lp:~stefanor/ubuntu/lucid/samba/ntlm-auth-623342

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:ubuntu/lucid-proposed/samba

Ubuntu Development Team: Pending requested 2011-02-28

Diff: 19843 lines (+18478/-101)

96 files modified

.pc/applied-patches (+2/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_select.c (+247/-0)
.pc/security-CVE-2011-0719.patch/lib/tevent/tevent_standard.c (+569/-0)
.pc/security-CVE-2011-0719.patch/nsswitch/wb_common.c (+690/-0)
.pc/security-CVE-2011-0719.patch/source3/client/client.c (+5022/-0)
.pc/security-CVE-2011-0719.patch/source3/client/dnsbrowse.c (+237/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/events.c (+304/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/packet.c (+267/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/readline.c (+201/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/select.c (+206/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/util_sock.c (+1989/-0)
.pc/security-CVE-2011-0719.patch/source3/lib/wbclient.c (+715/-0)
.pc/security-CVE-2011-0719.patch/source3/libaddns/dnssock.c (+377/-0)
.pc/security-CVE-2011-0719.patch/source3/libads/cldap.c (+308/-0)
.pc/security-CVE-2011-0719.patch/source3/libsmb/nmblib.c (+1399/-0)
.pc/security-CVE-2011-0719.patch/source3/nmbd/nmbd_packets.c (+1967/-0)
.pc/security-CVE-2011-0719.patch/source3/utils/smbfilter.c (+295/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd.c (+1440/-0)
.pc/security-CVE-2011-0719.patch/source3/winbindd/winbindd_dual.c (+1477/-0)
debian/changelog (+18/-0)
debian/control (+1/-1)
debian/patches/ntlm-auth-lp623342.patch (+63/-0)
debian/patches/security-CVE-2011-0719.patch (+438/-0)
debian/patches/series (+2/-1)
debian/po/ar.po (+1/-1)
debian/po/ast.po (+1/-1)
debian/po/be.po (+1/-1)
debian/po/bg.po (+1/-1)
debian/po/bn.po (+1/-1)
debian/po/bs.po (+1/-1)
debian/po/ca.po (+3/-3)
debian/po/cs.po (+1/-1)
debian/po/da.po (+1/-1)
debian/po/de.po (+1/-1)
debian/po/dz.po (+1/-1)
debian/po/el.po (+1/-1)
debian/po/eo.po (+1/-1)
debian/po/es.po (+2/-3)
debian/po/et.po (+1/-1)
debian/po/eu.po (+1/-1)
debian/po/fi.po (+1/-1)
debian/po/fr.po (+1/-1)
debian/po/gl.po (+1/-1)
debian/po/gu.po (+1/-1)
debian/po/he.po (+1/-1)
debian/po/hu.po (+1/-1)
debian/po/id.po (+1/-1)
debian/po/it.po (+1/-1)
debian/po/ja.po (+1/-1)
debian/po/ka.po (+1/-1)
debian/po/km.po (+1/-1)
debian/po/ko.po (+1/-1)
debian/po/ku.po (+1/-1)
debian/po/lt.po (+3/-3)
debian/po/ml.po (+1/-1)
debian/po/mr.po (+4/-4)
debian/po/nb.po (+6/-6)
debian/po/ne.po (+1/-1)
debian/po/nl.po (+1/-1)
debian/po/nn.po (+5/-5)
debian/po/pl.po (+1/-1)
debian/po/pt.po (+1/-1)
debian/po/pt_BR.po (+1/-1)
debian/po/ro.po (+1/-1)
debian/po/ru.po (+3/-3)
debian/po/sk.po (+1/-1)
debian/po/sl.po (+1/-1)
debian/po/sq.po (+1/-1)
debian/po/sv.po (+1/-1)
debian/po/ta.po (+1/-1)
debian/po/th.po (+1/-1)
debian/po/tl.po (+1/-1)
debian/po/tr.po (+1/-1)
debian/po/vi.po (+11/-12)
debian/po/wo.po (+1/-1)
debian/po/zh_CN.po (+1/-1)
debian/po/zh_TW.po (+1/-1)
lib/tevent/tevent_select.c (+10/-0)
lib/tevent/tevent_standard.c (+5/-0)
nsswitch/wb_common.c (+17/-0)
source3/client/client.c (+3/-1)
source3/client/dnsbrowse.c (+11/-0)
source3/lib/events.c (+8/-0)
source3/lib/packet.c (+5/-0)
source3/lib/readline.c (+5/-0)
source3/lib/select.c (+12/-0)
source3/lib/util_sock.c (+9/-2)
source3/lib/wbclient.c (+8/-1)
source3/libaddns/dnssock.c (+5/-0)
source3/libads/cldap.c (+5/-0)
source3/libsmb/nmblib.c (+5/-0)
source3/nmbd/nmbd_packets.c (+22/-2)
source3/utils/smbfilter.c (+6/-2)
source3/winbindd/winbindd.c (+6/-0)
source3/winbindd/winbindd_cm.c (+13/-7)
source3/winbindd/winbindd_dual.c (+7/-0)

api

Related source package recipes

No recipes using this branch. (?)

Related snap packages

Related bugs

Bug #623342: ntlm_auth returns invalid NT_KEY

Low

Fix Released

Link a bug report

Related blueprints

105. By Stefano Rivera on 2011-02-28

debian/patches/ntlm-auth-lp623342.patch: ntlm_auth returns an invalid
response key. (LP: #623342) Patch taken from upstream
(https://bugzilla.samba.org/show_bug.cgi?id=7568)

104. By Marc Deslauriers on 2011-02-23

* SECURITY UPDATE: denial of service via missing range checks on file
  descriptors
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

103. By Marc Deslauriers on 2010-09-09

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via large number of SID sub authorities
  - debian/patches/security-CVE-2010-3069.patch: limit number of SID
    sub authorities in libcli/security/dom_sid.*, source3/lib/util_sid.c,
    source3/libads/ldap.c, source3/libsmb/cliquota.c,
    source3/smbd/nttrans.c.
  - CVE-2010-3069

102. By Thierry Carrez on 2010-04-09

debian/winbind.pam-config: Fix potential breakage with stacking of
lower-priority modules in common-passwd (LP: #556996)

101. By Thierry Carrez on 2010-04-06

* debian/winbind.pam-config: Fix password PAM profile for winbind, thanks to
  Steve Langasek for investigation and fix (LP: #546874)
* debian/winbind.prerm, debian/winbind.postinst: Enable and disable winbind
  PAM profile on package install/removal (LP: #556342)

100. By Chuck Short on 2010-03-19

* Merge from debian testing. Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apport hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572)
  + debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741)
  + debian/samba.logrotate: Make it upstart compatible (LP: #529290)
  + debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)
  + Dropped:
    debian/patches/debian/patches/security-CVE-2010-0728.patch: Included upstream.

99. By Thierry Carrez on 2010-03-11

[Thierry Carrez]
* debian/samba.postinst: Avoid scary pdbedit warnings on first import
  (LP: #24741)

[Chuck Short]
* debian/samba.logrotate: Make it upstart compatible (LP: #529290)
* debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374)

98. By Marc Deslauriers on 2010-03-08

* SECURITY UPDATE: permission bypass via incorrect CAP_DAC_OVERRIDE
  handling.
  - debian/patches/security-CVE-2010-0728.patch: fix capability handling
    in source3/{include/smb.h,lib/system.c,smbd/server.c}.
  - CVE-2010-0728
* Removed patches:
  - debian/patches/debian-changes-2:3.4.5~dfsg-2ubuntu2: merge error
  - debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1: merge error

97. By Chuck Short on 2010-03-03

  * Merge from debian unstable. Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apport hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Switch to upstart:
    - Switch smbd and nmbd over to upstart jobs, to ensure nmbd starts reliably
      after the network is up. LP: #523868.
  + debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported
    from Samba 3.5.x. (LP: #182572)
  + debian/patches/security-CVE-2009-3297.patch: validate mount point and perform mount in "."
    to prevent race in source3/client/mount.cifs.c (CVE-2009-3297)

96. By Chuck Short on 2010-03-03

debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported
from Samba 3.5.x. (LP: #182572)