[ubuntu/focal-proposed] samba 2:4.11.5+dfsg-1ubuntu1 (Accepted)

Andreas Hasenack andreas at canonical.com
Wed Feb 19 20:12:16 UTC 2020


samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
    - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
      change nfs service name from nfs to nfs-kernel-server
      (LP #722201)
    - d/p/ctdb-config-enable-syslog-by-default.patch:
      enable syslog and systemd journal by default
    - debian/rules: Ubuntu i386 binary compatibility:
      + drop ceph support
      + disable the following binary packages:
        - ctdb
        - libnss-winbind
        - libpam-winbind
        - python3-samba
        - samba
        - samba-common-bin
        - samba-testsuite
        - winbind
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
    - debian/rules: Ubuntu i386 binary compatibility:
      + re-enable the following binary packages:
        - libnss-winbind
        - samba-common-bin
        - python3-samba
        - winbind
  * Dropped:
    - d/control: drop python3-matplotlib. It's only used in
      script/attr_count_read which is not installed with the
      samba packages.
      [In 2:4.11.3+dfsg-1]

samba (2:4.11.5+dfsg-1) unstable; urgency=medium

  * New upstream security release
    - CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
      Directory not automatic.
    - CVE-2019-14907: Crash after failed character conversion at log level 3 or
      above.
    - CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
    - Bump build-depends ldb >= 2.0.8

samba (2:4.11.3+dfsg-1) unstable; urgency=high

  * New upstream security release
    - Drop merged patches for previous security fixes
    - CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management
      server by creating records with matching the zone name.
    - CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was
      not being applied when processing protocol transition requests (S4U2Self),
      in the AD DC KDC.
  * d/control: drop python3-matplotlib
  * d/control: Fix stronger-dependency-implies-weaker
    (samba depends -> recommends python3-dnspython)

Date: Mon, 17 Feb 2020 15:29:35 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.11.5+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Feb 2020 15:29:35 -0300
Source: samba
Architecture: source
Version: 2:4.11.5+dfsg-1ubuntu1
Distribution: focal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Changes:
 samba (2:4.11.5+dfsg-1ubuntu1) focal; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - debian/VERSION.patch: Update vendor string to "Ubuntu".
     - debian/smb.conf;
       + Add "(Samba, Ubuntu)" to server string.
       + Comment out the default [homes] share, and add a comment about
         "valid users = %s" to show users how to restrict access to
         \\server\username to only username.
     - debian/samba-common.config:
       + Do not change priority to high if dhclient3 is installed.
     - d/control, d/rules: Disable glusterfs support because it's not in main.
       MIR bug is https://launchpad.net/bugs/1274247
     - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
       change nfs service name from nfs to nfs-kernel-server
       (LP #722201)
     - d/p/ctdb-config-enable-syslog-by-default.patch:
       enable syslog and systemd journal by default
     - debian/rules: Ubuntu i386 binary compatibility:
       + drop ceph support
       + disable the following binary packages:
         - ctdb
         - libnss-winbind
         - libpam-winbind
         - python3-samba
         - samba
         - samba-common-bin
         - samba-testsuite
         - winbind
     - debian/control: Ubuntu i386 binary compatibility:
       + drop ceph support
     - debian/rules: Ubuntu i386 binary compatibility:
       + re-enable the following binary packages:
         - libnss-winbind
         - samba-common-bin
         - python3-samba
         - winbind
   * Dropped:
     - d/control: drop python3-matplotlib. It's only used in
       script/attr_count_read which is not installed with the
       samba packages.
       [In 2:4.11.3+dfsg-1]
 .
 samba (2:4.11.5+dfsg-1) unstable; urgency=medium
 .
   * New upstream security release
     - CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
       Directory not automatic.
     - CVE-2019-14907: Crash after failed character conversion at log level 3 or
       above.
     - CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
     - Bump build-depends ldb >= 2.0.8
 .
 samba (2:4.11.3+dfsg-1) unstable; urgency=high
 .
   * New upstream security release
     - Drop merged patches for previous security fixes
     - CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management
       server by creating records with matching the zone name.
     - CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was
       not being applied when processing protocol transition requests (S4U2Self),
       in the AD DC KDC.
   * d/control: drop python3-matplotlib
   * d/control: Fix stronger-dependency-implies-weaker
     (samba depends -> recommends python3-dnspython)
Checksums-Sha1:
 322676f8869315f4f772a1d223af0bdae5979450 4363 samba_4.11.5+dfsg-1ubuntu1.dsc
 1e577a2595a185dfd1d80513dedeb79823f405d8 11763084 samba_4.11.5+dfsg.orig.tar.xz
 07194247b158ce4bfab57eb608785580178ec658 252996 samba_4.11.5+dfsg-1ubuntu1.debian.tar.xz
 a37b93e97de0db3e411b0103443edb59074aa534 11339 samba_4.11.5+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
 54057b38f6649e5fef31cce4d6ba25c86a13f03200ab98236338a437ae27f3bb 4363 samba_4.11.5+dfsg-1ubuntu1.dsc
 877f43bf855dc5590847c6098a6725197011613004698615d164446dcb67d468 11763084 samba_4.11.5+dfsg.orig.tar.xz
 a15e8b38af3c16639f68385399ff8995c58d11d439422b1ac92aaa43e3476d12 252996 samba_4.11.5+dfsg-1ubuntu1.debian.tar.xz
 6e48284c28ef529bc83a92effc3805e47b4755d7e3494fee9d1dfd26e471d8c3 11339 samba_4.11.5+dfsg-1ubuntu1_source.buildinfo
Files:
 89886ecc2140e897ccde86619dd9a2e9 4363 net optional samba_4.11.5+dfsg-1ubuntu1.dsc
 ddac43d8b7dee10f43ab08490c5dcc02 11763084 net optional samba_4.11.5+dfsg.orig.tar.xz
 f83e70f851f9b27982859dc6ce22fe0e 252996 net optional samba_4.11.5+dfsg-1ubuntu1.debian.tar.xz
 b8e93faba656d05cb2639e370d65da67 11339 net optional samba_4.11.5+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl5NlSoACgkQrJg+tb9r
y6nvthAAs2rqVcwb5qIZ5izgZigxyCR0F1ceq+Gtaq4BE+qFsEcrJaKdNCdmKWXT
FvYkA7ggOaR/0KyzaVXwhc0XTP2FK86J5Ao4z6++px+Ygbc+39mUjjQcXsRXooVV
cReXSxl8xvBAyOEbK7rP/fIX3mjSHRbRy9L0ZGas9E9OKglPZioT3U30bZmLstkC
/J/GauN1koAOkXJNnxj1WCb6LI+nLRw+Ej8IjS6Es/OBXeU4m52t/ePj8XPB4z+G
BT/G2Xqcz4OKFJoCMCOMQKRktFBSRDQCpI//Lg+AyYn9ZKHAUsUEEeO+yFDwK4UF
5ot7lnRrhYQW8XBZRDCkmJ3IxMnL1gwnhEiAjIYDr6Vgqjwzu+GW5RHaXBxqQLIy
pUMO5APalM3jEleUIgVxScCXKuBkqpfggF6/4+H4c3MuUxgvto49RLXeb83jq/6+
XOZyZMaPQbK348qil4CcTU45Pfc/ApZ9DHf+6wUy+xLARcDEfo8DrRX3MDKe6E2u
skYTFArgojMKjk4WzrVtBeox6INIuytoNKyr27i0XXQl6Z8mvueoz0Yk/7R0mFcm
X8d+u+kRMTr2LZC8f83iO1gIQ0oLgkUl+l2qTJbZfZYeNfWdiB5SC88lpJez2YX6
kur3OsmX9x4wDDyz1z138DkENFvUKDbVhqMx/Rjbi7wlEfywXYI=
=11qS
-----END PGP SIGNATURE-----


More information about the Focal-changes mailing list