Comment 2 for bug 999764

Revision history for this message
Launchpad Janitor (janitor) wrote : Re: no ufw profile or apport hook is included in the 12.04 packages

This bug was fixed in the package samba - 2:3.6.5-2ubuntu1

---------------
samba (2:3.6.5-2ubuntu1) quantal; urgency=low

  * Merge from Debian unstable, remaining changes:
    + debian/patches/VERSION.patch:
      - set SAMBA_VERSION_SUFFIX to Ubuntu.
    + debian/smb.conf:
      - add "(Samba, Ubuntu)" to server string.
      - comment out the default [homes] share, and add a comment about
        "valid users = %S" to show users how to restrict access to
        \\server\username to only username.
      - Other changes now in Debian packaging.
    + debian/samba-common.config:
      - Do not change priority to high if dhclient3 is installed.
      - Use priority medium instead of high for the workgroup question.
    + debian/control:
      - Don't build against or suggest ctdb.
      - Add dependency on samba-common-bin to samba.
    + Add ufw integration:
      - Created debian/samba.ufw.profile
      - debian/rules, debian/samba.install: install profile.
      - debian/control: have samba suggest ufw.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debian/samba-common-bin.install: install hook.
    + Switch to upstart:
      - Added debian/samba.{nmbd,smbd}.upstart.
      - debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
        Make upstart compatible.
  * d/samba.install, d/samba-common-bin.install: Restore apport hook and ufw
    profile (LP: #999764).
  * Dropped:
    + debian/patches/CVE-2012-1182-*.patch: fixed in upstream release 3.6.4.
    + debian/patches/CVE-2012-2111.patch: fixed in upstream release 3.6.5.
    + debian/patches/fix-debuglevel-name-conflict.patch: fixed upstream -
      debug_level is no longer used as a global variable name.
    + debian/patches/error-trans.fix-276472: fixed upstream.

samba (2:3.6.5-2) unstable; urgency=low

  * The yearly "SambaXP bug cleaning party" release. 11 years
    SambaXP, 20 years Samba and counting...
  * Make samba-common "Multi-Arch: foreign"
  * Adapt patch in upstream #7499 and stop nss_wins clobbering other
    daemon's logfiles. Closes: #598313
  * Add some mention about some use for the user information in Kerberos
    environments in the smbspool manpage. Closes: #387266
  * Drop link to no longer provided "Using Samba" documentation in
    HTML documentation summary file. Closes: #604768
  * Provide WHATSNEW.txt in samba-doc too as it is linked from the
    documentation summary file. Do not compress that file.
  * Fix link to WHATSNEW.txt in HTML documentation summary file. This
    is the second part of the fix for #604768
  * Use lp_state_dir() instead of get_dyn_STATEDIR() in
    fhs-filespaths.patch as the latter does indeed hardcode the
    location for passdb.tdb and secrets.tdb to /var/lib/samba
    (the compile-time option for state directory and NOT the configurable
    value). This is left to "state directory" instead of "private dir"
    at least as of now, because if doesn't change anything to the
    current behaviour, but allows the files' location to be configurable
    through "state directory" (and not "private dir").
    Closes: #249873
  * Disable useless smbtorture4 build. Thanks to Ivo De Decker for the patch.
    Closes: #670561
  * Add upstream commit that adds waf source to the buildtools/
    directory. As upstream will, one day or another, merge this, I
    prefer this over removing the waf binary and repack upstream
    tarball.
    Closes: #654499
  * Build-Conflict with python-ldb and python-ldb-dev to avoid build
    failures when some versions of these packages are locally installed.
    Closes: #657314
  * Rename fix-samba.ldip-syntax.patch to fix-samba.ldif-syntax.patch
  * Split NSS modules into a new libnss-winbind binary package.
    Closes: #646292
  * Add a NEWS.Debian entry about the libnss-winbind split and, while at
    it, add an entry for libpam-winbind too (as it will affect upgrades
    from squeeze).
  * Drop code that was moving files around in samba.postinst and
    winbind.postinst for pre-squeeze versions of the package.
  * Drop code that was modifying a deprecated "passdb backend" setting
    in smb.conf for pre-squeeze versions of the package (in
    samba-common.config).
  * Add Should-Start dependency to winbind init script to guarantee
    that the samba init script is started before winbind if present.
    Closes: #638066
  * Provide a (basic) manpage to smbtorture(1). Closes: #528735
  * Turkish debconf translation update (Atila KOÇ). Closes: #672447
  * Drop the code that generates an smbpasswd file from the system's
    user list. This adds very long delays on systems with many users,
    including those with external user backends. It also makes much
    less sense nowadays and the use of libpam-smbpass can easily
    fill most of the needs. Closes: #671926
  * Merged from Ubuntu:
    - Set 'usershare allow guests', so that usershare admins are
      allowed to create public shares in addition to authenticated
      ones.
    - add map to guest = Bad user, maps bad username to guest access.
    This allows for anonymous user shares. Closes: #672497

samba (2:3.6.5-1) unstable; urgency=low

  * New upstream release. Fixes CVE-2012-2111: Incorrect permission
    checks when granting/removing privileges can compromise file
    server security.
  * Build-Depend on debhelper >= 9~ (which is in unstable for a few
    months now)
  * Use "set -e" in maintainer scripts instead of passing -e in the
    shebang line
  * Update Standards to 3.9.3 (checked, no change)

samba (2:3.6.4-1) unstable; urgency=low

  [ Christian Perrier ]
  * Two changes in the previous version should indeed read:
    - samba.postinst: Avoid scary pdbedit warnings on first import.
    - samba-common.postinst: Add more informative error message for the case
      where smb.conf was manually deleted.
    Closes: #664509

  [ Jelmer Vernooij ]
  * New upstream release.
   + Fixes CVE-2012-1182: PIDL based autogenerated code allows overwriting
     beyond of allocated array.
 -- James Page <email address hidden> Tue, 15 May 2012 17:00:56 +0100