Change log for samba package in Debian
1 → 75 of 379 results | First • Previous • Next • Last |
Published in sid-release |
samba (2:4.19.6+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15527 fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() - https://bugzilla.samba.org/show_bug.cgi?id=15580 Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED - https://bugzilla.samba.org/show_bug.cgi?id=15588 samba-gpupdate: Correctly implement site support - https://bugzilla.samba.org/show_bug.cgi?id=15599 libgpo: Segfault in python bindings * revert d/rules: remove Debian/Ubuntu "branding" -- Michael Tokarev <email address hidden> Mon, 08 Apr 2024 11:18:38 +0300
Superseded in sid-release |
samba (2:4.19.5+dfsg-5) unstable; urgency=medium * implement pkg.samba.before-trixie build profile (undo t64 changhes and drop build-dep) * d/rules: remove Debian/Ubuntu "branding", no need in that * d/control: samba-dsdb-modules: drop hardcoded dependency on libgpgme11 (Closes: #1068526) -- Michael Tokarev <email address hidden> Sun, 07 Apr 2024 16:04:30 +0300
Published in experimental-release |
samba (2:4.20.0+dfsg-1~exp2) experimental; urgency=medium * implement pkg.samba.before-trixie build profile (undo t64 changhes and drop build-dep) * d/rules: remove Debian/Ubuntu "branding", no need in that * d/control: samba-dsdb-modules: drop hardcoded dependency on libgpgme11 (Closes: #1068526) -- Michael Tokarev <email address hidden> Sun, 07 Apr 2024 16:04:30 +0300
Superseded in experimental-release |
samba (2:4.20.0+dfsg-1~exp1) experimental; urgency=medium * new upstream release (4.20.0) * d/control: bump tevent/talloc/tdb versions for Build-Depends * d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0) * d/patches/meaningful-error-if-no-python3-markdown.patch: fixup * d/*.install: internal library names changed: libfoo-samba4.so.0 => libfoo-private-samba.so.0 * d/samba-libs.install: update names for libdcerpc & libndr private libs * d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols: libndr has soversion 4 now. This breaks binaries linked with libndr! * d/samba-libs.symbols: update with new ndr4 symbols * d/libsmbclient.symbols: update with new symbols * d/samba-dev.install: add smb3posix.h * d/not-installed: add usr/bin/wspsearch experimental windows search binary * d/control: libperl-json is not needed for build anymore * d/control: bump minimum mit-krb5 version in Build-Depends to 1.21 (for pkg.samba.mitkrb5 build profile) * rebase on top of 4.19.5+dfsg-4 -- Michael Tokarev <email address hidden> Thu, 28 Mar 2024 10:51:16 +0300
Superseded in sid-release |
samba (2:4.19.5+dfsg-4) unstable; urgency=medium * stop shipping python3/dist-packages/samba/tests (Closes: #1064512, #1063149) * add Debian-Specific tag to debian-specific patches * d/genshlibs: run dh_makeshlibs on libsmbclient0 (Closes: #1065349) -- Michael Tokarev <email address hidden> Sun, 03 Mar 2024 15:37:16 +0300
Superseded in sid-release |
samba (2:4.19.5+dfsg-3) unstable; urgency=medium * d/control: add versioned depends on dpkg-dev to avoid accidental build of time64_t packages on older systems * +lower-dns-lookup-mismatch-messages.patch (reduce log noise) * d/control: add libtirpc-dev and rpcsvc-proto to Build-Depends-Arch (Closes: #1065188) -- Michael Tokarev <email address hidden> Fri, 01 Mar 2024 19:18:35 +0300
Superseded in sid-release |
samba (2:4.19.5+dfsg-2) unstable; urgency=medium * rename libsmbclient => libsmbclient0 for 64-bit time_t transition Closes: #1064337 * d/libsmbclient.lintian-overrides: remove, soname now = package name * add Breaks: of sssd packages to samba-libs * +passchange-error-message.patch - fix password change error message * +edns0.patch: enable EDNS0 support in internal UDP-only DNS client https://bugzilla.samba.org/show_bug.cgi?id=15536 -- Michael Tokarev <email address hidden> Wed, 28 Feb 2024 19:38:48 +0300
Superseded in experimental-release |
samba (2:4.20.0~rc2+dfsg-3) experimental; urgency=medium * rename libsmbclient => libsmbclient0 for 64-bit time_t transition * d/libsmbclient.lintian-overrides: remove, soname now = package name * add Breaks: of sssd packages to samba-libs: 4.20 changed libndr soname, and we now added proper sonames for it -- Michael Tokarev <email address hidden> Wed, 21 Feb 2024 12:28:36 +0300
Published in sid-release |
samba (2:4.19.5+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release (4.19.5) * reformat previous changelog entry to fit in 80cols * d/winbind.postrm: stop recursively removing plain files * d/winbind.postrm: winbindd_cache.tdb is in /var/lib now, not in /var/cache * d/control: RulesRequiresRoot:no * d/*.symbols: use #PACKAGE# placeholders where appropriate (or add comments where it is not) * +silence-can-not-convert-group-sid.diff - make another log message less annoying * -python-fix-invalid-escape-sequences.patch (applied upstream) * d/control: replace pkg-config=>pkgconf in Build-Depends, remove pkg-config from Depends of libldb-dev and python3-ldb-dev * d/samba-libs.symbols, d/control: make libsmbldapN a virtual package provided by samba-libs too, like libndrN -- Michael Tokarev <email address hidden> Mon, 19 Feb 2024 15:21:14 +0300
Published in experimental-release |
samba (2:4.20.0~rc2+dfsg-2) experimental; urgency=medium * new upstream release candidate (4.20.0-rc2) Note: this is just release candidate, not a release yet! * d/control: bump tevent/talloc/tdb versions for Build-Depends * d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0) * d/patches/meaningful-error-if-no-python3-markdown.patch: fixup * d/*.install: internal library names changed: libfoo-samba4.so.0 => libfoo-private-samba.so.0 * d/samba-libs.install: update names for libdcerpc & libndr private libs * d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols: libndr has soversion 4 now. This breaks binaries linked with libndr! * d/samba-libs.symbols: update with new ndr4 symbols * d/libsmbclient.symbols: update with new symbols * d/samba-dev.install: add smb3posix.h * d/not-installed: add usr/bin/wspsearch experimental windows search binary * d/control: libperl-json is not needed for build anymore * d/control: bump minimum mit-krb5 version in Build-Depends to 1.21 (for pkg.samba.mitkrb5 build profile) * rebase on top of 4.19.5+dfsg-1 -- Michael Tokarev <email address hidden> Mon, 19 Feb 2024 15:33:31 +0300
Superseded in experimental-release |
samba (2:4.20.0~rc2+dfsg-1) experimental; urgency=medium * new upstream release candidate (4.20.0-rc2) Note: this is just release candidate, not a release yet! * omit (for now) wspsearch.1 -- Michael Tokarev <email address hidden> Thu, 15 Feb 2024 23:05:46 +0300
Superseded in sid-release |
samba (2:4.19.4+dfsg-3) unstable; urgency=medium * samba,winbind: remove logrotate scripts samba does its own log rotation (max log size (=5000 by default) and renaming to .old). The two clashes with each other in an interesting way. * d/samba-libs.symbols, d/control: make libndrN a virtual package to ensure rdeps pick the right dependency -- Michael Tokarev <email address hidden> Tue, 30 Jan 2024 12:12:42 +0300
Superseded in experimental-release |
samba (2:4.20.0~rc1+dfsg-1) experimental; urgency=medium * new upstream release candidate (4.20.0-rc1) Note: this is just release candidate, not a release yet! * d/control: bump tevent/talloc/tdb versions for Build-Depends * d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0) * d/patches/meaningful-error-if-no-python3-markdown.patch: fixup * d/patches/python-fix-invalid-escape-sequences.patch: remove, applied upstream * d/*.install: internal library names changed, libfoo-samba4.so.0 => libfoo-private-samba.so.0 * d/samba-libs.install: update names for libdcerpc & libndr private libraries * d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols: libndr has soversion 4 now. This breaks binaries linked with libndr! * d/samba-libs.symbols: update with new ndr4 symbols * d/libsmbclient.symbols: update with new symbols * d/samba-dev.install: add smb3posix.h * d/not-installed: add usr/bin/wspsearch experimental windows search binary * d/control: libperl-json is not needed for build anymore * d/control: bump minimum mit-krb5 version in Build-Depends to 1.21 (for pkg.samba.mitkrb5 build profile) -- Michael Tokarev <email address hidden> Mon, 29 Jan 2024 21:43:00 +0300
Superseded in sid-release |
samba (2:4.19.4+dfsg-2) unstable; urgency=medium * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@ -- Michael Tokarev <email address hidden> Mon, 08 Jan 2024 20:44:51 +0300
Superseded in sid-release |
samba (2:4.19.3+dfsg-2) unstable; urgency=medium * d/rules: simplify LDFLAGS assignment * d/rules: add -mlong-jump-table-offsets to CFLAGS on m68k (fix FTBFS there) * d/rules: CFLAGS += -ffile-prefix-map=../../= * d/control: fix versioned dependency on samba for samba-ad-dc * +python-fix-invalid-escape-sequences.patch from upstream (Closes: #1057668) -- Michael Tokarev <email address hidden> Mon, 11 Dec 2023 13:19:18 +0300
Published in bookworm-release |
samba (2:4.17.12+dfsg-0+deb12u1) bookworm-security; urgency=medium * new stable security bugfix release: o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. -- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 18:17:19 +0300
Superseded in sid-release |
samba (2:4.19.3+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=13595 CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users (Closes: #1034803). Please see WHATSNEW.txt file for more information about this issue: actual fix requires extra steps to be performed against samba-based AD-DC - https://bugzilla.samba.org/show_bug.cgi?id=15093 Files without "read attributes" NFS4 ACL permission are not listed in directories - https://bugzilla.samba.org/show_bug.cgi?id=15487 smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set - https://bugzilla.samba.org/show_bug.cgi?id=15492 Kerberos TGS-REQ with User2User does not work for normal accounts - https://bugzilla.samba.org/show_bug.cgi?id=15499 Improve logging for failover scenarios - https://bugzilla.samba.org/show_bug.cgi?id=15507 vfs_gpfs stat calls fail due to file system permissions - https://bugzilla.samba.org/show_bug.cgi?id=15513 Samba doesn't build with Python 3.12 - https://bugzilla.samba.org/show_bug.cgi?id=15520 sid_strings test broken by unix epoch > 1700000000 - https://bugzilla.samba.org/show_bug.cgi?id=15521 smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor() * d/samba-common.maintscript: fix version number for dhcp hook removal (Closes: #1053780) -- Michael Tokarev <email address hidden> Mon, 27 Nov 2023 22:22:54 +0300
Superseded in sid-release |
samba (2:4.19.2+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15423 Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE - https://bugzilla.samba.org/show_bug.cgi?id=15426 clidfs.c do_connect() missing a "return" after a cli_shutdown() call - https://bugzilla.samba.org/show_bug.cgi?id=15463 macOS mdfind returns only 50 results - https://bugzilla.samba.org/show_bug.cgi?id=15481 GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value - https://bugzilla.samba.org/show_bug.cgi?id=15464 libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more - https://bugzilla.samba.org/show_bug.cgi?id=15479 ctdbd: setproctitle not initialized messages flooding logs - https://bugzilla.samba.org/show_bug.cgi?id=15491 CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19 - https://bugzilla.samba.org/show_bug.cgi?id=15477 The heimdal KDC doesn't detect s4u2self correctly when fast is in use * d/samba-common.maintscript: remove obsolete conffile /etc/dhcp/dhclient-enter-hooks.d/samba conffile (Closes: #1053780) -- Michael Tokarev <email address hidden> Mon, 16 Oct 2023 18:26:31 +0300
Superseded in sid-release |
samba (2:4.19.1+dfsg-4) unstable; urgency=medium * d/samba-common.postinst: restore installing of smb.conf using ucf -- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 22:33:32 +0300
Superseded in sid-release |
samba (2:4.19.1+dfsg-3) unstable; urgency=medium * d/ctdb.install: sync ceph arch list * d/control: mention other places where ceph arch list is used -- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 20:12:20 +0300
Superseded in bookworm-release |
samba (2:4.17.11+dfsg-0+deb12u1) bookworm; urgency=medium * new upstream stable/bugfix release 4.17.11, including: o https://bugzilla.samba.org/show_bug.cgi?id=9959 Windows client join fails if a second container CN=System exists somewhere o https://bugzilla.samba.org/show_bug.cgi?id=15342 Spotlight sometimes returns no results on latest macOS o https://bugzilla.samba.org/show_bug.cgi?id=15346 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2 o https://bugzilla.samba.org/show_bug.cgi?id=15384 net ads lookup (with unspecified realm) fails o https://bugzilla.samba.org/show_bug.cgi?id=15401 Improve GetNChanges to address some (but not all "Azure AD Connect") syncronisation tool looping during the initial user sync phase o https://bugzilla.samba.org/show_bug.cgi?id=15407 Samba replication logs show (null) DN o https://bugzilla.samba.org/show_bug.cgi?id=15417 Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination o https://bugzilla.samba.org/show_bug.cgi?id=15419 Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink() o https://bugzilla.samba.org/show_bug.cgi?id=15420 reply_sesssetup_and_X() can dereference uninitialized tmp pointer o https://bugzilla.samba.org/show_bug.cgi?id=15427 Spotlight results return wrong date in result list o https://bugzilla.samba.org/show_bug.cgi?id=15430 Missing return in reply_exit_done() o https://bugzilla.samba.org/show_bug.cgi?id=15432 TREE_CONNECT without SETUP causes smbd to use uninitialized pointer o https://bugzilla.samba.org/show_bug.cgi?id=15435 Regression DFS not working with widelinks = true o https://bugzilla.samba.org/show_bug.cgi?id=15441 samba-tool ntacl get segfault if aio_pthread appended o https://bugzilla.samba.org/show_bug.cgi?id=15446 DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed o https://bugzilla.samba.org/show_bug.cgi?id=15449 mdssvc: Do an early talloc_free() in _mdssvc_open() o https://bugzilla.samba.org/show_bug.cgi?id=15451 ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1 o https://bugzilla.samba.org/show_bug.cgi?id=15453 File doesn't show when user doesn't have permission if aio_pthread is loaded o https://bugzilla.samba.org/show_bug.cgi?id=15463 macOS mdfind returns only 50 results * d/control: indicate the git branch in Vcs-Git URL (-b bookworm) * d/control: fix description of samba-common-bin (samba-client) * d/salsa-ci.yml: set RELEASE to bookworm -- Michael Tokarev <email address hidden> Tue, 12 Sep 2023 15:55:41 +0300
Superseded in sid-release |
samba (2:4.19.0+dfsg-1) unstable; urgency=medium * new upstream release. Some highlights: o changed command-line interface of smbget utility o improved winbindd logging o AD database prepared to FL 2016 standards for new domains o initial, partial implementation of AD FL 2012, 2012R2 and 2016 o samba-tool support for silos, claims, sites and subnets o updated Heimdal import o other improvements and changes, see WHATSNEW.txt file for details. * d/patches: remove patches applied upstream, refresh patches * d/control: update talloc/tevent/tdb build-deps * d/smbclient.install: remove smbgetrc.5 * d/patches: add ldb 2.7.1 & 2.7.2 ABI files * d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0) * d/python3-ldb.symbols: remove unused versions, add new version * d/control: fix description of samba-common-bin (samba-client) * d/samba-common-bin.install: install samba-log-parser (for winbindd for now) * d/samba-libs.install: 2 new libs * d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0 from samba-libs to samba-testsuite * d/samba-libs.install, d/samba-vfs-modules.install: move libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules * d/samba-libs.install, d/samba-common-bin.install: move libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net) * d/samba-libs.install, d/samba-common-bin.install: move libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin (used by usr/libexec/samba/rpcd_*) * samba-libs: add libndr 3.0.1 symbols * d/source/lintian-overrides: remove unused source-is-missing override * d/samba-vfs-modules.lintian-overrides: remove unused spelling-error-in-binary override -- Michael Tokarev <email address hidden> Mon, 04 Sep 2023 22:57:48 +0300
Deleted in experimental-release (Reason: None provided.) |
samba (2:4.19.0~rc4+dfsg-2) experimental; urgency=medium * samba-libs: add libndr 3.0.1 symbols -- Michael Tokarev <email address hidden> Mon, 28 Aug 2023 19:40:39 +0300
Superseded in sid-release |
samba (2:4.18.6+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=9959 Windows client join fails if a second container CN=System exists somewhere - https://bugzilla.samba.org/show_bug.cgi?id=15289 post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself - https://bugzilla.samba.org/show_bug.cgi?id=15342 Spotlight sometimes returns no results on latest macOS - https://bugzilla.samba.org/show_bug.cgi?id=15346 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2 - https://bugzilla.samba.org/show_bug.cgi?id=15390 Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation) - https://bugzilla.samba.org/show_bug.cgi?id=15400 rpcserver no longer accepts double backslash in dfs pathname - https://bugzilla.samba.org/show_bug.cgi?id=15414 "net offlinejoin provision" does not work as non-root user - https://bugzilla.samba.org/show_bug.cgi?id=15417 Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination - https://bugzilla.samba.org/show_bug.cgi?id=15420 reply_sesssetup_and_X() can dereference uninitialized tmp pointer - https://bugzilla.samba.org/show_bug.cgi?id=15427 Spotlight results return wrong date in result list - https://bugzilla.samba.org/show_bug.cgi?id=15430 Missing return in reply_exit_done() - https://bugzilla.samba.org/show_bug.cgi?id=15433 cm_prepare_connection() calls close(fd) for the second time - https://bugzilla.samba.org/show_bug.cgi?id=15435 Regression DFS not working with widelinks = true - https://bugzilla.samba.org/show_bug.cgi?id=15441 samba-tool ntacl get segfault if aio_pthread appended - https://bugzilla.samba.org/show_bug.cgi?id=15446 DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed - https://bugzilla.samba.org/show_bug.cgi?id=15449 mdssvc: Do an early talloc_free() in _mdssvc_open() -- Michael Tokarev <email address hidden> Wed, 16 Aug 2023 20:11:26 +0300
Superseded in experimental-release |
samba (2:4.19.0~rc2+dfsg-1) experimental; urgency=medium * new upstream release candidate * d/patches: remove patches applied upstream, refresh patches * d/control: update talloc/tevent/tdb build-deps * d/smbclient.install: remove smbgetrc.5 * d/patches: add ldb 2.7.1 & 2.7.2 ABI files * d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0) * d/python3-ldb.symbols: remove unused versions, add new version * d/control: fix description of samba-common-bin (samba-client) * d/samba-common-bin.install: install samba-log-parser (for winbindd for now) * d/samba-libs.install: 2 new libs * d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0 from samba-libs to samba-testsuite * d/samba-libs.install, d/samba-vfs-modules.install: move libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules * d/samba-libs.install, d/samba-common-bin.install: move libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net) * d/samba-libs.install, d/samba-common-bin.install: move libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin (used by usr/libexec/samba/rpcd_*) * d/source/lintian-overrides: remove unused source-is-missing override * d/samba-vfs-modules.lintian-overrides: remove unused spelling-error-in-binary override -- Michael Tokarev <email address hidden> Tue, 08 Aug 2023 10:52:58 +0300
Superseded in sid-release |
samba (2:4.18.5+dfsg-2) unstable; urgency=medium * d/rules, d/control: only build glusterfs support on 64bits (Closes: #1041996) * d/rules: make ceph conditional similar to gluster * d/rules: wrap _PYTHON_SYSCONFIGDATA_NAME setting to cross-compile case On e.g. buster, _PYTHON_SYSCONFIGDATA_NAME is different, so this assignment does not work right. In order for it to work on buster, add condition on host vs build gnu type. This breaks compilation with foreign python binary. * d/control: fix description of samba-common-bin (samba-client) -- Michael Tokarev <email address hidden> Fri, 04 Aug 2023 17:29:06 +0300
Superseded in experimental-release |
samba (2:4.19.0~rc1+dfsg-3) experimental; urgency=medium * d/rules: wrap _PYTHON_SYSCONFIGDATA_NAME setting to cross-compile case On e.g. buster, _PYTHON_SYSCONFIGDATA_NAME is different, so this assignment does not work right. In order for it to work on buster, add condition on host vs build gnu type. This breaks compilation with foreign python binary. -- Michael Tokarev <email address hidden> Fri, 04 Aug 2023 14:30:04 +0300
Superseded in bookworm-release |
samba (2:4.17.9+dfsg-0+deb12u3) bookworm; urgency=medium * +fix-unsupported-netr_LogonGetCapabilities-l2.patch Fix windows logon/trust issues with 2023-07 windows updates: https://bugzilla.samba.org/show_bug.cgi?id=15418 -- Michael Tokarev <email address hidden> Fri, 14 Jul 2023 12:34:30 +0300
Superseded in sid-release |
samba (2:4.18.5+dfsg-1) unstable; urgency=medium * new upstream stable/security release 4.18.5, including: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. https://bugzilla.samba.org/show_bug.cgi?id=15418 (this has been patched in the previous upload; Closes: #1041043) -- Michael Tokarev <email address hidden> Wed, 19 Jul 2023 17:55:58 +0300
Superseded in sid-release |
samba (2:4.18.4+dfsg-2) unstable; urgency=medium * +fix-unsupported-netr_LogonGetCapabilities-l2.patch Fix windows logon/trust issues with 2023-07 windows updates: https://bugzilla.samba.org/show_bug.cgi?id=15418 * d/copyright: also remove ctdb/doc/*.?.html pre-generated manpages from the upstream tarball (forgotten previously) * d/rules: add comment about -latomic gcc issue and drop --as-needed there since it is already in use -- Michael Tokarev <email address hidden> Fri, 14 Jul 2023 12:30:31 +0300
Superseded in sid-release |
samba (2:4.18.4+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release, including: - https://bugzilla.samba.org/show_bug.cgi?id=2312 smbcacls and smbcquotas do not check // before the server - https://bugzilla.samba.org/show_bug.cgi?id=14030 Named crashes on DLZ zone update (was in debian before) - https://bugzilla.samba.org/show_bug.cgi?id=15355 NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts - https://bugzilla.samba.org/show_bug.cgi?id=15381 Register Samba processes with GPFS - https://bugzilla.samba.org/show_bug.cgi?id=15382 cli_list loops 100% CPU against pre-lanman2 servers - https://bugzilla.samba.org/show_bug.cgi?id=15383 Remove comments about deprecated 'write cache size' - https://bugzilla.samba.org/show_bug.cgi?id=15384 net ads lookup (with unspecified realm) fails - https://bugzilla.samba.org/show_bug.cgi?id=15390 Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation) - https://bugzilla.samba.org/show_bug.cgi?id=15391 smbclient leaks fds with showacls - https://bugzilla.samba.org/show_bug.cgi?id=15398 The winbind child segfaults when listing users with `winbind scan trusted domains = yes` - https://bugzilla.samba.org/show_bug.cgi?id=15402 smbd returns NOT_FOUND when creating files on a r/o filesystem - https://bugzilla.samba.org/show_bug.cgi?id=15403 smbget memory leak if failed to download files recursively - https://bugzilla.samba.org/show_bug.cgi?id=15404 Backport --pidl-developer fixes * remove dnsserver-rename-dns_name_equal.patch (applied upstream) -- Michael Tokarev <email address hidden> Wed, 05 Jul 2023 18:14:20 +0300
Superseded in sid-release |
samba (2:4.18.3+dfsg-3) unstable; urgency=medium * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, for -latomic workaround -- Michael Tokarev <email address hidden> Wed, 21 Jun 2023 23:11:59 +0300
Superseded in sid-release |
samba (2:4.18.3+dfsg-2) unstable; urgency=medium * d/rules: include -latomic gcc issue workaround for select arches apparently due to a gcc issue, some architectures (armel, mipsel, ...) fail to link samba due to not finidng __atomic_load_8 etc symbols after using atomic_load etc from stdatomic.h (part of gcc). Add -latomic explicitly to the list of libraries we link with. * d/rules: add libwbclient0 to the list of krb5-versioned packages (thanks to Andrew Kornilov) -- Michael Tokarev <email address hidden> Tue, 20 Jun 2023 11:35:13 +0300
Superseded in sid-release |
samba (2:4.18.3+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15375 Symlinks to files can have random DOS mode information in a directory listing - https://bugzilla.samba.org/show_bug.cgi?id=15378 vfs_fruit might cause a failing open for delete - https://bugzilla.samba.org/show_bug.cgi?id=15361 winbind recurses into itself via rpcd_lsad - https://bugzilla.samba.org/show_bug.cgi?id=15366 wbinfo -u fails on ad dc with >1000 users - https://bugzilla.samba.org/show_bug.cgi?id=15338 DS ACEs might be inherited to unrelated object classes - https://bugzilla.samba.org/show_bug.cgi?id=15362 a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND - https://bugzilla.samba.org/show_bug.cgi?id=15374 aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse() - https://bugzilla.samba.org/show_bug.cgi?id=15360 Setting veto files = /.*/ break listing directories - https://bugzilla.samba.org/show_bug.cgi?id=15363 "samba-tool domain provision" does not run interactive mode if no arguments are given - https://bugzilla.samba.org/show_bug.cgi?id=15325 dsgetdcname: assumes local system uses IPv4 * dnsserver-rename-dns_name_equal.patch (forgotten) patch from upstream targetting next stable Fixes crashes of named with samba DLZ plugin due to symbol name conflict (dns_name_equal() function). There's no resulting code changes, just a symbol rename. https://bugzilla.samba.org/show_bug.cgi?id=14030 Closes: #1036587, #927747 * remove generated manpage files upstream ships in docs/manpages/ and ctdb/doc/ -- Michael Tokarev <email address hidden> Wed, 31 May 2023 20:09:05 +0300
samba (2:4.17.8+dfsg-2) unstable; urgency=medium * dnsserver-rename-dns_name_equal.patch (forgotten) patch from upstream targetting next stable Fixes crashes of named with samba DLZ plugin due to symbol name conflict (dns_name_equal() function). There's no resulting code changes, just a symbol rename. https://bugzilla.samba.org/show_bug.cgi?id=14030 Closes: #1036587, #927747 -- Michael Tokarev <email address hidden> Wed, 24 May 2023 22:54:43 +0300
Superseded in sid-release |
samba (2:4.17.8+dfsg-1) unstable; urgency=medium * upstream stable/security/bugfix release, fixing the following issues: * https://bugzilla.samba.org/show_bug.cgi?id=14810 CVE-2020-25720 Create Child permission should not allow full write to all attributes (additional changes) * https://bugzilla.samba.org/show_bug.cgi?id=15143 New filename parser doesn't check veto files smb.conf parameter * https://bugzilla.samba.org/show_bug.cgi?id=15302 log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower (this was included in Debian package already) * https://bugzilla.samba.org/show_bug.cgi?id=15306 Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c * https://bugzilla.samba.org/show_bug.cgi?id=15313 Large directory optimization broken for non-lcomp path elements * https://bugzilla.samba.org/show_bug.cgi?id=15317 winbindd idmap child contacts the domain controller without a need * https://bugzilla.samba.org/show_bug.cgi?id=15318 idmap_autorid may fail to map sids of trusted domains for the * https://bugzilla.samba.org/show_bug.cgi?id=15319 idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings * https://bugzilla.samba.org/show_bug.cgi?id=15323 net ads search -P doesn't work against servers in other domains * https://bugzilla.samba.org/show_bug.cgi?id=15325 dsgetdcname: assumes local system uses IPv4 * https://bugzilla.samba.org/show_bug.cgi?id=15328 test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners * https://bugzilla.samba.org/show_bug.cgi?id=15329 Reduce flapping of ridalloc test * https://bugzilla.samba.org/show_bug.cgi?id=15329 Reduce flapping of ridalloc test * https://bugzilla.samba.org/show_bug.cgi?id=15338 DS ACEs might be inherited to unrelated object classes * https://bugzilla.samba.org/show_bug.cgi?id=15351 large_ldap test is unreliable * https://bugzilla.samba.org/show_bug.cgi?id=15353 Temporary smbXsrv_tcon_global.tdb can't be parsed * https://bugzilla.samba.org/show_bug.cgi?id=15354 mdssvc may crash when initializing * https://bugzilla.samba.org/show_bug.cgi?id=15357 streams_depot fails to create streams * https://bugzilla.samba.org/show_bug.cgi?id=15358 shadow_copy2 and streams_depot don't play well together * https://bugzilla.samba.org/show_bug.cgi?id=15360 Setting veto files = /.*/ break listing directories * https://bugzilla.samba.org/show_bug.cgi?id=15366 wbinfo -u fails on ad dc with >1000 users * d/gbp.conf: switch debian-branch to "bookworm" -- Michael Tokarev <email address hidden> Thu, 11 May 2023 10:52:40 +0300
Deleted in experimental-release (Reason: None provided.) |
samba (2:4.18.2+dfsg-1) experimental; urgency=medium * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15302 Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. - https://bugzilla.samba.org/show_bug.cgi?id=15306 Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c. - https://bugzilla.samba.org/show_bug.cgi?id=15328 test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. - https://bugzilla.samba.org/show_bug.cgi?id=15329 Reduce flapping of ridalloc test. - https://bugzilla.samba.org/show_bug.cgi?id=15351 large_ldap test is unreliable. - https://bugzilla.samba.org/show_bug.cgi?id=15143 New filename parser doesn't check veto files smb.conf parameter. - https://bugzilla.samba.org/show_bug.cgi?id=15354 mdssvc may crash when initializing. - https://bugzilla.samba.org/show_bug.cgi?id=15313 large directory optimization broken for non-lcomp path elements. - https://bugzilla.samba.org/show_bug.cgi?id=15357 streams_depot fails to create streams. - https://bugzilla.samba.org/show_bug.cgi?id=15358 shadow_copy2 and streams_depot don't play well together. - https://bugzilla.samba.org/show_bug.cgi?id=15316 Flapping tests in samba_tool_drs_show_repl.py. - https://bugzilla.samba.org/show_bug.cgi?id=15317 winbindd idmap child contacts the domain controller without a need. - https://bugzilla.samba.org/show_bug.cgi?id=15318 idmap_autorid may fail to map sids of trusted domains for the first time. - https://bugzilla.samba.org/show_bug.cgi?id=15319 idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. - https://bugzilla.samba.org/show_bug.cgi?id=15323 net ads search -P doesn't work against servers in other domains. - https://bugzilla.samba.org/show_bug.cgi?id=15353 Temporary smbXsrv_tcon_global.tdb can't be parsed. - https://bugzilla.samba.org/show_bug.cgi?id=15316 Flapping tests in samba_tool_drs_show_repl.py. - https://bugzilla.samba.org/show_bug.cgi?id=15343 Tests use depricated and removed methods like assertRegexpMatches. * d/rules, d/libldb2.symbols; add ldb 2.6.2 version * heimdal-to-support-KEYRING-ccache.patch: enable KEYRING in heimdal (Closes: #1023609) * d/control: build-depend on libkeyutils-dev (it is pulled by some other dep, but better to be safe) * -s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch (the change has been applied upstream) -- Michael Tokarev <email address hidden> Wed, 19 Apr 2023 14:02:49 +0300
Superseded in sid-release |
samba (2:4.17.7+dfsg-1) unstable; urgency=high * upstream stable/security/bugfix release, fixing the following issues: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614 * update libldb symbols and versions -- Michael Tokarev <email address hidden> Wed, 29 Mar 2023 17:59:17 +0300
Deleted in experimental-release (Reason: None provided.) |
samba (2:4.18.1+dfsg-1~exp1) experimental; urgency=high * upstream stable/security/bugfix release, fixing the following issues: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614 * update libldb symbols and versions -- Michael Tokarev <email address hidden> Wed, 29 Mar 2023 17:59:17 +0300
Superseded in sid-release |
samba (2:4.17.6+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release 4.17.6: * https://bugzilla.samba.org/show_bug.cgi?id=15314 streams_xattr is creating unexpected locks on folders. * https://bugzilla.samba.org/show_bug.cgi?id=10635 Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. * https://bugzilla.samba.org/show_bug.cgi?id=15299 Spotlight doesn't work with latest macOS Ventura. * https://bugzilla.samba.org/show_bug.cgi?id=15310 New samba-dcerpc architecture does not scale gracefully. * https://bugzilla.samba.org/show_bug.cgi?id=15307 vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat. * https://bugzilla.samba.org/show_bug.cgi?id=15293 With clustering enabled samba-bgqd can core dump due to use after free. * https://bugzilla.samba.org/show_bug.cgi?id=15311 fd_load() function implicitly closes the fd where it should not. * debian/po/ro.po update from Remus-Gabriel Chelu * s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch makes smbd a bit less spammy in logs * d/control: clarify some package descriptions (Closes: #1031922) -- Michael Tokarev <email address hidden> Thu, 09 Mar 2023 12:52:14 +0300
Superseded in experimental-release |
samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium * new upstream release (4.18.0): * SMB Server performance improvements * More succinct samba-tool error messages * Colour output with samba-tool --color * New samba-tool dsacl subcommand for deleting ACES * New wbinfo option --change-secret-at * New option to change the NT ACL default location * Azure Active Directory / Office365 synchronisation improvements * new smb.conf parameters: server addresses acl_xattr:security_acl_name * For more details, please refer to WHATSNEW.txt file. * d/control: bump talloc/tdb/tevent build-deps * patches: - refresh: hurd-compat.patch - refresh: spelling.patch, remove many, add 3 new changes - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal - remove: unwrap-getresgid-typo.patch, not needed * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 * d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1) * d/libwbclient0.symbols: add new version and two new symbols: wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt -- Michael Tokarev <email address hidden> Thu, 09 Mar 2023 14:47:05 +0300
Superseded in experimental-release |
samba (2:4.18.0~rc4+dfsg-1) experimental; urgency=medium * new upstream release candidate (4.18.0rc4) * d/control: bump talloc/tdb/tevent build-deps * patches: - refresh: hurd-compat.patch - refresh: spelling.patch, remove many, add 3 new changes - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal - remove: unwrap-getresgid-typo.patch, not needed * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 * d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1) * d/libwbclient0.symbols: add new version and two new symbols: wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt -- Michael Tokarev <email address hidden> Wed, 01 Mar 2023 16:50:46 +0300
Superseded in experimental-release |
samba (2:4.18.0~rc3+dfsg-1) experimental; urgency=medium * new upstream release candidate (4.18.0rc3) * d/control: bump talloc/tdb/tevent build-deps * patches: - refresh: hurd-compat.patch - refresh: spelling.patch, remove many, add 3 new changes - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal - remove: unwrap-getresgid-typo.patch, not needed * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 * d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1) * d/libwbclient0.symbols: add new version and two new symbols: wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt -- Michael Tokarev <email address hidden> Thu, 16 Feb 2023 11:53:47 +0300
Superseded in sid-release |
samba (2:4.17.5+dfsg-2) unstable; urgency=medium * d/control: samba: depends on exact version of python3-samba * d/control: fix typo * more tweaks for foreign/cross build * d/control: work around autodep8 #904999 again * introduce upstream-like aliases for debian .service names, add rationale -- Michael Tokarev <email address hidden> Sat, 04 Feb 2023 17:15:40 +0300
Superseded in experimental-release |
samba (2:4.18.0~rc2+dfsg-1) experimental; urgency=medium * new upstream release candidate (4.18.0rc2) * d/control: bump talloc/tdb/tevent build-deps * patches: - refresh: hurd-compat.patch - refresh: spelling.patch, remove many, add 3 new changes - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal - remove: unwrap-getresgid-typo.patch, not needed * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 * d/libldb2.symbols, python3-ldb.symbols.in: ad the new version * d/libwbclient0.symbols: add new version and two new symbols: wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt -- Michael Tokarev <email address hidden> Thu, 02 Feb 2023 00:05:39 +0300
Superseded in sid-release |
samba (2:4.17.5+dfsg-1) unstable; urgency=medium * new upstream stable/bugfix release. From WHATSNEW.txt: * BUG 14808: smbc_getxattr() return value is incorrect. * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly. * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors. * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS (Closes: #1023606). * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle. * BUG 15277: DFS links don't work anymore on Mac clients since 4.17. * BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value). * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes). * BUG 15243: %U for include directive doesn't work for share listing (netshareenum) (the fix was in debian before). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4 (the fix was in debian before). * BUG 15269: ctdb: use-after-free in run_proc. * BUG 15280: irpc_destructor may crash during shutdown. * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. * BUG 15268: smbclient segfaults with use after free on an optimized build * BUG 15282: smbstatus leaking files in msg.sock and msg.lock. * BUG 15164: Leak in wbcCtxPingDc2. * BUG 15265: Access based share enum does not work in Samba 4.16+. * BUG 15267: Crash during share enumeration. * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer. * BUG 15281: Avoid relying on C89 features in a few places. * remove patches applied upstream: - reload-registry-shares-after-reloading-services.patch - rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch * d/control: Standards-Version: 4.6.2 (no changes) * d/control: put all doc-generating build-deps into one line * little prep for cross-compilation - build-depend on python3:any and python3-dev:any - build-depend on libpython3-dev for actual module building, and use arch-specific python3-config from there - set and export _PYTHON_SYSCONFIGDATA_NAME to get foreign-arch values provided by libpython3-dev (also helps when python itself is foreign) - depend on perl:any not just perl - export CC/CPP/LD/PKGCONFIG for ./configure (buildtools.mk) * d/gbp.conf: unignore branch * d/control: samba, ctdb, winbind: do not depend on lsb-base (the script is in sysvinit-utils now) * d/control: drop unused build-dep on libncurses5-dev -- Michael Tokarev <email address hidden> Fri, 27 Jan 2023 11:15:01 +0300
Superseded in experimental-release |
samba (2:4.18.0~rc1+dfsg-1exp) experimental; urgency=medium * new upstream release candidate (4.18.0rc1) * d/control: bump talloc/tdb/tevent build-deps * patches: - refresh: hurd-compat.patch - refresh: spelling.patch, remove many, add 3 new changes - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal - remove: unwrap-getresgid-typo.patch, not needed - remove: reload-registry-shares-after-reloading-services.patch - remove: rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch * d/gbp.conf: unignore branch (gbp import-orig does fun stuff if it is set) * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 * d/libldb2.symbols, python3-ldb.symbols.in: ad the new version * d/libwbclient0.symbols: add new version and two new symbols: wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt -- Michael Tokarev <email address hidden> Sat, 21 Jan 2023 11:20:58 +0300
Superseded in sid-release |
samba (2:4.17.4+dfsg-3) unstable; urgency=medium * +rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch https://bugzilla.samba.org/show_bug.cgi?id=15265 * +reload-registry-shares-after-reloading-services.patch https://bugzilla.samba.org/show_bug.cgi?id=15266 * d/samba.postinst: fix /var/spool/samba => /var/tmp handling (old spooldir can be referred to in other sections too) * create common script "is-configured" to check if the service is configured in smb.conf, and stop masking services in postinst * rewrite SysV init scripts (simplify, make consistent, etc) * d/winbind.postinst: create/change /var/lib/samba/winbindd_privileged at install time only (it should be in /run/samba/ somewhere these days) * d/control: change version of samba which samba-ad-provisioning Breaks to where provisioning was split out -- Michael Tokarev <email address hidden> Tue, 03 Jan 2023 10:45:36 +0300
Superseded in sid-release |
samba (2:4.17.4+dfsg-2) unstable; urgency=medium * d/control: samba-dc-provision Replaces+Breaks samba (< 4.17.4+dfsg-2). Closes: #1026387 -- Michael Tokarev <email address hidden> Mon, 19 Dec 2022 16:36:00 +0300
Superseded in sid-release |
samba (2:4.17.4+dfsg-1) unstable; urgency=medium * new upstream stable/security release, with the following changes: - CVE-2022-37966: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022, see https://www.samba.org/samba/security/CVE-2022-37966.html - CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. See https://www.samba.org/samba/security/CVE-2022-37967.html - CVE-2022-38023: Weak "RC4" (rc4-hmac) protection of the NetLogon Secure channel uses, see https://www.samba.org/samba/security/CVE-2022-38023.html There are several important behavior changes included in this release, which may cause compatibility problems interacting with system still expecting the former behavior. Please read the documents referenced above! See also the WHATSNEW.txt document, as there are several new, changed and deprecated smb.conf parameters. * Other bugfixes in this release (from WHATSNEW.txt): https://bugzilla.samba.org/show_bug.cgi?id=14929 CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST. https://bugzilla.samba.org/show_bug.cgi?id=15219 Heimdal session key selection in AS-REQ examines wrong entry. https://bugzilla.samba.org/show_bug.cgi?id=13135 The KDC logic around msDs-supportedEncryptionTypes differs from Windows. https://bugzilla.samba.org/show_bug.cgi?id=14611 CVE-2021-20251 Bad password count not incremented atomically. https://bugzilla.samba.org/show_bug.cgi?id=15206 libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4() https://bugzilla.samba.org/show_bug.cgi?id=15230 Memory leak in snprintf replacement functions. https://bugzilla.samba.org/show_bug.cgi?id=15253 RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression). https://bugzilla.samba.org/show_bug.cgi?id=15198 Prevent EBADF errors with vfs_glusterfs. https://bugzilla.samba.org/show_bug.cgi?id=15243 %U for include directive doesn't work for share listing (netshareenum). https://bugzilla.samba.org/show_bug.cgi?id=15257 Stack smashing in net offlinejoin requestodj. * removed patches which are now included upstream: - nsswitch-pam-data-time_t.patch - CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch -- Michael Tokarev <email address hidden> Thu, 15 Dec 2022 21:54:31 +0300
Superseded in sid-release |
samba (2:4.17.3+dfsg-4) unstable; urgency=medium * create samba-ad-provision package with contents of /usr/share/samba/setup. It is recommended by samba, so can be uninstalled if not needed. * create samba-ad-dc package. It is an empty metapackage for now, but with dependencies needed to run an Active Directory Domain Controller (AD-DC) * samba-ad-provision.lintian-overrides: license files * print meaningful error message if samba-ad-provision is not installed (meaningful-error-if-no-samba-ad-provision.patch) * print meaningful error message if python3-markdown is not installed (meaningful-error-if-no-python3-markdown.patch) * ctdb: move rundir from /var/run to /run * fix typo in fruit patch * a few more spelling fixes * add #DEBHELPER# tokens to libnss-winbind.{postinst,postrm} * remove mentions of /var/spool/samba from samba.lintian-overrides (moved to /var/tmp) * change embedded-library heimdal lintian override in a way to be understood by both old and new lintian, so the package can be uploaded -- Michael Tokarev <email address hidden> Mon, 05 Dec 2022 14:39:43 +0300
Superseded in sid-release |
samba (2:4.17.3+dfsg-3) unstable; urgency=medium * d/control: winbind should depend on the same binary:Version of libwbclient, or else its components can't talk to the daemon. Thank you Stefan Weichinger for the patience while finding this one! * libnss-winbind: add postinst/postrm scripts to add/remove nsswitch.conf entry for winbind (but not for wins) -- Michael Tokarev <email address hidden> Thu, 01 Dec 2022 22:38:07 +0300
Superseded in sid-release |
samba (2:4.17.3+dfsg-2) unstable; urgency=medium * fruit-disable-useless-size_t-overflow-check.patch (Closes: #974868) * CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch Fix regression on 32bit systems: https://bugzilla.samba.org/show_bug.cgi?id=15203 -- Michael Tokarev <email address hidden> Mon, 21 Nov 2022 20:41:46 +0300
Superseded in sid-release |
samba (2:4.17.3+dfsg-1) unstable; urgency=medium * new upstream security release 4.17.3, fixing the following issue: CVE-2022-42898: Heimdal Kerberos libraries suffers from an integer multiplication overflow vulnerability which affects 32bit platforms, see https://www.samba.org/samba/security/CVE-2022-42898.html This changes third_party/heimdal/, it does not affect mitkrb5 builds. * d/rules: stop stripping +dfsg suffix from ldb version * d/control: declare dependency on password (for groupadd in postinst) for winbind and samba (Closes: #1023759) * implement pkg.samba.mitkrb5 build profile to build with system mit-krb5 (with "mitkrb5" version suffix in some packages for now) * d/control: mark libufing-dev build dep with <!pkg.samba.nouring> (to simplify out-of-archive builds for older systems) * d/rules: parametrise list of packages to omit (eg on ubuntu-i386) with ${omit-pkgs} * d/rules: use variables in a more consistent way, use single ${config-args} * d/control: tdb-tools and lmdb-utils packages are also needed for tests (everything is commented out for now anyway) * d/rules: update knownfail tests * d/rules: stop exporting buildflags, export compiler options when needed * d/rules: always define rados:Depends & vfsmods:Depends substvars * unwrap-getresgid-typo.patch - fix crash during p11-kit execution (https://bugzilla.samba.org/show_bug.cgi?id=15227) (for the testsuite only) * nsswitch-pam-data-time_t.patch - fix time_t not fit in a pointer (eg x32) (https://bugzilla.samba.org/show_bug.cgi?id=15224) -- Michael Tokarev <email address hidden> Tue, 15 Nov 2022 19:26:10 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-9) unstable; urgency=medium * hurd-compat.patch: some minor compatibility tweaks for hurd * d/rules compat work: - ceph is linux-only like glusterfs - d/rules: add another conditional, with_snapper - combine linux features into single block * d/rules: support "terse" build option for non-verbose build * d/rules: remove third_party/heimdal/lib/gssapi/gssapi.h before build (Closes: #1013205). This fixes -I path order and <gssapi/gssapi.h> include mess which caused samba to FTBFS on sparc64 for quite some time -- Michael Tokarev <email address hidden> Sun, 06 Nov 2022 20:13:19 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-8) unstable; urgency=medium * d/rules: do not explicitly enable quotas on non-linux: enable everything interesting on linux explicitly and let ./configure to figure it out in other systems. This should fix FTBFS problem on hurd. * d/rules: do not disable systemd on non-linux, let ./configure figure it out * d/winbind.postinst: switch addgroup => groupadd and eliminate getent. winbind package never declared dependency on adduser but always used addgroup command in its postinst script. Finally this broke piuparts. Switch to groupadd which is even easier to use. * d/samba.postinst: switch addgroup => groupadd and eliminate getent * d/smb.conf: use useradd in example create user script too -- Michael Tokarev <email address hidden> Thu, 03 Nov 2022 15:04:46 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-7) unstable; urgency=medium * another way to work around #1013259: provide a compatibility symlink libndr.so.2 pointing to libndr.so.3: - libndr-debug-level-compat.diff, libndr-revert-so3.diff: remove - d/samba-libs.symbols: adjust symbols/versions - d/samba-libs.install: libndr.so.2 => libndr.so.3 - d/samba-libs.links: provide the compat libndr.so.2 symlink * d/samba-libs.links: add comments describing libndr.so.N issue * d/samba-libs.links: add libndr.so.1 compat symlink too (for bullseye sssd) * d/control: unbreak bullseye/jammy sssd-ad-common, sssd-ad, sssd-ipa by samba-libs once libndr.so.1 compat link is here -- Michael Tokarev <email address hidden> Wed, 02 Nov 2022 20:43:53 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-6) unstable; urgency=medium * d/control: fix comment in previous upload -- Michael Tokarev <email address hidden> Wed, 02 Nov 2022 10:45:26 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-5) unstable; urgency=medium * d/control: bump version of broken-by-samba-libs sssd and add more affected sssd packages; also reformat the comment there so dpkg-gencontrol does not complain -- Michael Tokarev <email address hidden> Wed, 02 Nov 2022 09:34:10 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-4) unstable; urgency=medium * d/control: stop suggesting old/orphaned/gone-upstream smbldap-tools * libndr work (Closes: #1013259): - d/control: samba-libs breaks bullseye sssd-ad due to libndr.so.1=>.2 bump - d/samba-libs.install: be more explicit about sonames of public libs to catch soname changes - libndr-debug-level-compat.diff, libndr-revert-so3.diff: revert libndr.so.2->3 soname bump by providing compat wrapper for new symbol - d/samba-libs.symbols: provide symbols for libndr.so.2 -- Michael Tokarev <email address hidden> Tue, 01 Nov 2022 12:53:22 +0300
Superseded in sid-release |
samba (2:4.17.2+dfsg-3) unstable; urgency=low * rebase on top of debian 4.16.6+dfsg-6 release, include some history of 4.17.* experimental releases in changelog * d/samba-libs.lintian-overrides: update package-name-doesnt-match-sonames to match all libs * urgency is set to low to delay unstable->testing transition a bit -- Michael Tokarev <email address hidden> Sun, 30 Oct 2022 16:23:51 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-6) unstable; urgency=medium * d/rules: use the right dir for dh_shlibdeps -l (long-standing issue) * rewrite shlibs/symbols-generating file d/genshlibs, make whole process much more clean and strighforward, and 10x times faster too * debian/libnss-winbind.triggers: activate ldconfig trigger * add debian/samba-libs.symbols with libsmbldap library * d/samba.examples: do not install smbadduser: csh considered harmful * d/rules: remove long-unused commented-out override_dh_perl-arch * d/samba.lintian-overrides: *docs-outside-share-doc usr/share/samba/setup/ * d/genshlibs: add the forgotten mkdir for d/$pkg/DEBIAN * remove static/fixed branding d/patches/VERSION.patch * d/rules: implement dynamic branding of VERSION file based on dpkg-vendor * d/rules: simplify package interdependency checking rules * d/rules: add a lot more interpackage dependency checks * d/NEWS: merge it into d/samba.NEWS (removes several lintian warnings) -- Michael Tokarev <email address hidden> Sat, 29 Oct 2022 08:28:53 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-5) unstable; urgency=medium * move samba:idmap_script.8.gz and samba-libs:idmap_rfc2307.8.gz manpages to winbind package where they belong and where actual idmap modules lives. (install all idmap_*.8 manpages to winbind package) * d/rules: install pam.d/samba with mode 0644, not 0755 * many lintian-override updates: - source: ctdb/doc/*.html actually has sources - source: +very-long-line-length-in-source-file * (for generated files) - source: +debian-control-has-unusual-field-spacing Breaks - winbind: +spare-manual-page for module manpages - *: update some overrides for new lintian - libpam-winbind: +spare-manual-page pam_winbind.8 - libldb2: +package-contains-empty-directory .../ldb/modules/ldb/ - *: +hardening-no-fortify-functions for some simple shared libs -- Michael Tokarev <email address hidden> Wed, 26 Oct 2022 22:27:00 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-4) unstable; urgency=medium * poptGetArg-misuse-fixes-1022826.diff: fix poptGetArg() misuse for popt-1.9 (Closes: #1022826) -- Michael Tokarev <email address hidden> Wed, 26 Oct 2022 19:45:38 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-3) unstable; urgency=medium * d/rules: stop dh_installpam from installing samba.pam to the samba package (Closes: #1022775, #1022776) -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 20:13:53 +0300
Deleted in experimental-release (Reason: None provided.) |
samba (2:4.17.2+dfsg-2) experimental; urgency=medium * d/rules: stop dh_installpam from installing samba.pam to the samba package (Closes: #1022775, #1022776) -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 20:13:53 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-2) unstable; urgency=medium * d/rules: pam.d/samba should go to /etc, not / * d/README.source.md: it is README.source.md not README.source * d/control: bump Standards-Version to 4.6.1 (no changes) * d/rules: verify that samba-libs does not depend on samba -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 13:55:33 +0300
Superseded in sid-release |
samba (2:4.16.6+dfsg-1) unstable; urgency=medium * new upstream security release 4.16.6, fixing: CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html * use explicit_bzero() instead of bzero() for the substitute of memset_s() * d/rules: make it a bit more consistent with other samba packages * d/rules: stop exporting ${PYTHON} * a bunch of ubuntu-related changes: - d/rules: omit glusterfs on ubuntu-i386 - apply Ubuntu changes to smb.conf at install time (d/smb.conf.ubuntu.diff) - d/tests/: ensure io_uring module is built before testing it - d/rules: inline parallel check from dpkg/buildopts.mk (buildopts.mk does not exist on ubuntu 20.04 focal) -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 12:48:20 +0300
Superseded in experimental-release |
samba (2:4.17.2+dfsg-1) experimental; urgency=medium * upstream 4.17.0 release: Closes: CVE-2022-1615 Closes: CVE-2022-32743 - removed spelling.patch (partially applied upstream) - removed weak-crypto-allowed-clarify.diff (applied upstream) - removed dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch (applied upstream) - refresh: ctdb-create-piddir.patch - refresh: fix-nfs-service-name-to-nfs-kernel-server.patch - d/control: update minimum versions for talloc/tevent/tdb - d/rules: do not install ctdb.service, it is installed by upstream now - d/ctdb.install: do not install ctdb_wrapper (not used anymore) - d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1 * upstream 4.17.1 security release: CVE-2021-20251 Bad password count not incremented atomically. * upstream 4.17.2 security release: CVE-2022-3592 A malicious client can use a symlink to escape the exported directory. https://www.samba.org/samba/security/CVE-2022-3592.html (Samba 4.17 only) * new patch: spelling.patch: a few more spelling fixes * per upstream, re-version symbols added in 2.5.2 as added in 2.6.1 (ldb users needs to be recompiled anyway after updating libldb) * move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450) * d/rules: no need to build compile_et,asn1_compile intermediate targets anymore; also remove now-unused ${WAFv} macro * this release re-does all changes in the former experimental branch -- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 14:30:44 +0300
Superseded in experimental-release |
samba (2:4.17.1+dfsg-1) experimental; urgency=medium * new upstream bugfix release containing a security fix: * CVE-2021-20251 Bad password count not incremented atomically. * Merge changes from 4.16.x (debian/master) branch. * use-bzero-instead-of-memset_s.diff : use explicit_bzero() instead of bzero() for the substitute of memset_s(). bzero() is wrong here because it, just like memset, can be optimized out by the compiler. * d/rules: stop using dh_installpam for installing a single pam.d file -- Michael Tokarev <email address hidden> Wed, 19 Oct 2022 21:34:11 +0300
Superseded in experimental-release |
samba (2:4.17.0+dfsg-2) experimental; urgency=medium * mention closing of CVE-2022-32743 by the 4.17.0 upload * mention closing of CVE-2022-1615 by the 4.17.0 upload * move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450) * d/rules: verify that samba-libs does not depend on samba -- Michael Tokarev <email address hidden> Sat, 08 Oct 2022 23:00:05 +0300
Superseded in sid-release |
samba (2:4.16.5+dfsg-2) unstable; urgency=medium [ Michael Tokarev ] * d/tests/util: use printf for formatting password for smbpasswd, not non-standard echo \n (mr !60) * introduce LDB_2.4.4 version symbol (Closes: #1021371) Create an empty ABI file just to make the scripts run during the build stage to introduce LDB_2.4.4 version symbol into libldb.so, and remove this empty file in the clean target. It is a bit hackish but works fine. This is only needed to upgrade from bullseye to bookworm, from 4.13.13+dfsg-1~deb11u5+ to the next release, 4.16+. Remove this for bookworm+. * dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch: GnuTLS gnutls_rnd() can fail and give predictable random values. Closes: #1021024, CVE-2022-1615 [ John Paul Adrian Glaubitz ] * disable ceph support on ppc64 and x32 (Closes: #1020781, #1012165) -- Michael Tokarev <email address hidden> Sat, 08 Oct 2022 15:11:15 +0300
Superseded in experimental-release |
samba (2:4.17.0+dfsg-1) experimental; urgency=medium * new upstream release 4.17.0 * removed: spelling.patch (partially applied upstream) * removed: weak-crypto-allowed-clarify.diff (applied upstream) * refresh: ctdb-create-piddir.patch * refresh: fix-nfs-service-name-to-nfs-kernel-server.patch * d/control: update minimum versions for talloc/tevent/tdb * d/rules: do not install ctdb.service, it is installed by upstream now * d/ctdb.install: do not install ctdb_wrapper (not used anymore) * d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1 per upstream, re-version symbols added in 2.5.2 as added in 2.6.1 (ldb users needs to be recompiled anyway after updating libldb) * new: spelling.patch: a few more spelling fixes * d/control: bump Standards-Version to 4.6.1 (no changes) -- Michael Tokarev <email address hidden> Tue, 13 Sep 2022 20:47:05 +0300
Published in bullseye-release |
samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium * 3 patches: - CVE-2022-32742-bug-15085-4.13.patch - kpasswd_bugs_v15_4-13.patch - ldb-memory-bug-15096-4.13-v3.patch fixing: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html * Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746 * Build-Depend on libldb-dev >= 2.2.3-2~deb11u2 (which includes the new symbols in libldb used by this update) * d/rules: use dpkg-query instead of pkg-config to find debian package version of libldb-dev, since this is what we actually want, not the internal version libldb thinks it is at. -- Michael Tokarev <email address hidden> Wed, 10 Aug 2022 00:19:38 +0300
Superseded in sid-release |
samba (2:4.16.5+dfsg-1) unstable; urgency=medium * new (minor) upstream release 4.16.5 * removed fix-samba-tool-domain-join-segfault.patch (included upstream) * d/gbp.conf: no need to filter orig.tar: uscan already does that -- Michael Tokarev <email address hidden> Thu, 08 Sep 2022 12:44:38 +0300
1 → 75 of 379 results | First • Previous • Next • Last |