-
samba (2:4.5.16+dfsg-1+deb9u2) stretch-security; urgency=high
* This is a security release in order to address the following defect:
- CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
-- Mathieu Parent <email address hidden> Wed, 08 May 2019 22:23:37 +0200
-
samba (2:4.5.16+dfsg-1+deb9u1) stretch-security; urgency=high
* This is a security release in order to address the following defect:
- CVE-2019-3880 Save registry file outside share as unprivileged user
-- Mathieu Parent <email address hidden> Fri, 05 Apr 2019 18:28:38 +0200
-
samba (2:4.5.16+dfsg-1) stretch; urgency=medium
* New upstream release (latest 4.5.x)
- Drop merged patches
* Fix CVE-2018-14629 regression when there're more than 20 records on a non
CNAME record.
* Fix rmdir on non-empty samba directory (Closes: #915248)
* Ignore nmbd start errors when there is no non-loopback interface
(Closes: #893762)
* Ignore nmbd start errors when there is no local IPv4 non-loopback interface
(Closes: #859526)
* s3:ntlm_auth: fix memory leak in manage_gensec_request() (Closes: #919611)
* Add debian/gitlab-ci.yml
-- Mathieu Parent <email address hidden> Thu, 31 Jan 2019 23:12:28 +0100
-
samba (2:4.5.12+dfsg-2+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Confidential attribute disclosure from the AD LDAP server (CVE-2018-10919)
* Insufficient input validation on client directory listing in libsmbclient
(CVE-2018-10858)
-- Salvatore Bonaccorso <email address hidden> Mon, 13 Aug 2018 22:49:33 +0200
-
samba (2:4.5.12+dfsg-2+deb9u2) stretch-security; urgency=high
* This is a security release in order to address the following defects:
- CVE-2018-1050: Codenomicon crashes in spoolss server code
- CVE-2018-1057: Unprivileged user can change any user (and admin) password
-- Mathieu Parent <email address hidden> Mon, 05 Mar 2018 15:25:39 +0100
-
samba (2:4.5.12+dfsg-2+deb9u1) stretch-security; urgency=high
* This is a security release in order to address the following defects:
- CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when
talloc buffer is grown.
- CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
-- Mathieu Parent <email address hidden> Mon, 20 Nov 2017 23:24:53 +0100
-
samba (2:4.5.12+dfsg-2) stretch; urgency=high
* This is a security release in order to address the following defects:
- CVE-2017-12150: Some code path don't enforce smb signing, when they should
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects
- CVE-2017-12163: Server memory information leak over SMB1
-- Mathieu Parent <email address hidden> Mon, 25 Sep 2017 15:19:34 +0200
-
samba (2:4.5.8+dfsg-2) unstable; urgency=high
* CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
-- Mathieu Parent <email address hidden> Thu, 18 May 2017 11:53:47 +0200
-
samba (2:4.5.8+dfsg-1) unstable; urgency=high
* New upstream version
- Drop CVE-2017-2619.patch: merged upstream
- Fix CVE-2017-2619 regression with "follow symlink = no" (Closes: #858564)
-- Mathieu Parent <email address hidden> Sat, 01 Apr 2017 20:39:17 +0200
-
samba (2:4.5.6+dfsg-1) unstable; urgency=medium
* New upstream version
* Fix typo in smbd.service and winbind.service (s/nmb.service/nmbd.service)
(Closes: #857232)
-- Mathieu Parent <email address hidden> Thu, 09 Mar 2017 15:42:37 +0100
-
samba (2:4.5.5+dfsg-1) unstable; urgency=medium
* New upstream version
- Revert rewrite of the vfs_fruit module (Closes: #856561)
* Fix 'winbindd privileged socket directory' (Closes: #754339):
- Fix path from /var/run/samba/winbindd_privileged/ to
/var/lib/samba/winbindd_privileged/.
- Move mkdir+chgrp+chmod to postinst (to handle systemd also).
- Thanks to Jim Barber for the report.
* logrotate: Use delaycompress on all logs (Closes: #702201)
- Thanks to Matthew Gabeler-Lee for the proposed fix.
-- Mathieu Parent <email address hidden> Sun, 05 Mar 2017 23:21:09 +0100
-
samba (2:4.5.4+dfsg-1) unstable; urgency=medium
[ Mathieu Parent ]
* New upstream version
- Drop security-2016-12-19.patch, was 4.5.3
* missing-build-dependency-for-dh_-command dh_python2 => dh-python
[ Vincent Blut ]
* d/control: Suggest chrony as an alternative to ntp (Closes: #851727)
[ Daniel A ]
* add gpgme support (Closes: #850908)
-- Mathieu Parent <email address hidden> Wed, 25 Jan 2017 21:25:40 +0100
-
samba (2:4.5.2+dfsg-2) unstable; urgency=high
* This is a security release in order to address the following defects:
- CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
- CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
- CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).
-- Mathieu Parent <email address hidden> Sat, 17 Dec 2016 22:54:35 +0100
-
samba (2:4.5.2+dfsg-1) unstable; urgency=medium
* New upstream version
- Remove CTDB-Fix-samba-eventscript.patch: merged
- d/rules: /usr/share/ctdb-tests is now /usr/share/ctdb/tests
* Update gbp.conf with debian-branch = master
-- Mathieu Parent <email address hidden> Thu, 08 Dec 2016 20:21:52 +0100
-
samba (2:4.4.7+dfsg-1) unstable; urgency=medium
* New upstream release.
- Remove bug_12283_segfault_tevent_internals.patch: included.
* CTDB: Fix samba eventscript (upstream #12371).
* nmbd requires a working network (Closes: #698056, #842056, #840608,
LP: #1635491).
* Be more verbose about masking samba-ad-dc.service (Closes: #841147)
-- Mathieu Parent <email address hidden> Mon, 31 Oct 2016 21:06:30 +0100
-
samba (2:4.4.6+dfsg-2) unstable; urgency=high
* Remove uses of tevent internals. This fixes segfault.
Closes: #840382, #840298.
-- Mathieu Parent <email address hidden> Wed, 12 Oct 2016 05:53:33 +0200
-
samba (2:4.4.5+dfsg-3) unstable; urgency=medium
[ Jelmer Vernooij ]
* Add strict dependencies on samba-libs, because of use of private
libraries without stable ABI across Samba binary packages.
* Add Breaks clauses for older versions of samba-libs and samba to
samba-vfs-modules, as some files have moved. Closes: #833614,
#832880
[ Mathieu Parent ]
* Remove /etc/systemd/system/samba-ad-dc.service (from postinst) on purge.
Closes: #832352
* Fix PIDFile in systemd service files. Closes: #830909
* Remove unused lintian overrides
* Use automatic debug packages (-dbgsym) (Closes: #819776)
* Remove Christian Perrier from uploaders (Closes: #836715). Thanks for all
you work, and thanks for bringing me in the team and as a DD.
* Update Turkish translation. Thanks Atila KOÇ. Closes: #791903
* Don't use strict dependency for libwbclient0 to samba-libs to avoid
circular dependency
-- Mathieu Parent <email address hidden> Fri, 09 Sep 2016 13:00:54 +0200
-
samba (2:4.4.5+dfsg-2) unstable; urgency=medium
* Disable running of 'make quicktest' during build, as it takes very
long to run on x32 and enables building non-production NTVFS server.
Closes: #830571
-- Jelmer Vernooij <email address hidden> Sat, 09 Jul 2016 19:09:19 +0000
-
samba (2:4.4.4+dfsg-2) unstable; urgency=medium
* Mask samba-ad-dc.service unless needed (Closes: #828137)
* Fix kill path in systemd units (Closes: #828730)
-- Mathieu Parent <email address hidden> Mon, 27 Jun 2016 21:37:58 +0200
-
samba (2:4.4.3+dfsg-4) unstable; urgency=medium
* Fix build with DEB_BUILD_OPTIONS=nocheck
* Still run "make quicktest" but ignore failures
-- Mathieu Parent <email address hidden> Sat, 07 May 2016 13:18:53 +0200
-
samba (2:4.3.8+dfsg-1) unstable; urgency=low
[ Jelmer Vernooij ]
* Add patch no_build_system.patch: drop host-specific define that
prevents reproducible builds.
* New upstream release.
+ Drop patch
security-2016-04-12-prerequisite-v4-3-regression-fixes.metze01.txt,
now included upstream.
* Bump version in Replaces: samba-libs for samba-vfs-modules to
4.3.2+dfsg-1, to fix jessie->stretch upgrades. Closes: #821070
-- Jelmer Vernooij <email address hidden> Sat, 16 Apr 2016 01:18:36 +0000
-
samba (2:4.3.7+dfsg-1) unstable; urgency=high
* New upstream release.
+ Fixes (Patches by Stefan Metzmacher of SerNet and others on the Samba Team):
- CVE-2015-5370 (Multiple errors in DCE-RPC code)
- CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
- CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
- CVE-2016-2112 (LDAP client and server don't enforce integrity)
- CVE-2016-2113 (Missing TLS certificate validation)
- CVE-2016-2114 ("server signing = mandatory" not enforced)
- CVE-2016-2115 (SMB IPC traffic is not integrity protected)
- CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
* Additional regression fix for 'net ads join' to a Windows 2003 domain by metze
-- Andrew Bartlett <email address hidden> Wed, 13 Apr 2016 10:24:17 +1200
-
samba (2:4.3.6+dfsg-1) unstable; urgency=medium
* New upstream release.
+ Fixes:
- CVE-2015-7560: Incorrect ACL get/set allowed on symlink path.
- CVE-2016-0771 (Out-of-bounds read in internal DNS server.
-- Jelmer Vernooij <email address hidden> Sat, 27 Feb 2016 23:28:53 +0000
-
samba (2:4.3.3+dfsg-2) unstable; urgency=medium
[ Jelmer Vernooij ]
* Add dependency on libtevent-dev in samba-dev.
[ Mathieu Parent ]
* Fix CTDB behavior since CVE-2015-8543 (Closes: #813406)
-- Mathieu Parent <email address hidden> Thu, 04 Feb 2016 13:25:01 +0100
-
samba (2:4.1.17+dfsg-4) unstable; urgency=medium
* Add pidl_reproducible.patch: Make pidl output reproducible.
-- Jelmer Vernooij <email address hidden> Tue, 28 Apr 2015 00:10:21 +0000