-
samba (2:4.16.8+dfsg-0ubuntu1.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
- debian/patches/CVE-2022-2127-*.patch
- CVE-2022-2127
* SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
- debian/patches/CVE-2023-34966-*.patch
- CVE-2023-34966
* SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
- debian/patches/CVE-2023-34967-*.patch
- CVE-2023-34967
* SECURITY UPDATE: Spotlight server-side Share Path Disclosure
- debian/patches/CVE-2023-34968-*.patch
- CVE-2023-34968
-- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:00:26 -0400
-
samba (2:4.16.8+dfsg-0ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
- debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
issue.
- debian/libldb2.symbols: added new symbols.
- debian/python3-ldb.symbols.in: added new symbols.
- CVE-2023-0614
* SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
- debian/patches/CVE-2023-0922.patch: set default ldap client sasl
wrapping to seal.
- CVE-2023-0922
-- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 07:55:26 -0400
-
samba (2:4.16.8+dfsg-0ubuntu1) kinetic-security; urgency=medium
* Updated to upstream 4.16.8 to fix multiple security issues.
- debian/patches/fix-samba-tool-domain-join-segfault.patch: removed,
included in new version.
- CVE-2021-20251
- CVE-2022-3437
- CVE-2022-37966
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-42898
-- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 09:07:59 -0500
-
samba (2:4.16.4+dfsg-2ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
-- Andreas Hasenack <email address hidden> Tue, 02 Aug 2022 09:30:05 -0300
-
samba (2:4.16.3+dfsg-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1982116). Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
* Dropped:
- Update nfs scripts for new nfs.conf config (LP: #1961840):
+ d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*
[In 2:4.16.3+dfsg-1]
+ d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
used by the example enable-nfs.sh example script
[In 2:4.16.3+dfsg-1]
+ d/ctdb.example/nfs-kernel-server/quota: quota config file to be
used by the example enable-nfs.sh script
[In 2:4.16.3+dfsg-1]
+ d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
obsolete, replaced by nfs.conf
[In 2:4.16.3+dfsg-1]
+ d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
nfs.conf and other changes in the new nfs server packages
[In 2:4.16.3+dfsg-1]
- Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP #1977491)
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
[Fixed upstream]
- Build dlz module for bind 9.18.x (LP #1964032)
+ d/p/add-support-for-bind-918.patch: build a dlz module for
bind 9.18.x
+ d/p/add-support-for-bind-918-2.patch: also update the
provisioning tool and template config file
[Fixed upstream]
-- Andreas Hasenack <email address hidden> Fri, 29 Jul 2022 17:09:27 -0300
-
samba (2:4.16.2+dfsg-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- Update nfs scripts for new nfs.conf config (LP #1961840):
+ d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*
+ d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
used by the example enable-nfs.sh example script
+ d/ctdb.example/nfs-kernel-server/quota: quota config file to be
used by the example enable-nfs.sh script
+ d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
obsolete, replaced by nfs.conf
+ d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
nfs.conf and other changes in the new nfs server packages
- Build dlz module for bind 9.18.x (LP #1964032)
+ d/p/add-support-for-bind-918.patch: build a dlz module for
bind 9.18.x
+ d/p/add-support-for-bind-918-2.patch: also update the
provisioning tool and template config file
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
- Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP #1977491)
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
+ d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Andreas Hasenack <email address hidden> Mon, 27 Jun 2022 18:32:00 -0300
-
samba (2:4.16.1+dfsg-8ubuntu2) kinetic; urgency=medium
* Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP: #1977491)
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Sergio Durigan Junior <email address hidden> Mon, 20 Jun 2022 19:09:25 -0400
-
samba (2:4.16.1+dfsg-8ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971256, LP: #1846947). Remaining
changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- d/control: enable the liburing vfs module, except on i386 where
liburing is not available
- d/t/{cifs-share-access-uring,smbclient-share-access-uring}:
Skip running the tests if on i386 platform, because the uring
package is not available there.
- d/t/util: fix setting the password of the smb test user
(LP #1955851)
- Update nfs scripts for new nfs.conf config (LP #1961840):
+ d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*
+ d/ctdb.example/nfs-kernel-server/nfs.conf: /etc/nfs.conf to be
used by the example enable-nfs.sh example script
+ d/ctdb.example/nfs-kernel-server/ctdb.example.quota: quota
config file to be used by the example enable-nfs.sh script
+ d/ctdb.example/nfs-kernel-server/nfs-{common,kernel-server}:
obsolete, replaced by nfs.conf
+ d/ctdb.example/nfs-kernel-server/enable-nfs.sh: handle new
nfs.conf and other changes in the new nfs server packages
- Build dlz module for bind 9.18.x (LP #1964032)
+ d/p/add-support-for-bind-918.patch: build a dlz module for
bind 9.18.x
+ d/p/add-support-for-bind-918-2.patch: also update the
provisioning tool and template config file
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
* Dropped:
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
[superfluous, the version in the archive is recent enough]
- d/samba.postinst: do not populate sambashare from the Ubuntu admin group (LP 1942195)
[Included in 2:4.13.13+dfsg-1]
- d/control: bump required build-depends
[Included in Debian]
- d/samba-libs.install: update list of installed libraries and
modules/plugins
[Done in Debian]
- debian/patches/CVE-2021-20254.patch: removed, applied upstream
[Applied upstream, Debian didn't have this patch]
- d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
[Applied usptream, Debian did not have it]
- d/{gpb.conf,watch,README.source}: update for 4.15
[Debian updated it for 4.16]
- d/rules: remove --with-dnsupdate, it was merged with
--with-ads in samba 4.15.0
[Included in 2:4.16.0+dfsg-1]
- d/rules: drop removal of ctdb tests, they are no longer installed
[Included in 2:4.16.0+dfsg-1]
- Remove findsmb, no longer installed:
+ d/smbclient.install: remove findsmb
+ d/rules: drop fixing of findsmb shebang
[Included in 2:4.16.0+dfsg-1]
- d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
no longer installed
[Included in 2:4.16.0+dfsg-1]
- d/ctdb.install: add tdb_mutex_check
[Included in 2:4.16.0+dfsg-1]
- d/winbind.install: add async_dns_krb5_locator
[Included in 2:4.16.0+dfsg-1]
- d/samba.install: install samba-bgqd and its manpage
[Included in 2:4.16.0+dfsg-1]
- d/{libsmbclient,libwbclient0}.symbols: symbols updates
[Obsolete, these were for 4.15.5]
- d/rules: drop dh_perl override, unneeded
[Included in 2:4.16.0+dfsg-1]
- d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
Windows 2021-10 Monthly Rollup patch (LP #1951490)
[Included upstream in 4.16.0rc2]
- d/rules: install the new/changed ctdb example nfs files
[Installed via ctdb.examples]
* Added:
- rename ctdb example files nfs.conf and quota, to match what the
enable-nfs.sh script expects
- enable-nfs.sh ctdb example: use debian's filename for the
static port sysctl configuration
- enable-nfs.sh: in ctdb 4.16, the "recovery lock" config option was
renamed to "cluster lock"
-- Andreas Hasenack <email address hidden> Wed, 08 Jun 2022 11:02:29 -0300
-
samba (2:4.15.5~dfsg-0ubuntu6) kinetic; urgency=medium
* No-change rebuild against libicu71
-- Steve Langasek <email address hidden> Sat, 30 Apr 2022 02:14:39 +0000
-
samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
* Enable glusterfs support (LP: #1894618):
- d/control: revert disabling of glusterfs, since it's in main now
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
-- Andreas Hasenack <email address hidden> Wed, 09 Mar 2022 17:31:25 -0300