This bug was fixed in the package samba - 2:3.4.2-1ubuntu1 --------------- samba (2:3.4.2-1ubuntu1) lucid; urgency=low * Merge from debian unstable, remaining changes: + debian/patches/VERSION.patch: - set SAMBA_VERSION_SUFFIX to Ubuntu + debian/smb.conf: - Add "(Samaba, Ubuntu)" to server string. - Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - Set 'usershare allow guests', so that usershare admins are allowed to create public shares in addition to authenticated ones. - add map to guest = Bad user, maps bad username to guest access. + debian/samba-common.config: - Do not change priority to high if dhclient3 is installed. - Use priority medium instead of high for the workgroup question. + debian/mksambapasswd.awk: - Do not add user with UID less than 1000 to smbpasswd. + debian/control: - Make libwbclient0 replace/conflict with hardy's likewise-open. - Don't build against ctdb. - Build-depend on libreadline-dev instead of libreadline5-dev. + debian/rules: - enable "native" PIE hardening. + Add ufw integration: - Created debian/samba.ufw.profile - debian/rules, debian/samba.dirs, debian/samba.files: install + debian/patches/fix-smbclient-long-names.patch: Samba shares with more than 12 characters are not displayed. (LP: #449735) + Dropped: - debian/patches/536757.patch: Already upstream - debian/patches/net-usershare-list-3.4.0.patch: Already upstream - debian/patches/fix-crash-when-loading-interfaces.patch: Already upstream - debian/patches/fix-upstream-6680.patch: Already upstream - debian/patches/security-CVE-2009-2813.patch: Already upstream - debian/patches/security-CVE-2009-2948.patch: Already upstream - debian/patches/security-CVE-2009-2906.patch: Already upstream samba (2:3.4.2-1) unstable; urgency=high * New upstream release. Security update. * CVE-2009-2813: Connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. * CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. * CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. samba (2:3.4.1-2) unstable; urgency=low * ./configure --disable-avahi, to avoid accidentally picking up an avahi dependency when libavahi-common-dev is installed. samba (2:3.4.1-1) unstable; urgency=low [ Christian Perrier ] * New upstream release. This fixes the following bugs: - smbd SIGSEGV when breaking oplocks. Thanks to Petr Vandrovec for the clever analysis and collaboration with upstream. Closes: #541171 - Fix password change propagation with ldapsam. Closes: #505215 - Source package contains non-free IETF RFC/I-D. Closes: #538034 * Turn the build dependency on libreadline5-dev to libreadline-dev to make further binNMUs easier when libreadline soname changes Thanks to Matthias Klose for the suggestion [ Steve Langasek ] * Don't build talloctort when using --enable-external-talloc; and don't try to include talloctort in the samba-tools package, since we're building with --enable-external-talloc. :) Closes: #546828. samba (2:3.4.0-5) unstable; urgency=low * Move /etc/pam.d/samba back to samba-common, because it's shared with samba4. Closes: #545764. samba (2:3.4.0-4) unstable; urgency=low [ Steve Langasek ] * debian/samba.pamd: include common-session-noninteractive instead of common-session, to avoid pulling in modules specific to interactive logins such as pam_ck_connector. * debian/control: samba depends on libpam-runtime (>= 1.0.1-11) for the above. * rename debian/samba.pamd to debian/samba.pam and call dh_installpam from debian/rules install, bringing us a smidge closer to a stock debhelper build * don't call pyversions from debian/rules, this throws a useless error message during build. * fix up the list of files that need to be removed by hand in the clean target; the majority of these are now correctly handled upstream. * debian/rules: fix the update-arch target for the case of unversioned build-deps. * Pull avr32 into the list of supported Linux archs. Closes: #543543. * Fix LSB header in winbind.init; thanks to Petter Reinholdtsen for the patch. Closes: #541367. [ Christian Perrier ] * Use DEP-3 for patches meta-information [ Steve Langasek ] * Change swat update-inetd call to use --remove only on purge, and --disable on removal. * Add missing build-dependency on pkg-config, needed to fix libtalloc detection * debian/patches/external-talloc-support.patch: fix the Makefile so it works when using external talloc instead of giving a missing-depend error. * debian/patches/autoconf.patch: resurrect this patch, needed for the above. * debian/rules: build with --without-libtalloc --enable-external-libtalloc, also needed to fix the build failure. -- Chuck Short