Ubuntu
samba package

Change logs for samba source package in Lunar

  1. Lunar (23.04)
  2. Change log 
  • samba (2:4.17.7+dfsg-1ubuntu2.3) lunar-security; urgency=medium

  * SECURITY UPDATE: SMB clients can truncate files with read-only
    permissions
    - debian/patches/CVE-2023-4091-*.patch
    - CVE-2023-4091
  * SECURITY UPDATE: Samba AD DC password exposure to privileged users and
    RODCs
    - debian/patches/CVE-2023-4154-*.patch
    - CVE-2023-4154
  * SECURITY UPDATE: rpcecho development server allows Denial of Service
    via sleep() call on AD DC
    - debian/patches/CVE-2023-42669-*.patch
    - CVE-2023-42669
  * SECURITY UPDATE: Samba AD DC Busy RPC multiple listener DoS
    - debian/patches/CVE-2023-42670-*.patch
    - CVE-2023-42670

 -- Marc Deslauriers <email address hidden>  Wed, 04 Oct 2023 08:18:32 -0400
  • samba (2:4.17.7+dfsg-1ubuntu2.2) lunar; urgency=medium

  * d/p/issue-when-updating-old-passwd-containing-regex-metachars.patch:
    Add changes to fix uncaught exception when updating old password
    containing regex metacharacters by simplifying samba-tool password
    redaction (LP: #2002949).

samba (2:4.17.7+dfsg-1ubuntu2.1) lunar; urgency=medium

  * d/control: adjust breaks/replaces for file move that Debian did in
    4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
    file conflict in a dist-upgrade from earlier Ubuntu releases, like
    Kinetic (LP: #2024663)

 -- Michal Maloszewski <email address hidden>  Sun, 20 Aug 2023 13:57:29 +0200
  • samba (2:4.17.7+dfsg-1ubuntu2.1) lunar; urgency=medium

  * d/control: adjust breaks/replaces for file move that Debian did in
    4.16.6+dfsg-5, and Ubuntu only did in 4.17.7+dfsg-1ubuntu1, to avoid
    file conflict in a dist-upgrade from earlier Ubuntu releases, like
    Kinetic (LP: #2024663)

 -- Andreas Hasenack <email address hidden>  Tue, 01 Aug 2023 18:30:42 -0300
  • samba (2:4.17.7+dfsg-1ubuntu2) lunar; urgency=medium

  * d/p/secure-channel-faulty-kb5028166.patch: fix domain membership
    after Windows KB5028166 update (LP: #2027716)

 -- Andreas Hasenack <email address hidden>  Thu, 20 Jul 2023 10:26:31 -0300
  • samba (2:4.17.7+dfsg-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
    - debian/patches/CVE-2022-2127-*.patch
    - CVE-2022-2127
  * SECURITY UPDATE: SMB2 packet signing not enforced
    - debian/patches/CVE-2023-3347-*.patch
    - CVE-2023-3347
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
    - debian/patches/CVE-2023-34966-*.patch
    - CVE-2023-34966
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
    - debian/patches/CVE-2023-34967-*.patch
    - CVE-2023-34967
  * SECURITY UPDATE: Spotlight server-side Share Path Disclosure
    - debian/patches/CVE-2023-34968-*.patch
    - CVE-2023-34968

 -- Marc Deslauriers <email address hidden>  Tue, 11 Jul 2023 07:54:30 -0400
  • samba (2:4.17.7+dfsg-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #2014052). Remaining changes:
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
      + enable the liburing vfs module, except on i386 where liburing is
        not available
      + build-depend on libglusterfs-dev only on !i386 arches
    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
      samba AD DC provisioning and domain join tests with internal DNS
      (LP #1977746, LP #2011745)

 -- Andreas Hasenack <email address hidden>  Fri, 31 Mar 2023 15:26:11 -0300
  • samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium

  * Add domain join tests (LP: #2011745):
    - d/t/control: update dependencies for samba AD provisioning test,
      which now also includes a member server join test
    - d/t/util, d/t/samba-ad-dc-*: add member server join tests

 -- Andreas Hasenack <email address hidden>  Wed, 15 Mar 2023 20:49:56 -0300
  • samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium

  * d/t/samba-ad-dc-provisioning-internal-dns: test improvements
    (LP: #2009485):
    - increase kinit timeout, as it also does DNS lookups
    - add a trap on exit to show logs in the case of some failure

 -- Andreas Hasenack <email address hidden>  Mon, 06 Mar 2023 11:49:34 -0300
  • samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #2002181). Remaining changes:
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
      + enable the liburing vfs module, except on i386 where liburing is
        not available
      + build-depend on libglusterfs-dev only on !i386 arches
  * Added:
    - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD
      DC provisioning test with internal DNS (LP: #1977746)

 -- Andreas Hasenack <email address hidden>  Sun, 05 Feb 2023 13:47:57 -0300
  • samba (2:4.17.3+dfsg-3ubuntu3) lunar; urgency=medium

  * Rebuild against latest icu

 -- Jeremy Bicha <email address hidden>  Mon, 06 Feb 2023 07:57:36 -0500
  • samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium

  * No-change rebuild with Python 3.11 as default

 -- Graham Inggs <email address hidden>  Mon, 26 Dec 2022 18:01:11 +0000
  • samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993380). Remaining changes:
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
    - d/control: enable the liburing vfs module, except on i386 where
      liburing is not available
    - d/control: build-depend on libglusterfs-dev only on !i386 arches
  * Dropped:
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
        [In 2:4.16.6+dfsg-1]
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
        [In 2:4.16.6+dfsg-1]
    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
      Skip running the tests if on i386 platform, because the uring
      package is not available there.
      [In 2:4.16.6+dfsg-1, improved]
    - d/t/util: fix setting the password of the smb test user
      (LP #1955851)
      [In 2:4.16.5+dfsg-2]
    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
      [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6]
    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
      enable the samba glusterfs vfs mofule in that case
      [In 2:4.16.6+dfsg-1]

 -- Andreas Hasenack <email address hidden>  Tue, 13 Dec 2022 18:36:23 -0300
  • samba (2:4.16.4+dfsg-2ubuntu2) lunar; urgency=medium

  * No-change rebuild against libldap-2

 -- Steve Langasek <email address hidden>  Thu, 15 Dec 2022 19:55:02 +0000
  • samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
    - d/control: enable the liburing vfs module, except on i386 where
      liburing is not available
    - d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
      Skip running the tests if on i386 platform, because the uring
      package is not available there.
    - d/t/util: fix setting the password of the smb test user
      (LP #1955851)
    - d/rules: in Ubuntu, glusterfs is not built for i386, so don't
      enable the samba glusterfs vfs mofule in that case
    - d/control: build-depend on libglusterfs-dev only on !i386 arches

 -- Andreas Hasenack <email address hidden>  Tue, 02 Aug 2022 09:30:05 -0300