Change log for samba package in Ubuntu

175 of 430 results
Published in cosmic-release on 2018-07-03
Deleted in cosmic-proposed (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu3) cosmic; urgency=medium

  * No change rebuild to link with new ldb 1.3.3

 -- Andreas Hasenack <email address hidden>  Tue, 03 Jul 2018 09:57:24 -0300
Superseded in cosmic-release on 2018-07-03
Published in bionic-release on 2018-04-24
Deleted in bionic-proposed (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2) bionic; urgency=medium

  * debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
    [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
    Thanks to Andreas Schneider <email address hidden>. (LP: #1761737)

 -- Andreas Hasenack <email address hidden>  Wed, 18 Apr 2018 11:49:55 -0300
Superseded in bionic-release on 2018-04-24
Deleted in bionic-proposed on 2018-04-26 (Reason: moved to release)
samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium

  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Tue, 13 Mar 2018 16:58:49 -0300
Published in trusty-updates on 2018-03-13
Published in trusty-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.14.04.14) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:49:30 +0100
Published in xenial-updates on 2018-03-13
Published in xenial-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.16.04.13) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:49:12 +0100
Published in artful-updates on 2018-03-13
Published in artful-security on 2018-03-13
samba (2:4.6.7+dfsg-1ubuntu3.2) artful-security; urgency=medium

  * SECURITY UPDATE: Denial of Service Attack on external print server
    - debian/patches/CVE-2018-1050.patch: protect against null pointer
      derefs in source3/rpc_server/spoolss/srv_spoolss_nt.c.
    - CVE-2018-1050
  * SECURITY UPDATE: Authenticated users can change other users password
    - debian/patches/CVE-2018-1057-*.patch: fix password changing logic.
    - CVE-2018-1057

 -- Marc Deslauriers <email address hidden>  Tue, 06 Mar 2018 16:43:27 +0100
Superseded in bionic-release on 2018-03-19
Deleted in bionic-proposed on 2018-03-20 (Reason: moved to release)
samba (2:4.7.4+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1744779). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Mon, 22 Jan 2018 16:31:41 -0200
Superseded in bionic-release on 2018-01-28
Deleted in bionic-proposed on 2018-01-29 (Reason: moved to release)
samba (2:4.7.3+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - d/source_samba.py: use the new recommended findmnt(8) tool to list
      mountpoints and correctly filter by the cifs filesystem type.

Superseded in trusty-updates on 2018-03-13
Superseded in trusty-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.14.04.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:41:27 -0500
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
samba (2:4.5.8+dfsg-0ubuntu0.17.04.8) zesty-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:39:57 -0500
Superseded in xenial-updates on 2018-03-13
Superseded in xenial-security on 2018-03-13
samba (2:4.3.11+dfsg-0ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:40:44 -0500
Superseded in artful-updates on 2018-03-13
Superseded in artful-security on 2018-03-13
samba (2:4.6.7+dfsg-1ubuntu3.1) artful-security; urgency=medium

  * SECURITY UPDATE: Use-after-free vulnerability
    - debian/patches/CVE-2017-14746.patch: fix use-after-free crash bug in
      source3/smbd/process.c, source3/smbd/reply.c.
    - CVE-2017-14746
  * SECURITY UPDATE: Server heap memory information leak
    - debian/patches/CVE-2017-15275.patch: zero out unused grown area in
      source3/smbd/srvstr.c.
    - CVE-2017-15275

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2017 15:36:05 -0500
Superseded in bionic-release on 2017-12-07
Deleted in bionic-proposed on 2017-12-08 (Reason: moved to release)
samba (2:4.7.1+dfsg-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - d/source_samba.py: use the new recommended findmnt(8) tool to list
      mountpoints and correctly filter by the cifs filesystem type.

Superseded in bionic-release on 2017-11-22
Published in artful-release on 2017-09-21
Deleted in artful-proposed (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:10:03 -0400
Superseded in xenial-updates on 2017-11-21
Superseded in xenial-security on 2017-11-21
samba (2:4.3.11+dfsg-0ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:02:02 -0400
Superseded in trusty-updates on 2017-11-21
Superseded in trusty-security on 2017-11-21
samba (2:4.3.11+dfsg-0ubuntu0.14.04.12) trusty-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 08:05:11 -0400
Superseded in zesty-updates on 2017-11-21
Superseded in zesty-security on 2017-11-21
samba (2:4.5.8+dfsg-0ubuntu0.17.04.7) zesty-security; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-4.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-5.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-6.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

 -- Marc Deslauriers <email address hidden>  Thu, 21 Sep 2017 07:52:29 -0400
Superseded in artful-release on 2017-09-21
Deleted in artful-proposed on 2017-09-22 (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu2) artful; urgency=medium

  * d/source_samba.py: use the new recommended findmnt(8) tool to list
    mountpoints and correctly filter by the cifs filesystem type.
    (LP: #1703604)

 -- Andreas Hasenack <email address hidden>  Fri, 01 Sep 2017 09:47:58 -0300
Superseded in trusty-updates on 2017-09-21
Deleted in trusty-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.14.04.11) trusty; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:36:59 +0200
Superseded in xenial-updates on 2017-09-21
Deleted in xenial-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.10) xenial; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:43:46 +0200
Superseded in zesty-updates on 2017-09-21
Deleted in zesty-proposed on 2017-09-23 (Reason: moved to -updates)
samba (2:4.5.8+dfsg-0ubuntu0.17.04.6) zesty; urgency=medium

  * d/p/bug_1702529_EACCESS_with_rootshare.patch:
    Handle corner case for / shares. (LP: #1702529)

 -- Dariusz Gadomski <email address hidden>  Wed, 23 Aug 2017 11:50:15 +0200
Superseded in artful-release on 2017-09-07
Deleted in artful-proposed on 2017-09-08 (Reason: moved to release)
samba (2:4.6.7+dfsg-1ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1710281).
    - Upstream version 4.6.7 fixes the CVE-2017-2619 regression with non-wide
      symlinks to directories (LP: #1701073)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
    - d/rules: Compile winbindd/winbindd statically.
    - Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Mon, 21 Aug 2017 17:27:08 -0300
Superseded in artful-release on 2017-08-22
Deleted in artful-proposed on 2017-08-24 (Reason: moved to release)
samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1700644). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
  * Drop:
    - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
      [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
      fix-1584485.patch was dropped there.]
    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure
      [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
      in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
    - debian/patches/winbind_trusted_domains.patch: make sure domain
      members can talk to trusted domains DCs.
      [Upstream committed a different fix, see updated patch attached to
      https://bugzilla.samba.org/show_bug.cgi?id=11830]
    - d/control: add libcephfs-dev as b-d to build vfs_ceph
      [Adopted by Debian in 2:4.6.5+dfsg-1]
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
      [Adopted by Debian as
      d/p/CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch]
    - Cherrypick upstream patch to fix FTBFS with new ceph lib.
      [Merged upstream in 4.6.0rc1]
  * Disable glusterfs support because it's not in main.
    MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden>  Thu, 10 Aug 2017 22:20:22 -0300
Superseded in artful-release on 2017-08-17
Deleted in artful-proposed on 2017-08-18 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu5) artful; urgency=medium

  * Cherrypick upstream patch to fix FTBFS with new ceph lib.

Superseded in zesty-updates on 2017-08-31
Deleted in zesty-proposed on 2017-09-02 (Reason: moved to -updates)
samba (2:4.5.8+dfsg-0ubuntu0.17.04.5) zesty; urgency=medium

  * Remove the fix for LP #1584485 as it builds a broken pam_winbind
    module. There is a revised version of that patch attached to
    #1584485 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)
    - d/p/fix-1584485.patch: drop
    - d/rules: remove winbind static build option

 -- Andreas Hasenack <email address hidden>  Thu, 13 Jul 2017 14:44:16 -0300
Superseded in artful-proposed on 2017-07-26
samba (2:4.5.8+dfsg-2ubuntu4) artful; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Mon, 17 Jul 2017 16:22:28 -0700
Superseded in xenial-updates on 2017-08-31
Superseded in xenial-security on 2017-09-21
samba (2:4.3.11+dfsg-0ubuntu0.16.04.9) xenial-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 14:03:40 -0700
Superseded in trusty-updates on 2017-08-31
Superseded in trusty-security on 2017-09-21
samba (2:4.3.11+dfsg-0ubuntu0.14.04.10) trusty-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 14:06:03 -0700
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
samba (2:4.4.5+dfsg-2ubuntu5.8) yakkety-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 13:27:39 -0700
Superseded in zesty-updates on 2017-08-14
Superseded in zesty-security on 2017-09-21
samba (2:4.5.8+dfsg-0ubuntu0.17.04.4) zesty-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103: use encrypted service name rather
      than unencrypted (and therefore spoofable) version in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden>  Thu, 13 Jul 2017 13:21:50 -0700
Superseded in xenial-updates on 2017-07-14
Superseded in xenial-security on 2017-07-14
samba (2:4.3.11+dfsg-0ubuntu0.16.04.8) xenial-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <email address hidden>  Tue, 04 Jul 2017 07:56:30 -0400
Superseded in trusty-updates on 2017-07-14
Superseded in trusty-security on 2017-07-14
samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <email address hidden>  Tue, 04 Jul 2017 08:01:55 -0400
Superseded in yakkety-updates on 2017-07-14
Superseded in yakkety-security on 2017-07-14
samba (2:4.4.5+dfsg-2ubuntu5.7) yakkety-security; urgency=medium

  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

 -- Andreas Hasenack <email address hidden>  Fri, 30 Jun 2017 17:02:20 -0300
Superseded in zesty-updates on 2017-07-14
Superseded in zesty-security on 2017-07-14
samba (2:4.5.8+dfsg-0ubuntu0.17.04.3) zesty-security; urgency=medium

  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

 -- Andreas Hasenack <email address hidden>  Fri, 30 Jun 2017 17:02:20 -0300
Superseded in artful-release on 2017-07-26
Deleted in artful-proposed on 2017-07-28 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu3) artful; urgency=medium

  * No-change rebuild against libldb 1.1.29

 -- Steve Langasek <email address hidden>  Sun, 25 Jun 2017 16:09:33 -0700
Superseded in artful-release on 2017-06-26
Deleted in artful-proposed on 2017-06-27 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu2) artful; urgency=medium

  * Add extra DEP8 tests to samba (LP: #1696823):
    - d/t/control: enable the new DEP8 tests
    - d/t/smbclient-anonymous-share-list: list available shares anonymously
    - d/t/smbclient-authenticated-share-list: list available shares using
      an authenticated connection
    - d/t/smbclient-share-access: create a share and download a file from it
    - d/t/cifs-share-access: access a file in a share using cifs
  * Ask the user if we can run testparm against the config file. If yes,
    include its stderr and exit status in the bug report. Otherwise, only
    include the exit status. (LP: #1694334)
  * If systemctl is available, use it to query the status of the smbd
    service before trying to reload it. Otherwise, keep the same check
    as before and reload the service based on the existence of the
    initscript. (LP: #1579597)
  * Remove d/p/fix-1584485.patch as it builds a broken pam_winbind
    module. There is a fixed version of that patch attached to
    #1677329 but it has not been vetted yet, so for now it's best
    to revert (again) so that pam_winbind can be used.
    (LP: #1677329, LP: #1644428)

 -- Andreas Hasenack <email address hidden>  Mon, 19 Jun 2017 10:49:29 -0700
Superseded in artful-release on 2017-06-20
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
samba (2:4.5.8+dfsg-2ubuntu1) artful; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure
    - debian/patches/winbind_trusted_domains.patch: make sure domain
      members can talk to trusted domains DCs.
    - d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked
    - d/rules: Compile winbindd/winbindd statically.
    - d/control: add libcephfs-dev as b-d to build vfs_ceph

Superseded in artful-release on 2017-06-19
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
samba (2:4.5.8+dfsg-0ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Wed, 24 May 2017 07:39:13 -0400
Superseded in trusty-updates on 2017-07-05
Superseded in trusty-security on 2017-07-05
samba (2:4.3.11+dfsg-0ubuntu0.14.04.8) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:18:37 -0400
Superseded in xenial-updates on 2017-07-05
Superseded in xenial-security on 2017-07-05
samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:18:13 -0400
Superseded in yakkety-updates on 2017-07-05
Superseded in yakkety-security on 2017-07-05
samba (2:4.4.5+dfsg-2ubuntu5.6) yakkety-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:17:51 -0400
Superseded in zesty-updates on 2017-07-05
Superseded in zesty-security on 2017-07-05
samba (2:4.5.8+dfsg-0ubuntu0.17.04.2) zesty-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 14:16:09 -0400
Superseded in artful-release on 2017-05-25
Superseded in zesty-updates on 2017-05-24
Deleted in artful-proposed on 2017-05-26 (Reason: moved to release)
Superseded in zesty-security on 2017-05-24
samba (2:4.5.8+dfsg-0ubuntu0.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - Updated to new upstream release 4.5.8.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Fri, 21 Apr 2017 07:33:25 -0400
Superseded in trusty-updates on 2017-05-24
Superseded in trusty-security on 2017-05-24
samba (2:4.3.11+dfsg-0ubuntu0.14.04.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 09:28:06 -0400
Published in precise-updates on 2017-03-30
Published in precise-security on 2017-03-30
samba (2:3.6.25-0ubuntu0.12.04.10) precise-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/bug12721-*.patch: add backported fixes from Samba bug
      #12721.
  * debian/patches/*: fix CVE number in patch filenames.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 09:43:30 -0400
Superseded in yakkety-updates on 2017-05-24
Superseded in yakkety-security on 2017-05-24
samba (2:4.4.5+dfsg-2ubuntu5.5) yakkety-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 07:31:03 -0400
Superseded in xenial-updates on 2017-05-24
Superseded in xenial-security on 2017-05-24
samba (2:4.3.11+dfsg-0ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden>  Tue, 28 Mar 2017 08:31:57 -0400
Superseded in precise-updates on 2017-03-30
Superseded in precise-security on 2017-03-30
samba (2:3.6.25-0ubuntu0.12.04.9) precise-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619-*.patch: security fix and prerequisite
      patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Tue, 21 Mar 2017 08:06:46 -0400
Superseded in xenial-updates on 2017-03-30
Superseded in xenial-security on 2017-03-30
samba (2:4.3.11+dfsg-0ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:50:12 -0400
Superseded in trusty-updates on 2017-03-30
Superseded in trusty-security on 2017-03-30
samba (2:4.3.11+dfsg-0ubuntu0.14.04.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:50:12 -0400
Superseded in yakkety-updates on 2017-03-30
Superseded in yakkety-security on 2017-03-30
samba (2:4.4.5+dfsg-2ubuntu5.4) yakkety-security; urgency=medium

  * SECURITY UPDATE: Symlink race allows access outside share definition
    - debian/patches/CVE-2017-2619/*.patch: backport security fix and
      prerequisite patches from upstream.
    - CVE-2017-2619

 -- Marc Deslauriers <email address hidden>  Mon, 20 Mar 2017 10:47:39 -0400
Superseded in artful-release on 2017-04-25
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
samba (2:4.5.4+dfsg-1ubuntu2) zesty; urgency=medium

  * d/control: add libcephfs-dev as b-d to build vfs_ceph
    (LP: #1668940).

 -- Nishanth Aravamudan <email address hidden>  Mon, 06 Mar 2017 11:13:41 -0800
Superseded in zesty-release on 2017-03-16
Deleted in zesty-proposed on 2017-03-18 (Reason: moved to release)
samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

 -- Nishanth Aravamudan <email address hidden>  Thu, 26 Jan 2017 17:20:15 -0800
Superseded in zesty-release on 2017-02-09
Deleted in zesty-proposed on 2017-02-10 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu7) zesty; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126

 -- Marc Deslauriers <email address hidden>  Fri, 20 Jan 2017 12:32:25 -0500
Superseded in precise-updates on 2017-03-23
Superseded in precise-security on 2017-03-23
samba (2:3.6.25-0ubuntu0.12.04.5) precise-security; urgency=medium

  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125-v3.6.patch: don't use GSS_C_DELEG_FLAG in
      source3/librpc/crypto/gse.c and source3/libsmb/clifsinfo.c.
    - CVE-2016-2125

 -- Steve Beattie <email address hidden>  Tue, 13 Dec 2016 11:00:51 -0800
Superseded in trusty-updates on 2017-03-23
Superseded in trusty-security on 2017-03-23
samba (2:4.3.11+dfsg-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:40:01 -0500
Superseded in xenial-updates on 2017-03-23
Superseded in xenial-security on 2017-03-23
samba (2:4.3.11+dfsg-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126
  * This package does _not_ contain the changes from
    2:4.3.11+dfsg-0ubuntu0.16.04.2 in xenial-proposed.

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:37:28 -0500
Superseded in yakkety-updates on 2017-03-23
Superseded in yakkety-security on 2017-03-23
samba (2:4.4.5+dfsg-2ubuntu5.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126
  * This package does _not_ contain the changes from
    2:4.4.5+dfsg-2ubuntu5.1 in yakkety-proposed.

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 08:12:03 -0500
Superseded in trusty-updates on 2016-12-19
Deleted in trusty-proposed on 2016-12-20 (Reason: moved to -updates)
samba (2:4.3.11+dfsg-0ubuntu0.14.04.3) trusty; urgency=high

  * Revert to version prior to the 2:4.3.11+dfsg-0ubuntu0.14.04.2
    which is causing regression with statically linked libpam_winbind.
    Removes d/p/fix-1584485.patch. LP: #1644428

 -- Louis Bouchard <email address hidden>  Thu, 24 Nov 2016 15:40:40 +0100
Deleted in yakkety-proposed on 2016-12-21 (Reason: moved to -updates)
samba (2:4.4.5+dfsg-2ubuntu5.1) yakkety; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
    to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 16:00:31 +0100
Deleted in xenial-proposed on 2016-12-09 (Reason: SRU failed verification)
samba (2:4.3.11+dfsg-0ubuntu0.16.04.2) xenial; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
   to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 15:25:33 +0100
Superseded in trusty-updates on 2016-11-25
Superseded in trusty-proposed on 2016-11-24
samba (2:4.3.11+dfsg-0ubuntu0.14.04.2) trusty; urgency=medium

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
   to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 09 Nov 2016 15:09:11 +0100
Superseded in zesty-release on 2017-01-20
Deleted in zesty-proposed on 2017-01-22 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu6) zesty; urgency=high

  * d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
    to be statically linked fixes LP: #1584485.

  * d/rules: Compile winbindd/winbindd statically.

 -- Jorge Niedbalski <email address hidden>  Wed, 02 Nov 2016 13:59:10 +0100
Superseded in trusty-updates on 2016-11-23
Superseded in trusty-security on 2016-12-19
samba (2:4.3.11+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: client-signing protection mechanism bypass
    - Updated to upstream 4.3.11
    - CVE-2016-2119
  * Removed patches included in new version
    - debian/patches/samba-bug11912.patch
    - debian/patches/samba-bug11914.patch
  * debian/patches/git_smbclient_cpu.patch:
    - backport upstream patch to fix smbclient users hanging/eating cpu on
      trying to contact a machine which is not there.

 -- Marc Deslauriers <email address hidden>  Fri, 23 Sep 2016 14:14:05 -0400
Superseded in xenial-updates on 2016-12-19
Superseded in xenial-security on 2016-12-19
samba (2:4.3.11+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: client-signing protection mechanism bypass
    - Updated to upstream 4.3.11
    - CVE-2016-2119
  * Removed patches included in new version
    - debian/patches/samba-bug11912.patch
    - debian/patches/samba-bug11914.patch

 -- Marc Deslauriers <email address hidden>  Fri, 23 Sep 2016 14:00:16 -0400
Superseded in zesty-release on 2016-11-05
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu5) yakkety; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Sun, 18 Sep 2016 10:26:52 +0000
Superseded in yakkety-proposed on 2016-09-18
samba (2:4.4.5+dfsg-2ubuntu4) yakkety; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Sat, 17 Sep 2016 12:09:21 +0000
Superseded in xenial-updates on 2016-09-28
Deleted in xenial-proposed on 2016-09-30 (Reason: moved to -updates)
samba (2:4.3.9+dfsg-0ubuntu0.16.04.3) xenial; urgency=medium

  * debian/patches/git_smbclient_cpu.patch:
    - backport upstream patch to fix smbclient users hanging/eating cpu on
      trying to contact a machine which is not there (lp: #1572260)

 -- Sebastien Bacher <email address hidden>  Thu, 11 Aug 2016 10:39:10 +0200
Superseded in yakkety-release on 2016-09-28
Deleted in yakkety-proposed on 2016-09-29 (Reason: moved to release)
samba (2:4.4.5+dfsg-2ubuntu3) yakkety; urgency=medium

  * debian/patches/git_smbclient_cpu.patch:
    - backport upstream patch to fix smbclient users hanging/eating cpu on
      trying to contact a machine which is not there (lp: #1572260)

 -- Sebastien Bacher <email address hidden>  Fri, 05 Aug 2016 17:32:43 +0200
Superseded in yakkety-proposed on 2016-08-05
samba (2:4.4.5+dfsg-2ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
  * Dropped changes:
    - build-depends on libgnutls-dev instead of libgnutsl28-dev: rename was
      never done in Debian, revert.
    - ufw integration: included in Debian.

Superseded in yakkety-release on 2016-08-06
Deleted in yakkety-proposed on 2016-08-07 (Reason: moved to release)
samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

 -- Marc Deslauriers <email address hidden>  Wed, 25 May 2016 09:29:15 -0400
Superseded in trusty-updates on 2016-09-28
Superseded in trusty-security on 2016-09-28
samba (2:4.3.9+dfsg-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.
  * debian/rules: work around amd64 build failure (LP: #1585174)

 -- Marc Deslauriers <email address hidden>  Tue, 24 May 2016 07:47:59 -0400
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
samba (2:4.3.9+dfsg-0ubuntu0.15.10.2) wily-security; urgency=medium

  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

 -- Marc Deslauriers <email address hidden>  Fri, 20 May 2016 08:09:44 -0400
Superseded in xenial-updates on 2016-09-22
Superseded in xenial-security on 2016-09-28
samba (2:4.3.9+dfsg-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

 -- Marc Deslauriers <email address hidden>  Fri, 20 May 2016 07:31:37 -0400
Superseded in precise-updates on 2016-12-19
Superseded in precise-security on 2016-12-19
samba (2:3.6.25-0ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY REGRESSION: compatibility with NetAPP SAN (LP: #1576109)
    - debian/patches/fix_netapp.patch: don't require NTLMSSP_SIGN for smb
      connections in source3/libsmb/ntlmssp.c.
  * SECURITY REGRESSION: compatibility with 3.6 servers (LP: #1574403)
    - debian/patches/relax_client_ipc_signing.patch: relax the
      "client ipc signing" parameter to "auto" so a 3.6 client can still
      connect to a 3.6 server. Administrators in environments that
      exclusively connect to more recent servers might want to manually
      configure this back to "mandatory".

 -- Marc Deslauriers <email address hidden>  Thu, 12 May 2016 11:51:56 -0400
175 of 430 results