ubuntu/+source/samba:ubuntu/zesty

Last commit made on 2017-03-16
Get this branch:
git clone -b ubuntu/zesty https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty
Repository:
lp:ubuntu/+source/samba

Recent commits

71a08a0... by Nish Aravamudan on 2017-03-06

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 23a266d5daf694202eb925859b8c0f203a30bcde
Upload parent: 7db4a22cfd30960224a0c0b3a1dd06c05fc253ee

New changelog entries:
  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

7db4a22... by Nish Aravamudan on 2017-03-06

changelog

c7104b6... by Nish Aravamudan on 2017-03-06

  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

23a266d... by Nish Aravamudan on 2017-01-27

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: fd4f823ad277d273a9907d4ee044f888811e25a2
Upload parent: c60adeab8f069bf666584c03d878afe3ed06d9dc

New changelog entries:
  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

9e52d38... by Nish Aravamudan on 2017-01-27

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using usd-importer.

Publish parent: 650ca75270feb495f572ad11c0e4babf651d66e8
Upload parent: c60adeab8f069bf666584c03d878afe3ed06d9dc

New changelog entries:
  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]
  [ Mathieu Parent ]
  * New upstream version
    - Drop security-2016-12-19.patch, was 4.5.3
  * missing-build-dependency-for-dh_-command dh_python2 => dh-python
  [ Vincent Blut ]
  * d/control: Suggest chrony as an alternative to ntp (Closes: #851727)
  [ Daniel A ]
  * add gpgme support (Closes: #850908)
  * This is a security release in order to address the following defects:
    - CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
      Overflow Remote Code Execution Vulnerability).
    - CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
      trusted realms).
    - CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
       elevation).
  * New upstream version
    - Remove CTDB-Fix-samba-eventscript.patch: merged
    - d/rules: /usr/share/ctdb-tests is now /usr/share/ctdb/tests
  * Update gbp.conf with debian-branch = master
  * Upload to unstable
  * New upstream version
    - Refresh patches
    - Remove bug_12283_segfault_tevent_internals.patch
    - Remove gencache-Bail-out-of-stabilize-if-we-can-not-get-the.patch
    - Adding libdsdb-garbage-collect-tombstones.so.0 to samba-libs.install
  * CTDB: Fix samba eventscript
  * nmbd requires a working network (Closes: #698056, #842056, #840608,
    LP: #1635491)
  * Be more verbose about masking samba-ad-dc.service (Closes: #841147)
  * Remove Fix_parallel_build.patch, not working
  * Upload to experimental
  * New upstream version
    + Remove patches:
      - bug_601406_fix-perl-path-in-example.patch, similar applied
      - waf_smbpasswd_location, applied
      - Fix-privacy-breach-on-google.com.patch, doc moved out of source
      - ctdb-Fix-detection-of-gnukfreebsd.patch, applied
      - gcc_6.patch, applied
    + Dumped dependencies
      - libldb-dev (>= 2:1.1.27~)
      - libtalloc-dev (>= 2.1.8~)
      - libtdb-dev (>= 1.3.10~)
      - libtevent-dev (>= 0.9.29~)
      - python-talloc-dev (>= 2.1.8~)
    + Install new files and update debian/ctdb.docs
    + Update to libwbclient0.symbols
    + Update samba-libs.lintian-overrides (libtevent-unix-util0 removed)
    + /etc/default/ctdb is now /etc/ctdb/ctdbd.conf
  * Add patch for https://bugzilla.samba.org/show_bug.cgi?id=12045
  * ctdb/wscript: Call CHECK_XSLTPROC_MANPAGES() before checking
    XSLTPROC_MANPAGES. This should fix parallel builds, including
    tests.reproducible-builds.org. Thanks HW42 on IRC
  * Depends: lsb-base (>= 3.0-6), for ctdb and winbind as they source
    /lib/lsb/init-functions
  * Remove uses of tevent internals. This fixes segfault.
    Closes: #840382, #840298.
  * New upstream release.
  * Use epoch in samba-vfs-modules Breaks and Replaces (Closes: #833164)
  * Only fix PIDFile in {nmbd,samba-ad-dc,smbd,winbind}.service (i.e. not
    ctdb.service) Closes: #838000.
  * logrotate: Only reload smbd when needed. Thanks Roland Hieber.
    Closes: #838796.
  [ Jelmer Vernooij ]
  * Add strict dependencies on samba-libs, because of use of private
    libraries without stable ABI across Samba binary packages.
  * Add Breaks clauses for older versions of samba-libs and samba to
    samba-vfs-modules, as some files have moved. Closes: #833164,
    #832880
  [ Mathieu Parent ]
  * Remove /etc/systemd/system/samba-ad-dc.service (from postinst) on purge.
    Closes: #832352
  * Fix PIDFile in systemd service files. Closes: #830909
  * Remove unused lintian overrides
  * Use automatic debug packages (-dbgsym) (Closes: #819776)
  * Remove Christian Perrier from uploaders (Closes: #836715). Thanks for all
    you work, and thanks for bringing me in the team and as a DD.
  * Update Turkish translation. Thanks Atila KOÇ. Closes: #791903
  * Drop dependency on samba-libs in libwbclient0 to avoid
    circular dependency.

c60adea... by Nish Aravamudan on 2017-01-27

update-maintainer

927ccaf... by Nish Aravamudan on 2017-01-27

changelog

d68ad75... by Nish Aravamudan on 2017-01-27

merge-changelogs

578274c... by Nish Aravamudan on 2017-01-27

  * Drop:
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

b229bd2... by Nish Aravamudan on 2017-01-27

  * Drop:
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]