ubuntu/+source/samba:ubuntu/yakkety-updates

Last commit made on 2017-07-14
Get this branch:
git clone -b ubuntu/yakkety-updates https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/yakkety-updates
Repository:
lp:ubuntu/+source/samba

Recent commits

a51933e... by Steve Beattie on 2017-07-13

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.8 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: b19067875b037ec4682bc3e59d9ce0782b015056

New changelog entries:
  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

b190678... by Andreas Hasenack on 2017-06-30

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.7 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7909257f02b84ba4ed093a6f09a7e1ac66eabb1a

New changelog entries:
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

7909257... by Marc Deslauriers on 2017-05-19

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.6 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 30f018209e203824c2129c3c83481c8397c3f50b

New changelog entries:
  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

30f0182... by Marc Deslauriers on 2017-03-28

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.5 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 58fabaea1fc8752ce9a0c393c98244c3a8cd4396

New changelog entries:
  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

58fabae... by Marc Deslauriers on 2017-03-20

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.4 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c1f130eedf306283769b42219b897f15f8411895

New changelog entries:
  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

c1f130e... by Marc Deslauriers on 2016-12-12

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5.2 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 9b4a761534326933f47f322a54742464a9c0d46b

New changelog entries:
  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126
  * This package does _not_ contain the changes from
    2:4.4.5+dfsg-2ubuntu5.1 in yakkety-proposed.

9b4a761... by Matthias Klose on 2016-09-18

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu5 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: fbbc01bd3ed9532d878bc79a951829ede41ef1df

New changelog entries:
  * No-change rebuild for readline soname change.

fbbc01b... by Matthias Klose on 2016-09-17

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 0b1b9b6c5308f90207793d2934a852b855f7ce3f

New changelog entries:
  * No-change rebuild for readline soname change.

0b1b9b6... by Sebastien Bacher on 2016-08-05

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu3 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 146dbda3bdbbd6d23b35314c0b7845fd51a4784d

New changelog entries:
  * debian/patches/git_smbclient_cpu.patch:
    - backport upstream patch to fix smbclient users hanging/eating cpu on
      trying to contact a machine which is not there (lp: #1572260)

146dbda... by Steve Langasek on 2016-07-15

Import patches-unapplied version 2:4.4.5+dfsg-2ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 55884160ddc7ebf5f2e46fc4c74d7d94b113a8b9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
  * Dropped changes:
    - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
      never done in Debian, revert.
    - ufw integration: included in Debian.