[Bug 1659707] [NEW] Please merge with Debian unstable 2:4.5.4+dfsg-1

Nish Aravamudan nish.aravamudan at canonical.com
Fri Jan 27 01:24:04 UTC 2017 

Public bug reported:

samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (LP: #, LP: #). Remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

 -- Nishanth Aravamudan <nish.aravamudan at canonical.com>  Thu, 26 Jan
2017 17:20:15 -0800

** Affects: samba (Ubuntu)
     Importance: High
     Assignee: Nish Aravamudan (nacc)
         Status: In Progress

** Changed in: samba (Ubuntu)
   Importance: Undecided => High

** Changed in: samba (Ubuntu)
     Assignee: (unassigned) => Nish Aravamudan (nacc)

** Changed in: samba (Ubuntu)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1659707

Title:
  Please merge with Debian unstable 2:4.5.4+dfsg-1

Status in samba package in Ubuntu:
  In Progress

Bug description:
  samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium

    * Merge from Debian unstable (LP: #, LP: #). Remaining changes:
      + debian/VERSION.patch: Update vendor string to "Ubuntu".
      + debian/smb.conf;
        - Add "(Samba, Ubuntu)" to server string.
        - Comment out the default [homes] share, and add a comment about "valid users = %s"
           to show users how to restrict access to \\server\username to only username.
      + debian/samba-common.config:
        - Do not change prioritiy to high if dhclient3 is installed.
      + Add apport hook:
        - Created debian/source_samba.py.
        - debian/rules, debia/samb-common-bin.install: install hook.
      + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
        pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
      + debian/patches/winbind_trusted_domains.patch: make sure domain members
        can talk to trusted domains DCs.
        [ update patch based upon upstream discussion ]
      + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
        to be statically linked fixes LP #1584485.
      + d/rules: Compile winbindd/winbindd statically.
    * Drop:
      - Delete debian/.gitignore
      [ Previously undocumented ]
      - debian/patches/git_smbclient_cpu.patch:
        + backport upstream patch to fix smbclient users hanging/eating cpu on
          trying to contact a machine which is not there (lp #1572260)
      [ Fixed upstream ]
      - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
        + debian/patches/CVE-2016-2123.patch: check lengths in
          librpc/ndr/ndr_dnsp.c.
        + CVE-2016-2123
      [ Fixed in Debian ]
      - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
        + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
          source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
          source4/auth/gensec/gensec_gssapi.c.
        + CVE-2016-2125
      [ Fixed in Debian ]
      - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
        + debian/patches/CVE-2016-2126.patch: only allow known checksum types
          in auth/kerberos/kerberos_pac.c.
        + CVE-2016-2126
      [ Fixed in Debian ]

   -- Nishanth Aravamudan <nish.aravamudan at canonical.com>  Thu, 26 Jan
  2017 17:20:15 -0800

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1659707/+subscriptions

More information about the foundations-bugs mailing list