Please merge from debian's 4.8.2

Bug #1778125 reported by Andreas Hasenack on 2018-06-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Medium
Andreas Hasenack

Bug Description

samba (2:4.8.2+dfsg-2) unstable; urgency=medium

  * Update panic-action script message, samba-dbg renamed to samba-dbgsym
    (Closes: #900242)
  * Ensure /var/lib/samba/dhcp.conf exists (Closes: #901585)
  * Check smb.conf with testparm, and also with samba-tool when
    server role = active directory domain controller (Closes: #900908)

 -- Mathieu Parent Mon, 18 Jun 2018 23:39:41 +0200

samba (2:4.8.2+dfsg-1) unstable; urgency=medium

  * New upstream release
    - Bump build-depends ldb >= 1.3.3
  * Fix lintian warnings with patches recently merged upstream:
    - Add Fix-pidl-manpage-sections.patch
    - Add Fix-spelling.patch
    - Add Improve-vfs_linux_xfs_sgid-manpage.patch
  * Wrap very long lines in d/rules

 -- Mathieu Parent Thu, 17 May 2018 09:58:09 +0200

samba (2:4.8.1+dfsg-2) unstable; urgency=low

  * Upload to unstable
  * Really ignore nmbd start errors when there is no non-loopback interface
    (Closes: #893762)
  * Ignore nmbd start errors when there is no local IPv4 non-loopback interface
    (Closes: #859526)
  * Fix possible-unindented-list-in-extended-description in samba-vfs-modules

 -- Mathieu Parent Tue, 15 May 2018 21:23:32 +0200

samba (2:4.8.1+dfsg-1) experimental; urgency=medium

  * New upstream release
  * Add lintian override for "smbclient: executable-is-not-world-readable
    usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper 0700" (See #894720)
  * Improve samba-vfs-modules description (Closes: #776505)
  * Check smb.conf in samba-common-bin.postinst (Closes: #816301)
  * Mark libparse-pidl-perl, samba-dev, samba-dsdb-modules and samba-vfs-modules
    as"Multi-Arch: same"
  * Standards-Version: 4.1.4, no change
  * debian/smb.conf: Fix typo in comment line: sever -> server (Closes: #763648)
  * Read smb.conf until [print$] section instead of [cdrom] to preserve
    locally-defined shares (Closes: #776259)
  * Fix and improve dhcp integration:
    - dhclient3 was renamed to dhclient long time ago...
    - Remove /etc/samba/dhcp.conf on purge (Closes: #784713)
    - Move dhcp.conf out of /etc to allow ro root (Closes: #695362)
    - Update template for "Move dhcp.conf out of /etc to allow ro root"
  * Enable --accel-aes=intelaesni on DEB_HOST_GNU_CPU=x86_64 (Closes: #896196)
    - Use dh-exec to install libaesni-intel.so.0 only on amd64

 -- Mathieu Parent Sun, 29 Apr 2018 12:54:06 +0200

samba (2:4.8.0+dfsg-2) experimental; urgency=medium

  * Remove unused and outdated debian/README.debian (debian/README.Debian is
    used instead)
  * Mask services as appropriate in samba and winbind postinst (Closes: #863285)
    - mask samba-ad-dc unless server role = active directory domain controller
      (as before)
    - mask smbd and nmbd when server role = active directory domain controller
    - mask nmbd when disable netbios = yes (Closes: #866125)
  * Set smbspool_krb5_wrapper permissions to 0700 (Closes: #894720, #372270)
  * Remove Depends: samba-libs of lib{nss,pam}-winbind
  * Mark winbind "Multi-Arch: allowed" and make lib{pam,nss}-winbind depends on
    winbind:any to allow co-installation (Closes: #881100)
  * Ignore nmbd start errors when there is no non-loopback interface
    (Closes: #893762)

 -- Mathieu Parent Sun, 08 Apr 2018 22:09:53 +0200

samba (2:4.8.0+dfsg-1) experimental; urgency=medium

  [ Mathieu Parent ]
  * New major upstream version
    - Update d/gbp.conf and d/watch for 4.8
    - Update upstream source from tag 'upstream/4.8.0+dfsg'
    - Re-apply patches
    - Remove patches merged upstream:
      + no_build_system.patch
      + systemd-syslog.target-is-obsolete.patch
      + Add-documentation-to-systemd-Unit-files.patch
      + fix_kill_path_in_units.patch
      + nmbd-requires-a-working-network.patch
      + CVE-2018-1050-11343-4.7.patch
      + CVE-2018-1057-v4-7.metze01.patches.txt
    - Bump build-depends talloc >= 2.1.11~, tdb >= 1.3.15~, tevent >= 0.9.36~
      and ldb >= 2:1.3.2~
    - Drop Build-Conflicts-Arch: libaio-dev, vfs_aio_linux was dropped
    - Update debian/*.install and use debian/not-installed
    - Update debian/libsmbclient.symbols
    - Upload to experimental
  * debian/README.source
    - Update instructions
    - Convert to Markdown
    - Add a symlink from README.source to README.source.md
  * debian/rules:
    - Use the new --systemd-install-services
    - Use dh_missing --fail-missing
    - Re-order debian/rules overrides in the order they are called
    - Remove broken get-packaged-orig-source target
    - Remove unused DEB_BUILD_OPT_FOO variables
    - Add some comments
    - Move all the custom installs from override_dh_install to
      override_dh_auto_install
    - Remove --sourcedir override to dh_install "since dh_install automatically
      looks for files in debian/tmp in debhelper compatibility level 7 and
      above"
    - PIDFile= is now correctly set in *.service

  [ Louis van Belle ]
  * Update d/control, Relax Build-Depends to allow backport

 -- Mathieu Parent Mon, 19 Mar 2018 13:02:51 +0100

Related branches

Andreas Hasenack (ahasenack) wrote :

Caught a regression error and filed an upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=13486

Launchpad Janitor (janitor) wrote :
Download full text (8.1 KiB)

This bug was fixed in the package samba - 2:4.8.4+dfsg-2ubuntu1

---------------
samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1778125). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
  * Drop:
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
      [Accepted by Debian in 2:4.7.4+dfsg-2]
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
      [In Debian since 2:4.7.4+dfsg-2]
    - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
      [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
      Thanks to Andreas Schneider <email address hidden>. (LP #1761737)
      [Fixed upstream]

samba (2:4.8.4+dfsg-2) unstable; urgency=high

  * Fix typo in previous release: s/usefull/useful/
  * Prepend 1.4.0+really to ldb version to allow samba-dsdb-modules install
    (Closes: #906562, #906568)
  * Urgency still set to high

samba (2:4.8.4+dfsg-1) unstable; urgency=high

  [ Andreas Hasenack ]
  * d/samba.logrotate: only try to reload the services if they are running
    (Closes: #902149)
  * Remove the deprecated "syslog" and "syslog only" options (Closes: #901138)

  [ Mathieu Parent ]
  * New upstream security release
    - CVE-2018-1139 Weak authentication protocol allowed
    - CVE-2018-1140 Denial of Service Attack on DNS and LDAP server
    - CVE-2018-10858 Insufficient input validation on client directory listing
      in libsmbclient
    - CVE-2018-10918 Denial of Service Attack on AD DC DRSUAPI server
    - CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server
    - Urgency set to high
    - Bump build-depends ldb >= 1.3.5 (actually 2:1.4.0+really1.3.5) for
      CVE-2018-1140
  * smb.conf: Remove "wins support" and "wins server" comments
  * smb.conf: Improve "logging" comments
  * smb.conf: Remove "dns proxy = no", only useful as a WINS server
  * smb.conf: Propose better idmap config
  * smb.conf: Remove "passd...

Read more...

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.