Samba 4.7.4 should not be shipped as an AD DC
Bug #1755057 reported by
Andrew Bartlett
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
Samba 4.7.4 and below has an unfortunate upgrade bug
https:/
See the release notes for Samba 4.7.5
https:/
Please do not ship Samba 4.7.4 in Ubuntu 18.04, instead given the security release due tomorrow, ship 4.7.6 with both the security fix and this fixed.
Thanks!
Andrew Bartlett
Samba Team
Related branches
~ahasenack/ubuntu/+source/samba:bionic-samba-4.7.6
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 4928 lines (+1780/-463)157 files modifiedVERSION (+1/-1)
WHATSNEW.txt (+165/-2)
buildtools/wafsamba/samba_autoconf.py (+3/-1)
ctdb/doc/ctdb-etcd.7 (+2/-2)
ctdb/doc/ctdb-statistics.7 (+2/-2)
ctdb/doc/ctdb-tunables.7 (+2/-2)
ctdb/doc/ctdb.1 (+2/-2)
ctdb/doc/ctdb.7 (+2/-2)
ctdb/doc/ctdb_diagnostics.1 (+2/-2)
ctdb/doc/ctdb_mutex_ceph_rados_helper.7 (+2/-2)
ctdb/doc/ctdbd.1 (+2/-2)
ctdb/doc/ctdbd.conf.5 (+2/-2)
ctdb/doc/ctdbd_wrapper.1 (+2/-2)
ctdb/doc/ltdbtool.1 (+2/-2)
ctdb/doc/onnode.1 (+2/-2)
ctdb/doc/ping_pong.1 (+2/-2)
ctdb/server/ctdb_recovery_helper.c (+12/-4)
ctdb/wscript (+1/-1)
debian/changelog (+35/-0)
docs/manpages/cifsdd.8 (+2/-2)
docs/manpages/dbwrap_tool.1 (+2/-2)
docs/manpages/eventlogadm.8 (+2/-2)
docs/manpages/findsmb.1 (+2/-2)
docs/manpages/idmap_ad.8 (+2/-2)
docs/manpages/idmap_autorid.8 (+2/-2)
docs/manpages/idmap_hash.8 (+2/-2)
docs/manpages/idmap_ldap.8 (+2/-2)
docs/manpages/idmap_nss.8 (+2/-2)
docs/manpages/idmap_rfc2307.8 (+2/-2)
docs/manpages/idmap_rid.8 (+2/-2)
docs/manpages/idmap_script.8 (+2/-2)
docs/manpages/idmap_tdb.8 (+2/-2)
docs/manpages/idmap_tdb2.8 (+2/-2)
docs/manpages/libsmbclient.7 (+2/-2)
docs/manpages/lmhosts.5 (+2/-2)
docs/manpages/log2pcap.1 (+2/-2)
docs/manpages/mvxattr.1 (+2/-2)
docs/manpages/net.8 (+2/-2)
docs/manpages/nmbd.8 (+2/-2)
docs/manpages/nmblookup.1 (+2/-2)
docs/manpages/ntlm_auth.1 (+2/-2)
docs/manpages/pam_winbind.8 (+2/-2)
docs/manpages/pam_winbind.conf.5 (+2/-2)
docs/manpages/pdbedit.8 (+2/-2)
docs/manpages/profiles.1 (+2/-2)
docs/manpages/rpcclient.1 (+2/-2)
docs/manpages/samba-regedit.8 (+2/-2)
docs/manpages/samba-tool.8 (+2/-2)
docs/manpages/samba.7 (+2/-2)
docs/manpages/samba.8 (+2/-2)
docs/manpages/sharesec.1 (+2/-2)
docs/manpages/smb.conf.5 (+2/-2)
docs/manpages/smbcacls.1 (+2/-2)
docs/manpages/smbclient.1 (+2/-2)
docs/manpages/smbcontrol.1 (+2/-2)
docs/manpages/smbcquotas.1 (+2/-2)
docs/manpages/smbd.8 (+2/-2)
docs/manpages/smbget.1 (+2/-2)
docs/manpages/smbgetrc.5 (+2/-2)
docs/manpages/smbpasswd.5 (+2/-2)
docs/manpages/smbpasswd.8 (+2/-2)
docs/manpages/smbspool.8 (+2/-2)
docs/manpages/smbspool_krb5_wrapper.8 (+2/-2)
docs/manpages/smbstatus.1 (+2/-2)
docs/manpages/smbtar.1 (+2/-2)
docs/manpages/smbtree.1 (+2/-2)
docs/manpages/testparm.1 (+2/-2)
docs/manpages/vfs_acl_tdb.8 (+2/-2)
docs/manpages/vfs_acl_xattr.8 (+2/-2)
docs/manpages/vfs_aio_fork.8 (+2/-2)
docs/manpages/vfs_aio_linux.8 (+2/-2)
docs/manpages/vfs_aio_pthread.8 (+2/-2)
docs/manpages/vfs_audit.8 (+2/-2)
docs/manpages/vfs_btrfs.8 (+2/-2)
docs/manpages/vfs_cacheprime.8 (+2/-2)
docs/manpages/vfs_cap.8 (+2/-2)
docs/manpages/vfs_catia.8 (+2/-2)
docs/manpages/vfs_ceph.8 (+2/-2)
docs/manpages/vfs_commit.8 (+2/-2)
docs/manpages/vfs_crossrename.8 (+2/-2)
docs/manpages/vfs_default_quota.8 (+2/-2)
docs/manpages/vfs_dirsort.8 (+2/-2)
docs/manpages/vfs_extd_audit.8 (+2/-2)
docs/manpages/vfs_fake_perms.8 (+2/-2)
docs/manpages/vfs_fileid.8 (+2/-2)
docs/manpages/vfs_fruit.8 (+2/-2)
docs/manpages/vfs_full_audit.8 (+2/-2)
docs/manpages/vfs_glusterfs.8 (+2/-2)
docs/manpages/vfs_gpfs.8 (+2/-2)
docs/manpages/vfs_linux_xfs_sgid.8 (+2/-2)
docs/manpages/vfs_media_harmony.8 (+2/-2)
docs/manpages/vfs_netatalk.8 (+2/-2)
docs/manpages/vfs_offline.8 (+2/-2)
docs/manpages/vfs_prealloc.8 (+2/-2)
docs/manpages/vfs_preopen.8 (+2/-2)
docs/manpages/vfs_readahead.8 (+2/-2)
docs/manpages/vfs_readonly.8 (+2/-2)
docs/manpages/vfs_recycle.8 (+2/-2)
docs/manpages/vfs_shadow_copy.8 (+2/-2)
docs/manpages/vfs_shadow_copy2.8 (+2/-2)
docs/manpages/vfs_shell_snap.8 (+2/-2)
docs/manpages/vfs_snapper.8 (+2/-2)
docs/manpages/vfs_streams_depot.8 (+2/-2)
docs/manpages/vfs_streams_xattr.8 (+2/-2)
docs/manpages/vfs_syncops.8 (+2/-2)
docs/manpages/vfs_time_audit.8 (+2/-2)
docs/manpages/vfs_tsmsm.8 (+2/-2)
docs/manpages/vfs_unityed_media.8 (+2/-2)
docs/manpages/vfs_worm.8 (+2/-2)
docs/manpages/vfs_xattr_tdb.8 (+2/-2)
docs/manpages/vfs_zfsacl.8 (+2/-2)
docs/manpages/vfstest.1 (+2/-2)
docs/manpages/wbinfo.1 (+2/-2)
docs/manpages/winbind_krb5_locator.7 (+2/-2)
docs/manpages/winbindd.8 (+2/-2)
lib/replace/system/nis.h (+83/-0)
lib/replace/wscript (+33/-5)
lib/util/access.c (+7/-3)
lib/util/wscript_build (+1/-1)
python/samba/common.py (+17/-0)
python/samba/dbchecker.py (+268/-52)
python/samba/tests/common.py (+29/-4)
selftest/selftest.pl (+3/-2)
selftest/target/Samba3.pm (+4/-0)
source3/auth/user_util.c (+13/-0)
source3/auth/wscript_build (+1/-1)
source3/include/includes.h (+0/-49)
source3/include/smb_acls.h (+8/-2)
source3/lib/sysquotas_nfs.c (+10/-1)
source3/lib/util.c (+11/-0)
source3/modules/vfs_ceph.c (+15/-0)
source3/modules/vfs_default.c (+7/-7)
source3/modules/vfs_error_inject.c (+100/-0)
source3/modules/vfs_fruit.c (+133/-40)
source3/modules/wscript_build (+7/-0)
source3/rpc_server/spoolss/srv_spoolss_nt.c (+13/-0)
source3/script/tests/test_smbd_error.sh (+56/-0)
source3/selftest/tests.py (+3/-0)
source3/smbd/oplock.c (+18/-7)
source3/smbd/pysmbd.c (+38/-5)
source3/smbd/server_exit.c (+0/-4)
source3/wscript (+21/-13)
source3/wscript_build (+1/-1)
source4/dsdb/samdb/ldb_modules/acl.c (+131/-15)
source4/dsdb/samdb/ldb_modules/password_hash.c (+37/-8)
source4/dsdb/samdb/ldb_modules/repl_meta_data.c (+15/-3)
source4/dsdb/samdb/samdb.h (+9/-0)
source4/dsdb/tests/python/passwords.py (+49/-0)
source4/heimdal/kdc/pkinit.c (+7/-4)
source4/heimdal/lib/asn1/rfc2459.asn1 (+1/-1)
source4/heimdal/lib/krb5/pkinit.c (+6/-1)
source4/libcli/ldap/ldap_controls.c (+1/-0)
source4/setup/schema_samba4.ldif (+1/-0)
source4/smbd/server.c (+1/-3)
source4/torture/vfs/fruit.c (+85/-4)
testprogs/blackbox/dbcheck-links.sh (+78/-0)
testprogs/blackbox/tombstones-expunge.sh (+24/-0)
Changed in samba (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → In Progress |
importance: | Undecided → High |
To post a comment you must log in.
This bug was fixed in the package samba - 2:4.7.6+ dfsg~ubuntu- 0ubuntu1
--------------- 6+dfsg~ ubuntu- 0ubuntu1) bionic; urgency=medium
samba (2:4.7.
* New upstream version: VERSION. patch: Update vendor string to "Ubuntu".
\\server\ username to only username. samba-common. config: source_ samba.py. samba-common- bin.install: install hook. share-access: access a file in a share using cifs anonymous- share-list: list available shares authenticated- share-list: list available share-access: create a share and download a common. dhcp: If systemctl is available, use it to query the /launchpad. net/bugs/ 1274247
- Fix database corruption bug when upgrading from samba 4.6 or lower
AD controllers (LP: #1755057)
- Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
* Remaining changes:
- debian/
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
- debian/
+ Do not change priority to high if dhclient3 is installed.
- Add apport hook:
+ Created debian/
+ debian/rules, debian/
- Add extra DEP8 tests to samba (LP #1696823):
+ d/t/control, d/t/cifs-
+ d/t/control, d/t/smbclient-
anonymously
+ d/t/control, d/t/smbclient-
shares using an authenticated connection
+ d/t/control, d/t/smbclient-
file from it
- d/samba-
status of the smbd service before trying to reload it. Otherwise,
keep the same check as before and reload the service based on the
existence of the initscript. (LP #1579597)
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https:/
-- Andreas Hasenack <email address hidden> Tue, 13 Mar 2018 16:58:49 -0300