lp:~stefanor/ubuntu/lucid/samba/ntlm-auth-623342
- Get this branch:
- bzr branch lp:~stefanor/ubuntu/lucid/samba/ntlm-auth-623342
Branch merges
- Ubuntu Development Team: Pending requested
-
Diff: 19843 lines (+18478/-101)96 files modified.pc/applied-patches (+2/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_select.c (+247/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_standard.c (+569/-0)
.pc/security-CVE-2011-0719.patch/nsswitch/wb_common.c (+690/-0)
.pc/security-CVE-2011-0719.patch/source3/client/client.c (+5022/-0)
.pc/security-CVE-2011-0719.patch/source3/client/dnsbrowse.c (+237/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/events.c (+304/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/packet.c (+267/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/readline.c (+201/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/select.c (+206/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/util_sock.c (+1989/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/wbclient.c (+715/-0)
.pc/security-CVE-2011-0719.patch/source3/libaddns/dnssock.c (+377/-0)
.pc/security-CVE-2011-0719.patch/source3/libads/cldap.c (+308/-0)
.pc/security-CVE-2011-0719.patch/source3/libsmb/nmblib.c (+1399/-0)
.pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c (+1967/-0)
.pc/security-CVE-2011-0719.patch/source3/utils/smbfilter.c (+295/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd.c (+1440/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd_dual.c (+1477/-0)
debian/changelog (+18/-0)
debian/control (+1/-1)
debian/patches/ntlm-auth-lp623342.patch (+63/-0)
debian/patches/security-CVE-2011-0719.patch (+438/-0)
debian/patches/series (+2/-1)
debian/po/ar.po (+1/-1)
debian/po/ast.po (+1/-1)
debian/po/be.po (+1/-1)
debian/po/bg.po (+1/-1)
debian/po/bn.po (+1/-1)
debian/po/bs.po (+1/-1)
debian/po/ca.po (+3/-3)
debian/po/cs.po (+1/-1)
debian/po/da.po (+1/-1)
debian/po/de.po (+1/-1)
debian/po/dz.po (+1/-1)
debian/po/el.po (+1/-1)
debian/po/eo.po (+1/-1)
debian/po/es.po (+2/-3)
debian/po/et.po (+1/-1)
debian/po/eu.po (+1/-1)
debian/po/fi.po (+1/-1)
debian/po/fr.po (+1/-1)
debian/po/gl.po (+1/-1)
debian/po/gu.po (+1/-1)
debian/po/he.po (+1/-1)
debian/po/hu.po (+1/-1)
debian/po/id.po (+1/-1)
debian/po/it.po (+1/-1)
debian/po/ja.po (+1/-1)
debian/po/ka.po (+1/-1)
debian/po/km.po (+1/-1)
debian/po/ko.po (+1/-1)
debian/po/ku.po (+1/-1)
debian/po/lt.po (+3/-3)
debian/po/ml.po (+1/-1)
debian/po/mr.po (+4/-4)
debian/po/nb.po (+6/-6)
debian/po/ne.po (+1/-1)
debian/po/nl.po (+1/-1)
debian/po/nn.po (+5/-5)
debian/po/pl.po (+1/-1)
debian/po/pt.po (+1/-1)
debian/po/pt_BR.po (+1/-1)
debian/po/ro.po (+1/-1)
debian/po/ru.po (+3/-3)
debian/po/sk.po (+1/-1)
debian/po/sl.po (+1/-1)
debian/po/sq.po (+1/-1)
debian/po/sv.po (+1/-1)
debian/po/ta.po (+1/-1)
debian/po/th.po (+1/-1)
debian/po/tl.po (+1/-1)
debian/po/tr.po (+1/-1)
debian/po/vi.po (+11/-12)
debian/po/wo.po (+1/-1)
debian/po/zh_CN.po (+1/-1)
debian/po/zh_TW.po (+1/-1)
lib/tevent/tevent_select.c (+10/-0)
lib/tevent/tevent_standard.c (+5/-0)
nsswitch/wb_common.c (+17/-0)
source3/client/client.c (+3/-1)
source3/client/dnsbrowse.c (+11/-0)
source3/lib/events.c (+8/-0)
source3/lib/packet.c (+5/-0)
source3/lib/readline.c (+5/-0)
source3/lib/select.c (+12/-0)
source3/lib/util_sock.c (+9/-2)
source3/lib/wbclient.c (+8/-1)
source3/libaddns/dnssock.c (+5/-0)
source3/libads/cldap.c (+5/-0)
source3/libsmb/nmblib.c (+5/-0)
source3/nmbd/nmbd_packets.c (+22/-2)
source3/utils/smbfilter.c (+6/-2)
source3/winbindd/winbindd.c (+6/-0)
source3/winbindd/winbindd_cm.c (+13/-7)
source3/winbindd/winbindd_dual.c (+7/-0)
Branch information
- Owner:
- Stefano Rivera
- Status:
- Development
Recent revisions
- 105. By Stefano Rivera
-
debian/
patches/ ntlm-auth- lp623342. patch: ntlm_auth returns an invalid
response key. (LP: #623342) Patch taken from upstream
(https://bugzilla. samba.org/ show_bug. cgi?id= 7568) - 104. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via missing range checks on file
descriptors
- debian/patches/ security- CVE-2011- 0719.patch: validate miscellaneous
file descriptors.
- CVE-2011-0719 - 103. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via large number of SID sub authorities
- debian/patches/ security- CVE-2010- 3069.patch: limit number of SID
sub authorities in libcli/security/ dom_sid. *, source3/ lib/util_ sid.c,
source3/libads/ ldap.c, source3/ libsmb/ cliquota. c,
source3/smbd/nttrans. c.
- CVE-2010-3069 - 102. By Thierry Carrez
-
debian/
winbind. pam-config: Fix potential breakage with stacking of
lower-priority modules in common-passwd (LP: #556996) - 101. By Thierry Carrez
-
* debian/
winbind. pam-config: Fix password PAM profile for winbind, thanks to
Steve Langasek for investigation and fix (LP: #546874)
* debian/winbind. prerm, debian/ winbind. postinst: Enable and disable winbind
PAM profile on package install/removal (LP: #556342) - 100. By Chuck Short
-
* Merge from debian testing. Remaining changes:
+ debian/patches/ VERSION. patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are allowed to create
public shares in additon to authenticated ones.
- add map to guest = Bad user, maps bad username to gues access.
+ debian/samba-common. conf:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd. awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libswbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb, since its not in main yet.
+ debian/rules:
- Enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw. profile.
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ Add apport hook:
- Created debian/source_ samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common- bin.files: install
+ debian/control: Recommend keyutils for smbfs (LP: #493565)
+ debian/patches/ ubuntu- gecos-fix. patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572)
+ debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741)
+ debian/samba.logrotate : Make it upstart compatible (LP: #529290)
+ debian/samba-common. dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
+ Dropped:
debian/patches/ debian/ patches/ security- CVE-2010- 0728.patch: Included upstream. - 99. By Thierry Carrez
-
[Thierry Carrez]
* debian/samba.postinst: Avoid scary pdbedit warnings on first import
(LP: #24741)[Chuck Short]
* debian/samba.logrotate : Make it upstart compatible (LP: #529290)
* debian/samba-common. dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374) - 98. By Marc Deslauriers
-
* SECURITY UPDATE: permission bypass via incorrect CAP_DAC_OVERRIDE
handling.
- debian/patches/ security- CVE-2010- 0728.patch: fix capability handling
in source3/{include/ smb.h,lib/ system. c,smbd/ server. c}.
- CVE-2010-0728
* Removed patches:
- debian/patches/ debian- changes- 2:3.4.5~ dfsg-2ubuntu2: merge error
- debian/patches/ debian- changes- 2:3.4.6~ dfsg-1ubuntu1: merge error - 97. By Chuck Short
-
* Merge from debian unstable. Remaining changes:
+ debian/patches/ VERSION. patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
- Set 'usershare allow guests', so that usershare admins are allowed to create
public shares in additon to authenticated ones.
- add map to guest = Bad user, maps bad username to gues access.
+ debian/samba-common. conf:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/mksambapasswd. awk:
- Do not add user with UID less than 1000 to smbpasswd.
+ debian/control:
- Make libswbclient0 replace/conflict with hardy's likewise-open.
- Don't build against ctdb, since its not in main yet.
+ debian/rules:
- Enable "native" PIE hardening.
- Add BIND_NOW to maximize benefit of RELRO hardening.
+ Add ufw integration:
- Created debian/samba.ufw. profile.
- debian/rules, debian/samba.dirs, debian/samba.files: install
+ Add apport hook:
- Created debian/source_ samba.py.
- debian/rules, debian/samba.dirs, debian/samba-common- bin.files: install
+ debian/control: Recommend keyutils for smbfs (LP: #493565)
+ Switch to upstart:
- Switch smbd and nmbd over to upstart jobs, to ensure nmbd starts reliably
after the network is up. LP: #523868.
+ debian/patches/ ubuntu- gecos-fix. patch: Fix gecos parsing backported
from Samba 3.5.x. (LP: #182572)
+ debian/patches/ security- CVE-2009- 3297.patch: validate mount point and perform mount in "."
to prevent race in source3/client/ mount.cifs. c (CVE-2009-3297) - 96. By Chuck Short
-
debian/
patches/ ubuntu- gecos-fix. patch: Fix gecos parsing backported
from Samba 3.5.x. (LP: #182572)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/samba