Change log for samba package in Debian
| 76 → 150 of 388 results | First • Previous • Next • Last |
| Superseded in sid-release |
samba (2:4.16.6+dfsg-2) unstable; urgency=medium * d/rules: pam.d/samba should go to /etc, not / * d/README.source.md: it is README.source.md not README.source * d/control: bump Standards-Version to 4.6.1 (no changes) * d/rules: verify that samba-libs does not depend on samba -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 13:55:33 +0300
| Superseded in sid-release |
samba (2:4.16.6+dfsg-1) unstable; urgency=medium
* new upstream security release 4.16.6, fixing:
CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
* use explicit_bzero() instead of bzero() for the substitute of memset_s()
* d/rules: make it a bit more consistent with other samba packages
* d/rules: stop exporting ${PYTHON}
* a bunch of ubuntu-related changes:
- d/rules: omit glusterfs on ubuntu-i386
- apply Ubuntu changes to smb.conf at install time (d/smb.conf.ubuntu.diff)
- d/tests/: ensure io_uring module is built before testing it
- d/rules: inline parallel check from dpkg/buildopts.mk
(buildopts.mk does not exist on ubuntu 20.04 focal)
-- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 12:48:20 +0300
| Superseded in experimental-release |
samba (2:4.17.2+dfsg-1) experimental; urgency=medium
* upstream 4.17.0 release:
Closes: CVE-2022-1615
Closes: CVE-2022-32743
- removed spelling.patch (partially applied upstream)
- removed weak-crypto-allowed-clarify.diff (applied upstream)
- removed dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch
(applied upstream)
- refresh: ctdb-create-piddir.patch
- refresh: fix-nfs-service-name-to-nfs-kernel-server.patch
- d/control: update minimum versions for talloc/tevent/tdb
- d/rules: do not install ctdb.service, it is installed by upstream now
- d/ctdb.install: do not install ctdb_wrapper (not used anymore)
- d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1
* upstream 4.17.1 security release:
CVE-2021-20251 Bad password count not incremented atomically.
* upstream 4.17.2 security release:
CVE-2022-3592 A malicious client can use a symlink to escape the exported
directory. https://www.samba.org/samba/security/CVE-2022-3592.html
(Samba 4.17 only)
* new patch: spelling.patch: a few more spelling fixes
* per upstream, re-version symbols added in 2.5.2 as added in 2.6.1
(ldb users needs to be recompiled anyway after updating libldb)
* move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450)
* d/rules: no need to build compile_et,asn1_compile intermediate targets
anymore; also remove now-unused ${WAFv} macro
* this release re-does all changes in the former experimental branch
-- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 14:30:44 +0300
| Superseded in experimental-release |
samba (2:4.17.1+dfsg-1) experimental; urgency=medium
* new upstream bugfix release containing a security fix:
* CVE-2021-20251 Bad password count not incremented atomically.
* Merge changes from 4.16.x (debian/master) branch.
* use-bzero-instead-of-memset_s.diff : use explicit_bzero() instead of
bzero() for the substitute of memset_s(). bzero() is wrong here because
it, just like memset, can be optimized out by the compiler.
* d/rules: stop using dh_installpam for installing a single pam.d file
-- Michael Tokarev <email address hidden> Wed, 19 Oct 2022 21:34:11 +0300
| Superseded in experimental-release |
samba (2:4.17.0+dfsg-2) experimental; urgency=medium * mention closing of CVE-2022-32743 by the 4.17.0 upload * mention closing of CVE-2022-1615 by the 4.17.0 upload * move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450) * d/rules: verify that samba-libs does not depend on samba -- Michael Tokarev <email address hidden> Sat, 08 Oct 2022 23:00:05 +0300
| Superseded in sid-release |
samba (2:4.16.5+dfsg-2) unstable; urgency=medium
[ Michael Tokarev ]
* d/tests/util: use printf for formatting password for smbpasswd,
not non-standard echo \n (mr !60)
* introduce LDB_2.4.4 version symbol (Closes: #1021371)
Create an empty ABI file just to make the scripts run during the build
stage to introduce LDB_2.4.4 version symbol into libldb.so, and remove
this empty file in the clean target. It is a bit hackish but works fine.
This is only needed to upgrade from bullseye to bookworm, from
4.13.13+dfsg-1~deb11u5+ to the next release, 4.16+.
Remove this for bookworm+.
* dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch:
GnuTLS gnutls_rnd() can fail and give predictable random values.
Closes: #1021024, CVE-2022-1615
[ John Paul Adrian Glaubitz ]
* disable ceph support on ppc64 and x32 (Closes: #1020781, #1012165)
-- Michael Tokarev <email address hidden> Sat, 08 Oct 2022 15:11:15 +0300
| Superseded in experimental-release |
samba (2:4.17.0+dfsg-1) experimental; urgency=medium
* new upstream release 4.17.0
* removed: spelling.patch (partially applied upstream)
* removed: weak-crypto-allowed-clarify.diff (applied upstream)
* refresh: ctdb-create-piddir.patch
* refresh: fix-nfs-service-name-to-nfs-kernel-server.patch
* d/control: update minimum versions for talloc/tevent/tdb
* d/rules: do not install ctdb.service, it is installed by upstream now
* d/ctdb.install: do not install ctdb_wrapper (not used anymore)
* d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1
per upstream, re-version symbols added in 2.5.2 as added in 2.6.1
(ldb users needs to be recompiled anyway after updating libldb)
* new: spelling.patch: a few more spelling fixes
* d/control: bump Standards-Version to 4.6.1 (no changes)
-- Michael Tokarev <email address hidden> Tue, 13 Sep 2022 20:47:05 +0300
| Published in bullseye-release |
samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium
* 3 patches:
- CVE-2022-32742-bug-15085-4.13.patch
- kpasswd_bugs_v15_4-13.patch
- ldb-memory-bug-15096-4.13-v3.patch
fixing:
o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
o CVE-2022-32744: Samba AD users can forge password change requests
for any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
o CVE-2022-32745: Samba AD users can crash the server process with an LDAP
add or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
* Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744,
CVE-2022-32745, CVE-2022-32746
* Build-Depend on libldb-dev >= 2.2.3-2~deb11u2
(which includes the new symbols in libldb used by this update)
* d/rules: use dpkg-query instead of pkg-config to find debian package
version of libldb-dev, since this is what we actually want, not the
internal version libldb thinks it is at.
-- Michael Tokarev <email address hidden> Wed, 10 Aug 2022 00:19:38 +0300
| Superseded in sid-release |
samba (2:4.16.5+dfsg-1) unstable; urgency=medium * new (minor) upstream release 4.16.5 * removed fix-samba-tool-domain-join-segfault.patch (included upstream) * d/gbp.conf: no need to filter orig.tar: uscan already does that -- Michael Tokarev <email address hidden> Thu, 08 Sep 2022 12:44:38 +0300
| Superseded in sid-release |
samba (2:4.16.4+dfsg-2) unstable; urgency=medium * d/libldb2.symbols: include newly added symbols -- Michael Tokarev <email address hidden> Mon, 01 Aug 2022 15:43:11 +0300
| Superseded in sid-release |
samba (2:4.16.4+dfsg-1) unstable; urgency=high
* new upstream security release fixing:
o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
o CVE-2022-32744: Samba AD users can forge password change requests
for any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
o CVE-2022-32745: Samba AD users can crash the server process with an LDAP
add or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
* Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744,
CVE-2022-32745, CVE-2022-32746
-- Michael Tokarev <email address hidden> Wed, 27 Jul 2022 18:35:53 +0300
| Superseded in sid-release |
samba (2:4.16.3+dfsg-1) unstable; urgency=medium [ Michael Tokarev ] * new upstream minor/bugfix releae. See WHATSNEW.txt for details. * d/watch: add the forgotten repacksuffix=+dfsg [ Andreas Hasenack ] * update nfs configuration examples for ctdb -- Michael Tokarev <email address hidden> Mon, 18 Jul 2022 17:15:07 +0300
| Superseded in bullseye-release |
samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium
* fix the order of everything during build by exporting PYTHONHASHSEED=1
for waf. This should fix the broken i386 build of the last security
upload. Closes: #1006935, #1009855
* Import the left-over patches from 4.13.17 upstream stable branch:
- s3-winbindd-fix-allow-trusted-domains-no-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14899
Closes: #999876, winbind fails to start with `allow trusted domains: no`
- IPA-DC-add-missing-checks.patch
https://bugzilla.samba.org/show_bug.cgi?id=14903
- CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14922
Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2
- dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch
https://bugzilla.samba.org/show_bug.cgi?id=14656
https://bugzilla.samba.org/show_bug.cgi?id=14902
- s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
https://bugzilla.samba.org/show_bug.cgi?id=13979
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
* 4 patches from upstream to fix possible serious data corruption issue
with windows client cache poisoning, Closes: #1005642
https://bugzilla.samba.org/show_bug.cgi?id=14928
* two patches from upstream to fix coredump when connecting to shares
with var substitutions, Closes: #998423
https://bugzilla.samba.org/show_bug.cgi?id=14809
* samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries
Closes: #953530
* remove file creation+deletion from previously applied combined patches
CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch
to make patch deapply happy (quilt does not notice this situation)
* d/salsa-ci.yml: target bullseye
-- Michael Tokarev <email address hidden> Sat, 28 May 2022 22:52:59 +0300
| Superseded in sid-release |
samba (2:4.16.2+dfsg-1) unstable; urgency=medium
* new upstream minor/bugfix release.
* removed waf-add-support-for-GNU-kFreeBSD.patch (applied upstream)
* new minor version of libldb
(no code changes, just the build system update to support python 3.11)
* move samba-dcerpcd from samba package to samba-common-bin due to winbind
New in 4.16 samba-dcerpcd binary is used by smbd and winbind, so putting
it to samba package makes winbind unable to run it without samba.
For now, in order to fix this issue, move this binary from samba to
samba-common-bin package. It might be worth creating its own package
for this binary (or maybe some more binaries), once it is clear where
upstream is going to. Making this binary a part of samba-common-bin
adds some more files to smbclient-only setup.
(Closes: #1012240)
* remove mksmbpasswd script and manpage: we have smbpasswd whcih can add
entries to smbpasswd file if needed, and can handle other passwod storage
formats too
-- Michael Tokarev <email address hidden> Mon, 13 Jun 2022 19:08:44 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-8) unstable; urgency=medium
* fix the Breaks/Replaces versions in the previous upload for moving
libsamba-utils.so, and use the same Breaks/Replaces for the -dev
packages too
-- Michael Tokarev <email address hidden> Tue, 07 Jun 2022 14:11:09 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-7) unstable; urgency=medium
* drop libunwind-dev build dependency again: it turned out the
internal stack unwind is better anyway
* move libsamba-utils.so and its dependencies from libwbclient0
into samba-libs. In the past, libwbclient were built using this
library, but it does not depend on libsamba-utils anymore
* d/control: libnss-winbind and libpam-winbind does not depend
on samba-common. None of the files in samba-common are used by
nss and pam modules; winbind does use them but not the modules.
* d/rules: add --with-sockets-dir=/run/samba (or else it was
/var/run/samba)
-- Michael Tokarev <email address hidden> Tue, 07 Jun 2022 12:09:50 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-6) unstable; urgency=medium
* d/control: specify arch list for libunwind-dev build-dep to be the same
as for libunwind itself (it is not built on all architectures)
-- Michael Tokarev <email address hidden> Sun, 29 May 2022 12:09:22 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-5) unstable; urgency=medium
* add-missing-libs-deps.diff: add missing dependencies for a few samba
libraries. Closes: #1010922
* point [printers] to /var/tmp/, stop shipping /var/spool/samba/.
For a long time, we shipped an alternative /var/tmp/ directory with mode
01777 (so that anyone can use it to store files) but without the same setup
as for regular /var/tmp/ (in particular, without removing old files and
since it is not a usual place to store temp files, no one actually looked
at it the same way someone would take care of /var/tmp/. Change smb.conf
to use /var/tmp/ instead of /var/spool/samba/. In the postinst script,
remove /var/spool/samba/, check if it is still used in smb.conf,
and create a compatibility symlink pointing to tmp/, suggesting changing
smb.conf. And remove this compat symlink in postrm.
This probably can be accomplished by a debconf question, but the
thing is complicated by the fact that smb.conf might be upgrading
too at the same time.
* debian/patches/weak-crypto-allowed-clarify.diff: update
* testparm-do-not-fail-if-pid-dir-does-not-exist.patch: also cover samba-tool
testparm too, not only regular stand-alone testparm.
* fix-samba-tool-domain-join-segfault.patch: fix segfault when joining an
AD-DC domain using samba-tool join.
* d/rules: enable --with-profilig-data to build samba with profiling
collection (if set in smb.conf)
* d/control: add libunwind-dev to build-deps, to compile in stack backtrace
logging in case of crash
* d/control: stop build-conflicting with now-unused libtracker-miner-2.0-dev
* d/control: stop build-conflicting with libtracker-sparql-2.0-dev: there's
no point in explicitly disabling libtracker-sparql support (bullseye-only
for now anyway)
-- Michael Tokarev <email address hidden> Sat, 28 May 2022 22:50:43 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-4) unstable; urgency=medium
[ Michael Tokarev ]
* fix spelling in disable-setuid-confchecks.patch
* d/NEWS: split it into different $package.NEWS files
* d/upstream/metadata: add Bug-Database
* d/samba.postinst: create sambashare group and usershare directory
on new install only
* libldb2: provide compat symlinks for bullseye ldb modules dir
* d/rules: provide Build-Depends-Package: for python3-ldb
* samba-vfs-modules.lintian-overrides: add spare-manual-page vfs_*.8 override
* winbind.lintian-overrides: add spare-manual-page idmap_*.8 override
[ Arnaud Rebillout ]
* Fix patch testparm-do-not-fail-if-pid-dir-does-not-exist (Closes: #1010835)
-- Michael Tokarev <email address hidden> Wed, 11 May 2022 09:50:03 +0300
| Superseded in sid-release |
samba (2:4.16.1+dfsg-3) unstable; urgency=medium
* fix ldb package version generation in d/make_shlibs
which was wrong in 2 previous uploads.
Will I *ever* make it actually work someday?
-- Michael Tokarev <email address hidden> Mon, 02 May 2022 18:32:24 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-7) unstable; urgency=medium
* another bunch of small tweaks to d/rules:
- set SHELL to /bin/sh -e
- rework the clean target
- provide fast replacement of architecture.mk
- better expression for DEB_REVISION
- rearrange configure options
* do not disable glusterfs on ubuntu-i386 (glusterfs is now in main)
* mention closing of #1001053 by the 4.16 upload
* change the ldb version string again, removing te "+samba*" suffix
to allow bin-NMUs +b1 (Closes: #1010100)
-- Michael Tokarev <email address hidden> Sun, 24 Apr 2022 16:56:34 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-6) unstable; urgency=medium
* another attempt to fix/work around #221618. Re-enable
libsmbclient-ensure-lfs-221618.patch and change it to just define
an extra type array int[sizeof(off_t)-7]. If off_t is small it will
become a compile error. It is an ugly way to do it, but it should
actually work, unlike various static_assert/_Static_assert which are
language (C/C++) and standard-dependent. Closes: #221618.
-- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 17:27:09 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-5) unstable; urgency=medium
* disable libsmbclient-ensure-lfs-221618.patch for now.
It throws errors in one or another configuration no matter what.
Repoens: #221618
* d/salsa-ci.yml: re-allow blhc salsa-ci test to fail again
due to different bug in blhc
-- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 16:33:57 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-4) unstable; urgency=medium
* libsmbclient-ensure-lfs-221618.patch: replace _Static_assert with
static_assert (and include <assert.h> to make C++ happy too
(Closes: #1009211)
* disable-setuid-confchecks.patch: when running configure tests,
samba tries to verify setuid/setgid etc calls are actually
*working*, not just exists. This is only possible when the
configure is running as root. But it turns out in some salsa-ci
configuration (namely in the reprotest), the second build is
actually running as root, and in that environment, actual
setegid call is failing somehow. Just disable the config-time
check for correctly working setgid and assume it "just works"
if present, exactly like non-root build will do.
* d/salsa-ci.yml: do not expect failure in blhc test (the original
prob has been fixed long ago), and stop requiring experimental
* mention closing of #999876 by 4.16
-- Michael Tokarev <email address hidden> Sat, 09 Apr 2022 00:42:38 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-3) unstable; urgency=medium
* d/control: comment out the selftest-mode build deps for now
* d/control: forgotten python3-samba:Replaces against samba package too,
not just samba-libs, when moving dckeytab python lib (Closes: #1009175)
-- Michael Tokarev <email address hidden> Fri, 08 Apr 2022 10:18:23 +0300
| Superseded in sid-release |
samba (2:4.16.0+dfsg-2) unstable; urgency=medium
* use strict versioned dependency between samba-dsdb-modules and libldb2,
since they're tied to each other and are now built from the same source
* fix forgotten shlib symbols generation for python3-ldb
* change libldb versioning scheme
from ldb_2:2.5.0+samba4.16.0-1
to ldb_2:2.5.0-1+samba4.16.0
so that symbols versioning works correctly. Unfortunately the previous
upload to experimental used the first form which is greather than the
correct one, so temporarily (just for this 2.5.0 version of ldb) use
this: ldb_2:2.5.0+smb-1+samba4.16.0
(with "+smb" suffix to be removed for 2.5.1+)
* exclude samba-vfs-modules for i386 ubuntu build since this package
is useless without samba itself (which is not built on this environment)
* create selftest rules and add !nocheck build-dependencies
(but do not enable selftests for now as they're failing)
* split build system into -arch and -indep parts. We build only one arch-all
package (samba-common) which contains only static files from debian/,
there's no need to build whole samba to build this package.
Move almost all Build-Depends to Build-Depends-Arch (and reindent them).
* various updates to d/rules
-- Michael Tokarev <email address hidden> Thu, 07 Apr 2022 09:56:56 +0300
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.16.0+dfsg-1) experimental; urgency=medium
* New upstream major release.
Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
the outside target of a symlink exists
Closes: #1005642 (windows client data corruption due to cache poisoning)
Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
Closes: #998423 (coredump connecting from macos to shares with var substs)
* Notable changes in 4.16 series compared to 4.13:
- modular VFS (see The_New_VFS.txt)
- publishing printers in AD is more complete
- group policies for winbindd cilents (like linux systems)
- certificate auto enrollement in AD group policy
- large list of improvements in samba-tool
- SMB1 protocol has been deprecated, some subcommands has been removed
- more consistend options/subcommands in samba commands
* d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
debian-specific failures to go away, by preserving order of waf hashes
* refresh patches, update build-depend versions (talloc, tdb, tevent)
* refresh lintian-overrides files, add many new overrides
* build-depend on python3-markdown
* build-depend on libjson-perl for new heimdal bits
* more consistent internal lib naming; refresh file lists everywhere
* samba: install new rpc_* services, install samba-dcerpc
* refresh symbols files
* build libldb from samba sources, not from separate source
(this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to
/usr/lib/$triple/samba/ldb/ - the same where dsdb modules are).
* optimizations for d/make_shlibs; also allow one to specify explicit
version for some packages
* as per clarifications for waf --{bundled,builtin}-libraries, remove
now-wrong usage there. This also fixes build failures with current
samba sources
* d/rules: various optimizations to reduce startup costs by eliminating
unnecessary external command calls during d/rules read by make.
Including caching of LDB version information in d/ldb-version.mk file.
This does not affect the buildd processing much (and does not affect
runtime at all), but helps with build procedure debugging.
* d/rules: numerous small fixes, cleanups and other changes, including:
- clean up the install target
- remove some now-irrelevant parts
- fix no-glusterfs-build on non-linux
* change build procedure: instead of `waf build', run `waf install'.
`waf build' builds samba to be run from the build dir, and `waf install'
rebuilds/relinks everything again for production. Build the production
variant only, no build-dir one.
* samba-common-bin.postinst: explicitly mkdir /run/samba before invoking
samba binaries (Closes: #953530)
* in the salsa git repository of samba, stop keeping debian patches in
applied form, keep them in d/patches/ only as most other packages do.
* move single python (helper) module, libsamba-policy, together with
2 internal libraries used by it, from samba-libs package to python3-samba.
This makes samba-libs to be free from python-related files, and makes
python3-samba to be the only python-providing package.
Closes: #1006875, #878612, #862338
* also move dckeytab python module from samba to python3-samba
(actually stop moving it from python3-samba to samba to incorrectly
avoid a circular dependency). Also verify that python3-samba does
not depend on samba package.
* weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
testparm message (Closes: #975882)
* spelling.patch: fix many common spelling mistakes in the source
* ctdb: simplify/cleanup instllation of READMEs/examples
* d/control: remove breaks/replaces/depends on ancient versions of some
packages (ancient dpkg version in Pre-Depends, ancient samba-libs)
* d/rules: rework wrong shlibdeps handling
* move helper programs from /usr/lib/$multiarch/ to /usr/libexec/
where they belongs. This should not affect users.
* smbclient: re-do the fix for an old bug, #221618. The original "fix"
did not fix anything (it is too late already to #define _FILE_OFFSET_BITS
when all types has already been defined). From now on, raise an error
if off_t is less than 64bits (it should >=64 when #include'ing
<libsmbclient.h> with proper LFS defines). In theory this can break
some sources which either included libsmbclient.h without a reason or
which didn't use any of the functions which deals with off_t (smbc_lseek
etc), - which did not explicitly enable LFS on a 32bit system.
Please email us if you faced such situation.
* drop 07_private_lib patch: we do not need to force rpath for
private libraries into every samba binary, upstream build system
does a good job here.
-- Michael Tokarev <email address hidden> Tue, 05 Apr 2022 16:01:25 +0300
| Published in buster-release |
samba (2:4.9.5+dfsg-5+deb10u3) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patches for CVE-2021-44142 (Closes: #1004693)
- CVE-2021-44142: libadouble: add defines for icon lengths
- CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
of private Samba xattrs
- CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
- vfs_fruit: CVE-2021-44142 tweak buffer size check
- CVE-2021-44142: libadouble: harden parsing code
-- Salvatore Bonaccorso <email address hidden> Thu, 03 Feb 2022 20:33:10 +0100
| Superseded in bullseye-release |
samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patches for CVE-2022-0336 (Closes: #1004694)
- CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added
SPN.
- CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is
re-added to an object.
* Add patches for CVE-2021-44142 (Closes: #1004693)
- CVE-2021-44142: libadouble: add defines for icon lengths.
- CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
of private Samba xattrs.
- CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
- CVE-2021-44142: libadouble: add basic cmocka tests.
- CVE-2021-44142: libadouble: harden parsing code.
* Add patches to address "The CVE-2020-25717 username map [script] advice
has undesired side effects for the local nt token" (Closes: #1001068)
- CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to
the configured domain
- CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
- CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make
room for new accounts
- CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
- CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to
SIDs
- CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the
named based lookup fails
-- Salvatore Bonaccorso <email address hidden> Thu, 03 Feb 2022 21:54:02 +0100
| Superseded in bullseye-release |
samba (2:4.13.13+dfsg-1~deb11u2) bullseye-security; urgency=high
* This is a security release in order to address the following defects:
- CVE-2016-2124: don't fallback to non spnego authentication if we require
kerberos
- MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation
bypass
- CVE-2020-25717: A user on the domain can become root on domain members
- CVE-2020-25718: An RODC can issue (forge) administrator tickets to other
servers
+ Bump build-depends ldb >= 2.2.3
- CVE-2020-25719: AD DC Username based races when no PAC is given
- CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid)
- CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug
for AD DC validation issues)
- CVE-2021-3738: crash in dsdb stack
- CVE-2021-23192: dcerpc requests don't check all fragments against the
first auth_state
+ Update d/samba-libs.install for libdcerpc-pkt-auth.so.0
-- Mathieu Parent <email address hidden> Thu, 04 Nov 2021 23:20:37 +0100
| Superseded in sid-release |
samba (2:4.13.14+dfsg-1) unstable; urgency=high
* New upstream security release in order to address the following defects:
- CVE-2016-2124: don't fallback to non spnego authentication if we require
kerberos
- MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation
bypass
- CVE-2020-25717: A user on the domain can become root on domain members
- CVE-2020-25718: An RODC can issue (forge) administrator tickets to other
servers
+ Bump build-depends ldb >= 2.2.3
- CVE-2020-25719: AD DC Username based races when no PAC is given
- CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid)
- CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug
for AD DC validation issues)
- CVE-2021-3738: crash in dsdb stack
- CVE-2021-23192: dcerpc requests don't check all fragments against the
first auth_state
+ Update d/samba-libs.install for libdcerpc-pkt-auth.so.0
* Add patch to fix "allow trusted domains"
* Bump ldb build-depends to 2.2.3
* Update d/samba-libs.install
-- Mathieu Parent <email address hidden> Tue, 09 Nov 2021 20:53:03 +0100
| Superseded in sid-release |
samba (2:4.13.13+dfsg-1) unstable; urgency=high [ Athos Ribeiro ] * Add autopkgtest to verify tmpfiles setup (LP: #1905387) - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case [ Paride Legovini ] * samba.postinst: do not populate sambashare from the Ubuntu admin group (LP: #1942195) [ Mathieu Parent ] * New upstream version - Remove CVE-2021-20254.patch - Bump build-depends ldb >= 2.2.0 * libwbclient0: Add Breaks+Replaces: libsamba-util0 (<< 2:4.0.0) (Closes: #988170) -- Mathieu Parent <email address hidden> Mon, 01 Nov 2021 08:59:20 +0100
samba (2:4.13.5+dfsg-2) unstable; urgency=high
* CVE-2021-20254: Negative idmap cache entries can cause incorrect group
entries in the Samba file server process token (Closes: #987811)
* Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209)
-- Mathieu Parent <email address hidden> Thu, 06 May 2021 21:09:29 +0200
| Superseded in sid-release |
samba (2:4.13.5+dfsg-1) unstable; urgency=medium * New upstream version (Closes: #984863) -- Mathieu Parent <email address hidden> Sat, 13 Mar 2021 08:31:27 +0100
| Superseded in sid-release |
samba (2:4.13.4+dfsg-1) unstable; urgency=medium
* New upstream version
- GPG signature has changed
- Update samba-libs.install
- Update symbols
* Never use priority high when asking for DHCP integration (Closes: #981554)
* Sync CTDB patches with Ubuntu:
- Add "ctdb-config: enable syslog by default"
- Update "fix nfs related service names"
* d/rules: Ubuntu specifics
- No Ceph on i386
- Disable some i386 packages
- No GlusterFS
-- Mathieu Parent <email address hidden> Tue, 09 Feb 2021 22:26:43 +0100
| Superseded in sid-release |
samba (2:4.13.3+dfsg-1) unstable; urgency=medium
[ Andreas Hasenack ]
* d/control: enable the liburing vfs module (Closes: #976854)
* Add new DEP8 tests for the uring vfs module
* Factor out common DEP8 test code into d/t/util and change the tests to
source from it
* Add set -x and set -e to DEP8 tests
[ Mathieu Parent ]
* liburing-dev is linux-any
* New upstream version
-- Mathieu Parent <email address hidden> Wed, 16 Dec 2020 18:23:09 +0100
| Superseded in sid-release |
samba (2:4.13.2+dfsg-3) unstable; urgency=medium * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) * Only check configuration on configure step -- Mathieu Parent <email address hidden> Sun, 22 Nov 2020 10:44:51 +0100
| Superseded in sid-release |
samba (2:4.13.2+dfsg-2) unstable; urgency=medium * Upload to unstable -- Mathieu Parent <email address hidden> Wed, 18 Nov 2020 20:34:51 +0100
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.13.2+dfsg-1) experimental; urgency=medium
* New upstream major version
- Update d/gbp.conf, d/watch and d/README.source for 4.13
- Update patches
- Bump build-depends ldb >= 2.2.0
- Install new files
- Update symbols
* Includes the following security fixes:
- CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
(Closes: #973400)
- CVE-2020-14323: Unprivileged user can crash winbind (Closes: #973399)
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records (Closes: #973398)
- CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon")
(Closes: #971048)
* Includes the following fixes:
- Fixes "samba_dnsupdate gives depreacation warnings" (Closes: #973957)
- s3: libsmbclient.h: add missing time.h include (Closes: #946840)
* Remove unused python3-crypto dependency (Closes: #971292)
* Enable Spotlight with ES backend (Closes: #956096, #956482)
* Standards-Version: 4.5.0
* Add missing Build-Depends-Package in libsmbclient.symbols and
libwbclient0.symbols
* d/copyright: Fix duplicate-globbing-patterns
* Remove outdated/malformed lintian overrides
* d/winbind.logrotate: Only reload winbindd when running (Closes: #946821)
* Bump to debhelper compat 13
* Add another library-not-linked-against-libc override
-- Mathieu Parent <email address hidden> Thu, 12 Nov 2020 11:23:01 +0100
| Superseded in sid-release |
samba (2:4.12.5+dfsg-3) unstable; urgency=high
* Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
(Closes: #963971)
* Add patch traffic_packets: fix SyntaxWarning: "is" with a literal
(Closes: #964165)
* Add patch Rename mdfind to mdsearch (Closes: #963985)
-- Mathieu Parent <email address hidden> Sat, 04 Jul 2020 23:57:59 +0200
| Superseded in sid-release |
samba (2:4.12.5+dfsg-2) unstable; urgency=high * Add missing symbol (path_expand_tilde) -- Mathieu Parent <email address hidden> Thu, 02 Jul 2020 15:27:25 +0200
| Superseded in sid-release |
samba (2:4.12.5+dfsg-1) unstable; urgency=high
* New upstream security release:
- CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results
- CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
- CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
- Bump build-depends ldb >= 2.1.4
-- Mathieu Parent <email address hidden> Thu, 02 Jul 2020 14:03:36 +0200
| Superseded in sid-release |
samba (2:4.12.3+dfsg-2) unstable; urgency=medium * Upload to unstable -- Mathieu Parent <email address hidden> Sun, 28 Jun 2020 11:45:14 +0200
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.12.3+dfsg-1) experimental; urgency=medium
* New upstream major version (Closes: #963106)
- Update d/gbp.conf, d/watch and d/README.source for 4.12
- Drop merged patches
- Bump build-depends talloc >= 2.3.1, tdb >= 1.4.3, tevent >= 0.10.2 and
ldb >= 2.1.3
- Upstream fixes:
+ pygpo: use correct method flags
(Closes: #963242, #961585, #960171, #956428)
+ CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC
LDAP servers, handled 'Paged Results' control is combined with the 'ASQ'
control. A malicious user in a samba AD could use this flaw to cause
denial of service (Closes: #960189)
+ CVE-2020-10704: A flaw was found when using samba as an Active Directory
Domain Controller. Due to the way samba handles certain requests as an
Active Directory Domain Controller LDAP server, an unauthorized user can
cause a stack overflow leading to a denial of service. The highest
threat from this vulnerability is to system availability
(Closes: #960188)
- intel aes-ni no more needed as GnuTLS is used
- Install new files
- Update symbols
- Update samba-libs.lintian-overrides
* d/control: Remove unused libattr1-dev Build-Depends (Closes: #953915)
-- Mathieu Parent <email address hidden> Wed, 24 Jun 2020 23:12:11 +0200
| Superseded in sid-release |
samba (2:4.11.5+dfsg-1) unstable; urgency=medium
* New upstream security release
- CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
- CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
- CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
- Bump build-depends ldb >= 2.0.8
-- Mathieu Parent <email address hidden> Tue, 28 Jan 2020 07:19:46 +0100
| Superseded in sid-release |
samba (2:4.11.3+dfsg-1) unstable; urgency=high
* New upstream security release
- Drop merged patches for previous security fixes
- CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management
server by creating records with matching the zone name.
- CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was
not being applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC.
* d/control: drop python3-matplotlib
* d/control: Fix stronger-dependency-implies-weaker
(samba depends -> recommends python3-dnspython)
-- Mathieu Parent <email address hidden> Mon, 16 Dec 2019 09:47:45 +0100
| Superseded in sid-release |
samba (2:4.11.1+dfsg-3) unstable; urgency=medium
* Add some python dependencies:
- python3-matplotlib : samba-tool visualize
- python3-markdown : samba-tool domain schemaupgrade
- python3-dnspython : samba-tool dns
* Only build with default python3 (Closes: #943635)
-- Mathieu Parent <email address hidden> Sun, 17 Nov 2019 14:48:02 +0100
| Superseded in sid-release |
samba (2:4.11.1+dfsg-2) unstable; urgency=high
* New upstream security release
- CVE-2019-10218: Malicious servers can cause Samba client code to return
filenames containing path separators to calling code.
- CVE-2019-14833: When the password contains multi-byte (non-ASCII)
characters, the check password script does not receive the full password
string.
-- Mathieu Parent <email address hidden> Fri, 18 Oct 2019 20:26:45 +0200
| Superseded in sid-release |
samba (2:4.11.1+dfsg-1) unstable; urgency=medium * New upstream release -- Mathieu Parent <email address hidden> Fri, 18 Oct 2019 19:00:46 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-11) unstable; urgency=medium * Stop building with spotlight support which pulls glib (Closes: #941654) * Force quota support (Closes: #941899) * Standards-Version: 4.4.1, no change -- Mathieu Parent <email address hidden> Mon, 14 Oct 2019 12:16:04 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-10) unstable; urgency=medium
* Add libwbclient-dev to samba-dev depends as samba-util was moved there
(Closes: #941750)
-- Mathieu Parent <email address hidden> Sat, 05 Oct 2019 15:57:07 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-9) unstable; urgency=medium * Remove versioned depends on libtdb-dev (>= 2) and add libldb-dev (>= 2:2) -- Mathieu Parent <email address hidden> Thu, 03 Oct 2019 19:08:17 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-8) unstable; urgency=medium
* d/gbp.conf: sign-tags = True
* Do not check smb.conf with testparm when server role=active directory domain
controller (Closes: #931734)
* Force one job during configure step with -j 1 (Closes: #941467).
Not setting -j leads to default which is number of cpus
-- Mathieu Parent <email address hidden> Thu, 03 Oct 2019 07:52:39 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-7) unstable; urgency=medium * Always evaluate WAF_NO_PARALLEL to ensure correct value (Closes: #941467) * This version is built with talloc from sid (Closes: #940963) -- Mathieu Parent <email address hidden> Wed, 02 Oct 2019 20:45:24 +0200
| Superseded in sid-release |
samba (2:4.11.0+dfsg-6) unstable; urgency=medium * Do not run waf configure in parallel. Fix FTBFS on arm (Closes: #941467) -- Mathieu Parent <email address hidden> Tue, 01 Oct 2019 22:35:36 +0200
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.11.0+dfsg-5) experimental; urgency=medium
* d/gitlabracadabra.yml: only_allow_merge_if_pipeline_succeeds: false
* Remove patches:
- "build: Remove tests for _readdir() and __readdir()"
- "build: Remove tests for rdchk()"
- "build: Remove tests for _pwrite() and __pwrite()"
* Add patches by Ralph Boehme:
- "wscript: remove all checks for _FUNC and __FUNC"
- "wscript: split function check to one per line and sort alphabetically"
-- Mathieu Parent <email address hidden> Mon, 30 Sep 2019 13:37:50 +0200
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.11.0+dfsg-4) experimental; urgency=medium
* Use the same arches for librados-dev than libcephfs-dev (Fix missing
build-depends on alpha and sh4)
* Split vfsmods:Recommends substvar into
{vfsceph,vfsglusterfs,vfssnapper}:Recommends to make the code more readable
and fix FTBFS on linux platforms without ceph (hppa and sparc64, and also
alpha and sh4)
* Add patch for "build: Remove tests for _readdir() and _readdir()", to
hopefully fix FTBFS on armel
-- Mathieu Parent <email address hidden> Sun, 29 Sep 2019 09:29:03 +0200
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.11.0+dfsg-3) experimental; urgency=medium
* Try to fix FTBFS on armel (armhf is fixed):
- Add patch for build: Remove tests for rdchk()
-- Mathieu Parent <email address hidden> Sat, 28 Sep 2019 22:17:04 +0200
| Superseded in experimental-release |
samba (2:4.11.0+dfsg-2) experimental; urgency=medium
* d/gitlabracadabra.yml: Add samba-team/libsmb2
* Try to fix FTBFS on armel and armhf:
- Add patch for build: Remove tests for _pwrite() and __pwrite()
-- Mathieu Parent <email address hidden> Sat, 28 Sep 2019 11:47:56 +0200
| Superseded in experimental-release |
samba (2:4.11.0+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
* Upload to experimental
* New upstream major release
- Update d/gbp.conf, d/watch and d/README.source for 4.11
- Import upstream release
- Update fix-nfs-service-name-to-nfs-kernel-server.patch
- Bump build-depends talloc >= 2.2.0, tdb >= 1.4.2, tevent >= 0.10.0 and
ldb >= 2:2.0.7
- libsamba-passdb.so bumped to 0.28.0
- libnon-posix-acls is now a subsystem
- Drop libparse-pidl-perl package (Closes: #939419)
- Add new files to d/*.install
- Move libsamba-util.so.* to libwbclient0, to avoid circular dependencies
- Move libsamba-util deps to libwbclient0
* Add build-Remove-tests-for-getdents-and-getdirentries.patch, to fix FTBFS on
armel and armhf
* salsa-ci: Build on experimental
[ John Paul Adrian Glaubitz ]
* Disable cephfs support on architectures where it's not stable
(Closes: #940697)
[ Louis van Belle ]
* d/control, d/samba.install: added libtasn1-bin, libtasn1-6-dev to build
dumpmscat
* d/control, d/rules: Enable spotlight (TimeMachine)
* d/control: Bump libtdb-dev (>= 2) in samba-dev deps
* Update libwbclient0.symbols
* d/rules: adjust LDB_DEPENDS
-- Mathieu Parent <email address hidden> Thu, 26 Sep 2019 09:37:51 +0200
| Superseded in sid-release |
samba (2:4.10.8+dfsg-1) unstable; urgency=medium
* Upload to unstable
* New upstream release:
- CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition
-- Mathieu Parent <email address hidden> Tue, 10 Sep 2019 18:46:54 +0200
| Published in stretch-release |
samba (2:4.5.16+dfsg-1+deb9u2) stretch-security; urgency=high
* This is a security release in order to address the following defect:
- CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
-- Mathieu Parent <email address hidden> Wed, 08 May 2019 22:23:37 +0200
| Superseded in sid-release |
samba (2:4.9.13+dfsg-1) unstable; urgency=high
* New upstream release:
- CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition
- Drop ctdb-config-depend-on-etc-ctdb-nodes-file.patch, merged
* ctdb: enable ceph recovery lock
* Downgrade ctdb_mutex_ceph_rados_helper shlibdeps to recommends
* Add gitlabracadabra.yml
* Update salsa-ci.yml
-- Mathieu Parent <email address hidden> Tue, 03 Sep 2019 21:26:36 +0200
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.10.7+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
* New upstream release
- Update patches
- Drop nsswitch-Add-try_authtok-option-to-pam_winbind.patch, merged
- libsamba-passdb.so bumped to 0.27.2
- Update symbols
- Update installed files
* samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9)
(Closes: #910242)
* Add missing Breaks+Replace found by piuparts (Closes: #929217)
* Enable vfs_nfs4acl_xattr (Closes: #930540)
* ctdb:
- enable ceph and etcd recovery lock
- Downgrade ctdb_mutex_ceph_rados_helper shlibdeps to recommends
* Add gitlabracadabra.yml
* Update salsa-ci.yml
[ Rafael David Tinoco ]
* debian/rules: Make DEB_HOST_ARCH_CPU initialized through dpkg-architecture
(Closes: #931138)
* CTDB NFS fixes from Ubuntu (Closes: #929931, LP: #722201):
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service
name from nfs to nfs-kernel-server
- ctdb-config: depend on /etc/ctdb/nodes file
- d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d to
allow pid file to exist
- added /var/lib/ctdb/* directories
- d/ctdb.postrm: remove leftovers from /var/lib/ctdb/*
- Add examples of NFS HA CTDB config files + helper script
[ Mathieu Parent ]
* Update d/gbp.conf, d/watch and d/README.source for 4.10
* Drop ctdb-config-depend-on-etc-default-nodes-file.patch, merged upstream
* Bump build-depends talloc >= 2.1.16, tdb >= 1.3.18, tevent >= 0.9.39 and
ldb >= 2:1.5.5
* Bump libcmocka-dev builddep to 1.1.3
* d/rules: Remove 1.5.1+really prefix from LDB_DEPENDS
* d/copyright:
- s/GPL-3+/GPL-3.0+/ and s/LGPL-3+/LGPL-3.0+/
- Move License details to end of file
- Add waf licences
- Add lib/replace licences
- Update lib/{ldb,talloc,tdb} licences
* Move to Python3 (from Ubuntu)
* Bump debhelper from old 11 to 12.
* Standards-Version: 4.4.0
* Replace all reference of /var/run to /run (Closes: #934540)
* Replace python shbang by python3 in d/*.py
-- Mathieu Parent <email address hidden> Thu, 29 Aug 2019 14:32:52 +0200
| Superseded in sid-release |
samba (2:4.9.11+dfsg-1) unstable; urgency=medium
[ Mathieu Parent ]
* New upstream release
- Bump ldb Build-Depends to 2:1.5.1+really1.4.7
- Fixes printing via smbspool backend with kerberos auth (Closes: #931481)
- Drop security patches, merged upstream
- libsamba-passdb.so bumped to 0.27.2
* Enable vfs_nfs4acl_xattr (Closes: #930540)
[ Rafael David Tinoco ]
* debian/rules: Make DEB_HOST_ARCH_CPU initialized through dpkg-architecture
(Closes: #931138)
* CTDB NFS fixes (Closes: #929931, LP: #722201):
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service
name from nfs to nfs-kernel-server
- ctdb-config: depend on /etc/ctdb/nodes file
- d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d to
allow pid file to exist
- added /var/lib/ctdb/* directories
- d/ctdb.postrm: remove leftovers from /var/lib/ctdb/*
- Add examples of NFS HA CTDB config files + helper script
-- Mathieu Parent <email address hidden> Mon, 08 Jul 2019 09:56:36 +0200
samba (2:4.9.5+dfsg-5) unstable; urgency=high
* This is a security release in order to address the following defect:
- CVE-2019-12435 zone operations can crash rpc server
* Add missing Breaks+Replace found by piuparts (Closes: #929217)
Thanks Andreas Beckmann!
-- Mathieu Parent <email address hidden> Thu, 20 Jun 2019 07:53:26 +0200
samba (2:4.9.5+dfsg-4) unstable; urgency=high
* This is a security release in order to address the following defect:
- CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
-- Mathieu Parent <email address hidden> Wed, 08 May 2019 21:53:16 +0200
| Superseded in stretch-release |
samba (2:4.5.16+dfsg-1+deb9u1) stretch-security; urgency=high
* This is a security release in order to address the following defect:
- CVE-2019-3880 Save registry file outside share as unprivileged user
-- Mathieu Parent <email address hidden> Fri, 05 Apr 2019 18:28:38 +0200
samba (2:4.9.5+dfsg-3) unstable; urgency=high
* This is a security release in order to address the following defects:
- CVE-2019-3870 pysmbd:missing restoration of original umask after umask(0)
- CVE-2019-3880 Save registry file outside share as unprivileged user
* samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9)
(Closes: #910242)
-- Mathieu Parent <email address hidden> Fri, 05 Apr 2019 16:49:01 +0200
samba (2:4.9.5+dfsg-2) unstable; urgency=medium * Upload to unstable -- Mathieu Parent <email address hidden> Sat, 30 Mar 2019 19:42:37 +0100
| Deleted in experimental-release (Reason: None provided.) |
samba (2:4.9.5+dfsg-1) experimental; urgency=medium
* New upstream release
- Bump ldb Build-Depends to 2:1.5.1+really1.4.6
- Drop s3-auth-ignore-create_builtin_guests-failing-without.patch, merged
- Drop and python-gpg.patch, merged
* Add Recommends: samba-dsdb-modules for samba-common-bin (Closes: #862467)
-- Mathieu Parent <email address hidden> Wed, 20 Mar 2019 21:07:02 +0100
samba (2:4.9.4+dfsg-4) unstable; urgency=medium
* samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242)
* Improve AppArmor integration (Closes: #896080)
- Install update-apparmor-samba-profile 1.2 from Christian Boltz (openSUSE)
- Adapt update-apparmor-samba-profile: Rename apparmor profile snippet, and
test for it's directory
- smbd.init: Run update-apparmor-samba-profile before start
- smbd.service: Run update-apparmor-samba-profile before start
- Remove /etc/apparmor.d/samba/smbd-shares on purge
-- Mathieu Parent <email address hidden> Tue, 26 Feb 2019 22:18:19 +0100
| Superseded in stretch-release |
samba (2:4.5.16+dfsg-1) stretch; urgency=medium
* New upstream release (latest 4.5.x)
- Drop merged patches
* Fix CVE-2018-14629 regression when there're more than 20 records on a non
CNAME record.
* Fix rmdir on non-empty samba directory (Closes: #915248)
* Ignore nmbd start errors when there is no non-loopback interface
(Closes: #893762)
* Ignore nmbd start errors when there is no local IPv4 non-loopback interface
(Closes: #859526)
* s3:ntlm_auth: fix memory leak in manage_gensec_request() (Closes: #919611)
* Add debian/gitlab-ci.yml
-- Mathieu Parent <email address hidden> Thu, 31 Jan 2019 23:12:28 +0100
samba (2:4.9.4+dfsg-3) unstable; urgency=medium [ Ivo De Decker ] * Remove myself from uploaders [ Mathieu Parent ] * Update debian/gitlab-ci.yml * Standards-Version: 4.3.0 * Add upstream patch for python-gpg support * Replace Suggests: python-gpgme by Recommends: python-gpg (Closes: #876984) -- Mathieu Parent <email address hidden> Fri, 15 Feb 2019 11:14:10 +0100
samba (2:4.9.4+dfsg-2) unstable; urgency=medium * Append +really0.02 to libparse-pidl-perl version (Closes: #918564) * Add apport hook (From Ubuntu) * Change build dependency to libglusterfs-dev (Closes: #919667) -- Mathieu Parent <email address hidden> Wed, 23 Jan 2019 20:59:08 +0100
| 76 → 150 of 388 results | First • Previous • Next • Last |
