-
samba (2:3.6.25-0ubuntu0.12.04.21) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Empty UDP packet DoS in Samba AD DC nbtd
- debian/patches/CVE-2020-14303.patch: fix busy loop on empty UDP
packet in libcli/nbt/nbtsocket.c.
- CVE-2020-14303
-- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Aug 2020 10:58:41 -0300
-
samba (2:3.6.25-0ubuntu0.12.04.10) precise-security; urgency=medium
* SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
- debian/patches/bug12721-*.patch: add backported fixes from Samba bug
#12721.
* debian/patches/*: fix CVE number in patch filenames.
-- Marc Deslauriers <email address hidden> Tue, 28 Mar 2017 09:43:30 -0400
-
samba (2:3.6.25-0ubuntu0.12.04.9) precise-security; urgency=medium
* SECURITY UPDATE: Symlink race allows access outside share definition
- debian/patches/CVE-2017-2619-*.patch: security fix and prerequisite
patches from upstream.
- CVE-2017-2619
-- Marc Deslauriers <email address hidden> Tue, 21 Mar 2017 08:06:46 -0400
-
samba (2:3.6.25-0ubuntu0.12.04.5) precise-security; urgency=medium
* SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
- debian/patches/CVE-2016-2125-v3.6.patch: don't use GSS_C_DELEG_FLAG in
source3/librpc/crypto/gse.c and source3/libsmb/clifsinfo.c.
- CVE-2016-2125
-- Steve Beattie <email address hidden> Tue, 13 Dec 2016 11:00:51 -0800
-
samba (2:3.6.25-0ubuntu0.12.04.4) precise-security; urgency=medium
* SECURITY REGRESSION: compatibility with NetAPP SAN (LP: #1576109)
- debian/patches/fix_netapp.patch: don't require NTLMSSP_SIGN for smb
connections in source3/libsmb/ntlmssp.c.
* SECURITY REGRESSION: compatibility with 3.6 servers (LP: #1574403)
- debian/patches/relax_client_ipc_signing.patch: relax the
"client ipc signing" parameter to "auto" so a 3.6 client can still
connect to a 3.6 server. Administrators in environments that
exclusively connect to more recent servers might want to manually
configure this back to "mandatory".
-- Marc Deslauriers <email address hidden> Thu, 12 May 2016 11:51:56 -0400
-
samba (2:3.6.25-0ubuntu0.12.04.3) precise-security; urgency=medium
* SECURITY REGRESSION: Add additional backported commits to fix
regressions in the previous security updates. (LP: #1577739)
- debian/patches/security_trailer_regression.patch: fix a regression
verifying the security trailer in source3/rpc_server/srv_pipe.c.
- debian/patches/bug9669_regression.patch: fix a crash when running
net rpc join against an older Samba PDC in
source3/rpc_client/cli_pipe.c.
- debian/patches/netlogon_credentials_regression.patch: fix updating
netlogon credentials in source3/rpc_client/cli_pipe.c.
- Thanks to Andreas Schneider for the additional backports to
Samba 3.6!
-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 12:51:09 -0400
-
samba (2:3.6.25-0ubuntu0.12.04.2) precise-security; urgency=medium
* SECURITY UPDATE: fix multiple security issues
- debian/patches/CVE-preparation-v3-6.patch: code changes required
for security patches.
- debian/patches/CVE-2016-2110-v3-6.patch: Man in the middle attacks
possible with NTLMSSP.
- debian/patches/CVE-2016-2111-v3-6.patch: NETLOGON Spoofing
Vulnerability.
- debian/patches/CVE-2016-2112-v3-6.patch: The LDAP client and server
don't enforce integrity protection.
- debian/patches/CVE-2016-2115-v3-6.patch: SMB client connections for
IPC traffic are not integrity protected.
- debian/patches/CVE-2016-2118-v3-6.patch: SAMR and LSA man in the
middle attacks possible.
- debian/patches/CVE-2015-5370-v3-6.patch: Multiple errors in DCE-RPC
code
- Thanks to Andreas Schneider, Ralph Böhme, Stefan Metzmacher,
Günther Deschner and Aurélien Aptel for the patch backports to
Samba 3.6!
* Updated to upstream 3.6.25
- Removed upstreamed patches: initialize_password_db-null-deref,
fix-samba.ldip-syntax.patch, CVE-2012-1182-1.patch,
CVE-2012-1182-2.patch, CVE-2012-2111.patch,
lp_970679_fix-large-groups.patch,
net-rpc-share-allowedusers-with-2008r2.patch,
lp_967410_fix-cups-printer-not-added-to-registry.patch,
lp_1016895_setgroups_3.5.patch, winbind-kerberos-refresh.patch,
CVE-2013-0454.patch,
lp_1003296_fix-login-with-expiring-user-passwords.patch,
CVE-2013-4124.patch, CVE-2013-4475.patch, CVE-2012-6150.patch,
CVE-2013-4408.patch, CVE-2013-4496.patch, CVE-2014-0244.patch,
CVE-2014-3493.patch, CVE-2015-0240.patch,
security-CVE-2013-0213.patch, security-CVE-2013-0214.patch.
- debian/rules: don't build external libtevent
- debian/rules: add idl_full to dh_auto_build
-- Marc Deslauriers <email address hidden> Tue, 12 Apr 2016 07:21:15 -0400
-
samba (2:3.6.3-2ubuntu2.17) precise-security; urgency=medium
* SECURITY UPDATE: incorrect ACL get/set allowed on symlink path
- debian/patches/CVE-2015-7560.patch: properly handle symlinks in
source3/smbd/nttrans.c, source3/smbd/trans2.c.
- CVE-2015-7560
* SECURITY UPDATE: clickjacking vulnerability in SWAT
- debian/patches/security-CVE-2013-0213.patch: use X-Frame-Options
header in source3/web/swat.c.
- CVE-2013-0213
* SECURITY UPDATE: CSRF vulnerability in SWAT
- debian/patches/security-CVE-2013-0214.patch: use additional nonce on
XSRF protection in source3/web/cgi.c, source3/web/swat.c,
source3/web/swat_proto.h.
- CVE-2013-0214
-- Marc Deslauriers <email address hidden> Mon, 07 Mar 2016 07:13:51 -0500
-
samba (2:3.6.3-2ubuntu2.14) precise-security; urgency=medium
* Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
(LP: #1545750)
-- Dariusz Gadomski <email address hidden> Mon, 15 Feb 2016 15:43:57 +0100
-
samba (2:3.6.3-2ubuntu2.13) precise-security; urgency=medium
* SECURITY UPDATE: file-access restrictions bypass via symlink
- debian/patches/CVE-2015-5252.patch: validate matching component in
source3/smbd/vfs.c.
- CVE-2015-5252
* SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
downgrade
- debian/patches/CVE-2015-5296.patch: force signing in
source3/libsmb/clidfs.c, source3/libsmb/libsmb_server.c.
- CVE-2015-5296
* SECURITY UPDATE: snapshot access via shadow copy directory
- debian/patches/CVE-2015-5299.patch: fix missing access checks in
source3/modules/vfs_shadow_copy2.c.
- CVE-2015-5299
* SECURITY UPDATE: information leak via incorrect string length handling
- debian/patches/CVE-2015-5330.patch: fix string length handling in
lib/util/charset/charset.h, lib/util/charset/codepoints.c,
lib/util/charset/util_unistr.c, source3/lib/util_str.c.
- CVE-2015-5330
-- Marc Deslauriers <email address hidden> Mon, 04 Jan 2016 14:50:47 -0500
-
samba (2:3.6.3-2ubuntu2.12) precise-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability in smbd daemon
- debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
uninitialized pointer and don't dereference a NULL pointer in
source3/rpc_server/netlogon/srv_netlog_nt.c, initialize creds_out in
libcli/auth/schannel_state_tdb.c.
- CVE-2015-0240
-- Marc Deslauriers <email address hidden> Mon, 23 Feb 2015 10:29:50 -0500
-
samba (2:3.6.3-2ubuntu2.11) precise-security; urgency=medium
* SECURITY UPDATE: denial of service on nmbd malformed packet
- debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
source3/lib/system.c.
- CVE-2014-0244
* SECURITY UPDATE: denial of service via bad unicode conversion
- debian/patches/CVE-2014-3493.patch: refactor code in
source3/lib/charcnv.c, change return code checks in
source3/libsmb/clirap.c, source3/smbd/lanman.c.
- CVE-2014-3493
-- Marc Deslauriers <email address hidden> Mon, 23 Jun 2014 15:02:25 -0400
-
samba (2:3.6.3-2ubuntu2.10) precise-security; urgency=medium
* SECURITY UPDATE: Password lockout not enforced for SAMR password
changes
- debian/patches/CVE-2013-4496.patch: refactor password lockout code in
source3/auth/check_samsec.c,
source3/rpc_server/samr/srv_samr_chgpasswd.c,
source3/rpc_server/samr/srv_samr_nt.c,
source3/smbd/lanman.c,
source4/rpc_server/samr/samr_password.c,
source4/torture/rpc/samr.c.
- CVE-2013-4496
-- Marc Deslauriers <email address hidden> Mon, 17 Mar 2014 08:54:32 -0400
-
samba (2:3.6.3-2ubuntu2.9) precise-security; urgency=low
* SECURITY UPDATE: file restrictions bypass via alternate data streams
- debian/patches/CVE-2013-4475.patch: properly check base file access
in source3/smbd/open.c.
- CVE-2013-4475
* SECURITY UPDATE: pam_winbind access restriction bypass via invalid
group names
- debian/patches/CVE-2012-6150.patch: ensure valid groups in
nsswitch/pam_winbind.c.
- CVE-2012-6150
* SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
fragment length field checking
- debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
lib/async_req/async_sock.c, libcli/util/tstream.c,
librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
source3/librpc/rpc/dcerpc_helpers.c,
source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
source3/rpc_server/netlogon/srv_netlog_nt.c,
source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
source4/winbind/wb_async_helpers.c.
- CVE-2013-4408
-- Marc Deslauriers <email address hidden> Mon, 09 Dec 2013 11:07:25 -0500
-
samba (2:3.6.3-2ubuntu2.8) precise-security; urgency=low
* SECURITY UPDATE: denial of service via integer wrap in EA list reading
- debian/patches/CVE-2013-4124.patch: check offsets in
source3/smbd/nttrans.c.
- CVE-2013-4124
-- Marc Deslauriers <email address hidden> Mon, 23 Sep 2013 15:03:56 -0400
-
samba (2:3.6.3-2ubuntu2.7) precise-proposed; urgency=low
* Fix login with expiring user passwords (LP: #1003296)
- Fixed in Samba 3.6.9 (Samba bug: 9013)
-- Bryan Quigley <email address hidden> Wed, 10 Jul 2013 12:25:17 -0400
-
samba (2:3.6.3-2ubuntu2.6) precise-security; urgency=low
* SECURITY UPDATE: incorrect privileges in SMB2 shares
- debian/patches/CVE-2013-0454.patch: fix incorrect assignment instead
of check in source3/smbd/conn.c.
- CVE-2013-0454
-- Marc Deslauriers <email address hidden> Tue, 16 Apr 2013 08:49:26 -0400
-
samba (2:3.6.3-2ubuntu2.5) precise; urgency=low
* d/patches/winbind-kerberos-refresh.patch: correctly cache credentials for
automatic Kerberos ticket renewal (LP: #1037055).
-- Robie Basak <email address hidden> Wed, 20 Mar 2013 07:48:57 +0000
-
samba (2:3.6.3-2ubuntu2.4) precise; urgency=low
[ Olly Betts ]
* Change "net share allowedusers" to use RPC call that works with
Microsoft Windows 2008 r2. (LP: #1061244)
[ Louis Bouchard ]
* Fix issue with Windows XP / 7 (LP: #967410) where a USB
connected printer shared on Ubuntu cannot be added to Windows
using the "Find a printer in the directory" functionalty.
[ Adam Conrad ]
* Cherrypick patch from upstream to resolve a SIGABRT when passing
setgroups a -1 gid, fixing samba with 3.5 kernels (LP: #1016895)
-- Adam Conrad <email address hidden> Tue, 19 Feb 2013 22:22:12 -0700
-
samba (2:3.6.3-2ubuntu2.3) precise-proposed; urgency=low
* d/samba.nmbd.upstart: Ignore the return code of testparm in pre-start;
it's used to query the configuration NOT to validate it in this context
which generates alot of bug reports for unrelated configuration issues
(LP: #791944).
-- James Page <email address hidden> Fri, 08 Jun 2012 14:31:57 +0100
-
samba (2:3.6.3-2ubuntu2.2) precise-proposed; urgency=low
* Fix issue with winbind crashing when trying to access groups containing
more than 1000 members (LP: #970679):
- d/patches/lp_970679_fix-large-groups.patch: Cherry picked patch from
upstream VCS which ensures that large hunk handling in winbind works
with talloc preventing crashes.
* d/samba.install: Restore missing ufw profile (LP: #999764).
* d/samba-common-bin.install: Restore missing apport hook (LP: #999764).
-- James Page <email address hidden> Wed, 16 May 2012 13:10:02 +0100
-
samba (2:3.6.3-2ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
and directories
- debian/patches/CVE-2012-2111.patch: Remove excessive permissions granted
in account related Local Security Authority remote procedure calls.
Based on upstream patch.
- CVE-2012-2111
-- Tyler Hicks <email address hidden> Tue, 24 Apr 2012 15:49:30 -0500
-
samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code
that uses the same value for array allocation and array length checks.
Based on upstream patch.
- debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files
with the patched PIDL compiler
- CVE-2012-1182
-- Tyler Hicks <email address hidden> Thu, 12 Apr 2012 05:28:44 -0500
-
samba (2:3.6.3-2ubuntu1) precise; urgency=low
* Merge from Debian testing. (LP: #958534)
Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/patches/error-trans.fix-276472:
- Add the translation of Unix Error code -ENOTSUP to NT Error Code
- NT_STATUS_NOT_SUPPORTED to prevent the Permission denied error.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/control:
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
+ debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
- Make them upstart compatible
+ debian/patches/fix-debuglevel-name-conflict.patch: don't use 'debug_level'
as a global variable name in an NSS module.
samba (2:3.6.3-2) unstable; urgency=low
[ Christian Perrier ]
* Fix example samba.ldif syntax. Closes: #659963
* Set minimal version of tdb ot 1.2.6 in Build-Depends
(thanks, backports!)
* Lower priority of debconf question to medium after some pondering.
After all, we have a sane default. Closes: #662801
* Merge some Ubuntu patches:
- samba.config: Avoid scary pdbedit warnings on first import.
- samba.postinst: Add more informative error message for the case
where smb.conf was manually deleted.
[ Maarten Bezemer ]
* Removed references to the testprns command from documentation
* Added notes that the smbsh command is not available in this package
Closes: #662243
[ Debconf translations ]
* Indonesian (Arief S Fitrianto). Closes: #660312
* Slovak (Ivan Masár). Closes: #661125
[ Steve Langasek ]
* Use Debian copyright-format 1.0 in debian/copyright.
-- Maarten Bezemer <email address hidden> Sun, 18 Mar 2012 13:49:29 +0100
-
samba (2:3.6.3-1ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/patches/error-trans.fix-276472:
- Add the translation of Unix Error code -ENOTSUP to NT Error Code
- NT_STATUS_NOT_SUPPORTED to prevent the Permission denied error.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/control:
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
+ debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
- Make them upstart compatible
+ debian/samba.postinst:
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/patches/fix-debuglevel-name-conflict.patch: don't use 'debug_level'
as a global variable name in an NSS module.
* Dropped:
- debian/patches/fix-samba-printer-browsing.patch: No longer needed.
samba (2:3.6.3-1) unstable; urgency=low
[ Christian Perrier ]
* New upstream release
* Fixes CVE-2012-0817:
The Samba File Serving daemon (smbd) in Samba versions
3.6.0 to 3.6.2 is affected by a memory leak that can
cause a server denial of service.
[ Debconf translations ]
* Polish (Michał Kułach). Closes: #657770
samba (2:3.6.2-1) unstable; urgency=low
* New upstream release
* Drop bug_601406_fix-perl-path-in-example.patch (applied upstream)
-- Chuck Short <email address hidden> Tue, 21 Feb 2012 09:06:34 -0500
-
samba (2:3.6.1-3ubuntu3) precise; urgency=low
* debian/patches/fix-samba-printer-browsing.patch:
Fix samba printer browsing crasher. (LP: #911888)
-- Chuck Short <email address hidden> Mon, 23 Jan 2012 10:47:41 -0500
-
samba (2:3.6.1-3ubuntu2) precise; urgency=low
* Add missing Multi-Arch: foreign flag on samba-common.
* Drop unnecessary delta on debian/samba.dirs.
-- Steve Langasek <email address hidden> Tue, 03 Jan 2012 05:14:18 +0000
-
samba (2:3.6.1-3ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/patches/error-trans.fix-276472:
- Add the translation of Unix Error code -ENOTSUP to NT Error Code
- NT_STATUS_NOT_SUPPORTED to prevent the Permission denied error.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/control:
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
+ debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
- Make them upstart compatible
+ debian/samba.postinst:
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/patches/fix-debuglevel-name-conflict.patch: don't use 'debug_level'
as a global variable name in an NSS module
+ Dropped:
- debian/patches/error-trans.fix-276472
- debian/patches/fix-debuglevel-name-conflict.patch
-- Chuck Short <email address hidden> Wed, 21 Dec 2011 13:18:04 +0000
-
samba (2:3.5.11~dfsg-4ubuntu4) precise; urgency=low
* fix LP: #907227 - Bump build dependency on libkrb5-dev to (>= 1.10+dfsg~) to
make sure we're not getting any private symbols
(see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650541)
- update debian/changelog
* Mark Debian Vcs-* entries as XS-Debian-Vcs-*
- update debian/control
-- Micah Gersten <email address hidden> Wed, 21 Dec 2011 03:45:34 -0600
-
samba (2:3.5.11~dfsg-4ubuntu3) precise; urgency=low
* Rebuild with dpkg 1.16.1.1ubuntu2 to restore full hardening support.
-- Colin Watson <email address hidden> Tue, 01 Nov 2011 17:19:39 -0400
-
samba (2:3.5.11~dfsg-4ubuntu2) precise; urgency=low
* debian/samba.if-up: fix an overlooked syntax error in the hook.
LP: #881579.
-- Steve Langasek <email address hidden> Thu, 27 Oct 2011 21:45:32 +0000
-
samba (2:3.5.11~dfsg-4ubuntu1) precise; urgency=low
* Merge from Debian unstable, remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/patches/error-trans.fix-276472:
- Add the translation of Unix Error code -ENOTSUP to NT Error Code
- NT_STATUS_NOT_SUPPORTED to prevent the Permission denied error.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/control:
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
+ debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
- Make them upstart compatible
+ debian/samba.postinst:
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/patches/fix-debuglevel-name-conflict.patch: don't use 'debug_level'
as a global variable name in an NSS module
* Dropped changes, included in Debian:
+ debian/rules:
- Add BIND_NOW to maximize benefit of RELRO hardening.
* Mark samba-common Multi-Arch: foreign.
samba (2:3.5.11~dfsg-4) unstable; urgency=low
* Lintian override for libpam-winbind; it's not a shared library so doesn't
really need the pre-depends on multiarch-support.
* export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow, taken from Ubuntu.
samba (2:3.5.11~dfsg-3) unstable; urgency=low
* Split winbind into separate packages, winbind and libpam-winbind,
with the latter marked Multi-Arch: same and the former marked
Multi-Arch: foreign, so that we can install multiple copies of the
pam module and nss modules on the same system.
-- Steve Langasek <email address hidden> Thu, 27 Oct 2011 18:15:44 +0000
-
samba (2:3.5.11~dfsg-2ubuntu3) precise; urgency=low
* Cherry-pick winbind multiarch support from Debian svn.
-- Steve Langasek <email address hidden> Fri, 21 Oct 2011 23:02:15 +0000
-
samba (2:3.5.11~dfsg-2ubuntu2) precise; urgency=low
* Drop the added Breaks on cups, since it's a breaks against a specific
version of cups from the long-gone maverick devel cycle.
* Add tdb-tools Recommends, somehow dropped in a merge; trivial package
size and already in main, so doesn't look like there's a reason to
diverge.
* Drop conflicts on likewise-open, only relevant for upgrades from hardy.
* Use the new 'DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow' method of
requesting bindnow.
* Drop unnecessary change to debian/samba-common.dhcp.
* Stop removing /etc/network/if-up.d/samba in the samba preinst, the
package is just going to add it right back since we still ship it.
* Improvements to debian/samba.if-up:
- revert wrong fix for bug #659499; there's no way the error message
could have come from this version of the script, we aren't
invoking /etc/init.d/samba.
- use invoke-rc.d to start nmbd, so that we don't start it out in case
there's (somehow) a policy against it in place
- dump stderr from the 'status' command, which we don't care about
- if 'invoke-rc.d nmbd start' fails, return the error instead of silently
suppressing it.
* Use 'reload' instead of looking at PID files in debian/samba.logrotate.
-- Steve Langasek <email address hidden> Fri, 21 Oct 2011 22:50:05 +0000
-
samba (2:3.5.11~dfsg-2ubuntu1) precise; urgency=low
* Merge from debian testing. Remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/patches/error-trans.fix-276472:
- Add the translation of Unix Error code -ENOTSUP to NT Error Code
- NT_STATUS_NOT_SUPPORTED to prevent the Permission denied error.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated
ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksmbpasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
- Add cups breaks to push the package to also upgrade cups (LP: #639768)
+ debian/rules:
- enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
profile
- debian/control: have samba suggest ufw
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
+ Switch to upstart:
- Add debian/samba.{nmbd,smbd}.upstart.
- Don't ship the /etc/network/if-up.d file.
+ debian/samba.postinst:
- Fixed bashism.
- Avoid scary pdbedit warnings on first import.
+ debian/samba-common.postinst: Add more informative error message for
the case where smb.conf was manually deleted
+ debian/samba.logrotate: Make it upstart compatible
+ debian/samba-common.dhcp: Fix typo to get a proper parsing in
/etc/samba/dhcp.
+ debian/patches/fix-debuglevel-name-conflict.patch: Re-add patch that
got dropped.
samba (2:3.5.11~dfsg-2) unstable; urgency=low
* Don't export DEB_HOST_ARCH_OS in debian/rules, this is only used locally.
* Use dh_links instead of manually creating directories and symlinks from
debian/rules.
* Switch from dh_movefiles to dh_install and adjust for debhelper compat
level 7, in preparation for moving to dh(1).
* Where possible, use dh_installman and dh_install's support for target
directories instead of moving files around in debian/rules.
* We don't need to mess with perms on usr/include/libsmbclient.h anymore
in debian/rules, the upstream install target gets it right
* Use debian/clean instead of removing left-behind files by hand in the
clean target
* Convert debian/rules to dh(1).
* Don't run debconf-updatepo on clean; not worth the divergence in
debian/rules anymore :)
* Don't install debian/README.build in the package; this is really only
relevant in the source.
* Bump to debhelper compat level 9 and build libraries for multiarch.
* Drop Makefile.internal from libsmbclient-dev examples so that we can mark
libsmbclient-dev Multi-Arch: same.
* Bump build-depends on debhelper to 8.9.4, so we ensure we have
dpkg-buildflags by default and get full build hardening enabled out of
the box - critical for a server like samba.
* Use DH_ALWAYS_EXCLUDE instead of passing override options to
dh_installexamples.
* Pass --sourcedirectory=source3 to dh instead of having to pass it to each
dh_auto_* command.
* Ironically, this means that we have to manually disable dh_auto_test,
which now finds the makefile targets but doesn't work unless we build an
extra wrapper library into our binaries that we don't want.
* Drop a few configure options from debian/rules that shadow the built-in
defaults.
* debian/libsmbclient.lintian-overrides: yes, we know the package name
doesn't match the soname - and it never should until there's an ABI
change.
-- Chuck Short <email address hidden> Tue, 18 Oct 2011 05:34:47 +0000
-
samba (2:3.5.11~dfsg-1ubuntu2) oneiric; urgency=low
* debian/patches/fix-debuglevel-name-conflict.patch:
Re-add patch that was mistakenly dropped. (LP: #529714)
-- Chuck Short <email address hidden> Fri, 30 Sep 2011 13:08:34 -0400
