Last commit made on 2016-05-25
Get this branch:
git clone -b ubuntu/wily-devel https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

3d95fc3... by Marc Deslauriers on 2016-05-20

Import patches-unapplied version 2:4.3.9+dfsg-0ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 20d3f3ec13ee9684e3229a6670eebec6a7b235e2

New changelog entries:
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in

20d3f3e... by Marc Deslauriers on 2016-05-03

Import patches-unapplied version 2:4.3.9+dfsg-0ubuntu0.15.10.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 53389fde41c2fc7f36d99aba3b4dc5fc2123097e

New changelog entries:
  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

53389fd... by Marc Deslauriers on 2016-04-12

Import patches-unapplied version 2:4.3.8+dfsg-0ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 32208367c2561e342d9998761f0ff3885cf81fdb

New changelog entries:
  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * Backported most packaging changes from (2:4.3.6+dfsg-1ubuntu1) in
    Ubuntu 16.04 LTS, except for the following:
    - Don't remove samba-doc package
    - Don't remove libpam-smbpass package
    - Don't remove libsmbsharemodes0 and libsmbsharemodes-dev packages
    - Don't build with dh-systemd
    - Don't build ctdb and cluster support
  * debian/patches/fix_pam_smbpass.patch: fix double free in pam_smbpass.
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

3220836... by Marc Deslauriers on 2016-03-03

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu3.3 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 7e9b2fd14196f5d440f4aeafb7b9db92b8771136

New changelog entries:
  * SECURITY UPDATE: incorrect ACL get/set allowed on symlink path
    - debian/patches/CVE-2015-7560-pre1.patch: add vfs_stat_smb_basename()
      to source3/smbd/proto.h, source3/smbd/vfs.c.
    - debian/patches/CVE-2015-7560.patch: properly handle symlinks in
      source3/client/client.c, source3/libsmb/clifile.c,
      source3/libsmb/proto.h, source3/smbd/nttrans.c,
      source3/smbd/trans2.c, added tests to selftest/knownfail,
      source3/selftest/tests.py, source3/torture/torture.c.
    - CVE-2015-7560
  * SECURITY UPDATE: out-of-bounds read in internal DNS server
    - debian/patches/CVE-2016-0771.patch: fix dns handling in
      librpc/idl/dns.idl, librpc/idl/dnsp.idl, librpc/idl/dnsserver.idl,
      librpc/ndr/ndr_dns.c, librpc/ndr/ndr_dnsp.c, librpc/ndr/ndr_dnsp.h,
      librpc/wscript_build, source4/dns_server/dns_query.c,
      source4/dns_server/dns_update.c, source4/librpc/wscript_build,
      added tests to python/samba/tests/dns.py,
      python/samba/tests/get_opt.py, selftest/tests.py,
    - CVE-2016-0771

7e9b2fd... by Dariusz Gadomski on 2016-02-15

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu3.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 0c5a2d1f614b42c53aeab2995ef35cce4738df30

New changelog entries:
  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
    (LP: #1545750)

0c5a2d1... by Marc Deslauriers on 2016-01-04

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu3.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: fa0039fafb36d17c6edb13ae7d7ffd07ce4af125

New changelog entries:
  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update

fa0039f... by Sebastien Bacher on 2015-11-10

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu3 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: da4455ba698453c60baef155215f9845247ef625

New changelog entries:
  * debian/samba.logrotate:
    - revert to Debian version of the logrotate reload command, fix an
      invalid syntax introduced in the upstart->systemd transition
      (lp: #1385868)

da4455b... by Robert Ancell on 2015-08-10

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: fd9fe4fd53a3f1a3b38ca87a6829e31298669f5e

New changelog entries:
  * debian/control:
    - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

fd9fe4f... by Martin Pitt on 2015-05-08

Import patches-unapplied version 2:4.1.17+dfsg-4ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 7c90706ef3bcb88e7a1d5f26250fcc318d859c2b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
      processes such that it works under both upstart and systemd.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
    + debian/patches/git_timeout_client_error.patch:
    - don't let smb mounts timeout that leads to errors when trying to
      reuse a mount after idling for a while in e.g nautilus (lp: #310932)

7c90706... by Jelmer Vernooij on 2015-04-28

Import patches-unapplied version 2:4.1.17+dfsg-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3d73bb9ed1fd091f0a262a6acf4a1f70d298469f

New changelog entries:
  * Add pidl_reproducible.patch: Make pidl output reproducible.