouple startup of smbd from cups (LP: #1047262):
    - d/samba.smbd.upstart: Revert changes made in 2:3.6.6-3ubuntu2.
    - d/samba.reload-smbd.upstart: Add upstart task which reloads smbd
      once cups has started, ensuring that smbd startup is decoupled
      from cups.
    - d/rules: Install reload-smbd upstart configuration, don't try to
      start on install.
  * Install winbind upstart configuration file with --upstart-only option
    for consistency with samba package.

550dbd0... by James Page on 2012-09-07

Import patches-unapplied version 2:3.6.6-3ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 4d2504c98c134f092795463ce5020b9c4d6fabe4

New changelog entries:
  * Ensure samba can query cups for printer information on startup
    (LP: #1047262):
    - d/samba.smbd.upstart: Optionally wait for cups to be in state
      'running' if cups is installed.

4d2504c... by James Page on 2012-08-08

Import patches-unapplied version 2:3.6.6-3ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 85730a4c350b256303a2a4e47cf92c2590ba670c

New changelog entries:
  * Merge from Debian unstable; remaining changes:
    + debian/patches/VERSION.patch:
      - set SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/control:
      - Don't build against or suggest ctdb.
      - Add dependency on samba-common-bin to samba.
    + Add ufw integration:
      - Created debian/samba.ufw.profile
      - debian/rules, debian/samba.install: install profile.
      - debian/control: have samba suggest ufw.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debian/samba-common-bin.install: install hook.
    + Switch to upstart:
      - Added debian/samba.{nmbd,smbd}.upstart.
      - Added debian/winbind.upstart.
      - debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
        Make upstart compatible.
    + d/rules: Drop explicit configuration options for ctdb.
  * d/patches/cups-1.6.1_compat.patch: Cherry picked patch from upstream VCS
    for compatibility with cups >= 1.6.

85730a4... by Christian Perrier on 2012-08-05

Import patches-unapplied version 2:3.6.6-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f66b7697bb1d49995a35b677cf90f8ca88a13562

New changelog entries:
  [ Ansgar Burchardt ]
  * debian/rules: Use xz compression for binary packages.
    Closes: #683899

f66b769... by Steve Langasek on 2012-06-27

Import patches-unapplied version 2:3.6.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 04ed97c729939b477d84f22fd524a71729798b3c

New changelog entries:
  * Restore the DHCP hook.