-
samba (2:4.20.0+dfsg-1~exp2) experimental; urgency=medium
* implement pkg.samba.before-trixie build profile
(undo t64 changhes and drop build-dep)
* d/rules: remove Debian/Ubuntu "branding", no need in that
* d/control: samba-dsdb-modules: drop hardcoded dependency on libgpgme11
(Closes: #1068526)
-- Michael Tokarev <email address hidden> Sun, 07 Apr 2024 16:04:30 +0300
-
samba (2:4.20.0+dfsg-1~exp1) experimental; urgency=medium
* new upstream release (4.20.0)
* d/control: bump tevent/talloc/tdb versions for Build-Depends
* d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0)
* d/patches/meaningful-error-if-no-python3-markdown.patch: fixup
* d/*.install: internal library names changed:
libfoo-samba4.so.0 => libfoo-private-samba.so.0
* d/samba-libs.install: update names for libdcerpc & libndr private libs
* d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols:
libndr has soversion 4 now. This breaks binaries linked with libndr!
* d/samba-libs.symbols: update with new ndr4 symbols
* d/libsmbclient.symbols: update with new symbols
* d/samba-dev.install: add smb3posix.h
* d/not-installed: add usr/bin/wspsearch experimental windows search binary
* d/control: libperl-json is not needed for build anymore
* d/control: bump minimum mit-krb5 version in Build-Depends to 1.21
(for pkg.samba.mitkrb5 build profile)
* rebase on top of 4.19.5+dfsg-4
-- Michael Tokarev <email address hidden> Thu, 28 Mar 2024 10:51:16 +0300
-
samba (2:4.20.0~rc2+dfsg-3) experimental; urgency=medium
* rename libsmbclient => libsmbclient0 for 64-bit time_t transition
* d/libsmbclient.lintian-overrides: remove, soname now = package name
* add Breaks: of sssd packages to samba-libs: 4.20 changed libndr
soname, and we now added proper sonames for it
-- Michael Tokarev <email address hidden> Wed, 21 Feb 2024 12:28:36 +0300
-
samba (2:4.20.0~rc2+dfsg-2) experimental; urgency=medium
* new upstream release candidate (4.20.0-rc2)
Note: this is just release candidate, not a release yet!
* d/control: bump tevent/talloc/tdb versions for Build-Depends
* d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0)
* d/patches/meaningful-error-if-no-python3-markdown.patch: fixup
* d/*.install: internal library names changed:
libfoo-samba4.so.0 => libfoo-private-samba.so.0
* d/samba-libs.install: update names for libdcerpc & libndr private libs
* d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols:
libndr has soversion 4 now. This breaks binaries linked with libndr!
* d/samba-libs.symbols: update with new ndr4 symbols
* d/libsmbclient.symbols: update with new symbols
* d/samba-dev.install: add smb3posix.h
* d/not-installed: add usr/bin/wspsearch experimental windows search binary
* d/control: libperl-json is not needed for build anymore
* d/control: bump minimum mit-krb5 version in Build-Depends to 1.21
(for pkg.samba.mitkrb5 build profile)
* rebase on top of 4.19.5+dfsg-1
-- Michael Tokarev <email address hidden> Mon, 19 Feb 2024 15:33:31 +0300
-
samba (2:4.20.0~rc2+dfsg-1) experimental; urgency=medium
* new upstream release candidate (4.20.0-rc2)
Note: this is just release candidate, not a release yet!
* omit (for now) wspsearch.1
-- Michael Tokarev <email address hidden> Thu, 15 Feb 2024 23:05:46 +0300
-
samba (2:4.20.0~rc1+dfsg-1) experimental; urgency=medium
* new upstream release candidate (4.20.0-rc1)
Note: this is just release candidate, not a release yet!
* d/control: bump tevent/talloc/tdb versions for Build-Depends
* d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0)
* d/patches/meaningful-error-if-no-python3-markdown.patch: fixup
* d/patches/python-fix-invalid-escape-sequences.patch: remove,
applied upstream
* d/*.install: internal library names changed,
libfoo-samba4.so.0 => libfoo-private-samba.so.0
* d/samba-libs.install: update names for libdcerpc & libndr private libraries
* d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols:
libndr has soversion 4 now. This breaks binaries linked with libndr!
* d/samba-libs.symbols: update with new ndr4 symbols
* d/libsmbclient.symbols: update with new symbols
* d/samba-dev.install: add smb3posix.h
* d/not-installed: add usr/bin/wspsearch experimental windows search binary
* d/control: libperl-json is not needed for build anymore
* d/control: bump minimum mit-krb5 version in Build-Depends to 1.21
(for pkg.samba.mitkrb5 build profile)
-- Michael Tokarev <email address hidden> Mon, 29 Jan 2024 21:43:00 +0300
-
samba (2:4.19.0~rc4+dfsg-2) experimental; urgency=medium
* samba-libs: add libndr 3.0.1 symbols
-- Michael Tokarev <email address hidden> Mon, 28 Aug 2023 19:40:39 +0300
-
samba (2:4.19.0~rc2+dfsg-1) experimental; urgency=medium
* new upstream release candidate
* d/patches: remove patches applied upstream, refresh patches
* d/control: update talloc/tevent/tdb build-deps
* d/smbclient.install: remove smbgetrc.5
* d/patches: add ldb 2.7.1 & 2.7.2 ABI files
* d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0)
* d/python3-ldb.symbols: remove unused versions, add new version
* d/control: fix description of samba-common-bin (samba-client)
* d/samba-common-bin.install: install samba-log-parser (for winbindd for now)
* d/samba-libs.install: 2 new libs
* d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0
from samba-libs to samba-testsuite
* d/samba-libs.install, d/samba-vfs-modules.install: move
libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules
* d/samba-libs.install, d/samba-common-bin.install: move
libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net)
* d/samba-libs.install, d/samba-common-bin.install: move
libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin
(used by usr/libexec/samba/rpcd_*)
* d/source/lintian-overrides: remove unused source-is-missing override
* d/samba-vfs-modules.lintian-overrides: remove unused
spelling-error-in-binary override
-- Michael Tokarev <email address hidden> Tue, 08 Aug 2023 10:52:58 +0300
-
samba (2:4.19.0~rc1+dfsg-3) experimental; urgency=medium
* d/rules: wrap _PYTHON_SYSCONFIGDATA_NAME setting to cross-compile case
On e.g. buster, _PYTHON_SYSCONFIGDATA_NAME is different, so this assignment
does not work right. In order for it to work on buster, add condition on
host vs build gnu type. This breaks compilation with foreign python binary.
-- Michael Tokarev <email address hidden> Fri, 04 Aug 2023 14:30:04 +0300
-
samba (2:4.18.2+dfsg-1) experimental; urgency=medium
* new upstream stable/bugfix release:
- https://bugzilla.samba.org/show_bug.cgi?id=15302
Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower.
- https://bugzilla.samba.org/show_bug.cgi?id=15306
Floating point exception (FPE) via cli_pull_send
at source3/libsmb/clireadwrite.c.
- https://bugzilla.samba.org/show_bug.cgi?id=15328
test_tstream_more_tcp_user_timeout_spin fails intermittently
on Rackspace GitLab runners.
- https://bugzilla.samba.org/show_bug.cgi?id=15329
Reduce flapping of ridalloc test.
- https://bugzilla.samba.org/show_bug.cgi?id=15351
large_ldap test is unreliable.
- https://bugzilla.samba.org/show_bug.cgi?id=15143
New filename parser doesn't check veto files smb.conf parameter.
- https://bugzilla.samba.org/show_bug.cgi?id=15354
mdssvc may crash when initializing.
- https://bugzilla.samba.org/show_bug.cgi?id=15313
large directory optimization broken for non-lcomp path elements.
- https://bugzilla.samba.org/show_bug.cgi?id=15357
streams_depot fails to create streams.
- https://bugzilla.samba.org/show_bug.cgi?id=15358
shadow_copy2 and streams_depot don't play well together.
- https://bugzilla.samba.org/show_bug.cgi?id=15316
Flapping tests in samba_tool_drs_show_repl.py.
- https://bugzilla.samba.org/show_bug.cgi?id=15317
winbindd idmap child contacts the domain controller without a need.
- https://bugzilla.samba.org/show_bug.cgi?id=15318
idmap_autorid may fail to map sids of trusted domains for the first time.
- https://bugzilla.samba.org/show_bug.cgi?id=15319
idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
- https://bugzilla.samba.org/show_bug.cgi?id=15323
net ads search -P doesn't work against servers in other domains.
- https://bugzilla.samba.org/show_bug.cgi?id=15353
Temporary smbXsrv_tcon_global.tdb can't be parsed.
- https://bugzilla.samba.org/show_bug.cgi?id=15316
Flapping tests in samba_tool_drs_show_repl.py.
- https://bugzilla.samba.org/show_bug.cgi?id=15343
Tests use depricated and removed methods like assertRegexpMatches.
* d/rules, d/libldb2.symbols; add ldb 2.6.2 version
* heimdal-to-support-KEYRING-ccache.patch: enable KEYRING in heimdal
(Closes: #1023609)
* d/control: build-depend on libkeyutils-dev
(it is pulled by some other dep, but better to be safe)
* -s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch
(the change has been applied upstream)
-- Michael Tokarev <email address hidden> Wed, 19 Apr 2023 14:02:49 +0300
-
samba (2:4.18.1+dfsg-1~exp1) experimental; urgency=high
* upstream stable/security/bugfix release, fixing the following issues:
o CVE-2023-0225: An incomplete access check on dnsHostName allows
authenticated but otherwise unprivileged users to delete this
attribute from any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating
against a remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was insufficient and
an attacker may be able to obtain confidential BitLocker recovery keys
from a Samba AD DC. Installations with such secrets in their Samba AD
should assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
* update libldb symbols and versions
-- Michael Tokarev <email address hidden> Wed, 29 Mar 2023 17:59:17 +0300
-
samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium
* new upstream release (4.18.0):
* SMB Server performance improvements
* More succinct samba-tool error messages
* Colour output with samba-tool --color
* New samba-tool dsacl subcommand for deleting ACES
* New wbinfo option --change-secret-at
* New option to change the NT ACL default location
* Azure Active Directory / Office365 synchronisation improvements
* new smb.conf parameters:
server addresses
acl_xattr:security_acl_name
* For more details, please refer to WHATSNEW.txt file.
* d/control: bump talloc/tdb/tevent build-deps
* patches:
- refresh: hurd-compat.patch
- refresh: spelling.patch, remove many, add 3 new changes
- new: heimdal-spelling.patch, spelling fixes for third_party/heimdal
- remove: unwrap-getresgid-typo.patch, not needed
* d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
* d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1)
* d/libwbclient0.symbols: add new version and two new symbols:
wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt
-- Michael Tokarev <email address hidden> Thu, 09 Mar 2023 14:47:05 +0300
-
samba (2:4.18.0~rc4+dfsg-1) experimental; urgency=medium
* new upstream release candidate (4.18.0rc4)
* d/control: bump talloc/tdb/tevent build-deps
* patches:
- refresh: hurd-compat.patch
- refresh: spelling.patch, remove many, add 3 new changes
- new: heimdal-spelling.patch, spelling fixes for third_party/heimdal
- remove: unwrap-getresgid-typo.patch, not needed
* d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
* d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1)
* d/libwbclient0.symbols: add new version and two new symbols:
wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt
-- Michael Tokarev <email address hidden> Wed, 01 Mar 2023 16:50:46 +0300
-
samba (2:4.18.0~rc3+dfsg-1) experimental; urgency=medium
* new upstream release candidate (4.18.0rc3)
* d/control: bump talloc/tdb/tevent build-deps
* patches:
- refresh: hurd-compat.patch
- refresh: spelling.patch, remove many, add 3 new changes
- new: heimdal-spelling.patch, spelling fixes for third_party/heimdal
- remove: unwrap-getresgid-typo.patch, not needed
* d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
* d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1)
* d/libwbclient0.symbols: add new version and two new symbols:
wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt
-- Michael Tokarev <email address hidden> Thu, 16 Feb 2023 11:53:47 +0300
-
samba (2:4.18.0~rc2+dfsg-1) experimental; urgency=medium
* new upstream release candidate (4.18.0rc2)
* d/control: bump talloc/tdb/tevent build-deps
* patches:
- refresh: hurd-compat.patch
- refresh: spelling.patch, remove many, add 3 new changes
- new: heimdal-spelling.patch, spelling fixes for third_party/heimdal
- remove: unwrap-getresgid-typo.patch, not needed
* d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
* d/libldb2.symbols, python3-ldb.symbols.in: ad the new version
* d/libwbclient0.symbols: add new version and two new symbols:
wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt
-- Michael Tokarev <email address hidden> Thu, 02 Feb 2023 00:05:39 +0300
-
samba (2:4.18.0~rc1+dfsg-1exp) experimental; urgency=medium
* new upstream release candidate (4.18.0rc1)
* d/control: bump talloc/tdb/tevent build-deps
* patches:
- refresh: hurd-compat.patch
- refresh: spelling.patch, remove many, add 3 new changes
- new: heimdal-spelling.patch, spelling fixes for third_party/heimdal
- remove: unwrap-getresgid-typo.patch, not needed
- remove: reload-registry-shares-after-reloading-services.patch
- remove: rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
* d/gbp.conf: unignore branch (gbp import-orig does fun stuff if it is set)
* d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
* d/libldb2.symbols, python3-ldb.symbols.in: ad the new version
* d/libwbclient0.symbols: add new version and two new symbols:
wbcChangeTrustCredentialsAt
wbcCtxChangeTrustCredentialsAt
-- Michael Tokarev <email address hidden> Sat, 21 Jan 2023 11:20:58 +0300
-
samba (2:4.17.2+dfsg-2) experimental; urgency=medium
* d/rules: stop dh_installpam from installing samba.pam
to the samba package (Closes: #1022775, #1022776)
-- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 20:13:53 +0300
-
samba (2:4.17.2+dfsg-1) experimental; urgency=medium
* upstream 4.17.0 release:
Closes: CVE-2022-1615
Closes: CVE-2022-32743
- removed spelling.patch (partially applied upstream)
- removed weak-crypto-allowed-clarify.diff (applied upstream)
- removed dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch
(applied upstream)
- refresh: ctdb-create-piddir.patch
- refresh: fix-nfs-service-name-to-nfs-kernel-server.patch
- d/control: update minimum versions for talloc/tevent/tdb
- d/rules: do not install ctdb.service, it is installed by upstream now
- d/ctdb.install: do not install ctdb_wrapper (not used anymore)
- d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1
* upstream 4.17.1 security release:
CVE-2021-20251 Bad password count not incremented atomically.
* upstream 4.17.2 security release:
CVE-2022-3592 A malicious client can use a symlink to escape the exported
directory. https://www.samba.org/samba/security/CVE-2022-3592.html
(Samba 4.17 only)
* new patch: spelling.patch: a few more spelling fixes
* per upstream, re-version symbols added in 2.5.2 as added in 2.6.1
(ldb users needs to be recompiled anyway after updating libldb)
* move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450)
* d/rules: no need to build compile_et,asn1_compile intermediate targets
anymore; also remove now-unused ${WAFv} macro
* this release re-does all changes in the former experimental branch
-- Michael Tokarev <email address hidden> Tue, 25 Oct 2022 14:30:44 +0300
-
samba (2:4.17.1+dfsg-1) experimental; urgency=medium
* new upstream bugfix release containing a security fix:
* CVE-2021-20251 Bad password count not incremented atomically.
* Merge changes from 4.16.x (debian/master) branch.
* use-bzero-instead-of-memset_s.diff : use explicit_bzero() instead of
bzero() for the substitute of memset_s(). bzero() is wrong here because
it, just like memset, can be optimized out by the compiler.
* d/rules: stop using dh_installpam for installing a single pam.d file
-- Michael Tokarev <email address hidden> Wed, 19 Oct 2022 21:34:11 +0300
-
samba (2:4.17.0+dfsg-2) experimental; urgency=medium
* mention closing of CVE-2022-32743 by the 4.17.0 upload
* mention closing of CVE-2022-1615 by the 4.17.0 upload
* move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450)
* d/rules: verify that samba-libs does not depend on samba
-- Michael Tokarev <email address hidden> Sat, 08 Oct 2022 23:00:05 +0300
-
samba (2:4.17.0+dfsg-1) experimental; urgency=medium
* new upstream release 4.17.0
* removed: spelling.patch (partially applied upstream)
* removed: weak-crypto-allowed-clarify.diff (applied upstream)
* refresh: ctdb-create-piddir.patch
* refresh: fix-nfs-service-name-to-nfs-kernel-server.patch
* d/control: update minimum versions for talloc/tevent/tdb
* d/rules: do not install ctdb.service, it is installed by upstream now
* d/ctdb.install: do not install ctdb_wrapper (not used anymore)
* d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1
per upstream, re-version symbols added in 2.5.2 as added in 2.6.1
(ldb users needs to be recompiled anyway after updating libldb)
* new: spelling.patch: a few more spelling fixes
* d/control: bump Standards-Version to 4.6.1 (no changes)
-- Michael Tokarev <email address hidden> Tue, 13 Sep 2022 20:47:05 +0300
-
samba (2:4.16.0+dfsg-1) experimental; urgency=medium
* New upstream major release.
Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
the outside target of a symlink exists
Closes: #1005642 (windows client data corruption due to cache poisoning)
Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
Closes: #998423 (coredump connecting from macos to shares with var substs)
* Notable changes in 4.16 series compared to 4.13:
- modular VFS (see The_New_VFS.txt)
- publishing printers in AD is more complete
- group policies for winbindd cilents (like linux systems)
- certificate auto enrollement in AD group policy
- large list of improvements in samba-tool
- SMB1 protocol has been deprecated, some subcommands has been removed
- more consistend options/subcommands in samba commands
* d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
debian-specific failures to go away, by preserving order of waf hashes
* refresh patches, update build-depend versions (talloc, tdb, tevent)
* refresh lintian-overrides files, add many new overrides
* build-depend on python3-markdown
* build-depend on libjson-perl for new heimdal bits
* more consistent internal lib naming; refresh file lists everywhere
* samba: install new rpc_* services, install samba-dcerpc
* refresh symbols files
* build libldb from samba sources, not from separate source
(this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to
/usr/lib/$triple/samba/ldb/ - the same where dsdb modules are).
* optimizations for d/make_shlibs; also allow one to specify explicit
version for some packages
* as per clarifications for waf --{bundled,builtin}-libraries, remove
now-wrong usage there. This also fixes build failures with current
samba sources
* d/rules: various optimizations to reduce startup costs by eliminating
unnecessary external command calls during d/rules read by make.
Including caching of LDB version information in d/ldb-version.mk file.
This does not affect the buildd processing much (and does not affect
runtime at all), but helps with build procedure debugging.
* d/rules: numerous small fixes, cleanups and other changes, including:
- clean up the install target
- remove some now-irrelevant parts
- fix no-glusterfs-build on non-linux
* change build procedure: instead of `waf build', run `waf install'.
`waf build' builds samba to be run from the build dir, and `waf install'
rebuilds/relinks everything again for production. Build the production
variant only, no build-dir one.
* samba-common-bin.postinst: explicitly mkdir /run/samba before invoking
samba binaries (Closes: #953530)
* in the salsa git repository of samba, stop keeping debian patches in
applied form, keep them in d/patches/ only as most other packages do.
* move single python (helper) module, libsamba-policy, together with
2 internal libraries used by it, from samba-libs package to python3-samba.
This makes samba-libs to be free from python-related files, and makes
python3-samba to be the only python-providing package.
Closes: #1006875, #878612, #862338
* also move dckeytab python module from samba to python3-samba
(actually stop moving it from python3-samba to samba to incorrectly
avoid a circular dependency). Also verify that python3-samba does
not depend on samba package.
* weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
testparm message (Closes: #975882)
* spelling.patch: fix many common spelling mistakes in the source
* ctdb: simplify/cleanup instllation of READMEs/examples
* d/control: remove breaks/replaces/depends on ancient versions of some
packages (ancient dpkg version in Pre-Depends, ancient samba-libs)
* d/rules: rework wrong shlibdeps handling
* move helper programs from /usr/lib/$multiarch/ to /usr/libexec/
where they belongs. This should not affect users.
* smbclient: re-do the fix for an old bug, #221618. The original "fix"
did not fix anything (it is too late already to #define _FILE_OFFSET_BITS
when all types has already been defined). From now on, raise an error
if off_t is less than 64bits (it should >=64 when #include'ing
<libsmbclient.h> with proper LFS defines). In theory this can break
some sources which either included libsmbclient.h without a reason or
which didn't use any of the functions which deals with off_t (smbc_lseek
etc), - which did not explicitly enable LFS on a 32bit system.
Please email us if you faced such situation.
* drop 07_private_lib patch: we do not need to force rpath for
private libraries into every samba binary, upstream build system
does a good job here.
-- Michael Tokarev <email address hidden> Tue, 05 Apr 2022 16:01:25 +0300
-
samba (2:4.13.2+dfsg-1) experimental; urgency=medium
* New upstream major version
- Update d/gbp.conf, d/watch and d/README.source for 4.13
- Update patches
- Bump build-depends ldb >= 2.2.0
- Install new files
- Update symbols
* Includes the following security fixes:
- CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
(Closes: #973400)
- CVE-2020-14323: Unprivileged user can crash winbind (Closes: #973399)
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records (Closes: #973398)
- CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon")
(Closes: #971048)
* Includes the following fixes:
- Fixes "samba_dnsupdate gives depreacation warnings" (Closes: #973957)
- s3: libsmbclient.h: add missing time.h include (Closes: #946840)
* Remove unused python3-crypto dependency (Closes: #971292)
* Enable Spotlight with ES backend (Closes: #956096, #956482)
* Standards-Version: 4.5.0
* Add missing Build-Depends-Package in libsmbclient.symbols and
libwbclient0.symbols
* d/copyright: Fix duplicate-globbing-patterns
* Remove outdated/malformed lintian overrides
* d/winbind.logrotate: Only reload winbindd when running (Closes: #946821)
* Bump to debhelper compat 13
* Add another library-not-linked-against-libc override
-- Mathieu Parent <email address hidden> Thu, 12 Nov 2020 11:23:01 +0100
-
samba (2:4.12.3+dfsg-1) experimental; urgency=medium
* New upstream major version (Closes: #963106)
- Update d/gbp.conf, d/watch and d/README.source for 4.12
- Drop merged patches
- Bump build-depends talloc >= 2.3.1, tdb >= 1.4.3, tevent >= 0.10.2 and
ldb >= 2.1.3
- Upstream fixes:
+ pygpo: use correct method flags
(Closes: #963242, #961585, #960171, #956428)
+ CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC
LDAP servers, handled 'Paged Results' control is combined with the 'ASQ'
control. A malicious user in a samba AD could use this flaw to cause
denial of service (Closes: #960189)
+ CVE-2020-10704: A flaw was found when using samba as an Active Directory
Domain Controller. Due to the way samba handles certain requests as an
Active Directory Domain Controller LDAP server, an unauthorized user can
cause a stack overflow leading to a denial of service. The highest
threat from this vulnerability is to system availability
(Closes: #960188)
- intel aes-ni no more needed as GnuTLS is used
- Install new files
- Update symbols
- Update samba-libs.lintian-overrides
* d/control: Remove unused libattr1-dev Build-Depends (Closes: #953915)
-- Mathieu Parent <email address hidden> Wed, 24 Jun 2020 23:12:11 +0200
-
samba (2:4.11.0+dfsg-5) experimental; urgency=medium
* d/gitlabracadabra.yml: only_allow_merge_if_pipeline_succeeds: false
* Remove patches:
- "build: Remove tests for _readdir() and __readdir()"
- "build: Remove tests for rdchk()"
- "build: Remove tests for _pwrite() and __pwrite()"
* Add patches by Ralph Boehme:
- "wscript: remove all checks for _FUNC and __FUNC"
- "wscript: split function check to one per line and sort alphabetically"
-- Mathieu Parent <email address hidden> Mon, 30 Sep 2019 13:37:50 +0200
-
samba (2:4.11.0+dfsg-4) experimental; urgency=medium
* Use the same arches for librados-dev than libcephfs-dev (Fix missing
build-depends on alpha and sh4)
* Split vfsmods:Recommends substvar into
{vfsceph,vfsglusterfs,vfssnapper}:Recommends to make the code more readable
and fix FTBFS on linux platforms without ceph (hppa and sparc64, and also
alpha and sh4)
* Add patch for "build: Remove tests for _readdir() and _readdir()", to
hopefully fix FTBFS on armel
-- Mathieu Parent <email address hidden> Sun, 29 Sep 2019 09:29:03 +0200
-
samba (2:4.11.0+dfsg-3) experimental; urgency=medium
* Try to fix FTBFS on armel (armhf is fixed):
- Add patch for build: Remove tests for rdchk()
-- Mathieu Parent <email address hidden> Sat, 28 Sep 2019 22:17:04 +0200
-
samba (2:4.11.0+dfsg-2) experimental; urgency=medium
* d/gitlabracadabra.yml: Add samba-team/libsmb2
* Try to fix FTBFS on armel and armhf:
- Add patch for build: Remove tests for _pwrite() and __pwrite()
-- Mathieu Parent <email address hidden> Sat, 28 Sep 2019 11:47:56 +0200
-
samba (2:4.11.0+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
* Upload to experimental
* New upstream major release
- Update d/gbp.conf, d/watch and d/README.source for 4.11
- Import upstream release
- Update fix-nfs-service-name-to-nfs-kernel-server.patch
- Bump build-depends talloc >= 2.2.0, tdb >= 1.4.2, tevent >= 0.10.0 and
ldb >= 2:2.0.7
- libsamba-passdb.so bumped to 0.28.0
- libnon-posix-acls is now a subsystem
- Drop libparse-pidl-perl package (Closes: #939419)
- Add new files to d/*.install
- Move libsamba-util.so.* to libwbclient0, to avoid circular dependencies
- Move libsamba-util deps to libwbclient0
* Add build-Remove-tests-for-getdents-and-getdirentries.patch, to fix FTBFS on
armel and armhf
* salsa-ci: Build on experimental
[ John Paul Adrian Glaubitz ]
* Disable cephfs support on architectures where it's not stable
(Closes: #940697)
[ Louis van Belle ]
* d/control, d/samba.install: added libtasn1-bin, libtasn1-6-dev to build
dumpmscat
* d/control, d/rules: Enable spotlight (TimeMachine)
* d/control: Bump libtdb-dev (>= 2) in samba-dev deps
* Update libwbclient0.symbols
* d/rules: adjust LDB_DEPENDS
-- Mathieu Parent <email address hidden> Thu, 26 Sep 2019 09:37:51 +0200
-
samba (2:4.10.7+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
* New upstream release
- Update patches
- Drop nsswitch-Add-try_authtok-option-to-pam_winbind.patch, merged
- libsamba-passdb.so bumped to 0.27.2
- Update symbols
- Update installed files
* samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9)
(Closes: #910242)
* Add missing Breaks+Replace found by piuparts (Closes: #929217)
* Enable vfs_nfs4acl_xattr (Closes: #930540)
* ctdb:
- enable ceph and etcd recovery lock
- Downgrade ctdb_mutex_ceph_rados_helper shlibdeps to recommends
* Add gitlabracadabra.yml
* Update salsa-ci.yml
[ Rafael David Tinoco ]
* debian/rules: Make DEB_HOST_ARCH_CPU initialized through dpkg-architecture
(Closes: #931138)
* CTDB NFS fixes from Ubuntu (Closes: #929931, LP: #722201):
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service
name from nfs to nfs-kernel-server
- ctdb-config: depend on /etc/ctdb/nodes file
- d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d to
allow pid file to exist
- added /var/lib/ctdb/* directories
- d/ctdb.postrm: remove leftovers from /var/lib/ctdb/*
- Add examples of NFS HA CTDB config files + helper script
[ Mathieu Parent ]
* Update d/gbp.conf, d/watch and d/README.source for 4.10
* Drop ctdb-config-depend-on-etc-default-nodes-file.patch, merged upstream
* Bump build-depends talloc >= 2.1.16, tdb >= 1.3.18, tevent >= 0.9.39 and
ldb >= 2:1.5.5
* Bump libcmocka-dev builddep to 1.1.3
* d/rules: Remove 1.5.1+really prefix from LDB_DEPENDS
* d/copyright:
- s/GPL-3+/GPL-3.0+/ and s/LGPL-3+/LGPL-3.0+/
- Move License details to end of file
- Add waf licences
- Add lib/replace licences
- Update lib/{ldb,talloc,tdb} licences
* Move to Python3 (from Ubuntu)
* Bump debhelper from old 11 to 12.
* Standards-Version: 4.4.0
* Replace all reference of /var/run to /run (Closes: #934540)
* Replace python shbang by python3 in d/*.py
-- Mathieu Parent <email address hidden> Thu, 29 Aug 2019 14:32:52 +0200
-
samba (2:4.9.5+dfsg-1) experimental; urgency=medium
* New upstream release
- Bump ldb Build-Depends to 2:1.5.1+really1.4.6
- Drop s3-auth-ignore-create_builtin_guests-failing-without.patch, merged
- Drop and python-gpg.patch, merged
* Add Recommends: samba-dsdb-modules for samba-common-bin (Closes: #862467)
-- Mathieu Parent <email address hidden> Wed, 20 Mar 2019 21:07:02 +0100
-
samba (2:4.9.1+dfsg-1) experimental; urgency=medium
* New upstream release
-- Mathieu Parent <email address hidden> Mon, 24 Sep 2018 13:33:21 +0200
-
samba (2:4.9.0+dfsg-1) experimental; urgency=medium
* Upload to experimental
* New upstream release
- Update d/gbp.conf, d/watch and d/README.source for 4.9
- Remove Fix-pidl-manpage-sections.patch, Fix-spelling.patch and
Improve-vfs_linux_xfs_sgid-manpage.patch, merged upstream
- Bump build-depends talloc >= 2.1.14, tdb >= 1.3.16, tevent >= 0.9.37 and
ldb >= 2:1.4.2'
- Update paths
- Update libsmbclient.symbols
- ctdb.lintian-override: Remove script-not-executable override
- Add ctdb.NEWS: "Configuration has been completely overhauled"
- ctdb: Enable/disable legacy script in postinst/presinst
-- Mathieu Parent <email address hidden> Sat, 22 Sep 2018 23:04:11 +0200
-
samba (2:4.8.1+dfsg-1) experimental; urgency=medium
* New upstream release
* Add lintian override for "smbclient: executable-is-not-world-readable
usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper 0700" (See #894720)
* Improve samba-vfs-modules description (Closes: #776505)
* Check smb.conf in samba-common-bin.postinst (Closes: #816301)
* Mark libparse-pidl-perl, samba-dev, samba-dsdb-modules and samba-vfs-modules
as"Multi-Arch: same"
* Standards-Version: 4.1.4, no change
* debian/smb.conf: Fix typo in comment line: sever -> server (Closes: #763648)
* Read smb.conf until [print$] section instead of [cdrom] to preserve
locally-defined shares (Closes: #776259)
* Fix and improve dhcp integration:
- dhclient3 was renamed to dhclient long time ago...
- Remove /etc/samba/dhcp.conf on purge (Closes: #784713)
- Move dhcp.conf out of /etc to allow ro root (Closes: #695362)
- Update template for "Move dhcp.conf out of /etc to allow ro root"
* Enable --accel-aes=intelaesni on DEB_HOST_GNU_CPU=x86_64 (Closes: #896196)
- Use dh-exec to install libaesni-intel.so.0 only on amd64
-- Mathieu Parent <email address hidden> Sun, 29 Apr 2018 12:54:06 +0200
-
samba (2:4.8.0+dfsg-2) experimental; urgency=medium
* Remove unused and outdated debian/README.debian (debian/README.Debian is
used instead)
* Mask services as appropriate in samba and winbind postinst (Closes: #863285)
- mask samba-ad-dc unless server role = active directory domain controller
(as before)
- mask smbd and nmbd when server role = active directory domain controller
- mask nmbd when disable netbios = yes (Closes: #866125)
* Set smbspool_krb5_wrapper permissions to 0700 (Closes: #894720, #372270)
* Remove Depends: samba-libs of lib{nss,pam}-winbind
* Mark winbind "Multi-Arch: allowed" and make lib{pam,nss}-winbind depends on
winbind:any to allow co-installation (Closes: #881100)
* Ignore nmbd start errors when there is no non-loopback interface
(Closes: #893762)
-- Mathieu Parent <email address hidden> Sun, 08 Apr 2018 22:09:53 +0200
-
samba (2:4.8.0+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
* New major upstream version
- Update d/gbp.conf and d/watch for 4.8
- Update upstream source from tag 'upstream/4.8.0+dfsg'
- Re-apply patches
- Remove patches merged upstream:
+ no_build_system.patch
+ systemd-syslog.target-is-obsolete.patch
+ Add-documentation-to-systemd-Unit-files.patch
+ fix_kill_path_in_units.patch
+ nmbd-requires-a-working-network.patch
+ CVE-2018-1050-11343-4.7.patch
+ CVE-2018-1057-v4-7.metze01.patches.txt
- Bump build-depends talloc >= 2.1.11~, tdb >= 1.3.15~, tevent >= 0.9.36~
and ldb >= 2:1.3.2~
- Drop Build-Conflicts-Arch: libaio-dev, vfs_aio_linux was dropped
- Update debian/*.install and use debian/not-installed
- Update debian/libsmbclient.symbols
- Upload to experimental
* debian/README.source
- Update instructions
- Convert to Markdown
- Add a symlink from README.source to README.source.md
* debian/rules:
- Use the new --systemd-install-services
- Use dh_missing --fail-missing
- Re-order debian/rules overrides in the order they are called
- Remove broken get-packaged-orig-source target
- Remove unused DEB_BUILD_OPT_FOO variables
- Add some comments
- Move all the custom installs from override_dh_install to
override_dh_auto_install
- Remove --sourcedir override to dh_install "since dh_install automatically
looks for files in debian/tmp in debhelper compatibility level 7 and
above"
- PIDFile= is now correctly set in *.service
[ Louis van Belle ]
* Update d/control, Relax Build-Depends to allow backport
-- Mathieu Parent <email address hidden> Mon, 19 Mar 2018 13:02:51 +0100
-
samba (2:4.7.0+dfsg-1) experimental; urgency=medium
* New major upstream version
- Update d/gbp.conf and d/watch for 4.7
- Update patches
- Remove no_build_env.patch, no more needed
- Remove 4 patches merged upstream
- Bump build-depends ldb >= 2:1.2.2~, tdb >= 1.3.14~, tevent >= 0.9.33~
- Move replace from builtin to bundled libraries to fix FTBFS
- Update d/*.install
- Update symbols
* Rework all patches for dep5 and "gbp pq"
* Add libjansson-dev to Build-Depends to allow logging in JSON format
* Lintian fixes:
- build-depends: dh-systemd (>= 1.5) => use debhelper (>= 9.20160709)
- Move libsmbclient-dev from priority extra to optional
- Standards-Version: 4.1.1
- Update samba-libs.lintian-overrides (following libsmbldap bump)
-- Mathieu Parent <email address hidden> Thu, 12 Oct 2017 22:09:19 +0200
-
samba (2:4.6.5+dfsg-1) experimental; urgency=medium
* New upstream version (Closes: #859390)
- d/gbp.conf, d/watch: Change major version to 4.6
- Bump Build-dependencies of talloc, tdb, tevent and ldb to resp. 2.1.9,
1.3.12, O.9.31 and 1.1.29
- Remove CVE-2017-7494.patch: applied upstream
- Add Build-Depends: libcmocka-dev (>= 1.0)
- Update d/*.install
- d/samba-common.docs: Roadmap removed upstream
* Update README.source, about importing major versions
* d/control cleanup:
- Remove Conflicts and Replaces on pre-wheezy samba4 packages
- Remove Conflicts, Breaks and Replaces on pre-wheezy samba packages
- Remove Conflicts, Breaks and Replaces on pre-jessie samba packages
- Remove Conflicts, Breaks and Replaces on (pre-jessie) samba4 packages
- Remove Conflicts on pre-jessie libldb1 package
- Remove Breaks on pre-jessie qtsmbstatus-server package
- Remove Replaces on pre-wheezy smbget package
- wrap-and-sort
* Add libcephfs-dev as b-d to build vfs_ceph (Closes: #856998). Patch from
Ubuntu
* Enable avahi support (Closes: #859875). Patch from Laurent Bigonville.
* Translations:
- Portuguese translation for debconf messages (Closes: #864172). Patch from
Rui Branco
- Hungarian translation for debconf messages (Closes: #708277)
* Properly quote subshell invocation in samba-common.preinst (Closes: #771689)
* Add Build-Depends: xfslibs-dev, for XFS quotas
-- Mathieu Parent <email address hidden> Mon, 12 Jun 2017 08:09:43 +0200
-
samba (2:4.5.1+dfsg-1) experimental; urgency=medium
* New upstream version
- Refresh patches
- Remove bug_12283_segfault_tevent_internals.patch
- Remove gencache-Bail-out-of-stabilize-if-we-can-not-get-the.patch
- Adding libdsdb-garbage-collect-tombstones.so.0 to samba-libs.install
* CTDB: Fix samba eventscript
* nmbd requires a working network (Closes: #698056, #842056, #840608, LP: #1635491)
* Be more verbose about masking samba-ad-dc.service (Closes: #841147)
* Remove Fix_parallel_build.patch, not working
-- Mathieu Parent <email address hidden> Tue, 01 Nov 2016 13:54:29 +0100
-
samba (2:4.5.0+dfsg-1) experimental; urgency=medium
* Upload to experimental
* New upstream version
+ Remove patches:
- bug_601406_fix-perl-path-in-example.patch, similar applied
- waf_smbpasswd_location, applied
- Fix-privacy-breach-on-google.com.patch, doc moved out of source
- ctdb-Fix-detection-of-gnukfreebsd.patch, applied
- gcc_6.patch, applied
+ Dumped dependencies
- libldb-dev (>= 2:1.1.27~)
- libtalloc-dev (>= 2.1.8~)
- libtdb-dev (>= 1.3.10~)
- libtevent-dev (>= 0.9.29~)
- python-talloc-dev (>= 2.1.8~)
+ Install new files and update debian/ctdb.docs
+ Update to libwbclient0.symbols
+ Update samba-libs.lintian-overrides (libtevent-unix-util0 removed)
+ /etc/default/ctdb is now /etc/ctdb/ctdbd.conf
* Add patch for https://bugzilla.samba.org/show_bug.cgi?id=12045
* ctdb/wscript: Call CHECK_XSLTPROC_MANPAGES() before checking
XSLTPROC_MANPAGES. This should fix parallel builds, including
tests.reproducible-builds.org. Thanks HW42 on IRC
* Depends: lsb-base (>= 3.0-6), for ctdb and winbind as they source
/lib/lsb/init-functions
-- Mathieu Parent <email address hidden> Sun, 23 Oct 2016 15:56:59 +0200
-
samba (2:4.4.1+dfsg-1) experimental; urgency=medium
* New upstream release
+ Fixes (Patches by Stefan Metzmacher of SerNet and others on the Samba Team):
- CVE-2015-5370 (Multiple errors in DCE-RPC code)
- CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
- CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
- CVE-2016-2112 (LDAP client and server don't enforce integrity)
- CVE-2016-2113 (Missing TLS certificate validation)
- CVE-2016-2114 ("server signing = mandatory" not enforced)
- CVE-2016-2115 (SMB IPC traffic is not integrity protected)
- CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
* Additional regression fix for 'net ads join' to a Windows 2003 domain by metze
-- Andrew Bartlett <email address hidden> Mon, 11 Apr 2016 16:09:59 +1200
-
samba (2:4.4.0+dfsg-1) experimental; urgency=medium
[ Andrew Bartlett ]
* New upstream release.
-- Andrew Bartlett <email address hidden> Wed, 06 Apr 2016 17:08:20 +1200
-
samba (2:4.3.1+dfsg-1) experimental; urgency=medium
* New upstream release.
* Remove libpam-smbpasswd, which is broken and slated for removal
upstream. Closes: #799840
* Remove lib/zlib/contrib/dotzlib/DotZLib.chm from excluded files in
copyright; no longer shipped upstream.
* Remove wins2dns.awk example script.
* Remove the samba-doc package, and move examples files from it to
relevant other packages. Closes: #769385
-- Jelmer Vernooij <email address hidden> Thu, 01 Oct 2015 21:37:48 +0000
-
samba (2:4.3.0+dfsg-2) experimental; urgency=medium
* Re-enable cluster support.
+ Build samba-cluster-support as built-in library, since its dependencies
are broken.
-- Jelmer Vernooij <email address hidden> Mon, 28 Sep 2015 00:34:51 +0000
-
samba (2:4.3.0+dfsg-1) experimental; urgency=medium
* Fix watch file.
* New upstream release.
* Drop no_wrapper patch: applied upstream.
* Drop patch ctdb_sockpath.patch: applied upstream.
* Drop Fix-CTDB-build-with-PMDA patch: applied upstream.
-- Jelmer Vernooij <email address hidden> Sat, 19 Sep 2015 01:59:36 +0000
-
samba (2:4.2.1+dfsg-1) experimental; urgency=medium
[ Jelmer Vernooij ]
* New upstream release.
+ Drop patch do-not-install-smbclient4-and-nmbclient4: applied upstream.
+ Drop patch
bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch:
present upstream.
+ Refresh patch 26_heimdal_compat.26_heimdal_compat.
+ Add build-dependency on libarchive-dev.
* Drop samba_bug_11077_torturetest.patch: applied upstream.
* Drop dependency on ctdb - now bundled with Samba.
* Use bundled Heimdal as the system Heimdal doesn't contain the
changes required for Samba.
* Add patch heimdal-rfc3454.txt: patch in truncated rfc3454.txt for
building bundled heimdal.
* Drop patches 25_heimdal_api_changes and 26_heimdal_compat.
* Disable cluster support; it breaks the build.
* Add patch no_wrapper: avoid dependencies on
{nss,uid,socket}_wrapper.
* Move some libraries around.
* Move ownership of var/lib/samba and var/lib/samba/private to samba-
common, remove obsolete samba4.dirs. Closes: #793866
* Remove ctdb-tests and ctdb-pcp-pmda packages as they contain problems
and unclear what they are useful for, now ctdb now longer provides
an external API.
[ Mathieu Parent ]
* Merge ctdb source package
- initial merge
- libctdb-dev has been dropped
- ctdb-dbg renamed to ctdb-tests, debug files moved to samba-dbg
- ctdb-tests depends on python
* Fix CTDB socketpath parsing
* Fix CTDB build with PMDA
* ctdb: Fix privacy breach on google.com (from documentation)
-- Jelmer Vernooij <email address hidden> Sun, 07 Dec 2014 15:34:36 +0000
-
samba (2:4.1.3+dfsg-1) experimental; urgency=low
[ Jelmer Vernooij ]
* New upstream release.
+ Drop 0002-lib-replace-Allow-OS-vendor-to-assert-that-getpass-i.patch:
upstream no longer uses getpass.
* Add source dependency on libntdb1, and stop passing --disable-ntdb,
which has been removed.
* Remove handling for SWAT, which is no longer shipped upstream.
* Split VFS modules out from samba-libs into a separate binary
package.
* Move service and process_model modules from the samba-libs to the
samba package. Prevents dependencies on libkdc2-heimdal and
libhdb9-heimdal.
[ Ivo De Decker ]
* Add build-dep on python-ntdb.
* Add build-dep on libncurses5-dev.
* Add depends on python-ntdb to samba.
* New upstream release.
-- Ivo De Decker <email address hidden> Mon, 09 Dec 2013 23:24:27 +0100
-
samba (2:4.0.10+dfsg-1) experimental; urgency=low
* Team upload.
[ Ivo De Decker ]
* Update vcs urls to point to samba instead of samba4.
* New upstream release.
* Limit build-dep on libaio-dev to linux architectures.
* Merge init script changes from 3.6 packages.
[ Steve Langasek ]
* Don't put useless symlinks to nss modules in the libnss-winbind package.
* Add lintian overrides for another set of wrong lintian errors for the
NSS modules.
-- Ivo De Decker <email address hidden> Thu, 10 Oct 2013 21:56:08 +0200
-
samba (2:4.0.9+dfsg-1) experimental; urgency=low
* Team upload.
[ Steve Langasek ]
* The samba-ad-dc upstart job should be installed unconditionally, not just
in Ubuntu.
* Don't exclude our private libraries from the shlibs generation.
* Port debian/autodeps.py to python3 and build-depend on python3 so we can
invoke it correctly from debian/rules.
[ Jelmer Vernooij ]
* Bump standards version to 3.9.4 (no changes).
* Suggest libwireshark-dev for libparse-pidl-perl, as it is necessary
to build wireshark dissectors generated by pidl.
* samba-ad-dc: Drop suggests for removed packages swat2 and samba-gtk.
* samba: Remove inetd servers from suggests; inetd support was dropped
in 3.6.16-1.
* Fix database errors during upgrade. Closes: #700768
* Integrate libraries in samba-libs
[ Ivo De Decker ]
* New upstream release.
* Merge contents of samba-ad-dc into samba.
* Remove systemd support for now, as it is broken. Closes: #719477
* Add lintian override for samba-libs: package-name-doesnt-match-sonames.
* Add missing depends for dev packages.
* Generate correct shlibs for both public and private libs.
[ Jeroen Dekkers ]
* Drop 10_messaging_subsystem patch.
* Add patch to not install smbclient4 and nmblookup4 and remove
samba4-clients binary package.
-- Ivo De Decker <email address hidden> Sun, 22 Sep 2013 17:19:44 +0200
-
samba (2:4.0.8+dfsg-1) experimental; urgency=low
[ Christian Perrier ]
* Remove all mention of "Samba 4" and "experimental version of Samba"
in packages' description. Samba version 4 is now production-ready.
[ Andrew Bartlett ]
* Update build-dependencies on Samba libraries using autodeps.py
* New upstream security release. Closes: #718781
Fixes CVE-2013-4124: Denial of service - CPU loop and memory allocation
[ Ivo De Decker ]
* New upstream release
* refresh patches for new upstream version
* remove patches integrated upstream
* Update build-dependencies for new upstream version
* Add replaces for python-samba for packages that take over files from it.
Closes: #719212
-- Ivo De Decker <email address hidden> Sun, 11 Aug 2013 23:45:16 +0200
-
samba (2:4.0.6+dfsg-1) experimental; urgency=low
* Team upload.
[ Andrew Bartlett ]
* Converted to full AD DC package on the basis of the 3.6 package
- Samba now can be an Active Directory Domain controller
- The samba4-* packages are replaced by this package.
- This package now uses the s3fs file server by default, not the ntvfs
file server used in the samba4 packages.
* Provides a new library based package
- Upstream's new build system uses libraries extensively, so new
packages reflect that.
- This provides the libraries that Openchange and other projects depend on
* Move binary files out of /var/lib/samba to /var/lib/samba/private,
where they belong according to upstream Samba:
- schannel_store.tdb
- idmap2.tdb
- passdb.tdb
- secrets.tdb
* Remove most of the samba4 references, except for binaries ending in 4
* Removed debconf support for encrypted passwords
* Samba 3.x users upgrading can either upgrade to an AD DC or continue
using Samba without major changes.
[ Christian Perrier ]
* Move libnss_winbind.so.2 and libnss_wins.so.2 to /lib as in 3.6.*
* Use the same set of configure arguments than 3.6.15 (except those
eventually specific to version 4 and above)
* Add libctdb-dev to build dependencies as we're building with cluster
support just like 3.6 packages
* Re-introduce mksmbpasswd for compatibility with 3.* packages
[ Ivo De Decker ]
* Specify all paths using configure options, so that we can finally get rid
of the fhs patch. Closes: #705449
[ Steve Langasek ]
* Make samba-common Conflicts: swat, which is now obsolete and no longer
built from samba 4.0; the old versions of swat in the archive are
incompatible with smb.conf from samba 4.0, so force them off the system
to avoid configuration corruption.
-- Ivo De Decker <email address hidden> Thu, 20 Jun 2013 21:51:49 +0200
-
samba (2:3.6.13-2) experimental; urgency=low
* Team upload.
* Move binary files out of /etc/samba to /var/lib/samba,
where they belong according to the FHS:
- schannel_store.tdb
- idmap2.tdb
- MACHINE.sid
Closes: #454770
-- Ivo De Decker <email address hidden> Sun, 21 Apr 2013 12:54:03 +0200
-
samba (2:3.6.13-1) experimental; urgency=low
* Team upload.
* New upstream release
* samba: Suggests winbind. Closes: #689857
-- Ivo De Decker <email address hidden> Mon, 18 Mar 2013 21:29:58 +0100
-
samba (2:3.6.12-1) experimental; urgency=low
* Team upload.
* Security update, fixing the following issues:
- CVE-2013-0213: Clickjacking issue in SWAT
- CVE-2013-0214: Potential XSRF in SWAT
* New upstream release
* Install pkgconfig file in libsmbclient-dev. Closes: #700643
-- Ivo De Decker <email address hidden> Sun, 17 Feb 2013 22:25:34 +0100
-
samba (2:3.6.10-1) experimental; urgency=low
* New upstream release
-- Christian Perrier <email address hidden> Sat, 15 Dec 2012 08:03:03 +0100
-
samba (2:3.6.9-1) experimental; urgency=low
* New upstream release
-- Christian Perrier <email address hidden> Thu, 01 Nov 2012 08:17:29 +0100
-
samba (2:3.6.8-1) experimental; urgency=low
* New upstream release.
-- Christian Perrier <email address hidden> Tue, 18 Sep 2012 07:13:41 +0200
-
samba (2:3.6.7-1) experimental; urgency=low
* New upstream release.
-- Christian Perrier <email address hidden> Sat, 11 Aug 2012 21:37:38 +0200
-
samba (2:3.6.1-1) experimental; urgency=low
* New upstream release
-- Christian Perrier <email address hidden> Sat, 22 Oct 2011 10:56:17 +0200
-
samba (2:3.6.0-1) experimental; urgency=low
* New upstream release
* Resync with packaging changes in 3.5 branch between 3.5.8~dfsg1
and 3.5.11~dfsg-1
* Drop wbc_async.h from libwbclient-dev as, according to upstream's
commit c0a7c9f99188ebb3cd27094b9364449bcc2f80d8, " its only user is
smbtorture3"
-- Christian Perrier <email address hidden> Thu, 11 Aug 2011 09:14:53 +0200
-
samba (2:3.6.0~rc3-1) experimental; urgency=low
* New upstream version
-- Christian Perrier <email address hidden> Fri, 29 Jul 2011 23:11:10 +0200
-
samba (2:3.6.0~rc2-1) experimental; urgency=low
* New upstream version -- Christian Perrier <email address hidden> Tue, 07 Jun 2011 23:09:41 +0200
-
samba (2:3.6.0~rc1-2) experimental; urgency=low
* Use --with-nmbdsocketdir=/var/run/samba to have nmbd socket file in an existing directory. Closes: #628121 -- Christian Perrier <email address hidden> Fri, 27 May 2011 15:35:44 +0200
-
samba (2:3.6.0~rc1-1) experimental; urgency=low
* New upstream release -- Christian Perrier <email address hidden> Thu, 19 May 2011 22:26:08 +0200
-
samba (2:3.6.0~pre3-1) experimental; urgency=low
[ Christian Perrier ] * New upstream release * add "#include "fcntl.h"" to idmap_tdb2.c to get it compiled * samba-doc-pdf: add Samba3-HOWTO.pdf from pre1 as it was forgotten upstream * libwbclient0.symbols: dropped several symbols related to asynchronous actions that weren't working anyway (according to Kai Blin at SambaXP) [ Mathieu Parent ] * Build against libctdb-dev (>= 1.10+git20110412) to have required control: CTDB_CONTROL_SCHEDULE_FOR_DELETION. -- Christian Perrier <email address hidden> Mon, 09 May 2011 11:29:52 +0200
-
samba (2:3.5.4~dfsg-1) experimental; urgency=low
* New upstream release
-- Christian Perrier <email address hidden> Tue, 29 Jun 2010 22:00:53 +0200
-
samba (2:3.5.3~dfsg-1) experimental; urgency=low
* New upstream release. Fixes the following bugs:
- smbclient segfaults when used against old samba "security = share"
Closes: #574886
* Drop duplicate build dependency on ctdb
-- Christian Perrier <email address hidden> Wed, 19 May 2010 22:07:49 +0200
-
samba (2:3.5.2~dfsg-2) experimental; urgency=low
* Resync changes with changes in trunk between 3:3.4.4~dfsg-1 and
2:3.4.7~dfsg-2
-- Christian Perrier <email address hidden> Tue, 04 May 2010 17:13:47 +0200
-
samba (2:3.5.2~dfsg-1) experimental; urgency=low
* New upstream release
* Bugs fixed upstream:
- Fix parsing of the gecos field
Closes: #460494
-- Christian Perrier <email address hidden> Thu, 08 Apr 2010 19:48:07 +0200
-
samba (2:3.5.1~dfsg-1) experimental; urgency=low
* New upstream release. Security fix: all smbd processes inherited
CAP_DAC_OVERRIDE capabilities, allowing all file system access to be
allowed even when permissions should have denied access.
-- Christian Perrier <email address hidden> Tue, 09 Mar 2010 10:54:01 +0100
-
samba (2:3.5.0dfsg-1) experimental; urgency=low
* New upstream release. Not using "3.5.0~dfsg" as version number
because we used a "higher" version number in previous versions.
-- Christian Perrier <email address hidden> Tue, 02 Mar 2010 22:03:15 +0100
-
samba (2:3.5.0~rc3~dfsg-1) experimental; urgency=low
* New upstream release candidate
-- Christian Perrier <email address hidden> Sat, 20 Feb 2010 08:36:57 +0100
-
samba (2:3.5.0~rc2~dfsg-1) experimental; urgency=low
* New upstream pre-release
* Use new --with-codepagedir option. Consequently drop
codepages-location.patch
* Drop "Using Samba" from the samba-doc file list as it was
removed upstream.
-- Christian Perrier <email address hidden> Sun, 31 Jan 2010 11:53:48 +0100
-
samba (2:3.5.0~rc1~dfsg-1) experimental; urgency=low
[ Christian Perrier ]
* New upstream pre-release
-- Christian Perrier <email address hidden> Fri, 15 Jan 2010 23:31:01 +0100
-
samba (2:3.5.0~pre2-1) experimental; urgency=low
[ Christian Perrier ]
* New upstream pre-release
* Switch to source format 3.0 (quilt)
* Better adapt "add machine script" example to adduser
Thanks to Heiko Schlittermann for the suggestion
Closes: #555466
* Add --with-cifs-umount to configure
[ Mathieu Parent ]
* Raise ctdb build-dep version to 1.0.103
(new CTDB control CTDB_CONTROL_TRANS2_ACTIVE)
* Explicit ctdb path (--with-ctdb=/usr)
* Removed --without-smbmount configure option, as smbmount as been
removed in commit e1b32594c70ee57f16c84adb7910aa5c84a560f8
* Raise libtalloc-dev build-dep to 2.0.1 as required by configure
[ Steve Langasek ]
* debian/rules: drop --with-cifsmount, --with-cifsupcall arguments, these
are now always set by default on Linux
-- Christian Perrier <email address hidden> Fri, 25 Dec 2009 11:08:03 +0100
-
samba (2:3.4.0~pre1-1) experimental; urgency=low
* New upstream pre-release
* "Using samba" is dropped from upstream source. Therefore, drop
debian/samba-doc.doc-base.samba-using
-- Christian Perrier <email address hidden> Wed, 20 May 2009 18:50:35 +0200
