[ubuntu/groovy-proposed] samba 2:4.12.5+dfsg-3ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Fri Jul 31 16:29:15 UTC 2020
samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
* Dropped:
- d/gbp.conf, d/watch, d/README.source: update for 4.12
[In 2:4.12.3+dfsg-1]
- d/control: bump build-depends:
+ ldb: 2.1.2
+ tevent: 0.10.2
+ tdb: 1.4.3
+ talloc: 2.3.1
[In 2:4.12.3+dfsg-1]
- d/smbclient.install: add new binary mdfind and its manpage
[In 2:4.12.3+dfsg-1]
- d/samba-dev.install, d/samba-libs.install: new lib
libdcerpc-server-core
[In 2:4.12.3+dfsg-1]
- d/samba-libs.install: new library libtalloc-report-printf
[In 2:4.12.3+dfsg-1]
- d/libwbclient0.install: remove libaesni, no longer built when
gnutls provides AES CMAC
[In 2:4.12.3+dfsg-1]
- d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
[In 2:4.12.3+dfsg-1]
- d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
[Dropped in 2:4.12.3+dfsg-1]
samba (2:4.12.5+dfsg-3) unstable; urgency=high
* Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
(Closes: #963971)
* Add patch traffic_packets: fix SyntaxWarning: "is" with a literal
(Closes: #964165)
* Add patch Rename mdfind to mdsearch (Closes: #963985)
samba (2:4.12.5+dfsg-2) unstable; urgency=high
* Add missing symbol (path_expand_tilde)
samba (2:4.12.5+dfsg-1) unstable; urgency=high
* New upstream security release:
- CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results
- CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
- CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
- Bump build-depends ldb >= 2.1.4
samba (2:4.12.3+dfsg-2) unstable; urgency=medium
* Upload to unstable
samba (2:4.12.3+dfsg-1) experimental; urgency=medium
* New upstream major version (Closes: #963106)
- Update d/gbp.conf, d/watch and d/README.source for 4.12
- Drop merged patches
- Bump build-depends talloc >= 2.3.1, tdb >= 1.4.3, tevent >= 0.10.2 and
ldb >= 2.1.3
- Upstream fixes:
+ pygpo: use correct method flags
(Closes: #963242, #961585, #960171, #956428)
+ CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC
LDAP servers, handled 'Paged Results' control is combined with the 'ASQ'
control. A malicious user in a samba AD could use this flaw to cause
denial of service (Closes: #960189)
+ CVE-2020-10704: A flaw was found when using samba as an Active Directory
Domain Controller. Due to the way samba handles certain requests as an
Active Directory Domain Controller LDAP server, an unauthorized user can
cause a stack overflow leading to a denial of service. The highest
threat from this vulnerability is to system availability
(Closes: #960188)
- intel aes-ni no more needed as GnuTLS is used
- Install new files
- Update symbols
- Update samba-libs.lintian-overrides
* d/control: Remove unused libattr1-dev Build-Depends (Closes: #953915)
Date: Fri, 31 Jul 2020 11:07:47 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.12.5+dfsg-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 31 Jul 2020 11:07:47 -0300
Source: samba
Architecture: source
Version: 2:4.12.5+dfsg-3ubuntu1
Distribution: groovy
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 953915 956428 960171 960188 960189 961585 963106 963242 963971 963985 964165
Changes:
samba (2:4.12.5+dfsg-3ubuntu1) groovy; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- d/p/VERSION.patch: Update vendor string to "Ubuntu".
- debian/smb.conf;
+ Add "(Samba, Ubuntu)" to server string.
+ Comment out the default [homes] share, and add a comment about
"valid users = %s" to show users how to restrict access to
\\server\username to only username.
- debian/samba-common.config:
+ Do not change priority to high if dhclient3 is installed.
- d/control, d/rules: Disable glusterfs support because it's not in main.
MIR bug is https://launchpad.net/bugs/1274247
- d/p/fix-nfs-service-name-to-nfs-kernel-server.patch:
change nfs service name from nfs to nfs-kernel-server
(LP #722201)
- d/p/ctdb-config-enable-syslog-by-default.patch:
enable syslog and systemd journal by default
- debian/rules: Ubuntu i386 binary compatibility:
+ drop ceph support
+ disable the following binary packages:
- ctdb
- libnss-winbind
- libpam-winbind
- python3-samba
- samba
- samba-common-bin
- samba-testsuite
- winbind
- debian/control: Ubuntu i386 binary compatibility:
+ drop ceph support
- debian/rules: Ubuntu i386 binary compatibility:
+ re-enable the following binary packages:
- libnss-winbind
- samba-common-bin
- python3-samba
- winbind
- d/control: add a versioned libgnutls28-dev build-depends to reduce
the amount of in-tree crypto code that is built
* Dropped:
- d/gbp.conf, d/watch, d/README.source: update for 4.12
[In 2:4.12.3+dfsg-1]
- d/control: bump build-depends:
+ ldb: 2.1.2
+ tevent: 0.10.2
+ tdb: 1.4.3
+ talloc: 2.3.1
[In 2:4.12.3+dfsg-1]
- d/smbclient.install: add new binary mdfind and its manpage
[In 2:4.12.3+dfsg-1]
- d/samba-dev.install, d/samba-libs.install: new lib
libdcerpc-server-core
[In 2:4.12.3+dfsg-1]
- d/samba-libs.install: new library libtalloc-report-printf
[In 2:4.12.3+dfsg-1]
- d/libwbclient0.install: remove libaesni, no longer built when
gnutls provides AES CMAC
[In 2:4.12.3+dfsg-1]
- d/libsmbclient.symbols, d/libwbclient0.symbols: update symbols
[In 2:4.12.3+dfsg-1]
- d/p/build-Remove-tests-for-getdents-and-getdirentries.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-remove-all-checks-for-_FUNC-and-__FUNC.patch
[Dropped in 2:4.12.3+dfsg-1]
- d/p/wscript-split-function-check-to-one-per-line-and-sor.patch
[Dropped in 2:4.12.3+dfsg-1]
.
samba (2:4.12.5+dfsg-3) unstable; urgency=high
.
* Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump
(Closes: #963971)
* Add patch traffic_packets: fix SyntaxWarning: "is" with a literal
(Closes: #964165)
* Add patch Rename mdfind to mdsearch (Closes: #963985)
.
samba (2:4.12.5+dfsg-2) unstable; urgency=high
.
* Add missing symbol (path_expand_tilde)
.
samba (2:4.12.5+dfsg-1) unstable; urgency=high
.
* New upstream security release:
- CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results
- CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
- CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
- CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
- Bump build-depends ldb >= 2.1.4
.
samba (2:4.12.3+dfsg-2) unstable; urgency=medium
.
* Upload to unstable
.
samba (2:4.12.3+dfsg-1) experimental; urgency=medium
.
* New upstream major version (Closes: #963106)
- Update d/gbp.conf, d/watch and d/README.source for 4.12
- Drop merged patches
- Bump build-depends talloc >= 2.3.1, tdb >= 1.4.3, tevent >= 0.10.2 and
ldb >= 2.1.3
- Upstream fixes:
+ pygpo: use correct method flags
(Closes: #963242, #961585, #960171, #956428)
+ CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC
LDAP servers, handled 'Paged Results' control is combined with the 'ASQ'
control. A malicious user in a samba AD could use this flaw to cause
denial of service (Closes: #960189)
+ CVE-2020-10704: A flaw was found when using samba as an Active Directory
Domain Controller. Due to the way samba handles certain requests as an
Active Directory Domain Controller LDAP server, an unauthorized user can
cause a stack overflow leading to a denial of service. The highest
threat from this vulnerability is to system availability
(Closes: #960188)
- intel aes-ni no more needed as GnuTLS is used
- Install new files
- Update symbols
- Update samba-libs.lintian-overrides
* d/control: Remove unused libattr1-dev Build-Depends (Closes: #953915)
Checksums-Sha1:
6317731091ae3a3b3ddb8754c6c76a1e8b54c3ec 4360 samba_4.12.5+dfsg-3ubuntu1.dsc
90f76ab5ba834a00febe8365a599348f1b38b067 11556592 samba_4.12.5+dfsg.orig.tar.xz
67055c9c754ff0c2bc58dd2a77ee34539f30c9d7 255324 samba_4.12.5+dfsg-3ubuntu1.debian.tar.xz
3fbfc97ab9eb7bfba8b9c26d61ebf58847a5dec8 8878 samba_4.12.5+dfsg-3ubuntu1_source.buildinfo
Checksums-Sha256:
9d4ab370dc82748d53648c4e3c48624af241d49750f741b50c5a4cedc4fe36af 4360 samba_4.12.5+dfsg-3ubuntu1.dsc
c924fe1954d81284b7de34f3e287c61d9fad982485ce80fe7db5c60f6d4869ee 11556592 samba_4.12.5+dfsg.orig.tar.xz
d188af2921460651df07f6472dbf336a79d6bd6fda56bf8312dab79609f66f1f 255324 samba_4.12.5+dfsg-3ubuntu1.debian.tar.xz
56ae070867d8788f55200b72a5171339671e13ccc81906074c8a6c2af5f114e2 8878 samba_4.12.5+dfsg-3ubuntu1_source.buildinfo
Files:
740ad90d9ad70d562046925c01110cf1 4360 net optional samba_4.12.5+dfsg-3ubuntu1.dsc
b0a6f0d66f6761c1b70ec3347a7e1f9a 11556592 net optional samba_4.12.5+dfsg.orig.tar.xz
033215afb406024d6ad85c57bf654fac 255324 net optional samba_4.12.5+dfsg-3ubuntu1.debian.tar.xz
3f683997a697122e6019f100bf33747c 8878 net optional samba_4.12.5+dfsg-3ubuntu1_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl8kRokACgkQrJg+tb9r
y6kgYBAAi00aSXNLoSYtpDN3dIgDFWxapdvb/7ZZXmAA/TFCSUR6bGN68JchNgzt
Wsf9HvbqIP88fDVoqJInTw6gm4RMuhMKxSQ1uxrQCdnc+QT7y1K9TYY5arnduk2Y
y1qVXQb9rOivgDZezfym0vSF18QWH+mIE0PtKnWqk21LSLVBBpwhDvB14E5ObNEe
Y7+ou6choBohlszOnfzA5FUeMO5plU/IX7OWntJ387ayPWsnhLnFcLvOQR6/AtCK
0VycaNB9v0yGx7Jhj220CenSwhZqANU/PYO4Q1kqfiCS+lochbvYTaTAH7A7SJW6
2T1U9yVOoOhAQ0KRgac6XlZN2MhvQLK2Q7DzT1fSSKipRJzvkgmvAuY9nCa95wbG
deQSlbfAgBbH4bKGyMb79mZm1h25dnYOOkFLVbtApUzF86FLL0x/kf/7MPQbuQqt
kIS3qaQXhm0kXMgruJAk85sdLC7HSw2xYCptprj8SJ4T/DD8+c0fvJVQ/Ua9YuzQ
YjJIpSsazpg5UNzFPL8i/RHfsCDoNYORmIqC3SyQ0c2FkHvhFtL0XW2bniXlI8km
7CpdG4XBd7m1uT4AEUw6nIf7Q0YvcpPyh4IGzOqEOFpXbwaIC0d2GRxPu6Umh8a0
A/TuYr3V4sEPpIEsQoPJskfWG2BtfhI4puQrVqVdNwat5kD8V70=
=7ojT
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list