Ubuntu
samba package

Change log for samba package in Ubuntu

301375 of 640 results FirstLast
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium

  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
    (LP: #1545750)

 -- Dariusz Gadomski <email address hidden>  Mon, 15 Feb 2016 16:05:12 +0100
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.12) trusty-security; urgency=medium

  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
    (LP: #1545750)

 -- Dariusz Gadomski <email address hidden>  Mon, 15 Feb 2016 15:59:51 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.13) precise-security; urgency=medium

  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      source3/libsmb/clidfs.c, source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/util/charset/charset.h, lib/util/charset/codepoints.c,
      lib/util/charset/util_unistr.c, source3/lib/util_str.c.
    - CVE-2015-5330

 -- Marc Deslauriers <email address hidden>  Mon, 04 Jan 2016 14:50:47 -0500
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.11) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.
  * This update does _not_ contain the changes from samba
    2:4.1.6+dfsg-1ubuntu2.14.04.10 in trusty-proposed.

 -- Marc Deslauriers <email address hidden>  Mon, 04 Jan 2016 11:28:45 -0500
Obsolete in vivid-updates
Obsolete in vivid-security 
samba (2:4.1.13+dfsg-4ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.

 -- Marc Deslauriers <email address hidden>  Mon, 04 Jan 2016 10:36:48 -0500
Superseded in wily-updates
Superseded in wily-security 
samba (2:4.1.17+dfsg-4ubuntu3.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service in ldb_wildcard_compare function
    - debian/patches/CVE-2015-3223.patch: handle empty strings and
      embedded zeros in lib/ldb/common/ldb_match.c.
    - CVE-2015-3223
  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      libcli/smb/smbXcli_base.c, source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/ldb/common/ldb_dn.c, lib/util/charset/charset.h,
      lib/util/charset/codepoints.c, lib/util/charset/util_str.c,
      lib/util/charset/util_unistr.c.
    - CVE-2015-5330
  * SECURITY UPDATE: LDAP server denial of service
    - debian/patches/CVE-2015-7540.patch: check returns in lib/util/asn1.c,
      libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
      source4/libcli/ldap/ldap_controls.c.
    - CVE-2015-7540
  * SECURITY UPDATE: access restrictions bypass in machine account creation
    - debian/patches/CVE-2015-8467.patch: restrict swapping between account
      types in source4/dsdb/samdb/ldb_modules/samldb.c.
    - CVE-2015-8467
  * debian/control: bump libldb-dev Build-Depends to security update
    version.

 -- Marc Deslauriers <email address hidden>  Mon, 04 Jan 2016 09:30:56 -0500
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.1.20+dfsg-1ubuntu5) xenial; urgency=medium

  * Resolve small merge error in the rules

 -- Sebastien Bacher <email address hidden>  Wed, 16 Dec 2015 12:02:12 +0100
Superseded in xenial-proposed 
samba (2:4.1.20+dfsg-1ubuntu4) xenial; urgency=medium

  * Backport Debian change to remove libpam-smbpasswd, it segfaults
    leading to non working session (lp: #1515207)

 -- Sebastien Bacher <email address hidden>  Wed, 16 Dec 2015 11:47:44 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.1.20+dfsg-1ubuntu3) xenial; urgency=medium

  * Build with the new ldb

 -- Sebastien Bacher <email address hidden>  Wed, 18 Nov 2015 11:45:32 +0100
Superseded in wily-updates
Deleted in wily-proposed (Reason: moved to -updates) 
samba (2:4.1.17+dfsg-4ubuntu3) wily; urgency=medium

  * debian/samba.logrotate:
    - revert to Debian version of the logrotate reload command, fix an
      invalid syntax introduced in the upstart->systemd transition
      (lp: #1385868)

 -- Sebastien Bacher <email address hidden>  Tue, 10 Nov 2015 19:04:30 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.1.20+dfsg-1ubuntu2) xenial; urgency=medium

  * debian/samba.logrotate:
    - revert to Debian version of the logrotate reload command, fix an
      invalid syntax introduced in the upstart->systemd transition
      (lp: #1385868)

 -- Sebastien Bacher <email address hidden>  Tue, 10 Nov 2015 19:01:06 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release) 
samba (2:4.1.20+dfsg-1ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
      processes such that it works under both upstart and systemd.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
Deleted in trusty-proposed (Reason: moved to -updates) 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.10) trusty; urgency=medium

  * debian/patches/git_netbios_empty_name.patch:
    - s3-nmbd: Fix netbios name truncation, should fix machines having
      an empty name on smb if their netbios name is long (lp: #1505590)

 -- Sebastien Bacher <email address hidden>  Tue, 13 Oct 2015 10:56:29 +0100
Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates) 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.9) trusty; urgency=medium

  * debian/patches/0001-byteorder-do-not-assume-PowerPC-is-big-endian.patch:
    deal with the fact that POWER8 can be little-endian, so don't use special
    instructions to write in little-endian in that case. (LP: #1472584)

 -- Mathieu Trudel-Lapierre <email address hidden>  Wed, 12 Aug 2015 21:09:22 -0400
Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
samba (2:4.1.17+dfsg-4ubuntu2) wily; urgency=medium

  * debian/control:
    - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

 -- Robert Ancell <email address hidden>  Tue, 11 Aug 2015 11:34:50 +1200
Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates) 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.8) trusty; urgency=medium

  * Fix for "no talloc stackframe at" warning messages (LP: #1257186)

 -- Ryan Harper <email address hidden>  Mon, 22 Jun 2015 08:48:37 -0500
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
samba (2:4.1.17+dfsg-4ubuntu1) wily; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
      processes such that it works under both upstart and systemd.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
    + debian/patches/git_timeout_client_error.patch:
    - don't let smb mounts timeout that leads to errors when trying to
      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
Superseded in wily-proposed 
samba (2:4.1.13+dfsg-4ubuntu4) wily; urgency=medium

  * No-change rebuild against current libldb1. This makes the package
    installable again.

 -- Martin Pitt <email address hidden>  Fri, 08 May 2015 06:09:32 +0200
Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
samba (2:4.1.13+dfsg-4ubuntu3) vivid; urgency=medium

  * debian/patches/git_timeout_client_error.patch:
    - don't let smb mounts timeout that leads to errors when trying to
      reuse a mount after idling for a while in e.g nautilus (lp: #310932)
 -- Sebastien Bacher <email address hidden>   Fri, 03 Apr 2015 17:20:06 +0200
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c, initialize creds_out in
      libcli/auth/schannel_state_tdb.c.
    - CVE-2015-0240
 -- Marc Deslauriers <email address hidden>   Mon, 23 Feb 2015 10:29:50 -0500
Obsolete in utopic-updates
Obsolete in utopic-security 
samba (2:4.1.11+dfsg-1ubuntu2.2) utopic-security; urgency=medium

  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240
 -- Marc Deslauriers <email address hidden>   Mon, 23 Feb 2015 09:07:06 -0500
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.7) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240
 -- Marc Deslauriers <email address hidden>   Mon, 23 Feb 2015 09:07:54 -0500
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
samba (2:4.1.13+dfsg-4ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: code execution vulnerability in smbd daemon
    - debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
      uninitialized pointer and don't dereference a NULL pointer in
      source3/rpc_server/netlogon/srv_netlog_nt.c.
    - CVE-2015-0240
 -- Marc Deslauriers <email address hidden>   Mon, 23 Feb 2015 08:36:51 -0500
Deleted in trusty-proposed (Reason: moved to -updates) 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.6) trusty; urgency=medium

  * Fix "force user" and "force group" options. (LP: #1416906)
 -- Dave Chiluk <email address hidden>   Wed, 11 Feb 2015 15:49:11 -0800
Superseded in trusty-updates
Superseded in trusty-proposed 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.5) trusty; urgency=medium

  * Restore recommends for the separate libnss-winbind and libpam-winbind
    packages needed for upgrades of winbind from Precise to Trusty.
    (LP: #1412909)
 -- Brian Murray <email address hidden>   Wed, 28 Jan 2015 15:24:47 -0800
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
samba (2:4.1.13+dfsg-4ubuntu1) vivid; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: use service command to reload (send SIGHUP) the main
      processes such that it works under both upstart and systemd.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
    + debian/patches/CVE-2014-8143.patch fix CVE-2014-8143.
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
samba (2:4.1.11+dfsg-1ubuntu4) vivid; urgency=medium

  * SECURITY UPDATE: elevation of privilege to AD Domain Controller
    - debian/patches/CVE-2014-8143.patch: check for extended access rights
      before allowing changes to userAccountControl in
      librpc/idl/security.idl, source4/auth/session.c,
      source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
      source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
      source4/rpc_server/lsa/dcesrv_lsa.c,
      source4/setup/schema_samba4.ldif.
    - CVE-2014-8143
 -- Marc Deslauriers <email address hidden>   Wed, 21 Jan 2015 09:19:12 -0500
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: elevation of privilege to AD Domain Controller
    - debian/patches/CVE-2014-8143.patch: check for extended access rights
      before allowing changes to userAccountControl in
      librpc/idl/security.idl, source4/auth/session.c,
      source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
      source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
      source4/rpc_server/lsa/dcesrv_lsa.c,
      source4/setup/schema_samba4.ldif.
    - CVE-2014-8143
 -- Marc Deslauriers <email address hidden>   Wed, 21 Jan 2015 09:26:12 -0500
Superseded in utopic-updates
Superseded in utopic-security 
samba (2:4.1.11+dfsg-1ubuntu2.1) utopic-security; urgency=medium

  * SECURITY UPDATE: elevation of privilege to AD Domain Controller
    - debian/patches/CVE-2014-8143.patch: check for extended access rights
      before allowing changes to userAccountControl in
      librpc/idl/security.idl, source4/auth/session.c,
      source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
      source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
      source4/rpc_server/lsa/dcesrv_lsa.c,
      source4/setup/schema_samba4.ldif.
    - CVE-2014-8143
 -- Marc Deslauriers <email address hidden>   Wed, 21 Jan 2015 09:25:29 -0500
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
samba (2:4.1.11+dfsg-1ubuntu3) vivid; urgency=medium

  * No-change rebuild against current ldb. Note that I'm not claiming the
    merging for this package.
 -- Martin Pitt <email address hidden>   Thu, 04 Dec 2014 07:50:22 +0100
Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium

  * d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
    pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
 -- Serge Hallyn <email address hidden>   Thu, 11 Sep 2014 11:53:36 -0500
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    +  debian/smb.conf;
       - Add "(Samba, Ubuntu)" to server string.
       - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: call upstart interfaces unconditionally instead
      of hacking arround with pid files.
    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
      first dummy transitional package version.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.

  * In logrotate, use service command to reload (send SIGHUP) the main
    processes such that it works under both upstart and systemd.
  * Drop CVE patches, applied upstream.
  * Drop patches absent from series: readline-ftbfs.patch,
    krb5_kt_start_seq.diff, config-bind99.patch
  * Drop debian/source/include-binaries, pyc files are correctly cleaned up
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium

  * SECURITY UPDATE: remote code execution on unauthenticated nmbd
    - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
      lib/util/string_wrappers.h.
    - CVE-2014-3560
 -- Marc Deslauriers <email address hidden>   Fri, 01 Aug 2014 17:54:54 -0400
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution on unauthenticated nmbd
    - debian/patches/CVE-2014-3560.patch: fix unstrcpy in
      lib/util/string_wrappers.h.
    - CVE-2014-3560
 -- Marc Deslauriers <email address hidden>   Fri, 01 Aug 2014 17:57:10 -0400
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium

  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493
 -- Marc Deslauriers <email address hidden>   Mon, 23 Jun 2014 14:10:12 -0400
Superseded in trusty-updates
Superseded in trusty-security 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
    - debian/patches/CVE-2014-0178.patch: don't return uninitialized data
      and extra bytes in source3/modules/vfs_default.c.
    - CVE-2014-0178
  * SECURITY UPDATE: denial of service via forged DNS response
    - debian/patches/CVE-2014-0239.patch: don't reply to replies in
      source4/dns_server/dns_server.c, added test to
      python/samba/tests/dns.py.
    - CVE-2014-0239
  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493
 -- Marc Deslauriers <email address hidden>   Mon, 23 Jun 2014 14:26:59 -0400
Obsolete in lucid-updates
Obsolete in lucid-security 
samba (2:3.4.7~dfsg-1ubuntu3.15) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493
 -- Marc Deslauriers <email address hidden>   Mon, 23 Jun 2014 15:07:40 -0400
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.11) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493
 -- Marc Deslauriers <email address hidden>   Mon, 23 Jun 2014 15:02:25 -0400
Obsolete in saucy-updates
Obsolete in saucy-security 
samba (2:3.6.18-1ubuntu3.3) saucy-security; urgency=medium

  * SECURITY UPDATE: info leak via SRV_SNAPSHOT_ARRAY response field
    - debian/patches/CVE-2014-0178.patch: don't return uninitialized data
      and extra bytes in source3/smbd/nttrans.c.
    - CVE-2014-0178
  * SECURITY UPDATE: denial of service on nmbd malformed packet
    - debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
      source3/lib/system.c.
    - CVE-2014-0244
  * SECURITY UPDATE: denial of service via bad unicode conversion
    - debian/patches/CVE-2014-3493.patch: refactor code in
      source3/lib/charcnv.c, change return code checks in
      source3/libsmb/clirap.c, source3/smbd/lanman.c.
    - CVE-2014-3493
 -- Marc Deslauriers <email address hidden>   Mon, 23 Jun 2014 14:58:05 -0400
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    +  debian/smb.conf;
       - Add "(Samba, Ubuntu)" to server string.
       - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: call upstart interfaces unconditionally instead
      of hacking arround with pid files.
    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
      first dummy transitional package version.
    + Dropped patches:
      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
      - debian/patches/readline-ftbfs.patch: Use the debian version.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
      (LP: #1268180)
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium

  * Set the stack size to unlimited during the build to avoid a SIGBUS in
    xsltproc on some architectures.
 -- Colin Watson <email address hidden>   Mon, 02 Jun 2014 23:18:40 +0100
Superseded in utopic-proposed 
samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium

  * Backport from unstable (Ivo De Decker):
    - Build-depend on heimdal-dev.
 -- Colin Watson <email address hidden>   Mon, 02 Jun 2014 15:39:54 +0100
Superseded in utopic-proposed 
samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high

  * No change rebuild against new dh_installinit, to call update-rc.d at
    postinst.
 -- Dimitri John Ledkov <email address hidden>   Wed, 28 May 2014 10:41:32 +0100
Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates) 
samba (2:4.1.6+dfsg-1ubuntu2.14.04.1) trusty-proposed; urgency=medium

  * cherrypick upstream patch 1310919 to fix pam_winbind regression
    (LP: #1310919)
 -- Serge Hallyn <email address hidden>   Tue, 29 Apr 2014 16:05:44 -0500
Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium

  * cherrypick upstream patch 1310919 to fix pam_winbind regression
    (LP: #1310919)
 -- Serge Hallyn <email address hidden>   Tue, 29 Apr 2014 16:05:44 -0500
Superseded in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium

  * Fix a grammatical error in smb.conf that showed up in a ucf prompt on
    upgrade.
 -- Steve Langasek <email address hidden>   Thu, 03 Apr 2014 19:08:03 -0700
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.6+dfsg-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    +  debian/smb.conf;
       - Add "(Samba, Ubuntu)" to server string.
       - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Don't build against or suggest ctdb and tdb.
    + debian/rules:
      - Drop explicit configuration options for ctdb and tdb.
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + debian/samba.logrotate: call upstart interfaces unconditionally instead
      of hacking arround with pid files.
    + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
      first dummy transitional package version.
    + Dropped patches:
      - debian/patches/CVE-2013-4496.patch: Dropped no longer needed
      - debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
      - debian/patches/readline-ftbfs.patch: Use the debian version.
    + debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
      (LP: #1268180)
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.3+dfsg-2ubuntu5) trusty; urgency=medium

  * debian/smb.conf: comment back some of the "share definitions"
    options (including "valid users"). That was an Ubuntu diff and seems to
    have been dropped in the trusty merge. Those changes seem needed to
    get the usershare feature working (used by nautilus-share) (lp: #1261873)
 -- Sebastien Bacher <email address hidden>   Tue, 01 Apr 2014 16:01:04 +0200
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.3+dfsg-2ubuntu4) trusty; urgency=medium

  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496
  * SECURITY UPDATE: smbcacls can remove a file or directory ACL by
    mistake
    - debian/patches/CVE-2013-6442.patch: handle existing ACL in
      source3/utils/smbcacls.c.
    - CVE-2013-6442
  * debian/patches/readline-ftbfs.patch: fix ftbfs with newer readline6.
 -- Marc Deslauriers <email address hidden>   Mon, 17 Mar 2014 08:32:30 -0400
Superseded in lucid-updates
Superseded in lucid-security 
samba (2:3.4.7~dfsg-1ubuntu3.14) lucid-security; urgency=medium

  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/auth_sam.c,
      source3/rpc_server/srv_samr_nt.c,
      source3/smbd/chgpasswd.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496
 -- Marc Deslauriers <email address hidden>   Mon, 17 Mar 2014 10:53:36 -0400
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.10) precise-security; urgency=medium

  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496
 -- Marc Deslauriers <email address hidden>   Mon, 17 Mar 2014 08:54:32 -0400
Obsolete in quantal-updates
Obsolete in quantal-security 
samba (2:3.6.6-3ubuntu5.4) quantal-security; urgency=medium

  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496
 -- Marc Deslauriers <email address hidden>   Mon, 17 Mar 2014 08:53:51 -0400
Superseded in saucy-updates
Superseded in saucy-security 
samba (2:3.6.18-1ubuntu3.2) saucy-security; urgency=medium

  * SECURITY UPDATE: Password lockout not enforced for SAMR password
    changes
    - debian/patches/CVE-2013-4496.patch: refactor password lockout code in
      source3/auth/check_samsec.c,
      source3/rpc_server/samr/srv_samr_chgpasswd.c,
      source3/rpc_server/samr/srv_samr_nt.c,
      source3/smbd/lanman.c,
      source4/rpc_server/samr/samr_password.c,
      source4/torture/rpc/samr.c.
    - CVE-2013-4496
 -- Marc Deslauriers <email address hidden>   Mon, 17 Mar 2014 08:51:05 -0400
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.3+dfsg-2ubuntu3) trusty; urgency=medium

  * Depend on tdb-tools (LP: #1279593)
  * Updated generated config for Bind9.9.
 -- Stephane Graber <email address hidden>   Wed, 12 Feb 2014 21:26:00 -0500
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.1.3+dfsg-2ubuntu2) trusty; urgency=medium

  * Add missing python-ntdb dependency to python-samba (spotted by
    autopkgtest).
 -- Martin Pitt <email address hidden>   Mon, 10 Feb 2014 09:53:01 +0100
Superseded in trusty-proposed 
samba (2:4.1.3+dfsg-2ubuntu1) trusty; urgency=low

  * Merge from Debian Unstable:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
  * debian/smb.conf;
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
  + debian/samba-common.config:
    - Do not change prioritiy to high if dhclient3 is installed.
  + debian/control:
    - Don't build against or suggest ctdb and tdb.
  + debian/rules:
    - Drop explicit configuration options for ctdb and tdb.
  + Add ufw integration:
    - Created debian/samba.ufw.profile:
    - debian/rules, debian/samba.install: install profile
  + Add apport hook:
   - Created debian/source_samba.py.
   - debian/rules, debia/samb-common-bin.install: install hook.
  + debian/samba.logrotate: call upstart interfaces unconditionally instead
    of hacking arround with pid files.
  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
    first dummy transitional package version.
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.0.13+dfsg-1ubuntu1) trusty; urgency=low

  * Merge from Debian Unstable:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
  * debian/smb.conf;
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
  + debian/samba-common.config:
    - Do not change prioritiy to high if dhclient3 is installed.
  + debian/control:
    - Don't build against or suggest ctdb and tdb.
  + debian/rules:
    - Drop explicit configuration options for ctdb and tdb.
  + Add ufw integration:
    - Created debian/samba.ufw.profile:
    - debian/rules, debian/samba.install: install profile
  + Add apport hook:
   - Created debian/source_samba.py.
   - debian/rules, debia/samb-common-bin.install: install hook.
  + debian/samba.logrotate: call upstart interfaces unconditionally instead
    of hacking arround with pid files.
  + Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
    first dummy transitional package version.
Superseded in lucid-updates
Superseded in lucid-security 
samba (2:3.4.7~dfsg-1ubuntu3.13) lucid-security; urgency=low

  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/ntstatus.h,
      source3/lib/netapi/{group,localgroup,user}.c,
      source3/libnet/libnet_join.c, source3/libsmb/nterr.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/{srv_pipe,srv_pipe_hnd}.c,
      source3/rpcclient/cmd_samr.c, source3/smbd/lanman.c,
      source3/utils/{net_rpc,net_rpc_join}.c,
      source3/winbindd/winbindd_rpc.c,
      source4/libcli/util/{clilsa,nterr}.c,
      source4/libnet/{groupinfo,groupman,libnet_join,libnet_lookup,
      libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408
 -- Marc Deslauriers <email address hidden>   Mon, 09 Dec 2013 12:41:25 -0500
Obsolete in raring-updates
Obsolete in raring-security 
samba (2:3.6.9-1ubuntu1.2) raring-security; urgency=low

  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408
 -- Marc Deslauriers <email address hidden>   Mon, 09 Dec 2013 10:32:37 -0500
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.9) precise-security; urgency=low

  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408
 -- Marc Deslauriers <email address hidden>   Mon, 09 Dec 2013 11:07:25 -0500
Superseded in quantal-updates
Superseded in quantal-security 
samba (2:3.6.6-3ubuntu5.3) quantal-security; urgency=low

  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408
 -- Marc Deslauriers <email address hidden>   Mon, 09 Dec 2013 10:34:07 -0500
Superseded in saucy-updates
Superseded in saucy-security 
samba (2:3.6.18-1ubuntu3.1) saucy-security; urgency=low

  * SECURITY UPDATE: file restrictions bypass via alternate data streams
    - debian/patches/CVE-2013-4475.patch: properly check base file access
      in source3/smbd/open.c.
    - CVE-2013-4475
  * SECURITY UPDATE: pam_winbind access restriction bypass via invalid
    group names
    - debian/patches/CVE-2012-6150.patch: ensure valid groups in
      nsswitch/pam_winbind.c.
    - CVE-2012-6150
  * SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
    fragment length field checking
    - debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
      lib/async_req/async_sock.c, libcli/util/tstream.c,
      librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
      librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
      nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
      source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
      source3/librpc/rpc/dcerpc_helpers.c,
      source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
      source3/rpc_server/netlogon/srv_netlog_nt.c,
      source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
      source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
      source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
      source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
      libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
      source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
      source4/winbind/wb_async_helpers.c.
    - CVE-2013-4408
 -- Marc Deslauriers <email address hidden>   Mon, 09 Dec 2013 10:13:51 -0500
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
samba (2:4.0.10+dfsg-4ubuntu2) trusty; urgency=low

  * Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4, first dummy transitional package version.
 -- Dmitrijs Ledkovs <email address hidden>   Wed, 27 Nov 2013 21:50:43 +0000
Superseded in trusty-proposed 
samba (2:4.0.10+dfsg-4ubuntu1) trusty; urgency=low

  * Merge from Debian Unstable:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
  * debian/smb.conf;
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
  + debian/samba-common.config:
    - Do not change prioritiy to high if dhclient3 is installed.
  + debian/control:
    - Don't build against or suggest ctdb and tdb.
  + debian/rules:
    - Drop explicit configuration options for ctdb and tdb.
  + Add ufw integration:
    - Created debian/samba.ufw.profile:
    - debian/rules, debian/samba.install: install profile
  + Add apport hook:
   - Created debian/source_samba.py.
   - debian/rules, debia/samb-common-bin.install: install hook.
  + debian/samba.logrotate: call upstart interfaces unconditionally instead
    of hacking arround with pid files.
 -- Chuck Short <email address hidden>   Fri, 08 Nov 2013 13:47:46 +0800
Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
samba (2:3.6.18-1ubuntu3) saucy; urgency=low

  * Update config.{guess,sub} for AArch64.
 -- Matthias Klose <email address hidden>   Wed, 09 Oct 2013 12:01:48 +0200
Superseded in lucid-updates
Superseded in lucid-security 
samba (2:3.4.7~dfsg-1ubuntu3.12) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via integer wrap in EA list reading
    - debian/patches/CVE-2013-4124.patch: check offsets in
      source3/smbd/nttrans.c.
    - CVE-2013-4124
  * This packages does _not_ contain the changes from 2:3.4.7~dfsg-1ubuntu3.11
    in lucid-proposed.
 -- Marc Deslauriers <email address hidden>   Tue, 24 Sep 2013 11:39:37 -0400
Superseded in raring-updates
Superseded in raring-security 
samba (2:3.6.9-1ubuntu1.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service via integer wrap in EA list reading
    - debian/patches/CVE-2013-4124.patch: check offsets in
      source3/smbd/nttrans.c.
    - CVE-2013-4124
  * debian/patches/waf-as-source.patch: removed part that fails to apply
    using saucy's quilt.
 -- Marc Deslauriers <email address hidden>   Mon, 23 Sep 2013 14:59:01 -0400
Superseded in precise-updates
Superseded in precise-security 
samba (2:3.6.3-2ubuntu2.8) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via integer wrap in EA list reading
    - debian/patches/CVE-2013-4124.patch: check offsets in
      source3/smbd/nttrans.c.
    - CVE-2013-4124
 -- Marc Deslauriers <email address hidden>   Mon, 23 Sep 2013 15:03:56 -0400
Superseded in quantal-updates
Superseded in quantal-security 
samba (2:3.6.6-3ubuntu5.2) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service via integer wrap in EA list reading
    - debian/patches/CVE-2013-4124.patch: check offsets in
      source3/smbd/nttrans.c.
    - CVE-2013-4124
  * debian/patches/waf-as-source.patch: removed part that fails to apply
    using saucy's quilt.
  * This package does _not_ contain the changes from 2:3.6.6-3ubuntu5.1 in
    quantal-proposed.
 -- Marc Deslauriers <email address hidden>   Mon, 23 Sep 2013 15:02:09 -0400
Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
samba (2:3.6.18-1ubuntu2) saucy; urgency=low

  * /etc/init.d/samba exists again as an init script, so drop ill-fated
    code which tries to remove it in the postinst.  LP: #1216438.
 -- Steve Langasek <email address hidden>   Sun, 25 Aug 2013 10:04:09 -0700
Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
samba (2:3.6.18-1ubuntu1) saucy; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    + debian/patches/VERSION.patch:
      - set SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/control:
      - Don't build against or suggest ctdb.
      - Add dependency on samba-common-bin to samba.
    + Add ufw integration:
      - Created debian/samba.ufw.profile
      - debian/rules, debian/samba.install: install profile.
      - debian/control: have samba suggest ufw.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debian/samba-common-bin.install: install hook.
    + d/rules: Drop explicit configuration options for ctdb.
    + debian/samba.logrotate: call upstart interfaces unconditionally instead
      of hacking around with pid files.
Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
samba (2:3.6.15-1ubuntu2) saucy; urgency=low

  * Cherry-pick 0383e7b04138ad94545a2191019873f26ae3e351 from Debian's
    packaging repository to fix waf-as-source patch fuzz causing the package
    to fail to unpack.
 -- Iain Lane <email address hidden>   Thu, 15 Aug 2013 13:30:54 +0100
Deleted in quantal-proposed (Reason: moved to -updates) 
samba (2:3.6.6-3ubuntu5.1) quantal-proposed; urgency=low

  * Fix login with expiring user passwords (LP: #1003296)
    - Fixed in Samba 3.6.9 (Samba bug: 9013)
 -- Bryan Quigley <email address hidden>   Wed, 10 Jul 2013 14:45:45 -0400
Superseded in precise-updates
Deleted in precise-proposed (Reason: moved to -updates) 
samba (2:3.6.3-2ubuntu2.7) precise-proposed; urgency=low

  * Fix login with expiring user passwords (LP: #1003296)
    - Fixed in Samba 3.6.9 (Samba bug: 9013)
 -- Bryan Quigley <email address hidden>   Wed, 10 Jul 2013 12:25:17 -0400
301375 of 640 results FirstLast