Merge samba from Debian unstable for 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
Upstream: 4.13.12
Debian: 2:4.13.5+dfsg-2
Ubuntu: 2:4.13.
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
### New Debian Changes ###
samba (2:4.13.5+dfsg-2) unstable; urgency=high
* CVE-2021-20254: Negative idmap cache entries can cause incorrect group
entries in the Samba file server process token (Closes: #987811)
* Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209)
-- Mathieu Parent <email address hidden> Thu, 06 May 2021 21:09:29 +0200
samba (2:4.13.5+dfsg-1) unstable; urgency=medium
* New upstream version (Closes: #984863)
-- Mathieu Parent <email address hidden> Sat, 13 Mar 2021 08:31:27 +0100
samba (2:4.13.4+dfsg-1) unstable; urgency=medium
* New upstream version
- GPG signature has changed
- Update samba-libs.install
- Update symbols
* Never use priority high when asking for DHCP integration (Closes: #981554)
* Sync CTDB patches with Ubuntu:
- Add 'ctdb-config: enable syslog by default'
- Update 'fix nfs related service names'
* d/rules: Ubuntu specifics
- No Ceph on i386
- Disable some i386 packages
- No GlusterFS
-- Mathieu Parent <email address hidden> Tue, 09 Feb 2021 22:26:43 +0100
samba (2:4.13.3+dfsg-1) unstable; urgency=medium
[ Andreas Hasenack ]
* d/control: enable the liburing vfs module (Closes: #976854)
* Add new DEP8 tests for the uring vfs module
* Factor out common DEP8 test code into d/t/util and change the tests to
source from it
* Add set -x and set -e to DEP8 tests
[ Mathieu Parent ]
* liburing-dev is linux-any
* New upstream version
-- Mathieu Parent <email address hidden> Wed, 16 Dec 2020 18:23:09 +0100
samba (2:4.13.2+dfsg-3) unstable; urgency=medium
* Ensure systemd-tmpfiles is called before testparm (Closes: #975422)
* Only check configuration on configure step
-- Mathieu Parent <email address hidden> Sun, 22 Nov 2020 10:44:51 +0100
samba (2:4.13.2+dfsg-2) unstable; urgency=medium
* Upload to unstable
-- Mathieu Parent <email address hidden> Wed, 18 Nov 2020 20:34:51 +0100
samba (2:4.13.2+dfsg-1) experimental; urgency=medium
* New upstream major version
- Update d/gbp.conf, d/watch and d/README.source for 4.13
- Update patches
- Bump build-depends ldb >= 2.2.0
- Install new files
- Update symbols
* Includes the following security fixes:
- CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
(Closes: #973400)
- CVE-2020-14323: Unprivileged user can crash winbind (Closes: #973399)
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records (Closes: #973398)
- CVE-2020-1472: Unauthenticated domain takeover via netlogon ('ZeroLogon')
(Closes: #971048)
* Includes the following fixes:
- Fixes 'samba_dnsupdate gives depreacation warnings' (Closes: #973957)
- s3: libsmbclient.h: add missing time.h include (Closes: #946840)
* Remove unused python3-crypto dependency (Closes: #971292)
* Enable Spotlight with ES backend (Closes: #956096, #956482)
* Standards-Version: 4.5.0
* Add missing Build-Depends-
libwbclient
* d/copyright: Fix duplicate-
* Remove outdated/malformed lintian overrides
* d/winbind.
* Bump to debhelper compat 13
* Add another library-
-- Mathieu Parent <email address hidden> Thu, 12 Nov 2020 11:23:01 +0100
samba (2:4.12.5+dfsg-3) unstable; urgency=high
* Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
(Closes: #963971)
* Add patch traffic_packets: fix SyntaxWarning: 'is' with a literal
(Closes: #964165)
* Add patch Rename mdfind to mdsearch (Closes: #963985)
-- Mathieu Parent <email address hidden> Sat, 04 Jul 2020 23:57:59 +0200
### Old Ubuntu Delta ###
samba (2:4.13.
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400
samba (2:4.13.
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to 'Ubuntu'.
- debian/smb.conf;
+ Add '(Samba, Ubuntu)' to server string.
+ Comment out the default [homes] share, and add a comment about
'valid users = %s' to show users how to restrict access to
- d/control: Disable glusterfs support because it's not in main.
MIR bug is https:/
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-
Skip running the tests if on i386 platform, because the uring
package is not available there.
* Dropped changes:
- debian/
+ Do not change priority to high if dhclient3 is installed.
[Included in 2:4.13.4+dfsg-1]
- d/p/fix-
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
[Included in 2:4.13.4+dfsg-1]
- d/p/ctdb-
enable syslog and systemd journal by default
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
[Included in 2:4.13.4+dfsg-1]
- SECURITY UPDATE: wrong group entries via negative idmap cache entries
+ debian/
+ CVE-2021-20254
[Included in 2:4.13.5+dfsg-2]
-- Athos Ribeiro <email address hidden> Mon, 17 May 2021 11:51:54 -0300
CVE References
Changed in samba (Ubuntu): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
Changed in samba (Ubuntu): | |
assignee: | Sergio Durigan Junior (sergiodj) → Andreas Hasenack (ahasenack) |
description: | updated |
Changed in samba (Ubuntu): | |
milestone: | none → ubuntu-22.01 |
Changed in samba (Ubuntu): | |
milestone: | ubuntu-22.01 → ubuntu-22.02 |
Changed in samba (Ubuntu): | |
status: | Confirmed → In Progress |
When merging this package for ubuntu 22.04, can you doublecheck whether this patch is included in the merged package?
https:/ /attachments. samba.org/ attachment. cgi?id= 16957
That patch sounds like it will resolve this bug:
https:/ /bugs.launchpad .net/ubuntu/ +source/ samba/+ bug/1955588