[ubuntu/zesty-proposed] samba 2:4.5.4+dfsg-1ubuntu1 (Accepted)

Nishanth Aravamudan nish.aravamudan at canonical.com
Thu Feb 9 00:33:17 UTC 2017


samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
    changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \\server\username to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
    + debian/patches/winbind_trusted_domains.patch: make sure domain members
      can talk to trusted domains DCs.
      [ update patch based upon upstream discussion ]
    + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
      to be statically linked fixes LP #1584485.
    + d/rules: Compile winbindd/winbindd statically.
  * Drop:
    - Delete debian/.gitignore
    [ Previously undocumented ]
    - debian/patches/git_smbclient_cpu.patch:
      + backport upstream patch to fix smbclient users hanging/eating cpu on
        trying to contact a machine which is not there (lp #1572260)
    [ Fixed upstream ]
    - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
      + debian/patches/CVE-2016-2123.patch: check lengths in
        librpc/ndr/ndr_dnsp.c.
      + CVE-2016-2123
    [ Fixed in Debian ]
    - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
      + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
        source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
        source4/auth/gensec/gensec_gssapi.c.
      + CVE-2016-2125
    [ Fixed in Debian ]
    - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
      + debian/patches/CVE-2016-2126.patch: only allow known checksum types
        in auth/kerberos/kerberos_pac.c.
      + CVE-2016-2126
    [ Fixed in Debian ]

Date: Thu, 26 Jan 2017 17:20:15 -0800
Changed-By: Nishanth Aravamudan <nish.aravamudan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.5.4+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Jan 2017 17:20:15 -0800
Source: samba
Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev python-samba samba-dsdb-modules samba-vfs-modules libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind libwbclient0 libwbclient-dev ctdb
Architecture: source
Version: 2:4.5.4+dfsg-1ubuntu1
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishanth Aravamudan <nish.aravamudan at canonical.com>
Description:
 ctdb       - clustered database to store temporary data
 libnss-winbind - Samba nameservice integration plugins
 libpam-winbind - Windows domain authentication integration plugin
 libparse-pidl-perl - IDL compiler written in Perl
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient-dev - Samba winbind client library - development files
 libwbclient0 - Samba winbind client library
 python-samba - Python bindings for Samba
 registry-tools - tools for viewing and manipulating the Windows registry
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - Samba common files used by both the server and the client
 samba-dev  - tools for extending Samba
 samba-dsdb-modules - Samba Directory Services Database
 samba-libs - Samba core libraries
 samba-testsuite - test suite from Samba
 samba-vfs-modules - Samba Virtual FileSystem plugins
 smbclient  - command-line SMB/CIFS clients for Unix
 winbind    - service to resolve user and group information from Windows NT ser
Launchpad-Bugs-Fixed: 1639962 1659707
Changes:
 samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
 .
   * Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
     changes:
     + debian/VERSION.patch: Update vendor string to "Ubuntu".
     + debian/smb.conf;
       - Add "(Samba, Ubuntu)" to server string.
       - Comment out the default [homes] share, and add a comment about "valid users = %s"
          to show users how to restrict access to \\server\username to only username.
     + debian/samba-common.config:
       - Do not change prioritiy to high if dhclient3 is installed.
     + Add apport hook:
       - Created debian/source_samba.py.
       - debian/rules, debia/samb-common-bin.install: install hook.
     + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
       pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
     + debian/patches/winbind_trusted_domains.patch: make sure domain members
       can talk to trusted domains DCs.
       [ update patch based upon upstream discussion ]
     + d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
       to be statically linked fixes LP #1584485.
     + d/rules: Compile winbindd/winbindd statically.
   * Drop:
     - Delete debian/.gitignore
     [ Previously undocumented ]
     - debian/patches/git_smbclient_cpu.patch:
       + backport upstream patch to fix smbclient users hanging/eating cpu on
         trying to contact a machine which is not there (lp #1572260)
     [ Fixed upstream ]
     - SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
       + debian/patches/CVE-2016-2123.patch: check lengths in
         librpc/ndr/ndr_dnsp.c.
       + CVE-2016-2123
     [ Fixed in Debian ]
     - SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
       + debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
         source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
         source4/auth/gensec/gensec_gssapi.c.
       + CVE-2016-2125
     [ Fixed in Debian ]
     - SECURITY UPDATE: privilege elevation in Kerberos PAC validation
       + debian/patches/CVE-2016-2126.patch: only allow known checksum types
         in auth/kerberos/kerberos_pac.c.
       + CVE-2016-2126
     [ Fixed in Debian ]
Checksums-Sha1:
 1ef39abfa1a0302b33d0e5bdc28a66daf9502a89 3713 samba_4.5.4+dfsg-1ubuntu1.dsc
 375876f76a81f9f2b1b0ccd307db5f1b1abbca24 20947924 samba_4.5.4+dfsg.orig.tar.gz
 268a070052004397f234205275c3e7fd3c93832c 233248 samba_4.5.4+dfsg-1ubuntu1.debian.tar.xz
Checksums-Sha256:
 7bf0c1d56b5d592a0074334261c08482d9fc17809e5e2b2aace5f19684e144ca 3713 samba_4.5.4+dfsg-1ubuntu1.dsc
 8723ce8d9207f96be622794f3cdfefa124f899076ca75495760db81cd66daf50 20947924 samba_4.5.4+dfsg.orig.tar.gz
 4115bdd9e0fc3d7287516e2a8f08522e4963c2d306a7696468312c9af3b7a01f 233248 samba_4.5.4+dfsg-1ubuntu1.debian.tar.xz
Files:
 8f431973924645fdcd4fe85d8b38e20c 3713 net optional samba_4.5.4+dfsg-1ubuntu1.dsc
 d544a9f12ba947d4536d40c053e523e4 20947924 net optional samba_4.5.4+dfsg.orig.tar.gz
 bb76af32089e08fdaf961a912c144d8a 233248 net optional samba_4.5.4+dfsg-1ubuntu1.debian.tar.xz
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQE7BAEBCAAlBQJYm7dVHhxuaXNoLmFyYXZhbXVkYW5AY2Fub25pY2FsLmNvbQAK
CRADRGyeZjIE+EZ+B/4+t1g/dt1kB6qpVOq2MZ+McNdqK6R1ozzx6jqJ+/5la+yh
IfSXcziS9LoUy+nkUi6V8lR4YqV52EJZRBxDfe8VdWDvNuIor/gJ33UIhnT+tgGS
aMx7yz9ut7NBPgmfb/5D/ryTcRHBqJwZlUcHZBtbkIKUJJ8DgSglchmgvh5rvtLK
s7Z1jRDZLOOgVjCys6lEKLhuCVWp4wNarHws00Zh+0I7E0acnArh5nZplZIjy6Lm
fhmBttZqiQ4AqWcm+ZjdkcRnIAmuguXyikGew8pB6Z+OdC3hDIyPPTVibXR3I94O
bFGVQmfAYRWVYD2fGWNPaVIkP1fcs7sCnYmQOx5v
=FbcY
-----END PGP SIGNATURE-----


More information about the Zesty-changes mailing list