-
samba (3.0.24-2ubuntu1.7) feisty-security; urgency=low
* RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
with certain client and server interactions with large file sizes.
* debian/patches/security-CVE-2008-1105_pt2.patch: adjust cli_negprot()
to properly calculate buffer sizes
* References
LP: #241448
https://bugzilla.samba.org/show_bug.cgi?id=5517
-- Jamie Strandboge <email address hidden> Sat, 28 Jun 2008 09:47:35 -0400
-
samba (3.0.24-2ubuntu1.6) feisty-security; urgency=low
* SECURITY UPDATE: heap overflow when processing crafted SMB responses
* debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
and process.c for these changes
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
Backport regression fixes from upstream.
* References:
CVE-2008-1105
CVE-2007-4572
LP: #235912
-- Jamie Strandboge <email address hidden> Mon, 16 Jun 2008 14:24:29 -0400
-
samba (3.0.24-2ubuntu1.5) feisty-security; urgency=low
* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
* References
CVE-2007-6015
-- Kees Cook <email address hidden> Fri, 14 Dec 2007 17:30:50 -0800
-
samba (3.0.24-2ubuntu1.4) feisty-security; urgency=low
* removed debian/patches/security_CVE-2007-4572.patch as it
caused regressions. This is believed to be a non-exploitable
DoS, but will provide updated packages when a suitable fix
is found.
* References:
LP #163042
LP #163116
https://bugzilla.samba.org/show_bug.cgi?id=5087
-- Jamie Strandboge <email address hidden> Fri, 16 Nov 2007 13:39:07 -0500
-
samba (3.0.24-2ubuntu1.3) feisty-security; urgency=low
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
* SECURITY UPDATE: arbitrary code execution in nmbd when configured as
a WINS server when processing name registration and name query requests
* debian/patches/security_CVE-2007-5398.patch: properly check len in
nmbd_packets.c
* References
CVE-2007-4572
CVE-2007-5398
-- Jamie Strandboge <email address hidden> Wed, 14 Nov 2007 17:07:17 -0500
-
samba (3.0.24-2ubuntu1.2) feisty-security; urgency=low
* SECURITY UPDATE: regression in "force group" configured shares.
* security-regression_fix-force-group.patch: upstream fixes.
* References
http://bugs.debian.org/424629
-- Kees Cook <email address hidden> Tue, 22 May 2007 09:23:08 -0700
-
samba (3.0.24-2ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: local priv escalation, remote heap overflows, remote
command execution.
* security_local-sid-translation-priv-elevation.patch: upstream fixes
(CVE-2007-2444)
* security_ndr-heap-overflows.patch: upstream fixes (CVE-2007-2446)
* security_remote-command-execution.patch: upstream fixed (CVE-2007-2447)
-- Kees Cook <email address hidden> Tue, 15 May 2007 15:28:23 -0700
-
samba (3.0.24-2ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
* debian/smb.conf:
- Do not show the version number by default
- Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
- Add a "valid users = %S" stanza to the commented-out [homes] section,
to show users how to restrict access to \\server\username to only
username.
- Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin.
* debian/panic-action:
- Alter the panic-action script to encourage users to report their
bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
Modify text to more closely match the Debian script
* debian/samba-common.templates:
- Set default workgroup to MSHOME
* debian/control:
- remove typehandling
- add update-inetd to Depends
* debian/patches/VERSION.patch:
- set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
* debian/samba-common.config:
- do not change priority to HIGH if dhclient3 is installed
* debian/samba.init:
- use of PIDDIR instead of hardcoding it
- Munge our init script to deal with the fact that our implementation
(or lack thereof) of log_daemon_msg and log_progress_msg differs
from Debian's implementation of the same (Ubuntu #19691)
* debian/rules:
- remove type-handling
- properly clean on make clean
- do not install mount.cifs and umount.cifs as suid
* debian/patches/ubuntu-auxsrc.patch:
- some auxilliary sources (undocumented in previous changelogs)
* Really drop debian/patches/ubuntu-fix-ldap.patch:
- Fixed upstream, see Debian #274155
samba (3.0.24-2) unstable; urgency=low
* Re-upload with a proper .orig.tar.gz.
samba (3.0.24-1) unstable; urgency=high
* New upstream release, security update
* Fixes for the following security advisories:
- Directly affecting Debian:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- Not affecting Debian:
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
* Correct paths for the documentation pointers in the default smb.conf
file. Thanks to Ted Percival for his care reporting this. Closes: #408898
samba (3.0.23d-4) unstable; urgency=low
* Debconf translation updates:
- Slovenian added.
samba (3.0.23d-3) unstable; urgency=low
* Debconf translation updates:
- Malayalam added. Closes: #403107
- Tamil added. Closes: #403353
-- Kees Cook <email address hidden> Tue, 6 Feb 2007 20:58:01 -0800
-
samba (3.0.23d-2ubuntu2) feisty; urgency=low
* Rebuild for python2.5 as the default python version.
-- Matthias Klose <email address hidden> Fri, 12 Jan 2007 13:18:25 +0000
-
samba (3.0.23d-2ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
* debian/smb.conf:
- Do not show the version number by default
- Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
- Add a "valid users = %S" stanza to the commented-out [homes] section,
to show users how to restrict access to \\server\username to only
username.
- Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin.
* debian/panic-action:
- Alter the panic-action script to encourage users to report their
bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
Modify text to more closely match the Debian script
* debian/samba-common.templates:
- Set default workgroup to MSHOME
* debian/control:
- remove typehandling
- add update-inetd to Depends
* debian/patches/VERSION.patch:
- set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
* debian/samba-common.config:
- do not change priority to HIGH if dhclient3 is installed
* debian/samba.init:
- use of PIDDIR instead of hardcoding it
- Munge our init script to deal with the fact that our implementation
(or lack thereof) of log_daemon_msg and log_progress_msg differs
from Debian's implementation of the same (Ubuntu #19691)
* debian/rules:
- remove type-handling
- properly clean on make clean
- do not install mount.cifs and umount.cifs as suid
* debian/patches/ubuntu-auxsrc.patch:
- some auxilliary sources (undocumented in previous changelogs)
* debian/patches/ubuntu-fix-ldap.patch:
- fix LDAP backend, see Ubuntu #1905, Debian #274155
samba (3.0.23d-2) unstable; urgency=low
* Build-Conflicts: libfam-dev to avoid problems accessing shares
when using GAMIN. Closes: #400617
* Lintian fixes:
- Run debconf-updatepo in the clean target to ensure up-to-date PO
and POT files
- debian/patches/no_unbreakable_spaces_in_man.patch:
Replace all non-breakable spaces by regular spaces in man pages.
They are encoded in ISO-8859-1 which is not recommended in man pages.
This should be submitted upstream.
- reformat too long lines in package description
-- Michael Vogt <email address hidden> Mon, 18 Dec 2006 13:31:09 +0100
-
samba (3.0.23d-1ubuntu3) feisty; urgency=low
* added depends on update-inetd
-- Michael Vogt <email address hidden> Thu, 14 Dec 2006 18:59:14 +0100
-
samba (3.0.23d-1ubuntu2) feisty; urgency=low
* Remove type-handling from build-deps, it's not in Ubuntu main. (It
was already disabled in the rules file.
-- Tollef Fog Heen <email address hidden> Tue, 12 Dec 2006 14:42:23 +0100
-
samba (3.0.23d-1ubuntu1) feisty; urgency=low
* Merge from debian unstable.
* Drop python2.4-samba, replace with python-samba. Added Conflicts/Replaces
on python2.4-samba
* Drop track-connection-dos.patch, ubuntu-winbind-panic.patch,
ubuntu-fix-ldap.patch, ubuntu-setlocale.patch, ubuntu-setlocale-fixes.patch
* Remaining Ubuntu changes:
- Revert Debian's installation of mount.cifs and umount.cifs as suid
- Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
- Add a "valid users = %S" stanza to the commented-out [homes] section, to
show users how to restrict access to \\server\username to only username.
- Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin.
- Alter the panic-action script to encourage users to report their
bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
Modify text to more closely match the Debian script
- Munge our init script to deal with the fact that our implementation
(or lack thereof) of log_daemon_msg and log_progress_msg differs
from Debian's implementation of the same (Ubuntu #19691)
- Kept ubuntu-auxsrc.patch: some auxilliary sources (undocumented in
previous changelogs)
- Set default workgroup to MSHOME
samba (3.0.23d-1) unstable; urgency=low
* new upstream release (2006-11-15)
[ Noèl Köthe ]
* updated documentation.patch for 3.0.23d
* updated non-linux-ports.patch for 3.0.23d
* updated adapt_machine_creation_script.patch for 3.0.23d
* updated autoconf.patch for 3.0.23d
[ Debconf translations ]
* Added Bosnian. Closes: #396634
* Added Bulgarian. Closes: #397773
samba (3.0.23c-4) unstable; urgency=low
[ Debconf translations ]
* Added Greek.
* Added Gujarati. Closes: #394430
* Added Korean. Closes: #394509
* Added Nepali.
* Updated Czech (typo fixed).
* Added Wolof. Closes: #396079
samba (3.0.23c-3) unstable; urgency=low
[ Debconf translations ]
* Updated Catalan; thanks to Guillem Jover for his help
* Updated Russian.
* Updated Spanish. Add a missing word and correct the copyright header
* Updated Vietnamese. Closes: #394164
* Added Albanian. Closes: #393777
* Added Chinese (Traditional).
* Added Thai.
samba (3.0.23c-2) unstable; urgency=low
[ Debconf translations ]
* Updated Swedish. Closes: #386510.
* Updated Japanese. Closes: #386534.
* Updated Italian. Closes: #386691.
* Updated Romanian. Closes: #388254.
* Updated German. Closes: #389072.
* Updated Brazilian Portuguese. Closes: #389097.
* Updated Basque. Closes: #389722.
* Updated Turkish. Closes: #390887
* Updated Danish. Closes: #390878
* Updated German. Closes: #390813
* Updated Simplified Chinese. Closes: #390959
* Updated Arabic.
* Updated Spanish. Closes: #391735
* Updated Dutch. Closes: #392082
* Added Slovak. Closes: #386847.
* Added Finnish. Closes: #390150.
* Added Estonian. Closes: #391102.
* Added Norwegian Bokmål. Closes: #391692
* Added Hungarian. Closes: #391746
[ Steve Langasek ]
* Change the Maintainer field at last to the mailing list... gives
our spam rules some testing, in response to popular demand :)
* Check for update-inetd on purge before trying to invoke it;
closes: #388606.
[ Peter Eisentraut ]
* Make swat binNMU-safe by using ${source:Version} for dependency on
samba-doc
* Make samba-common owner of /var/{cache,log,run}/samba, let samba and
winbind only delete files they know they're exclusive owners of.
Closes: #370718.
* Use python-central to manage installation of python-samba.
Closes: #386499. (patch by Patrick Winnertz)
* Use upstream makefile to install Python module.
* Build-Depend on python-dev instead of python-all-dev.
* Removed old upgrade support.
* Remove possibly leftover comma from "passdb backend" setting in
smb.conf on upgrade. Closes: ##383307.
* Added libpam-smbpass logcheck file by martin f krafft.
Closes: #391487, #391916.
[ Christian Perrier ]
* Add LSB info to the init script
samba (3.0.23c-1) unstable; urgency=low
[ Christian Perrier ]
* New upstream version
* Split out samba/run_mode with "__Choices".
[ Noèl Köthe ]
* corrected samba override disparity:
samba-dbg_3.0.23b-2_i386.deb: package says priority is optional, override says extra.
[ Debconf translations ]
* Updated Galician. Closes: #383001.
* Updated Danish. Closes: #383025.
* Added Tagalog. Closes: #383039, #383252.
* Updated Khmer.
* Updated Arabic.
* Updated Dzongkha. Closes: #383125.
* Updated Vietnamese. Closes: #383126.
* Updated Czech. Closes: #384760.
[ Peter Eisentraut ]
* Preseed configure result for method to detect interfaces in
debian/config.cache; the test might otherwise fail if there are no
interfaces configured at build time. Closes: #382429.
* Refined panic-action script text. Closes: #382500.
samba (3.0.23b-2) unstable; urgency=low
[ Debconf translations ]
* Updated Romanian. Closes: #382358
* Updated Dzongkha. Closes: #382448, #382948
* Updated Basque. Closes: #382456
* Added Simplified Chinese. Closes: #382489
[ Peter Eisentraut ]
* Remove no longer functioning "guest" value from "passdb backend"
setting in smb.conf on upgrade. Closes: #382296
[ Steve Langasek ]
* Drop code and debconf questions specific to upgrades from samba <= 2.2.
* Reword some debconf translations as discussed on the list.
* Rerun debconf-updatepo.
* Switch debian/ca.po to UTF-8.
* Restore some reverted strings for Galician, Czech, Brazilian Portuguese,
Spanish, French, Italian, Catalan, Portuguese, Russian, and Japanese.
* Update translations for Brazilian Portuguese, Spanish, French, Italian,
Catalan, and Portuguese.
samba (3.0.23b-1) unstable; urgency=low
* New upstream release
[ Debconf translations ]
* Updated Galician. Closes: #381988
samba (3.0.23a-1) unstable; urgency=medium
* New upstream release
* Fixes the following Debian bugs:
- winbind: panic()s when started outside of a domain context.
Closes: #337070
- Make smbclient -L use RPC to list shares, fall back to RAP.
Closes: #168732
- Potential hang in nmbd. Upstream bug #3779. Closes: #367472
- Typos in "ldap group suffix" in smb.conf(5) (upstream #3780).
Closes: #367507
- Erroneous permissions checks after 3.0.10 -> 3.0.14a
(upstream #2591). Closes: #307626
- Anonymous memory exhaustion DoS (CVE-2006-3403). Closes: #378070
- ImportError exception raised when trying to import samba.smb
(upstream #3567). Closes: #350050
- Changed references from pam_pwdb to pam_unix (upstream #3225).
Closes: #206672
- SWAT segfault (upstream #3702). Closes: #363523
[ Adam Conrad ]
* Fix typo in smb.conf that causes all samba apps to whine.
Closes: #369782
* Add myself to Uploaders, on the off chance that I might upload.
[ Debconf translations ]
* Add Galician translation of debconf templates. Closes: #361204, #369403
* Add Basque translation of debconf templates. Closes: #375104
* Add Romanian translation of debconf templates. Closes: #379246
* Add Khmer translation of debconf templates. Closes: #381833
* Add Dzongkha translation of debconf templates.
* Updated Russian. Closes: #369375
* Updated Czech. Closes: #369408
* Updated Japanese. Closes: #369457
* Updated Italian. Closes: #369587
* Updated Swedish. Closes: #369730
* Updated Dutch. Closes: #376515
* Updated Vietnamese. Closes: #381557
* Updated French.
* Updated Brazilian.
* Updated Portuguese. Closes: #372632
* Updated Arabic.
[ Christian Perrier ]
* Add dependency on procps for samba, as ps is used in init scripts.
Thanks to Bastian Blank for reporting. Closes: #365618
* Rewrite debconf templates to be compliant with 6.5.2 of the Developer's
Reference
* Add support for /etc/default/winbind. Closes: #262313, #374411
Thanks to Guido Guenther for the old patch and to Jérôme Warnier
for reminding us about it.
* Compile with --with-cifsmount which is now needed to properly compile
mount.cifs and umount.cifs. See samba bug #3799
[ Peter Eisentraut ]
* Use debian/compat instead of DH_COMPAT
* Updated Standards-Version to 3.7.2 (no changes needed)
* Replaced libsmbclient shlibs file by dh_makeshlibs call, so the
required ldconfig calls appear in the maintainer scripts
* Adjusted debian/rules to get 3.0.23rc1 to build
* Updated to debhelper level 5
* Rearranged dh_strip calls so that build succeeds with
DEB_BUILD_OPTIONS=nostrip. Closes: #288995
* Create /var/spool/samba and use it as default printer spool.
Closes: #275241
* Made winbind init script more careful about returning proper exit code
* Added winbindd_priv group as owner of winbindd_privileged directory.
Closes: #307257
* Python transition preparations: renamed package to python-samba,
removed hardcoded references to Python version 2.3. Closes: #380939
* Removed unwanted swat debconf warning
* Put localized swat messages into /usr/share/samba, where swat looks for
them. Closes: #376991
-- Andrew Mitchell <email address hidden> Tue, 28 Nov 2006 20:14:37 +1300
-
samba (3.0.22-1ubuntu4) edgy; urgency=low
* SECURITY UPDATE: Remote DoS.
* Add debian/patches/track_connection_dos.patch:
- Limit active connections to 2048 to avoid DoS due to unbound array
growing when tracking active connections.
- CVE-2006-3403
-- Martin Pitt <email address hidden> Tue, 11 Jul 2006 13:14:27 +0200
