Change log for samba package in Ubuntu
| 1 → 75 of 596 results | First • Previous • Next • Last |
samba (2:4.17.5+dfsg-2ubuntu3) lunar; urgency=medium * Add domain join tests (LP: #2011745): - d/t/control: update dependencies for samba AD provisioning test, which now also includes a member server join test - d/t/util, d/t/samba-ad-dc-*: add member server join tests -- Andreas Hasenack <email address hidden> Wed, 15 Mar 2023 20:49:56 -0300
Available diffs
samba (2:4.17.5+dfsg-2ubuntu2) lunar; urgency=medium
* d/t/samba-ad-dc-provisioning-internal-dns: test improvements
(LP: #2009485):
- increase kinit timeout, as it also does DNS lookups
- add a trap on exit to show logs in the case of some failure
-- Andreas Hasenack <email address hidden> Mon, 06 Mar 2023 11:49:34 -0300
Available diffs
samba (2:4.15.13+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium
* Update to 4.15.13 as a security update
- Removed patches included in new version:
+ CVE-*.patch
+ win-22H2-fix*.patch
+ Rename-mdfind-to-mdsearch.patch
+ lp-1951490-fix-printing-KB5006743.patch
- d/rules: remove --with-dnsupdate, it was merged with --with-ads.
- debian/control: bump libldb-dev Build-Depends to 2.4.4, bump
libtalloc to 2.3.3, libtdb to 1.4.4, and libtevent to 0.11.0.
- debian/control: added python3-markdown to Build-Depends.
- debian/{gpb.conf,watch,README.source}: updated for 4.15.
- debian/{*.install,*.symbols,*.lintian-overrides}: updated for 4.15.
- debian/rules: drop fixing of findsmb shebang.
- debian/rules: drop removal of ctdb tests, they are no longer
installed.
- CVE-2022-3437, CVE-2022-37966, CVE-2022-37967, CVE-2022-38023,
CVE-2022-42898, CVE-2022-45141
-- Marc Deslauriers <email address hidden> Fri, 24 Feb 2023 07:31:43 -0500
samba (2:4.17.5+dfsg-2ubuntu1) lunar; urgency=medium * Merge with Debian unstable (LP: #2002181). Remaining changes: - debian/control: Ubuntu i386 binary compatibility: + drop ceph support + enable the liburing vfs module, except on i386 where liburing is not available + build-depend on libglusterfs-dev only on !i386 arches * Added: - d/t/control, d/t/samba-ad-dc-provisioning-internal-dns: samba AD DC provisioning test with internal DNS (LP: #1977746) -- Andreas Hasenack <email address hidden> Sun, 05 Feb 2023 13:47:57 -0300
Available diffs
| Superseded in lunar-proposed |
samba (2:4.17.3+dfsg-3ubuntu3) lunar; urgency=medium * Rebuild against latest icu -- Jeremy Bicha <email address hidden> Mon, 06 Feb 2023 07:57:36 -0500
Available diffs
samba (2:4.13.17~dfsg-0ubuntu1.20.04.5) focal-security; urgency=medium * SECURITY UPDATE: Multiple regressions (LP: #2003867) (LP: #2003891) - debian/patches/series: disable all security fixes from the previous update pending further investigation. This reverts the following CVEs: CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2022-38023, CVE-2022-37966, CVE-2022-37967. -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2023 09:03:40 -0500
Available diffs
samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
- debian/patches/CVE-2022-3437-*.patch
- CVE-2022-3437
* SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
- debian/patches/CVE-2022-42898-*.patch
- CVE-2022-42898
* SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac encrypted
Kerberos tickets
- debian/patches/CVE-2022-45141-*.patch
- CVE-2022-45141
* SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
should be avoided
- debian/patches/CVE-2022-38023-*.patch
- CVE-2022-38023
* SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern servers
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37966
* SECURITY UPDATE: Kerberos constrained delegation ticket forgery
possible against Samba AD DC
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37967
* debian/patches/win-22H2-fix.patch: split git-style patch into three
individual patches so that it can be manipulated properly with quilt.
* debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
affect Samba, but patches included for completeness.
-- Marc Deslauriers <email address hidden> Wed, 11 Jan 2023 11:12:16 -0500
Available diffs
samba (2:4.15.13+dfsg-0ubuntu1) jammy-security; urgency=medium
* Updated to upstream 4.15.13 to fix multiple security issues.
- debian/patches/win-22H2-fix.patch: removed, included in new version.
- CVE-2022-3437
- CVE-2022-37966
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-42898
- CVE-2022-45141
-- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 10:04:53 -0500
samba (2:4.16.8+dfsg-0ubuntu1) kinetic-security; urgency=medium
* Updated to upstream 4.16.8 to fix multiple security issues.
- debian/patches/fix-samba-tool-domain-join-segfault.patch: removed,
included in new version.
- CVE-2021-20251
- CVE-2022-3437
- CVE-2022-37966
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-42898
-- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 09:07:59 -0500
Available diffs
samba (2:4.17.3+dfsg-3ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as default -- Graham Inggs <email address hidden> Mon, 26 Dec 2022 18:01:11 +0000
Available diffs
samba (2:4.17.3+dfsg-3ubuntu1) lunar; urgency=medium * Merge with Debian unstable (LP: #1993380). Remaining changes: - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - d/control: enable the liburing vfs module, except on i386 where liburing is not available - d/control: build-depend on libglusterfs-dev only on !i386 arches * Dropped: - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. [In 2:4.16.6+dfsg-1] + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. [In 2:4.16.6+dfsg-1] - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: Skip running the tests if on i386 platform, because the uring package is not available there. [In 2:4.16.6+dfsg-1, improved] - d/t/util: fix setting the password of the smb test user (LP #1955851) [In 2:4.16.5+dfsg-2] - d/p/VERSION.patch: Update vendor string to "Ubuntu". [Implemented dynamically in d/rules in 2:4.16.6+dfsg-6] - d/rules: in Ubuntu, glusterfs is not built for i386, so don't enable the samba glusterfs vfs mofule in that case [In 2:4.16.6+dfsg-1] -- Andreas Hasenack <email address hidden> Tue, 13 Dec 2022 18:36:23 -0300
Available diffs
| Superseded in lunar-proposed |
samba (2:4.16.4+dfsg-2ubuntu2) lunar; urgency=medium * No-change rebuild against libldap-2 -- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:55:02 +0000
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.29) bionic; urgency=medium
* d/p/win-22H2-fix.patch: fix interoperability with Windows 22H2
clients (LP: #1993934)
-- Andreas Hasenack <email address hidden> Wed, 09 Nov 2022 11:42:14 -0300
samba (2:4.13.17~dfsg-0ubuntu1.20.04.2) focal; urgency=medium
* d/p/win-22H2-fix.patch: fix interoperability with Windows 22H2
clients (LP: #1993934)
-- Andreas Hasenack <email address hidden> Tue, 08 Nov 2022 11:35:28 -0300
samba (2:4.15.9+dfsg-0ubuntu0.3) jammy; urgency=medium
* d/p/win-22H2-fix.patch: fix interoperability with Windows 22H2
clients (LP: #1993934)
-- Andreas Hasenack <email address hidden> Tue, 08 Nov 2022 10:59:27 -0300
Available diffs
| Superseded in lunar-release |
| Published in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
-- Andreas Hasenack <email address hidden> Tue, 02 Aug 2022 09:30:05 -0300
Available diffs
samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1982116). Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - d/control: enable the liburing vfs module, except on i386 where liburing is not available - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: Skip running the tests if on i386 platform, because the uring package is not available there. - d/t/util: fix setting the password of the smb test user (LP #1955851) - d/rules: in Ubuntu, glusterfs is not built for i386, so don't enable the samba glusterfs vfs mofule in that case - d/control: build-depend on libglusterfs-dev only on !i386 arches * Dropped: - Update nfs scripts for new nfs.conf config (LP: #1961840): + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use nfsconf(8) if it's available, instead of parsing the old config files in /etc/default/nfs-* [In 2:4.16.3+dfsg-1] + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be used by the example enable-nfs.sh example script [In 2:4.16.3+dfsg-1] + d/ctdb.example/nfs-kernel-server/quota: quota config file to be used by the example enable-nfs.sh script [In 2:4.16.3+dfsg-1] + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: obsolete, replaced by nfs.conf [In 2:4.16.3+dfsg-1] + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new nfs.conf and other changes in the new nfs server packages [In 2:4.16.3+dfsg-1] - Fix abort when deleting a file and "fruit:resource = stream" is used. (LP #1977491) + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch: Add test that shows smbd crashing when deleting a file while using vfs_fruit with "fruit:resource = stream". + d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch: Handle file deleting when "fruit:resource = stream" is used. [Fixed upstream] - Build dlz module for bind 9.18.x (LP #1964032) + d/p/add-support-for-bind-918.patch: build a dlz module for bind 9.18.x + d/p/add-support-for-bind-918-2.patch: also update the provisioning tool and template config file [Fixed upstream] -- Andreas Hasenack <email address hidden> Fri, 29 Jul 2022 17:09:27 -0300
Available diffs
samba (2:4.15.9+dfsg-0ubuntu0.2) jammy-security; urgency=medium
* Updated to 2.15.9 to fix multiple security issues.
- debian/control: require ldb 2.4.4.
- debian/*install: install libsmbconf.so*.
- debian/libwbclient0.symbols: updated symbols for new version.
- CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745,
CVE-2022-32746
* Removed patches included in new version:
- lp-1951490-fix-printing-KB5006743.patch
- add-support-for-bind-918.patch
- add-support-for-bind-918-2.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch
-- Marc Deslauriers <email address hidden> Thu, 28 Jul 2022 08:07:32 -0400
Available diffs
samba (2:4.13.17~dfsg-0ubuntu1.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
- debian/patches/CVE-2021-3670-*.patch
- CVE-2021-3670
* SECURITY UPDATE: Samba AD users can bypass certain restrictions
associated with changing passwords
- debian/patches/CVE-2022-2031-*.patch
- CVE-2022-2031
* SECURITY UPDATE: Server memory information leak via SMB1
- debian/patches/CVE-2022-32742-*.patch
- CVE-2022-32742
* SECURITY UPDATE: Samba AD users can forge password change requests for
any user
- debian/patches/CVE-2022-2031-*.patch
- CVE-2022-32744
* SECURITY UPDATE: Samba AD users can crash the server process with an
LDAP add or modify request
- debian/patches/CVE-2022-32745_6-*.patch
- CVE-2022-32745
* SECURITY UPDATE: Samba AD users can induce a use-after-free in the
server process with an LDAP add or modify request
- debian/patches/CVE-2022-32745_6-*.patch
- CVE-2022-32746
* debian/control: Build-Depends on ldb security update.
* Fix version string to match focal.
-- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 08:52:26 -0400
samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- Update nfs scripts for new nfs.conf config (LP #1961840):
+ d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*
+ d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
used by the example enable-nfs.sh example script
+ d/ctdb.example/nfs-kernel-server/quota: quota config file to be
used by the example enable-nfs.sh script
+ d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
obsolete, replaced by nfs.conf
+ d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
nfs.conf and other changes in the new nfs server packages
- Build dlz module for bind 9.18.x (LP #1964032)
+ d/p/add-support-for-bind-918.patch: build a dlz module for
bind 9.18.x
+ d/p/add-support-for-bind-918-2.patch: also update the
provisioning tool and template config file
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
- Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP #1977491)
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Andreas Hasenack <email address hidden> Mon, 27 Jun 2022 18:32:00 -0300
Available diffs
samba (2:4.15.5~dfsg-0ubuntu5.1) jammy; urgency=medium
* Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP: #1977491)
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Sergio Durigan Junior <email address hidden> Tue, 21 Jun 2022 16:31:40 -0400
Available diffs
samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
* Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP: #1977491)
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Sergio Durigan Junior <email address hidden> Mon, 20 Jun 2022 19:09:25 -0400
Available diffs
samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - d/control: enable the liburing vfs module, except on i386 where liburing is not available - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: Skip running the tests if on i386 platform, because the uring package is not available there. - d/t/util: fix setting the password of the smb test user (LP #1955851) - Update nfs scripts for new nfs.conf config (LP #1961840): + d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use nfsconf(8) if it's available, instead of parsing the old config files in /etc/default/nfs-* + d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be used by the example enable-nfs.sh example script + d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota config file to be used by the example enable-nfs.sh script + d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}: obsolete, replaced by nfs.conf + d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new nfs.conf and other changes in the new nfs server packages - Build dlz module for bind 9.18.x (LP #1964032) + d/p/add-support-for-bind-918.patch: build a dlz module for bind 9.18.x + d/p/add-support-for-bind-918-2.patch: also update the provisioning tool and template config file - d/rules: in Ubuntu, glusterfs is not built for i386, so don't enable the samba glusterfs vfs mofule in that case - d/control: build-depend on libglusterfs-dev only on !i386 arches * Dropped: - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built [superfluous, the version in the archive is recent enough] - d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195) [Included in 2:4.13.13+dfsg-1] - d/control: bump required build-depends [Included in Debian] - d/samba-libs.install: update list of installed libraries and modules/plugins [Done in Debian] - debian/patches/CVE-2021-20254.patch: removed, applied upstream [Applied upstream, Debian didn't have this patch] - d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream [Applied usptream, Debian did not have it] - d/{gpb.conf,watch,README.source}: update for 4.15 [Debian updated it for 4.16] - d/rules: remove --with-dnsupdate, it was merged with --with-ads in samba 4.15.0 [Included in 2:4.16.0+dfsg-1] - d/rules: drop removal of ctdb tests, they are no longer installed [Included in 2:4.16.0+dfsg-1] - Remove findsmb, no longer installed: + d/smbclient.install: remove findsmb + d/rules: drop fixing of findsmb shebang [Included in 2:4.16.0+dfsg-1] - d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests, no longer installed [Included in 2:4.16.0+dfsg-1] - d/ctdb.install: add tdb_mutex_check [Included in 2:4.16.0+dfsg-1] - d/winbind.install: add async_dns_krb5_locator [Included in 2:4.16.0+dfsg-1] - d/samba.install: install samba-bgqd and its manpage [Included in 2:4.16.0+dfsg-1] - d/{libsmbclient,libwbclient0}.symbols: symbols updates [Obsolete, these were for 4.15.5] - d/rules: drop dh_perl override, unneeded [Included in 2:4.16.0+dfsg-1] - d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after Windows 2021-10 Monthly Rollup patch (LP #1951490) [Included upstream in 4.16.0rc2] - d/rules: install the new/changed ctdb example nfs files [Installed via ctdb.examples] * Added: - rename ctdb example files nfs.conf and quota, to match what the enable-nfs.sh script expects - enable-nfs.sh ctdb example: use debian's filename for the static port sysctl configuration - enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was renamed to "cluster lock" -- Andreas Hasenack <email address hidden> Wed, 08 Jun 2022 11:02:29 -0300
Available diffs
samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium * No-change rebuild against libicu71 -- Steve Langasek <email address hidden> Sat, 30 Apr 2022 02:14:39 +0000
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium * Enable glusterfs support (LP: #1894618): - d/control: revert disabling of glusterfs, since it's in main now - d/rules: in Ubuntu, glusterfs is not built for i386, so don't enable the samba glusterfs vfs mofule in that case - d/control: build-depend on libglusterfs-dev only on !i386 arches -- Andreas Hasenack <email address hidden> Wed, 09 Mar 2022 17:31:25 -0300
Available diffs
samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium * Build dlz module for bind 9.18.x (LP: #1964032) - d/p/add-support-for-bind-918.patch: build a dlz module for bind 9.18.x - d/samba-libs.install: remove fixme comment - d/p/add-support-for-bind-918-2.patch: also update the provisioning tool and template config file -- Andreas Hasenack <email address hidden> Fri, 25 Mar 2022 14:53:19 -0300
Available diffs
| Superseded in jammy-proposed |
samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium * Update nfs scripts for new nfs.conf config (LP: #1961840): - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use nfsconf(8) if it's available, instead of parsing the old config files in /etc/default/nfs-* - d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example enable-nfs.sh example script - d/ctdb.example.quota: quota config file to be used by the example enable-nfs.sh script - d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by nfs.conf - d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other changes in the new nfs server packages - d/rules: install the new/changed ctdb example nfs files -- Andreas Hasenack <email address hidden> Mon, 21 Mar 2022 11:55:54 -0300
Available diffs
samba (2:4.13.17~dfsg-0ubuntu0.21.04.2) focal; urgency=medium
* d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
Windows 2021-10 Monthly Rollup patch (LP: #1951490)
-- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:48:01 -0300
| Deleted in impish-proposed (Reason: The package was removed due to its SRU bug(s) not being v...) |
samba (2:4.13.17~dfsg-0ubuntu0.21.10.2) impish; urgency=medium
* d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
Windows 2021-10 Monthly Rollup patch (LP: #1951490)
-- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:52:15 -0300
Available diffs
samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
* d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
Windows 2021-10 Monthly Rollup patch (LP: #1951490)
-- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:32:59 -0300
Available diffs
samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
* d/{gpb.conf,watch,README.source}: update for 4.15
* New upstream release: 4.15.5 (LP: #1946839)
* d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
* d/rules: remove --with-dnsupdate, it was merged with
--with-ads in samba 4.15.0
* d/control: bump required build-depends
* d/rules: drop removal of ctdb tests, they are no longer installed
* Remove findsmb, no longer installed:
- d/smbclient.install: remove findsmb
- d/rules: drop fixing of findsmb shebang
* d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
no longer installed
* d/samba-libs.install: update list of installed libraries and
modules/plugins
* d/ctdb.install: add tdb_mutex_check
* d/winbind.install: add async_dns_krb5_locator
* d/samba.install: install samba-bgqd and its manpage
* d/{libsmbclient,libwbclient0}.symbols: symbols updates
* d/control: add python3-markdown to build-depends
* d/watch: updated to handle ~dfsg versioning, thanks to
Sergio Durigan Junior <email address hidden>
-- Andreas Hasenack <email address hidden> Tue, 22 Feb 2022 17:59:22 -0300
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:31:06 +0000
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 14 Feb 2022 10:19:08 -0500
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium * No-change rebuild for icu soname change -- William 'jawn-smith' Wilson <email address hidden> Fri, 11 Feb 2022 11:36:14 -0600
Available diffs
samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.13.17~dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.28) bionic-security; urgency=medium
* SECURITY UPDATE: code exec via out-of-bounds read/write in vfs_fruit
- debian/patches/CVE-2021-44142-1.patch: add defines for icon lengths
in source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-2.patch: add Netatalk xattr used by
vfs_fruit to the list of private Samba xattrs in
source3/smbd/trans2.c.
- debian/patches/CVE-2021-44142-3.patch: harden ad_unpack_xattrs() in
source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-4.patch: tweak buffer size check in
source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-5.patch: add basic cmocka tests in
selftest/knownfail.d/samba.unittests.adouble, selftest/tests.py,
source3/lib/test_adouble.c, source3/wscript_build.
- debian/patches/CVE-2021-44142-6.patch: harden parsing code in
source3/modules/vfs_fruit.c.
- CVE-2021-44142
-- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 10:20:03 -0500
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
* d/t/util: fix setting the password of the smb test user
(LP: #1955851)
-- Andreas Hasenack <email address hidden> Thu, 20 Jan 2022 17:06:13 -0300
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium * No-change rebuild with Python 3.10 as default version -- Graham Inggs <email address hidden> Sun, 16 Jan 2022 07:01:34 +0000
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.27) bionic-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.04.4) hirsute-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.4) impish-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:23 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:09:36 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.26) bionic-security; urgency=medium
* SECURITY UPDATE: SMB1 client connections can be downgraded to plaintext
authentication
- debian/patches/CVE-2016-2124-*.patch: upstream commits to fix issue.
- CVE-2016-2124
* SECURITY UPDATE: user in AD Domain could become root on domain members
- debian/patches/CVE-2020-25717-*.patch: upstream commits to fix issue.
- debian/patches/bug14901-*.patch: upstream commits to fix regression.
- CVE-2020-25717
* SECURITY UPDATE: insufficient access and conformance checking of data
stored
- debian/patches/CVE-2020-25722-1.patch: restrict the setting of
privileged attributes during LDAP add/modify in
source4/dsdb/samdb/ldb_modules/samldb.c.
- debian/patches/CVE-2020-25722-2.patch: ensure the structural
objectclass cannot be changed in
source4/dsdb/samdb/ldb_modules/objectclass.c.
- CVE-2020-25722
* SECURITY UPDATE: null pointer deref in kerberos server
- debian/patches/CVE-2021-3671.patch: validate sname in TGS-REQ in
source4/heimdal/kdc/krb5tgs.c.
- CVE-2021-3671
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:23:22 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.04.3) hirsute-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:02:59 -0500
samba (2:4.13.14+dfsg-0ubuntu0.21.10.3) impish-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 07:56:37 -0500
samba (2:4.13.14+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:03:56 -0500
| Superseded in jammy-proposed |
samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium * No-change rebuild against liburing2 -- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:08:34 +0100
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.2) impish; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 11:17:14 +0100
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.20.04.2) focal; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:42:02 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.2) hirsute; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:44:50 +0100
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.24) bionic; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Wed, 10 Nov 2021 15:29:48 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.1) hirsute-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: removed libsmbd-conn.so.0, added libdcerpc-pkt-auth.so.0. - debian/libwbclient0.symbols: added new symbol. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - Removed patches included in new version: + CVE-*.patch + zerologon*.patch + 0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch + build-Remove-tests-for-getdents-and-getdirentries.patch + fix-double-free-with-unresolved-credentia-cache.patch + wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch + wscript-split-function-check-to-one-per-line-and-sor.patch - Add/Refresh patches from Hirsute package: + Rename-mdfind-to-mdsearch.patch + bug_221618_precise-64bit-prototype.patch + fix-nfs-service-name-to-nfs-kernel-server.patch - debian/control: bump libldb-dev Build-Depends to 2.2.3, bump libtalloc to 2.3.1, libtdb to 1.4.3, and libtevent to 0.10.2. - debian/*.install, debian/*.symbols: sync with Hirsute package, added libdcerpc-pkt-auth.so.0. - debian/rules: build with --enable-spotlight, remove --accel-aes as it is no longer used with gnutls. - debian/control: add libicu-dev to Build-Depends. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:33:25 -0400
samba (2:4.13.14+dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved to jammy) |
samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
* d/samba.postinst: do not populate sambashare from the admin group
(Debian packaging cherry-pick. LP: #1942195)
-- Paride Legovini <email address hidden> Wed, 06 Oct 2021 10:31:14 +0200
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.10) focal; urgency=medium
* d/p/fix-double-free-with-unresolved-credentia-cache.patch: Fix
double free with unresolved credential cache. (LP: #1892145)
-- Paride Legovini <email address hidden> Fri, 06 Aug 2021 14:17:29 +0200
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400
Available diffs
samba (2:4.12.5+dfsg-3ubuntu4.4) groovy; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Thu, 27 May 2021 09:22:22 -0300
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.9) focal; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Mon, 24 May 2021 16:45:27 -0300
Available diffs
samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- d/control: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
* Dropped changes:
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
[Included in 2:4.13.4+dfsg-1]
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
[Included in 2:4.13.4+dfsg-1]
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
[Included in 2:4.13.4+dfsg-1]
- SECURITY UPDATE: wrong group entries via negative idmap cache entries
+ debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
+ CVE-2021-20254
[Included in 2:4.13.5+dfsg-2]
-- Athos Ribeiro <email address hidden> Mon, 17 May 2021 11:51:54 -0300
Available diffs
| Superseded in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
| Superseded in hirsute-updates |
| Superseded in hirsute-security |
samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Thu, 29 Apr 2021 06:48:54 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.34) xenial-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:53:58 -0400
samba (2:4.11.6+dfsg-0ubuntu1.8) focal-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:02:48 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.23) bionic-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:52:57 -0400
samba (2:4.12.5+dfsg-3ubuntu4.3) groovy-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:00:46 -0400
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
* No change rebuild to pick up liburing, and also
fix d/t/cifs-share-access-uring. (LP: #1914145)
-- Mauricio Faria de Oliveira <email address hidden> Wed, 03 Feb 2021 09:14:25 -0300
Available diffs
samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
* Dropped changes, incorporated by Debian:
- d/t/smbclient-anonymous-share-list: add set -x and set -e
- Factor out common DEP8 test code into d/t/util and change the tests
to source from it:
+ d/t/util: added
+ d/t/cifs-share-access, d/t/smbclient-share-access: source from
util, use random share name and add set -x and set -u
+ d/t/smbclient-authenticated-share-list: source from util and add
set -x and set -u
- Add new DEP8 tests for the uring vfs module:
+ d/t/control: add smbclient-share-access-uring and
cifs-share-access-uring tests
+ d/t/smbclient-share-access-uring: new test
+ d/t/cifs-share-access-uring: new test
- d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
guard uring tests with a kernel version check and skip if it's too old
* Added changes:
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
-- Sergio Durigan Junior <email address hidden> Wed, 13 Jan 2021 15:44:04 -0500
Available diffs
samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #1905048). Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built * d/t/smbclient-anonymous-share-list: add set -x and set -e * Factor out common DEP8 test code into d/t/util and change the tests to source from it: - d/t/util: added - d/t/cifs-share-access, d/t/smbclient-share-access: source from util, use random share name and add set -x and set -u - d/t/smbclient-authenticated-share-list: source from util and add set -x and set -u * d/control: enable the liburing vfs module, except on i386 where liburing is not available * Add new DEP8 tests for the uring vfs module: - d/t/control: add smbclient-share-access-uring and cifs-share-access-uring tests - d/t/smbclient-share-access-uring: new test - d/t/cifs-share-access-uring: new test * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: guard uring tests with a kernel version check and skip if it's too old * Dropped changes: - SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) + debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. [ Incorporated by upstream. ] - SECURITY UPDATE: Missing handle permissions check in ChangeNotify + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. + CVE-2020-14318 - SECURITY UPDATE: Unprivileged user can crash winbind + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. + CVE-2020-14323 - SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. + CVE-2020-14383 [ Incorporated by upstream. ] -- Sergio Durigan Junior <email address hidden> Tue, 24 Nov 2020 22:12:00 -0500
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.32) xenial-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:52:47 -0400
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.21) bionic-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:50:50 -0400
samba (2:4.11.6+dfsg-0ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:48:54 -0400
Available diffs
| Superseded in hirsute-release |
| Superseded in groovy-updates |
| Deleted in hirsute-proposed (Reason: moved to Release) |
| Superseded in groovy-security |
samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:53:44 -0400
Available diffs
| 1 → 75 of 596 results | First • Previous • Next • Last |
