Last commit made on 2016-04-12
Get this branch:
git clone -b ubuntu/xenial https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

863f465... by Marc Deslauriers on 2016-04-12

Import patches-unapplied version 2:4.3.8+dfsg-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: cb1dadeb15264401490ef937bd362ea89d33e697

New changelog entries:
  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

cb1dade... by Marc Deslauriers on 2016-03-09

Import patches-unapplied version 2:4.3.6+dfsg-1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 9522b685fea5a8cea071074f74e3374c20dc2ac0

New changelog entries:
  * Merge with Debian; remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)

9522b68... by Jelmer Vernooij on 2016-02-27

Import patches-unapplied version 2:4.3.6+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 209a7c4321b2a146f57ab1f6b31554cd2358fa9b

New changelog entries:
  * New upstream release.
   + Fixes:
    - CVE-2015-7560: Incorrect ACL get/set allowed on symlink path.
    - CVE-2016-0771 (Out-of-bounds read in internal DNS server.

209a7c4... by Jelmer Vernooij on 2016-03-05

Import patches-unapplied version 2:4.3.5+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0882b2c6fba24ce87933ceed7b716fce61e8129f

New changelog entries:
  * New upstream release.
  * Fixed usershare.patch to apply against new version.
  * Loosen dependencies on ldb to ldb >= 1.1.21, per upstream.
  * Drop patch sockets-with-htons.patch: applied upstream.
  * Bump standards version to 3.9.7 (no changes).

0882b2c... by Mathieu Parent on 2016-02-04

Import patches-unapplied version 2:4.3.3+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0e08d2d0ce31db94d50730f853bceaae2101de89

New changelog entries:
  [ Jelmer Vernooij ]
  * Add dependency on libtevent-dev in samba-dev.
  [ Mathieu Parent ]
  * Fix CTDB behavior since CVE-2015-8543 (Closes: #813406)

0e08d2d... by Jelmer Vernooij on 2015-12-18

Import patches-unapplied version 2:4.3.3+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c504f65d315aca93db32755eaecb85fe6e92d52c

New changelog entries:
  * New upstream release. Closes: #808133.
   + Drop subunit dependency, no longer used.
   + Drop ntdb dependencies, no longer used.
   + Fixes:
    - CVE-2015-5252: Insufficient symlink verification in smbd
    - CVE-2015-5296: Samba client requesting encryption vulnerable
                     downgrade attack
    - CVE-2015-5299: Missing access control check in shadow copy code
    - CVE-2015-7540: Remote DoS in Samba (AD) LDAP server
    - CVE-2015-8467: Denial of service attack against Windows Active Directory
    - CVE-2015-3223: Denial of service in Samba Active Directory server
    - CVE-2015-5330: Remote memory read in Samba LDAP server
  * Remove libpam-smbpasswd, which is broken and slated for removal
    upstream. Closes: #799840
  * Remove lib/zlib/contrib/dotzlib/DotZLib.chm from excluded files in
    copyright; no longer shipped upstream.
  * Remove wins2dns.awk example script.
  * Remove the samba-doc package, and move examples files from it to
    relevant other packages. Closes: #769385
  * Move samba-dsdb-modules back from Depends to Recommends, as using
    Samba as a standalone server doesn't require the dsdb modules.

c504f65... by Jelmer Vernooij on 2015-09-28

Import patches-unapplied version 2:4.3.0+dfsg-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 6e7ce050e31a85c83db58251a02792581aeeea29

New changelog entries:
  * Re-enable cluster support.
   + Build samba-cluster-support as built-in library, since its dependencies
     are broken.

6e7ce05... by Jelmer Vernooij on 2015-09-19

Import patches-unapplied version 2:4.3.0+dfsg-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: a5df8a6c518c8f35f00c2ab4aa3b2661f65b2ff8

New changelog entries:
  * Fix watch file.
  * New upstream release.
  * Drop no_wrapper patch: applied upstream.
  * Drop patch ctdb_sockpath.patch: applied upstream.
  * Drop Fix-CTDB-build-with-PMDA patch: applied upstream.

a5df8a6... by Jelmer Vernooij on 2014-12-07

Import patches-unapplied version 2:4.2.1+dfsg-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4fca257342da0ea2bd5092df0cb37af4be9ed75d

New changelog entries:
  [ Jelmer Vernooij ]
  * New upstream release.
   + Drop patch do-not-install-smbclient4-and-nmbclient4: applied upstream.
   + Drop patch
     present upstream.
   + Refresh patch 26_heimdal_compat.26_heimdal_compat.
   + Add build-dependency on libarchive-dev.
  * Drop samba_bug_11077_torturetest.patch: applied upstream.
  * Drop dependency on ctdb - now bundled with Samba.
  * Use bundled Heimdal as the system Heimdal doesn't contain the
    changes required for Samba.
  * Add patch heimdal-rfc3454.txt: patch in truncated rfc3454.txt for
    building bundled heimdal.
  * Drop patches 25_heimdal_api_changes and 26_heimdal_compat.
  * Disable cluster support; it breaks the build.
  * Add patch no_wrapper: avoid dependencies on
  * Move some libraries around.
  * Move ownership of var/lib/samba and var/lib/samba/private to samba-
    common, remove obsolete samba4.dirs. Closes: #793866
  * Remove ctdb-tests and ctdb-pcp-pmda packages as they contain problems
    and unclear what they are useful for, now ctdb now longer provides
    an external API.
  [ Mathieu Parent ]
  * Merge ctdb source package
    - initial merge
    - libctdb-dev has been dropped
    - ctdb-dbg renamed to ctdb-tests, debug files moved to samba-dbg
    - ctdb-tests depends on python
  * Fix CTDB socketpath parsing
  * Fix CTDB build with PMDA
  * ctdb: Fix privacy breach on google.com (from documentation)

4fca257... by Ivo De Decker <email address hidden> on 2015-03-07

Import patches-unapplied version 2:4.1.17+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5c7b5f80a405a3805f3c08b92336cd8ff6eaf112

New changelog entries:
  [ Andreas Beckmann ]
  * Add samba.preinst to temporarily deactivate the old qtsmbstatusd
    initscript which has dependencies incompatible with the new samba
    initscript. This will ensure a clean upgrade path for samba if the
    qtsmbstatus-server package was installed previously. (Closes: #779666)