-
samba (2:4.15.13+dfsg-0ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: SMB clients can truncate files with read-only
permissions
- debian/patches/CVE-2023-4091-*.patch
- CVE-2023-4091
* SECURITY UPDATE: Samba AD DC password exposure to privileged users and
RODCs
- debian/patches/CVE-2023-4154-*.patch
- CVE-2023-4154
* SECURITY UPDATE: rpcecho development server allows Denial of Service
via sleep() call on AD DC
- debian/patches/CVE-2023-42669.patch
- CVE-2023-42669
-- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 08:38:27 -0400
-
samba (2:4.15.13+dfsg-0ubuntu1.4) jammy; urgency=medium
* d/p/issue-when-updating-old-passwd-containing-regex-metachars.patch:
Add changes to fix uncaught exception when updating old password
containing regex metacharacters by simplifying samba-tool password
redaction (LP: #2002949).
-- Michal Maloszewski <email address hidden> Fri, 18 Aug 2023 15:53:14 +0200
-
samba (2:4.15.13+dfsg-0ubuntu1.3) jammy; urgency=medium
* d/p/secure-channel-faulty-kb5028166.patch: fix domain membership
after Windows KB5028166 update (LP: #2027716)
* Cherry pick samba AD DC provisioning DEP8 test from later Ubuntu
releases (LP: #1977746, LP: #2011745):
- d/t/control, d/t/util, d/t/samba-ad-dc-provisioning-internal-dns:
samba AD DC provisioning and domain join tests with internal DNS
+ d/t/control: adjust package dependencies
+ d/t/samba-ad-dc-provisioning-internal-dns: handle the case where
libnss-winbind does not automatically add winbind to
/etc/nsswitch.conf (that is done only in Lunar and later)
+ d/t/samba-ad-dc-provisioning-internal-dns: use case insensitive
match when inspecting kerberos tickets, as the hostname may be
capitalized
-- Andreas Hasenack <email address hidden> Sun, 23 Jul 2023 17:09:59 -0300
-
samba (2:4.15.13+dfsg-0ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
- debian/patches/CVE-2022-2127-*.patch
- CVE-2022-2127
* SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
- debian/patches/CVE-2023-34966-*.patch
- CVE-2023-34966
* SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
- debian/patches/CVE-2023-34967-*.patch
- CVE-2023-34967
* SECURITY UPDATE: Spotlight server-side Share Path Disclosure
- debian/patches/CVE-2023-34968-*.patch
- CVE-2023-34968
-- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:44:35 -0400
-
samba (2:4.15.13+dfsg-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
- debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
issue (some of these aren't directly used in this package as they
apply to the ldb library which is updated separately).
- debian/control: bump ldb Build-Depends to security update version.
- CVE-2023-0614
* SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
- debian/patches/CVE-2023-0922.patch: set default ldap client sasl
wrapping to seal.
- CVE-2023-0922
-- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400
-
samba (2:4.15.13+dfsg-0ubuntu1) jammy-security; urgency=medium
* Updated to upstream 4.15.13 to fix multiple security issues.
- debian/patches/win-22H2-fix.patch: removed, included in new version.
- CVE-2022-3437
- CVE-2022-37966
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-42898
- CVE-2022-45141
-- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 10:04:53 -0500
-
samba (2:4.15.9+dfsg-0ubuntu0.3) jammy; urgency=medium
* d/p/win-22H2-fix.patch: fix interoperability with Windows 22H2
clients (LP: #1993934)
-- Andreas Hasenack <email address hidden> Tue, 08 Nov 2022 10:59:27 -0300
-
samba (2:4.15.9+dfsg-0ubuntu0.2) jammy-security; urgency=medium
* Updated to 2.15.9 to fix multiple security issues.
- debian/control: require ldb 2.4.4.
- debian/*install: install libsmbconf.so*.
- debian/libwbclient0.symbols: updated symbols for new version.
- CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745,
CVE-2022-32746
* Removed patches included in new version:
- lp-1951490-fix-printing-KB5006743.patch
- add-support-for-bind-918.patch
- add-support-for-bind-918-2.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch
-- Marc Deslauriers <email address hidden> Thu, 28 Jul 2022 08:07:32 -0400
-
samba (2:4.15.5~dfsg-0ubuntu5.1) jammy; urgency=medium
* Fix abort when deleting a file and "fruit:resource = stream" is
used. (LP: #1977491)
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
Add test that shows smbd crashing when deleting a file while using
vfs_fruit with "fruit:resource = stream".
- d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
Handle file deleting when "fruit:resource = stream" is used.
-- Sergio Durigan Junior <email address hidden> Tue, 21 Jun 2022 16:31:40 -0400
-
samba (2:4.15.5~dfsg-0ubuntu5) jammy; urgency=medium
* Enable glusterfs support (LP: #1894618):
- d/control: revert disabling of glusterfs, since it's in main now
- d/rules: in Ubuntu, glusterfs is not built for i386, so don't
enable the samba glusterfs vfs mofule in that case
- d/control: build-depend on libglusterfs-dev only on !i386 arches
-- Andreas Hasenack <email address hidden> Wed, 09 Mar 2022 17:31:25 -0300
-
samba (2:4.15.5~dfsg-0ubuntu4) jammy; urgency=medium
* Build dlz module for bind 9.18.x (LP: #1964032)
- d/p/add-support-for-bind-918.patch: build a dlz module for
bind 9.18.x
- d/samba-libs.install: remove fixme comment
- d/p/add-support-for-bind-918-2.patch: also update the provisioning
tool and template config file
-- Andreas Hasenack <email address hidden> Fri, 25 Mar 2022 14:53:19 -0300
-
samba (2:4.15.5~dfsg-0ubuntu3) jammy; urgency=medium
* Update nfs scripts for new nfs.conf config (LP: #1961840):
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: updated to use
nfsconf(8) if it's available, instead of parsing the old config
files in /etc/default/nfs-*
- d/ctdb.example.nfs.conf: /etc/nfs.conf to be used by the example
enable-nfs.sh example script
- d/ctdb.example.quota: quota config file to be used by the example
enable-nfs.sh script
- d/ctdb.example.nfs-{common,kernel-server}: obsolete, replaced by
nfs.conf
- d/ctdb.example.enable.nfs.sh: handle new nfs.conf and other
changes in the new nfs server packages
- d/rules: install the new/changed ctdb example nfs files
-- Andreas Hasenack <email address hidden> Mon, 21 Mar 2022 11:55:54 -0300
-
samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
* d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
Windows 2021-10 Monthly Rollup patch (LP: #1951490)
-- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:32:59 -0300
-
samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
* d/{gpb.conf,watch,README.source}: update for 4.15
* New upstream release: 4.15.5 (LP: #1946839)
* d/p/Rename-mdfind-to-mdsearch.patch: removed, applied usptream
* d/rules: remove --with-dnsupdate, it was merged with
--with-ads in samba 4.15.0
* d/control: bump required build-depends
* d/rules: drop removal of ctdb tests, they are no longer installed
* Remove findsmb, no longer installed:
- d/smbclient.install: remove findsmb
- d/rules: drop fixing of findsmb shebang
* d/ctdb.install: remove ctdb_local_daemons, part of ctdb tests,
no longer installed
* d/samba-libs.install: update list of installed libraries and
modules/plugins
* d/ctdb.install: add tdb_mutex_check
* d/winbind.install: add async_dns_krb5_locator
* d/samba.install: install samba-bgqd and its manpage
* d/{libsmbclient,libwbclient0}.symbols: symbols updates
* d/control: add python3-markdown to build-depends
* d/watch: updated to handle ~dfsg versioning, thanks to
Sergio Durigan Junior <email address hidden>
-- Andreas Hasenack <email address hidden> Tue, 22 Feb 2022 17:59:22 -0300
-
samba (2:4.13.17~dfsg-0ubuntu2) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
-- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:31:06 +0000
-
samba (2:4.13.17~dfsg-0ubuntu1) jammy; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 14 Feb 2022 10:19:08 -0500
-
samba (2:4.13.14+dfsg-0ubuntu5) jammy; urgency=medium
* No-change rebuild for icu soname change
-- William 'jawn-smith' Wilson <email address hidden> Fri, 11 Feb 2022 11:36:14 -0600
-
samba (2:4.13.14+dfsg-0ubuntu4) jammy; urgency=medium
* d/t/util: fix setting the password of the smb test user
(LP: #1955851)
-- Andreas Hasenack <email address hidden> Thu, 20 Jan 2022 17:06:13 -0300
-
samba (2:4.13.14+dfsg-0ubuntu3) jammy; urgency=medium
* No-change rebuild with Python 3.10 as default version
-- Graham Inggs <email address hidden> Sun, 16 Jan 2022 07:01:34 +0000
-
samba (2:4.13.14+dfsg-0ubuntu2) jammy; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:09:36 -0500
-
samba (2:4.13.14+dfsg-0ubuntu1) jammy; urgency=medium
* Update to 4.13.14 as a security update (LP: #1950363)
- debian/patches/CVE-2021-20254.patch: removed, included in new
version.
- debian/control: bump ldb Build-Depends to 2.2.3.
- debian/samba-libs.install: added libdcerpc-pkt-auth.so.0.
- debian/patches/trusted_domain_regression_fix.patch: fix regression
introduced in 4.13.14.
- debian/patches/bug14901-*.patch: upstream patches to fix some
mapping issues.
- debian/patches/bug14918-*.patch: upstream patches to properly handle
dangling symlinks.
- CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 14:52:07 -0500
-
samba (2:4.13.5+dfsg-2ubuntu4) jammy; urgency=medium
* No-change rebuild against liburing2
-- Paride Legovini <email address hidden> Mon, 22 Nov 2021 18:08:34 +0100
-
samba (2:4.13.5+dfsg-2ubuntu3) impish; urgency=medium
* d/samba.postinst: do not populate sambashare from the admin group
(Debian packaging cherry-pick. LP: #1942195)
-- Paride Legovini <email address hidden> Wed, 06 Oct 2021 10:31:14 +0200
-
samba (2:4.13.5+dfsg-2ubuntu2) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 18:08:36 -0400
