-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.20) trusty-security; urgency=medium
* SECURITY UPDATE: save registry file outside share as unprivileged user
- debian/patches/CVE-2019-3880.patch: remove implementations of
SaveKey/RestoreKey in source3/rpc_server/winreg/srv_winreg_nt.c.
- CVE-2019-3880
-- Marc Deslauriers <email address hidden> Mon, 01 Apr 2019 10:10:22 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.19) trusty-security; urgency=medium
* SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server
- debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
counter in source4/dns_server/dns_query.c.
- CVE-2018-14629
* SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
- debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with
mis-matching principal in source4/kdc/db-glue.c.
- CVE-2018-16841
* SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
- debian/patches/CVE-2018-16851.patch: check ret before manipulating
blob in source4/ldap_server/ldap_server.c.
- CVE-2018-16851
-- Marc Deslauriers <email address hidden> Fri, 16 Nov 2018 09:50:56 -0500
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.18) trusty; urgency=medium
* d/samba.nmbd.init, d/samba.samba-ad-dc.init, d/samba.smbd.init,
d/winbind.init avoid issues due to init scripts misdetecting
services (LP: #1792400)
- use --pidfile on --start to not block on same binaries running in
containers
- use --exec on --stop to not cause unintended processes to be acted on,
if the old process terminated without being able to remove the pid-file.
-- Christian Ehrhardt <email address hidden> Tue, 16 Oct 2018 09:55:34 +0200
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.17) trusty; urgency=medium
* d/p/bug_1583324_include_with_macro.patch: don't fail parsing the
config file if it has macros in include directives (LP: #1583324)
-- Andreas Hasenack <email address hidden> Thu, 02 Aug 2018 18:27:50 -0300
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.16) trusty-security; urgency=medium
* SECURITY UPDATE: Insufficient input validation on client directory
listing in libsmbclient
- debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
buffer in source3/libsmb/libsmb_path.c, add checks to
source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
- CVE-2018-10858
* SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
- debian/patches/CVE-2018-10919-*.patch: fix access checks.
- CVE-2018-10919
-- Marc Deslauriers <email address hidden> Mon, 06 Aug 2018 07:42:48 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.14) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of Service Attack on external print server
- debian/patches/CVE-2018-1050.patch: protect against null pointer
derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
- CVE-2018-1050
* SECURITY UPDATE: Authenticated users can change other users password
- debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
- CVE-2018-1057
-- Marc Deslauriers <email address hidden> Tue, 06 Mar 2018 16:49:30 +0100
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.13) trusty-security; urgency=medium
* SECURITY UPDATE: Use-after-free vulnerability
- debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
source3/smbd/process.c, source3/smbd/reply.c.
- CVE-2017-14746
* SECURITY UPDATE: Server heap memory information leak
- debian/patches/CVE-2017-15275.patch: zero out unused grown area in
source3/smbd/srvstr.c.
- CVE-2017-15275
-- Marc Deslauriers <email address hidden> Wed, 15 Nov 2017 15:41:27 -0500
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.12) trusty-security; urgency=medium
* SECURITY UPDATE: SMB1/2/3 connections may not require signing where
they should
- debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
source3/lib/util_cmdline.c.
- debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
source3/libsmb/pylibsmb.c.
- debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
libgpo/gpo_fetch.c.
- debian/patches/CVE-2017-12150-4.patch: add check for
NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
- debian/patches/CVE-2017-12150-5.patch: add
smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
- debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
authentication was not requested in source3/libsmb/clidfs.c.
- CVE-2017-12150
* SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
redirects
- debian/patches/CVE-2017-12151-1.patch: add
cli_state_is_encryption_on() helper function to
source3/libsmb/clientgen.c, source3/libsmb/proto.h.
- debian/patches/CVE-2017-12151-2.patch: make use of
cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
source3/libsmb/libsmb_context.c.
- CVE-2017-12151
* SECURITY UPDATE: Server memory information leak over SMB1
- debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
from writing server memory to file in source3/smbd/reply.c.
- CVE-2017-12163
-- Marc Deslauriers <email address hidden> Thu, 21 Sep 2017 08:05:11 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.11) trusty; urgency=medium
* d/p/bug_1702529_EACCESS_with_rootshare.patch:
Handle corner case for / shares. (LP: #1702529)
-- Dariusz Gadomski <email address hidden> Wed, 23 Aug 2017 11:36:59 +0200
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.10) trusty-security; urgency=medium
* SECURITY UPDATE: KDC-REP service name impersonation
- debian/patches/CVE-2017-11103.patch: use encrypted service
name rather than unencrypted (and therefore spoofable) version
in heimdal
- CVE-2017-11103
-- Steve Beattie <email address hidden> Thu, 13 Jul 2017 14:06:03 -0700
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium
[ Andreas Hasenack ]
* d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
regression which breaks symlinks to directories on certain systems
(LP: #1701073)
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via bad symlink resolution
- debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
in source3/smbd/open.c.
- CVE-2017-9461
-- Marc Deslauriers <email address hidden> Tue, 04 Jul 2017 08:01:55 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.8) trusty-security; urgency=medium
* SECURITY UPDATE: remote code execution from a writable share
- debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
slash inside in source3/rpc_server/srv_pipe.c.
- CVE-2017-7494
-- Marc Deslauriers <email address hidden> Fri, 19 May 2017 14:18:37 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.7) trusty-security; urgency=medium
* SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
- debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
bug #12721.
* Add missing prerequisite for previous update
- debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
files and wildcards in source3/modules/vfs_shadow_copy2.c.
-- Marc Deslauriers <email address hidden> Tue, 28 Mar 2017 09:28:06 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.6) trusty-security; urgency=medium
* SECURITY UPDATE: Symlink race allows access outside share definition
- debian/patches/CVE-2017-2619/*.patch: backport security fix and
prerequisite patches from upstream.
- CVE-2017-2619
-- Marc Deslauriers <email address hidden> Mon, 20 Mar 2017 10:50:12 -0400
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.4) trusty-security; urgency=medium
* SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
- debian/patches/CVE-2016-2123.patch: check lengths in
librpc/ndr/ndr_dnsp.c.
- CVE-2016-2123
* SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
- debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
source4/auth/gensec/gensec_gssapi.c.
- CVE-2016-2125
* SECURITY UPDATE: privilege elevation in Kerberos PAC validation
- debian/patches/CVE-2016-2126.patch: only allow known checksum types
in auth/kerberos/kerberos_pac.c.
- CVE-2016-2126
-- Marc Deslauriers <email address hidden> Mon, 12 Dec 2016 08:40:01 -0500
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.3) trusty; urgency=high
* Revert to version prior to the 2:4.3.11+dfsg-0ubuntu0.14.04.2
which is causing regression with statically linked libpam_winbind.
Removes d/p/fix-1584485.patch. LP: #1644428
-- Louis Bouchard <email address hidden> Thu, 24 Nov 2016 15:40:40 +0100
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.2) trusty; urgency=medium
* d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
to be statically linked fixes LP: #1584485.
* d/rules: Compile winbindd/winbindd statically.
-- Jorge Niedbalski <email address hidden> Wed, 09 Nov 2016 15:09:11 +0100
-
samba (2:4.3.11+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY UPDATE: client-signing protection mechanism bypass
- Updated to upstream 4.3.11
- CVE-2016-2119
* Removed patches included in new version
- debian/patches/samba-bug11912.patch
- debian/patches/samba-bug11914.patch
* debian/patches/git_smbclient_cpu.patch:
- backport upstream patch to fix smbclient users hanging/eating cpu on
trying to contact a machine which is not there.
-- Marc Deslauriers <email address hidden> Fri, 23 Sep 2016 14:14:05 -0400
-
samba (2:4.3.9+dfsg-0ubuntu0.14.04.3) trusty-security; urgency=medium
* SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
- debian/patches/samba-bug11912.patch: let msrpc_parse() return
talloc'ed empty strings in libcli/auth/msrpc_parse.c.
- debian/patches/samba-bug11914.patch: make
ntlm_auth_generate_session_info() more complete in
source3/utils/ntlm_auth.c.
* debian/rules: work around amd64 build failure (LP: #1585174)
-- Marc Deslauriers <email address hidden> Tue, 24 May 2016 07:47:59 -0400
-
samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
the previous security updates. (LP: #1577739)
- debian/control: bump tevent Build-Depends to 0.9.28.
-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 09:58:20 -0400
-
samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
- CVE-2015-5370: Multiple errors in DCE-RPC code
- CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
- CVE-2016-2111: NETLOGON Spoofing Vulnerability
- CVE-2016-2112: The LDAP client and server don't enforce integrity
protection
- CVE-2016-2113: Missing TLS certificate validation allows man in the
middle attacks
- CVE-2016-2114: "server signing = mandatory" not enforced
- CVE-2016-2115: SMB client connections for IPC traffic are not
integrity protected
- CVE-2016-2118: SAMR and LSA man in the middle attacks possible
* Backported most packaging changes from (2:4.3.6+dfsg-1ubuntu1) in
Ubuntu 16.04 LTS, except for the following:
- Don't remove samba-doc package
- Don't remove libpam-smbpass package
- Don't remove libsmbsharemodes0 and libsmbsharemodes-dev packages
- Don't build with dh-systemd
- Don't build ctdb and cluster support
- Restore recommends for the separate libnss-winbind and libpam-winbind
- Use correct epoch for ldb
- Don't remove samba init script in postinst
* debian/patches/fix_pam_smbpass.patch: fix double free in pam_smbpass.
* debian/patches/winbind_trusted_domains.patch: make sure domain members
can talk to trusted domains DCs.
-- Marc Deslauriers <email address hidden> Tue, 12 Apr 2016 07:27:15 -0400
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium
* SECURITY UPDATE: incorrect ACL get/set allowed on symlink path
- debian/patches/CVE-2015-7560-pre1.patch: add vfs_stat_smb_basename()
to source3/smbd/proto.h, source3/smbd/vfs.c.
- debian/patches/CVE-2015-7560.patch: properly handle symlinks in
source3/client/client.c, source3/libsmb/clifile.c,
source3/libsmb/proto.h, source3/smbd/nttrans.c,
source3/smbd/trans2.c, added tests to selftest/knownfail,
source3/selftest/tests.py, source3/torture/torture.c.
- CVE-2015-7560
* SECURITY UPDATE: out-of-bounds read in internal DNS server
- debian/patches/CVE-2016-0771.patch: fix dns handling in
librpc/idl/dns.idl, librpc/idl/dnsp.idl, librpc/idl/dnsserver.idl,
librpc/ndr/ndr_dns.c, librpc/ndr/ndr_dnsp.c, librpc/ndr/ndr_dnsp.h,
librpc/wscript_build, source4/dns_server/dns_query.c,
source4/dns_server/dns_update.c, source4/librpc/wscript_build,
added tests to python/samba/tests/dns.py,
python/samba/tests/get_opt.py, selftest/tests.py,
source4/selftest/tests.py.
- CVE-2016-0771
-- Marc Deslauriers <email address hidden> Thu, 03 Mar 2016 10:57:18 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.12) trusty-security; urgency=medium
* Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
(LP: #1545750)
-- Dariusz Gadomski <email address hidden> Mon, 15 Feb 2016 15:59:51 +0100
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.11) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in ldb_wildcard_compare function
- debian/patches/CVE-2015-3223.patch: handle empty strings and
embedded zeros in lib/ldb/common/ldb_match.c.
- CVE-2015-3223
* SECURITY UPDATE: file-access restrictions bypass via symlink
- debian/patches/CVE-2015-5252.patch: validate matching component in
source3/smbd/vfs.c.
- CVE-2015-5252
* SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
downgrade
- debian/patches/CVE-2015-5296.patch: force signing in
libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
source3/libsmb/libsmb_server.c.
- CVE-2015-5296
* SECURITY UPDATE: snapshot access via shadow copy directory
- debian/patches/CVE-2015-5299.patch: fix missing access checks in
source3/modules/vfs_shadow_copy2.c.
- CVE-2015-5299
* SECURITY UPDATE: information leak via incorrect string length handling
- debian/patches/CVE-2015-5330.patch: fix string length handling in
lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
lib/util/charset/util_unistr.c.
- CVE-2015-5330
* SECURITY UPDATE: LDAP server denial of service
- debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
source4/libcli/ldap/ldap_controls.c.
- CVE-2015-7540
* SECURITY UPDATE: access restrictions bypass in machine account creation
- debian/patches/CVE-2015-8467.patch: restrict swapping between account
types in source4/dsdb/samdb/ldb_modules/samldb.c.
- CVE-2015-8467
* debian/control: bump libldb-dev Build-Depends to security update
version.
* This update does _not_ contain the changes from samba
2:4.1.6+dfsg-1ubuntu2.14.04.10 in trusty-proposed.
-- Marc Deslauriers <email address hidden> Mon, 04 Jan 2016 11:28:45 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.10) trusty; urgency=medium
* debian/patches/git_netbios_empty_name.patch:
- s3-nmbd: Fix netbios name truncation, should fix machines having
an empty name on smb if their netbios name is long (lp: #1505590)
-- Sebastien Bacher <email address hidden> Tue, 13 Oct 2015 10:56:29 +0100
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.9) trusty; urgency=medium
* debian/patches/0001-byteorder-do-not-assume-PowerPC-is-big-endian.patch:
deal with the fact that POWER8 can be little-endian, so don't use special
instructions to write in little-endian in that case. (LP: #1472584)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 12 Aug 2015 21:09:22 -0400
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.8) trusty; urgency=medium
* Fix for "no talloc stackframe at" warning messages (LP: #1257186)
-- Ryan Harper <email address hidden> Mon, 22 Jun 2015 08:48:37 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.7) trusty-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability in smbd daemon
- debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
uninitialized pointer and don't dereference a NULL pointer in
source3/rpc_server/netlogon/srv_netlog_nt.c.
- CVE-2015-0240
-- Marc Deslauriers <email address hidden> Mon, 23 Feb 2015 09:07:54 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.6) trusty; urgency=medium
* Fix "force user" and "force group" options. (LP: #1416906)
-- Dave Chiluk <email address hidden> Wed, 11 Feb 2015 15:49:11 -0800
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.5) trusty; urgency=medium
* Restore recommends for the separate libnss-winbind and libpam-winbind
packages needed for upgrades of winbind from Precise to Trusty.
(LP: #1412909)
-- Brian Murray <email address hidden> Wed, 28 Jan 2015 15:24:47 -0800
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.4) trusty-security; urgency=medium
* SECURITY UPDATE: elevation of privilege to AD Domain Controller
- debian/patches/CVE-2014-8143.patch: check for extended access rights
before allowing changes to userAccountControl in
librpc/idl/security.idl, source4/auth/session.c,
source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
source4/rpc_server/lsa/dcesrv_lsa.c,
source4/setup/schema_samba4.ldif.
- CVE-2014-8143
-- Marc Deslauriers <email address hidden> Wed, 21 Jan 2015 09:26:12 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.3) trusty-security; urgency=medium
* SECURITY UPDATE: remote code execution on unauthenticated nmbd
- debian/patches/CVE-2014-3560.patch: fix unstrcpy in
lib/util/string_wrappers.h.
- CVE-2014-3560
-- Marc Deslauriers <email address hidden> Fri, 01 Aug 2014 17:57:10 -0400
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
- debian/patches/CVE-2014-0178.patch: don't return uninitialized data
and extra bytes in source3/modules/vfs_default.c.
- CVE-2014-0178
* SECURITY UPDATE: denial of service via forged DNS response
- debian/patches/CVE-2014-0239.patch: don't reply to replies in
source4/dns_server/dns_server.c, added test to
python/samba/tests/dns.py.
- CVE-2014-0239
* SECURITY UPDATE: denial of service on nmbd malformed packet
- debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
source3/lib/system.c.
- CVE-2014-0244
* SECURITY UPDATE: denial of service via bad unicode conversion
- debian/patches/CVE-2014-3493.patch: refactor code in
source3/lib/charcnv.c, change return code checks in
source3/libsmb/clirap.c, source3/smbd/lanman.c.
- CVE-2014-3493
-- Marc Deslauriers <email address hidden> Mon, 23 Jun 2014 14:26:59 -0400
-
samba (2:4.1.6+dfsg-1ubuntu2.14.04.1) trusty-proposed; urgency=medium
* cherrypick upstream patch 1310919 to fix pam_winbind regression
(LP: #1310919)
-- Serge Hallyn <email address hidden> Tue, 29 Apr 2014 16:05:44 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
* Fix a grammatical error in smb.conf that showed up in a ucf prompt on
upgrade.
-- Steve Langasek <email address hidden> Thu, 03 Apr 2014 19:08:03 -0700
-
samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/VERSION.patch: Update vendor string to "Ubuntu".
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
+ Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
first dummy transitional package version.
+ Dropped patches:
- debian/patches/CVE-2013-4496.patch: Dropped no longer needed
- debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
- debian/patches/readline-ftbfs.patch: Use the debian version.
+ debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
(LP: #1268180)
samba (2:4.1.6+dfsg-1) unstable; urgency=high
* New upstream security release. Fixes:
- CVE-2013-4496: password lockout not enforced for SAMR password changes
- CVE-2013-6442: smbcacls can remove a file or directory ACL by mistake
* Backport fix for readline 6.3 from master
samba (2:4.1.5+dfsg-1) unstable; urgency=medium
[ Jelmer Vernooij ]
* Fix watch file.
[ Ivo De Decker ]
* New upstream release.
* Remove the part of patch 26_heimdal_compat integrated upstream.
samba (2:4.1.4+dfsg-3) unstable; urgency=medium
* Move samba.dckeytab module to samba package, as it relies on hdb.
Closes: #736405, #736430
samba (2:4.1.4+dfsg-2) unstable; urgency=medium
[ Jelmer Vernooij ]
* Depend on newer version of ctdb, as Samba won't build against older
versions without --enable-old-ctdb.
* Bump standards version to 3.9.5 (no changes).
* Move libpac, db_glue and hdb module from samba-libs to samba package
to reduce size and dependency set of libs package.
* Fix compatibility with newer versions of the Heimdal HDB API.
+ Update 26_heimdal_compat: Fix initialization of HDB plugin. Thanks Jeff
Clark. Closes: #732342
+ Add dependency on specific version of the Heimdal HDB API.
Closes: #732344
[ Steve Langasek ]
* dhcp3-client is superseded by dhcp-client; update the references in
the package. Closes: #736070.
* Move the dhcp client hook from /etc/dhcp3 to /etc/dhcp.
Closes: #649100.
* debian/bin/xsltproc: don't use $FAKETIME as the variable name in our
wrapper script, this seems to make faketime unhappy.
samba (2:4.1.4+dfsg-1) unstable; urgency=medium
* New upstream release.
* Update version of talloc build-deps to 2.0.8.
* python-samba: add depends on python-ntdb.
-- Chuck Short <email address hidden> Wed, 02 Apr 2014 13:40:30 -0400
-
samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium
* debian/smb.conf: comment back some of the "share definitions"
options (including "valid users"). That was an Ubuntu diff and seems to
have been dropped in the trusty merge. Those changes seem needed to
get the usershare feature working (used by nautilus-share) (lp: #1261873)
-- Sebastien Bacher <email address hidden> Tue, 01 Apr 2014 16:01:04 +0200
-
samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium
* SECURITY UPDATE: Password lockout not enforced for SAMR password
changes
- debian/patches/CVE-2013-4496.patch: refactor password lockout code in
source3/auth/check_samsec.c,
source3/rpc_server/samr/srv_samr_chgpasswd.c,
source3/rpc_server/samr/srv_samr_nt.c,
source3/smbd/lanman.c,
source4/rpc_server/samr/samr_password.c,
source4/torture/rpc/samr.c.
- CVE-2013-4496
* SECURITY UPDATE: smbcacls can remove a file or directory ACL by
mistake
- debian/patches/CVE-2013-6442.patch: handle existing ACL in
source3/utils/smbcacls.c.
- CVE-2013-6442
* debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
-- Marc Deslauriers <email address hidden> Mon, 17 Mar 2014 08:32:30 -0400
-
samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium
* Depend on tdb-tools (LP: #1279593)
* Updated generated config for Bind9.9.
-- Stephane Graber <email address hidden> Wed, 12 Feb 2014 21:26:00 -0500
-
samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium
* Add missing python-ntdb dependency to python-samba (spotted by
autopkgtest).
-- Martin Pitt <email address hidden> Mon, 10 Feb 2014 09:53:01 +0100
-
samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low
* Merge from Debian Unstable:
- debian/VERSION.patch: Update vendor string to "Ubuntu".
* debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
+ Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
first dummy transitional package version.
samba (2:4.1.3+dfsg-2) unstable; urgency=medium
* Add debug symbols for all binaries to samba-dbg. Closes: #732493
* Add lintian overrides for empty prerm scripts.
samba (2:4.1.3+dfsg-1) experimental; urgency=low
[ Jelmer Vernooij ]
* New upstream release.
+ Drop 0002-lib-replace-Allow-OS-vendor-to-assert-that-getpass-i.patch:
upstream no longer uses getpass.
* Add source dependency on libntdb1, and stop passing --disable-ntdb,
which has been removed.
* Remove handling for SWAT, which is no longer shipped upstream.
* Split VFS modules out from samba-libs into a separate binary
package.
* Move service and process_model modules from the samba-libs to the
samba package. Prevents dependencies on libkdc2-heimdal and
libhdb9-heimdal.
[ Ivo De Decker ]
* Add build-dep on python-ntdb.
* Add build-dep on libncurses5-dev.
* Add depends on python-ntdb to samba.
* New upstream release.
samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low
[ Steve Langasek ]
* Check for alternative's presence before calling update-alternatives
--remove-all, instead of silently ignoring all errors from
update-alternatives.
[ Debconf translations ]
* Spanish (Javier Fernández-Sanguino). Closes: #731800
-- Chuck Short <email address hidden> Mon, 13 Jan 2014 08:52:31 -0500
-
samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low
* Merge from Debian Unstable:
- debian/VERSION.patch: Update vendor string to "Ubuntu".
* debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
+ Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
first dummy transitional package version.
samba (2:4.0.13+dfsg-1) unstable; urgency=high
[ Steve Langasek ]
* Move update-alternatives upgrade removal handling to the postinst, where
it belongs. Closes: #730090.
* Really remove all references to encrypted passwords: the
samba-common.config script still included references, which could cause
upgrade failures in some cases. Closes: #729167.
[ Ivo De Decker ]
* New upstream security release. Fixes:
- CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked
- CVE-2012-6150: pam_winbind login without require_membership_of
restrictions
* Add empty prerm scripts for samba and samba-common-bin.prerm, to allow
upgrades from earlier versions with broken prerm script (bug introduced in
2:4.0.10+dfsg-3)
* Don't fail in postinst when removing old alternatives fails.
[ Jelmer Vernooij ]
* Fix invocations of 'update-alternatives --remove-all'. Closes: #731192
samba (2:4.0.12+dfsg-1) unstable; urgency=low
[ Ivo De Decker ]
* New upstream release.
[ Debconf translations ]
* Thai (Theppitak Karoonboonyanan). Closes: #728525
* Norwegian Bokmål (Bjørn Steensrud). Closes: #729070
* German (Holger Wansing). Closes: #729210
[ Jelmer Vernooij ]
* Add 26_heimdal_compat: Fix compatibility with newer versions of
Heimdal.
samba (2:4.0.11+dfsg-1) unstable; urgency=high
* New upstream security release. Fixes:
- CVE-2013-4475: ACLs are not checked on opening an alternate data stream
on a file or directory
- CVE-2013-4476: Private key in key.pem world readable
* Move world-readable private key file on upgrade to allow
auto-regeneration.
* Add check in samba-ad-dc init script for wrong permission on private key
file that would prevent samba to start.
* Update samba-libs.lintian-overrides for moved libtorture0.
-- Chuck Short <email address hidden> Wed, 11 Dec 2013 19:55:47 -0500
-
samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low
* Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
-- Dmitrijs Ledkovs <email address hidden> Wed, 27 Nov 2013 21:50:43 +0000
-
samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low
* Merge from Debian Unstable:
- debian/VERSION.patch: Update vendor string to "Ubuntu".
* debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
-- Chuck Short <email address hidden> Fri, 08 Nov 2013 13:47:46 +0800
-
samba (2:3.6.18-1ubuntu3) saucy; urgency=low
* Update config.{guess,sub} for AArch64.
-- Matthias Klose <email address hidden> Wed, 09 Oct 2013 12:01:48 +0200
