enterprise-support team mailing list archive

Thread
Date
[Bug 1778125] Re: Please merge from debian's 4.8.2

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1778125@xxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Aug 2018 16:59:17 -0000
Reply-to: Bug 1778125 <1778125@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package samba - 2:4.8.4+dfsg-2ubuntu1

---------------
samba (2:4.8.4+dfsg-2ubuntu1) cosmic; urgency=medium

  * Merge with Debian unstable (LP: #1778125). Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247
  * Drop:
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
      [Accepted by Debian in 2:4.7.4+dfsg-2]
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
      [In Debian since 2:4.7.4+dfsg-2]
    - debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch:
      [PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
      Thanks to Andreas Schneider <asn@xxxxxxxxx>. (LP #1761737)
      [Fixed upstream]

samba (2:4.8.4+dfsg-2) unstable; urgency=high

  * Fix typo in previous release: s/usefull/useful/
  * Prepend 1.4.0+really to ldb version to allow samba-dsdb-modules install
    (Closes: #906562, #906568)
  * Urgency still set to high

samba (2:4.8.4+dfsg-1) unstable; urgency=high

  [ Andreas Hasenack ]
  * d/samba.logrotate: only try to reload the services if they are running
    (Closes: #902149)
  * Remove the deprecated "syslog" and "syslog only" options (Closes: #901138)

  [ Mathieu Parent ]
  * New upstream security release
    - CVE-2018-1139 Weak authentication protocol allowed
    - CVE-2018-1140 Denial of Service Attack on DNS and LDAP server
    - CVE-2018-10858 Insufficient input validation on client directory listing
      in libsmbclient
    - CVE-2018-10918 Denial of Service Attack on AD DC DRSUAPI server
    - CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server
    - Urgency set to high
    - Bump build-depends ldb >= 1.3.5 (actually 2:1.4.0+really1.3.5) for
      CVE-2018-1140
  * smb.conf: Remove "wins support" and "wins server" comments
  * smb.conf: Improve "logging" comments
  * smb.conf: Remove "dns proxy = no", only useful as a WINS server
  * smb.conf: Propose better idmap config
  * smb.conf: Remove "passdb backend = tdbsam" as this is the default
  * smb.conf: Fix "usershare max shares" default (patched to 100 instead of 0)
  * Standards-Version: 4.2.0
  * Set Rules-Requires-Root: binary-targets as chmod is used
  * Remove override_dh_strip target as dbgsym migration is complete

samba (2:4.8.2+dfsg-2) unstable; urgency=medium

  * Update panic-action script message, samba-dbg renamed to samba-dbgsym
    (Closes: #900242)
  * Ensure /var/lib/samba/dhcp.conf exists (Closes: #901585)
  * Check smb.conf with testparm, and also with samba-tool when
    server role = active directory domain controller (Closes: #900908)

samba (2:4.8.2+dfsg-1) unstable; urgency=medium

  * New upstream release
    - Bump build-depends ldb >= 1.3.3
  * Fix lintian warnings with patches recently merged upstream:
    - Add Fix-pidl-manpage-sections.patch
    - Add Fix-spelling.patch
    - Add Improve-vfs_linux_xfs_sgid-manpage.patch
  * Wrap very long lines in d/rules

samba (2:4.8.1+dfsg-2) unstable; urgency=low

  * Upload to unstable
  * Really ignore nmbd start errors when there is no non-loopback interface
    (Closes: #893762)
  * Ignore nmbd start errors when there is no local IPv4 non-loopback interface
    (Closes: #859526)
  * Fix possible-unindented-list-in-extended-description in samba-vfs-modules

samba (2:4.8.1+dfsg-1) experimental; urgency=medium

  * New upstream release
  * Add lintian override for "smbclient: executable-is-not-world-readable
    usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper 0700" (See #894720)
  * Improve samba-vfs-modules description (Closes: #776505)
  * Check smb.conf in samba-common-bin.postinst (Closes: #816301)
  * Mark libparse-pidl-perl, samba-dev, samba-dsdb-modules and samba-vfs-modules
    as"Multi-Arch: same"
  * Standards-Version: 4.1.4, no change
  * debian/smb.conf: Fix typo in comment line: sever -> server (Closes: #763648)
  * Read smb.conf until [print$] section instead of [cdrom] to preserve
    locally-defined shares (Closes: #776259)
  * Fix and improve dhcp integration:
    - dhclient3 was renamed to dhclient long time ago...
    - Remove /etc/samba/dhcp.conf on purge (Closes: #784713)
    - Move dhcp.conf out of /etc to allow ro root (Closes: #695362)
    - Update template for "Move dhcp.conf out of /etc to allow ro root"
  * Enable --accel-aes=intelaesni on DEB_HOST_GNU_CPU=x86_64 (Closes: #896196)
    - Use dh-exec to install libaesni-intel.so.0 only on amd64

samba (2:4.8.0+dfsg-2) experimental; urgency=medium

  * Remove unused and outdated debian/README.debian (debian/README.Debian is
    used instead)
  * Mask services as appropriate in samba and winbind postinst (Closes: #863285)
    - mask samba-ad-dc unless server role = active directory domain controller
      (as before)
    - mask smbd and nmbd when server role = active directory domain controller
    - mask nmbd when disable netbios = yes (Closes: #866125)
  * Set smbspool_krb5_wrapper permissions to 0700 (Closes: #894720, #372270)
  * Remove Depends: samba-libs of lib{nss,pam}-winbind
  * Mark winbind "Multi-Arch: allowed" and make lib{pam,nss}-winbind depends on
    winbind:any to allow co-installation (Closes: #881100)
  * Ignore nmbd start errors when there is no non-loopback interface
    (Closes: #893762)

samba (2:4.8.0+dfsg-1) experimental; urgency=medium

  [ Mathieu Parent ]
  * New major upstream version
    - Update d/gbp.conf and d/watch for 4.8
    - Update upstream source from tag 'upstream/4.8.0+dfsg'
    - Re-apply patches
    - Remove patches merged upstream:
      + no_build_system.patch
      + systemd-syslog.target-is-obsolete.patch
      + Add-documentation-to-systemd-Unit-files.patch
      + fix_kill_path_in_units.patch
      + nmbd-requires-a-working-network.patch
      + CVE-2018-1050-11343-4.7.patch
      + CVE-2018-1057-v4-7.metze01.patches.txt
    - Bump build-depends talloc >= 2.1.11~, tdb >= 1.3.15~, tevent >= 0.9.36~
      and ldb >= 2:1.3.2~
    - Drop Build-Conflicts-Arch: libaio-dev, vfs_aio_linux was dropped
    - Update debian/*.install and use debian/not-installed
    - Update debian/libsmbclient.symbols
    - Upload to experimental
  * debian/README.source
    - Update instructions
    - Convert to Markdown
    - Add a symlink from README.source to README.source.md
  * debian/rules:
    - Use the new --systemd-install-services
    - Use dh_missing --fail-missing
    - Re-order debian/rules overrides in the order they are called
    - Remove broken get-packaged-orig-source target
    - Remove unused DEB_BUILD_OPT_FOO variables
    - Add some comments
    - Move all the custom installs from override_dh_install to
      override_dh_auto_install
    - Remove --sourcedir override to dh_install "since dh_install automatically
      looks for files in debian/tmp in debhelper compatibility level 7 and
      above"
    - PIDFile= is now correctly set in *.service

  [ Louis van Belle ]
  * Update d/control, Relax Build-Depends to allow backport

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Tue, 21 Aug 2018 09:57:57
-0300

** Changed in: samba (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1050

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1057

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10858

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10918

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10919

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1139

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1140

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1778125

Title:
  Please merge from debian's 4.8.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1778125/+subscriptions
References

[Bug 1778125] [NEW] Please merge from debian's 4.8.2
From: Andreas Hasenack, 2018-06-21