~ubuntu-branches/ubuntu/lucid/samba/lucid-security

Viewing changes to debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2010-03-08 17:50:57 UTC
Revision ID: james.westby@ubuntu.com-20100308175057-z5ao2e65nqgiovbn

Tags: 2:3.4.6~dfsg-1ubuntu2

* SECURITY UPDATE: permission bypass via incorrect CAP_DAC_OVERRIDE
  handling.
  - debian/patches/security-CVE-2010-0728.patch: fix capability handling
    in source3/{include/smb.h,lib/system.c,smbd/server.c}.
  - CVE-2010-0728
* Removed patches:
  - debian/patches/debian-changes-2:3.4.5~dfsg-2ubuntu2: merge error
  - debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1: merge error

files added:
.pc/security-CVE-2010-0728.patch

.pc/security-CVE-2010-0728.patch/source3

.pc/security-CVE-2010-0728.patch/source3/include

.pc/security-CVE-2010-0728.patch/source3/include/smb.h

.pc/security-CVE-2010-0728.patch/source3/lib

.pc/security-CVE-2010-0728.patch/source3/lib/system.c

.pc/security-CVE-2010-0728.patch/source3/smbd

.pc/security-CVE-2010-0728.patch/source3/smbd/server.c

debian/patches/security-CVE-2010-0728.patch

files removed:
.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples/libsmbclient

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/examples/libsmbclient/Makefile.internal

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/examples

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/examples/Makefile

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/tests

.pc/debian-changes-2:3.4.5~dfsg-2ubuntu2/source3/lib/netapi/tests/Makefile

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1/source3

.pc/debian-changes-2:3.4.6~dfsg-1ubuntu1/source3/VERSION

debian/patches/debian-changes-2:3.4.5~dfsg-2ubuntu2

debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1

examples/libsmbclient/Makefile.internal

source3/lib/netapi/examples/Makefile

source3/lib/netapi/tests/Makefile

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

source3/VERSION

source3/include/smb.h

source3/lib/system.c

source3/smbd/server.c

Show diffs side-by-side

added added

removed removed

debian/patches/debian-changes-2:3.4.6~dfsg-1ubuntu1

Description: Upstream changes introduced in version 2:3.4.6~dfsg-1ubuntu1

This patch has been created by dpkg-source during the package build.

Here's the last changelog entry, hopefully it gives details on why

those changes were made:

samba (2:3.4.6~dfsg-1ubuntu1) lucid; urgency=low

* Merge from debian unstable. Remaining changes:

+ debian/patches/VERSION.patch:

- set SAMBA_VERSION_SUFFIX to Ubuntu.

+ debian/smb.conf:

- Add "(Samba, Ubuntu)" to server string.

- Comment out the default [homes] share, and add a comment about "valid users = %s"

to show users how to restrict access to \\server\username to only username.

- Set 'usershare allow guests', so that usershare admins are allowed to create

public shares in additon to authenticated ones.

- add map to guest = Bad user, maps bad username to gues access.

+ debian/samba-common.conf:

- Do not change priority to high if dhclient3 is installed.

- Use priority medium instead of high for the workgroup question.

+ debian/mksambapasswd.awk:

- Do not add user with UID less than 1000 to smbpasswd.

+ debian/control:

- Make libswbclient0 replace/conflict with hardy's likewise-open.

- Don't build against ctdb, since its not in main yet.

+ debian/rules:

- Enable "native" PIE hardening.

- Add BIND_NOW to maximize benefit of RELRO hardening.

+ Add ufw integration:

- Created debian/samba.ufw.profile.

- debian/rules, debian/samba.dirs, debian/samba.files: install

+ Add apport hook:

- Created debian/source_samba.py.

- debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install

+ debian/control: Recommend keyutils for smbfs (LP: #493565)

+ Switch to upstart:

- Switch smbd and nmbd over to upstart jobs, to ensure nmbd starts reliably

after the network is up. LP: #523868.

+ debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported

from Samba 3.5.x. (LP: #182572)

+ debian/patches/security-CVE-2009-3297.patch: validate mount point and perform mount in "."

to prevent race in source3/client/mount.cifs.c (CVE-2009-3297)

The person named in the Author field signed this changelog entry.

Author: Chuck Short <zulcss@ubuntu.com>

Bug-Ubuntu: https://bugs.launchpad.net/bugs/182572

Bug-Ubuntu: https://bugs.launchpad.net/bugs/493565

Bug-Ubuntu: https://bugs.launchpad.net/bugs/523868

---

The information above should follow the Patch Tagging Guidelines, please

checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here

are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>

Bug: <url in upstream bugtracker>

Bug-Debian: http://bugs.debian.org/<bugnumber>

Forwarded: <no|not-needed|url proving that it has been forwarded>

Reviewed-By: <name and email of someone who approved the patch>

Last-Update: <YYYY-MM-DD>

--- samba-3.4.6~dfsg.orig/source3/VERSION

+++ samba-3.4.6~dfsg/source3/VERSION

@@ -84,7 +84,7 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT=

# SAMBA_VERSION_VENDOR_FUNCTION #

# #

########################################################

-SAMBA_VERSION_VENDOR_SUFFIX="Ubuntu"

+SAMBA_VERSION_VENDOR_SUFFIX="Debian"

SAMBA_VERSION_VENDOR_PATCH=

########################################################

Older »