Please merge with Debian 2:4.6.5+dfsg-8 or later

Bug #1700644 reported by Andreas Hasenack on 2017-06-26
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Andreas Hasenack

Bug Description

samba (2:4.6.5+dfsg-8) unstable; urgency=medium

  * Remove dependency on update-inetd, not used anymore
  * vfs_ceph and vfs_glusterfs are linux only (d/rules part)
  * Remove build-dependency on faketime, not used anymore

 -- Mathieu Parent Sun, 23 Jul 2017 19:56:07 +0200

samba (2:4.6.5+dfsg-7) unstable; urgency=medium

  * xfslibs-dev is only available on linux
  * Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
    of the service (systemd only)
  * Add reportbug script for samba-common, samba and winbind (Closes: #682861)

 -- Mathieu Parent Fri, 21 Jul 2017 06:19:57 +0200

samba (2:4.6.5+dfsg-6) unstable; urgency=medium

  * libcephfs-dev is only available on linux
  * Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
  * Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
  * Use smbcontrol in logrotate when available (Closes: #804705)
  * From upstream: Fix outdated DNS Root servers (Closes: #865406)
  * Drop xsltproc_dont_build_smb.conf.5.patch, as #750593 is marked fixed
    (Closes: #776223)

 -- Mathieu Parent Wed, 19 Jul 2017 22:53:50 +0200

samba (2:4.6.5+dfsg-5) unstable; urgency=medium

  * Remove bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch,
  * Remove samba-ad-dc.templates
  * Remove upstart files on upgrade (Closes: #867688)
  * glusterfs-common is only available on linux
  * Remove the samba service
  * Ensure /var/log/samba permissions are set (Closes: #711138)

 -- Mathieu Parent Tue, 18 Jul 2017 23:29:44 +0200

samba (2:4.6.5+dfsg-4) unstable; urgency=high

  * This is a security release in order to address the following defects:
    - CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
      (Closes: #868209)
  * Other fixes:
    - Remove empty samba-common.maintscript (leading to empty preinst and

 -- Mathieu Parent Thu, 13 Jul 2017 14:38:32 +0200

samba (2:4.6.5+dfsg-3) unstable; urgency=medium

  * Remove upstart code
  * Remove empty prerm for samba and samba-common-bin (Closes: #866258,
  * sysv: Use --pidfile in addition to --exec to avoid matching daemons in
    containers (Closes: #810794)
  * Standards-Version: 4.0.0
    - Use https form of the copyright-format URL (Debian Policy 4.0.0)
  * Remove debian/bzr-builddeb.conf
  * Remove empty debian/diversions
  * Remove "ugly workaround to get the manpages on every architecture to be
    identical", xsltproc now honour SOURCE_DATE_EPOCH
  * Remove dh-exec shbang in libnss-winbind.install
  * Remove empty debian/libsmbclient.manpages
  * Remove pre-jessie maintscript snipsets
  * Move to debhelper compat 10 (Major change: dh_installinit command now
    defaults to --restart-after-upgrade)
  * Remove unused samba-ad-dc package metadata (Closes: #866138)
  * Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is configured
    in PAM" (Closes: #739768)

 -- Mathieu Parent Thu, 29 Jun 2017 09:45:59 +0200

samba (2:4.6.5+dfsg-2) unstable; urgency=medium

  * Upload to unstable
  * Move runtime dependencies of vfs_ceph and vfs_snapper to Recommends
  * Fix typo s/DESTIDR/DESTDIR/ in d/rules
  * Enable vfs_glusterfs (Closes: #864862)
  * Add libdbus-1-dev as Build-Depends to allow vfs_snapper to build (Closes:
    #804781). Patch by Willy Vanlid.

 -- Mathieu Parent Mon, 19 Jun 2017 23:56:56 +0200

samba (2:4.6.5+dfsg-1) experimental; urgency=medium

  * New upstream version (Closes: #859390)
    - d/gbp.conf, d/watch: Change major version to 4.6
    - Bump Build-dependencies of talloc, tdb, tevent and ldb to resp. 2.1.9,
      1.3.12, O.9.31 and 1.1.29
    - Remove CVE-2017-7494.patch: applied upstream
    - Add Build-Depends: libcmocka-dev (>= 1.0)
    - Update d/*.install
    - d/ Roadmap removed upstream
  * Update README.source, about importing major versions
  * d/control cleanup:
    - Remove Conflicts and Replaces on pre-wheezy samba4 packages
    - Remove Conflicts, Breaks and Replaces on pre-wheezy samba packages
    - Remove Conflicts, Breaks and Replaces on pre-jessie samba packages
    - Remove Conflicts, Breaks and Replaces on (pre-jessie) samba4 packages
    - Remove Conflicts on pre-jessie libldb1 package
    - Remove Breaks on pre-jessie qtsmbstatus-server package
    - Remove Replaces on pre-wheezy smbget package
    - wrap-and-sort
  * Add libcephfs-dev as b-d to build vfs_ceph (Closes: #856998). Patch from
  * Enable avahi support (Closes: #859875). Patch from Laurent Bigonville.
  * Translations:
    - Portuguese translation for debconf messages (Closes: #864172). Patch from
    Rui Branco
    - Hungarian translation for debconf messages (Closes: #708277)
  * Properly quote subshell invocation in samba-common.preinst (Closes: #771689)
  * Add Build-Depends: xfslibs-dev, for XFS quotas

 -- Mathieu Parent Mon, 12 Jun 2017 08:09:43 +0200

CVE References

summary: - Please merge with Debian 2:4.6.5+dfsg-2 or later
+ Please merge with Debian 2:4.6.5+dfsg-8 or later
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.6.5+dfsg-8ubuntu1

samba (2:4.6.5+dfsg-8ubuntu1) artful; urgency=medium

  * Merge with Debian unstable (LP: #1700644). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control: enable the new DEP8 tests
      + d/t/smbclient-anonymous-share-list: list available shares anonymously
      + d/t/smbclient-authenticated-share-list: list available shares using
        an authenticated connection
      + d/t/smbclient-share-access: create a share and download a file from it
      + d/t/cifs-share-access: access a file in a share using cifs
    - Ask the user if we can run testparm against the config file. If yes,
      include its stderr and exit status in the bug report. Otherwise, only
      include the exit status. (LP #1694334)
    - If systemctl is available, use it to query the status of the smbd
      service before trying to reload it. Otherwise, keep the same check
      as before and reload the service based on the existence of the
      initscript. (LP #1579597)
  * Drop:
    - d/rules: Compile winbindd/winbindd statically. (LP: #1700527)
      [This hunk was missed in 2:4.5.8+dfsg-2ubuntu2 when patch
      fix-1584485.patch was dropped there.]
    - d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure
      [Replaced by d/p/s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch
      in 2:4.6.5+dfsg-3 that closed Debian's bug #739768]
    - debian/patches/winbind_trusted_domains.patch: make sure domain
      members can talk to trusted domains DCs.
      [Upstream committed a different fix, see updated patch attached to]
    - d/control: add libcephfs-dev as b-d to build vfs_ceph
      [Adopted by Debian in 2:4.6.5+dfsg-1]
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
      [Adopted by Debian as
    - Cherrypick upstream patch to fix FTBFS with new ceph lib.
      [Merged upstream in 4.6.0rc1]
  * Disable glusterfs support because it's not in main.
    MIR bug is

 -- Andreas Hasenack <email address hidden> Thu, 10 Aug 2017 22:20:22 -0300

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers