-
samba (2:4.1.11+dfsg-1ubuntu2.2) utopic-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability in smbd daemon
- debian/patches/CVE-2015-0240.patch: don't call talloc_free on an
uninitialized pointer and don't dereference a NULL pointer in
source3/rpc_server/netlogon/srv_netlog_nt.c.
- CVE-2015-0240
-- Marc Deslauriers <email address hidden> Mon, 23 Feb 2015 09:07:06 -0500
-
samba (2:4.1.11+dfsg-1ubuntu2.1) utopic-security; urgency=medium
* SECURITY UPDATE: elevation of privilege to AD Domain Controller
- debian/patches/CVE-2014-8143.patch: check for extended access rights
before allowing changes to userAccountControl in
librpc/idl/security.idl, source4/auth/session.c,
source4/dsdb/common/util.c, source4/dsdb/pydsdb.c,
source4/dsdb/samdb/ldb_modules/samldb.c, source4/dsdb/samdb/samdb.h,
source4/rpc_server/lsa/dcesrv_lsa.c,
source4/setup/schema_samba4.ldif.
- CVE-2014-8143
-- Marc Deslauriers <email address hidden> Wed, 21 Jan 2015 09:25:29 -0500
-
samba (2:4.1.11+dfsg-1ubuntu2) utopic; urgency=medium
* d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)
-- Serge Hallyn <email address hidden> Thu, 11 Sep 2014 11:53:36 -0500
-
samba (2:4.1.11+dfsg-1ubuntu1) utopic; urgency=medium
* Merge from Debian unstable. Remaining changes:
+ debian/VERSION.patch: Update vendor string to "Ubuntu".
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
+ Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
first dummy transitional package version.
+ debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
* In logrotate, use service command to reload (send SIGHUP) the main
processes such that it works under both upstart and systemd.
* Drop CVE patches, applied upstream.
* Drop patches absent from series: readline-ftbfs.patch,
krb5_kt_start_seq.diff, config-bind99.patch
* Drop debian/source/include-binaries, pyc files are correctly cleaned up
samba (2:4.1.11+dfsg-1) unstable; urgency=high
* New upstream release. Fixes:
+ CVE-2014-3560: Remote code execution in nmbd. Closes: #756759
samba (2:4.1.9+dfsg-2) unstable; urgency=medium
[ Jelmer Vernooij ]
* Depend on libgnutls28-dev rather than libgnutls-dev. Closes: #753146
* Remove outdated-autotools-helper-file overrides for config.guess and
config.sub; files are no longer present upstream.
* Add branch to Vcs-Git header.
* samba.smbd.upstart: Remove leftover code for RUN_MODE=inetd, which
was already removed elsewhere.
* Move dsdb-module library from samba-dsdb-modules to samba-libs, to
prevent circular dependencies between samba-dsdb-modules and samba-
libs. This is necessary since dsdb-module is now used by the dcerpc-
server library.
[ Debconf translations ]
* New Brazilian Portugese translation from Adriano Rafael Gomes.
Closes: #752719
samba (2:4.1.9+dfsg-1) unstable; urgency=high
* New upstream security release. Fixes:
- CVE-2014-0244: nmbd denial of service
- CVE-2014-3493: smbd denial of service: server crash/memory corruption
-- Dimitri John Ledkov <email address hidden> Sat, 09 Aug 2014 21:26:23 +0100
-
samba (2:4.1.8+dfsg-1ubuntu3) utopic; urgency=medium
* SECURITY UPDATE: remote code execution on unauthenticated nmbd
- debian/patches/CVE-2014-3560.patch: fix unstrcpy in
lib/util/string_wrappers.h.
- CVE-2014-3560
-- Marc Deslauriers <email address hidden> Fri, 01 Aug 2014 17:54:54 -0400
-
samba (2:4.1.8+dfsg-1ubuntu2) utopic; urgency=medium
* SECURITY UPDATE: denial of service on nmbd malformed packet
- debian/patches/CVE-2014-0244.patch: return on EWOULDBLOCK/EAGAIN in
source3/lib/system.c.
- CVE-2014-0244
* SECURITY UPDATE: denial of service via bad unicode conversion
- debian/patches/CVE-2014-3493.patch: refactor code in
source3/lib/charcnv.c, change return code checks in
source3/libsmb/clirap.c, source3/smbd/lanman.c.
- CVE-2014-3493
-- Marc Deslauriers <email address hidden> Mon, 23 Jun 2014 14:10:12 -0400
-
samba (2:4.1.8+dfsg-1ubuntu1) utopic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/VERSION.patch: Update vendor string to "Ubuntu".
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ debian/control:
- Don't build against or suggest ctdb and tdb.
+ debian/rules:
- Drop explicit configuration options for ctdb and tdb.
+ Add ufw integration:
- Created debian/samba.ufw.profile:
- debian/rules, debian/samba.install: install profile
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ debian/samba.logrotate: call upstart interfaces unconditionally instead
of hacking arround with pid files.
+ Set sbmclients conflicts with samba4-clients less than 4.0.3+dfsg1-0.1ubuntu4,
first dummy transitional package version.
+ Dropped patches:
- debian/patches/CVE-2013-4496.patch: Dropped no longer needed
- debian/patches/CVE-2013-6442.patch: Dropped no longer needed.
- debian/patches/readline-ftbfs.patch: Use the debian version.
+ debian/samba-common.dirs: Move /var/lib/samba/private from samba.dirs.
(LP: #1268180)
samba (2:4.1.8+dfsg-1) unstable; urgency=medium
[ Jelmer Vernooij ]
* Remove smbd and nmbd from required-start and required-stop in
samba.init. Closes: #739887
[ Ivo De Decker ]
* Remove workaround for #745233.
* New upstream release. Fixes:
- CVE-2014-0239: dns: Don't reply to replies. Closes: #749845
- CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response.
* Use the upstream version of the smb.conf.5 manpage, instead of building
it. This is an ugly temporary workaround because xsltproc crashes on some
architectures when building this manpage (due to #750593).
This fixes the FTBFS, and should make samba installable with the new ldb
version. Closes: #750541, 750796
samba (2:4.1.7+dfsg-2) unstable; urgency=medium
* Build-depend on heimdal-dev instead of libkrb5-dev.
* Add versioned build-dep on libgmp10 for now, which should be pulled in by
libhogweed2, to be able to build in outdated build environments (like on
most buildds). This is a workaround for #745233.
samba (2:4.1.7+dfsg-1) unstable; urgency=medium
* New upstream release.
* Remove readline63.patch, integrated upstream.
* Add build-dep on libkrb5-dev, no longer pulled in by libcups2-dev.
* Don't try to delete Parse/Yapp/Driver.pm, which is no longer installed.
-- Chuck Short <email address hidden> Wed, 18 Jun 2014 10:50:25 -0400
-
samba (2:4.1.6+dfsg-1ubuntu6) utopic; urgency=medium
* Set the stack size to unlimited during the build to avoid a SIGBUS in
xsltproc on some architectures.
-- Colin Watson <email address hidden> Mon, 02 Jun 2014 23:18:40 +0100
-
samba (2:4.1.6+dfsg-1ubuntu5) utopic; urgency=medium
* Backport from unstable (Ivo De Decker):
- Build-depend on heimdal-dev.
-- Colin Watson <email address hidden> Mon, 02 Jun 2014 15:39:54 +0100
-
samba (2:4.1.6+dfsg-1ubuntu4) utopic; urgency=high
* No change rebuild against new dh_installinit, to call update-rc.d at
postinst.
-- Dimitri John Ledkov <email address hidden> Wed, 28 May 2014 10:41:32 +0100
-
samba (2:4.1.6+dfsg-1ubuntu3) utopic; urgency=medium
* cherrypick upstream patch 1310919 to fix pam_winbind regression
(LP: #1310919)
-- Serge Hallyn <email address hidden> Tue, 29 Apr 2014 16:05:44 -0500
-
samba (2:4.1.6+dfsg-1ubuntu2) trusty; urgency=medium
* Fix a grammatical error in smb.conf that showed up in a ucf prompt on
upgrade.
-- Steve Langasek <email address hidden> Thu, 03 Apr 2014 19:08:03 -0700
