This bug was fixed in the package samba - 2:3.6.5-2ubuntu1 --------------- samba (2:3.6.5-2ubuntu1) quantal; urgency=low * Merge from Debian unstable, remaining changes: + debian/patches/VERSION.patch: - set SAMBA_VERSION_SUFFIX to Ubuntu. + debian/smb.conf: - add "(Samba, Ubuntu)" to server string. - comment out the default [homes] share, and add a comment about "valid users = %S" to show users how to restrict access to \\server\username to only username. - Other changes now in Debian packaging. + debian/samba-common.config: - Do not change priority to high if dhclient3 is installed. - Use priority medium instead of high for the workgroup question. + debian/control: - Don't build against or suggest ctdb. - Add dependency on samba-common-bin to samba. + Add ufw integration: - Created debian/samba.ufw.profile - debian/rules, debian/samba.install: install profile. - debian/control: have samba suggest ufw. + Add apport hook: - Created debian/source_samba.py. - debian/rules, debian/samba-common-bin.install: install hook. + Switch to upstart: - Added debian/samba.{nmbd,smbd}.upstart. - debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up: Make upstart compatible. * d/samba.install, d/samba-common-bin.install: Restore apport hook and ufw profile (LP: #999764). * Dropped: + debian/patches/CVE-2012-1182-*.patch: fixed in upstream release 3.6.4. + debian/patches/CVE-2012-2111.patch: fixed in upstream release 3.6.5. + debian/patches/fix-debuglevel-name-conflict.patch: fixed upstream - debug_level is no longer used as a global variable name. + debian/patches/error-trans.fix-276472: fixed upstream. samba (2:3.6.5-2) unstable; urgency=low * The yearly "SambaXP bug cleaning party" release. 11 years SambaXP, 20 years Samba and counting... * Make samba-common "Multi-Arch: foreign" * Adapt patch in upstream #7499 and stop nss_wins clobbering other daemon's logfiles. Closes: #598313 * Add some mention about some use for the user information in Kerberos environments in the smbspool manpage. Closes: #387266 * Drop link to no longer provided "Using Samba" documentation in HTML documentation summary file. Closes: #604768 * Provide WHATSNEW.txt in samba-doc too as it is linked from the documentation summary file. Do not compress that file. * Fix link to WHATSNEW.txt in HTML documentation summary file. This is the second part of the fix for #604768 * Use lp_state_dir() instead of get_dyn_STATEDIR() in fhs-filespaths.patch as the latter does indeed hardcode the location for passdb.tdb and secrets.tdb to /var/lib/samba (the compile-time option for state directory and NOT the configurable value). This is left to "state directory" instead of "private dir" at least as of now, because if doesn't change anything to the current behaviour, but allows the files' location to be configurable through "state directory" (and not "private dir"). Closes: #249873 * Disable useless smbtorture4 build. Thanks to Ivo De Decker for the patch. Closes: #670561 * Add upstream commit that adds waf source to the buildtools/ directory. As upstream will, one day or another, merge this, I prefer this over removing the waf binary and repack upstream tarball. Closes: #654499 * Build-Conflict with python-ldb and python-ldb-dev to avoid build failures when some versions of these packages are locally installed. Closes: #657314 * Rename fix-samba.ldip-syntax.patch to fix-samba.ldif-syntax.patch * Split NSS modules into a new libnss-winbind binary package. Closes: #646292 * Add a NEWS.Debian entry about the libnss-winbind split and, while at it, add an entry for libpam-winbind too (as it will affect upgrades from squeeze). * Drop code that was moving files around in samba.postinst and winbind.postinst for pre-squeeze versions of the package. * Drop code that was modifying a deprecated "passdb backend" setting in smb.conf for pre-squeeze versions of the package (in samba-common.config). * Add Should-Start dependency to winbind init script to guarantee that the samba init script is started before winbind if present. Closes: #638066 * Provide a (basic) manpage to smbtorture(1). Closes: #528735 * Turkish debconf translation update (Atila KOÇ). Closes: #672447 * Drop the code that generates an smbpasswd file from the system's user list. This adds very long delays on systems with many users, including those with external user backends. It also makes much less sense nowadays and the use of libpam-smbpass can easily fill most of the needs. Closes: #671926 * Merged from Ubuntu: - Set 'usershare allow guests', so that usershare admins are allowed to create public shares in addition to authenticated ones. - add map to guest = Bad user, maps bad username to guest access. This allows for anonymous user shares. Closes: #672497 samba (2:3.6.5-1) unstable; urgency=low * New upstream release. Fixes CVE-2012-2111: Incorrect permission checks when granting/removing privileges can compromise file server security. * Build-Depend on debhelper >= 9~ (which is in unstable for a few months now) * Use "set -e" in maintainer scripts instead of passing -e in the shebang line * Update Standards to 3.9.3 (checked, no change) samba (2:3.6.4-1) unstable; urgency=low [ Christian Perrier ] * Two changes in the previous version should indeed read: - samba.postinst: Avoid scary pdbedit warnings on first import. - samba-common.postinst: Add more informative error message for the case where smb.conf was manually deleted. Closes: #664509 [ Jelmer Vernooij ] * New upstream release. + Fixes CVE-2012-1182: PIDL based autogenerated code allows overwriting beyond of allocated array. -- James Page