Change log for samba package in Ubuntu

175 of 442 results
Published in disco-proposed on 2018-11-14
samba (2:4.8.4+dfsg-2ubuntu3) disco; urgency=medium

  * No-change rebuild against libldb1 1.4.2

 -- Steve Langasek <email address hidden>  Wed, 14 Nov 2018 22:46:24 +0000
Published in bionic-proposed on 2018-11-13
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.4) bionic; urgency=medium

  * d/p/fix-rmdir.patch: fix the patch to not apply with offset, which
    previously made it change the wrong, almost identical, function.
    (LP: #1795772)

Superseded in bionic-proposed on 2018-11-13
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.3) bionic; urgency=medium

  * d/p/fix-rmdir.patch: Fix to make smbclient report directory-not-empty
    errors (LP: #1795772)

 -- Andreas Hasenack <email address hidden>  Thu, 11 Oct 2018 16:21:16 -0300
Published in trusty-proposed on 2018-10-17
samba (2:4.3.11+dfsg-0ubuntu0.14.04.18) trusty; urgency=medium

  * d/samba.nmbd.init, d/samba.samba-ad-dc.init, d/samba.smbd.init,
    d/winbind.init avoid issues due to init scripts misdetecting
    services (LP: #1792400)
    - use --pidfile on --start to not block on same binaries running in
      containers
    - use --exec on --stop to not cause unintended processes to be acted on,
      if the old process terminated without being able to remove the pid-file.

 -- Christian Ehrhardt <email address hidden>  Tue, 16 Oct 2018 09:55:34 +0200
Published in disco-release on 2018-10-30
Published in cosmic-release on 2018-10-11
Deleted in cosmic-proposed (Reason: moved to release)
samba (2:4.8.4+dfsg-2ubuntu2) cosmic; urgency=high

  [ Karl Stenerud ]
  * d/p/fix-rmdir.patch: Fix to make the samba client library report
    directory-not-empty errors (LP: #1795772)

 -- Andreas Hasenack <email address hidden>  Tue, 09 Oct 2018 14:32:16 -0300
Published in xenial-updates on 2018-10-11
Deleted in xenial-proposed (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.17) xenial; urgency=medium

  * d/samba.nmbd.init, d/samba.samba-ad-dc.init, d/samba.smbd.init, d/winbind.init
    avoid issues due to init scripts misdetecting services (LP: #1792400)
    - use --pidfile on --start to not block on same binaries running in
      containers
    - use --exec on --stop to not cause unintended processes to be acted on,
      if the old process terminated without being able to remove the pid-file.

 -- Christian Ehrhardt <email address hidden>  Mon, 24 Sep 2018 12:08:45 +0200
Superseded in cosmic-release on 2018-10-11
Deleted in cosmic-proposed on 2018-10-12 (Reason: moved to release)
samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1778125). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
  * Drop:
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
      [Accepted by Debian in 2:4.7.4+dfsg-2]
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
      [In Debian since 2:4.7.4+dfsg-2]
    - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
      [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
      Thanks to Andreas Schneider <email address hidden>. (LP #1761737)
      [Fixed upstream]

Superseded in xenial-updates on 2018-10-11
Deleted in xenial-proposed on 2018-10-12 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.16) xenial; urgency=medium

  * d/p/bug_1583324_include_with_macro.patch: don't fail parsing the
    config file if it has macros in include directives (LP: #1583324)

 -- Andreas Hasenack <email address hidden>  Thu, 02 Aug 2018 18:30:26 -0300
Published in trusty-updates on 2018-09-03
Deleted in trusty-proposed (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.14.04.17) trusty; urgency=medium

  * d/p/bug_1583324_include_with_macro.patch: don't fail parsing the
    config file if it has macros in include directives (LP: #1583324)

 -- Andreas Hasenack <email address hidden>  Thu, 02 Aug 2018 18:27:50 -0300
Superseded in xenial-updates on 2018-09-03
Published in xenial-security on 2018-08-14
samba (2:4.3.11+dfsg-0ubuntu0.16.04.15) xenial-security; urgency=medium

  * SECURITY UPDATE: Insufficient input validation on client directory
    listing in libsmbclient
    - debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
      buffer in source3/libsmb/libsmb_path.c, add checks to
      source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
    - CVE-2018-10858
  * SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
    - debian/patches/CVE-2018-10919-*.patch: fix access checks.
    - CVE-2018-10919

 -- Marc Deslauriers <email address hidden>  Mon, 06 Aug 2018 07:40:17 -0400
Published in bionic-updates on 2018-08-14
Published in bionic-security on 2018-08-14
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Insufficient input validation on client directory
    listing in libsmbclient
    - debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
      buffer in source3/libsmb/libsmb_path.c, add checks to
      source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
    - CVE-2018-10858
  * SECURITY UPDATE: Denial of Service Attack on AD DC DRSUAPI server
    - debian/patches/CVE-2018-10918.patch: fix null pointer dereference in
      source4/dsdb/samdb/cracknames.c, add test to
      source4/torture/drs/python/cracknames.py.
    - CVE-2018-10918
  * SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
    - debian/patches/CVE-2018-10919-*.patch: fix access checks and add
      tests.
    - CVE-2018-10919
  * SECURITY UPDATE: Weak authentication protocol allowed
    - debian/patches/CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
      and add tests.
    - CVE-2018-1139

 -- Marc Deslauriers <email address hidden>  Mon, 06 Aug 2018 07:30:25 -0400
Superseded in trusty-updates on 2018-09-03
Published in trusty-security on 2018-08-14
samba (2:4.3.11+dfsg-0ubuntu0.14.04.16) trusty-security; urgency=medium

  * SECURITY UPDATE: Insufficient input validation on client directory
    listing in libsmbclient
    - debian/patches/CVE-2018-10858-*.patch: don't overwrite passed in
      buffer in source3/libsmb/libsmb_path.c, add checks to
      source3/libsmb/libsmb_dir.c, source3/libsmb/libsmb_path.c.
    - CVE-2018-10858
  * SECURITY UPDATE: Confidential attribute disclosure AD LDAP server
    - debian/patches/CVE-2018-10919-*.patch: fix access checks.
    - CVE-2018-10919

 -- Marc Deslauriers <email address hidden>  Mon, 06 Aug 2018 07:42:48 -0400
Superseded in cosmic-release on 2018-08-24
Deleted in cosmic-proposed on 2018-08-25 (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium

  * No change rebuild to link with new ldb 1.3.3

 -- Andreas Hasenack <email address hidden>  Tue, 03 Jul 2018 09:57:24 -0300
Superseded in cosmic-release on 2018-07-03
Published in bionic-release on 2018-04-24
Deleted in bionic-proposed (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium

  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
    Thanks to Andreas Schneider <email address hidden>. (LP: #1761737)

 -- Andreas Hasenack <email address hidden>  Wed, 18 Apr 2018 11:49:55 -0300
Superseded in bionic-release on 2018-04-24
Deleted in bionic-proposed on 2018-04-26 (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium

  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Tue, 13 Mar 2018 16:58:49 -0300
Superseded in trusty-updates on 2018-08-14
Superseded in trusty-security on 2018-08-14
samba (2:4.3.11+dfsg-0ubuntu0.14.04.14) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:49:30 +0100
Superseded in xenial-updates on 2018-08-14
Superseded in xenial-security on 2018-08-14
samba (2:4.3.11+dfsg-0ubuntu0.16.04.13) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:49:12 +0100
Published in artful-updates on 2018-03-13
Published in artful-security on 2018-03-13
samba (2:4.6.7+dfsg-1ubuntu3.2) artful-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:43:27 +0100
Superseded in bionic-release on 2018-03-19
Deleted in bionic-proposed on 2018-03-20 (Reason: moved to release)
samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1744779). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Mon, 22 Jan 2018 16:31:41 -0200
Superseded in bionic-release on 2018-01-28
Deleted in bionic-proposed on 2018-01-29 (Reason: moved to release)
samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - d/source_samba.py: use the new recommended findmnt(8) tool to list
      mountpoints and correctly filter by the cifs filesystem type.

Superseded in trusty-updates on 2018-03-13
Superseded in trusty-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.14.04.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:41:27 -0500
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
samba (2:4.5.8+dfsg-0ubuntu0.17.04.8) zesty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:39:57 -0500
Superseded in xenial-updates on 2018-03-13
Superseded in xenial-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:40:44 -0500
Superseded in artful-updates on 2018-03-13
Superseded in artful-security on 2018-03-13
samba (2:4.6.7+dfsg-1ubuntu3.1) artful-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:36:05 -0500
Superseded in bionic-release on 2017-12-07
Deleted in bionic-proposed on 2017-12-08 (Reason: moved to release)
samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - d/source_samba.py: use the new recommended findmnt(8) tool to list
      mountpoints and correctly filter by the cifs filesystem type.

Superseded in bionic-release on 2017-11-22
Published in artful-release on 2017-09-21
Deleted in artful-proposed (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:10:03 -0400
Superseded in xenial-updates on 2017-11-21
Superseded in xenial-security on 2017-11-21
samba (2:4.3.11+dfsg-0ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:02:02 -0400
Superseded in trusty-updates on 2017-11-21
Superseded in trusty-security on 2017-11-21
samba (2:4.3.11+dfsg-0ubuntu0.14.04.12) trusty-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:05:11 -0400
Superseded in zesty-updates on 2017-11-21
Superseded in zesty-security on 2017-11-21
samba (2:4.5.8+dfsg-0ubuntu0.17.04.7) zesty-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 07:52:29 -0400
Superseded in artful-release on 2017-09-21
Deleted in artful-proposed on 2017-09-22 (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium

  * d/source_samba.py: use the new recommended findmnt(8) tool to list
    mountpoints and correctly filter by the cifs filesystem type.
    (LP: #1703604)

 -- Andreas Hasenack <email address hidden>  Fri, 01 Sep 2017 09:47:58 -0300
Superseded in trusty-updates on 2017-09-21
Deleted in trusty-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.14.04.11) trusty; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:36:59 +0200
Superseded in xenial-updates on 2017-09-21
Deleted in xenial-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.10) xenial; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:43:46 +0200
Superseded in zesty-updates on 2017-09-21
Deleted in zesty-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.5.8+dfsg-0ubuntu0.17.04.6) zesty; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:50:15 +0200
Superseded in artful-release on 2017-09-07
Deleted in artful-proposed on 2017-09-08 (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1710281).
    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
      symlinks to directories (LP: #1701073)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Mon, 21 Aug 2017 17:27:08 -0300
Superseded in artful-release on 2017-08-22
Deleted in artful-proposed on 2017-08-24 (Reason: moved to release)
samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1700644). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
  * Drop:
    - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
      [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
      fix-1584485.patch was dropped there.]
    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure
      [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
      in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
    - debian/patches/winbind_trusted_domains.patch: make sure domain
      members can talk to trusted domains DCs.
      [Upstream committed a different fix, see updated patch attached to
      https://bugzilla.samba.org/show_bug.cgi?id=11830]
    - d/control: add libcephfs-dev as b-d to build vfs_ceph
      [Adopted by Debian in 2:4.6.5+dfsg-1]
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
      [Adopted by Debian as
      d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
    - Cherrypick upstream patch to fix FTBFS with new ceph lib.
      [Merged upstream in 4.6.0rc1]
  * Disable glusterfs support because it's not in main.
    MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Thu, 10 Aug 2017 22:20:22 -0300
Superseded in artful-release on 2017-08-17
Deleted in artful-proposed on 2017-08-18 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium

  * Cherrypick upstream patch to fix FTBFS with new ceph lib.

Superseded in zesty-updates on 2017-08-31
Deleted in zesty-proposed on 2017-09-02 (Reason: moved to -updates)
samba (2:4.5.8+dfsg-0ubuntu0.17.04.5) zesty; urgency=medium

  * Remove the fix for LP #1584485 as it builds a broken pam_winbind
    module. There is a revised version of that patch attached to
    #1584485 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)
    - d/p/fix-1584485.patch: drop
    - d/rules: remove winbind static build option

 -- Andreas Hasenack <email address hidden>  Thu, 13 Jul 2017 14:44:16 -0300
Superseded in artful-proposed on 2017-07-26
samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Mon, 17 Jul 2017 16:22:28 -0700
Superseded in xenial-updates on 2017-08-31
Superseded in xenial-security on 2017-09-21
samba (2:4.3.11+dfsg-0ubuntu0.16.04.9) xenial-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 14:03:40 -0700
Superseded in trusty-updates on 2017-08-31
Superseded in trusty-security on 2017-09-21
samba (2:4.3.11+dfsg-0ubuntu0.14.04.10) trusty-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 14:06:03 -0700
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
samba (2:4.4.5+dfsg-2ubuntu5.8) yakkety-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 13:27:39 -0700
Superseded in zesty-updates on 2017-08-14
Superseded in zesty-security on 2017-09-21
samba (2:4.5.8+dfsg-0ubuntu0.17.04.4) zesty-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 13:21:50 -0700
Superseded in xenial-updates on 2017-07-14
Superseded in xenial-security on 2017-07-14
samba (2:4.3.11+dfsg-0ubuntu0.16.04.8) xenial-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <email address hidden>  Tue, 04 Jul 2017 07:56:30 -0400
Superseded in trusty-updates on 2017-07-14
Superseded in trusty-security on 2017-07-14
samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <email address hidden>  Tue, 04 Jul 2017 08:01:55 -0400
Superseded in yakkety-updates on 2017-07-14
Superseded in yakkety-security on 2017-07-14
samba (2:4.4.5+dfsg-2ubuntu5.7) yakkety-security; urgency=medium

  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

 -- Andreas Hasenack <email address hidden>  Fri, 30 Jun 2017 17:02:20 -0300
Superseded in zesty-updates on 2017-07-14
Superseded in zesty-security on 2017-07-14
samba (2:4.5.8+dfsg-0ubuntu0.17.04.3) zesty-security; urgency=medium

  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

 -- Andreas Hasenack <email address hidden>  Fri, 30 Jun 2017 17:02:20 -0300
Superseded in artful-release on 2017-07-26
Deleted in artful-proposed on 2017-07-28 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium

  * No-change rebuild against libldb 1.1.29

 -- Steve Langasek <email address hidden>  Sun, 25 Jun 2017 16:09:33 -0700
Superseded in artful-release on 2017-06-26
Deleted in artful-proposed on 2017-06-27 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium

  * Add extra DEP8 tests to samba (LP: #1696823):
    - d/t/control: enable the new DEP8 tests
    - d/t/smbclient-anonymous-share-list: list available shares anonymously
    - d/t/smbclient-authenticated-share-list: list available shares using
      an authenticated connection
    - d/t/smbclient-share-access: create a share and download a file from it
    - d/t/cifs-share-access: access a file in a share using cifs
  * Ask the user if we can run testparm against the config file. If yes,
    include its stderr and exit status in the bug report. Otherwise, only
    include the exit status. (LP: #1694334)
  * If systemctl is available, use it to query the status of the smbd
    service before trying to reload it. Otherwise, keep the same check
    as before and reload the service based on the existence of the
    initscript. (LP: #1579597)
  * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
    module. There is a fixed version of that patch attached to
    #1677329 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)

 -- Andreas Hasenack <email address hidden>  Mon, 19 Jun 2017 10:49:29 -0700
Superseded in artful-release on 2017-06-20
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure
    - debian/patches/winbind_trusted_domains.patch: make sure domain
      members can talk to trusted domains DCs.
    - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked
    - d/rules: Compile winbindd/winbindd statically.
    - d/control: add libcephfs-dev as b-d to build vfs_ceph

Superseded in artful-release on 2017-06-19
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Wed, 24 May 2017 07:39:13 -0400
Superseded in trusty-updates on 2017-07-05
Superseded in trusty-security on 2017-07-05
samba (2:4.3.11+dfsg-0ubuntu0.14.04.8) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:18:37 -0400
Superseded in xenial-updates on 2017-07-05
Superseded in xenial-security on 2017-07-05
samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:18:13 -0400
Superseded in yakkety-updates on 2017-07-05
Superseded in yakkety-security on 2017-07-05
samba (2:4.4.5+dfsg-2ubuntu5.6) yakkety-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:17:51 -0400
Superseded in zesty-updates on 2017-07-05
Superseded in zesty-security on 2017-07-05
samba (2:4.5.8+dfsg-0ubuntu0.17.04.2) zesty-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:16:09 -0400
Superseded in artful-release on 2017-05-25
Superseded in zesty-updates on 2017-05-24
Deleted in artful-proposed on 2017-05-26 (Reason: moved to release)
Superseded in zesty-security on 2017-05-24
samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - Updated to new upstream release 4.5.8.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Fri, 21 Apr 2017 07:33:25 -0400
Superseded in trusty-updates on 2017-05-24
Superseded in trusty-security on 2017-05-24
samba (2:4.3.11+dfsg-0ubuntu0.14.04.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 09:28:06 -0400
Published in precise-updates on 2017-03-30
Published in precise-security on 2017-03-30
samba (2:3.6.25-0ubuntu0.12.04.10) precise-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 09:43:30 -0400
Superseded in yakkety-updates on 2017-05-24
Superseded in yakkety-security on 2017-05-24
samba (2:4.4.5+dfsg-2ubuntu5.5) yakkety-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 07:31:03 -0400
Superseded in xenial-updates on 2017-05-24
Superseded in xenial-security on 2017-05-24
samba (2:4.3.11+dfsg-0ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 08:31:57 -0400
Superseded in precise-updates on 2017-03-30
Superseded in precise-security on 2017-03-30
samba (2:3.6.25-0ubuntu0.12.04.9) precise-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619-*.patch: security fix and prerequisite
      patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Tue, 21 Mar 2017 08:06:46 -0400
Superseded in xenial-updates on 2017-03-30
Superseded in xenial-security on 2017-03-30
samba (2:4.3.11+dfsg-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:50:12 -0400
Superseded in trusty-updates on 2017-03-30
Superseded in trusty-security on 2017-03-30
samba (2:4.3.11+dfsg-0ubuntu0.14.04.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:50:12 -0400
Superseded in yakkety-updates on 2017-03-30
Superseded in yakkety-security on 2017-03-30
samba (2:4.4.5+dfsg-2ubuntu5.4) yakkety-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:47:39 -0400
Superseded in artful-release on 2017-04-25
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium

  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

 -- Nishanth Aravamudan <email address hidden>  Mon, 06 Mar 2017 11:13:41 -0800
Superseded in zesty-release on 2017-03-16
Deleted in zesty-proposed on 2017-03-18 (Reason: moved to release)
samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

 -- Nishanth Aravamudan <email address hidden>  Thu, 26 Jan 2017 17:20:15 -0800
Superseded in zesty-release on 2017-02-09
Deleted in zesty-proposed on 2017-02-10 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126

 -- Marc Deslauriers <email address hidden>  Fri, 20 Jan 2017 12:32:25 -0500
Superseded in precise-updates on 2017-03-23
Superseded in precise-security on 2017-03-23
samba (2:3.6.25-0ubuntu0.12.04.5) precise-security; urgency=medium

  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125-v3.6.patch: don't use GSS_C_DELEG_FLAG in
      source3/librpc/crypto/gse.c and source3/libsmb/clifsinfo.c.
    - CVE-2016-2125

 -- Steve Beattie <email address hidden>  Tue, 13 Dec 2016 11:00:51 -0800
Superseded in trusty-updates on 2017-03-23
Superseded in trusty-security on 2017-03-23
samba (2:4.3.11+dfsg-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:40:01 -0500
Superseded in xenial-updates on 2017-03-23
Superseded in xenial-security on 2017-03-23
samba (2:4.3.11+dfsg-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126
  * This package does _not_ contain the changes from
    2:4.3.11+dfsg-0ubuntu0.16.04.2 in xenial-proposed.

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:37:28 -0500
Superseded in yakkety-updates on 2017-03-23
Superseded in yakkety-security on 2017-03-23
samba (2:4.4.5+dfsg-2ubuntu5.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126
  * This package does _not_ contain the changes from
    2:4.4.5+dfsg-2ubuntu5.1 in yakkety-proposed.

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:12:03 -0500
Superseded in trusty-updates on 2016-12-19
Deleted in trusty-proposed on 2016-12-20 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.14.04.3) trusty; urgency=high

  * Revert to version prior to the 2:4.3.11+dfsg-0ubuntu0.14.04.2
    which is causing regression with statically linked libpam_winbind.
    Removes d/p/fix-1584485.patch. LP: #1644428

 -- Louis Bouchard <email address hidden>  Thu, 24 Nov 2016 15:40:40 +0100
Deleted in yakkety-proposed on 2016-12-21 (Reason: moved to -updates)
samba (2:4.4.5+dfsg-2ubuntu5.1) yakkety; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
    to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 16:00:31 +0100
Deleted in xenial-proposed on 2016-12-09 (Reason: SRU failed verification)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.2) xenial; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
   to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 15:25:33 +0100
Superseded in trusty-updates on 2016-11-25
Superseded in trusty-proposed on 2016-11-24
samba (2:4.3.11+dfsg-0ubuntu0.14.04.2) trusty; urgency=medium

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
   to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 15:09:11 +0100
Superseded in zesty-release on 2017-01-20
Deleted in zesty-proposed on 2017-01-22 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
    to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 02 Nov 2016 13:59:10 +0100
175 of 442 results