ubuntu/+source/samba:ubuntu/zesty-proposed

Last commit made on 2017-08-24
Get this branch:
git clone -b ubuntu/zesty-proposed https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty-proposed
Repository:
lp:ubuntu/+source/samba

Recent commits

f2774a8... by Dariusz Gadomski on 2017-08-23

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.6 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 6a5b8e810a41c4c473f153b5214c7797103bc306

New changelog entries:
  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

6a5b8e8... by Andreas Hasenack on 2017-07-13

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.5 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dfa195e4f88d31bc701dabc241ca53b99ceac34b

New changelog entries:
  * Remove the fix for LP #1584485 as it builds a broken pam_winbind
    module. There is a revised version of that patch attached to
    #1584485 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)
    - d/p/fix-1584485.patch: drop
    - d/rules: remove winbind static build option

dfa195e... by Steve Beattie on 2017-07-13

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 0e8dc86a6d75aa4fe5002f367d304a282dca5551

New changelog entries:
  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

0e8dc86... by Andreas Hasenack on 2017-06-30

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.3 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 242ebdcd8b0b1186aefd870abebcaf416f600426

New changelog entries:
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

242ebdc... by Marc Deslauriers on 2017-05-19

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 0237f44f0da756bb5651924a896f527ef3808a78

New changelog entries:
  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

0237f44... by Marc Deslauriers on 2017-04-21

Import patches-unapplied version 2:4.5.8+dfsg-0ubuntu0.17.04.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 71a08a0d083ff8f969b79f9951d4e7d9fdfd3ca8

New changelog entries:
  * SECURITY UPDATE: Symlink race allows access outside share definition
    - Updated to new upstream release 4.5.8.
    - CVE-2017-2619

71a08a0... by Nish Aravamudan on 2017-03-06

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 23a266d5daf694202eb925859b8c0f203a30bcde
Upload parent: 7db4a22cfd30960224a0c0b3a1dd06c05fc253ee

New changelog entries:
  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

7db4a22... by Nish Aravamudan on 2017-03-06

changelog

c7104b6... by Nish Aravamudan on 2017-03-06

  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

23a266d... by Nish Aravamudan on 2017-01-27

Import patches-unapplied version 2:4.5.4+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: fd4f823ad277d273a9907d4ee044f888811e25a2
Upload parent: c60adeab8f069bf666584c03d878afe3ed06d9dc

New changelog entries:
  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]