Please merge with Debian 2:4.6.5+dfsg-8 or later
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
Low
|
Andreas Hasenack |
Bug Description
samba (2:4.6.5+dfsg-8) unstable; urgency=medium
* Remove dependency on update-inetd, not used anymore
* vfs_ceph and vfs_glusterfs are linux only (d/rules part)
* Remove build-dependency on faketime, not used anymore
-- Mathieu Parent Sun, 23 Jul 2017 19:56:07 +0200
samba (2:4.6.5+dfsg-7) unstable; urgency=medium
* xfslibs-dev is only available on linux
* Fix logrotate for /var/log/
of the service (systemd only)
* Add reportbug script for samba-common, samba and winbind (Closes: #682861)
-- Mathieu Parent Fri, 21 Jul 2017 06:19:57 +0200
samba (2:4.6.5+dfsg-6) unstable; urgency=medium
* libcephfs-dev is only available on linux
* Fix libpam-
* Add missing logrotate for /var/log/
* Use smbcontrol in logrotate when available (Closes: #804705)
* From upstream: Fix outdated DNS Root servers (Closes: #865406)
* Drop xsltproc_
(Closes: #776223)
-- Mathieu Parent Wed, 19 Jul 2017 22:53:50 +0200
samba (2:4.6.5+dfsg-5) unstable; urgency=medium
* Remove bug_598313_
unused
* Remove samba-ad-
* Remove upstart files on upgrade (Closes: #867688)
* glusterfs-common is only available on linux
* Remove the samba service
* Ensure /var/log/samba permissions are set (Closes: #711138)
-- Mathieu Parent Tue, 18 Jul 2017 23:29:44 +0200
samba (2:4.6.5+dfsg-4) unstable; urgency=high
* This is a security release in order to address the following defects:
- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
(Closes: #868209)
* Other fixes:
- Remove empty samba-common.
prerm)
-- Mathieu Parent Thu, 13 Jul 2017 14:38:32 +0200
samba (2:4.6.5+dfsg-3) unstable; urgency=medium
* Remove upstart code
* Remove empty prerm for samba and samba-common-bin (Closes: #866258,
#866284)
* sysv: Use --pidfile in addition to --exec to avoid matching daemons in
containers (Closes: #810794)
* Standards-Version: 4.0.0
- Use https form of the copyright-format URL (Debian Policy 4.0.0)
* Remove debian/
* Remove empty debian/diversions
* Remove "ugly workaround to get the manpages on every architecture to be
identical", xsltproc now honour SOURCE_DATE_EPOCH
* Remove dh-exec shbang in libnss-
* Remove empty debian/
* Remove pre-jessie maintscript snipsets
* Move to debhelper compat 10 (Major change: dh_installinit command now
defaults to --restart-
* Remove unused samba-ad-dc package metadata (Closes: #866138)
* Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is configured
in PAM" (Closes: #739768)
-- Mathieu Parent Thu, 29 Jun 2017 09:45:59 +0200
samba (2:4.6.5+dfsg-2) unstable; urgency=medium
* Upload to unstable
* Move runtime dependencies of vfs_ceph and vfs_snapper to Recommends
* Fix typo s/DESTIDR/DESTDIR/ in d/rules
* Enable vfs_glusterfs (Closes: #864862)
* Add libdbus-1-dev as Build-Depends to allow vfs_snapper to build (Closes:
#804781). Patch by Willy Vanlid.
-- Mathieu Parent Mon, 19 Jun 2017 23:56:56 +0200
samba (2:4.6.5+dfsg-1) experimental; urgency=medium
* New upstream version (Closes: #859390)
- d/gbp.conf, d/watch: Change major version to 4.6
- Bump Build-dependencies of talloc, tdb, tevent and ldb to resp. 2.1.9,
1.3.12, O.9.31 and 1.1.29
- Remove CVE-2017-
- Add Build-Depends: libcmocka-dev (>= 1.0)
- Update d/*.install
- d/samba-
* Update README.source, about importing major versions
* d/control cleanup:
- Remove Conflicts and Replaces on pre-wheezy samba4 packages
- Remove Conflicts, Breaks and Replaces on pre-wheezy samba packages
- Remove Conflicts, Breaks and Replaces on pre-jessie samba packages
- Remove Conflicts, Breaks and Replaces on (pre-jessie) samba4 packages
- Remove Conflicts on pre-jessie libldb1 package
- Remove Breaks on pre-jessie qtsmbstatus-server package
- Remove Replaces on pre-wheezy smbget package
- wrap-and-sort
* Add libcephfs-dev as b-d to build vfs_ceph (Closes: #856998). Patch from
Ubuntu
* Enable avahi support (Closes: #859875). Patch from Laurent Bigonville.
* Translations:
- Portuguese translation for debconf messages (Closes: #864172). Patch from
Rui Branco
- Hungarian translation for debconf messages (Closes: #708277)
* Properly quote subshell invocation in samba-common.
* Add Build-Depends: xfslibs-dev, for XFS quotas
-- Mathieu Parent Mon, 12 Jun 2017 08:09:43 +0200
CVE References
summary: |
- Please merge with Debian 2:4.6.5+dfsg-2 or later + Please merge with Debian 2:4.6.5+dfsg-8 or later |
description: | updated |
This bug was fixed in the package samba - 2:4.6.5+ dfsg-8ubuntu1
--------------- 5+dfsg- 8ubuntu1) artful; urgency=medium
samba (2:4.6.
* Merge with Debian unstable (LP: #1700644). Remaining changes: VERSION. patch: Update vendor string to "Ubuntu".
\\server\ username to only username. samba-common. config: source_ samba.py. samba-common- bin.install: install hook. anonymous- share-list: list available shares anonymously authenticated- share-list: list available shares using share-access: create a share and download a file from it share-access: access a file in a share using cifs dfsg-2ubuntu2 when patch 1584485. patch was dropped there.] zero_cursor. patch - apply proposed-upstream fix for type=FILE failure gse_krb5- fix-a-possible- crash-in- fill_mem_ keytab. patch patches/ winbind_ trusted_ domains. patch: make sure domain /bugzilla. samba.org/ show_bug. cgi?id= 11830] patches/ CVE-2017- 11103.patch: use encrypted service p/CVE-2017- 11103-Orpheus- Lyre-KDC- REP-service- name-val. patch] /launchpad. net/bugs/ 1274247
- debian/
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
- debian/
+ Do not change priority to high if dhclient3 is installed.
- Add apport hook:
+ Created debian/
+ debian/rules, debian/
- Add extra DEP8 tests to samba (LP #1696823):
+ d/t/control: enable the new DEP8 tests
+ d/t/smbclient-
+ d/t/smbclient-
an authenticated connection
+ d/t/smbclient-
+ d/t/cifs-
- Ask the user if we can run testparm against the config file. If yes,
include its stderr and exit status in the bug report. Otherwise, only
include the exit status. (LP #1694334)
- If systemctl is available, use it to query the status of the smbd
service before trying to reload it. Otherwise, keep the same check
as before and reload the service based on the existence of the
initscript. (LP #1579597)
* Drop:
- d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
[This hunk was missed in 2:4.5.8+
fix-
- d/p/krb_
pam_winbind krb5_ccache_
[Replaced by d/p/s3-
in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
- debian/
members can talk to trusted domains DCs.
[Upstream committed a different fix, see updated patch attached to
https:/
- d/control: add libcephfs-dev as b-d to build vfs_ceph
[Adopted by Debian in 2:4.6.5+dfsg-1]
- debian/
name rather than unencrypted (and therefore spoofable) version
in heimdal
[Adopted by Debian as
d/
- Cherrypick upstream patch to fix FTBFS with new ceph lib.
[Merged upstream in 4.6.0rc1]
* Disable glusterfs support because it's not in main.
MIR bug is https:/
-- Andreas Hasenack <email address hidden> Thu, 10 Aug 2017 22:20:22 -0300