Change log for samba package in Ubuntu
| 76 → 150 of 640 results | First • Previous • Next • Last |
| Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:31:06 +0000
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 14 Feb 2022 10:19:08 -0500
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium * No-change rebuild for icu soname change -- William 'jawn-smith' Wilson <email address hidden> Fri, 11 Feb 2022 11:36:14 -0600
Available diffs
samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.13.17~dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.28) bionic-security; urgency=medium
* SECURITY UPDATE: code exec via out-of-bounds read/write in vfs_fruit
- debian/patches/CVE-2021-44142-1.patch: add defines for icon lengths
in source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-2.patch: add Netatalk xattr used by
vfs_fruit to the list of private Samba xattrs in
source3/smbd/trans2.c.
- debian/patches/CVE-2021-44142-3.patch: harden ad_unpack_xattrs() in
source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-4.patch: tweak buffer size check in
source3/modules/vfs_fruit.c.
- debian/patches/CVE-2021-44142-5.patch: add basic cmocka tests in
selftest/knownfail.d/samba.unittests.adouble, selftest/tests.py,
source3/lib/test_adouble.c, source3/wscript_build.
- debian/patches/CVE-2021-44142-6.patch: harden parsing code in
source3/modules/vfs_fruit.c.
- CVE-2021-44142
-- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 10:20:03 -0500
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
* d/t/util: fix setting the password of the smb test user
(LP: #1955851)
-- Andreas Hasenack <email address hidden> Thu, 20 Jan 2022 17:06:13 -0300
Available diffs
| Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium * No-change rebuild with Python 3.10 as default version -- Graham Inggs <email address hidden> Sun, 16 Jan 2022 07:01:34 +0000
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.27) bionic-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.04.4) hirsute-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.4) impish-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:23 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:09:36 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.26) bionic-security; urgency=medium
* SECURITY UPDATE: SMB1 client connections can be downgraded to plaintext
authentication
- debian/patches/CVE-2016-2124-*.patch: upstream commits to fix issue.
- CVE-2016-2124
* SECURITY UPDATE: user in AD Domain could become root on domain members
- debian/patches/CVE-2020-25717-*.patch: upstream commits to fix issue.
- debian/patches/bug14901-*.patch: upstream commits to fix regression.
- CVE-2020-25717
* SECURITY UPDATE: insufficient access and conformance checking of data
stored
- debian/patches/CVE-2020-25722-1.patch: restrict the setting of
privileged attributes during LDAP add/modify in
source4/dsdb/samdb/ldb_modules/samldb.c.
- debian/patches/CVE-2020-25722-2.patch: ensure the structural
objectclass cannot be changed in
source4/dsdb/samdb/ldb_modules/objectclass.c.
- CVE-2020-25722
* SECURITY UPDATE: null pointer deref in kerberos server
- debian/patches/CVE-2021-3671.patch: validate sname in TGS-REQ in
source4/heimdal/kdc/krb5tgs.c.
- CVE-2021-3671
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:23:22 -0500
Available diffs
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.24 (in Ubuntu) to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (27.8 KiB)
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 (in ~ubuntu-security/ubuntu/ppa) to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (28.3 KiB)
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.25 to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (4.1 KiB)
samba (2:4.13.14+dfsg-0ubuntu0.21.04.3) hirsute-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:02:59 -0500
samba (2:4.13.14+dfsg-0ubuntu0.21.10.3) impish-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 07:56:37 -0500
samba (2:4.13.14+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY REGRESSION: undesired side effects for the local nt token
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
* SECURITY REGRESSION: backup command raises FileNotFoundError
(LP: #1952187)
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
-- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:03:56 -0500
| Superseded in jammy-proposed |
samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium * No-change rebuild against liburing2 -- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:08:34 +0100
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.2) impish; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 11:17:14 +0100
samba (2:4.13.14+dfsg-0ubuntu0.20.04.2) focal; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:42:02 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.2) hirsute; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:44:50 +0100
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.24) bionic; urgency=medium
* samba.postinst: do not populate sambashare from the Ubuntu admin group
(LP: #1942195)
-- Paride Legovini <email address hidden> Wed, 10 Nov 2021 15:29:48 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.1) hirsute-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: removed libsmbd-conn.so.0, added libdcerpc-pkt-auth.so.0. - debian/libwbclient0.symbols: added new symbol. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
samba (2:4.13.14+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - Removed patches included in new version: + CVE-*.patch + zerologon*.patch + 0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch + build-Remove-tests-for-getdents-and-getdirentries.patch + fix-double-free-with-unresolved-credentia-cache.patch + wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch + wscript-split-function-check-to-one-per-line-and-sor.patch - Add/Refresh patches from Hirsute package: + Rename-mdfind-to-mdsearch.patch + bug_221618_precise-64bit-prototype.patch + fix-nfs-service-name-to-nfs-kernel-server.patch - debian/control: bump libldb-dev Build-Depends to 2.2.3, bump libtalloc to 2.3.1, libtdb to 1.4.3, and libtevent to 0.10.2. - debian/*.install, debian/*.symbols: sync with Hirsute package, added libdcerpc-pkt-auth.so.0. - debian/rules: build with --enable-spotlight, remove --accel-aes as it is no longer used with gnutls. - debian/control: add libicu-dev to Build-Depends. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:33:25 -0400
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved to jammy) |
samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
* d/samba.postinst: do not populate sambashare from the admin group
(Debian packaging cherry-pick. LP: #1942195)
-- Paride Legovini <email address hidden> Wed, 06 Oct 2021 10:31:14 +0200
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.10) focal; urgency=medium
* d/p/fix-double-free-with-unresolved-credentia-cache.patch: Fix
double free with unresolved credential cache. (LP: #1892145)
-- Paride Legovini <email address hidden> Fri, 06 Aug 2021 14:17:29 +0200
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400
Available diffs
samba (2:4.12.5+dfsg-3ubuntu4.4) groovy; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Thu, 27 May 2021 09:22:22 -0300
samba (2:4.11.6+dfsg-0ubuntu1.9) focal; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Mon, 24 May 2021 16:45:27 -0300
samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- d/control: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
* Dropped changes:
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
[Included in 2:4.13.4+dfsg-1]
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
[Included in 2:4.13.4+dfsg-1]
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
[Included in 2:4.13.4+dfsg-1]
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
[Included in 2:4.13.4+dfsg-1]
- SECURITY UPDATE: wrong group entries via negative idmap cache entries
+ debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
+ CVE-2021-20254
[Included in 2:4.13.5+dfsg-2]
-- Athos Ribeiro <email address hidden> Mon, 17 May 2021 11:51:54 -0300
Available diffs
| Superseded in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
| Superseded in hirsute-updates |
| Superseded in hirsute-security |
samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Thu, 29 Apr 2021 06:48:54 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.34) xenial-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:53:58 -0400
samba (2:4.11.6+dfsg-0ubuntu1.8) focal-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:02:48 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.23) bionic-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:52:57 -0400
samba (2:4.12.5+dfsg-3ubuntu4.3) groovy-security; urgency=medium
* SECURITY UPDATE: wrong group entries via negative idmap cache entries
- debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in
source3/passdb/lookup_sid.c.
- CVE-2021-20254
-- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:00:46 -0400
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium
* No change rebuild to pick up liburing, and also
fix d/t/cifs-share-access-uring. (LP: #1914145)
-- Mauricio Faria de Oliveira <email address hidden> Wed, 03 Feb 2021 09:14:25 -0300
Available diffs
samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
* Dropped changes, incorporated by Debian:
- d/t/smbclient-anonymous-share-list: add set -x and set -e
- Factor out common DEP8 test code into d/t/util and change the tests
to source from it:
+ d/t/util: added
+ d/t/cifs-share-access, d/t/smbclient-share-access: source from
util, use random share name and add set -x and set -u
+ d/t/smbclient-authenticated-share-list: source from util and add
set -x and set -u
- Add new DEP8 tests for the uring vfs module:
+ d/t/control: add smbclient-share-access-uring and
cifs-share-access-uring tests
+ d/t/smbclient-share-access-uring: new test
+ d/t/cifs-share-access-uring: new test
- d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
guard uring tests with a kernel version check and skip if it's too old
* Added changes:
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
-- Sergio Durigan Junior <email address hidden> Wed, 13 Jan 2021 15:44:04 -0500
Available diffs
samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #1905048). Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built * d/t/smbclient-anonymous-share-list: add set -x and set -e * Factor out common DEP8 test code into d/t/util and change the tests to source from it: - d/t/util: added - d/t/cifs-share-access, d/t/smbclient-share-access: source from util, use random share name and add set -x and set -u - d/t/smbclient-authenticated-share-list: source from util and add set -x and set -u * d/control: enable the liburing vfs module, except on i386 where liburing is not available * Add new DEP8 tests for the uring vfs module: - d/t/control: add smbclient-share-access-uring and cifs-share-access-uring tests - d/t/smbclient-share-access-uring: new test - d/t/cifs-share-access-uring: new test * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: guard uring tests with a kernel version check and skip if it's too old * Dropped changes: - SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) + debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. [ Incorporated by upstream. ] - SECURITY UPDATE: Missing handle permissions check in ChangeNotify + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. + CVE-2020-14318 - SECURITY UPDATE: Unprivileged user can crash winbind + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. + CVE-2020-14323 - SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. + CVE-2020-14383 [ Incorporated by upstream. ] -- Sergio Durigan Junior <email address hidden> Tue, 24 Nov 2020 22:12:00 -0500
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.32) xenial-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:52:47 -0400
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.21) bionic-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:50:50 -0400
samba (2:4.11.6+dfsg-0ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:48:54 -0400
| Superseded in hirsute-release |
| Superseded in groovy-updates |
| Deleted in hirsute-proposed (Reason: moved to Release) |
| Superseded in groovy-security |
samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium
* SECURITY UPDATE: Missing handle permissions check in ChangeNotify
- debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
get set unless the directory handle is open for SEC_DIR_LIST in
source4/torture/smb2/notify.c, source3/smbd/notify.c.
- CVE-2020-14318
* SECURITY UPDATE: Unprivileged user can crash winbind
- debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
source3/winbindd/winbindd_lookupsids.c,
source4/torture/winbind/struct_based.c.
- CVE-2020-14323
* SECURITY UPDATE: DNS server crash via invalid records
- debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
with NULL and do not crash when additional data not found in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
- CVE-2020-14383
-- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:53:44 -0400
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Mon, 28 Sep 2020 09:46:49 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.31) xenial-security; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Thu, 24 Sep 2020 19:25:08 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.20) bionic-security; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 13:04:45 -0400
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 12:33:05 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.30) xenial-security; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography
- debian/patches/CVE-2020-1472-1.patch: switch "client schannel"
default to "yes" instead of "auto".
- debian/patches/CVE-2020-1472-2.patch: switch "server schannel"
default to "yes" instead of "auto".
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 09:11:44 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.19) bionic-security; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography
- debian/patches/CVE-2020-1472-1.patch: switch "client schannel"
default to "yes" instead of "auto".
- debian/patches/CVE-2020-1472-2.patch: switch "server schannel"
default to "yes" instead of "auto".
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 09:08:55 -0400
Available diffs
samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium
* d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
guard uring tests with a kernel version check and skip if it's too old
-- Andreas Hasenack <email address hidden> Tue, 11 Aug 2020 11:00:35 -0300
Available diffs
samba (2:3.6.25-0ubuntu0.12.04.21) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
- debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
packet in libcli/nbt/nbtsocket.c.
- CVE-2020-14303
-- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Aug 2020 10:58:41 -0300
samba (2:4.11.6+dfsg-0ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
- debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
packet in libcli/nbt/nbtsocket.c.
- CVE-2020-14303
-- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:31:00 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.18) bionic-security; urgency=medium
* SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
- debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
packet in libcli/nbt/nbtsocket.c.
- CVE-2020-14303
-- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:39:22 -0400
samba (2:4.3.11+dfsg-0ubuntu0.16.04.29) xenial-security; urgency=medium
* SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
- debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
packet in libcli/nbt/nbtsocket.c.
- CVE-2020-14303
-- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:39:56 -0400
| Superseded in groovy-proposed |
samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium
* d/t/smbclient-anonymous-share-list: add set -x and set -e
* Factor out common DEP8 test code into d/t/util and change the tests
to source from it:
- d/t/util: added
- d/t/cifs-share-access, d/t/smbclient-share-access: source from
util, use random share name and add set -x and set -u
- d/t/smbclient-authenticated-share-list: source from util and add
set -x and set -u
* d/control: enable the liburing vfs module, except on i386 where
liburing is not available
* Add new DEP8 tests for the uring vfs module:
- d/t/control: add smbclient-share-access-uring and
cifs-share-access-uring tests
- d/t/smbclient-share-access-uring: new test
- d/t/cifs-share-access-uring: new test
-- Andreas Hasenack <email address hidden> Tue, 04 Aug 2020 17:20:30 -0300
Available diffs
samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
* Dropped:
- d/gbp.conf, d/watch, d/README.source: update for 4.12
[In 2:4.12.3+dfsg-1]
- d/control: bump build-depends:
+ ldb: 2.1.2
+ tevent: 0.10.2
+ tdb: 1.4.3
+ talloc: 2.3.1
[In 2:4.12.3+dfsg-1]
- d/smbclient.install: add new binary mdfind and its manpage
[In 2:4.12.3+dfsg-1]
- d/samba-dev.install, d/samba-libs.install: new lib
libdcerpc-server-core
[In 2:4.12.3+dfsg-1]
- d/samba-libs.install: new library libtalloc-report-printf
[In 2:4.12.3+dfsg-1]
- d/libwbclient0.install: remove libaesni, no longer built when
gnutls provides AES CMAC
[In 2:4.12.3+dfsg-1]
- d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
[In 2:4.12.3+dfsg-1]
- d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
[Dropped in 2:4.12.3+dfsg-1]
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.28) xenial-security; urgency=medium
* SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10745
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 09:04:51 -0400
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.17) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba
AD DC LDAP Server with ASQ, VLV and paged_results
- debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10730
* SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10745
* SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV
- debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10760
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:58:37 -0400
samba (2:4.11.6+dfsg-0ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba
AD DC LDAP Server with ASQ, VLV and paged_results
- debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10730
* SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10745
* SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV
- debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10760
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:34:26 -0400
Available diffs
samba (2:4.10.7+dfsg-0ubuntu2.6) eoan-security; urgency=medium
* SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba
AD DC LDAP Server with ASQ, VLV and paged_results
- debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10730
* SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10745
* SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV
- debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to
fix the issue.
- CVE-2020-10760
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:41:43 -0400
Available diffs
samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium
* New upstream version: 4.12.2
* d/gbp.conf, d/watch, d/README.source: update for 4.12
* d/control: bump build-depends:
- ldb: 2.1.2
- tevent: 0.10.2
- tdb: 1.4.3
- talloc: 2.3.1
* d/smbclient.install: add new binary mdfind and its manpage
* d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core
* d/samba-libs.install: new library libtalloc-report-printf
* d/libwbclient0.install: remove libaesni, no longer built when
gnutls provides AES CMAC
* d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
* d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
* Dropped (applied upstream):
- d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
- d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
- d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
- d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch
-- Andreas Hasenack <email address hidden> Tue, 12 May 2020 10:42:17 -0300
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.2) focal; urgency=medium * Fix "Shared files are shown as folders" (LP: #1872476) - d/p/0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch: Don't obtain stat(2) information if dealing with older protocols on UNIX-like systems. -- Sergio Durigan Junior <email address hidden> Thu, 30 Apr 2020 15:17:24 -0400
samba (2:4.3.11+dfsg-0ubuntu0.16.04.27) xenial-security; urgency=medium * SECURITY REGRESSION: new LDAP options not recognized (LP: #1875798) - debian/patches/CVE-2020-10704-3.patch: move options to appropriate location in lib/param/loadparm.c. - debian/patches/CVE-2020-10704-5.patch: move option to appropriate location in lib/param/loadparm.c. - debian/patches/CVE-2020-10704-7.patch: add new options to param_table in lib/param/param_table.c. -- Marc Deslauriers <email address hidden> Wed, 29 Apr 2020 07:50:47 -0400
samba (2:4.10.7+dfsg-0ubuntu2.5) eoan-security; urgency=medium
* SECURITY UPDATE: Use-after-free in AD DC LDAP server
- debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
combination with paged_results in selftest/knownfail.d/asq,
source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
- debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
for the GUID search in paged_results in selftest/knownfail.d/asq,
source4/dsdb/samdb/ldb_modules/paged_results.c.
- debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
Build-Depends to 1.5.7.
- CVE-2020-10700
* SECURITY UPDATE: Stack overflow in AD DC LDAP server
- debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
source3/lib/tldap.c, source3/lib/tldap_util.c,
source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c,
source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c,
source4/libcli/ldap/ldap_controls.c.
- debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
lib/util/asn1.c.
- debian/patches/CVE-2020-10704-6.patch: add max ldap request sizes in
docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
lib/param/loadparm.c, source3/param/loadparm.c.
- debian/patches/CVE-2020-10704-7.patch: limit request sizes in
source4/ldap_server/ldap_server.c.
- debian/patches/CVE-2020-10704-8.patch: add search size limits to
ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
lib/param/loadparm.c, libcli/cldap/cldap.c,
libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
source4/libcli/ldap/ldap_client.c.
- debian/patches/CVE-2020-10704-9.patch: check search request lengths
in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
- CVE-2020-10704
-- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 09:56:07 -0400
Available diffs
| Superseded in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
| Superseded in focal-updates |
| Superseded in focal-security |
samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: Use-after-free in AD DC LDAP server
- debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in
combination with paged_results in selftest/knownfail.d/asq,
source4/dsdb/tests/python/asq.py, source4/selftest/tests.py.
- debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control
for the GUID search in paged_results in selftest/knownfail.d/asq,
source4/dsdb/samdb/ldb_modules/paged_results.c.
- debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev
Build-Depends to 2.0.10.
- CVE-2020-10700
* SECURITY UPDATE: Stack overflow in AD DC LDAP server
- debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
source3/lib/tldap.c, source3/lib/tldap_util.c,
source3/libsmb/clispnego.c, source3/torture/torture.c,
source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c,
source4/libcli/ldap/ldap_client.c,
source4/libcli/ldap/ldap_controls.c.
- debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
lib/util/asn1.c.
- debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in
docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
lib/param/loadparm.c, source3/param/loadparm.c.
- debian/patches/CVE-2020-10704-6.patch: limit request sizes in
source4/ldap_server/ldap_server.c.
- debian/patches/CVE-2020-10704-7.patch: add search size limits to
ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
lib/param/loadparm.c, libcli/cldap/cldap.c,
libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
source4/libcli/ldap/ldap_client.c.
- debian/patches/CVE-2020-10704-8.patch: check search request lengths
in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
- CVE-2020-10704
-- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 08:08:38 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.16) bionic-security; urgency=medium
* SECURITY UPDATE: Stack overflow in AD DC LDAP server
- debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
source3/lib/tldap.c, source3/lib/tldap_util.c,
source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c,
source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c,
source4/libcli/ldap/ldap_controls.c.
- debian/patches/CVE-2020-10704-3.patch: check parse tree depth in
lib/util/asn1.c.
- debian/patches/CVE-2020-10704-6.patch: add max ldap request sizes in
docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
lib/param/loadparm.c, source3/param/loadparm.c.
- debian/patches/CVE-2020-10704-7.patch: limit request sizes in
source4/ldap_server/ldap_server.c.
- debian/patches/CVE-2020-10704-8.patch: add search size limits to
ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
lib/param/loadparm.c, libcli/cldap/cldap.c,
libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
source4/libcli/ldap/ldap_client.c.
- debian/patches/CVE-2020-10704-9.patch: check search request lengths
in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
- CVE-2020-10704
-- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 11:48:03 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.26) xenial-security; urgency=medium
* SECURITY UPDATE: Stack overflow in AD DC LDAP server
- debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in
auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h,
lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c,
libcli/cldap/cldap.c, libcli/ldap/ldap_message.c,
source3/lib/tldap.c, source3/lib/tldap_util.c,
source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c,
source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c,
source4/libcli/ldap/ldap_controls.c.
- debian/patches/CVE-2020-10704-2.patch: check parse tree depth in
lib/util/asn1.c.
- debian/patches/CVE-2020-10704-3.patch: add max ldap request sizes in
docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml,
docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml,
lib/param/loadparm.c, source3/param/loadparm.c.
- debian/patches/CVE-2020-10704-4.patch: limit request sizes in
source4/ldap_server/ldap_server.c.
- debian/patches/CVE-2020-10704-5.patch: add search size limits to
ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml,
lib/param/loadparm.c, libcli/cldap/cldap.c,
libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h,
source3/param/loadparm.c, source4/ldap_server/ldap_server.c,
source4/libcli/ldap/ldap_client.c.
- debian/patches/CVE-2020-10704-6.patch: check search request lengths
in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c.
- CVE-2020-10704
-- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 11:52:53 -0400
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium * New upstream release: 4.11.6 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream -- Andreas Hasenack <email address hidden> Wed, 26 Feb 2020 11:55:16 -0300
Available diffs
samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324) -- Andreas Hasenack <email address hidden> Sat, 22 Feb 2020 17:22:21 -0300
Available diffs
samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
* Dropped:
- d/control: drop python3-matplotlib. It's only used in
script/attr_count_read which is not installed with the
samba packages.
[In 2:4.11.3+dfsg-1]
Available diffs
samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium * Ubuntu i386 binary compatibility effort: (LP: #1861316) - debian/rules: + re-enable the following binary packages generation: - libnss-winbind - samba-common-bin - python3-samba - winbind -- Rafael David Tinoco <email address hidden> Thu, 06 Feb 2020 14:42:38 +0000
Available diffs
| Superseded in focal-proposed |
samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <email address hidden> Sat, 25 Jan 2020 06:06:11 +0000
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.25) xenial-security; urgency=medium
* SECURITY UPDATE: Crash after failed character conversion at log level 3
or above
- debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
is never read warning.
- debian/patches/CVE-2019-14907-2.patch: do not print the failed to
convert string into the logs.
- CVE-2019-14907
-- Marc Deslauriers <email address hidden> Fri, 17 Jan 2020 08:16:49 -0500
Available diffs
samba (2:4.10.7+dfsg-0ubuntu2.4) eoan-security; urgency=medium
* SECURITY UPDATE: replication of ACLs set to inherit down a subtree on
AD Directory not automatic
- debian/patches/CVE-2019-14902-1.patch: add test for replication of
inherited security descriptors.
- debian/patches/CVE-2019-14902-2.patch: add test for a special case
around replicated renames.
- debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL
inheritance really happens
- debian/patches/CVE-2019-14902-4.patch: explain that
descriptor_sd_propagation_recursive() is protected by a transaction.
- debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD
propagation needs to be done here.
- debian/patches/CVE-2019-14902-6.patch: ensure we honour both
change->force_self and change->force_children.
- debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a
renamed DN.
- debian/patches/CVE-2019-14902-8.patch: fix issue where inherited
Security Descriptors were not replicated.
- debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do
SD inheritance) after any rename.
- debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module
deferred processing to be GUIDs.
- CVE-2019-14902
* SECURITY UPDATE: Crash after failed character conversion at log level 3
or above
- debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason'
is never read warning.
- debian/patches/CVE-2019-14907-2.patch: do not print the failed to
convert string into the logs.
- CVE-2019-14907
* SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC
- debian/patches/CVE-2019-19344.patch: fix use after free in
dns_tombstone_records_zone.
- CVE-2019-19344
-- Marc Deslauriers <email address hidden> Tue, 14 Jan 2020 10:56:41 -0500
Available diffs
| 76 → 150 of 640 results | First • Previous • Next • Last |
