[Bug 449735] Re: [SRU] [karmic] Long SMB share names invisible and corrupts encodings
Launchpad Bug Tracker
449735 at bugs.launchpad.net
Tue Nov 3 15:50:08 GMT 2009
This bug was fixed in the package samba - 2:3.4.2-1ubuntu1
---------------
samba (2:3.4.2-1ubuntu1) lucid; urgency=low
* Merge from debian unstable, remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu
+ debian/smb.conf:
- Add "(Samaba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s" to show users
how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are
allowed to create public shares in addition to authenticated ones.
- add map to guest = Bad user, maps bad username to guest access.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd.awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libwbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb.
- Build-depend on libreadline-dev instead of libreadline5-dev.
+ debian/rules:
- enable "native" PIE hardening.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ debian/patches/fix-smbclient-long-names.patch: Samba shares with more than 12 characters are not
displayed. (LP: #449735)
+ Dropped:
- debian/patches/536757.patch: Already upstream
- debian/patches/net-usershare-list-3.4.0.patch: Already upstream
- debian/patches/fix-crash-when-loading-interfaces.patch: Already upstream
- debian/patches/fix-upstream-6680.patch: Already upstream
- debian/patches/security-CVE-2009-2813.patch: Already upstream
- debian/patches/security-CVE-2009-2948.patch: Already upstream
- debian/patches/security-CVE-2009-2906.patch: Already upstream
samba (2:3.4.2-1) unstable; urgency=high
* New upstream release. Security update.
* CVE-2009-2813:
Connecting to the home share of a user will use the root of the
filesystem as the home directory if this user is misconfigured to
have an empty home directory in /etc/passwd.
* CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it
a credential or password path to which he or she does not have
access and then use the --verbose option to view the first line of
that file.
* CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections
can send smbd into a 100% CPU loop, causing a DoS on the Samba
server.
samba (2:3.4.1-2) unstable; urgency=low
* ./configure --disable-avahi, to avoid accidentally picking up an avahi
dependency when libavahi-common-dev is installed.
samba (2:3.4.1-1) unstable; urgency=low
[ Christian Perrier ]
* New upstream release. This fixes the following bugs:
- smbd SIGSEGV when breaking oplocks. Thanks to Petr Vandrovec
for the clever analysis and collaboration with upstream.
Closes: #541171
- Fix password change propagation with ldapsam. Closes: #505215
- Source package contains non-free IETF RFC/I-D. Closes: #538034
* Turn the build dependency on libreadline5-dev to libreadline-dev
to make further binNMUs easier when libreadline soname changes
Thanks to Matthias Klose for the suggestion
[ Steve Langasek ]
* Don't build talloctort when using --enable-external-talloc; and don't
try to include talloctort in the samba-tools package, since we're
building with --enable-external-talloc. :) Closes: #546828.
samba (2:3.4.0-5) unstable; urgency=low
* Move /etc/pam.d/samba back to samba-common, because it's shared with
samba4. Closes: #545764.
samba (2:3.4.0-4) unstable; urgency=low
[ Steve Langasek ]
* debian/samba.pamd: include common-session-noninteractive instead of
common-session, to avoid pulling in modules specific to interactive
logins such as pam_ck_connector.
* debian/control: samba depends on libpam-runtime (>= 1.0.1-11) for the
above.
* rename debian/samba.pamd to debian/samba.pam and call dh_installpam
from debian/rules install, bringing us a smidge closer to a stock
debhelper build
* don't call pyversions from debian/rules, this throws a useless error
message during build.
* fix up the list of files that need to be removed by hand in the clean
target; the majority of these are now correctly handled upstream.
* debian/rules: fix the update-arch target for the case of unversioned
build-deps.
* Pull avr32 into the list of supported Linux archs. Closes: #543543.
* Fix LSB header in winbind.init; thanks to Petter Reinholdtsen for the
patch. Closes: #541367.
[ Christian Perrier ]
* Use DEP-3 for patches meta-information
[ Steve Langasek ]
* Change swat update-inetd call to use --remove only on purge,
and --disable on removal.
* Add missing build-dependency on pkg-config, needed to fix libtalloc
detection
* debian/patches/external-talloc-support.patch: fix the Makefile so it
works when using external talloc instead of giving a missing-depend
error.
* debian/patches/autoconf.patch: resurrect this patch, needed for the
above.
* debian/rules: build with --without-libtalloc
--enable-external-libtalloc, also needed to fix the build failure.
-- Chuck Short <zulcss at ubuntu.com> Wed, 21 Oct 2009 22:14:57 +0100
** Changed in: samba (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2813
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2906
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2948
--
[SRU] [karmic] Long SMB share names invisible and corrupts encodings
https://bugs.launchpad.net/bugs/449735
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
More information about the Ubuntu-server-bugs
mailing list