Change log for samba package in Ubuntu
76 → 150 of 640 results | First • Previous • Next • Last |
Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:31:06 +0000
Available diffs
Superseded in jammy-proposed |
samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium * Update to 4.13.17 as a security update - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 * Removed patches included in new version: - debian/patches/trusted_domain_regression_fix.patch - debian/patches/bug14901-*.patch - debian/patches/bug14922.patch -- Marc Deslauriers <email address hidden> Mon, 14 Feb 2022 10:19:08 -0500
Available diffs
Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium * No-change rebuild for icu soname change -- William 'jawn-smith' Wilson <email address hidden> Fri, 11 Feb 2022 11:36:14 -0600
Available diffs
samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium * Update to 4.13.17 as a security update - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 * Removed patches included in new version: - debian/patches/trusted_domain_regression_fix.patch - debian/patches/bug14901-*.patch - debian/patches/bug14922.patch -- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.13.17~dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium * Update to 4.13.17 as a security update - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336 * Removed patches included in new version: - debian/patches/trusted_domain_regression_fix.patch - debian/patches/bug14901-*.patch - debian/patches/bug14922.patch -- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.28) bionic-security; urgency=medium * SECURITY UPDATE: code exec via out-of-bounds read/write in vfs_fruit - debian/patches/CVE-2021-44142-1.patch: add defines for icon lengths in source3/modules/vfs_fruit.c. - debian/patches/CVE-2021-44142-2.patch: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs in source3/smbd/trans2.c. - debian/patches/CVE-2021-44142-3.patch: harden ad_unpack_xattrs() in source3/modules/vfs_fruit.c. - debian/patches/CVE-2021-44142-4.patch: tweak buffer size check in source3/modules/vfs_fruit.c. - debian/patches/CVE-2021-44142-5.patch: add basic cmocka tests in selftest/knownfail.d/samba.unittests.adouble, selftest/tests.py, source3/lib/test_adouble.c, source3/wscript_build. - debian/patches/CVE-2021-44142-6.patch: harden parsing code in source3/modules/vfs_fruit.c. - CVE-2021-44142 -- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 10:20:03 -0500
Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium * d/t/util: fix setting the password of the smb test user (LP: #1955851) -- Andreas Hasenack <email address hidden> Thu, 20 Jan 2022 17:06:13 -0300
Available diffs
Superseded in jammy-proposed |
samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium * No-change rebuild with Python 3.10 as default version -- Graham Inggs <email address hidden> Sun, 16 Jan 2022 07:01:34 +0000
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.27) bionic-security; urgency=medium * SECURITY REGRESSION: Kerberos authentication on standalone server in MIT realm broken - debian/patches/bug14922.patch: fix MIT Realm regression in source3/auth/user_krb5.c. -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium * SECURITY REGRESSION: Kerberos authentication on standalone server in MIT realm broken - debian/patches/bug14922.patch: fix MIT Realm regression in source3/auth/user_krb5.c. -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.04.4) hirsute-security; urgency=medium * SECURITY REGRESSION: Kerberos authentication on standalone server in MIT realm broken - debian/patches/bug14922.patch: fix MIT Realm regression in source3/auth/user_krb5.c. -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:56 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.4) impish-security; urgency=medium * SECURITY REGRESSION: Kerberos authentication on standalone server in MIT realm broken - debian/patches/bug14922.patch: fix MIT Realm regression in source3/auth/user_krb5.c. -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:11:23 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium * SECURITY REGRESSION: Kerberos authentication on standalone server in MIT realm broken - debian/patches/bug14922.patch: fix MIT Realm regression in source3/auth/user_krb5.c. -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:09:36 -0500
Available diffs
samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.26) bionic-security; urgency=medium * SECURITY UPDATE: SMB1 client connections can be downgraded to plaintext authentication - debian/patches/CVE-2016-2124-*.patch: upstream commits to fix issue. - CVE-2016-2124 * SECURITY UPDATE: user in AD Domain could become root on domain members - debian/patches/CVE-2020-25717-*.patch: upstream commits to fix issue. - debian/patches/bug14901-*.patch: upstream commits to fix regression. - CVE-2020-25717 * SECURITY UPDATE: insufficient access and conformance checking of data stored - debian/patches/CVE-2020-25722-1.patch: restrict the setting of privileged attributes during LDAP add/modify in source4/dsdb/samdb/ldb_modules/samldb.c. - debian/patches/CVE-2020-25722-2.patch: ensure the structural objectclass cannot be changed in source4/dsdb/samdb/ldb_modules/objectclass.c. - CVE-2020-25722 * SECURITY UPDATE: null pointer deref in kerberos server - debian/patches/CVE-2021-3671.patch: validate sname in TGS-REQ in source4/heimdal/kdc/krb5tgs.c. - CVE-2021-3671 -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:23:22 -0500
Available diffs
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.24 (in Ubuntu) to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (27.8 KiB)
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.23 (in ~ubuntu-security/ubuntu/ppa) to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (28.3 KiB)
- diff from 2:4.7.6+dfsg~ubuntu-0ubuntu2.25 to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 (4.1 KiB)
samba (2:4.13.14+dfsg-0ubuntu0.21.04.3) hirsute-security; urgency=medium * SECURITY REGRESSION: undesired side effects for the local nt token - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. * SECURITY REGRESSION: backup command raises FileNotFoundError (LP: #1952187) - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:02:59 -0500
samba (2:4.13.14+dfsg-0ubuntu0.21.10.3) impish-security; urgency=medium * SECURITY REGRESSION: undesired side effects for the local nt token - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. * SECURITY REGRESSION: backup command raises FileNotFoundError (LP: #1952187) - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 07:56:37 -0500
samba (2:4.13.14+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY REGRESSION: undesired side effects for the local nt token - debian/patches/bug14901-*.patch: upstream patches to fix some mapping issues. * SECURITY REGRESSION: backup command raises FileNotFoundError (LP: #1952187) - debian/patches/bug14918-*.patch: upstream patches to properly handle dangling symlinks. -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:03:56 -0500
Superseded in jammy-proposed |
samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium * No-change rebuild against liburing2 -- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:08:34 +0100
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.2) impish; urgency=medium * samba.postinst: do not populate sambashare from the Ubuntu admin group (LP: #1942195) -- Paride Legovini <email address hidden> Fri, 12 Nov 2021 11:17:14 +0100
samba (2:4.13.14+dfsg-0ubuntu0.20.04.2) focal; urgency=medium * samba.postinst: do not populate sambashare from the Ubuntu admin group (LP: #1942195) -- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:42:02 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.2) hirsute; urgency=medium * samba.postinst: do not populate sambashare from the Ubuntu admin group (LP: #1942195) -- Paride Legovini <email address hidden> Fri, 12 Nov 2021 14:44:50 +0100
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.24) bionic; urgency=medium * samba.postinst: do not populate sambashare from the Ubuntu admin group (LP: #1942195) -- Paride Legovini <email address hidden> Wed, 10 Nov 2021 15:29:48 +0100
samba (2:4.13.14+dfsg-0ubuntu0.21.04.1) hirsute-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: removed libsmbd-conn.so.0, added libdcerpc-pkt-auth.so.0. - debian/libwbclient0.symbols: added new symbol. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
samba (2:4.13.14+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - Removed patches included in new version: + CVE-*.patch + zerologon*.patch + 0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch + build-Remove-tests-for-getdents-and-getdirentries.patch + fix-double-free-with-unresolved-credentia-cache.patch + wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch + wscript-split-function-check-to-one-per-line-and-sor.patch - Add/Refresh patches from Hirsute package: + Rename-mdfind-to-mdsearch.patch + bug_221618_precise-64bit-prototype.patch + fix-nfs-service-name-to-nfs-kernel-server.patch - debian/control: bump libldb-dev Build-Depends to 2.2.3, bump libtalloc to 2.3.1, libtdb to 1.4.3, and libtevent to 0.10.2. - debian/*.install, debian/*.symbols: sync with Hirsute package, added libdcerpc-pkt-auth.so.0. - debian/rules: build with --enable-spotlight, remove --accel-aes as it is no longer used with gnutls. - debian/control: add libicu-dev to Build-Depends. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:33:25 -0400
Available diffs
samba (2:4.13.14+dfsg-0ubuntu0.21.10.1) impish-security; urgency=medium * Update to 4.13.14 as a security update (LP: #1950363) - debian/patches/CVE-2021-20254.patch: removed, included in new version. - debian/control: bump ldb Build-Depends to 2.2.3. - debian/samba-libs.install: added libdcerpc-pkt-auth.so.0. - debian/patches/trusted_domain_regression_fix.patch: fix regression introduced in 4.13.14. - CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192 -- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
Available diffs
Superseded in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
Deleted in impish-proposed (Reason: Moved to jammy) |
samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium * d/samba.postinst: do not populate sambashare from the admin group (Debian packaging cherry-pick. LP: #1942195) -- Paride Legovini <email address hidden> Wed, 06 Oct 2021 10:31:14 +0200
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.10) focal; urgency=medium * d/p/fix-double-free-with-unresolved-credentia-cache.patch: Fix double free with unresolved credential cache. (LP: #1892145) -- Paride Legovini <email address hidden> Fri, 06 Aug 2021 14:17:29 +0200
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400
Available diffs
samba (2:4.12.5+dfsg-3ubuntu4.4) groovy; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Thu, 27 May 2021 09:22:22 -0300
samba (2:4.11.6+dfsg-0ubuntu1.9) focal; urgency=medium * Fix samba-common-bin postinst errors (LP: #1905387) - d/rules: ensure systemd-tmpfiles runs for samba-common-bin postinst through dh_installsystemd - d/samba-common-bin.postinst: ensure systemd-tmpfiles is called before testparm - d/t/reinstall-samba-common-bin: make sure /run/samba is created by the samba-common-bin installation process (postinst script) - d/t/control: run new reinstall-samba-common-bin test case -- Athos Ribeiro <email address hidden> Mon, 24 May 2021 16:45:27 -0300
samba (2:4.13.5+dfsg-2ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - d/control: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built - d/control: enable the liburing vfs module, except on i386 where liburing is not available - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: Skip running the tests if on i386 platform, because the uring package is not available there. * Dropped changes: - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. [Included in 2:4.13.4+dfsg-1] - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) [Included in 2:4.13.4+dfsg-1] - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default [Included in 2:4.13.4+dfsg-1] - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind [Included in 2:4.13.4+dfsg-1] - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind [Included in 2:4.13.4+dfsg-1] - SECURITY UPDATE: wrong group entries via negative idmap cache entries + debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. + CVE-2021-20254 [Included in 2:4.13.5+dfsg-2] -- Athos Ribeiro <email address hidden> Mon, 17 May 2021 11:51:54 -0300
Available diffs
Superseded in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
Superseded in hirsute-updates |
Superseded in hirsute-security |
samba (2:4.13.3+dfsg-1ubuntu2.1) hirsute-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 -- Marc Deslauriers <email address hidden> Thu, 29 Apr 2021 06:48:54 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.34) xenial-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 -- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:53:58 -0400
samba (2:4.11.6+dfsg-0ubuntu1.8) focal-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 -- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:02:48 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.23) bionic-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 -- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 08:52:57 -0400
samba (2:4.12.5+dfsg-3ubuntu4.3) groovy-security; urgency=medium * SECURITY UPDATE: wrong group entries via negative idmap cache entries - debian/patches/CVE-2021-20254.patch: Simplify sids_to_unixids() in source3/passdb/lookup_sid.c. - CVE-2021-20254 -- Marc Deslauriers <email address hidden> Wed, 14 Apr 2021 07:00:46 -0400
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
samba (2:4.13.3+dfsg-1ubuntu2) hirsute; urgency=medium * No change rebuild to pick up liburing, and also fix d/t/cifs-share-access-uring. (LP: #1914145) -- Mauricio Faria de Oliveira <email address hidden> Wed, 03 Feb 2021 09:14:25 -0300
Available diffs
samba (2:4.13.3+dfsg-1ubuntu1) hirsute; urgency=medium * Merge with Debian unstable. Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built - d/control: enable the liburing vfs module, except on i386 where liburing is not available * Dropped changes, incorporated by Debian: - d/t/smbclient-anonymous-share-list: add set -x and set -e - Factor out common DEP8 test code into d/t/util and change the tests to source from it: + d/t/util: added + d/t/cifs-share-access, d/t/smbclient-share-access: source from util, use random share name and add set -x and set -u + d/t/smbclient-authenticated-share-list: source from util and add set -x and set -u - Add new DEP8 tests for the uring vfs module: + d/t/control: add smbclient-share-access-uring and cifs-share-access-uring tests + d/t/smbclient-share-access-uring: new test + d/t/cifs-share-access-uring: new test - d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: guard uring tests with a kernel version check and skip if it's too old * Added changes: - d/t/{cifs-share-access-uring,smbclient-share-access-uring}: Skip running the tests if on i386 platform, because the uring package is not available there. -- Sergio Durigan Junior <email address hidden> Wed, 13 Jan 2021 15:44:04 -0500
Available diffs
samba (2:4.13.2+dfsg-3ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #1905048). Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built * d/t/smbclient-anonymous-share-list: add set -x and set -e * Factor out common DEP8 test code into d/t/util and change the tests to source from it: - d/t/util: added - d/t/cifs-share-access, d/t/smbclient-share-access: source from util, use random share name and add set -x and set -u - d/t/smbclient-authenticated-share-list: source from util and add set -x and set -u * d/control: enable the liburing vfs module, except on i386 where liburing is not available * Add new DEP8 tests for the uring vfs module: - d/t/control: add smbclient-share-access-uring and cifs-share-access-uring tests - d/t/smbclient-share-access-uring: new test - d/t/cifs-share-access-uring: new test * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: guard uring tests with a kernel version check and skip if it's too old * Dropped changes: - SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) + debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. [ Incorporated by upstream. ] - SECURITY UPDATE: Missing handle permissions check in ChangeNotify + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. + CVE-2020-14318 - SECURITY UPDATE: Unprivileged user can crash winbind + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. + CVE-2020-14323 - SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. + CVE-2020-14383 [ Incorporated by upstream. ] -- Sergio Durigan Junior <email address hidden> Tue, 24 Nov 2020 22:12:00 -0500
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.32) xenial-security; urgency=medium * SECURITY UPDATE: Missing handle permissions check in ChangeNotify - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. - CVE-2020-14318 * SECURITY UPDATE: Unprivileged user can crash winbind - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. - CVE-2020-14323 * SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. - CVE-2020-14383 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:52:47 -0400
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.21) bionic-security; urgency=medium * SECURITY UPDATE: Missing handle permissions check in ChangeNotify - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. - CVE-2020-14318 * SECURITY UPDATE: Unprivileged user can crash winbind - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. - CVE-2020-14323 * SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. - CVE-2020-14383 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:50:50 -0400
samba (2:4.11.6+dfsg-0ubuntu1.6) focal-security; urgency=medium * SECURITY UPDATE: Missing handle permissions check in ChangeNotify - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. - CVE-2020-14318 * SECURITY UPDATE: Unprivileged user can crash winbind - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. - CVE-2020-14323 * SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. - CVE-2020-14383 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:48:54 -0400
Superseded in hirsute-release |
Superseded in groovy-updates |
Deleted in hirsute-proposed (Reason: moved to Release) |
Superseded in groovy-security |
samba (2:4.12.5+dfsg-3ubuntu4.1) groovy-security; urgency=medium * SECURITY UPDATE: Missing handle permissions check in ChangeNotify - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST in source4/torture/smb2/notify.c, source3/smbd/notify.c. - CVE-2020-14318 * SECURITY UPDATE: Unprivileged user can crash winbind - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in source3/winbindd/winbindd_lookupsids.c, source4/torture/winbind/struct_based.c. - CVE-2020-14323 * SECURITY UPDATE: DNS server crash via invalid records - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization with NULL and do not crash when additional data not found in source4/rpc_server/dnsserver/dcerpc_dnsserver.c. - CVE-2020-14383 -- Marc Deslauriers <email address hidden> Fri, 16 Oct 2020 06:53:44 -0400
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) - debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Mon, 28 Sep 2020 09:46:49 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.31) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) - debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Thu, 24 Sep 2020 19:25:08 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.20) bionic-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) - debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 13:04:45 -0400
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.5) focal-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography (ZeroLogon) - debian/patches/zerologon-*.patch: backport upstream patches: + For compatibility reasons, allow specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html + Add additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 12:33:05 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.30) xenial-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography - debian/patches/CVE-2020-1472-1.patch: switch "client schannel" default to "yes" instead of "auto". - debian/patches/CVE-2020-1472-2.patch: switch "server schannel" default to "yes" instead of "auto". - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 09:11:44 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.19) bionic-security; urgency=medium * SECURITY UPDATE: Unauthenticated domain controller compromise by subverting Netlogon cryptography - debian/patches/CVE-2020-1472-1.patch: switch "client schannel" default to "yes" instead of "auto". - debian/patches/CVE-2020-1472-2.patch: switch "server schannel" default to "yes" instead of "auto". - CVE-2020-1472 -- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 09:08:55 -0400
Available diffs
samba (2:4.12.5+dfsg-3ubuntu3) groovy; urgency=medium * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}: guard uring tests with a kernel version check and skip if it's too old -- Andreas Hasenack <email address hidden> Tue, 11 Aug 2020 11:00:35 -0300
Available diffs
samba (2:3.6.25-0ubuntu0.12.04.21) precise-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP packet in libcli/nbt/nbtsocket.c. - CVE-2020-14303 -- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Aug 2020 10:58:41 -0300
samba (2:4.11.6+dfsg-0ubuntu1.4) focal-security; urgency=medium * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP packet in libcli/nbt/nbtsocket.c. - CVE-2020-14303 -- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:31:00 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.18) bionic-security; urgency=medium * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP packet in libcli/nbt/nbtsocket.c. - CVE-2020-14303 -- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:39:22 -0400
samba (2:4.3.11+dfsg-0ubuntu0.16.04.29) xenial-security; urgency=medium * SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd - debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP packet in libcli/nbt/nbtsocket.c. - CVE-2020-14303 -- Marc Deslauriers <email address hidden> Fri, 07 Aug 2020 13:39:56 -0400
Superseded in groovy-proposed |
samba (2:4.12.5+dfsg-3ubuntu2) groovy; urgency=medium * d/t/smbclient-anonymous-share-list: add set -x and set -e * Factor out common DEP8 test code into d/t/util and change the tests to source from it: - d/t/util: added - d/t/cifs-share-access, d/t/smbclient-share-access: source from util, use random share name and add set -x and set -u - d/t/smbclient-authenticated-share-list: source from util and add set -x and set -u * d/control: enable the liburing vfs module, except on i386 where liburing is not available * Add new DEP8 tests for the uring vfs module: - d/t/control: add smbclient-share-access-uring and cifs-share-access-uring tests - d/t/smbclient-share-access-uring: new test - d/t/cifs-share-access-uring: new test -- Andreas Hasenack <email address hidden> Tue, 04 Aug 2020 17:20:30 -0300
Available diffs
samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium * Merge with Debian unstable. Remaining changes: - d/p/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind - d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built * Dropped: - d/gbp.conf, d/watch, d/README.source: update for 4.12 [In 2:4.12.3+dfsg-1] - d/control: bump build-depends: + ldb: 2.1.2 + tevent: 0.10.2 + tdb: 1.4.3 + talloc: 2.3.1 [In 2:4.12.3+dfsg-1] - d/smbclient.install: add new binary mdfind and its manpage [In 2:4.12.3+dfsg-1] - d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core [In 2:4.12.3+dfsg-1] - d/samba-libs.install: new library libtalloc-report-printf [In 2:4.12.3+dfsg-1] - d/libwbclient0.install: remove libaesni, no longer built when gnutls provides AES CMAC [In 2:4.12.3+dfsg-1] - d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols [In 2:4.12.3+dfsg-1] - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch [Dropped in 2:4.12.3+dfsg-1] - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch [Dropped in 2:4.12.3+dfsg-1] - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch [Dropped in 2:4.12.3+dfsg-1]
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.28) xenial-security; urgency=medium * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume excessive CPU - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10745 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 09:04:51 -0400
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.17) bionic-security; urgency=medium * SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results - debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10730 * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume excessive CPU - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10745 * SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV - debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10760 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:58:37 -0400
samba (2:4.11.6+dfsg-0ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results - debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10730 * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume excessive CPU - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10745 * SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV - debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10760 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:34:26 -0400
Available diffs
samba (2:4.10.7+dfsg-0ubuntu2.6) eoan-security; urgency=medium * SECURITY UPDATE: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results - debian/patches/CVE-2020-10730-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10730 * SECURITY UPDATE: Parsing and packing of NBT and DNS packets can consume excessive CPU - debian/patches/CVE-2020-10745-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10745 * SECURITY UPDATE: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV - debian/patches/CVE-2020-10760-*.patch: multiple upstream patches to fix the issue. - CVE-2020-10760 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2020 08:41:43 -0400
Available diffs
samba (2:4.12.2+dfsg-0ubuntu1) groovy; urgency=medium * New upstream version: 4.12.2 * d/gbp.conf, d/watch, d/README.source: update for 4.12 * d/control: bump build-depends: - ldb: 2.1.2 - tevent: 0.10.2 - tdb: 1.4.3 - talloc: 2.3.1 * d/smbclient.install: add new binary mdfind and its manpage * d/samba-dev.install, d/samba-libs.install: new lib libdcerpc-server-core * d/samba-libs.install: new library libtalloc-report-printf * d/libwbclient0.install: remove libaesni, no longer built when gnutls provides AES CMAC * d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols * d/control: add a versioned libgnutls28-dev build-depends to reduce the amount of in-tree crypto code that is built * Dropped (applied upstream): - d/p/build-Remove-tests-for-getdents-and-getdirentries.patch - d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch - d/p/wscript-split-function-check-to-one-per-line-and-sor.patch - d/p/CVE-2020-10700*.patch, d/p/CVE-2020-10704*.patch -- Andreas Hasenack <email address hidden> Tue, 12 May 2020 10:42:17 -0300
Available diffs
samba (2:4.11.6+dfsg-0ubuntu1.2) focal; urgency=medium * Fix "Shared files are shown as folders" (LP: #1872476) - d/p/0023-libsmb-Don-t-try-to-find-posix-stat-info-in-SMBC_get.patch: Don't obtain stat(2) information if dealing with older protocols on UNIX-like systems. -- Sergio Durigan Junior <email address hidden> Thu, 30 Apr 2020 15:17:24 -0400
samba (2:4.3.11+dfsg-0ubuntu0.16.04.27) xenial-security; urgency=medium * SECURITY REGRESSION: new LDAP options not recognized (LP: #1875798) - debian/patches/CVE-2020-10704-3.patch: move options to appropriate location in lib/param/loadparm.c. - debian/patches/CVE-2020-10704-5.patch: move option to appropriate location in lib/param/loadparm.c. - debian/patches/CVE-2020-10704-7.patch: add new options to param_table in lib/param/param_table.c. -- Marc Deslauriers <email address hidden> Wed, 29 Apr 2020 07:50:47 -0400
samba (2:4.10.7+dfsg-0ubuntu2.5) eoan-security; urgency=medium * SECURITY UPDATE: Use-after-free in AD DC LDAP server - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in combination with paged_results in selftest/knownfail.d/asq, source4/dsdb/tests/python/asq.py, source4/selftest/tests.py. - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control for the GUID search in paged_results in selftest/knownfail.d/asq, source4/dsdb/samdb/ldb_modules/paged_results.c. - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev Build-Depends to 1.5.7. - CVE-2020-10700 * SECURITY UPDATE: Stack overflow in AD DC LDAP server - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, source3/lib/tldap.c, source3/lib/tldap_util.c, source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c, source4/libcli/ldap/ldap_controls.c. - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in lib/util/asn1.c. - debian/patches/CVE-2020-10704-6.patch: add max ldap request sizes in docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, lib/param/loadparm.c, source3/param/loadparm.c. - debian/patches/CVE-2020-10704-7.patch: limit request sizes in source4/ldap_server/ldap_server.c. - debian/patches/CVE-2020-10704-8.patch: add search size limits to ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, lib/param/loadparm.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, source3/param/loadparm.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c. - debian/patches/CVE-2020-10704-9.patch: check search request lengths in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. - CVE-2020-10704 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 09:56:07 -0400
Available diffs
Superseded in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
Superseded in focal-updates |
Superseded in focal-security |
samba (2:4.11.6+dfsg-0ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: Use-after-free in AD DC LDAP server - debian/patches/CVE-2020-10700-1.patch: add test for ASQ and ASQ in combination with paged_results in selftest/knownfail.d/asq, source4/dsdb/tests/python/asq.py, source4/selftest/tests.py. - debian/patches/CVE-2020-10700-3.patch: do not permit the ASQ control for the GUID search in paged_results in selftest/knownfail.d/asq, source4/dsdb/samdb/ldb_modules/paged_results.c. - debian/control: bump libldb-dev, python3-ldb, and python3-ldb-dev Build-Depends to 2.0.10. - CVE-2020-10700 * SECURITY UPDATE: Stack overflow in AD DC LDAP server - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, source3/lib/tldap.c, source3/lib/tldap_util.c, source3/libsmb/clispnego.c, source3/torture/torture.c, source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c, source4/libcli/ldap/ldap_controls.c. - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in lib/util/asn1.c. - debian/patches/CVE-2020-10704-5.patch: add max ldap request sizes in docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, lib/param/loadparm.c, source3/param/loadparm.c. - debian/patches/CVE-2020-10704-6.patch: limit request sizes in source4/ldap_server/ldap_server.c. - debian/patches/CVE-2020-10704-7.patch: add search size limits to ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, lib/param/loadparm.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, source3/param/loadparm.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c. - debian/patches/CVE-2020-10704-8.patch: check search request lengths in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. - CVE-2020-10704 -- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 08:08:38 -0400
Available diffs
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.16) bionic-security; urgency=medium * SECURITY UPDATE: Stack overflow in AD DC LDAP server - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, source3/lib/tldap.c, source3/lib/tldap_util.c, source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c, source4/libcli/ldap/ldap_controls.c. - debian/patches/CVE-2020-10704-3.patch: check parse tree depth in lib/util/asn1.c. - debian/patches/CVE-2020-10704-6.patch: add max ldap request sizes in docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, lib/param/loadparm.c, source3/param/loadparm.c. - debian/patches/CVE-2020-10704-7.patch: limit request sizes in source4/ldap_server/ldap_server.c. - debian/patches/CVE-2020-10704-8.patch: add search size limits to ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, lib/param/loadparm.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, source3/param/loadparm.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c. - debian/patches/CVE-2020-10704-9.patch: check search request lengths in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. - CVE-2020-10704 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 11:48:03 -0400
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.26) xenial-security; urgency=medium * SECURITY UPDATE: Stack overflow in AD DC LDAP server - debian/patches/CVE-2020-10704-1.patch: add ASN.1 max tree depth in auth/gensec/gensec_util.c, lib/util/asn1.c, lib/util/asn1.h, lib/util/tests/asn1_tests.c, libcli/auth/spnego_parse.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, source3/lib/tldap.c, source3/lib/tldap_util.c, source3/libsmb/clispnego.c, source4/auth/gensec/gensec_krb5.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c, source4/libcli/ldap/ldap_controls.c. - debian/patches/CVE-2020-10704-2.patch: check parse tree depth in lib/util/asn1.c. - debian/patches/CVE-2020-10704-3.patch: add max ldap request sizes in docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml, docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml, lib/param/loadparm.c, source3/param/loadparm.c. - debian/patches/CVE-2020-10704-4.patch: limit request sizes in source4/ldap_server/ldap_server.c. - debian/patches/CVE-2020-10704-5.patch: add search size limits to ldap_decode in docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml, lib/param/loadparm.c, libcli/cldap/cldap.c, libcli/ldap/ldap_message.c, libcli/ldap/ldap_message.h, source3/param/loadparm.c, source4/ldap_server/ldap_server.c, source4/libcli/ldap/ldap_client.c. - debian/patches/CVE-2020-10704-6.patch: check search request lengths in lib/util/asn1.c, lib/util/asn1.h, libcli/ldap/ldap_message.c. - CVE-2020-10704 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2020 11:52:53 -0400
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
samba (2:4.11.6+dfsg-0ubuntu1) focal; urgency=medium * New upstream release: 4.11.6 * d/p/samba-tool-py38-*.patch: dropped, fixed upstream -- Andreas Hasenack <email address hidden> Wed, 26 Feb 2020 11:55:16 -0300
Available diffs
samba (2:4.11.5+dfsg-1ubuntu2) focal; urgency=medium * d/p/samba-tool-py38-*.patch: use correct method flags (LP: #1864324) -- Andreas Hasenack <email address hidden> Sat, 22 Feb 2020 17:22:21 -0300
Available diffs
samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium * Merge with Debian unstable. Remaining changes: - debian/VERSION.patch: Update vendor string to "Ubuntu". - debian/smb.conf; + Add "(Samba, Ubuntu)" to server string. + Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - debian/samba-common.config: + Do not change priority to high if dhclient3 is installed. - d/control, d/rules: Disable glusterfs support because it's not in main. MIR bug is https://launchpad.net/bugs/1274247 - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service name from nfs to nfs-kernel-server (LP #722201) - d/p/ctdb-config-enable-syslog-by-default.patch: enable syslog and systemd journal by default - debian/rules: Ubuntu i386 binary compatibility: + drop ceph support + disable the following binary packages: - ctdb - libnss-winbind - libpam-winbind - python3-samba - samba - samba-common-bin - samba-testsuite - winbind - debian/control: Ubuntu i386 binary compatibility: + drop ceph support - debian/rules: Ubuntu i386 binary compatibility: + re-enable the following binary packages: - libnss-winbind - samba-common-bin - python3-samba - winbind * Dropped: - d/control: drop python3-matplotlib. It's only used in script/attr_count_read which is not installed with the samba packages. [In 2:4.11.3+dfsg-1]
Available diffs
samba (2:4.11.1+dfsg-3ubuntu4) focal; urgency=medium * Ubuntu i386 binary compatibility effort: (LP: #1861316) - debian/rules: + re-enable the following binary packages generation: - libnss-winbind - samba-common-bin - python3-samba - winbind -- Rafael David Tinoco <email address hidden> Thu, 06 Feb 2020 14:42:38 +0000
Available diffs
Superseded in focal-proposed |
samba (2:4.11.1+dfsg-3ubuntu3) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <email address hidden> Sat, 25 Jan 2020 06:06:11 +0000
Available diffs
samba (2:4.3.11+dfsg-0ubuntu0.16.04.25) xenial-security; urgency=medium * SECURITY UPDATE: Crash after failed character conversion at log level 3 or above - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason' is never read warning. - debian/patches/CVE-2019-14907-2.patch: do not print the failed to convert string into the logs. - CVE-2019-14907 -- Marc Deslauriers <email address hidden> Fri, 17 Jan 2020 08:16:49 -0500
Available diffs
samba (2:4.10.7+dfsg-0ubuntu2.4) eoan-security; urgency=medium * SECURITY UPDATE: replication of ACLs set to inherit down a subtree on AD Directory not automatic - debian/patches/CVE-2019-14902-1.patch: add test for replication of inherited security descriptors. - debian/patches/CVE-2019-14902-2.patch: add test for a special case around replicated renames. - debian/patches/CVE-2019-14902-3.patch: add test to confirm ACL inheritance really happens - debian/patches/CVE-2019-14902-4.patch: explain that descriptor_sd_propagation_recursive() is protected by a transaction. - debian/patches/CVE-2019-14902-5.patch: add comments explaining why SD propagation needs to be done here. - debian/patches/CVE-2019-14902-6.patch: ensure we honour both change->force_self and change->force_children. - debian/patches/CVE-2019-14902-7.patch: schedule SD propagation to a renamed DN. - debian/patches/CVE-2019-14902-8.patch: fix issue where inherited Security Descriptors were not replicated. - debian/patches/CVE-2019-14902-9.patch: set renamed = true (and so do SD inheritance) after any rename. - debian/patches/CVE-2019-14902-10.patch: change basis of descriptor module deferred processing to be GUIDs. - CVE-2019-14902 * SECURITY UPDATE: Crash after failed character conversion at log level 3 or above - debian/patches/CVE-2019-14907-1.patch: fix Value stored to 'reason' is never read warning. - debian/patches/CVE-2019-14907-2.patch: do not print the failed to convert string into the logs. - CVE-2019-14907 * SECURITY UPDATE: Use after free during DNS zone scavenging in Samba AD DC - debian/patches/CVE-2019-19344.patch: fix use after free in dns_tombstone_records_zone. - CVE-2019-19344 -- Marc Deslauriers <email address hidden> Tue, 14 Jan 2020 10:56:41 -0500
Available diffs
76 → 150 of 640 results | First • Previous • Next • Last |