diff options
Diffstat (limited to 'debian')
171 files changed, 24353 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..df61a47 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,32 @@ +NTP Integration +--------------- + +Add the following lines to your NTP configuration:: + + ntpsigndsocket /run/samba/ntp_signd + restrict default mssntp + +Bind9 Integration +----------------- + +Add the following line to your bind configuration (e.g. +/etc/bind/named.conf.local): + + include "/var/lib/samba/private/named.conf"; + +To enable dynamic DNS updates, add the following lines to your bind +configuration: + + options { + [...] + tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; + [...] + }; + +If you enable bind, disable the Samba 4 internal DNS server by adding: + + server services = -dns + +to smb.conf. + + -- Jelmer Vernooij <jelmer@debian.org>, Wed, 11 Oct 2012 02:07:52 +0200 diff --git a/debian/README.source b/debian/README.source new file mode 120000 index 0000000..39531ee --- /dev/null +++ b/debian/README.source @@ -0,0 +1 @@ +README.source.md
\ No newline at end of file diff --git a/debian/README.source.md b/debian/README.source.md new file mode 100644 index 0000000..98234c8 --- /dev/null +++ b/debian/README.source.md @@ -0,0 +1,99 @@ +The packaging is kept in https://salsa.debian.org/samba-team/samba. + +The version in unstable is on the `master` branch, with the corresponding +upstream version in the `upstream_4.20` branch (with `pristine-tar` information +in the `pristine-tar` branch). + +It should be possible to build the package by just running `gbp buildpackage`. + +Building +======== + +The first time: + + sudo apt install git-buildpackage pristine-tar cowbuilder dh-python + DIST=sid ARCH=amd64 git-pbuilder create + git clone https://salsa.debian.org/samba-team/samba.git + +Each time: + + cd samba + git checkout master + gbp pull --track-missing + gbp buildpackage --git-pbuilder --git-dist=sid --git-arch=amd64 + +Alternatively, source-only: + + cd samba + git checkout master + dpkg-buildpackage -S -d + # build the resulting ../samba_*.dsc with other means + +Merging minor upstream releases +=============================== + +Importing a new upstream version can be done like this: + + # set target version + upstream_version=4.20.0 + # go to git repo + cd $GIT_DIR + # Import upstream + git remote add upstream https://git.samba.org/samba.git + git fetch upstream + # go to the Debian branch + git checkout master + # sync all required branches + gbp pull --track-missing + # Import latest version + gbp import-orig --uscan \ + -u "${upstream_version}+dfsg" \ + --upstream-vcs-tag "samba-${upstream_version}" \ + --merge-mode merge + # all done :) + + +Please note that there are some files that are not dfsg-free and they need to +be filtered. The settings in the `gpb.conf` configuration file should take +care of that. + +Merging major upstream releases +=============================== + +With a new major version, more work is needed. + +After `gbp pull`: + + major_version="$(echo $upstream_version | sed 's/.[^.]\+$//')" + # Edit gbp.conf's upstream-branch + editor debian/gbp.conf + # Edit debian/watch's major version + editor debian/watch + # Edit this file's major version + editor debian/README.source.md + # Commit + git commit -m"Update d/gbp.conf, d/watch and d/README.source for ${major_version}" debian/gbp.conf debian/watch debian/README.source.md + # Create the new upstream branch + git branch "upstream_${major_version}" samba-${upstream_version} + # Import latest version + gbp import-orig --uscan \ + -u "${upstream_version}+dfsg" \ + --upstream-vcs-tag "samba-${upstream_version}" \ + --merge-mode=replace + +Then several steps are needed: + +- Check patches: + + QUILT_PATCHES=debian/patches quilt push -a + # then update or drop patches as needed + +- Bump talloc, tdb, and tevent Build-Depends in debian/control, from lib/*/wscript + + grep ^VERSION lib/{talloc,tdb,tevent}/wscript + editor debian/control + +- Check if other Build-Depends need to be bumped + + git diff origin/master.."samba-${upstream_version}" \ + buildtools/wafsamba/samba_third_party.py diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..7671a1a --- /dev/null +++ b/debian/TODO @@ -0,0 +1,32 @@ + +This is an incomplete list of a number of issues that need to be fixed. + + +TODOs before upload to unstable + +- make a list of basic tests that should be done to ensure that the package is + acceptable for unstable (and run these tests) + +- investigate impact of changes to libraries to reverse dependencies and plan + transitions (if there are any) + - sssd + fixed in git (#725992) + - openchange + - evolution-mapi + +Other TODOs + +- handle ad-dc stuff + - have debconf question to configure ad dc + - the packaging from the old samba4/samba-ad-dc packages can help there + - convert the users to the new db, or document that this doesn't happen + automatically + +- what is the status of the docs? + + - documentation2.patch is upstream + - The former documentation.patch needs to be rewritten against the xml input + +- Add script to verify that headers are usable through current dependencies + (to prevent bugs like #525888) + diff --git a/debian/addshare.py b/debian/addshare.py new file mode 100755 index 0000000..8b5e3c4 --- /dev/null +++ b/debian/addshare.py @@ -0,0 +1,46 @@ +#!/usr/bin/python3 +# Helper to add a share in the samba configuration file +# Eventually this should be replaced by a call to samba-tool, but +# for the moment that doesn't support setting individual configuration options. + +import optparse +import os +import re +import shutil +import stat +import sys +import tempfile + +parser = optparse.OptionParser() +parser.add_option("--configfile", type=str, metavar="CONFFILE", + help="Configuration file to use", default="/etc/samba/smb.conf") + +(opts, args) = parser.parse_args() +if len(args) != 2: + parser.print_usage() + +(share, path) = args +done = False + +inf = open(opts.configfile, 'r') +(fd, fn) = tempfile.mkstemp() +outf = os.fdopen(fd, 'w') + +for l in inf.readlines(): + m = re.match(r"^\s*\[([^]]+)\]$", l) + if m: + name = m.groups(1)[0] + if name.lower() == share.lower(): + sys.exit(0) + outf.write(l) + +if not os.path.isdir(path): + os.makedirs(path) +outf.write("[%s]\n" % share) +outf.write(" path = %s\n" % path) +outf.write(" read only = no\n") +outf.write("\n") + +os.fchmod(fd, stat.S_IMODE(os.stat(opts.configfile).st_mode)) +outf.close() +shutil.move(fn, opts.configfile) diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..5d91751 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,9823 @@ +samba (2:4.20.0+dfsg-1~exp1) experimental; urgency=medium + + * new upstream release (4.20.0) + * d/control: bump tevent/talloc/tdb versions for Build-Depends + * d/libldb2.symbols, d/python3-ldb.symbols.in: add new version (2.9.0) + * d/patches/meaningful-error-if-no-python3-markdown.patch: fixup + * d/*.install: internal library names changed: + libfoo-samba4.so.0 => libfoo-private-samba.so.0 + * d/samba-libs.install: update names for libdcerpc & libndr private libs + * d/samba-libs.install, d/samba-libs.links, d/samba-libs.symbols: + libndr has soversion 4 now. This breaks binaries linked with libndr! + * d/samba-libs.symbols: update with new ndr4 symbols + * d/libsmbclient.symbols: update with new symbols + * d/samba-dev.install: add smb3posix.h + * d/not-installed: add usr/bin/wspsearch experimental windows search binary + * d/control: libperl-json is not needed for build anymore + * d/control: bump minimum mit-krb5 version in Build-Depends to 1.21 + (for pkg.samba.mitkrb5 build profile) + * rebase on top of 4.19.5+dfsg-4 + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 28 Mar 2024 10:51:16 +0300 + +samba (2:4.19.5+dfsg-4) unstable; urgency=medium + + * stop shipping python3/dist-packages/samba/tests + (Closes: #1064512, #1063149) + * add Debian-Specific tag to debian-specific patches + * d/genshlibs: run dh_makeshlibs on libsmbclient0 + (Closes: #1065349) + + -- Michael Tokarev <mjt@tls.msk.ru> Sun, 03 Mar 2024 15:37:16 +0300 + +samba (2:4.19.5+dfsg-3) unstable; urgency=medium + + * d/control: add versioned depends on dpkg-dev to avoid accidental + build of time64_t packages on older systems + * +lower-dns-lookup-mismatch-messages.patch (reduce log noise) + * d/control: add libtirpc-dev and rpcsvc-proto to Build-Depends-Arch + (Closes: #1065188) + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 01 Mar 2024 19:18:35 +0300 + +samba (2:4.19.5+dfsg-2) unstable; urgency=medium + + * rename libsmbclient => libsmbclient0 for 64-bit time_t transition + Closes: #1064337 + * d/libsmbclient.lintian-overrides: remove, soname now = package name + * add Breaks: of sssd packages to samba-libs + * +passchange-error-message.patch - fix password change error message + * +edns0.patch: enable EDNS0 support in internal UDP-only DNS client + https://bugzilla.samba.org/show_bug.cgi?id=15536 + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 28 Feb 2024 19:38:48 +0300 + +samba (2:4.19.5+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release (4.19.5) + * reformat previous changelog entry to fit in 80cols + * d/winbind.postrm: stop recursively removing plain files + * d/winbind.postrm: winbindd_cache.tdb is in /var/lib now, + not in /var/cache + * d/control: RulesRequiresRoot:no + * d/*.symbols: use #PACKAGE# placeholders where appropriate + (or add comments where it is not) + * +silence-can-not-convert-group-sid.diff - + make another log message less annoying + * -python-fix-invalid-escape-sequences.patch (applied upstream) + * d/control: replace pkg-config=>pkgconf in Build-Depends, remove + pkg-config from Depends of libldb-dev and python3-ldb-dev + * d/samba-libs.symbols, d/control: make libsmbldapN a virtual package + provided by samba-libs too, like libndrN + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 19 Feb 2024 15:21:14 +0300 + +samba (2:4.19.4+dfsg-3) unstable; urgency=medium + + * samba,winbind: remove logrotate scripts + samba does its own log rotation (max log size (=5000 by default) and + renaming to .old). The two clashes with each other in an interesting way. + * d/samba-libs.symbols, d/control: make libndrN a virtual package + to ensure rdeps pick the right dependency + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 30 Jan 2024 12:12:42 +0300 + +samba (2:4.19.4+dfsg-2) unstable; urgency=medium + + * d/samba.smbd.service, d/samba.nmbd.service: expand forgotten @BINDIR@ + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 08 Jan 2024 20:44:51 +0300 + +samba (2:4.19.4+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release. See WHATSNEW.txt for details. + * d/control: drop pkg.samba.nouring build profile: was needed + for focal which we do not support anymore + * remove /etc/cron.daily/samba: there's no reason to keep backing it up, + most stuff is in ldb/tdb files these days. + * d/samba.maintscript, d/winbind.maintscript: + remove old rm_connfiles (pre-buster versions) + * d/rules, d/*.service: provide .service files directly instead of renaming + and patching upstream templates, and use dh_installsystemd to install them + (partially Closes: #1059187) + * d/rules: run dh_movetousr for libpam-winbind & libnss-winbind, if exists. + This fixes remaining files in /lib (hopefully). In a search for better + way to detect where to put system libs (/lib vs /usr/lib) as a configure + option. Closes: #1059187 + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 08 Jan 2024 19:11:37 +0300 + +samba (2:4.19.3+dfsg-2) unstable; urgency=medium + + * d/rules: simplify LDFLAGS assignment + * d/rules: add -mlong-jump-table-offsets to CFLAGS on m68k (fix FTBFS there) + * d/rules: CFLAGS += -ffile-prefix-map=../../= + * d/control: fix versioned dependency on samba for samba-ad-dc + * +python-fix-invalid-escape-sequences.patch from upstream (Closes: #1057668) + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 11 Dec 2023 13:19:18 +0300 + +samba (2:4.19.3+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=13595 + CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP + to normal users (Closes: #1034803). Please see WHATSNEW.txt file for + more information about this issue: actual fix requires extra steps to + be performed against samba-based AD-DC + - https://bugzilla.samba.org/show_bug.cgi?id=15093 + Files without "read attributes" NFS4 ACL permission are not listed + in directories + - https://bugzilla.samba.org/show_bug.cgi?id=15487 + smbd crashes if asked to return full information on close of + a stream handle with delete on close disposition set + - https://bugzilla.samba.org/show_bug.cgi?id=15492 + Kerberos TGS-REQ with User2User does not work for normal accounts + - https://bugzilla.samba.org/show_bug.cgi?id=15499 + Improve logging for failover scenarios + - https://bugzilla.samba.org/show_bug.cgi?id=15507 + vfs_gpfs stat calls fail due to file system permissions + - https://bugzilla.samba.org/show_bug.cgi?id=15513 + Samba doesn't build with Python 3.12 + - https://bugzilla.samba.org/show_bug.cgi?id=15520 + sid_strings test broken by unix epoch > 1700000000 + - https://bugzilla.samba.org/show_bug.cgi?id=15521 + smbd: fix close order of base_fsp and stream_fsp + in smb_fname_fsp_destructor() + * d/samba-common.maintscript: fix version number for dhcp hook removal + (Closes: #1053780) + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 27 Nov 2023 22:22:54 +0300 + +samba (2:4.19.2+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=15423 + Use-after-free in aio_del_req_from_fsp during smbd shutdown + after failed IPC FSCTL_PIPE_TRANSCEIVE + - https://bugzilla.samba.org/show_bug.cgi?id=15426 + clidfs.c do_connect() missing a "return" after a cli_shutdown() call + - https://bugzilla.samba.org/show_bug.cgi?id=15463 + macOS mdfind returns only 50 results + - https://bugzilla.samba.org/show_bug.cgi?id=15481 + GETREALFILENAME_CACHE can modify incoming new filename + with previous cache entry value + - https://bugzilla.samba.org/show_bug.cgi?id=15464 + libnss_winbind causes memory corruption since samba-4.18, + impacts sendmail, zabbix, potentially more + - https://bugzilla.samba.org/show_bug.cgi?id=15479 + ctdbd: setproctitle not initialized messages flooding logs + - https://bugzilla.samba.org/show_bug.cgi?id=15491 + CVE-2023-5568 Heap buffer overflow with freshness tokens + in the Heimdal KDC in Samba 4.19 + - https://bugzilla.samba.org/show_bug.cgi?id=15477 + The heimdal KDC doesn't detect s4u2self correctly when fast is in use + * d/samba-common.maintscript: remove obsolete conffile + /etc/dhcp/dhclient-enter-hooks.d/samba (Closes: #1053780) + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 16 Oct 2023 18:26:31 +0300 + +samba (2:4.19.1+dfsg-4) unstable; urgency=medium + + * d/samba-common.postinst: restore installing of smb.conf using ucf + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 10 Oct 2023 22:33:32 +0300 + +samba (2:4.19.1+dfsg-3) unstable; urgency=medium + + * d/ctdb.install: sync ceph arch list + * d/control: mention other places where ceph arch list is used + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 10 Oct 2023 20:12:20 +0300 + +samba (2:4.19.1+dfsg-2) unstable; urgency=medium + + * d/rules: sync with-ceph arch list from d/control + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 10 Oct 2023 19:03:42 +0300 + +samba (2:4.19.1+dfsg-1) unstable; urgency=medium + + * new stable security bugfix release: + o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html + Unsanitized pipe names allow SMB clients to connect as root + to existing unix domain sockets on the file system. + o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html + SMB client can truncate files to 0 bytes by opening files with OVERWRITE + disposition when using the acl_xattr Samba VFS module with the smb.conf + setting "acl_xattr:ignore system acls = yes" + o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html + An RODC and a user with the GET_CHANGES right can view all attributes, + including secrets and passwords. Additionally, the access check fails + open on error conditions. + o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html + Calls to the rpcecho server on the AD DC can request that the server + block for a user-defined amount of time, denying service. + o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html + Samba can be made to start multiple incompatible RPC listeners, + disrupting service on the AD DC. + * remove debconf questions and wins dhcp hooks together with po files + (wins is not relevant today anymore) + * d/control: bump mit-krb5 build-dep (on mitkrb5 profile) to 1.20 + * d/control: disable ceph (libcephfs-dev, librados-dev) on 32bit + architectures (Closes: #1053202) + * d/control: enable rados on riscv64 once it's available there + * d/control: samba-libs: depend on libldb of the same version since libldb + symbols might appear during previous stable series but they don't propagate + to next releases with previous minor version numbers. This is ABI breakage + but the symbols are mostly internal to samba itself + * debian/libldb2.symbols: update + * drop attempts to keep ldb ABI versioning + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 10 Oct 2023 18:02:05 +0300 + +samba (2:4.19.0+dfsg-1) unstable; urgency=medium + + * new upstream release. Some highlights: + o changed command-line interface of smbget utility + o improved winbindd logging + o AD database prepared to FL 2016 standards for new domains + o initial, partial implementation of AD FL 2012, 2012R2 and 2016 + o samba-tool support for silos, claims, sites and subnets + o updated Heimdal import + o other improvements and changes, see WHATSNEW.txt file for details. + * d/patches: remove patches applied upstream, refresh patches + * d/control: update talloc/tevent/tdb build-deps + * d/smbclient.install: remove smbgetrc.5 + * d/patches: add ldb 2.7.1 & 2.7.2 ABI files + * d/libldb2.symbols: add new symbols (ldb_val_as_*) and new version (2.8.0) + * d/python3-ldb.symbols: remove unused versions, add new version + * d/control: fix description of samba-common-bin (samba-client) + * d/samba-common-bin.install: install samba-log-parser (for winbindd for now) + * d/samba-libs.install: 2 new libs + * d/samba-libs.install, d/samba-testsuite.install: move libshares-samba4.so.0 + from samba-libs to samba-testsuite + * d/samba-libs.install, d/samba-vfs-modules.install: move + libdfs-server-ad-samba4.so.0 from samba-libs to samba-vfs-modules + * d/samba-libs.install, d/samba-common-bin.install: move + libnet-keytab-samba4.so.0 from samba-libs to samba-common-bin (used by net) + * d/samba-libs.install, d/samba-common-bin.install: move + libRPC-WORKER-samba4.so.0 from samba-libs to samba-common-bin + (used by usr/libexec/samba/rpcd_*) + * samba-libs: add libndr 3.0.1 symbols + * d/source/lintian-overrides: remove unused source-is-missing override + * d/samba-vfs-modules.lintian-overrides: remove unused + spelling-error-in-binary override + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 04 Sep 2023 22:57:48 +0300 + +samba (2:4.18.6+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=9959 + Windows client join fails if a second container CN=System exists somewhere + - https://bugzilla.samba.org/show_bug.cgi?id=15289 + post-exec password redaction for samba-tool is more reliable for + fully random passwords as it no longer uses regular expressions + containing the password value itself + - https://bugzilla.samba.org/show_bug.cgi?id=15342 + Spotlight sometimes returns no results on latest macOS + - https://bugzilla.samba.org/show_bug.cgi?id=15346 + 2-3min delays at reconnect with smb2_validate_sequence_number: + bad message_id 2 + - https://bugzilla.samba.org/show_bug.cgi?id=15390 + Python tarfile extraction needs change to avoid a warning + (CVE-2007-4559 mitigation) + - https://bugzilla.samba.org/show_bug.cgi?id=15400 + rpcserver no longer accepts double backslash in dfs pathname + - https://bugzilla.samba.org/show_bug.cgi?id=15414 + "net offlinejoin provision" does not work as non-root user + - https://bugzilla.samba.org/show_bug.cgi?id=15417 + Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted + to remove the destination + - https://bugzilla.samba.org/show_bug.cgi?id=15420 + reply_sesssetup_and_X() can dereference uninitialized tmp pointer + - https://bugzilla.samba.org/show_bug.cgi?id=15427 + Spotlight results return wrong date in result list + - https://bugzilla.samba.org/show_bug.cgi?id=15430 + Missing return in reply_exit_done() + - https://bugzilla.samba.org/show_bug.cgi?id=15433 + cm_prepare_connection() calls close(fd) for the second time + - https://bugzilla.samba.org/show_bug.cgi?id=15435 + Regression DFS not working with widelinks = true + - https://bugzilla.samba.org/show_bug.cgi?id=15441 + samba-tool ntacl get segfault if aio_pthread appended + - https://bugzilla.samba.org/show_bug.cgi?id=15446 + DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed + - https://bugzilla.samba.org/show_bug.cgi?id=15449 + mdssvc: Do an early talloc_free() in _mdssvc_open() + * d/control: python3-testtools is only needed for selftest, + remove from Build-Depends for now + * d/rules: export PYTHONDONTWRITEBYTECODE=1 to stop python from generating + .pyc caches (Closes: #1048754) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 16 Aug 2023 20:11:26 +0300 + +samba (2:4.18.5+dfsg-2) unstable; urgency=medium + + * d/rules, d/control: only build glusterfs support on 64bits + (Closes: #1041996) + * d/rules: make ceph conditional similar to gluster + * d/rules: wrap _PYTHON_SYSCONFIGDATA_NAME setting to cross-compile case + On e.g. buster, _PYTHON_SYSCONFIGDATA_NAME is different, so this assignment + does not work right. In order for it to work on buster, add condition on + host vs build gnu type. This breaks compilation with foreign python binary. + * d/control: fix description of samba-common-bin (samba-client) + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 04 Aug 2023 17:29:06 +0300 + +samba (2:4.18.5+dfsg-1) unstable; urgency=medium + + * new upstream stable/security release 4.18.5, including: + o CVE-2022-2127: When winbind is used for NTLM authentication, + a maliciously crafted request can trigger an out-of-bounds read + in winbind and possibly crash it. + https://www.samba.org/samba/security/CVE-2022-2127.html + o CVE-2023-3347: SMB2 packet signing is not enforced if an admin + configured "server signing = required" or for SMB2 connections to + Domain Controllers where SMB2 packet signing is mandatory. + https://www.samba.org/samba/security/CVE-2023-3347.html + o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service + for Spotlight can be triggered by an unauthenticated attacker by + issuing a malformed RPC request. + https://www.samba.org/samba/security/CVE-2023-34966.html + o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service + for Spotlight can be used by an unauthenticated attacker to trigger + a process crash in a shared RPC mdssvc worker process. + https://www.samba.org/samba/security/CVE-2023-34967.html + o CVE-2023-34968: As part of the Spotlight protocol Samba discloses + the server-side absolute path of shares and files and directories + in search results. + https://www.samba.org/samba/security/CVE-2023-34968.html + o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. + https://bugzilla.samba.org/show_bug.cgi?id=15418 + (this has been patched in the previous upload; Closes: #1041043) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 19 Jul 2023 17:55:58 +0300 + +samba (2:4.18.4+dfsg-2) unstable; urgency=medium + + * +fix-unsupported-netr_LogonGetCapabilities-l2.patch + Fix windows logon/trust issues with 2023-07 windows updates: + https://bugzilla.samba.org/show_bug.cgi?id=15418 + * d/copyright: also remove ctdb/doc/*.?.html pre-generated manpages + from the upstream tarball (forgotten previously) + * d/rules: add comment about -latomic gcc issue and drop --as-needed + there since it is already in use + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 14 Jul 2023 12:30:31 +0300 + +samba (2:4.18.4+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release, including: + - https://bugzilla.samba.org/show_bug.cgi?id=2312 + smbcacls and smbcquotas do not check // before the server + - https://bugzilla.samba.org/show_bug.cgi?id=14030 + Named crashes on DLZ zone update (was in debian before) + - https://bugzilla.samba.org/show_bug.cgi?id=15355 + NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry + and causes test timeouts + - https://bugzilla.samba.org/show_bug.cgi?id=15381 + Register Samba processes with GPFS + - https://bugzilla.samba.org/show_bug.cgi?id=15382 + cli_list loops 100% CPU against pre-lanman2 servers + - https://bugzilla.samba.org/show_bug.cgi?id=15383 + Remove comments about deprecated 'write cache size' + - https://bugzilla.samba.org/show_bug.cgi?id=15384 + net ads lookup (with unspecified realm) fails + - https://bugzilla.samba.org/show_bug.cgi?id=15390 + Python tarfile extraction needs change to avoid a warning + (CVE-2007-4559 mitigation) + - https://bugzilla.samba.org/show_bug.cgi?id=15391 + smbclient leaks fds with showacls + - https://bugzilla.samba.org/show_bug.cgi?id=15398 + The winbind child segfaults when listing users with + `winbind scan trusted domains = yes` + - https://bugzilla.samba.org/show_bug.cgi?id=15402 + smbd returns NOT_FOUND when creating files on a r/o filesystem + - https://bugzilla.samba.org/show_bug.cgi?id=15403 + smbget memory leak if failed to download files recursively + - https://bugzilla.samba.org/show_bug.cgi?id=15404 + Backport --pidl-developer fixes + * remove dnsserver-rename-dns_name_equal.patch (applied upstream) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 05 Jul 2023 18:14:20 +0300 + +samba (2:4.18.3+dfsg-3) unstable; urgency=medium + + * d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, + for -latomic workaround + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 21 Jun 2023 23:11:59 +0300 + +samba (2:4.18.3+dfsg-2) unstable; urgency=medium + + * d/rules: include -latomic gcc issue workaround for select arches + apparently due to a gcc issue, some architectures (armel, mipsel, ...) + fail to link samba due to not finidng __atomic_load_8 etc symbols + after using atomic_load etc from stdatomic.h (part of gcc). + Add -latomic explicitly to the list of libraries we link with. + * d/rules: add libwbclient0 to the list of krb5-versioned packages + (thanks to Andrew Kornilov) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 20 Jun 2023 11:35:13 +0300 + +samba (2:4.18.3+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=15375 + Symlinks to files can have random DOS mode information + in a directory listing + - https://bugzilla.samba.org/show_bug.cgi?id=15378 + vfs_fruit might cause a failing open for delete + - https://bugzilla.samba.org/show_bug.cgi?id=15361 + winbind recurses into itself via rpcd_lsad + - https://bugzilla.samba.org/show_bug.cgi?id=15366 + wbinfo -u fails on ad dc with >1000 users + - https://bugzilla.samba.org/show_bug.cgi?id=15338 + DS ACEs might be inherited to unrelated object classes + - https://bugzilla.samba.org/show_bug.cgi?id=15362 + a lot of messages: get_static_share_mode_data: + get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND + - https://bugzilla.samba.org/show_bug.cgi?id=15374 + aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse() + - https://bugzilla.samba.org/show_bug.cgi?id=15360 + Setting veto files = /.*/ break listing directories + - https://bugzilla.samba.org/show_bug.cgi?id=15363 + "samba-tool domain provision" does not run interactive mode + if no arguments are given + - https://bugzilla.samba.org/show_bug.cgi?id=15325 + dsgetdcname: assumes local system uses IPv4 + * dnsserver-rename-dns_name_equal.patch + (forgotten) patch from upstream targetting next stable + Fixes crashes of named with samba DLZ plugin due to + symbol name conflict (dns_name_equal() function). + There's no resulting code changes, just a symbol rename. + https://bugzilla.samba.org/show_bug.cgi?id=14030 + Closes: #1036587, #927747 + * remove generated manpage files upstream ships in + docs/manpages/ and ctdb/doc/ + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 31 May 2023 20:09:05 +0300 + +samba (2:4.18.2+dfsg-1) experimental; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=15302 + Log flood: smbd_calculate_access_mask_fsp: Access denied: + message level should be lower. + - https://bugzilla.samba.org/show_bug.cgi?id=15306 + Floating point exception (FPE) via cli_pull_send + at source3/libsmb/clireadwrite.c. + - https://bugzilla.samba.org/show_bug.cgi?id=15328 + test_tstream_more_tcp_user_timeout_spin fails intermittently + on Rackspace GitLab runners. + - https://bugzilla.samba.org/show_bug.cgi?id=15329 + Reduce flapping of ridalloc test. + - https://bugzilla.samba.org/show_bug.cgi?id=15351 + large_ldap test is unreliable. + - https://bugzilla.samba.org/show_bug.cgi?id=15143 + New filename parser doesn't check veto files smb.conf parameter. + - https://bugzilla.samba.org/show_bug.cgi?id=15354 + mdssvc may crash when initializing. + - https://bugzilla.samba.org/show_bug.cgi?id=15313 + large directory optimization broken for non-lcomp path elements. + - https://bugzilla.samba.org/show_bug.cgi?id=15357 + streams_depot fails to create streams. + - https://bugzilla.samba.org/show_bug.cgi?id=15358 + shadow_copy2 and streams_depot don't play well together. + - https://bugzilla.samba.org/show_bug.cgi?id=15316 + Flapping tests in samba_tool_drs_show_repl.py. + - https://bugzilla.samba.org/show_bug.cgi?id=15317 + winbindd idmap child contacts the domain controller without a need. + - https://bugzilla.samba.org/show_bug.cgi?id=15318 + idmap_autorid may fail to map sids of trusted domains for the first time. + - https://bugzilla.samba.org/show_bug.cgi?id=15319 + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. + - https://bugzilla.samba.org/show_bug.cgi?id=15323 + net ads search -P doesn't work against servers in other domains. + - https://bugzilla.samba.org/show_bug.cgi?id=15353 + Temporary smbXsrv_tcon_global.tdb can't be parsed. + - https://bugzilla.samba.org/show_bug.cgi?id=15316 + Flapping tests in samba_tool_drs_show_repl.py. + - https://bugzilla.samba.org/show_bug.cgi?id=15343 + Tests use depricated and removed methods like assertRegexpMatches. + * d/rules, d/libldb2.symbols; add ldb 2.6.2 version + * heimdal-to-support-KEYRING-ccache.patch: enable KEYRING in heimdal + (Closes: #1023609) + * d/control: build-depend on libkeyutils-dev + (it is pulled by some other dep, but better to be safe) + * -s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch + (the change has been applied upstream) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 19 Apr 2023 14:02:49 +0300 + +samba (2:4.18.1+dfsg-1~exp1) experimental; urgency=high + + * upstream stable/security/bugfix release, fixing the following issues: + o CVE-2023-0225: An incomplete access check on dnsHostName allows + authenticated but otherwise unprivileged users to delete this + attribute from any object in the directory. + https://www.samba.org/samba/security/CVE-2023-0225.html + o CVE-2023-0922: The Samba AD DC administration tool, when operating + against a remote LDAP server, will by default send new or reset + passwords over a signed-only connection. + https://www.samba.org/samba/security/CVE-2023-0922.html + o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 + Confidential attribute disclosure via LDAP filters was insufficient and + an attacker may be able to obtain confidential BitLocker recovery keys + from a Samba AD DC. Installations with such secrets in their Samba AD + should assume they have been obtained and need replacing. + https://www.samba.org/samba/security/CVE-2023-0614.html + Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614 + * update libldb symbols and versions + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 29 Mar 2023 17:59:17 +0300 + +samba (2:4.18.0+dfsg-1~exp1) experimental; urgency=medium + + * new upstream release (4.18.0): + * SMB Server performance improvements + * More succinct samba-tool error messages + * Colour output with samba-tool --color + * New samba-tool dsacl subcommand for deleting ACES + * New wbinfo option --change-secret-at + * New option to change the NT ACL default location + * Azure Active Directory / Office365 synchronisation improvements + * new smb.conf parameters: + server addresses + acl_xattr:security_acl_name + * For more details, please refer to WHATSNEW.txt file. + * d/control: bump talloc/tdb/tevent build-deps + * patches: + - refresh: hurd-compat.patch + - refresh: spelling.patch, remove many, add 3 new changes + - new: heimdal-spelling.patch, spelling fixes for third_party/heimdal + - remove: unwrap-getresgid-typo.patch, not needed + * d/samba-libs.install: add new internal library libstable-sort-samba4.so.0 + * d/libldb2.symbols, python3-ldb.symbols.in: add new versions (2.7.0, 2.7.1) + * d/libwbclient0.symbols: add new version and two new symbols: + wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 14:47:05 +0300 + +samba (2:4.17.6+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release 4.17.6: + * https://bugzilla.samba.org/show_bug.cgi?id=15314 + streams_xattr is creating unexpected locks on folders. + * https://bugzilla.samba.org/show_bug.cgi?id=10635 + Use of the Azure AD Connect cloud sync tool is now supported for password + hash synchronisation, allowing Samba AD Domains to synchronise passwords + with this popular cloud environment. + * https://bugzilla.samba.org/show_bug.cgi?id=15299 + Spotlight doesn't work with latest macOS Ventura. + * https://bugzilla.samba.org/show_bug.cgi?id=15310 + New samba-dcerpc architecture does not scale gracefully. + * https://bugzilla.samba.org/show_bug.cgi?id=15307 + vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() + in close and fstat. + * https://bugzilla.samba.org/show_bug.cgi?id=15293 + With clustering enabled samba-bgqd can core dump due to use after free. + * https://bugzilla.samba.org/show_bug.cgi?id=15311 + fd_load() function implicitly closes the fd where it should not. + * debian/po/ro.po update from Remus-Gabriel Chelu + * s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch + makes smbd a bit less spammy in logs + * d/control: clarify some package descriptions (Closes: #1031922) + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 09 Mar 2023 12:52:14 +0300 + +samba (2:4.17.5+dfsg-2) unstable; urgency=medium + + * d/control: samba: depends on exact version of python3-samba + * d/control: fix typo + * more tweaks for foreign/cross build + * d/control: work around autodep8 #904999 again + * introduce upstream-like aliases for debian .service names, + add rationale + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 04 Feb 2023 17:15:40 +0300 + +samba (2:4.17.5+dfsg-1) unstable; urgency=medium + + * new upstream stable/bugfix release. From WHATSNEW.txt: + * BUG 14808: smbc_getxattr() return value is incorrect. + * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX + are not handled correctly. + * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors. + * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() + fails to find DC when there is only an AAAA record for the DC in DNS + (Closes: #1023606). + * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle. + * BUG 15277: DFS links don't work anymore on Mac clients since 4.17. + * BUG 15283: vfs_virusfilter segfault on access, + directory edgecase (accessing NULL value). + * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) + based SChannel on NETLOGON (additional changes). + * BUG 15243: %U for include directive doesn't work for share listing + (netshareenum) (the fix was in debian before). + * BUG 15266: Shares missing from netshareenum response in samba 4.17.4 + (the fix was in debian before). + * BUG 15269: ctdb: use-after-free in run_proc. + * BUG 15280: irpc_destructor may crash during shutdown. + * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. + * BUG 15268: smbclient segfaults with use after free on an optimized build + * BUG 15282: smbstatus leaking files in msg.sock and msg.lock. + * BUG 15164: Leak in wbcCtxPingDc2. + * BUG 15265: Access based share enum does not work in Samba 4.16+. + * BUG 15267: Crash during share enumeration. + * BUG 15271: rep_listxattr on FreeBSD does not properly check + for reads off end of returned buffer. + * BUG 15281: Avoid relying on C89 features in a few places. + * remove patches applied upstream: + - reload-registry-shares-after-reloading-services.patch + - rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch + * d/control: Standards-Version: 4.6.2 (no changes) + * d/control: put all doc-generating build-deps into one line + * little prep for cross-compilation + - build-depend on python3:any and python3-dev:any + - build-depend on libpython3-dev for actual module building, + and use arch-specific python3-config from there + - set and export _PYTHON_SYSCONFIGDATA_NAME to get foreign-arch values + provided by libpython3-dev (also helps when python itself is foreign) + - depend on perl:any not just perl + - export CC/CPP/LD/PKGCONFIG for ./configure (buildtools.mk) + * d/gbp.conf: unignore branch + * d/control: samba, ctdb, winbind: do not depend on lsb-base + (the script is in sysvinit-utils now) + * d/control: drop unused build-dep on libncurses5-dev + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 27 Jan 2023 11:15:01 +0300 + +samba (2:4.17.4+dfsg-3) unstable; urgency=medium + + * +rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch + https://bugzilla.samba.org/show_bug.cgi?id=15265 + * +reload-registry-shares-after-reloading-services.patch + https://bugzilla.samba.org/show_bug.cgi?id=15266 + * d/samba.postinst: fix /var/spool/samba => /var/tmp handling + (old spooldir can be referred to in other sections too) + * create common script "is-configured" to check if the service is configured + in smb.conf, and stop masking services in postinst + * rewrite SysV init scripts (simplify, make consistent, etc) + * d/winbind.postinst: create/change /var/lib/samba/winbindd_privileged + at install time only (it should be in /run/samba/ somewhere these days) + * d/control: change version of samba which samba-ad-provisioning + Breaks to where provisioning was split out + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 03 Jan 2023 10:45:36 +0300 + +samba (2:4.17.4+dfsg-2) unstable; urgency=medium + + * d/control: samba-dc-provision Replaces+Breaks samba (< 4.17.4+dfsg-2). + Closes: #1026387 + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 19 Dec 2022 16:36:00 +0300 + +samba (2:4.17.4+dfsg-1) unstable; urgency=medium + + * new upstream stable/security release, with the following changes: + - CVE-2022-37966: Windows Kerberos RC4-HMAC Elevation of Privilege + Vulnerability disclosed by Microsoft on Nov 8 2022, see + https://www.samba.org/samba/security/CVE-2022-37966.html + - CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability + disclosed by Microsoft on Nov 8 2022. See + https://www.samba.org/samba/security/CVE-2022-37967.html + - CVE-2022-38023: Weak "RC4" (rc4-hmac) protection of the NetLogon Secure + channel uses, see https://www.samba.org/samba/security/CVE-2022-38023.html + There are several important behavior changes included in this release, + which may cause compatibility problems interacting with system still + expecting the former behavior. Please read the documents referenced above! + See also the WHATSNEW.txt document, as there are several new, changed + and deprecated smb.conf parameters. + * Other bugfixes in this release (from WHATSNEW.txt): + https://bugzilla.samba.org/show_bug.cgi?id=14929 CVE-2022-44640 + Upstream Heimdal free of user-controlled pointer in FAST. + https://bugzilla.samba.org/show_bug.cgi?id=15219 + Heimdal session key selection in AS-REQ examines wrong entry. + https://bugzilla.samba.org/show_bug.cgi?id=13135 The KDC logic around + msDs-supportedEncryptionTypes differs from Windows. + https://bugzilla.samba.org/show_bug.cgi?id=14611 CVE-2021-20251 + Bad password count not incremented atomically. + https://bugzilla.samba.org/show_bug.cgi?id=15206 libnet: change_password() + doesn't work with dcerpc_samr_ChangePasswordUser4() + https://bugzilla.samba.org/show_bug.cgi?id=15230 + Memory leak in snprintf replacement functions. + https://bugzilla.samba.org/show_bug.cgi?id=15253 RODC doesn't reset + badPwdCount reliable via an RWDC (CVE-2021-20251 regression). + https://bugzilla.samba.org/show_bug.cgi?id=15198 + Prevent EBADF errors with vfs_glusterfs. + https://bugzilla.samba.org/show_bug.cgi?id=15243 + %U for include directive doesn't work for share listing (netshareenum). + https://bugzilla.samba.org/show_bug.cgi?id=15257 + Stack smashing in net offlinejoin requestodj. + * removed patches which are now included upstream: + - nsswitch-pam-data-time_t.patch + - CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 15 Dec 2022 21:54:31 +0300 + +samba (2:4.17.3+dfsg-4) unstable; urgency=medium + + * create samba-ad-provision package with contents of /usr/share/samba/setup. + It is recommended by samba, so can be uninstalled if not needed. + * create samba-ad-dc package. It is an empty metapackage for now, but with + dependencies needed to run an Active Directory Domain Controller (AD-DC) + * samba-ad-provision.lintian-overrides: license files + * print meaningful error message if samba-ad-provision is not installed + (meaningful-error-if-no-samba-ad-provision.patch) + * print meaningful error message if python3-markdown is not installed + (meaningful-error-if-no-python3-markdown.patch) + * ctdb: move rundir from /var/run to /run + * fix typo in fruit patch + * a few more spelling fixes + * add #DEBHELPER# tokens to libnss-winbind.{postinst,postrm} + * remove mentions of /var/spool/samba from samba.lintian-overrides + (moved to /var/tmp) + * change embedded-library heimdal lintian override in a way to be understood + by both old and new lintian, so the package can be uploaded + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 05 Dec 2022 14:39:43 +0300 + +samba (2:4.17.3+dfsg-3) unstable; urgency=medium + + * d/control: winbind should depend on the same binary:Version + of libwbclient, or else its components can't talk to the daemon. + Thank you Stefan Weichinger for the patience while finding this one! + * libnss-winbind: add postinst/postrm scripts to add/remove nsswitch.conf + entry for winbind (but not for wins) + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 01 Dec 2022 22:38:07 +0300 + +samba (2:4.17.3+dfsg-2) unstable; urgency=medium + + * fruit-disable-useless-size_t-overflow-check.patch (Closes: #974868) + * CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch + Fix regression on 32bit systems: + https://bugzilla.samba.org/show_bug.cgi?id=15203 + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 21 Nov 2022 20:41:46 +0300 + +samba (2:4.17.3+dfsg-1) unstable; urgency=medium + + * new upstream security release 4.17.3, fixing the following issue: + CVE-2022-42898: Heimdal Kerberos libraries suffers from an integer + multiplication overflow vulnerability which affects 32bit platforms, + see https://www.samba.org/samba/security/CVE-2022-42898.html + This changes third_party/heimdal/, it does not affect mitkrb5 builds. + * d/rules: stop stripping +dfsg suffix from ldb version + * d/control: declare dependency on password (for groupadd in postinst) + for winbind and samba (Closes: #1023759) + * implement pkg.samba.mitkrb5 build profile to build with system mit-krb5 + (with "mitkrb5" version suffix in some packages for now) + * d/control: mark libufing-dev build dep with <!pkg.samba.nouring> + (to simplify out-of-archive builds for older systems) + * d/rules: parametrise list of packages to omit (eg on ubuntu-i386) + with ${omit-pkgs} + * d/rules: use variables in a more consistent way, use single ${config-args} + * d/control: tdb-tools and lmdb-utils packages are also needed for tests + (everything is commented out for now anyway) + * d/rules: update knownfail tests + * d/rules: stop exporting buildflags, export compiler options when needed + * d/rules: always define rados:Depends & vfsmods:Depends substvars + * unwrap-getresgid-typo.patch - fix crash during p11-kit execution + (https://bugzilla.samba.org/show_bug.cgi?id=15227) (for the testsuite only) + * nsswitch-pam-data-time_t.patch - fix time_t not fit in a pointer (eg x32) + (https://bugzilla.samba.org/show_bug.cgi?id=15224) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 15 Nov 2022 19:26:10 +0300 + +samba (2:4.17.2+dfsg-9) unstable; urgency=medium + + * hurd-compat.patch: some minor compatibility tweaks for hurd + * d/rules compat work: + - ceph is linux-only like glusterfs + - d/rules: add another conditional, with_snapper + - combine linux features into single block + * d/rules: support "terse" build option for non-verbose build + * d/rules: remove third_party/heimdal/lib/gssapi/gssapi.h before build + (Closes: #1013205). This fixes -I path order and <gssapi/gssapi.h> + include mess which caused samba to FTBFS on sparc64 for quite some time + + -- Michael Tokarev <mjt@tls.msk.ru> Sun, 06 Nov 2022 20:13:19 +0300 + +samba (2:4.17.2+dfsg-8) unstable; urgency=medium + + * d/rules: do not explicitly enable quotas on non-linux: + enable everything interesting on linux explicitly and let ./configure + to figure it out in other systems. This should fix FTBFS problem on hurd. + * d/rules: do not disable systemd on non-linux, let ./configure figure it out + * d/winbind.postinst: switch addgroup => groupadd and eliminate getent. + winbind package never declared dependency on adduser but always used + addgroup command in its postinst script. Finally this broke piuparts. + Switch to groupadd which is even easier to use. + * d/samba.postinst: switch addgroup => groupadd and eliminate getent + * d/smb.conf: use useradd in example create user script too + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 03 Nov 2022 15:04:46 +0300 + +samba (2:4.17.2+dfsg-7) unstable; urgency=medium + + * another way to work around #1013259: provide a compatibility symlink + libndr.so.2 pointing to libndr.so.3: + - libndr-debug-level-compat.diff, libndr-revert-so3.diff: remove + - d/samba-libs.symbols: adjust symbols/versions + - d/samba-libs.install: libndr.so.2 => libndr.so.3 + - d/samba-libs.links: provide the compat libndr.so.2 symlink + * d/samba-libs.links: add comments describing libndr.so.N issue + * d/samba-libs.links: add libndr.so.1 compat symlink too (for bullseye sssd) + * d/control: unbreak bullseye/jammy sssd-ad-common, sssd-ad, sssd-ipa + by samba-libs once libndr.so.1 compat link is here + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 02 Nov 2022 20:43:53 +0300 + +samba (2:4.17.2+dfsg-6) unstable; urgency=medium + + * d/control: fix comment in previous upload + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 02 Nov 2022 10:45:26 +0300 + +samba (2:4.17.2+dfsg-5) unstable; urgency=medium + + * d/control: bump version of broken-by-samba-libs sssd + and add more affected sssd packages; + also reformat the comment there so dpkg-gencontrol does not complain + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 02 Nov 2022 09:34:10 +0300 + +samba (2:4.17.2+dfsg-4) unstable; urgency=medium + + * d/control: stop suggesting old/orphaned/gone-upstream smbldap-tools + * libndr work (Closes: #1013259): + - d/control: samba-libs breaks bullseye sssd-ad due to libndr.so.1=>.2 bump + - d/samba-libs.install: be more explicit about sonames of public libs + to catch soname changes + - libndr-debug-level-compat.diff, libndr-revert-so3.diff: revert + libndr.so.2->3 soname bump by providing compat wrapper for new symbol + - d/samba-libs.symbols: provide symbols for libndr.so.2 + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 01 Nov 2022 12:53:22 +0300 + +samba (2:4.17.2+dfsg-3) unstable; urgency=low + + * rebase on top of debian 4.16.6+dfsg-6 release, include some + history of 4.17.* experimental releases in changelog + * d/samba-libs.lintian-overrides: update package-name-doesnt-match-sonames + to match all libs + * urgency is set to low to delay unstable->testing transition a bit + + -- Michael Tokarev <mjt@tls.msk.ru> Sun, 30 Oct 2022 16:23:51 +0300 + +samba (2:4.17.2+dfsg-2) experimental; urgency=medium + + * d/rules: stop dh_installpam from installing samba.pam + to the samba package (Closes: #1022775, #1022776) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 25 Oct 2022 20:13:53 +0300 + +samba (2:4.17.2+dfsg-1) experimental; urgency=medium + + * upstream 4.17.2 security release: + CVE-2022-3592 A malicious client can use a symlink to escape the exported + directory. https://www.samba.org/samba/security/CVE-2022-3592.html + (Samba 4.17 only) + * Remove poptGetArg-misuse-fixes-1022826.diff (applied to 4.17.2) + * d/rules: no need to build compile_et,asn1_compile intermediate targets + anymore; also remove now-unused ${WAFv} macro + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 25 Oct 2022 14:30:44 +0300 + +samba (2:4.17.1+dfsg-1) experimental; urgency=medium + + * new upstream bugfix release containing a security fix: + * CVE-2021-20251 Bad password count not incremented atomically. + * Merge changes from 4.16.x (debian/master) branch. + * use-bzero-instead-of-memset_s.diff : use explicit_bzero() instead of + bzero() for the substitute of memset_s(). bzero() is wrong here because + it, just like memset, can be optimized out by the compiler. + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 19 Oct 2022 21:34:11 +0300 + +samba (2:4.17.0+dfsg-2) experimental; urgency=medium + + * mention closing of CVE-2022-32743 by the 4.17.0 upload + * mention closing of CVE-2022-1615 by the 4.17.0 upload + * move libpac-samba4.so.0 from samba to samba-libs (Closes: #1021450) + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 08 Oct 2022 23:00:05 +0300 + +samba (2:4.17.0+dfsg-1) experimental; urgency=medium + + * new upstream release 4.17.0 + Closes: CVE-2022-1615 + Closes: #1021022, CVE-2022-32743 + * removed: spelling.patch (partially applied upstream) + * removed: weak-crypto-allowed-clarify.diff (applied upstream) + * refresh: ctdb-create-piddir.patch + * refresh: fix-nfs-service-name-to-nfs-kernel-server.patch + * d/control: update minimum versions for talloc/tevent/tdb + * d/rules: do not install ctdb.service, it is installed by upstream now + * d/ctdb.install: do not install ctdb_wrapper (not used anymore) + * d/libldb2.symbols, d/d/python3-ldb.symbols.in: new versions: 2.6.0 2.6.1 + per upstream, re-version symbols added in 2.5.2 as added in 2.6.1 + (ldb users needs to be recompiled anyway after updating libldb) + * new: spelling.patch: a few more spelling fixes + * d/control: bump Standards-Version to 4.6.1 (no changes) + * Remove dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch + (included in 4.17.0 already) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 13 Sep 2022 20:47:05 +0300 + +samba (2:4.16.6+dfsg-6) unstable; urgency=medium + + * d/rules: use the right dir for dh_shlibdeps -l (long-standing issue) + * rewrite shlibs/symbols-generating file d/genshlibs, make whole process + much more clean and strighforward, and 10x times faster too + * debian/libnss-winbind.triggers: activate ldconfig trigger + * add debian/samba-libs.symbols with libsmbldap library + * d/samba.examples: do not install smbadduser: csh considered harmful + * d/rules: remove long-unused commented-out override_dh_perl-arch + * d/samba.lintian-overrides: *docs-outside-share-doc usr/share/samba/setup/ + * d/genshlibs: add the forgotten mkdir for d/$pkg/DEBIAN + * remove static/fixed branding d/patches/VERSION.patch + * d/rules: implement dynamic branding of VERSION file based on dpkg-vendor + * d/rules: simplify package interdependency checking rules + * d/rules: add a lot more interpackage dependency checks + * d/NEWS: merge it into d/samba.NEWS (removes several lintian warnings) + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 29 Oct 2022 08:28:53 +0300 + +samba (2:4.16.6+dfsg-5) unstable; urgency=medium + + * move samba:idmap_script.8.gz and samba-libs:idmap_rfc2307.8.gz manpages to + winbind package where they belong and where actual idmap modules lives. + (install all idmap_*.8 manpages to winbind package) + * d/rules: install pam.d/samba with mode 0644, not 0755 + * many lintian-override updates: + - source: ctdb/doc/*.html actually has sources + - source: +very-long-line-length-in-source-file * (for generated files) + - source: +debian-control-has-unusual-field-spacing Breaks + - winbind: +spare-manual-page for module manpages + - *: update some overrides for new lintian + - libpam-winbind: +spare-manual-page pam_winbind.8 + - libldb2: +package-contains-empty-directory .../ldb/modules/ldb/ + - *: +hardening-no-fortify-functions for some simple shared libs + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 26 Oct 2022 22:27:00 +0300 + +samba (2:4.16.6+dfsg-4) unstable; urgency=medium + + * poptGetArg-misuse-fixes-1022826.diff: fix poptGetArg() misuse + for popt-1.9 (Closes: #1022826) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 26 Oct 2022 19:45:38 +0300 + +samba (2:4.16.6+dfsg-3) unstable; urgency=medium + + * d/rules: stop dh_installpam from installing samba.pam + to the samba package (Closes: #1022775, #1022776) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 25 Oct 2022 20:13:53 +0300 + +samba (2:4.16.6+dfsg-2) unstable; urgency=medium + + * d/rules: pam.d/samba should go to /etc, not / + * d/README.source.md: it is README.source.md not README.source + * d/control: bump Standards-Version to 4.6.1 (no changes) + * d/rules: verify that samba-libs does not depend on samba + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 25 Oct 2022 13:55:33 +0300 + +samba (2:4.16.6+dfsg-1) unstable; urgency=medium + + * new upstream security release 4.16.6, fixing: + CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI + unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). + https://www.samba.org/samba/security/CVE-2022-3437.html + * use explicit_bzero() instead of bzero() for the substitute of memset_s() + * d/rules: make it a bit more consistent with other samba packages + * d/rules: stop exporting ${PYTHON} + * a bunch of ubuntu-related changes: + - d/rules: omit glusterfs on ubuntu-i386 + - apply Ubuntu changes to smb.conf at install time (d/smb.conf.ubuntu.diff) + - d/tests/: ensure io_uring module is built before testing it + - d/rules: inline parallel check from dpkg/buildopts.mk + (buildopts.mk does not exist on ubuntu 20.04 focal) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 25 Oct 2022 12:48:20 +0300 + +samba (2:4.16.5+dfsg-2) unstable; urgency=medium + + [ Michael Tokarev ] + * d/tests/util: use printf for formatting password for smbpasswd, + not non-standard echo \n (mr !60) + * introduce LDB_2.4.4 version symbol (Closes: #1021371) + Create an empty ABI file just to make the scripts run during the build + stage to introduce LDB_2.4.4 version symbol into libldb.so, and remove + this empty file in the clean target. It is a bit hackish but works fine. + This is only needed to upgrade from bullseye to bookworm, from + 4.13.13+dfsg-1~deb11u5+ to the next release, 4.16+. + Remove this for bookworm+. + * dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch: + GnuTLS gnutls_rnd() can fail and give predictable random values. + Closes: #1021024, CVE-2022-1615 + + [ John Paul Adrian Glaubitz ] + * disable ceph support on ppc64 and x32 (Closes: #1020781, #1012165) + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 08 Oct 2022 15:11:15 +0300 + +samba (2:4.16.5+dfsg-1) unstable; urgency=medium + + * new (minor) upstream release 4.16.5 + * removed fix-samba-tool-domain-join-segfault.patch (included upstream) + * d/gbp.conf: no need to filter orig.tar: uscan already does that + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 08 Sep 2022 12:44:38 +0300 + +samba (2:4.16.4+dfsg-2) unstable; urgency=medium + + * d/libldb2.symbols: include newly added symbols + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 01 Aug 2022 15:43:11 +0300 + +samba (2:4.16.4+dfsg-1) unstable; urgency=high + + * new upstream security release fixing: + o CVE-2022-2031: Samba AD users can bypass certain restrictions associated + with changing passwords. + https://www.samba.org/samba/security/CVE-2022-2031.html + o CVE-2022-32742: Server memory information leak via SMB1. + https://www.samba.org/samba/security/CVE-2022-32742.html + o CVE-2022-32744: Samba AD users can forge password change requests + for any user. + https://www.samba.org/samba/security/CVE-2022-32744.html + o CVE-2022-32745: Samba AD users can crash the server process with an LDAP + add or modify request. + https://www.samba.org/samba/security/CVE-2022-32745.html + o CVE-2022-32746: Samba AD users can induce a use-after-free in the server + process with an LDAP add or modify request. + https://www.samba.org/samba/security/CVE-2022-32746.html + * Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744, + CVE-2022-32745, CVE-2022-32746 + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 27 Jul 2022 18:35:53 +0300 + +samba (2:4.16.3+dfsg-1) unstable; urgency=medium + + [ Michael Tokarev ] + * new upstream minor/bugfix releae. See WHATSNEW.txt for details. + * d/watch: add the forgotten repacksuffix=+dfsg + + [ Andreas Hasenack ] + * update nfs configuration examples for ctdb + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 18 Jul 2022 17:15:07 +0300 + +samba (2:4.16.2+dfsg-1) unstable; urgency=medium + + * new upstream minor/bugfix release. + * removed waf-add-support-for-GNU-kFreeBSD.patch (applied upstream) + * new minor version of libldb + (no code changes, just the build system update to support python 3.11) + * move samba-dcerpcd from samba package to samba-common-bin due to winbind + New in 4.16 samba-dcerpcd binary is used by smbd and winbind, so putting + it to samba package makes winbind unable to run it without samba. + For now, in order to fix this issue, move this binary from samba to + samba-common-bin package. It might be worth creating its own package + for this binary (or maybe some more binaries), once it is clear where + upstream is going to. Making this binary a part of samba-common-bin + adds some more files to smbclient-only setup. + (Closes: #1012240) + * remove mksmbpasswd script and manpage: we have smbpasswd whcih can add + entries to smbpasswd file if needed, and can handle other passwod storage + formats too + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 13 Jun 2022 19:08:44 +0300 + +samba (2:4.16.1+dfsg-8) unstable; urgency=medium + + * fix the Breaks/Replaces versions in the previous upload for moving + libsamba-utils.so, and use the same Breaks/Replaces for the -dev + packages too + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 07 Jun 2022 14:11:09 +0300 + +samba (2:4.16.1+dfsg-7) unstable; urgency=medium + + * drop libunwind-dev build dependency again: it turned out the + internal stack unwind is better anyway + * move libsamba-utils.so and its dependencies from libwbclient0 + into samba-libs. In the past, libwbclient were built using this + library, but it does not depend on libsamba-utils anymore + * d/control: libnss-winbind and libpam-winbind does not depend + on samba-common. None of the files in samba-common are used by + nss and pam modules; winbind does use them but not the modules. + * d/rules: add --with-sockets-dir=/run/samba (or else it was + /var/run/samba) + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 07 Jun 2022 12:09:50 +0300 + +samba (2:4.16.1+dfsg-6) unstable; urgency=medium + + * d/control: specify arch list for libunwind-dev build-dep to be the same + as for libunwind itself (it is not built on all architectures) + + -- Michael Tokarev <mjt@tls.msk.ru> Sun, 29 May 2022 12:09:22 +0300 + +samba (2:4.16.1+dfsg-5) unstable; urgency=medium + + * add-missing-libs-deps.diff: add missing dependencies for a few samba + libraries. Closes: #1010922 + * point [printers] to /var/tmp/, stop shipping /var/spool/samba/. + For a long time, we shipped an alternative /var/tmp/ directory with mode + 01777 (so that anyone can use it to store files) but without the same setup + as for regular /var/tmp/ (in particular, without removing old files and + since it is not a usual place to store temp files, no one actually looked + at it the same way someone would take care of /var/tmp/. Change smb.conf + to use /var/tmp/ instead of /var/spool/samba/. In the postinst script, + remove /var/spool/samba/, check if it is still used in smb.conf, + and create a compatibility symlink pointing to tmp/, suggesting changing + smb.conf. And remove this compat symlink in postrm. + This probably can be accomplished by a debconf question, but the + thing is complicated by the fact that smb.conf might be upgrading + too at the same time. + * debian/patches/weak-crypto-allowed-clarify.diff: update + * testparm-do-not-fail-if-pid-dir-does-not-exist.patch: also cover samba-tool + testparm too, not only regular stand-alone testparm. + * fix-samba-tool-domain-join-segfault.patch: fix segfault when joining an + AD-DC domain using samba-tool join. + * d/rules: enable --with-profilig-data to build samba with profiling + collection (if set in smb.conf) + * d/control: add libunwind-dev to build-deps, to compile in stack backtrace + logging in case of crash + * d/control: stop build-conflicting with now-unused libtracker-miner-2.0-dev + * d/control: stop build-conflicting with libtracker-sparql-2.0-dev: there's + no point in explicitly disabling libtracker-sparql support (bullseye-only + for now anyway) + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 28 May 2022 22:50:43 +0300 + +samba (2:4.16.1+dfsg-4) unstable; urgency=medium + + [ Michael Tokarev ] + * fix spelling in disable-setuid-confchecks.patch + * d/NEWS: split it into different $package.NEWS files + * d/upstream/metadata: add Bug-Database + * d/samba.postinst: create sambashare group and usershare directory + on new install only + * libldb2: provide compat symlinks for bullseye ldb modules dir + * d/rules: provide Build-Depends-Package: for python3-ldb + * samba-vfs-modules.lintian-overrides: add spare-manual-page vfs_*.8 override + * winbind.lintian-overrides: add spare-manual-page idmap_*.8 override + + [ Arnaud Rebillout ] + * Fix patch testparm-do-not-fail-if-pid-dir-does-not-exist (Closes: #1010835) + + -- Michael Tokarev <mjt@tls.msk.ru> Wed, 11 May 2022 09:50:03 +0300 + +samba (2:4.16.1+dfsg-3) unstable; urgency=medium + + * fix ldb package version generation in d/make_shlibs + which was wrong in 2 previous uploads. + Will I *ever* make it actually work someday? + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 02 May 2022 18:32:24 +0300 + +samba (2:4.16.1+dfsg-2) unstable; urgency=medium + + * rethink ldb version *again*, to be 2.5.0+smb4.16.1-2 + or else 2.5.0+smb-1 from samba-4.16.1-2 sorts before + 2.5.0+smb-7 from samba-4.16.0-7. + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 02 May 2022 17:02:16 +0300 + +samba (2:4.16.1+dfsg-1) unstable; urgency=medium + + * new upstream minor release 4.16.1 + * move-msg.sock-from-var-lib-samba-to-run-samba.patch: + move /var/lib/samba/private/msg.sock/ to /run/samba/msg.sock/. + This is a (private) socket directory for IPC, it should not be in /var. + * Remove /var/lib/samba/private/msg.sock/ in postinst + * testparm-do-not-fail-if-pid-dir-does-not-exist.patch: + testparm deliberately fails if /run/samba does not exist, + while testparam itself does not use it and daemons will + create it on demand. Just make it a warning instead of a + fatal error, and we'll not need to pre-create this dir + in a random place using hackish ways + * ctdb-create-piddir.patch: create /run/ctdb/ in ctdb.service + and ctdb.init before invoking ctdbd (as the latter does not + create its pid directory on demand). + * stop (ab)using tmpfiles.d to pre-create /run/samba/ and /run/ctdb/ + and stop creating /run/samba/ in samba-common-bin.postinst just to + make testparam happy. + * d/rules: minor tweaks + + -- Michael Tokarev <mjt@tls.msk.ru> Mon, 02 May 2022 13:16:12 +0300 + +samba (2:4.16.0+dfsg-7) unstable; urgency=medium + + * another bunch of small tweaks to d/rules: + - set SHELL to /bin/sh -e + - rework the clean target + - provide fast replacement of architecture.mk + - better expression for DEB_REVISION + - rearrange configure options + * do not disable glusterfs on ubuntu-i386 (glusterfs is now in main) + * mention closing of #1001053 by the 4.16 upload + * change the ldb version string again, removing te "+samba*" suffix + to allow bin-NMUs +b1 (Closes: #1010100) + + -- Michael Tokarev <mjt@tls.msk.ru> Sun, 24 Apr 2022 16:56:34 +0300 + +samba (2:4.16.0+dfsg-6) unstable; urgency=medium + + * another attempt to fix/work around #221618. Re-enable + libsmbclient-ensure-lfs-221618.patch and change it to just define + an extra type array int[sizeof(off_t)-7]. If off_t is small it will + become a compile error. It is an ugly way to do it, but it should + actually work, unlike various static_assert/_Static_assert which are + language (C/C++) and standard-dependent. Closes: #221618. + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Apr 2022 17:27:09 +0300 + +samba (2:4.16.0+dfsg-5) unstable; urgency=medium + + * disable libsmbclient-ensure-lfs-221618.patch for now. + It throws errors in one or another configuration no matter what. + Repoens: #221618 + * d/salsa-ci.yml: re-allow blhc salsa-ci test to fail again + due to different bug in blhc + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Apr 2022 16:33:57 +0300 + +samba (2:4.16.0+dfsg-4) unstable; urgency=medium + + * libsmbclient-ensure-lfs-221618.patch: replace _Static_assert with + static_assert (and include <assert.h> to make C++ happy too + (Closes: #1009211) + * disable-setuid-confchecks.patch: when running configure tests, + samba tries to verify setuid/setgid etc calls are actually + *working*, not just exists. This is only possible when the + configure is running as root. But it turns out in some salsa-ci + configuration (namely in the reprotest), the second build is + actually running as root, and in that environment, actual + setegid call is failing somehow. Just disable the config-time + check for correctly working setgid and assume it "just works" + if present, exactly like non-root build will do. + * d/salsa-ci.yml: do not expect failure in blhc test (the original + prob has been fixed long ago), and stop requiring experimental + * mention closing of #999876 by 4.16 + + -- Michael Tokarev <mjt@tls.msk.ru> Sat, 09 Apr 2022 00:42:38 +0300 + +samba (2:4.16.0+dfsg-3) unstable; urgency=medium + + * d/control: comment out the selftest-mode build deps for now + * d/control: forgotten python3-samba:Replaces against samba package too, + not just samba-libs, when moving dckeytab python lib (Closes: #1009175) + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 08 Apr 2022 10:18:23 +0300 + +samba (2:4.16.0+dfsg-2) unstable; urgency=medium + + * use strict versioned dependency between samba-dsdb-modules and libldb2, + since they're tied to each other and are now built from the same source + * fix forgotten shlib symbols generation for python3-ldb + * change libldb versioning scheme + from ldb_2:2.5.0+samba4.16.0-1 + to ldb_2:2.5.0-1+samba4.16.0 + so that symbols versioning works correctly. Unfortunately the previous + upload to experimental used the first form which is greather than the + correct one, so temporarily (just for this 2.5.0 version of ldb) use + this: ldb_2:2.5.0+smb-1+samba4.16.0 + (with "+smb" suffix to be removed for 2.5.1+) + * exclude samba-vfs-modules for i386 ubuntu build since this package + is useless without samba itself (which is not built on this environment) + * create selftest rules and add !nocheck build-dependencies + (but do not enable selftests for now as they're failing) + * split build system into -arch and -indep parts. We build only one arch-all + package (samba-common) which contains only static files from debian/, + there's no need to build whole samba to build this package. + Move almost all Build-Depends to Build-Depends-Arch (and reindent them). + * various updates to d/rules + + -- Michael Tokarev <mjt@tls.msk.ru> Thu, 07 Apr 2022 09:56:56 +0300 + +samba (2:4.16.0+dfsg-1) experimental; urgency=medium + + * New upstream major release. + Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape + Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape + Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether + the outside target of a symlink exists + Closes: #1005642 (windows client data corruption due to cache poisoning) + Closes: #1001053 (MIT-kerberos config broken after fix for CVE-2020-25717) + Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2) + Closes: #998423 (coredump connecting from macos to shares with var substs) + Closes: #999876 (winbind allow trusted domains = no regression) + * Notable changes in 4.16 series compared to 4.13: + - modular VFS (see The_New_VFS.txt) + - publishing printers in AD is more complete + - group policies for winbindd cilents (like linux systems) + - certificate auto enrollement in AD group policy + - large list of improvements in samba-tool + - SMB1 protocol has been deprecated, some subcommands has been removed + - more consistend options/subcommands in samba commands + * d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time + debian-specific failures to go away, by preserving order of waf hashes + * refresh patches, update build-depend versions (talloc, tdb, tevent) + * refresh lintian-overrides files, add many new overrides + * build-depend on python3-markdown + * build-depend on libjson-perl for new heimdal bits + * more consistent internal lib naming; refresh file lists everywhere + * samba: install new rpc_* services, install samba-dcerpc + * refresh symbols files + * build libldb from samba sources, not from separate source + (this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to + /usr/lib/$triple/samba/ldb/ - the same where dsdb modules are). + * optimizations for d/make_shlibs; also allow one to specify explicit + version for some packages + * as per clarifications for waf --{bundled,builtin}-libraries, remove + now-wrong usage there. This also fixes build failures with current + samba sources + * d/rules: various optimizations to reduce startup costs by eliminating + unnecessary external command calls during d/rules read by make. + Including caching of LDB version information in d/ldb-version.mk file. + This does not affect the buildd processing much (and does not affect + runtime at all), but helps with build procedure debugging. + * d/rules: numerous small fixes, cleanups and other changes, including: + - clean up the install target + - remove some now-irrelevant parts + - fix no-glusterfs-build on non-linux + * change build procedure: instead of `waf build', run `waf install'. + `waf build' builds samba to be run from the build dir, and `waf install' + rebuilds/relinks everything again for production. Build the production + variant only, no build-dir one. + * samba-common-bin.postinst: explicitly mkdir /run/samba before invoking + samba binaries (Closes: #953530) + * in the salsa git repository of samba, stop keeping debian patches in + applied form, keep them in d/patches/ only as most other packages do. + * move single python (helper) module, libsamba-policy, together with + 2 internal libraries used by it, from samba-libs package to python3-samba. + This makes samba-libs to be free from python-related files, and makes + python3-samba to be the only python-providing package. + Closes: #1006875, #878612, #862338 + * also move dckeytab python module from samba to python3-samba + (actually stop moving it from python3-samba to samba to incorrectly + avoid a circular dependency). Also verify that python3-samba does + not depend on samba package. + * weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed" + testparm message (Closes: #975882) + * spelling.patch: fix many common spelling mistakes in the source + * ctdb: simplify/cleanup instllation of READMEs/examples + * d/control: remove breaks/replaces/depends on ancient versions of some + packages (ancient dpkg version in Pre-Depends, ancient samba-libs) + * d/rules: rework wrong shlibdeps handling + * move helper programs from /usr/lib/$multiarch/ to /usr/libexec/ + where they belongs. This should not affect users. + * smbclient: re-do the fix for an old bug, #221618. The original "fix" + did not fix anything (it is too late already to #define _FILE_OFFSET_BITS + when all types has already been defined). From now on, raise an error + if off_t is less than 64bits (it should >=64 when #include'ing + <libsmbclient.h> with proper LFS defines). In theory this can break + some sources which either included libsmbclient.h without a reason or + which didn't use any of the functions which deals with off_t (smbc_lseek + etc), - which did not explicitly enable LFS on a 32bit system. + Please email us if you faced such situation. + * drop 07_private_lib patch: we do not need to force rpath for + private libraries into every samba binary, upstream build system + does a good job here. + + -- Michael Tokarev <mjt@tls.msk.ru> Tue, 05 Apr 2022 16:01:25 +0300 + +samba (2:4.13.14+dfsg-1) unstable; urgency=high + + * New upstream security release in order to address the following defects: + - CVE-2016-2124: don't fallback to non spnego authentication if we require + kerberos + - MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation + bypass + - CVE-2020-25717: A user on the domain can become root on domain members + - CVE-2020-25718: An RODC can issue (forge) administrator tickets to other + servers + + Bump build-depends ldb >= 2.2.3 + - CVE-2020-25719: AD DC Username based races when no PAC is given + - CVE-2020-25721: Kerberos acceptors need easy access to stable AD + identifiers (eg objectSid) + - CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug + for AD DC validation issues) + - CVE-2021-3738: crash in dsdb stack + - CVE-2021-23192: dcerpc requests don't check all fragments against the + first auth_state + + Update d/samba-libs.install for libdcerpc-pkt-auth.so.0 + * Add patch to fix "allow trusted domains" + * Bump ldb build-depends to 2.2.3 + * Update d/samba-libs.install + + -- Mathieu Parent <sathieu@debian.org> Tue, 09 Nov 2021 20:53:03 +0100 + +samba (2:4.13.13+dfsg-1) unstable; urgency=high + + [ Athos Ribeiro ] + * Add autopkgtest to verify tmpfiles setup (LP: #1905387) + - d/t/reinstall-samba-common-bin: make sure /run/samba is created + by the samba-common-bin installation process (postinst script) + - d/t/control: run new reinstall-samba-common-bin test case + + [ Paride Legovini ] + * samba.postinst: do not populate sambashare from the Ubuntu admin group + (LP: #1942195) + + [ Mathieu Parent ] + * New upstream version + - Remove CVE-2021-20254.patch + - Bump build-depends ldb >= 2.2.0 + * libwbclient0: Add Breaks+Replaces: libsamba-util0 (<< 2:4.0.0) + (Closes: #988170) + + -- Mathieu Parent <sathieu@debian.org> Mon, 01 Nov 2021 08:59:20 +0100 + +samba (2:4.13.5+dfsg-2) unstable; urgency=high + + * CVE-2021-20254: Negative idmap cache entries can cause incorrect group + entries in the Samba file server process token (Closes: #987811) + * Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209) + + -- Mathieu Parent <sathieu@debian.org> Thu, 06 May 2021 21:09:29 +0200 + +samba (2:4.13.5+dfsg-1) unstable; urgency=medium + + * New upstream version (Closes: #984863) + + -- Mathieu Parent <sathieu@debian.org> Sat, 13 Mar 2021 08:31:27 +0100 + +samba (2:4.13.4+dfsg-1) unstable; urgency=medium + + * New upstream version + - GPG signature has changed + - Update samba-libs.install + - Update symbols + * Never use priority high when asking for DHCP integration (Closes: #981554) + * Sync CTDB patches with Ubuntu: + - Add "ctdb-config: enable syslog by default" + - Update "fix nfs related service names" + * d/rules: Ubuntu specifics + - No Ceph on i386 + - Disable some i386 packages + - No GlusterFS + + -- Mathieu Parent <sathieu@debian.org> Tue, 09 Feb 2021 22:26:43 +0100 + +samba (2:4.13.3+dfsg-1) unstable; urgency=medium + + [ Andreas Hasenack ] + * d/control: enable the liburing vfs module (Closes: #976854) + * Add new DEP8 tests for the uring vfs module + * Factor out common DEP8 test code into d/t/util and change the tests to + source from it + * Add set -x and set -e to DEP8 tests + + [ Mathieu Parent ] + * liburing-dev is linux-any + * New upstream version + + -- Mathieu Parent <sathieu@debian.org> Wed, 16 Dec 2020 18:23:09 +0100 + +samba (2:4.13.2+dfsg-3) unstable; urgency=medium + + * Ensure systemd-tmpfiles is called before testparm (Closes: #975422) + * Only check configuration on configure step + + -- Mathieu Parent <sathieu@debian.org> Sun, 22 Nov 2020 10:44:51 +0100 + +samba (2:4.13.2+dfsg-2) unstable; urgency=medium + + * Upload to unstable + + -- Mathieu Parent <sathieu@debian.org> Wed, 18 Nov 2020 20:34:51 +0100 + +samba (2:4.13.2+dfsg-1) experimental; urgency=medium + + * New upstream major version + - Update d/gbp.conf, d/watch and d/README.source for 4.13 + - Update patches + - Bump build-depends ldb >= 2.2.0 + - Install new files + - Update symbols + * Includes the following security fixes: + - CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify + (Closes: #973400) + - CVE-2020-14323: Unprivileged user can crash winbind (Closes: #973399) + - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with + easily crafted records (Closes: #973398) + - CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon") + (Closes: #971048) + * Includes the following fixes: + - Fixes "samba_dnsupdate gives depreacation warnings" (Closes: #973957) + - s3: libsmbclient.h: add missing time.h include (Closes: #946840) + * Remove unused python3-crypto dependency (Closes: #971292) + * Enable Spotlight with ES backend (Closes: #956096, #956482) + * Standards-Version: 4.5.0 + * Add missing Build-Depends-Package in libsmbclient.symbols and + libwbclient0.symbols + * d/copyright: Fix duplicate-globbing-patterns + * Remove outdated/malformed lintian overrides + * d/winbind.logrotate: Only reload winbindd when running (Closes: #946821) + * Bump to debhelper compat 13 + * Add another library-not-linked-against-libc override + + -- Mathieu Parent <sathieu@debian.org> Thu, 12 Nov 2020 11:23:01 +0100 + +samba (2:4.12.5+dfsg-3) unstable; urgency=high + + * Add Breaks: sssd-ad-common (<< 2.3.0), due to libndr so bump + (Closes: #963971) + * Add patch traffic_packets: fix SyntaxWarning: "is" with a literal + (Closes: #964165) + * Add patch Rename mdfind to mdsearch (Closes: #963985) + + -- Mathieu Parent <sathieu@debian.org> Sat, 04 Jul 2020 23:57:59 +0200 + +samba (2:4.12.5+dfsg-2) unstable; urgency=high + + * Add missing symbol (path_expand_tilde) + + -- Mathieu Parent <sathieu@debian.org> Thu, 02 Jul 2020 15:27:25 +0200 + +samba (2:4.12.5+dfsg-1) unstable; urgency=high + + * New upstream security release: + - CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD + DC LDAP Server with ASQ, VLV and paged_results + - CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume + excessive CPU + - CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with + paged_results and VLV. + - CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd. + - Bump build-depends ldb >= 2.1.4 + + -- Mathieu Parent <sathieu@debian.org> Thu, 02 Jul 2020 14:03:36 +0200 + +samba (2:4.12.3+dfsg-2) unstable; urgency=medium + + * Upload to unstable + + -- Mathieu Parent <sathieu@debian.org> Sun, 28 Jun 2020 11:45:14 +0200 + +samba (2:4.12.3+dfsg-1) experimental; urgency=medium + + * New upstream major version (Closes: #963106) + - Update d/gbp.conf, d/watch and d/README.source for 4.12 + - Drop merged patches + - Bump build-depends talloc >= 2.3.1, tdb >= 1.4.3, tevent >= 0.10.2 and + ldb >= 2.1.3 + - Upstream fixes: + + pygpo: use correct method flags + (Closes: #963242, #961585, #960171, #956428) + + CVE-2020-10700: A use-after-free flaw was found in the way samba AD DC + LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' + control. A malicious user in a samba AD could use this flaw to cause + denial of service (Closes: #960189) + + CVE-2020-10704: A flaw was found when using samba as an Active Directory + Domain Controller. Due to the way samba handles certain requests as an + Active Directory Domain Controller LDAP server, an unauthorized user can + cause a stack overflow leading to a denial of service. The highest + threat from this vulnerability is to system availability + (Closes: #960188) + - intel aes-ni no more needed as GnuTLS is used + - Install new files + - Update symbols + - Update samba-libs.lintian-overrides + * d/control: Remove unused libattr1-dev Build-Depends (Closes: #953915) + + -- Mathieu Parent <sathieu@debian.org> Wed, 24 Jun 2020 23:12:11 +0200 + +samba (2:4.11.5+dfsg-1) unstable; urgency=medium + + * New upstream security release + - CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. + - CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. + - CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + - Bump build-depends ldb >= 2.0.8 + + -- Mathieu Parent <sathieu@debian.org> Tue, 28 Jan 2020 07:19:46 +0100 + +samba (2:4.11.3+dfsg-1) unstable; urgency=high + + * New upstream security release + - Drop merged patches for previous security fixes + - CVE-2019-14861: An authenticated user can crash the DCE/RPC DNS management + server by creating records with matching the zone name. + - CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was + not being applied when processing protocol transition requests (S4U2Self), + in the AD DC KDC. + * d/control: drop python3-matplotlib + * d/control: Fix stronger-dependency-implies-weaker + (samba depends -> recommends python3-dnspython) + + -- Mathieu Parent <sathieu@debian.org> Mon, 16 Dec 2019 09:47:45 +0100 + +samba (2:4.11.1+dfsg-3) unstable; urgency=medium + + * Add some python dependencies: + - python3-matplotlib : samba-tool visualize + - python3-markdown : samba-tool domain schemaupgrade + - python3-dnspython : samba-tool dns + * Only build with default python3 (Closes: #943635) + + -- Mathieu Parent <sathieu@debian.org> Sun, 17 Nov 2019 14:48:02 +0100 + +samba (2:4.11.1+dfsg-2) unstable; urgency=high + + * New upstream security release + - CVE-2019-10218: Malicious servers can cause Samba client code to return + filenames containing path separators to calling code. + - CVE-2019-14833: When the password contains multi-byte (non-ASCII) + characters, the check password script does not receive the full password + string. + + -- Mathieu Parent <sathieu@debian.org> Fri, 18 Oct 2019 20:26:45 +0200 + +samba (2:4.11.1+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Mathieu Parent <sathieu@debian.org> Fri, 18 Oct 2019 19:00:46 +0200 + +samba (2:4.11.0+dfsg-11) unstable; urgency=medium + + * Stop building with spotlight support which pulls glib (Closes: #941654) + * Force quota support (Closes: #941899) + * Standards-Version: 4.4.1, no change + + -- Mathieu Parent <sathieu@debian.org> Mon, 14 Oct 2019 12:16:04 +0200 + +samba (2:4.11.0+dfsg-10) unstable; urgency=medium + + * Add libwbclient-dev to samba-dev depends as samba-util was moved there + (Closes: #941750) + + -- Mathieu Parent <sathieu@debian.org> Sat, 05 Oct 2019 15:57:07 +0200 + +samba (2:4.11.0+dfsg-9) unstable; urgency=medium + + * Remove versioned depends on libtdb-dev (>= 2) and add libldb-dev (>= 2:2) + + -- Mathieu Parent <sathieu@debian.org> Thu, 03 Oct 2019 19:08:17 +0200 + +samba (2:4.11.0+dfsg-8) unstable; urgency=medium + + * d/gbp.conf: sign-tags = True + * Do not check smb.conf with testparm when server role=active directory domain + controller (Closes: #931734) + * Force one job during configure step with -j 1 (Closes: #941467). + Not setting -j leads to default which is number of cpus + + -- Mathieu Parent <sathieu@debian.org> Thu, 03 Oct 2019 07:52:39 +0200 + +samba (2:4.11.0+dfsg-7) unstable; urgency=medium + + * Always evaluate WAF_NO_PARALLEL to ensure correct value (Closes: #941467) + * This version is built with talloc from sid (Closes: #940963) + + -- Mathieu Parent <sathieu@debian.org> Wed, 02 Oct 2019 20:45:24 +0200 + +samba (2:4.11.0+dfsg-6) unstable; urgency=medium + + * Do not run waf configure in parallel. Fix FTBFS on arm (Closes: #941467) + + -- Mathieu Parent <sathieu@debian.org> Tue, 01 Oct 2019 22:35:36 +0200 + +samba (2:4.11.0+dfsg-5) experimental; urgency=medium + + * d/gitlabracadabra.yml: only_allow_merge_if_pipeline_succeeds: false + * Remove patches: + - "build: Remove tests for _readdir() and __readdir()" + - "build: Remove tests for rdchk()" + - "build: Remove tests for _pwrite() and __pwrite()" + * Add patches by Ralph Boehme: + - "wscript: remove all checks for _FUNC and __FUNC" + - "wscript: split function check to one per line and sort alphabetically" + + -- Mathieu Parent <sathieu@debian.org> Mon, 30 Sep 2019 13:37:50 +0200 + +samba (2:4.11.0+dfsg-4) experimental; urgency=medium + + * Use the same arches for librados-dev than libcephfs-dev (Fix missing + build-depends on alpha and sh4) + * Split vfsmods:Recommends substvar into + {vfsceph,vfsglusterfs,vfssnapper}:Recommends to make the code more readable + and fix FTBFS on linux platforms without ceph (hppa and sparc64, and also + alpha and sh4) + * Add patch for "build: Remove tests for _readdir() and _readdir()", to + hopefully fix FTBFS on armel + + -- Mathieu Parent <sathieu@debian.org> Sun, 29 Sep 2019 09:29:03 +0200 + +samba (2:4.11.0+dfsg-3) experimental; urgency=medium + + * Try to fix FTBFS on armel (armhf is fixed): + - Add patch for build: Remove tests for rdchk() + + -- Mathieu Parent <sathieu@debian.org> Sat, 28 Sep 2019 22:17:04 +0200 + +samba (2:4.11.0+dfsg-2) experimental; urgency=medium + + * d/gitlabracadabra.yml: Add samba-team/libsmb2 + * Try to fix FTBFS on armel and armhf: + - Add patch for build: Remove tests for _pwrite() and __pwrite() + + -- Mathieu Parent <sathieu@debian.org> Sat, 28 Sep 2019 11:47:56 +0200 + +samba (2:4.11.0+dfsg-1) experimental; urgency=medium + + [ Mathieu Parent ] + * Upload to experimental + * New upstream major release + - Update d/gbp.conf, d/watch and d/README.source for 4.11 + - Import upstream release + - Update fix-nfs-service-name-to-nfs-kernel-server.patch + - Bump build-depends talloc >= 2.2.0, tdb >= 1.4.2, tevent >= 0.10.0 and + ldb >= 2:2.0.7 + - libsamba-passdb.so bumped to 0.28.0 + - libnon-posix-acls is now a subsystem + - Drop libparse-pidl-perl package (Closes: #939419) + - Add new files to d/*.install + - Move libsamba-util.so.* to libwbclient0, to avoid circular dependencies + - Move libsamba-util deps to libwbclient0 + * Add build-Remove-tests-for-getdents-and-getdirentries.patch, to fix FTBFS on + armel and armhf + * salsa-ci: Build on experimental + + [ John Paul Adrian Glaubitz ] + * Disable cephfs support on architectures where it's not stable + (Closes: #940697) + + [ Louis van Belle ] + * d/control, d/samba.install: added libtasn1-bin, libtasn1-6-dev to build + dumpmscat + * d/control, d/rules: Enable spotlight (TimeMachine) + * d/control: Bump libtdb-dev (>= 2) in samba-dev deps + * Update libwbclient0.symbols + * d/rules: adjust LDB_DEPENDS + + -- Mathieu Parent <sathieu@debian.org> Thu, 26 Sep 2019 09:37:51 +0200 + +samba (2:4.10.8+dfsg-1) unstable; urgency=medium + + * Upload to unstable + * New upstream release: + - CVE-2019-10197: Combination of parameters and permissions can allow user + to escape from the share path definition + + -- Mathieu Parent <sathieu@debian.org> Tue, 10 Sep 2019 18:46:54 +0200 + +samba (2:4.10.7+dfsg-1) experimental; urgency=medium + + [ Mathieu Parent ] + * New upstream release + - Update patches + - Drop nsswitch-Add-try_authtok-option-to-pam_winbind.patch, merged + - libsamba-passdb.so bumped to 0.27.2 + - Update symbols + - Update installed files + * samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9) + (Closes: #910242) + * Add missing Breaks+Replace found by piuparts (Closes: #929217) + * Enable vfs_nfs4acl_xattr (Closes: #930540) + * ctdb: + - enable ceph and etcd recovery lock + - Downgrade ctdb_mutex_ceph_rados_helper shlibdeps to recommends + * Add gitlabracadabra.yml + * Update salsa-ci.yml + + [ Rafael David Tinoco ] + * debian/rules: Make DEB_HOST_ARCH_CPU initialized through dpkg-architecture + (Closes: #931138) + * CTDB NFS fixes from Ubuntu (Closes: #929931, LP: #722201): + - d/p/fix-nfs-service-name-to-nfs-kernel-server.patch: change nfs service + name from nfs to nfs-kernel-server + - ctdb-config: depend on /etc/ctdb/nodes file + - d/ctdb.install, d/rules: create ctdb run directory into tmpfiles.d to + allow pid file to exist + - added /var/lib/ctdb/* directories + - d/ctdb.postrm: remove leftovers from /var/lib/ctdb/* + - Add examples of NFS HA CTDB config files + helper script + + [ Mathieu Parent ] + * Update d/gbp.conf, d/watch and d/README.source for 4.10 + * Drop ctdb-config-depend-on-etc-default-nodes-file.patch, merged upstream + * Bump build-depends talloc >= 2.1.16, tdb >= 1.3.18, tevent >= 0.9.39 and + ldb >= 2:1.5.5 + * Bump libcmocka-dev builddep to 1.1.3 + * d/rules: Remove 1.5.1+really prefix from LDB_DEPENDS + * d/copyright: + - s/GPL-3+/GPL-3.0+/ and s/LGPL-3+/LGPL-3.0+/ + - Move License details to end of file + - Add waf licences + - Add lib/replace licences + - Update lib/{ldb,talloc,tdb} licences + * Move to Python3 (from Ubuntu) + * Bump debhelper from old 11 to 12. + * Standards-Version: 4.4.0 + * Replace all reference of /var/run to /run (Closes: #934540) + * Replace python shbang by python3 in d/*.py + + -- Mathieu Parent <sathieu@debian.org> Thu, 29 Aug 2019 14:32:52 +0200 + +samba (2:4.9.5+dfsg-1) experimental; urgency=medium + + * New upstream release + - Bump ldb Build-Depends to 2:1.5.1+really1.4.6 + - Drop s3-auth-ignore-create_builtin_guests-failing-without.patch, merged + - Drop and python-gpg.patch, merged + * Add Recommends: samba-dsdb-modules for samba-common-bin (Closes: #862467) + + -- Mathieu Parent <sathieu@debian.org> Wed, 20 Mar 2019 21:07:02 +0100 + +samba (2:4.9.4+dfsg-4) unstable; urgency=medium + + * samba-libs: Add Breaks+Replaces: libndr-standard0 (<< 4) (Closes: #910242) + * Improve AppArmor integration (Closes: #896080) + - Install update-apparmor-samba-profile 1.2 from Christian Boltz (openSUSE) + - Adapt update-apparmor-samba-profile: Rename apparmor profile snippet, and + test for it's directory + - smbd.init: Run update-apparmor-samba-profile before start + - smbd.service: Run update-apparmor-samba-profile before start + - Remove /etc/apparmor.d/samba/smbd-shares on purge + + -- Mathieu Parent <sathieu@debian.org> Tue, 26 Feb 2019 22:18:19 +0100 + +samba (2:4.9.4+dfsg-3) unstable; urgency=medium + + [ Ivo De Decker ] + * Remove myself from uploaders + + [ Mathieu Parent ] + * Update debian/gitlab-ci.yml + * Standards-Version: 4.3.0 + * Add upstream patch for python-gpg support + * Replace Suggests: python-gpgme by Recommends: python-gpg (Closes: #876984) + + -- Mathieu Parent <sathieu@debian.org> Fri, 15 Feb 2019 11:14:10 +0100 + +samba (2:4.9.4+dfsg-2) unstable; urgency=medium + + * Append +really0.02 to libparse-pidl-perl version (Closes: #918564) + * Add apport hook (From Ubuntu) + * Change build dependency to libglusterfs-dev (Closes: #919667) + + -- Mathieu Parent <sathieu@debian.org> Wed, 23 Jan 2019 20:59:08 +0100 + +samba (2:4.9.4+dfsg-1) unstable; urgency=medium + + * New upstream release + - Remove patches for previous security fixes, merged + - Remove unused lintian overrides (library-not-linked-against-libc) + * ignore create_builtin_guests() failing without a valid idmap configuration + (Closes: #909465, #899269) + + -- Mathieu Parent <sathieu@debian.org> Sat, 22 Dec 2018 18:32:00 +0100 + +samba (2:4.9.2+dfsg-2) unstable; urgency=high + + * New upstream security release + - CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD + Internal DNS server + - CVE-2018-16841 Double-free in Samba AD DC KDC with PKINIT + - CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server + - CVE-2018-16852 NULL pointer de-reference in Samba AD DC DNS servers + - because of CVE-2018-16853 (Samba AD DC S4U2Self Crash in experimental + MIT Kerberos configuration (unsupported)), mark the MIT Kerberos build of + the Samba AD DC as experimental (not used in Debian package) + - CVE-2018-16857 Bad password count in AD DC not always effective + * Prepend 1.5.1+really to ldb version + + -- Mathieu Parent <sathieu@debian.org> Sat, 24 Nov 2018 23:21:27 +0100 + +samba (2:4.9.2+dfsg-1) unstable; urgency=medium + + * New upstream release + - Bump build-dependencies to ldb 1.4.2 + - Update debian/samba-libs.install + * d/gitlab-ci.yml: + - Update to use include + - allow_failure for reprotest until #912340 is fixed + * d/rules: Replace override_dh_perl by override_dh_perl-arch (Closes: #913143) + * debian/gitlab-ci.yml: + - Samba sometimes needs ldb from experimental + - Use ldb from experimental in piuparts + + -- Mathieu Parent <sathieu@debian.org> Sat, 17 Nov 2018 17:25:10 +0100 + +samba (2:4.9.1+dfsg-2) unstable; urgency=medium + + [ Mathieu Parent ] + * Enable --accel-aes=intelaesni on DEB_HOST_ARCH_CPU=amd64 instead of + DEB_HOST_ARCH=amd64. This matches samba-libs.install and adds x32 + * Allow one to change password via passwd in default config + - third_party: Update pam_wrapper to version 1.0.7 + - third_party: Add pam_set_items.so from pam_wrapper + - nsswitch: Add try_authtok option to pam_winbind + - tests: Check pam_winbind pw change with different options + - Patch for previous 4 commits + - debian/winbind.pam-config: Use the new try_authtok option allowing + password change while preserving current behavior with password strength + modules (Closes: #858923, LP: #570944) + * README.source: use gbp pull --track-missing + * Override library-not-linked-against-libc false positives (See #896012) + * Fix wrong-path-for-interpreter for pidl and findsmb + * ctdb.postrm: Fix to disable_legacy (found by piuparts) (Closes: #911530) + + [ James Clarke ] + * Fix systemd-related build failures on non-Linux + + [ Mathieu Parent ] + * Add Gitlab CI: + - Subscribe to salsa-ci-team/pipeline (See salsa-ci-team/pipeline!27 and + samba-team/samba!10) + - Copy /etc/apt/{sources.list.d,preferences.d} in the dockerbuilder + container (salsa-ci-team/images!9) + - Allow daemons to start during autopkgtest (salsa-ci-team/images!10) + - debian/gitlab-ci.yml: all jobs: Use ldb from experimental + - debian/gitlab-ci.yml: piuparts job: Add --scriptsdir, --allow-database + and --warn-on-leftovers-after-purge options + - debian/gitlab-ci.yml: piuparts job: Copy apt config to allow enabling + extra repositories + - debian/gitlab-ci.yml: piuparts job: Use image with the following changes: + + Add pre_install_copy_configs and post_install_remove_configs to copy, + resp. remove config files from /etc-target to /etc + + patch pre_remove_50_find_bad_permissions to workaround findutils bug + #912180. Also proposed another workaround in piuparts as bug #911334 + which is merged but not yet released + * Upload to unstable + + -- Mathieu Parent <sathieu@debian.org> Thu, 01 Nov 2018 21:13:37 +0100 + +samba (2:4.9.1+dfsg-1) experimental; urgency=medium + + * New upstream release + + -- Mathieu Parent <sathieu@debian.org> Mon, 24 Sep 2018 13:33:21 +0200 + +samba (2:4.9.0+dfsg-1) experimental; urgency=medium + + * Upload to experimental + * New upstream release + - Update d/gbp.conf, d/watch and d/README.source for 4.9 + - Remove Fix-pidl-manpage-sections.patch, Fix-spelling.patch and + Improve-vfs_linux_xfs_sgid-manpage.patch, merged upstream + - Bump build-depends talloc >= 2.1.14, tdb >= 1.3.16, tevent >= 0.9.37 and + ldb >= 2:1.4.2' + - Update paths + - Update libsmbclient.symbols + - ctdb.lintian-override: Remove script-not-executable override + - Add ctdb.NEWS: "Configuration has been completely overhauled" + - ctdb: Enable/disable legacy script in postinst/presinst + + -- Mathieu Parent <sathieu@debian.org> Sat, 22 Sep 2018 23:04:11 +0200 + +samba (2:4.8.5+dfsg-1) unstable; urgency=medium + + * New upstream release + - Bump ldb Build-depends to 2:1.4.0+really1.3.6 + - Fixes FTBFS on kFreeBSD (Closes: #883972) + - d/rules: winbind_krb5_locator is now in the correct path + - winbind_krb5_locator manpage has moved from section 7 to 8 + * Standards-Version: 4.2.1 + + -- Mathieu Parent <sathieu@debian.org> Thu, 30 Aug 2018 19:32:24 +0200 + +samba (2:4.8.4+dfsg-2) unstable; urgency=high + + * Fix typo in previous release: s/usefull/useful/ + * Prepend 1.4.0+really to ldb version to allow samba-dsdb-modules install + (Closes: #906562, #906568) + * Urgency still set to high + + -- Mathieu Parent <sathieu@debian.org> Sun, 19 Aug 2018 10:08:22 +0200 + +samba (2:4.8.4+dfsg-1) unstable; urgency=high + + [ Andreas Hasenack ] + * d/samba.logrotate: only try to reload the services if they are running + (Closes: #902149) + * Remove the deprecated "syslog" and "syslog only" options (Closes: #901138) + + [ Mathieu Parent ] + * New upstream security release + - CVE-2018-1139 Weak authentication protocol allowed + - CVE-2018-1140 Denial of Service Attack on DNS and LDAP server + - CVE-2018-10858 Insufficient input validation on client directory listing + in libsmbclient + - CVE-2018-10918 Denial of Service Attack on AD DC DRSUAPI server + - CVE-2018-10919 Confidential attribute disclosure from the AD LDAP server + - Urgency set to high + - Bump build-depends ldb >= 1.3.5 (actually 2:1.4.0+really1.3.5) for + CVE-2018-1140 + * smb.conf: Remove "wins support" and "wins server" comments + * smb.conf: Improve "logging" comments + * smb.conf: Remove "dns proxy = no", only useful as a WINS server + * smb.conf: Propose better idmap config + * smb.conf: Remove "passdb backend = tdbsam" as this is the default + * smb.conf: Fix "usershare max shares" default (patched to 100 instead of 0) + * Standards-Version: 4.2.0 + * Set Rules-Requires-Root: binary-targets as chmod is used + * Remove override_dh_strip target as dbgsym migration is complete + + -- Mathieu Parent <sathieu@debian.org> Fri, 17 Aug 2018 16:30:18 +0200 + +samba (2:4.8.2+dfsg-2) unstable; urgency=medium + + * Update panic-action script message, samba-dbg renamed to samba-dbgsym + (Closes: #900242) + * Ensure /var/lib/samba/dhcp.conf exists (Closes: #901585) + * Check smb.conf with testparm, and also with samba-tool when + server role = active directory domain controller (Closes: #900908) + + -- Mathieu Parent <sathieu@debian.org> Mon, 18 Jun 2018 23:39:41 +0200 + +samba (2:4.8.2+dfsg-1) unstable; urgency=medium + + * New upstream release + - Bump build-depends ldb >= 1.3.3 + * Fix lintian warnings with patches recently merged upstream: + - Add Fix-pidl-manpage-sections.patch + - Add Fix-spelling.patch + - Add Improve-vfs_linux_xfs_sgid-manpage.patch + * Wrap very long lines in d/rules + + -- Mathieu Parent <sathieu@debian.org> Thu, 17 May 2018 09:58:09 +0200 + +samba (2:4.8.1+dfsg-2) unstable; urgency=low + + * Upload to unstable + * Really ignore nmbd start errors when there is no non-loopback interface + (Closes: #893762) + * Ignore nmbd start errors when there is no local IPv4 non-loopback interface + (Closes: #859526) + * Fix possible-unindented-list-in-extended-description in samba-vfs-modules + + -- Mathieu Parent <sathieu@debian.org> Tue, 15 May 2018 21:23:32 +0200 + +samba (2:4.8.1+dfsg-1) experimental; urgency=medium + + * New upstream release + * Add lintian override for "smbclient: executable-is-not-world-readable + usr/lib/x86_64-linux-gnu/samba/smbspool_krb5_wrapper 0700" (See #894720) + * Improve samba-vfs-modules description (Closes: #776505) + * Check smb.conf in samba-common-bin.postinst (Closes: #816301) + * Mark libparse-pidl-perl, samba-dev, samba-dsdb-modules and samba-vfs-modules + as"Multi-Arch: same" + * Standards-Version: 4.1.4, no change + * debian/smb.conf: Fix typo in comment line: sever -> server (Closes: #763648) + * Read smb.conf until [print$] section instead of [cdrom] to preserve + locally-defined shares (Closes: #776259) + * Fix and improve dhcp integration: + - dhclient3 was renamed to dhclient long time ago... + - Remove /etc/samba/dhcp.conf on purge (Closes: #784713) + - Move dhcp.conf out of /etc to allow ro root (Closes: #695362) + - Update template for "Move dhcp.conf out of /etc to allow ro root" + * Enable --accel-aes=intelaesni on DEB_HOST_GNU_CPU=x86_64 (Closes: #896196) + - Use dh-exec to install libaesni-intel.so.0 only on amd64 + + -- Mathieu Parent <sathieu@debian.org> Sun, 29 Apr 2018 12:54:06 +0200 + +samba (2:4.8.0+dfsg-2) experimental; urgency=medium + + * Remove unused and outdated debian/README.debian (debian/README.Debian is + used instead) + * Mask services as appropriate in samba and winbind postinst (Closes: #863285) + - mask samba-ad-dc unless server role = active directory domain controller + (as before) + - mask smbd and nmbd when server role = active directory domain controller + - mask nmbd when disable netbios = yes (Closes: #866125) + * Set smbspool_krb5_wrapper permissions to 0700 (Closes: #894720, #372270) + * Remove Depends: samba-libs of lib{nss,pam}-winbind + * Mark winbind "Multi-Arch: allowed" and make lib{pam,nss}-winbind depends on + winbind:any to allow co-installation (Closes: #881100) + * Ignore nmbd start errors when there is no non-loopback interface + (Closes: #893762) + + -- Mathieu Parent <sathieu@debian.org> Sun, 08 Apr 2018 22:09:53 +0200 + +samba (2:4.8.0+dfsg-1) experimental; urgency=medium + + [ Mathieu Parent ] + * New major upstream version + - Update d/gbp.conf and d/watch for 4.8 + - Update upstream source from tag 'upstream/4.8.0+dfsg' + - Re-apply patches + - Remove patches merged upstream: + + no_build_system.patch + + systemd-syslog.target-is-obsolete.patch + + Add-documentation-to-systemd-Unit-files.patch + + fix_kill_path_in_units.patch + + nmbd-requires-a-working-network.patch + + CVE-2018-1050-11343-4.7.patch + + CVE-2018-1057-v4-7.metze01.patches.txt + - Bump build-depends talloc >= 2.1.11~, tdb >= 1.3.15~, tevent >= 0.9.36~ + and ldb >= 2:1.3.2~ + - Drop Build-Conflicts-Arch: libaio-dev, vfs_aio_linux was dropped + - Update debian/*.install and use debian/not-installed + - Update debian/libsmbclient.symbols + - Upload to experimental + * debian/README.source + - Update instructions + - Convert to Markdown + - Add a symlink from README.source to README.source.md + * debian/rules: + - Use the new --systemd-install-services + - Use dh_missing --fail-missing + - Re-order debian/rules overrides in the order they are called + - Remove broken get-packaged-orig-source target + - Remove unused DEB_BUILD_OPT_FOO variables + - Add some comments + - Move all the custom installs from override_dh_install to + override_dh_auto_install + - Remove --sourcedir override to dh_install "since dh_install automatically + looks for files in debian/tmp in debhelper compatibility level 7 and + above" + - PIDFile= is now correctly set in *.service + + [ Louis van Belle ] + * Update d/control, Relax Build-Depends to allow backport + + -- Mathieu Parent <sathieu@debian.org> Mon, 19 Mar 2018 13:02:51 +0100 + +samba (2:4.7.4+dfsg-2) unstable; urgency=high + + [ Mathieu Parent ] + * This is a security release in order to address the following defects: + - CVE-2018-1050: Codenomicon crashes in spoolss server code + - CVE-2018-1057: Unprivileged user can change any user (and admin) password + * Fix "/etc/dhcp/dhclient-enter-hooks.d/samba returned non-zero exit status 1" + when samba.service is disabled + - Pick patch from Ubuntu for Launchpad #1579597 + - Fix systemd check + * Replace override_dh_systemd_start by override_dh_installsystemd (Fixes + ctdb starting on install and restarting on upgrade since update to debhelper + compat 11) + * Replace --no-restart-on-upgrade by --no-stop-on-upgrade in dh_installinit + and dh_installsystemd + * Add missing dh_installsystemd calls to ensure that services are properly + unmasked and enabled in postinst + + [ Andreas Hasenack ] + * Add extra DEP8 tests to samba (Closes: #890439): + - d/t/control, d/t/cifs-share-access: access a file in a share using cifs + - d/t/control, d/t/smbclient-anonymous-share-list: list available shares + anonymously + - d/t/control, d/t/smbclient-authenticated-share-list: list available + shares using an authenticated connection + - d/t/control, d/t/smbclient-share-access: create a share and download a + file from it + + -- Mathieu Parent <sathieu@debian.org> Fri, 02 Mar 2018 20:55:06 +0100 + +samba (2:4.7.4+dfsg-1) unstable; urgency=medium + + * New upstream version + - Updates patches + - Bump ldb build-deps to 1.2.3 + * Repository moved to salsa: Update Vcs-* fields + * d/README.source: + - ensure required branches exists + - sync all required branches + * Standards-Version: 4.1.3 (no change) + * Move to debhelper compat 11 + * Move libpam-winbind: to section admin + * Move libnss-winbind: to section admin + + -- Mathieu Parent <sathieu@debian.org> Thu, 11 Jan 2018 20:49:28 +0100 + +samba (2:4.7.3+dfsg-1) unstable; urgency=high + + * New upstream version + - Remove patches for CVE-2017-15275 and CVE-2017-14746, merged + - Bump libtevent-dev to 0.9.34, to fix upstream "BUG 13130: smbd on disk + file corruption bug under heavy threaded load" + - Set urgency to high for this fix + * Stop building vfs_aio_linux (Closes: #881239) + * Print "ignore the following error about deb-systemd-helper not finding + samba-ad-dc.service" on upgrade too (Closes: #882482). + Thanks Julian Gilbey for the patch + + -- Mathieu Parent <sathieu@debian.org> Thu, 23 Nov 2017 16:39:19 +0100 + +samba (2:4.7.1+dfsg-2) unstable; urgency=high + + * This is a security release in order to address the following defects: + - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when + talloc buffer is grown. + - CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug. + + -- Mathieu Parent <sathieu@debian.org> Sun, 12 Nov 2017 10:02:19 +0100 + +samba (2:4.7.1+dfsg-1) unstable; urgency=medium + + * New upstream version + * Add lintian-override about heimdal embedded-library + * Remove trailing spaces in debian/changelog + + -- Mathieu Parent <sathieu@debian.org> Wed, 08 Nov 2017 07:48:31 +0100 + +samba (2:4.7.0+dfsg-2) unstable; urgency=medium + + * Upload to sid + * Bump libcmocka-dev builddep to 1.1.1 (Closes: #878357) + * Remove Skip-raw.write-tests.patch as we don't run tests + * Remove 05_share_ldb_module, not understood + - d/rules: /usr/lib/*/samba/share/ldb.so is not present anymore + + -- Mathieu Parent <sathieu@debian.org> Thu, 26 Oct 2017 17:30:02 +0200 + +samba (2:4.7.0+dfsg-1) experimental; urgency=medium + + * New major upstream version + - Update d/gbp.conf and d/watch for 4.7 + - Update patches + - Remove no_build_env.patch, no more needed + - Remove 4 patches merged upstream + - Bump build-depends ldb >= 2:1.2.2~, tdb >= 1.3.14~, tevent >= 0.9.33~ + - Move replace from builtin to bundled libraries to fix FTBFS + - Update d/*.install + - Update symbols + * Rework all patches for dep5 and "gbp pq" + * Add libjansson-dev to Build-Depends to allow logging in JSON format + * Lintian fixes: + - build-depends: dh-systemd (>= 1.5) => use debhelper (>= 9.20160709) + - Move libsmbclient-dev from priority extra to optional + - Standards-Version: 4.1.1 + - Update samba-libs.lintian-overrides (following libsmbldap bump) + + -- Mathieu Parent <sathieu@debian.org> Thu, 12 Oct 2017 22:09:19 +0200 + +samba (2:4.6.7+dfsg-2) unstable; urgency=high + + * This is a security release in order to address the following defects: + - CVE-2017-12150: Some code path don't enforce smb signing, when they should + - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects + - CVE-2017-12163: Server memory information leak over SMB1 + + -- Mathieu Parent <sathieu@debian.org> Tue, 19 Sep 2017 22:00:13 +0200 + +samba (2:4.6.7+dfsg-1) unstable; urgency=medium + + * New upstream version + - Removed CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch, + merged + - Remove s3-gse_krb5-fix-a-possible-crash-in-fill_mem_keytab.patch, merged + * README.source: Default merge-mode of gbp has changed to replace + * Fix samba.logrotate (Thanks Thomas A. Reim) + + -- Mathieu Parent <sathieu@debian.org> Tue, 15 Aug 2017 23:06:36 +0200 + +samba (2:4.6.5+dfsg-8) unstable; urgency=medium + + * Remove dependency on update-inetd, not used anymore + * vfs_ceph and vfs_glusterfs are linux only (d/rules part) + * Remove build-dependency on faketime, not used anymore + + -- Mathieu Parent <sathieu@debian.org> Sun, 23 Jul 2017 19:56:07 +0200 + +samba (2:4.6.5+dfsg-7) unstable; urgency=medium + + * xfslibs-dev is only available on linux + * Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes + of the service (systemd only) + * Add reportbug script for samba-common, samba and winbind (Closes: #682861) + + -- Mathieu Parent <sathieu@debian.org> Fri, 21 Jul 2017 06:19:57 +0200 + +samba (2:4.6.5+dfsg-6) unstable; urgency=medium + + * libcephfs-dev is only available on linux + * Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430) + * Add missing logrotate for /var/log/samba/log.samba (Closes: #803924) + * Use smbcontrol in logrotate when available (Closes: #804705) + * From upstream: Fix outdated DNS Root servers (Closes: #865406) + * Drop xsltproc_dont_build_smb.conf.5.patch, as #750593 is marked fixed + (Closes: #776223) + + -- Mathieu Parent <sathieu@debian.org> Wed, 19 Jul 2017 22:53:50 +0200 + +samba (2:4.6.5+dfsg-5) unstable; urgency=medium + + * Remove bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch, + unused + * Remove samba-ad-dc.templates + * Remove upstart files on upgrade (Closes: #867688) + * glusterfs-common is only available on linux + * Remove the samba service + * Ensure /var/log/samba permissions are set (Closes: #711138) + + -- Mathieu Parent <sathieu@debian.org> Tue, 18 Jul 2017 23:29:44 +0200 + +samba (2:4.6.5+dfsg-4) unstable; urgency=high + + * This is a security release in order to address the following defects: + - CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + (Closes: #868209) + * Other fixes: + - Remove empty samba-common.maintscript (leading to empty preinst and + prerm) + + -- Mathieu Parent <sathieu@debian.org> Thu, 13 Jul 2017 14:38:32 +0200 + +samba (2:4.6.5+dfsg-3) unstable; urgency=medium + + * Remove upstart code + * Remove empty prerm for samba and samba-common-bin (Closes: #866258, + #866284) + * sysv: Use --pidfile in addition to --exec to avoid matching daemons in + containers (Closes: #810794) + * Standards-Version: 4.0.0 + - Use https form of the copyright-format URL (Debian Policy 4.0.0) + * Remove debian/bzr-builddeb.conf + * Remove empty debian/diversions + * Remove "ugly workaround to get the manpages on every architecture to be + identical", xsltproc now honour SOURCE_DATE_EPOCH + * Remove dh-exec shbang in libnss-winbind.install + * Remove empty debian/libsmbclient.manpages + * Remove pre-jessie maintscript snipsets + * Move to debhelper compat 10 (Major change: dh_installinit command now + defaults to --restart-after-upgrade) + * Remove unused samba-ad-dc package metadata (Closes: #866138) + * Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is configured + in PAM" (Closes: #739768) + + -- Mathieu Parent <sathieu@debian.org> Thu, 29 Jun 2017 09:45:59 +0200 + +samba (2:4.6.5+dfsg-2) unstable; urgency=medium + + * Upload to unstable + * Move runtime dependencies of vfs_ceph and vfs_snapper to Recommends + * Fix typo s/DESTIDR/DESTDIR/ in d/rules + * Enable vfs_glusterfs (Closes: #864862) + * Add libdbus-1-dev as Build-Depends to allow vfs_snapper to build (Closes: + #804781). Patch by Willy Vanlid. + + -- Mathieu Parent <sathieu@debian.org> Mon, 19 Jun 2017 23:56:56 +0200 + +samba (2:4.6.5+dfsg-1) experimental; urgency=medium + + * New upstream version (Closes: #859390) + - d/gbp.conf, d/watch: Change major version to 4.6 + - Bump Build-dependencies of talloc, tdb, tevent and ldb to resp. 2.1.9, + 1.3.12, O.9.31 and 1.1.29 + - Remove CVE-2017-7494.patch: applied upstream + - Add Build-Depends: libcmocka-dev (>= 1.0) + - Update d/*.install + - d/samba-common.docs: Roadmap removed upstream + * Update README.source, about importing major versions + * d/control cleanup: + - Remove Conflicts and Replaces on pre-wheezy samba4 packages + - Remove Conflicts, Breaks and Replaces on pre-wheezy samba packages + - Remove Conflicts, Breaks and Replaces on pre-jessie samba packages + - Remove Conflicts, Breaks and Replaces on (pre-jessie) samba4 packages + - Remove Conflicts on pre-jessie libldb1 package + - Remove Breaks on pre-jessie qtsmbstatus-server package + - Remove Replaces on pre-wheezy smbget package + - wrap-and-sort + * Add libcephfs-dev as b-d to build vfs_ceph (Closes: #856998). Patch from + Ubuntu + * Enable avahi support (Closes: #859875). Patch from Laurent Bigonville. + * Translations: + - Portuguese translation for debconf messages (Closes: #864172). Patch from + Rui Branco + - Hungarian translation for debconf messages (Closes: #708277) + * Properly quote subshell invocation in samba-common.preinst (Closes: #771689) + * Add Build-Depends: xfslibs-dev, for XFS quotas + + -- Mathieu Parent <sathieu@debian.org> Mon, 12 Jun 2017 08:09:43 +0200 + +samba (2:4.5.8+dfsg-2) unstable; urgency=high + + * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside + + -- Mathieu Parent <sathieu@debian.org> Thu, 18 May 2017 11:53:47 +0200 + +samba (2:4.5.8+dfsg-1) unstable; urgency=high + + * New upstream version + - Drop CVE-2017-2619.patch: merged upstream + - Fix CVE-2017-2619 regression with "follow symlink = no" (Closes: #858564) + + -- Mathieu Parent <sathieu@debian.org> Sat, 01 Apr 2017 20:39:17 +0200 + +samba (2:4.5.6+dfsg-2) unstable; urgency=high + + * This is a security release in order to address the following defects: + - CVE-2017-2619: symlink race permits opening files outside share directory + + -- Mathieu Parent <sathieu@debian.org> Wed, 22 Mar 2017 08:03:34 +0100 + +samba (2:4.5.6+dfsg-1) unstable; urgency=medium + + * New upstream version + * Fix typo in smbd.service and winbind.service (s/nmb.service/nmbd.service) + (Closes: #857232) + + -- Mathieu Parent <sathieu@debian.org> Thu, 09 Mar 2017 15:42:37 +0100 + +samba (2:4.5.5+dfsg-1) unstable; urgency=medium + + * New upstream version + - Revert rewrite of the vfs_fruit module (Closes: #856561) + * Fix 'winbindd privileged socket directory' (Closes: #754339): + - Fix path from /var/run/samba/winbindd_privileged/ to + /var/lib/samba/winbindd_privileged/. + - Move mkdir+chgrp+chmod to postinst (to handle systemd also). + - Thanks to Jim Barber for the report. + * logrotate: Use delaycompress on all logs (Closes: #702201) + - Thanks to Matthew Gabeler-Lee for the proposed fix. + + -- Mathieu Parent <sathieu@debian.org> Sun, 05 Mar 2017 23:21:09 +0100 + +samba (2:4.5.4+dfsg-1) unstable; urgency=medium + + [ Mathieu Parent ] + * New upstream version + - Drop security-2016-12-19.patch, was 4.5.3 + * missing-build-dependency-for-dh_-command dh_python2 => dh-python + + [ Vincent Blut ] + * d/control: Suggest chrony as an alternative to ntp (Closes: #851727) + + [ Daniel A ] + * add gpgme support (Closes: #850908) + + -- Mathieu Parent <sathieu@debian.org> Wed, 25 Jan 2017 21:25:40 +0100 + +samba (2:4.5.2+dfsg-2) unstable; urgency=high + + * This is a security release in order to address the following defects: + - CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer + Overflow Remote Code Execution Vulnerability). + - CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in + trusted realms). + - CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege + elevation). + + -- Mathieu Parent <sathieu@debian.org> Sat, 17 Dec 2016 22:54:35 +0100 + +samba (2:4.5.2+dfsg-1) unstable; urgency=medium + + * New upstream version + - Remove CTDB-Fix-samba-eventscript.patch: merged + - d/rules: /usr/share/ctdb-tests is now /usr/share/ctdb/tests + * Update gbp.conf with debian-branch = master + + -- Mathieu Parent <sathieu@debian.org> Thu, 08 Dec 2016 20:21:52 +0100 + +samba (2:4.5.1+dfsg-2) unstable; urgency=medium + + * Upload to unstable + + -- Mathieu Parent <sathieu@debian.org> Mon, 05 Dec 2016 07:01:35 +0100 + +samba (2:4.5.1+dfsg-1) experimental; urgency=medium + + * New upstream version + - Refresh patches + - Remove bug_12283_segfault_tevent_internals.patch + - Remove gencache-Bail-out-of-stabilize-if-we-can-not-get-the.patch + - Adding libdsdb-garbage-collect-tombstones.so.0 to samba-libs.install + * CTDB: Fix samba eventscript + * nmbd requires a working network (Closes: #698056, #842056, #840608, + LP: #1635491) + * Be more verbose about masking samba-ad-dc.service (Closes: #841147) + * Remove Fix_parallel_build.patch, not working + + -- Mathieu Parent <sathieu@debian.org> Tue, 01 Nov 2016 13:54:29 +0100 + +samba (2:4.5.0+dfsg-1) experimental; urgency=medium + + * Upload to experimental + * New upstream version + + Remove patches: + - bug_601406_fix-perl-path-in-example.patch, similar applied + - waf_smbpasswd_location, applied + - Fix-privacy-breach-on-google.com.patch, doc moved out of source + - ctdb-Fix-detection-of-gnukfreebsd.patch, applied + - gcc_6.patch, applied + + Dumped dependencies + - libldb-dev (>= 2:1.1.27~) + - libtalloc-dev (>= 2.1.8~) + - libtdb-dev (>= 1.3.10~) + - libtevent-dev (>= 0.9.29~) + - python-talloc-dev (>= 2.1.8~) + + Install new files and update debian/ctdb.docs + + Update to libwbclient0.symbols + + Update samba-libs.lintian-overrides (libtevent-unix-util0 removed) + + /etc/default/ctdb is now /etc/ctdb/ctdbd.conf + * Add patch for https://bugzilla.samba.org/show_bug.cgi?id=12045 + * ctdb/wscript: Call CHECK_XSLTPROC_MANPAGES() before checking + XSLTPROC_MANPAGES. This should fix parallel builds, including + tests.reproducible-builds.org. Thanks HW42 on IRC + * Depends: lsb-base (>= 3.0-6), for ctdb and winbind as they source + /lib/lsb/init-functions + + -- Mathieu Parent <sathieu@debian.org> Sun, 23 Oct 2016 15:56:59 +0200 + +samba (2:4.4.6+dfsg-2) unstable; urgency=high + + * Remove uses of tevent internals. This fixes segfault. + Closes: #840382, #840298. + + -- Mathieu Parent <sathieu@debian.org> Wed, 12 Oct 2016 05:53:33 +0200 + +samba (2:4.4.6+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Use epoch in samba-vfs-modules Breaks and Replaces (Closes: #833164) + * Only fix PIDFile in {nmbd,samba-ad-dc,smbd,winbind}.service (i.e. not + ctdb.service) Closes: #838000. + * logrotate: Only reload smbd when needed. Thanks Roland Hieber. + Closes: #838796. + + -- Mathieu Parent <sathieu@debian.org> Mon, 10 Oct 2016 22:23:45 +0200 + +samba (2:4.4.5+dfsg-3) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Add strict dependencies on samba-libs, because of use of private + libraries without stable ABI across Samba binary packages. + * Add Breaks clauses for older versions of samba-libs and samba to + samba-vfs-modules, as some files have moved. Closes: #833164, + #832880 + + [ Mathieu Parent ] + * Remove /etc/systemd/system/samba-ad-dc.service (from postinst) on purge. + Closes: #832352 + * Fix PIDFile in systemd service files. Closes: #830909 + * Remove unused lintian overrides + * Use automatic debug packages (-dbgsym) (Closes: #819776) + * Remove Christian Perrier from uploaders (Closes: #836715). Thanks for all + you work, and thanks for bringing me in the team and as a DD. + * Update Turkish translation. Thanks Atila KOÇ. Closes: #791903 + * Drop dependency on samba-libs in libwbclient0 to avoid + circular dependency. + + -- Mathieu Parent <sathieu@debian.org> Fri, 09 Sep 2016 13:00:54 +0200 + +samba (2:4.4.5+dfsg-2) unstable; urgency=medium + + * Disable running of 'make quicktest' during build, as it takes very + long to run on x32 and enables building non-production NTVFS server. + Closes: #830571 + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 09 Jul 2016 19:09:19 +0000 + +samba (2:4.4.5+dfsg-1) unstable; urgency=medium + + * New upstream release. + + Fixes CVE-2016-2119: Client side SMB2/3 required signing can be + downgraded. Closes: #830195 + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 07 Jul 2016 10:51:40 +0000 + +samba (2:4.4.4+dfsg-3) unstable; urgency=medium + + * Add patch gcc_6.patch, fixing compatibility with gcc 6. + Closes: #812264 + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 04 Jul 2016 12:20:56 +0000 + +samba (2:4.4.4+dfsg-2) unstable; urgency=medium + + * Mask samba-ad-dc.service unless needed (Closes: #828137) + * Fix kill path in systemd units (Closes: #828730) + + -- Mathieu Parent <sathieu@debian.org> Mon, 27 Jun 2016 21:37:58 +0200 + +samba (2:4.4.4+dfsg-1) unstable; urgency=medium + + * New upstream release. + * The "Thanks lintian" release + * Fixes: + - Ensure that dpkg-buildflags are passed, and enable all hardening + - systemd + + Enable systemd (sd_notify) on Linux, and install systemd files + + Remove obsolete syslog.target from service files + + Add documentation field to unit files + - Drop fix-cluster-build.diff: no more needed + - Use secure Vcs-* URLs + - Fix copyright file + - samba.postinst: command-with-path-in-maintainer-script update-inetd + - samba-common-bin: package-contains-empty-directory usr/lib/samba/ + - winbind: package-contains-empty-directory usr/lib/samba/nss_info/ + - Add Description to init files + * No-op fixes: + - d/control: Drop XS-Testsuite field + - Drop redundant "Priority: optional" fields + - Drop redundant "Section: net" fields + - Describe non-standard-dir-perm var/spool/samba/ + - Describe no_build_system.patch + - Remove README.build-upstream, as packaging/Debian/ is now empty + - Verify upstream tarball from uscan + - Update README.source and remove build-orig.sh + + -- Mathieu Parent <sathieu@debian.org> Mon, 13 Jun 2016 21:52:52 +0200 + +samba (2:4.4.3+dfsg-4) unstable; urgency=medium + + * Fix build with DEB_BUILD_OPTIONS=nocheck + * Still run "make quicktest" but ignore failures + + -- Mathieu Parent <sathieu@debian.org> Sat, 07 May 2016 13:18:53 +0200 + +samba (2:4.4.3+dfsg-3) unstable; urgency=medium + + * Skip raw.write tests for now as they fail on 32-bit + + -- Mathieu Parent <sathieu@debian.org> Fri, 06 May 2016 15:34:07 +0200 + +samba (2:4.4.3+dfsg-2) unstable; urgency=medium + + * Run quicktest during build + * Reproducibility: + - Drop no_build_options.patch as it breaks "make test" + - Remove unreproducible build environment instead + * Mention that patch waf_smbpasswd_location was submitted + * usershare.patch: Fix "usershare max shares" default in XML doc and in s4 + + -- Mathieu Parent <sathieu@debian.org> Tue, 03 May 2016 12:30:56 +0200 + +samba (2:4.4.3+dfsg-1) unstable; urgency=medium + + * Cleanup ctdb READMEs during 'clean' step. + * New upstream release. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 02 May 2016 14:12:46 +0000 + +samba (2:4.4.2+dfsg-2) unstable; urgency=medium + + * Merge in 4.3 package changes. + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 27 Apr 2016 01:29:47 +0000 + +samba (2:4.4.2+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Bump standards version to 3.9.8 (no changes). + * Drop build dependency on perl-modules; depend on perl instead. + * Upload to unstable. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 26 Apr 2016 23:29:54 +0000 + +samba (2:4.4.1+dfsg-1) experimental; urgency=medium + + * New upstream release + + Fixes (Patches by Stefan Metzmacher of SerNet and others on the Samba Team): + - CVE-2015-5370 (Multiple errors in DCE-RPC code) + - CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) + - CVE-2016-2111 (NETLOGON Spoofing Vulnerability) + - CVE-2016-2112 (LDAP client and server don't enforce integrity) + - CVE-2016-2113 (Missing TLS certificate validation) + - CVE-2016-2114 ("server signing = mandatory" not enforced) + - CVE-2016-2115 (SMB IPC traffic is not integrity protected) + - CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) + * Additional regression fix for 'net ads join' to a Windows 2003 domain by metze + + -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Mon, 11 Apr 2016 16:09:59 +1200 + +samba (2:4.4.0+dfsg-1) experimental; urgency=medium + [ Andrew Bartlett ] + * New upstream release. + + -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 06 Apr 2016 17:08:20 +1200 + +samba (2:4.3.8+dfsg-1) unstable; urgency=low + + [ Jelmer Vernooij ] + * Add patch no_build_system.patch: drop host-specific define that + prevents reproducible builds. + * New upstream release. + + Drop patch + security-2016-04-12-prerequisite-v4-3-regression-fixes.metze01.txt, + now included upstream. + * Bump version in Replaces: samba-libs for samba-vfs-modules to + 4.3.2+dfsg-1, to fix jessie->stretch upgrades. Closes: #821070 + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Apr 2016 01:18:36 +0000 + +samba (2:4.3.7+dfsg-1) unstable; urgency=high + + * New upstream release. + + Fixes (Patches by Stefan Metzmacher of SerNet and others on the Samba Team): + - CVE-2015-5370 (Multiple errors in DCE-RPC code) + - CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) + - CVE-2016-2111 (NETLOGON Spoofing Vulnerability) + - CVE-2016-2112 (LDAP client and server don't enforce integrity) + - CVE-2016-2113 (Missing TLS certificate validation) + - CVE-2016-2114 ("server signing = mandatory" not enforced) + - CVE-2016-2115 (SMB IPC traffic is not integrity protected) + - CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) + * Additional regression fix for 'net ads join' to a Windows 2003 domain by metze + + -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Wed, 13 Apr 2016 10:24:17 +1200 + +samba (2:4.3.6+dfsg-2) unstable; urgency=low + [ Mathieu Parent ] + * Fix FTBFS when built with dpkg-buildpackage -A (Closes: #818146). Patch by + Santiago Vila + * Drop samba from winbind depends and use samba-common* instead + (Closes: #732604) + * Add an override to script-not-executable etc/ctdb/events.d/10.external + * Add ufw integration (from Ubuntu) + * Don't build ctdb twice: + - Shorten build time + - Fix ctdb log path from /var/log/log.ctdb to /var/log/ctdb/log.ctdb + - Remove unused /usr/lib/*/ctdb/*.so files + + [ Steven Chamberlain ] + * ctdb: Fix detection of gnukfreebsd (Closes: #802621) + + [ Jelmer Vernooij ] + * Add no_build_options.patch: make package more reproducible by + disabling build options output. + + [ Andrew Bartlett ] + * Allow to build/run the AD DC provision/dbcheck against talloc + 2.1.6 (Closes: #820015) + + -- Mathieu Parent <sathieu@debian.org> Thu, 31 Mar 2016 22:26:11 +0200 + +samba (2:4.3.6+dfsg-1) unstable; urgency=medium + + * New upstream release. + + Fixes: + - CVE-2015-7560: Incorrect ACL get/set allowed on symlink path. + - CVE-2016-0771 (Out-of-bounds read in internal DNS server. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 27 Feb 2016 23:28:53 +0000 + +samba (2:4.3.5+dfsg-3) unstable; urgency=medium + + * Fix dhclient hook if samba is not installed. Thanks, Jan Braun. + Closes: #801976 + * Rebuild against current version of ldb in the archive. Closes: + #817036 + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 08 Mar 2016 00:24:10 +0000 + +samba (2:4.3.5+dfsg-2) unstable; urgency=medium + + * Move strict ldb dependency to samba-dsdb-modules package, which + actually contains the modules. Closes: #816210 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 06 Mar 2016 22:51:53 +0000 + +samba (2:4.3.5+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Fixed usershare.patch to apply against new version. + * Loosen dependencies on ldb to ldb >= 1.1.21, per upstream. + * Drop patch sockets-with-htons.patch: applied upstream. + * Bump standards version to 3.9.7 (no changes). + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 05 Mar 2016 15:56:42 +0000 + +samba (2:4.3.3+dfsg-2) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Add dependency on libtevent-dev in samba-dev. + + [ Mathieu Parent ] + * Fix CTDB behavior since CVE-2015-8543 (Closes: #813406) + + -- Mathieu Parent <sathieu@debian.org> Thu, 04 Feb 2016 13:25:01 +0100 + +samba (2:4.3.3+dfsg-1) unstable; urgency=medium + + * New upstream release. Closes: #808133. + + Drop subunit dependency, no longer used. + + Drop ntdb dependencies, no longer used. + + Fixes: + - CVE-2015-5252: Insufficient symlink verification in smbd + - CVE-2015-5296: Samba client requesting encryption vulnerable + downgrade attack + - CVE-2015-5299: Missing access control check in shadow copy code + - CVE-2015-7540: Remote DoS in Samba (AD) LDAP server + - CVE-2015-8467: Denial of service attack against Windows Active Directory + server + - CVE-2015-3223: Denial of service in Samba Active Directory server + - CVE-2015-5330: Remote memory read in Samba LDAP server + * Remove libpam-smbpasswd, which is broken and slated for removal + upstream. Closes: #799840 + * Remove lib/zlib/contrib/dotzlib/DotZLib.chm from excluded files in + copyright; no longer shipped upstream. + * Remove wins2dns.awk example script. + * Remove the samba-doc package, and move examples files from it to + relevant other packages. Closes: #769385 + * Move samba-dsdb-modules back from Depends to Recommends, as using + Samba as a standalone server doesn't require the dsdb modules. + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 18 Dec 2015 01:18:42 +0000 + +samba (2:4.3.0+dfsg-2) experimental; urgency=medium + + * Re-enable cluster support. + + Build samba-cluster-support as built-in library, since its dependencies + are broken. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 28 Sep 2015 00:34:51 +0000 + +samba (2:4.3.0+dfsg-1) experimental; urgency=medium + + * Fix watch file. + * New upstream release. + * Drop no_wrapper patch: applied upstream. + * Drop patch ctdb_sockpath.patch: applied upstream. + * Drop Fix-CTDB-build-with-PMDA patch: applied upstream. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 19 Sep 2015 01:59:36 +0000 + +samba (2:4.2.1+dfsg-1) experimental; urgency=medium + + [ Jelmer Vernooij ] + * New upstream release. + + Drop patch do-not-install-smbclient4-and-nmbclient4: applied upstream. + + Drop patch + bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch: + present upstream. + + Refresh patch 26_heimdal_compat.26_heimdal_compat. + + Add build-dependency on libarchive-dev. + * Drop samba_bug_11077_torturetest.patch: applied upstream. + * Drop dependency on ctdb - now bundled with Samba. + * Use bundled Heimdal as the system Heimdal doesn't contain the + changes required for Samba. + * Add patch heimdal-rfc3454.txt: patch in truncated rfc3454.txt for + building bundled heimdal. + * Drop patches 25_heimdal_api_changes and 26_heimdal_compat. + * Disable cluster support; it breaks the build. + * Add patch no_wrapper: avoid dependencies on + {nss,uid,socket}_wrapper. + * Move some libraries around. + * Move ownership of var/lib/samba and var/lib/samba/private to samba- + common, remove obsolete samba4.dirs. Closes: #793866 + * Remove ctdb-tests and ctdb-pcp-pmda packages as they contain problems + and unclear what they are useful for, now ctdb now longer provides + an external API. + + [ Mathieu Parent ] + * Merge ctdb source package + - initial merge + - libctdb-dev has been dropped + - ctdb-dbg renamed to ctdb-tests, debug files moved to samba-dbg + - ctdb-tests depends on python + * Fix CTDB socketpath parsing + * Fix CTDB build with PMDA + * ctdb: Fix privacy breach on google.com (from documentation) + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Dec 2014 15:34:36 +0000 + +samba (2:4.1.20+dfsg-1) unstable; urgency=medium + + * New upstream release (last compatible with current OpenChange). + * samba_bug_11077_torturetest.patch: refresh. + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 17:48:59 +0000 + +samba (2:4.1.17+dfsg-5) unstable; urgency=medium + + * Rebuild against new ldb. Closes: #799569 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 13:20:53 +0000 + +samba (2:4.1.17+dfsg-4) unstable; urgency=medium + + * Add pidl_reproducible.patch: Make pidl output reproducible. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 28 Apr 2015 00:10:21 +0000 + +samba (2:4.1.17+dfsg-3) unstable; urgency=medium + + * Rebuild against new ldb. Closes: #783424 + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 27 Apr 2015 00:09:50 +0000 + +samba (2:4.1.17+dfsg-2) unstable; urgency=medium + + [ Andreas Beckmann ] + * Add samba.preinst to temporarily deactivate the old qtsmbstatusd + initscript which has dependencies incompatible with the new samba + initscript. This will ensure a clean upgrade path for samba if the + qtsmbstatus-server package was installed previously. (Closes: #779666) + + -- Ivo De Decker <ivodd@debian.org> Sat, 07 Mar 2015 13:09:23 +0100 + +samba (2:4.1.17+dfsg-1) unstable; urgency=high + + * New upstream release. Fixes: + - CVE-2014-8143: Elevation of privilege to Active Directory Domain + Controller. Closes: #776993 + - CVE-2015-0240: Unexpected code execution in smbd. Closes: #779033 + * Refresh patch add-so-version-to-private-libraries. + * Add new smbtorture test rpc.schannel_anon_setpw to detect the conditions + leading to CVE-2015-0240. + * Add breaks on qtsmbstatus-server (<< 2.2.1-3~). Closes: #775041 + * Build-depend on reverted ldb version (with increased epoch). + + -- Ivo De Decker <ivodd@debian.org> Mon, 23 Feb 2015 20:20:21 +0100 + +samba (2:4.1.13+dfsg-4) unstable; urgency=medium + + * Revert previous patch, since ldb has an active module version check. + Instead, just depend on ldb 1.1.18. Closes: #771991 + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 10 Dec 2014 18:13:42 +0000 + +samba (2:4.1.13+dfsg-3) unstable; urgency=medium + + * Update debian/rules to allow support for multiple upstream ldb + versions, when verified. Closes: #771991 + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 04 Dec 2014 21:03:54 +0100 + +samba (2:4.1.13+dfsg-2) unstable; urgency=medium + + * Mask /etc/init.d/samba init script for systemd. This should make systemd + ignore the samba init script. Thanks to Michael Biebl for the suggestion. + Closes: #740942 + * Disable samba init script on upgrade from wheezy to jessie. + Thanks again to Michael Biebl for the report. + Closes: #766690 + + -- Ivo De Decker <ivodd@debian.org> Sat, 25 Oct 2014 00:49:12 +0200 + +samba (2:4.1.13+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Bump standards version to 3.9.6 (no changes). + + -- Ivo De Decker <ivodd@debian.org> Tue, 21 Oct 2014 20:22:19 +0200 + +samba (2:4.1.11+dfsg-2) unstable; urgency=medium + + * Updated Italian translation. Thanks Luca Monducci. Closes: #760743 + * Use HTTP in watch file, as ftp.samba.org is not working reliably for + me. + * Use Excluded-Files in debian/copyright for DFSG-nonfree files. + * Update Dutch translation. Thanks Frans Spiesschaert. Closes: #763650 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Sep 2014 20:52:27 +0200 + +samba (2:4.1.11+dfsg-1) unstable; urgency=high + + * New upstream release. Fixes: + + CVE-2014-3560: Remote code execution in nmbd. Closes: #756759 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 03 Aug 2014 03:47:07 +0200 + +samba (2:4.1.9+dfsg-2) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Depend on libgnutls28-dev rather than libgnutls-dev. Closes: #753146 + * Remove outdated-autotools-helper-file overrides for config.guess and + config.sub; files are no longer present upstream. + * Add branch to Vcs-Git header. + * samba.smbd.upstart: Remove leftover code for RUN_MODE=inetd, which + was already removed elsewhere. + * Move dsdb-module library from samba-dsdb-modules to samba-libs, to + prevent circular dependencies between samba-dsdb-modules and samba- + libs. This is necessary since dsdb-module is now used by the dcerpc- + server library. + + [ Debconf translations ] + * New Brazilian Portugese translation from Adriano Rafael Gomes. + Closes: #752719 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 29 Jun 2014 19:43:52 +0200 + +samba (2:4.1.9+dfsg-1) unstable; urgency=high + + * New upstream security release. Fixes: + - CVE-2014-0244: nmbd denial of service + - CVE-2014-3493: smbd denial of service: server crash/memory corruption + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 23 Jun 2014 18:33:27 +0200 + +samba (2:4.1.8+dfsg-1) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Remove smbd and nmbd from required-start and required-stop in + samba.init. Closes: #739887 + + [ Ivo De Decker ] + * Remove workaround for #745233. + * New upstream release. Fixes: + - CVE-2014-0239: dns: Don't reply to replies. Closes: #749845 + - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. + * Use the upstream version of the smb.conf.5 manpage, instead of building + it. This is an ugly temporary workaround because xsltproc crashes on some + architectures when building this manpage (due to #750593). + This fixes the FTBFS, and should make samba installable with the new ldb + version. Closes: #750541, 750796 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 08 Jun 2014 23:37:53 +0200 + +samba (2:4.1.7+dfsg-2) unstable; urgency=medium + + * Build-depend on heimdal-dev instead of libkrb5-dev. + * Add versioned build-dep on libgmp10 for now, which should be pulled in by + libhogweed2, to be able to build in outdated build environments (like on + most buildds). This is a workaround for #745233. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 20 Apr 2014 13:44:39 +0200 + +samba (2:4.1.7+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Remove readline63.patch, integrated upstream. + * Add build-dep on libkrb5-dev, no longer pulled in by libcups2-dev. + * Don't try to delete Parse/Yapp/Driver.pm, which is no longer installed. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 19 Apr 2014 13:39:09 +0200 + +samba (2:4.1.6+dfsg-1) unstable; urgency=high + + * New upstream security release. Fixes: + - CVE-2013-4496: password lockout not enforced for SAMR password changes + - CVE-2013-6442: smbcacls can remove a file or directory ACL by mistake + * Backport fix for readline 6.3 from master + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 15 Mar 2014 12:13:59 +0100 + +samba (2:4.1.5+dfsg-1) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Fix watch file. + + [ Ivo De Decker ] + * New upstream release. + * Remove the part of patch 26_heimdal_compat integrated upstream. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 22 Feb 2014 23:17:59 +0100 + +samba (2:4.1.4+dfsg-3) unstable; urgency=medium + + * Move samba.dckeytab module to samba package, as it relies on hdb. + Closes: #736405, #736430 + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 24 Jan 2014 23:35:14 +0000 + +samba (2:4.1.4+dfsg-2) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Depend on newer version of ctdb, as Samba won't build against older + versions without --enable-old-ctdb. + * Bump standards version to 3.9.5 (no changes). + * Move libpac, db_glue and hdb module from samba-libs to samba package + to reduce size and dependency set of libs package. + * Fix compatibility with newer versions of the Heimdal HDB API. + + Update 26_heimdal_compat: Fix initialization of HDB plugin. Thanks Jeff + Clark. Closes: #732342 + + Add dependency on specific version of the Heimdal HDB API. + Closes: #732344 + + [ Steve Langasek ] + * dhcp3-client is superseded by dhcp-client; update the references in + the package. Closes: #736070. + * Move the dhcp client hook from /etc/dhcp3 to /etc/dhcp. + Closes: #649100. + * debian/bin/xsltproc: don't use $FAKETIME as the variable name in our + wrapper script, this seems to make faketime unhappy. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 18 Jan 2014 20:26:35 +0000 + +samba (2:4.1.4+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Update version of talloc build-deps to 2.0.8. + * python-samba: add depends on python-ntdb. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 18 Jan 2014 14:07:15 +0100 + +samba (2:4.1.3+dfsg-2) unstable; urgency=medium + + * Add debug symbols for all binaries to samba-dbg. Closes: #732493 + * Add lintian overrides for empty prerm scripts. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Fri, 27 Dec 2013 12:39:54 +0100 + +samba (2:4.1.3+dfsg-1) experimental; urgency=low + + [ Jelmer Vernooij ] + * New upstream release. + + Drop 0002-lib-replace-Allow-OS-vendor-to-assert-that-getpass-i.patch: + upstream no longer uses getpass. + * Add source dependency on libntdb1, and stop passing --disable-ntdb, + which has been removed. + * Remove handling for SWAT, which is no longer shipped upstream. + * Split VFS modules out from samba-libs into a separate binary + package. + * Move service and process_model modules from the samba-libs to the + samba package. Prevents dependencies on libkdc2-heimdal and + libhdb9-heimdal. + + [ Ivo De Decker ] + * Add build-dep on python-ntdb. + * Add build-dep on libncurses5-dev. + * Add depends on python-ntdb to samba. + * New upstream release. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 09 Dec 2013 23:24:27 +0100 + +samba (2:4.0.13+dfsg-2) UNRELEASED; urgency=low + + [ Steve Langasek ] + * Check for alternative's presence before calling update-alternatives + --remove-all, instead of silently ignoring all errors from + update-alternatives. + + [ Debconf translations ] + * Spanish (Javier Fernández-Sanguino). Closes: #731800 + + -- Steve Langasek <vorlon@debian.org> Mon, 09 Dec 2013 11:13:59 -0800 + +samba (2:4.0.13+dfsg-1) unstable; urgency=high + + [ Steve Langasek ] + * Move update-alternatives upgrade removal handling to the postinst, where + it belongs. Closes: #730090. + * Really remove all references to encrypted passwords: the + samba-common.config script still included references, which could cause + upgrade failures in some cases. Closes: #729167. + + [ Ivo De Decker ] + * New upstream security release. Fixes: + - CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked + - CVE-2012-6150: pam_winbind login without require_membership_of + restrictions + * Add empty prerm scripts for samba and samba-common-bin.prerm, to allow + upgrades from earlier versions with broken prerm script (bug introduced in + 2:4.0.10+dfsg-3) + * Don't fail in postinst when removing old alternatives fails. + + [ Jelmer Vernooij ] + * Fix invocations of 'update-alternatives --remove-all'. Closes: #731192 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 09 Dec 2013 18:34:07 +0100 + +samba (2:4.0.12+dfsg-1) unstable; urgency=low + + [ Ivo De Decker ] + * New upstream release. + + [ Debconf translations ] + * Thai (Theppitak Karoonboonyanan). Closes: #728525 + * Norwegian BokmÃ¥l (Bjørn Steensrud). Closes: #729070 + * German (Holger Wansing). Closes: #729210 + + [ Jelmer Vernooij ] + * Add 26_heimdal_compat: Fix compatibility with newer versions of + Heimdal. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 24 Nov 2013 07:48:20 +0100 + +samba (2:4.0.11+dfsg-1) unstable; urgency=high + + * New upstream security release. Fixes: + - CVE-2013-4475: ACLs are not checked on opening an alternate data stream + on a file or directory + - CVE-2013-4476: Private key in key.pem world readable + * Move world-readable private key file on upgrade to allow + auto-regeneration. + * Add check in samba-ad-dc init script for wrong permission on private key + file that would prevent samba to start. + * Update samba-libs.lintian-overrides for moved libtorture0. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 11 Nov 2013 15:42:40 +0100 + +samba (2:4.0.10+dfsg-4) unstable; urgency=low + + [ Christian Perrier ] + * Mark one debconf string as non-translatable + + [ Debconf translations ] + * French updated (Christian Perrier). + * Swedish (Martin Bagge / brother). Closes: #727186 + * Hebrew (Omer Zak). + * Japanese (Kenshi Muto). Closes: #727218 + * Indonesian (Al Qalit). Closes: #727543 + * Russian (Yuri Kozlov). Closes: #727612 + * Esperanto (Felipe Castro). Closes: #727619 + * Polish (MichaÅ‚ KuÅ‚ach). Closes: #727646 + * Danish (Joe Hansen). Closes: #727764 + * Czech (Miroslav Kure). Closes: #728100 + * Basque (Iñaki Larrañaga Murgoitio). Closes: #728315 + + [ Jelmer Vernooij ] + * Move libtorture0 to samba-testsuite to reduce size of samba-libs and + prevent dependency on libsubunit0. + + [ Ivo De Decker ] + * Handle move of tdb files to private dir in samba-libs.preinst. + Closes: #726472 + * Also do the tdb move in libpam-smbpass.preinst, to avoid breaking the pam + module if the upgrade fails. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 02 Nov 2013 11:27:25 +0100 + +samba (2:4.0.10+dfsg-3) unstable; urgency=low + + [ Ivo De Decker ] + * Remove Sesse from uploaders. Thanks for your work on samba4. + * Include /etc/pam.d/samba in samba-common. It got lost somewhere in the + samba4 merge. Closes: #726183 + * Remove unused alternatives links on upgrade in samba-common-bin.prerm. + * Add support for 'status' in samba-ad-dc init script. + * Fix umask in make_shlibs to avoid lintian error + control-file-has-bad-permissions. + * Enable verbose build log. + * Run xsltproc under faketime to get the same date for manpages on different + architectures in Multi-Arch: same packages. Closes: #726314 + * Restore build-dep on libcups2-dev, which got lost in the samba4 merge. + This should restore the cups printing functionality. Closes: #726726 + * Add wrapper for cups-config to filter out + -L/usr/lib/${DEB_HOST_MULTIARCH}, to work around build-failure. + * Also add other build-deps which were present in samba 2:3.6.19-1. + * if the same tdb file is present in /var/lib/samba and + /var/lib/samba/private, abort the upgrade to work around #726472 for now. + * Document swat removal. Closes: #726751 + + [ Steve Langasek ] + * Don't fail on errors from testparm in the samba init script. + Closes: #726326 + * debian/patches/bug_221618_precise-64bit-prototype.patch: adjust the LFS + handling to work independently of header include order. Closes: #727065. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 22 Oct 2013 08:10:31 +0200 + +samba (2:4.0.10+dfsg-2) unstable; urgency=low + + * First upload the unified samba 4.x package to unstable. + Thanks to everyone who worked on these packages all these years. + * Remove Noël from uploaders. Thanks for your work on the samba packages + * Add myself to uploaders. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 12 Oct 2013 11:05:55 +0200 + +samba (2:4.0.10+dfsg-1) experimental; urgency=low + + * Team upload. + + [ Ivo De Decker ] + * Update vcs urls to point to samba instead of samba4. + * New upstream release. + * Limit build-dep on libaio-dev to linux architectures. + * Merge init script changes from 3.6 packages. + + [ Steve Langasek ] + * Don't put useless symlinks to nss modules in the libnss-winbind package. + * Add lintian overrides for another set of wrong lintian errors for the + NSS modules. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Thu, 10 Oct 2013 21:56:08 +0200 + +samba (2:4.0.9+dfsg-1) experimental; urgency=low + + * Team upload. + + [ Steve Langasek ] + * The samba-ad-dc upstart job should be installed unconditionally, not just + in Ubuntu. + * Don't exclude our private libraries from the shlibs generation. + * Port debian/autodeps.py to python3 and build-depend on python3 so we can + invoke it correctly from debian/rules. + + [ Jelmer Vernooij ] + * Bump standards version to 3.9.4 (no changes). + * Suggest libwireshark-dev for libparse-pidl-perl, as it is necessary + to build wireshark dissectors generated by pidl. + * samba-ad-dc: Drop suggests for removed packages swat2 and samba-gtk. + * samba: Remove inetd servers from suggests; inetd support was dropped + in 3.6.16-1. + * Fix database errors during upgrade. Closes: #700768 + * Integrate libraries in samba-libs + + [ Ivo De Decker ] + * New upstream release. + * Merge contents of samba-ad-dc into samba. + * Remove systemd support for now, as it is broken. Closes: #719477 + * Add lintian override for samba-libs: package-name-doesnt-match-sonames. + * Add missing depends for dev packages. + * Generate correct shlibs for both public and private libs. + + [ Jeroen Dekkers ] + * Drop 10_messaging_subsystem patch. + * Add patch to not install smbclient4 and nmblookup4 and remove + samba4-clients binary package. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 22 Sep 2013 17:19:44 +0200 + +samba (2:4.0.8+dfsg-1) experimental; urgency=low + + [ Christian Perrier ] + * Remove all mention of "Samba 4" and "experimental version of Samba" + in packages' description. Samba version 4 is now production-ready. + + [ Andrew Bartlett ] + * Update build-dependencies on Samba libraries using autodeps.py + * New upstream security release. Closes: #718781 + Fixes CVE-2013-4124: Denial of service - CPU loop and memory allocation + + [ Ivo De Decker ] + * New upstream release + * refresh patches for new upstream version + * remove patches integrated upstream + * Update build-dependencies for new upstream version + * Add replaces for python-samba for packages that take over files from it. + Closes: #719212 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 11 Aug 2013 23:45:16 +0200 + +samba (2:4.0.6+dfsg-1) experimental; urgency=low + + * Team upload. + + [ Andrew Bartlett ] + * Converted to full AD DC package on the basis of the 3.6 package + - Samba now can be an Active Directory Domain controller + - The samba4-* packages are replaced by this package. + - This package now uses the s3fs file server by default, not the ntvfs + file server used in the samba4 packages. + * Provides a new library based package + - Upstream's new build system uses libraries extensively, so new + packages reflect that. + - This provides the libraries that Openchange and other projects depend on + * Move binary files out of /var/lib/samba to /var/lib/samba/private, + where they belong according to upstream Samba: + - schannel_store.tdb + - idmap2.tdb + - passdb.tdb + - secrets.tdb + * Remove most of the samba4 references, except for binaries ending in 4 + * Removed debconf support for encrypted passwords + * Samba 3.x users upgrading can either upgrade to an AD DC or continue + using Samba without major changes. + + [ Christian Perrier ] + * Move libnss_winbind.so.2 and libnss_wins.so.2 to /lib as in 3.6.* + * Use the same set of configure arguments than 3.6.15 (except those + eventually specific to version 4 and above) + * Add libctdb-dev to build dependencies as we're building with cluster + support just like 3.6 packages + * Re-introduce mksmbpasswd for compatibility with 3.* packages + + [ Ivo De Decker ] + * Specify all paths using configure options, so that we can finally get rid + of the fhs patch. Closes: #705449 + + [ Steve Langasek ] + * Make samba-common Conflicts: swat, which is now obsolete and no longer + built from samba 4.0; the old versions of swat in the archive are + incompatible with smb.conf from samba 4.0, so force them off the system + to avoid configuration corruption. + + -- Ivo De Decker <ivo.dedecker@ugent.be> Thu, 20 Jun 2013 21:51:49 +0200 + +samba4 (4.0.3+dfsg1-0.1) experimental; urgency=low + + [ Andrew Bartlett ] + * Non-maintainer upload. + * New upstream relese: 4.0.3 + + Fixes CVE-2013-0172 Samba 4.0.0 as an AD DC may provide authenticated users + with write access to LDAP directory objects + + Fixes many other ACL related issues in the AD DC + + Drop 08_waf_python_config as it is now upstream. + * Fix the forced use of NTVFS by setting the required options in the smb.conf + at configure time. + * Add depenencies to ensure python-samba requires exactly this binary version + of our core libraries. Closes: #700348 + + -- Andrew Bartlett <abartlet@samba.org> Sat, 16 Feb 2013 17:06:34 +0100 + +samba4 (4.0.0+dfsg1-1) experimental; urgency=low + + [ Martin Pitt ] + * debian/tests/control: Fix dependency: python-samba4 does not exist, it's + python-samba. Closes: #695854 + + [ Jelmer Vernooij ] + * New upstream release: 4.0.0! + + Add 08_waf_python_config to cope with python-config no longer + being a script. + * Add 25_heimdal_api_changes, to update Samba to work with the + current Heimdal in Sid. Patch from + Samuel Cabrero Alamán <scabrero@zentyal.com>. Closes: #686227 + * Add 11_force_ntvfs: Force the use of NTVFS, until the version of smbd in + the archive is new enough. Closes: #694697 + * Drop dependency on libsmbclient; instead, build private copy. + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 13 Dec 2012 16:27:20 +0100 + +samba4 (4.0.0~rc6+dfsg1-1) experimental; urgency=low + + * New upstream release. + + Drop 08_heimdal_config_h and 11_system_heimdal, now applied upstream. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 04 Dec 2012 14:39:40 +0100 + +samba4 (4.0.0~rc5+dfsg1-1) experimental; urgency=low + + * New upstream release. + * Add autopkgtest header. Closes: #692671 + * Use Multi-Arch for winbind4. + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 08 Nov 2012 15:13:43 +0100 + +samba4 (4.0.0~rc4+dfsg1-1) experimental; urgency=low + + * New upstream release. + + Bump minimum ldb version to 1.1.13. + * Switch to Git as VCS. + * Remove DM-Upload-Allowed field. + * Depend on heimdal-multidev rather than heimdal-dev. + + Add 11_system_heimdal to support building with system heimdal. + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 28 Oct 2012 16:21:43 +0100 + +samba4 (4.0.0~rc3+dfsg1-1) experimental; urgency=low + + * New upstream release. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 16 Oct 2012 14:53:19 +0200 + +samba4 (4.0.0~rc2+dfsg1-2) experimental; urgency=low + + * Depend on at least ldb 1.1.12. Closes: #689594 + * Suggest ntp daemon for ntpsignd integration. + * Support specifying 'none' as server role to disable provision. + Closes: #690138 + * Prompt user for administrator password. Closes: #690139 + * Bump debconf level of server role to 'high'. + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 04 Oct 2012 13:22:40 +0200 + +samba4 (4.0.0~rc2+dfsg1-1) experimental; urgency=low + + * New upstream release. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 25 Sep 2012 03:34:08 +0200 + +samba4 (4.0.0~beta2+dfsg1-3) unstable; urgency=low + + * Fix setup when no domain is set. Closes: #681048 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 05 Aug 2012 16:52:02 +0200 + +samba4 (4.0.0~beta2+dfsg1-2) unstable; urgency=low + + * Use ntvfs while debian ships an old version of Samba 3. Closes: #679678 + * Don't attempt to add shares to the configuration if it doesn't + exist. Closes: #681050 + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 10 Jul 2012 11:52:44 +0200 + +samba4 (4.0.0~beta2+dfsg1-1) unstable; urgency=low + + * New upstream release. + * Update Slovak translation. Thanks Ivan Masár. Closes: #677906 + * Add build dependency on libacl1-dev. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 18 Jun 2012 00:49:12 +0200 + +samba4 (4.0.0~beta1+dfsg1-3) unstable; urgency=high + + * Prevent adding share with invalid name when used in domain controller mode. + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 17 Jun 2012 17:00:00 +0200 + +samba4 (4.0.0~beta1+dfsg1-2) unstable; urgency=low + + * Create leading directories in addshare script. Closes: #677643 + * Use attr/attributes.h on GNU/kFreeBSD. Fixes finding of ATTR_ROOT. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 16 Jun 2012 01:42:10 +0200 + +samba4 (4.0.0~beta1+dfsg1-1) unstable; urgency=medium + + * New upstream release. + * Add 08_heimdal_config_h: Fixes compatibility with newer versions of + Heimdal. Closes: #674918 + * Use standard spelling of domain controller in debconf templates. + Closes: #670413 + * Switch to debhelper 9. + * samba4-clients: Drop conflicts with smbclient; upstream has renamed + the Samba4-specific smbclient and nmblookup binaries. + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 30 May 2012 18:42:06 +0200 + +samba4 (4.0.0~alpha20+dfsg1-1) unstable; urgency=medium + + * New upstream release. + + No longer installs libkdc-policy.so. LP: #887537 + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 01 May 2012 15:02:19 +0200 + +samba4 (4.0.0~alpha19+dfsg1-7) unstable; urgency=low + + * Only update smb.conf if it exists. Closes: #670560 + * Automatically add shares required for active directory controllers if they + don't exist. Closes: #670558 + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 26 Apr 2012 19:59:26 +0200 + +samba4 (4.0.0~alpha19+dfsg1-6) unstable; urgency=low + + * Rebuild against ldb 1.1.6. + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 20 Apr 2012 12:47:15 +0200 + +samba4 (4.0.0~alpha19+dfsg1-5) unstable; urgency=low + + * Use dbcheck when upgrading from recent versions of Samba4, as it's + both more reliable and quicker than upgradeprovision. + * Move samba-dsdb-modules from Recommends to Depends, as LDAP server + support has been dropped. Closes: #669331 + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 19 Apr 2012 17:33:33 +0200 + +samba4 (4.0.0~alpha19+dfsg1-4) unstable; urgency=low + + * Fix pattern matching line in setoption.py. Thanks Hleb Valoshka. + Closes: #669015 + * setoption.py: Preserve mode on smb.conf file. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 16 Apr 2012 17:33:07 +0200 + +samba4 (4.0.0~alpha19+dfsg1-3) unstable; urgency=low + + * Convert setoption.pl to Python to avoid dependency on perl-modules. + Closes: #668800 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 15 Apr 2012 15:50:57 +0200 + +samba4 (4.0.0~alpha19+dfsg1-2) unstable; urgency=low + + * Correctly import server role and realm from existing smb.conf file. + LP: #936891 LP: #832465 Closes: #659775 + * Force correct realm during upgradeprovision. LP: #728864 + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 13 Apr 2012 16:47:37 +0200 + +samba4 (4.0.0~alpha19+dfsg1-1) unstable; urgency=low + + * New upstream release. + + Drop patches applied upstream: 06_upgradedns, 08_smb2_deps. + + Cope with missing sysvol folders during provision upgrade. LP: #930370 + + Depend on tdb 1.2.10. + + Depend on ldb 1.1.5. + + Fixes CVE-2012-1182: PIDL based autogenerated code allows overwriting + beyond of allocated array. + * Fix replaces: samba-common field in samba4-common-bin. + * Update Catalan debconf translation. Thanks, Jordi Mallach. + Closes: #663737 + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 11 Apr 2012 16:58:39 +0200 + +samba4 (4.0.0~alpha18.dfsg1-4) unstable; urgency=low + + * Add patch 08_smb2_deps: Remove (unnecessary) dependencies on various + private Samba 3 libraries, for which proper package Depends: lines were + missing. Closes: #665295 + * Add dependency on tdb-tools. This will be removed once upstream + removes the use of tdbbackup in provision. Closes: #664658 + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 28 Mar 2012 16:20:21 +0200 + +samba4 (4.0.0~alpha18.dfsg1-3) unstable; urgency=low + + * Fix compatibility with newer versions of Heimdal. Fixes FTBFS. + Closes: #664820 + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 21 Mar 2012 14:11:29 +0100 + +samba4 (4.0.0~alpha18.dfsg1-2) unstable; urgency=low + + * Add Replaces: python-samba to libsmbclient-raw0 as some + private libraries have moved. Thanks Axel Beckert. Closes: #663641 + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 13 Mar 2012 16:39:12 +0100 + +samba4 (4.0.0~alpha18.dfsg1-1) unstable; urgency=low + + [ Jelmer Vernooij ] + * New upstream release. + + Depend on newer versions of ldb. + + Depend on tevent >= 0.9.15. + + Sanitizes NetBIOS names. LP: #938592 + + Re-adds support for 'security = domain' parsing. LP: #916556 + * Fix typo in recommendations of samba4: samba4-dsdb-modules -> + samba-dsdb-modules. + * Recommend attr package for Samba4. + * Create util.h -> samba_util.h symlink for backwards compatibility. + * Add dependency on libbsd-dev, used for strlcat and strlcpy. + * Extracts waf source code. Closes: #654500 + + [ Debconf translations ] + * Russian (Yuri Kozlov). Closes: #651583 + * Portuguese (Miguel Figueiredo). Closes: #653557 + * German (Holger Wansing). Closes: #653714 + * Norwegian BokmÃ¥l (Bjørn Steensrud). Closes: #654284 + * Spanish (Javier Fernández-Sanguino). Closes: #656403 + * Danish (Joe Hansen). Closes: #656785 + * Dutch (Jeroen Schot). Closes: #657469 + * Hebrew (Omer Zak). + * Polish (MichaÅ‚ KuÅ‚ach). Closes: #659570 + * Czech (Miroslav Kure). Closes: #659573 + * Turkish (Ä°smail BAYDAN). Closes: #659575 + * Japanese (Kenshi Muto). Closes: #659978 + * Esperanto (Felipe Castro) + + [ Jelmer Vernooij ] + * Rename upgradedns to less generic samba_upgradedns. + * Bump standards version to 3.9.3 (no changes). + * Use DEP-5 for copyright file. + * Indonesian (Mahyuddin Susanto). Closes: #660031 + * Italian (Luca Monducci). Closes: #660150 + * Use samba-tool to retrieve configuration options from debconf. + LP: #936891, Closes: #659775 + * Add really basic autopkgtest test. + * Fix bundled libraries for samba.samba3 python module. LP: #889869 + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 12 Mar 2012 19:01:00 +0100 + +samba4 (4.0.0~alpha17.dfsg2-1) unstable; urgency=low + + * Remove more non-free IETF files. Closes: #547280 + * Rebuild for newer version of ldb. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 03 Dec 2011 01:41:49 +0100 + +samba4 (4.0.0~alpha17.dfsg1-3) unstable; urgency=low + + * Install libmemcache.so, libutil_str.so and various other private libraries + required by the samba3 module in python-samba. LP: #889864, LP: #889869 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 13 Nov 2011 17:03:29 +0100 + +samba4 (4.0.0~alpha17.dfsg1-2) unstable; urgency=low + + * Include upstart file to eliminate delta with Ubuntu. + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 11 Nov 2011 16:13:58 +0100 + +samba4 (4.0.0~alpha17.dfsg1-1) unstable; urgency=low + + * Strip non-free IETF RFC files. Closes: #547280 + * Rebuild against newer ldb. Closes: #648326 + * Updated Swedish debconf translation. Thanks Martin Bagge. + Closes: #644942 + * Updated French debconf translation. Thanks Christian Perrier. + Closes: #644465 + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 11 Nov 2011 03:16:37 +0100 + +samba4 (4.0.0~alpha17-3) unstable; urgency=low + + * Upload to unstable. Closes: #642905 + * Use default python version rather than 2.7. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 27 Sep 2011 00:11:31 +0200 + +samba4 (4.0.0~alpha17-2) experimental; urgency=low + + * In -dev package dependencies, depend on a specific version of other + Samba dev packages. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 24 Sep 2011 23:10:30 +0200 + +samba4 (4.0.0~alpha17-1) experimental; urgency=low + + * New upstream release. + * Add libsmbclient-{raw0,dev} packages, required for winexe. + * Add libsamba-credentials0 and libsamba-credentials-dev packages for + new public library for credentials management. + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 18 Sep 2011 15:14:42 +0200 + +samba4 (4.0.0~alpha17~git20110807.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + * Depend on newer version of ldb. Closes: #636961 + * Update Indonesian Debconf translation. Thanks Mahyuddin Susanto. + Closes: #608552 + * Preserve server role set in smb.conf. LP: #815586 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 07 Aug 2011 23:37:37 +0200 + +samba4 (4.0.0~alpha17~git20110801.dfsg1-1) experimental; urgency=low + + * Improve outdated package descriptions. Closes: #486370 + * New upstream release. + * Bump standards version to 3.9.2 (no changes). + * Add new libsamdb-dev package, required by openchange which relies on the + samdb.pc file. + + No header files are shipped yet, but an upstream fix is pending. + * Recommend bind9utils in samba4 package. + * Remove complex dependency loop between library packages. Closes: #598842 + + Disable currently unfinished ldb share module. + + Split dcerpc server libraries out into libdcerpc-server{0,-dev} to + cut dependency loop. + + New samba-dsdb-modules package with all DSDB related LDB modules. + * Move libwinbind-client library to libgensec0. Closes: #623327 + * Add support for multi-arch. + * Switch to new style debhelper. + * Fix symbolic link for ldb modules. Closes: #632974 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 31 Jul 2011 20:16:03 +0200 + +samba4 (4.0.0~alpha15.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 22 Apr 2011 02:57:04 +0200 + +samba4 (4.0.0~alpha15~git20110410.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + + Drop patch now applied upstream: 02_backupkey_private.diff + * Switch to dh_python2. Closes: #617059 + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 05 Mar 2011 14:44:25 +0100 + +samba4 (4.0.0~alpha15~git20110224.dfsg1-2) experimental; urgency=low + + * Depend on newer version of Heimdal which exposes more hx509 symbols. + Fixes FTBFS. + * Tighten libldb1 dependency for LDB modules. + * Depend on newer version of pyldb. Closes: #615631 + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 28 Feb 2011 03:52:35 +0100 + +samba4 (4.0.0~alpha15~git20110224.dfsg1-1) experimental; urgency=low + + * New upstream release. + + Avoids unnecessary setlocale call to "C". LP: #519025, #519025 + * Fix dependency on newer version of ldb. Closes: #614466 + * Add missing dependency on python-samba, required for testparm. LP: #641082 + * Use libwbclient. LP: #714344, Closes: #611214 + * Make sure /var/run/samba exists. LP: #646037 + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 23 Feb 2011 00:35:59 +0100 + +samba4 (4.0.0~alpha15~git20110124.dfsg1-2) experimental; urgency=low + + * Build-depend on newer version of heimdal-multidev with fixed kdc.h. + * Build-depend on versioned libkdc2-heimdal which includes kdc_log. Closes: #611112 + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 25 Jan 2011 09:22:16 -0800 + +samba4 (4.0.0~alpha15~git20110124.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + + Removes unresolved symbols from libraries. + Closes: #596690, #599075, #602855. LP: #658116, #592882, #646042 + * Add dependency on comerr-dev. + * Update Spanish Debconf translation. Thanks Ricardo Fraile. Closes: #596075 + * Update Danish debconf translation. Thanks Joe Dalton. Closes: + #598779 + * Re-remove non-free IETF RFCs, add test to prevent future regression. + Closes: #547280 + * Depend on libreadline-dev rather than libreadline5-dev. Closes: #553846 + * Upgrade provision data between releases. Closes: #600117 + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 15 Oct 2010 01:32:48 +0200 + +samba4 (4.0.0~alpha14~bzr13684.dfsg1-1) unstable; urgency=low + + * New upstream snapshot. + + Depend on libsubunit-dev. + * Support talloc 2.0.1. + * Update dependency for ldb to be >= 0.9.14. Closes: #596745 + * Support parallel builds. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 28 Sep 2010 09:46:54 +0200 + +samba4 (4.0.0~alpha13+git+bzr12785.dfsg1-1) experimental; urgency=low + + * Install provision scripts to /usr/share/samba/setup. + * Move nsstest from samba4 to winbind4. + * Support building against tdb 1.2.1. + + -- Jelmer Vernooij <jelmer@debian.org> Fri, 10 Sep 2010 17:45:20 +0200 + +samba4 (4.0.0~alpha13+git+bzr12687.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + * Mark as compatible with older versions of tdb (>= 1.2.2). + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 08 Sep 2010 03:30:03 +0200 + +samba4 (4.0.0~alpha13+git+bzr12670.dfsg1-1) experimental; urgency=low + + * Add missing dependency on pkg-config. + * Require subunit >= 0.0.6, older versions have a broken tap2subunit. + * Debconf translations: + - Swedish (Martin Bagge). Closes: #586819 + * New upstream snapshot. + - Fixes symbols for LDB modules. Closes: #594763, #594771, #594773. + * Require tdb 1.2.3. Closes: #595644 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 05 Sep 2010 17:34:46 +0200 + +samba4 (4.0.0~alpha13+git+bzr12292.dfsg1-1) experimental; urgency=low + + * New upstream snapshot. + + Fixes provision to be able to find the data path again. + * Depend on libreadline-dev rather than libreadline5-dev. Closes: #553846 + * Suggest swat2. + * Migrate to Bazaar. + * Bump standards version to 3.9.1 (no changes). + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 22 Aug 2010 02:38:51 +0200 + +samba4 (4.0.0~alpha13+git20100618.dfsg1-1) experimental; urgency=low + + [ Jelmer Vernooij ] + * New upstream snapshot. Closes: #578009, #577880 + + Add dependency on python-dnspython. + + Removes last Python string exception. Closes: #585327 + + Installs all display specifiers. Closes: #548911 + + [ Christian Perrier ] + * Debconf translations: + - Swedish (Martin Bagge). Closes: #552734 + - Russian (Yuri Kozlov). Closes: #563346 + - Spanish (Omar Campagne). Closes: #579099 + + -- Jelmer Vernooij <jelmer@debian.org> Sun, 28 Feb 2010 02:33:37 +0100 + +samba4 (4.0.0~alpha8+git20100227.dfsg1-1) experimental; urgency=low + + * Fix sections of libndr-standard0 and libndr0. + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 22 Feb 2010 11:19:07 +0100 + +samba4 (4.0.0~alpha8+git20100222.dfsg1-1) experimental; urgency=low + + [ Christian Perrier ] + * Change "Provides:" in init script to avoid conflicting Provides + with samba. Closes: #547209 + * Swedish debconf translation (Martin Bagge). Closes: #552734 + + [ Jelmer Vernooij ] + * Depend on specific version of libldb. Closes: #562389 + * Build against system Heimdal and remove the copy of Heimdal from the + Samba 4 source tree, since it contains non-free IETF RFC/I-D. + Closes: #547280 + * Bump standards version to 3.8.4. + * Switch to dpkg-source 3.0 (quilt) format + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 03 Feb 2010 15:17:20 +0100 + +samba4 (4.0.0~alpha8+git20090912-1) unstable; urgency=low + + * Upload to unstable. + * Fix nmblookup.1.gz filename for alternatives. + * New upstream snapshot. + + Add new binary packages libndr-standard0 and libndr-standard-dev. + * Bump standards version to 3.8.3. + * Remove unused patch system. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 12 Sep 2009 13:28:33 +0200 + +samba4 (4.0.0~alpha8+git20090718-1) experimental; urgency=low + + * New upstream snapshot. + * The server package now suggests a version of bind9 that supports + update-policy. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 18 Jul 2009 17:34:30 +0200 + +samba4 (4.0.0~alpha8~git20090620-1) experimental; urgency=low + + * Support building against Python2.6. + * Add missing dependency on tdb >= 1.1.3. (Closes: #517171) + * Add missing dependencies on tdb-dev and libtalloc-dev to + libldb-samba4-dev. (Closes: #525885) + * Use newer version of tevent. (Closes: #531480, #533457, #533455) + * New upstream snapshot. + * Bump standards version to 3.8.2. + * Reorganization to let Samba 3 and Samba 4 co-exist on the same system: + + Depend on samba-common for smb.conf, /etc/samba/gdbcommands, + /usr/share/samba/{panic-action,*.dat}. + + Rename samba4-common to samba4-common-bin. + * samba4-testsuite now recommends subunit, since it can output subunit + streams. + * Document license for Active Directory schemas. + * Fix init script to run samba rather than smbd. (Closes: #522646) + * Removed libldb-samba4-{dev,0}, now using libldb{-dev,0} since there + are no longer any differences. + + -- Jelmer Vernooij <jelmer@debian.org> Thu, 18 Jun 2009 00:19:44 +0200 + +samba4 (4.0.0~alpha7~20090225-1) experimental; urgency=low + + * Build-depend on pkg-config, as we no longer seem to pull that in + through any other dependencies. (Closes: #516882) + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 25 Feb 2009 04:04:36 +0100 + +samba4 (4.0.0~alpha7~20090223-1) experimental; urgency=low + + * Add build dependency on libpopt-dev, so the system libpopt is always used + rather than the one included by Samba. + * Use the alternatives system for the smbstatus, nmblookup, net and testparm + binaries as well as various data files. + * Make the samba4 and samba4-testsuite packages conflict with + samba-tools. (Closes: #506236) + * Build against external libtevent. + + -- Jelmer Vernooij <jelmer@debian.org> Sat, 21 Feb 2009 17:46:41 +0100 + +samba4 (4.0.0~alpha6-1) experimental; urgency=low + + * New upstream release. + + -- Jelmer Vernooij <jelmer@debian.org> Tue, 20 Jan 2009 02:59:15 +0100 + +samba4 (4.0.0~alpha5+20090105-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 05 Jan 2009 21:08:53 +0100 + +samba4 (4.0.0~alpha5+20081126-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Wed, 26 Nov 2008 03:48:41 +0100 + +samba4 (4.0.0~alpha5+20081101-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Sat, 01 Nov 2008 14:40:09 +0100 + +samba4 (4.0.0~alpha5+20081031-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Fri, 31 Oct 2008 00:10:41 +0100 + +samba4 (4.0.0~alpha5+20081014-1) experimental; urgency=low + + * Fix typo in description. (Closes: 500811) + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Thu, 09 Oct 2008 18:41:59 +0200 + +samba4 (4.0.0~alpha5+20080930-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Tue, 30 Sep 2008 16:19:22 +0200 + +samba4 (4.0.0~alpha5+20080825-1) experimental; urgency=low + + * Add watch file. + * Use policy-compliant sysconfdir and localstatedir. (Closes: #495944) + + -- Jelmer Vernooij <jelmer@samba.org> Mon, 25 Aug 2008 17:42:44 +0200 + +samba4 (4.0.0~alpha4~20080727-1) experimental; urgency=low + + [ Steve Langasek ] + * Add missing dependency on libparse-yapp-perl to libparse-pidl-perl. + + [ Jelmer Vernooij ] + * Make samba4-common conflict with samba-common. (Closes: #492088) + * New Slovak translation. (Closes: #487889) + * New Thai translation from Theppitak Karoonboonyanan. (Closes: #486614) + * New Vietnamese translation from Clytie Siddall. (Closes: #486618) + * New Bulgarian translation from Damyan Ivanov. (Closes: #486626) + * New Japanese translation from Kenshi Muto. (Closes: #486648) + * New Galician translation from Jacobo Tarrio. (Closes: #486701) + * New Turkish translation from Mehmet TURKER. (Closes: #487244) + * New Czech translation from Miroslav Kure. (Closes: #487265) + * New Arabic translation from Ossama Khayat. (Closes: #487322) + * New German translation from Holger Wansing. (Closes: #487542) + * New Italian translation from Luca Monducci. (Closes: #487720) + * New Portugese translation from the Portuguese Translation Team. + (Closes: #487753) + * New Korean translation from Sunjae Park. (Closes: #487894) + * New Lithuanian translation from Gintautas Miliauskas. (Closes: #487895) + * New Romanian translation from Eddy PetriÈ™or. (Closes: #488874) + + -- Jelmer Vernooij <jelmer@samba.org> Sun, 27 Jul 2008 15:38:41 +0200 + +samba4 (4.0.0~alpha4~20080617-1) experimental; urgency=low + + * Fixed maintainer email address. + * New upstream snapshot. + * Remove dependency on unpackaged libevents in ldb pkg-config file. + + -- Jelmer Vernooij <jelmer@samba.org> Mon, 16 Jun 2008 21:29:43 +0200 + +samba4 (4.0.0~alpha4~20080616-1) experimental; urgency=low + + * Fix dependency of libsamba-hostconfig-dev on libsamba-hostconfig0. + * Fix dependency of libldb-samba4-dev on libldb-samba4-0. + * Remove tdb binaries as they're already packaged elsewhere. + (Closes: #485619, #486270) + * New upstream snapshot. + * New French translation from Christian Perrier. (Closes: #486072) + + -- Jelmer Vernooij <jelmer@samba.org> Sat, 14 Jun 2008 20:39:13 +0200 + +samba4 (4.0.0~alpha4~20080522-1) experimental; urgency=low + + * New upstream snapshot. (Closes: #478328) + + -- Jelmer Vernooij <jelmer@samba.org> Thu, 22 May 2008 02:25:05 +0200 + +samba4 (4.0.0~alpha4~20080403-1) experimental; urgency=low + + * Rename source package to samba4. + + -- Jelmer Vernooij <jelmer@samba.org> Mon, 28 Jan 2008 17:23:58 +0100 + +samba (4.0.0~alpha3~20080120-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Sat, 19 Jan 2008 22:34:08 +0100 + +samba (4.0.0~alpha2~svn26294-1) experimental; urgency=low + + * New upstream snapshot. + * Set Vcs-Svn field. + + -- Jelmer Vernooij <jelmer@samba.org> Sat, 19 Jan 2008 22:32:28 +0100 + +samba (4.0.0~~tp5-1) experimental; urgency=low + + * New upstream release. + * Set homepage field. + + -- Jelmer Vernooij <jelmer@samba.org> Sun, 25 Nov 2007 16:28:02 +0000 + +samba (4.0.0~~svn22819-1) experimental; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Wed, 09 May 2007 15:28:50 +0200 + +samba (4.0.0~~svn19515-1) experimental; urgency=low + + * New upstream versions (svn snapshots of r19515). + + -- Jelmer Vernooij <jelmer@samba.org> Mon, 30 Oct 2006 16:45:36 +0100 + +samba (3.9.1+4.0.0tp2-1) experimental; urgency=low + + * New upstream version (tech preview 2). + + [ Jelmer Vernooij ] + * Remove setntacl utility (it doesn't do anything). + * Include oLschema2ldif.1 in the ldb-tools package. + * Enable shared library building. + * Put ldb, tdb, gtksamba, talloc and gensec libraries into seperate binary packages. + * Pass fewer options for paths to configure + * Adapt to new paths from upstream + + -- Jelmer Vernooij <jelmer@samba.org> Thu, 23 Mar 2006 01:13:32 +0100 + +samba (3.9.1+4.0.0tp1-1) experimental; urgency=low + + * New upstream version (tech preview 1). + + [ Steinar H. Gunderson ] + * Forward-port panic-action script from the Samba 3 packaging. + * Patch the smb.conf provisioning template (only used by swat in the + Debian packaging) to use the panic-action script by default. + * Patch the samba-common postinst to generate smb.conf files with the + same setting. + * Include ntlm_auth.1 and smbd.8 man pages in the samba package. + * Make the samba dependency on samba-common versioned. + * Install /usr/bin/setntacl manually; the upstream install target doesn't + seem to do it anymore. + * Ask for the realm (and give it to the upgrade script) when upgrading from + Samba 3; it can't be easily autodetected. (Note that upgrade still seems + to be broken for now.) + + [ Jelmer Vernooij ] + * Remove gwsam utility. + * Include gwcrontab.1 and gepdump.1 man pages in the samba-gtk-frontends + package. + * Remove ldbtest utility from ldb-tools package. + + -- Steinar H. Gunderson <sesse@debian.org> Tue, 24 Jan 2006 16:01:59 +0100 + +samba4 (3.9.0-SVN-build-6710-1) unstable; urgency=low + + * Newer upstream version + + -- Jelmer Vernooij <jelmer@samba.org> Thu, 12 May 2005 14:04:05 +0200 + +samba4 (3.9.0-SVN-build-655-1) unstable; urgency=low + + * Initial release. + + -- Jelmer Vernooij <jelmer@samba.org> Thu, 13 May 2004 01:38:41 +0200 + +samba (3.9.0+SVN12946-1) experimental; urgency=low + + * New upstream version. + * Fix upgrades from Samba 3 giving too few parameters to provision(). + (Closes: #348079) + * Add sections to binary packages to match the archive: + * libparse-pidl-perl: perl + * samba-dev: devel + * samba-gtk-frontends: x11 + * Adjust our export procedure we get the Subversion revision number in + include/version.h (and thus in the build itself), and document how in + README.building. + * Remove "reload" option from the init script, since Samba 4 doesn't + understand SIGHUP yet. + + -- Steinar H. Gunderson <sesse@debian.org> Sun, 15 Jan 2006 13:43:43 +0100 + +samba (3.9.0+SVN12856-1) experimental; urgency=low + + * New upstream version. + * Move testparm from samba into samba-common. + * Make samba-common Architecture: any. + * Make samba-common replace/conflict samba (<= 3.9.0+SVN12739-1). + * Make samba-clients depend on samba-common. + * Make samba-common depend on debconf. + * Replace debconf dependencies with ${misc:Depends}, to automatically + get the debconf-2.0 alternative right. + * Include the newuser binary in samba-server package. + * Add missing Build-Depends on: libgnutls-dev, libreadline5-dev, + libpam0g-dev. All were causing silent build failures (ie. the package + was simply built without the features). + * Remove Build-Depends on libldap-dev. + * Include NEWS file. + + -- Steinar H. Gunderson <sesse@debian.org> Wed, 11 Jan 2006 22:08:32 +0100 + +samba (3.9.0+SVN12739-1) experimental; urgency=low + + * Move /usr/lib/samba/setup from samba-common to samba. + * Make samba replace samba-common (<= 3.9.0+SVN12726-1) + * Add a missing db_stop in samba.postinst, probably causing problems + starting the daemon in some cases. + * Add orphan files from /usr/bin (and relevant manpages) into their + correct packages: + * ldb-tools: ldbrename, ldbtest, oLschema2ldif. + * samba: ntlm_auth. + * samba-clients: getntacl. + * samba-gtk-frontends: gwcrontab. + * winregistry-tools: winreg. + * samba3dump and tdbtorture remain orphans. + * Add new executable /usr/bin/testparm to samba package. + * Add /var/lib/samba directory to samba package; it's needed by + testparm. + * Rewrite configuration/bootstrapping to be able to install the client + only and still get a usable smb.conf. The basic idea is: + * samba-common looks for an smb.conf. If there is none, it asks for + realm and domain and generates a skeleton smb.conf. + * If samba notices an upgrade from Samba 3, it asks whether the user + wants to upgrade. If not, it leaves everything alone (and broken). + * Otherwise, samba asks whether the user wants to set up a PDC. If yes, + it adds "server role = pdc" to smb.conf and provisions the server. + * Removed unused file samba.conffiles. + * Run dh_installdebconf on architecture-independent packages as well, now + that samba-common has a config script. + * Let samba-clients conflict/replace samba-common (<< 3.9.0), as they share + /usr/bin/net. + + -- Steinar H. Gunderson <sesse@debian.org> Fri, 6 Jan 2006 14:25:50 +0100 + +samba (3.9.0+SVN12726-1) experimental; urgency=low + + * First upload to Debian main. + + * Package renaming to get more in line with Samba 3 packaging: + * Rename samba-server package to just samba, for consistency with the + Samba 3 packaging. + * Rename samba.samba.init to samba.init, now that the init script and the + server package are called the same. + * Rename samba-swat to swat, and add a dependency from swat to samba. + + * debian/rules changes: + * Change SOURCEPATH to reflect that we now have the packaging in debian/, + not packaging/debian/. This will have to be reverted whenever upstream + syncs with us. + * Removed debmake comment, it's hardly relevant any more. + * Removed comment that there aren't any architecture-independent packages + (because there are). + * Remove redundant "package=samba" variable. + * Do "make pch ; make all" instead of "make proto ; -make pch ; make all"; + some build system bug prevents us from just doing "make pch all", but + since we're more or less guaranteed a recent gcc version, the pch target + shouldn't fail, so we won't allow it to. + * Remove autogen.sh call from configure; it should be done in the + upstream tarball, not in maintainer scripts. + + * debian/control changes: + * Copied Uploaders: line from Samba 3 packaging, adding myself. + * Rename samba-client package to samba-clients. + * Make samba-clients Replaces/Conflicts smbclient. + * Build-depend on docbook-xml, not just docbook-xsl -- the documentation + needs data from both to build. + * Move the samba binary package to the top, so it's the one receiving + the README.* files, among others. + + * Maintainer script changes: + * Attempt to upgrade from Samba 3 if that's what the user tries to do. + * Copy upgrade script into /usr/lib/samba/setup. + * Check for upgrade from << 3.9.0 in config, and ask the user for upgrade + if relevant. + * Check for upgrade from << 3.9.0 in postinst, and upgrade if the user + wished to. + * Only provision in samba.postinst if we're doing a fresh install. + * Support purging properly in postrm, both for samba and samba-common + (adapted from the Samba 3 packaging). + * Don't ask about an administrator password -- just let the provisioning + scripts make up a random one. + * Updated README.Debian to show the user how to change the password. + * Make samba recommend ldb-tools. + * Install README.building along with all the other documentation. + * Don't try to ask about the "done" question, which we nuked in a previous + release. + + * Updated debian/copyright. + * Added Samba copyright holders. + * Noted that talloc, ldb and tdb are under the LGPL. + * Added copyright holders and licensing for the packaging itself. + + * Remove a few unused files in the packaging. + * Change debhelper compatibility level to 5. + * Update versioned depends accordingly. + * Don't give --pidfile to start-stop-daemon when stopping -- current + versions of Samba 4 won't die when the parent is killed. + * Updated README.debian somewhat, and renamed to use a capital D. + * Rewritten README.building, to reflect the magic that has to be done + with the package in another repository. + * Update po/POTFILES.in to reflect name change (from samba4-server -> + samba-server -> samba). + + -- Steinar H. Gunderson <sesse@debian.org> Thu, 5 Jan 2006 21:27:13 +0100 + +samba (3.9.0+SVN12395-1) unstable; urgency=low + + * New snapshot, drop 4 suffix + + -- Jelmer Vernooij <jelmer@samba.org> Tue, 20 Dec 2005 13:38:26 +0100 + +samba4 (3.9.0+SVN12312-1) unstable; urgency=low + + * New upstream snapshot. + + -- Jelmer Vernooij <jelmer@samba.org> Mon, 27 Jun 2005 11:25:57 +0200 + +samba (2:3.6.19-1) unstable; urgency=low + + * Team upload. + * New upstream release + + -- Ivo De Decker <ivo.dedecker@ugent.be> Wed, 25 Sep 2013 20:01:48 +0200 + +samba (2:3.6.18-1) unstable; urgency=low + + * Team upload. + + [ Steve Langasek ] + * Split the samba init script into nmbd and smbd init scripts, for better + alignment with how init systems other than sysvinit work. This also + drops the override of the arguments to update-rc.d in debian/rules, + no longer needed in the post-insserv world. + * Add upstart jobs from Ubuntu for smbd, nmbd, and winbind. + + [ Ivo De Decker ] + * New upstream release + + -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 20 Aug 2013 22:06:45 +0200 + +samba (2:3.6.17-1) unstable; urgency=high + + * Team upload. + * New upstream security release. Closes: #718781 + Fixes CVE-2013-4124: Denial of service - CPU loop and memory allocation + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 05 Aug 2013 13:46:23 +0200 + +samba (2:3.6.16-2) unstable; urgency=high + + * Team upload. + * Make build-dep on libtevent-dev explicit. + * Fix waf-as-source.patch to make sure unpacking works in recent build + environment. Closes: #716932 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 16 Jul 2013 22:01:04 +0200 + +samba (2:3.6.16-1) unstable; urgency=low + + * Team upload. + + [ Steve Langasek ] + * Drop support for running smbd from inetd; this is not well-supported + upstream, and can't correctly handle all of the long-running services + that are needed as part of modern samba. Closes: #707622. + + [ Ivo De Decker ] + * New upstream release + + -- Ivo De Decker <ivo.dedecker@ugent.be> Wed, 19 Jun 2013 21:05:07 +0200 + +samba (2:3.6.15-1) unstable; urgency=high + + * Team upload. + * New upstream bugfix release. Closes: #707042 + * Update VCS URL's for new git repo. + * The recommends for the separate libnss-winbind and libpam-winbind + packages needed for the upgrade of winbind from squeeze to wheezy are no + longer needed. Lowering them to suggests. + Closes: #706434, #674853 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Thu, 09 May 2013 11:55:03 +0200 + +samba (2:3.6.14-1) unstable; urgency=low + + * Team upload. + * New upstream release + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sat, 04 May 2013 22:02:15 +0200 + +samba (2:3.6.13-2) experimental; urgency=low + + * Team upload. + * Move binary files out of /etc/samba to /var/lib/samba, + where they belong according to the FHS: + - schannel_store.tdb + - idmap2.tdb + - MACHINE.sid + Closes: #454770 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 21 Apr 2013 12:54:03 +0200 + +samba (2:3.6.13-1) experimental; urgency=low + + * Team upload. + * New upstream release + * samba: Suggests winbind. Closes: #689857 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Mon, 18 Mar 2013 21:29:58 +0100 + +samba (2:3.6.12-1) experimental; urgency=low + + * Team upload. + * Security update, fixing the following issues: + - CVE-2013-0213: Clickjacking issue in SWAT + - CVE-2013-0214: Potential XSRF in SWAT + * New upstream release + * Install pkgconfig file in libsmbclient-dev. Closes: #700643 + + -- Ivo De Decker <ivo.dedecker@ugent.be> Sun, 17 Feb 2013 22:25:34 +0100 + +samba (2:3.6.10-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Sat, 15 Dec 2012 08:03:03 +0100 + +samba (2:3.6.9-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Thu, 01 Nov 2012 08:17:29 +0100 + +samba (2:3.6.8-1) experimental; urgency=low + + * New upstream release. + + -- Christian Perrier <bubulle@debian.org> Tue, 18 Sep 2012 07:13:41 +0200 + +samba (2:3.6.7-1) experimental; urgency=low + + * New upstream release. + + -- Christian Perrier <bubulle@debian.org> Sat, 11 Aug 2012 21:37:38 +0200 + +samba (2:3.6.6-3) unstable; urgency=low + + [ Ansgar Burchardt ] + * debian/rules: Use xz compression for binary packages. + Closes: #683899 + + -- Christian Perrier <bubulle@debian.org> Sun, 05 Aug 2012 12:19:12 +0200 + +samba (2:3.6.6-2) unstable; urgency=low + + * Restore the DHCP hook. + + -- Steve Langasek <vorlon@debian.org> Wed, 27 Jun 2012 09:31:15 -0700 + +samba (2:3.6.6-1) unstable; urgency=low + + [ Ivo De Decker ] + * Only enable swat in inetd.conf on first install. Closes: #658245 + * Minor lintian fixes. + * Remove DHCP hook. Closes: #652942, #629406, #649100 + * Don't reload smbd when running from inetd. Closes: #678741 + * Don't start smbd when guest account doesn't exist. Closes: #653382 + * Only export public symbols in libsmbclient and libwbclient. + + [ Christian Perrier ] + * New upstream version + + -- Christian Perrier <bubulle@debian.org> Wed, 27 Jun 2012 06:03:17 +0200 + +samba (2:3.6.5-7) unstable; urgency=low + + * Allow installing smbclient package together with newer versions of + samba4-clients, which no longer ship the smbclient and nmblookup + binaries. + + -- Jelmer Vernooij <jelmer@debian.org> Mon, 11 Jun 2012 13:19:24 +0200 + +samba (2:3.6.5-6) unstable; urgency=high + + [ Ivo De Decker ] + * Update symbols file for linux-only symbols in libsmbclient. This should + fix the FTBFS on kfreebsd and hurd. Closes: #676170 + * Enable ctdb for non-linux archs. + * Remove old if-up script during upgrade. + + -- Christian Perrier <bubulle@debian.org> Wed, 06 Jun 2012 19:10:02 +0200 + +samba (2:3.6.5-5) unstable; urgency=low + + [ Christian Perrier ] + * Make libpam-winbind depend on libnss-winbind. + + [ Ivo De Decker ] + * Update symbols file for libsmbclient and libwbclient0 + * Add lintian overrides for examples in samba-doc + * libpam-winbind: change Depends on libnss-winbind to Recommends + * libnss-winbind: Suggests libpam-winbind + * Update package description for winbind, libpam-winbind and libnss-winbind + to better reflect their content + * Backport vfs_shadow_copy2 from master, to allow shadow copy to work + without wide links + + [ Luk Claes ] + * Ship wbclient.pc file in multiarch safe directory (Closes: #674215). + + [ Sam Morris ] + * Add libutil_drop_AI_ADDRCONFIG.patch that allows running nmbd when + no network interfaces have been assigned an address, therefore + removing the need for an if-up script. Closes: #640668,#640508 + + -- Christian Perrier <bubulle@debian.org> Sun, 03 Jun 2012 20:00:56 +0200 + +samba (2:3.6.5-3) unstable; urgency=low + + [ Luk Claes ] + * Ship wbclient.pc so cifs-utils can be built again (Closes: #672733). + * Activate parallel building. Might need DEB_BUILD_OPTIONS as usual. + + [ Christian Perrier ] + * Add Breaks and Replaces on libpam-winbind for newly created + libnss-winbind. Thanks to Colin Watson for pointing this and shame + on me for not properly checking the transition. Closes: #673122 + + -- Christian Perrier <bubulle@debian.org> Thu, 17 May 2012 10:34:38 +0200 + +samba (2:3.6.5-2) unstable; urgency=low + + * The yearly "SambaXP bug cleaning party" release. 11 years + SambaXP, 20 years Samba and counting... + * Make samba-common "Multi-Arch: foreign" + * Adapt patch in upstream #7499 and stop nss_wins clobbering other + daemon's logfiles. Closes: #598313 + * Add some mention about some use for the user information in Kerberos + environments in the smbspool manpage. Closes: #387266 + * Drop link to no longer provided "Using Samba" documentation in + HTML documentation summary file. Closes: #604768 + * Provide WHATSNEW.txt in samba-doc too as it is linked from the + documentation summary file. Do not compress that file. + * Fix link to WHATSNEW.txt in HTML documentation summary file. This + is the second part of the fix for #604768 + * Use lp_state_dir() instead of get_dyn_STATEDIR() in + fhs-filespaths.patch as the latter does indeed hardcode the + location for passdb.tdb and secrets.tdb to /var/lib/samba + (the compile-time option for state directory and NOT the configurable + value). This is left to "state directory" instead of "private dir" + at least as of now, because if doesn't change anything to the + current behaviour, but allows the files' location to be configurable + through "state directory" (and not "private dir"). + Closes: #249873 + * Disable useless smbtorture4 build. Thanks to Ivo De Decker for the patch. + Closes: #670561 + * Add upstream commit that adds waf source to the buildtools/ + directory. As upstream will, one day or another, merge this, I + prefer this over removing the waf binary and repack upstream + tarball. + Closes: #654499 + * Build-Conflict with python-ldb and python-ldb-dev to avoid build + failures when some versions of these packages are locally installed. + Closes: #657314 + * Rename fix-samba.ldip-syntax.patch to fix-samba.ldif-syntax.patch + * Split NSS modules into a new libnss-winbind binary package. + Closes: #646292 + * Add a NEWS.Debian entry about the libnss-winbind split and, while at + it, add an entry for libpam-winbind too (as it will affect upgrades + from squeeze). + * Drop code that was moving files around in samba.postinst and + winbind.postinst for pre-squeeze versions of the package. + * Drop code that was modifying a deprecated "passdb backend" setting + in smb.conf for pre-squeeze versions of the package (in + samba-common.config). + * Add Should-Start dependency to winbind init script to guarantee + that the samba init script is started before winbind if present. + Closes: #638066 + * Provide a (basic) manpage to smbtorture(1). Closes: #528735 + * Turkish debconf translation update (Atila KOÇ). Closes: #672447 + * Drop the code that generates an smbpasswd file from the system's + user list. This adds very long delays on systems with many users, + including those with external user backends. It also makes much + less sense nowadays and the use of libpam-smbpass can easily + fill most of the needs. Closes: #671926 + * Merged from Ubuntu: + - Set 'usershare allow guests', so that usershare admins are + allowed to create public shares in addition to authenticated + ones. + - add map to guest = Bad user, maps bad username to guest access. + This allows for anonymous user shares. Closes: #672497 + + -- Christian Perrier <bubulle@debian.org> Sat, 12 May 2012 14:30:58 +0200 + +samba (2:3.6.5-1) unstable; urgency=low + + * New upstream release. Fixes CVE-2012-2111: Incorrect permission + checks when granting/removing privileges can compromise file + server security. + * Build-Depend on debhelper >= 9~ (which is in unstable for a few + months now) + * Use "set -e" in maintainer scripts instead of passing -e in the + shebang line + * Update Standards to 3.9.3 (checked, no change) + + -- Christian Perrier <bubulle@debian.org> Tue, 01 May 2012 08:07:39 +0200 + +samba (2:3.6.4-1) unstable; urgency=low + + [ Christian Perrier ] + * Two changes in the previous version should indeed read: + - samba.postinst: Avoid scary pdbedit warnings on first import. + - samba-common.postinst: Add more informative error message for the case + where smb.conf was manually deleted. + Closes: #664509 + + [ Jelmer Vernooij ] + * New upstream release. + + Fixes CVE-2012-1182: PIDL based autogenerated code allows overwriting + beyond of allocated array. + + -- Jelmer Vernooij <jelmer@debian.org> Wed, 11 Apr 2012 23:25:41 +0200 + +samba (2:3.6.3-2) unstable; urgency=low + + [ Christian Perrier ] + * Fix example samba.ldif syntax. Closes: #659963 + * Set minimal version of tdb ot 1.2.6 in Build-Depends + (thanks, backports!) + * Lower priority of debconf question to medium after some pondering. + After all, we have a sane default. Closes: #662801 + * Merge some Ubuntu patches: + - samba.config: Avoid scary pdbedit warnings on first import. + - samba.postinst: Add more informative error message for the case + where smb.conf was manually deleted. + + [ Maarten Bezemer ] + * Removed references to the testprns command from documentation + * Added notes that the smbsh command is not available in this package + Closes: #662243 + + [ Debconf translations ] + * Indonesian (Arief S Fitrianto). Closes: #660312 + * Slovak (Ivan Masár). Closes: #661125 + + [ Steve Langasek ] + * Use Debian copyright-format 1.0 in debian/copyright. + + -- Christian Perrier <bubulle@debian.org> Mon, 12 Mar 2012 20:49:24 +0100 + +samba (2:3.6.3-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release + * Fixes CVE-2012-0817: + The Samba File Serving daemon (smbd) in Samba versions + 3.6.0 to 3.6.2 is affected by a memory leak that can + cause a server denial of service. + + [ Debconf translations ] + * Polish (MichaÅ‚ KuÅ‚ach). Closes: #657770 + + -- Christian Perrier <bubulle@debian.org> Tue, 31 Jan 2012 22:09:39 +0100 + +samba (2:3.6.2-1) unstable; urgency=low + + * New upstream release + * Drop bug_601406_fix-perl-path-in-example.patch (applied upstream) + + -- Christian Perrier <bubulle@debian.org> Fri, 27 Jan 2012 21:38:52 +0100 + +samba (2:3.6.1-3) unstable; urgency=low + + [ Sam Hartman ] + * Increase libkrb5-dev dependency to avoid depending on + krb5_locate_kdc, Closes: #650541 + + [ Steve Langasek ] + * Fix the libpam-winbind description to more accurately identify the + protocols being used by nss_wins. Closes: #650091. + + -- Christian Perrier <bubulle@debian.org> Thu, 01 Dec 2011 21:56:52 +0100 + +samba (2:3.6.1-2) unstable; urgency=low + + * Merge changes from 3.5.11~dfsg-4 and unreleased -5 in unstable branch + * debian/patches/initialize_password_db-null-deref: Avoid null + dereference in initialize_password_db(). Closes LP: #829221. + * Mark samba-common Multi-Arch: foreign. + + -- Christian Perrier <bubulle@debian.org> Sun, 27 Nov 2011 19:06:39 +0100 + +samba (2:3.6.1-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 10:56:17 +0200 + +samba (2:3.6.0-1) experimental; urgency=low + + * New upstream release + * Resync with packaging changes in 3.5 branch between 3.5.8~dfsg1 + and 3.5.11~dfsg-1 + * Drop wbc_async.h from libwbclient-dev as, according to upstream's + commit c0a7c9f99188ebb3cd27094b9364449bcc2f80d8, " its only user is + smbtorture3" + + -- Christian Perrier <bubulle@debian.org> Thu, 11 Aug 2011 09:14:53 +0200 + +samba (2:3.6.0~rc3-1) experimental; urgency=low + + * New upstream version + + -- Christian Perrier <bubulle@debian.org> Fri, 29 Jul 2011 23:11:10 +0200 + +samba (2:3.6.0~rc2-1) experimental; urgency=low + + * New upstream version + + -- Christian Perrier <bubulle@debian.org> Tue, 07 Jun 2011 23:09:41 +0200 + +samba (2:3.6.0~rc1-2) experimental; urgency=low + + * Use --with-nmbdsocketdir=/var/run/samba to have nmbd socket file + in an existing directory. Closes: #628121 + + -- Christian Perrier <bubulle@debian.org> Fri, 27 May 2011 15:35:44 +0200 + +samba (2:3.6.0~rc1-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Thu, 19 May 2011 22:26:08 +0200 + +samba (2:3.6.0~pre3-1) experimental; urgency=low + + [ Christian Perrier ] + * New upstream release + * add "#include "fcntl.h"" to idmap_tdb2.c to get it compiled + * samba-doc-pdf: add Samba3-HOWTO.pdf from pre1 as it + was forgotten upstream + * libwbclient0.symbols: dropped several symbols related to + asynchronous actions that weren't working anyway (according + to Kai Blin at SambaXP) + + [ Mathieu Parent ] + * Build against libctdb-dev (>= 1.10+git20110412) to have required control: + CTDB_CONTROL_SCHEDULE_FOR_DELETION. + + -- Christian Perrier <bubulle@debian.org> Mon, 09 May 2011 11:29:52 +0200 + +samba (2:3.5.11~dfsg-4) unstable; urgency=low + + * Lintian override for libpam-winbind; it's not a shared library so doesn't + really need the pre-depends on multiarch-support. + * export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow, taken from Ubuntu. + + -- Steve Langasek <vorlon@debian.org> Fri, 21 Oct 2011 16:01:29 -0700 + +samba (2:3.5.11~dfsg-3) unstable; urgency=low + + * Split winbind into separate packages, winbind and libpam-winbind, + with the latter marked Multi-Arch: same and the former marked + Multi-Arch: foreign, so that we can install multiple copies of the + pam module and nss modules on the same system. + + -- Steve Langasek <vorlon@debian.org> Fri, 21 Oct 2011 20:00:13 +0000 + +samba (2:3.5.11~dfsg-2) unstable; urgency=low + + * Don't export DEB_HOST_ARCH_OS in debian/rules, this is only used locally. + * Use dh_links instead of manually creating directories and symlinks from + debian/rules. + * Switch from dh_movefiles to dh_install and adjust for debhelper compat + level 7, in preparation for moving to dh(1). + * Where possible, use dh_installman and dh_install's support for target + directories instead of moving files around in debian/rules. + * We don't need to mess with perms on usr/include/libsmbclient.h anymore + in debian/rules, the upstream install target gets it right + * Use debian/clean instead of removing left-behind files by hand in the + clean target + * Convert debian/rules to dh(1). + * Don't run debconf-updatepo on clean; not worth the divergence in + debian/rules anymore :) + * Don't install debian/README.build in the package; this is really only + relevant in the source. + * Bump to debhelper compat level 9 and build libraries for multiarch. + * Drop Makefile.internal from libsmbclient-dev examples so that we can mark + libsmbclient-dev Multi-Arch: same. + * Bump build-depends on debhelper to 8.9.4, so we ensure we have + dpkg-buildflags by default and get full build hardening enabled out of + the box - critical for a server like samba. + * Use DH_ALWAYS_EXCLUDE instead of passing override options to + dh_installexamples. + * Pass --sourcedirectory=source3 to dh instead of having to pass it to each + dh_auto_* command. + * Ironically, this means that we have to manually disable dh_auto_test, + which now finds the makefile targets but doesn't work unless we build an + extra wrapper library into our binaries that we don't want. + * Drop a few configure options from debian/rules that shadow the built-in + defaults. + * debian/libsmbclient.lintian-overrides: yes, we know the package name + doesn't match the soname - and it never should until there's an ABI + change. + + -- Steve Langasek <vorlon@debian.org> Fri, 07 Oct 2011 21:36:43 -0700 + +samba (2:3.5.11~dfsg-1) unstable; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Fri, 05 Aug 2011 20:12:01 +0200 + +samba (2:3.5.10~dfsg-1) unstable; urgency=low + + * New upstream release + * Security update, fixing the following issues: + - CVE-2011-2694: possible XSS attack in SWAT + - CVE-2011-2522: Cross-Site Request Forgery vulnerability in SWAT + + -- Christian Perrier <bubulle@debian.org> Thu, 28 Jul 2011 12:19:01 +0200 + +samba (2:3.5.9~dfsg-1) unstable; urgency=low + + * New upstream release + * Add "--quiet" to start-stop-daemon call in reload target in init + script. Closes: #572483 + * Add examples/LDAP in examples for the samba package. With this, + samba.schema will be provided in some way in the package. + This very partially addresses #190162 + * patches/bug_221618_precise-64bit-prototype.patch: precise + 64bits prototype in libsmbclient-dev. Closes: #221618 + * patches/no-unnecessary-cups.patch: dropped after upstream + changes to printing code + * Update Standards to 3.9.2 (checked, no change) + * Add build-arch and build-indep targets in debian/rules + + -- Christian Perrier <bubulle@debian.org> Sat, 18 Jun 2011 07:08:00 +0200 + +samba (2:3.5.8~dfsg-5) unstable; urgency=low + + * Fix "tdb2.so undefined symbol: dyn_get_STATEDIR" by fixing a typo + in fhs-filespath.patch. Closes: #629183, LP: #789097 + + -- Christian Perrier <bubulle@debian.org> Sat, 04 Jun 2011 13:48:32 +0200 + +samba (2:3.5.8~dfsg-4) unstable; urgency=low + + [ Debconf translations ] + * Spanish (Omar Campagne). Closes: #627813 + * Swedish (Martin Bagge / brother). Closes: #627849 + * Brazilian Portuguese (Adriano Rafael Gomes). Closes: #627866 + + [ Christian Perrier ] + * bug_601406_fix-perl-path-in-example.patch: fix path to perl + binary in example file. Closes: #601406 + + -- Christian Perrier <bubulle@debian.org> Fri, 27 May 2011 12:23:05 +0200 + +samba (2:3.5.8~dfsg-3) unstable; urgency=low + + [ Debconf translations ] + * Italian (Luca Monducci). Closes: #626674 + * Dutch (Vincent Zweije). Closes: #627519 + * Czech (Miroslav Kure). Closes: #627442 + + -- Christian Perrier <bubulle@debian.org> Tue, 24 May 2011 22:40:04 +0200 + +samba (2:3.5.8~dfsg-2) unstable; urgency=low + + [ Jelmer Vernooij ] + * Add libwbclient-dev package. + * Build against external libtdb. + * Bump standards version to 3.9.1 (no changes). + + [ Mathieu Parent ] + * Builddep on libctdb-dev or ctdb < 1.10 + + [ Christian Perrier ] + * Use db_settitle in debconf questions and make these + titles translatable. Closes: #560318 + * Test the presence of testparm before trying to use it in init script + Closes: #606320 + * Add cups to Should-{Start,Stop} in LSB headers of + samba init script to guarantee that CUPS is started + before samba. Closes: #619132 + * Drop libsmbclient-dev useless dependency on samba-common + Closes: #597987 + + [ Debconf translations ] + * French (Christian Perrier) + * Japanese (Kenshi Muto). Closes: #626474 + * Galician (Miguel Anxo Bouzada). Closes: #626477 + * Thai (Theppitak Karoonboonyanan). Closes: #626487 + * Russian (Yuri Kozlov). Closes: #626523 + * Danish (Joe Hansen). Closes: #626531 + * Esperanto (Felipe Castro). Closes: #626558 + * Hebrew (Eran Cohen). Closes: #626638 + * BokmÃ¥l, (Bjørn Steensrud). + * Italian (Luca Monducci). Closes: #626674 + * Finnish (Tapio Lehtonen). Closes: #626890 + * Portuguese (Miguel Figueiredo). Closes: #627224 + * German (Holger Wansing). Closes: #627354 + * Czech (Miroslav Kure). Closes: #627442 + + -- Christian Perrier <bubulle@sesostris.kheops.frmug.org> Sun, 22 May 2011 21:15:21 +0200 + +samba (2:3.5.8~dfsg-1) unstable; urgency=low + + * New upstream release. This fixes the following bugs: + - Winbind leaks gids with idmap ldap backend (upstrem #7777) + Closes: #613624 + - printing from Windows 7 fails with 0x000003e6 + Closes: #617429 + * smb.conf(5) restored from samba 3.5.6 as a workaround to upstream + #7997 + + -- Christian Perrier <bubulle@debian.org> Tue, 08 Mar 2011 22:38:32 +0100 + +samba (2:3.5.7~dfsg-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release + * Security update, fixing the following issue: + - CVE-2011-0719: denial of service by memory corruption + * Use architecture wildcard "linux-any" in build dependencies + Closes: #563372 + + -- Christian Perrier <bubulle@debian.org> Tue, 01 Mar 2011 20:59:34 +0100 + +samba (2:3.5.6~dfsg-5) unstable; urgency=low + + * Fix FTBFS on Hurd. Closes: #610678 + * Only try parsing dhcpd.conf is it's not empty, + in dhclient-enter-hooks.d/samba. Closes: #594088. + + -- Christian Perrier <bubulle@debian.org> Sat, 05 Feb 2011 13:50:22 +0100 + +samba (2:3.5.6~dfsg-4) unstable; urgency=low + + * Fix pam_winbind file descriptor leak with a patch + proposed in https://bugzilla.samba.org/show_bug.cgi?id=7265. + Upstream claim is that #7265 is fixed in 3.5.6 but our bug submitter + confirmed it is not while the patch applied here fixes the file + descriptor leak. + Closes: #574468 + + [ Debconf translations ] + * Brazilian Portuguese (Adriano Rafael Gomes). Closes: #607402 + + -- Christian Perrier <bubulle@debian.org> Sat, 15 Jan 2011 18:06:22 +0100 + +samba (2:3.5.6~dfsg-3) unstable; urgency=low + + [ Julien Cristau ] + * Bump libwbclient0 shlibs to match the newest version in the symbols file. + * Mark libwbclient0 as breaking other samba packages with versions older + than 2:3.4.1, as they were linked against libtalloc1 instead of + libtalloc2, and the combination causes crashes (closes: #593823). + + -- Christian Perrier <bubulle@debian.org> Mon, 06 Dec 2010 20:14:04 +0100 + +samba (2:3.5.6~dfsg-2) unstable; urgency=low + + [ Steve Langasek ] + * Fix debian/rules update-archs target to not add extra spaces on every + invocation... + + [ Debconf translations ] + * Catalan (Jordi Mallach). Closes: #601101 + * Japanese (Kenshi Muto). Closes: #601364 + * Bulgarian (Damyan Ivanov). Closes: #601366 + * Hebrew (Omer Zak). Closes: #601633 + * Kurdish (Erdal Ronahî). Closes: #601719 + * Dutch (Remco Rijnders). Closes: #602220 + * Greek (Konstantinos Margaritis). + + [ Christian Perrier ] + * Include upstream's patch for "gvfsd-smb (Gnome vfs) fails to copy + files from a SMB share using SMB signing.". Backported from + to be released 3.5.7 version + Closes: #605729 + + -- Christian Perrier <bubulle@debian.org> Sat, 04 Dec 2010 07:44:22 +0100 + +samba (2:3.5.6~dfsg-1) unstable; urgency=low + + * New upstream release. Fixes the following Debian bug: + - rpcclient readline segfault. Closes: #597203 + + -- Christian Perrier <bubulle@debian.org> Sun, 10 Oct 2010 09:59:37 +0200 + +samba (2:3.5.5~dfsg-1) unstable; urgency=high + + [ Christian Perrier ] + * New upstream release. Security release fixing: + - CVE-2019-3069: Buffer overrun vulnerability in sid_parse. + Closes: #596891. + * Fix comment in swat's postinst. It is not turned off by default + Closes: #596040 + * Drop transition code from (pre-etch) 3.0.20b-3 version in swat postinst + + [ Steve Langasek ] + * debian/control: winbind needs libpam-runtime (>= 1.0.1-6) for + pam-auth-update. Closes: #594325. + + [ Debconf translations ] + * Arabic (Ossama Khayat). Closes: #596164 + + -- Christian Perrier <bubulle@debian.org> Tue, 14 Sep 2010 23:03:35 +0200 + +samba (2:3.5.4~dfsg-2) unstable; urgency=low + + * Release to unstable + + [ Debconf translations ] + * Danish (Joe Dalton). Closes: #592789. + * Galician (Jorge Barreiro). Closes: #592809 + + [ Steve Langasek ] + * debian/patches/fhs-filespaths.patch, debian/samba.postinst, + debian/winbind.postinst: move some files from /etc/samba to + /var/lib/samba where they belong: MACHINE.SID, schannel_store.tdb, + and idmap2.tdb. + + -- Christian Perrier <bubulle@debian.org> Tue, 07 Sep 2010 17:47:32 +0200 + +samba (2:3.6.0~pre1-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Wed, 04 Aug 2010 01:39:11 +0200 + +samba (2:3.5.4~dfsg-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Tue, 29 Jun 2010 22:00:53 +0200 + +samba (2:3.5.3~dfsg-1) experimental; urgency=low + + * New upstream release. Fixes the following bugs: + - smbclient segfaults when used against old samba "security = share" + Closes: #574886 + * Drop duplicate build dependency on ctdb + + -- Christian Perrier <bubulle@debian.org> Wed, 19 May 2010 22:07:49 +0200 + +samba (2:3.5.2~dfsg-2) experimental; urgency=low + + * Resync changes with changes in trunk between 3:3.4.4~dfsg-1 and + 2:3.4.7~dfsg-2 + + -- Christian Perrier <bubulle@debian.org> Tue, 04 May 2010 17:13:47 +0200 + +samba (2:3.5.2~dfsg-1) experimental; urgency=low + + * New upstream release + * Bugs fixed upstream: + - Fix parsing of the gecos field + Closes: #460494 + + -- Christian Perrier <bubulle@debian.org> Thu, 08 Apr 2010 19:48:07 +0200 + +samba (2:3.5.1~dfsg-1) experimental; urgency=low + + * New upstream release. Security fix: all smbd processes inherited + CAP_DAC_OVERRIDE capabilities, allowing all file system access to be + allowed even when permissions should have denied access. + + -- Christian Perrier <bubulle@debian.org> Tue, 09 Mar 2010 10:54:01 +0100 + +samba (2:3.5.0dfsg-1) experimental; urgency=low + + * New upstream release. Not using "3.5.0~dfsg" as version number + because we used a "higher" version number in previous versions. + + -- Christian Perrier <bubulle@debian.org> Tue, 02 Mar 2010 22:03:15 +0100 + +samba (2:3.5.0~rc3~dfsg-1) experimental; urgency=low + + * New upstream release candidate + + -- Christian Perrier <bubulle@debian.org> Sat, 20 Feb 2010 08:36:57 +0100 + +samba (2:3.5.0~rc2~dfsg-1) experimental; urgency=low + + * New upstream pre-release + * Use new --with-codepagedir option. Consequently drop + codepages-location.patch + * Drop "Using Samba" from the samba-doc file list as it was + removed upstream. + + -- Christian Perrier <bubulle@debian.org> Sun, 31 Jan 2010 11:53:48 +0100 + +samba (2:3.5.0~rc1~dfsg-1) experimental; urgency=low + + [ Christian Perrier ] + * New upstream pre-release + + -- Christian Perrier <bubulle@debian.org> Fri, 15 Jan 2010 23:31:01 +0100 + +samba (2:3.4.8~dfsg-2) unstable; urgency=low + + [ Steve Langasek ] + * Drop the per-release smb.conf templates, only needed for upgrade paths + that are no longer supported. + * Call /etc/init.d/samba directly from the logrotate script instead of + using invoke-rc.d, to address the irony that the only package I work on + that *has* a logrotate script is inconsistent with my position in + bug #445203. + * Fix a bashism in the samba postinst that can cause the package + installation to fail under dash. LP: #576307. + * Add symlink from /etc/dhcp/dhclient-enter-hooks.d to + /etc/dhcp3/dhclient-enter-hooks.d for the hook location of the new + isc-dhcp-client package. Closes: #585056. + + [ Christian Perrier ] + * Don't copy system accounts from /etc/passwd to + /var/lib/samba/passdb.tdb. Closes: #502801 + * Update Standards to 3.9.0 (checked, no change) + * Backport patch for upstream bug #7139 to fix "owner of file not + available with kerberos" + Closes: #586337 + + -- Steve Langasek <vorlon@debian.org> Wed, 14 Jul 2010 11:59:28 -0700 + +samba (2:3.4.8~dfsg-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release + * Bugs fixed upstream: + - Fix writing with vfs_full_audit. Closes: #574011 + * Drop deprecated 'share modes' parameter from default smb.conf + Closes: #580561 + * Enable PIE during configure. Closes: #509135 + * Avoid winbind's logrotate script to fail when there is no + /var/run/samba directory. Closes: #569926 + * Add explanations about "passdb backend" default setting change + Closes: #553904 + + [ Debconf translations ] + * Spanish (Omar Campagne). Closes: #579011 + + -- Christian Perrier <bubulle@debian.org> Wed, 12 May 2010 05:45:52 +0200 + +samba (2:3.4.7~dfsg-2) unstable; urgency=low + + [ Christian Perrier ] + * Drop smbfs package (now provided by cifs-utils as a dummy transition + package) + + [ Debconf translations ] + * Portuguese (Miguel Figueiredo). Closes: #575958 + + [ Steve Langasek ] + * winbind.prerm: don't forget to remove the PAM profile on package + removal :/ + * Fix winbind.pam-config to not interfere with password changes for + non-winbind accounts. Closes: #573323, LP: #546874. + * debian/samba.if-up, debian/rules: add an if-up.d script for samba to + try to start nmbd, if it's not running because /etc/init.d/samba ran + before the network was up at boot time. Closes: #576415, LP: #462169. + * debian/samba.if-up: allow "NetworkManager" as a recognized address + family... it's obviously /not/ an address family, but it's what gets + sent when using NM, so we'll cope for now. + + -- Christian Perrier <bubulle@debian.org> Sat, 17 Apr 2010 07:49:49 +0200 + +samba (2:3.4.7~dfsg-1) unstable; urgency=low + + [ Steve Langasek ] + * Add a PAM profile for pam_winbind. Closes: #566890, LP: #282751. + * Add the correct versioned build dependency on libtalloc-dev as + we need 2.0.1 to build samba. Closes: #572603 + * Add avr32 to arches with a build dependency on ctdb. Closes: #572126 + + [ Christian Perrier ] + * New upstream release. Security fix: all smbd processes inherited + CAP_DAC_OVERRIDE capabilities, allowing all file system access to be + allowed even when permissions should have denied access. + + -- Christian Perrier <bubulle@debian.org> Tue, 09 Mar 2010 10:52:24 +0100 + +samba (2:3.4.6~dfsg-1) unstable; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Fri, 26 Feb 2010 22:39:50 +0100 + +samba (2:3.4.5~dfsg-2) unstable; urgency=low + + [ Steve langasek ] + * Revert the "bashisms" fix from version 2:3.3.0~rc2-4; "local foo=bar" + is explicitly allowed by Policy now, and this change introduced a + syntax error. Closes: #566946. + + [ Christian Perrier ] + * No longer maker (u)mount.cifs setuid root. Add a notice + about this in the package's NEWS.Debian file + Closes: #567554 + * Use dh_lintian instead of manual install of lintian overrides + * Updated Standards to 3.8.4 (checked, no change) + + -- Christian Perrier <bubulle@debian.org> Sat, 13 Feb 2010 14:36:33 +0100 + +samba (2:3.4.5~dfsg-1) unstable; urgency=low + + * New upstream release. Bugs fixed by this release: + - Memory leak in smbd. Closes: #538819, #558453 + * Declare a versioned dependency of winbind and samba on libwbclient0 + Closes: #550481 + * A few lintian fixes: + * Drop /var/run/samba from samba-common. The directory is created + by init scripts when needed. + * No longer prepend a path to the mksmbpasswd call in samba.postinst. + This prevents the local administrator to use a replacement version + for some local reason. + + -- Christian Perrier <bubulle@debian.org> Sat, 23 Jan 2010 12:16:42 +0100 + +samba (2:3.4.4~dfsg-1) unstable; urgency=low + + * New upstream version. + * Drop all RFC files from upstream source, therefore using a "~dfsg" + suffix to upstream version number. + * Bugs fixed upstream: + - fixed list of workgroup servers in libsmbclient. + Closes: #555462, #561148 + - fixed documentation of the credentials file format in + mount.cifs(8). Closes: #552250 + + -- Christian Perrier <bubulle@debian.org> Thu, 14 Jan 2010 20:16:34 +0100 + +samba (2:3.4.3-2) unstable; urgency=low + + [ Christian Perrier ] + * Switch to source format 3.0 (quilt) + * Better adapt "add machine script" example to adduser + Thanks to Heiko Schlittermann for the suggestion + Closes: #555466 + + [ Steve Langasek ] + * The "I hate non-declarative alternatives" upload: + - debian/samba{,-common}.prerm: don't call update-alternatives --remove + on upgrade, /do/ call it on other invocations of the prerm script. If + these tools ever go away, the removal needs to be handled on upgrade by + the maintainer scripts of the new package version. + - debian/samba{,-common-bin}.postinst: call update-alternatives + unconditionally, don't second-guess the maintainer script arguments. + - debian/samba.postinst: call update-alternatives after the debconf + handling, not before; debconf triggers a re-exec of the script so + anything done before invoking debconf is wasted because it will be + re-done, and if there's already a debconf frontend running when this + is called, the not-redirected update-alternatives output will confuse + it. Closes: #558116. + - debian/samba-common.prerm: move to samba-common-bin, this is the package + that owns these binaries. + + -- Christian Perrier <bubulle@debian.org> Thu, 17 Dec 2009 16:53:13 +0100 + +samba (2:3.4.3-1) unstable; urgency=low + + * New upstream release. This fixes the following bugs: + - Do not attempt to update /etc/mtab if it is + a symbolic link. Closes: #408394 + * Bump Standards-Version to 3.8.3 (checked) + + -- Christian Perrier <bubulle@debian.org> Sat, 31 Oct 2009 14:32:07 +0100 + +samba (2:3.4.2-1) unstable; urgency=high + + * New upstream release. Security update. + * CVE-2009-2813: + Connecting to the home share of a user will use the root of the + filesystem as the home directory if this user is misconfigured to + have an empty home directory in /etc/passwd. + * CVE-2009-2948: + If mount.cifs is installed as a setuid program, a user can pass it + a credential or password path to which he or she does not have + access and then use the --verbose option to view the first line of + that file. + * CVE-2009-2906: + Specially crafted SMB requests on authenticated SMB connections + can send smbd into a 100% CPU loop, causing a DoS on the Samba + server. + + -- Christian Perrier <bubulle@debian.org> Sat, 03 Oct 2009 08:30:33 +0200 + +samba (2:3.4.1-2) unstable; urgency=low + + * ./configure --disable-avahi, to avoid accidentally picking up an avahi + dependency when libavahi-common-dev is installed. + + -- Steve Langasek <vorlon@debian.org> Sat, 26 Sep 2009 00:01:12 -0700 + +samba (2:3.4.1-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release. This fixes the following bugs: + - smbd SIGSEGV when breaking oplocks. Thanks to Petr Vandrovec + for the clever analysis and collaboration with upstream. + Closes: #541171 + - Fix password change propagation with ldapsam. Closes: #505215 + - Source package contains non-free IETF RFC/I-D. Closes: #538034 + * Turn the build dependency on libreadline5-dev to libreadline-dev + to make further binNMUs easier when libreadline soname changes + Thanks to Matthias Klose for the suggestion + + [ Steve Langasek ] + * Don't build talloctort when using --enable-external-talloc; and don't + try to include talloctort in the samba-tools package, since we're + building with --enable-external-talloc. :) Closes: #546828. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Sep 2009 22:20:22 -0700 + +samba (2:3.4.0-5) unstable; urgency=low + + * Move /etc/pam.d/samba back to samba-common, because it's shared with + samba4. Closes: #545764. + + -- Steve Langasek <vorlon@debian.org> Tue, 08 Sep 2009 18:43:17 -0700 + +samba (2:3.4.0-4) unstable; urgency=low + + [ Steve Langasek ] + * debian/samba.pamd: include common-session-noninteractive instead of + common-session, to avoid pulling in modules specific to interactive + logins such as pam_ck_connector. + * debian/control: samba depends on libpam-runtime (>= 1.0.1-11) for the + above. + * rename debian/samba.pamd to debian/samba.pam and call dh_installpam + from debian/rules install, bringing us a smidge closer to a stock + debhelper build + * don't call pyversions from debian/rules, this throws a useless error + message during build. + * fix up the list of files that need to be removed by hand in the clean + target; the majority of these are now correctly handled upstream. + * debian/rules: fix the update-arch target for the case of unversioned + build-deps. + * Pull avr32 into the list of supported Linux archs. Closes: #543543. + * Fix LSB header in winbind.init; thanks to Petter Reinholdtsen for the + patch. Closes: #541367. + + [ Christian Perrier ] + * Use DEP-3 for patches meta-information + + [ Steve Langasek ] + * Change swat update-inetd call to use --remove only on purge, + and --disable on removal. + * Add missing build-dependency on pkg-config, needed to fix libtalloc + detection + * debian/patches/external-talloc-support.patch: fix the Makefile so it + works when using external talloc instead of giving a missing-depend + error. + * debian/patches/autoconf.patch: resurrect this patch, needed for the + above. + * debian/rules: build with --without-libtalloc + --enable-external-libtalloc, also needed to fix the build failure. + + -- Steve Langasek <vorlon@debian.org> Mon, 07 Sep 2009 22:58:29 -0700 + +samba (2:3.4.0-3) unstable; urgency=low + + [ Steve Langasek ] + * debian/control: samba-common-bin has no reason to depend on + libpam-modules. + + [ Christian Perrier ] + * Fix "invalid argument" when trying to copy a file from smb share + Use an upstream patch that will be included in 3.4.1 + Closes: #536757 + + -- Christian Perrier <bubulle@debian.org> Fri, 21 Aug 2009 11:08:43 +0200 + +samba (2:3.4.0-2) unstable; urgency=low + + [ Debconf translations ] + * German. Closes: #536433 + + [ Steve Langasek ] + * Enable the ldap idmap module; thanks to Aaron J. Zirbes. Closes: #536786. + + [ Jelmer Vernooij ] + * Properly rename smbstatus.1 for alternatives. Closes: #534772 + + -- Christian Perrier <bubulle@debian.org> Sun, 02 Aug 2009 12:20:51 +0200 + +samba (2:3.4.0-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release: first upload to unstable for 3.4 + * Correct dependencies for samba-common-bin. Closes: #534595 + + [ Debconf translations ] + * Czech. Closes: #534793 + * Russian. Closes: #534796 + + -- Christian Perrier <bubulle@debian.org> Tue, 07 Jul 2009 20:42:19 +0200 + +samba (2:3.4.0~rc1-1) experimental; urgency=low + + * New upstream version. That fixes the following bugs: + - Remove pidfile on clean shutdown. Closes: #299433, #454112 + * Drop swat-de.patch that was applied upstream + * Bump debhelper compatibility level to 6 and declare a versioned + dependency on debhelper >= 6.0.0 + + -- Christian Perrier <bubulle@debian.org> Sat, 20 Jun 2009 18:43:20 +0200 + +samba (2:3.4.0~pre2-1) experimental; urgency=low + + [ Jelmer Vernooij ] + * Split binaries out of samba-common into samba-common-bin. + Closes: #524661 + + [ Christian Perrier ] + * New upstream version. That fixes the following bugs: + - Do not limit the number of network interfaces. Closes: #428618 + - Fix Connect4 in samr.idl. Closes: #526229 + * "Using samba" is back. + * Drop non-linux-ports.patch that was integrated upstream + * Drop smbpasswd-syslog.patch that was integrated upstream + * Drop smbclient-link.patch that was integrated upstream + + [ Debconf translations ] + * Italian. Closes: #529350 + + -- Christian Perrier <bubulle@debian.org> Sat, 06 Jun 2009 11:45:35 +0200 + +samba (2:3.4.0~pre1-1) experimental; urgency=low + + * New upstream pre-release + * "Using samba" is dropped from upstream source. Therefore, drop + debian/samba-doc.doc-base.samba-using + + -- Christian Perrier <bubulle@debian.org> Wed, 20 May 2009 18:50:35 +0200 + +samba (2:3.3.6-1) unstable; urgency=high + + * New upstream release. Security release. + * CVE 2009-1886: Fix Formatstring vulnerability in smbclient + * CVE 2009-1888: Fix uninitialized read of a data value + + -- Christian Perrier <bubulle@debian.org> Fri, 26 Jun 2009 18:21:51 +0200 + +samba (2:3.3.5-1) unstable; urgency=low + + [ Steve Langasek ] + * debian/patches/undefined-symbols.patch: fix up patch so that it's + suitable for submission upstream. + * debian/patches/proper-static-lib-linking.patch: apply the rules to + vfstest, ldbrename, nss_wins, pam_winbind, pam_smbpass, and + rpc_open_tcp. + + [ Debconf translations ] + * Italian. Closes: #529350 + + [ Christian Perrier ] + * New upstream version + * Lintian fixes: + - Declare versioned dependency on debhelper to fit what we have in + debian/compat + - samba.postinst: do not call mksmbpasswd with an absolute path + * Upgrade Standard to 3.8.2 (checked, no change) + * Upgrade debhelper compatibility level to 6 + + -- Christian Perrier <bubulle@debian.org> Sat, 20 Jun 2009 08:01:16 +0200 + +samba (2:3.3.4-2) unstable; urgency=low + + [ Christian Perrier ] + * Do no compile with clustering support on non-Linux platforms + Closes: #528382 + + [ Debconf translations ] + * Basque. Closes: #528757 + + -- Christian Perrier <bubulle@debian.org> Sat, 16 May 2009 17:31:09 +0200 + +samba (2:3.3.4-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release: + - Fixed daily winbind crash when retrieving users from an ADS server + Closes: #522907. + * Add idmap_tdb2 module to winbind package + * No longer shrink "dead" code from smbd, winbindd and vfstest as it prevents + VFS modules to properly load. Closes: #524048. + + [ Debconf translations ] + * Bengali added. + + [ Steve Langasek ] + * Recommend logrotate instead of depending on it. Closes: #504219. + + -- Christian Perrier <bubulle@debian.org> Sat, 02 May 2009 10:06:16 +0200 + +samba (2:3.3.3-1) unstable; urgency=low + + * New upstream release: + - Fix map readonly. Closes: #521225 + - Add missing whitespace in mount.cifs error message. Closes: #517021 + - Includes our patch to fix detection of GNU ld version. As a + consequence, we dropped fix_wrong_gnu_ld_version_check.patch + - Fix segfault in lookup_sid. Closes: #521408 + + -- Christian Perrier <bubulle@debian.org> Sat, 11 Apr 2009 10:12:23 +0200 + +samba (2:3.3.2-2) unstable; urgency=low + + [ Steve Langasek ] + * libcap2-dev is only available on Linux, so make this build-dependency + conditional. Closes: #519911. + + [ Christian Perrier ] + * Switch samba-dbg to "Section: debug" + * Update debian/copyright for year 2009. Thanks to debian-devel + for the reminder. + * Dropping Adam Conrad from Uploaders + * Dropping Eloy Paris from Uploaders with special thanks for his tremendous + work maintaining the package between 1997 and 2004. + + [ Mathieu Parent ] + * ensure clustering is enabled with --with-cluster-support=yes + * build-depends on ctdb >= 1.0.73. Closes: #520202. + * samba suggests ctdb + + [ Debconf translations ] + * Esperanto updated. Closes: #519237. + + -- Christian Perrier <bubulle@debian.org> Sun, 29 Mar 2009 09:23:35 +0200 + +samba (2:3.3.2-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release. Closes: #519626 + - mounts with -o guest will now automatically try to connect anonymously. + Closes: #423971. + - fix for brokenness when using 'force group'. Closes: #517760. + - fix for saving files on Samba shares using MS Office 2007. + LP: #337037. + * Re-fix slave links for manual pages in samba-common. Closes: #517204. + + [ Steve Langasek ] + * Add missing debhelper token to libpam-smbpass.prerm. + + -- Christian Perrier <bubulle@debian.org> Sun, 15 Mar 2009 12:16:48 +0100 + +samba (2:3.3.1-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release. Closes: #516981 + Upstream fixes in that release: + - Fixed various spelling errors/typos in manpages + Closes: #516047 + - Fix renaming/deleting of files using Windows clients. + Closes: #516160 + - Fix syntax error in mount.cifs(8). Closes: #454799 + * Use a slave alternative for smbstatus.1 even though that manpage + is not provided by samba4 + + [ Jelmer Vernooij ] + * Fix slave links for manual pages in samba-common. Closes: #517204. + + [ Steve Langasek ] + * Add Vcs-{Browser,Svn} fields to debian/control. + * When populating the sambashare group, it's not an error if the user + simply doesn't exist; test for this case and let the install continue + instead of aborting. LP: #206036. + * debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst, + debian/libpam-smbpass.files, debian/rules: provide a config block + for the new PAM framework, allowing this PAM module to + auto-configure itself + * debian/control: make libpam-smbpass depend on + libpam-runtime (>= 1.0.1-2ubuntu1) for the above + * debian/patches/fix_wrong_gnu_ld_version_check.patch: new patch to fix + wrong detection of the GNU ld version, so that the symbol export scripts + will be properly applied when building. + * refresh debian/libsmbclient.symbols for 3.3.1. + + -- Steve Langasek <vorlon@debian.org> Mon, 02 Mar 2009 00:30:35 -0800 + +samba (2:3.3.0-4) unstable; urgency=low + + [ Steve Langasek ] + * Build-Depend on libcap2-dev. Closes: #515851. + * debian/patches/fhs-filespaths-debatable.patch: Add a missing prototype + for cache_path, which causes nearly undiagnoseable crashes when building + with -fPIE, because of a wrong return type! LP: #330626. + + [ Debconf translations ] + * Belarusian added. Closes: #516052. + * Traditional Chinese updated. Closes: #516594 + * Swedish updated. Closes: #516681. + + [ Mathieu Parent ] + * enable clustering by default (CTDB). Closes: #514050 + + -- Steve Langasek <vorlon@debian.org> Tue, 24 Feb 2009 16:58:58 -0800 + +samba (2:3.3.0-3) unstable; urgency=low + + [ Steve Langasek ] + * Re-add smb.conf fixes that were dropped in the 3.3.0 merge to unstable. + * Make samba conflict with samba4, not with itself. + + [ Debconf translations ] + * Vietnamese updated. Closes: #515235. + * Slovak updated. Closes: #515240. + + -- Steve Langasek <vorlon@debian.org> Mon, 16 Feb 2009 07:15:47 -0800 + +samba (2:3.3.0-2) unstable; urgency=low + + * Upload to unstable + + -- Christian Perrier <bubulle@debian.org> Sat, 14 Feb 2009 13:38:14 +0100 + +samba (2:3.2.5-4) unstable; urgency=low + + * Fix segfault whan accessign some NAS devices running old versions of Samba + Closes: #500129 + * Fix process crush when using gethostbyname_r in several threads + Closes: #509101, #510450 + + -- Christian Perrier <bubulle@debian.org> Thu, 08 Jan 2009 05:59:17 +0100 + +samba (2:3.2.5-3) unstable; urgency=high + + * Security update + * Fix Potential access to "/" in setups with registry shares enabled + This fixes CVE-2009-0022, backported from 3.2.7 + * Fix links in HTML documentation index file. + Closes: #508388 + * Drop spurious docs-xml/smbdotconf/parameters.global.xml.new + file in the diff. Thanks to the release managers for spotting it + + -- Christian Perrier <bubulle@debian.org> Sun, 21 Dec 2008 08:09:31 +0100 + +samba (2:3.2.5-2) unstable; urgency=low + + * Fix typo in bug number in a comment for the default smb.conf file + Closes: #507620 + * Document the need to set appropriate permissions on the printer + drivers directory, in the default smb.conf file. Also change + the example group from ntadmin to lpadmin + Closes: #459243 + * Add missing rfc2307.so and sfu*.so links that prevent using the + 'winbind nss info' feature properly + Thans to Martin Dag Nilsson for reporting and Jelmer Jaarsma for + the patch. Closes: #506109 + + -- Christian Perrier <bubulle@debian.org> Sat, 13 Dec 2008 13:56:07 +0100 + +samba (2:3.2.5-1) unstable; urgency=high + + * New upstream version. Security-only release. + This addresses CVE-2008-4314: potentially leaking + arbitrary memory contents to malicious clients. + * Better document cases where using a "master" file for smb.conf + is a bad idea. Closes: #483187 + * Insert example "add machine script" and "add group script" scripts + in the default smb.conf. Closes: #349049 + * Move homepage URL to Homepage filed in debian/control + + -- Christian Perrier <bubulle@debian.org> Thu, 27 Nov 2008 11:36:35 +0100 + +samba (2:3.3.0-1) experimental; urgency=low + + * New upstream release. Fixes the following bugs: + - smb file deletion gvfs. Closes: #510564 + - smbclient du command does not recuse properly. Closes: #509258 + - mention possible workgroup field in credential files in mount.cifs(8) + Closes: #400734 + - bashism in /usr/share/doc/samba-doc/examples/perfcounter/perfcountd.init + Closes: #489656 + - describe '-g' option in smbclient man page. Closes: #510812 + - fix swat status table layout. Closes: #511275 + + [ Jelmer Vernooij ] + * Use alternatives for the smbstatus, nmblookup, net and + testparm binaries and various data files in samba-common + to allow installation of Samba 3 together with Samba 4. + * Add myself to uploaders. + + [ Christian Perrier ] + * Add mbc_getOptionCaseSensitive@Base, smbc_setOptionCaseSensitive@Base, + smbc_set_credentials@Base, smbc_urldecode@Base and smbc_urlencode@Base to + libsmbclient's symbols file with 3.3.0 as version number + * Also add 18 symbols to libwbclient0's symbols file with 3.3.0 as + version number + + -- Christian Perrier <bubulle@debian.org> Fri, 30 Jan 2009 21:41:49 +0100 + +samba (2:3.3.0~rc2-4) experimental; urgency=low + + [ Steve Langasek ] + * Revert one of the template depersonalization changes from the -2 upload, + because it loses important context + + [ Christian Perrier ] + * Use double quotation marks in debconf templates + * Add 'status" option to init scripts. Thansk to Dustin Kirkland for + providing the patch. Closes: #488275 + * Move WHATSNEW.txt, README, Roadmap to samba-common. Closes: #491997 + * [Lintian] Add ${misc:Depends} to dependencies of binary packages + that didn't have it already as we're using debhelper in the source + package + * [Lintian] Don't ignore errors in swat.postrm + * [Lintian] Fix "local foo=bar" bashisms in samba-common.dhcp, samba.config + and samba-common.config + * smb.conf.5-undefined-configure.patch: fix syntax error in smb.conf(5) + Closes: #512843 + + [ Debconf translations ] + * Asturian added. Closes: #511730 + + -- Christian Perrier <bubulle@debian.org> Sat, 24 Jan 2009 16:04:57 +0100 + +samba (2:3.3.0~rc2-3) experimental; urgency=low + + * Fix around the libsmbclient/libsmbclient-dev descriptions, which got + swapped in the last upload. + * Drop a boilerplate sentence from the samba-common, smbclient, swat, + samba-doc, samba-doc-pdf, samba-dbg, and libwbclient0 descriptions + that's not relevant for these packages. + * Hyphenate "command-line" in the smbclient short description. + * Fix up the smbclient description, which got crossed with the smbfs one. + * Fix the smbfs description, which was not actually fixed in the previous + upload. Really closes: #496206. + * Further minor adjustments to the description of the swat package. + * Fix various inaccuracies in the winbind package description. + * Clarify in the description that samba-tools are extra, only useful for + testing. + + -- Steve Langasek <vorlon@debian.org> Tue, 30 Dec 2008 18:42:05 -0800 + +samba (2:3.3.0~rc2-2) experimental; urgency=low + + [ Steve Langasek ] + * Handle clearing out netbios settings whenever the DHCP server has gone + away. Closes: #299618. + + [ Christian Perrier ] + * Point the correct document about password encryption in debconf templates + Corrected in translations as well. Closes: #502838 + * Reword debconf templates to avoid mentioning the local host as a "server". + Closes: #171177 + * Use this opportunity for other minor rewording: + - replace "SMB" by "SMB/CIFS" + - more strongly discouraging the use of plain text passwords + - unpersonnalization + * Reword the libpam-smbpass package description + Thanks to Justin B. Rye for the very useful suggestions + Closes: #496196 + * Improve the package descriptions by rewording the description overhaul + Also improve the specific information for samba and samba-dbg + Thanks again to Justin B. Rye for the invaluable help + Closes: #496200 + * Improve libsmbclient package description. Closes: #496197 + * Improve libwbclient0 package description. Closes: #496199 + * Improve samba-doc package description. Closes: #496202 + * Improve samba-tools package description. Closes: #496203 + * Improve samba-common package description. Closes: #496204 + * Improve smbclient package description. Closes: #496205 + * Improve smbfs package description. Closes: #496206 + * Improve swat package description. Closes: #496207 + * Improve winbind package description. Closes: #496208 + * Improve samba-doc-pdf package description. Closes: #496211 + * Update French debconf translation + + -- Christian Perrier <bubulle@debian.org> Mon, 29 Dec 2008 11:50:04 +0100 + +samba (2:3.3.0~rc2-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Wed, 17 Dec 2008 08:22:18 +0100 + +samba (2:3.3.0~rc1-2) experimental; urgency=low + + * Provide idmap_adex and idmap_hash in winbind. + Thanks to Jelmer Jaarsma for reporting and providing a patch + + -- Christian Perrier <bubulle@debian.org> Thu, 04 Dec 2008 19:59:23 +0100 + +samba (2:3.3.0~rc1-1) experimental; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Fri, 28 Nov 2008 10:51:32 +0100 + +samba (2:3.3.0~pre2-1) experimental; urgency=low + + * New upstream release. + + -- Christian Perrier <bubulle@debian.org> Fri, 07 Nov 2008 20:52:36 +0100 + +samba (2:3.2.4-1) unstable; urgency=low + + [ Steve Langasek ] + * New upstream release. + - debian/rules: we don't need to move cifs.upcall around, it's now + installed to the right place upstream. + - Fixed in this release: + - typo in cifs.upcall.8. Closes: #501499 + + [ Christian Perrier ] + * Create /var/lib/samba in samba-common. Thanks to Thierry Carrez for + the patch. Closes: #499359 + + -- Christian Perrier <bubulle@debian.org> Sat, 18 Oct 2008 08:20:31 +0200 + +samba (2:3.2.3-3) unstable; urgency=low + + [ Steve Langasek ] + * Add missing manpage for cifs.upcall; thanks to Per Olofsson for pointing + this out. Closes: #497857. + * Georgian debconf translation added. Closes: #498426 + * Polish debconf translation added. Thanks to Åukasz Paździora. + + [ Jelmer Vernooij ] + * Add ldb-tools to Suggests: of samba. Closes: #488384 + + -- Christian Perrier <bubulle@debian.org> Fri, 03 Oct 2008 20:37:19 +0200 + +samba (2:3.2.3-2) unstable; urgency=low + + [ Christian Perrier ] + * Fix FTBFS on GNU/kFreeBSD. Closes: #496880 + + -- Steve Langasek <vorlon@debian.org> Sat, 30 Aug 2008 00:46:07 -0700 + +samba (2:3.2.3-1) unstable; urgency=high + + * High-urgency upload for security fix + * New upstream release + - Fix "/usr/lib/cups/backend/smb does not try port 139 anymore by default" + Closes: #491881 + - Fix the default permissions on ldb databases. Addresses + CVE-2008-3789; closes: #496073. + - debian/rules, debian/smbfs.files: build with cifs.upcall, + newly introduced to replace cifs.spnego + - debian/rules: no more need to rename libsmbclient.so to + libsmbclient.so.0, or libwbclient.so to libwbclient.so.0 + + [ Noèl Köthe ] + * fixing lintian warning "build-depends-on-1-revision" + + -- Steve Langasek <vorlon@debian.org> Wed, 27 Aug 2008 10:19:59 -0700 + +samba (2:3.2.1-1) unstable; urgency=low + + [ Steve Langasek ] + * Build-depend on keyutils only on the linux archs. Closes: #493401. + * New patch debian/patches/shrink-dead-code.patch: throw all .o files into + a .a archive as a first pass before linking the final executables, so + that the executables don't end up with quite so much unused code bloating + the system. Not applied to net or ntlm_auth, which have particularly + hairy linking needs. Partially addresses: bug #474543; no code was + harmed in the making of this patch. + * Build-depend on libcups2-dev | libcupsys2-dev, to facilitate backports. + + [ Christian Perrier ] + * New upstream release + - Fix trusted domain handling in Winbindd. Closes: #493752 + - Fix for print jobs that continued to show as active after printing + had completed. Closes: #494899. + + -- Steve Langasek <vorlon@debian.org> Thu, 14 Aug 2008 16:13:24 -0700 + +samba (2:3.2.0-4) unstable; urgency=low + + * Brown paper bag bug: add a change to debian/patches/fhs-filespaths.patch + that went missing somehow, causing samba to look for secrets.tdb in + /etc/samba instead of /var/lib/samba where it's been for years. No + migration handling added, because this was only present in unstable for + about a day. Thanks to Rick Nelson for pointing this out. + + -- Steve Langasek <vorlon@debian.org> Mon, 21 Jul 2008 17:39:48 -0700 + +samba (2:3.2.0-3) unstable; urgency=low + + * Upload to unstable. + * debian/patches/proper-static-lib-linking.patch: fix SMB_LIBRARY macro + and Makefile.in to properly avoid linking .a libraries into other .a + libraries, since this bloats the libraries without providing any useful + functionality. + * Version the build-dependency on libtalloc-dev, to ensure we're building + against a package with the right symbols. + * Add debian/libsmbclient.symbols and debian/libwbclient0.symbols, to get + more fine-grained versioned library dependencies + * Bump the shlibs version for libsmbclient to 2:3.2.0, as new symbols + have been added. + * Re-add docs/registry to samba-doc, restored upstream + * Move schannel_store.tdb out of /etc/samba to /var/lib/samba, where it + belongs according to the FHS. Closes: #454770. + + -- Steve Langasek <vorlon@debian.org> Sun, 20 Jul 2008 15:38:10 -0700 + +samba (2:3.2.0-2) experimental; urgency=low + + * Fix up the copyright file to correctly document that we're now under + GPLv3, not GPLv2. + + -- Steve Langasek <vorlon@debian.org> Tue, 08 Jul 2008 12:21:47 -0700 + +samba (2:3.2.0-1) experimental; urgency=low + + [ Christian Perrier ] + * New samba-tools package to provide all "torture" tools: + smbtorture msgtest masktest locktest locktest2 nsstest vfstest + pdbtest talloctort replacetort tdbtorture smbconftort + * Upgrade Standard to 3.8.0 (checked) + * Merged from unstable: + * Drop "invalid users = root" from the default smb.conf file + as it differs from upstream's behaviour and upstream is fairly + noisy about this choice of ours. Closes: #462046 + * Drop commented "guest account = nobody". This is already upstream's + default + * Remove versioned Build-Depends when satisfied in etch (actually all + versioning in Build-Depends) + * Remove Conflicts with non-existing packages + * Drop dpkg-dev and binutils from Build-Depends, since the versioned + build-dep is no longer needed and these are both Build-Essential + * Mini-policy for settings in smb.conf: + - don't explicitly set settings to their default value + - commented settings with the default value are commented with "#" + - commented settings with a non-default value are commented with ";" + * Apply this policy to "socket options". Closes: #476104 + * No longer gratuitously use /usr/lib/libsmbclient.so.0.1 but a more logical + libsmbclient.so.0 as upstream doesn't assign versions + * Add idmap_*(8) man pages (idea taken from SerNet packages) + * Create the entire set of directories needed by clients for + Point-and-Click printing (including old clients!) in + /var/lib/samba/printers (idea taken from SerNet packages) + * Update copyright and README.debian information for current and past + maintainers. Remove redundant mention of Tridge (the copyright is enough) + * Add doc-base files for samba-doc-pdf. Closes: #451685 + * add a soft dependency on slapd in init script to allow + proper operation when dependency-based boot sequence is enabled. + Thanks to Petter Reinholdtsen for reporting and providing a patch + Closes: #478800 + * Rename libcupsys2-dev to libcups2-dev in build dependencies + * Localize SWAT in German. Closes: #487681 + + [ Debconf translations ] + * Merged from unstable: + * Kurdish. Closes: #480151 + * Romanian updated. Closes: #488709. + + [ Steve Langasek ] + * New upstream release + * Merged from unstable: + * debian/patches/no-unnecessary-cups.patch: don't try to connect to a + cups server when we know that no printers are configured. + Closes: #479512. + + [ Jelmer Vernooij ] + * Merged from unstable: + * Fix bashism in smbtar. (Closes: #486056) + + [ Peter Eisentraut ] + * Merged from unstable: + * Removed myself from Uploaders + + -- Christian Perrier <bubulle@debian.org> Sun, 06 Jul 2008 09:59:07 +0200 + +samba (2:3.2.0~rc2-1) experimental; urgency=low + + [ Christian Perrier ] + * New upstream release + + [ Steve Langasek ] + * Enable building of cifs.spnego for the smbfs package, adding a + build-dependency on keyutils-dev, to allow kerberos-based authentication + of cifs mounts. Closes: #480663, LP: #236830. + + -- Christian Perrier <bubulle@debian.org> Thu, 12 Jun 2008 17:17:38 +0200 + +samba (2:3.2.0~rc1-2) experimental; urgency=low + + * Reupload to experimental. Sigh. + + -- Christian Perrier <bubulle@debian.org> Sat, 31 May 2008 11:08:14 +0200 + +samba (1:3.2.0~rc1-1) unstable; urgency=low + + * New upstream version + * debian/samba-doc.doc-base.samba-using: index file is no named toc.html + + -- Christian Perrier <bubulle@debian.org> Fri, 30 May 2008 20:22:57 +0200 + +samba (1:3.2.0~pre3-1) experimental; urgency=low + + * New upstream version + * debian/patches/fix-manpage-htmlchars.patch: dropped as fixed upstream + * docs/registry removed from samba-doc as missing from upstream tarball + (upstream bug #5421) + * debian/samba-doc.doc-base.samba-using: The index (and only) file + is now book.html + + -- Christian Perrier <bubulle@debian.org> Sat, 26 Apr 2008 08:20:21 +0200 + +samba (1:3.2.0~pre2-2) experimental; urgency=low + + [ Christian Perrier ] + * Upload to experimental with an epoch as the earlier version + accidentally went to unstable. + + [ Peter Eisentraut ] + * Removed myself from Uploaders + + -- Christian Perrier <bubulle@debian.org> Sun, 06 Apr 2008 20:38:35 +0200 + +samba (3.2.0~pre2-1) unstable; urgency=low + + * New upstream (pre-)release. It closes the following bugs: + - typos in net.8. Closes: #460487, #460491 + - mention insmb.conf(5) that logging still occurs when + "syslog only" is enabled and "syslog=0". Closes: #311300 + - bad link in HTML docs. Closes: #358479 + - enhance a useless and confusing debug message in pdb_ldap + Closes: #448546 + - mention the correct default debug level in smbclient(1) + Closes: #292371 + - no longer mention that "ip" parameter can use the host name + in mount.cifs(8). Closes: #296057 + - wrong spelling of "its own" in source comments fixed + Closes: #448686 + - fix "ldapsam_getgroup: Did not find group" debug message + Closes: #448546 + - fix smbclient(1): useless use of cat. Closes: #429349 + + [ Steve Langasek ] + * debian/patches/fix-manpage-htmlchars.patch: patch all the manpages from + 3.2.0pre2, which ended up with html entity encodings embedded in them + by mistake. This patch is expected to go away again for 3.2.0pre3. + * fix up the FHS patches for the new upstream release: + - debian/patches/fhs-newpaths.patch has been merged upstream, drop it. + - debian/patches/fhs-filespaths.patch has been mostly applied; only one + path usage remains inconsistent, and a new .tdb has been added with + the wrong path so fix this up here too. + - debian/patches/fhs-filespaths-debatable.patch: updated for some new + uses of lock_path() which we map to cache_path(). + - debian/patches/fhs-assignpaths.patch: patch source/m4/check_path.m4 + instead of source/configure.in. + * debian/patches/smbstatus-locking.patch: merged upstream + * debian/patches/smbpasswd-syslog.patch: updated to account for new + calls to logging functions + * Handle the new libraries available in samba 3.2: ship libwbclient as a + shared library, link against the system libtalloc (adding a + build-dependency on libtalloc-dev - which is actually sort of kludgy + because this only works as long as the system libtalloc has the same + soname as the one within the samba tree, this should be fixed to + properly build against the system libtalloc), and suppress generation + of the tdb and netapi libraries which aren't useful to us right now. + + -- Christian Perrier <bubulle@debian.org> Wed, 05 Mar 2008 22:45:28 +0100 + +samba (2:3.0.31-1) unstable; urgency=medium + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Sat, 12 Jul 2008 16:57:09 +0200 + +samba (2:3.0.30-4) unstable; urgency=low + + [ Christian Perrier ] + * Rename libcupsys2-dev to libcups2-dev in build dependencies + * Localize SWAT in German. Closes: #487681 + + [ Jelmer Vernooij ] + * Fix bashism in smbtar. (Closes: #486056) + + [ Jamie Strandboge ] + * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly + calculate buffer sizes. This bug was introduced in the fix for + CVE-2008-1105. Closes: #488688 + + [ Debconf translations ] + * Romanian updated. Closes: #488709. + + -- Christian Perrier <bubulle@debian.org> Sun, 06 Jul 2008 11:43:53 +0200 + +samba (2:3.0.30-3) unstable; urgency=low + + [ Christian Perrier ] + * add a soft dependency on slapd in init script to allow + proper operation when dependency-based boot sequence is enabled. + Thanks to Petter Reinholdtsen for reporting and providing a patch + Closes: #478800 + + [ Steve Langasek ] + * debian/patches/no-unnecessary-cups.patch: don't try to connect to a cups + server when we know that no printers are configured. Closes: #479512. + + -- Christian Perrier <bubulle@debian.org> Tue, 10 Jun 2008 21:03:51 +0200 + +samba (2:3.0.30-2) unstable; urgency=high + + * Brown paper bag releae with epoch increased after yet another + accidental upload of 3.2.0 to unstable. Sigh and apologies to + autobuilders. + + -- Christian Perrier <bubulle@debian.org> Sat, 31 May 2008 12:08:50 +0200 + +samba (1:3.0.30-1) unstable; urgency=high + + * New upstream release: fix a heap overflow when parsing SMB responses in + client code. (CVE-2008-1105). Closes: #483410 + + -- Christian Perrier <bubulle@debian.org> Wed, 28 May 2008 22:38:44 +0200 + +samba (1:3.0.29-1) unstable; urgency=low + + * New upstream release + + -- Christian Perrier <bubulle@debian.org> Thu, 22 May 2008 07:31:55 +0200 + +samba (1:3.0.28a-3) unstable; urgency=low + + * The "bug hunting at SambaXP" release + * Drop "invalid users = root" from the default smb.conf file + as it differs from upstream's behaviour and upstream is fairly + noisy about this choice of ours. Closes: #462046 + * Drop commented "guest account = nobody". This is already upstream's + default + * Remove versioned Build-Depends when satisfied in etch (actually all + versioning in Build-Depends) + * Remove Conflicts with non-existing packages + * Drop dpkg-dev and binutils from Build-Depends, since the versioned + build-dep is no longer needed and these are both Build-Essential + * Mini-policy for settings in smb.conf: + - don't explicitly set settings to their default value + - commented settings with the default value are commented with "#" + - commented settings with a non-default value are commented with ";" + * Apply this policy to "socket options". Closes: #476104 + * No longer gratuitously use /usr/lib/libsmbclient.so.0.1 but a more logical + libsmbclient.so.0 as upstream doesn't assign versions + * Add idmap_*(8) man pages (idea taken from SerNet packages) + * Create the entire set of directories needed by clients for + Point-and-Click printing (including old clients!) in + /var/lib/samba/printers (idea taken from SerNet packages) + * Update copyright and README.debian information for current and past + maintainers. Remove redundant mention of Tridge (the copyright is enough) + * Add doc-base files for samba-doc-pdf. Closes: #451685 + * Kurdish debconf translation. Closes: #480151 + + -- Christian Perrier <bubulle@debian.org> Wed, 16 Apr 2008 23:14:46 +0200 + +samba (1:3.0.28a-2) unstable; urgency=low + + [ Peter Eisentraut ] + * Removed myself from Uploaders + + [ Steve Langasek ] + * debian/patches/manpage-encoding.patch: fix up the manpage synopses to + not use embedded iso8859-1 non-break spaces, there is a roff escape + sequence that we should use instead. Closes: #470844. + + [ Christian Perrier ] + * Reupload with an epoch to supersede an accidental upload of 3.2.0 + in unstable + + -- Christian Perrier <bubulle@debian.org> Sat, 05 Apr 2008 11:59:23 +0200 + +samba (3.0.28a-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream release. This fixes the following Debian bugs: + - Prevent nmbd from shutting down when no network + interfaces can be located. Closes: #433449 + * Debian patches dropped as applied upstream: + - make-distclean.patch + - linux-cifs-user-perms.patch + - cifs-umount-same-user.patch + - get_global_sam_sid-non-root.patch + - chgpasswd.patch + - cups.patch + * Fix doc-base section from Apps/Net to Network + * Fix copyright in debian/copyright + * Updated Standards-Version to 3.7.3 (no changes needed) + * [Lintian] No longer use -1 revision for the libacl-dev build + dependency + + [ Steve Langasek ] + * Merge smb.conf changes from Ubuntu: + - correct an inconsistency inthe winbind enum comment + - correct default and example settings to use the canonical names for all + options, rather than historical synonyms + - clarify the comment for 'max log size'. + Thanks to Chuck Short and Richard Laager. + * Add an additional sed command to samba-common.postinst to cleverly + pick up any shares that have been appended to the default smb.conf + and exclude them from the ucf diff. + + -- Christian Perrier <bubulle@debian.org> Fri, 14 Mar 2008 21:28:16 +0100 + +samba (3.0.28-4) unstable; urgency=low + + [ Steve Langasek ] + * Brown paper bag: fix samba-common.files to list all of the smb.conf + templates, not just the current one. Closes: #470138. + * Drop debian/patches/gcc42-arm-workaround.patch, which should have been + dropped in the previous upload + + -- Steve Langasek <vorlon@debian.org> Sun, 09 Mar 2008 04:09:26 -0700 + +samba (3.0.28-3) unstable; urgency=low + + * Drop the arm optimization workaround, as the compiler is now reported + to be fixed. + * Add missing eventlogadm(8) manpage. + * Refresh the list of Linux architectures from type-handling, to pick up + libacl-dev on armel. Closes: #465121. + * Convert handling of smb.conf to use ucf, so that we can sanely manage + syntax changes going forward. + * In the process, fix the dhcp handling to allow proper reconfiguration + via debconf. + + [ Debconf translations ] + * Indonesian added. Closes: #469976 + + -- Steve Langasek <vorlon@debian.org> Sat, 08 Mar 2008 17:11:16 -0800 + +samba (3.0.28-2) unstable; urgency=low + + [ Steve Langasek ] + * Drop some further code in samba-common.postinst that's specific to + pre-3.0 upgrades. + * Make the mount.smbfs wrapper a bash script instead of a POSIX sh script, + so we can use bash array variables and cope with arguments containing + embedded spaces (such as share names). Thanks to Julian Gilbey + <jdg@debian.org> for the patch. Closes: #457105. + * debian/patches/gcc42-arm-workaround.patch: work around an arm compiler + problem by building rpc_parse/parse_prs.o with -O0 on this architecture. + Thanks to Martin Michlmayr for helping to pin down the problem file. + Closes: #445566. + * mount.smbfs: map the smbfs "guest" option to "guest,sec=none", which is + a closer approximation of the semantics with cifs. + + -- Christian Perrier <bubulle@debian.org> Sat, 05 Jan 2008 09:46:06 +0100 + +samba (3.0.28-1) unstable; urgency=high + + * New upstream release. Security fix + * Fix a remote code execution vulnerability when running as a domain + logon server (PDC or BDC). (CVE-2007-6015) + + -- Christian Perrier <bubulle@debian.org> Tue, 11 Dec 2007 00:12:11 +0530 + +samba (3.0.27a-2) unstable; urgency=low + + * debian/patches/disable-weak-auth.patch: disable plaintext authentication + on the client, and lanman authentication on both client and server, by + default since these are only needed for Win9x or Samba with encrypted + passwords disabled and are potential password attack vectors. This + change is backported from Samba 3.2. LP: #163194. + * Don't build the userspace tools for the deprecated smbfs kernel driver + anymore; instead, use a shell wrapper around mount.cifs that translates + option names between the smbfs and cifs drivers. + Closes: #169624, #256637, #265468, #289179, #305210, #410075; + LP: #29413 + * debian/panic-action: detect when we're on an Ubuntu system and direct bug + reporters to Launchpad instead of to the Debian BTS. Closes: #452940. + * debian/samba.init: call log_progress_msg separately for each daemon on + stop rather than passing a second arg to log_daemon_msg, for greater + compatibility with both Debian and Ubuntu LSB initscript implementations. + Closes: #453350. + * Drop smbldap-tools to Suggests:, consistent with the textbook meaning of + recommends/suggests which is now implemented correctly in apt. + Closes: #453144. + * Get rid of the build-dependency on type-handling: + - add a new target, "update-archs", to be invoked by hand to refresh + the list of known Linux architectures for the libacl1-dev + build-dep; this avoids the clean target making changes to + debian/control + - rework the sed line so that it works in-place on debian/control, + so we can get rid of debian/control.in as well and just update + debian/control directly + Closes: #340570. + + -- Steve Langasek <vorlon@debian.org> Tue, 04 Dec 2007 18:35:29 -0800 + +samba (3.0.27a-1) unstable; urgency=low + + [ Steve Langasek ] + * New upstream release + - fix regression with smbfs clients, introduced by the security fix in + 3.0.27. Closes: #451839. + - debian/patches/cifs-umount-trailing-slashes.patch: merged upstream. + * Drop the deprecated "printer admin" example from the default smb.conf. + Closes: #451273. + * Add a *new* debian/patches/cups.patch to *enable* cups as the default + printing system, because since the original introduction of this patch + in Debian there was a regression upstream that caused cups to never be + selected as the default print system. + * Set the default value for the workgroup question to "WORKGROUP" in + samba-common.templates, not just in the template smb.conf, so that the + debconf question comes out right every time; and always treat this + as a high-priority debconf question instead of selecting the + priority based on whether there's an existing value, since there's + now *always* an existing value but the value doesn't tell us + anything meaningful about the user's preference. Closes: #451271. + * Drop some code from samba.postinst that only applies to upgrades from + pre-3.0 (i.e., pre-sarge) packages + + [ Christian Perrier ] + * Update the "built by" part of README.debian + * Remove the very outdated parts of README.debian + + -- Steve Langasek <vorlon@debian.org> Fri, 23 Nov 2007 13:04:52 -0800 + +samba (3.0.27-1) unstable; urgency=low + + * New upstream version + - fixes a remote code execution vulnerability when running nmbd as a + WINS server. (CVE-2007-5398; closes: #451385) + - fixes a buffer overflow in nmbd when running as a domain controller + during processing of GETDC logon server requests. (CVE-2007-4572) + + [ Steve Langasek ] + * fhs.patch: net usershares should also be stored under /var/lib, not under + /var/run. No transition handling in maintainer scripts, since this + feature is not activated by default. + * get_global_sam_sid-non-root.patch: avoid calling get_global_sam_sid() + from smbpasswd -L or pam_smbpass when running as non-root, to avoid a + foreseeable panic. Closes: #346547, #450738. + * usershare.patch: enable "user shares" by default in the server with a + default limit of 100, to support user shares on both upgrades and new + installs with no need to munge config files. Thanks to Mathias Gug + <mathiaz@ubuntu.com> for the patch. Closes: #443230. + * On Ubuntu, support autopopulating the sambashare group using the existing + members of the admin group; no equivalent handling is done on Debian, + because there doesn't seem to be an appropriate template group we can use + that wouldn't be considered a privilege escalation for those users. + * Update Samba to explicitly use the C locale when doing password changes, + to account for Linux-PAM's recently adopted i18n support. + Closes: #451272. + * Enforce creation of the pid directory (/var/run/samba) in the samba + init script, for compatibility with systems that use a tmpfs for + /var/run. Closes: #451270. + * debian/patches/cups.patch, debian/NEWS: drop the patch to force bsd + as the default printing system, as CUPS is now the dominant/default + printing system for Linux. + + [ Debconf translations ] + * Hebrew added. Closes: #444054 + + [ Christian Perrier ] + * Split fhs.patch into 3 separate patches to make upstream integration + easier: + - fhs-newpaths.patch: introduce new paths + - fhs-filespaths.patch: assign files to new paths + - fhs-assignpaths.patch: assign paths to FHS-compatible locations + * Compile with DNS update support. Thanks to Matthias Gug for + reporting and contributions from Launchpad's #156686 + Closes: #449422 + + -- Steve Langasek <vorlon@debian.org> Thu, 15 Nov 2007 11:46:17 -0800 + +samba (3.2.0~pre1-1) experimental; urgency=low + + * New upstream (pre-)release + + [ Steve Langasek ] + * fhs.patch: net usershares should also be stored under /var/lib, not under + /var/run. No transition handling in maintainer scripts, since this + feature is not activated by default. + * Update smbstatus-locking.patch to use db_open() instead of + tdb_open(), per upstream recommendation. + * Use talloc_strdup() and talloc_asprintf() instead of static strings in + data_path(), state_path(), and cache_path(), as suggested by Volker + Lendecke. + + [ Debconf translations ] + * Hebrew added. Closes: #444054 + + [ Christian Perrier ] + * Split fhs.patch into 4 separate patches to make upstream integration + easier: + - fhs-newpaths.patch: introduce new paths + - fhs-filespaths.patch: assign files to new paths + - fhs-filespaths-debatable.patch: assign files to new paths (part that + seems more difficult to be integrated upstream) + - fhs-assignpaths.patch: assign paths to FHS-compatible locations + + -- Christian Perrier <bubulle@debian.org> Sun, 21 Oct 2007 09:14:42 +0200 + +samba (3.0.26a-1) unstable; urgency=low + + * New upstream release. + * Remove the samba-common/unsupported-passdb debconf template and + the associated code in samba-common.postinst, that deals with pre-etch + versions transition + * Remove the samba/tdbsam template and the remaining line referencing + it (for no need) in samba.postinst. That code was removed in 3.0.23c-2 + and was dealing with pre-3.0 transitions. + + -- Christian Perrier <bubulle@debian.org> Sun, 16 Sep 2007 10:16:29 +0200 + +samba (3.0.26-1) unstable; urgency=high + + * New upstream release: security update for CVE-2007-4138: + incorrect primary group assignment for domain users using the rfc2307 or + sfu winbind nss info plugin. + + -- Christian Perrier <bubulle@debian.org> Tue, 11 Sep 2007 19:16:32 +0200 + +samba (3.0.25c-1) unstable; urgency=low + + [ Noèl Köthe ] + * new upstream released from 2007-08-20 + - added smbfs deprecation information to help and manpage + Closes: #360384 + - fixed winbind leaking file descriptors + Closes: #410663 + - fixed smbpasswd fails with errorcode SUCCESS as normal user + Closes: #155345 + + [ Christian Perrier ] + * Drop the (upstream unmaintained) python bindings (python-samba package) + * swat: turn the dependency on samba-doc to a Recommends: + Thanks to Peter Eisentraut for dealing with that issue and bringing it + back. Closes: #391742 + + -- Christian Perrier <bubulle@debian.org> Sun, 26 Aug 2007 14:57:16 +0200 + +samba (3.0.25b-2) unstable; urgency=low + + [ Steve Langasek ] + * Don't start nmbd if 'disable netbios' is set in the config. + Closes: #429429. + * missing_userspace_bugzilla999.patch: always use opt_gid and opt_uid, + set to those of the invoking user, when called as non-root. + Closes: #431661. + * Fix up fhs.patch for some new FHS regressions: + - make sure all references to winbindd_idmap.tdb look in /var/lib/samba + - make sure all references to winbindd_cache.tdb look in /var/cache/samba + - share_info.tdb belongs in /var/lib/samba; this is a regression + introduced in 3.0.23-1, so fix up this path on samba upgrade + - move the ADS "gpo" cache directory to /var/cache/samba + - move idmap_cache.tdb to /var/cache/samba, and fix up the path on + winbind upgrade + * linux-cifs-user-perms.patch: also support setting a default uid and gid + value when mount.cifs is called as non-root + * cifs-umount-trailing-slashes.patch: canonicalize mount point names when + umount.cifs is called, to avoid unnecessarily leaving entries behind in + /etc/mtab if invoked with a trailing slash in the mount point name + * cifs-umount-same-user.patch: the CIFS_IOC_CHECKMOUNT ioctl check + in umount.cifs assumed that errors would return a value > 0, when in fact + the return value on failure is -1. Correct this assumption, which was + allowing any user to unmount shares mounted by other users. + * smbpasswd-syslog.patch: Fix pam_smbpass to no longer call openlog() + and closelog(), since this will interfere with syslogging behavior + of the calling application. Closes: #434372. + * swat should depend only on inet-superserver, not update-inetd, per + Marco d'Itri. + + [ Christian Perrier ] + * debian/panic-action: bail out if there's no "mail" command + Patch from the Ubuntu samba packagers. + * debian/smb.conf: use the comment from Ubuntu package for the "valid users" + setting of [homes] as a basis for ours. Ubuntu's wording is better. + + [ Peter Eisentraut ] + * Don't ignore errors from make distclean, as per lintian check + + [ Debconf translations ] + * Gujarati updated. Closes: #436215 + + -- Steve Langasek <vorlon@debian.org> Fri, 17 Aug 2007 18:38:58 -0700 + +samba (3.0.25b-1) unstable; urgency=low + + * New upstream version + * Bugs fixed upstream: + - correct default mentioned for "store dos attribute" in smb.conf(5) + Closes: #367379 + - fix typo in pdbedit.c. Closes: #421758 + - fixed crashes in idmap_rid. Closes: #428411 + - misleading documentation in smb.conf(5). Closes: #218477 + - don't crash when no eventlog names are defined in smb.conf + Closes: #424683 + - typography errors in manpages. Closes: #427865, #418811 + - fix compilation and linking of pam_smbpass.so. Closes: #430755 + * Drop patches that have been applied upstream: + - nmbd-signalling.patch + + -- Christian Perrier <bubulle@debian.org> Wed, 27 Jun 2007 15:12:13 +0200 + +samba (3.0.25a-2) unstable; urgency=low + + [ Debconf translations ] + * Danish updated. Closes: #426773 + + [ Christian Perrier ] + * Clean out some remaining cruft that is not deleted + by "make clean". Taken from Ubuntu patches. + * Add missing userspace patches to properly pass uid and gid with 2.6 + kernels. See #408033 and upstream's #999 for rationale + * Drop smbmount-unix-caps.patch as workaraound for #310982 as the issue + is fixed in 2.4 and 2.6 kernels (2.6 kernels need + missing_userspace_bugzilla999.patch, though) + Closes: #408033 + * Add the samba-common and winbind packages to samba-dbg to get + debugging symbols for winbindd, net, etc. + * Replace all occurrences of ${Source:Version} by ${$binary:Version} in + dependencies. All these were Arch:any depending on Arch:any (the only + Arch:any depending on Arch:all already used ${source:Version} + + [ Steve Langasek ] + * Update samba.config to not override user preference on passdb.tdb + creation after initial configuration. Closes: #350926. + * Drop the last vestiges of the unified samba.patch; this reverts the + change for bug #112195 which it's been determined has no actual security + benefits, and drops the fix for bug #106976 which is superseded + upstream. + + [ Debconf translations ] + * Vietnamese updated. Closes: #426979. + + -- Christian Perrier <bubulle@debian.org> Wed, 13 Jun 2007 15:47:06 +0200 + +samba (3.0.25a-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream version + * Bugs fixed upstream: + - password expiration loog on samba domain controllers. Closes: #425083 + - no more login on samba servers that are members of samba domains + Closes: #425680, #426002 + - users no longer have access according to their secondary groups + on shares with "force group". Closes: #424629 + * Debian packaging fixes: + - Enforce building with "--with-ads" and therefore fail + when the build can't be done with kerberos support. + Closes: #424637 + - debian/control: wrap long lines in packages' descriptions + - uncomment out use of type-handling in the clean target, because + type-handling has been fixed to support the new /usr/share/dpkg/ostable + - avoid installing extra COPYING files in /usr/share/doc/* (one was + installed along with the pcap2nbench example) + * Merge Ubuntu changes: + - use of PIDDIR instead of hardcoding it in samba.init and winbind.init + * Patches to upstream source: + - patches/fhs.patch: recreate winbindd_cache.tdb in the cache directory + instead of the lock directory. Thanks to C. K. Jester-Young for the + patch. Closes: #425640 + + [ Steve Langasek ] + * swat and samba depend on update-inetd instead of on netbase; swat also + depends on "openbsd-inetd | inet-superserver", for samba this is only a + Suggests. + + -- Christian Perrier <bubulle@debian.org> Sun, 27 May 2007 09:30:02 +0200 + +samba (3.0.25-1) unstable; urgency=high + + * New upstream version including security fixes + * Bugs fixed upstream: + - nmbd no longer segfaults on bad interface line + Closes: #265577, #386922, #359155, #366800 + - documentation issues about displaycharset. Closes: #350790 + - documentation makes it clear that case options such as + "default case" can only be set on a per-share basis. + Closes: #231229 + - all occurrences of "encypt" fixed in smb.conf(5) + Closes: #408507 + - two typos on "account" fixed in source/passdb/pdb_ldap.c and + source/utils/pdbedit.c. Closes: #402392 + - no longer panic when using the (deprecated) "only user" option + in user level security. Closes: #388282 + - CVE-2007-2444 (User privilege elevation because of a local SID/Name + translation bug) + - CVE-2007-2446 (Multiple heap overflows allow remote code execution) + - CVE-2007-2447 (Unescaped user input parameters are passed as + arguments to /bin/sh allowing for remote command + execution) + + [ Debconf translations ] + * Marathi added. Closes: #416802 + * Esperanto added. Closes: #417795. + * Basque updated. Closes: #418196. + * Wolof updated. Closes: #421636 + + [ Christian Perrier ] + * /etc/dhcp3/dhclient-enter-hooks.d/samba tests for /etc/init.d/samba + before running invoke-rc.d. Closes: #414841 + + [ Steve Langasek ] + * Comment out use of type-handling in the clean target, because + type-handling is currently broken in unstable and clean shouldn't be + editing debian/control anyway. + + -- Christian Perrier <bubulle@debian.org> Mon, 14 May 2007 10:30:15 +0200 + +samba (3.0.24-6) unstable; urgency=high + + * Arrrgh, cut'n'paste error in the regexp in the last upload, so the bug + is still present :/ Fix a missing ] in the regexp for passdb backend + checking, really-closes: #415725. + + -- Steve Langasek <vorlon@debian.org> Sat, 24 Mar 2007 03:32:46 -0700 + +samba (3.0.24-5) unstable; urgency=high + + * The "see what you get for trusting the quality of my packages, + release team? Release team, please unblock this package" release. + * High-urgency brown-paper-upload for etch-targetted fix for + regression introduced in the last version + + [ Steve Langasek ] + * Fixed the regexp used for matching broken passdb backend settings, + since we were getting false positives on *all* values. :/ The + correct match should be: one or more non-space, non-comma + characters, followed by a space or a comma, followed by zero or more + spaces, followed by one or more non-space characters. Closes: #415725. + + [ Debconf translations ] + * Nepali + * Korean; closes: #414883. + * Russian + * Arabic + * Portuguese + * Greek. Closes: #415122 + * Norwegian Nynorsk added. + * Marathi added. Closes: #416802 + + -- Steve Langasek <vorlon@debian.org> Wed, 21 Mar 2007 13:49:46 -0700 + +samba (3.0.24-4) unstable; urgency=medium + + [ Steve Langasek ] + * Documentation fix for a problem affecting upgrades from sarge: if + passdb backend is still a comma- or space-separated list after any + attempts at automatic fix-ups, throw a debconf error notifying the + user that they'll need to fix this manually. Closes: #408981. + + [ Debconf translations ] + * French + * Spanish + * Galician; closes: #414605. + * Swedish; closes: #414610. + * Brazilian Portuguese; closes: #414603. + * German; closes: #414630. + * Norwegian BokmÃ¥l; closes: #414619. + * Bulgarian; closes: #414624. + * Romanian; closes: #414629. + * Tagalog; closes: #414637. + * Khmer; closes: #381833. + * Thai; closes: #414664. + * Slovak; closes: #414665. + * Slovenian + * Simplified Chinese; closes: #414671. + * Japanese; closes: #414673. + * Hungarian; closes: #414677. + * Dzongkha; closes: #414680. + * Estonian; closes: #414679. + * Catalan + * Malayalam; closes: #414728 + * Traditional Chinese; closes: #414730 + * Turkish + * Italian; closes: #414708 + * Finnish; closes: #414736 + * Dutch; closes: #414741 + * Albanian; closes: #414778. + * Czech; closes: #414793. + + -- Steve Langasek <vorlon@debian.org> Tue, 13 Mar 2007 16:29:21 -0700 + +samba (3.0.24-3) unstable; urgency=low + + [ Christian Perrier ] + * Merge some Ubuntu changes: + - do not expose the Samba version anymore + - default workgroup set to WORKGROUP (default workgroup of + Windows workstations) + * Fix FTBFS on GNU/kFreeBSD. Thanks to Petr Salinger for the patch + Closes: #394830 + * Add commented "winbind enum*" settings in smb.conf + This will point users to these important settings which changed + their default behaviour between sarge and etch. Closes: #368251 + + [ Steve Langasek ] + * samba-common.dhcp: support creating /etc/samba/dhcp.conf the first + time the script is called if the dhcp client was already running at + the time of install, and manually reload samba to get the updated + config files read. Thanks to Bas Zoetekouw for the patch. + Closes: #407408. + * While we're at it, use atomic replace for /etc/samba/dhcp.conf just + in case someone else reloads samba while the script is running. Low + impact, low-risk change. + + -- Steve Langasek <vorlon@debian.org> Sun, 11 Mar 2007 23:34:10 -0700 + +samba (3.0.24-2) unstable; urgency=low + + * Re-upload with a proper .orig.tar.gz. + + -- Steve Langasek <vorlon@debian.org> Mon, 5 Feb 2007 19:55:34 -0800 + +samba (3.0.24-1) unstable; urgency=high + + * New upstream release, security update + * Fixes for the following security advisories: + - Directly affecting Debian: + - CVE-2007-0452 (Potential Denial of Service bug in smbd) + - Not affecting Debian: + - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind + NSS library on Solaris) + - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) + * Correct paths for the documentation pointers in the default smb.conf + file. Thanks to Ted Percival for his care reporting this. Closes: #408898 + + -- Christian Perrier <bubulle@debian.org> Mon, 5 Feb 2007 05:27:07 +0100 + +samba (3.0.23d-4) unstable; urgency=low + + * Debconf translation updates: + - Slovenian added. + + -- Christian Perrier <bubulle@debian.org> Wed, 3 Jan 2007 08:43:50 +0100 + +samba (3.0.23d-3) unstable; urgency=low + + * Debconf translation updates: + - Malayalam added. Closes: #403107 + - Tamil added. Closes: #403353 + + -- Christian Perrier <bubulle@debian.org> Mon, 1 Jan 2007 10:17:18 +0100 + +samba (3.0.23d-2) unstable; urgency=low + + * Build-Conflicts: libfam-dev to avoid problems accessing shares + when using GAMIN. Closes: #400617 + * Lintian fixes: + - Run debconf-updatepo in the clean target to ensure up-to-date PO + and POT files + - debian/patches/no_unbreakable_spaces_in_man.patch: + Replace all non-breakable spaces by regular spaces in man pages. + They are encoded in ISO-8859-1 which is not recommended in man pages. + This should be submitted upstream. + - reformat too long lines in package description + + -- Christian Perrier <bubulle@debian.org> Sun, 3 Dec 2006 09:39:29 +0100 + +samba (3.0.23d-1) unstable; urgency=low + + * new upstream release (2006-11-15) + + [ Noèl Köthe ] + * updated documentation.patch for 3.0.23d + * updated non-linux-ports.patch for 3.0.23d + * updated adapt_machine_creation_script.patch for 3.0.23d + * updated autoconf.patch for 3.0.23d + + [ Debconf translations ] + * Added Bosnian. Closes: #396634 + * Added Bulgarian. Closes: #397773 + + -- Noèl Köthe <noel@debian.org> Thu, 16 Nov 2006 13:55:26 +0100 + +samba (3.0.23c-4) unstable; urgency=low + + [ Debconf translations ] + * Added Greek. + * Added Gujarati. Closes: #394430 + * Added Korean. Closes: #394509 + * Added Nepali. + * Updated Czech (typo fixed). + * Added Wolof. Closes: #396079 + + -- Christian Perrier <bubulle@debian.org> Sun, 5 Nov 2006 09:42:40 +0100 + +samba (3.0.23c-3) unstable; urgency=low + + [ Debconf translations ] + * Updated Catalan; thanks to Guillem Jover for his help + * Updated Russian. + * Updated Spanish. Add a missing word and correct the copyright header + * Updated Vietnamese. Closes: #394164 + * Added Albanian. Closes: #393777 + * Added Chinese (Traditional). + * Added Thai. + + -- Christian Perrier <bubulle@debian.org> Sat, 21 Oct 2006 10:44:11 +0200 + +samba (3.0.23c-2) unstable; urgency=low + + [ Debconf translations ] + * Updated Swedish. Closes: #386510. + * Updated Japanese. Closes: #386534. + * Updated Italian. Closes: #386691. + * Updated Romanian. Closes: #388254. + * Updated German. Closes: #389072. + * Updated Brazilian Portuguese. Closes: #389097. + * Updated Basque. Closes: #389722. + * Updated Turkish. Closes: #390887 + * Updated Danish. Closes: #390878 + * Updated German. Closes: #390813 + * Updated Simplified Chinese. Closes: #390959 + * Updated Arabic. + * Updated Spanish. Closes: #391735 + * Updated Dutch. Closes: #392082 + * Added Slovak. Closes: #386847. + * Added Finnish. Closes: #390150. + * Added Estonian. Closes: #391102. + * Added Norwegian BokmÃ¥l. Closes: #391692 + * Added Hungarian. Closes: #391746 + + [ Steve Langasek ] + * Change the Maintainer field at last to the mailing list... gives + our spam rules some testing, in response to popular demand :) + * Check for update-inetd on purge before trying to invoke it; + closes: #388606. + + [ Peter Eisentraut ] + * Make swat binNMU-safe by using ${source:Version} for dependency on + samba-doc + * Make samba-common owner of /var/{cache,log,run}/samba, let samba and + winbind only delete files they know they're exclusive owners of. + Closes: #370718. + * Use python-central to manage installation of python-samba. + Closes: #386499. (patch by Patrick Winnertz) + * Use upstream makefile to install Python module. + * Build-Depend on python-dev instead of python-all-dev. + * Removed old upgrade support. + * Remove possibly leftover comma from "passdb backend" setting in + smb.conf on upgrade. Closes: ##383307. + * Added libpam-smbpass logcheck file by martin f krafft. + Closes: #391487, #391916. + + [ Christian Perrier ] + * Add LSB info to the init script + + -- Christian Perrier <bubulle@debian.org> Thu, 12 Oct 2006 18:31:46 +0200 + +samba (3.0.23c-1) unstable; urgency=low + + [ Christian Perrier ] + * New upstream version + * Split out samba/run_mode with "__Choices". + + [ Noèl Köthe ] + * corrected samba override disparity: + samba-dbg_3.0.23b-2_i386.deb: package says priority is optional, override says extra. + + [ Debconf translations ] + * Updated Galician. Closes: #383001. + * Updated Danish. Closes: #383025. + * Added Tagalog. Closes: #383039, #383252. + * Updated Khmer. + * Updated Arabic. + * Updated Dzongkha. Closes: #383125. + * Updated Vietnamese. Closes: #383126. + * Updated Czech. Closes: #384760. + + [ Peter Eisentraut ] + * Preseed configure result for method to detect interfaces in + debian/config.cache; the test might otherwise fail if there are no + interfaces configured at build time. Closes: #382429. + * Refined panic-action script text. Closes: #382500. + + -- Noèl Köthe <noel@debian.org> Mon, 04 Sep 2006 12:10:28 +0200 + +samba (3.0.23b-2) unstable; urgency=low + + [ Debconf translations ] + * Updated Romanian. Closes: #382358 + * Updated Dzongkha. Closes: #382448, #382948 + * Updated Basque. Closes: #382456 + * Added Simplified Chinese. Closes: #382489 + + [ Peter Eisentraut ] + * Remove no longer functioning "guest" value from "passdb backend" + setting in smb.conf on upgrade. Closes: #382296 + + [ Steve Langasek ] + * Drop code and debconf questions specific to upgrades from samba <= 2.2. + * Reword some debconf translations as discussed on the list. + * Rerun debconf-updatepo. + * Switch debian/ca.po to UTF-8. + * Restore some reverted strings for Galician, Czech, Brazilian Portuguese, + Spanish, French, Italian, Catalan, Portuguese, Russian, and Japanese. + * Update translations for Brazilian Portuguese, Spanish, French, Italian, + Catalan, and Portuguese. + + -- Peter Eisentraut <petere@debian.org> Mon, 14 Aug 2006 19:04:31 +0200 + +samba (3.0.23b-1) unstable; urgency=low + + * New upstream release + + [ Debconf translations ] + * Updated Galician. Closes: #381988 + + -- Noèl Köthe <noel@debian.org> Tue, 08 Aug 2006 22:28:00 +0200 + +samba (3.0.23a-1) unstable; urgency=medium + + * New upstream release + + * Fixes the following Debian bugs: + - winbind: panic()s when started outside of a domain context. + Closes: #337070 + - Make smbclient -L use RPC to list shares, fall back to RAP. + Closes: #168732 + - Potential hang in nmbd. Upstream bug #3779. Closes: #367472 + - Typos in "ldap group suffix" in smb.conf(5) (upstream #3780). + Closes: #367507 + - Erroneous permissions checks after 3.0.10 -> 3.0.14a + (upstream #2591). Closes: #307626 + - Anonymous memory exhaustion DoS (CVE-2006-3403). Closes: #378070 + - ImportError exception raised when trying to import samba.smb + (upstream #3567). Closes: #350050 + - Changed references from pam_pwdb to pam_unix (upstream #3225). + Closes: #206672 + - SWAT segfault (upstream #3702). Closes: #363523 + + [ Adam Conrad ] + * Fix typo in smb.conf that causes all samba apps to whine. + Closes: #369782 + * Add myself to Uploaders, on the off chance that I might upload. + + [ Debconf translations ] + * Add Galician translation of debconf templates. Closes: #361204, #369403 + * Add Basque translation of debconf templates. Closes: #375104 + * Add Romanian translation of debconf templates. Closes: #379246 + * Add Khmer translation of debconf templates. Closes: #381833 + * Add Dzongkha translation of debconf templates. + * Updated Russian. Closes: #369375 + * Updated Czech. Closes: #369408 + * Updated Japanese. Closes: #369457 + * Updated Italian. Closes: #369587 + * Updated Swedish. Closes: #369730 + * Updated Dutch. Closes: #376515 + * Updated Vietnamese. Closes: #381557 + * Updated French. + * Updated Brazilian. + * Updated Portuguese. Closes: #372632 + * Updated Arabic. + + [ Christian Perrier ] + * Add dependency on procps for samba, as ps is used in init scripts. + Thanks to Bastian Blank for reporting. Closes: #365618 + * Rewrite debconf templates to be compliant with 6.5.2 of the Developer's + Reference + * Add support for /etc/default/winbind. Closes: #262313, #374411 + Thanks to Guido Guenther for the old patch and to Jérôme Warnier + for reminding us about it. + * Compile with --with-cifsmount which is now needed to properly compile + mount.cifs and umount.cifs. See samba bug #3799 + + [ Peter Eisentraut ] + * Use debian/compat instead of DH_COMPAT + * Updated Standards-Version to 3.7.2 (no changes needed) + * Replaced libsmbclient shlibs file by dh_makeshlibs call, so the + required ldconfig calls appear in the maintainer scripts + * Adjusted debian/rules to get 3.0.23rc1 to build + * Updated to debhelper level 5 + * Rearranged dh_strip calls so that build succeeds with + DEB_BUILD_OPTIONS=nostrip. Closes: #288995 + * Create /var/spool/samba and use it as default printer spool. + Closes: #275241 + * Made winbind init script more careful about returning proper exit code + * Added winbindd_priv group as owner of winbindd_privileged directory. + Closes: #307257 + * Python transition preparations: renamed package to python-samba, + removed hardcoded references to Python version 2.3. Closes: #380939 + * Removed unwanted swat debconf warning + * Put localized swat messages into /usr/share/samba, where swat looks for + them. Closes: #376991 + + -- Peter Eisentraut <petere@debian.org> Mon, 7 Aug 2006 23:00:49 +0200 + +samba (3.0.22-1) unstable; urgency=medium + + [ Steve Langasek ] + * New upstream release + - CAN-2006-1059: fixes an information leak in logfiles of systems using + winbind with log level >= 5. + * Fix a typo in the default smb.conf (closes: #354495). + + [ Noèl Köthe ] + * replacing SMB with SMB/CIFS in the descriptions like + named on the samba.org webpage. Closes: #356335 + + -- Steve Langasek <vorlon@debian.org> Sun, 12 Mar 2006 22:40:28 +0100 + +samba (3.0.21c-1) unstable; urgency=low + + * New upstream release + * add a few logon-related parameters as good and safe + examples for *DC-type settings. Closes: #349051 + * add an example "add user script". Closes: #349050 + * drop outdated information from the smbfs package description + Closes: #352828 + + -- Christian Perrier <bubulle@debian.org> Sat, 25 Feb 2006 11:58:45 +0100 + +samba (3.0.21b-1) unstable; urgency=low + + * The "Tridge" release: celebrates the 2005 Free Software Award winner + + * New upstream release + + * Upstream bugs fixed by the new upstream release: + - Support changing expired passwords in + pam_winbindd. Closes: #258302 + - vfs_full_audit fixes for multiple connections. Closes: #348419 + - crashes of smbd in security=server mode + Closes: #346045, #346069, #350598, #351448 + + [ Peter Eisentraut ] + * Put correct paths for Debian installations into the man pages, and + remove outdated swat setup instructions therein. Closes: #321005 + * Fix lintian overrides and install them into the right packages. + * Remove swat inetd registration in remove, not purge. Closes: #313214 + * Add findsmb script. Closes: #231806 + * Fix sonames of libnss_win{bind,s}.so. Closes: #333290 + * Remove autoconf build dependency. + * Remove remnants of old patch system. + * Install smbumount setgid root. Closes: #253437 + * Add watch file. + * Activate kernel oplocks. Closes: #218511 + * Disable PIE compilation. Closes: #346416 + + [ Christian Perrier ] + * activate building of idmap_rid. Closes: #284681. + Thanks to Ubuntu patches + * activate building of idmap_ad. Closes: #341814 + * modify the long description of the libsmbclient-dev package to + avoid repeating the long description. Thanks, linda. + + [ Steve Langasek ] + * Also enable setresuid()/setresgid() on alpha and sparc now that support + for Linux 2.2 is dropped. + + -- Christian Perrier <bubulle@debian.org> Mon, 6 Feb 2006 07:02:20 +0100 + +samba (3.0.21a-4) unstable; urgency=low + + [ Peter Eisentraut ] + * Add umount.cifs. Closes: #340967 + * Really make mount.cifs and umount.cifs suid root. Closes: #340966 + + [ Christian Perrier ] + * Add "bind interfaces only" and "interfaces" options (commented) + to the default smb.conf file. Closes: #349043 + + [ Steve Langasek ] + * Add missing changes to source/include/config.h.in into the + autoconf.patch, so that samba looks for files in /var/lib/samba like it's + supposed to instead of in /var/run/samba! Closes: #349372, #349464. + + -- Steve Langasek <vorlon@debian.org> Mon, 23 Jan 2006 00:59:20 -0800 + +samba (3.0.21a-3) unstable; urgency=low + + * Add Build-Depends on quilt (>= 0.40 as we use quilt.make) + + -- Christian Perrier <bubulle@debian.org> Sat, 21 Jan 2006 23:02:32 +0100 + +samba (3.0.21a-2) unstable; urgency=low + + [ Christian Perrier ] + * Switch to quilt for patches management. Refresh all patches so + that they apply cleanly. Closes: #345557 + * debian/patches/adapt_machine_creation_script.patch: + - adapt example machine creation script to Debian. Closes: #346234 + * winbind.dirs: + - added /var/run/samba. Closes: #347585 + + [ Peter Eisentraut ] + * swat.links: + - file added. Closes: #346001 + + [ Noèl Köthe ] + * fixed typo in panic-script. Closes: #348410 + + [ Steve Langasek ] + * debian/patches/autoconf.patch: + - move changes to autogenerated files into their own patch now that we've + lost the script that was calling autogen.sh for us; this also helps + make debian/rules clean just a little bit cleaner. + * debian/patches/fhs.patch: + - fix new references to registry.tdb (closes: #348874). + - also move account_policy.tdb, perfcount, and eventlog into /var/lib/samba + where they belong + + -- Christian Perrier <bubulle@debian.org> Fri, 20 Jan 2006 14:20:35 +0100 + +samba (3.0.21a-1) unstable; urgency=low + + [ Christian Perrier ] + * *Really* make samba-doc suggest samba-doc-pdf. This change finally + did not make it in the previous release. + + [ Noèl Köthe ] + * new upstream release 3.0.21a + - removed smbsh.1 from debian/rules + - added new smbclient programm smbget (with conflict/replace + to existing Debian smbget package) + - added libsmbclient.7 to libsmbclient package + - added umount.cifs.8 to smbfs package + - added pam_winbind.7 to winbind package + - added new /usr/bin/eventlogadm to samba package which is + documented here http://www.samba.org/~jerry/Samba-EventLog-HOWTO.txt + - fixed "cd command fails in smbclient". Closes: #307535 + - fixed "file descriptor leak". Closes: #339564 + - fixed "smbclient(1) doesn't list same options as + smbclient usage statement". Closes: #154184 + - fixed "typo in smbmount.8". Closes: #260673 + - fixed "smbmount manual page doesn't have a link to + smbumount". Closes: #297535 + - fixed "smb.conf man page references non-existent + BROWSING.txt file". Closes: #316458 + - fixed "smb.conf - improve topic: hosts deny (S)". Closes: #273480 + - fixed "fails to manage groups containing spaces". Closes: #299592 + - corrected nonpic-libsmbclient.patch to apply + - corrected fhs.patch to apply + * added myself to Uploaders + * Rewording of the panic action script. Closes: #335051 + * added missing swat translation to swat package + + -- Noèl Köthe <noel@debian.org> Sun, 01 Jan 2006 12:45:33 +0100 + +samba (3.0.20b-4) unstable; urgency=low + + [ Christian Perrier ] + * Remove the smbldap-tools-* directory from the examples of samba-doc + as these tools exist as an independent package. Closes: #341934 + * Swedish debconf translation update. Closes: #342022 + * Preserve the local admin settings for run_mode in /etc/default/samba + when upgrading. Closes: #234038, #267988, #269735 + * Winbind also must depend on lsb-base. Closes: #343379 + * Enable swat in inetd when installing it and remove it when + uninstalling. Closes: #87905, #230936, #268429 + + [ Peter Eisentraut ] + * Added separate samba-doc-pdf package, suggested by samba-doc. + Closes: #281971 + * Removed duplicate documentation in swat package, symlinked to + samba-doc; swat now depends on samba-doc. Closes: #233447 + + -- Christian Perrier <bubulle@debian.org> Tue, 20 Dec 2005 17:08:20 +0100 + +samba (3.0.20b-3) unstable; urgency=low + + [ Steve Langasek ] + * Drop the FHS transition code from the samba postinst, since it's + not needed for upgrades from sarge (and most of it not for upgrades + from woody). + + [ Noèl Köthe ] + * libpam-smbpass dependency on samba-common + Closes: #297923 + * Updated swedish debconf translation. Closes: #335784 + * Added Recommends: smbldap-tools. Closes: #227675 + + [ Peter Eisentraut ] + * Added doc-base support. Closes: #55580 + * Fixed dh_installexamples call so the debian/*.examples files are + actually used. + * Patched libpam-smbpass README to refer to examples directory. + Closes: #215771 + + [ Christian Perrier ] + * Add a working passwd chat line to the default smb.conf file + Closes: #269746 + * Add the profiles binary and man page to the shipped files. Closes: #225494 + * Add a dependency on samba-common for winbind and force versions to match + Closes: #273007, #264855 + * Add /var/log/samba to winbind directories. Closes: #340833 + * Lintian cleaning: + - Add a few lintian overrides to avoid lintian complaining + for things done on purpose or just because it makes wrong assumptions + - Corrected FSF address in debian/copyright + - Make swat depend on netbase as it uses update-inetd in its postinst + script + - Correct shebang lines in config scripts + - Remove an extra copy of the GPL in smbldap-tool examples in samba-doc + - Minor correction in libsmbclient-dev description to avoid strictly + repeating the short description in the long description + - Call confmodule in swat.postinst as this is the only way to guarantee + that the config script is run in all cases + + -- Christian Perrier <bubulle@debian.org> Sat, 3 Dec 2005 07:30:40 +0100 + +samba (3.0.20b-2) unstable; urgency=low + + * Don't build with -gstabs any more; -g no longer gives a problematic + size hit, and -gstabs is no longer supported on ia64. + + -- Steve Langasek <vorlon@debian.org> Wed, 19 Oct 2005 19:02:44 -0700 + +samba (3.0.20b-1) unstable; urgency=low + + * Christian Perrier: + - Debconf translations: + - Added Vietnamese. Closes: #317876 + - Updated German. Closes: #322907 + * Steve Langasek: + - Use ${misc:Depends} in debian/control instead of depending on + debconf directly, allowing use of cdebconf as an alternative. + Closes: #332088. + * Noèl Köthe + - corrected libsmbclient priority to optional. Closes: #310045 + - corrected the path of ServerType.html in smb.conf. Closes: #296500 + - updated Standards-Version to 3.6.2 (no changes needed) + - added homepage to description + - switched init scripts (samba and winbind) to lsb-functions + (took patches from ubuntu) + - added Swedish. Closes: #331437 + - removed outdated "guest" value in "passdb backend" in default smb.conf + Closes: #289519 + - moved smbpasswd(5) to samba-common where the binary and smbpasswd(8) + is; Replaces: all previous versions of samba. Closes: #253603 + - new upstream release 3.0.20b (from 2005-10-13). Closes: #324515 + - support for Windows Vista. Closes: #323489 + - Mac OS Tiger Problem fixed. Closes: #309836 + - BUG 2688: re-implement support for the -P (--port) option. + Closes: #307746 + - "man smb.conf" warnings fixed. Closes: #266320 + - testprns removed by upstream so removed in samba.files + - corrected docs/*.pdf names (samba-doc.docs) + - corrected diagnosis.html path (samba.docs) + - removing patches which are included upstream: + dos7-xcopy-always-copies-files.patch + (* BUG 2622: Remove DPTR_MASK as it makes no sense.) + hide-special-file-fix.patch + (* Hide dot files and directory logic fixes.) + rap-printing-bigendian.patch + (* BUG 1998: Correct byte ordering bug when storing + 16-bit RAP print job ids.) + smbclient-vfat-loop.patch + smbclient-vfat-loop2.patch + (* BUG 2698: Fix infinite listing loop in smbclient + caused by an invalid character set conversion.) + - fixed the following patches which didn't applied cleanly + fhs.patch + non-linux-ports.patch + + -- Steve Langasek <vorlon@debian.org> Tue, 18 Oct 2005 19:02:21 -0700 + +samba (3.0.14a-6) unstable; urgency=low + + * Use DEB_HOST_ARCH_OS instead of DEB_HOST_GNU_SYSTEM to detect + Linux in debian/rules, for compatibility with dpkg-dev >= 1.13.9; + add a versioned build-depend accordingly. Closes: #315955 + * Switch to libreadline5. + + -- Steve Langasek <vorlon@debian.org> Fri, 1 Jul 2005 00:13:12 -0700 + +samba (3.0.14a-5) unstable; urgency=low + + * Fix libsmbclient.a to be built as non-PIC instead of PIC. + Closes: #279243. + + -- Steve Langasek <vorlon@debian.org> Wed, 8 Jun 2005 05:46:52 -0700 + +samba (3.0.14a-4) unstable; urgency=high + + * Last-minute upload for sarge, because I don't listen to anything + that RM guy says + * Patch smbmount to strip CAP_UNIX out of the capabilities passed to + the kernel when uid, gid, dmask, or fmask options have been + specified; this keeps the mount permissions from changing out from + under the user when upgrading to a server (or to a kernel) that + supports unix extensions. Closes: #310982. + * Second patch to smbclient search continuation logic, from upstream: + preserve the original UCS2 filename to guard against lossy + conversions, and break out if we find ourselves looping. + Closes: #311157. + * Upstream fix to make print job cancellations work on big-endian + systems when talking to RAP-style clients (i.e., smbclient). + Closes: #311213. + * Add build-dependency on libpopt-dev, so that we consistently use the + system popt lib instead of the bundled one. + + -- Steve Langasek <vorlon@debian.org> Thu, 2 Jun 2005 07:02:46 -0700 + +samba (3.0.14a-3) unstable; urgency=high + + * Urgency set to high for a bug that makes smbclient/libsmbclient + /almost/ mostly unusable + * Fix smbclient's search continuation logic so that it works correctly + against 2K servers offering VFAT-hosted shares; many thanks to + Jeremy Allison for the timely upstream fix. Closes: #309798. + * Update pt_BR debconf translation. Thanks to Andre Luis Lopes + <andrelop@debian.org>. (closes: #308510) + * Add Russian debconf translation, thanks to Yuriy Talakan + <yt@amur.elektra.ru>. (closes: #310063) + + -- Steve Langasek <vorlon@debian.org> Thu, 26 May 2005 23:37:57 -0700 + +samba (3.0.14a-2) unstable; urgency=low + + * Point the sense of the file_is_special() check right way around; + thanks to Matthijs Mohlmann for catching this. Closes: #305747. + * debian/patches/dos7-xcopy-always-copies-files.patch: + Fix the MS-DOS 7 XCOPY copying files over and over bug + Closes: #309003 + * Steve Langasek <vorlon@debian.org>: + - Add Christian Perrier to Uploaders:. Thanks, Christian :) + + -- Steve Langasek <vorlon@debian.org> Sun, 8 May 2005 04:43:21 -0700 + +samba (3.0.14a-1) unstable; urgency=low + + * New upstream version + - A more complete upstream fix for missing files in file listings, + should really give us working (closes: #302771); drop + xp-missing-files.patch, which has been superseded. + * Use the right path when removing mount.cifs binary in the clean + target. Closes: #303318. + + -- Steve Langasek <vorlon@debian.org> Mon, 18 Apr 2005 03:22:29 -0700 + +samba (3.0.11-1) unstable; urgency=high + + * New upstream version + - Fixes duplicated entry in swat(8) manpage (closes: #292957). + - Fix queue handling so that processes serving print clients don't + spin off into infinity and clobber the system (closes: #274969). + - Make sure we use C-locale toupper/tolower functions for case + conversion, since Turkish pairing rules are incompatible + (closes: #286174). + * Fix logrotate script to exit true instead of false when nmbd.pid is + missing (closes: #287263). + * Added Portuguese debconf translation. Thanks to Miguel Figueiredo + <elmig@debianpt.org>. (closes: #286375) + * Added Italian debconf translation. Thanks to Luca Monducci + <luca.mo@tiscali.it>. (closes: #284125) + * Add support for building on the Debian BSD and Hurd ports; thanks to + Robert Millan for the patch. (closes: #266693) + * debian/patches/xp-missing-files.patch: import patch from upstream to + fix missing entries in directory listings when talking to WinXP + servers (closes: #297771). + + -- Steve Langasek <vorlon@debian.org> Wed, 23 Mar 2005 00:13:16 -0800 + +samba (3.0.10-1) unstable; urgency=high + + * New upstream release. + - CAN-2004-1154: integer overflow can lead to remote code execution + by authenticated users; closes: #286023. + * High-urgency upload for sarge-targetted RC bugfix. + * Sync the fhs.patch to samba 3.0.10. + * Install mount.cifs suid root, to make user mounts possible + (closes: #283819). + * debian/patches/cups.patch: Change the default printing system, so we + can compile in CUPS support without making it the default -- CUPS is + not a reasonable default on Debian, at least for sarge. + + -- Steve Langasek <vorlon@debian.org> Fri, 17 Dec 2004 11:56:01 -0800 + +samba (3.0.9-1) unstable; urgency=low + + * New upstream release + - Fixes Win9x printing; closes: #283530, #282571, #283818. + - Fixes a problem with setting dosmodes on filesystems without ACL + support; closes: #283661. + - Drop ldapsam_compat.patch, redundant now that a fix is integrated + upstream + + -- Steve Langasek <vorlon@debian.org> Thu, 2 Dec 2004 01:11:39 -0800 + +samba (3.0.8-2) unstable; urgency=low + + * Fix the module paths for python2.3-samba so that "import foo from samba" + works, and include the __init__.py glue; closes: #222867). + * Enable quota support; closes: #246839. + * Fix missing symbols in libsmbclient (and libnss_wins), and add + -Wl,-z,defs to the libsmbclient link options to prevent future + instances of undefined symbols (closes: #281181). + * Fix for the legacy ldapsam_compat backend; thanks to Fabien + Chevalier for the patch (closes: #274155). + + -- Steve Langasek <vorlon@debian.org> Mon, 15 Nov 2004 06:54:13 -0800 + +samba (3.0.8-1) unstable; urgency=high + + * New upstream package. Urgency set to "high" because of a potential + Denial of Service vulnerability in previous 3.0.x releases + (CAN-2004-0930). (Eloy) + * Introduce new -dbg package, so we can make better sense out of the + cleverly-supplied backtrace emails. (Vorlon) + * Applied patch from Luke Mewburn <luke@mewburn.net> to fix missing + lock_path() to state_path() change in the FHS patches. (Eloy) + + -- Eloy A. Paris <peloy@debian.org> Mon, 8 Nov 2004 13:39:34 -0500 + +samba (3.0.7-2) unstable; urgency=high + + * High-urgency upload for sarge-targetted RC fixes. + * Use autogen.sh in unpatch-source as well as in patch-source, to get + rid of the autom4te.cache cruft. + * debian/patches/make-distclean.patch: add some missing files to the + distclean target in source/Makefile.in (mostly-fixes: #276203). + * Change compile-time default of 'use sendfile' to 'no', since the + current Samba implementation is broken (closes: #261917, #275741, + #270175). + * Add mount.cifs into the smbfs package; thanks to Igor Belyi for + showing us just how simple this patch should be. ;) Since cifs is + the preferred kernel driver in 2.6, bugs related to smbfs and 2.6 + are considered closed unless someone can show that they exist with + the cifs driver as well (closes: #249890, #269443, #227791, #236869, + #260707, #261808, #270175). + * Fix FHS migration code so that it only affects upgrades from old + package versions, and doesn't cause us to mess with non-standard + directories that may have been re-added by the admin + (closes: #251858). + + -- Steve Langasek <vorlon@debian.org> Tue, 26 Oct 2004 01:35:23 -0700 + +samba (3.0.7-1) unstable; urgency=high + + * New upstream release. This release fixes two possible denial of + service conditions; one in nmbd and one in smbd. The CVE numbers + for these vulnerabilities are: + + CAN-2004-0807 for the smbd DoS + CAN-2004-0808 for the nmbd DoS + + Urgency is set to "high" because of these vulnerabilities; so this + new release propagates to testing ASAP. + + Thanks to the Samba Team and the Debian Security Team for the + heads up. + * Remove post-3.0.6 patches that are now in 3.0.7. + + -- Eloy A. Paris <peloy@debian.org> Mon, 13 Sep 2004 00:53:38 -0400 + +samba (3.0.6-4) unstable; urgency=low + + * Update LDAP schema (closes: #269797). + * Applied a couple of upstream fixes that will be present in Samba 3.0.7. + + -- Eloy A. Paris <peloy@debian.org> Tue, 7 Sep 2004 15:28:42 -0400 + +samba (3.0.6-3) unstable; urgency=low + + * Put libsmbclient where it belongs, in /usr/lib. (closes: #267704) + + -- Eloy A. Paris <peloy@debian.org> Wed, 25 Aug 2004 01:58:37 -0400 + +samba (3.0.6-2) unstable; urgency=low + + * Added Danish debconf translation. Thanks to Claus Hindsgaul + <claus_h@image.dk>. (closes: #232884) + + -- Eloy A. Paris <peloy@debian.org> Mon, 23 Aug 2004 17:24:19 -0400 + +samba (3.0.6-1) unstable; urgency=low + + * New upstream version. + * Incorporate Turkish debconf translation; thanks to Recai Oktas + <roktas@omu.edu.tr>. (closes: #252031) + * Update pt_BR debconf translation. Thanks to Andre Luis Lopes + <andrelop@debian.org>. (closes: #208113) + + -- Eloy A. Paris <peloy@debian.org> Mon, 23 Aug 2004 12:34:44 -0400 + +samba (3.0.5-2) unstable; urgency=high + + * Patches from Fabien Chevalier <fabien.chevalier@supelec.fr> + to fix: + + libnss_wins crashes other programs (closes: #252591) + + Can't list share files/dirs, but can acces deeper files/dirs + (closes: #264572) + + Samba 3.0.5 Printserver doesn't work with WinXP SP2 (closes: #265871) + * Urgency "high" to make it into testing as soon as possible since + at least #265871 is pretty bad now that WinXP SP2 has been released. + Thanks for the help Fabien! Both Vorlon and I have been very busy + lately. + + -- Eloy A. Paris <peloy@debian.org> Wed, 18 Aug 2004 13:25:41 -0400 + +samba (3.0.5-1) unstable; urgency=high + + * New upstream version. Urgency "high" because of potential buffer + overflows. The security fixes are the only difference between + 3.0.4 and 3.0.5. + + -- Eloy A. Paris <peloy@debian.org> Thu, 22 Jul 2004 08:07:36 -0400 + +samba (3.0.4-5) unstable; urgency=low + + * Doh! Build-depends on libcupsys2-dev (>=1.1.20final+cvs20040330-4), + not an unversioned libcupsys2-dev. (closes: #250523) + + -- Eloy A. Paris <peloy@debian.org> Tue, 25 May 2004 07:43:54 -0400 + +samba (3.0.4-4) unstable; urgency=low + + * Rebuilt with libcupsys2-gnutls10 for unstable. + Closes: #250424, #250483, #250491, #250515, #250523, #250592, #250736 + Closes: #250742, #250733 + + -- Eloy A. Paris <peloy@debian.org> Mon, 24 May 2004 22:32:52 -0400 + +samba (3.0.4-3) unstable; urgency=low + + * Color me stupid; I uploaded an experimental version to unstable. + + -- Eloy A. Paris <peloy@debian.org> Sat, 22 May 2004 00:40:58 -0400 + +samba (3.0.4-1) unstable; urgency=low + + Eloy: + + * New upstream version. + Closes: #247640 (New upstream version available) + Closes: #238905 (Printing crash fix) + Closes: #247090 (panic in viewing printerqueue) + + Vorlon: + + * Incorporate Catalan debconf translations; thanks to + Aleix Badia i Bosch <abadia@ica.es> and the Debian L10n Catalan Team. + (closes: #236640) + * Incorporate Czech debconf translations; thanks to + Miroslav Kure <kurem@upcase.inf.upol.cz> (closes: #236274). + * Update libsmbclient shlibs, due to an incompatibility with older + versions that prevents gnome-vfs from working correctly + (closes: #245869). + + -- Eloy A. Paris <peloy@debian.org> Fri, 21 May 2004 11:42:19 -0400 + +samba (3.0.2a-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Tue, 24 Feb 2004 10:30:47 -0500 + +samba (3.0.2-2) unstable; urgency=high + + * Apply patch from Urban Widmark <urban@teststation.com> to prevent + users from mounting remote filesystems containing suid files + (closes: 232327). This represents an exploitable security hole on + systems running Linux 2.6 kernels. + + -- Steve Langasek <vorlon@debian.org> Thu, 12 Feb 2004 21:38:40 -0600 + +samba (3.0.2-1) unstable; urgency=high + + * New upstream release. + - LaMont Jones: correct false failure LFS test that resulted + in _GNU_SOURCE not being defined (thus resulting in strndup() + not being defined) (closes: #226694) + - Segfault fixes. (closes: #230012) (maybe more, but we need bug + reporters to confirm.) + + Urgency "high" due to a password initialization bug that could grant + an attacker unauthorized access to a user account created by the + mksmbpasswd.sh shell script. See WHATSNEWS.txt for details and + workarounds for those not wishing to upgrade (which is a bad idea + anyway since this new release fixes lots of other bugs.) + + -- Eloy A. Paris <peloy@debian.org> Sun, 8 Feb 2004 10:06:29 -0500 + +samba (3.0.1-2) unstable; urgency=low + + * Include ntlm_auth's man page. + * Don't create directories outside of the source directory during + package build time. (closes: #227221, #227238, #225862) + * Don't include the "Using Samba" book in the swat package, just a + symlink that points to the book included in the samba-doc package. + + -- Eloy A. Paris <peloy@debian.org> Tue, 13 Jan 2004 13:48:13 -0500 + +samba (3.0.1-1) unstable; urgency=low + + * New upstream version (closes: #225565) + * Add support in the dhcp hook for netbios scope, and handle better + the case of multiple DHCP-using interfaces (closes: #224109). + * Use "tail -n 1 ..." instead of "tail -1 ..." so POSIX-compliant + tail works. Thanks to Paul Eggert <eggert@twinsun.com>. + * Include /usr/bin/ntlm_auth in the winbind package. + * Run configure with "--with-piddir=/var/run/samba" since the + default got changed to /var/run in this new upstream version. + + -- Eloy A. Paris <peloy@debian.org> Tue, 30 Dec 2003 16:21:31 -0500 + +samba (3.0.0final-1) unstable; urgency=low + + * It's here, it's here, it's here, Samba 3.0.0 is here! + * Incorporate Japanese debconf translations; thanks to Kenshi Muto + <kmuto@debian.org>. (closes: #209291) + + -- Eloy A. Paris <peloy@debian.org> Thu, 25 Sep 2003 13:39:28 -0400 + +samba (3.0.0beta2+3.0.0rc4-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Sat, 13 Sep 2003 08:47:56 -0400 + +samba (3.0.0beta2+3.0.0rc3-1) unstable; urgency=low + + * New upstream release. Last Release Candidate according to the + Samba Team. Samba 3.0.0 is around the corner, in a week or so. + - Fixes use of non-PIC code in nss shared libraries (closes: #208773) + - 'unix password sync' option now runs the unix password program as + root again (closes: #209739). + * One-line patch to make packages buildable with distcc (closes: #210227) + + -- Eloy A. Paris <peloy@debian.org> Tue, 9 Sep 2003 07:57:16 -0400 + +samba (3.0.0beta2+3.0.0rc2-1) unstable; urgency=low + + * New upstream release. + * Link against libgnutls7 instead of libgnutls5. (closes: #208151) + + -- Eloy A. Paris <peloy@debian.org> Tue, 2 Sep 2003 21:37:13 -0400 + +samba (3.0.0beta2+3.0.0rc1-1) unstable; urgency=low + + * New upstream version (skipped samba 3.0.0beta3 due to time + constraints.) This ugly version number will go away when the final + Samba 3.0.0 is released. + * Drag new unpackaged tools into the packages: smbcquotas (smbclient), + vfs modules (samba), smbtree(1) manpage (smbclient), tdbbackup(8) + manpage (samba). (closes: #151158) + * Switch to DH_COMPAT level 4: + - no explicit conffile listings needed + - the postinst for libsmbclient is now completely autogenerated + - use the default init script handling (with support for + invoke-rc.d) in debhelper, instead of the currently buggy upgrade + path (closes: #185439) + - add support for ${misc:Depends} in control for those packages with + init scripts + * Add versioned dependency on libpam-runtime and change + /etc/pam.d/samba to use the new common PAM config blocks. + * New python2.3-samba package (old python2.2-samba is no more.) + (closes: #206171) + + -- Eloy A. Paris <peloy@debian.org> Mon, 25 Aug 2003 17:05:14 -0400 + +samba (3.0.0beta2-1) unstable; urgency=low + + * New upstream release + - The smb.conf(5) manpage documents config options again + (closes: #197963). + - Handling of winbind/idmap has been restructured; domain members + should be able to map domain accounts to local accounts again + (closes: #196815). + - Use the locale charset for 'display charset' by default + (closes: #194406). + - Fix for segfault in smbclient when using the -b option + (closes: #196833). + - Handle an empty 'passdb backend' list gracefully (closes: #193946). + * Don't set 'display charset' anymore on upgrade, since this is now + grabbed from the locale by default -- a much better option. + * Removed time.c.patch which is now in the upstream sources. + * Update FHS patch for two new tdb files (netsamlogon_cache.tdb, + privilege.tdb). + * Remove python-linker.patch, since the Kerberos package has been + fixed to no longer use rpath + * Remove configure.patch: the hppa glibc bug this was added for is + long since fixed, and upstream isn't interested in supporting this + kludge. + * Update references to missing documentation in sample smb.conf file + (closes: #187632). + * Fix handling of krb5 link line, building on a patch from Stefan + Metzmacher <metze@metzemix.de>. + * Add patch so smbclient's tar support works with popt + (closes: #194921). + + -- Steve Langasek <vorlon@debian.org> Wed, 2 Jul 2003 20:59:09 -0500 + +samba (3.0.0beta1-2) unstable; urgency=low + + * Update build-deps to libacl1-dev (>= 2.2.11-1), libacl1 (>= 2.2.11-1) + to make sure we get the right shlib dependencies (closes: #193149). + * Update the dhcp config hooks so they're suitable for sourcing (i.e., + don't call "exit") (closes: #196477). + * Bring package into line with current policy by adding support for + the DEB_BUILD_OPTIONS flag, and enabling debugging symbols (-gstabs) + by default + * Make sure libpam-smbpass is a self-contained DSO. + * Fix a typo in samba-common.dhcp that caused us to spuriously rewrite + the server list. + * Fix python install script to ignore -Wl linker flags, as seen in the + output from the latest krb5-config. + * Add LDAP and Unicode information about upgrading from 2.2 to + README.debian. + * Remove dangerous and confusing browse options from the default + smb.conf (closes: #198804). + * Reorder smb.conf options for clearer grouping, and clarify the + comments. + * Add a default [print$] share to the sample smb.conf, and create the + necessary tree under /var/lib/samba/printers. (closes: #168173) + * s/winbind/idmap/ in smb.conf, since the option names have changed. + * Fix the patch for postexec handling, so that we chdir("/") at the + right time. + + -- Steve Langasek <vorlon@debian.org> Thu, 12 Jun 2003 15:02:00 -0500 + +samba (3.0.0beta1-1) unstable; urgency=low + + * New upstream version. + - fix for empty browselist bug (closes: #194553) + - fix for tab completion segfault in smbclient (closes: #194776) + - Samba now works as a domain member again without segfaulting + (closes: #194134, #194394, #194775) + - WinXP machines can join a Samba-controlled domain again + (closes: #195362) + * Build-depend on python-dev >= 2.2 instead of on just python-dev + (without version). + * Added Vorlon'n patch to source/lib/time.c to fix #194075. + (closes: #194075) + + -- Eloy A. Paris <peloy@debian.org> Sun, 8 Jun 2003 22:26:43 -0400 + +samba (2.999+3.0.alpha24-3) unstable; urgency=low + + * Make sure Samba DSOs are compiled with -fPIC. (closes: #194324) + * Rebuild against pristine Kerberos libs, to squelch warnings about + versioned symbols. (closes: #194431, #194396) + + -- Steve Langasek <vorlon@debian.org> Thu, 22 May 2003 15:32:00 -0500 + +samba (2.999+3.0.alpha24-2) unstable; urgency=low + + * Fixed description of the smbfs package. (closes: #194183) + * Negate the sense of the unixsam check when upgrading. (closes: #194234) + + -- Steve Langasek <vorlon@debian.org> Wed, 21 May 2003 12:21:53 -0400 + +samba (2.999+3.0.alpha24-1) unstable; urgency=low + + * New upstream version. (closes: #189354) + + -- Eloy A. Paris <peloy@debian.org> Tue, 20 May 2003 13:55:57 -0400 + +samba (2.999+3.0.alpha23-5) unstable; urgency=low + + * Move the python package from section "net" to section "python". + * Make sure we use PIC code for python on all platforms. + * French translation of an additional debconf template, courtesy of + Christian Perrier <bubulle@debian.org>. (closes: #188832) + * Updated Brazilian Portuguese translation from André LuÃs Lopes + <andrelop@ig.com.br>. + * s/unixsam/guest/ everywhere, since the unixsam backend is now + deprecated. (closes: #190095) + * Create our temp config file as /etc/samba/smb.conf.dpkg-tmp; not + only does using /tmp violate SELinux policies, it introduces the + possibility of data loss during the final copy if /tmp is a separate + filesystem. (closes: #189823) + * Pull in fix for SWAT, so that logins work again + (closes: #188255, #192077). + * Move passdb.tdb into /var/lib/samba, since it's not user-editable. + * Make sure with don't ship any .cvsignore files. + * Don't ship examples for python2.2-samba and samba-doc in an + "examples" directory inside another "examples" directory. + + -- Eloy A. Paris <peloy@debian.org> Tue, 6 May 2003 12:05:46 -0400 + +samba (2.999+3.0.alpha23-4) unstable; urgency=low + + * Instead of s/LPT1:/LPT:/, we need to do s/LPT:/LPT1:/ -- now all + non-RPC printing clients are working again. + * Change shlibs to 0 instead of 0.1. The library already in the + archive is using this soname, and there are no packages depending + on libsmbclient, so skip changing the package name for now. + (closes: #188661) + + -- Steve Langasek <vorlon@debian.org> Fri, 11 Apr 2003 14:42:00 -0500 + +samba (2.999+3.0.alpha23-3) unstable; urgency=low + + * Put the Samba Python modules in /usr/lib/python2.2/site-packages/, + not in /usr/lib/python2.2/lib-dynload/. + + -- Eloy A. Paris <peloy@debian.org> Wed, 9 Apr 2003 19:49:25 -0400 + +samba (2.999+3.0.alpha23-2) unstable; urgency=low + + * New package python2.2-samba that includes the Python modules + included in the Samba sources. Feedback on these modules and the new + package is welcome, as we (Debian Samba maintainers) don't use them. + (closes: #170731, #173322) + * Move libsmbclient-dev from section "devel" to "libdevel". + * Fix panic action script to give a sensible error message instead of + an empty backtrace when we don't have permission to attach to the + process. (closes: #188164) + * Fix libpam-smbpass so that it really does something. (closes: #178245) + * Apply patch to fix printing-related segfaults. (closes: #188076) + + -- Eloy A. Paris <peloy@debian.org> Sun, 6 Apr 2003 21:40:33 -0400 + +samba (2.999+3.0.alpha23-1) unstable; urgency=high + + * new upstream release, includes security fix for DSA-262 + * tweak the debconf templates to avoid references to specific + front-ends (closes: #183718) + + -- Steve Langasek <vorlon@debian.org> Sun, 9 Mar 2003 14:58:00 -0600 + +samba (2.999+3.0.alpha21-5) unstable; urgency=low + + * touch up the package descriptions a little bit (caps, punctuation) + * remove addtosmbpass, which snuck back in when we weren't looking + * reverse the position of the wins server tag, after looking more + closely at the code (closes: #183061) + * fix a glitch in the Spanish .po that rendered it invalid, plus a typo + * updated Brazilian Portuguese templates (closes: #183295) + * fix a typo in upstream manpage (s/shave/share/) (closes: #180546) + * run sed before we run sed, to deal with crazybad special chars + in the workgroup name (!) (closes: #176717) + + -- Steve Langasek <vorlon@debian.org> Sat, 1 Mar 2003 15:14:00 -0600 + +samba (2.999+3.0.alpha21-4) unstable; urgency=low + + * add scripts to samba-common to grab the netbios-name-servers options + if we're running a DHCP client (closes: #38413) + * major rearrangement of build scripts: install target now operates on + debian/tmp, not debian/samba, so we can see when new files are + added and decide where to put them; several files that should have + been in samba-common but were in samba (for the above reason) -- + smbcacls, -- have been moved, with a replaces: added. + * Fix rc script so that whitespace is consistent between inetd and + daemon modes (closes: #174677). + * smbclient -M must always connect to port 139, because port 445 + doesn't support messaging and we can't do the port 135 stuff yet + (closes: #175292, #167859). + * Import the diff from upstream CVS, which has fixed a few bugs + (closes: #178219, #177583, #181467, #181487, #181603, #175864). + Remove a few patches of ours which are now superseded. + * Add po-debconf support to the tree, for better i18n. + * Install the libsmbclient.so symlink in the libsmbclient-dev package, + per policy (closes: #181466). + + -- Steve Langasek <vorlon@debian.org> Fri, 27 Dec 2002 00:37:00 -0600 + +samba (2.999+3.0.alpha21-3) unstable; urgency=low + + * Drop --with-ldapsam from the configure options, since this no longer + means what we thought it did. Revert patch for changing the 'passdb + backend' defaults. + * Add patch from CVS HEAD to fix pdbedit segfault; postinst script + should work better now. (Closes: #173936) + + -- Steve Langasek <vorlon@debian.org> Sun, 22 Dec 2002 13:29:00 -0600 + +samba (2.999+3.0.alpha21-2) unstable; urgency=low + + * add CONFIGDIR to the set of directories exported in the install + target, so we don't try to write to /etc/ on the autobuilders. + * Reset the default 'passdb backend' value to something sensible, so + that we don't unnecessarily break upgrading systems (closes: #173731). + + -- Steve Langasek <vorlon@debian.org> Fri, 20 Dec 2002 09:13:00 -0600 + +samba (2.999+3.0.alpha21-1) unstable; urgency=low + + * new upstream release, many patches now incorporated upstream + + -- Steve Langasek <vorlon@debian.org> Mon, 16 Dec 2002 23:39:00 -0600 + +samba (2.999+3.0.alpha20-4) unstable; urgency=low + + * Remove obsolete comments about non-existant LDAP support in the + Debian Samba packages. (Closes: #165035) + * Apply patch for segfault in pam_smbpass when using the unixsam + backend. + * Drop support for nmbd in inetd, since it's not supported by + upstream and is reported to cause problems (closes: #23243, #137726, + 165037). + * Clarify example printing configs in smb.conf (closes: #168174). + * Make sure nmbd still responds to SIGTERM if it has no interfaces to + listen on (closes: #168079). + * Fix to get samba working again on 64-bit archs, after a + pointer<->int size mismatch bug. Already fixed in upstream CVS. + * Merge fix from CVS for broken libsmbclient.h references to internal + structures (closes: #162956). + * Add a default 'panic action' for Samba that will give us genuinely + useful debugging information after a crash. + * Fixed correct patch to example configurations in the libpam-smbpass + packages (closes: #169350). + * acl-dev is not in sid anymore; Build-Depend on libacl1-dev instead + (closes: #169682). + * Only ask the user for permission to edit if there's a chance of us + damaging something. + + -- Steve Langasek <vorlon@debian.org> Mon, 18 Nov 2002 19:53:00 -0500 + +samba (2.999+3.0.alpha20-3) unstable; urgency=low + + * Make sure smbstatus behavior is sane when Samba *has* been started, + as well as when it has not (closes: #164179). Thank to Robbert Kouprie + <robbert@radium.jvb.tudelft.nl> for this patch. + * Not using 'killall' in any of the maintainer scripts (the last one + remaining was winbind.logrotate.) We now just use 'kill' to send + a SIGHUP to a specific PID (which is stored in a file in + /var/run/samba.) + * Do not depend on procps because we're not using killall anymore. + + -- Eloy A. Paris <peloy@debian.org> Tue, 15 Oct 2002 22:15:57 -0400 + +samba (2.999+3.0.alpha20-2) unstable; urgency=low + + * fix an off-by-one error in smbd/lanman.c, which should shut off the + flood of log messages (closes: #157432) + * add a --config-cache option to the configure invocation, since + autoconf 2.5 doesn't load config.cache by default (closes: #163504) + + -- Steve Langasek <vorlon@debian.org> Sat, 5 Oct 2002 01:40:00 -0500 + +samba (2.999+3.0.alpha20-1) unstable; urgency=low + + * new upstream release + - non-primary groups appear to work again (closes: #161271) + * the official beginning of the upstream 3.0 branch + * exit without error from smbstatus when no connections have + been seen yet (closes: #161489) + + -- Steve Langasek <vorlon@debian.org> Wed, 2 Oct 2002 19:02:00 -0500 + +samba (2.999+3.0cvs20020906-1) unstable; urgency=low + + * CVS update + - domain authentication works again (closes: #158698) + * Factor out common code in samba-common.config + * Handle character set settings in smb.conf on upgrade + (closes: #153913, #158770) + * Don't use killall in logrotate script; there are better ways + (closes: #160076) + * Ignore value of 'hostname lookups' for hosts allow/hosts deny + (closes: #154376) + + -- Steve Langasek <vorlon@debian.org> Sat, 7 Sep 2002 11:46:00 -0500 + +samba (2.999+3.0cvs20020829-1) unstable; urgency=low + + * CVS update. + * Move the smb.conf manpage to the samba-common package (closes: #159572) + + -- Steve Langasek <vorlon@debian.org> Thu, 29 Aug 2002 17:53:25 -0500 + +samba (2.999+3.0cvs20020827-1) unstable; urgency=low + + * CVS update. (Closes: #158508) + * Part 1 of 3 of the library separation patch that Vorlon wrote has + gone upstream - removed the patch from our patches/ directory. + * Debconf note to warn users that their smb.conf will be re-written + and changed if they use Swat to maintain it. (Closes: #158479) + * Fixed typo in samba.prerm. + + -- Eloy A. Paris <peloy@debian.org> Tue, 27 Aug 2002 15:23:23 -0400 + +samba (2.999+3.0cvs20020825-2) unstable; urgency=low + + * scale back the tdbsam migration support, because of undesirable + side-effects; now always defaults to 'no'. + * strip out hyperactive library dependencies that are only needed by + smbd (closes: #155156). + * nuke any broken registry.tdb files left by previous CVS snapshots. + * support rolling back the smbpasswd->tdbsam conversion on downgrade, + since many people are likely to need to downgrade for a while. + * remove postrm handling of legacy directories, and add handling of + current ones. + + -- Steve Langasek <vorlon@debian.org> Sun, 28 Jul 2002 09:44:24 -0500 + +samba (2.999+3.0cvs20020825-1) unstable; urgency=low + + * CVS update. These packages are based on Samba 3.0alpha19 + any + code commited after 3.0alpha19 was released. + + -- Eloy A. Paris <peloy@debian.org> Sun, 25 Aug 2002 14:56:46 -0400 + +samba (2.999+3.0cvs20020723-1) unstable; urgency=medium + + * remove spurious line from samba.config + * migrate from smbpasswd to tdbsam + * re-add the pdbedit util and manpage + * compile in ldapsam support (closes: #146935) + * add PRIVATEDIR to the list of vars we override for the install + target, so Samba doesn't try to create /etc/samba (closes: #153746). + * fix makefile handling of LOGBASEDIR, so that logs always end up in + the right place (closes: 153727). + * Fixed bug in the FHS migration path that causes nmbd to read its + state from one location, but write it out to another. (closes: #154210) + * Make sure nmbd is always looking for wins.tdb in the same place. + + -- Steve Langasek <vorlon@debian.org> Fri, 19 Jul 2002 21:38:54 -0500 + +samba (2.99.cvs.20020713-1) unstable; urgency=low + + * first attempt for 3.0pre. + * only post a debconf note about moving logfiles if we're upgrading + from a version that had the logfiles in the old location + (closes: #152924). + + -- Steve Langasek <vorlon@debian.org> Sat, 13 Jul 2002 12:54:25 -0500 + +samba (2.2.5-2) unstable; urgency=low + + * No longer ship make_printerdef, which is deprecated. (closes: #63059) + * Clean up some empty directories from the samba package. + * Add call to dh_installinit for winbind rc.x symlinks (closes: #151860). + * Clean up per-package documentation lists, to reduce clutter + (closes: #147638). + * Make sure we don't ship pdbedit's man page since we are still using + smbpasswd passwords. (closes: #152208) + * move libnss_wins.so to libnss_wins.so.2, where glibc expects to find + it (closes: #148586). + * reorder postinst, so that installing samba-common from scratch loads + the debconf answers properly (closes: #151985). + * add lintian overrides for winbind, to eliminate some noise. + * rename pam_smbpass changelog to comply with policy. + + -- Steve Langasek <vorlon@debian.org> Sun, 23 Jun 2002 22:45:04 -0500 + +samba (2.2.5-1) unstable; urgency=low + + * New upstream release. + + -- Eloy A. Paris <peloy@debian.org> Sun, 9 Jun 2002 15:49:21 -0400 + +samba (2.2.4+2.2.5pre1-1) experimental; urgency=low + + * Getting ready for Samba 2.2.5. + * Remove patches/parse_spoolss.patch, now included upstream. + * Fixed thinko WRT POSIX ACL support, which we "half-enabled" in + 2.2.4-1. We don't use POSIX ACL support ourselves, so we'd + appreciate reports from those using this feature so we can + be sure this works. + * Fix the filename-matching algorithm used for smbtar's 'exclude' + functionality. (closes: #131571) + * Look for secrets.tdb in /var/lib/samba, and handle in the postinst. + This is not really a config file, because users don't edit it. + (closes: #147429) + * Doxygen fix for libsmbclient.h, thanks to Tommi Komulainen + <Tommi.Komulainen@iki.fi> for the patch. (closes: #144847) + + -- Eloy A. Paris <peloy@debian.org> Tue, 28 May 2002 11:33:51 -0400 + +samba (2.2.4-1) unstable; urgency=low + + * New upstream release (closes: #144713) + * Building with POSIX ACL support (closes: #137819) + * Include samples, exclude INSTALL from libpam-smbpass (closes: #145055) + * Compile with --with-automount, for NIS homedir support (closes: #123396) + * Add a proper 'flags' field to the mount entry we write to /etc/mtab; + fixes a display bug with mount (closes: #140397) + * Added logic to /etc/init.d/samba so a help message is printed out + when Samba is running from inetd _and_ we are not booting, i.e. the + user called the init script manually. Thanks to Francesco + Potorti <pot@gnu.org> for the suggestion on how to implement this. + (Closes: #139807, #140204) + * samba.postinst: added logic so we don't call /etc/init.d/samba if + we are running from inetd (this prevents the stupid help message + to be printed during package upgrades if we are running from inetd.) + * samba.prerm: idem. + * /etc/init.d/samba: delete stale PID files after nmbd and smbd are + stopped. This prevents start-stop-daemon from printing an ugly + error message when called from '/etc/init.d/samba stop'. I prefer + this than running start-stop-daemon with --oknodo because + start-stop-daemon might print other important error messages that with + --oknodo it would otherwise not print. (Closes: #102187, #109301) + * Patch from jerry@samba.org to fix parsing of spoolss structures. + + -- Eloy A. Paris <peloy@debian.org> Thu, 23 May 2002 23:16:52 -0400 + +samba (2.2.3a-7) unstable; urgency=medium + + * More README.debian updates. + * Neutralize the smb.conf 'lock dir' directive, which doesn't mean + what the FHS says it should, and causes us no end of grief. + (Closes: #122299) + * LPRng-handling patch so that jobs printed to recent versions of + LPRng show up properly as 'done' instead of 'paused' in the Windows + print queue. Thanks to Jaroslav Serdula <serdula_jaroslav@vse.sk> + for this patch. (Closes: #139458) + * Applied patch from Urban Widmark <urban@teststation.com> + (smbfs upstream maintainer) to add a '-n' option to smbmount + that does the same as mount's '-n'. (Closes: #139590) + * Minor tweak to unpatch-source so we unpatch sources in the + reverse order we patched them. + * Don't depend on grep in samba.prerm to determine if Samba was + running before the upgrade starts. + * Tweak the wording of debconf templates. + * Incorporate debconf translations for French, Spanish and Portuguese; + thanks to Carlos Valdivia Yagüe <valyag@hotpop.com> (es), + Andre Luis Lopes <andrelop@ig.com.br> (pt_BR), and Philippe + Batailler and Denis Barbier <barbier@debian.org> (fr). + (closes: #142657, #142659, #141551, #141699, #141682) + * Fixed symlinks in the swat package so the point to /usr/share/doc/ + instead of /usr/doc/. Added note to the description of the + swat packages that says that samba-doc must be installed for + the on-line documentation to work. Thanks to Torne Wuff + <torne@wolfpuppy.org.uk>. (Closes: #95437) + * 'dh_installinit -n' gives us no initscript handling -- we need to + handle all starting and stopping of daemons ourselves, which wasn't + happening in the {pre,post}rm scripts. + * Vary the priority of the debconf question "Do you want to generate + /etc/samba/smbpassd?" depending on whether the file already exists. + File exists -> priority 'medium', file does not exist -> priority + 'low'. Changed priorities of all other questions from 'high' to 'medium'. + + -- Steve Langasek <vorlon@debian.org> Sat, 20 Apr 2002 17:48:27 -0400 + +samba (2.2.3a-6) unstable; urgency=low + + * Call db_stop as soon as we're done with debconf in the postinst, to + avoid hanging bugs (closes: #137813) + * Ony call 'update-inetd --add' on first installation, just as we only + call 'update-inetd --remove' on package purge. + * Bring our shipped smb.conf closer in line with the upstream + defaults: don't twiddle the send/recv buffer sizes, since the Linux + kernel already provides a much better default setting + (closes: #80966, #80934, #137415, #133477) + * Added libnss_wins.so to the winbind package (closes: #137201) + * Updates to README.debian. + + -- Eloy A. Paris <peloy@debian.org> Tue, 12 Mar 2002 10:57:40 -0500 + +samba (2.2.3a-5) unstable; urgency=low + + * Having multiple workgroup lines in your smb.conf, though wacky, is + perfectly valid. Account for this in samba-common.config. + (closes: #137157) + + -- Steve Langasek <vorlon@debian.org> Sun, 10 Mar 2002 21:52:51 -0600 + +samba (2.2.3a-4) unstable; urgency=low + + * Fixed typo in samba.postinst. Cosmetic fixes there as well. + * Fix to improper usage of /usr/bin/tr in samba-common config script + (closes: #137744) + + -- Steve Langasek <vorlon@debian.org> Sat, 9 Mar 2002 14:14:02 -0500 + +samba (2.2.3a-3) unstable; urgency=medium + + * Make sure /etc/init.d/samba is executable before calling it + in the postinst. Quickly checked all other maintainer scripts + to make sure we are not calling an init script if it is not + executable. (closes: #137321) + * Fix up maintainer scripts to detect if samba was not running before + an upgrade. (closes: #33520, #130534) + * Make sure /etc/samba/ is included in the samba-common package. + Closes: #137157 + + -- Steve Langasek <vorlon@debian.org> Fri, 8 Mar 2002 11:13:21 -0500 + +samba (2.2.3a-2) unstable; urgency=low + + * merge in debconf support: + - Moved all smb.conf-related questions to samba-common (smb.conf + is part of the samba-common package, not the samba package.) + - smb.conf is not a samba-common conffile anymore since it is + being managed by debconf. It is ABSOLUTELY necessary to make + sure /etc/samba/smb.conf _NEVER_ gets overwritten by changes + made via debconf. In other words, any changes made by the user + should be honored by the debconf interface. + - samba.postinst now moves old log files from /var/log/ to + /var/log/samba/. There's a Debconf note that informs the user + the log files are stored now in a new location. + - debian/control: + + Make samba depend on debconf. + - New file debian/samba.templates. + - New file debian/samba.config. + - Re-worked debian/samba.postinst. + + Got rid of all /etc/samba/debian_config sillyness. + - remove /usr/sbin/sambaconfig; "dpkg-reconfigure samba" replaces + it. + - Removed debian/samba.prerm. + - Cleaned up /etc/init.d/samba. + + Added infrastructure for debconf. + + Got rid of all /etc/samba/debian_config sillyness. + + Got rid of /etc/samba/smbpasswd conversion stuff for + compatibility with versions of Samba < 2.0.0final-2. + (closes: #127959, #34408, #113594) + * make samba.postinst ignore the absence of /var/log/{s,n}mb*; + makes for a clean upgrade path. + * Building with MSDFS support (closes: #116793) + + -- Steve Langasek <vorlon@debian.org> Tue, 5 Mar 2002 14:14:33 -0600 + +samba (2.2.3a-1) unstable; urgency=low + + * New upstream version (closes: #135001) + * Potato builds were failing because debian/rules was not creating + debian/winbind/etc/logrotate.d/. A user having problems creating + Potato packages brought this to my attention. dh_installlogrotate + takes care of creating the directory for us, that's why we didn't + notice. + * Removed code that converts /etc/samba/smbpasswd from an ancient + format to the new format of Samba 2.0.0 and later. + Closes: #134375 - samba: postinst failed due to missing + /usr/bin/convert_smbpasswd. + * Re-organized FHS migration code in samba.postinst. Make sure we + don't fail when we move files that don't exist. + Closes: #133813 - samba: Install failed. + * Adding docs. to the libpam-smbpass package. + * Remove man pages for findsmb because we are not providing this + script. + Closes: #134181 - findsmb referenced, but not included. + * Removed replace.patch because it is now present upstream. + * Added patch from Jerry Carter to fix a problem when saving + document preferences for printing from NT clients. + * The real winbindd daemon is a forked process so we can't use + --make-pidfile when calling start-stop-daemon. Fixed + /etc/init.d/winbind to work around the issue. Thanks to + Lin Li <linl@xandros.com> for the patience and for reporting + the problems. Hopefully I got it right this time. + + -- Eloy A. Paris <peloy@debian.org> Wed, 20 Feb 2002 18:39:03 -0500 + +samba (2.2.3-6) unstable; urgency=low + + * Make sure there are actual files in /var/state/samba before trying + to move them (Closes: #133534, #133510). + * Fix up the 2.2.3 makefile so that pam_smbpass builds correctly + again. + + -- Steve Langasek <vorlon@debian.org> Tue, 12 Feb 2002 09:19:29 -0600 + +samba (2.2.3-5) unstable; urgency=low + + * Whoops, missed a spot on the samba.postinst -- will fail badly if + /var/state/samba/ no longer exists. Better get this fix into the + next upload. ;) (Closes: #133088) + * Regenerate configure only if it is older than configure.in. + * Fix smbd handling of network neighborhood lists, which was missed + in the FHS conversion (Closes: #133091) + + -- Eloy A. Paris <peloy@debian.org> Sat, 9 Feb 2002 16:37:57 -0500 + +samba (2.2.3-4) unstable; urgency=low + + * FHS cleanup; files in /var are now properly sorted according to + their nature. (Closes: #102101) + * Remove patches to source/configure, since we now call autoconf to + regenerate this file cleanly. + * lintian fixes: + - Create winbind.conffiles and add /etc/logrotate.d/winbind and + /etc/init.d/winbind to it. + - Use a relative symlink for /usr/lib/cups/backend/smb. + - Removal of a .cvsignore file in the samba-doc package. + * winbind.init fixes: + - Corrected name of the pid file (Steve) + - Make start-stop-daemon create a pid file for winbindd since it + does not create one on his own. + * #DEBHELPER# is not needed in samba.postinst because we are adding + manually everything that debhelper adds automatically. In fact, + since we are calling update-rc.d without standard paramaters I + think we can't use #DEBHELPER#. + * Fix fatal syntax error in samba.prerm. + + -- Steve Langasek <vorlon@debian.org> Thu, 7 Feb 2002 13:12:08 -0500 + +samba (2.2.3-3) unstable; urgency=low + + * work on lintian-cleanness in the package (wrong permissions, + maintainer scripts in need of debhelpering) + * /lib/security/pam_smbpass.so is now being included in the + libpam-smbpass package only, and not in both the libpam-smbpass and + samba packages (which was the case prior to 2.2.3-3.) + * Instead of making our patch scripts executable in the rules file + we run them through /bin/sh. + * New 'winbind' package that has all the winbind stuff that was in the + samba package in 2.2.3-2 and before. + * Added replace.patch: patch from Jeremy Allison to fix problems when + replacing or overwriting files in a Samba share. Patch was sent to + the samba mailing list. + + -- Eloy A. Paris <peloy@debian.org> Tue, 5 Feb 2002 21:12:48 -0500 + +samba (2.2.3-2) unstable; urgency=low + + * add support to debian/scripts/{patch-source,unpatch-source} for + automatic updating and cleaning of <version.h>. This was a request + from the Samba Team: they wanted us to clearly mark our packages + so it is always known a user is running Samba with (possibly) + Debian-specific patches. + * Change init.d killscript link to K19samba, so we stop before autofs + (closes: 117327) + * Make our patch scripts executable in the rules file -- dpkg won't do + this for us (closes: #132415). + + -- Steve Langasek <vorlon@debian.org> Mon, 4 Feb 2002 09:51:00 -0600 + +samba (2.2.3-1) unstable; urgency=low + + * New upstream release (closes: #131228). + * Restructured build system that provides DBS-like separation of + patches + * Fix typo in smbfs description (closes: #116209). + * Use killall -q in logrotate.d script, to avoid spurious cron + emails (closes: #130100). + + -- Steve Langasek <vorlon@debian.org> Sat, 2 Feb 2002 19:56:18 -0500 + +samba (2.2.2-12) unstable; urgency=high + + * (Steve) Patch for source/client/client.c. + Closes: #86438 smbclient: Transfering several GB causes the average + speed to be messed up. + * Uploading with urgency=high to expedite the move from unstable + to testing because of the security problem fixed in -11. + + -- Eloy A. Paris <peloy@debian.org> Fri, 25 Jan 2002 22:31:12 -0500 + +samba (2.2.2-11) unstable; urgency=low + + * Building with --with-libsmbclient. We have created two new + packages: libsmbclient and libsmbclient-dev. Hopefully this + will help some people that want to add the capability of + speaking SMB to their applications. + Closes: #117132 - libsmbclient support library? + * (Steve) Make swat do the right thing when reading (parsing) + the saved preferences in smb.conf. + Closes: #55617 swat mutilates the linpopup message command. + * Updated README.Debian. Updated descriptions in debian/control. + * Remembered to bump up version number in source/include/version.h + (need to automate this or else I'll keep forgetting.) + * (Steve) one liner for source/web/diagnose.c. + Closes: #106976 - smbd/nmbd not running message with swat/linuxconf. + * Added '|| true' to the post-rotate script so logrotate doesn't + fail if either nmbd or smbd is not running. + Closes: #127897 - /etc/logrotate.d/samba fails if there is no smbd process. + * Fixed incorrect file locations in swat's man page and added a + Debian-specific note to /usr/share/doc/swat/README. + Closes: #71586 swat: needs documentation fixes for debian. + * smbmount in the smbfs package does not have the setuid bit set. + Apparently, smbmount uses libsmb without checking the environment. + Thanks to Christian Jaeger <christian.jaeger@sl.ethz.ch> for + finding the local root exploit. + * Applied old patch from Jerry) Carter" <jerry@samba.org> to correct + the following two problems in Samba 2.2.2: + - %U and %G could not be used in services names + in smb.conf. + - %G would fail to be expanded in an "include = ..." + line. + + -- Eloy A. Paris <peloy@debian.org> Sat, 19 Jan 2002 21:35:26 -0500 + +samba (2.2.2-10) unstable; urgency=low + + * (Steve) Add missing manual pages. + Closes: Bug#128928: missing manpages in smbfs. + + -- Eloy A. Paris <peloy@debian.org> Sun, 13 Jan 2002 14:39:55 -0500 + +samba (2.2.2-9) unstable; urgency=low + + * (Steve) Fix broken URL's in HTML docs. + Closes: Bug#17741: bad links in html docs (at last!!!) + + -- Eloy A. Paris <peloy@debian.org> Fri, 11 Jan 2002 13:37:07 -0500 + +samba (2.2.2-8) unstable; urgency=low + + * Added "Replaces: samba (<= 2.2.2-5)" to the smbclient section in + debian/control so rpcclient.1, which was in samba-2.2.2-5, does not + cause problems now that it is part of smbclient (>= 2.2.2-6). Closes: + Closes: Bug#128684: error upgrading smbclient in sid. + + -- Eloy A. Paris <peloy@debian.org> Fri, 11 Jan 2002 11:42:40 -0500 + +samba (2.2.2-7) unstable; urgency=low + + * (Steve) Patch to make behavior honor what the docs. say about "hosts allow" + taking precedence over "hosts deny". + Closes: Bug#49249: swat: error with host deny ?! + + -- Eloy A. Paris <peloy@debian.org> Thu, 10 Jan 2002 12:36:58 -0500 + +samba (2.2.2-6) unstable; urgency=low + + * (Steve) Adds manpage for rpcclient to the proper file, + removes smbtorture from the distro because this tool isn't intended for + widespread consumption. + Closes: #63057 - no manual page for smbtorture. + * (Steve) Removed -gnu from the configure arguments (--build, --host) in + debian/rules so config.sub is able to properly create the host and target + tuples. + + -- Eloy A. Paris <peloy@debian.org> Wed, 9 Jan 2002 14:39:51 -0500 + +samba (2.2.2-5) unstable; urgency=low + + * Fixes from vorlon: + * Use /usr/bin/pager instead of more. + Closes: #125603: smbclient violates pager policy. + * Make /etc/logrotate.d/samba a conffile, send smbd and nmbd + a SIGHUP to have the log files reopened, fixes to + /etc/logrotate.d/samba. + Closes: #127897: log file rotation. + Closes: #118277: /etc/logrotate.d/samba not listed in conffiles. + * s/covert/convert/. + Closes: #121653 probable typo in install message. + + -- Eloy A. Paris <peloy@debian.org> Sun, 6 Jan 2002 03:14:58 -0500 + +samba (2.2.2-4) unstable; urgency=low + + * Applied patch from Steve to work around problem in glibc that affects the + HPPA architecure. The patch detects the error condition at configure time + and compiles without LFS support if necessary. + Closes: Bug#126763: samba completely broken on hppa. + * Including unicode_map.1251. + Closes: Bug#126719: samba-common: unicode_map.1251 missing. + * Updated smbd daemon version to match Debian package version. + Closes: Bug#127199: Package version and smbd daemon version don't match. + + -- Eloy A. Paris <peloy@debian.org> Mon, 31 Dec 2001 14:32:47 -0500 + +samba (2.2.2-3) unstable; urgency=low + + * Added some spaces in package description in debian/control. + Closes: #120730 - missing spaces in package description for nice + alignment. + * Spelling fixes. + Closes: #125328, #125329, #125330, #125367, #125365, #125403. + * Steve Langasek <vorlon@debian.org> is the co-maintainer of the Debian + Samba packages!!! Added him to the uploaders field in debian/control. + + -- Eloy A. Paris <peloy@debian.org> Tue, 18 Dec 2001 00:54:25 -0500 + +samba (2.2.2-2) unstable; urgency=low + + * Backed out changes to source/filename.c per Andrew Tridgell's request. + This changes were introduced in 2.2.1a-7 as an attempt to fix #47493. + Tridge found out that they break smbd. + * Changed version number in source/includes/version.h so it is clear that + this is a version of Samba packaged for Debian. This is another request from + Tridge and will help the Samba Team to get bogus bug reports. + * Added Samba-HOWTO-Collection.pdf and other README files to the + /usr/share/doc/<package>/ directories. + * Installing libnss_winbind.so and pam_winbind.so. + Closes: #116790: nss and pam modules for winbind missing. + * Removed user-emacs-settings from changelog. + + -- Eloy A. Paris <peloy@debian.org> Mon, 29 Oct 2001 19:16:26 -0500 + +samba (2.2.2-1) unstable; urgency=low + + * New upstream version. + * Temporary fix for #113763 (Steve Langasek) + * Quick hack to avoid smbmount reveal password length. Please note + that even with this hack there is a small window when password is + completely visible with 'ps aux'. There are other methods that should + be used to automate mounting of SMB shares. + Closes: #112195: smbmount-2.2.x reveals password length. + * Applied patch from Steve Langasek <vorlon@debian.org> to prevent + forcing use of setresuid() in Sparc. + Closes: #112779: samba build forces use of setresuid, which causes + smbd to fail on Sparc. + + -- Eloy A. Paris <peloy@debian.org> Mon, 15 Oct 2001 10:26:10 -0400 + +samba (2.2.1a-9) unstable; urgency=low + + * Replaced $(LD) with $(CC) all the way through source/Makefile. + Closes: #111036: ld shouldn't be used to link shlibs. + * s/\/bin\/mail/\/usr\/bin\/mail/ in smb.conf's man page (HTML and + sgml as well.) + Closes: #110963: smb.conf: mail should be /usr/bin/mail. + * Documented better smbclient's -W behavior. Patch from Steve + Langasek. + Closes: #53672: smbclient: -W flag is interpreted as domain, not + workgroup. + + -- Eloy A. Paris <peloy@debian.org> Tue, 4 Sep 2001 23:10:41 -0400 + +samba (2.2.1a-8) unstable; urgency=low + + * Set some reasonable default perms for the samba logdir (again, + thanks to vorlon :-) + Closes: #72529: insecure permissions on log files. + + -- Eloy A. Paris <peloy@debian.org> Sun, 26 Aug 2001 15:40:47 -0400 + +samba (2.2.1a-7) unstable; urgency=low + + * Another attempt at fixing #47493. Patch from Steve Langasek + <vorlon@netexpress.net>. Let's keep our fingers crossed Steve! + + -- Eloy A. Paris <peloy@debian.org> Sun, 26 Aug 2001 13:37:06 -0400 + +samba (2.2.1a-6) unstable; urgency=low + + * Backed out fix to #47493 introduced in 2.2.1a-4 as it is causing + smbd to die with signal 11 under some unidentified situations. + Closes: #109774: Latest debian version breaks printer driver download. + Closes: #109946: not all files appear in samba-exported directories. + * Another patch from Steve Langasek. This one adds quotes around + printer names for print systems it's reasonable for Debian to + support. Together with the patch in #29957 (see changelog for + 2.2.1a-4), this should take care of the problems with multi-word + printer names in Samba. + + -- Eloy A. Paris <peloy@debian.org> Fri, 24 Aug 2001 21:12:27 -0400 + +samba (2.2.1a-5) unstable; urgency=low + + * Important changes that affect how Samba is built on Debian + machines are implemented in this release. All of this changes + were suggested by the energetic Steve Langasek <vorlon@debian.org>, + and his arguments were so sound and reasonable that I decided + to implement them. Here's Steve's original changelog: + + * Fix up the build system to avoid needing to run configure + as root to answer questions we already know the answers to. + * In the process, make surprising progress towards being able to + cross-compile the samba packages. + + -- Eloy A. Paris <peloy@debian.org> Fri, 24 Aug 2001 01:08:06 -0400 + +samba (2.2.1a-4) unstable; urgency=low + + * Fixed typo in smbmount's mount page. + Closes: #109317: smbfs: mistype in smbmount manpage. + * Included symlink to smbspool to better support CUPS printing. + Closes: #109509: include symlink for cups samba support. + * Applied patch from Steve Langasek <vorlon@netexpress.net> to + fix bug #29957. + Closes: #29957: samba strips trailing " from strings in smb.conf. + * First attempt at fixing #47493. Another patch from Steve "I want + a bug-free Samba" Langasek. + Closes: #47493: Samba doesn't handle ':' in dir names right. + + -- Eloy A. Paris <peloy@debian.org> Tue, 21 Aug 2001 23:26:38 -0400 + +samba (2.2.1a-3) unstable; urgency=low + + * Steve Langasek <vorlon@netexpress.net> has been hard at work in + the last few days looking at the long list of open bugs filed + against the Samba packages. I don't know how to thank him. It's been + a pleasure working with Steve, and all the fixes, patches, etc. in + this release come from him. The bug list is greatly reduced thanks + to Steve's efforts. + * Steve's additions/modifications/patches/etc. are: + - New package that (libpam-smbpass) provides pam_smbpass. Before, this + was provided in another package but now the sources are part of + the Samba sources so we can start providing it from here. + Closes: #107043 - pam_smbpass now present in Samba source, + should be built from there + - Patch to source/smbd/service.c that allows admins to call + /bin/umount from the root postexec of a Samba share. + Closes: #40561 - samba pre/postexec commands do not work. + - Clear TMPDIR before starting smbd in /etc/init.d/samba. + Closes: #51295 - Problems with Samba and TMPDIR. + - Correction to documentation of "guest only". + Closes #38282 - "guest only" share still requires a password. + * Applied patch from Santiago Vila <sanvila@unex.es> to convert + /usr/sbin/mksmbpasswd from a shell script into a real awk script. + Sorry it took so long, Santiago; I hadn't realized you even + provided a patch :-) + Closes: #77891 - mksmbpasswd could be a real awk script. + * Updated description of the smbfs and smbclient packages. Also have + each package recommend the other. + Closes: #108650: Should suggest or recommend smbfs. + + -- Eloy A. Paris <peloy@debian.org> Mon, 13 Aug 2001 22:21:55 -0400 + +samba (2.2.1a-2) unstable; urgency=low + + * Build-depends: depend on debhelper (>=2.0.103). + Closes: #105795: Build-Depends are wrong. + * Run samba's preinst and postinst scripts without -e so failed commands + do not abort installation. + Closes: #106384: postinstall crashes abnormally. (And really closes + #104471.) + + -- Eloy A. Paris <peloy@debian.org> Thu, 26 Jul 2001 00:30:37 -0400 + +samba (2.2.1a-1) unstable; urgency=low + + * New upstream version. + * Make sure samba's postinst script exits with a zero status. + Closes: #104471: Samba postinst problem. + + -- Eloy A. Paris <peloy@debian.org> Thu, 12 Jul 2001 21:55:21 -0400 + +samba (2.2.1-1) unstable; urgency=low + + * New upstream version. + Closes: #103339: config.guess and config.sub update required. + Closes: #98518: Samba 2.2 can't act as PDC for NT4/W2K due to + incompatibility with PAM. + Closes: #97447: nmbd crashes due to bugs in DAVE 2.5.2. + Closes: #95777: Samba 2.2 is unable to join or authenticate against + Samba 2.2 PDC domain. + Closes: #68842: samba should use PAM for password changing (I + haven't personally tried this one, but it's been + advertised this works.) + Closes: #102506: PAM account checking fails. + Closes: #102518: Complains about unknown paramter "obey pam + restrictions" + Closes: #94774: Build failure on PARISC machines. + * Moved away from /etc/cron.weekly/samba for log file rotation. + Now using logrotate. + Closes: #95548: typo in /etc/cron.weekly/samba. + Closes: #74951: nmbd does not rename its log file. + * Removed Debian-specific addtosmbpass.8 man page since this script + is not longer provided upstream. Users should use the smbpasswd + program instead. + * Updated sample /etc/samba/smb.conf to reflect the recent changes + affecting handling of PAM authentication. Also updated + /etc/pam.d/samba. + + -- Eloy A. Paris <peloy@debian.org> Wed, 11 Jul 2001 00:44:14 -0400 + +samba (2.2.0.final.a-1) unstable; urgency=high + + * New upstream version (contains security fix from DSA-065-1.) + Closes: #97241: samba 2.2.0 fails to process hostnames in + "hosts allow" config line. + * Removed Debian-specific addtosmbpass.8 man page since this script + is not longer provided upstream. Users should use the smbpasswd + program instead. + Closes: #98365: addtosmbpass is missing from 2.2.0.final-2. + * Updated sample /etc/samba/smb.conf to reflect the recent changes + affecting handling of PAM authentication. Also updated + /etc/pam.d/samba. + + -- Eloy A. Paris <peloy@debian.org> Sun, 24 Jun 2001 11:11:59 -0400 + +samba (2.2.0.final-2) unstable; urgency=low + + * Added libcupsys2-dev to Build-Depends. + * Samba depends now (again) on netbase so update-inetd is always + available for the Samba maintainer scripts. + Closes: #86063: Fails to uninstall if inetd is not installed. + * Updated source/config.{sub,guess} so ARM built doesn't fail. + Closes: #94480: config.sub out of date; can't build on arm. + Closes: #85801: config.sub/guess out of date. + * Not using brace expansion, i.e. {foo,bar} in any of the maintainers + scripts nor in debian/rules. + Closes: #88007: samba postrm has is not POSIX sh compliant. + + -- Eloy A. Paris <peloy@debian.org> Sat, 21 Apr 2001 17:27:18 -0400 + +samba (2.2.0.final-1) unstable; urgency=low + + * New upstream release. Lots of new things. See WHATSNEW.txt. + * Goofy version number because of my stupidity when assigning version + numbers to the CVS packages I have been uploading to experimental. + Will be fixed when 2.2.1 is released. I've no doubts a 2.2.1 release + will follow soon. + + -- Eloy A. Paris <peloy@debian.org> Tue, 17 Apr 2001 22:58:14 -0400 + +samba (2.2.0.cvs20010416-1) experimental; urgency=low + + * CVS update. + + -- Eloy A. Paris <peloy@debian.org> Mon, 16 Apr 2001 21:25:15 -0400 + +samba (2.2.0.cvs20010410-1) experimental; urgency=low + + * CVS update. + * Added libreadline4-dev to Build-Depends. + + -- Eloy A. Paris <peloy@debian.org> Tue, 10 Apr 2001 16:53:45 -0400 + +samba (2.2.0.cvs20010407-1) experimental; urgency=low + + * CVS update. Includes what is in 2.2.0alpha3. + + -- Eloy A. Paris <peloy@debian.org> Sat, 7 Apr 2001 16:00:33 -0400 + +samba (2.2.0.cvs20010316-1) experimental; urgency=low + + * Started working on Samba 2.2.0. Using the SAMBA_2_2_0 branch + from Samba CVS. + * Not compiling rpctorture as it has compile errors. Change in + debian/rules. + * Removed Linux kernel 2.0.x and smbfs compatibility baggage. Now + the smbfs does not support 2.0.x kernels; a kernel > 2.2.x is + needed to use smbfs. Updated debian/control, debian/rules and + README.Debian to reflect this change. + * Added to swat a versioned dependency on samba (so a user is forced to + install a new version of swat each time a new version of samba is + installed.) + + -- Eloy A. Paris <peloy@debian.org> Sun, 18 Mar 2001 14:21:14 -0500 + +samba (2.0.7-5) unstable; urgency=medium + + * Transition from suidmanager to dpkg-statoverride. + + -- Eloy A. Paris <peloy@debian.org> Thu, 18 Jan 2001 23:51:56 -0500 + +samba (2.0.7-4) unstable; urgency=medium + + * Applied Urban Widmark <urban@teststation.com> fixes to smbmount. Urban + is the maintainer of the smbfs in the kernel and of the userland + utilities. + * Links to HTML documents are correct now. + Closes: #69439: swat: Broken help file symlinks + Closes: #72615: samba-doc directory changed: removed htmldocs from path + Closes: #75847: swat: Wrong symlink + Closes: #66857: Wrong links to html documents. + Closes: #77912: misplaced documentation symlinks for swat + * Building Samba with CUPS support. For this I reverted the change to + source/configure.in that I did in 2.0.7-3 and re-ran autoconf. + Closes: #59038: samba: not compiled with cups support. + * Fix against previous known/unknown user time difference patch to swat + (make username / password lookups take the same time.) Remove CGI + logging code in Swat. + Closes: #76341 - Security holes in swat + * Updated Build-depends. + * Updated debian/copyright to refer to the correct location of the GPL. + * debian/rules: changed DESTDIR to `pwd`/debian/samba (was + `pwd`/debian/tmp.) + * debian/rules: added '--sourcedir=debian/samba' to dh_movefiles (for some + strange reason dh_installdirs is not creating debian/tmp/ so I needed + to tweak everything to install stuff in debian/samba rather than in + debian/tmp.) + * debian/control: changed section of samba-docs to 'doc' (was 'docs') + * Using relative symlinks in /usr/share/samba/swat/ (changed debian/rules + and source/scripts/installswat.sh.) + * Fixed (by tweaking debian/rules) + /usr/bin/{smbmnt,smbumount-2.*,smbmount-2.*} to be suid. + * Added "Provides: samba-client" to smbclient's section in control. + Closes: #71143: smbclient: Smbclient should provide samba-client. + * Fix for desired_access being zero in map_share_mode() (patch to + source/smbd/nttrans.c.) Thanks to Gary Wilson + <wilsong@sergievsky.cpmc.columbia.edu> for bringing this patch to my + attention. + * Hacked source/lib/util_sec.c so smbd works fine in both 2.0.x and + 2.2.x kernels even when the build is done in a system running + a 2.2.x kernel. + Closes: #78858: samba-common: samba2.0.7 needs kernel 2.2.x but + doesnt depend on it. + Closes: #72758: README.Debian should comment on 2.0.x kernels. + Closes: #56935: Samba 2.0.6 and Kernel 2.0.x. + Closes: #58126: Samba 2.0.6 and Kernel 2.0.x -- more info. + Closes: #60580: samba: failed to set gid. + Closes: #64280: Samba panics, can't set gid. + Closes: #66816: Must deal with brokenness under 2.0.x. + Closes: #67682: potatoe samba 2.0.7-3 out of order, 2.0.5a-1 OK. + Closes: #69735: PANIC: failed to set gid + Closes: #66122: "smbclient -L localhost -U%" returns with "tree + connect failed: code 0". + Closes: #57637: Samba says tree connect error. + Closes: #58015: potato samba wins support is broken. + * Fixed comments in sample smb.conf to point to the correct location. + Closes: #69578: comments in smb.conf points to wrong path. + * Move codepages from /etc/samba/codepages/ to + /usr/share/samba/codepages/. + Closes: #63813: samba; codepages should go in /usr/lib. + * Moved /var/samba/ to /var/state/samba/. + Closes: #49011: samba package not FHS compliant. + * Hacked source/configure.in (and re-ran autoconf) so yp_get_default_domain() + is found. + Closes: #44558: netgroup support missing in samba 2.0.5a-1. + * /etc/init.d/samba was calling start-stop-daemon with both --pidfile and + --exec. Got rid of --exec so --pidfile works. + + -- Eloy A. Paris <peloy@debian.org> Thu, 11 Jan 2001 00:15:57 -0500 + +samba (2.0.7-3) frozen unstable; urgency=high + + * Release manager: this closes a RC bug. + * Commented out the section in source/configure.in that auto-detects + CUPS support and then ran autoconf to generate a new configure + script. This was done to prevent machines that have libcupsys-dev + installed from detecting CUPS support and adding an unwanted + dependency on libcupsys. This way the whole printing system + won't break on upgrades. CUPS support should be added after + Potato is released. + Closes: #65185: samba-common: Upgrading removes printing system. + Closes: #64496: smbfs: smbfs on powerpc has a dependency on cupsys. + * Updated README.debian. + Closes: #64594: Old README.Debian in /usr/share/doc/samba. + + -- Eloy A. Paris <peloy@debian.org> Tue, 20 Jun 2000 19:16:04 -0400 + +samba (2.0.7-2) frozen unstable; urgency=high + + * Release manager: this closes RC bug #63839 that prevents Samba + to be built from source. + * Fixed a stupid typo in debian/rules that was preventing Samba + to be built from source. + Closes: #63839: samba_2.0.7-1(frozen): build error (SAMBABOOK dir) + * I forgot to mention that O'Reilly's book "Using Samba" was donated + to the Open Source community. The book was included in Samba 2.0.7 + in HTML format and is part of the Debian Samba package since + Samba 2.0.7-1. + * In Samba 2.0.7-1, the "Using Samba" book and a number of HTML help + files were supposed to be provided in both the swat and the samba-doc + packages. This duplication was a waste of space. Starting with + Samba 2.0.7-2, swat recommends samba-doc and the book and the HTML + files are included only in samba-doc, and are accessed via symlinks + from within swat. + Closes: #58810: superfluous files in swat? + * Added a 'echo "."' to /etc/init.d/samba in the reload) section. + Closes: #63394: "echo ." missing in reload section of init.d script + * Fixed typo in docs/htmldocs/using_samba/ch06_05.html. + Closes: #64344: typo "encrypted passwords" + * Cleaned up samba's postrm script so important common files aren't + deleted when samba is purged. Created a samba-common.postrm script. + Closes: #62675: purging samba removes /etc/samba/smb.conf. + Closes: #63386: samba --purge removes /etc/samba dir even though + smbclient/smbfs/samba-common packages are still installed + + -- Eloy A. Paris <peloy@debian.org> Wed, 3 May 2000 02:42:07 -0400 + +samba (2.0.7-1) frozen unstable; urgency=low + + * New upstream version. Dear Release Manager: please allow this + package to go to frozen as it contains fixes to a _lot_ of problems. + You can take a look at all the problems fixed by this release in + the official upstream announcement at + http://us1.samba.org/samba/whatsnew/samba-2.0.7.html. + * Added --with-utmp to add utmp support to smbd (this is new in Samba + 2.0.7) + * Closes: #62148 - samba not rotating filled logs. + * Closes: #56711: Samba doesn't manage well long share name (please note + that it's possible to connect to shares with names longer than + 14 characters but the share will be listed with a name truncated to + 13 characters.) + * Closes: #51752 - NT DOMAIN - NET USE * /HOME not mapping (error 67). + Closes: #50907 - logon path not working. + This is not a bug, it's just Samba doing the same thing an NT server + does. See WHATSNEW.txt and smb.conf's man page for details. + * Closes: #48497 - error executing smbsh in debian-potato. (smbwrapper + is not supported anymore.) + * Closes: #58994 swat: typo in swat description. + * Closes: #45931 - Samba dies with SIGILL on startup. (Hardware + problems, person that reported the bug never came back.) + Closes: #54398 - smbadduser fails, looks for ypcat. + * Fixed swat's man page to include Debian specific installation + instructions. There's not necessary to edit /etc/services or + /etc/inetd.conf. + (Closes: #58616 - incomplete install config && incorrect installation + instructions.) + * s/SBINDIR/\"/usr/sbin\"/g in source/web/startstop.c to prevent swat + to look for smbd and nmbd in the wrong place when requested to start or + stop smbd or nmbd. + (Closes: #55028 - swat can't start samba servers.) + * Closes: #37274: smbclient does not honour pot. (Tested and seems to be + working now.) + * Not confirmed, but should fix #56699, #62185, #56247, #52218, #43492, + #50479, #39818, #54383, #59411. + (please re-open any of this if the problem still exists - I was unable + to confirm any of this because I could never reproduce them.) + Closes: #56699 - Samba's nmbd causes random kernel oops several + times in a row. + Closes: #62185 - nmbd's forking until no more file descriptors are + available. + Closes: #56247 - session setup failed: ERRSRV - ERRbadpw. + Closes: #52218 - Either wins proxy does not work, or I don't understand + it. + Closes: #43492 - intermittent problem changing password. + Closes: #50479 - Can't access windows 2000 shares with samba. + Closes: #39818 - samba-common: Upgrading Samba from the Slink version. + Closes: #54383 - samba-common: Missing /etc/smb.conf. + Closes: #59411 - smbclient: cannot browse Win2k shares. + + -- Eloy A. Paris <peloy@debian.org> Thu, 27 Apr 2000 16:07:45 -0400 + +samba (2.0.6-5) frozen unstable; urgency=low + + * Oppsss! samba-common doesn't depend on libcupsys1 so the binaries + in this package are broken unless libcupsys1 is installed. + samba-common has a "grave" bug because of this. Instead of adding + libcupsys1 to the Depends: list of each package in debian/control + I investigated why dh_shlibs was not picking the dependency + automatically. It turns out that it's probably a bug in libcupsys1 + because the format of its shlibs file is not correct. I fixed that + file (/var/lib/dpkg/info/libcupsys1.shlibs) and now dependencies are + picked correctly. I'll talk to the libcupsys1 maintainer. + + I think the addition of CUPS support to Samba is a big change that + should not go into Frozen. So, I decided to back up the addition + of CUPS support I did in 2.0.6-4 to minimize problems. I'll add + CUPS support again when I start working on Samba for Woody. + (Closes: #59337 - samba-common has a missing dependency) + + -- Eloy A. Paris <peloy@debian.org> Wed, 1 Mar 2000 08:40:02 -0500 + +samba (2.0.6-4) frozen unstable; urgency=low + + * It seems that sometimes nmbd or smbd are not killed when upgrading. + I think it is because in samba's prerm script I was calling + start-stop-daemon with the --pidfile switch and in old versions of + Samba the nmbd and smbd daemons did not store their PIDs in a file in + /var/samba/. I changed debian/samba.prerm so the existence of the + PID files is checked before calling "start-stop-daemon --pidfile ..." + If the PID files do not exist then start-stop-daemon is called + without the --pidfile parameter. + (Closes: #58058 - upgrade from slink went badly) + * Fixed typo in description of swat package in debian/control. + * Installed libcupsys1-dev so the configure script picks up CUPS + and Samba is compiled with CUPS support. Also added libcupsys1 to + the Depends: list of package samba in debian/control. + (Closes: #59038 - samba not compiled with cups support) + * Added a small paragraph to debian/README.debian warning about possible + problems with the WINS code in Samba 2.0.6. + + -- Eloy A. Paris <peloy@debian.org> Mon, 28 Feb 2000 14:00:42 -0500 + +samba (2.0.6-3) frozen unstable; urgency=low + + * Applied patch posted by Jeremy Allison to the samba mailing list + that should take care of the internal errors reported in bug #52698 + (release-critical). Wichert: please test as I never could reproduce + it here. + (Closes: #52698 - samba gets interbal errors) + * Moved samba-docs to the 'docs' section. + (Closes: #51077 - samba-doc: wrong section) + * Added reload capability to /etc/init.d/samba (only for smbd because + nmbd does not support reloading after receiving a signal). + (Closes: #50954 - patch to add reload support to /etc/init.d/samba) + * Corrected "passwd chat" parameter in sample /etc/samba/smb.conf so + Unix password syncronization works with the passwd program currently + in Potato. Thanks to Augustin Luton <aluton@hybrigenics.fr> for + the correct chat script. + * Stole source/lib/util_sec.c from the CVS tree of what will become + Samba 2.0.7 or whatever so we can use the same binaries under + both 2.0.x and 2.2.x kernels. + (Closes: #51331 - PANIC: failed to set gid) + * smbadduser is now provided as an example and it's customized for Debian. + I am not providing this script in /usr/sbin/ because then I would need + a dependency on csh, something that I don't want to do. + (Closes: #51697, #54052) + * Fixed the short description of the smbfs package in debian/control. + (Closes: 53534 - one-line description out of date). + + -- Eloy A. Paris <peloy@debian.org> Tue, 23 Nov 1999 16:32:12 -0500 + +samba (2.0.6-2) unstable; urgency=low + + * samba-common now depends on libpam-modules (not on libpam-pwdb, which + I have been told is obsolete). I modified /etc/pam.d/samba accordingly + to reflect the change. + (Closes: Bug#50722: pam pwdb dependence?). + * The old /etc/pam.d/samba file which had references to pam_pwdb caused + smbd to die with a signal 11. The new /etc/pam.d/samba file fixes + this problem. + (Closes: #50876, #50838, #50698) + * Compiled with syslog support (use at your own risk: syslog support + is still experimental in Samba). I added the parameters "syslog = 0" + and "syslog only = no" to the sample smb.conf to avoid pestering + users that do not want Samba to log through syslog. + (Closes: Bug#50703 - syslog only option doesn't work) + * Removed the stupid code in the smbmount wrapper script that tries + to load the smbfs module if smbfs is not listed in /proc/filesystems. + (Closes: Bug#50759 - Non-root can't run smbmount if SMBFS is compiled + as a module in the kernel) + * Added /bin/mount.smb as a symlink pointing to /usr/bin/smbmount so + 'mount -t smb ...' works just as 'mount -t smbfs ...'. + (Closes: Bug#50763 - 'mount -t smb' doesn't work) + + -- Eloy A. Paris <peloy@debian.org> Sat, 20 Nov 1999 18:53:35 -0500 + +samba (2.0.6-1) unstable; urgency=low + + * Samba 2.0.6 has been released. This is the first try of the Debian + Samba packages. I know for sure that smbd won't work properly on + 2.0.x kernels because the patch that Wichert sent me does not apply + to the new source/lib/util_sec.c in Samba 2.0.6. That file was + completely re-written by Tridge. + * Updated README.Debian. + * A new client utility called smbspool appeared in Samba 2.0.6. I added + this utility to the smbclient package, although I haven't tried it yet. + * Added the symlink /sbin/mount.smbfs that points to /usr/bin/smbmount. + This is to be able to type "mouont -t smbfs ...". This symlink goes + in the smbfs package, of course. + * This new release should close the following bugs (some of these + are fixed for sure in this new upstream release, some others I could + not reproduce but I believe they are fixed if they were real bugs. + As always, please feel free to re-open the bugs if the problem is not + solved). + Closes: Bug#33240: icmp mask needs a bug workaround. + Closes: Bug#37692: samba: Has problems detecting interfaces. + Closes: Bug#38988: samba: Truly bizzare behavour from nmbd. + Closes: Bug#46432: samba-2.0.5a-2: nmbd does not appear to broadcast + properly. + Closes: Bug#44131: smbfs: no longer possible to set file and + directory-modes. + Closes: Bug#46992: smbmount-2.2.x manpage wrong. + Closes: Bug#42335: smbfs: missing options from the new 2.2.x commandline. + Closes: Bug#46605: smbmnt segfaults. + Closes: Bug#48186: smbmount. + Closes: Bug#38040: smbfs: Please add /sbin/mount.smb [included]. + Closes: Bug#47332: smbmount: could -f and -P be added back? + * Samba has been compiled with PAM support (closes: Bug#39512 - samba PAM + module). To succesfully add PAM support, I created /etc/pam.d/samba and + added this file as a conffile for the samba-common package. I also made + samba-common depend on libpam-pwdb. + * Added simple man pages for the wrapper scripts smbmount and smbmount. + (Closes: Bug#44705 - Missing smbmount man page) + * Installed libreadlineg2-dev in my system so smbclient now has a + "history" command and libreadline support :-) + * This time I did add a check to the smbmount wrapper script to see if + the kernel has support for smbfs, as suggested by Jeroen Schaap + <J.Schaap@physiology.medfac.leidenuniv.nl>. I mentioned in the changelog + for samba-2.0.5a-3 that I did this but I forgot at the end. + + -- Eloy A. Paris <peloy@debian.org> Thu, 11 Nov 1999 12:08:15 -0500 + +samba (2.0.5a-5) unstable; urgency=low + + * I am sorry to report that the smbwrapper package is gone for the + moment. The reason for this is twofold: first of all, smbwrapper + is completely broken in Samba-2.0.5a (it compiles but it doesn't + run) and in the upcoming Samba-2.0.6 it doesn't even compile. Second, + when I asked Andrew Tridgell (father of Samba) about the state of + smbwrapper he told me that Ulrich Drepper (head of the glibc project) + broke on purpose the glibc stuff in which smbwrapper is based. + Consequently, Tridge recommended me to compile Samba without + support for smbwrapper. When, I have no idea. Sorry folks. Here is + the original message I received from Andrew: + + > 1) 2.0.5a's smbwrapper doesn't work under glibc2.1, and pre-2.0.6's + > smbwrapper doesn't even compile under glibc2.1. + + yep, Ulrich deliberately broke it. It won't get fixed till glibc + allows the sorts of games it plays to work again. I suggest you turn + it off in your build scripts until that gets sorted out. + + * Swat's file are now in /usr/share/samba/ instead of + /usr/lib/samba/ (bug #49011). + * Man pages now in /usr/share/man/ instead of /usr/man/ (bug #49011). + + -- Eloy A. Paris <peloy@debian.org> Tue, 2 Nov 1999 12:59:13 -0500 + +samba (2.0.5a-4) unstable; urgency=low + + * Applied patch from our fearless leader (Wichert) to fix the darn bug + that prevents Samba to work on 2.0.x kernels if it was compiled + in a system running a 2.2.x kernel. This closes #40645 (build uses + setresuid which doesn't work under 2.0.34 (does apparently under + 2.2.x) ). + * Fixed the entry that swat's postinst script adds to /etc/inetd.conf + so it is '#<off># swat\t\tstream\ttcp\tnowait.400 ...' instead of + '#<off>#swat\t\tstream\ttcp\tnowait.400 ...'. The old way caused + 'update-inetd --enable swat' to leave the entry for swat disabled. + Thanks to Dave Burchell <burchell@inetnebr.com> for finding out + this problem. This closes #48762 (swat uses non-standard syntax to + comment out inetd.conf entry). + * /usr/sbin/swat does not think anymore that the smbd daemon lives + in /usr/local/samba/bin/. To fix this I am running now source/configure + with "--prefix=/usr --exec-prefix=/usr". This closes #47716 (samba + 'swat' fails: incorrect hardwired path in the binary). + + -- Eloy A. Paris <peloy@debian.org> Sun, 31 Oct 1999 03:42:38 -0500 + +samba (2.0.5a-3) unstable; urgency=low + + * I am pretty darn busy with my MBA, I apologize for the long time it's + taking to squash bugs in the Samba packages. + * Built with debhelper v2 for FHS compliancy. Changed a couple of + things in debian/rules to accomodate for the new place for the docs. + I also had to change debian/{samba.postinst,samba.prerm,swat.postinst} + to make sure that the symlink from /usr/doc/xxx exists and points to + /usr/share/doc/xxx (the reason for this is that I am not letting + debhelper to create these scripts for me automatically). + * Built with latest libc6. + * smbfs: finally, the nasty bug that causes smbmount to die after + a while is gone thanks to Ben Tilly <Ben_Tilly@trepp.com>. + The problem was just a typo in source/client/smbmount.c. + This closes grave bug #42764 (smbmount dies) and #43341 + (smbfs-2.2.x won't function after a while). + * Fixed the smbmount wrapper script to eliminate a bashism (closes + #45202 - "wrapper scripts use $* instead of "$@") and to recognize + 2.3.x and 2.4.x kernels (closes #47688 - "smbfs: does not recognize + kernel 2.3.x"). + * Added a check to the smbmount wrapper script to see if the + kernel has support for smbfs, as suggested by Jeroen Schaap + <J.Schaap@physiology.medfac.leidenuniv.nl>. + * swat's man page is now part of the swat package, not of the samba + package. This closes #44808 (Samba has a man page for swat, but + the binary is not included). + * The interface program smbrun is not longer needed by smbd because + of the availability of execl() under Linux. Because of this, the + smbrun is not even being compiled. Since there is no need for smbrun + now, the smbrun man page was taken out of the samba package. This + closes #45266 (/usr/bin/smbrun missing). + * smbpasswd is now part of the samba-common package, and not part of + the samba package. This is to let administrators that do not want + to install a full Samba server administer passwords in remote + machines. This closes bug #42624 (smbpasswd should be included in + smbclient). This bug report also suggests that swat becomes part of + the samba package, that smbfs becomes part of the smbclient package, + and that the binary smbpasswd becomes part of the smbclient package. + I moved smbpasswd to the samba-common package but I am reluctant to + do the other things the bug report suggests. + * In order to keep dpkg happy when moving smbpasswd from the samba + package to samba-common, I had to add a "Replaces: samba (<= 2.0.5a-2)" + in the control section of the samba-common package and a + "Replaces: samba-common (<= 2.0.5a-2)" in the control section of the + samba package (in debian.control). + * Samba is now being compiled with the "--with-netatalk" option. This + closes #47480 (Could samba be compiled with the --with-netatalk option). + * All packages that depend on samba-common have a versioned dependency + now. This was accomplished by adding "(= ${Source-Version})" to the + relevant sections of debian/control. Thanks t Antti-Juhani Kaijanaho + <gaia@iki.fi> for the hint. This closes #42985 (samba should probably + have a versioned depends on samba-common). + * Made sure the file docs/textdocs/DIAGNOSIS.txt gets installed in all + the Samba packages. This closes bug #42049 (no DIAGNOSTICS.txt file). + * Added the smbadduser helper script to the samba package. This closes + #44480 (Samba doesn't come with the smbadduser program). + * Applied patch from szasz@triton.sch.bme.hu that prevents smbmount + to leave an entry in /etc/mtab for a share that could not be mounted + because of invalid user of password. The patch also allows smbumount + to unmount the share in the event that something goes wrong with the + smbmount process. This closes bug #48613 (Mount/umount problems + + patch) as well as #44130 (failed mount is still mounted). + * smbmount-2.2.x is now setuid root. This is needed for the patch + applied above to be effective. If smbmount-2.2.x is not setuid root + then an entry will be left in /etc/mtab even when the mount + fails. I had to add "usr/bin/smbmount-2.2.x" to debian/smbfs.suid + for this to work. + + -- Eloy A. Paris <peloy@debian.org> Wed, 27 Oct 1999 10:36:13 -0400 + +samba (2.0.5a-2) unstable; urgency=low + + * This version is basically the same as 2.0.5a-1 but it was compiled + on a Potato system with glibc2.1. See below the change log for 2.0.5a-1 + for more information. + + -- Eloy A. Paris <peloy@debian.org> Tue, 27 Jul 1999 02:25:29 -0400 + +samba (2.0.5a-1) stable; urgency=high + + * I'm back from the Honey Moon. We are pretty busy because we are moving + to Pittsburgh (from Caracas, Venezuela) in aprox. 24 hours and we still + have plenty of things to pack and to do. Samba 2.0.5 was released + while I was in the Honey Moon and it is just now (almost 3 AM) when + I have time to package it. + * Because of the security problems fixed in 2.0.5, this upload goes + to both stable and unstable (the Security Team asked for this). + * This release (2.0.5a-1) was compiled on a Slink system. 2.0.5a-2 will + be compiled on a Potato system. + * Added a "Replaces: samba (<= 1.9.18p10-7)" to the samba-common + section in debian/control (as suggested by Steve Haslam + <araqnid@debian.org>) to fix the problems that appear when upgrading + from the Samba package in Slink. Please test this as I am completely + unable to do so. This should fix bug #39818 (Upgrading Samba from the + Slink version). + * Removed the hacks to the autoconf stuff that I added to 2.0.4b-2 in + order to have defined several socket options when compiling with + Linux 2.2.x kernel headers - the fix is now upstream. + * Finally!!! smbmount was re-written (thanks Tridge :-) to use a command + line syntax similar to the one used by the old smbmount (for 2.0.x + kernels). This means that the wrapper script is no longer necessary + so I removed it. In its place there is a simple wrapper script that + calls smbmount-2.0.x or smbmount-2.2.x depending on the kernel that is + running. + * Because of the wedding, the Honey Moon, and our move to Pittsburgh, + I can't work on fixing other bugs in this release. + + -- Eloy A. Paris <peloy@debian.org> Tue, 27 Jul 1999 02:18:51 -0400 + +samba (2.0.4b-3) unstable; urgency=low + + * Stupid mistake: I forgot to add /usr/bin/smbumount to debian/smbfs.files + and because of this /usr/bin/smbumount was part of the samba package + instead of part of the smbfs package. + + -- Eloy A. Paris <peloy@debian.org> Thu, 1 Jul 1999 01:51:24 -0400 + +samba (2.0.4b-2) unstable; urgency=low + + * Dark (and archive maintainers): please remove from Potato the smbfsx + binary package and also the old source package for smbfs. smbfs and + smbfsx have been merged starting with this version. + * Merged the old smbfs package with Samba. Now there is only one package + for the smbfs utilities and is called "smbfs". The package smbfsx + does not exist any more and this new smbfs package must be used + for both 2.0.x and > 2.1.x kernels. + * A wrapper script was added to handle the syntax change in smbmount + in the new smbfs utilities (required for kernels > 2.1.70). The + home page for this script is http://www.wittsend.com/mhw/smbmount.html. + Please _note_ that this will change (for good) in Samba 2.0.5 :-) + * Added debian/smbumount.sh. It's another wrapper that calls smbumount-2.2.x + or smbumount-2.0.x depending on the kernel currently running. + * Not using -t for savelog in cron.weekly script. + * Recompiled without libreadlineg-dev (Samba does not seem to be using + it so unnecessary dependencies are produced). + * glibc2.1 build. + * Removed smbpasswd.8 man page from the debian/ directory because it is + now being provided upstream. + * Got rid of the ugly hack I put in source/lib/util_sock.c to have + IPTOS_LOWDELAY and IPTOS_THROUGHPUT defined. Now I patched the + autoconf stuff to #include <netinet/ip.h>. I've sent the patch to + Jeremy Allison so we have this upstream. + + -- Eloy A. Paris <peloy@debian.org> Mon, 28 Jun 1999 17:47:19 -0400 + +samba (2.0.4b-1) unstable; urgency=low + + * New upstream release. This release fixes the following Debian bugs: + #33838 (Amanda/ Samba 2.0.2 and backing up large filesystems) and + #33867 (Amanda 2.4.1 and Samba 2.0.2 and large filesystems). Jeremy + Allison released Samba 2.0.4 and found out that there were a couple + of minor bugs so he released 2.0.4a. Then he found out about more + serious bugs and released 2.0.4b. I have built this package several + times between yesterday and today because of this. Now I am releasing + the Debian packages for Samba with what I believe will be the latest + release the Samba Team will make at least in the next 4 days (Jeremy + is taking a short vacation). + * Still compiling against glibc2.0 (sorry about that :-) + * Hacked source/smbwrapper/smbsh.c to fix the problem + of smbsh not finding the shared library smbwrapper.so. It looks + now in /usr/lib/samba/ for this file. This fixes #32971, #32989, + #33278, #34911 and #36317. + * Made smbfsx depend on samba-common because smbfsx uses /etc/samba/smb.conf + and /etc/samba/codepages/. This fixes #33128 (smbmount complains about + missing /etc/smb.conf). + * Package swat does not depend on httpd anymore (there's no need to). + This fixes #35795 (swat requires httpd). + * Renamed smbmount-2.1.x and smbumount-2.1.x to smbmount-2.2.x and + smbumount-2.2.x. Same applies to the man pages. + * Changed minor type in smbmount's man page (changed "\"" by "\'"). This + fixes #34070 (wrong quotes in manpage). + * Used Fabrizio Polacco's <fpolacco@icenet.fi> procedure to create the + Debian package for Samba. This closes #35781 (samba has no pristine + source). + * Changes to /etc/cron.weely/samba: rotate /var/log/{nmb,smb}.old only + if the size of either is different than 0. Also, added comments at the + beginning of this script to explain how rotation of log files works in + Samba. Thanks to ujr@physik.phy.tu-dresden.de (Ulf Jaenicke-Roessler) + for the suggestions. This closes #37490 (cron.weekly script rotates not + used [sn]mb.old files). As I side effect, this should also close + #31462 (still trouble with /etc/cron.weekly/samba). + * Check for old /etc/pam.d/samba file which is not provided by this version + of the Debian Samba package but was provided in older versions. If this + file exists we delete it. We check for this in the postinst. This closes + #37356 (samba put stuff in pam.d that pam complains about) and #34312 + (libpam0g: questions during upgrade). + * Make sure the mode of /etc/samba/smbpasswd is set to 600. This is done + in the postinst script. This closes #35730 (Security problem with + /etc/samba/smbpasswd when upgrading from samba 1.9.18p8-2 to 2.0.3-1). + * I have just checked and it looks like #28748 (smbfsx doesn't "return ") + has been fixed. This might have been fixed since a long time ago. + * Long long standing bug #18488 (smbclient: internal tar is broken) is + closed in this release of Samba. The bug might have been closed for a + long long time, but I did not check for this before. + * Temporary fix to the annoying "Unknown socket option IPTOS_LOWDELAY" + message. This fixes #33698 (socket option IPTOS_LOWDELAY no longer works), + #34148 (warnings from smbd) and #35333 (samba warnings). + + -- Eloy A. Paris <peloy@debian.org> Thu, 20 May 1999 00:35:57 -0400 + +samba (2.0.3-1) unstable; urgency=low + + * New upstream version. + * Removed the convert_smbpasswd.pl program I created and put in + /usr/doc/samba/ because there's a convert_smbpasswd script in the + upstream sources that does the same thing. I modified the postinst + script to use this script instead of the one I created. + + -- Eloy A. Paris <peloy@debian.org> Sun, 28 Feb 1999 01:35:37 -0400 + +samba (2.0.2-2) unstable; urgency=low + + * Updated the README.Debian file. + * Updated the description of the samba package in the control file. + * The binaries smbmnt and smbumount-2.1.x in the smbfsx package are now + installed setuid root as they should be. This was done by doing a + a "chmod u+s" for each binary in debian/rules and by creating the + file debian/smbfsx.suid. + * Minor patch to source/client/smbumount.c to allow normal users + to umount what they have mounted (problem was a kernel vs. libc6 + size mismatch). I sent the patch upstream. + * Created debian/smbwrapper.dirs so the directory /usr/lib/samba/ is + created. + * Modified debian/rules to move smbwrapper.so from debian/tmp/usr/bin/ to + debian/smbwrapper/usr/lib/samba/. + * Hacked source/smbwrapper/smbsh.c to fix the problem + of smbsh not finding the shared library smbwrapper.so. + + -- Eloy A. Paris <peloy@debian.org> Thu, 11 Feb 1999 18:11:34 -0400 + +samba (2.0.2-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Thu, 11 Feb 1999 01:35:51 -0400 + +samba (2.0.1-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Sat, 6 Feb 1999 06:51:18 -0400 + +samba (2.0.0final-4) unstable; urgency=low + + * The samba postinst made an unwarranted assumption that the file + /etc/samba/smbpasswd exists. If the file did not exist (which is + perfectly valid) the postinst will fail. This fixes #32953. + + -- Eloy A. Paris <peloy@debian.org> Fri, 5 Feb 1999 23:32:46 -0400 + +samba (2.0.0final-3) unstable; urgency=low + + * Added to debian/control a "Depends: ${shlibs:Depends}" line for the + samba-common package so dependencies for this package are set + correctly (thanks to Dark for pointing this out). + + -- Eloy A. Paris <peloy@debian.org> Thu, 4 Feb 1999 09:45:21 -0400 + +samba (2.0.0final-2) unstable; urgency=low + + * Finally!!! The first upload to unstable. Sorry for the delay folks + but I have been quite busy lately :-) Another reason for the delay + is that I wanted to ease the migration from Samba 1.9.18p10 and + before to Samba 2.0.0. I changed the location of the config. files + from /etc/ to /etc/samba/ and this made things a little bit harder. + * This package needs 2.2 kernel headers to compile (well, this is + true for the smbfsx package, all others compile fine with 2.0 kernel + headers). + * Created a preinst script for the samba package to take care of the + location migration of smb.conf (from /etc/ to /etc/samba/). The + preinst script also takes care of moving /etc/smbpasswd to its new + location (/etc/samba/). + * Created postinst and postrm scripts to add/remove an entry for swat + in /etc/inetd.conf. + * I had forgotten to install the sambaconfig script so I changed + debian/rules to install this script. + * Added a postrm script for the samba package (I had forgotten to add + this script to the new Samba packages after the migration from 1.9.18 + to 2.0.0). + * Created a small Perl script that is called from the samba postinst + to convert the smbpasswd from the old format used in version prior + to 2.0.0 to the new one used in 2.0.0 and beyond. + * The upgrade process should be automatically now. Please let me know + of any problems you encounter. + + -- Eloy A. Paris <peloy@debian.org> Sat, 23 Jan 1999 09:34:10 -0400 + +samba (2.0.0final-1) experimental; urgency=low + + * Finally!!! Samba 2.0.0 is here! I am not uploading to unstable + because I still have to work out the migration from the old + samba packages to the new ones. I also need to work more on the + new swat package. + + -- Eloy A. Paris <peloy@debian.org> Thu, 14 Jan 1999 22:40:02 -0400 + +samba (2.0.0beta5-1) experimental; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Tue, 5 Jan 1999 00:37:57 -0400 + +samba (2.0.0beta4-1) experimental; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Wed, 23 Dec 1998 18:37:45 -0400 + +samba (2.0.0beta3-1) experimental; urgency=low + + * New upstream version. + * I have just realized that the documentation patches (for man pages) + that I used for the 1.9.18 release are not longer necessary because + there was a major re-write of all the Samba documentation that added + the missing bits of information. So, I have just removed these minor + patches. + + -- Eloy A. Paris <peloy@debian.org> Tue, 8 Dec 1998 12:00:30 -0400 + +samba (2.0.0beta2-1) experimental; urgency=low + + * New upstream version. + * This new version fixes the potential security problem that + was posted to debian-private (using the "message command" parameter + to execute arbitrary commands from messages sent from LinPopUp). + * Changed /etc/init.d/samba to use one of the variables stored in + /etc/samba/debian_config to know how Samba is being run (from inetd or + as daemons) instead of grepping /etc/inetd.conf which may not exist + if the user is running xinetd (this fixes bug #29687 - assumes using + vanilla inetd) + + -- Eloy A. Paris <peloy@debian.org> Mon, 23 Nov 1998 23:32:03 -0400 + +samba (2.0.0beta1-1) experimental; urgency=low + + * First beta release of the samba-2.0.0 code. Before the beta I was + working with sources downloaded directly from the CVS server. This + package goes into experimental and I plan to release the new + samba to unstable as soon as it gets out of beta. + * Created several packages out of the Samba sources. They are: + samba (nmbd and smbd daemons + related programs), smbclient (FTP + like command line utility to retrieve files from SMB servers), + swat (Samba Web Administration Tool), samba-common (common files + used by samba, smbclient and swat), smbfsx (smbfs utilities for + kernels >= 2.1.70), smbwrapper and samba-doc (Samba documentation). + * Refreshed debian/samba-doc.docs so recently added docs. are + installed in the samba-doc package. New additions include man + pages in the /usr/doc/samba-doc/htmldocs/ directory. + * Deleted Debian specific nmblookup(1) man page as it is now upstream. + * Added smbtorture to smbclient package. + * Moved rpcclient from the samba package to the smbclient package. + * The Samba daemons (nmbd and smbd) now create a PID file so I changed + all calls to start-stop-daemon to use the PID file. + * Fixed debian/rules to install mksmbpasswd (fixes #27655). + * Modified /etc/init.d/samba so nmbd is started without the -a (append + to the log file instead of overwrite) switch. The new behavior of + nmbd is to NOT overwrite log files, so the -a switch can be deleted + safely. + * Moved from debstd to debhelper. + + -- Eloy A. Paris <peloy@debian.org> Thu, 1 Oct 1998 08:37:41 -0400 + +samba (1.9.18p10-5) frozen unstable; urgency=high + + * Oppsss!!! While fixing bug #26884 I introduced a bug even worse than + the one I was trying to fix: in /etc/init.d/samba I got rid of the test + that tells us whether the Samba daemons are running from inetd or as + standalone daemons. I corrected the problem by editing again + /etc/init.d/samba to uncomment the test. + * Wishlist bug #28298 (typos in samba) was fixed. + * Wishlist bug #28309 (typos in smb.conf) was fixed. + + -- Eloy A. Paris <peloy@debian.org> Wed, 28 Oct 1998 09:11:47 -0400 + +samba (1.9.18p10-4) unstable; urgency=low + + * Minor patch to debian/rules to delete *substvars instead of only + substvars when doing a "debian/rules clean" (thanks to Daniel Jacobowitz + <dmj@andrew.cmu.edu> for this). + * Small patch to source/shmem_sysv.c that eases compilation under + glibc-2.1 (thanks to Daniel <dmj@andrew.cmu.edu> for this). + + -- Eloy A. Paris <peloy@debian.org> Thu, 17 Sep 1998 15:33:49 -0400 + +samba (1.9.18p10-3) unstable; urgency=low + + * Patched smbclient again to fix minor formatting problem introduced + by Magosanyi Arpad's smbclient patch. + + -- Eloy A. Paris <peloy@debian.org> Thu, 3 Sep 1998 11:03:23 -0400 + +samba (1.9.18p10-2) unstable; urgency=low + + * Sync'ed include files for the smbfs utilities with the ones in + kernel 2.1.119. + * Added to the /usr/doc/samba/examples/ directory a new script called + wins2dns (courtesy of Jason Gunthorpe <jgg@deltatee.com>) that + generates BIND sonze files for hosts in the WINS database. + * Patched smbclient to include enhancements by Magosanyi Arpad + <mag@bunuel.tii.matav.hu> that make scripting easier. + + -- Eloy A. Paris <peloy@debian.org> Fri, 28 Aug 1998 13:34:54 -0400 + +samba (1.9.18p10-1) stable unstable; urgency=low + + * New upstream version (see /usr/doc/samba/WHATSNEW.txt for a + description of what has changed). I built a 1.9.18p9-1 but I + never released it because an obscure bug was found just a couple + of days before the official release, so the Samba Team stopped + the rollover of 1.9.18p9. + * Updated documentation (new files were added to the docs/ directory + that were not installed in /usr/doc/samba/). + * Fixed long standing bug #7695 (smb.conf's man page doesn't document + 'printing=lprng') - I made a couple of changes to the man page to + include references to lprng. + * Fixes bug #24930 (samba needs to suggest psmisc?). I don't think it + is necessary to make samba suggest psmisc just because the postinst + script mentions to call killall. So, I removed all references to + "killall" in the scripts. + * Fixes bug #25999 (Samba does not by default work with unix password + sync): I added the "passwd program" and "passwd chat" parameters to + the sample smb.conf to reflect the Debian environment. + + -- Eloy A. Paris <peloy@debian.org> Fri, 21 Aug 1998 08:59:18 -0400 + +samba (1.9.18p9-1) unstable; urgency=low + + * New upstream version (see /usr/doc/samba/WHATSNEW.txt for a + description of what has changed). + * Removed Jeremy Allison's patch applied to 1.9.18p8-2 because it is + now part of the new upstream version. + * Corrected small typo in addtosmbpass' man page (fixes #25629). + + -- Eloy A. Paris <peloy@debian.org> Tue, 11 Aug 1998 08:53:08 -0400 + +samba (1.9.18p8-2) frozen unstable; urgency=medium + + * Applied patch received from Jeremy Allison (Samba Team) that fixes + "grave" bug #23903 (samba maps username before authenicating with + NT password server). + * Added a "sleep 2" between "start-stop-daemon --stop" and + "start-stop-daemon --start" in /etc/init.d/samba so when this script + is called with the "restart" parameter the Samba daemons are restarted + properly. This fixes bug #24211 (init.d script doesn't restart). + * Sent start-stop-daemon output in /etc/init.d/samba to /dev/null to + avoid annoying warning messages. + * Added perfomance tune parameters to sample /etc/smb.conf (SO_SNDBUF=4096 + and SO_RCVBUF=4096 to "socket options" in /etc/smb.conf). I can't + find who sent this suggestion to me. If you are listening, drop me a + note and I'll put your name here :-) + + -- Eloy A. Paris <peloy@debian.org> Mon, 29 Jun 1998 08:45:01 -0400 + +samba (1.9.18p8-1) frozen unstable; urgency=low + + * New upstream release that fixes _lots_ of "ugly" bugs. The list of + fixed bugs is too long to include here (see /usr/doc/samba/WHATSNEW.txt). + * Fixed postinst to quote arguments to if [ arg .. ] constructs + (fixes #22881). + * Applied Jeremy Allison's patch (posted to the samba-ntdom mailing + list) that solves a problem with username maps (the Samba Team did + not catch this problem before final 1.9.18p8). + * Made /etc/init.d/samba to print out a warning when Samba is running + from inetd and the user runs /etc/init.d/samba to start|stop|restart + Samba (there's no point on doing this because inetd will start the + daemons again when there is traffic on UDP port 137-139). + + -- Eloy A. Paris <peloy@debian.org> Sat, 13 Jun 1998 00:18:25 -0400 + +samba (1.9.18p7-4) frozen unstable; urgency=medium + + * Fixes the serious problem of having the WINS name server + database getting deleted at boot time. That happened because the + WINS database was being stored under /var/lock/samba/ and all files + under /var/lock/ are deleted at boot time. The place where the WINS + database is stored was moved to /var/samba/. + + -- Eloy A. Paris <peloy@debian.org> Mon, 18 May 1998 20:24:29 -0400 + +samba (1.9.18p7-3) stable; urgency=high + + * Libc5 version for Bo (stable) that fixes the recently reported + security hole. + + -- Eloy A. Paris <peloy@debian.org> Mon, 18 May 1998 20:19:33 -0400 + +samba (1.9.18p7-2) frozen unstable; urgency=low + + * Added patches from the non-mantainer upload that make us able + to compile Samba on Alpha systems. This fixes bug #22379. + + -- Eloy A. Paris <peloy@debian.org> Wed, 13 May 1998 20:38:51 -0400 + +samba (1.9.18p7-1) frozen unstable; urgency=low + + * New upstream release (just bug fixes, no new functionality). + + -- Eloy A. Paris <peloy@debian.org> Wed, 13 May 1998 11:47:32 -0400 + +samba (1.9.18p6-2) frozen unstable; urgency=low + + * Uploaded to frozen (I forgot to upload last version to frozen + so it got installed only in unstable). + + -- Eloy A. Paris <peloy@debian.org> Tue, 12 May 1998 18:10:17 -0400 + +samba (1.9.18p6-1.1) unstable; urgency=low + + * non-maintainer upload for Alpha + * patch needed for source/quota.c (_syscall4() confusion) + + -- Paul Slootman <paul@debian.org> Tue, 12 May 1998 20:39:13 +0200 + +samba (1.9.18p6-1) unstable; urgency=low + + * New upstream release that fixes a possible buffer overflow. + This security hole was reported on BugTraq by Drago. The + previous Debian version (1.9.18p5-1) was not released because + 1.9.18p5 and 1.9.18p6 were released very closely. + + -- Eloy A. Paris <peloy@debian.org> Mon, 11 May 1998 20:28:33 -0400 + +samba (1.9.18p5-1) unstable; urgency=low + + * New upstream release (no new funcionality, just bug fixes - see + /usr/doc/samba/WHATSNEW.txt.gz). + * Backed off Debian patches that were added upstream. + + -- Eloy A. Paris <peloy@debian.org> Mon, 11 May 1998 08:43:53 -0400 + +samba (1.9.18p4-2) frozen unstable; urgency=low + + * Patched smbclient(1) man page to not reference the unsopported + -A parameter (fixes #6863). + * Changes to start nmbd with the -a option (in /etc/init.d/samba + and in the entry added to /etc/inetd.conf). + * Fixed typo in sample smb.conf (fixes #21484). + * Fixed yet another typo in sample smb.conf (fixes #21447). + + -- Eloy A. Paris <peloy@debian.org> Fri, 17 Apr 1998 22:19:23 -0400 + +samba (1.9.18p4-1) frozen unstable; urgency=low + + * New upstream version that fixes several bugs. + * New scheme for keeping track of Debian specific configuration. + This new scheme fixes bug #18624 (Samba always asks the user about + configuration options). New scheme stores Debian specific + configuration information in /etc/samba/debian_config. + * Changes to /usr/sbin/sambaconfig, prerm and postinst to support the + new configuration scheme. + * Moved required kernel 2.1.x include files inside the source tree + so I don't have to do very nasty things like creating crazy + symlinks in /usr/include to make this package compile. This + allows non-root users to build the package and fixes bug + #20104. + * Fixed address of the FSF in /usr/doc/samba/copyright (problem + reported by lintian). + * The /etc/init.d/samba script now supports the force-reload + argument, as required by the policy (problem reported by lintian). + * Added a "rm /etc/cron.weekly/samba" at the end of the postinst. + * Now the samba package can be installed even if no nmbd or smbd processes + are running. This fixes the following bugs: #8917, #9334, #10268, + #10411, #11146 and #13387. + * Provides the original README in /usr/doc/samba. This fixes bug #9693. + * Added a --no-reload option to sambaconfig to not reload Samba + after configuration. + * Created man pages for sambaconfig(8), addtosmbpass(8), + mksmbpasswd(8) and nmblookup(1). + * Corrected small typo in sample /etc/smb.conf. + * Added two new parameters to /etc/smb.conf: "preserver case" and + "short preserve case". + * "rm -Rf /var/lock/samba" in postrm when package is being purged. + * Patched upstream source (nmbd.c) to not overwrite log files when + nmbd is called with the -a parameter (fixes #17704: nmbd ignores + -a option). + * /etc/init.d/samba now starts the nmbd daemon with the -a parameter + to not overwrite log files. + + -- Eloy A. Paris <peloy@debian.org> Mon, 23 Mar 1998 21:22:03 -0400 + +samba (1.9.18p3-1) unstable; urgency=low + + * New upstream version. + * Oppsss!!! I really screwed it up (actually, debstd did). + 1.9.18p2-2 still contained man pages (smbmount and smbumount) part + of other packages. This version does have this corrected. If not, + I no longer deserve to be a Debian developer! So, this version + fixes bug #18438 and some of the bugs I claimed to fix in + 1.9.18p2-2. Oh, by the way, I fixed the problem by running debstd + with -m in debian/rules (man pages are installed by "make install" + so it's a bad idea to re-install man pages with debstd). + + -- Eloy A. Paris <peloy@debian.org> Mon, 23 Feb 1998 17:32:42 -0400 + +samba (1.9.18p2-2) unstable; urgency=low + + * Fixes bugs #18017, #17999, #17961, #17932: old 1.9.18p2-1 provided + a man page for smbmount, which conflicts with package smbfs. This + was solved by creating a multi-binary package that produces + package samba and new package smbfsx. + * Fixes bug #18000 (typo in postinst). + * Fixes bug #17958 (postinst asks obsolete question). Actually, + the question is still asked, but only if Samba is run as daemons. + * Created a multi-binary package from the Samba sources: package + samba and new package smbfsx which provides SMB mount utilities + for kernels > 2.1.70. + + -- Eloy A. Paris <peloy@debian.org> Mon, 9 Feb 1998 19:47:05 -0400 + +samba (1.9.18p2-1) unstable; urgency=low + + * New upstream version. + * Removed /etc/cron.weekly/samba because Samba does not handle well + rotation of log files (if the log file is rotated Samba will + continue to log to the rotated file, instead of the just created + one). In any case, Samba will rotate log files after an specific + file size. + + -- Eloy A. Paris <peloy@debian.org> Tue, 27 Jan 1998 22:34:27 -0400 + +samba (1.9.18p1-2) unstable; urgency=low + + * Created a multi-binary package out of the Samba sources to provide + packages samba and smbfsx (userland utilities to work with + smbfs with kernels > 2.1.x. + + -- Eloy A. Paris <peloy@debian.org> Sat, 17 Jan 1998 09:23:48 -0400 + +samba (1.9.18p1-1) unstable; urgency=low + + * New upstream version. + * Created /etc/cron.daily/samba to save a copy of /etc/smbpasswd in + /var/backups/smbpasswd.bak. + + -- Eloy A. Paris <peloy@debian.org> Wed, 14 Jan 1998 13:40:56 -0400 + +samba (1.9.18alpha14-1) unstable; urgency=low + + * New upstream version. + * Added a note to the postinst script telling the user that he/she + needs to run smbpasswd manually after creating a new /etc/smbpasswd + from /etc/passwd. + + -- Eloy A. Paris <peloy@debian.org> Tue, 23 Dec 1997 23:44:37 -0400 + +samba (1.9.18alpha13-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Tue, 16 Dec 1997 13:02:32 -0400 + +samba (1.9.18alpha12-1) unstable; urgency=low + + * New upstream version. + * Conflicts with the sambades package because the new Samba 1.9.18 + series do not depend on the DES libraries to support encrypted + passwords. + * Added parameter "encrypt passwords = yes" to /etc/smb.conf. + * Compiled with support for quotas in disk_free(). + * Home directories are now exported read only by default. + * Re-worked debian/rules. + * Re-worked sample smb.conf. + + -- Eloy A. Paris <peloy@debian.org> Thu, 4 Dec 1997 22:50:34 -0400 + +samba (1.9.17p4-1) unstable; urgency=low + + * New upstream version. + * Made /etc/smb.conf readable by everybody because some Samba utilities + will fail otherwise when run by non-root users. + * Dropped PAM support while the PAM libraries are ported to libc6. + + -- Eloy A. Paris <peloy@debian.org> Tue, 21 Oct 1997 18:08:49 -0400 + +samba (1.9.17p3-1) unstable; urgency=low + + * New upstream version. + * Made /etc/smb.conf readable only by root as suggested by smbd's man page. + + -- Eloy A. Paris <peloy@debian.org> Wed, 15 Oct 1997 09:21:25 -0400 + +samba (1.9.17p2-2) unstable; urgency=low + + * Running Samba as daemons instead of from inetd. + * Removing netbios entries in /etc/inetd.conf. + + -- Eloy A. Paris <peloy@debian.org> Thu, 9 Oct 1997 23:37:25 -0400 + +samba (1.9.17p2-1) unstable; urgency=low + + * New upstream version that fixes a serious security hole. + * Removed Debian patches added in 1.9.17-1 and 1.9.17p1-1 because + these patches are now part of the upstream release. + + -- Eloy A. Paris <peloy@debian.org> Sun, 28 Sep 1997 22:54:33 -0400 + +samba (1.9.17p1-1) unstable; urgency=low + + * New upstream version. + * Defined symbol _LINUX_C_LIB_VERSION_MAJOR as 6 in includes.h to shut up + compiler warnings. + * Included rpcsvc/ypclnt.h in includes.h to shut up compiler warnings. + * Included crypt.h to have function prototype for crypt(). + * Included netinet/tcp.h to have some socket options included. + * Included netinet/ip.h to have some socket options included. + * Linking with libcrypt (LIBM='... -lcrypt'). Without including this + library smbd generates a seg. fault when authenticating users (?). + + -- Eloy A. Paris <peloy@debian.org> Wed, 10 Sep 1997 22:09:18 -0400 + +samba (1.9.17-1) unstable; urgency=low + + * New upstream version (called the "Browse Fix Release") + * Added the option --oknodo to the start-stop-daemon invocation in prerm + script. This was because the prerm was failing because start-stop-daemon + was returning an error code if no nmbd or smbd daemons were found + to kill. + * The function yp_get_default_domain(), referenced in three source + files was part of libc5 but with libc6 (glibc2) it has been moved + to libnss_nis. Since the linker was unable to find the function + I had to add LIBSM='-lnss_nis' to debian/rules. + * Added -DNO_ASMSIGNALH and -DGLIBC2 to FLAGSM in debian/rules + because compiling was failing because of conflicts with glibc2. + * Patched source/includes.h to include termios.h if GLIBC2 is defined. + + -- Eloy A. Paris <peloy@debian.org> Wed, 27 Aug 1997 08:39:32 -0400 + +samba (1.9.17alpha5-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris <peloy@debian.org> Thu, 14 Aug 1997 18:05:02 -0400 + +samba (1.9.16p11-3) unstable; urgency=low + + * Fixed accidental omission of /etc/pam.d/samba. + + -- Klee Dienes <klee@debian.org> Sat, 15 Mar 1997 22:31:26 -0500 + +samba (1.9.16p11-2) unstable; urgency=low + + * Recompiled against newer PAM libraries. + * Added /etc/pam.d/samba. + + -- Klee Dienes <klee@debian.org> Sat, 8 Mar 1997 01:16:28 -0500 + +samba (1.9.16p11-1) unstable; urgency=low + + * New upstream release. + * Added PAM support. + + -- Klee Dienes <klee@debian.org> Tue, 25 Feb 1997 18:00:12 -0500 + +samba (1.9.16p9-2) unstable; urgency=low + + * minor packaging changes + + -- Klee Dienes <klee@sauron.sedona.com> Sun, 3 Nov 1996 11:45:37 -0700 + +samba (1.9.16p9-1) unstable; urgency=low + + * upgraded to new upstream version + + -- Klee Dienes <klee@sauron.sedona.com> Sat, 26 Oct 1996 21:38:20 -0700 + +1.9.16alpha10-1: + 960714 + * Removed Package_Revision from control file. + * Removed -m486 compiler option. + * Added Architecture, Section and Priority fields to control file. + * Upgraded to latest upstream version. + * Uses update-inetd now. + * Added shadow passwords support. + * Fixed Bug#1946: nmbd won't browse + +1.9.15p4-1: + 951128 + * Upgraded to latest upstream version. + * Fixed many bugs. + * Adds Master Browsing support. + * Converted to ELF. + * Fixed bug #1825 - nmbd is now killed when removing samba. + +1.9.14-1: + 950926 Andrew Howell <andrew@it.com.au> + * Upgraded to latest version. + * Fixed Bug #1139 - samba won't print + +1.9.14alpha5-1: + * Fixes killing of inetd problem in debian.postint and debian.postrm + +1.9.14alpha5-0: + 950704 Andrew Howell <andrew@it.com.au> + * Taken over samba package from Bruce Perens. + * Upgraded to newest version of samba. + +1.9.02-1: + 9-January-1994 Bruce Perens <Bruce@Pixar.com> + * Added Debian GNU/Linux package maintenance system files, and + configured for Debian systems. diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..856465d --- /dev/null +++ b/debian/clean @@ -0,0 +1,9 @@ +# remove artifacts left by the build system +.lock-wscript +compile_commands.json +# Waf pycache files +buildtools/wafsamba/__pycache__/ +source3/build/__pycache__/ +third_party/waf/waflib/__pycache__/ +third_party/waf/waflib/extras/__pycache__/ +third_party/waf/waflib/Tools/__pycache__/ diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c01dec5 --- /dev/null +++ b/debian/control @@ -0,0 +1,634 @@ +Source: samba +Section: net +Priority: optional +Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> +Uploaders: Steve Langasek <vorlon@debian.org>, + Jelmer Vernooij <jelmer@debian.org>, + Mathieu Parent <sathieu@debian.org>, + Andrew Bartlett <abartlet+debian@catalyst.net.nz>, + Michael Tokarev <mjt@tls.msk.ru> +Homepage: https://www.samba.org +Standards-Version: 4.6.2 +Build-Depends: + dpkg-dev (>= 1.22.5), + debhelper-compat (= 13), + dh-exec, +Build-Depends-Arch: + dh-sequence-python3, +# tools: + bison, + docbook-xml, docbook-xsl, xsltproc, + flex, + perl:any, + po-debconf, + rpcsvc-proto, +# libraries which we embed but use system versions of: + libtalloc-dev (>= 2.4.2~), + python3-talloc-dev (>= 2.4.2~), + libtevent-dev (>= 0.16.1~), + libtdb-dev (>= 1.4.10~), + python3-tdb (>= 1.4.10~), +# system libraries: + pkgconf, + libacl1-dev, + libarchive-dev, + libavahi-client-dev, + libavahi-common-dev, + libblkid-dev, + libbsd-dev, + libcap-dev [linux-any], +# the same [arch list] is in rules (with-ceph) and ctdb.install + libcephfs-dev [amd64 arm64 mips64el ppc64el riscv64 s390x], + librados-dev [amd64 arm64 mips64el ppc64el riscv64 s390x], + libcmocka-dev (>= 1.1.3), + libcups2-dev, + libdbus-1-dev, + libglusterfs-dev [amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64], + libgnutls28-dev, + libgpgme11-dev, + libicu-dev, + libjansson-dev, + libkeyutils-dev, + libkrb5-dev (>= 1.21.0~) <pkg.samba.mitkrb5>, + libldap2-dev, + liblmdb-dev, + libpam0g-dev, + libparse-yapp-perl, + libpcap-dev [hurd-i386 kfreebsd-any], + libpopt-dev, + libreadline-dev, + libtirpc-dev, + libsystemd-dev [linux-any], + libtasn1-6-dev (>= 3.8), + libtasn1-bin, + liburing-dev [linux-any], + xfslibs-dev [linux-any], + zlib1g-dev (>= 1:1.2.3), +# python (+#904999): + python3-dev:any | python3-dev, libpython3-dev, + python3-dnspython, + python3-etcd, + python3-markdown, +# dependencies needed for selftest: +# python3-testtools <!nocheck>, +# lmdb-utils <!nocheck>, +# openssl <!nocheck>, +# python3-cryptography <!nocheck>, +# python3-iso8601 <!nocheck>, +# python3-pyasn1 <!nocheck>, +# tdb-tools <!nocheck>, +Rules-Requires-Root: no +Vcs-Browser: https://salsa.debian.org/samba-team/samba +Vcs-Git: https://salsa.debian.org/samba-team/samba.git + +Package: samba +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: passwd, + libpam-modules, + libpam-runtime (>= 1.0.1-11), + procps, + python3, + python3-dnspython, + python3-samba (= ${binary:Version}), + samba-common (= ${source:Version}), + samba-common-bin (=${binary:Version}), + tdb-tools, + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Recommends: attr, + python3-markdown, + samba-dsdb-modules, + samba-vfs-modules, + samba-ad-provision, +Suggests: bind9 (>= 1:9.5.1), + bind9utils, + ctdb, + ldb-tools, + ntp | chrony (>= 3.0-1), + ufw, + winbind +Enhances: bind9, ntp +Breaks: samba-ad-provision (<< ${source:Upstream-Version}) +Description: SMB/CIFS file, print, and login server for Unix + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. Samba can also function + as an Active Directory or NT4-style domain controller, and can integrate + with Active Directory realms or NT4 domains as a member server. + . + This package provides the components necessary to use Samba as a stand-alone + file and print server or as an NT4 domain controller. For use in an NT4 + domain or Active Directory realm, you will also need the winbind package. + To use samba as an Active Directory domain controller (AD DC), please install + samba-ad-dc package. + . + This package is not required for connecting to existing SMB/CIFS servers + (see smbclient) or for mounting remote filesystems (see cifs-utils). + +Package: samba-libs +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same +Architecture: any +Section: libs +Provides: libndr4 (= ${binary:Version}), libsmbldap2 (= ${binary:Version}) +Depends: ${misc:Depends}, ${shlibs:Depends}, +# since libldb ABI is incorrectly versioned resulting in breakage like #1021371, +# just require libldb version of the same build +# https://lists.samba.org/archive/samba-technical/2023-September/138422.html + ${ldb:Depends}, +Replaces: +# libsamba-util.so &deps moved from libwbclient0 to samba-libs in 4.16.1+dfsg-7 + libwbclient0 (<< 2:4.16.1+dfsg-7~), +# libpac-samba4.so.0 moved from samba to samba-libs in 4.17.0+dfsg-2 + samba (<< 2:4.17.0+dfsg-2~), +Breaks: + libwbclient0 (<< 2:4.16.1+dfsg-7~), + samba (<< 2:4.17.0+dfsg-2~), + sssd-ad (<< 2.9.4-1+b1), + sssd-ad-common (<< 2.9.4-1+b1), + sssd-ipa (<< 2.9.4-1+b1), +Description: Samba core libraries + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains the shared libraries. + +Package: samba-common +Architecture: all +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: ucf, ${misc:Depends} +Recommends: samba-common-bin +Description: common files used by both the Samba server and client + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package contains common files used by all parts of Samba. + +Package: samba-common-bin +Architecture: any +Depends: python3, + python3-samba, + samba-common (=${source:Version}), + samba-libs (= ${binary:Version}), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Recommends: samba-dsdb-modules +Suggests: heimdal-clients, + python3-markdown, + python3-dnspython +# moved samba-dcerpcd samba=>samba-common-bin in in 4.16.2+dfsg-1 +# moved libnet-keytab-samba4.so.0 & libRPC-WORKER-samba4.so.0 samba-libs=>samba-common-bin in 4.19.0~r1 +Replaces: samba (<< 2:4.16.2+dfsg-1~), samba-libs (<< 2:4.19.0~) +Breaks: samba (<< 2:4.16.2+dfsg-1~), samba-libs (<< 2:4.19.0~) +Description: Samba common files used by both the server and the client + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains the common files that are used by both the server + (provided in the samba package) and the client (provided in the smbclient + libsmbclient0 packages). + +Package: samba-ad-dc +Architecture: all +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: samba (>= ${source:Version}~), samba-dsdb-modules, samba-vfs-modules, + winbind, + krb5-kdc (>= 1.21.0~) <pkg.samba.mitkrb5>, + ${misc:Depends} +Recommends: libnss-winbind, libpam-winbind, +# samba-ad-provision is needed for setup only + samba-ad-provision +Breaks: samba-ad-provision (<< ${source:Upstream-Version}) +Description: Samba control files to run AD Domain Controller + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package contains control files to run an Active Directory Domain + Controller (AD DC). For now, this is just a metapackage pulling in + all the required dependencies. + +Package: samba-ad-provision +Architecture: all +Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends} +Replaces: samba (<< 2:4.17.3+dfsg-4~) +Breaks: samba (<< 2:4.17.3+dfsg-4~) +Description: Samba files needed for AD domain provision + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package contains files to setup an Active Directory Domain + Controller (AD DC). + +Package: smbclient +Architecture: any +Depends: samba-common (= ${source:Version}), + samba-libs (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Provides: samba-client +Suggests: cifs-utils, heimdal-clients +Description: command-line SMB/CIFS clients for Unix + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package contains command-line utilities for accessing Microsoft + Windows and Samba servers, including smbclient, smbtar, and smbspool. + Utilities for mounting shares locally are found in the package + cifs-utils. + +Package: samba-testsuite +Architecture: any +Suggests: subunit +Depends: samba-common-bin, + samba-libs (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +# move libshares-samba4.so.0 samba-libs=>samba-testsuite in 4.19.0~rc1 +Replaces: samba-libs (<< 2:4.19.0~) +Breaks: samba-libs (<< 2:4.19.0~) +Description: test suite from Samba + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains programs for testing the reliability and speed + of SMB servers, Samba in particular. + +Package: registry-tools +Architecture: any +Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: tools for viewing and manipulating the Windows registry + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains tools for viewing and manipulating the binary + "registry" found on Windows machines, both locally and remote. + +Package: samba-dev +Architecture: any +Multi-Arch: same +Depends: libc6-dev, + libldb-dev (>= 2:2), + libpopt-dev, + libtalloc-dev, + libtdb-dev, + libtevent-dev, + libwbclient-dev, + samba-libs (= ${binary:Version}), + ${misc:Depends} +# libsamba-util.so moved from libwbclient0 to samba-libs in 4.16.1+dfsg-7 +Replaces: libwbclient-dev (<< 2:4.16.1+dfsg-7~) +Breaks: libwbclient-dev (<< 2:4.16.1+dfsg-7~) +Section: devel +Description: tools for extending Samba + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains include files shared by the various Samba-based + libraries. + +Package: python3-samba +Pre-Depends: ${misc:Pre-Depends} +Architecture: any +Section: python +Depends: python3-ldb, + python3-tdb, + samba-libs (= ${binary:Version}), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Replaces: +# libsamba-policy & helpers and dckeytab python libs moved to python3-samba + samba-libs (<< 2:4.16.0+dfsg-1~), samba (<< 2:4.16.0+dfsg-1~) +Recommends: python3-gpg +Description: Python 3 bindings for Samba + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains Python 3 bindings for most Samba libraries. + +Package: samba-dsdb-modules +Architecture: any +Multi-Arch: same +Section: libs +Depends: libgpgme11, + samba-libs (= ${binary:Version}), + ${ldb:Depends}, + ${misc:Depends}, + ${shlibs:Depends} +Enhances: libldb2 +Description: Samba Directory Services Database + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package contains LDB plugins which add support for various Active + Directory features to the LDB library. + +Package: samba-vfs-modules +Architecture: any +Multi-Arch: same +Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Recommends: ${vfsmods:Depends} +# move libdfs-server-ad-samba4.so.0 samba-libs=>samba-vfs-modules in 4.19.0~rc1 +Replaces: samba-libs (<< 2:4.19.0~) +Breaks: samba-libs (<< 2:4.19.0~) +Enhances: samba +Description: Samba Virtual FileSystem plugins + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + Virtual FileSystem modules are stacked shared libraries extending the + functionality of Samba. Some examples are: + * vfs_acl_xattr: Save NTFS-ACLs in Extended Attributes + * vfs_audit: record selected Samba VFS operations in the system log + * vfs_readonly: Make a Samba share read only for a specified time period + * vfs_recycle: Give the same effect as the Recycle Bin on Windows computers + * vfs_shadow_copy2: Expose snapshots to Windows clients as shadow copies + * vfs_worm: Disallow writes for older file + . + Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are + moved to Recommends. + +Package: libsmbclient0 +Provides: ${t64:Provides} +X-Time64-Compat: libsmbclient +Replaces: libsmbclient +Breaks: libsmbclient (<< ${source:Version}) +Section: libs +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: samba-libs (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: shared library for communication with SMB/CIFS servers + This package provides a shared library that enables client applications + to talk to Microsoft Windows and Samba servers using the SMB/CIFS + protocol. + +Package: libsmbclient-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: libsmbclient0 (= ${binary:Version}), ${misc:Depends} +Description: development files for libsmbclient0 + This package provides the development files (static library and headers) + required for building applications against libsmbclient, a library that + enables client applications to talk to Microsoft Windows and Samba servers + using the SMB/CIFS protocol. + +Package: winbind +Pre-Depends: ${misc:Pre-Depends} +Architecture: any +Multi-Arch: allowed +Depends: samba-common (= ${source:Version}), + samba-common-bin (=${binary:Version}), +# wbinfo (linked with libwbclient) which should use the same protocol + libwbclient0 (=${binary:Version}), +# for groupadd in postinst + passwd, + ${misc:Depends}, + ${shlibs:Depends} +Enhances: libkrb5-26-heimdal <!pkg.samba.mitkrb5> +Suggests: libnss-winbind, libpam-winbind +# 4.16.6+dfsg-5 idmap_{script,rfc2307}.8 moved samba{,-libs} => winbind +Breaks: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), +Replaces: samba (<< 2:4.16.6+dfsg-5~), samba-libs (<< 2:4.16.6+dfsg-5~), +Description: service to resolve user and group information from Windows NT servers + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file sharing with Microsoft Windows, OS X, + and other Unix systems. Samba can also function as a domain controller + or member server in Active Directory or NT4-style domains. + . + This package provides winbindd, a daemon which integrates authentication + and directory service (user/group lookup) mechanisms from a Windows + domain on a Linux system. + . + Winbind based user/group lookups via /etc/nsswitch.conf can be enabled via + the libnss-winbind package. Winbind based Windows domain authentication can + be enabled via the libpam-winbind package. + +Package: libpam-winbind +Section: admin +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: libpam-runtime (>= 1.0.1-6), + libpam0g (>= 1.1.3-2~), + winbind:any (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Suggests: libnss-winbind +Description: Windows domain authentication integration plugin + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. Samba can also function + as an NT4-style domain controller, and can integrate with both NT4 domains + and Active Directory realms as a member server. + . + This package provides pam_winbind, a plugin that integrates with a local + winbindd server to provide Windows domain authentication to the system. + +Package: libnss-winbind +Section: admin +Architecture: any +Multi-Arch: same +Depends: winbind:any (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Suggests: libpam-winbind +Description: Samba nameservice integration plugins + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. Samba can also function + as an NT4-style domain controller, and can integrate with both NT4 domains + and Active Directory realms as a member server. + . + This package provides nss_winbind, a plugin that integrates + with a local winbindd server to provide user/group name lookups to the + system; and nss_wins, which provides hostname lookups via both the NBNS and + NetBIOS broadcast protocols. + +Package: libwbclient0 +Section: libs +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: samba-libs (<< 2:4.11.0+dfsg-1~) +Description: Samba winbind client library + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package provides a library for client applications that interact + via the winbind pipe protocol with a Samba winbind server. + +Package: libwbclient-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: libwbclient0 (= ${binary:Version}), ${misc:Depends} +Breaks: samba-libs (<< 2:4.11.0+dfsg-1~), samba-dev (<< 2:4.11) +Replaces: samba-dev (<< 2:4.11) +Description: Samba winbind client library - development files + Samba is an implementation of the SMB/CIFS protocol for Unix systems, + providing support for cross-platform file and printer sharing with + Microsoft Windows, OS X, and other Unix systems. + . + This package provides the development files (static library and headers) + required for building applications against libwbclient, a library for client + applications that interact via the winbind pipe protocol with a Samba + winbind server. + +Package: ctdb +Architecture: any +Multi-Arch: foreign +Depends: iproute2 [linux-any], + psmisc, + samba-libs (= ${binary:Version}), + sudo, + tdb-tools, + time, + ${misc:Depends}, + ${shlibs:Depends} +Recommends: ethtool [linux-any], python3:any, python3-etcd, ${rados:Depends} +Suggests: lsof +Description: clustered database to store temporary data + CTDB is a cluster implementation of the TDB database used by Samba and other + projects to store temporary data. If an application is already using TDB for + temporary data it is very easy to convert that application to be cluster aware + and use CTDB instead. + . + CTDB provides the same types of functions as TDB but in a clustered fashion, + providing a TDB-style database that spans multiple physical hosts in a cluster. + . + Features include: + * CTDB provides a TDB that has consistent data and consistent locking across + all nodes in a cluster. + * CTDB is very fast. + * In case of node failures, CTDB will automatically recover and repair all TDB + databases that it manages. + * CTDB is the core component that provides pCIFS ("parallel CIFS") with + Samba3/4. + * CTDB provides HA features such as node monitoring, node failover, and IP + takeover. + * CTDB provides a reliable messaging transport to allow applications linked + with CTDB to communicate to other instances of the application running on + different nodes in the cluster. + * CTDB has pluggable transport backends. Currently implemented backends are + TCP and Infiniband. + * CTDB supports a system of application specific management scripts, allowing + applications that depend on network or filesystem resources to be managed in + a highly available manner on a cluster. + +Package: libldb2 +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Architecture: any +Section: libs +Depends: ${misc:Depends}, + ${shlibs:Depends} +Breaks: ldb-tools (<<1.1.30~), + samba (<<2:4.7.0~), + samba-dsdb-modules (<< 2:4.7.0~), + samba-libs (<< 2:4.19.0~), + samba-testsuite (<< 2:4.7.0~) +Description: LDAP-like embedded database - shared library + ldb is a LDAP-like embedded database built on top of TDB. + . + It provides a fast database with an LDAP-like API designed + to be used within an application. In some ways it can be seen as a + intermediate solution between key-value pair databases and a real LDAP + database. + . + This package contains the shared library file. + +Package: ldb-tools +Section: utils +Architecture: any +Depends: ${misc:Depends}, + ${shlibs:Depends} +Description: LDAP-like embedded database - tools + ldb is a LDAP-like embedded database built on top of TDB. + . + What ldb does is provide a fast database with an LDAP-like API designed + to be used within an application. In some ways it can be seen as a + intermediate solution between key-value pair databases and a real LDAP + database. + . + This package contains bundled test and utility binaries + +Package: libldb-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: libc6-dev, + libldb2 (= ${binary:Version}), + libtalloc-dev, + libtevent-dev, + libtdb-dev, + ${misc:Depends} +Description: LDAP-like embedded database - development files + ldb is a LDAP-like embedded database built on top of TDB. + . + What ldb does is provide a fast database with an LDAP-like API designed + to be used within an application. In some ways it can be seen as a + intermediate solution between key-value pair databases and a real LDAP + database. + . + This package contains the development files. + +Package: python3-ldb +Pre-Depends: ${misc:Pre-Depends} +Section: python +Architecture: any +Depends: libldb2 (= ${binary:Version}), + ${misc:Depends}, + ${python3:Depends}, + ${shlibs:Depends} +Description: Python 3 bindings for LDB + ldb is a LDAP-like embedded database built on top of TDB. + . + This package contains the Python 3 bindings. + +Package: python3-ldb-dev +Section: libdevel +Architecture: any +Depends: libc6-dev, + libldb-dev, + python3-ldb (= ${binary:Version}), + ${misc:Depends} +Description: LDB Python 3 bindings - development files + ldb is a LDAP-like embedded database built on top of TDB. + . + It is a fast database with an LDAP-like API designed + to be used within an application. In some ways it can be seen as a + intermediate solution between key-value pair databases and a real LDAP + database. + . + This package contains the development files for the Python 3 bindings. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..a45a94c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,628 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: samba +Upstream-Contact: Samba Developers <samba-technical@lists.samba.org> +Source: http://www.samba.org/ +Files-Excluded: + third_party/heimdal/lib/wind/rfc*.txt + third_party/heimdal/doc/standardisation + source4/ldap_server/devdocs + docs/manpages/*.? + ctdb/doc/*.? ctdb/doc/*.?.html + +Files: * +Copyright: 1992-2012 Andrew Tridgell and the Samba Team +License: GPL-3.0+ + +Files: third_party/heimdal/* +Copyright: + 1996-2005 Kungliga Tekniska Högskolan + (Royal Institute of Technology, Stockholm, Sweden). +License: BSD-3 + +Files: source4/setup/ad-schema/*.txt +Comment: part of the Microsoft protocol documentation +Copyright: Microsoft Corporation +License: MS-ADSL + License for the Active Directory schemas: + . + Intellectual Property Rights Notice for Protocol Documentation. + . + Copyrights. + This protocol documentation is covered by Microsoft copyrights. Regardless + of any other terms that are contained in the terms of use for the Microsoft + website that hosts this documentation, you may make copies of it in order to + develop implementations of the protocols, and may distribute portions of it + in your implementations of the protocols or your documentation as necessary + to properly document the implementation. You may also distribute in your + implementation, with or without modification, any schema, IDL’s, or code + samples that are included in the documentation. This permission also applies + to any documents that are referenced in the protocol documentation. + . + No Trade Secrets. + Microsoft does not claim any trade secret rights in this documentation. + . + Patents. + Microsoft has patents that may cover your implementations of the protocols. + Neither this notice nor Microsoft's delivery of the documentation grants any + licenses under those or any other Microsoft patents. However, the protocols + may be covered by Microsoft's Open Specification Promise (available here: + http://www.microsoft.com/interop/osp). If you would prefer a written + license, or if the protocols are not covered by the OSP, patent + licenses are available by contacting protocol@microsoft.com. + . + Trademarks. + The names of companies and products contained in this documentation may be + covered by trademarks or similar intellectual property rights. This notice + does not grant any licenses under those rights. + . + Reservation of Rights. + All other rights are reserved, and this notice does not grant any rights + other than specifically described above, whether by implication, estoppel, + or otherwise. + . + Tools. + This protocol documentation is intended for use in conjunction with + publicly available standard specifications and network programming art, + and assumes that the reader either is familiar with the aforementioned + material or has immediate access to it. A protocol specification does not + require the use of Microsoft programming tools or programming environments + in order for you to develop an implementation. If you have access to + Microsoft programming tools and environments you are free to take + advantage of them. + +Files: debian/* +Copyright: + 2005-2012 Jelmer Vernooij <jelmer@debian.org> + 2005-2006 Steinar H. Gunderson + 2001-2011 Steve Langasek <vorlon@debian.org>, + 2005-2012 Christian Perrier <bubulle@debian.org>, + 2005-2008 Noèl Köthe <noel@debian.org>, + 2005-2008 Peter Eisentraut <petere@debian.org>, et al. +License: GPL-3 + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 3 dated June, 2007. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GPL v3 can be found in + /usr/share/common-licenses/GPL-3 + +Files: lib/ldb/common/qsort.c +Copyright: 1991,1992,1996,1997,1999,2004 Free Software Foundation, Inc. +License: LGPL-3.0+ + +Files: lib/ldb/tools/* +Copyright: + 2004-2010 Andrew Tridgell <tridge@samba.org> + 2004 Stefan Metzmacher + 2009 Matthieu Patou +License: GPL-3.0+ + +Files: lib/replace/*.c +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) Andrew Tridgell 1994-2006 + Copyright (c) Jeremy Allison 2000-2003,2007 + Copyright (c) Michael Adam <obnox@samba.org> 2008 + Copyright (c) Patrick Powell 1995 + Copyright (c) Free Software Foundation, Inc. 1991-2001 + Copyright (c) Jelmer Vernooij 2006-2009 + Copyright (c) Andreas Schneider 2009-2015 + Copyright (c) Volker Lendecke 2011-2016 + Copyright (c) Internet Software Consortium 1996-2001 + Copyright (c) Aris Adamantiadis 2003-2009 + Copyright (c) Aleksandar Kanchev 2009 + Copyright (c) Matthieu Patou 2010 +License: LGPL-3.0+ + +Files: lib/replace/getaddrinfo.* +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) PostgreSQL Global Development Group 1996-2007 + Copyright (c) The Regents of the University of California 1994 +License: PostgreSQL + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose, without fee, and without a written agreement + is hereby granted, provided that the above copyright notice and this paragraph + and the following two paragraphs appear in all copies. + . + IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, + EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS + TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + +Files: lib/replace/inet_ntop.c lib/replace/inet_pton.c +Comment: This file is not used when building the Debian package. +Copyright: Internet Software Consortium. 1996-2001 +License: ISC + +Files: lib/replace/snprintf.c +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) Patrick Powell 1995 + Copyright (c) Brandon Long <blong@fiction.net> 1997 + Copyright (c) Thomas Roessler <roessler@guug.de> 1998 + Copyright (c) Michael Elkins <me@cs.hmc.edu> 1998 + Copyright (c) Andrew Tridgell (tridge@samba.org) 1998-2001 + Copyright (c) Martin Pool 2003 + Copyright (c) Darren Tucker (dtucker@zip.com.au) 2005 + Copyright (c) Simo Sorce (idra@samba.org) 2006 +License: BSD-3 + +Files: lib/replace/strptime.c +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) Ulrich Drepper <drepper@cygnus.com>, 1996 +License: LGPL-3.0+ + +Files: lib/replace/timegm.c +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) Kungliga Tekniska Högskolan 1997 +License: BSD-3 + +Files: lib/replace/xattr.c +Comment: This file is not used when building the Debian package. +Copyright: + Copyright (c) Jeremy Allison 1998-2005 + Copyright (C) Timur Bakeyev 2005 + Copyright (C) Bjoern Jacke 2006-2007 + Copyright (C) Herb Lewis 2003 + Copyright (C) Andrew Bartlett 2012 +License: LGPL-3.0+ + +Files: lib/talloc/* +Copyright: + 2004-2010 Andrew Tridgell + 2008-2011 Jelmer Vernooij + 2006-2009 Stefan Metzmacher + 2015 Petr Viktorin <pviktori@redhat.com> +License: LGPL-3.0+ + +Files: lib/talloc/pytalloc* +Copyright: + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2011 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2016 +License: GPL-3.0+ + +Files: lib/tdb/* +Copyright: + 2000-2010 Rusty Russell + 1999-2010 Andrew Tridgell + 2000-2006 Jeremy Allison + 2010 Volker Lendecke + 2005 Simon McVittie + 2001 Andrew Esh + 2004-2006 Tim Potter + 2007-2008 Jelmer Vernooij +License: LGPL-3.0+ + +Files: lib/tevent/* +Copyright: + 2008 Volker Lendecke + 2005-2010 Stefan Metzmacher + 2003-2010 Andrew Tridgell + 2010 Jelmer Vernooij +License: LGPL-3.0+ + +Files: + buildtools/bin/waf + buildtools/wafsamba/stale_files.py + third_party/waf/* +Comment: See https://gitlab.com/ita1024/waf/blob/master/waf-light#L6 +Copyright: + Copyright Scott Newton, 2005 (scottn) + Copyright Thomas Nagy, 2005-2018 (ita) +License: BSD-3 + +Files: + third_party/waf/waflib/extras/bjam.py + third_party/waf/waflib/extras/proc.py + third_party/waf/waflib/extras/softlink_libs.py +Copyright: + Copyright rosengren 2011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/blender.py +Copyright: + Copyright Michal Proszek, 2014 (poxip) +License: BSD-3 + +Files: third_party/waf/waflib/extras/boo.py +Copyright: + Copyright Yannick LM 2011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/boost.py +Copyright: + Copyright Gernot Vormayr + Copyright Ruediger Sonderfeld <ruediger@c-plusplus.de>, 2008 + Copyright Bjoern Michaelsen, 2008 + Copyright Luca Fossati, 2008 + Copyright Thomas Nagy, 2008 + Copyright Sylvain Rouquette, 2011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/buildcopy.py +Copyright: + Copyright Calle Rosenquist, 2017 (xbreak) +License: BSD-3 + +Files: third_party/waf/waflib/extras/cabal.py +Copyright: + Copyright Anton Feldmann, 2012 +License: BSD-3 + +Files: + third_party/waf/waflib/extras/c_bgxlc.py + third_party/waf/waflib/extras/c_nec.py + third_party/waf/waflib/extras/fc_bgxlf.py + third_party/waf/waflib/extras/fc_cray.py + third_party/waf/waflib/extras/fc_nag.py + third_party/waf/waflib/extras/fc_nec.py + third_party/waf/waflib/extras/fc_open64.py + third_party/waf/waflib/extras/fc_solstudio.py + third_party/waf/waflib/extras/fc_xlf.py +Copyright: + Copyright harald at klimachs.de +License: BSD-3 + +Files: third_party/waf/waflib/extras/clang_compilation_database.py +Copyright: + Copyright Christoph Koke, 2013 +License: BSD-3 + +Files: third_party/waf/waflib/extras/codelite.py +Copyright: + Copyright Christian Klein (chrikle@berlios.de) +License: BSD-3 + +Files: + third_party/waf/waflib/extras/color_gcc.py + third_party/waf/waflib/extras/color_rvct.py + third_party/waf/waflib/extras/cross_gnu.py + third_party/waf/waflib/extras/dcc.py + third_party/waf/waflib/extras/halide.py + third_party/waf/waflib/extras/qnxnto.py + third_party/waf/waflib/extras/remote.py + third_party/waf/waflib/extras/rst.py + third_party/waf/waflib/extras/ticgt.py +Copyright: + Copyright Jérôme Carretero, 2011-2014 +License: BSD-3 + +Files: third_party/waf/waflib/extras/cppcheck.py +Copyright: + Copyright Michel Mooij, michel.mooij7@gmail.com +License: BSD-3 + +Files: + third_party/waf/waflib/extras/cpplint.py + third_party/waf/waflib/extras/freeimage.py + third_party/waf/waflib/extras/pep8.py +Copyright: + Copyright Sylvain Rouquette, 2011-2014 +License: BSD-3 + +Files: third_party/waf/waflib/extras/dpapi.py +Copyright: + Copyright Matt Clarkson, 2012 +License: BSD-3 + +Files: third_party/waf/waflib/extras/eclipse.py +Copyright: + Copyright Richard Quirk 2009-1011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/erlang.py +Copyright: + Copyright Thomas Nagy, 2010 (ita) + Copyright Przemyslaw Rzepecki, 2016 +License: BSD-3 + +Files: third_party/waf/waflib/extras/fluid.py third_party/waf/waflib/extras/objcopy.py +Copyright: + Copyright Grygoriy Fuchedzhy 2009-2010 +License: BSD-3 + +Files: third_party/waf/waflib/extras/gdbus.py third_party/waf/waflib/extras/msvcdeps.py +Copyright: + Copyright Copyright Garmin International or its subsidiaries, 2012-2018 +License: BSD-3 + +Files: + third_party/waf/waflib/extras/gob2.py + third_party/waf/waflib/Tools/dbus.py + third_party/waf/waflib/Tools/gnu_dirs.py +Copyright: + Copyright Ali Sabil, 2007 +License: BSD-3 + +Files: third_party/waf/waflib/extras/javatest.py third_party/waf/waflib/extras/pyqt5.py +Copyright: + Copyright Federico Pellegrin, 2016-2018 (fedepell) +License: BSD-3 + +Files: third_party/waf/waflib/extras/midl.py +Copyright: + Copyright ultrix gmail com +License: BSD-3 + +Files: third_party/waf/waflib/extras/msvs.py +Copyright: + Copyright Avalanche Studios 2009-2011 + Copyright Thomas Nagy 2011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/pch.py +Copyright: + Copyright Alexander Afanasyev (UCLA), 2014 +License: BSD-3 + +Files: third_party/waf/waflib/extras/pgicc.py third_party/waf/waflib/extras/pgicxx.py +Copyright: + Copyright Antoine Dechaume 2011 +License: BSD-3 + +Files: third_party/waf/waflib/extras/protoc.py +Copyright: + Copyright Philipp Bender, 2012 + Copyright Matt Clarkson, 2012 +License: BSD-3 + +Files: third_party/waf/waflib/extras/pytest.py +Copyright: + Copyright Calle Rosenquist, 2016-2018 (xbreak) +License: BSD-3 + +Files: third_party/waf/waflib/extras/review.py +Copyright: + Copyright Laurent Birtz, 2011 +License: BSD-3 + +Files: + third_party/waf/waflib/extras/run_do_script.py + third_party/waf/waflib/extras/run_m_script.py + third_party/waf/waflib/extras/run_py_script.py + third_party/waf/waflib/extras/run_r_script.py +Copyright: + Copyright Hans-Martin von Gaudecker, 2012 +License: BSD-3 + +Files: third_party/waf/waflib/extras/sas.py +Copyright: + Copyright Mark Coggeshall, 2010 +License: BSD-3 + +Files: third_party/waf/waflib/extras/swig.py +Copyright: + Copyright Petar Forai + Copyright Thomas Nagy 2008-2010 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/extras/use_config.py +Copyright: + Copyright Mathieu Courtois - EDF R&D, 2013 - http://www.code-aster.org +License: BSD-3 + +Files: third_party/waf/waflib/extras/valadoc.py +Copyright: + Copyright Nicolas Joseph 2009 +License: BSD-3 + +Files: third_party/waf/waflib/extras/xcode6.py +Copyright: + Copyright Nicolas Mercier 2011 + Copyright Simon Warg 2015, https://github.com/mimom +License: BSD-3 + +Files: third_party/waf/waflib/Tools/ar.py +Copyright: + Copyright Thomas Nagy, 2006-2018 (ita) + Copyright Ralf Habacker, 2006 (rh) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/bison.py +Copyright: + Copyright John O'Meara, 2006 + Copyright Thomas Nagy 2009-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/clang.py +Copyright: + Copyright Krzysztof KosiÅ„ski 2014 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/compiler_c.py third_party/waf/waflib/Tools/compiler_cxx.py +Copyright: + Copyright Matthias Jahn jahn dôt matthias ât freenet dôt de, 2007 (pmarat) +License: BSD-3 + +Files: + third_party/waf/waflib/Tools/compiler_d.py + third_party/waf/waflib/Tools/dmd.py + third_party/waf/waflib/Tools/d.py + third_party/waf/waflib/Tools/gdc.py + third_party/waf/waflib/Tools/waf_unit_test.py +Copyright: + Copyright Carlos Rafael Giani, 2006-2007 (dv) + Copyright Thomas Nagy, 2008-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/flex.py +Copyright: + Copyright John O'Meara, 2006 + Thomas Nagy, 2006-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/g95.py +Copyright: + Copyright KWS 2010 + Copyright Thomas Nagy 2016-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/gcc.py third_party/waf/waflib/Tools/gxx.py +Copyright: + Copyright Thomas Nagy, 2006-2018 (ita) + Copyright Ralf Habacker, 2006 (rh) + Copyright Yinon Ehrlich, 2009 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/icc.py +Copyright: + Copyright Stian Selnes 2008 + Copyright Thomas Nagy 2009-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/ldc2.py +Copyright: + Copyright Alex Rønne Petersen, 2012 (alexrp/Zor) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/lua.py +Copyright: + Copyright Sebastian Schlingmann, 2008 + Copyright Thomas Nagy, 2008-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/msvc.py +Copyright: + Copyright Carlos Rafael Giani, 2006 (dv) + Copyright Tamas Pal, 2007 (folti) + Copyright Nicolas Mercier, 2009 + Copyright Matt Clarkson, 2012 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/perl.py +Copyright: + Copyright andersg at 0x63.nu 2007 + Copyright Thomas Nagy 2016-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/python.py +Copyright: + Copyright Thomas Nagy, 2007-2015 (ita) + Copyright Gustavo Carneiro (gjc), 2007 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/ruby.py +Copyright: + Copyright daniel.svensson at purplescout.se 2008 + Copyright Thomas Nagy 2016-2018 (ita) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/suncc.py third_party/waf/waflib/Tools/suncxx.py +Copyright: + Copyright Thomas Nagy, 2006-2018 (ita) + Copyright Ralf Habacker, 2006 (rh) +License: BSD-3 + +Files: third_party/waf/waflib/Tools/vala.py +Copyright: + Copyright Ali Sabil, 2007 + Copyright RadosÅ‚aw SzkodziÅ„ski, 2010 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/winres.py +Copyright: + Copyright Brant Young, 2007 +License: BSD-3 + +Files: third_party/waf/waflib/Tools/xlc.py third_party/waf/waflib/Tools/xlcxx.py +Copyright: + Copyright Thomas Nagy, 2006-2018 (ita) + Copyright Ralf Habacker, 2006 (rh) + Copyright Yinon Ehrlich, 2009 + Copyright Michael Kuhn, 2009 +License: BSD-3 + +License: ISC + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: BSD-3 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License: LGPL-3.0+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-3". + +License: GPL-3.0+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff --git a/debian/ctdb.NEWS b/debian/ctdb.NEWS new file mode 100644 index 0000000..e147490 --- /dev/null +++ b/debian/ctdb.NEWS @@ -0,0 +1,55 @@ +samba (2:4.9.0+dfsg-1) experimental; urgency=medium + + From WHATSNEW.txt: + + CTDB changes + ------------ + + There are many changes to CTDB in this release. + + * Configuration has been completely overhauled + + - Daemon and tool options are now specified in a new ctdb.conf + Samba-style configuration file. See ctdb.conf(5) for details. + + - Event script configuration is no longer specified in the top-level + configuration file. It can now be specified per event script. + For example, configuration options for the 50.samba event script + can be placed alongside the event script in a file called + 50.samba.options. Script options can also be specified in a new + script.options file. See ctdb-script.options(5) for details. + + - Options that affect CTDB startup should be configured in the + distribution-specific configuration file. See ctdb.sysconfig(5) + for details. + + - Tunable settings are now loaded from ctdb.tunables. Using + CTDB_SET_TunableVariable=<value> in the main configuration file is + no longer supported. See ctdb-tunables(7) for details. + + A example script to migrate an old-style configuration to the new + style is available in ctdb/doc/examples/config_migrate.sh. + + * The following configuration variables and corresponding ctdbd + command-line options have been removed and not replaced with + counterparts in the new configuration scheme: + + CTDB_PIDFILE --pidfile + CTDB_SOCKET --socket + CTDB_NODES --nlist + CTDB_PUBLIC_ADDRESSES --public-addresses + CTDB_EVENT_SCRIPT_DIR --event-script-dir + CTDB_NOTIFY_SCRIPT --notification-script + CTDB_PUBLIC_INTERFACE --public-interface + CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors + + - The compile-time defaults should be used for the first 6 of these. + - Use a symbolic link from the configuration directory to specify a + different location for nodes or public_addresses (e.g. in the + cluster filesystem). + - Executable notification scripts in the notify.d/ subdirectory of + the configuration directory are now run by unconditionally. + - Interfaces for public IP addresses must always be specified in the + public_addresses file using the currently supported format. + + -- Mathieu Parent <sathieu@debian.org> Sat, 22 Sep 2018 07:47:32 +0200 diff --git a/debian/ctdb.README.hurd b/debian/ctdb.README.hurd new file mode 100644 index 0000000..647874a --- /dev/null +++ b/debian/ctdb.README.hurd @@ -0,0 +1,14 @@ +CTDB has the following limitations on GNU Hurd: + +- The pid of a peer is not get from the socket [1]. As a consequence, the peer + process is not killed when releasing IP [2]. + +- network interfaces are always considered present [3] + +- Some other functions are not yet supported [4] + +[1]: ctdb_get_peer_pid() in common/system_gnu.c +[2]: release_kill_clients() in server/ctdb_takeover.c +[3]: ctdb_sys_check_iface_exists() in common/system_gnu.c +[4]: See FIXME in common/system_gnu.c (ctdb_sys_send_arp(), + ctdb_get_process_name(), ctdb_get_lock_info(), ctdb_get_blocker_pid()) diff --git a/debian/ctdb.README.kfreebsd b/debian/ctdb.README.kfreebsd new file mode 100644 index 0000000..6bf9b42 --- /dev/null +++ b/debian/ctdb.README.kfreebsd @@ -0,0 +1,14 @@ +CTDB has the following limitations on Debian/kFreeBSD: + +- The pid of a peer is not get from the socket [1]. As a consequence, the peer + process is not killed when releasing IP [2]. + +- network interfaces are always considered present [3] + +- Some other functions are not yet supported [4] + +[1]: ctdb_get_peer_pid() in common/system_kfreebsd.c +[2]: release_kill_clients() in server/ctdb_takeover.c +[3]: ctdb_sys_check_iface_exists() in common/system_kfreebsd.c +[4]: See FIXME in common/system_kfreebsd.c (ctdb_sys_send_arp(), + ctdb_get_process_name(), ctdb_get_lock_info(), ctdb_get_blocker_pid()) diff --git a/debian/ctdb.dirs b/debian/ctdb.dirs new file mode 100644 index 0000000..3907a72 --- /dev/null +++ b/debian/ctdb.dirs @@ -0,0 +1,5 @@ +var/log/ctdb +var/lib/ctdb +var/lib/ctdb/persistent +var/lib/ctdb/state +var/lib/ctdb/volatile diff --git a/debian/ctdb.docs b/debian/ctdb.docs new file mode 100644 index 0000000..187aaae --- /dev/null +++ b/debian/ctdb.docs @@ -0,0 +1,3 @@ +ctdb/README +ctdb/doc/*.txt +debian/tmp/ctdb/README.* diff --git a/debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf b/debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf new file mode 100644 index 0000000..9bb3227 --- /dev/null +++ b/debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf @@ -0,0 +1,5 @@ +# CTDB: /etc/sysctl.d/98-nfs-static-ports.conf + +fs.nfs.nfs_callback_tcpport = 32764 +fs.nfs.nlm_tcpport = 32768 +fs.nfs.nlm_udpport = 32768 diff --git a/debian/ctdb.example/nfs-kernel-server/enable-nfs.sh b/debian/ctdb.example/nfs-kernel-server/enable-nfs.sh new file mode 100755 index 0000000..2346601 --- /dev/null +++ b/debian/ctdb.example/nfs-kernel-server/enable-nfs.sh @@ -0,0 +1,186 @@ +#!/bin/bash -e + +base="/usr/share/doc/ctdb/examples/nfs-kernel-server/" +logfile="/tmp/enable-ctdb-nfs.$$.log" ; touch $logfile ; +ghostname="" + +# functions --------- + +die() { echo error: $@; echo ; exit 1; }; +getout() { echo exit: $@; echo ; exit 0; }; +stopservice() { echo stopping $1... ; systemctl stop $1 2>&1 >> $logfile 2>&1; } +disableservice() { echo disabling $1... ; systemctl disable $1 2>&1 >> $logfile 2>&1; } +startservice() { echo starting $1... ; systemctl start $1 2>&1 >> $logfile 2>&1; } +sysctlrefresh() { echo refreshing sysctl... ; sysctl --system 2>&1 >> $logfile 2>&1; } + +backupfile() { + echo backing up $1 + [ -f $1.prvctdb ] && die "backup file $1 already exists!" + [ -f $1 ] && cp $1 $1.prvctdb || true +} + +renamefiles() { + for f; do + [ -f "$f" ] || continue + echo "Renaming $f to $f.prvctdb" + mv "$f" "$f".prvctdb + done +} + +checkservice() { + (systemctl list-unit-files | grep -q $1.service) || die "service $1 not found" +} + +replacefile() { + + origfile=$1 + replfile=$2 + + + [ ! -f $base/$origfile ] && die "coult not find $base/$origfile" + + echo replacing $replfile... + cp $base/$origfile $replfile +} + +appendfile() { + + origfile=$1 + replfile=$2 + + [ ! -f $base/$origfile ] && die "coult not find $base/$origfile" + + echo appending $base/$origfile to $replfile... + cat $base/$origfile >> $replfile +} + +execnfsenv() { + + file=$1 ; [ -f $file ] || due "inexistent file $file"; + + echo executing $file... + + $file 2>&1 >> $logfile 2>&1; +} + +fixnfshostname() { + + type nfsconf > /dev/null 2>&1 || die "nfsconf(8) not found" + + if [ "$ghostname" == "" ]; then + echo "What is the FQDN for the public IP address of this host ?" + echo -n "> " + read ghostname + fi + + echo "Setting $ghostname in nfs.conf..." + nfsconf --set statd name "$ghostname" +} + +# end of functions -- + +[ $UID != 0 ] && die "you need root privileges" + +echo """ +This script will enable CTDB NFS HA by changing the following files: + +(1) /etc/nfs.conf ( replace ) +(2) /etc/nfs.conf.d/*.conf ( rename ) +(3) /etc/services ( append ) +(4) /etc/sysctl.d/98-nfs-static-ports.conf ( create ) +(5) /etc/default/quota ( replace ) + +and disabling the following services, as they will be managed +by ctdb: + +(1) rpcbind +(2) nfs-kernel-server +(3) rpc.rquotad + +Obs: + - replaced files keep previous versions as "file".prevctdb + - dependant services will also be stopped +""" + +while true; do + echo -n "Do you agree with this change ? (N/y) => " + read answer + [ "$answer" == "n" ] && getout "exiting without any changes" + [ "$answer" == "y" ] && break +done + + +echo "checking requirements..." + +checkservice nfs-kernel-server +checkservice quota +checkservice rpcbind + +echo "requirements okay!" +echo + +backupfile /etc/nfs.conf +renamefiles /etc/nfs.conf.d/*.conf +backupfile /etc/services +backupfile /etc/default/quota +echo + +set +e + +stopservice ctdb.service +stopservice quota.service +stopservice nfs-kernel-server.service +stopservice rpcbind.service +stopservice rpcbind.socket +stopservice rpcbind.target +echo + +disableservice ctdb.service +disableservice quota.service +disableservice nfs-kernel-server.service +disableservice rpcbind.service +disableservice rpcbind.socket +disableservice rpcbind.target +echo + +set -e + +replacefile nfs.conf /etc/nfs.conf +replacefile 98-nfs-static-ports.conf /etc/sysctl.d/98-nfs-static-ports.conf +replacefile quota /etc/default/quota +echo + +appendfile services /etc/services +echo + +fixnfshostname +echo + +sysctlrefresh +echo + +echo """Finished! Make sure to configure properly: + + - /etc/exports (containing the clustered fs to be exported) + - /etc/ctdb/nodes (containing all your node private IPs) + - /etc/ctdb/public_addressess (containing public addresses) + +A log file can be found at: + + - /tmp/enable-ctdb-nfs.$$.log + +Remember: + + - to place a cluster lock in /etc/ctdb/ctdb.conf: + ... + [cluster] + cluster lock = /clustered.filesystem/.reclock + ... + +And, make sure you enable ctdb service again: + + - systemctl enable ctdb.service + - systemctl start ctdb.service + +Enjoy! +""" diff --git a/debian/ctdb.example/nfs-kernel-server/nfs.conf b/debian/ctdb.example/nfs-kernel-server/nfs.conf new file mode 100644 index 0000000..5cfa13a --- /dev/null +++ b/debian/ctdb.example/nfs-kernel-server/nfs.conf @@ -0,0 +1,20 @@ +[general] +pipefs-directory = /run/rpc_pipefs + +[lockd] +port = 32768 +udp-port = 32768 + +[mountd] +manage-gids = 1 +port = 32767 + +[nfsd] +threads = 8 +vers4 = n + +[statd] +ha-callout = /etc/ctdb/statd-callout +name = @NFS_HOSTNAME@ +outgoing-port = 32766 +port = 32765 diff --git a/debian/ctdb.example/nfs-kernel-server/quota b/debian/ctdb.example/nfs-kernel-server/quota new file mode 100644 index 0000000..00eab66 --- /dev/null +++ b/debian/ctdb.example/nfs-kernel-server/quota @@ -0,0 +1,5 @@ +# Set to "true" if warnquota should be run in cron.daily +run_warnquota= + +# Add options to rpc.rquotad here +RPCRQUOTADOPTS="-p 32769" diff --git a/debian/ctdb.example/nfs-kernel-server/services b/debian/ctdb.example/nfs-kernel-server/services new file mode 100644 index 0000000..3ff6b1d --- /dev/null +++ b/debian/ctdb.example/nfs-kernel-server/services @@ -0,0 +1,16 @@ +# CTDB: fixed NFS/RPC service ports for clustering + +rpc.nfsd 2049/tcp # RPC nfsd +rpc.nfsd 2049/udp # RPC nfsd +rpc.nfs-cb 32764/tcp # RPC nfs callback +rpc.nfs-cb 32764/udp # RPC nfs callback +rpc.statd-bc 32765/tcp # RPC statd broadcast +rpc.statd-bc 32765/udp # RPC statd broadcast +rpc.statd 32766/tcp # RPC statd listen +rpc.statd 32766/udp # RPC statd listen +rpc.mountd 32767/tcp # RPC mountd +rpc.mountd 32767/udp # RPC mountd +rpc.lockd 32768/tcp # RPC lockd/nlockmgr +rpc.lockd 32768/udp # RPC lockd/nlockmgr +rpc.quotad 32769/tcp # RPC quotad +rpc.quotad 32769/udp # RPC quotad diff --git a/debian/ctdb.examples b/debian/ctdb.examples new file mode 100644 index 0000000..cad960b --- /dev/null +++ b/debian/ctdb.examples @@ -0,0 +1,2 @@ +ctdb/doc/examples/* +debian/ctdb.example/nfs-kernel-server/ diff --git a/debian/ctdb.install b/debian/ctdb.install new file mode 100755 index 0000000..46c385a --- /dev/null +++ b/debian/ctdb.install @@ -0,0 +1,30 @@ +#!/usr/bin/dh-exec --with-scripts=filter-arch +ctdb/config/ctdb.conf etc/ctdb +ctdb/config/ctdb.tunables etc/ctdb +ctdb/config/script.options etc/ctdb +etc/ctdb +etc/sudoers.d +usr/bin/ctdb +usr/bin/ctdb_diagnostics +usr/bin/ltdbtool +usr/bin/onnode +usr/bin/ping_pong +usr/libexec/ctdb/ +usr/lib/*/samba/libctdb-event-client-private-samba.so.0 +usr/lib/*/samba/libtalloc-report-private-samba.so.0 +usr/sbin/ctdbd +usr/share/ctdb/events/legacy/*.script +usr/share/man/man1/ctdb.1 +usr/share/man/man1/ctdb_diagnostics.1 +usr/share/man/man1/ctdbd.1 +usr/share/man/man1/ltdbtool.1 +usr/share/man/man1/onnode.1 +usr/share/man/man1/ping_pong.1 +usr/share/man/man5/ctdb-script.options.5 +usr/share/man/man5/ctdb.conf.5 +usr/share/man/man5/ctdb.sysconfig.5 +usr/share/man/man7/ctdb-etcd.7 +usr/share/man/man7/ctdb-statistics.7 +usr/share/man/man7/ctdb-tunables.7 +[amd64 arm64 mips64el ppc64el riscv64 s390x] usr/share/man/man7/ctdb_mutex_ceph_rados_helper.7 +usr/share/man/man7/ctdb.7 diff --git a/debian/ctdb.logrotate b/debian/ctdb.logrotate new file mode 100644 index 0000000..c1bf28a --- /dev/null +++ b/debian/ctdb.logrotate @@ -0,0 +1,9 @@ +/var/log/ctdb/log.ctdb { + weekly + missingok + rotate 7 + copytruncate + compress + delaycompress + notifempty +} diff --git a/debian/ctdb.postinst b/debian/ctdb.postinst new file mode 100644 index 0000000..d113c3b --- /dev/null +++ b/debian/ctdb.postinst @@ -0,0 +1,62 @@ +#!/bin/sh +# postinst script for ctdb +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +enable_legacy() { # From ctdb/packaging/RPM/ctdb.spec.in + # If mandatory 00.ctdb event script is not enabled then enable it and + # some other scripts. The assumption here is that this is a + # first-time install or an upgrade to a version that requires event + # scripts to be enabled via symlinks. + required_script="00.ctdb" + required_path="/etc/ctdb/events/legacy/${required_script}.script" + if [ ! -L "$required_path" ] && [ ! -e "$required_path" ] ; then + default_scripts="${required_script} + 01.reclock + 05.system + 10.interface + " + for t in $default_scripts ; do + tgt="/usr/share/ctdb/events/legacy/${t}.script" + name="/etc/ctdb/events/legacy/${t}.script" + # Directory is created via install and files + ln -s "$tgt" "$name" + done + fi +} + +case "$1" in + configure) + enable_legacy + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/ctdb.postrm b/debian/ctdb.postrm new file mode 100644 index 0000000..3ba81db --- /dev/null +++ b/debian/ctdb.postrm @@ -0,0 +1,64 @@ +#!/bin/sh +# postrm script for ctdb +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <overwriter> +# <overwriter-version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +disable_legacy() { # From ctdb/packaging/RPM/ctdb.spec.in + # Uninstall, not upgrade. Clean up by removing any remaining links. + if [ "$1" = "0" ] ; then + for i in "/etc/ctdb/events/legacy/"*.script ; do + if [ -L "$i" ] ; then + rm -f "$i" + fi + done + fi +} + +remove_leftover() { + + # Remove files created after initalization + + rm -f /etc/ctdb/nodes + rm -f /etc/ctdb/public_addresses + rm -f /var/lib/ctdb/volatile/* + rm -f /var/lib/ctdb/state/* + rm -f /var/lib/ctdb/persistent/* + rm -rf /var/lib/ctdb/scripts +} + +case "$1" in + purge) + disable_legacy 0 + remove_leftover + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/ctdb.service b/debian/ctdb.service new file mode 100644 index 0000000..72ffe7a --- /dev/null +++ b/debian/ctdb.service @@ -0,0 +1,20 @@ +[Unit] +Description=CTDB +Documentation=man:ctdbd(1) man:ctdb(7) +After=network-online.target time-sync.target +ConditionFileNotEmpty=/etc/ctdb/nodes + +[Service] +Type=forking +LimitCORE=infinity +LimitNOFILE=1048576 +TasksMax=4096 +PIDFile=/run/ctdb/ctdbd.pid +RuntimeDirectory=ctdb +ExecStart=/usr/sbin/ctdbd +ExecStop=/usr/bin/ctdb shutdown +KillMode=control-group +Restart=no + +[Install] +WantedBy=multi-user.target diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..acc9c2e --- /dev/null +++ b/debian/dirs @@ -0,0 +1,5 @@ +etc/samba +usr/bin +usr/sbin +usr/share/man/man1 +usr/share/man/man7 diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..202ced2 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,5 @@ +[DEFAULT] +sign-tags = True +pristine-tar = True +upstream-branch = upstream_4.20 +debian-branch = experimental diff --git a/debian/gdbcommands b/debian/gdbcommands new file mode 100644 index 0000000..5774b9a --- /dev/null +++ b/debian/gdbcommands @@ -0,0 +1,2 @@ +bt +quit diff --git a/debian/genshlibs b/debian/genshlibs new file mode 100755 index 0000000..40010b3 --- /dev/null +++ b/debian/genshlibs @@ -0,0 +1,118 @@ +#! /bin/sh +# +# generate shlibs/symbols files for samba packages +# +# samba ships a mix of: +# public libraries with stable ABI in /usr/lib +# public libraries in /usr/lib +# public python libraries in /usr/lib +# private libraries in /usr/lib/samba/ +# plugins in /usr/lib/samba/*/ +# +# For public libraries with stable ABI we generate symbols files. +# These are listed in d/package.symbols files. +# For other librries, we only need to generate shlibs files +# with basic version information so that dpkg-shlibdeps will find them. +# Here, for libs without .symbols file, we have 2 choices: +# for public libraries we generate ($pkg >> $version) dependency in +# shlibs file, but for private libs the relation is equality (=). +# We do not process plugins, and we do not process python objects. +# +# dh_makeshlibs is too difficult to use here, we have much simpler approach. +# We know exactly where our libs resides (dh_makeshlibs looks everywhere) +# and we know filename patterns to recognize our shared libs. +# dh_makeshlibs can not be used to generate symbols files for *some* libraries +# (it is either all if .symbols is provided, or nothing if not). +# It is easier to take strightforward approach than to fight a tool. + +set -e +umask 022 + +: ${DEB_VERSION:=$(dpkg-parsechangelog -S Version)} +: ${DEB_HOST_MULTIARCH:=$(dpkg-architecture -qDEB_HOST_MULTIARCH)} + +# arguments in form pkg1=custom-version pkg2=version2... +# to override ${DEB_VERSION} for the given packages +custvers="$*" + +lib=usr/lib/${DEB_HOST_MULTIARCH} # the only library directory +smblib=$lib/samba # samba private libraries + +rc=0 + +# process all packages but skip those without libs of interst +for pkg in $(dh_listpackages); do + pd=debian/$pkg # package directory + + # find library directories + libs= + for x in $lib $smblib ; do + [ -d $pd/$x ] && libs="$libs $x" + done + [ -n "$libs" ] || continue + # find libraries in library dirs (search for libfoo.so.NN names) + libs="$(cd $pd; find $libs -maxdepth 1 -regex '.*\.so.[0-9]+')" + [ -n "$libs" ] || continue + + ver=${DEB_VERSION} + for x in $custvers; do + case "$x" in + ( $pkg=* ) ver=${x#*=}; break;; + esac + done + echo "${0##*/}: processing $pkg $ver" + + if [ libsmbclient0 = $pkg ]; then + # run dh_makeshlibs to emit t64:Provides properly + # it should contain just one (public) library file + dh_makeshlibs -p $pkg -- -v$ver || rc=1 + continue + fi + + # generate shlibs file: for public libs use >>$ver, for private =$ver + mkdir -p $pd/DEBIAN + for x in $libs; do + case "$x" in + ($smblib/*) rel="= $ver";; + (*) rel=">> $ver~";; + esac + x=${x##*/} + echo "${x%.so.*} ${x#**.so.} $pkg ($rel)" + done | LC_ALL=C sort > $pd/DEBIAN/shlibs + + # see if we have any public (eg, not in /usr/lib/samba/) libs + if echo "$libs" | fgrep -qv $smblib/; then + # generate ldconfig trigger activation + x=debian/.debhelper/generated/$pkg/triggers + y="activate-noawait ldconfig" + mkdir -p ${x%/*} + if [ ! -f $x ] || ! grep -q "^$y" $x; then + echo "# Triggers added by Samba:$0 ${DEB_VERSION} +$y" >> $x + fi + fi + + # packages without .symbols file need no further processing + [ -f debian/$pkg.symbols ] || continue + + # process libraries listed in .symbols files with dpkg-gensymbols + # find libraries listed in .symbols, find full path of them in $libs + # and construct -e$filename argument list in $checklibs for dpkg-gensymbols + symlibs=$(sed -n -r 's/^([a-z][^ ]*) .*/\1/p' debian/$pkg.symbols) + checklibs= + for x in $symlibs; do + for y in $libs; do + case $y in (*/$x) checklibs="$checklibs -e$pd/$y"; break;; esac + done + done + # dpkg-gensymbols will detect listed but missing libs + # here we continue if dpkg-gensymbols failed to collect all errors + x=0; dpkg-gensymbols -c4 -p$pkg -P$pd -v$ver -l$smblib $checklibs || x=$? + if [ $x = 0 ]; then : + elif [ $x = 2 ]; then rc=1 + else exit 1 + fi + +done + +exit $rc diff --git a/debian/gitlabracadabra.yml b/debian/gitlabracadabra.yml new file mode 100644 index 0000000..e0018b5 --- /dev/null +++ b/debian/gitlabracadabra.yml @@ -0,0 +1,136 @@ +samba-team/: + create_object: true + name: Debian Samba Team + description: |- + visibility: public + lfs_enabled: false + request_access_enabled: true + members: + ivodd: owner + jelmer: owner + sathieu: owner + vorlon: owner + carnil: developer + unknown_members: delete + variables: [] + unknown_variables: delete + +.samba-project: + create_object: true + name: '' + default_branch: master + description: '' + issues_access_level: disabled + repository_access_level: enabled + merge_requests_access_level: enabled + builds_access_level: enabled + wiki_access_level: disabled + snippets_access_level: disabled + resolve_outdated_diff_discussions: false + build_git_strategy: fetch + build_timeout: 3600 + auto_cancel_pending_pipelines: enabled + build_coverage_regex: '' + ci_config_path: 'debian/salsa-ci.yml' + ci_default_git_depth: + auto_devops_enabled: false + auto_devops_deploy_strategy: continuous + container_registry_enabled: false + shared_runners_enabled: true + visibility: public + public_builds: + only_allow_merge_if_pipeline_succeeds: false + only_allow_merge_if_all_discussions_are_resolved: true + merge_method: merge + lfs_enabled: false + request_access_enabled: false + tag_list: [Debian, Samba] + # avatar + printing_merge_request_link_enabled: true + initialize_with_readme: true + branches: + - master + groups: {} + unknown_groups: delete + members: {} + unknown_members: delete + protected_branches: + master: + merge_access_level: maintainer + push_access_level: maintainer + '*jessie*': + merge_access_level: maintainer + push_access_level: maintainer + pristine-tar: + merge_access_level: noone + push_access_level: maintainer + squeeze*: + merge_access_level: maintainer + push_access_level: maintainer + wheezy*: + merge_access_level: maintainer + push_access_level: maintainer + stretch: + merge_access_level: maintainer + push_access_level: maintainer + stretch-security: + merge_access_level: maintainer + push_access_level: maintainer + upstream_*: + merge_access_level: noone + push_access_level: maintainer + upstream-*: + merge_access_level: noone + push_access_level: maintainer + unknown_protected_branches: delete + protected_tags: + '*': developer + unknown_protected_tags: delete + archived: false + variables: [] + unknown_variables: delete + +samba-team/cifs-utils: + extends: .samba-project + name: cifs-utils + description: |- + cifs-utils packaging + +samba-team/ldb: + extends: .samba-project + name: ldb + description: |- + ldb packaging + +samba-team/libsmb2: + extends: .samba-project + name: libsmb2 + description: |- + libsmb2 packaging + +samba-team/samba: + extends: .samba-project + name: samba + description: |- + samba packaging. + + See [debian/README.source.md](https://salsa.debian.org/samba-team/samba/blob/master/debian/README.source.md) for build instructions. + build_timeout: 10800 + +samba-team/talloc: + extends: .samba-project + name: talloc + description: |- + talloc packaging + +samba-team/tdb: + extends: .samba-project + name: tdb + description: |- + tdb packaging + +samba-team/tevent: + extends: .samba-project + name: tevent + description: |- + tevent packaging diff --git a/debian/is-configured b/debian/is-configured new file mode 100755 index 0000000..0ba6c22 --- /dev/null +++ b/debian/is-configured @@ -0,0 +1,32 @@ +#! /bin/sh +# Check if the given service (smb|nmb|winbind|samba) +# should be run according to the settings in smb.conf + +[ -f /etc/samba/smb.conf ] || exit 1 + +server_role=$(testparm -s --parameter-name="server role" 2>/dev/null) +[ "active directory domain controller" = "$server_role" ] \ + && addc=1 || addc=0 + +case "$1" in + ( smb | smbd ) + exit $addc + ;; + ( winbind | winbindd ) + exit $addc + ;; + ( nmb | nmbd ) + [ "$addc" = 1 ] && exit 1 + disable_netbios=$(testparm -s --parameter-name="disable netbios" 2>/dev/null) + [ Yes = "$disable_netbios" ] && exit 1 || exit 0 + ;; + ( samba | samba-ad-dc ) + # source4/samba/server.c checks for other parameters too, even if !AD-DC + # Should we support these? + exit $((!$addc)) + ;; + ( * ) + echo "Wrong usage: should be smb|nmb|winbind|samba" >&2 + exit 255 + ;; +esac diff --git a/debian/ldb-tools.install b/debian/ldb-tools.install new file mode 100644 index 0000000..ee116d1 --- /dev/null +++ b/debian/ldb-tools.install @@ -0,0 +1,8 @@ +usr/bin/ldb* +usr/lib/*/samba/libldb-cmdline-private-samba.so.0 +usr/share/man/man1/ldbadd.1 +usr/share/man/man1/ldbdel.1 +usr/share/man/man1/ldbedit.1 +usr/share/man/man1/ldbmodify.1 +usr/share/man/man1/ldbrename.1 +usr/share/man/man1/ldbsearch.1 diff --git a/debian/libldb-dev.examples b/debian/libldb-dev.examples new file mode 100644 index 0000000..8d5de99 --- /dev/null +++ b/debian/libldb-dev.examples @@ -0,0 +1,2 @@ +lib/ldb/examples/ldbreader.c +lib/ldb/examples/ldifreader.c diff --git a/debian/libldb-dev.install b/debian/libldb-dev.install new file mode 100644 index 0000000..5ce0cfd --- /dev/null +++ b/debian/libldb-dev.install @@ -0,0 +1,9 @@ +usr/include/samba-4.0/ldb.h +usr/include/samba-4.0/ldb_errors.h +usr/include/samba-4.0/ldb_handlers.h +usr/include/samba-4.0/ldb_module.h +usr/include/samba-4.0/ldb_version.h +#usr/lib/*/samba/libldb.a +usr/lib/*/libldb.so +usr/lib/*/pkgconfig/ldb.pc +usr/share/man/man3/ldb.3 diff --git a/debian/libldb2.install b/debian/libldb2.install new file mode 100755 index 0000000..8f658e6 --- /dev/null +++ b/debian/libldb2.install @@ -0,0 +1,21 @@ +#!/bin/sh +echo 'usr/lib/*/libldb.so.*' +# lib/ldb/wscript: (sizeof(size_t) >= 8), >=64bit is required for lmdb +if [ 64 -le "$(dpkg-architecture -qDEB_HOST_ARCH_BITS)" ] +then + echo 'usr/lib/*/samba/libldb-mdb-int-private-samba.so.0' + echo 'usr/lib/*/samba/ldb/mdb.so' +fi +echo 'usr/lib/*/samba/libldb-key-value-private-samba.so.0' +echo 'usr/lib/*/samba/libldb-tdb-err-map-private-samba.so.0' +echo 'usr/lib/*/samba/libldb-tdb-int-private-samba.so.0' + +echo 'usr/lib/*/samba/ldb/asq.so' +echo 'usr/lib/*/samba/ldb/ldap.so' +echo 'usr/lib/*/samba/ldb/ldb.so' +echo 'usr/lib/*/samba/ldb/paged_searches.so' +echo 'usr/lib/*/samba/ldb/rdn_name.so' +echo 'usr/lib/*/samba/ldb/sample.so' +echo 'usr/lib/*/samba/ldb/server_sort.so' +echo 'usr/lib/*/samba/ldb/skel.so' +echo 'usr/lib/*/samba/ldb/tdb.so' diff --git a/debian/libldb2.lintian-overrides b/debian/libldb2.lintian-overrides new file mode 100644 index 0000000..2d93b41 --- /dev/null +++ b/debian/libldb2.lintian-overrides @@ -0,0 +1,3 @@ +libldb2: shared-library-lacks-prerequisites */samba/lib*.so.0* +libldb2: repeated-path-segment ldb */ldb/modules/ldb/* +libldb2: package-contains-empty-directory */ldb/modules/ldb/* diff --git a/debian/libldb2.symbols b/debian/libldb2.symbols new file mode 100644 index 0000000..8a94567 --- /dev/null +++ b/debian/libldb2.symbols @@ -0,0 +1,388 @@ +libldb.so.2 #PACKAGE# #MINVER# +* Build-Depends-Package: libldb-dev + LDB_0.9.10@LDB_0.9.10 0.9.21 + LDB_0.9.12@LDB_0.9.12 0.9.21 + LDB_0.9.15@LDB_0.9.15 0.9.21 + LDB_0.9.16@LDB_0.9.16 0.9.21 + LDB_0.9.17@LDB_0.9.17 0.9.21 + LDB_0.9.18@LDB_0.9.18 0.9.21 + LDB_0.9.19@LDB_0.9.19 0.9.21 + LDB_0.9.20@LDB_0.9.20 0.9.21 + LDB_0.9.22@LDB_0.9.22 0.9.22 + LDB_0.9.23@LDB_0.9.23 0.9.23 + LDB_0.9.24@LDB_0.9.24 0.9.24 + LDB_1.0.0@LDB_1.0.0 1.0.2~ + LDB_1.0.1@LDB_1.0.1 1.0.1~ + LDB_1.0.2@LDB_1.0.2 1.0.2~ + LDB_1.1.0@LDB_1.1.0 1.1.0 + LDB_1.1.1@LDB_1.1.1 1.1.1~ + LDB_1.1.2@LDB_1.1.2 1.1.2~ + LDB_1.1.3@LDB_1.1.3 1.1.3 + LDB_1.1.4@LDB_1.1.4 1.1.4 + LDB_1.1.5@LDB_1.1.5 1.1.5 + LDB_1.1.6@LDB_1.1.6 1.1.6 + LDB_1.1.7@LDB_1.1.7 1.1.12 + LDB_1.1.8@LDB_1.1.8 1.1.12 + LDB_1.1.9@LDB_1.1.9 1.1.12 + LDB_1.1.10@LDB_1.1.10 1.1.12 + LDB_1.1.11@LDB_1.1.11 1.1.12 + LDB_1.1.12@LDB_1.1.12 1.1.12 + LDB_1.1.13@LDB_1.1.13 1.1.13 + LDB_1.1.14@LDB_1.1.14 1:1.1.15 + LDB_1.1.15@LDB_1.1.15 1:1.1.15 + LDB_1.1.16@LDB_1.1.16 1:1.1.16 + LDB_1.1.17@LDB_1.1.17 1:1.1.17 + LDB_1.1.18@LDB_1.1.18 1:1.1.18 + LDB_1.1.19@LDB_1.1.19 1:1.1.19 + LDB_1.1.20@LDB_1.1.20 1:1.1.20 + LDB_1.1.21@LDB_1.1.21 2:1.1.21 + LDB_1.1.22@LDB_1.1.22 2:1.1.22 + LDB_1.1.23@LDB_1.1.23 2:1.1.23 + LDB_1.1.24@LDB_1.1.24 2:1.1.24 + LDB_1.1.25@LDB_1.1.25 2:1.1.25 + LDB_1.1.26@LDB_1.1.26 2:1.1.26 + LDB_1.1.27@LDB_1.1.27 2:1.1.27 + LDB_1.1.28@LDB_1.1.28 2:1.1.29 + LDB_1.1.29@LDB_1.1.29 2:1.1.29 + LDB_1.1.30@LDB_1.1.30 2:1.1.30 + LDB_1.1.31@LDB_1.1.31 2:1.1.31 + LDB_1.2.0@LDB_1.2.0 2:1.2.0 + LDB_1.2.1@LDB_1.2.1 2:1.2.1 + LDB_1.2.2@LDB_1.2.2 2:1.2.2 + LDB_1.2.3@LDB_1.2.3 2:1.2.3 + LDB_1.3.0@LDB_1.3.0 2:1.3.0 + LDB_1.3.1@LDB_1.3.1 2:1.3.1 + LDB_1.3.2@LDB_1.3.2 2:1.3.2 + LDB_1.4.0@LDB_1.4.0 2:1.4.0 + LDB_1.4.1@LDB_1.4.1 2:1.4.1 + LDB_1.5.0@LDB_1.5.0 2:1.5.0 + LDB_1.5.1@LDB_1.5.1 2:1.5.1 + LDB_1.5.2@LDB_1.5.2 2:1.5.2 + LDB_1.5.3@LDB_1.5.3 2:1.5.3 + LDB_1.6.0@LDB_1.6.0 2:1.6.0 + LDB_1.6.1@LDB_1.6.1 2:1.6.1 + LDB_1.6.2@LDB_1.6.2 2:1.6.2 + LDB_1.6.3@LDB_1.6.3 2:1.6.3 + LDB_2.0.0@LDB_2.0.0 2:2.0.0 + LDB_2.0.1@LDB_2.0.1 2:2.0.1 + LDB_2.0.2@LDB_2.0.2 2:2.0.2 + LDB_2.0.3@LDB_2.0.3 2:2.0.3 + LDB_2.0.4@LDB_2.0.4 2:2.0.4 + LDB_2.0.5@LDB_2.0.5 2:2.0.5 + LDB_2.1.0@LDB_2.1.0 2:2.1.0 + LDB_2.1.1@LDB_2.1.1 2:2.1.1 + LDB_2.2.0@LDB_2.2.0 2:2.2.0 + LDB_2.4.0@LDB_2.4.0 2:2.5.0 + LDB_2.4.1@LDB_2.4.1 2:2.5.0 + LDB_2.5.0@LDB_2.5.0 2:2.5.0 + LDB_2.6.0@LDB_2.6.0 2:2.6.0 + LDB_2.6.1@LDB_2.6.1 2:2.6.1 + LDB_2.7.0@LDB_2.7.0 2:2.7.0 + LDB_2.8.0@LDB_2.8.0 2:2.8.0 + LDB_2.9.0@LDB_2.9.0 2:2.9.0 + ldb_check_critical_controls@LDB_0.9.22 0.9.22 + ldb_controls_except_specified@LDB_0.9.22 0.9.22 + ldb_control_to_string@LDB_1.0.2 1.0.2~git20110403 + ldb_add@LDB_0.9.10 0.9.21 + ldb_any_comparison@LDB_0.9.10 0.9.21 + ldb_asprintf_errstring@LDB_0.9.10 0.9.21 + ldb_attr_casefold@LDB_0.9.10 0.9.21 + ldb_attr_dn@LDB_0.9.10 0.9.21 + ldb_attr_in_list@LDB_0.9.10 0.9.21 + ldb_attr_list_copy@LDB_0.9.10 0.9.21 + ldb_attr_list_copy_add@LDB_0.9.10 0.9.21 + ldb_base64_decode@LDB_0.9.10 0.9.21 + ldb_base64_encode@LDB_0.9.10 0.9.21 + ldb_binary_decode@LDB_0.9.10 0.9.21 + ldb_binary_encode@LDB_0.9.10 0.9.21 + ldb_binary_encode_string@LDB_0.9.10 0.9.21 + ldb_build_add_req@LDB_0.9.10 0.9.21 + ldb_build_del_req@LDB_0.9.10 0.9.21 + ldb_build_extended_req@LDB_0.9.10 0.9.21 + ldb_build_mod_req@LDB_0.9.10 0.9.21 + ldb_build_rename_req@LDB_0.9.10 0.9.21 + ldb_build_search_req@LDB_0.9.10 0.9.21 + ldb_build_search_req_ex@LDB_0.9.10 0.9.21 + ldb_casefold@LDB_0.9.10 0.9.21 + ldb_casefold_default@LDB_0.9.10 0.9.21 + ldb_comparison_binary@LDB_0.9.10 0.9.21 + ldb_comparison_fold@LDB_0.9.10 0.9.21 + ldb_connect@LDB_0.9.10 0.9.21 + ldb_control_to_string@LDB_1.0.2 1.0.2 + ldb_debug@LDB_0.9.10 0.9.21 + ldb_debug_add@LDB_0.9.10 0.9.21 + ldb_debug_end@LDB_0.9.10 0.9.21 + ldb_debug_set@LDB_0.9.10 0.9.21 + ldb_delete@LDB_0.9.10 0.9.21 + ldb_dn_add_base@LDB_0.9.10 0.9.21 + ldb_dn_add_base_fmt@LDB_0.9.10 0.9.21 + ldb_dn_add_child@LDB_0.9.10 0.9.21 + ldb_dn_add_child_fmt@LDB_0.9.10 0.9.21 + ldb_dn_add_child_val@LDB_1.5.1 2:1.5.4 + ldb_dn_alloc_casefold@LDB_0.9.10 0.9.21 + ldb_dn_alloc_linearized@LDB_0.9.10 0.9.21 + ldb_dn_canonical_ex_string@LDB_0.9.10 0.9.21 + ldb_dn_canonical_string@LDB_0.9.10 0.9.21 + ldb_dn_check_local@LDB_0.9.10 0.9.21 + ldb_dn_check_special@LDB_0.9.10 0.9.21 + ldb_dn_compare@LDB_0.9.10 0.9.21 + ldb_dn_compare_base@LDB_0.9.10 0.9.21 + ldb_dn_copy@LDB_0.9.10 0.9.21 + ldb_dn_escape_value@LDB_0.9.10 0.9.21 + ldb_dn_extended_add_syntax@LDB_0.9.10 0.9.21 + ldb_dn_extended_filter@LDB_0.9.10 0.9.21 + ldb_dn_extended_syntax_by_name@LDB_0.9.10 0.9.21 + ldb_dn_from_ldb_val@LDB_0.9.10 0.9.21 + ldb_dn_get_casefold@LDB_0.9.10 0.9.21 + ldb_dn_get_comp_num@LDB_0.9.10 0.9.21 + ldb_dn_get_component_name@LDB_0.9.10 0.9.21 + ldb_dn_get_component_val@LDB_0.9.10 0.9.21 + ldb_dn_get_extended_comp_num@LDB_0.9.23 0.9.23 + ldb_dn_get_extended_component@LDB_0.9.10 0.9.21 + ldb_dn_get_extended_linearized@LDB_0.9.10 0.9.21 + ldb_dn_get_ldb_context@LDB_1.1.22 2:1.1.23 + ldb_dn_get_linearized@LDB_0.9.10 0.9.21 + ldb_dn_get_parent@LDB_0.9.10 0.9.21 + ldb_dn_get_rdn_name@LDB_0.9.10 0.9.21 + ldb_dn_get_rdn_val@LDB_0.9.10 0.9.21 + ldb_dn_has_extended@LDB_0.9.10 0.9.21 + ldb_dn_is_null@LDB_0.9.10 0.9.21 + ldb_dn_is_special@LDB_0.9.10 0.9.21 + ldb_dn_is_valid@LDB_0.9.10 0.9.21 + ldb_dn_map_local@LDB_0.9.10 0.9.21 + ldb_dn_map_rebase_remote@LDB_0.9.10 0.9.21 + ldb_dn_map_remote@LDB_0.9.10 0.9.21 + ldb_dn_minimise@LDB_0.9.23 0.9.23 + ldb_dn_new@LDB_0.9.10 0.9.21 + ldb_dn_new_fmt@LDB_0.9.10 0.9.21 + ldb_dn_remove_base_components@LDB_0.9.10 0.9.21 + ldb_dn_remove_child_components@LDB_0.9.10 0.9.21 + ldb_dn_remove_extended_components@LDB_0.9.10 0.9.21 + ldb_dn_replace_components@LDB_1.1.2 1.1.2~ + ldb_dn_set_component@LDB_0.9.10 0.9.21 + ldb_dn_set_extended_component@LDB_0.9.10 0.9.21 + ldb_dn_update_components@LDB_0.9.10 0.9.21 + ldb_dn_validate@LDB_0.9.10 0.9.21 + ldb_dump_results@LDB_0.9.10 0.9.21 + ldb_error_at@LDB_0.9.15 0.9.21 + ldb_errstring@LDB_0.9.10 0.9.21 + ldb_extended@LDB_0.9.10 0.9.21 + ldb_extended_default_callback@LDB_0.9.10 0.9.21 + ldb_filter_attrs@LDB_2.0.1 2:2.0.1 + ldb_filter_attrs_in_place@LDB_2.8.0 2:2.8.0 + ldb_filter_from_tree@LDB_0.9.10 0.9.21 + ldb_get_config_basedn@LDB_0.9.10 0.9.21 + ldb_get_create_perms@LDB_0.9.10 0.9.21 + ldb_get_default_basedn@LDB_0.9.10 0.9.21 + ldb_get_event_context@LDB_0.9.10 0.9.21 + ldb_get_flags@LDB_0.9.10 0.9.21 + ldb_get_opaque@LDB_0.9.10 0.9.21 + ldb_get_root_basedn@LDB_0.9.10 0.9.21 + ldb_get_schema_basedn@LDB_0.9.10 0.9.21 + ldb_global_init@LDB_0.9.10 0.9.21 + ldb_handle_get_event_context@LDB_1.1.30 2:1.2.2 + ldb_handle_new@LDB_0.9.10 0.9.21 + ldb_handle_use_global_event_context@LDB_1.1.30 2:1.2.2 + ldb_handler_copy@LDB_0.9.10 0.9.21 + ldb_handler_fold@LDB_0.9.10 0.9.21 + ldb_init@LDB_0.9.10 0.9.21 + ldb_ldif_message_redacted_string@LDB_1.2.2 2:1.2.2 + ldb_ldif_message_string@LDB_0.9.10 0.9.21 + ldb_ldif_parse_modrdn@LDB_1.1.0 1.1.0 + ldb_ldif_read@LDB_0.9.10 0.9.21 + ldb_ldif_read_file@LDB_0.9.10 0.9.21 + ldb_ldif_read_file_state@LDB_1.1.5 1.1.5 + ldb_ldif_read_free@LDB_0.9.10 0.9.21 + ldb_ldif_read_string@LDB_0.9.10 0.9.21 + ldb_ldif_write@LDB_0.9.10 0.9.21 + ldb_ldif_write_file@LDB_0.9.10 0.9.21 + ldb_ldif_write_redacted_trace_string@LDB_1.1.12 1.1.12 + ldb_ldif_write_string@LDB_0.9.10 0.9.21 + ldb_load_modules@LDB_0.9.10 0.9.21 + ldb_map_add@LDB_0.9.22 0.9.22 + ldb_map_delete@LDB_0.9.22 0.9.22 + ldb_map_init@LDB_0.9.10 0.9.21 + ldb_map_modify@LDB_0.9.22 0.9.22 + ldb_map_rename@LDB_0.9.22 0.9.22 + ldb_map_search@LDB_0.9.22 0.9.22 + ldb_match_message@LDB_1.3.0 2:1.3.0 + ldb_match_msg@LDB_0.9.10 0.9.21 + ldb_match_msg_error@LDB_0.9.15 0.9.21 + ldb_match_msg_objectclass@LDB_0.9.10 0.9.21 + ldb_match_scope@LDB_2.8.0 2:2.8.0 + ldb_mod_register_control@LDB_0.9.10 0.9.21 + ldb_modify@LDB_0.9.10 0.9.21 + ldb_modify_default_callback@LDB_0.9.12 0.9.21 + ldb_module_call_chain@LDB_0.9.19 0.9.21 + ldb_module_connect_backend@LDB_0.9.19 0.9.21 + ldb_module_done@LDB_0.9.10 0.9.21 + ldb_module_flags@LDB_0.9.19 0.9.21 + ldb_module_get_ctx@LDB_0.9.10 0.9.21 + ldb_module_get_name@LDB_0.9.10 0.9.21 + ldb_module_get_ops@LDB_0.9.10 0.9.21 + ldb_module_get_private@LDB_0.9.10 0.9.21 + ldb_module_init_chain@LDB_0.9.19 0.9.21 + ldb_module_load_list@LDB_0.9.19 0.9.21 + ldb_module_new@LDB_0.9.10 0.9.21 + ldb_module_next@LDB_0.9.19 0.9.21 + ldb_module_popt_options@LDB_0.9.19 0.9.21 + ldb_module_send_entry@LDB_0.9.10 0.9.21 + ldb_module_send_referral@LDB_0.9.10 0.9.21 + ldb_module_set_next@LDB_0.9.19 0.9.21 + ldb_module_set_private@LDB_0.9.10 0.9.21 + ldb_modules_hook@LDB_0.9.18 0.9.21 + ldb_modules_list_from_string@LDB_0.9.10 0.9.21 + ldb_modules_load@LDB_0.9.18 0.9.21 + ldb_msg_add@LDB_0.9.10 0.9.21 + ldb_msg_add_distinguished_name@LDB_2.8.0 2:2.8.0 + ldb_msg_add_empty@LDB_0.9.10 0.9.21 + ldb_msg_add_fmt@LDB_0.9.10 0.9.21 + ldb_msg_add_linearized_dn@LDB_0.9.10 0.9.21 + ldb_msg_add_steal_string@LDB_0.9.10 0.9.21 + ldb_msg_add_steal_value@LDB_0.9.10 0.9.21 + ldb_msg_add_string@LDB_0.9.10 0.9.21 + ldb_msg_add_string_flags@LDB_2.6.1 2:2.6.1 + ldb_msg_add_value@LDB_0.9.10 0.9.21 + ldb_msg_append_fmt@LDB_2.6.1 2:2.6.1 + ldb_msg_append_linearized_dn@LDB_2.6.1 2:2.6.1 + ldb_msg_append_steal_string@LDB_2.6.1 2:2.6.1 + ldb_msg_append_steal_value@LDB_2.6.1 2:2.6.1 + ldb_msg_append_string@LDB_2.6.1 2:2.6.1 + ldb_msg_append_value@LDB_2.6.1 2:2.6.1 + ldb_msg_canonicalize@LDB_0.9.10 0.9.21 + ldb_msg_check_string_attribute@LDB_0.9.10 0.9.21 + ldb_msg_copy@LDB_0.9.10 0.9.21 + ldb_msg_copy_attr@LDB_0.9.10 0.9.21 + ldb_msg_copy_shallow@LDB_0.9.10 0.9.21 + ldb_msg_diff@LDB_0.9.10 0.9.21 + ldb_msg_difference@LDB_0.9.15 0.9.21 + ldb_msg_element_add_value@LDB_2.6.1 2:2.6.1 + ldb_msg_element_compare@LDB_0.9.10 0.9.21 + ldb_msg_element_compare_name@LDB_0.9.10 0.9.21 + ldb_msg_element_equal_ordered@LDB_1.1.6 1:1.1.6 + ldb_msg_element_is_inaccessible@LDB_2.8.0 2:2.8.0 + ldb_msg_element_mark_inaccessible@LDB_2.8.0 2:2.8.0 + ldb_msg_elements_take_ownership@LDB_2.8.0 2:2.8.0 + ldb_msg_find_attr_as_bool@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_dn@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_double@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_int64@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_int@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_string@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_uint64@LDB_0.9.10 0.9.21 + ldb_msg_find_attr_as_uint@LDB_0.9.10 0.9.21 + ldb_msg_find_common_values@LDB_1.1.31 2:1.2.2 + ldb_msg_find_duplicate_val@LDB_1.1.31 2:1.2.2 + ldb_msg_find_element@LDB_0.9.10 0.9.21 + ldb_msg_find_ldb_val@LDB_0.9.10 0.9.21 + ldb_msg_find_val@LDB_0.9.10 0.9.21 + ldb_msg_new@LDB_0.9.10 0.9.21 + ldb_msg_normalize@LDB_0.9.15 0.9.21 + ldb_msg_remove_attr@LDB_0.9.10 0.9.21 + ldb_msg_remove_element@LDB_0.9.10 0.9.21 + ldb_msg_remove_inaccessible@LDB_2.8.0 2:2.8.0 + ldb_msg_rename_attr@LDB_0.9.10 0.9.21 + ldb_msg_sanity_check@LDB_0.9.10 0.9.21 + ldb_msg_shrink_to_fit@LDB_2.8.0 2:2.8.0 + ldb_msg_sort_elements@LDB_0.9.10 0.9.21 + ldb_next_del_trans@LDB_0.9.10 0.9.21 + ldb_next_end_trans@LDB_0.9.10 0.9.21 + ldb_next_init@LDB_0.9.10 0.9.21 + ldb_next_prepare_commit@LDB_0.9.10 0.9.21 + ldb_next_read_lock@LDB_1.2.0 2:1.2.2 + ldb_next_read_unlock@LDB_1.2.0 2:1.2.2 + ldb_next_remote_request@LDB_0.9.10 0.9.21 + ldb_next_request@LDB_0.9.10 0.9.21 + ldb_next_start_trans@LDB_0.9.10 0.9.21 + ldb_op_default_callback@LDB_0.9.10 0.9.21 + ldb_options_copy@LDB_2.0.4 2:2.0.4 + ldb_options_find@LDB_0.9.17 0.9.21 + ldb_options_get@LDB_2.0.5 2:2.0.5 + ldb_pack_data@LDB_1.1.14 1:2.0.2 + ldb_parse_control_from_string@LDB_1.0.2 1.0.2~git20110403 + ldb_parse_control_strings@LDB_0.9.10 0.9.21 + ldb_parse_tree@LDB_0.9.10 0.9.21 + ldb_parse_tree_attr_replace@LDB_0.9.10 0.9.21 + ldb_parse_tree_copy_shallow@LDB_0.9.10 0.9.21 + ldb_parse_tree_get_attr@LDB_2.8.0 2:2.8.0 + ldb_parse_tree_walk@LDB_1.1.2 1.1.2~ + ldb_qsort@LDB_0.9.10 0.9.21 + ldb_register_backend@LDB_0.9.10 0.9.21 + ldb_register_extended_match_rule@LDB_1.1.19 1:1.1.20 + ldb_register_hook@LDB_0.9.18 0.9.21 + ldb_register_module@LDB_0.9.10 0.9.21 + ldb_register_redact_callback@LDB_2.8.0 2:2.8.0 + ldb_rename@LDB_0.9.10 0.9.21 + ldb_reply_add_control@LDB_0.9.10 0.9.21 + ldb_reply_get_control@LDB_0.9.10 0.9.21 + ldb_req_get_custom_flags@LDB_1.1.0 1.1.0 + ldb_req_is_untrusted@LDB_0.9.16 0.9.21 + ldb_req_location@LDB_0.9.15 0.9.21 + ldb_req_mark_trusted@LDB_0.9.24 0.9.24 + ldb_req_mark_untrusted@LDB_0.9.16 0.9.21 + ldb_req_set_custom_flags@LDB_1.1.0 1.1.0 + ldb_req_set_location@LDB_0.9.15 0.9.21 + ldb_request@LDB_0.9.10 0.9.21 + ldb_request_add_control@LDB_0.9.10 0.9.21 + ldb_request_done@LDB_0.9.10 0.9.21 + ldb_request_get_control@LDB_0.9.10 0.9.21 + ldb_request_get_status@LDB_0.9.10 0.9.21 + ldb_request_replace_control@LDB_0.9.15 0.9.21 + ldb_request_set_state@LDB_0.9.10 0.9.21 + ldb_reset_err_string@LDB_0.9.10 0.9.21 + ldb_schema_attribute_add@LDB_0.9.10 0.9.21 + ldb_schema_attribute_add_with_syntax@LDB_0.9.10 0.9.21 + ldb_schema_attribute_by_name@LDB_0.9.10 0.9.21 + ldb_schema_attribute_fill_with_syntax@LDB_1.1.29 2:1.1.29 + ldb_schema_attribute_remove@LDB_0.9.10 0.9.21 + ldb_schema_attribute_remove_flagged@LDB_1.1.29 2:1.1.29 + ldb_schema_attribute_set_override_handler@LDB_0.9.10 0.9.21 + ldb_schema_set_override_indexlist@LDB_1.1.30 2:1.2.2 + ldb_schema_set_override_GUID_index@LDB_1.3.0 2:1.3.0 + ldb_search@LDB_0.9.10 0.9.21 + ldb_search_default_callback@LDB_0.9.10 0.9.21 + ldb_sequence_number@LDB_0.9.10 0.9.21 + ldb_set_create_perms@LDB_0.9.10 0.9.21 + ldb_set_debug@LDB_0.9.10 0.9.21 + ldb_set_debug_stderr@LDB_0.9.10 0.9.21 + ldb_set_default_dns@LDB_0.9.10 0.9.21 + ldb_set_errstring@LDB_0.9.10 0.9.21 + ldb_set_event_context@LDB_0.9.10 0.9.21 + ldb_set_flags@LDB_0.9.10 0.9.21 + ldb_set_modules_dir@LDB_0.9.10 0.9.21 + ldb_set_opaque@LDB_0.9.10 0.9.21 + ldb_set_require_private_event_context@LDB_1.1.30 2:1.2.2 + ldb_set_timeout@LDB_0.9.10 0.9.21 + ldb_set_timeout_from_prev_req@LDB_0.9.10 0.9.21 + ldb_set_utf8_default@LDB_0.9.10 0.9.21 + ldb_set_utf8_fns@LDB_0.9.10 0.9.21 + ldb_setup_wellknown_attributes@LDB_0.9.10 0.9.21 + ldb_should_b64_encode@LDB_0.9.10 0.9.21 + ldb_standard_syntax_by_name@LDB_0.9.10 0.9.21 + ldb_strerror@LDB_0.9.10 0.9.21 + ldb_string_to_time@LDB_0.9.10 0.9.21 + ldb_string_utc_to_time@LDB_0.9.10 0.9.21 + ldb_timestring@LDB_0.9.10 0.9.21 + ldb_timestring_utc@LDB_0.9.10 0.9.21 + ldb_transaction_cancel@LDB_0.9.10 0.9.21 + ldb_transaction_cancel_noerr@LDB_0.9.10 0.9.21 + ldb_transaction_commit@LDB_0.9.10 0.9.21 + ldb_transaction_prepare_commit@LDB_0.9.10 0.9.21 + ldb_transaction_start@LDB_0.9.10 0.9.21 + ldb_unpack_data@LDB_1.1.14 1:1.1.15 + ldb_unpack_data_flags@LDB_2.0.1 2:2.0.1 + ldb_unpack_get_format@LDB_2.0.2 2:2.0.2 + ldb_val_as_bool@LDB_2.8.0 2:2.8.0 + ldb_val_as_dn@LDB_2.8.0 2:2.8.0 + ldb_val_as_int64@LDB_2.8.0 2:2.8.0 + ldb_val_as_uint64@LDB_2.8.0 2:2.8.0 + ldb_val_dup@LDB_0.9.10 0.9.21 + ldb_val_equal_exact@LDB_0.9.10 0.9.21 + ldb_val_map_local@LDB_0.9.10 0.9.21 + ldb_val_map_remote@LDB_0.9.10 0.9.21 + ldb_val_string_cmp@LDB_1.1.1 1.1.1~ + ldb_val_to_time@LDB_0.9.10 0.9.21 + ldb_valid_attr_name@LDB_0.9.10 0.9.21 + ldb_vdebug@LDB_1.1.10 1.1.12 + ldb_wait@LDB_0.9.10 0.9.21 + ldb_save_controls@LDB_0.9.22 0.9.22 diff --git a/debian/libnss-winbind.install b/debian/libnss-winbind.install new file mode 100644 index 0000000..74e7dc7 --- /dev/null +++ b/debian/libnss-winbind.install @@ -0,0 +1,2 @@ +lib/*/libnss_winbind.so.2 +lib/*/libnss_wins.so.2 diff --git a/debian/libnss-winbind.postinst b/debian/libnss-winbind.postinst new file mode 100644 index 0000000..2f751f2 --- /dev/null +++ b/debian/libnss-winbind.postinst @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +# Try to add the nss entry to the "passwd" and "group" lines in +# /etc/nsswitch.conf to automatically enable libnss-winbind support; +# do not change the configuration if the lines already contain "winbind" +# Only add winbind, not wins, since the latter is of little use in 2022+ + +if [ "$1" = configure ] && [ -z "$2" ]; then + echo "First installation detected, adding winbind to /etc/nsswitch.conf..." + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + else + sed -r -i \ + -e '/^(passwd|group):.*[[:space:]]winbind\b/b' \ + -e 's/^(passwd|group):.*/& winbind/' \ + /etc/nsswitch.conf + fi +fi + +#DEBHELPER# diff --git a/debian/libnss-winbind.postrm b/debian/libnss-winbind.postrm new file mode 100644 index 0000000..cd1c7e3 --- /dev/null +++ b/debian/libnss-winbind.postrm @@ -0,0 +1,29 @@ +#!/bin/sh + +set -e + +remove_nss_entry() { + local file=$1 + local pkg=$2 + local module=$3 + refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ + -W $pkg | grep '^i' | wc -l) + if [ "$refcount" -gt 0 ] ; then + # package is installed for other architectures still, do nothing + return + fi + # abort if file does not exist + if ! [ -e $file ]; then + echo "Could not find ${file}." + return + fi + echo "Removing $module from $file if any..." + # we must remove possible [foo=bar] options as well + sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file +} + +if [ "$1" = remove ]; then + remove_nss_entry /etc/nsswitch.conf libnss-winbind winbind +fi + +#DEBHELPER# diff --git a/debian/libnss-winbind.triggers b/debian/libnss-winbind.triggers new file mode 100644 index 0000000..dd86603 --- /dev/null +++ b/debian/libnss-winbind.triggers @@ -0,0 +1 @@ +activate-noawait ldconfig diff --git a/debian/libpam-winbind.NEWS b/debian/libpam-winbind.NEWS new file mode 100644 index 0000000..1bc7c1c --- /dev/null +++ b/debian/libpam-winbind.NEWS @@ -0,0 +1,11 @@ +samba (2:3.6.5-2) unstable; urgency=low + + NSS modules have been split out from libpam-winbind to + libnss-winbind. + + If Recommends: installs are disabled on your system you may need + to manually install the libnss-winbind package after upgrading + from former versions of winbind (for instance from squeeze) or + from former versions of libpam-winbind. + + -- Christian Perrier <bubulle@debian.org> Mon, 07 May 2012 22:16:32 +0200 diff --git a/debian/libpam-winbind.examples b/debian/libpam-winbind.examples new file mode 100644 index 0000000..8fe89ad --- /dev/null +++ b/debian/libpam-winbind.examples @@ -0,0 +1 @@ +examples/pam_winbind diff --git a/debian/libpam-winbind.install b/debian/libpam-winbind.install new file mode 100644 index 0000000..a8aa8df --- /dev/null +++ b/debian/libpam-winbind.install @@ -0,0 +1,4 @@ +lib/*/security/pam_winbind.so +usr/share/man/man5/pam_winbind.conf.5 +usr/share/man/man8/pam_winbind.8 +usr/share/pam-configs/winbind diff --git a/debian/libpam-winbind.lintian-overrides b/debian/libpam-winbind.lintian-overrides new file mode 100644 index 0000000..092a74f --- /dev/null +++ b/debian/libpam-winbind.lintian-overrides @@ -0,0 +1 @@ +libpam-winbind: spare-manual-page */man/man8/pam_winbind.8* diff --git a/debian/libpam-winbind.postinst b/debian/libpam-winbind.postinst new file mode 100644 index 0000000..7e37590 --- /dev/null +++ b/debian/libpam-winbind.postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +pam-auth-update --package + +#DEBHELPER# diff --git a/debian/libpam-winbind.prerm b/debian/libpam-winbind.prerm new file mode 100644 index 0000000..ad655ca --- /dev/null +++ b/debian/libpam-winbind.prerm @@ -0,0 +1,9 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then + pam-auth-update --package --remove winbind +fi + +#DEBHELPER# diff --git a/debian/libsmbclient-dev.examples b/debian/libsmbclient-dev.examples new file mode 100644 index 0000000..1993979 --- /dev/null +++ b/debian/libsmbclient-dev.examples @@ -0,0 +1 @@ +examples/libsmbclient/* diff --git a/debian/libsmbclient-dev.install b/debian/libsmbclient-dev.install new file mode 100644 index 0000000..e13d6dc --- /dev/null +++ b/debian/libsmbclient-dev.install @@ -0,0 +1,3 @@ +usr/include/samba-4.0/libsmbclient.h +usr/lib/*/libsmbclient.so +usr/lib/*/pkgconfig/smbclient.pc diff --git a/debian/libsmbclient0.install b/debian/libsmbclient0.install new file mode 100644 index 0000000..1f92ece --- /dev/null +++ b/debian/libsmbclient0.install @@ -0,0 +1,2 @@ +usr/lib/*/libsmbclient.so.0* +usr/share/man/man7/libsmbclient.7 diff --git a/debian/libsmbclient0.symbols b/debian/libsmbclient0.symbols new file mode 100644 index 0000000..609d48a --- /dev/null +++ b/debian/libsmbclient0.symbols @@ -0,0 +1,206 @@ +libsmbclient.so.0 #PACKAGE# #MINVER# +* Build-Depends-Package: libsmbclient-dev + SMBCLIENT_0.1.0@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + SMBCLIENT_0.2.0@SMBCLIENT_0.2.0 2:4.0.3+dfsg1 + SMBCLIENT_0.2.1@SMBCLIENT_0.2.1 2:4.1.1 + SMBCLIENT_0.2.2@SMBCLIENT_0.2.2 2:4.3.0+dfsg + SMBCLIENT_0.2.3@SMBCLIENT_0.2.3 2:4.3.0+dfsg + SMBCLIENT_0.3.0@SMBCLIENT_0.3.0 2:4.8.0+dfsg + SMBCLIENT_0.3.1@SMBCLIENT_0.3.1 2:4.8.0+dfsg + SMBCLIENT_0.3.2@SMBCLIENT_0.3.2 2:4.9.0+dfsg + SMBCLIENT_0.3.3@SMBCLIENT_0.3.3 2:4.9.0+dfsg + SMBCLIENT_0.4.0@SMBCLIENT_0.4.0 2:4.9.0+dfsg + SMBCLIENT_0.5.0@SMBCLIENT_0.5.0 2:4.10.0+dfsg + SMBCLIENT_0.6.0@SMBCLIENT_0.6.0 2:4.12.0+dfsg + SMBCLIENT_0.7.0@SMBCLIENT_0.7.0 2:4.16.0+dfsg + SMBCLIENT_0.8.0@SMBCLIENT_0.8.0 2:4.20.0~rc1 + smbc_chmod@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_close@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_closedir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_creat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_fgetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_flistxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_free_context@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_fremovexattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_fsetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_fstat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_fstatvfs@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_ftruncate@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getDebug@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionAddCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionAuthData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionAuthDataWithContext@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionCheckServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionChmod@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionClose@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionClosedir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionCreat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionFstat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionFstatVFS@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionFstatdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionFtruncate@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionGetCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionGetdents@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionGetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionListPrintJobs@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionListxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionLseek@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionLseekdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionMkdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionNotify@SMBCLIENT_0.2.3 2:4.3.0+dfsg + smbc_getFunctionOpen@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionOpenPrintJob@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionOpendir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionPrintFile@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionPurgeCachedServers@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionRead@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionReaddir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionReaddirPlus2@SMBCLIENT_0.6.0 2:4.12.0+dfsg + smbc_getFunctionReaddirPlus@SMBCLIENT_0.3.3 2:4.9.0+dfsg + smbc_getFunctionRemoveCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionRemoveUnusedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionRemovexattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionRename@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionRmdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionSetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionSplice@SMBCLIENT_0.2.2 2:4.3.0+dfsg + smbc_getFunctionStat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionStatVFS@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionTelldir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionUnlink@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionUnlinkPrintJob@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionUtimes@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getFunctionWrite@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getNetbiosName@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionBrowseMaxLmbCount@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionCaseSensitive@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionDebugToStderr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionFallbackAfterKerberos@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionFullTimeNames@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionNoAutoAnonymousLogin@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionOneSharePerServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionOpenShareMode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionPosixExtensions@SMBCLIENT_0.8.0 2:4.20.0~rc1 + smbc_getOptionSmbEncryptionLevel@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionUrlEncodeReaddirEntries@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionUseCCache@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionUseKerberos@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getOptionUseNTHash@SMBCLIENT_0.2.0 2:4.0.3+dfsg1 + smbc_getOptionUserData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getPort@SMBCLIENT_0.1.0 2:4.1.1 + smbc_getServerCacheData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getTimeout@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getUser@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getWorkgroup@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getdents@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_getxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_init@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_init_context@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_lgetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_list_print_jobs@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_listxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_llistxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_lremovexattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_lseek@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_lseekdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_lsetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_mkdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_new_context@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_notify@SMBCLIENT_0.2.3 2:4.3.0+dfsg + smbc_open@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_open_print_job@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_opendir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_option_get@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_option_set@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_print_file@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_read@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_readdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_readdirplus2@SMBCLIENT_0.6.0 2:4.12.0+dfsg + smbc_readdirplus@SMBCLIENT_0.3.3 2:4.9.0+dfsg + smbc_removexattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_rename@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_rmdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setConfiguration@SMBCLIENT_0.3.2 2:4.9.0+dfsg + smbc_setDebug@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionAddCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionAuthData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionAuthDataWithContext@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionCheckServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionChmod@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionClose@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionClosedir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionCreat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionFstat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionFstatVFS@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionFstatdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionFtruncate@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionGetCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionGetdents@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionGetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionListPrintJobs@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionListxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionLseek@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionLseekdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionMkdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionNotify@SMBCLIENT_0.2.3 2:4.3.0+dfsg + smbc_setFunctionOpen@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionOpenPrintJob@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionOpendir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionPrintFile@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionPurgeCachedServers@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionRead@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionReaddir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionReaddirPlus2@SMBCLIENT_0.6.0 2:4.12.0+dfsg + smbc_setFunctionReaddirPlus@SMBCLIENT_0.3.3 2:4.9.0+dfsg + smbc_setFunctionRemoveCachedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionRemoveUnusedServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionRemovexattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionRename@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionRmdir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionSetxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionSplice@SMBCLIENT_0.2.2 2:4.3.0+dfsg + smbc_setFunctionStat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionStatVFS@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionTelldir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionUnlink@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionUnlinkPrintJob@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionUtimes@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setFunctionWrite@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setLogCallback@SMBCLIENT_0.3.1 2:4.8.0+dfsg + smbc_setNetbiosName@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionBrowseMaxLmbCount@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionCaseSensitive@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionDebugToStderr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionFallbackAfterKerberos@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionFullTimeNames@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionNoAutoAnonymousLogin@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionOneSharePerServer@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionOpenShareMode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionPosixExtensions@SMBCLIENT_0.8.0 2:4.20.0~rc1 + smbc_setOptionProtocols@SMBCLIENT_0.5.0 2:4.10.0+dfsg + smbc_setOptionSmbEncryptionLevel@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionUrlEncodeReaddirEntries@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionUseCCache@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionUseKerberos@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setOptionUseNTHash@SMBCLIENT_0.2.0 2:4.0.3+dfsg1 + smbc_setOptionUserData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setPort@SMBCLIENT_0.1.0 2:4.1.1 + smbc_setServerCacheData@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setTimeout@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setUser@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setWorkgroup@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_set_context@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_set_credentials@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_set_credentials_with_fallback@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_setxattr@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_stat@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_statvfs@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_telldir@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_unlink@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_unlink_print_job@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_urldecode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_urlencode@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_utime@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_utimes@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_version@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 + smbc_write@SMBCLIENT_0.1.0 2:4.0.3+dfsg1 diff --git a/debian/libwbclient-dev.install b/debian/libwbclient-dev.install new file mode 100644 index 0000000..cab0e5e --- /dev/null +++ b/debian/libwbclient-dev.install @@ -0,0 +1,4 @@ +usr/include/samba-4.0/wbclient.h +usr/lib/*/libwbclient.so +usr/lib/*/pkgconfig/samba-util.pc +usr/lib/*/pkgconfig/wbclient.pc diff --git a/debian/libwbclient0.install b/debian/libwbclient0.install new file mode 100644 index 0000000..afd2d64 --- /dev/null +++ b/debian/libwbclient0.install @@ -0,0 +1 @@ +usr/lib/*/libwbclient.so.0* diff --git a/debian/libwbclient0.symbols b/debian/libwbclient0.symbols new file mode 100644 index 0000000..203dc3d --- /dev/null +++ b/debian/libwbclient0.symbols @@ -0,0 +1,145 @@ +libwbclient.so.0 #PACKAGE# #MINVER# +* Build-Depends-Package: libwbclient-dev + WBCLIENT_0.9@WBCLIENT_0.9 2:4.0.3+dfsg1 + WBCLIENT_0.10@WBCLIENT_0.10 2:4.0.3+dfsg1 + WBCLIENT_0.11@WBCLIENT_0.11 2:4.0.3+dfsg1 + WBCLIENT_0.12@WBCLIENT_0.12 2:4.2.1+dfsg + WBCLIENT_0.13@WBCLIENT_0.13 2:4.5.0+dfsg + WBCLIENT_0.14@WBCLIENT_0.14 2:4.7.0+dfsg + WBCLIENT_0.15@WBCLIENT_0.15 2:4.10.0+dfsg + WBCLIENT_0.16@WBCLIENT_0.16 2:4.18.0~rc1+dfsg + wbcAddNamedBlob@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAllocateGid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAllocateMemory@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAllocateStringArray@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAllocateUid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAuthenticateUser@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcAuthenticateUserEx@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcChangeTrustCredentials@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcChangeTrustCredentialsAt@WBCLIENT_0.16 2:4.18.0~rc1+dfsg + wbcChangeUserPassword@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcChangeUserPasswordEx@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcCheckTrustCredentials@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcCredentialCache@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcCredentialSave@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcCtxAllocateGid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxAllocateUid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxAuthenticateUser@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxAuthenticateUserEx@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxChangeTrustCredentials@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxChangeTrustCredentialsAt@WBCLIENT_0.16 2:4.18.0~rc1+dfsg + wbcCtxChangeUserPassword@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxChangeUserPasswordEx@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxCheckTrustCredentials@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxCreate@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxCredentialCache@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxCredentialSave@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxDcInfo@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxDomainInfo@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxEndgrent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxEndpwent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxFree@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetDisplayName@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetGroups@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetSidAliases@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetgrent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetgrgid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetgrlist@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetgrnam@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetpwent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetpwnam@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetpwsid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGetpwuid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxGidToSid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxInterfaceDetails@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxListGroups@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxListTrusts@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxListUsers@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLogoffUser@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLogoffUserEx@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLogonUser@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupDomainController@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupDomainControllerEx@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupName@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupRids@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupSid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupSids@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxLookupUserSids@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxPing@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxPingDc2@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxPingDc@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxResolveWinsByIP@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxResolveWinsByName@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxSetgrent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxSetpwent@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxSidToGid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxSidToUid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxSidsToUnixIds@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxUidToSid@WBCLIENT_0.12 2:4.2.1+dfsg + wbcCtxUnixIdsToSids@WBCLIENT_0.13 2:4.5.0+dfsg + wbcDcInfo@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcDomainInfo@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcEndgrent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcEndpwent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcErrorString@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcFreeMemory@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetDisplayName@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetGlobalCtx@WBCLIENT_0.12 2:4.2.1+dfsg + wbcGetGroups@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetSidAliases@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetgrent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetgrgid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetgrlist@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetgrnam@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetpwent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetpwnam@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetpwsid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGetpwuid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGidToSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcGuidToString@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcInterfaceDetails@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLibraryDetails@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcListGroups@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcListTrusts@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcListUsers@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLogoffUser@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLogoffUserEx@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLogonUser@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupDomainController@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupDomainControllerEx@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupName@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupRids@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupSids@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcLookupUserSids@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcPing@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcPingDc2@WBCLIENT_0.10 2:4.0.3+dfsg1 + wbcPingDc@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcQueryGidToSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcQuerySidToGid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcQuerySidToUid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcQueryUidToSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcRemoveGidMapping@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcRemoveUidMapping@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcRequestResponse@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcRequestResponsePriv@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcResolveWinsByIP@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcResolveWinsByName@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetClientProcessName@WBCLIENT_0.15 2:4.10.0+dfsg + wbcSetGidHwm@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetGidMapping@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetUidHwm@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetUidMapping@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetgrent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSetpwent@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidToGid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidToString@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidToStringBuf@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidToUid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidTypeString@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcSidsToUnixIds@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcStrDup@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcStringToGuid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcStringToSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcUidToSid@WBCLIENT_0.9 2:4.0.3+dfsg1 + wbcUnixIdsToSids@WBCLIENT_0.13 2:4.5.0+dfsg diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..4e8df92 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,7 @@ +etc/sysconfig/samba +usr/share/man/man7/traffic_replay.7 +usr/share/man/man7/traffic_learner.7 +usr/share/samba/setup +# new experimental windows search client +usr/bin/wspsearch +usr/share/man/man1/wspsearch.1 diff --git a/debian/panic-action b/debian/panic-action new file mode 100644 index 0000000..7b73024 --- /dev/null +++ b/debian/panic-action @@ -0,0 +1,63 @@ +#!/bin/sh + +# bail out if there's no "mail" command +type mail >/dev/null 2>&1 || exit 0 + +# Redirect all output to our mail command +( + # We must be given a pid to look at + if [ -z "$1" ]; then + echo "$0 called with no arguments." + exit 1 + fi + + if [ ! -d "/proc/$1" ]; then + echo "$0: No such process: $1" + exit 1 + fi + + # Find out what binary we're debugging + BINARYNAME=`readlink "/proc/$1/exe"` + + # Generic header for our email + echo "The Samba 'panic action' script, $0," + echo "was called for PID $1 ($BINARYNAME)." + echo + + echo "This means there was a problem with the program, such as a segfault." + + if [ -z "$BINARYNAME" ]; then + echo "However, the executable could not be found for process $1." + echo "It may have died unexpectedly, or you may not have permission to debug" + echo "the process." + exit 1 + fi + + # No debugger + if [ ! -x /usr/bin/gdb ]; then + echo "However, gdb was not found on your system, so the error could not be" + echo "debugged. Please install the gdb package so that debugging information" + echo "is available the next time such a problem occurs." + exit 1 + fi + + echo "Below is a backtrace for this process generated with gdb, which shows" + echo "the state of the program at the time the error occurred. The Samba log" + echo "files may contain additional information about the problem." + echo + echo "If the problem persists, you are encouraged to first install the" + echo "samba-dbgsym package, which contains the debugging symbols for the Samba" + echo "binaries. Then submit the provided information as a bug report to" + if [ -x "`which lsb_release 2>/dev/null`" ] \ + && [ "`lsb_release -s -i`" = "Ubuntu" ] + then + echo "Ubuntu by visiting this link:" + echo "https://launchpad.net/ubuntu/+source/samba/+filebug" + else + echo "Debian. For information about the procedure for submitting bug reports," + echo "please see http://www.debian.org/Bugs/Reporting or the reportbug(1)" + echo "manual page." + fi + echo + gdb -x /etc/samba/gdbcommands -batch "$BINARYNAME" "$1" +) | mail -s "Panic or segfault in Samba" root diff --git a/debian/patches/Force-LDB-as-standalone.patch b/debian/patches/Force-LDB-as-standalone.patch new file mode 100644 index 0000000..9be14c0 --- /dev/null +++ b/debian/patches/Force-LDB-as-standalone.patch @@ -0,0 +1,25 @@ +From 052023a67ca022b8bf323574c540964cf656f0b2 Mon Sep 17 00:00:00 2001 +From: Mathieu Parent <math.parent@gmail.com> +Date: Sun, 19 Dec 2021 22:29:13 +0100 +Subject: [PATCH] Force LDB as standalone + +--- + lib/ldb/wscript | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/ldb/wscript b/lib/ldb/wscript +index 57dfdd6fe6b..70a982da352 100644 +--- a/lib/ldb/wscript ++++ b/lib/ldb/wscript +@@ -68,7 +68,7 @@ def configure(conf): + # + conf.CONFIG_PATH('LDB_MODULESDIR', conf.SUBST_ENV_VAR('MODULESDIR') + '/ldb') + +- conf.env.standalone_ldb = conf.IN_LAUNCH_DIR() ++ conf.env.standalone_ldb = conf.IN_LAUNCH_DIR() or True + + if not conf.env.standalone_ldb: + max_ldb_version = [int(x) for x in VERSION.split(".")] +-- +2.30.2 + diff --git a/debian/patches/README_nosmbldap-tools.patch b/debian/patches/README_nosmbldap-tools.patch new file mode 100644 index 0000000..c8748c7 --- /dev/null +++ b/debian/patches/README_nosmbldap-tools.patch @@ -0,0 +1,23 @@ +From: Christian Perrier <bubulle@debian.org> +Subject: Mention smbldap-tools package in examples/LDAP/README + +Bug-Debian: http://bugs.debian.org/341934 +Forwarded: not-needed +--- + examples/LDAP/README | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/examples/LDAP/README b/examples/LDAP/README +index f6ce3a9..a918acf 100644 +--- a/examples/LDAP/README ++++ b/examples/LDAP/README +@@ -69,6 +69,9 @@ in Samba releases. + The smbldap-tools package can be downloaded individually from + https://gna.org/projects/smbldap-tools/ + ++On Debian systems, the smbldap-tools exists as a separate package ++and is not included in LDAP examples. ++ + !== + !== end of README + !== diff --git a/debian/patches/add-missing-libs-deps.diff b/debian/patches/add-missing-libs-deps.diff new file mode 100644 index 0000000..9db8e78 --- /dev/null +++ b/debian/patches/add-missing-libs-deps.diff @@ -0,0 +1,49 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Thu, 19 May 2022 20:37:21 +0300 +Subject: add missing libs deps +Bug-Debian: https://bugs.debian.org/1010922 + +Lots of samba libraries has incomplete dependencies listed +in wscript files. This usually is not a problem since the +link line includes dependencies of their dependencies of +their dependencies, and somewhere down that line all immediate +dependencies which are missing are actually present. But +sometimes this becomes a problem when a library does not +declare direct dependency on at least one private library +which it actually uses: in case no private library is +listed as direct dependency, private library directory is +not put into RUNPATH of the resulting binary, so the binary +can not find its own dependencies. + +Fix a few such places, including one library which is a part +of public abi (libsmbldap). + +diff --git a/lib/util/wscript_build b/lib/util/wscript_build +index 2f31e8fa5b1..08a77b8940c 100644 +--- a/lib/util/wscript_build ++++ b/lib/util/wscript_build +@@ -218,5 +218,5 @@ else: + bld.SAMBA_LIBRARY('samba-modules', + source='modules.c', +- deps='samba-errors samba-util', ++ deps='samba-errors samba-util samba-debug', + local_include=False, + private_library=True) +diff --git a/source3/wscript_build b/source3/wscript_build +index acfc0c56f03..e919f38d9cb 100644 +--- a/source3/wscript_build ++++ b/source3/wscript_build +@@ -189,5 +189,5 @@ bld.SAMBA3_LIBRARY('smbldaphelper', + passdb/pdb_ldap_util.c + ''', +- deps='smbldap secrets3', ++ deps='smbldap secrets3 replace', + allow_undefined_symbols=True, + enabled=bld.CONFIG_SET('HAVE_LDAP'), +@@ -483,5 +483,5 @@ bld.SAMBA3_LIBRARY('secrets3', + bld.SAMBA3_LIBRARY('smbldap', + source='lib/smbldap.c', +- deps='ldap lber samba-util smbconf', ++ deps='ldap lber samba-util smbconf replace samba-debug samba-security', + enabled=bld.CONFIG_SET("HAVE_LDAP"), + private_library=False, diff --git a/debian/patches/add-so-version-to-private-libraries b/debian/patches/add-so-version-to-private-libraries new file mode 100644 index 0000000..8313f1e --- /dev/null +++ b/debian/patches/add-so-version-to-private-libraries @@ -0,0 +1,22 @@ +From: Jeroen Dekkers <jeroen@dekkers.ch> +Subject: Add so version number to private libraries for dpkg-shlibdeps + +We also want dpkg-shlibdeps to generate correct dependency information +for the private libraries in our binary packages, but dpkg-shlibdeps +only works when the library has a version number. + +Origin: vendor +Forwarded: not-needed +--- + buildtools/wafsamba/wafsamba.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py +index 185ef3b73a2..291239fcaa7 100644 +--- a/buildtools/wafsamba/wafsamba.py ++++ b/buildtools/wafsamba/wafsamba.py +@@ -307,3 +307,3 @@ def SAMBA_LIBRARY(bld, libname, source, + bundled_name = PRIVATE_NAME(bld, libname.replace('_', '-')) +- vnum = None ++ vnum = '0' + diff --git a/debian/patches/ctdb-config-enable-syslog-by-default.patch b/debian/patches/ctdb-config-enable-syslog-by-default.patch new file mode 100644 index 0000000..3ab746d --- /dev/null +++ b/debian/patches/ctdb-config-enable-syslog-by-default.patch @@ -0,0 +1,42 @@ +ctdb-config: enable syslog by default + +CTDB uses /var/log/ctdb/ directory for the default log files. With +syslog disabled, systemd journal is not able to correctly inform +errors happening during service initialization. + +Upstream community creates generic config files to be used by different +distributions, so this change makes no big difference to be accepted by +upstream. + +With this patch the end user will be able to identify initialization +errors by executing: + + systemctl status ctdb.service + +or to follow ctdb logs by executing: + + journalctl -f -u ctdb + +Signed-off-by: Rafael David Tinoco <rafaeldtinoco@ubuntu.com> +- +Author: Rafael David Tinoco <rafaeldtinoco@ubuntu.com> +Bug-Debian: https://bugs.debian.org/929931 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/722201 +Last-Update: 2022-03-24 +--- + ctdb/config/ctdb.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ctdb/config/ctdb.conf b/ctdb/config/ctdb.conf +index 8e1b3760973..def0803578f 100644 +--- a/ctdb/config/ctdb.conf ++++ b/ctdb/config/ctdb.conf +@@ -7,6 +7,6 @@ + # Enable logging to syslog +- # location = syslog ++ location = syslog + + # Default log level +- # log level = NOTICE ++ log level = NOTICE + diff --git a/debian/patches/ctdb-create-piddir.patch b/debian/patches/ctdb-create-piddir.patch new file mode 100644 index 0000000..708f787 --- /dev/null +++ b/debian/patches/ctdb-create-piddir.patch @@ -0,0 +1,26 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 09 Sep 2022 12:49:55 +0300 +Subject: create ctdb pid directory + +(which is /run/ctdb/). Create it in the systemd service +file (using RuntimeDirectory directive) and in the sysv-init +script. + +diff --git a/ctdb/config/ctdb.init b/ctdb/config/ctdb.init +index 7fe8f0085ae..57fd0dda63d 100755 +--- a/ctdb/config/ctdb.init ++++ b/ctdb/config/ctdb.init +@@ -78,4 +78,5 @@ start() + ;; + debian) ++ mkdir -p -m0755 ${pidfile%/*} + eval start-stop-daemon --start --quiet --background --exec "$ctdbd" + ;; +diff --git a/packaging/systemd/ctdb.service.in b/packaging/systemd/ctdb.service.in +index 7905a93e242..eefc7468a44 100644 +--- a/packaging/systemd/ctdb.service.in ++++ b/packaging/systemd/ctdb.service.in +@@ -12,2 +12,3 @@ TasksMax=4096 + PIDFile=@CTDB_RUNDIR@/ctdbd.pid ++RuntimeDirectory=ctdb + ExecStart=@SBINDIR@/ctdbd diff --git a/debian/patches/ctdb-use-run-instead-of-var-run.patch b/debian/patches/ctdb-use-run-instead-of-var-run.patch new file mode 100644 index 0000000..946d6dc --- /dev/null +++ b/debian/patches/ctdb-use-run-instead-of-var-run.patch @@ -0,0 +1,26 @@ +From a4f5852f55439bcc1aaaa6762d230a28599298d2 Mon Sep 17 00:00:00 2001 +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 2 Dec 2022 11:45:01 +0300 +Subject: ctdb: use /run/ctdb instead of /var/run/ctdb + +Whole upstream path assignment needs a review. +--- + ctdb/wscript | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ctdb/wscript b/ctdb/wscript +index c082c3b7a7d..523984487a3 100644 +--- a/ctdb/wscript ++++ b/ctdb/wscript +@@ -288,7 +288,7 @@ def configure(conf): + conf.env.CTDB_DATADIR = os.path.join(conf.env.EXEC_PREFIX, 'share/ctdb') + conf.env.CTDB_ETCDIR = os.path.join(conf.env.SYSCONFDIR, 'ctdb') + conf.env.CTDB_VARDIR = os.path.join(conf.env.LOCALSTATEDIR, 'lib/ctdb') +- conf.env.CTDB_RUNDIR = os.path.join(conf.env.LOCALSTATEDIR, 'run/ctdb') ++ conf.env.CTDB_RUNDIR = '/run/ctdb' + conf.env.CTDB_HELPER_BINDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb') + + if Options.options.ctdb_logdir: +-- +2.30.2 + diff --git a/debian/patches/ctdb_etcd_lock-path.patch b/debian/patches/ctdb_etcd_lock-path.patch new file mode 100644 index 0000000..411b047 --- /dev/null +++ b/debian/patches/ctdb_etcd_lock-path.patch @@ -0,0 +1,20 @@ +Subject: fix pathname for ctdb_etcd_lock +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Sat, 02 Apr 2022 17:49:38 +0300 + +Specify the actual installation path for this helper script. + +diff --git a/ctdb/doc/ctdb-etcd.7.xml b/ctdb/doc/ctdb-etcd.7.xml +index f84989f854f..fcb3d0c3b5f 100644 +--- a/ctdb/doc/ctdb-etcd.7.xml ++++ b/ctdb/doc/ctdb-etcd.7.xml +@@ -71 +71 @@ +-cluster lock = !/usr/local/usr/libexec/ctdb/ctdb_etcd_lock ++cluster lock = !/usr/libexec/ctdb/ctdb_etcd_lock +diff --git a/ctdb/utils/etcd/ctdb_etcd_lock b/ctdb/utils/etcd/ctdb_etcd_lock +index dac24361e77..e695ac7cab2 100755 +--- a/ctdb/utils/etcd/ctdb_etcd_lock ++++ b/ctdb/utils/etcd/ctdb_etcd_lock +@@ -26 +26 @@ the following line in the ctdb.conf: +- cluster lock = !/path/to/script ++ cluster lock = !/usr/libexec/ctdb/ctdb_etcd_lock diff --git a/debian/patches/disable-setuid-confchecks.patch b/debian/patches/disable-setuid-confchecks.patch new file mode 100644 index 0000000..68ad262 --- /dev/null +++ b/debian/patches/disable-setuid-confchecks.patch @@ -0,0 +1,25 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 08 Apr 2022 11:50:21 +0300 +Subject: disable setuid configure checks + +For some strange reason, when running reprotest test on salsa-ci, +which apparently is running as root, - on the *second* build only +the configure fails (after successfully built package the first +time). The configure test tries to change gid and verifies it +actually changed (not that the syscall exist), - and that fails. +Since it is extremely uncommon to configure the build process as +root, salsa-ci test environment details are quite deep down the line, +and we know the syscall actually works, just disable the probe, +pretending we are not root. + +diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c +index 30a29f535b1..451ad396965 100644 +--- a/source3/lib/util_sec.c ++++ b/source3/lib/util_sec.c +@@ -556,5 +556,5 @@ static int have_syscall(void) + int main(void) + { +- if (getuid() != 0) { ++ if (1 || getuid() != 0) { + #if (defined(AIX) && defined(USE_SETREUID)) + /* setreuid is badly broken on AIX 4.1, we avoid it completely */ diff --git a/debian/patches/edns0.patch b/debian/patches/edns0.patch new file mode 100644 index 0000000..bb0caf6 --- /dev/null +++ b/debian/patches/edns0.patch @@ -0,0 +1,58 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Subject: Minimal EDNS0 support for built-in DNS client +Date: Mon, 26 Feb 2024 14:15:00 +0300 +Forwarded: yes +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15536 + +Currently, samba built-in DNS client is UDP-only (it does +support TCP mode, but not all components use it). In +particular, when winbind queries list of AD DCs (SRV +record) which can be quite large, it uses UDP-only query. +And at the same time, samba DNS client does not support +EDNS0 at all, so the reply is limited to standard DNS +packet size which is 512 bytes. + +Add minimal EDNS0 OPT record to ADDITIONAL section when +sending a DNS request out, indicating we can accept +DNS packets up to 4Kb in size. + +Since DNSSEC is in wide use today and DNSSEC requires +EDNS0, it is okay to assume ENDS0 is widely supported +these days, so there should be no regressions when +enabling EDNS0. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +diff --git a/libcli/dns/dns.c b/libcli/dns/dns.c +index 943b4d5b33e..81144601bb8 100644 +--- a/libcli/dns/dns.c ++++ b/libcli/dns/dns.c +@@ -422,6 +422,7 @@ struct tevent_req *dns_cli_request_send(TALLOC_CTX *mem_ctx, + struct dns_cli_request_state *state; + struct dns_name_question question; + struct dns_name_packet out_packet; ++ struct dns_res_rec edns0_opt; + enum ndr_err_code ndr_err; + + req = tevent_req_create(mem_ctx, &state, +@@ -443,11 +444,19 @@ struct tevent_req *dns_cli_request_send(TALLOC_CTX *mem_ctx, + .question_type = qtype, .question_class = qclass + }; + ++ edns0_opt = (struct dns_res_rec) { ++ .name = "", ++ .rr_type = DNS_QTYPE_OPT, ++ .rr_class = 4096 /* 4096 bytes UDP buffer size */ ++ }; ++ + out_packet = (struct dns_name_packet) { + .id = state->req_id, + .operation = DNS_OPCODE_QUERY | DNS_FLAG_RECURSION_DESIRED, + .qdcount = 1, +- .questions = &question ++ .questions = &question, ++ .arcount = 1, ++ .additional = &edns0_opt + }; + + ndr_err = ndr_push_struct_blob( diff --git a/debian/patches/fix-nfs-service-name-to-nfs-kernel-server.patch b/debian/patches/fix-nfs-service-name-to-nfs-kernel-server.patch new file mode 100644 index 0000000..ad0a9b9 --- /dev/null +++ b/debian/patches/fix-nfs-service-name-to-nfs-kernel-server.patch @@ -0,0 +1,96 @@ +From: Rafael David Tinoco <rafaeldtinoco@gmail.com> +Subject: fix nfs related service names + +Upstream defines nfs related service names based on the Linux +distribution. This patch fixes the names for Debian and derivatives. + +Update by Andreas Hasenack <andreas@canonical.com> (LP: #1961840): +Use nfsconf(8) if it's available, instead of parsing the old config +files in /etc/default/nfs-* + +Bug-Debian: https://bugs.debian.org/929931 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/722201 +Last-Update: 2022-09-09 +diff --git a/ctdb/config/events/legacy/06.nfs.script b/ctdb/config/events/legacy/06.nfs.script +index b937d433254..943b5005bd9 100755 +--- a/ctdb/config/events/legacy/06.nfs.script ++++ b/ctdb/config/events/legacy/06.nfs.script +@@ -6,7 +6,7 @@ + + . "${CTDB_BASE}/functions" + +-service_name="nfs" ++service_name="nfs-kernel-server" + + load_script_options "service" "60.nfs" + +diff --git a/ctdb/config/events/legacy/60.nfs.script b/ctdb/config/events/legacy/60.nfs.script +index 8e496f73cc5..f47b91bff2d 100755 +--- a/ctdb/config/events/legacy/60.nfs.script ++++ b/ctdb/config/events/legacy/60.nfs.script +@@ -6,9 +6,11 @@ + + . "${CTDB_BASE}/functions" + +-service_name="nfs" ++service_name="nfs-kernel-server" + +-load_system_config "nfs" ++if ! type nfsconf > /dev/null 2>&1; then ++ load_system_config "nfs-kernel-server" ++fi + + load_script_options + +diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout +index f2f3e3824d0..4e3b1e21c04 100755 +--- a/ctdb/config/nfs-linux-kernel-callout ++++ b/ctdb/config/nfs-linux-kernel-callout +@@ -14,7 +14,7 @@ nfs_exports_file="${CTDB_NFS_EXPORTS_FILE:-/var/lib/nfs/etab}" + + # As above, edit the default value below. CTDB_NFS_DISTRO_STYLE is a + # test variable only. +-nfs_distro_style="${CTDB_NFS_DISTRO_STYLE:-systemd-redhat}" ++nfs_distro_style="${CTDB_NFS_DISTRO_STYLE:-systemd-debian}" + + # As above, edit the default value below. CTDB_SYS_ETCDIR is a + # test variable only. +@@ -42,7 +42,22 @@ systemd-*) + : # Defaults only + ;; + *-debian) +- nfs_rquotad_service="quotarpc" ++ # XXX ++ # Undefine nfs_rquotad_services because the quotarpc service won't ++ # start unless there are specific "quota" mount options in /etc/fstab. ++ # In this way, we let ctdb start it up manually once the ++ # /etc/ctdb/nfs-checks.d/50.rquotad.check detects rpc.rquotad isn't ++ # running. ++ # Users who really don't want rpc.rquotad running should then move ++ # the 50.rquotad.check script away. ++ nfs_rquotad_service="" ++ nfs_service="nfs-kernel-server" ++ if type nfsconf >/dev/null 2>&1; then ++ nfs_config="" ++ else ++ nfs_config="/etc/default/nfs-kernel-server" ++ fi ++ nfs_rquotad_config="/etc/default/quota" + ;; + *) + echo "Internal error" +diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout +index 38c155e4793..c138e71c7b1 100755 +--- a/ctdb/config/statd-callout ++++ b/ctdb/config/statd-callout +@@ -29,7 +29,9 @@ die () + } + + # Try different variables to find config file for NFS_HOSTNAME +-load_system_config "nfs" "nfs-common" ++if ! type nfsconf > /dev/null 2>&1; then ++ load_system_config "nfs-common" "nfs-kernel-server" ++fi + + # If NFS_HOSTNAME not set then try to pull it out of /etc/nfs.conf + if [ -z "$NFS_HOSTNAME" ]; then diff --git a/debian/patches/fruit-disable-useless-size_t-overflow-check.patch b/debian/patches/fruit-disable-useless-size_t-overflow-check.patch new file mode 100644 index 0000000..828f835 --- /dev/null +++ b/debian/patches/fruit-disable-useless-size_t-overflow-check.patch @@ -0,0 +1,53 @@ +From e4bf63c976b0e3253f980360b2fe6244092b777c Mon Sep 17 00:00:00 2001 +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Thu, 17 Nov 2022 23:51:03 +0300 +Subject: [PATCH] fruit: disable useless size_t overflow check +Bug-Debian: http://bugs.debian.org/974868 + +As has been said several times in +https://bugzilla.samba.org/show_bug.cgi?id=13622 , +the check 'bandsize > SIZE_MAX/nbands' is useless. But it +is also wrong, in 2 ways: first, nbands might be 0 (when +no bands has been allocated yet), and second, there's no +point in comparing this with SIZE_MAX, since size_t on 32bit +platforms is a 32bit integer, while bandsize is off_t which +is 64bits (samba always enables LFS). + +This check causes the module to fail when bandsize*nbands +exceeds 32bits, which has been reported for example at +https://bugs.debian.org/974868 . + +Whole thing can't overflow because it is already guarded +by time_machine_max_size. Or at the very least, by current +disk sizes... :) + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> +--- + source3/modules/vfs_fruit.c | 11 ----------- + 1 file changed, 11 deletions(-) + +diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c +index 4058d4834e7..8e31e74f2a6 100644 +--- a/source3/modules/vfs_fruit.c ++++ b/source3/modules/vfs_fruit.c +@@ -5273,17 +5273,6 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle, + return true; + } + +- /* +- * Arithmetic on 32-bit systems may cause overflow, depending on +- * size_t precision. First we check its unlikely, then we +- * force the precision into target off_t, then we check that +- * the total did not overflow either. +- */ +- if (bandsize > SIZE_MAX/nbands) { +- DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands [%zu]\n", +- bandsize, nbands); +- return false; +- } + tm_size = (off_t)bandsize * (off_t)nbands; + + if (state->total_size + tm_size < state->total_size) { +-- +2.30.2 + diff --git a/debian/patches/heimdal-rfc3454.txt b/debian/patches/heimdal-rfc3454.txt new file mode 100644 index 0000000..162bd2e --- /dev/null +++ b/debian/patches/heimdal-rfc3454.txt @@ -0,0 +1,7122 @@ +From: Brian May <bam@debian.org> +Subject: Patch in symbol table from rfc3454, for Heimdal scripts +Forwarded: not-needed + +Status: cherry-picked from heimdal package +--- + third_party/heimdal/lib/wind/rfc3454.txt-table | 7074 ++++++++++++++++++++++++++++ + third_party/heimdal_build/wscript_build | 6 +- + 2 files changed, 7077 insertions(+), 3 deletions(-) + create mode 100644 source4/heimdal/lib/wind/rfc3454.txt-table + +diff --git a/third_party/heimdal/lib/wind/rfc3454.txt-table b/third_party/heimdal/lib/wind/rfc3454.txt-table +new file mode 100644 +index 0000000..5bef0b5 +--- /dev/null ++++ b/third_party/heimdal/lib/wind/rfc3454.txt-table +@@ -0,0 +1,7074 @@ ++ ----- Start Table A.1 ----- ++ ++ 0221 ++ ++ 0234-024F ++ ++ 02AE-02AF ++ ++ 02EF-02FF ++ ++ 0350-035F ++ ++ 0370-0373 ++ ++ 0376-0379 ++ ++ 037B-037D ++ ++ 037F-0383 ++ ++ 038B ++ ++ 038D ++ ++ 03A2 ++ ++ 03CF ++ ++ 03F7-03FF ++ ++ 0487 ++ ++ 04CF ++ ++ 04F6-04F7 ++ ++ 04FA-04FF ++ ++ 0510-0530 ++ ++ 0557-0558 ++ ++ 0560 ++ ++ 0588 ++ ++ 058B-0590 ++ ++ 05A2 ++ ++ 05BA ++ ++ 05C5-05CF ++ ++ 05EB-05EF ++ ++ 05F5-060B ++ ++ 060D-061A ++ ++ 061C-061E ++ ++ 0620 ++ ++ 063B-063F ++ ++ 0656-065F ++ ++ 06EE-06EF ++ ++ 06FF ++ ++ 070E ++ ++ 072D-072F ++ ++ 074B-077F ++ ++ 07B2-0900 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0904 ++ ++ 093A-093B ++ ++ 094E-094F ++ ++ 0955-0957 ++ ++ 0971-0980 ++ ++ 0984 ++ ++ 098D-098E ++ ++ 0991-0992 ++ ++ 09A9 ++ ++ 09B1 ++ ++ 09B3-09B5 ++ ++ 09BA-09BB ++ ++ 09BD ++ ++ 09C5-09C6 ++ ++ 09C9-09CA ++ ++ 09CE-09D6 ++ ++ 09D8-09DB ++ ++ 09DE ++ ++ 09E4-09E5 ++ ++ 09FB-0A01 ++ ++ 0A03-0A04 ++ ++ 0A0B-0A0E ++ ++ 0A11-0A12 ++ ++ 0A29 ++ ++ 0A31 ++ ++ 0A34 ++ ++ 0A37 ++ ++ 0A3A-0A3B ++ ++ 0A3D ++ ++ 0A43-0A46 ++ ++ 0A49-0A4A ++ ++ 0A4E-0A58 ++ ++ 0A5D ++ ++ 0A5F-0A65 ++ ++ 0A75-0A80 ++ ++ 0A84 ++ ++ 0A8C ++ ++ 0A8E ++ ++ 0A92 ++ ++ 0AA9 ++ ++ 0AB1 ++ ++ 0AB4 ++ ++ 0ABA-0ABB ++ ++ 0AC6 ++ ++ 0ACA ++ ++ 0ACE-0ACF ++ ++ 0AD1-0ADF ++ ++ 0AE1-0AE5 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0AF0-0B00 ++ ++ 0B04 ++ ++ 0B0D-0B0E ++ ++ 0B11-0B12 ++ ++ 0B29 ++ ++ 0B31 ++ ++ 0B34-0B35 ++ ++ 0B3A-0B3B ++ ++ 0B44-0B46 ++ ++ 0B49-0B4A ++ ++ 0B4E-0B55 ++ ++ 0B58-0B5B ++ ++ 0B5E ++ ++ 0B62-0B65 ++ ++ 0B71-0B81 ++ ++ 0B84 ++ ++ 0B8B-0B8D ++ ++ 0B91 ++ ++ 0B96-0B98 ++ ++ 0B9B ++ ++ 0B9D ++ ++ 0BA0-0BA2 ++ ++ 0BA5-0BA7 ++ ++ 0BAB-0BAD ++ ++ 0BB6 ++ ++ 0BBA-0BBD ++ ++ 0BC3-0BC5 ++ ++ 0BC9 ++ ++ 0BCE-0BD6 ++ ++ 0BD8-0BE6 ++ ++ 0BF3-0C00 ++ ++ 0C04 ++ ++ 0C0D ++ ++ 0C11 ++ ++ 0C29 ++ ++ 0C34 ++ ++ 0C3A-0C3D ++ ++ 0C45 ++ ++ 0C49 ++ ++ 0C4E-0C54 ++ ++ 0C57-0C5F ++ ++ 0C62-0C65 ++ ++ 0C70-0C81 ++ ++ 0C84 ++ ++ 0C8D ++ ++ 0C91 ++ ++ 0CA9 ++ ++ 0CB4 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0CBA-0CBD ++ ++ 0CC5 ++ ++ 0CC9 ++ ++ 0CCE-0CD4 ++ ++ 0CD7-0CDD ++ ++ 0CDF ++ ++ 0CE2-0CE5 ++ ++ 0CF0-0D01 ++ ++ 0D04 ++ ++ 0D0D ++ ++ 0D11 ++ ++ 0D29 ++ ++ 0D3A-0D3D ++ ++ 0D44-0D45 ++ ++ 0D49 ++ ++ 0D4E-0D56 ++ ++ 0D58-0D5F ++ ++ 0D62-0D65 ++ ++ 0D70-0D81 ++ ++ 0D84 ++ ++ 0D97-0D99 ++ ++ 0DB2 ++ ++ 0DBC ++ ++ 0DBE-0DBF ++ ++ 0DC7-0DC9 ++ ++ 0DCB-0DCE ++ ++ 0DD5 ++ ++ 0DD7 ++ ++ 0DE0-0DF1 ++ ++ 0DF5-0E00 ++ ++ 0E3B-0E3E ++ ++ 0E5C-0E80 ++ ++ 0E83 ++ ++ 0E85-0E86 ++ ++ 0E89 ++ ++ 0E8B-0E8C ++ ++ 0E8E-0E93 ++ ++ 0E98 ++ ++ 0EA0 ++ ++ 0EA4 ++ ++ 0EA6 ++ ++ 0EA8-0EA9 ++ ++ 0EAC ++ ++ 0EBA ++ ++ 0EBE-0EBF ++ ++ 0EC5 ++ ++ 0EC7 ++ ++ 0ECE-0ECF ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0EDA-0EDB ++ ++ 0EDE-0EFF ++ ++ 0F48 ++ ++ 0F6B-0F70 ++ ++ 0F8C-0F8F ++ ++ 0F98 ++ ++ 0FBD ++ ++ 0FCD-0FCE ++ ++ 0FD0-0FFF ++ ++ 1022 ++ ++ 1028 ++ ++ 102B ++ ++ 1033-1035 ++ ++ 103A-103F ++ ++ 105A-109F ++ ++ 10C6-10CF ++ ++ 10F9-10FA ++ ++ 10FC-10FF ++ ++ 115A-115E ++ ++ 11A3-11A7 ++ ++ 11FA-11FF ++ ++ 1207 ++ ++ 1247 ++ ++ 1249 ++ ++ 124E-124F ++ ++ 1257 ++ ++ 1259 ++ ++ 125E-125F ++ ++ 1287 ++ ++ 1289 ++ ++ 128E-128F ++ ++ 12AF ++ ++ 12B1 ++ ++ 12B6-12B7 ++ ++ 12BF ++ ++ 12C1 ++ ++ 12C6-12C7 ++ ++ 12CF ++ ++ 12D7 ++ ++ 12EF ++ ++ 130F ++ ++ 1311 ++ ++ 1316-1317 ++ ++ 131F ++ ++ 1347 ++ ++ 135B-1360 ++ ++ 137D-139F ++ ++ 13F5-1400 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1677-167F ++ ++ 169D-169F ++ ++ 16F1-16FF ++ ++ 170D ++ ++ 1715-171F ++ ++ 1737-173F ++ ++ 1754-175F ++ ++ 176D ++ ++ 1771 ++ ++ 1774-177F ++ ++ 17DD-17DF ++ ++ 17EA-17FF ++ ++ 180F ++ ++ 181A-181F ++ ++ 1878-187F ++ ++ 18AA-1DFF ++ ++ 1E9C-1E9F ++ ++ 1EFA-1EFF ++ ++ 1F16-1F17 ++ ++ 1F1E-1F1F ++ ++ 1F46-1F47 ++ ++ 1F4E-1F4F ++ ++ 1F58 ++ ++ 1F5A ++ ++ 1F5C ++ ++ 1F5E ++ ++ 1F7E-1F7F ++ ++ 1FB5 ++ ++ 1FC5 ++ ++ 1FD4-1FD5 ++ ++ 1FDC ++ ++ 1FF0-1FF1 ++ ++ 1FF5 ++ ++ 1FFF ++ ++ 2053-2056 ++ ++ 2058-205E ++ ++ 2064-2069 ++ ++ 2072-2073 ++ ++ 208F-209F ++ ++ 20B2-20CF ++ ++ 20EB-20FF ++ ++ 213B-213C ++ ++ 214C-2152 ++ ++ 2184-218F ++ ++ 23CF-23FF ++ ++ 2427-243F ++ ++ 244B-245F ++ ++ 24FF ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 2614-2615 ++ ++ 2618 ++ ++ 267E-267F ++ ++ 268A-2700 ++ ++ 2705 ++ ++ 270A-270B ++ ++ 2728 ++ ++ 274C ++ ++ 274E ++ ++ 2753-2755 ++ ++ 2757 ++ ++ 275F-2760 ++ ++ 2795-2797 ++ ++ 27B0 ++ ++ 27BF-27CF ++ ++ 27EC-27EF ++ ++ 2B00-2E7F ++ ++ 2E9A ++ ++ 2EF4-2EFF ++ ++ 2FD6-2FEF ++ ++ 2FFC-2FFF ++ ++ 3040 ++ ++ 3097-3098 ++ ++ 3100-3104 ++ ++ 312D-3130 ++ ++ 318F ++ ++ 31B8-31EF ++ ++ 321D-321F ++ ++ 3244-3250 ++ ++ 327C-327E ++ ++ 32CC-32CF ++ ++ 32FF ++ ++ 3377-337A ++ ++ 33DE-33DF ++ ++ 33FF ++ ++ 4DB6-4DFF ++ ++ 9FA6-9FFF ++ ++ A48D-A48F ++ ++ A4C7-ABFF ++ ++ D7A4-D7FF ++ ++ FA2E-FA2F ++ ++ FA6B-FAFF ++ ++ FB07-FB12 ++ ++ FB18-FB1C ++ ++ FB37 ++ ++ FB3D ++ ++ FB3F ++ ++ FB42 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ FB45 ++ ++ FBB2-FBD2 ++ ++ FD40-FD4F ++ ++ FD90-FD91 ++ ++ FDC8-FDCF ++ ++ FDFD-FDFF ++ ++ FE10-FE1F ++ ++ FE24-FE2F ++ ++ FE47-FE48 ++ ++ FE53 ++ ++ FE67 ++ ++ FE6C-FE6F ++ ++ FE75 ++ ++ FEFD-FEFE ++ ++ FF00 ++ ++ FFBF-FFC1 ++ ++ FFC8-FFC9 ++ ++ FFD0-FFD1 ++ ++ FFD8-FFD9 ++ ++ FFDD-FFDF ++ ++ FFE7 ++ ++ FFEF-FFF8 ++ ++ 10000-102FF ++ ++ 1031F ++ ++ 10324-1032F ++ ++ 1034B-103FF ++ ++ 10426-10427 ++ ++ 1044E-1CFFF ++ ++ 1D0F6-1D0FF ++ ++ 1D127-1D129 ++ ++ 1D1DE-1D3FF ++ ++ 1D455 ++ ++ 1D49D ++ ++ 1D4A0-1D4A1 ++ ++ 1D4A3-1D4A4 ++ ++ 1D4A7-1D4A8 ++ ++ 1D4AD ++ ++ 1D4BA ++ ++ 1D4BC ++ ++ 1D4C1 ++ ++ 1D4C4 ++ ++ 1D506 ++ ++ 1D50B-1D50C ++ ++ 1D515 ++ ++ 1D51D ++ ++ 1D53A ++ ++ 1D53F ++ ++ 1D545 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D547-1D549 ++ ++ 1D551 ++ ++ 1D6A4-1D6A7 ++ ++ 1D7CA-1D7CD ++ ++ 1D800-1FFFD ++ ++ 2A6D7-2F7FF ++ ++ 2FA1E-2FFFD ++ ++ 30000-3FFFD ++ ++ 40000-4FFFD ++ ++ 50000-5FFFD ++ ++ 60000-6FFFD ++ ++ 70000-7FFFD ++ ++ 80000-8FFFD ++ ++ 90000-9FFFD ++ ++ A0000-AFFFD ++ ++ B0000-BFFFD ++ ++ C0000-CFFFD ++ ++ D0000-DFFFD ++ ++ E0000 ++ ++ E0002-E001F ++ ++ E0080-EFFFD ++ ++ ----- End Table A.1 ----- ++ ++ ----- Start Table B.1 ----- ++ ++ 00AD; ; Map to nothing ++ ++ 034F; ; Map to nothing ++ ++ 1806; ; Map to nothing ++ ++ 180B; ; Map to nothing ++ ++ 180C; ; Map to nothing ++ ++ 180D; ; Map to nothing ++ ++ 200B; ; Map to nothing ++ ++ 200C; ; Map to nothing ++ ++ 200D; ; Map to nothing ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 2060; ; Map to nothing ++ ++ FE00; ; Map to nothing ++ ++ FE01; ; Map to nothing ++ ++ FE02; ; Map to nothing ++ ++ FE03; ; Map to nothing ++ ++ FE04; ; Map to nothing ++ ++ FE05; ; Map to nothing ++ ++ FE06; ; Map to nothing ++ ++ FE07; ; Map to nothing ++ ++ FE08; ; Map to nothing ++ ++ FE09; ; Map to nothing ++ ++ FE0A; ; Map to nothing ++ ++ FE0B; ; Map to nothing ++ ++ FE0C; ; Map to nothing ++ ++ FE0D; ; Map to nothing ++ ++ FE0E; ; Map to nothing ++ ++ FE0F; ; Map to nothing ++ ++ FEFF; ; Map to nothing ++ ++ ----- End Table B.1 ----- ++ ++ ----- Start Table B.2 ----- ++ ++ 0041; 0061; Case map ++ ++ 0042; 0062; Case map ++ ++ 0043; 0063; Case map ++ ++ 0044; 0064; Case map ++ ++ 0045; 0065; Case map ++ ++ 0046; 0066; Case map ++ ++ 0047; 0067; Case map ++ ++ 0048; 0068; Case map ++ ++ 0049; 0069; Case map ++ ++ 004A; 006A; Case map ++ ++ 004B; 006B; Case map ++ ++ 004C; 006C; Case map ++ ++ 004D; 006D; Case map ++ ++ 004E; 006E; Case map ++ ++ 004F; 006F; Case map ++ ++ 0050; 0070; Case map ++ ++ 0051; 0071; Case map ++ ++ 0052; 0072; Case map ++ ++ 0053; 0073; Case map ++ ++ 0054; 0074; Case map ++ ++ 0055; 0075; Case map ++ ++ 0056; 0076; Case map ++ ++ 0057; 0077; Case map ++ ++ 0058; 0078; Case map ++ ++ 0059; 0079; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 005A; 007A; Case map ++ ++ 00B5; 03BC; Case map ++ ++ 00C0; 00E0; Case map ++ ++ 00C1; 00E1; Case map ++ ++ 00C2; 00E2; Case map ++ ++ 00C3; 00E3; Case map ++ ++ 00C4; 00E4; Case map ++ ++ 00C5; 00E5; Case map ++ ++ 00C6; 00E6; Case map ++ ++ 00C7; 00E7; Case map ++ ++ 00C8; 00E8; Case map ++ ++ 00C9; 00E9; Case map ++ ++ 00CA; 00EA; Case map ++ ++ 00CB; 00EB; Case map ++ ++ 00CC; 00EC; Case map ++ ++ 00CD; 00ED; Case map ++ ++ 00CE; 00EE; Case map ++ ++ 00CF; 00EF; Case map ++ ++ 00D0; 00F0; Case map ++ ++ 00D1; 00F1; Case map ++ ++ 00D2; 00F2; Case map ++ ++ 00D3; 00F3; Case map ++ ++ 00D4; 00F4; Case map ++ ++ 00D5; 00F5; Case map ++ ++ 00D6; 00F6; Case map ++ ++ 00D8; 00F8; Case map ++ ++ 00D9; 00F9; Case map ++ ++ 00DA; 00FA; Case map ++ ++ 00DB; 00FB; Case map ++ ++ 00DC; 00FC; Case map ++ ++ 00DD; 00FD; Case map ++ ++ 00DE; 00FE; Case map ++ ++ 00DF; 0073 0073; Case map ++ ++ 0100; 0101; Case map ++ ++ 0102; 0103; Case map ++ ++ 0104; 0105; Case map ++ ++ 0106; 0107; Case map ++ ++ 0108; 0109; Case map ++ ++ 010A; 010B; Case map ++ ++ 010C; 010D; Case map ++ ++ 010E; 010F; Case map ++ ++ 0110; 0111; Case map ++ ++ 0112; 0113; Case map ++ ++ 0114; 0115; Case map ++ ++ 0116; 0117; Case map ++ ++ 0118; 0119; Case map ++ ++ 011A; 011B; Case map ++ ++ 011C; 011D; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 011E; 011F; Case map ++ ++ 0120; 0121; Case map ++ ++ 0122; 0123; Case map ++ ++ 0124; 0125; Case map ++ ++ 0126; 0127; Case map ++ ++ 0128; 0129; Case map ++ ++ 012A; 012B; Case map ++ ++ 012C; 012D; Case map ++ ++ 012E; 012F; Case map ++ ++ 0130; 0069 0307; Case map ++ ++ 0132; 0133; Case map ++ ++ 0134; 0135; Case map ++ ++ 0136; 0137; Case map ++ ++ 0139; 013A; Case map ++ ++ 013B; 013C; Case map ++ ++ 013D; 013E; Case map ++ ++ 013F; 0140; Case map ++ ++ 0141; 0142; Case map ++ ++ 0143; 0144; Case map ++ ++ 0145; 0146; Case map ++ ++ 0147; 0148; Case map ++ ++ 0149; 02BC 006E; Case map ++ ++ 014A; 014B; Case map ++ ++ 014C; 014D; Case map ++ ++ 014E; 014F; Case map ++ ++ 0150; 0151; Case map ++ ++ 0152; 0153; Case map ++ ++ 0154; 0155; Case map ++ ++ 0156; 0157; Case map ++ ++ 0158; 0159; Case map ++ ++ 015A; 015B; Case map ++ ++ 015C; 015D; Case map ++ ++ 015E; 015F; Case map ++ ++ 0160; 0161; Case map ++ ++ 0162; 0163; Case map ++ ++ 0164; 0165; Case map ++ ++ 0166; 0167; Case map ++ ++ 0168; 0169; Case map ++ ++ 016A; 016B; Case map ++ ++ 016C; 016D; Case map ++ ++ 016E; 016F; Case map ++ ++ 0170; 0171; Case map ++ ++ 0172; 0173; Case map ++ ++ 0174; 0175; Case map ++ ++ 0176; 0177; Case map ++ ++ 0178; 00FF; Case map ++ ++ 0179; 017A; Case map ++ ++ 017B; 017C; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 017D; 017E; Case map ++ ++ 017F; 0073; Case map ++ ++ 0181; 0253; Case map ++ ++ 0182; 0183; Case map ++ ++ 0184; 0185; Case map ++ ++ 0186; 0254; Case map ++ ++ 0187; 0188; Case map ++ ++ 0189; 0256; Case map ++ ++ 018A; 0257; Case map ++ ++ 018B; 018C; Case map ++ ++ 018E; 01DD; Case map ++ ++ 018F; 0259; Case map ++ ++ 0190; 025B; Case map ++ ++ 0191; 0192; Case map ++ ++ 0193; 0260; Case map ++ ++ 0194; 0263; Case map ++ ++ 0196; 0269; Case map ++ ++ 0197; 0268; Case map ++ ++ 0198; 0199; Case map ++ ++ 019C; 026F; Case map ++ ++ 019D; 0272; Case map ++ ++ 019F; 0275; Case map ++ ++ 01A0; 01A1; Case map ++ ++ 01A2; 01A3; Case map ++ ++ 01A4; 01A5; Case map ++ ++ 01A6; 0280; Case map ++ ++ 01A7; 01A8; Case map ++ ++ 01A9; 0283; Case map ++ ++ 01AC; 01AD; Case map ++ ++ 01AE; 0288; Case map ++ ++ 01AF; 01B0; Case map ++ ++ 01B1; 028A; Case map ++ ++ 01B2; 028B; Case map ++ ++ 01B3; 01B4; Case map ++ ++ 01B5; 01B6; Case map ++ ++ 01B7; 0292; Case map ++ ++ 01B8; 01B9; Case map ++ ++ 01BC; 01BD; Case map ++ ++ 01C4; 01C6; Case map ++ ++ 01C5; 01C6; Case map ++ ++ 01C7; 01C9; Case map ++ ++ 01C8; 01C9; Case map ++ ++ 01CA; 01CC; Case map ++ ++ 01CB; 01CC; Case map ++ ++ 01CD; 01CE; Case map ++ ++ 01CF; 01D0; Case map ++ ++ 01D1; 01D2; Case map ++ ++ 01D3; 01D4; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 01D5; 01D6; Case map ++ ++ 01D7; 01D8; Case map ++ ++ 01D9; 01DA; Case map ++ ++ 01DB; 01DC; Case map ++ ++ 01DE; 01DF; Case map ++ ++ 01E0; 01E1; Case map ++ ++ 01E2; 01E3; Case map ++ ++ 01E4; 01E5; Case map ++ ++ 01E6; 01E7; Case map ++ ++ 01E8; 01E9; Case map ++ ++ 01EA; 01EB; Case map ++ ++ 01EC; 01ED; Case map ++ ++ 01EE; 01EF; Case map ++ ++ 01F0; 006A 030C; Case map ++ ++ 01F1; 01F3; Case map ++ ++ 01F2; 01F3; Case map ++ ++ 01F4; 01F5; Case map ++ ++ 01F6; 0195; Case map ++ ++ 01F7; 01BF; Case map ++ ++ 01F8; 01F9; Case map ++ ++ 01FA; 01FB; Case map ++ ++ 01FC; 01FD; Case map ++ ++ 01FE; 01FF; Case map ++ ++ 0200; 0201; Case map ++ ++ 0202; 0203; Case map ++ ++ 0204; 0205; Case map ++ ++ 0206; 0207; Case map ++ ++ 0208; 0209; Case map ++ ++ 020A; 020B; Case map ++ ++ 020C; 020D; Case map ++ ++ 020E; 020F; Case map ++ ++ 0210; 0211; Case map ++ ++ 0212; 0213; Case map ++ ++ 0214; 0215; Case map ++ ++ 0216; 0217; Case map ++ ++ 0218; 0219; Case map ++ ++ 021A; 021B; Case map ++ ++ 021C; 021D; Case map ++ ++ 021E; 021F; Case map ++ ++ 0220; 019E; Case map ++ ++ 0222; 0223; Case map ++ ++ 0224; 0225; Case map ++ ++ 0226; 0227; Case map ++ ++ 0228; 0229; Case map ++ ++ 022A; 022B; Case map ++ ++ 022C; 022D; Case map ++ ++ 022E; 022F; Case map ++ ++ 0230; 0231; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0232; 0233; Case map ++ ++ 0345; 03B9; Case map ++ ++ 037A; 0020 03B9; Additional folding ++ ++ 0386; 03AC; Case map ++ ++ 0388; 03AD; Case map ++ ++ 0389; 03AE; Case map ++ ++ 038A; 03AF; Case map ++ ++ 038C; 03CC; Case map ++ ++ 038E; 03CD; Case map ++ ++ 038F; 03CE; Case map ++ ++ 0390; 03B9 0308 0301; Case map ++ ++ 0391; 03B1; Case map ++ ++ 0392; 03B2; Case map ++ ++ 0393; 03B3; Case map ++ ++ 0394; 03B4; Case map ++ ++ 0395; 03B5; Case map ++ ++ 0396; 03B6; Case map ++ ++ 0397; 03B7; Case map ++ ++ 0398; 03B8; Case map ++ ++ 0399; 03B9; Case map ++ ++ 039A; 03BA; Case map ++ ++ 039B; 03BB; Case map ++ ++ 039C; 03BC; Case map ++ ++ 039D; 03BD; Case map ++ ++ 039E; 03BE; Case map ++ ++ 039F; 03BF; Case map ++ ++ 03A0; 03C0; Case map ++ ++ 03A1; 03C1; Case map ++ ++ 03A3; 03C3; Case map ++ ++ 03A4; 03C4; Case map ++ ++ 03A5; 03C5; Case map ++ ++ 03A6; 03C6; Case map ++ ++ 03A7; 03C7; Case map ++ ++ 03A8; 03C8; Case map ++ ++ 03A9; 03C9; Case map ++ ++ 03AA; 03CA; Case map ++ ++ 03AB; 03CB; Case map ++ ++ 03B0; 03C5 0308 0301; Case map ++ ++ 03C2; 03C3; Case map ++ ++ 03D0; 03B2; Case map ++ ++ 03D1; 03B8; Case map ++ ++ 03D2; 03C5; Additional folding ++ ++ 03D3; 03CD; Additional folding ++ ++ 03D4; 03CB; Additional folding ++ ++ 03D5; 03C6; Case map ++ ++ 03D6; 03C0; Case map ++ ++ 03D8; 03D9; Case map ++ ++ 03DA; 03DB; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 03DC; 03DD; Case map ++ ++ 03DE; 03DF; Case map ++ ++ 03E0; 03E1; Case map ++ ++ 03E2; 03E3; Case map ++ ++ 03E4; 03E5; Case map ++ ++ 03E6; 03E7; Case map ++ ++ 03E8; 03E9; Case map ++ ++ 03EA; 03EB; Case map ++ ++ 03EC; 03ED; Case map ++ ++ 03EE; 03EF; Case map ++ ++ 03F0; 03BA; Case map ++ ++ 03F1; 03C1; Case map ++ ++ 03F2; 03C3; Case map ++ ++ 03F4; 03B8; Case map ++ ++ 03F5; 03B5; Case map ++ ++ 0400; 0450; Case map ++ ++ 0401; 0451; Case map ++ ++ 0402; 0452; Case map ++ ++ 0403; 0453; Case map ++ ++ 0404; 0454; Case map ++ ++ 0405; 0455; Case map ++ ++ 0406; 0456; Case map ++ ++ 0407; 0457; Case map ++ ++ 0408; 0458; Case map ++ ++ 0409; 0459; Case map ++ ++ 040A; 045A; Case map ++ ++ 040B; 045B; Case map ++ ++ 040C; 045C; Case map ++ ++ 040D; 045D; Case map ++ ++ 040E; 045E; Case map ++ ++ 040F; 045F; Case map ++ ++ 0410; 0430; Case map ++ ++ 0411; 0431; Case map ++ ++ 0412; 0432; Case map ++ ++ 0413; 0433; Case map ++ ++ 0414; 0434; Case map ++ ++ 0415; 0435; Case map ++ ++ 0416; 0436; Case map ++ ++ 0417; 0437; Case map ++ ++ 0418; 0438; Case map ++ ++ 0419; 0439; Case map ++ ++ 041A; 043A; Case map ++ ++ 041B; 043B; Case map ++ ++ 041C; 043C; Case map ++ ++ 041D; 043D; Case map ++ ++ 041E; 043E; Case map ++ ++ 041F; 043F; Case map ++ ++ 0420; 0440; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0421; 0441; Case map ++ ++ 0422; 0442; Case map ++ ++ 0423; 0443; Case map ++ ++ 0424; 0444; Case map ++ ++ 0425; 0445; Case map ++ ++ 0426; 0446; Case map ++ ++ 0427; 0447; Case map ++ ++ 0428; 0448; Case map ++ ++ 0429; 0449; Case map ++ ++ 042A; 044A; Case map ++ ++ 042B; 044B; Case map ++ ++ 042C; 044C; Case map ++ ++ 042D; 044D; Case map ++ ++ 042E; 044E; Case map ++ ++ 042F; 044F; Case map ++ ++ 0460; 0461; Case map ++ ++ 0462; 0463; Case map ++ ++ 0464; 0465; Case map ++ ++ 0466; 0467; Case map ++ ++ 0468; 0469; Case map ++ ++ 046A; 046B; Case map ++ ++ 046C; 046D; Case map ++ ++ 046E; 046F; Case map ++ ++ 0470; 0471; Case map ++ ++ 0472; 0473; Case map ++ ++ 0474; 0475; Case map ++ ++ 0476; 0477; Case map ++ ++ 0478; 0479; Case map ++ ++ 047A; 047B; Case map ++ ++ 047C; 047D; Case map ++ ++ 047E; 047F; Case map ++ ++ 0480; 0481; Case map ++ ++ 048A; 048B; Case map ++ ++ 048C; 048D; Case map ++ ++ 048E; 048F; Case map ++ ++ 0490; 0491; Case map ++ ++ 0492; 0493; Case map ++ ++ 0494; 0495; Case map ++ ++ 0496; 0497; Case map ++ ++ 0498; 0499; Case map ++ ++ 049A; 049B; Case map ++ ++ 049C; 049D; Case map ++ ++ 049E; 049F; Case map ++ ++ 04A0; 04A1; Case map ++ ++ 04A2; 04A3; Case map ++ ++ 04A4; 04A5; Case map ++ ++ 04A6; 04A7; Case map ++ ++ 04A8; 04A9; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 04AA; 04AB; Case map ++ ++ 04AC; 04AD; Case map ++ ++ 04AE; 04AF; Case map ++ ++ 04B0; 04B1; Case map ++ ++ 04B2; 04B3; Case map ++ ++ 04B4; 04B5; Case map ++ ++ 04B6; 04B7; Case map ++ ++ 04B8; 04B9; Case map ++ ++ 04BA; 04BB; Case map ++ ++ 04BC; 04BD; Case map ++ ++ 04BE; 04BF; Case map ++ ++ 04C1; 04C2; Case map ++ ++ 04C3; 04C4; Case map ++ ++ 04C5; 04C6; Case map ++ ++ 04C7; 04C8; Case map ++ ++ 04C9; 04CA; Case map ++ ++ 04CB; 04CC; Case map ++ ++ 04CD; 04CE; Case map ++ ++ 04D0; 04D1; Case map ++ ++ 04D2; 04D3; Case map ++ ++ 04D4; 04D5; Case map ++ ++ 04D6; 04D7; Case map ++ ++ 04D8; 04D9; Case map ++ ++ 04DA; 04DB; Case map ++ ++ 04DC; 04DD; Case map ++ ++ 04DE; 04DF; Case map ++ ++ 04E0; 04E1; Case map ++ ++ 04E2; 04E3; Case map ++ ++ 04E4; 04E5; Case map ++ ++ 04E6; 04E7; Case map ++ ++ 04E8; 04E9; Case map ++ ++ 04EA; 04EB; Case map ++ ++ 04EC; 04ED; Case map ++ ++ 04EE; 04EF; Case map ++ ++ 04F0; 04F1; Case map ++ ++ 04F2; 04F3; Case map ++ ++ 04F4; 04F5; Case map ++ ++ 04F8; 04F9; Case map ++ ++ 0500; 0501; Case map ++ ++ 0502; 0503; Case map ++ ++ 0504; 0505; Case map ++ ++ 0506; 0507; Case map ++ ++ 0508; 0509; Case map ++ ++ 050A; 050B; Case map ++ ++ 050C; 050D; Case map ++ ++ 050E; 050F; Case map ++ ++ 0531; 0561; Case map ++ ++ 0532; 0562; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0533; 0563; Case map ++ ++ 0534; 0564; Case map ++ ++ 0535; 0565; Case map ++ ++ 0536; 0566; Case map ++ ++ 0537; 0567; Case map ++ ++ 0538; 0568; Case map ++ ++ 0539; 0569; Case map ++ ++ 053A; 056A; Case map ++ ++ 053B; 056B; Case map ++ ++ 053C; 056C; Case map ++ ++ 053D; 056D; Case map ++ ++ 053E; 056E; Case map ++ ++ 053F; 056F; Case map ++ ++ 0540; 0570; Case map ++ ++ 0541; 0571; Case map ++ ++ 0542; 0572; Case map ++ ++ 0543; 0573; Case map ++ ++ 0544; 0574; Case map ++ ++ 0545; 0575; Case map ++ ++ 0546; 0576; Case map ++ ++ 0547; 0577; Case map ++ ++ 0548; 0578; Case map ++ ++ 0549; 0579; Case map ++ ++ 054A; 057A; Case map ++ ++ 054B; 057B; Case map ++ ++ 054C; 057C; Case map ++ ++ 054D; 057D; Case map ++ ++ 054E; 057E; Case map ++ ++ 054F; 057F; Case map ++ ++ 0550; 0580; Case map ++ ++ 0551; 0581; Case map ++ ++ 0552; 0582; Case map ++ ++ 0553; 0583; Case map ++ ++ 0554; 0584; Case map ++ ++ 0555; 0585; Case map ++ ++ 0556; 0586; Case map ++ ++ 0587; 0565 0582; Case map ++ ++ 1E00; 1E01; Case map ++ ++ 1E02; 1E03; Case map ++ ++ 1E04; 1E05; Case map ++ ++ 1E06; 1E07; Case map ++ ++ 1E08; 1E09; Case map ++ ++ 1E0A; 1E0B; Case map ++ ++ 1E0C; 1E0D; Case map ++ ++ 1E0E; 1E0F; Case map ++ ++ 1E10; 1E11; Case map ++ ++ 1E12; 1E13; Case map ++ ++ 1E14; 1E15; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1E16; 1E17; Case map ++ ++ 1E18; 1E19; Case map ++ ++ 1E1A; 1E1B; Case map ++ ++ 1E1C; 1E1D; Case map ++ ++ 1E1E; 1E1F; Case map ++ ++ 1E20; 1E21; Case map ++ ++ 1E22; 1E23; Case map ++ ++ 1E24; 1E25; Case map ++ ++ 1E26; 1E27; Case map ++ ++ 1E28; 1E29; Case map ++ ++ 1E2A; 1E2B; Case map ++ ++ 1E2C; 1E2D; Case map ++ ++ 1E2E; 1E2F; Case map ++ ++ 1E30; 1E31; Case map ++ ++ 1E32; 1E33; Case map ++ ++ 1E34; 1E35; Case map ++ ++ 1E36; 1E37; Case map ++ ++ 1E38; 1E39; Case map ++ ++ 1E3A; 1E3B; Case map ++ ++ 1E3C; 1E3D; Case map ++ ++ 1E3E; 1E3F; Case map ++ ++ 1E40; 1E41; Case map ++ ++ 1E42; 1E43; Case map ++ ++ 1E44; 1E45; Case map ++ ++ 1E46; 1E47; Case map ++ ++ 1E48; 1E49; Case map ++ ++ 1E4A; 1E4B; Case map ++ ++ 1E4C; 1E4D; Case map ++ ++ 1E4E; 1E4F; Case map ++ ++ 1E50; 1E51; Case map ++ ++ 1E52; 1E53; Case map ++ ++ 1E54; 1E55; Case map ++ ++ 1E56; 1E57; Case map ++ ++ 1E58; 1E59; Case map ++ ++ 1E5A; 1E5B; Case map ++ ++ 1E5C; 1E5D; Case map ++ ++ 1E5E; 1E5F; Case map ++ ++ 1E60; 1E61; Case map ++ ++ 1E62; 1E63; Case map ++ ++ 1E64; 1E65; Case map ++ ++ 1E66; 1E67; Case map ++ ++ 1E68; 1E69; Case map ++ ++ 1E6A; 1E6B; Case map ++ ++ 1E6C; 1E6D; Case map ++ ++ 1E6E; 1E6F; Case map ++ ++ 1E70; 1E71; Case map ++ ++ 1E72; 1E73; Case map ++ ++ 1E74; 1E75; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1E76; 1E77; Case map ++ ++ 1E78; 1E79; Case map ++ ++ 1E7A; 1E7B; Case map ++ ++ 1E7C; 1E7D; Case map ++ ++ 1E7E; 1E7F; Case map ++ ++ 1E80; 1E81; Case map ++ ++ 1E82; 1E83; Case map ++ ++ 1E84; 1E85; Case map ++ ++ 1E86; 1E87; Case map ++ ++ 1E88; 1E89; Case map ++ ++ 1E8A; 1E8B; Case map ++ ++ 1E8C; 1E8D; Case map ++ ++ 1E8E; 1E8F; Case map ++ ++ 1E90; 1E91; Case map ++ ++ 1E92; 1E93; Case map ++ ++ 1E94; 1E95; Case map ++ ++ 1E96; 0068 0331; Case map ++ ++ 1E97; 0074 0308; Case map ++ ++ 1E98; 0077 030A; Case map ++ ++ 1E99; 0079 030A; Case map ++ ++ 1E9A; 0061 02BE; Case map ++ ++ 1E9B; 1E61; Case map ++ ++ 1EA0; 1EA1; Case map ++ ++ 1EA2; 1EA3; Case map ++ ++ 1EA4; 1EA5; Case map ++ ++ 1EA6; 1EA7; Case map ++ ++ 1EA8; 1EA9; Case map ++ ++ 1EAA; 1EAB; Case map ++ ++ 1EAC; 1EAD; Case map ++ ++ 1EAE; 1EAF; Case map ++ ++ 1EB0; 1EB1; Case map ++ ++ 1EB2; 1EB3; Case map ++ ++ 1EB4; 1EB5; Case map ++ ++ 1EB6; 1EB7; Case map ++ ++ 1EB8; 1EB9; Case map ++ ++ 1EBA; 1EBB; Case map ++ ++ 1EBC; 1EBD; Case map ++ ++ 1EBE; 1EBF; Case map ++ ++ 1EC0; 1EC1; Case map ++ ++ 1EC2; 1EC3; Case map ++ ++ 1EC4; 1EC5; Case map ++ ++ 1EC6; 1EC7; Case map ++ ++ 1EC8; 1EC9; Case map ++ ++ 1ECA; 1ECB; Case map ++ ++ 1ECC; 1ECD; Case map ++ ++ 1ECE; 1ECF; Case map ++ ++ 1ED0; 1ED1; Case map ++ ++ 1ED2; 1ED3; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1ED4; 1ED5; Case map ++ ++ 1ED6; 1ED7; Case map ++ ++ 1ED8; 1ED9; Case map ++ ++ 1EDA; 1EDB; Case map ++ ++ 1EDC; 1EDD; Case map ++ ++ 1EDE; 1EDF; Case map ++ ++ 1EE0; 1EE1; Case map ++ ++ 1EE2; 1EE3; Case map ++ ++ 1EE4; 1EE5; Case map ++ ++ 1EE6; 1EE7; Case map ++ ++ 1EE8; 1EE9; Case map ++ ++ 1EEA; 1EEB; Case map ++ ++ 1EEC; 1EED; Case map ++ ++ 1EEE; 1EEF; Case map ++ ++ 1EF0; 1EF1; Case map ++ ++ 1EF2; 1EF3; Case map ++ ++ 1EF4; 1EF5; Case map ++ ++ 1EF6; 1EF7; Case map ++ ++ 1EF8; 1EF9; Case map ++ ++ 1F08; 1F00; Case map ++ ++ 1F09; 1F01; Case map ++ ++ 1F0A; 1F02; Case map ++ ++ 1F0B; 1F03; Case map ++ ++ 1F0C; 1F04; Case map ++ ++ 1F0D; 1F05; Case map ++ ++ 1F0E; 1F06; Case map ++ ++ 1F0F; 1F07; Case map ++ ++ 1F18; 1F10; Case map ++ ++ 1F19; 1F11; Case map ++ ++ 1F1A; 1F12; Case map ++ ++ 1F1B; 1F13; Case map ++ ++ 1F1C; 1F14; Case map ++ ++ 1F1D; 1F15; Case map ++ ++ 1F28; 1F20; Case map ++ ++ 1F29; 1F21; Case map ++ ++ 1F2A; 1F22; Case map ++ ++ 1F2B; 1F23; Case map ++ ++ 1F2C; 1F24; Case map ++ ++ 1F2D; 1F25; Case map ++ ++ 1F2E; 1F26; Case map ++ ++ 1F2F; 1F27; Case map ++ ++ 1F38; 1F30; Case map ++ ++ 1F39; 1F31; Case map ++ ++ 1F3A; 1F32; Case map ++ ++ 1F3B; 1F33; Case map ++ ++ 1F3C; 1F34; Case map ++ ++ 1F3D; 1F35; Case map ++ ++ 1F3E; 1F36; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1F3F; 1F37; Case map ++ ++ 1F48; 1F40; Case map ++ ++ 1F49; 1F41; Case map ++ ++ 1F4A; 1F42; Case map ++ ++ 1F4B; 1F43; Case map ++ ++ 1F4C; 1F44; Case map ++ ++ 1F4D; 1F45; Case map ++ ++ 1F50; 03C5 0313; Case map ++ ++ 1F52; 03C5 0313 0300; Case map ++ ++ 1F54; 03C5 0313 0301; Case map ++ ++ 1F56; 03C5 0313 0342; Case map ++ ++ 1F59; 1F51; Case map ++ ++ 1F5B; 1F53; Case map ++ ++ 1F5D; 1F55; Case map ++ ++ 1F5F; 1F57; Case map ++ ++ 1F68; 1F60; Case map ++ ++ 1F69; 1F61; Case map ++ ++ 1F6A; 1F62; Case map ++ ++ 1F6B; 1F63; Case map ++ ++ 1F6C; 1F64; Case map ++ ++ 1F6D; 1F65; Case map ++ ++ 1F6E; 1F66; Case map ++ ++ 1F6F; 1F67; Case map ++ ++ 1F80; 1F00 03B9; Case map ++ ++ 1F81; 1F01 03B9; Case map ++ ++ 1F82; 1F02 03B9; Case map ++ ++ 1F83; 1F03 03B9; Case map ++ ++ 1F84; 1F04 03B9; Case map ++ ++ 1F85; 1F05 03B9; Case map ++ ++ 1F86; 1F06 03B9; Case map ++ ++ 1F87; 1F07 03B9; Case map ++ ++ 1F88; 1F00 03B9; Case map ++ ++ 1F89; 1F01 03B9; Case map ++ ++ 1F8A; 1F02 03B9; Case map ++ ++ 1F8B; 1F03 03B9; Case map ++ ++ 1F8C; 1F04 03B9; Case map ++ ++ 1F8D; 1F05 03B9; Case map ++ ++ 1F8E; 1F06 03B9; Case map ++ ++ 1F8F; 1F07 03B9; Case map ++ ++ 1F90; 1F20 03B9; Case map ++ ++ 1F91; 1F21 03B9; Case map ++ ++ 1F92; 1F22 03B9; Case map ++ ++ 1F93; 1F23 03B9; Case map ++ ++ 1F94; 1F24 03B9; Case map ++ ++ 1F95; 1F25 03B9; Case map ++ ++ 1F96; 1F26 03B9; Case map ++ ++ 1F97; 1F27 03B9; Case map ++ ++ 1F98; 1F20 03B9; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1F99; 1F21 03B9; Case map ++ ++ 1F9A; 1F22 03B9; Case map ++ ++ 1F9B; 1F23 03B9; Case map ++ ++ 1F9C; 1F24 03B9; Case map ++ ++ 1F9D; 1F25 03B9; Case map ++ ++ 1F9E; 1F26 03B9; Case map ++ ++ 1F9F; 1F27 03B9; Case map ++ ++ 1FA0; 1F60 03B9; Case map ++ ++ 1FA1; 1F61 03B9; Case map ++ ++ 1FA2; 1F62 03B9; Case map ++ ++ 1FA3; 1F63 03B9; Case map ++ ++ 1FA4; 1F64 03B9; Case map ++ ++ 1FA5; 1F65 03B9; Case map ++ ++ 1FA6; 1F66 03B9; Case map ++ ++ 1FA7; 1F67 03B9; Case map ++ ++ 1FA8; 1F60 03B9; Case map ++ ++ 1FA9; 1F61 03B9; Case map ++ ++ 1FAA; 1F62 03B9; Case map ++ ++ 1FAB; 1F63 03B9; Case map ++ ++ 1FAC; 1F64 03B9; Case map ++ ++ 1FAD; 1F65 03B9; Case map ++ ++ 1FAE; 1F66 03B9; Case map ++ ++ 1FAF; 1F67 03B9; Case map ++ ++ 1FB2; 1F70 03B9; Case map ++ ++ 1FB3; 03B1 03B9; Case map ++ ++ 1FB4; 03AC 03B9; Case map ++ ++ 1FB6; 03B1 0342; Case map ++ ++ 1FB7; 03B1 0342 03B9; Case map ++ ++ 1FB8; 1FB0; Case map ++ ++ 1FB9; 1FB1; Case map ++ ++ 1FBA; 1F70; Case map ++ ++ 1FBB; 1F71; Case map ++ ++ 1FBC; 03B1 03B9; Case map ++ ++ 1FBE; 03B9; Case map ++ ++ 1FC2; 1F74 03B9; Case map ++ ++ 1FC3; 03B7 03B9; Case map ++ ++ 1FC4; 03AE 03B9; Case map ++ ++ 1FC6; 03B7 0342; Case map ++ ++ 1FC7; 03B7 0342 03B9; Case map ++ ++ 1FC8; 1F72; Case map ++ ++ 1FC9; 1F73; Case map ++ ++ 1FCA; 1F74; Case map ++ ++ 1FCB; 1F75; Case map ++ ++ 1FCC; 03B7 03B9; Case map ++ ++ 1FD2; 03B9 0308 0300; Case map ++ ++ 1FD3; 03B9 0308 0301; Case map ++ ++ 1FD6; 03B9 0342; Case map ++ ++ 1FD7; 03B9 0308 0342; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1FD8; 1FD0; Case map ++ ++ 1FD9; 1FD1; Case map ++ ++ 1FDA; 1F76; Case map ++ ++ 1FDB; 1F77; Case map ++ ++ 1FE2; 03C5 0308 0300; Case map ++ ++ 1FE3; 03C5 0308 0301; Case map ++ ++ 1FE4; 03C1 0313; Case map ++ ++ 1FE6; 03C5 0342; Case map ++ ++ 1FE7; 03C5 0308 0342; Case map ++ ++ 1FE8; 1FE0; Case map ++ ++ 1FE9; 1FE1; Case map ++ ++ 1FEA; 1F7A; Case map ++ ++ 1FEB; 1F7B; Case map ++ ++ 1FEC; 1FE5; Case map ++ ++ 1FF2; 1F7C 03B9; Case map ++ ++ 1FF3; 03C9 03B9; Case map ++ ++ 1FF4; 03CE 03B9; Case map ++ ++ 1FF6; 03C9 0342; Case map ++ ++ 1FF7; 03C9 0342 03B9; Case map ++ ++ 1FF8; 1F78; Case map ++ ++ 1FF9; 1F79; Case map ++ ++ 1FFA; 1F7C; Case map ++ ++ 1FFB; 1F7D; Case map ++ ++ 1FFC; 03C9 03B9; Case map ++ ++ 20A8; 0072 0073; Additional folding ++ ++ 2102; 0063; Additional folding ++ ++ 2103; 00B0 0063; Additional folding ++ ++ 2107; 025B; Additional folding ++ ++ 2109; 00B0 0066; Additional folding ++ ++ 210B; 0068; Additional folding ++ ++ 210C; 0068; Additional folding ++ ++ 210D; 0068; Additional folding ++ ++ 2110; 0069; Additional folding ++ ++ 2111; 0069; Additional folding ++ ++ 2112; 006C; Additional folding ++ ++ 2115; 006E; Additional folding ++ ++ 2116; 006E 006F; Additional folding ++ ++ 2119; 0070; Additional folding ++ ++ 211A; 0071; Additional folding ++ ++ 211B; 0072; Additional folding ++ ++ 211C; 0072; Additional folding ++ ++ 211D; 0072; Additional folding ++ ++ 2120; 0073 006D; Additional folding ++ ++ 2121; 0074 0065 006C; Additional folding ++ ++ 2122; 0074 006D; Additional folding ++ ++ 2124; 007A; Additional folding ++ ++ 2126; 03C9; Case map ++ ++ 2128; 007A; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 212A; 006B; Case map ++ ++ 212B; 00E5; Case map ++ ++ 212C; 0062; Additional folding ++ ++ 212D; 0063; Additional folding ++ ++ 2130; 0065; Additional folding ++ ++ 2131; 0066; Additional folding ++ ++ 2133; 006D; Additional folding ++ ++ 213E; 03B3; Additional folding ++ ++ 213F; 03C0; Additional folding ++ ++ 2145; 0064; Additional folding ++ ++ 2160; 2170; Case map ++ ++ 2161; 2171; Case map ++ ++ 2162; 2172; Case map ++ ++ 2163; 2173; Case map ++ ++ 2164; 2174; Case map ++ ++ 2165; 2175; Case map ++ ++ 2166; 2176; Case map ++ ++ 2167; 2177; Case map ++ ++ 2168; 2178; Case map ++ ++ 2169; 2179; Case map ++ ++ 216A; 217A; Case map ++ ++ 216B; 217B; Case map ++ ++ 216C; 217C; Case map ++ ++ 216D; 217D; Case map ++ ++ 216E; 217E; Case map ++ ++ 216F; 217F; Case map ++ ++ 24B6; 24D0; Case map ++ ++ 24B7; 24D1; Case map ++ ++ 24B8; 24D2; Case map ++ ++ 24B9; 24D3; Case map ++ ++ 24BA; 24D4; Case map ++ ++ 24BB; 24D5; Case map ++ ++ 24BC; 24D6; Case map ++ ++ 24BD; 24D7; Case map ++ ++ 24BE; 24D8; Case map ++ ++ 24BF; 24D9; Case map ++ ++ 24C0; 24DA; Case map ++ ++ 24C1; 24DB; Case map ++ ++ 24C2; 24DC; Case map ++ ++ 24C3; 24DD; Case map ++ ++ 24C4; 24DE; Case map ++ ++ 24C5; 24DF; Case map ++ ++ 24C6; 24E0; Case map ++ ++ 24C7; 24E1; Case map ++ ++ 24C8; 24E2; Case map ++ ++ 24C9; 24E3; Case map ++ ++ 24CA; 24E4; Case map ++ ++ 24CB; 24E5; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 24CC; 24E6; Case map ++ ++ 24CD; 24E7; Case map ++ ++ 24CE; 24E8; Case map ++ ++ 24CF; 24E9; Case map ++ ++ 3371; 0068 0070 0061; Additional folding ++ ++ 3373; 0061 0075; Additional folding ++ ++ 3375; 006F 0076; Additional folding ++ ++ 3380; 0070 0061; Additional folding ++ ++ 3381; 006E 0061; Additional folding ++ ++ 3382; 03BC 0061; Additional folding ++ ++ 3383; 006D 0061; Additional folding ++ ++ 3384; 006B 0061; Additional folding ++ ++ 3385; 006B 0062; Additional folding ++ ++ 3386; 006D 0062; Additional folding ++ ++ 3387; 0067 0062; Additional folding ++ ++ 338A; 0070 0066; Additional folding ++ ++ 338B; 006E 0066; Additional folding ++ ++ 338C; 03BC 0066; Additional folding ++ ++ 3390; 0068 007A; Additional folding ++ ++ 3391; 006B 0068 007A; Additional folding ++ ++ 3392; 006D 0068 007A; Additional folding ++ ++ 3393; 0067 0068 007A; Additional folding ++ ++ 3394; 0074 0068 007A; Additional folding ++ ++ 33A9; 0070 0061; Additional folding ++ ++ 33AA; 006B 0070 0061; Additional folding ++ ++ 33AB; 006D 0070 0061; Additional folding ++ ++ 33AC; 0067 0070 0061; Additional folding ++ ++ 33B4; 0070 0076; Additional folding ++ ++ 33B5; 006E 0076; Additional folding ++ ++ 33B6; 03BC 0076; Additional folding ++ ++ 33B7; 006D 0076; Additional folding ++ ++ 33B8; 006B 0076; Additional folding ++ ++ 33B9; 006D 0076; Additional folding ++ ++ 33BA; 0070 0077; Additional folding ++ ++ 33BB; 006E 0077; Additional folding ++ ++ 33BC; 03BC 0077; Additional folding ++ ++ 33BD; 006D 0077; Additional folding ++ ++ 33BE; 006B 0077; Additional folding ++ ++ 33BF; 006D 0077; Additional folding ++ ++ 33C0; 006B 03C9; Additional folding ++ ++ 33C1; 006D 03C9; Additional folding ++ ++ 33C3; 0062 0071; Additional folding ++ ++ 33C6; 0063 2215 006B 0067; Additional folding ++ ++ 33C7; 0063 006F 002E; Additional folding ++ ++ 33C8; 0064 0062; Additional folding ++ ++ 33C9; 0067 0079; Additional folding ++ ++ 33CB; 0068 0070; Additional folding ++ ++ 33CD; 006B 006B; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 33CE; 006B 006D; Additional folding ++ ++ 33D7; 0070 0068; Additional folding ++ ++ 33D9; 0070 0070 006D; Additional folding ++ ++ 33DA; 0070 0072; Additional folding ++ ++ 33DC; 0073 0076; Additional folding ++ ++ 33DD; 0077 0062; Additional folding ++ ++ FB00; 0066 0066; Case map ++ ++ FB01; 0066 0069; Case map ++ ++ FB02; 0066 006C; Case map ++ ++ FB03; 0066 0066 0069; Case map ++ ++ FB04; 0066 0066 006C; Case map ++ ++ FB05; 0073 0074; Case map ++ ++ FB06; 0073 0074; Case map ++ ++ FB13; 0574 0576; Case map ++ ++ FB14; 0574 0565; Case map ++ ++ FB15; 0574 056B; Case map ++ ++ FB16; 057E 0576; Case map ++ ++ FB17; 0574 056D; Case map ++ ++ FF21; FF41; Case map ++ ++ FF22; FF42; Case map ++ ++ FF23; FF43; Case map ++ ++ FF24; FF44; Case map ++ ++ FF25; FF45; Case map ++ ++ FF26; FF46; Case map ++ ++ FF27; FF47; Case map ++ ++ FF28; FF48; Case map ++ ++ FF29; FF49; Case map ++ ++ FF2A; FF4A; Case map ++ ++ FF2B; FF4B; Case map ++ ++ FF2C; FF4C; Case map ++ ++ FF2D; FF4D; Case map ++ ++ FF2E; FF4E; Case map ++ ++ FF2F; FF4F; Case map ++ ++ FF30; FF50; Case map ++ ++ FF31; FF51; Case map ++ ++ FF32; FF52; Case map ++ ++ FF33; FF53; Case map ++ ++ FF34; FF54; Case map ++ ++ FF35; FF55; Case map ++ ++ FF36; FF56; Case map ++ ++ FF37; FF57; Case map ++ ++ FF38; FF58; Case map ++ ++ FF39; FF59; Case map ++ ++ FF3A; FF5A; Case map ++ ++ 10400; 10428; Case map ++ ++ 10401; 10429; Case map ++ ++ 10402; 1042A; Case map ++ ++ 10403; 1042B; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 10404; 1042C; Case map ++ ++ 10405; 1042D; Case map ++ ++ 10406; 1042E; Case map ++ ++ 10407; 1042F; Case map ++ ++ 10408; 10430; Case map ++ ++ 10409; 10431; Case map ++ ++ 1040A; 10432; Case map ++ ++ 1040B; 10433; Case map ++ ++ 1040C; 10434; Case map ++ ++ 1040D; 10435; Case map ++ ++ 1040E; 10436; Case map ++ ++ 1040F; 10437; Case map ++ ++ 10410; 10438; Case map ++ ++ 10411; 10439; Case map ++ ++ 10412; 1043A; Case map ++ ++ 10413; 1043B; Case map ++ ++ 10414; 1043C; Case map ++ ++ 10415; 1043D; Case map ++ ++ 10416; 1043E; Case map ++ ++ 10417; 1043F; Case map ++ ++ 10418; 10440; Case map ++ ++ 10419; 10441; Case map ++ ++ 1041A; 10442; Case map ++ ++ 1041B; 10443; Case map ++ ++ 1041C; 10444; Case map ++ ++ 1041D; 10445; Case map ++ ++ 1041E; 10446; Case map ++ ++ 1041F; 10447; Case map ++ ++ 10420; 10448; Case map ++ ++ 10421; 10449; Case map ++ ++ 10422; 1044A; Case map ++ ++ 10423; 1044B; Case map ++ ++ 10424; 1044C; Case map ++ ++ 10425; 1044D; Case map ++ ++ 1D400; 0061; Additional folding ++ ++ 1D401; 0062; Additional folding ++ ++ 1D402; 0063; Additional folding ++ ++ 1D403; 0064; Additional folding ++ ++ 1D404; 0065; Additional folding ++ ++ 1D405; 0066; Additional folding ++ ++ 1D406; 0067; Additional folding ++ ++ 1D407; 0068; Additional folding ++ ++ 1D408; 0069; Additional folding ++ ++ 1D409; 006A; Additional folding ++ ++ 1D40A; 006B; Additional folding ++ ++ 1D40B; 006C; Additional folding ++ ++ 1D40C; 006D; Additional folding ++ ++ 1D40D; 006E; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D40E; 006F; Additional folding ++ ++ 1D40F; 0070; Additional folding ++ ++ 1D410; 0071; Additional folding ++ ++ 1D411; 0072; Additional folding ++ ++ 1D412; 0073; Additional folding ++ ++ 1D413; 0074; Additional folding ++ ++ 1D414; 0075; Additional folding ++ ++ 1D415; 0076; Additional folding ++ ++ 1D416; 0077; Additional folding ++ ++ 1D417; 0078; Additional folding ++ ++ 1D418; 0079; Additional folding ++ ++ 1D419; 007A; Additional folding ++ ++ 1D434; 0061; Additional folding ++ ++ 1D435; 0062; Additional folding ++ ++ 1D436; 0063; Additional folding ++ ++ 1D437; 0064; Additional folding ++ ++ 1D438; 0065; Additional folding ++ ++ 1D439; 0066; Additional folding ++ ++ 1D43A; 0067; Additional folding ++ ++ 1D43B; 0068; Additional folding ++ ++ 1D43C; 0069; Additional folding ++ ++ 1D43D; 006A; Additional folding ++ ++ 1D43E; 006B; Additional folding ++ ++ 1D43F; 006C; Additional folding ++ ++ 1D440; 006D; Additional folding ++ ++ 1D441; 006E; Additional folding ++ ++ 1D442; 006F; Additional folding ++ ++ 1D443; 0070; Additional folding ++ ++ 1D444; 0071; Additional folding ++ ++ 1D445; 0072; Additional folding ++ ++ 1D446; 0073; Additional folding ++ ++ 1D447; 0074; Additional folding ++ ++ 1D448; 0075; Additional folding ++ ++ 1D449; 0076; Additional folding ++ ++ 1D44A; 0077; Additional folding ++ ++ 1D44B; 0078; Additional folding ++ ++ 1D44C; 0079; Additional folding ++ ++ 1D44D; 007A; Additional folding ++ ++ 1D468; 0061; Additional folding ++ ++ 1D469; 0062; Additional folding ++ ++ 1D46A; 0063; Additional folding ++ ++ 1D46B; 0064; Additional folding ++ ++ 1D46C; 0065; Additional folding ++ ++ 1D46D; 0066; Additional folding ++ ++ 1D46E; 0067; Additional folding ++ ++ 1D46F; 0068; Additional folding ++ ++ 1D470; 0069; Additional folding ++ ++ 1D471; 006A; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D472; 006B; Additional folding ++ ++ 1D473; 006C; Additional folding ++ ++ 1D474; 006D; Additional folding ++ ++ 1D475; 006E; Additional folding ++ ++ 1D476; 006F; Additional folding ++ ++ 1D477; 0070; Additional folding ++ ++ 1D478; 0071; Additional folding ++ ++ 1D479; 0072; Additional folding ++ ++ 1D47A; 0073; Additional folding ++ ++ 1D47B; 0074; Additional folding ++ ++ 1D47C; 0075; Additional folding ++ ++ 1D47D; 0076; Additional folding ++ ++ 1D47E; 0077; Additional folding ++ ++ 1D47F; 0078; Additional folding ++ ++ 1D480; 0079; Additional folding ++ ++ 1D481; 007A; Additional folding ++ ++ 1D49C; 0061; Additional folding ++ ++ 1D49E; 0063; Additional folding ++ ++ 1D49F; 0064; Additional folding ++ ++ 1D4A2; 0067; Additional folding ++ ++ 1D4A5; 006A; Additional folding ++ ++ 1D4A6; 006B; Additional folding ++ ++ 1D4A9; 006E; Additional folding ++ ++ 1D4AA; 006F; Additional folding ++ ++ 1D4AB; 0070; Additional folding ++ ++ 1D4AC; 0071; Additional folding ++ ++ 1D4AE; 0073; Additional folding ++ ++ 1D4AF; 0074; Additional folding ++ ++ 1D4B0; 0075; Additional folding ++ ++ 1D4B1; 0076; Additional folding ++ ++ 1D4B2; 0077; Additional folding ++ ++ 1D4B3; 0078; Additional folding ++ ++ 1D4B4; 0079; Additional folding ++ ++ 1D4B5; 007A; Additional folding ++ ++ 1D4D0; 0061; Additional folding ++ ++ 1D4D1; 0062; Additional folding ++ ++ 1D4D2; 0063; Additional folding ++ ++ 1D4D3; 0064; Additional folding ++ ++ 1D4D4; 0065; Additional folding ++ ++ 1D4D5; 0066; Additional folding ++ ++ 1D4D6; 0067; Additional folding ++ ++ 1D4D7; 0068; Additional folding ++ ++ 1D4D8; 0069; Additional folding ++ ++ 1D4D9; 006A; Additional folding ++ ++ 1D4DA; 006B; Additional folding ++ ++ 1D4DB; 006C; Additional folding ++ ++ 1D4DC; 006D; Additional folding ++ ++ 1D4DD; 006E; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D4DE; 006F; Additional folding ++ ++ 1D4DF; 0070; Additional folding ++ ++ 1D4E0; 0071; Additional folding ++ ++ 1D4E1; 0072; Additional folding ++ ++ 1D4E2; 0073; Additional folding ++ ++ 1D4E3; 0074; Additional folding ++ ++ 1D4E4; 0075; Additional folding ++ ++ 1D4E5; 0076; Additional folding ++ ++ 1D4E6; 0077; Additional folding ++ ++ 1D4E7; 0078; Additional folding ++ ++ 1D4E8; 0079; Additional folding ++ ++ 1D4E9; 007A; Additional folding ++ ++ 1D504; 0061; Additional folding ++ ++ 1D505; 0062; Additional folding ++ ++ 1D507; 0064; Additional folding ++ ++ 1D508; 0065; Additional folding ++ ++ 1D509; 0066; Additional folding ++ ++ 1D50A; 0067; Additional folding ++ ++ 1D50D; 006A; Additional folding ++ ++ 1D50E; 006B; Additional folding ++ ++ 1D50F; 006C; Additional folding ++ ++ 1D510; 006D; Additional folding ++ ++ 1D511; 006E; Additional folding ++ ++ 1D512; 006F; Additional folding ++ ++ 1D513; 0070; Additional folding ++ ++ 1D514; 0071; Additional folding ++ ++ 1D516; 0073; Additional folding ++ ++ 1D517; 0074; Additional folding ++ ++ 1D518; 0075; Additional folding ++ ++ 1D519; 0076; Additional folding ++ ++ 1D51A; 0077; Additional folding ++ ++ 1D51B; 0078; Additional folding ++ ++ 1D51C; 0079; Additional folding ++ ++ 1D538; 0061; Additional folding ++ ++ 1D539; 0062; Additional folding ++ ++ 1D53B; 0064; Additional folding ++ ++ 1D53C; 0065; Additional folding ++ ++ 1D53D; 0066; Additional folding ++ ++ 1D53E; 0067; Additional folding ++ ++ 1D540; 0069; Additional folding ++ ++ 1D541; 006A; Additional folding ++ ++ 1D542; 006B; Additional folding ++ ++ 1D543; 006C; Additional folding ++ ++ 1D544; 006D; Additional folding ++ ++ 1D546; 006F; Additional folding ++ ++ 1D54A; 0073; Additional folding ++ ++ 1D54B; 0074; Additional folding ++ ++ 1D54C; 0075; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D54D; 0076; Additional folding ++ ++ 1D54E; 0077; Additional folding ++ ++ 1D54F; 0078; Additional folding ++ ++ 1D550; 0079; Additional folding ++ ++ 1D56C; 0061; Additional folding ++ ++ 1D56D; 0062; Additional folding ++ ++ 1D56E; 0063; Additional folding ++ ++ 1D56F; 0064; Additional folding ++ ++ 1D570; 0065; Additional folding ++ ++ 1D571; 0066; Additional folding ++ ++ 1D572; 0067; Additional folding ++ ++ 1D573; 0068; Additional folding ++ ++ 1D574; 0069; Additional folding ++ ++ 1D575; 006A; Additional folding ++ ++ 1D576; 006B; Additional folding ++ ++ 1D577; 006C; Additional folding ++ ++ 1D578; 006D; Additional folding ++ ++ 1D579; 006E; Additional folding ++ ++ 1D57A; 006F; Additional folding ++ ++ 1D57B; 0070; Additional folding ++ ++ 1D57C; 0071; Additional folding ++ ++ 1D57D; 0072; Additional folding ++ ++ 1D57E; 0073; Additional folding ++ ++ 1D57F; 0074; Additional folding ++ ++ 1D580; 0075; Additional folding ++ ++ 1D581; 0076; Additional folding ++ ++ 1D582; 0077; Additional folding ++ ++ 1D583; 0078; Additional folding ++ ++ 1D584; 0079; Additional folding ++ ++ 1D585; 007A; Additional folding ++ ++ 1D5A0; 0061; Additional folding ++ ++ 1D5A1; 0062; Additional folding ++ ++ 1D5A2; 0063; Additional folding ++ ++ 1D5A3; 0064; Additional folding ++ ++ 1D5A4; 0065; Additional folding ++ ++ 1D5A5; 0066; Additional folding ++ ++ 1D5A6; 0067; Additional folding ++ ++ 1D5A7; 0068; Additional folding ++ ++ 1D5A8; 0069; Additional folding ++ ++ 1D5A9; 006A; Additional folding ++ ++ 1D5AA; 006B; Additional folding ++ ++ 1D5AB; 006C; Additional folding ++ ++ 1D5AC; 006D; Additional folding ++ ++ 1D5AD; 006E; Additional folding ++ ++ 1D5AE; 006F; Additional folding ++ ++ 1D5AF; 0070; Additional folding ++ ++ 1D5B0; 0071; Additional folding ++ ++ 1D5B1; 0072; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D5B2; 0073; Additional folding ++ ++ 1D5B3; 0074; Additional folding ++ ++ 1D5B4; 0075; Additional folding ++ ++ 1D5B5; 0076; Additional folding ++ ++ 1D5B6; 0077; Additional folding ++ ++ 1D5B7; 0078; Additional folding ++ ++ 1D5B8; 0079; Additional folding ++ ++ 1D5B9; 007A; Additional folding ++ ++ 1D5D4; 0061; Additional folding ++ ++ 1D5D5; 0062; Additional folding ++ ++ 1D5D6; 0063; Additional folding ++ ++ 1D5D7; 0064; Additional folding ++ ++ 1D5D8; 0065; Additional folding ++ ++ 1D5D9; 0066; Additional folding ++ ++ 1D5DA; 0067; Additional folding ++ ++ 1D5DB; 0068; Additional folding ++ ++ 1D5DC; 0069; Additional folding ++ ++ 1D5DD; 006A; Additional folding ++ ++ 1D5DE; 006B; Additional folding ++ ++ 1D5DF; 006C; Additional folding ++ ++ 1D5E0; 006D; Additional folding ++ ++ 1D5E1; 006E; Additional folding ++ ++ 1D5E2; 006F; Additional folding ++ ++ 1D5E3; 0070; Additional folding ++ ++ 1D5E4; 0071; Additional folding ++ ++ 1D5E5; 0072; Additional folding ++ ++ 1D5E6; 0073; Additional folding ++ ++ 1D5E7; 0074; Additional folding ++ ++ 1D5E8; 0075; Additional folding ++ ++ 1D5E9; 0076; Additional folding ++ ++ 1D5EA; 0077; Additional folding ++ ++ 1D5EB; 0078; Additional folding ++ ++ 1D5EC; 0079; Additional folding ++ ++ 1D5ED; 007A; Additional folding ++ ++ 1D608; 0061; Additional folding ++ ++ 1D609; 0062; Additional folding ++ ++ 1D60A; 0063; Additional folding ++ ++ 1D60B; 0064; Additional folding ++ ++ 1D60C; 0065; Additional folding ++ ++ 1D60D; 0066; Additional folding ++ ++ 1D60E; 0067; Additional folding ++ ++ 1D60F; 0068; Additional folding ++ ++ 1D610; 0069; Additional folding ++ ++ 1D611; 006A; Additional folding ++ ++ 1D612; 006B; Additional folding ++ ++ 1D613; 006C; Additional folding ++ ++ 1D614; 006D; Additional folding ++ ++ 1D615; 006E; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D616; 006F; Additional folding ++ ++ 1D617; 0070; Additional folding ++ ++ 1D618; 0071; Additional folding ++ ++ 1D619; 0072; Additional folding ++ ++ 1D61A; 0073; Additional folding ++ ++ 1D61B; 0074; Additional folding ++ ++ 1D61C; 0075; Additional folding ++ ++ 1D61D; 0076; Additional folding ++ ++ 1D61E; 0077; Additional folding ++ ++ 1D61F; 0078; Additional folding ++ ++ 1D620; 0079; Additional folding ++ ++ 1D621; 007A; Additional folding ++ ++ 1D63C; 0061; Additional folding ++ ++ 1D63D; 0062; Additional folding ++ ++ 1D63E; 0063; Additional folding ++ ++ 1D63F; 0064; Additional folding ++ ++ 1D640; 0065; Additional folding ++ ++ 1D641; 0066; Additional folding ++ ++ 1D642; 0067; Additional folding ++ ++ 1D643; 0068; Additional folding ++ ++ 1D644; 0069; Additional folding ++ ++ 1D645; 006A; Additional folding ++ ++ 1D646; 006B; Additional folding ++ ++ 1D647; 006C; Additional folding ++ ++ 1D648; 006D; Additional folding ++ ++ 1D649; 006E; Additional folding ++ ++ 1D64A; 006F; Additional folding ++ ++ 1D64B; 0070; Additional folding ++ ++ 1D64C; 0071; Additional folding ++ ++ 1D64D; 0072; Additional folding ++ ++ 1D64E; 0073; Additional folding ++ ++ 1D64F; 0074; Additional folding ++ ++ 1D650; 0075; Additional folding ++ ++ 1D651; 0076; Additional folding ++ ++ 1D652; 0077; Additional folding ++ ++ 1D653; 0078; Additional folding ++ ++ 1D654; 0079; Additional folding ++ ++ 1D655; 007A; Additional folding ++ ++ 1D670; 0061; Additional folding ++ ++ 1D671; 0062; Additional folding ++ ++ 1D672; 0063; Additional folding ++ ++ 1D673; 0064; Additional folding ++ ++ 1D674; 0065; Additional folding ++ ++ 1D675; 0066; Additional folding ++ ++ 1D676; 0067; Additional folding ++ ++ 1D677; 0068; Additional folding ++ ++ 1D678; 0069; Additional folding ++ ++ 1D679; 006A; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D67A; 006B; Additional folding ++ ++ 1D67B; 006C; Additional folding ++ ++ 1D67C; 006D; Additional folding ++ ++ 1D67D; 006E; Additional folding ++ ++ 1D67E; 006F; Additional folding ++ ++ 1D67F; 0070; Additional folding ++ ++ 1D680; 0071; Additional folding ++ ++ 1D681; 0072; Additional folding ++ ++ 1D682; 0073; Additional folding ++ ++ 1D683; 0074; Additional folding ++ ++ 1D684; 0075; Additional folding ++ ++ 1D685; 0076; Additional folding ++ ++ 1D686; 0077; Additional folding ++ ++ 1D687; 0078; Additional folding ++ ++ 1D688; 0079; Additional folding ++ ++ 1D689; 007A; Additional folding ++ ++ 1D6A8; 03B1; Additional folding ++ ++ 1D6A9; 03B2; Additional folding ++ ++ 1D6AA; 03B3; Additional folding ++ ++ 1D6AB; 03B4; Additional folding ++ ++ 1D6AC; 03B5; Additional folding ++ ++ 1D6AD; 03B6; Additional folding ++ ++ 1D6AE; 03B7; Additional folding ++ ++ 1D6AF; 03B8; Additional folding ++ ++ 1D6B0; 03B9; Additional folding ++ ++ 1D6B1; 03BA; Additional folding ++ ++ 1D6B2; 03BB; Additional folding ++ ++ 1D6B3; 03BC; Additional folding ++ ++ 1D6B4; 03BD; Additional folding ++ ++ 1D6B5; 03BE; Additional folding ++ ++ 1D6B6; 03BF; Additional folding ++ ++ 1D6B7; 03C0; Additional folding ++ ++ 1D6B8; 03C1; Additional folding ++ ++ 1D6B9; 03B8; Additional folding ++ ++ 1D6BA; 03C3; Additional folding ++ ++ 1D6BB; 03C4; Additional folding ++ ++ 1D6BC; 03C5; Additional folding ++ ++ 1D6BD; 03C6; Additional folding ++ ++ 1D6BE; 03C7; Additional folding ++ ++ 1D6BF; 03C8; Additional folding ++ ++ 1D6C0; 03C9; Additional folding ++ ++ 1D6D3; 03C3; Additional folding ++ ++ 1D6E2; 03B1; Additional folding ++ ++ 1D6E3; 03B2; Additional folding ++ ++ 1D6E4; 03B3; Additional folding ++ ++ 1D6E5; 03B4; Additional folding ++ ++ 1D6E6; 03B5; Additional folding ++ ++ 1D6E7; 03B6; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D6E8; 03B7; Additional folding ++ ++ 1D6E9; 03B8; Additional folding ++ ++ 1D6EA; 03B9; Additional folding ++ ++ 1D6EB; 03BA; Additional folding ++ ++ 1D6EC; 03BB; Additional folding ++ ++ 1D6ED; 03BC; Additional folding ++ ++ 1D6EE; 03BD; Additional folding ++ ++ 1D6EF; 03BE; Additional folding ++ ++ 1D6F0; 03BF; Additional folding ++ ++ 1D6F1; 03C0; Additional folding ++ ++ 1D6F2; 03C1; Additional folding ++ ++ 1D6F3; 03B8; Additional folding ++ ++ 1D6F4; 03C3; Additional folding ++ ++ 1D6F5; 03C4; Additional folding ++ ++ 1D6F6; 03C5; Additional folding ++ ++ 1D6F7; 03C6; Additional folding ++ ++ 1D6F8; 03C7; Additional folding ++ ++ 1D6F9; 03C8; Additional folding ++ ++ 1D6FA; 03C9; Additional folding ++ ++ 1D70D; 03C3; Additional folding ++ ++ 1D71C; 03B1; Additional folding ++ ++ 1D71D; 03B2; Additional folding ++ ++ 1D71E; 03B3; Additional folding ++ ++ 1D71F; 03B4; Additional folding ++ ++ 1D720; 03B5; Additional folding ++ ++ 1D721; 03B6; Additional folding ++ ++ 1D722; 03B7; Additional folding ++ ++ 1D723; 03B8; Additional folding ++ ++ 1D724; 03B9; Additional folding ++ ++ 1D725; 03BA; Additional folding ++ ++ 1D726; 03BB; Additional folding ++ ++ 1D727; 03BC; Additional folding ++ ++ 1D728; 03BD; Additional folding ++ ++ 1D729; 03BE; Additional folding ++ ++ 1D72A; 03BF; Additional folding ++ ++ 1D72B; 03C0; Additional folding ++ ++ 1D72C; 03C1; Additional folding ++ ++ 1D72D; 03B8; Additional folding ++ ++ 1D72E; 03C3; Additional folding ++ ++ 1D72F; 03C4; Additional folding ++ ++ 1D730; 03C5; Additional folding ++ ++ 1D731; 03C6; Additional folding ++ ++ 1D732; 03C7; Additional folding ++ ++ 1D733; 03C8; Additional folding ++ ++ 1D734; 03C9; Additional folding ++ ++ 1D747; 03C3; Additional folding ++ ++ 1D756; 03B1; Additional folding ++ ++ 1D757; 03B2; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D758; 03B3; Additional folding ++ ++ 1D759; 03B4; Additional folding ++ ++ 1D75A; 03B5; Additional folding ++ ++ 1D75B; 03B6; Additional folding ++ ++ 1D75C; 03B7; Additional folding ++ ++ 1D75D; 03B8; Additional folding ++ ++ 1D75E; 03B9; Additional folding ++ ++ 1D75F; 03BA; Additional folding ++ ++ 1D760; 03BB; Additional folding ++ ++ 1D761; 03BC; Additional folding ++ ++ 1D762; 03BD; Additional folding ++ ++ 1D763; 03BE; Additional folding ++ ++ 1D764; 03BF; Additional folding ++ ++ 1D765; 03C0; Additional folding ++ ++ 1D766; 03C1; Additional folding ++ ++ 1D767; 03B8; Additional folding ++ ++ 1D768; 03C3; Additional folding ++ ++ 1D769; 03C4; Additional folding ++ ++ 1D76A; 03C5; Additional folding ++ ++ 1D76B; 03C6; Additional folding ++ ++ 1D76C; 03C7; Additional folding ++ ++ 1D76D; 03C8; Additional folding ++ ++ 1D76E; 03C9; Additional folding ++ ++ 1D781; 03C3; Additional folding ++ ++ 1D790; 03B1; Additional folding ++ ++ 1D791; 03B2; Additional folding ++ ++ 1D792; 03B3; Additional folding ++ ++ 1D793; 03B4; Additional folding ++ ++ 1D794; 03B5; Additional folding ++ ++ 1D795; 03B6; Additional folding ++ ++ 1D796; 03B7; Additional folding ++ ++ 1D797; 03B8; Additional folding ++ ++ 1D798; 03B9; Additional folding ++ ++ 1D799; 03BA; Additional folding ++ ++ 1D79A; 03BB; Additional folding ++ ++ 1D79B; 03BC; Additional folding ++ ++ 1D79C; 03BD; Additional folding ++ ++ 1D79D; 03BE; Additional folding ++ ++ 1D79E; 03BF; Additional folding ++ ++ 1D79F; 03C0; Additional folding ++ ++ 1D7A0; 03C1; Additional folding ++ ++ 1D7A1; 03B8; Additional folding ++ ++ 1D7A2; 03C3; Additional folding ++ ++ 1D7A3; 03C4; Additional folding ++ ++ 1D7A4; 03C5; Additional folding ++ ++ 1D7A5; 03C6; Additional folding ++ ++ 1D7A6; 03C7; Additional folding ++ ++ 1D7A7; 03C8; Additional folding ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D7A8; 03C9; Additional folding ++ ++ 1D7BB; 03C3; Additional folding ++ ++ ----- End Table B.2 ----- ++ ++ ----- Start Table B.3 ----- ++ ++ 0041; 0061; Case map ++ ++ 0042; 0062; Case map ++ ++ 0043; 0063; Case map ++ ++ 0044; 0064; Case map ++ ++ 0045; 0065; Case map ++ ++ 0046; 0066; Case map ++ ++ 0047; 0067; Case map ++ ++ 0048; 0068; Case map ++ ++ 0049; 0069; Case map ++ ++ 004A; 006A; Case map ++ ++ 004B; 006B; Case map ++ ++ 004C; 006C; Case map ++ ++ 004D; 006D; Case map ++ ++ 004E; 006E; Case map ++ ++ 004F; 006F; Case map ++ ++ 0050; 0070; Case map ++ ++ 0051; 0071; Case map ++ ++ 0052; 0072; Case map ++ ++ 0053; 0073; Case map ++ ++ 0054; 0074; Case map ++ ++ 0055; 0075; Case map ++ ++ 0056; 0076; Case map ++ ++ 0057; 0077; Case map ++ ++ 0058; 0078; Case map ++ ++ 0059; 0079; Case map ++ ++ 005A; 007A; Case map ++ ++ 00B5; 03BC; Case map ++ ++ 00C0; 00E0; Case map ++ ++ 00C1; 00E1; Case map ++ ++ 00C2; 00E2; Case map ++ ++ 00C3; 00E3; Case map ++ ++ 00C4; 00E4; Case map ++ ++ 00C5; 00E5; Case map ++ ++ 00C6; 00E6; Case map ++ ++ 00C7; 00E7; Case map ++ ++ 00C8; 00E8; Case map ++ ++ 00C9; 00E9; Case map ++ ++ 00CA; 00EA; Case map ++ ++ 00CB; 00EB; Case map ++ ++ 00CC; 00EC; Case map ++ ++ 00CD; 00ED; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 00CE; 00EE; Case map ++ ++ 00CF; 00EF; Case map ++ ++ 00D0; 00F0; Case map ++ ++ 00D1; 00F1; Case map ++ ++ 00D2; 00F2; Case map ++ ++ 00D3; 00F3; Case map ++ ++ 00D4; 00F4; Case map ++ ++ 00D5; 00F5; Case map ++ ++ 00D6; 00F6; Case map ++ ++ 00D8; 00F8; Case map ++ ++ 00D9; 00F9; Case map ++ ++ 00DA; 00FA; Case map ++ ++ 00DB; 00FB; Case map ++ ++ 00DC; 00FC; Case map ++ ++ 00DD; 00FD; Case map ++ ++ 00DE; 00FE; Case map ++ ++ 00DF; 0073 0073; Case map ++ ++ 0100; 0101; Case map ++ ++ 0102; 0103; Case map ++ ++ 0104; 0105; Case map ++ ++ 0106; 0107; Case map ++ ++ 0108; 0109; Case map ++ ++ 010A; 010B; Case map ++ ++ 010C; 010D; Case map ++ ++ 010E; 010F; Case map ++ ++ 0110; 0111; Case map ++ ++ 0112; 0113; Case map ++ ++ 0114; 0115; Case map ++ ++ 0116; 0117; Case map ++ ++ 0118; 0119; Case map ++ ++ 011A; 011B; Case map ++ ++ 011C; 011D; Case map ++ ++ 011E; 011F; Case map ++ ++ 0120; 0121; Case map ++ ++ 0122; 0123; Case map ++ ++ 0124; 0125; Case map ++ ++ 0126; 0127; Case map ++ ++ 0128; 0129; Case map ++ ++ 012A; 012B; Case map ++ ++ 012C; 012D; Case map ++ ++ 012E; 012F; Case map ++ ++ 0130; 0069 0307; Case map ++ ++ 0132; 0133; Case map ++ ++ 0134; 0135; Case map ++ ++ 0136; 0137; Case map ++ ++ 0139; 013A; Case map ++ ++ 013B; 013C; Case map ++ ++ 013D; 013E; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 013F; 0140; Case map ++ ++ 0141; 0142; Case map ++ ++ 0143; 0144; Case map ++ ++ 0145; 0146; Case map ++ ++ 0147; 0148; Case map ++ ++ 0149; 02BC 006E; Case map ++ ++ 014A; 014B; Case map ++ ++ 014C; 014D; Case map ++ ++ 014E; 014F; Case map ++ ++ 0150; 0151; Case map ++ ++ 0152; 0153; Case map ++ ++ 0154; 0155; Case map ++ ++ 0156; 0157; Case map ++ ++ 0158; 0159; Case map ++ ++ 015A; 015B; Case map ++ ++ 015C; 015D; Case map ++ ++ 015E; 015F; Case map ++ ++ 0160; 0161; Case map ++ ++ 0162; 0163; Case map ++ ++ 0164; 0165; Case map ++ ++ 0166; 0167; Case map ++ ++ 0168; 0169; Case map ++ ++ 016A; 016B; Case map ++ ++ 016C; 016D; Case map ++ ++ 016E; 016F; Case map ++ ++ 0170; 0171; Case map ++ ++ 0172; 0173; Case map ++ ++ 0174; 0175; Case map ++ ++ 0176; 0177; Case map ++ ++ 0178; 00FF; Case map ++ ++ 0179; 017A; Case map ++ ++ 017B; 017C; Case map ++ ++ 017D; 017E; Case map ++ ++ 017F; 0073; Case map ++ ++ 0181; 0253; Case map ++ ++ 0182; 0183; Case map ++ ++ 0184; 0185; Case map ++ ++ 0186; 0254; Case map ++ ++ 0187; 0188; Case map ++ ++ 0189; 0256; Case map ++ ++ 018A; 0257; Case map ++ ++ 018B; 018C; Case map ++ ++ 018E; 01DD; Case map ++ ++ 018F; 0259; Case map ++ ++ 0190; 025B; Case map ++ ++ 0191; 0192; Case map ++ ++ 0193; 0260; Case map ++ ++ 0194; 0263; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0196; 0269; Case map ++ ++ 0197; 0268; Case map ++ ++ 0198; 0199; Case map ++ ++ 019C; 026F; Case map ++ ++ 019D; 0272; Case map ++ ++ 019F; 0275; Case map ++ ++ 01A0; 01A1; Case map ++ ++ 01A2; 01A3; Case map ++ ++ 01A4; 01A5; Case map ++ ++ 01A6; 0280; Case map ++ ++ 01A7; 01A8; Case map ++ ++ 01A9; 0283; Case map ++ ++ 01AC; 01AD; Case map ++ ++ 01AE; 0288; Case map ++ ++ 01AF; 01B0; Case map ++ ++ 01B1; 028A; Case map ++ ++ 01B2; 028B; Case map ++ ++ 01B3; 01B4; Case map ++ ++ 01B5; 01B6; Case map ++ ++ 01B7; 0292; Case map ++ ++ 01B8; 01B9; Case map ++ ++ 01BC; 01BD; Case map ++ ++ 01C4; 01C6; Case map ++ ++ 01C5; 01C6; Case map ++ ++ 01C7; 01C9; Case map ++ ++ 01C8; 01C9; Case map ++ ++ 01CA; 01CC; Case map ++ ++ 01CB; 01CC; Case map ++ ++ 01CD; 01CE; Case map ++ ++ 01CF; 01D0; Case map ++ ++ 01D1; 01D2; Case map ++ ++ 01D3; 01D4; Case map ++ ++ 01D5; 01D6; Case map ++ ++ 01D7; 01D8; Case map ++ ++ 01D9; 01DA; Case map ++ ++ 01DB; 01DC; Case map ++ ++ 01DE; 01DF; Case map ++ ++ 01E0; 01E1; Case map ++ ++ 01E2; 01E3; Case map ++ ++ 01E4; 01E5; Case map ++ ++ 01E6; 01E7; Case map ++ ++ 01E8; 01E9; Case map ++ ++ 01EA; 01EB; Case map ++ ++ 01EC; 01ED; Case map ++ ++ 01EE; 01EF; Case map ++ ++ 01F0; 006A 030C; Case map ++ ++ 01F1; 01F3; Case map ++ ++ 01F2; 01F3; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 01F4; 01F5; Case map ++ ++ 01F6; 0195; Case map ++ ++ 01F7; 01BF; Case map ++ ++ 01F8; 01F9; Case map ++ ++ 01FA; 01FB; Case map ++ ++ 01FC; 01FD; Case map ++ ++ 01FE; 01FF; Case map ++ ++ 0200; 0201; Case map ++ ++ 0202; 0203; Case map ++ ++ 0204; 0205; Case map ++ ++ 0206; 0207; Case map ++ ++ 0208; 0209; Case map ++ ++ 020A; 020B; Case map ++ ++ 020C; 020D; Case map ++ ++ 020E; 020F; Case map ++ ++ 0210; 0211; Case map ++ ++ 0212; 0213; Case map ++ ++ 0214; 0215; Case map ++ ++ 0216; 0217; Case map ++ ++ 0218; 0219; Case map ++ ++ 021A; 021B; Case map ++ ++ 021C; 021D; Case map ++ ++ 021E; 021F; Case map ++ ++ 0220; 019E; Case map ++ ++ 0222; 0223; Case map ++ ++ 0224; 0225; Case map ++ ++ 0226; 0227; Case map ++ ++ 0228; 0229; Case map ++ ++ 022A; 022B; Case map ++ ++ 022C; 022D; Case map ++ ++ 022E; 022F; Case map ++ ++ 0230; 0231; Case map ++ ++ 0232; 0233; Case map ++ ++ 0345; 03B9; Case map ++ ++ 0386; 03AC; Case map ++ ++ 0388; 03AD; Case map ++ ++ 0389; 03AE; Case map ++ ++ 038A; 03AF; Case map ++ ++ 038C; 03CC; Case map ++ ++ 038E; 03CD; Case map ++ ++ 038F; 03CE; Case map ++ ++ 0390; 03B9 0308 0301; Case map ++ ++ 0391; 03B1; Case map ++ ++ 0392; 03B2; Case map ++ ++ 0393; 03B3; Case map ++ ++ 0394; 03B4; Case map ++ ++ 0395; 03B5; Case map ++ ++ 0396; 03B6; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0397; 03B7; Case map ++ ++ 0398; 03B8; Case map ++ ++ 0399; 03B9; Case map ++ ++ 039A; 03BA; Case map ++ ++ 039B; 03BB; Case map ++ ++ 039C; 03BC; Case map ++ ++ 039D; 03BD; Case map ++ ++ 039E; 03BE; Case map ++ ++ 039F; 03BF; Case map ++ ++ 03A0; 03C0; Case map ++ ++ 03A1; 03C1; Case map ++ ++ 03A3; 03C3; Case map ++ ++ 03A4; 03C4; Case map ++ ++ 03A5; 03C5; Case map ++ ++ 03A6; 03C6; Case map ++ ++ 03A7; 03C7; Case map ++ ++ 03A8; 03C8; Case map ++ ++ 03A9; 03C9; Case map ++ ++ 03AA; 03CA; Case map ++ ++ 03AB; 03CB; Case map ++ ++ 03B0; 03C5 0308 0301; Case map ++ ++ 03C2; 03C3; Case map ++ ++ 03D0; 03B2; Case map ++ ++ 03D1; 03B8; Case map ++ ++ 03D5; 03C6; Case map ++ ++ 03D6; 03C0; Case map ++ ++ 03D8; 03D9; Case map ++ ++ 03DA; 03DB; Case map ++ ++ 03DC; 03DD; Case map ++ ++ 03DE; 03DF; Case map ++ ++ 03E0; 03E1; Case map ++ ++ 03E2; 03E3; Case map ++ ++ 03E4; 03E5; Case map ++ ++ 03E6; 03E7; Case map ++ ++ 03E8; 03E9; Case map ++ ++ 03EA; 03EB; Case map ++ ++ 03EC; 03ED; Case map ++ ++ 03EE; 03EF; Case map ++ ++ 03F0; 03BA; Case map ++ ++ 03F1; 03C1; Case map ++ ++ 03F2; 03C3; Case map ++ ++ 03F4; 03B8; Case map ++ ++ 03F5; 03B5; Case map ++ ++ 0400; 0450; Case map ++ ++ 0401; 0451; Case map ++ ++ 0402; 0452; Case map ++ ++ 0403; 0453; Case map ++ ++ 0404; 0454; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0405; 0455; Case map ++ ++ 0406; 0456; Case map ++ ++ 0407; 0457; Case map ++ ++ 0408; 0458; Case map ++ ++ 0409; 0459; Case map ++ ++ 040A; 045A; Case map ++ ++ 040B; 045B; Case map ++ ++ 040C; 045C; Case map ++ ++ 040D; 045D; Case map ++ ++ 040E; 045E; Case map ++ ++ 040F; 045F; Case map ++ ++ 0410; 0430; Case map ++ ++ 0411; 0431; Case map ++ ++ 0412; 0432; Case map ++ ++ 0413; 0433; Case map ++ ++ 0414; 0434; Case map ++ ++ 0415; 0435; Case map ++ ++ 0416; 0436; Case map ++ ++ 0417; 0437; Case map ++ ++ 0418; 0438; Case map ++ ++ 0419; 0439; Case map ++ ++ 041A; 043A; Case map ++ ++ 041B; 043B; Case map ++ ++ 041C; 043C; Case map ++ ++ 041D; 043D; Case map ++ ++ 041E; 043E; Case map ++ ++ 041F; 043F; Case map ++ ++ 0420; 0440; Case map ++ ++ 0421; 0441; Case map ++ ++ 0422; 0442; Case map ++ ++ 0423; 0443; Case map ++ ++ 0424; 0444; Case map ++ ++ 0425; 0445; Case map ++ ++ 0426; 0446; Case map ++ ++ 0427; 0447; Case map ++ ++ 0428; 0448; Case map ++ ++ 0429; 0449; Case map ++ ++ 042A; 044A; Case map ++ ++ 042B; 044B; Case map ++ ++ 042C; 044C; Case map ++ ++ 042D; 044D; Case map ++ ++ 042E; 044E; Case map ++ ++ 042F; 044F; Case map ++ ++ 0460; 0461; Case map ++ ++ 0462; 0463; Case map ++ ++ 0464; 0465; Case map ++ ++ 0466; 0467; Case map ++ ++ 0468; 0469; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 046A; 046B; Case map ++ ++ 046C; 046D; Case map ++ ++ 046E; 046F; Case map ++ ++ 0470; 0471; Case map ++ ++ 0472; 0473; Case map ++ ++ 0474; 0475; Case map ++ ++ 0476; 0477; Case map ++ ++ 0478; 0479; Case map ++ ++ 047A; 047B; Case map ++ ++ 047C; 047D; Case map ++ ++ 047E; 047F; Case map ++ ++ 0480; 0481; Case map ++ ++ 048A; 048B; Case map ++ ++ 048C; 048D; Case map ++ ++ 048E; 048F; Case map ++ ++ 0490; 0491; Case map ++ ++ 0492; 0493; Case map ++ ++ 0494; 0495; Case map ++ ++ 0496; 0497; Case map ++ ++ 0498; 0499; Case map ++ ++ 049A; 049B; Case map ++ ++ 049C; 049D; Case map ++ ++ 049E; 049F; Case map ++ ++ 04A0; 04A1; Case map ++ ++ 04A2; 04A3; Case map ++ ++ 04A4; 04A5; Case map ++ ++ 04A6; 04A7; Case map ++ ++ 04A8; 04A9; Case map ++ ++ 04AA; 04AB; Case map ++ ++ 04AC; 04AD; Case map ++ ++ 04AE; 04AF; Case map ++ ++ 04B0; 04B1; Case map ++ ++ 04B2; 04B3; Case map ++ ++ 04B4; 04B5; Case map ++ ++ 04B6; 04B7; Case map ++ ++ 04B8; 04B9; Case map ++ ++ 04BA; 04BB; Case map ++ ++ 04BC; 04BD; Case map ++ ++ 04BE; 04BF; Case map ++ ++ 04C1; 04C2; Case map ++ ++ 04C3; 04C4; Case map ++ ++ 04C5; 04C6; Case map ++ ++ 04C7; 04C8; Case map ++ ++ 04C9; 04CA; Case map ++ ++ 04CB; 04CC; Case map ++ ++ 04CD; 04CE; Case map ++ ++ 04D0; 04D1; Case map ++ ++ 04D2; 04D3; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 04D4; 04D5; Case map ++ ++ 04D6; 04D7; Case map ++ ++ 04D8; 04D9; Case map ++ ++ 04DA; 04DB; Case map ++ ++ 04DC; 04DD; Case map ++ ++ 04DE; 04DF; Case map ++ ++ 04E0; 04E1; Case map ++ ++ 04E2; 04E3; Case map ++ ++ 04E4; 04E5; Case map ++ ++ 04E6; 04E7; Case map ++ ++ 04E8; 04E9; Case map ++ ++ 04EA; 04EB; Case map ++ ++ 04EC; 04ED; Case map ++ ++ 04EE; 04EF; Case map ++ ++ 04F0; 04F1; Case map ++ ++ 04F2; 04F3; Case map ++ ++ 04F4; 04F5; Case map ++ ++ 04F8; 04F9; Case map ++ ++ 0500; 0501; Case map ++ ++ 0502; 0503; Case map ++ ++ 0504; 0505; Case map ++ ++ 0506; 0507; Case map ++ ++ 0508; 0509; Case map ++ ++ 050A; 050B; Case map ++ ++ 050C; 050D; Case map ++ ++ 050E; 050F; Case map ++ ++ 0531; 0561; Case map ++ ++ 0532; 0562; Case map ++ ++ 0533; 0563; Case map ++ ++ 0534; 0564; Case map ++ ++ 0535; 0565; Case map ++ ++ 0536; 0566; Case map ++ ++ 0537; 0567; Case map ++ ++ 0538; 0568; Case map ++ ++ 0539; 0569; Case map ++ ++ 053A; 056A; Case map ++ ++ 053B; 056B; Case map ++ ++ 053C; 056C; Case map ++ ++ 053D; 056D; Case map ++ ++ 053E; 056E; Case map ++ ++ 053F; 056F; Case map ++ ++ 0540; 0570; Case map ++ ++ 0541; 0571; Case map ++ ++ 0542; 0572; Case map ++ ++ 0543; 0573; Case map ++ ++ 0544; 0574; Case map ++ ++ 0545; 0575; Case map ++ ++ 0546; 0576; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0547; 0577; Case map ++ ++ 0548; 0578; Case map ++ ++ 0549; 0579; Case map ++ ++ 054A; 057A; Case map ++ ++ 054B; 057B; Case map ++ ++ 054C; 057C; Case map ++ ++ 054D; 057D; Case map ++ ++ 054E; 057E; Case map ++ ++ 054F; 057F; Case map ++ ++ 0550; 0580; Case map ++ ++ 0551; 0581; Case map ++ ++ 0552; 0582; Case map ++ ++ 0553; 0583; Case map ++ ++ 0554; 0584; Case map ++ ++ 0555; 0585; Case map ++ ++ 0556; 0586; Case map ++ ++ 0587; 0565 0582; Case map ++ ++ 1E00; 1E01; Case map ++ ++ 1E02; 1E03; Case map ++ ++ 1E04; 1E05; Case map ++ ++ 1E06; 1E07; Case map ++ ++ 1E08; 1E09; Case map ++ ++ 1E0A; 1E0B; Case map ++ ++ 1E0C; 1E0D; Case map ++ ++ 1E0E; 1E0F; Case map ++ ++ 1E10; 1E11; Case map ++ ++ 1E12; 1E13; Case map ++ ++ 1E14; 1E15; Case map ++ ++ 1E16; 1E17; Case map ++ ++ 1E18; 1E19; Case map ++ ++ 1E1A; 1E1B; Case map ++ ++ 1E1C; 1E1D; Case map ++ ++ 1E1E; 1E1F; Case map ++ ++ 1E20; 1E21; Case map ++ ++ 1E22; 1E23; Case map ++ ++ 1E24; 1E25; Case map ++ ++ 1E26; 1E27; Case map ++ ++ 1E28; 1E29; Case map ++ ++ 1E2A; 1E2B; Case map ++ ++ 1E2C; 1E2D; Case map ++ ++ 1E2E; 1E2F; Case map ++ ++ 1E30; 1E31; Case map ++ ++ 1E32; 1E33; Case map ++ ++ 1E34; 1E35; Case map ++ ++ 1E36; 1E37; Case map ++ ++ 1E38; 1E39; Case map ++ ++ 1E3A; 1E3B; Case map ++ ++ 1E3C; 1E3D; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1E3E; 1E3F; Case map ++ ++ 1E40; 1E41; Case map ++ ++ 1E42; 1E43; Case map ++ ++ 1E44; 1E45; Case map ++ ++ 1E46; 1E47; Case map ++ ++ 1E48; 1E49; Case map ++ ++ 1E4A; 1E4B; Case map ++ ++ 1E4C; 1E4D; Case map ++ ++ 1E4E; 1E4F; Case map ++ ++ 1E50; 1E51; Case map ++ ++ 1E52; 1E53; Case map ++ ++ 1E54; 1E55; Case map ++ ++ 1E56; 1E57; Case map ++ ++ 1E58; 1E59; Case map ++ ++ 1E5A; 1E5B; Case map ++ ++ 1E5C; 1E5D; Case map ++ ++ 1E5E; 1E5F; Case map ++ ++ 1E60; 1E61; Case map ++ ++ 1E62; 1E63; Case map ++ ++ 1E64; 1E65; Case map ++ ++ 1E66; 1E67; Case map ++ ++ 1E68; 1E69; Case map ++ ++ 1E6A; 1E6B; Case map ++ ++ 1E6C; 1E6D; Case map ++ ++ 1E6E; 1E6F; Case map ++ ++ 1E70; 1E71; Case map ++ ++ 1E72; 1E73; Case map ++ ++ 1E74; 1E75; Case map ++ ++ 1E76; 1E77; Case map ++ ++ 1E78; 1E79; Case map ++ ++ 1E7A; 1E7B; Case map ++ ++ 1E7C; 1E7D; Case map ++ ++ 1E7E; 1E7F; Case map ++ ++ 1E80; 1E81; Case map ++ ++ 1E82; 1E83; Case map ++ ++ 1E84; 1E85; Case map ++ ++ 1E86; 1E87; Case map ++ ++ 1E88; 1E89; Case map ++ ++ 1E8A; 1E8B; Case map ++ ++ 1E8C; 1E8D; Case map ++ ++ 1E8E; 1E8F; Case map ++ ++ 1E90; 1E91; Case map ++ ++ 1E92; 1E93; Case map ++ ++ 1E94; 1E95; Case map ++ ++ 1E96; 0068 0331; Case map ++ ++ 1E97; 0074 0308; Case map ++ ++ 1E98; 0077 030A; Case map ++ ++ 1E99; 0079 030A; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1E9A; 0061 02BE; Case map ++ ++ 1E9B; 1E61; Case map ++ ++ 1EA0; 1EA1; Case map ++ ++ 1EA2; 1EA3; Case map ++ ++ 1EA4; 1EA5; Case map ++ ++ 1EA6; 1EA7; Case map ++ ++ 1EA8; 1EA9; Case map ++ ++ 1EAA; 1EAB; Case map ++ ++ 1EAC; 1EAD; Case map ++ ++ 1EAE; 1EAF; Case map ++ ++ 1EB0; 1EB1; Case map ++ ++ 1EB2; 1EB3; Case map ++ ++ 1EB4; 1EB5; Case map ++ ++ 1EB6; 1EB7; Case map ++ ++ 1EB8; 1EB9; Case map ++ ++ 1EBA; 1EBB; Case map ++ ++ 1EBC; 1EBD; Case map ++ ++ 1EBE; 1EBF; Case map ++ ++ 1EC0; 1EC1; Case map ++ ++ 1EC2; 1EC3; Case map ++ ++ 1EC4; 1EC5; Case map ++ ++ 1EC6; 1EC7; Case map ++ ++ 1EC8; 1EC9; Case map ++ ++ 1ECA; 1ECB; Case map ++ ++ 1ECC; 1ECD; Case map ++ ++ 1ECE; 1ECF; Case map ++ ++ 1ED0; 1ED1; Case map ++ ++ 1ED2; 1ED3; Case map ++ ++ 1ED4; 1ED5; Case map ++ ++ 1ED6; 1ED7; Case map ++ ++ 1ED8; 1ED9; Case map ++ ++ 1EDA; 1EDB; Case map ++ ++ 1EDC; 1EDD; Case map ++ ++ 1EDE; 1EDF; Case map ++ ++ 1EE0; 1EE1; Case map ++ ++ 1EE2; 1EE3; Case map ++ ++ 1EE4; 1EE5; Case map ++ ++ 1EE6; 1EE7; Case map ++ ++ 1EE8; 1EE9; Case map ++ ++ 1EEA; 1EEB; Case map ++ ++ 1EEC; 1EED; Case map ++ ++ 1EEE; 1EEF; Case map ++ ++ 1EF0; 1EF1; Case map ++ ++ 1EF2; 1EF3; Case map ++ ++ 1EF4; 1EF5; Case map ++ ++ 1EF6; 1EF7; Case map ++ ++ 1EF8; 1EF9; Case map ++ ++ 1F08; 1F00; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1F09; 1F01; Case map ++ ++ 1F0A; 1F02; Case map ++ ++ 1F0B; 1F03; Case map ++ ++ 1F0C; 1F04; Case map ++ ++ 1F0D; 1F05; Case map ++ ++ 1F0E; 1F06; Case map ++ ++ 1F0F; 1F07; Case map ++ ++ 1F18; 1F10; Case map ++ ++ 1F19; 1F11; Case map ++ ++ 1F1A; 1F12; Case map ++ ++ 1F1B; 1F13; Case map ++ ++ 1F1C; 1F14; Case map ++ ++ 1F1D; 1F15; Case map ++ ++ 1F28; 1F20; Case map ++ ++ 1F29; 1F21; Case map ++ ++ 1F2A; 1F22; Case map ++ ++ 1F2B; 1F23; Case map ++ ++ 1F2C; 1F24; Case map ++ ++ 1F2D; 1F25; Case map ++ ++ 1F2E; 1F26; Case map ++ ++ 1F2F; 1F27; Case map ++ ++ 1F38; 1F30; Case map ++ ++ 1F39; 1F31; Case map ++ ++ 1F3A; 1F32; Case map ++ ++ 1F3B; 1F33; Case map ++ ++ 1F3C; 1F34; Case map ++ ++ 1F3D; 1F35; Case map ++ ++ 1F3E; 1F36; Case map ++ ++ 1F3F; 1F37; Case map ++ ++ 1F48; 1F40; Case map ++ ++ 1F49; 1F41; Case map ++ ++ 1F4A; 1F42; Case map ++ ++ 1F4B; 1F43; Case map ++ ++ 1F4C; 1F44; Case map ++ ++ 1F4D; 1F45; Case map ++ ++ 1F50; 03C5 0313; Case map ++ ++ 1F52; 03C5 0313 0300; Case map ++ ++ 1F54; 03C5 0313 0301; Case map ++ ++ 1F56; 03C5 0313 0342; Case map ++ ++ 1F59; 1F51; Case map ++ ++ 1F5B; 1F53; Case map ++ ++ 1F5D; 1F55; Case map ++ ++ 1F5F; 1F57; Case map ++ ++ 1F68; 1F60; Case map ++ ++ 1F69; 1F61; Case map ++ ++ 1F6A; 1F62; Case map ++ ++ 1F6B; 1F63; Case map ++ ++ 1F6C; 1F64; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1F6D; 1F65; Case map ++ ++ 1F6E; 1F66; Case map ++ ++ 1F6F; 1F67; Case map ++ ++ 1F80; 1F00 03B9; Case map ++ ++ 1F81; 1F01 03B9; Case map ++ ++ 1F82; 1F02 03B9; Case map ++ ++ 1F83; 1F03 03B9; Case map ++ ++ 1F84; 1F04 03B9; Case map ++ ++ 1F85; 1F05 03B9; Case map ++ ++ 1F86; 1F06 03B9; Case map ++ ++ 1F87; 1F07 03B9; Case map ++ ++ 1F88; 1F00 03B9; Case map ++ ++ 1F89; 1F01 03B9; Case map ++ ++ 1F8A; 1F02 03B9; Case map ++ ++ 1F8B; 1F03 03B9; Case map ++ ++ 1F8C; 1F04 03B9; Case map ++ ++ 1F8D; 1F05 03B9; Case map ++ ++ 1F8E; 1F06 03B9; Case map ++ ++ 1F8F; 1F07 03B9; Case map ++ ++ 1F90; 1F20 03B9; Case map ++ ++ 1F91; 1F21 03B9; Case map ++ ++ 1F92; 1F22 03B9; Case map ++ ++ 1F93; 1F23 03B9; Case map ++ ++ 1F94; 1F24 03B9; Case map ++ ++ 1F95; 1F25 03B9; Case map ++ ++ 1F96; 1F26 03B9; Case map ++ ++ 1F97; 1F27 03B9; Case map ++ ++ 1F98; 1F20 03B9; Case map ++ ++ 1F99; 1F21 03B9; Case map ++ ++ 1F9A; 1F22 03B9; Case map ++ ++ 1F9B; 1F23 03B9; Case map ++ ++ 1F9C; 1F24 03B9; Case map ++ ++ 1F9D; 1F25 03B9; Case map ++ ++ 1F9E; 1F26 03B9; Case map ++ ++ 1F9F; 1F27 03B9; Case map ++ ++ 1FA0; 1F60 03B9; Case map ++ ++ 1FA1; 1F61 03B9; Case map ++ ++ 1FA2; 1F62 03B9; Case map ++ ++ 1FA3; 1F63 03B9; Case map ++ ++ 1FA4; 1F64 03B9; Case map ++ ++ 1FA5; 1F65 03B9; Case map ++ ++ 1FA6; 1F66 03B9; Case map ++ ++ 1FA7; 1F67 03B9; Case map ++ ++ 1FA8; 1F60 03B9; Case map ++ ++ 1FA9; 1F61 03B9; Case map ++ ++ 1FAA; 1F62 03B9; Case map ++ ++ 1FAB; 1F63 03B9; Case map ++ ++ 1FAC; 1F64 03B9; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1FAD; 1F65 03B9; Case map ++ ++ 1FAE; 1F66 03B9; Case map ++ ++ 1FAF; 1F67 03B9; Case map ++ ++ 1FB2; 1F70 03B9; Case map ++ ++ 1FB3; 03B1 03B9; Case map ++ ++ 1FB4; 03AC 03B9; Case map ++ ++ 1FB6; 03B1 0342; Case map ++ ++ 1FB7; 03B1 0342 03B9; Case map ++ ++ 1FB8; 1FB0; Case map ++ ++ 1FB9; 1FB1; Case map ++ ++ 1FBA; 1F70; Case map ++ ++ 1FBB; 1F71; Case map ++ ++ 1FBC; 03B1 03B9; Case map ++ ++ 1FBE; 03B9; Case map ++ ++ 1FC2; 1F74 03B9; Case map ++ ++ 1FC3; 03B7 03B9; Case map ++ ++ 1FC4; 03AE 03B9; Case map ++ ++ 1FC6; 03B7 0342; Case map ++ ++ 1FC7; 03B7 0342 03B9; Case map ++ ++ 1FC8; 1F72; Case map ++ ++ 1FC9; 1F73; Case map ++ ++ 1FCA; 1F74; Case map ++ ++ 1FCB; 1F75; Case map ++ ++ 1FCC; 03B7 03B9; Case map ++ ++ 1FD2; 03B9 0308 0300; Case map ++ ++ 1FD3; 03B9 0308 0301; Case map ++ ++ 1FD6; 03B9 0342; Case map ++ ++ 1FD7; 03B9 0308 0342; Case map ++ ++ 1FD8; 1FD0; Case map ++ ++ 1FD9; 1FD1; Case map ++ ++ 1FDA; 1F76; Case map ++ ++ 1FDB; 1F77; Case map ++ ++ 1FE2; 03C5 0308 0300; Case map ++ ++ 1FE3; 03C5 0308 0301; Case map ++ ++ 1FE4; 03C1 0313; Case map ++ ++ 1FE6; 03C5 0342; Case map ++ ++ 1FE7; 03C5 0308 0342; Case map ++ ++ 1FE8; 1FE0; Case map ++ ++ 1FE9; 1FE1; Case map ++ ++ 1FEA; 1F7A; Case map ++ ++ 1FEB; 1F7B; Case map ++ ++ 1FEC; 1FE5; Case map ++ ++ 1FF2; 1F7C 03B9; Case map ++ ++ 1FF3; 03C9 03B9; Case map ++ ++ 1FF4; 03CE 03B9; Case map ++ ++ 1FF6; 03C9 0342; Case map ++ ++ 1FF7; 03C9 0342 03B9; Case map ++ ++ 1FF8; 1F78; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1FF9; 1F79; Case map ++ ++ 1FFA; 1F7C; Case map ++ ++ 1FFB; 1F7D; Case map ++ ++ 1FFC; 03C9 03B9; Case map ++ ++ 2126; 03C9; Case map ++ ++ 212A; 006B; Case map ++ ++ 212B; 00E5; Case map ++ ++ 2160; 2170; Case map ++ ++ 2161; 2171; Case map ++ ++ 2162; 2172; Case map ++ ++ 2163; 2173; Case map ++ ++ 2164; 2174; Case map ++ ++ 2165; 2175; Case map ++ ++ 2166; 2176; Case map ++ ++ 2167; 2177; Case map ++ ++ 2168; 2178; Case map ++ ++ 2169; 2179; Case map ++ ++ 216A; 217A; Case map ++ ++ 216B; 217B; Case map ++ ++ 216C; 217C; Case map ++ ++ 216D; 217D; Case map ++ ++ 216E; 217E; Case map ++ ++ 216F; 217F; Case map ++ ++ 24B6; 24D0; Case map ++ ++ 24B7; 24D1; Case map ++ ++ 24B8; 24D2; Case map ++ ++ 24B9; 24D3; Case map ++ ++ 24BA; 24D4; Case map ++ ++ 24BB; 24D5; Case map ++ ++ 24BC; 24D6; Case map ++ ++ 24BD; 24D7; Case map ++ ++ 24BE; 24D8; Case map ++ ++ 24BF; 24D9; Case map ++ ++ 24C0; 24DA; Case map ++ ++ 24C1; 24DB; Case map ++ ++ 24C2; 24DC; Case map ++ ++ 24C3; 24DD; Case map ++ ++ 24C4; 24DE; Case map ++ ++ 24C5; 24DF; Case map ++ ++ 24C6; 24E0; Case map ++ ++ 24C7; 24E1; Case map ++ ++ 24C8; 24E2; Case map ++ ++ 24C9; 24E3; Case map ++ ++ 24CA; 24E4; Case map ++ ++ 24CB; 24E5; Case map ++ ++ 24CC; 24E6; Case map ++ ++ 24CD; 24E7; Case map ++ ++ 24CE; 24E8; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 24CF; 24E9; Case map ++ ++ FB00; 0066 0066; Case map ++ ++ FB01; 0066 0069; Case map ++ ++ FB02; 0066 006C; Case map ++ ++ FB03; 0066 0066 0069; Case map ++ ++ FB04; 0066 0066 006C; Case map ++ ++ FB05; 0073 0074; Case map ++ ++ FB06; 0073 0074; Case map ++ ++ FB13; 0574 0576; Case map ++ ++ FB14; 0574 0565; Case map ++ ++ FB15; 0574 056B; Case map ++ ++ FB16; 057E 0576; Case map ++ ++ FB17; 0574 056D; Case map ++ ++ FF21; FF41; Case map ++ ++ FF22; FF42; Case map ++ ++ FF23; FF43; Case map ++ ++ FF24; FF44; Case map ++ ++ FF25; FF45; Case map ++ ++ FF26; FF46; Case map ++ ++ FF27; FF47; Case map ++ ++ FF28; FF48; Case map ++ ++ FF29; FF49; Case map ++ ++ FF2A; FF4A; Case map ++ ++ FF2B; FF4B; Case map ++ ++ FF2C; FF4C; Case map ++ ++ FF2D; FF4D; Case map ++ ++ FF2E; FF4E; Case map ++ ++ FF2F; FF4F; Case map ++ ++ FF30; FF50; Case map ++ ++ FF31; FF51; Case map ++ ++ FF32; FF52; Case map ++ ++ FF33; FF53; Case map ++ ++ FF34; FF54; Case map ++ ++ FF35; FF55; Case map ++ ++ FF36; FF56; Case map ++ ++ FF37; FF57; Case map ++ ++ FF38; FF58; Case map ++ ++ FF39; FF59; Case map ++ ++ FF3A; FF5A; Case map ++ ++ 10400; 10428; Case map ++ ++ 10401; 10429; Case map ++ ++ 10402; 1042A; Case map ++ ++ 10403; 1042B; Case map ++ ++ 10404; 1042C; Case map ++ ++ 10405; 1042D; Case map ++ ++ 10406; 1042E; Case map ++ ++ 10407; 1042F; Case map ++ ++ 10408; 10430; Case map ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 10409; 10431; Case map ++ ++ 1040A; 10432; Case map ++ ++ 1040B; 10433; Case map ++ ++ 1040C; 10434; Case map ++ ++ 1040D; 10435; Case map ++ ++ 1040E; 10436; Case map ++ ++ 1040F; 10437; Case map ++ ++ 10410; 10438; Case map ++ ++ 10411; 10439; Case map ++ ++ 10412; 1043A; Case map ++ ++ 10413; 1043B; Case map ++ ++ 10414; 1043C; Case map ++ ++ 10415; 1043D; Case map ++ ++ 10416; 1043E; Case map ++ ++ 10417; 1043F; Case map ++ ++ 10418; 10440; Case map ++ ++ 10419; 10441; Case map ++ ++ 1041A; 10442; Case map ++ ++ 1041B; 10443; Case map ++ ++ 1041C; 10444; Case map ++ ++ 1041D; 10445; Case map ++ ++ 1041E; 10446; Case map ++ ++ 1041F; 10447; Case map ++ ++ 10420; 10448; Case map ++ ++ 10421; 10449; Case map ++ ++ 10422; 1044A; Case map ++ ++ 10423; 1044B; Case map ++ ++ 10424; 1044C; Case map ++ ++ 10425; 1044D; Case map ++ ++ ----- End Table B.3 ----- ++ ++ ----- Start Table C.1.1 ----- ++ ++ 0020; SPACE ++ ++ ----- End Table C.1.1 ----- ++ ++ ----- Start Table C.1.2 ----- ++ ++ 00A0; NO-BREAK SPACE ++ ++ 1680; OGHAM SPACE MARK ++ ++ 2000; EN QUAD ++ ++ 2001; EM QUAD ++ ++ 2002; EN SPACE ++ ++ 2003; EM SPACE ++ ++ 2004; THREE-PER-EM SPACE ++ ++ 2005; FOUR-PER-EM SPACE ++ ++ 2006; SIX-PER-EM SPACE ++ ++ 2007; FIGURE SPACE ++ ++ 2008; PUNCTUATION SPACE ++ ++ 2009; THIN SPACE ++ ++ 200A; HAIR SPACE ++ ++ 200B; ZERO WIDTH SPACE ++ ++ 202F; NARROW NO-BREAK SPACE ++ ++ 205F; MEDIUM MATHEMATICAL SPACE ++ ++ 3000; IDEOGRAPHIC SPACE ++ ++ ----- End Table C.1.2 ----- ++ ++ ----- Start Table C.2.1 ----- ++ ++ 0000-001F; [CONTROL CHARACTERS] ++ ++ 007F; DELETE ++ ++ ----- End Table C.2.1 ----- ++ ++ ----- Start Table C.2.2 ----- ++ ++ 0080-009F; [CONTROL CHARACTERS] ++ ++ 06DD; ARABIC END OF AYAH ++ ++ 070F; SYRIAC ABBREVIATION MARK ++ ++ 180E; MONGOLIAN VOWEL SEPARATOR ++ ++ 200C; ZERO WIDTH NON-JOINER ++ ++ 200D; ZERO WIDTH JOINER ++ ++ 2028; LINE SEPARATOR ++ ++ 2029; PARAGRAPH SEPARATOR ++ ++ 2060; WORD JOINER ++ ++ 2061; FUNCTION APPLICATION ++ ++ 2062; INVISIBLE TIMES ++ ++ 2063; INVISIBLE SEPARATOR ++ ++ 206A-206F; [CONTROL CHARACTERS] ++ ++ FEFF; ZERO WIDTH NO-BREAK SPACE ++ ++ FFF9-FFFC; [CONTROL CHARACTERS] ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D173-1D17A; [MUSICAL CONTROL CHARACTERS] ++ ++ ----- End Table C.2.2 ----- ++ ++ ----- Start Table C.3 ----- ++ ++ E000-F8FF; [PRIVATE USE, PLANE 0] ++ ++ F0000-FFFFD; [PRIVATE USE, PLANE 15] ++ ++ 100000-10FFFD; [PRIVATE USE, PLANE 16] ++ ++ ----- End Table C.3 ----- ++ ++ ----- Start Table C.4 ----- ++ ++ FDD0-FDEF; [NONCHARACTER CODE POINTS] ++ ++ FFFE-FFFF; [NONCHARACTER CODE POINTS] ++ ++ 1FFFE-1FFFF; [NONCHARACTER CODE POINTS] ++ ++ 2FFFE-2FFFF; [NONCHARACTER CODE POINTS] ++ ++ 3FFFE-3FFFF; [NONCHARACTER CODE POINTS] ++ ++ 4FFFE-4FFFF; [NONCHARACTER CODE POINTS] ++ ++ 5FFFE-5FFFF; [NONCHARACTER CODE POINTS] ++ ++ 6FFFE-6FFFF; [NONCHARACTER CODE POINTS] ++ ++ 7FFFE-7FFFF; [NONCHARACTER CODE POINTS] ++ ++ 8FFFE-8FFFF; [NONCHARACTER CODE POINTS] ++ ++ 9FFFE-9FFFF; [NONCHARACTER CODE POINTS] ++ ++ AFFFE-AFFFF; [NONCHARACTER CODE POINTS] ++ ++ BFFFE-BFFFF; [NONCHARACTER CODE POINTS] ++ ++ CFFFE-CFFFF; [NONCHARACTER CODE POINTS] ++ ++ DFFFE-DFFFF; [NONCHARACTER CODE POINTS] ++ ++ EFFFE-EFFFF; [NONCHARACTER CODE POINTS] ++ ++ FFFFE-FFFFF; [NONCHARACTER CODE POINTS] ++ ++ 10FFFE-10FFFF; [NONCHARACTER CODE POINTS] ++ ++ ----- End Table C.4 ----- ++ ++ ----- Start Table C.5 ----- ++ ++ D800-DFFF; [SURROGATE CODES] ++ ++ ----- End Table C.5 ----- ++ ++ ----- Start Table C.6 ----- ++ ++ FFF9; INTERLINEAR ANNOTATION ANCHOR ++ ++ FFFA; INTERLINEAR ANNOTATION SEPARATOR ++ ++ FFFB; INTERLINEAR ANNOTATION TERMINATOR ++ ++ FFFC; OBJECT REPLACEMENT CHARACTER ++ ++ FFFD; REPLACEMENT CHARACTER ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ----- End Table C.6 ----- ++ ++ ----- Start Table C.7 ----- ++ ++ 2FF0-2FFB; [IDEOGRAPHIC DESCRIPTION CHARACTERS] ++ ++ ----- End Table C.7 ----- ++ ++ ----- Start Table C.8 ----- ++ ++ 0340; COMBINING GRAVE TONE MARK ++ ++ 0341; COMBINING ACUTE TONE MARK ++ ++ 200E; LEFT-TO-RIGHT MARK ++ ++ 200F; RIGHT-TO-LEFT MARK ++ ++ 202A; LEFT-TO-RIGHT EMBEDDING ++ ++ 202B; RIGHT-TO-LEFT EMBEDDING ++ ++ 202C; POP DIRECTIONAL FORMATTING ++ ++ 202D; LEFT-TO-RIGHT OVERRIDE ++ ++ 202E; RIGHT-TO-LEFT OVERRIDE ++ ++ 206A; INHIBIT SYMMETRIC SWAPPING ++ ++ 206B; ACTIVATE SYMMETRIC SWAPPING ++ ++ 206C; INHIBIT ARABIC FORM SHAPING ++ ++ 206D; ACTIVATE ARABIC FORM SHAPING ++ ++ 206E; NATIONAL DIGIT SHAPES ++ ++ 206F; NOMINAL DIGIT SHAPES ++ ++ ----- End Table C.8 ----- ++ ++ ----- Start Table C.9 ----- ++ ++ E0001; LANGUAGE TAG ++ ++ E0020-E007F; [TAGGING CHARACTERS] ++ ++ ----- End Table C.9 ----- ++ ++ ----- Start Table D.1 ----- ++ ++ 05BE ++ ++ 05C0 ++ ++ 05C3 ++ ++ 05D0-05EA ++ ++ 05F0-05F4 ++ ++ 061B ++ ++ 061F ++ ++ 0621-063A ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0640-064A ++ ++ 066D-066F ++ ++ 0671-06D5 ++ ++ 06DD ++ ++ 06E5-06E6 ++ ++ 06FA-06FE ++ ++ 0700-070D ++ ++ 0710 ++ ++ 0712-072C ++ ++ 0780-07A5 ++ ++ 07B1 ++ ++ 200F ++ ++ FB1D ++ ++ FB1F-FB28 ++ ++ FB2A-FB36 ++ ++ FB38-FB3C ++ ++ FB3E ++ ++ FB40-FB41 ++ ++ FB43-FB44 ++ ++ FB46-FBB1 ++ ++ FBD3-FD3D ++ ++ FD50-FD8F ++ ++ FD92-FDC7 ++ ++ FDF0-FDFC ++ ++ FE70-FE74 ++ ++ FE76-FEFC ++ ++ ----- End Table D.1 ----- ++ ++ ----- Start Table D.2 ----- ++ ++ 0041-005A ++ ++ 0061-007A ++ ++ 00AA ++ ++ 00B5 ++ ++ 00BA ++ ++ 00C0-00D6 ++ ++ 00D8-00F6 ++ ++ 00F8-0220 ++ ++ 0222-0233 ++ ++ 0250-02AD ++ ++ 02B0-02B8 ++ ++ 02BB-02C1 ++ ++ 02D0-02D1 ++ ++ 02E0-02E4 ++ ++ 02EE ++ ++ 037A ++ ++ 0386 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0388-038A ++ ++ 038C ++ ++ 038E-03A1 ++ ++ 03A3-03CE ++ ++ 03D0-03F5 ++ ++ 0400-0482 ++ ++ 048A-04CE ++ ++ 04D0-04F5 ++ ++ 04F8-04F9 ++ ++ 0500-050F ++ ++ 0531-0556 ++ ++ 0559-055F ++ ++ 0561-0587 ++ ++ 0589 ++ ++ 0903 ++ ++ 0905-0939 ++ ++ 093D-0940 ++ ++ 0949-094C ++ ++ 0950 ++ ++ 0958-0961 ++ ++ 0964-0970 ++ ++ 0982-0983 ++ ++ 0985-098C ++ ++ 098F-0990 ++ ++ 0993-09A8 ++ ++ 09AA-09B0 ++ ++ 09B2 ++ ++ 09B6-09B9 ++ ++ 09BE-09C0 ++ ++ 09C7-09C8 ++ ++ 09CB-09CC ++ ++ 09D7 ++ ++ 09DC-09DD ++ ++ 09DF-09E1 ++ ++ 09E6-09F1 ++ ++ 09F4-09FA ++ ++ 0A05-0A0A ++ ++ 0A0F-0A10 ++ ++ 0A13-0A28 ++ ++ 0A2A-0A30 ++ ++ 0A32-0A33 ++ ++ 0A35-0A36 ++ ++ 0A38-0A39 ++ ++ 0A3E-0A40 ++ ++ 0A59-0A5C ++ ++ 0A5E ++ ++ 0A66-0A6F ++ ++ 0A72-0A74 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0A83 ++ ++ 0A85-0A8B ++ ++ 0A8D ++ ++ 0A8F-0A91 ++ ++ 0A93-0AA8 ++ ++ 0AAA-0AB0 ++ ++ 0AB2-0AB3 ++ ++ 0AB5-0AB9 ++ ++ 0ABD-0AC0 ++ ++ 0AC9 ++ ++ 0ACB-0ACC ++ ++ 0AD0 ++ ++ 0AE0 ++ ++ 0AE6-0AEF ++ ++ 0B02-0B03 ++ ++ 0B05-0B0C ++ ++ 0B0F-0B10 ++ ++ 0B13-0B28 ++ ++ 0B2A-0B30 ++ ++ 0B32-0B33 ++ ++ 0B36-0B39 ++ ++ 0B3D-0B3E ++ ++ 0B40 ++ ++ 0B47-0B48 ++ ++ 0B4B-0B4C ++ ++ 0B57 ++ ++ 0B5C-0B5D ++ ++ 0B5F-0B61 ++ ++ 0B66-0B70 ++ ++ 0B83 ++ ++ 0B85-0B8A ++ ++ 0B8E-0B90 ++ ++ 0B92-0B95 ++ ++ 0B99-0B9A ++ ++ 0B9C ++ ++ 0B9E-0B9F ++ ++ 0BA3-0BA4 ++ ++ 0BA8-0BAA ++ ++ 0BAE-0BB5 ++ ++ 0BB7-0BB9 ++ ++ 0BBE-0BBF ++ ++ 0BC1-0BC2 ++ ++ 0BC6-0BC8 ++ ++ 0BCA-0BCC ++ ++ 0BD7 ++ ++ 0BE7-0BF2 ++ ++ 0C01-0C03 ++ ++ 0C05-0C0C ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0C0E-0C10 ++ ++ 0C12-0C28 ++ ++ 0C2A-0C33 ++ ++ 0C35-0C39 ++ ++ 0C41-0C44 ++ ++ 0C60-0C61 ++ ++ 0C66-0C6F ++ ++ 0C82-0C83 ++ ++ 0C85-0C8C ++ ++ 0C8E-0C90 ++ ++ 0C92-0CA8 ++ ++ 0CAA-0CB3 ++ ++ 0CB5-0CB9 ++ ++ 0CBE ++ ++ 0CC0-0CC4 ++ ++ 0CC7-0CC8 ++ ++ 0CCA-0CCB ++ ++ 0CD5-0CD6 ++ ++ 0CDE ++ ++ 0CE0-0CE1 ++ ++ 0CE6-0CEF ++ ++ 0D02-0D03 ++ ++ 0D05-0D0C ++ ++ 0D0E-0D10 ++ ++ 0D12-0D28 ++ ++ 0D2A-0D39 ++ ++ 0D3E-0D40 ++ ++ 0D46-0D48 ++ ++ 0D4A-0D4C ++ ++ 0D57 ++ ++ 0D60-0D61 ++ ++ 0D66-0D6F ++ ++ 0D82-0D83 ++ ++ 0D85-0D96 ++ ++ 0D9A-0DB1 ++ ++ 0DB3-0DBB ++ ++ 0DBD ++ ++ 0DC0-0DC6 ++ ++ 0DCF-0DD1 ++ ++ 0DD8-0DDF ++ ++ 0DF2-0DF4 ++ ++ 0E01-0E30 ++ ++ 0E32-0E33 ++ ++ 0E40-0E46 ++ ++ 0E4F-0E5B ++ ++ 0E81-0E82 ++ ++ 0E84 ++ ++ 0E87-0E88 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 0E8A ++ ++ 0E8D ++ ++ 0E94-0E97 ++ ++ 0E99-0E9F ++ ++ 0EA1-0EA3 ++ ++ 0EA5 ++ ++ 0EA7 ++ ++ 0EAA-0EAB ++ ++ 0EAD-0EB0 ++ ++ 0EB2-0EB3 ++ ++ 0EBD ++ ++ 0EC0-0EC4 ++ ++ 0EC6 ++ ++ 0ED0-0ED9 ++ ++ 0EDC-0EDD ++ ++ 0F00-0F17 ++ ++ 0F1A-0F34 ++ ++ 0F36 ++ ++ 0F38 ++ ++ 0F3E-0F47 ++ ++ 0F49-0F6A ++ ++ 0F7F ++ ++ 0F85 ++ ++ 0F88-0F8B ++ ++ 0FBE-0FC5 ++ ++ 0FC7-0FCC ++ ++ 0FCF ++ ++ 1000-1021 ++ ++ 1023-1027 ++ ++ 1029-102A ++ ++ 102C ++ ++ 1031 ++ ++ 1038 ++ ++ 1040-1057 ++ ++ 10A0-10C5 ++ ++ 10D0-10F8 ++ ++ 10FB ++ ++ 1100-1159 ++ ++ 115F-11A2 ++ ++ 11A8-11F9 ++ ++ 1200-1206 ++ ++ 1208-1246 ++ ++ 1248 ++ ++ 124A-124D ++ ++ 1250-1256 ++ ++ 1258 ++ ++ 125A-125D ++ ++ 1260-1286 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1288 ++ ++ 128A-128D ++ ++ 1290-12AE ++ ++ 12B0 ++ ++ 12B2-12B5 ++ ++ 12B8-12BE ++ ++ 12C0 ++ ++ 12C2-12C5 ++ ++ 12C8-12CE ++ ++ 12D0-12D6 ++ ++ 12D8-12EE ++ ++ 12F0-130E ++ ++ 1310 ++ ++ 1312-1315 ++ ++ 1318-131E ++ ++ 1320-1346 ++ ++ 1348-135A ++ ++ 1361-137C ++ ++ 13A0-13F4 ++ ++ 1401-1676 ++ ++ 1681-169A ++ ++ 16A0-16F0 ++ ++ 1700-170C ++ ++ 170E-1711 ++ ++ 1720-1731 ++ ++ 1735-1736 ++ ++ 1740-1751 ++ ++ 1760-176C ++ ++ 176E-1770 ++ ++ 1780-17B6 ++ ++ 17BE-17C5 ++ ++ 17C7-17C8 ++ ++ 17D4-17DA ++ ++ 17DC ++ ++ 17E0-17E9 ++ ++ 1810-1819 ++ ++ 1820-1877 ++ ++ 1880-18A8 ++ ++ 1E00-1E9B ++ ++ 1EA0-1EF9 ++ ++ 1F00-1F15 ++ ++ 1F18-1F1D ++ ++ 1F20-1F45 ++ ++ 1F48-1F4D ++ ++ 1F50-1F57 ++ ++ 1F59 ++ ++ 1F5B ++ ++ 1F5D ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1F5F-1F7D ++ ++ 1F80-1FB4 ++ ++ 1FB6-1FBC ++ ++ 1FBE ++ ++ 1FC2-1FC4 ++ ++ 1FC6-1FCC ++ ++ 1FD0-1FD3 ++ ++ 1FD6-1FDB ++ ++ 1FE0-1FEC ++ ++ 1FF2-1FF4 ++ ++ 1FF6-1FFC ++ ++ 200E ++ ++ 2071 ++ ++ 207F ++ ++ 2102 ++ ++ 2107 ++ ++ 210A-2113 ++ ++ 2115 ++ ++ 2119-211D ++ ++ 2124 ++ ++ 2126 ++ ++ 2128 ++ ++ 212A-212D ++ ++ 212F-2131 ++ ++ 2133-2139 ++ ++ 213D-213F ++ ++ 2145-2149 ++ ++ 2160-2183 ++ ++ 2336-237A ++ ++ 2395 ++ ++ 249C-24E9 ++ ++ 3005-3007 ++ ++ 3021-3029 ++ ++ 3031-3035 ++ ++ 3038-303C ++ ++ 3041-3096 ++ ++ 309D-309F ++ ++ 30A1-30FA ++ ++ 30FC-30FF ++ ++ 3105-312C ++ ++ 3131-318E ++ ++ 3190-31B7 ++ ++ 31F0-321C ++ ++ 3220-3243 ++ ++ 3260-327B ++ ++ 327F-32B0 ++ ++ 32C0-32CB ++ ++ 32D0-32FE ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 3300-3376 ++ ++ 337B-33DD ++ ++ 33E0-33FE ++ ++ 3400-4DB5 ++ ++ 4E00-9FA5 ++ ++ A000-A48C ++ ++ AC00-D7A3 ++ ++ D800-FA2D ++ ++ FA30-FA6A ++ ++ FB00-FB06 ++ ++ FB13-FB17 ++ ++ FF21-FF3A ++ ++ FF41-FF5A ++ ++ FF66-FFBE ++ ++ FFC2-FFC7 ++ ++ FFCA-FFCF ++ ++ FFD2-FFD7 ++ ++ FFDA-FFDC ++ ++ 10300-1031E ++ ++ 10320-10323 ++ ++ 10330-1034A ++ ++ 10400-10425 ++ ++ 10428-1044D ++ ++ 1D000-1D0F5 ++ ++ 1D100-1D126 ++ ++ 1D12A-1D166 ++ ++ 1D16A-1D172 ++ ++ 1D183-1D184 ++ ++ 1D18C-1D1A9 ++ ++ 1D1AE-1D1DD ++ ++ 1D400-1D454 ++ ++ 1D456-1D49C ++ ++ 1D49E-1D49F ++ ++ 1D4A2 ++ ++ 1D4A5-1D4A6 ++ ++ 1D4A9-1D4AC ++ ++ 1D4AE-1D4B9 ++ ++ 1D4BB ++ ++ 1D4BD-1D4C0 ++ ++ 1D4C2-1D4C3 ++ ++ 1D4C5-1D505 ++ ++ 1D507-1D50A ++ ++ 1D50D-1D514 ++ ++ 1D516-1D51C ++ ++ 1D51E-1D539 ++ ++ 1D53B-1D53E ++ ++ 1D540-1D544 ++ ++ 1D546 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 1D54A-1D550 ++ ++ 1D552-1D6A3 ++ ++ 1D6A8-1D7C9 ++ ++ 20000-2A6D6 ++ ++ 2F800-2FA1D ++ ++ F0000-FFFFD ++ ++ 100000-10FFFD ++ ++ ----- End Table D.2 ----- ++ +diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build +index 2072be4..c93bdb8 100644 +--- a/third_party/heimdal_build/wscript_build ++++ b/third_party/heimdal_build/wscript_build +@@ -842,7 +842,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'): + HEIMDAL_GENERATOR( + name="HEIMDAL_ERRORLIST", + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'", +- source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py', ++ source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt-table ../heimdal/lib/wind/stringprep.py', + target = '../heimdal/lib/wind/errorlist_table.c ../heimdal/lib/wind/errorlist_table.h' + ) + +@@ -864,7 +864,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'): + HEIMDAL_GENERATOR( + name = 'HEIMDAL_BIDI_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'", +- source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt', ++ source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt-table', + target = '../heimdal/lib/wind/bidi_table.h ../heimdal/lib/wind/bidi_table.c' + ) + +@@ -872,7 +872,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'): + HEIMDAL_GENERATOR( + name = 'HEIMDAL_MAP_TABLE', + rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[2].abspath()}' '${SRC[2].parent.abspath(env)}'", +- source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt', ++ source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt-table', + target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c' + ) + diff --git a/debian/patches/heimdal-spelling.patch b/debian/patches/heimdal-spelling.patch new file mode 100644 index 0000000..5d5210e --- /dev/null +++ b/debian/patches/heimdal-spelling.patch @@ -0,0 +1,139 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Subject: Heimdal: spelling fixes (underun prefered relase encyption confunder) + +diff --git a/third_party/heimdal/lib/asn1/asn1_err.et b/third_party/heimdal/lib/asn1/asn1_err.et +index ac7a9ebaa52..dc08a86cf30 100644 +--- a/third_party/heimdal/lib/asn1/asn1_err.et ++++ b/third_party/heimdal/lib/asn1/asn1_err.et +@@ -25,3 +25,3 @@ error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" + error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" +-error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" ++error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underrun" + error_code GOT_BER, "ASN.1 got BER encoded when expected DER" +diff --git a/third_party/heimdal/lib/asn1/asn1_print.c b/third_party/heimdal/lib/asn1/asn1_print.c +index 40c37fbbb94..d65116d4379 100644 +--- a/third_party/heimdal/lib/asn1/asn1_print.c ++++ b/third_party/heimdal/lib/asn1/asn1_print.c +@@ -568,3 +568,3 @@ dotype(unsigned char *buf, size_t len, char **argv, size_t *size) + errx(1, "Could not decode and print data as type %s: " +- "BER indefinte encoding underun", typename); ++ "BER indefinte encoding underrun", typename); + case ASN1_GOT_BER: +diff --git a/third_party/heimdal/lib/base/heimbase.c b/third_party/heimdal/lib/base/heimbase.c +index 1e6805a25e7..b5f325f9c8d 100644 +--- a/third_party/heimdal/lib/base/heimbase.c ++++ b/third_party/heimdal/lib/base/heimbase.c +@@ -691,3 +691,3 @@ heim_auto_release(heim_object_t ptr) + if (tls == NULL || (ar = tls->current) == NULL) +- heim_abort("no auto relase pool in place, would leak"); ++ heim_abort("no auto release pool in place, would leak"); + +diff --git a/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c b/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c +index c4ac7455cf6..7a211900fd3 100644 +--- a/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c ++++ b/third_party/heimdal/lib/gssapi/spnego/accept_sec_context.c +@@ -749,3 +749,3 @@ acceptor_start + *minor_status, +- "SPNEGO acceptor didn't find a prefered mechanism"); ++ "SPNEGO acceptor didn't find a preferred mechanism"); + } +diff --git a/third_party/heimdal/lib/hx509/cert.c b/third_party/heimdal/lib/hx509/cert.c +index 3dda886edc5..b27282de8c5 100644 +--- a/third_party/heimdal/lib/hx509/cert.c ++++ b/third_party/heimdal/lib/hx509/cert.c +@@ -1449,3 +1449,3 @@ _hx509_calculate_path(hx509_context context, + hx509_set_error_string(context, 0, HX509_PATH_TOO_LONG, +- "Path too long while bulding " ++ "Path too long while building " + "certificate chain"); +diff --git a/third_party/heimdal/lib/hx509/hx509_err.et b/third_party/heimdal/lib/hx509/hx509_err.et +index db81f5d294b..1eca18e043e 100644 +--- a/third_party/heimdal/lib/hx509/hx509_err.et ++++ b/third_party/heimdal/lib/hx509/hx509_err.et +@@ -64,4 +64,4 @@ error_code NO_PROMPTER, "No prompter function defined" + error_code SIGNATURE_WITHOUT_SIGNER, "Signature requires signer, but none available" +-error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed" +-error_code RSA_PRIVATE_ENCRYPT, "RSA private encyption failed" ++error_code RSA_PUBLIC_ENCRYPT, "RSA public encryption failed" ++error_code RSA_PRIVATE_ENCRYPT, "RSA private encryption failed" + error_code RSA_PUBLIC_DECRYPT, "RSA public decryption failed" +diff --git a/third_party/heimdal/lib/krb5/crypto.c b/third_party/heimdal/lib/krb5/crypto.c +index 2fb4f0620f7..0da3071361a 100644 +--- a/third_party/heimdal/lib/krb5/crypto.c ++++ b/third_party/heimdal/lib/krb5/crypto.c +@@ -1228,3 +1228,3 @@ decrypt_internal_derived(krb5_context context, + N_("Encrypted data shorter then " +- "checksum + confunder", "")); ++ "checksum + confounder", "")); + return KRB5_BAD_MSIZE; +@@ -1307,3 +1307,3 @@ decrypt_internal_enc_then_cksum(krb5_context context, + N_("Encrypted data shorter then " +- "checksum + confunder", "")); ++ "checksum + confounder", "")); + return KRB5_BAD_MSIZE; +@@ -1393,3 +1393,3 @@ decrypt_internal(krb5_context context, + N_("Encrypted data shorter then " +- "checksum + confunder", "")); ++ "checksum + confounder", "")); + return KRB5_BAD_MSIZE; +@@ -1459,3 +1459,3 @@ decrypt_internal_special(krb5_context context, + N_("Encrypted data shorter then " +- "checksum + confunder", "")); ++ "checksum + confounder", "")); + return KRB5_BAD_MSIZE; +diff --git a/third_party/heimdal/lib/sqlite/sqlite3.c b/third_party/heimdal/lib/sqlite/sqlite3.c +index de55858cb0f..7aaed45e977 100644 +--- a/third_party/heimdal/lib/sqlite/sqlite3.c ++++ b/third_party/heimdal/lib/sqlite/sqlite3.c +@@ -95908,3 +95908,3 @@ static int vdbeSorterFlushPMA(VdbeSorter *pSorter){ + ** fall back to using the final sub-task. The first (pSorter->nTask-1) +- ** sub-tasks are prefered as they use background threads - the final ++ ** sub-tasks are preferred as they use background threads - the final + ** sub-task uses the main thread. */ +diff --git a/third_party/heimdal/po/heim_com_err569856/de.po b/third_party/heimdal/po/heim_com_err569856/de.po +index 5e6ace5d766..ba2dbf6e93d 100644 +--- a/third_party/heimdal/po/heim_com_err569856/de.po ++++ b/third_party/heimdal/po/heim_com_err569856/de.po +@@ -275,3 +275,3 @@ msgstr "Signatur erfordert Unterzeichner, aber keiner verfügbar" + #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85 +-msgid "RSA public encyption failed" ++msgid "RSA public encryption failed" + msgstr "RSA-Verschlüsselung mit öffentlichem Schlüssel fehlgeschlagen" +diff --git a/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot b/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot +index 2913f6bcb9c..2305f21a962 100644 +--- a/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot ++++ b/third_party/heimdal/po/heim_com_err569856/heim_com_err569856.pot +@@ -269,3 +269,3 @@ msgstr "" + #: ../lib/hx509/hx509_err.c:84 ../lib/hx509/hx509_err.c:85 +-msgid "RSA public encyption failed" ++msgid "RSA public encryption failed" + msgstr "" +diff --git a/third_party/heimdal/po/heimdal_krb5/de.po b/third_party/heimdal/po/heimdal_krb5/de.po +index e7e8a1deaed..a846e4b7ece 100644 +--- a/third_party/heimdal/po/heimdal_krb5/de.po ++++ b/third_party/heimdal/po/heimdal_krb5/de.po +@@ -327,5 +327,4 @@ msgstr "Prüfsummentyp %s ist deaktiviert." + +-# FIXME: s/confunder/confounder/ + #: lib/krb5/crypto.c:2958 +-msgid "Encrypted data shorter then checksum + confunder" ++msgid "Encrypted data shorter then checksum + confounder" + msgstr "verschlüsselte Daten kürzer als Prüfsumme + Störfaktor" +diff --git a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot +index 3edacd2c246..25e1919c063 100644 +--- a/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot ++++ b/third_party/heimdal/po/heimdal_krb5/heimdal_krb5.pot +@@ -551,3 +551,3 @@ msgstr "" + #: lib/krb5/crypto.c:2958 +-msgid "Encrypted data shorter then checksum + confunder" ++msgid "Encrypted data shorter then checksum + confounder" + msgstr "" +diff --git a/third_party/heimdal/po/heimdal_krb5/sv_SE.po b/third_party/heimdal/po/heimdal_krb5/sv_SE.po +index f9721845a0b..79d094172bf 100644 +--- a/third_party/heimdal/po/heimdal_krb5/sv_SE.po ++++ b/third_party/heimdal/po/heimdal_krb5/sv_SE.po +@@ -542,3 +542,3 @@ msgstr "" + #: lib/krb5/crypto.c:2979 +-msgid "Encrypted data shorter then checksum + confunder" ++msgid "Encrypted data shorter then checksum + confounder" + msgstr "" diff --git a/debian/patches/hurd-compat.patch b/debian/patches/hurd-compat.patch new file mode 100644 index 0000000..8ae213b --- /dev/null +++ b/debian/patches/hurd-compat.patch @@ -0,0 +1,43 @@ +Subject: hurd compatibility changes +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Thu, 03 Nov 2022 20:49:33 +0300 + +Hurd does not define PIPE_BUF, so lib/tevent/testsuite.c fails to compile +(yes, this file is used as part of *samba* testsuite, not tevent testsuite). +Define it to a safe minimal value like 512 bytes. + +Hurd does not provide SA_NOCLDWAIT define, so lib/util/tests/tfork.c does +not compile. This is only needed during testing to omit zombie process +generation, which has only cosmetic effect. Define it to be 0. + +Based on prior work and ideas by Samuel Thibault. + +diff --git a/lib/tevent/testsuite.c b/lib/tevent/testsuite.c +index 492b8807996..0bbfc2ed280 100644 +--- a/lib/tevent/testsuite.c ++++ b/lib/tevent/testsuite.c +@@ -36,6 +36,10 @@ + #include "system/threads.h" + #include <assert.h> + #endif ++#include <limits.h> ++#ifndef PIPE_BUF /* eg hurd does not define it */ ++# define PIPE_BUF 512 /* a safe bet */ ++#endif + + static struct tevent_context * + test_tevent_context_init(TALLOC_CTX *mem_ctx) +diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c +index 70ae97583fc..72288e03abb 100644 +--- a/lib/util/tests/tfork.c ++++ b/lib/util/tests/tfork.c +@@ -33,6 +33,9 @@ + #ifdef HAVE_PTHREAD + #include <pthread.h> + #endif ++#ifndef SA_NOCLDWAIT ++#define SA_NOCLDWAIT 0 ++#endif + + static bool test_tfork_simple(struct torture_context *tctx) + { diff --git a/debian/patches/libsmbclient-ensure-lfs-221618.patch b/debian/patches/libsmbclient-ensure-lfs-221618.patch new file mode 100644 index 0000000..11f8521 --- /dev/null +++ b/debian/patches/libsmbclient-ensure-lfs-221618.patch @@ -0,0 +1,50 @@ +Subject: ensure libsmbclient.h is being used with LFS enabled +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Sat, 02 Apr 2022 19:01:55 +0300 +Bug-Debian: https://bugs.debian.org/221618 + +We build samba with LFS (Large File Support) even on 32bits. +This means some types like off_t are 64-bit wide, again, +even on a 32bit host. libsmbclient.h uses off_t in function +prototypes, and thes prototypes muct match those which were +used at samba compile time - if some other source includes +libsmbclient.h without LFS, it'll get wrong prototypes and +the resulting binary will most likely crash when using +libsmbclient functions. + +Detect and error-out this at compile time. + +We can not do anything with this in the public header since +it is alredy too late to redefine things, since we can't +guarantee we're the first header a program #includes, and +at the time this libsmbclient.h is included, off_t can +already be defined so our (re)define of _FILE_OFFSET_BITS +does nothing already. + +Patching libsmbclient.h to use off64_t means client program +should change their off_t to off64_t too when storing +file offsets returning from libsmbclient, so this is not +an option too. + +With this change, we will error out even if the user source +does not use any off_t-related functions. Namely, it was ok +to #include <libsmbclient.h> and use smbc_open/smbc_read/ +smbc_write/smbc_close without _F_O_B=64, - neither of these +functions uses off_t. smbc_lseek and others doesn't work, +but if a program does not use them anyway, whole thing will +just work even without enabling LFS. Ideally we can probably +check each individual function which is being affected, by +replacing it with #error if sizeof(off_t) < 8. But this +requires quite some hackery... + +diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h +index 84c98089251..1a6ea599cfa 100644 +--- a/source3/include/libsmbclient.h ++++ b/source3/include/libsmbclient.h +@@ -82,4 +82,6 @@ extern "C" { + #include <utime.h> + ++typedef int smbc_off_t_should_be_at_least_64bits_use_LFS_CFLAGS[sizeof(off_t)-7]; ++ + #define SMBC_BASE_FD 10000 /* smallest file descriptor returned */ + diff --git a/debian/patches/lower-dns-lookup-mismatch-messages.patch b/debian/patches/lower-dns-lookup-mismatch-messages.patch new file mode 100644 index 0000000..ae6c197 --- /dev/null +++ b/debian/patches/lower-dns-lookup-mismatch-messages.patch @@ -0,0 +1,34 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 01 Mar 2024 16:16:20 +0300 +Subject: lower dns lookup mismatch messages + +There's just too much useless noise in the logs, +especially when the PTR record just doesn't exist. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c +index 5ff875c230d..b9237c3797e 100644 +--- a/source3/lib/util_sock.c ++++ b/source3/lib/util_sock.c +@@ -710,5 +710,5 @@ static bool matchname(const char *remotehost, + (!strequal(remotehost, ailist->ai_canonname) && + !strequal(remotehost, "localhost"))) { +- DEBUG(0,("matchname: host name/name mismatch: %s != %s\n", ++ DEBUG(5,("matchname: host name/name mismatch: %s != %s\n", + remotehost, + ailist->ai_canonname ? +@@ -736,5 +736,5 @@ static bool matchname(const char *remotehost, + */ + +- DEBUG(0,("matchname: host name/address mismatch: %s != %s\n", ++ DEBUG(5,("matchname: host name/address mismatch: %s != %s\n", + print_sockaddr_len(addr_buf, + sizeof(addr_buf), +@@ -892,5 +892,5 @@ int get_remote_hostname(const struct tsocket_address *remote_address, + } else { + if (!matchname(name_buf, (struct sockaddr *)&ss, len)) { +- DEBUG(0,("matchname failed on %s\n", name_buf)); ++ DEBUG(5,("matchname failed on %s\n", name_buf)); + strlcpy(name_buf, "UNKNOWN", sizeof(name_buf)); + } diff --git a/debian/patches/meaningful-error-if-no-python3-markdown.patch b/debian/patches/meaningful-error-if-no-python3-markdown.patch new file mode 100644 index 0000000..80ffd73 --- /dev/null +++ b/debian/patches/meaningful-error-if-no-python3-markdown.patch @@ -0,0 +1,24 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 2 Dec 2022 11:08:27 +0300 +Updated: Thu, 03 Aug 2023 17:10:59 +0300 +Subject: print meaningful error message if python3-markdown is not installed +Debian-Specific: yes +Forwarded: not-needed + +--- + python/samba/netcmd/domain/schemaupgrade.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/python/samba/netcmd/domain/schemaupgrade.py b/python/samba/netcmd/domain/schemaupgrade.py +index 1d67ab58c15..858802635a2 100644 +--- a/python/samba/netcmd/domain/schemaupgrade.py ++++ b/python/samba/netcmd/domain/schemaupgrade.py +@@ -229,6 +229,6 @@ class cmd_domain_schema_upgrade(Command): + from samba.ms_schema_markdown import read_ms_markdown + except ImportError as e: +- self.outf.write("Exception in importing markdown: %s\n" % e) +- raise CommandError('Failed to import module markdown') ++ self.outf.write("Exception in importing markdown: %s\n" % e) ++ raise CommandError('Failed to import module markdown, please install python3-markdown package') + from samba.schema import Schema + diff --git a/debian/patches/meaningful-error-if-no-samba-ad-provision.patch b/debian/patches/meaningful-error-if-no-samba-ad-provision.patch new file mode 100644 index 0000000..f7bae51 --- /dev/null +++ b/debian/patches/meaningful-error-if-no-samba-ad-provision.patch @@ -0,0 +1,25 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Fri, 2 Dec 2022 10:54:31 +0300 +Updated: Thu, 03 Aug 2023 17:06:24 +0300 +Subject: print meaningful error message if samba-ad-provision is not installed +Debian-Specific: yes +Forwarded: not-needed + +--- + python/samba/provision/common.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/python/samba/provision/common.py b/python/samba/provision/common.py +index a6851b7e4c1..935918aa73f 100644 +--- a/python/samba/provision/common.py ++++ b/python/samba/provision/common.py +@@ -40,5 +40,8 @@ FILL_DRS = "DRS" + def setup_path(file): + """Return an absolute path to the provision template file specified by file""" +- return os.path.join(setup_dir(), file) ++ path = os.path.join(setup_dir(), file) ++ if not os.path.exists(path): ++ raise Exception("File [%s] not found. Please install samba-ad-provision package" % path) ++ return path + + diff --git a/debian/patches/move-msg.sock-from-var-lib-samba-to-run-samba.patch b/debian/patches/move-msg.sock-from-var-lib-samba-to-run-samba.patch new file mode 100644 index 0000000..ceb2a4f --- /dev/null +++ b/debian/patches/move-msg.sock-from-var-lib-samba-to-run-samba.patch @@ -0,0 +1,55 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Tue, 26 Apr 2022 16:11:48 +0300 +Subject: move msg.sock from /var/lib/samba to /run/samba + +This moves a socket directory from /var/lib/samba to /run/samba. + +https://lists.samba.org/archive/samba-technical/2022-April/137322.html + +diff --git a/source3/lib/messages.c b/source3/lib/messages.c +index 8641a9dad56..bf866e65e44 100644 +--- a/source3/lib/messages.c ++++ b/source3/lib/messages.c +@@ -461,11 +461,6 @@ static int messaging_context_destructor(struct messaging_context *ctx) + return 0; + } + +-static const char *private_path(const char *name) +-{ +- return talloc_asprintf(talloc_tos(), "%s/%s", lp_private_dir(), name); +-} +- + static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct messaging_context **pmsg_ctx) +@@ -500,7 +495,7 @@ static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx, + return NT_STATUS_ACCESS_DENIED; + } + +- priv_path = private_path("msg.sock"); ++ priv_path = lock_path(talloc_tos(), "msg.sock"); + if (priv_path == NULL) { + return NT_STATUS_NO_MEMORY; + } +@@ -663,7 +658,7 @@ NTSTATUS messaging_reinit(struct messaging_context *msg_ctx) + msg_ctx->per_process_talloc_ctx, + msg_ctx->event_ctx, + &msg_ctx->id.unique_id, +- private_path("msg.sock"), ++ lock_path(talloc_tos(), "msg.sock"), + lck_path, + messaging_recv_cb, + msg_ctx, +diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c +index a00c35be0d5..da641bc06aa 100644 +--- a/source4/lib/messaging/messaging.c ++++ b/source4/lib/messaging/messaging.c +@@ -500,7 +500,7 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, + goto fail; + } + +- msg->sock_dir = lpcfg_private_path(msg, lp_ctx, "msg.sock"); ++ msg->sock_dir = lpcfg_lock_path(msg, lp_ctx, "msg.sock"); + if (msg->sock_dir == NULL) { + goto fail; + } diff --git a/debian/patches/passchange-error-message.patch b/debian/patches/passchange-error-message.patch new file mode 100644 index 0000000..710f10f --- /dev/null +++ b/debian/patches/passchange-error-message.patch @@ -0,0 +1,24 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Mon, 26 Feb 2024 15:35:35 +0300 +Subject: passchange: error message fix +Forwarded: yes + +Missing space and newline. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c +index 716bfa39a3b..4049ad0fea1 100644 +--- a/source3/libsmb/passchange.c ++++ b/source3/libsmb/passchange.c +@@ -221,8 +221,8 @@ NTSTATUS remote_password_change(const char *remote_machine, + if (!NT_STATUS_IS_OK(result)) { + int rc = asprintf( + err_str, +- "machine %s rejected to change the password" +- "with error: %s", ++ "machine %s rejected to change the password " ++ "with error: %s\n", + remote_machine, + get_friendly_nt_error_msg(result)); + if (rc <= 0) { diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..4c13d2d --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,28 @@ +libsmbclient-ensure-lfs-221618.patch +hurd-compat.patch +README_nosmbldap-tools.patch +smbclient-pager.patch +usershare.patch +heimdal-rfc3454.txt +add-so-version-to-private-libraries +smbd.service-Run-update-apparmor-samba-profile-befor.patch +fix-nfs-service-name-to-nfs-kernel-server.patch +ctdb-config-enable-syslog-by-default.patch +Force-LDB-as-standalone.patch +use-bzero-instead-of-memset_s.diff +ctdb_etcd_lock-path.patch +ctdb-create-piddir.patch +silence-waf-uselib_local.diff +disable-setuid-confchecks.patch +move-msg.sock-from-var-lib-samba-to-run-samba.patch +testparm-do-not-fail-if-pid-dir-does-not-exist.patch +add-missing-libs-deps.diff +heimdal-spelling.patch +fruit-disable-useless-size_t-overflow-check.patch +meaningful-error-if-no-samba-ad-provision.patch +meaningful-error-if-no-python3-markdown.patch +ctdb-use-run-instead-of-var-run.patch +silence-can-not-convert-group-sid.diff +edns0.patch +passchange-error-message.patch +lower-dns-lookup-mismatch-messages.patch diff --git a/debian/patches/silence-can-not-convert-group-sid.diff b/debian/patches/silence-can-not-convert-group-sid.diff new file mode 100644 index 0000000..e3a178e --- /dev/null +++ b/debian/patches/silence-can-not-convert-group-sid.diff @@ -0,0 +1,26 @@ +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Wed, 14 Feb 2024 15:26:29 +0300 +Subject: silence "Can not convert group sid" warnings in the log +Forwarded: yes + +/var/log/samba/log.winbind is full of messages like: + +[2024/02/09 06:25:04.788182, 1, pid=74620] source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) + Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED + +On a busy server these are logged several 1000s times per minute, +making any other messages basically invisible. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> + +diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c +index c2603cc7026..f252e14bf95 100644 +--- a/source3/winbindd/winbindd_getgroups.c ++++ b/source3/winbindd/winbindd_getgroups.c +@@ -257,5 +257,5 @@ NTSTATUS winbindd_getgroups_recv(struct tevent_req *req, + if (tevent_req_is_nterror(req, &status)) { + struct dom_sid_buf buf; +- D_WARNING("Could not convert sid %s: %s\n", ++ D_DEBUG("Could not convert sid %s: %s\n", + dom_sid_str_buf(&state->sid, &buf), + nt_errstr(status)); diff --git a/debian/patches/silence-waf-uselib_local.diff b/debian/patches/silence-waf-uselib_local.diff new file mode 100644 index 0000000..ecbae47 --- /dev/null +++ b/debian/patches/silence-waf-uselib_local.diff @@ -0,0 +1,31 @@ +Subject: silence uselib_local warning produced by waf +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Sun, 03 Apr 2022 07:57:38 +0300 + +During config/build process in verbose mode, waf produces +about 2k repetitions of this warning: + + compat: "uselib_local" is deprecated, replace by "use" + +which clutters the build log. + +Comment this warning out for now until it will be +fixed properly. + +diff --git a/buildtools/wafsamba/samba_waf18.py b/buildtools/wafsamba/samba_waf18.py +index e2a078bd3a0..dfd53a012d1 100644 +--- a/buildtools/wafsamba/samba_waf18.py ++++ b/buildtools/wafsamba/samba_waf18.py +@@ -314,9 +314,9 @@ def apply_uselib_local(self): + seen = set() + seen_uselib = set() + tmp = Utils.deque(names) # consume a copy of the list of names +- if tmp: +- if Logs.verbose: +- Logs.warn('compat: "uselib_local" is deprecated, replace by "use"') ++ #if tmp: ++ # if Logs.verbose: ++ # Logs.warn('compat: "uselib_local" is deprecated, replace by "use"') + while tmp: + lib_name = tmp.popleft() + # visit dependencies only once diff --git a/debian/patches/smbclient-pager.patch b/debian/patches/smbclient-pager.patch new file mode 100644 index 0000000..4c7af22 --- /dev/null +++ b/debian/patches/smbclient-pager.patch @@ -0,0 +1,22 @@ +From: Steve Langasek <vorlon@debian.org> +Subject: Use the pager alternative as pager is PAGER is undefined + +Bug-Debian: http://bugs.debian.org/135603 +Forwarded: not-needed +--- + source3/include/local.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/include/local.h b/source3/include/local.h +index 7f97d4e..60a00d1 100644 +--- a/source3/include/local.h ++++ b/source3/include/local.h +@@ -88,7 +88,7 @@ + /* the default pager to use for the client "more" command. Users can + override this with the PAGER environment variable */ + #ifndef PAGER +-#define PAGER "more" ++#define PAGER "/usr/bin/pager" + #endif + + /* the size of the uid cache used to reduce valid user checks */ diff --git a/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch b/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch new file mode 100644 index 0000000..c5a64dc --- /dev/null +++ b/debian/patches/smbd.service-Run-update-apparmor-samba-profile-befor.patch @@ -0,0 +1,25 @@ +From 0ecd28ff3fd7f3d5c20705a2b8233fc8648cbf9c Mon Sep 17 00:00:00 2001 +From: Mathieu Parent <math.parent@gmail.com> +Date: Thu, 21 Feb 2019 21:04:30 +0100 +Subject: [PATCH] smbd.service: Run update-apparmor-samba-profile before start + +Bug-Debian: https://bugs.debian.org/896080 +--- + packaging/systemd/smb.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/packaging/systemd/smb.service.in b/packaging/systemd/smb.service.in +index 18912ef0e98..6bb24861682 100644 +--- a/packaging/systemd/smb.service.in ++++ b/packaging/systemd/smb.service.in +@@ -10,6 +10,7 @@ NotifyAccess=all + PIDFile=@PIDDIR@/smbd.pid + LimitNOFILE=16384 + EnvironmentFile=-@SYSCONFDIR@/sysconfig/samba ++ExecStartPre=/usr/share/samba/update-apparmor-samba-profile + ExecStart=@SBINDIR@/smbd --foreground --no-process-group $SMBDOPTIONS + ExecReload=/bin/kill -HUP $MAINPID + LimitCORE=infinity +-- +2.20.1 + diff --git a/debian/patches/testparm-do-not-fail-if-pid-dir-does-not-exist.patch b/debian/patches/testparm-do-not-fail-if-pid-dir-does-not-exist.patch new file mode 100644 index 0000000..cdf1dd2 --- /dev/null +++ b/debian/patches/testparm-do-not-fail-if-pid-dir-does-not-exist.patch @@ -0,0 +1,70 @@ +From 68fe6de9aeca04c252d1d89165802e0fa981d28c Mon Sep 17 00:00:00 2001 +From: Michael Tokarev <mjt@tls.msk.ru> +Date: Tue, 26 Apr 2022 16:14:38 +0300 +Subject: testparm: do not fail if /run/samba does not exist + +testparm explicitly fails if $piddir or $lockdir does not exist. +However, the daemons which actually use these directories, will +create it on demand, there is no need to fail even simple testparm +operations if the dirs are not there. + +This change lets to (pre)configure samba without bothering to +pre-create the directories which are overwise needed only to fulfil +testparm criteria. + +Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> +--- + python/samba/netcmd/testparm.py | 6 ++---- + source3/utils/testparm.c | 6 ++---- + 2 files changed, 4 insertions(+), 8 deletions(-) + +diff --git a/python/samba/netcmd/testparm.py b/python/samba/netcmd/testparm.py +index b44dea1f141..6fecbb15303 100644 +--- a/python/samba/netcmd/testparm.py ++++ b/python/samba/netcmd/testparm.py +@@ -142,14 +142,12 @@ class cmd_testparm(Command): + lockdir = lp.get("lockdir") + + if not os.path.isdir(lockdir): +- logger.error("lock directory %s does not exist", lockdir) +- valid = False ++ logger.warning("lock directory %s does not exist", lockdir) + + piddir = lp.get("pid directory") + + if not os.path.isdir(piddir): +- logger.error("pid directory %s does not exist", piddir) +- valid = False ++ logger.warning("pid directory %s does not exist", piddir) + + winbind_separator = lp.get("winbind separator") + +diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c +index 71bc4c2694e..4916a665c02 100644 +--- a/source3/utils/testparm.c ++++ b/source3/utils/testparm.c +@@ -326,9 +326,8 @@ static int do_global_checks(void) + } + + if (!directory_exist_stat(lp_lock_directory(), &st)) { +- fprintf(stderr, "ERROR: lock directory %s does not exist\n\n", ++ fprintf(stderr, "WARNING: lock directory %s does not exist\n\n", + lp_lock_directory()); +- ret = 1; + } else if ((st.st_ex_mode & 0777) != 0755) { + fprintf(stderr, "WARNING: lock directory %s should have " + "permissions 0755 for browsing to work\n\n", +@@ -356,9 +355,8 @@ static int do_global_checks(void) + } + + if (!directory_exist_stat(lp_pid_directory(), &st)) { +- fprintf(stderr, "ERROR: pid directory %s does not exist\n\n", ++ fprintf(stderr, "WARNING: pid directory %s does not exist\n\n", + lp_pid_directory()); +- ret = 1; + } + + if (lp_passdb_expand_explicit()) { +-- +2.30.2 + diff --git a/debian/patches/use-bzero-instead-of-memset_s.diff b/debian/patches/use-bzero-instead-of-memset_s.diff new file mode 100644 index 0000000..a752b24 --- /dev/null +++ b/debian/patches/use-bzero-instead-of-memset_s.diff @@ -0,0 +1,24 @@ +Subject: use bzero() instead of memset_s() + +lib/replace/replace.h header defines ZERO_STRUCT macro +which uses memset_s() function (which is similar to +memset() but can not be optimized out by the compiler). +Glibc has bzero() with similar property, while memset_s() +have is implemented in lib/replace/replace.c, - this way, +some binaries needlessly link with libreplace-samba4 just +to get rep_memset_s() symbol. By using bzero() instead, +this endless linkage is eliminated, so we can package, +for example, libldb (which uses ZERO_STRUCT) without it +linking to libreplace-samba4. + +Note: actually using explicit_bzero() so it is not optimized +out by the compiler - this is the original goal of using +memset_s(). + +diff --git a/lib/replace/replace.h b/lib/replace/replace.h +index 8609d84322c..28db8d425a3 100644 +--- a/lib/replace/replace.h ++++ b/lib/replace/replace.h +@@ -822 +822 @@ +-#define ZERO_STRUCT(x) memset_s((char *)&(x), sizeof(x), 0, sizeof(x)) ++#define ZERO_STRUCT(x) explicit_bzero((char *)&(x), sizeof(x)) diff --git a/debian/patches/usershare.patch b/debian/patches/usershare.patch new file mode 100644 index 0000000..9f072a5 --- /dev/null +++ b/debian/patches/usershare.patch @@ -0,0 +1,52 @@ +From: Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debian.org> +Subject: Enable net usershares by default at build time + +Enable net usershares by default at build time, with a limit of 100, and update +the corresponding documentation. + +Bug-Debian: http://bugs.debian.org/443230 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548 +Forwarded: not-needed +--- + docs-xml/smbdotconf/misc/usersharemaxshares.xml | 2 +- + lib/param/loadparm.c | 2 ++ + source3/param/loadparm.c | 2 +- + 3 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/docs-xml/smbdotconf/misc/usersharemaxshares.xml b/docs-xml/smbdotconf/misc/usersharemaxshares.xml +index 0d69bb8..e985857 100644 +--- a/docs-xml/smbdotconf/misc/usersharemaxshares.xml ++++ b/docs-xml/smbdotconf/misc/usersharemaxshares.xml +@@ -9,5 +9,5 @@ + </para> + + </description> +-<value type="default">0</value> ++<value type="default">100</value> + </samba:parameter> +diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c +index a221e87..c5367fd 100644 +--- a/lib/param/loadparm.c ++++ b/lib/param/loadparm.c +@@ -2966,6 +2966,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) + + lpcfg_do_global_parameter(lp_ctx, "init logon delay", "100"); + ++ lpcfg_do_global_parameter(lp_ctx, "usershare max shares", "100"); ++ + lpcfg_do_global_parameter(lp_ctx, "usershare owner only", "yes"); + + lpcfg_do_global_parameter(lp_ctx, "-valid", "yes"); +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index d5b1c56..5cd0a18 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -847,7 +847,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) + lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s); + TALLOC_FREE(s); + lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, ""); +- Globals.usershare_max_shares = 0; ++ Globals.usershare_max_shares = 100; + /* By default disallow sharing of directories not owned by the sharer. */ + Globals.usershare_owner_only = true; + /* By default disallow guest access to usershares. */ diff --git a/debian/python3-ldb-dev.install b/debian/python3-ldb-dev.install new file mode 100644 index 0000000..188b78e --- /dev/null +++ b/debian/python3-ldb-dev.install @@ -0,0 +1,3 @@ +usr/include/samba-4.0/pyldb.h +usr/lib/*/libpyldb-util.cpython-*.so +usr/lib/*/pkgconfig/pyldb-util.cpython-*.pc diff --git a/debian/python3-ldb-dev.lintian-overrides b/debian/python3-ldb-dev.lintian-overrides new file mode 100644 index 0000000..e790d3f --- /dev/null +++ b/debian/python3-ldb-dev.lintian-overrides @@ -0,0 +1,2 @@ +# This is actually a -dev package +python3-ldb-dev: wrong-section-according-to-package-name * => python diff --git a/debian/python3-ldb.install b/debian/python3-ldb.install new file mode 100644 index 0000000..43bf0d6 --- /dev/null +++ b/debian/python3-ldb.install @@ -0,0 +1,3 @@ +usr/lib/*/libpyldb-util.cpython-*.so.* +usr/lib/python3/dist-packages/_ldb_text.py +usr/lib/python3/dist-packages/ldb.cpython-*.so diff --git a/debian/python3-ldb.lintian-overrides b/debian/python3-ldb.lintian-overrides new file mode 100644 index 0000000..7a98c45 --- /dev/null +++ b/debian/python3-ldb.lintian-overrides @@ -0,0 +1,2 @@ +python3-ldb: package-name-doesnt-match-sonames libpyldb-util.cpython-* +python3-ldb: library-not-linked-against-libc */libpyldb-util.*.so.* diff --git a/debian/python3-ldb.symbols.in b/debian/python3-ldb.symbols.in new file mode 100755 index 0000000..ac2e51a --- /dev/null +++ b/debian/python3-ldb.symbols.in @@ -0,0 +1,69 @@ +#libpyldb-util${DEB_PY3_EXTENSION_SUFFIX}.2 #PACKAGE# #MINVER# +# PYLDB_UTIL${DEB_PY3_EXTENSION_UPCASE}_2.5.0@PYLDB_UTIL${DEB_PY3_EXTENSION_UPCASE}_2.5.0 2:2.5.0 + PYLDB_UTIL_1.1.2@PYLDB_UTIL_1.1.2 2:2.2.0 + PYLDB_UTIL_1.1.3@PYLDB_UTIL_1.1.3 2:2.0.7 + PYLDB_UTIL_1.1.4@PYLDB_UTIL_1.1.4 2:2.0.7 + PYLDB_UTIL_1.1.5@PYLDB_UTIL_1.1.5 2:2.0.7 + PYLDB_UTIL_1.1.6@PYLDB_UTIL_1.1.6 2:2.0.7 + PYLDB_UTIL_1.1.7@PYLDB_UTIL_1.1.7 2:2.0.7 + PYLDB_UTIL_1.1.8@PYLDB_UTIL_1.1.8 2:2.0.7 + PYLDB_UTIL_1.1.9@PYLDB_UTIL_1.1.9 2:2.0.7 + PYLDB_UTIL_1.1.10@PYLDB_UTIL_1.1.10 2:2.0.7 + PYLDB_UTIL_1.1.11@PYLDB_UTIL_1.1.11 2:2.0.7 + PYLDB_UTIL_1.1.12@PYLDB_UTIL_1.1.12 2:2.0.7 + PYLDB_UTIL_1.1.13@PYLDB_UTIL_1.1.13 2:2.0.7 + PYLDB_UTIL_1.1.14@PYLDB_UTIL_1.1.14 2:2.0.7 + PYLDB_UTIL_1.1.15@PYLDB_UTIL_1.1.15 2:2.0.7 + PYLDB_UTIL_1.1.16@PYLDB_UTIL_1.1.16 2:2.0.7 + PYLDB_UTIL_1.1.17@PYLDB_UTIL_1.1.17 2:2.0.7 + PYLDB_UTIL_1.1.18@PYLDB_UTIL_1.1.18 2:2.0.7 + PYLDB_UTIL_1.1.19@PYLDB_UTIL_1.1.19 2:2.0.7 + PYLDB_UTIL_1.1.20@PYLDB_UTIL_1.1.20 2:2.0.7 + PYLDB_UTIL_1.1.21@PYLDB_UTIL_1.1.21 2:2.0.7 + PYLDB_UTIL_1.1.22@PYLDB_UTIL_1.1.22 2:2.0.7 + PYLDB_UTIL_1.1.23@PYLDB_UTIL_1.1.23 1.5.4 + PYLDB_UTIL_1.1.24@PYLDB_UTIL_1.1.24 1.5.4 + PYLDB_UTIL_1.1.25@PYLDB_UTIL_1.1.25 1.5.4 + PYLDB_UTIL_1.1.26@PYLDB_UTIL_1.1.26 1.5.4 + PYLDB_UTIL_1.1.27@PYLDB_UTIL_1.1.27 1.5.4 + PYLDB_UTIL_1.1.28@PYLDB_UTIL_1.1.28 1.5.4 + PYLDB_UTIL_1.1.29@PYLDB_UTIL_1.1.29 1.5.4 + PYLDB_UTIL_1.1.30@PYLDB_UTIL_1.1.30 1.5.4 + PYLDB_UTIL_1.1.31@PYLDB_UTIL_1.1.31 1.5.4 + PYLDB_UTIL_1.2.0@PYLDB_UTIL_1.2.0 1.5.4 + PYLDB_UTIL_1.2.1@PYLDB_UTIL_1.2.1 1.5.4 + PYLDB_UTIL_1.2.2@PYLDB_UTIL_1.2.2 1.5.4 + PYLDB_UTIL_1.2.3@PYLDB_UTIL_1.2.3 1.5.4 + PYLDB_UTIL_1.3.0@PYLDB_UTIL_1.3.0 1.5.4 + PYLDB_UTIL_1.3.1@PYLDB_UTIL_1.3.1 1.5.4 + PYLDB_UTIL_1.3.2@PYLDB_UTIL_1.3.2 1.5.4 + PYLDB_UTIL_1.4.0@PYLDB_UTIL_1.4.0 1.5.4 + PYLDB_UTIL_1.4.1@PYLDB_UTIL_1.4.1 1.5.4 + PYLDB_UTIL_1.5.0@PYLDB_UTIL_1.5.0 1.5.4 + PYLDB_UTIL_1.5.1@PYLDB_UTIL_1.5.1 1.5.4 + PYLDB_UTIL_1.5.2@PYLDB_UTIL_1.5.2 1.5.4 + PYLDB_UTIL_1.5.3@PYLDB_UTIL_1.5.3 1.5.4 + PYLDB_UTIL_1.6.0@PYLDB_UTIL_1.6.0 2:2.0.7 + PYLDB_UTIL_1.6.1@PYLDB_UTIL_1.6.1 2:2.0.7 + PYLDB_UTIL_1.6.2@PYLDB_UTIL_1.6.2 2:2.0.7 + PYLDB_UTIL_1.6.3@PYLDB_UTIL_1.6.3 2:2.0.7 + PYLDB_UTIL_2.0.0@PYLDB_UTIL_2.0.0 2:2.0.7 + PYLDB_UTIL_2.0.1@PYLDB_UTIL_2.0.1 2:2.0.7 + PYLDB_UTIL_2.0.2@PYLDB_UTIL_2.0.2 2:2.0.7 + PYLDB_UTIL_2.0.3@PYLDB_UTIL_2.0.3 2:2.0.7 + PYLDB_UTIL_2.0.4@PYLDB_UTIL_2.0.4 2:2.0.7 + PYLDB_UTIL_2.0.5@PYLDB_UTIL_2.0.5 2:2.0.7 + PYLDB_UTIL_2.1.0@PYLDB_UTIL_2.1.0 2:2.1.0 + PYLDB_UTIL_2.1.1@PYLDB_UTIL_2.1.1 2:2.1.1 + PYLDB_UTIL_2.2.0@PYLDB_UTIL_2.2.0 2:2.2.0 + PYLDB_UTIL_2.4.0@PYLDB_UTIL_2.4.0 2:2.5.0 + PYLDB_UTIL_2.4.1@PYLDB_UTIL_2.4.1 2:2.5.0 + PYLDB_UTIL_2.5.0@PYLDB_UTIL_2.5.0 2:2.5.0 + PYLDB_UTIL_2.6.0@PYLDB_UTIL_2.6.0 2:2.6.0 + PYLDB_UTIL_2.6.1@PYLDB_UTIL_2.6.1 2:2.6.1 + PYLDB_UTIL_2.7.0@PYLDB_UTIL_2.7.0 2:2.7.0 + PYLDB_UTIL_2.8.0@PYLDB_UTIL_2.8.0 2:2.8.0 + PYLDB_UTIL_2.9.0@PYLDB_UTIL_2.9.0 2:2.9.0 + pyldb_Dn_FromDn@PYLDB_UTIL_1.1.2 2:2.0.7 + pyldb_Object_AsDn@PYLDB_UTIL_1.1.2 2:2.0.7 + pyldb_check_type@PYLDB_UTIL_2.1.0 2:2.1.0 diff --git a/debian/python3-samba.install b/debian/python3-samba.install new file mode 100644 index 0000000..2a0e9a6 --- /dev/null +++ b/debian/python3-samba.install @@ -0,0 +1,4 @@ +usr/lib/python3*/*-packages/samba +usr/lib/*/libsamba-policy.cpython-*.so.* +usr/lib/*/samba/libsamba-net.cpython-*.so.* +usr/lib/*/samba/libsamba-python.cpython-*.so.0 diff --git a/debian/python3-samba.lintian-overrides b/debian/python3-samba.lintian-overrides new file mode 100644 index 0000000..0fe666a --- /dev/null +++ b/debian/python3-samba.lintian-overrides @@ -0,0 +1,6 @@ +# False positives, see #896012 +python3-samba: library-not-linked-against-libc * +python3-samba: package-name-doesnt-match-sonames libsamba-policy.cpython-*0 +python3-samba: shared-library-lacks-prerequisites */samba/*.cpython*.so* +python3-samba: no-symbols-control-file usr/lib/*/libsamba-policy.*.so.* +python3-samba: hardening-no-fortify-functions */libsamba-policy.cpython*.so.* diff --git a/debian/registry-tools.install b/debian/registry-tools.install new file mode 100644 index 0000000..d9b7bfe --- /dev/null +++ b/debian/registry-tools.install @@ -0,0 +1,8 @@ +usr/bin/regdiff +usr/bin/regpatch +usr/bin/regshell +usr/bin/regtree +usr/share/man/man1/regdiff.1 +usr/share/man/man1/regpatch.1 +usr/share/man/man1/regshell.1 +usr/share/man/man1/regtree.1 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..68e77d7 --- /dev/null +++ b/debian/rules @@ -0,0 +1,396 @@ +#!/usr/bin/make -f +SHELL = /bin/sh -e + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# Fast version of dpkg/architecture.mk defining all vars in one go +ifeq (${DEB_HOST_MULTIARCH},) + $(foreach d, $(shell dpkg-architecture | sed 's/=/?=/'), $(eval export $d)) +endif +include /usr/share/dpkg/buildtools.mk +include /usr/share/dpkg/buildflags.mk +include /usr/share/dpkg/pkg-info.mk +include /usr/share/dpkg/vendor.mk +V := $(if $(filter terse, ${DEB_BUILD_OPTIONS}),,1) +WAF := PYTHONHASHSEED=1 ./buildtools/bin/waf \ + $(patsubst parallel=%,-j%,$(filter parallel=%,${DEB_BUILD_OPTIONS})) + +# stop python from generating .pyc caches +export PYTHONDONTWRITEBYTECODE=1 + +ifeq (linux,${DEB_HOST_ARCH_OS}) +ifneq (${DEB_HOST_GNU_TYPE},${DEB_BUILD_GNU_TYPE}) +# for cross-build or build with foreign python binary (it is _gnu0_i386-gnu on hurd) +export _PYTHON_SYSCONFIGDATA_NAME=_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH} +endif +endif + +DESTDIR = ${CURDIR}/debian/tmp + +LDB_EPOCH = 2: +LDB_VERSION = $(call dpkg_late_eval,LDB_VERSION,grep ^VERSION lib/ldb/wscript | cut -d\' -f2) +LDB_DEB_VERSION = ${LDB_EPOCH}${LDB_VERSION}+samba${DEB_VERSION_UPSTREAM_REVISION} +LDB_DEPENDS = libldb2 (= ${LDB_DEB_VERSION}) +LDB_PACKAGES = libldb2 libldb-dev ldb-tools python3-ldb python3-ldb-dev + +omit-pkgs = +with-glusterfs = +with-ceph = +with-snapper = + +config-args = \ + --prefix=/usr \ + --enable-fhs \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/libexec \ + --libdir=/usr/lib/${DEB_HOST_MULTIARCH} \ + --datadir=/usr/share \ + --with-modulesdir=/usr/lib/${DEB_HOST_MULTIARCH}/samba \ + --with-pammodulesdir=/lib/${DEB_HOST_MULTIARCH}/security \ + --with-privatedir=/var/lib/samba/private \ + --with-smbpasswd-file=/etc/samba/smbpasswd \ + --with-piddir=/run/samba \ + --with-lockdir=/run/samba \ + --with-sockets-dir=/run/samba \ + --with-statedir=/var/lib/samba \ + --with-cachedir=/var/cache/samba \ + --with-pam \ + --with-syslog \ + --with-utmp \ + --with-winbind \ + --with-automount \ + --with-ldap \ + --with-ads \ + --with-gpgme \ + --enable-avahi \ + --enable-spotlight \ + --with-profiling-data \ + --disable-rpath --disable-rpath-install \ + --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \ + --bundled-libraries=NONE,pytevent,ldb \ + \ + --with-cluster-support \ + --enable-etcd-reclock \ + --with-socketpath=/run/ctdb/ctdbd.socket \ + --with-logdir=/var/log/ctdb \ + +ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features +with-glusterfs = $(if $(filter amd64 arm64 ppc64el ppc64 riscv64 mips64el s390x ia64 sparc64,${DEB_HOST_ARCH}),yes) +with-ceph = $(if $(filter amd64 arm64 mips64el ppc64el riscv64 s390x, ${DEB_HOST_ARCH}),yes) +with-snapper = yes + +config-args += \ + --with-quota \ + --with-systemd \ + +endif + +# Ubuntu i386 binary compatibility only effort: Disable some i386 packages and modules +ifeq (${DEB_VENDOR}-${DEB_HOST_ARCH}, Ubuntu-i386) +omit-pkgs += ctdb libpam-winbind samba samba-testsuite samba-vfs-modules +endif + +ifneq (,$(filter armel mipsel m68k powerpc sh4,${DEB_HOST_ARCH})) +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81358 +# on these platforms gcc does not link with -latomic, resulting in +# third_party/heimdal/lib/krb5/krcache.c.55.o: in function `krcc_get_principal': +# third_party/heimdal/lib/krb5/krcache.c:1395: undefined reference to `__atomic_load_8' +# ids.krcu_cache_and_princ_id = heim_base_atomic_load(&data->krc_cache_and_principal_id); +# third_party/heimdal/lib/base/heimbase-atomics.h: +# #include <stdatomic.h> +# #define heim_base_atomic_load(x) atomic_load((x)) +# include a workaround for now +# (-latomic and <stdatomic.h> comes from gcc, --as-needed is already in use) +LDFLAGS += -latomic +endif + +ifneq (,$(filter m68k ,${DEB_HOST_ARCH})) +# without this, build fails with multiple messages like: +# foo.s:NNN: Error: Adjusted signed .word (0xb64a) overflows: `switch'-statement too large. +# when building third_party/heimdal/lib/asn1/asn1_rfc2459_asn1.c (generated) +# It would be best to enable this switch for a single file only (where it is needed) +CFLAGS += -mlong-jump-table-offsets +endif + +# build is done in bin/default/ subdir +CFLAGS += -ffile-prefix-map=../../= + +config-args += $(if ${with-ceph},\ + --enable-cephfs --enable-ceph-reclock,\ + --disable-cephfs) + +with_mitkrb5 = $(filter pkg.samba.mitkrb5, ${DEB_BUILD_PROFILES}) +ifneq (,${with_mitkrb5}) +config-args += \ + --with-system-mitkrb5 \ + --with-experimental-mit-ad-dc \ + --with-system-mitkdc=/usr/sbin/krb5kdc +# samba packages will have its own version suffix +mitkrb5-samba-ver = ${DEB_VERSION}mitkrb5 +mitkrb5-dep-pkgs = samba-libs samba-dev +mitkrb5-dep-pkgs += samba samba-common-bin python3-samba +mitkrb5-dep-pkgs += samba-dsdb-modules samba-vfs-modules +mitkrb5-dep-pkgs += libsmbclient0 smbclient +mitkrb5-dep-pkgs += libnss-winbind libpam-winbind +mitkrb5-dep-pkgs += winbind libwbclient0 +mitkrb5-dep-pkgs += samba-testsuite +mitkrb5-dep-pkgs += ctdb +else +mitkrb5-dep-pkgs = +endif + +ifneq (,${omit-pkgs}) +export DH_OPTIONS += $(addprefix -N, ${omit-pkgs}) +endif +# ${build-pkgs} will honour arch/indep and the above list in ${DH_OPTIONS} +build-pkgs := $(shell dh_listpackages) + +binary binary-arch binary-indep \ +install install-arch install-indep: %: + dh $* + +configure: bin/configured.stamp +.PHONY: configure +bin/configured.stamp: +# branding + if [ ! -f VERSION.orig ]; then \ + mv VERSION VERSION.orig; \ + sed -r -e 's/^(SAMBA_VERSION_VENDOR_SUFFIX).*/\1=${DEB_VENDOR}/' \ + VERSION.orig > VERSION; \ + fi + CC="${CC}" CPP="${CPP}" LD="${LD}" PKGCONFIG="${PKG_CONFIG}" \ + CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ + PYTHON=python3 PYTHON_CONFIG=${DEB_HOST_MULTIARCH}-python3-config \ + ${WAF} -j1 -C configure ${config-args} || \ + { $(if ${V},echo "==== contents of config.log:"; cat bin/config.log;) false; } +# #1013205: https://lists.samba.org/archive/samba-technical/2022-November/137788.html + rm -f third_party/heimdal/lib/gssapi/gssapi.h +ifneq (,${with_mitkrb5}) # ensure we do not use embedded heimdal in any way + [ -d third_party/heimdal-build-with-mitkrb5 ] || \ + mv third_party/heimdal third_party/heimdal-build-with-mitkrb5 +endif + touch $@ + +build-arch: bin/built.stamp +bin/built.stamp: bin/configured.stamp +# samba build system is designed so that default build (what is produced +# by waf build) supposed to be run directly from the build directory, +# with all the paths pointing there. At the install stage, quite some +# recompilation/relinking is done again, to adopt to the actual install +# paths. There's no need (for now) to build samba to be run from the build +# directory, so we use `waf install' here instead of `waf build'. +# Build these two executables first, and build the install stage. +# This will pefrorm unnecessary/extra install step (into d/tmp), which +# we'll repeat during actual install stage, but this is definitely +# better/faster than building whole thing for _not_ running from the build dir. + ${WAF} $(if $V,-v) install --destdir="${DESTDIR}" + touch $@ +build-indep: +build: build-arch build-indep + +############## Tests ############## +# We should use separate build for tests since it requires configuration +# with --enable-selftest which is not compatible with production build. +# Since samba build system always builds in bin/, we save whole source +# into a subdir (testbuild/) and run everything from there. + +testbuild/copied.stamp: + rm -rf testbuild; mkdir testbuild + cp -a -l $$(ls -1 | egrep -v '^(bin|testbuild|debian)$$') testbuild/ +# cleanup some files just in case, do not interfere with production build + find testbuild -name __pycache__ -exec rm -rf {} + + rm -f testbuild/compile_commands.json + touch $@ +testbuild/configured.stamp: testbuild/copied.stamp + @echo "############## selftest configure ##############" +# allow some bundled "lib" for now just for the test build. Debian has them +# (libsocket-wrapper &Co), but let's just build the bundled ones. There's no +# good reason to use externally-packaged wrappers, they're small to build and +# we don't use them for production build, and extra versioned build-dep hurts. + cd testbuild && \ + CPPFLAGS="${CPPFLAGS}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}" \ + ${WAF} -j1 -C configure --enable-selftest \ + $$(echo '${config-args}' | \ + sed 's|--bundled-libraries=NONE|&,nss_wrapper,pam_wrapper,resolv_wrapper,socket_wrapper,uid_wrapper|') +# FIXME: some tests fail for now, handle them later (last check: 4.17.2, heimdal build) + rm -f testbuild/selftest/knownfail.d/debian + echo '^samba3.smb2.session\ enc.(reauth.|bind.|bind_negative.*|bind_invalid_auth|encryption-aes-.*)\(nt4_dc\)' \ + >>testbuild/selftest/knownfail.d/debian +# echo '^samba3.rpc.schannel_anon_setpw\ anonymous\ password\ set\ \(schannel\ enforced\ server-side\)\(nt4_dc_schannel\)' \ +# >>testbuild/selftest/knownfail.d/debian + echo '^samba4.ntvfs.cifs.ntlm.base.unlink.unlink\(rpc_proxy\)' \ + >>testbuild/selftest/knownfail.d/debian + echo '^samba4.rpc.echo\ against\ rpc\ proxy\ with\ domain\ creds\(rpc_proxy\)' \ + >>testbuild/selftest/knownfail.d/debian + touch $@ +selftest-quick: testbuild/configured.stamp + @echo "############## selftest run ##############" + cd testbuild && ${WAF} test --quick + +override_dh_auto_test: # $(if $(findstring nocheck, ${DEB_BUILD_OPTIONS}),, selftest-quick) + +override_dh_auto_install-arch: +# the same "waf install" as in the build target + ${WAF} install --destdir="${DESTDIR}" + # get list of files in build log + find debian/tmp + # Included in python-tevent? + rm debian/tmp/usr/lib/python*/*-packages/_tevent.* + rm debian/tmp/usr/lib/python*/*-packages/tevent.py + # selftests: either not needed or should go to -testsuite + rm -rf debian/tmp/usr/lib/python3/dist-packages/samba/tests/ + # pam stuff + install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind + mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/ + # Debian goodies to set global option in smb.conf and add a share + install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/ + install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/ + install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/ + install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba + install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/ + # install-and-rename docs for ctdb (also arch-specific) + mkdir -p debian/tmp/ctdb + install -p ctdb/config/events/README debian/tmp/ctdb/README.notification + install -p ctdb/config/notification.README debian/tmp/ctdb/README.notification +ifeq ($(DEB_HOST_ARCH_OS), hurd) + install -p debian/ctdb.README.hurd debian/tmp/ctdb/README.hurd +endif +ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) + install -p debian/ctdb.README.kfreebsd debian/tmp/ctdb/README.kfreebsd +endif + +# compatibility link. When ldb was built by its own it stored modules in +# /usr/lib/<triple>/ldb/modules/ldb/. Now as part of samba it stores modules in +# /usr/lib/<triple>/samba/ldb/. Keep them together instead of d/*.{links,dirs}. +# (sssd 2.6.3-3 moved their module to the new location; +# samba-dsdb-modules always had their modules in ..../samba/ldb/) +# This compat symlink should go away after bookworm +# (needed mostly for bullseye sssd) + dh_installdirs -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb + dh_link -plibldb2 /usr/lib/${DEB_HOST_MULTIARCH}/ldb/modules/ldb \ + /usr/lib/${DEB_HOST_MULTIARCH}/samba/ldb/compat + +provision-dest := debian/samba-ad-provision/usr/share/samba/setup + +override_dh_auto_install-indep: +# only arch-all package is samba-common containing a few debian-specific files +# Most of files needs are renamed during install so lets put them +# directly into the right place without d/samba-common.install indirection + # Debian goodies + install -Dp -m0644 debian/smb.conf -t debian/samba-common/usr/share/samba/ +ifeq (${DEB_VENDOR}, Ubuntu) + patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff +endif + install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/ + install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/ + install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/ + # we wrongly have pam file in samba-common instead of samba + install -Dp -m0644 debian/samba.pam debian/samba-common/etc/pam.d/samba + +# install provision files (samba-ad-provision, source4/setup/) + mkdir -p -m0755 ${provision-dest} + cp -r --preserve=timestamps source4/setup/. ${provision-dest} + rm -rf ${provision-dest}/tests + rm -f ${provision-dest}/wscript* \ + ${provision-dest}/adprep/samba-4.7-missing-for-schema45.ldif + +override_dh_installpam: + +# include a command only if the given package is being built +ifpkg = $(if $(filter ${1},${build-pkgs}),${2}) + +override_dh_installinit: +ifneq (,$(filter samba, ${build-pkgs})) + dh_installinit -psamba --name smbd + dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler + dh_installinit -psamba --name samba-ad-dc +endif + $(call ifpkg, winbind, dh_installinit -pwinbind) +ifneq (,$(filter ctdb, ${build-pkgs})) + install -Dp -m755 ctdb/config/ctdb.init debian/ctdb/etc/init.d/ctdb + # Install dh scripts + dh_installinit -pctdb --no-start --no-stop-on-upgrade --onlyscripts +endif + +override_dh_installsystemd: +ifneq (,$(filter samba, ${build-pkgs})) + dh_installsystemd -psamba --name=smbd + dh_installsystemd -psamba --name=nmbd + dh_installsystemd -psamba --name=samba-ad-dc +endif + $(call ifpkg, winbind, dh_installsystemd -pwinbind) + $(call ifpkg, ctdb, dh_installsystemd -pctdb --no-start --no-stop-on-upgrade) + +execute_after_dh_fixperms-arch: + $(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper) + +override_dh_makeshlibs: + # generate symbols file with correct cpython suffix in there + { \ + suff=$$(${DEB_HOST_MULTIARCH}-python3-config --extension-suffix | tr _ -); \ + SUFF=$$(echo "$${suff%.so}" | tr a-z- A-Z_); \ + echo "libpyldb-util$${suff}.2 #PACKAGE# #MINVER#"; \ + echo "* Build-Depends-Package: python3-ldb-dev" ; \ + echo " PYLDB_UTIL$${SUFF}_${LDB_VERSION}@PYLDB_UTIL$${SUFF}_${LDB_VERSION} ${LDB_EPOCH}${LDB_VERSION}"; \ + cat debian/python3-ldb.symbols.in; \ + } > debian/python3-ldb.symbols + + # create symbols and shlibs files in separate wrapper script + # to deal with private libraries + debian/genshlibs \ + $(addsuffix =${LDB_DEB_VERSION},${LDB_PACKAGES}) \ + $(addsuffix =${mitkrb5-samba-ver}, ${mitkrb5-dep-pkgs}) + + rm -f debian/python3-ldb.symbols + +# depcheck package, dep1|dep2... -- dependencies which should NOT be there +depcheck = if egrep '^shlibs.Depends=.* ($(strip $2)) ' debian/$(strip $1).substvars; \ + then echo 'E: $(strip $1) should not depend on $(strip $2)' >&2; exit 1; fi + +override_dh_shlibdeps: +# for specific executables/modules, put dependencies in separate variables +# to change Depends to Recommends for them in d/control + dh_shlibdeps -l/usr/lib/${DEB_HOST_MULTIARCH}/samba \ + -Xceph.so -Xglusterfs.so -Xsnapper.so -Xctdb_mutex_ceph_rados_helper +ifneq (,$(filter ctdb, ${build-pkgs})) + echo "rados:Depends=" >> debian/ctdb.substvars +ifneq (${with-ceph},) + dpkg-shlibdeps -Tdebian/ctdb.substvars -prados \ + debian/ctdb/usr/libexec/ctdb/ctdb_mutex_ceph_rados_helper +endif +endif +ifneq (,$(filter samba-vfs-modules,${build-pkgs})) + echo "vfsmods:Depends=" >> debian/samba-vfs-modules.substvars +ifneq (${with-snapper}${with-ceph}${with-glusterfs},) + dpkg-shlibdeps -Tdebian/samba-vfs-modules.substvars -pvfsmods \ + $(if ${with-snapper}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/snapper.so) \ + $(if ${with-ceph}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/ceph.so) \ + $(if ${with-glusterfs}, debian/samba-vfs-modules/usr/lib/*/samba/vfs/glusterfs.so) +endif +endif +# after shlibdeps run, check that we don't have wrong depdendencies + $(call depcheck, samba-libs, samba|winbind|smbclient|ctdb) + $(call depcheck, smbclient, samba|winbind|ctdb) + $(call depcheck, ctdb, samba|winbind|smbclient) + $(call depcheck, libldb2, samba|samba-libs|winbind|libwbclient0) # use-bzero-instead-of-memset_s.diff + $(call depcheck, python3-samba, samba|winbind|ctdb) + $(call depcheck, libwbclient0, samba|samba-libs|winbind|smbclient|ctdb) + $(call depcheck, libsmbclient0, samba|winbind|smbclient|ctdb) + +override_dh_gencontrol: + dh_gencontrol $(addprefix -p, ${LDB_PACKAGES}) -- -v${LDB_DEB_VERSION} +ifneq (,$(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) + dh_gencontrol $(addprefix -p, $(filter ${build-pkgs}, ${mitkrb5-dep-pkgs})) -- -v${mitkrb5-samba-ver} -Vldb:Depends="${LDB_DEPENDS}" +endif + dh_gencontrol --remaining-packages -- -Vldb:Depends="${LDB_DEPENDS}" +# move files from / to /usr if needed (#1059187): + if command -v dh_movetousr >/dev/null; then dh_movetousr -plibpam-winbind -plibnss-winbind; fi + +clean: + # see also debian/clean + dh_clean bin/ testbuild/ + [ ! -f VERSION.orig ] || mv -f VERSION.orig VERSION +ifneq (,${with_mitkrb5}) + [ ! -d third_party/heimdal-build-with-mitkrb5 ] || \ + mv third_party/heimdal-build-with-mitkrb5 third_party/heimdal +endif diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..93b9571 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,10 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + # Until https://bugs.debian.org/976175 is fixed in blhc + SALSA_CI_DISABLE_BLHC: 1 + # cross-building never worked + SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 diff --git a/debian/samba-ad-provision.lintian-overrides b/debian/samba-ad-provision.lintian-overrides new file mode 100644 index 0000000..4ad5f71 --- /dev/null +++ b/debian/samba-ad-provision.lintian-overrides @@ -0,0 +1,4 @@ +# documentation and specifications for the schemas, keep them in the same place +samba-ad-provision: package-contains-documentation-outside-usr-share-doc *usr/share/samba/setup/* +samba-ad-provision: extra-license-file */setup/ad-schema/licence.txt* +samba-ad-provision: extra-license-file */setup/adprep/WindowsServerDocs/LICENSE* diff --git a/debian/samba-common-bin.dirs b/debian/samba-common-bin.dirs new file mode 100644 index 0000000..bbd723d --- /dev/null +++ b/debian/samba-common-bin.dirs @@ -0,0 +1,2 @@ +etc/samba/tls +var/cache/samba diff --git a/debian/samba-common-bin.install b/debian/samba-common-bin.install new file mode 100644 index 0000000..696aa04 --- /dev/null +++ b/debian/samba-common-bin.install @@ -0,0 +1,33 @@ +usr/bin/dbwrap_tool +usr/bin/net +usr/bin/nmblookup +usr/bin/samba-log-parser +usr/bin/samba-regedit +usr/bin/samba-tool +usr/bin/smbpasswd +usr/bin/testparm +usr/sbin/samba_kcc +usr/share/apport/package-hooks/source_samba.py +usr/share/man/man1/dbwrap_tool.1 +usr/share/man/man1/nmblookup.1 +usr/share/man/man1/samba-log-parser.1 +usr/share/man/man1/testparm.1 +usr/share/man/man5/lmhosts.5 +usr/share/man/man5/smb.conf.5 +usr/share/man/man5/smbpasswd.5 +usr/share/man/man7/samba.7 +usr/share/man/man8/net.8 +usr/share/man/man8/samba-regedit.8 +usr/share/man/man8/samba-tool.8 +usr/share/man/man8/smbpasswd.8 +usr/share/samba/addshare.py +usr/share/samba/setoption.py +# used by usr/bin/net only: +usr/lib/*/samba/libnet-keytab-private-samba.so.0 +# used by usr/libexec/samba/rpcd_*: +usr/lib/*/samba/libRPC-WORKER-private-samba.so.0 +# samba-dcerpcd: used by smbd & winbind. might go to its own separate package, +# maybe with a startup script +usr/libexec/samba/samba-dcerpcd +usr/share/man/man8/samba-dcerpcd.8 +usr/libexec/samba/rpcd_* diff --git a/debian/samba-common-bin.lintian-override b/debian/samba-common-bin.lintian-override new file mode 100644 index 0000000..b8e510a --- /dev/null +++ b/debian/samba-common-bin.lintian-override @@ -0,0 +1,2 @@ +# deliberate, a synonym for misspelled parameter +samba-common-bin: typo-in-manual-page prefered preferred */man/man5/smb.conf.5* diff --git a/debian/samba-common.NEWS b/debian/samba-common.NEWS new file mode 100644 index 0000000..2507304 --- /dev/null +++ b/debian/samba-common.NEWS @@ -0,0 +1,16 @@ +samba-common (2:4.19.4+dfsg-3) unstable; urgency=medium + + /etc/logrotate.d/samba and /etc/logrotate/winbind logrotate scripts + has been removed. + + Samba has its own log rotation implementation internally, renaming the + current log file with .old extension when the log grows larger than + max log size parameter in smb.conf (default is 5000Kb). Also, samba + now writes quite a lot more log files for various components, and if + per-client logging is enabled, the per-client log files aren't covered + by the old logrotate script. + + If you disabled internal samba log rotation, please re-enable it or else + the logs will grow in an uncontrollable way. + + -- Michael Tokarev <mjt@tls.msk.ru> Fri, 12 Jan 2024 20:03:05 +0300 diff --git a/debian/samba-common.bug-presubj b/debian/samba-common.bug-presubj new file mode 100644 index 0000000..6846acc --- /dev/null +++ b/debian/samba-common.bug-presubj @@ -0,0 +1,11 @@ +*** Please submit non packaging issue bugs to the Debian BTS and the upstream +bugzilla (https://bugzilla.samba.org/) and put a reference to the bugzilla bug +in the Debian bug report to ease bug triage for the maintainers. Thank you. *** + +When applicable: + * mention client type/OS + version + * does the problem occur with other clients? + * include a level 10 samba log + * steps to reproduce the problem + * does the problem occur with other versions of samba (oldstable, stable, + backports, testing, ...) diff --git a/debian/samba-common.bug-script b/debian/samba-common.bug-script new file mode 100755 index 0000000..93c23f2 --- /dev/null +++ b/debian/samba-common.bug-script @@ -0,0 +1,24 @@ +#!/bin/bash -e + +cat <<EOF + +I can automatically include various information about your samba configuration +in your bug report. This information may help to diagnose your problem. + +EOF + +for config in /etc/samba/smb.conf ; do + if [ -f $config ]; then + yesno "May I include your $config configuration file? [Y/n] " yep + if [ "$REPLY" = "yep" ]; then + echo "* $config present, and attached" >&3 + echo "-- BEGIN ATTACHMENTS --" >&3 + echo "$config" >&3 + echo "-- END ATTACHMENTS --" >&3 + else + echo "* $config present, but not attached" >&3 + fi + else + echo "* $config not present" >&3 + fi +done diff --git a/debian/samba-common.dirs b/debian/samba-common.dirs new file mode 100644 index 0000000..81aad73 --- /dev/null +++ b/debian/samba-common.dirs @@ -0,0 +1,5 @@ +etc/samba +var/cache/samba +var/lib/samba +var/lib/samba/private +var/log/samba diff --git a/debian/samba-common.docs b/debian/samba-common.docs new file mode 100644 index 0000000..22aa0a4 --- /dev/null +++ b/debian/samba-common.docs @@ -0,0 +1,2 @@ +README.md +WHATSNEW.txt diff --git a/debian/samba-common.examples b/debian/samba-common.examples new file mode 100644 index 0000000..0edd0ea --- /dev/null +++ b/debian/samba-common.examples @@ -0,0 +1 @@ +examples/smb.conf.default diff --git a/debian/samba-common.maintscript b/debian/samba-common.maintscript new file mode 100644 index 0000000..d9f0f8b --- /dev/null +++ b/debian/samba-common.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/dhcp/dhclient-enter-hooks.d/samba 2:4.19.2+dfsg-2~ diff --git a/debian/samba-common.postinst b/debian/samba-common.postinst new file mode 100644 index 0000000..1877c78 --- /dev/null +++ b/debian/samba-common.postinst @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +CONFIG=/etc/samba/smb.conf + +if [ "$1" = configure ]; then + if ! dpkg-statoverride --list /var/log/samba >/dev/null; then + # Set some reasonable default perms for the samba logdir + # to hide sensitive information + chmod 0750 /var/log/samba + chown root:adm /var/log/samba + fi + + ucf --three-way --debconf-ok /usr/share/samba/smb.conf "$CONFIG" + + if [ ! -e "$CONFIG" ]; then + echo "Install/upgrade will fail. To recover, please try:" + echo " sudo cp /usr/share/samba/smb.conf $CONFIG" + echo " sudo dpkg --configure -a" + else + ucfr samba-common "$CONFIG" + chmod a+r "$CONFIG" + fi + +fi + +#DEBHELPER# diff --git a/debian/samba-common.postrm b/debian/samba-common.postrm new file mode 100644 index 0000000..0f7eb2a --- /dev/null +++ b/debian/samba-common.postrm @@ -0,0 +1,25 @@ +#!/bin/sh + +set -e +if [ "$1" = purge ]; then + + # Remove Samba's state files, both volatile and non-volatile + rm -Rf /run/samba/ /var/cache/samba/ /var/lib/samba + + # Remove log files + rm -Rf /var/log/samba/ + + # Remove config files + rm -Rf /etc/samba/ + if [ -x "`which ucf 2>/dev/null`" ]; then + ucf --purge /etc/samba/smb.conf + fi + if [ -x "`which ucfr 2>/dev/null`" ]; then + ucfr --purge samba-common /etc/samba/smb.conf + fi + if [ -f /var/lib/samba/dhcp.conf ]; then + rm /var/lib/samba/dhcp.conf + fi +fi + +#DEBHELPER# diff --git a/debian/samba-dev.examples b/debian/samba-dev.examples new file mode 100644 index 0000000..e9fc190 --- /dev/null +++ b/debian/samba-dev.examples @@ -0,0 +1,5 @@ +examples/VFS +examples/auth +examples/libsmbclient +examples/nss +examples/pdb diff --git a/debian/samba-dev.install b/debian/samba-dev.install new file mode 100644 index 0000000..7cf8e30 --- /dev/null +++ b/debian/samba-dev.install @@ -0,0 +1,66 @@ +# list all *.h under samba-4.0 except: +# libsmbclient.h: libsmbclient-dev +# wbclient.h: libwbclient-dev +# ldb*.h (except ldb_wrap.h): libldb-dev +usr/include/samba-4.0/charset.h +usr/include/samba-4.0/core/*.h +usr/include/samba-4.0/credentials.h +usr/include/samba-4.0/dcerpc.h +usr/include/samba-4.0/dcerpc_server.h +usr/include/samba-4.0/dcesrv_core.h +usr/include/samba-4.0/domain_credentials.h +usr/include/samba-4.0/gen_ndr/*.h +usr/include/samba-4.0/ldb_wrap.h +usr/include/samba-4.0/lookup_sid.h +usr/include/samba-4.0/machine_sid.h +usr/include/samba-4.0/ndr.h +usr/include/samba-4.0/ndr/*.h +usr/include/samba-4.0/netapi.h +usr/include/samba-4.0/param.h +usr/include/samba-4.0/passdb.h +usr/include/samba-4.0/policy.h +usr/include/samba-4.0/rpc_common.h +usr/include/samba-4.0/samba/*.h +usr/include/samba-4.0/share.h +usr/include/samba-4.0/smb2_lease_struct.h +usr/include/samba-4.0/smb3posix.h +usr/include/samba-4.0/smb_ldap.h +usr/include/samba-4.0/smbconf.h +usr/include/samba-4.0/smbldap.h +usr/include/samba-4.0/tdr.h +usr/include/samba-4.0/tsocket.h +usr/include/samba-4.0/tsocket_internal.h +usr/include/samba-4.0/util/*.h +usr/include/samba-4.0/util_ldb.h +usr/lib/*/libdcerpc-binding.so +usr/lib/*/libdcerpc-samr.so +usr/lib/*/libdcerpc-server-core.so +usr/lib/*/libdcerpc-server.so +usr/lib/*/libdcerpc.so +usr/lib/*/libndr-krb5pac.so +usr/lib/*/libndr-nbt.so +usr/lib/*/libndr-standard.so +usr/lib/*/libndr.so +usr/lib/*/libnetapi.so +usr/lib/*/libsamba-credentials.so +usr/lib/*/libsamba-errors.so +usr/lib/*/libsamba-hostconfig.so +usr/lib/*/libsamba-passdb.so +usr/lib/*/libsamba-policy.cpython-*.so +usr/lib/*/libsamba-util.so +usr/lib/*/libsamdb.so +usr/lib/*/libsmbconf.so +usr/lib/*/libsmbldap.so +usr/lib/*/libtevent-util.so +usr/lib/*/pkgconfig/dcerpc.pc +usr/lib/*/pkgconfig/dcerpc_samr.pc +usr/lib/*/pkgconfig/dcerpc_server.pc +usr/lib/*/pkgconfig/ndr.pc +usr/lib/*/pkgconfig/ndr_krb5pac.pc +usr/lib/*/pkgconfig/ndr_nbt.pc +usr/lib/*/pkgconfig/ndr_standard.pc +usr/lib/*/pkgconfig/netapi.pc +usr/lib/*/pkgconfig/samba-credentials.pc +usr/lib/*/pkgconfig/samba-hostconfig.pc +usr/lib/*/pkgconfig/samba-policy.cpython-*.pc +usr/lib/*/pkgconfig/samdb.pc diff --git a/debian/samba-dsdb-modules.install b/debian/samba-dsdb-modules.install new file mode 100644 index 0000000..9c90f04 --- /dev/null +++ b/debian/samba-dsdb-modules.install @@ -0,0 +1,47 @@ +usr/lib/*/samba/ldb/acl.so +usr/lib/*/samba/ldb/aclread.so +usr/lib/*/samba/ldb/anr.so +usr/lib/*/samba/ldb/audit_log.so +usr/lib/*/samba/ldb/count_attrs.so +usr/lib/*/samba/ldb/descriptor.so +usr/lib/*/samba/ldb/dirsync.so +usr/lib/*/samba/ldb/dns_notify.so +usr/lib/*/samba/ldb/dsdb_notification.so +usr/lib/*/samba/ldb/encrypted_secrets.so +usr/lib/*/samba/ldb/extended_dn_in.so +usr/lib/*/samba/ldb/extended_dn_out.so +usr/lib/*/samba/ldb/extended_dn_store.so +usr/lib/*/samba/ldb/group_audit_log.so +usr/lib/*/samba/ldb/ildap.so +usr/lib/*/samba/ldb/instancetype.so +usr/lib/*/samba/ldb/lazy_commit.so +usr/lib/*/samba/ldb/ldbsamba_extensions.so +usr/lib/*/samba/ldb/linked_attributes.so +usr/lib/*/samba/ldb/new_partition.so +usr/lib/*/samba/ldb/objectclass.so +usr/lib/*/samba/ldb/objectclass_attrs.so +usr/lib/*/samba/ldb/objectguid.so +usr/lib/*/samba/ldb/operational.so +usr/lib/*/samba/ldb/paged_results.so +usr/lib/*/samba/ldb/partition.so +usr/lib/*/samba/ldb/password_hash.so +usr/lib/*/samba/ldb/ranged_results.so +usr/lib/*/samba/ldb/repl_meta_data.so +usr/lib/*/samba/ldb/resolve_oids.so +usr/lib/*/samba/ldb/rootdse.so +usr/lib/*/samba/ldb/samba3sam.so +usr/lib/*/samba/ldb/samba3sid.so +usr/lib/*/samba/ldb/samba_dsdb.so +usr/lib/*/samba/ldb/samba_secrets.so +usr/lib/*/samba/ldb/samldb.so +usr/lib/*/samba/ldb/schema_data.so +usr/lib/*/samba/ldb/schema_load.so +usr/lib/*/samba/ldb/secrets_tdb_sync.so +usr/lib/*/samba/ldb/show_deleted.so +usr/lib/*/samba/ldb/subtree_delete.so +usr/lib/*/samba/ldb/subtree_rename.so +usr/lib/*/samba/ldb/tombstone_reanimate.so +usr/lib/*/samba/ldb/unique_object_sids.so +usr/lib/*/samba/ldb/update_keytab.so +usr/lib/*/samba/ldb/vlv.so +usr/lib/*/samba/ldb/wins_ldb.so diff --git a/debian/samba-libs.install b/debian/samba-libs.install new file mode 100755 index 0000000..9744e3f --- /dev/null +++ b/debian/samba-libs.install @@ -0,0 +1,134 @@ +#!/usr/bin/dh-exec --with-scripts=filter-build-profiles +# when there are any real changes in the publically visible libs (usr/lib/*/libfoo.so.N*), +# especially the soname changes, check for pkgs which depend on samba-libs (eg sssd-ad) +# and add Breaks for packages/versions using old libs to d/control +# Here, always specify libs with soname (libfoo.so.1*, not libfoo.so.*) +# Not all of the below public libraries are actually public +usr/lib/*/libdcerpc-binding.so.0* +usr/lib/*/libdcerpc-samr.so.0* +usr/lib/*/libdcerpc-server-core.so.0* +usr/lib/*/libdcerpc-server.so.0* +usr/lib/*/libdcerpc.so.0* +usr/lib/*/libndr-krb5pac.so.0* +usr/lib/*/libndr-nbt.so.0* +usr/lib/*/libndr-standard.so.0* +usr/lib/*/libndr.so.4* +usr/lib/*/libnetapi.so.1* +usr/lib/*/libsamba-credentials.so.1* +usr/lib/*/libsamba-errors.so.1* +usr/lib/*/libsamba-hostconfig.so.0* +usr/lib/*/libsamba-passdb.so.0* +usr/lib/*/libsamba-util.so.0* +usr/lib/*/libsamdb.so.0* +usr/lib/*/libsmbconf.so.0* +usr/lib/*/libsmbldap.so.2* +usr/lib/*/libtevent-util.so.0* +# heimdal libraries (used by samba and winbind) +<!pkg.samba.mitkrb5> usr/lib/*/samba/libasn1-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libcom-err-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libgssapi-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libhcrypto-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libheimbase-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libheimntlm-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libhx509-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libkrb5-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libroken-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libwind-private-samba.so.0 +# +usr/lib/*/samba/auth/ +usr/lib/*/samba/bind9/dlz_bind9_*.so +usr/lib/*/samba/gensec/*.so +usr/lib/*/samba/libCHARSET3-private-samba.so.0 +usr/lib/*/samba/libLIBWBCLIENT-OLD-private-samba.so.0 +usr/lib/*/samba/libMESSAGING-SEND-private-samba.so.0 +usr/lib/*/samba/libMESSAGING-private-samba.so.0 +usr/lib/*/samba/libREG-FULL-private-samba.so.0 +usr/lib/*/samba/libRPC-SERVER-LOOP-private-samba.so.0 +usr/lib/*/samba/libad-claims-private-samba.so.0 +usr/lib/*/samba/libaddns-private-samba.so.0 +usr/lib/*/samba/libads-private-samba.so.0 +usr/lib/*/samba/libasn1util-private-samba.so.0 +usr/lib/*/samba/libauth-unix-token-private-samba.so.0 +usr/lib/*/samba/libauth-private-samba.so.0 +usr/lib/*/samba/libauth4-private-samba.so.0 +usr/lib/*/samba/libauthkrb5-private-samba.so.0 +usr/lib/*/samba/libauthn-policy-util-private-samba.so.0 +usr/lib/*/samba/libcli-cldap-private-samba.so.0 +usr/lib/*/samba/libcli-ldap-common-private-samba.so.0 +usr/lib/*/samba/libcli-ldap-private-samba.so.0 +usr/lib/*/samba/libcli-nbt-private-samba.so.0 +usr/lib/*/samba/libcli-smb-common-private-samba.so.0 +usr/lib/*/samba/libcli-spoolss-private-samba.so.0 +usr/lib/*/samba/libcliauth-private-samba.so.0 +usr/lib/*/samba/libclidns-private-samba.so.0 +usr/lib/*/samba/libcluster-private-samba.so.0 +usr/lib/*/samba/libcmdline-contexts-private-samba.so.0 +usr/lib/*/samba/libcmdline-private-samba.so.0 +usr/lib/*/samba/libcommon-auth-private-samba.so.0 +usr/lib/*/samba/libdb-glue-private-samba.so.0 +usr/lib/*/samba/libdbwrap-private-samba.so.0 +usr/lib/*/samba/libdcerpc-pkt-auth-private-samba.so.0 +usr/lib/*/samba/libdcerpc-samba-private-samba.so.0 +usr/lib/*/samba/libdcerpc-samba4-private-samba.so.0 +usr/lib/*/samba/libdnsserver-common-private-samba.so.0 +usr/lib/*/samba/libdsdb-garbage-collect-tombstones-private-samba.so.0 +usr/lib/*/samba/libdsdb-module-private-samba.so.0 +usr/lib/*/samba/libevents-private-samba.so.0 +usr/lib/*/samba/libflag-mapping-private-samba.so.0 +usr/lib/*/samba/libgenrand-private-samba.so.0 +usr/lib/*/samba/libgensec-private-samba.so.0 +usr/lib/*/samba/libgpext-private-samba.so.0 +usr/lib/*/samba/libgpo-private-samba.so.0 +usr/lib/*/samba/libgse-private-samba.so.0 +usr/lib/*/samba/libhttp-private-samba.so.0 +usr/lib/*/samba/libinterfaces-private-samba.so.0 +usr/lib/*/samba/libiov-buf-private-samba.so.0 +usr/lib/*/samba/libkrb5samba-private-samba.so.0 +usr/lib/*/samba/libldbsamba-private-samba.so.0 +usr/lib/*/samba/liblibcli-lsa3-private-samba.so.0 +usr/lib/*/samba/liblibcli-netlogon3-private-samba.so.0 +usr/lib/*/samba/liblibsmb-private-samba.so.0 +usr/lib/*/samba/libmessages-dgm-private-samba.so.0 +usr/lib/*/samba/libmessages-util-private-samba.so.0 +usr/lib/*/samba/libmsghdr-private-samba.so.0 +usr/lib/*/samba/libmsrpc3-private-samba.so.0 +usr/lib/*/samba/libndr-samba-private-samba.so.0 +usr/lib/*/samba/libndr-samba4-private-samba.so.0 +usr/lib/*/samba/libnetif-private-samba.so.0 +usr/lib/*/samba/libnpa-tstream-private-samba.so.0 +usr/lib/*/samba/libpac-private-samba.so.0 +usr/lib/*/samba/libposix-eadb-private-samba.so.0 +usr/lib/*/samba/libprinting-migrate-private-samba.so.0 +usr/lib/*/samba/libprocess-model-private-samba.so.0 +usr/lib/*/samba/libregistry-private-samba.so.0 +usr/lib/*/samba/libreplace-private-samba.so.0 +usr/lib/*/samba/libsamba-cluster-support-private-samba.so.0 +usr/lib/*/samba/libsamba-debug-private-samba.so.0 +usr/lib/*/samba/libsamba-modules-private-samba.so.0 +usr/lib/*/samba/libsamba-security-private-samba.so.0 +usr/lib/*/samba/libsamba-sockets-private-samba.so.0 +usr/lib/*/samba/libsamba3-util-private-samba.so.0 +usr/lib/*/samba/libsamdb-common-private-samba.so.0 +usr/lib/*/samba/libsocket-blocking-private-samba.so.0 +usr/lib/*/samba/libscavenge-dns-records-private-samba.so.0 +usr/lib/*/samba/libstable-sort-private-samba.so.0 +usr/lib/*/samba/libsys-rw-private-samba.so.0 +usr/lib/*/samba/libsecrets3-private-samba.so.0 +usr/lib/*/samba/libserver-id-db-private-samba.so.0 +usr/lib/*/samba/libserver-role-private-samba.so.0 +usr/lib/*/samba/libservice-private-samba.so.0 +usr/lib/*/samba/libsmb-transport-private-samba.so.0 +usr/lib/*/samba/libsmbclient-raw-private-samba.so.0 +usr/lib/*/samba/libsmbd-base-private-samba.so.0 +usr/lib/*/samba/libsmbd-shim-private-samba.so.0 +usr/lib/*/samba/libsmbldaphelper-private-samba.so.0 +usr/lib/*/samba/libsmbpasswdparser-private-samba.so.0 +usr/lib/*/samba/libtalloc-report-printf-private-samba.so.0 +usr/lib/*/samba/libtdb-wrap-private-samba.so.0 +usr/lib/*/samba/libtime-basic-private-samba.so.0 +usr/lib/*/samba/libtrusts-util-private-samba.so.0 +usr/lib/*/samba/libutil-reg-private-samba.so.0 +usr/lib/*/samba/libutil-setid-private-samba.so.0 +usr/lib/*/samba/libutil-tdb-private-samba.so.0 +usr/lib/*/samba/libxattr-tdb-private-samba.so.0 +usr/lib/*/samba/process_model/*.so diff --git a/debian/samba-libs.lintian-overrides b/debian/samba-libs.lintian-overrides new file mode 100644 index 0000000..ab22dd5 --- /dev/null +++ b/debian/samba-libs.lintian-overrides @@ -0,0 +1,18 @@ +# the samba-libs package contains a number of libraries +# it doesn't make sense to have them in separate packages, as this would +# result in circular dependencies +samba-libs: package-name-doesnt-match-sonames * +# Embedded Heimdal is patched +samba-libs: embedded-library *heimdal* +# False positives, see #896012 +samba-libs: library-not-linked-against-libc * +samba-libs: shared-library-lacks-prerequisites */libdcerpc-samr.so.* +# unofficial APIs +samba-libs: shared-library-symbols-not-tracked * +# deliberate, a synonym for misspelled parameter +samba-libs: spelling-error-in-binary prefered preferred */libsamba-hostconfig.so.* +# simple libs: +samba-libs: hardening-no-fortify-functions */samba/libauth-private-samba.so.* +samba-libs: hardening-no-fortify-functions */samba/libcli-ldap-private-samba.so.* +samba-libs: hardening-no-fortify-functions */samba/libsmb-transport-private-samba.so.* +samba-libs: hardening-no-fortify-functions */samba/libsys-rw-private-samba.so.* diff --git a/debian/samba-libs.preinst b/debian/samba-libs.preinst new file mode 100644 index 0000000..accfe61 --- /dev/null +++ b/debian/samba-libs.preinst @@ -0,0 +1,45 @@ +#!/bin/sh +# +# + +set -e + +# Move files to private subdir now fhs patch is finally gone +if [ "$1" = "install" ] +then + for file in passdb.tdb secrets.tdb schannel_store.tdb idmap2.tdb + do + if [ -e /var/lib/samba/$file ] + then + if [ -e /var/lib/samba/private/$file ] && + [ ! /var/lib/samba/$file -ef /var/lib/samba/private/$file ] + then + echo $file exists in /var/lib/samba and /var/lib/samba/private, aborting samba-libs preinst + echo rename one of them to allow the install/upgrade to continue + echo http://bugs.debian.org/726472 + ls -al /var/lib/samba /var/lib/samba/private + exit 1 + fi + fi + done + for file in passdb.tdb secrets.tdb schannel_store.tdb idmap2.tdb + do + if [ -e /var/lib/samba/$file ] + then + if ! [ -e /var/lib/samba/private/$file ] + then + if [ ! -d /var/lib/samba/private ] + then + mkdir /var/lib/samba/private + fi + mv /var/lib/samba/$file /var/lib/samba/private/$file + ln /var/lib/samba/private/$file /var/lib/samba/$file + fi + fi + done +fi + + +#DEBHELPER# + +exit 0 diff --git a/debian/samba-libs.symbols b/debian/samba-libs.symbols new file mode 100644 index 0000000..c2a2de9 --- /dev/null +++ b/debian/samba-libs.symbols @@ -0,0 +1,345 @@ +# libndrN is a virtual package provided by samba-libs +libndr.so.4 libndr4 #MINVER# +* Build-Depends-Package: samba-dev + GUID_all_zero@NDR_0.0.1 2:4.17.2 + GUID_buf_string@NDR_0.0.4 2:4.17.2 + GUID_compare@NDR_0.0.1 2:4.17.2 + GUID_equal@NDR_0.0.1 2:4.17.2 + GUID_from_data_blob@NDR_0.0.1 2:4.17.2 + GUID_from_ndr_blob@NDR_0.0.1 2:4.17.2 + GUID_from_string@NDR_0.0.1 2:4.17.2 + GUID_hexstring@NDR_0.0.1 2:4.17.2 + GUID_random@NDR_0.0.1 2:4.17.2 + GUID_string2@NDR_0.0.1 2:4.17.2 + GUID_string@NDR_0.0.1 2:4.17.2 + GUID_to_ndr_blob@NDR_0.0.1 2:4.17.2 + GUID_to_ndr_buf@NDR_1.0.1 2:4.17.2 + GUID_zero@NDR_0.0.1 2:4.17.2 + NDR_0.0.1@NDR_0.0.1 2:4.17.2 + NDR_0.0.2@NDR_0.0.2 2:4.17.2 + NDR_0.0.3@NDR_0.0.3 2:4.17.2 + NDR_0.0.4@NDR_0.0.4 2:4.17.2 + NDR_0.0.5@NDR_0.0.5 2:4.17.2 + NDR_0.0.6@NDR_0.0.6 2:4.17.2 + NDR_0.0.7@NDR_0.0.7 2:4.17.2 + NDR_0.0.8@NDR_0.0.8 2:4.17.2 + NDR_0.0.9@NDR_0.0.9 2:4.17.2 + NDR_0.1.0@NDR_0.1.0 2:4.17.2 + NDR_0.1.1@NDR_0.1.1 2:4.17.2 + NDR_0.1.2@NDR_0.1.2 2:4.17.2 + NDR_0.2.0@NDR_0.2.0 2:4.17.2 + NDR_0.2.1@NDR_0.2.1 2:4.17.2 + NDR_1.0.0@NDR_1.0.0 2:4.17.2 + NDR_1.0.1@NDR_1.0.1 2:4.17.2 + NDR_1.0.2@NDR_1.0.2 2:4.17.2 + NDR_2.0.0@NDR_2.0.0 2:4.17.2 + NDR_3.0.0@NDR_3.0.0 2:4.17.2 + NDR_3.0.1@NDR_3.0.1 2:4.19.0~rc4 + NDR_3.0.2@NDR_3.0.2 2:4.20.0~rc1 + NDR_4.0.0@NDR_4.0.0 2:4.20.0~rc1 + _ndr_pull_error@NDR_1.0.0 2:4.20.0~rc1 + _ndr_push_error@NDR_1.0.0 2:4.20.0~rc1 + ndr_align_size@NDR_0.0.1 2:4.17.2 + ndr_charset_length@NDR_0.0.1 2:4.17.2 + ndr_check_array_size@NDR_0.0.1 2:4.20.0~rc1 + ndr_check_padding@NDR_0.0.1 2:4.20.0~rc1 + ndr_check_pipe_chunk_trailer@NDR_0.0.1 2:4.20.0~rc1 + ndr_check_steal_array_length@NDR_2.0.0 2:4.20.0~rc1 + ndr_check_steal_array_size@NDR_2.0.0 2:4.20.0~rc1 + ndr_check_string_terminator@NDR_0.0.1 2:4.20.0~rc1 + ndr_get_array_length@NDR_0.0.1 2:4.20.0~rc1 + ndr_get_array_size@NDR_0.0.1 2:4.20.0~rc1 + ndr_map_error2errno@NDR_0.0.1 2:4.17.2 + ndr_map_error2ntstatus@NDR_0.0.1 2:4.17.2 + ndr_map_error2string@NDR_0.0.1 2:4.17.2 + ndr_policy_handle_empty@NDR_0.0.1 2:4.17.2 + ndr_policy_handle_equal@NDR_0.0.1 2:4.17.2 + ndr_print_DATA_BLOB@NDR_0.0.1 2:4.17.2 + ndr_print_GUID@NDR_0.0.1 2:4.17.2 + ndr_print_HRESULT@NDR_0.0.5 2:4.17.2 + ndr_print_KRB5_EDATA_NTSTATUS@NDR_0.0.1 2:4.17.2 + ndr_print_NTSTATUS@NDR_0.0.1 2:4.17.2 + ndr_print_NTTIME@NDR_0.0.1 2:4.17.2 + ndr_print_NTTIME_1sec@NDR_0.0.1 2:4.17.2 + ndr_print_NTTIME_hyper@NDR_0.0.1 2:4.17.2 + ndr_print_WERROR@NDR_0.0.1 2:4.17.2 + ndr_print_array_uint8@NDR_0.0.1 2:4.17.2 + ndr_print_bad_level@NDR_0.0.1 2:4.17.2 + ndr_print_bitmap_flag@NDR_0.0.1 2:4.17.2 + ndr_print_bool@NDR_0.0.1 2:4.17.2 + ndr_print_debug@NDR_0.0.1 2:4.17.2 + ndr_print_debug_helper@NDR_0.0.1 2:4.17.2 + ndr_print_debugc@NDR_0.0.2 2:4.17.2 + ndr_print_debugc_helper@NDR_0.0.2 2:4.17.2 + ndr_print_dlong@NDR_0.0.1 2:4.17.2 + ndr_print_double@NDR_0.0.1 2:4.17.2 + ndr_print_enum@NDR_0.0.1 2:4.17.2 + ndr_print_function_debug@NDR_0.0.1 2:4.20.0~rc1 + ndr_print_function_string@NDR_0.0.1 2:4.20.0~rc1 + ndr_print_gid_t@NDR_0.0.1 2:4.17.2 + ndr_print_hyper@NDR_0.0.1 2:4.17.2 + ndr_print_int16@NDR_0.0.1 2:4.17.2 + ndr_print_int3264@NDR_0.0.1 2:4.17.2 + ndr_print_int32@NDR_0.0.1 2:4.17.2 + ndr_print_int64@NDR_3.0.1 2:4.19.0~rc4 + ndr_print_int8@NDR_0.0.1 2:4.17.2 + ndr_print_ipv4address@NDR_0.0.1 2:4.17.2 + ndr_print_ipv6address@NDR_0.0.1 2:4.17.2 + ndr_print_libndr_flags@NDR_4.0.0 2:4.20.0~rc1 + ndr_print_ndr_syntax_id@NDR_0.0.1 2:4.17.2 + ndr_print_netr_SamDatabaseID@NDR_0.0.1 2:4.17.2 + ndr_print_netr_SchannelType@NDR_0.0.1 2:4.17.2 + ndr_print_null@NDR_0.0.1 2:4.17.2 + ndr_print_pointer@NDR_0.0.1 2:4.17.2 + ndr_print_policy_handle@NDR_0.0.1 2:4.17.2 + ndr_print_printf_helper@NDR_0.0.1 2:4.17.2 + ndr_print_ptr@NDR_0.0.1 2:4.17.2 + ndr_print_set_switch_value@NDR_0.0.1 2:4.17.2 + ndr_print_sockaddr_storage@NDR_0.0.1 2:4.17.2 + ndr_print_steal_switch_value@NDR_1.0.0 2:4.17.2 + ndr_print_string@NDR_0.0.1 2:4.17.2 + ndr_print_string_array@NDR_0.0.1 2:4.17.2 + ndr_print_string_helper@NDR_0.0.1 2:4.17.2 + ndr_print_struct@NDR_0.0.1 2:4.17.2 + ndr_print_struct_string@NDR_0.0.1 2:4.17.2 + ndr_print_svcctl_ServerType@NDR_0.0.1 2:4.17.2 + ndr_print_time_t@NDR_0.0.1 2:4.17.2 + ndr_print_timespec@NDR_0.0.1 2:4.17.2 + ndr_print_timeval@NDR_0.0.1 2:4.17.2 + ndr_print_u16string@NDR_4.0.0 2:4.20.0~rc1 + ndr_print_udlong@NDR_0.0.1 2:4.17.2 + ndr_print_udlongr@NDR_0.0.1 2:4.17.2 + ndr_print_uid_t@NDR_0.0.1 2:4.17.2 + ndr_print_uint16@NDR_0.0.1 2:4.17.2 + ndr_print_uint3264@NDR_0.0.1 2:4.17.2 + ndr_print_uint32@NDR_0.0.1 2:4.17.2 + ndr_print_uint8@NDR_0.0.1 2:4.17.2 + ndr_print_union@NDR_0.0.1 2:4.17.2 + ndr_print_union_debug@NDR_0.0.1 2:4.17.2 + ndr_print_union_string@NDR_0.0.1 2:4.17.2 + ndr_print_winreg_Data@NDR_0.0.1 2:4.17.2 + ndr_print_winreg_Data_GPO@NDR_0.1.1 2:4.17.2 + ndr_print_winreg_Type@NDR_0.0.1 2:4.17.2 + ndr_pull_DATA_BLOB@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_GUID@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_HRESULT@NDR_0.0.5 2:4.20.0~rc1 + ndr_pull_KRB5_EDATA_NTSTATUS@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_NTSTATUS@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_NTTIME@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_NTTIME_1sec@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_NTTIME_hyper@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_WERROR@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_advance@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_append@NDR_0.0.3 2:4.20.0~rc1 + ndr_pull_array_length@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_array_size@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_array_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_bytes@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_charset@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_charset_to_null@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_dlong@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_double@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_enum_uint1632@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_enum_uint16@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_enum_uint32@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_enum_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_generic_ptr@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_get_relative_base_offset@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_gid_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_hyper@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_init_blob@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_int16@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_int32@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_int64@NDR_3.0.1 2:4.20.0~rc1 + ndr_pull_int8@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_ipv4address@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_ipv6address@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_ndr_syntax_id@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_netr_SamDatabaseID@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_netr_SchannelType@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_pointer@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_policy_handle@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_pop@NDR_0.0.3 2:4.20.0~rc1 + ndr_pull_ref_ptr@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_relative_ptr1@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_relative_ptr2@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_relative_ptr_short@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_restore_relative_base_offset@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_set_switch_value@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_setup_relative_base_offset1@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_setup_relative_base_offset2@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_steal_switch_value@NDR_0.0.6 2:4.20.0~rc1 + ndr_pull_string@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_string_array@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_struct_blob@NDR_0.0.1 2:4.17.2 + ndr_pull_struct_blob_all@NDR_0.0.1 2:4.17.2 + ndr_pull_struct_blob_all_noalloc@NDR_0.0.7 2:4.17.2 + ndr_pull_struct_blob_noalloc@NDR_3.0.2 2:4.20.0~rc1 + ndr_pull_subcontext_end@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_subcontext_start@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_svcctl_ServerType@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_time_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_timespec@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_timeval@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_trailer_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_u16string@NDR_4.0.0 2:4.20.0~rc1 + ndr_pull_udlong@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_udlongr@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uid_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uint1632@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uint16@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uint3264@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uint32@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_union_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_union_blob@NDR_0.0.1 2:4.17.2 + ndr_pull_union_blob_all@NDR_0.0.1 2:4.17.2 + ndr_pull_winreg_Data@NDR_0.0.1 2:4.20.0~rc1 + ndr_pull_winreg_Data_GPO@NDR_0.1.1 2:4.20.0~rc1 + ndr_pull_winreg_Type@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_DATA_BLOB@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_GUID@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_HRESULT@NDR_0.0.5 2:4.20.0~rc1 + ndr_push_KRB5_EDATA_NTSTATUS@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_NTSTATUS@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_NTTIME@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_NTTIME_1sec@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_NTTIME_hyper@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_WERROR@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_array_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_blob@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_bytes@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_charset@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_charset_to_null@NDR_0.0.9 2:4.20.0~rc1 + ndr_push_dlong@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_double@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_enum_uint1632@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_enum_uint16@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_enum_uint32@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_enum_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_expand@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_full_ptr@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_get_relative_base_offset@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_gid_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_hyper@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_init_ctx@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_int16@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_int32@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_int64@NDR_3.0.1 2:4.20.0~rc1 + ndr_push_int8@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_ipv4address@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_ipv6address@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_ndr_syntax_id@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_netr_SamDatabaseID@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_netr_SchannelType@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_pipe_chunk_trailer@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_pointer@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_policy_handle@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_ref_ptr@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_relative_ptr1@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_relative_ptr2_end@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_relative_ptr2_start@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_restore_relative_base_offset@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_set_switch_value@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_setup_relative_base_offset1@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_setup_relative_base_offset2@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_short_relative_ptr1@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_short_relative_ptr2@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_steal_switch_value@NDR_1.0.0 2:4.20.0~rc1 + ndr_push_string@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_string_array@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_struct_blob@NDR_0.0.1 2:4.17.2 + ndr_push_struct_into_fixed_blob@NDR_0.0.8 2:4.17.2 + ndr_push_subcontext_end@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_subcontext_start@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_svcctl_ServerType@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_time_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_timespec@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_timeval@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_trailer_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_u16string@NDR_4.0.0 2:4.20.0~rc1 + ndr_push_udlong@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_udlongr@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uid_t@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uint1632@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uint16@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uint3264@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uint32@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_uint8@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_union_align@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_union_blob@NDR_0.0.1 2:4.17.2 + ndr_push_unique_ptr@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_winreg_Data@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_winreg_Data_GPO@NDR_0.1.1 2:4.20.0~rc1 + ndr_push_winreg_Type@NDR_0.0.1 2:4.20.0~rc1 + ndr_push_zero@NDR_0.0.1 2:4.20.0~rc1 + ndr_set_flags@NDR_0.0.1 2:4.17.2 + ndr_size_DATA_BLOB@NDR_0.0.1 2:4.20.0~rc1 + ndr_size_GUID@NDR_0.0.1 2:4.17.2 + ndr_size_string@NDR_0.0.1 2:4.20.0~rc1 + ndr_size_string_array@NDR_0.0.1 2:4.17.2 + ndr_size_struct@NDR_0.0.1 2:4.17.2 + ndr_size_union@NDR_0.0.1 2:4.17.2 + ndr_size_winreg_Data_GPO@NDR_0.1.2 2:4.17.2 + ndr_steal_array_length@NDR_2.0.0 2:4.20.0~rc1 + ndr_steal_array_size@NDR_2.0.0 2:4.20.0~rc1 + ndr_string_array_size@NDR_0.0.1 2:4.20.0~rc1 + ndr_string_length@NDR_0.0.1 2:4.17.2 + ndr_syntax_id_buf_string@NDR_1.0.2 2:4.17.2 + ndr_syntax_id_equal@NDR_0.0.1 2:4.17.2 + ndr_syntax_id_from_string@NDR_0.0.3 2:4.17.2 + ndr_syntax_id_null@NDR_0.0.1 2:4.17.2 + ndr_syntax_id_to_string@NDR_0.0.3 2:4.17.2 + ndr_table_misc@NDR_0.2.1 2:4.17.2 + ndr_token_max_list_size@NDR_2.0.0 2:4.17.2 + ndr_token_peek@NDR_0.0.1 2:4.17.2 + ndr_token_retrieve@NDR_0.0.1 2:4.17.2 + ndr_token_retrieve_cmp_fn@NDR_0.0.1 2:4.17.2 + ndr_token_store@NDR_0.0.1 2:4.17.2 + ndr_transfer_syntax_ndr64@NDR_0.0.1 2:4.17.2 + ndr_transfer_syntax_ndr@NDR_0.0.1 2:4.17.2 + ndr_zero_memory@NDR_0.2.0 2:4.17.2 + +# libsmbldapN is a virtual package provided by samba-libs +libsmbldap.so.2 libsmbldap2 #MINVER# +* Build-Depends-Package: samba-dev + SMBLDAP_0@SMBLDAP_0 2:4.16.6 + SMBLDAP_1@SMBLDAP_1 2:4.16.6 + SMBLDAP_2.1.0@SMBLDAP_2.1.0 2:4.16.6 + SMBLDAP_2@SMBLDAP_2 2:4.16.6 + smbldap_add@SMBLDAP_0 2:4.16.6 + smbldap_delete@SMBLDAP_0 2:4.16.6 + smbldap_extended_operation@SMBLDAP_0 2:4.16.6 + smbldap_free_struct@SMBLDAP_0 2:4.16.6 + smbldap_get_ldap@SMBLDAP_1 2:4.16.6 + smbldap_get_paged_results@SMBLDAP_1 2:4.16.6 + smbldap_get_single_attribute@SMBLDAP_0 2:4.16.6 + smbldap_has_control@SMBLDAP_0 2:4.16.6 + smbldap_has_extension@SMBLDAP_0 2:4.16.6 + smbldap_has_naming_context@SMBLDAP_0 2:4.16.6 + smbldap_init@SMBLDAP_0 2:4.16.6 + smbldap_make_mod@SMBLDAP_0 2:4.16.6 + smbldap_make_mod_blob@SMBLDAP_0 2:4.16.6 + smbldap_modify@SMBLDAP_0 2:4.16.6 + smbldap_pull_sid@SMBLDAP_0 2:4.16.6 + smbldap_search@SMBLDAP_0 2:4.16.6 + smbldap_search_paged@SMBLDAP_0 2:4.16.6 + smbldap_search_suffix@SMBLDAP_0 2:4.16.6 + smbldap_set_bind_callback@SMBLDAP_2 2:4.16.6 + smbldap_set_creds@SMBLDAP_0 2:4.16.6 + smbldap_set_mod@SMBLDAP_0 2:4.16.6 + smbldap_set_mod_blob@SMBLDAP_0 2:4.16.6 + smbldap_set_paged_results@SMBLDAP_1 2:4.16.6 + smbldap_setup_full_conn@SMBLDAP_0 2:4.16.6 + smbldap_start_tls@SMBLDAP_0 2:4.16.6 + smbldap_start_tls_start@SMBLDAP_2.1.0 2:4.16.6 + smbldap_talloc_autofree_ldapmod@SMBLDAP_0 2:4.16.6 + smbldap_talloc_autofree_ldapmsg@SMBLDAP_0 2:4.16.6 + smbldap_talloc_dn@SMBLDAP_0 2:4.16.6 + smbldap_talloc_first_attribute@SMBLDAP_0 2:4.16.6 + smbldap_talloc_single_attribute@SMBLDAP_0 2:4.16.6 + smbldap_talloc_single_blob@SMBLDAP_0 2:4.16.6 + smbldap_talloc_smallest_attribute@SMBLDAP_0 2:4.16.6 + diff --git a/debian/samba-testsuite.examples b/debian/samba-testsuite.examples new file mode 100644 index 0000000..9161d80 --- /dev/null +++ b/debian/samba-testsuite.examples @@ -0,0 +1 @@ +examples/pcap2nbench diff --git a/debian/samba-testsuite.install b/debian/samba-testsuite.install new file mode 100644 index 0000000..36ab527 --- /dev/null +++ b/debian/samba-testsuite.install @@ -0,0 +1,14 @@ +usr/bin/gentest +usr/bin/locktest +usr/bin/masktest +usr/bin/ndrdump +usr/bin/smbtorture +usr/lib/*/samba/libdlz-bind9-for-torture-private-samba.so.0 +usr/lib/*/samba/libprinter-driver-private-samba.so.0 +usr/lib/*/samba/libshares-private-samba.so.0 +usr/lib/*/samba/libtorture-private-samba.so.0 +usr/share/man/man1/gentest.1 +usr/share/man/man1/locktest.1 +usr/share/man/man1/masktest.1 +usr/share/man/man1/ndrdump.1 +usr/share/man/man1/smbtorture.1 diff --git a/debian/samba-vfs-modules.install b/debian/samba-vfs-modules.install new file mode 100644 index 0000000..c82d897 --- /dev/null +++ b/debian/samba-vfs-modules.install @@ -0,0 +1,3 @@ +usr/lib/*/samba/vfs/*.so +usr/share/man/man8/vfs_*.8 +usr/lib/*/samba/libdfs-server-ad-private-samba.so.0 diff --git a/debian/samba-vfs-modules.lintian-overrides b/debian/samba-vfs-modules.lintian-overrides new file mode 100644 index 0000000..5e2bcbb --- /dev/null +++ b/debian/samba-vfs-modules.lintian-overrides @@ -0,0 +1,7 @@ +# False positives, see #896012 +samba-vfs-modules: library-not-linked-against-libc * +# manpages describing vfs modules: +samba-vfs-modules: spare-manual-page */man/man8/vfs_* +# intentional: was a typo in old config parser so we allow old config to work: +samba-vfs-modules: hardening-no-fortify-functions */samba/vfs/expand_msdfs.so* +samba-vfs-modules: hardening-no-fortify-functions */samba/vfs/fileid.so* diff --git a/debian/samba.NEWS b/debian/samba.NEWS new file mode 100644 index 0000000..5f4c14f --- /dev/null +++ b/debian/samba.NEWS @@ -0,0 +1,179 @@ +samba (2:4.6.5+dfsg-5) unstable; urgency=medium + + The samba service has been removed. Use the individual services instead: + + * nmbd + * smbd + * samba-ad-dc + + -- Mathieu Parent <sathieu@debian.org> Tue, 18 Jul 2017 22:52:05 +0200 + +samba (2:4.4.1+dfsg-1) experimental; urgency=medium + + This Samba security addresses both Denial of Service and Man in + the Middle vulnerabilities. + + Both of these changes implement new smb.conf options and a number + of stricter behaviours to prevent Man in the Middle attacks on our + network services, as a client and as a server. + + Between these changes, compatibility with a large number of older + software versions has been lost in the default configuration. + + See the release notes in WHATNEW.txt for more information. + + + Here are some additional hints how to work around the new stricter default behaviors: + + * As an AD DC server, only Windows 2000 and Samba 3.6 and above as + a domain member are supported out of the box. Other smb file + servers as domain members are also fine out of the box. + + * As an AD DC server, with default setting of "ldap server require + strong auth", LDAP clients connecting over ldaps:// or START_TLS + will be allowed to perform simple LDAP bind only. + + The preferred configuration for LDAP clients is to use SASL + GSSAPI directly over ldap:// without using ldaps:// or + START_TLS. + + To use LDAP with START_TLS and SASL GSSAPI (either Kerberos or + NTLMSSP) sign/seal protection must be used by the client and + server should be configured with "ldap server require strong + auth = allow_sasl_over_tls". + + Consult OpenLDAP documentation how to set sign/seal protection + in ldap.conf. + + For SSSD client configured with "id_provider = ad" or + "id_provider = ldap" with "auth_provider = krb5", see + sssd-ldap(5) manual for details on TLS session handling. + + * As a File Server, compatibility with the Linux Kernel cifs + client depends on which configuration options are selected, please + use "sec=krb5(i)" or "sec=ntlmssp(i)", not "sec=ntlmv2". + + * As a file or printer client and as a domain member, out of the + box compatibility with Samba less than 4.0 and other SMB/CIFS + servers, depends on support for SMB signing or SMB2 on the + server, which is often disabled or absent. You may need to + adjust the "client ipc signing" to "no" in these cases. + + * In case of an upgrade from versions before 4.2.0, you might run + into problems as a domain member. The out of the box compatibility + with Samba 3.x domain controllers requires NETLOGON features only + available in Samba 3.2 and above. + + However, all of these can be worked around by setting smb.conf + options in Samba, see WHATSNEW.txt the 4.2.0 release notes at + https://www.samba.org/samba/history/samba-4.2.0.html and the Samba + wiki for details, workarounds and suggested security-improving + changes to these and other software packages. + + + Suggested further improvements after patching: + + It is recommended that administrators set these additional options, + if compatible with their network environment: + + server signing = mandatory + ntlm auth = no + + Without "server signing = mandatory", Man in the Middle attacks + are still possible against our file server and + classic/NT4-like/Samba3 Domain controller. (It is now enforced on + Samba's AD DC.) Note that this has heavy impact on the file server + performance, so you need to decide between performance and + security. These Man in the Middle attacks for smb file servers are + well known for decades. + + Without "ntlm auth = no", there may still be clients not using + NTLMv2, and these observed passwords may be brute-forced easily using + cloud-computing resources or rainbow tables. + + -- Andrew Bartlett <abartlet+debian@catalyst.net.nz> Tue, 12 Apr 2016 16:18:57 +1200 + +samba (2:4.0.10+dfsg-3) unstable; urgency=low + + The SWAT package is no longer available. + + Upstream support for SWAT (Samba Web Administration Tool) was removed in + samba 4.1.0. As a result, swat is no longer shipped in the Debian Samba + packages. Unfortunately, there is currently no replacement. + + Details why SWAT has been removed upstream can be found on the + samba-technical mailing list: + + https://lists.samba.org/archive/samba-technical/2013-February/090572.html + + -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 22 Oct 2013 07:52:54 +0200 + +samba (2:3.4.0-1) unstable; urgency=low + + Default passdb backend changed in samba 3.4.0 and above + + Beginning with samba 3.4.0, the default setting for "passdb + backend" changed from "smbpasswd" to "tdbsam". + + If your smb.conf file does not have an explicit mention of + "passdb backend" when upgrading from pre-3.4.0 versions of + samba, it is likely that users will no longer be able to + authenticate. + + As a consequence of all this, if you're upgrading from lenny + and have no setting of "passdb backend" in smb.conf, you MUST + add "passdb backend = smbpasswd" in order to keep your samba + server's behaviour. + + As Debian packages of samba explicitly set "passdb backend = tdbsam" + by default since etch, very few users should need to modify their + settings. + + -- Christian Perrier <bubulle@debian.org> Tue, 07 Jul 2009 20:42:19 +0200 + +samba (3.0.27a-2) unstable; urgency=low + + Weak authentication methods are disabled by default + + Beginning with this version, plaintext authentication is disabled for + clients and lanman authentication is disabled for both clients and + servers. Lanman authentication is not needed for Windows + NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows + 95/98/ME clients (or servers) you may need to set lanman auth (or client + lanman auth) to yes in your smb.conf. + + The "lanman auth = no" setting will also cause lanman password hashes to + be deleted from smbpasswd and prevent new ones from being written, so + that these can't be subjected to brute-force password attacks. This + means that re-enabling lanman auth after it has been disabled is more + difficult; it is therefore advisable that you re-enable the option as + soon as possible if you think you will need to support Win9x clients. + + Client support for plaintext passwords is not needed for recent Windows + servers, and in fact this behavior change makes the Samba client behave + in a manner consistent with all Windows clients later than Windows 98. + However, if you need to connect to a Samba server that does not have + encrypted password support enabled, or to another server that does not + support NTLM authentication, you will need to set + "client plaintext auth = yes" and "client lanman auth = yes" in smb.conf. + + -- Steve Langasek <vorlon@debian.org> Sat, 24 Nov 2007 00:23:37 -0800 + +samba (3.0.26a-2) unstable; urgency=low + + Default printing system has changed from BSD to CUPS + + Previous versions of this package were configured to use BSD lpr as the + default printing system. With this version of Samba, the default has + been changed to CUPS for consistency with the current default printer + handling in the rest of the system. + + If you wish to continue using the BSD printing interface from Samba, you + will need to set "printing = bsd" manually in /etc/samba/smb.conf. If + you wish to use CUPS printing but have previously set any of the + "print command", "lpq command", or "lprm command" options in smb.conf, + you will want to remove these settings from your config. Otherwise, if + you have the cupsys package installed, Samba should begin to use it + automatically with no action on your part. + + -- Steve Langasek <vorlon@debian.org> Wed, 14 Nov 2007 17:19:36 -0800 diff --git a/debian/samba.dirs b/debian/samba.dirs new file mode 100644 index 0000000..cd0dcc6 --- /dev/null +++ b/debian/samba.dirs @@ -0,0 +1,11 @@ +etc/apparmor.d/samba +usr/bin +usr/sbin +var/lib/samba/printers/COLOR +var/lib/samba/printers/IA64 +var/lib/samba/printers/W32ALPHA +var/lib/samba/printers/W32MIPS +var/lib/samba/printers/W32PPC +var/lib/samba/printers/W32X86 +var/lib/samba/printers/WIN40 +var/lib/samba/printers/x64 diff --git a/debian/samba.examples b/debian/samba.examples new file mode 100644 index 0000000..063b494 --- /dev/null +++ b/debian/samba.examples @@ -0,0 +1,3 @@ +examples/LDAP +examples/logon +examples/printing diff --git a/debian/samba.install b/debian/samba.install new file mode 100755 index 0000000..498557c --- /dev/null +++ b/debian/samba.install @@ -0,0 +1,45 @@ +#!/usr/bin/dh-exec --with-scripts=filter-arch,filter-build-profiles +etc/ufw/applications.d/samba +usr/bin/dumpmscat +usr/bin/mvxattr +usr/bin/oLschema2ldif +usr/bin/pdbedit +usr/bin/profiles +usr/bin/sharesec +usr/bin/smbcontrol +usr/bin/smbstatus +<!pkg.samba.mitkrb5> usr/lib/*/samba/libHDB-SAMBA4-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libgss-preauth-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libhdb-private-samba.so.0 +<!pkg.samba.mitkrb5> usr/lib/*/samba/libkdc-private-samba.so.0 +<pkg.samba.mitkrb5> usr/lib/*/krb5/plugins/kdb/samba.so +usr/lib/*/samba/libmscat-private-samba.so.0 +usr/libexec/samba/samba-bgqd +usr/lib/*/samba/service/*.so +usr/sbin/eventlogadm +usr/sbin/nmbd +usr/sbin/samba +usr/sbin/samba-gpupdate +usr/sbin/samba_dnsupdate +usr/sbin/samba_downgrade_db +usr/sbin/samba_spnupdate +usr/sbin/samba_upgradedns +usr/sbin/smbd +usr/share/man/man1/log2pcap.1 +usr/share/man/man1/mvxattr.1 +usr/share/man/man1/oLschema2ldif.1 +usr/share/man/man1/profiles.1 +usr/share/man/man1/sharesec.1 +usr/share/man/man1/smbcontrol.1 +usr/share/man/man1/smbstatus.1 +usr/share/man/man8/eventlogadm.8 +usr/share/man/man8/nmbd.8 +usr/share/man/man8/pdbedit.8 +usr/share/man/man8/samba-bgqd.8 +usr/share/man/man8/samba_downgrade_db.8 +usr/share/man/man8/samba-gpupdate.8 +usr/share/man/man8/samba.8 +usr/share/man/man8/smbd.8 +usr/share/samba/admx/ +usr/share/samba/mdssvc/elasticsearch_mappings.json +usr/share/samba/update-apparmor-samba-profile diff --git a/debian/samba.links b/debian/samba.links new file mode 100644 index 0000000..f1bd152 --- /dev/null +++ b/debian/samba.links @@ -0,0 +1,2 @@ +/usr/share/bug/samba-common/presubj /usr/share/bug/samba/presubj +/usr/share/bug/samba-common/script /usr/share/bug/samba/script diff --git a/debian/samba.lintian-overrides b/debian/samba.lintian-overrides new file mode 100644 index 0000000..128f6e8 --- /dev/null +++ b/debian/samba.lintian-overrides @@ -0,0 +1 @@ +samba: hardening-no-fortify-functions */samba/libmscat-private-samba.so.* diff --git a/debian/samba.maintscript b/debian/samba.maintscript new file mode 100644 index 0000000..7b807ca --- /dev/null +++ b/debian/samba.maintscript @@ -0,0 +1,2 @@ +rm_conffile /etc/cron.daily/samba 2:4.19.3+dfsg-3~ +rm_conffile /etc/logrotate.d/samba 2:4.19.4+dfsg-3~ diff --git a/debian/samba.nmbd.init b/debian/samba.nmbd.init new file mode 100644 index 0000000..7ccaa64 --- /dev/null +++ b/debian/samba.nmbd.init @@ -0,0 +1,52 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: nmbd +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# X-Start-Before: smbd +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Samba NetBIOS nameserver (nmbd) +# Description: NetBIOS name server to provide NetBIOS over IP naming services +# to clients +### END INIT INFO + +NAME=nmbd +DAEMON=/usr/sbin/$NAME +PIDFILE=/run/samba/$NAME.pid +DESC="NetBIOS name server" +SCRIPT=nmbd + +# clear conflicting settings from the environment +unset TMPDIR + +test -x $DAEMON || exit 0 +/usr/share/samba/is-configured $NAME || exit 0 + +[ -f /etc/default/samba ] && . /etc/default/samba + +. /lib/lsb/init-functions + +case "$1" in + (start) + log_daemon_msg "Starting $DESC" $NAME + start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $NMBDOPTIONS + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc -p $PIDFILE $DAEMON $NAME + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/samba.nmbd.service b/debian/samba.nmbd.service new file mode 100644 index 0000000..4f74f49 --- /dev/null +++ b/debian/samba.nmbd.service @@ -0,0 +1,19 @@ +[Unit] +Description=Samba NMB Daemon +Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5) +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=notify +PIDFile=/run/samba/nmbd.pid +EnvironmentFile=-/etc/default/samba +ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +LimitCORE=infinity +ExecCondition=/usr/share/samba/is-configured nmb + +[Install] +WantedBy=multi-user.target +# Upstream name: +Alias=nmb.service diff --git a/debian/samba.pam b/debian/samba.pam new file mode 100644 index 0000000..e6c8ce6 --- /dev/null +++ b/debian/samba.pam @@ -0,0 +1,3 @@ +@include common-auth +@include common-account +@include common-session-noninteractive diff --git a/debian/samba.postinst b/debian/samba.postinst new file mode 100644 index 0000000..ceb0b64 --- /dev/null +++ b/debian/samba.postinst @@ -0,0 +1,79 @@ +#!/bin/sh + +set -e + +nmbd_error_handler() { + if [ -d /sys/class/net/lo ] && ls /sys/class/net | grep -qv ^lo$; then + # https://bugs.debian.org/893762 + echo 'WARNING: nmbd failed to start as there is no non-loopback interfaces available.' + echo 'Either add an interface or set "disable netbios = yes" in smb.conf' + return 0 + elif command -v ip > /dev/null && ip a show | grep '^[[:space:]]*inet ' | grep -vq ' lo$'; then + # https://bugs.debian.org/859526 + echo 'WARNING: nmbd failed to start as there is no local IPv4 non-loopback interfaces available.' + echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf' + return 0 + else + echo 'ERROR: nmbd failed to start.' + return 1 # caught by set -e + fi +} + +# We generate several files during the postinst, and we don't want +# them to be readable only by root. +umask 022 + +if [ configure = "$1" -a -z "$2" ] # only do this if not upgrading +then + # add the sambashare group; --force: ok if group already exist + groupadd --force --system sambashare + dir=/var/lib/samba/usershares + [ -d $dir ] || install -d -m 1770 -g sambashare $dir +fi + +# in 4.17.4+dfsg-3 we stopped masking services, unmask them here +if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~ +then + for s in nmbd smbd samba-ad-dc; do + if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ] + then + rm -f /etc/systemd/system/$s.service + fi + done +fi + +# remove old spool directory (point it to /var/tmp if in use) +if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~ +then + dir=/var/spool/samba + pat="^(\\s*path\\s*=\\s*)$dir" + if grep -q -E "$pat\\s*$" /etc/samba/smb.conf ; then + echo "WARNING: fixing smb.conf, replacing $dir with /var/tmp" >&2 + sed -ri "s|$pat\\s*$|\\1/var/tmp|" /etc/samba/smb.conf + fi + if [ -d $dir -a ! -L $dir ]; then + echo "W: removing old samba print spool $dir" >&2 + rm -rf $dir + fi + # we can still have it in an include file (or have a subdir there?) + if testparm -s 2>/dev/null | grep -E "$pat\\b" >&2; then + echo "WARNING: $dir is still referenced in smb.conf. Please update smb.conf" >&2 + if [ ! -L $dir ]; then + echo "WARNING: redirecting $dir to /var/tmp" >&2 + ln -s ../tmp $dir + fi + fi +fi + +#DEBHELPER# + +# remove msg.sock/ directory (moved to /run/samba/) +dir=/var/lib/samba/private/msg.sock +if [ -d $dir -a configure = "$1" ] && + dpkg --compare-versions "$2" lt-nl 2:4.16.0+dfsg-7~ +then + rm -f $dir/* + rmdir $dir +fi + +exit 0 diff --git a/debian/samba.postrm b/debian/samba.postrm new file mode 100644 index 0000000..0c0131e --- /dev/null +++ b/debian/samba.postrm @@ -0,0 +1,26 @@ +#! /bin/sh -e + +set -e + +if [ "$1" = purge ]; then + + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge + fi + + if [ "$(readlink /etc/systemd/system/samba-ad-dc.service)" = '/dev/null' ]; then + # Remove masking done by postinst (#832352) + rm /etc/systemd/system/samba-ad-dc.service + fi + + if [ -f /etc/apparmor.d/samba/smbd-shares ]; then + rm /etc/apparmor.d/samba/smbd-shares + fi + + # compat symlink for a dir used for print jobs in the past + rm -f /var/spool/samba + +fi + +#DEBHELPER# diff --git a/debian/samba.samba-ad-dc.init b/debian/samba.samba-ad-dc.init new file mode 100644 index 0000000..d88ca31 --- /dev/null +++ b/debian/samba.samba-ad-dc.init @@ -0,0 +1,63 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: samba-ad-dc +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Samba daemons for the AD DC +# Description: Meta-service to provide AD and SMB/CIFS services to clients +### END INIT INFO + +NAME=samba +DAEMON=/usr/sbin/$NAME +PIDFILE=/run/samba/$NAME.pid +DESC="Samba AD DC server" +SCRIPT=samba-ad-dc + +# clear conflicting settings from the environment +unset TMPDIR + +test -x $DAEMON || exit 0 +/usr/share/samba/is-configured $NAME || exit 0 + +[ -f /etc/default/samba ] && . /etc/default/samba + +. /lib/lsb/init-functions + +case "$1" in + (start) + # CVE-2013-4475 + KEYFILE=/var/lib/samba/private/tls/key.pem + if [ -e $KEYFILE ] + then + KEYPERMS=`stat -c %a $KEYFILE` + if [ "$KEYPERMS" != "600" ] + then + echo "wrong permission on $KEYFILE, must be 600" + echo "samba will not start (CVE-2013-4475)" + echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." + exit 1 + fi + fi + log_daemon_msg "Starting $DESC" $NAME + start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc -p $PIDFILE $DAEMON $NAME + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/samba.samba-ad-dc.service b/debian/samba.samba-ad-dc.service new file mode 100644 index 0000000..fdee735 --- /dev/null +++ b/debian/samba.samba-ad-dc.service @@ -0,0 +1,19 @@ +[Unit] +Description=Samba AD Daemon +Documentation=man:samba(8) man:samba(7) man:smb.conf(5) +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=notify +PIDFile=/run/samba/samba.pid +LimitNOFILE=16384 +EnvironmentFile=-/etc/default/samba +ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +ExecCondition=/usr/share/samba/is-configured samba + +[Install] +WantedBy=multi-user.target +# Upstream name: +Alias=samba.service diff --git a/debian/samba.smbd.init b/debian/samba.smbd.init new file mode 100644 index 0000000..ac0e78d --- /dev/null +++ b/debian/samba.smbd.init @@ -0,0 +1,61 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: smbd +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Should-Start: slapd cups +# Should-Stop: slapd cups +# Short-Description: Samba SMB/CIFS daemon (smbd) +# Description: server to provide SMB/CIFS services to clients +### END INIT INFO + +NAME=smbd +DAEMON=/usr/sbin/$NAME +PIDFILE=/run/samba/$NAME.pid +DESC="Samba SMB/CIFS daemon" +SCRIPT=smbd + +# clear conflicting settings from the environment +unset TMPDIR + +test -x $DAEMON || exit 0 +/usr/share/samba/is-configured $NAME || exit 0 + +[ -f /etc/default/samba ] && . /etc/default/samba + +. /lib/lsb/init-functions + +case "$1" in + (start) + # Update /etc/apparmor.d/samba/smbd-shares + if [ -x /usr/share/samba/update-apparmor-samba-profile ]; then + /usr/share/samba/update-apparmor-samba-profile || exit $? + fi + log_daemon_msg "Starting $DESC" $NAME + start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SMBDOPTIONS + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE + log_end_msg $? + ;; + (reload) + log_daemon_msg "Reloading $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc -p $PIDFILE $DAEMON $NAME + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/samba.smbd.service b/debian/samba.smbd.service new file mode 100644 index 0000000..57d8f75 --- /dev/null +++ b/debian/samba.smbd.service @@ -0,0 +1,20 @@ +[Unit] +Description=Samba SMB Daemon +Documentation=man:smbd(8) man:samba(7) man:smb.conf(5) +Wants=network-online.target +After=network.target network-online.target nmb.service winbind.service + +[Service] +Type=notify +PIDFile=/run/samba/smbd.pid +LimitNOFILE=16384 +EnvironmentFile=-/etc/default/samba +ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +LimitCORE=infinity +ExecCondition=/usr/share/samba/is-configured smb + +[Install] +WantedBy=multi-user.target +# Upstream name: +Alias=smb.service diff --git a/debian/samba.ufw.profile b/debian/samba.ufw.profile new file mode 100644 index 0000000..37bcfe2 --- /dev/null +++ b/debian/samba.ufw.profile @@ -0,0 +1,4 @@ +[Samba] +title=LanManager-like file and printer server for Unix +description=The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. +ports=137,138/udp|139,445/tcp diff --git a/debian/setoption.py b/debian/setoption.py new file mode 100755 index 0000000..a3f3695 --- /dev/null +++ b/debian/setoption.py @@ -0,0 +1,47 @@ +#!/usr/bin/python3 +# Helper to set a global option in the samba configuration file +# Eventually this should be replaced by a call to samba-tool, but +# for the moment that doesn't support setting individual configuration options. + +import optparse +import os +import re +import shutil +import stat +import tempfile + +parser = optparse.OptionParser() +parser.add_option("--configfile", type=str, metavar="CONFFILE", + help="Configuration file to use", default="/etc/samba/smb.conf") + +(opts, args) = parser.parse_args() +if len(args) != 2: + parser.print_usage() + +(key, value) = args +inglobal = False +done = False + +inf = open(opts.configfile, 'r') +(fd, fn) = tempfile.mkstemp() +outf = os.fdopen(fd, 'w') + +for l in inf.readlines(): + m = re.match(r"^\s*\[([^]]+)\]$", l) + if m: + if inglobal and not done: + outf.write(" %s = %s\n" % (key, value)) + done = True + inglobal = (m.groups(1)[0] in ("global", "globals")) + elif inglobal and re.match(r"^(\s*)" + key + r"(\s*)=.*$", l): + l = re.sub(r"^(\s*)" + key + r"(\s*)=.*$", + r"\1" + key + r"\2=\2" + value, l) + done = True + outf.write(l) + +if not done: + outf.write("%s = %s\n" % (key, value)) + +os.fchmod(fd, stat.S_IMODE(os.stat(opts.configfile).st_mode)) +outf.close() +shutil.move(fn, opts.configfile) diff --git a/debian/smb.conf b/debian/smb.conf new file mode 100644 index 0000000..970ffb8 --- /dev/null +++ b/debian/smb.conf @@ -0,0 +1,236 @@ +# +# Sample configuration file for the Samba suite for Debian GNU/Linux. +# +# +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options most of which +# are not shown in this example +# +# Some options that are often worth tuning have been included as +# commented-out examples in this file. +# - When such options are commented with ";", the proposed setting +# differs from the default Samba behaviour +# - When commented with "#", the proposed setting is the default +# behaviour of Samba but the option is considered important +# enough to be mentioned here +# +# NOTE: Whenever you modify this file you should run the command +# "testparm" to check that you have not made any basic syntactic +# errors. + +#======================= Global Settings ======================= + +[global] + +## Browsing/Identification ### + +# Change this to the workgroup/NT-domain name your Samba server will part of + workgroup = WORKGROUP + +#### Networking #### + +# The specific set of interfaces / networks to bind to +# This can be either the interface name or an IP address/netmask; +# interface names are normally preferred +; interfaces = 127.0.0.0/8 eth0 + +# Only bind to the named interfaces and/or networks; you must use the +# 'interfaces' option above to use this. +# It is recommended that you enable this feature if your Samba machine is +# not protected by a firewall or is a firewall itself. However, this +# option cannot handle dynamic or non-broadcast interfaces correctly. +; bind interfaces only = yes + + + +#### Debugging/Accounting #### + +# This tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Cap the size of the individual log files (in KiB). + max log size = 1000 + +# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}. +# Append syslog@1 if you want important messages to be sent to syslog too. + logging = file + +# Do something sensible when Samba crashes: mail the admin a backtrace + panic action = /usr/share/samba/panic-action %d + + +####### Authentication ####### + +# Server role. Defines in which mode Samba will operate. Possible +# values are "standalone server", "member server", "classic primary +# domain controller", "classic backup domain controller", "active +# directory domain controller". +# +# Most people will want "standalone server" or "member server". +# Running as "active directory domain controller" will require first +# running "samba-tool domain provision" to wipe databases and create a +# new domain. + server role = standalone server + + obey pam restrictions = yes + +# This boolean parameter controls whether Samba attempts to sync the Unix +# password with the SMB password when the encrypted SMB password in the +# passdb is changed. + unix password sync = yes + +# For Unix password sync to work on a Debian GNU/Linux system, the following +# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for +# sending the correct chat script for the passwd program in Debian Sarge). + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + +# This boolean controls whether PAM will be used for password changes +# when requested by an SMB client instead of the program listed in +# 'passwd program'. The default is 'no'. + pam password change = yes + +# This option controls how unsuccessful authentication attempts are mapped +# to anonymous connections + map to guest = bad user + +########## Domains ########### + +# +# The following settings only takes effect if 'server role = classic +# primary domain controller', 'server role = classic backup domain controller' +# or 'domain logons' is set +# + +# It specifies the location of the user's +# profile directory from the client point of view) The following +# required a [profiles] share to be setup on the samba server (see +# below) +; logon path = \\%N\profiles\%U +# Another common choice is storing the profile in the user's home directory +# (this is Samba's default) +# logon path = \\%N\%U\profile + +# The following setting only takes effect if 'domain logons' is set +# It specifies the location of a user's home directory (from the client +# point of view) +; logon drive = H: +# logon home = \\%N\%U + +# The following setting only takes effect if 'domain logons' is set +# It specifies the script to run during logon. The script must be stored +# in the [netlogon] share +# NOTE: Must be store in 'DOS' file format convention +; logon script = logon.cmd + +# This allows Unix users to be created on the domain controller via the SAMR +# RPC pipe. The example command creates a user account with a disabled Unix +# password; please adapt to your needs +; add user script = /usr/sbin/useradd --create-home %u + +# This allows machine accounts to be created on the domain controller via the +# SAMR RPC pipe. +# The following assumes a "machines" group exists on the system +; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u + +# This allows Unix groups to be created on the domain controller via the SAMR +# RPC pipe. +; add group script = /usr/sbin/addgroup --force-badname %g + +############ Misc ############ + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /home/samba/etc/smb.conf.%m + +# Some defaults for winbind (make sure you're not using the ranges +# for something else.) +; idmap config * : backend = tdb +; idmap config * : range = 3000-7999 +; idmap config YOURDOMAINHERE : backend = tdb +; idmap config YOURDOMAINHERE : range = 100000-999999 +; template shell = /bin/bash + +# Setup usershare options to enable non-root users to share folders +# with the net usershare command. + +# Maximum number of usershare. 0 means that usershare is disabled. +# usershare max shares = 100 + +# Allow users who've been granted usershare privileges to create +# public shares, not just authenticated ones + usershare allow guests = yes + +#======================= Share Definitions ======================= + +[homes] + comment = Home Directories + browseable = no + +# By default, the home directories are exported read-only. Change the +# next parameter to 'no' if you want to be able to write to them. + read only = yes + +# File creation mask is set to 0700 for security reasons. If you want to +# create files with group=rw permissions, set next parameter to 0775. + create mask = 0700 + +# Directory creation mask is set to 0700 for security reasons. If you want to +# create dirs. with group=rw permissions, set next parameter to 0775. + directory mask = 0700 + +# By default, \\server\username shares can be connected to by anyone +# with access to the samba server. +# The following parameter makes sure that only "username" can connect +# to \\server\username +# This might need tweaking when using external authentication schemes + valid users = %S + +# Un-comment the following and create the netlogon directory for Domain Logons +# (you need to configure Samba to act as a domain controller too.) +;[netlogon] +; comment = Network Logon Service +; path = /home/samba/netlogon +; guest ok = yes +; read only = yes + +# Un-comment the following and create the profiles directory to store +# users profiles (see the "logon path" option above) +# (you need to configure Samba to act as a domain controller too.) +# The path below should be writable by all users so that their +# profile directory may be created the first time they log on +;[profiles] +; comment = Users profiles +; path = /home/samba/profiles +; guest ok = no +; browseable = no +; create mask = 0600 +; directory mask = 0700 + +[printers] + comment = All Printers + browseable = no + path = /var/tmp + printable = yes + guest ok = no + read only = yes + create mask = 0700 + +# Windows clients look for this share name as a source of downloadable +# printer drivers +[print$] + comment = Printer Drivers + path = /var/lib/samba/printers + browseable = yes + read only = yes + guest ok = no +# Uncomment to allow remote administration of Windows print drivers. +# You may need to replace 'lpadmin' with the name of the group your +# admin users are members of. +# Please note that you also need to set appropriate Unix permissions +# to the drivers directory for these users to have write rights in it +; write list = root, @lpadmin + diff --git a/debian/smb.conf.ubuntu.diff b/debian/smb.conf.ubuntu.diff new file mode 100644 index 0000000..c66aded --- /dev/null +++ b/debian/smb.conf.ubuntu.diff @@ -0,0 +1,55 @@ +Subject: ubuntu changes for smb.conf + ++ Add "(Samba, Ubuntu)" to server string. ++ Comment out the default [homes] share, and add a comment about + "valid users = %s" to show users how to restrict access to + \\server\username to only username. +* Comment out "read only = yes" for a few standard shares. + +diff --git a/debian/smb.conf b/debian/smb.conf +index 37fafb27398..385197abee9 100644 +--- a/debian/smb.conf ++++ b/debian/smb.conf +@@ -30,2 +30,5 @@ + ++# server string is the equivalent of the NT Description field ++ server string = %h server (Samba, Ubuntu) ++ + #### Networking #### +@@ -168,5 +171,8 @@ + +-[homes] +- comment = Home Directories +- browseable = no ++# Un-comment the following (and tweak the other settings below to suit) ++# to enable the default home directory shares. This will share each ++# user's home directory as \\server\username ++;[homes] ++; comment = Home Directories ++; browseable = no + +@@ -174,3 +180,3 @@ + # next parameter to 'no' if you want to be able to write to them. +- read only = yes ++; read only = yes + +@@ -178,3 +184,3 @@ + # create files with group=rw permissions, set next parameter to 0775. +- create mask = 0700 ++; create mask = 0700 + +@@ -182,3 +188,3 @@ + # create dirs. with group=rw permissions, set next parameter to 0775. +- directory mask = 0700 ++; directory mask = 0700 + +@@ -186,6 +192,6 @@ + # with access to the samba server. +-# The following parameter makes sure that only "username" can connect +-# to \\server\username ++# Un-comment the following parameter to make sure that only "username" ++# can connect to \\server\username + # This might need tweaking when using external authentication schemes +- valid users = %S ++; valid users = %S + diff --git a/debian/smbclient.docs b/debian/smbclient.docs new file mode 100644 index 0000000..1dc7dbf --- /dev/null +++ b/debian/smbclient.docs @@ -0,0 +1 @@ +source3/client/README.smbspool diff --git a/debian/smbclient.install b/debian/smbclient.install new file mode 100644 index 0000000..89b5a00 --- /dev/null +++ b/debian/smbclient.install @@ -0,0 +1,24 @@ +usr/bin/cifsdd +#usr/bin/findsmb +usr/bin/mdsearch +usr/bin/rpcclient +usr/bin/smbcacls +usr/bin/smbclient +usr/bin/smbcquotas +usr/bin/smbget +usr/bin/smbspool +usr/bin/smbtar +usr/bin/smbtree +usr/libexec/samba/smbspool_krb5_wrapper +#usr/share/man/man1/findsmb.1 +usr/share/man/man1/mdsearch.1 +usr/share/man/man1/rpcclient.1 +usr/share/man/man1/smbcacls.1 +usr/share/man/man1/smbclient.1 +usr/share/man/man1/smbcquotas.1 +usr/share/man/man1/smbget.1 +usr/share/man/man1/smbtar.1 +usr/share/man/man1/smbtree.1 +usr/share/man/man8/cifsdd.8 +usr/share/man/man8/smbspool.8 +usr/share/man/man8/smbspool_krb5_wrapper.8 diff --git a/debian/smbclient.links b/debian/smbclient.links new file mode 100644 index 0000000..09046e8 --- /dev/null +++ b/debian/smbclient.links @@ -0,0 +1,4 @@ +# For CUPS to support printing to samba printers, it's necessary to make the +# following symlink (according to Erich Schubert <debian@vitavonni.de> +# in #109509) +usr/bin/smbspool usr/lib/cups/backend/smb diff --git a/debian/smbclient.lintian-overrides b/debian/smbclient.lintian-overrides new file mode 100644 index 0000000..7ca6d1d --- /dev/null +++ b/debian/smbclient.lintian-overrides @@ -0,0 +1,4 @@ +# As per CUPS's backend(7): "Backends without world read and execute permissions are run as the root usert" +# See also smbspool_krb5_wrapper(8) manpage +smbclient: non-standard-executable-perm 0700 != 0755 [usr/libexec/samba/smbspool_krb5_wrapper] +smbclient: executable-is-not-world-readable 0700 [usr/libexec/samba/smbspool_krb5_wrapper] diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..471dae8 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,4 @@ +# there are many generated files with long lines in source +samba source: very-long-line-length-in-source-file * +# d/control has Breaks: aligned with Replaces: values: +samba source: debian-control-has-unusual-field-spacing Breaks [debian/control:*] diff --git a/debian/source_samba.py b/debian/source_samba.py new file mode 100644 index 0000000..1d30625 --- /dev/null +++ b/debian/source_samba.py @@ -0,0 +1,170 @@ +#!/usr/bin/python3 + +'''Samba Apport interface + +Copyright (C) 2010 Canonical Ltd/ +Author: Chuck Short <chuck.short@canonical.com> + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +import os +from subprocess import PIPE, Popen +from apport.hookutils import * + +def run_testparm(): + ''' + Run the samba testparm(1) utility against /etc/samba/smb.conf. + + We do not use apport's command_output() method here because: + - we need to discard stdout, as that includes smb.conf + - we want to know if its exit status is not zero, but that in itself + is not an error in the test itself. command_output() would say the + command failed and that would be confusing. + + Returns stderr and the exit code (as a string) of testparm as a tuple or + None in the case of an error. + ''' + command = ['testparm', '-s', '/etc/samba/smb.conf'] + try: + testparm = Popen(command, stdout=PIPE, stderr=PIPE) + except OSError: + return None + _, err = testparm.communicate() + exit_code = testparm.wait() + return (err, str(exit_code)) + + +def recent_smblog(pattern): + '''Extract recent messages from log.smbd or messages which match a regex + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/samba/log.smbd'): + file = '/var/log/samba/log.smbd' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def recent_nmbdlog(pattern): + ''' Extract recent messages from log.nmbd or messages which match regex + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/samba/log.nmbd'): + file = '/var/log/samba/log.nmbd' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def add_info(report, ui): + packages = ['samba', 'samba-common-bin', 'samba-common', 'samba-tools', 'smbclient', 'swat', + 'samba-doc', 'samba-doc-pdf', 'smbfs', 'libpam-smbpass', 'libsmbclient', 'libsmbclient-dev', + 'winbind', 'samba-dbg', 'libwbclient0'] + + versions = '' + for package in packages: + try: + version = packaging.get_version(package) + except ValueError: + version = 'N/A' + if version is None: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['SambaInstalledVersions'] = versions + + + # Interactive report + # start by checking if /etc/samba/smb.conf exists + if not os.path.exists ('/etc/samba/smb.conf'): + ui.information("The configuration file '/etc/samba/smb.conf' does not exist. This file, and its contents, are critical for the operation of the SAMBA package(s). A common situation for this is:\n * you removed (but did not purge) SAMBA;\n * later on, you (or somebody) manually deleted '/etc/samba/smb.conf;\n * you reinstalled SAMBA.\nAs a result, this file is *not* reinstalled. If this is your case, please purge samba-common (e.g., sudo apt-get purge samba-common) and then reinstall SAMBA.\nYou may want to check other sources, like: https://answers.launchpad.net, https://help.ubuntu.com, and http://ubuntuforums.org. Please press any key to end apport's bug collection.") + raise StopIteration # we are out + + ui.information("As a part of the bug reporting process, you'll be asked as series of questions to help provide a more descriptive bug report. Please answer the following questions to the best of your abilities. Afterwards, a browser will be opened to finish filing this as a bug in the Launchpad bug tracking system.") + + response = ui.choice("How would you best describe your setup?", ["I am running a Windows File Server.", "I am connecting to a Windows File Server."], False) + + if response == None: + raise StopIteration # user has canceled + elif response[0] == 0: #its a server + response = ui.yesno("Did this used to work properly with a previous release?") + if response == None: # user has canceled + raise StopIteration + if response == False: + report['SambaServerRegression'] = "No" + if response == True: + report['SambaServerRegression'] = 'Yes' + + response = ui.choice("Which clients are failing to connect?", ["Windows", "Ubuntu", "Both", "Other"], False) + if response == None: + raise StopIteration # user has canceled + if response[0] == 0: + report['UbuntuFailedConnect'] = 'Yes' + if response[0] == 1: + report['WindowsFailedConnect'] = 'Yes' + if response[0] == 2: + report['BothFailedConnect'] = 'Yes' + if response[0] == 3: + report['OtherFailedConnect'] = 'Yes' + + response = ui.yesno("The contents of your /etc/samba/smb.conf file may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?") + if response == None: + raise StopIteration + if response == False: + report['SmbConfIncluded'] = 'No' + if response == True: + report['SmbConfIncluded'] = 'Yes' + attach_file_if_exists(report, '/etc/samba/smb.conf', key='SMBConf') + if command_available('testparm') and os.path.exists('/etc/samba/smb.conf'): + testparm_result = run_testparm() + testparm_response = ui.yesno("testparm(1) is a samba utility that will check /etc/samba/smb.conf for correctness and report issues it may find. Do you want to include its stderr output in your bug report? If you answer no, then we will only include its numeric exit status.") + if testparm_response == None: + raise StopIteration + if testparm_response == True: + if testparm_result: + report['TestparmStderr'], report['TestparmExitCode'] = testparm_result + else: # only include the exit code + report['TestparmExitCode'] = testparm_result[1] + + response = ui.yesno("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?") + if response == None: + raise StopIteration + elif response == False: + ui.information("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd will NOT be included in the bug report.") + elif response == True: + sec_re = re.compile('failed', re.IGNORECASE) + report['SmbLog'] = recent_smblog(sec_re) + report['NmbdLog'] = recent_nmbdlog(sec_re) + + elif response[0] == 1: #its a client + response = ui.yesno("Did this used to work properly with a previous release?") + if response == None: #user has canceled + raise StopIteration + if response == False: + report['SambaClientRegression'] = "No" + if response == True: + report['SambaClientRegression'] = "Yes" + + response = ui.choice("How is the remote share accessed from the Ubuntu system?", ["Nautilus (or other GUI Client)", "smbclient (from the command line)", "cifs filesystem mount (from /etc/fstab or a mount command)"], False) + if response == None: #user has canceled + raise StopIteration + if response[0] == 0: + attach_related_packages(report, ['nautilus', 'gvfs']) + if response[0] == 1: + ui.information("Please attach the output of 'smbclient -L localhost' to the end of this bug report.") + if response[0] == 2: + report['CIFSMounts'] = command_output(['findmnt', '-n', '-t', 'cifs']) + if os.path.exists('/proc/fs/cifs/DebugData'): + report['CifsVersion'] = command_output(['cat', '/proc/fs/cifs/DebugData']) + + ui.information("After apport finishes collecting information, please document your steps to reproduce the issue when filling out the bug report.") diff --git a/debian/tests/cifs-share-access b/debian/tests/cifs-share-access new file mode 100644 index 0000000..47ce01a --- /dev/null +++ b/debian/tests/cifs-share-access @@ -0,0 +1,29 @@ +#!/bin/sh + +set -x +set -e + +. debian/tests/util + +username="smbtest$$" +password="$$" +add_user "${username}" "${password}" + +myshare="myshare$$" +add_share "${myshare}" + +echo "Creating file with random data and computing its md5" +populate_share "${myshare}" "${username}" + +echo "Mounting //localhost/${myshare} via CIFS" +temp_mount=$(mktemp -d) +mount -t cifs //localhost/"${myshare}" "$temp_mount" -o user="${username}",username="${username}",password="${password}" + +echo "Verifying MD5 via cifs" +cd "$temp_mount" +md5sum -c data.md5 +result=$? +cd - +umount "$temp_mount" +rmdir "$temp_mount" +exit "$result" diff --git a/debian/tests/cifs-share-access-uring b/debian/tests/cifs-share-access-uring new file mode 100644 index 0000000..fb4b9c5 --- /dev/null +++ b/debian/tests/cifs-share-access-uring @@ -0,0 +1,31 @@ +#!/bin/sh + +set -x +set -e + +. debian/tests/util + +ensure_uring_available + +username="smbtest$$" +password="$$" +add_user "${username}" "${password}" + +myshare="myshare$$" +add_share "${myshare}" io_uring + +echo "Creating file with random data and computing its md5" +populate_share "${myshare}" "${username}" + +echo "Mounting //localhost/${myshare} via CIFS" +temp_mount=$(mktemp -d) +mount -t cifs //localhost/"${myshare}" "$temp_mount" -o user="${username}",username="${username}",password="${password}" + +echo "Verifying MD5 via cifs" +cd "$temp_mount" +md5sum -c data.md5 +result=$? +cd - +umount "$temp_mount" +rmdir "$temp_mount" +exit "$result" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..d27e025 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,30 @@ +Tests: cifs-share-access +Depends: samba, coreutils, systemd, cifs-utils, passwd +Restrictions: needs-root, allow-stderr, isolation-machine + +Tests: cifs-share-access-uring +Depends: samba, samba-vfs-modules, coreutils, systemd, cifs-utils, passwd +Restrictions: needs-root, allow-stderr, isolation-machine, skippable + +Tests: python-smoke +Depends: python3-samba + +Tests: smbclient-anonymous-share-list +Depends: samba, smbclient +Restrictions: allow-stderr, isolation-container + +Tests: smbclient-authenticated-share-list +Depends: samba, smbclient, passwd +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: smbclient-share-access +Depends: samba, smbclient, coreutils, systemd, passwd +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: smbclient-share-access-uring +Depends: samba, samba-vfs-modules, smbclient, coreutils, systemd, passwd +Restrictions: needs-root, allow-stderr, isolation-container, skippable + +Tests: reinstall-samba-common-bin +Depends: samba-common, samba-common-bin +Restrictions: needs-root, needs-reboot, isolation-machine, allow-stderr diff --git a/debian/tests/python-smoke b/debian/tests/python-smoke new file mode 100644 index 0000000..94aff44 --- /dev/null +++ b/debian/tests/python-smoke @@ -0,0 +1,2 @@ +#!/bin/sh +python3 -c 'import samba.samba3' diff --git a/debian/tests/reinstall-samba-common-bin b/debian/tests/reinstall-samba-common-bin new file mode 100644 index 0000000..ad3ebed --- /dev/null +++ b/debian/tests/reinstall-samba-common-bin @@ -0,0 +1,11 @@ +#!/bin/sh + +set -xe + +# Test regression on systemd-tmpfiles /run/samba presence for postinst script +if [ -z $AUTOPKGTEST_REBOOT_MARK ]; then + apt remove -y samba-common-bin + /tmp/autopkgtest-reboot reboot_mark +else + apt install -y samba-common-bin +fi diff --git a/debian/tests/smbclient-anonymous-share-list b/debian/tests/smbclient-anonymous-share-list new file mode 100644 index 0000000..e71ef27 --- /dev/null +++ b/debian/tests/smbclient-anonymous-share-list @@ -0,0 +1,6 @@ +#!/bin/sh + +set -x +set -e + +smbclient -N -L localhost diff --git a/debian/tests/smbclient-authenticated-share-list b/debian/tests/smbclient-authenticated-share-list new file mode 100644 index 0000000..9fcaf43 --- /dev/null +++ b/debian/tests/smbclient-authenticated-share-list @@ -0,0 +1,18 @@ +#!/bin/sh + +set -x +set -e + +. debian/tests/util + +username="smbtest$$" +password="$$" + +add_user "${username}" "${password}" + +echo "Testing with incorrect password: must fail" +smbclient -L localhost -U "${username}"%wrongpass && exit 1 + +echo "Testing with correct password: must work" +smbclient -L localhost -U "${username}"%"${password}" + diff --git a/debian/tests/smbclient-share-access b/debian/tests/smbclient-share-access new file mode 100644 index 0000000..b124c0c --- /dev/null +++ b/debian/tests/smbclient-share-access @@ -0,0 +1,23 @@ +#!/bin/sh + +set -x +set -e + +. debian/tests/util + +username="smbtest$$" +password="$$" +add_user "${username}" "${password}" + +myshare="myshare$$" +add_share "${myshare}" + +echo "Creating file with random data and computing its md5" +populate_share "${myshare}" "${username}" + +rm -f downloaded-data +echo "Downloading file and comparing its md5" +smbclient //localhost/"${myshare}" -U "${username}"%"${password}" -c "get data downloaded-data" + +mv -f downloaded-data data +md5sum -c data.md5 diff --git a/debian/tests/smbclient-share-access-uring b/debian/tests/smbclient-share-access-uring new file mode 100644 index 0000000..4b7a205 --- /dev/null +++ b/debian/tests/smbclient-share-access-uring @@ -0,0 +1,25 @@ +#!/bin/sh + +set -x +set -e + +. debian/tests/util + +ensure_uring_available + +username="smbtest$$" +password="$$" +add_user "${username}" "${password}" + +myshare="myshare$$" +add_share "${myshare}" io_uring + +echo "Creating file with random data and computing its md5" +populate_share "${myshare}" "${username}" + +rm -f downloaded-data +echo "Downloading file and comparing its md5" +smbclient //localhost/"${myshare}" -U "${username}"%"${password}" -c "get data downloaded-data" + +mv -f downloaded-data data +md5sum -c data.md5 diff --git a/debian/tests/util b/debian/tests/util new file mode 100644 index 0000000..4278ee7 --- /dev/null +++ b/debian/tests/util @@ -0,0 +1,68 @@ +#!/bin/sh + +# $1: share name +# $2: comma separated list of vfs_objects to use, if any +add_share() { + local share="$1" + local vfs="$2" + if ! testparm -s 2>&1 | grep -E "^\[${share}\]"; then + echo "Adding [${share}] share" + cat >> /etc/samba/smb.conf <<EOFEOF +[${share}] + read only = no + guest ok = no + path = /${share} +EOFEOF + if [ -n "${vfs}" ]; then + echo "vfs objects = ${vfs}" >> /etc/samba/smb.conf + fi + systemctl restart smbd.service + else + echo "Share [${share}] already exists, continuing" + fi +} + +# $1: username +# $2: password +add_user() { + local username="$1" + local password="$2" + + echo "Creating a local and samba user called ${username}" + useradd -m "${username}" + echo "Setting samba password for the ${username} user" + printf '%s\n%s\n' "${password}" "${password}" | smbpasswd -s -a ${username} +} + +# $1: share name +populate_share() { + local sharename="$1" + local usergroup="$2" + local sharepath="/${sharename}" + + mkdir -p "${sharepath}" + dd if=/dev/urandom bs=4096 count=1000 2>/dev/null | base64 > "${sharepath}/data" + cd "${sharepath}" + md5sum data > data.md5 + chown -R "${usergroup}:${usergroup}" "${sharepath}" +} + +ensure_uring_available() { + + # uring is supported starting with kernel 5.1.x + local kver=$(uname -r) + case "$kver" in + ( [0-4].* | 5.0.* ) # everything before 5.1 + echo "uring not available in kernel version ${kver%%-*}, skipping test" + exit 77 + ;; + esac + + # ubuntu does not build liburing on i386, + # so io_uring vfs object is unavailable too + : ${DEB_HOST_MULTIARCH:=$(dpkg-architecture -qDEB_BUILD_MULTIARCH)} + if [ ! -f /usr/lib/$DEB_HOST_MULTIARCH/samba/vfs/io_uring.so ]; then + echo "io_uring vfs object is not available on this architecture, skipping test" + exit 77 + fi +} diff --git a/debian/update-apparmor-samba-profile b/debian/update-apparmor-samba-profile new file mode 100644 index 0000000..5ad9194 --- /dev/null +++ b/debian/update-apparmor-samba-profile @@ -0,0 +1,75 @@ +#!/bin/bash + +# update apparmor profile sniplet based on samba configuration +# +# This script creates and updates a profile sniplet with permissions for all +# samba shares, except +# - paths with variables (anything containing a % sign) +# - "/" - if someone is insane enough to share his complete filesystem, he'll have +# to modify the apparmor profile himself + +# (c) Christian Boltz 2011-2019 +# This script is licensed under the GPL v2 or, at your choice, any later version. + + +# exit silently - used if no profile update is needed +silentexit() { + # echo "$@" + exit 0 +} + +# exit with an error message +verboseexit() { + echo "$@" >&2 + exit 1 +} + +# if you change this script, _always_ update the version to force an update of the profile sniplet +versionstring="${0##*/} 1.2+deb" + +aastatus="/usr/sbin/aa-status" +aaparser="/sbin/apparmor_parser" +loadedprofiles="/sys/kernel/security/apparmor/profiles" + +smbconf="/etc/samba/smb.conf" +smbd_profile="/etc/apparmor.d/usr.sbin.smbd" +profilesniplet="/etc/apparmor.d/samba/smbd-shares" +tmp_profilesniplet="/etc/apparmor.d/samba/smbd-shares.new" + +# test -x "$aastatus" || silentexit "apparmor not installed" +# "$aastatus" --enabled || silentexit "apparmor not loaded (or not running as root)" +test -e "$loadedprofiles" || silentexit "apparmor not loaded" +test -d "/etc/apparmor.d/samba" || silentexit "directory for samba profile snippet doesn't exist" +test -r "$loadedprofiles" || verboseexit "no read permissions for $loadedprofiles - not running as root?" + +widelinks=$(testparm -s --parameter-name "wide links" 2>/dev/null) +test "$widelinks" == "Yes" && { + echo "[$(date '+%Y/%m/%d %T')] $(basename $0)" + echo ' WARNING: "wide links" enabled. You might need to modify the smbd apparmor profile manually.' +} >> /var/log/samba/log.smbd + +grep -q "$versionstring" "$profilesniplet" && { + test "$smbconf" -nt "$profilesniplet" || silentexit "smb.conf is older than the AppArmor profile sniplet" +} + +{ + echo "# autogenerated by $versionstring at samba start - do not edit!" + echo "" + testparm -s 2>/dev/null |sed -n '/^[ \t]*path[ \t]*=[ \t]*[^% \t]\{2,\}/ s§^[ \t]*path[ \t]*=[ \t]*\([^%]*\)$§"\1/" rk,\n"\1/**" rwkl,§p' +} > "$tmp_profilesniplet" + +diff "$profilesniplet" "$tmp_profilesniplet" >/dev/null && { + rm -f "$tmp_profilesniplet" + touch "$profilesniplet" # update timestamp - otherwise we'll have to check again on the next run + silentexit "profile sniplet unchanged" +} + +mv -f "$tmp_profilesniplet" "$profilesniplet" + +grep -q '^/usr/sbin/smbd (\|^smbd (' /sys/kernel/security/apparmor/profiles || silentexit "smbd profile not loaded" + +echo "Reloading updated AppArmor profile for Samba..." + +# reload profile +"$aaparser" -r "$smbd_profile" + diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..d0e8c85 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,3 @@ +--- +Repository: https://git.samba.org/samba.git +Bug-Database: https://bugzilla.samba.org/ diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 0000000..e54d8f0 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF/gkNQBEAC8EYGtbvKJNJLxuYTjmqyEe/gTEXEUSJy/8qn01iQl7rN0xvp9 +HJvWDFMiJOXGJPPiZEKO3AwpU6S5RRXM+qXpkdKp3LgcLZB+M1Wj8BfMEMWAt92C +rfhM8LMJcrT8DPOXEH8nPA2Mgkmm70ebVcuzBXSTW2+nTHTr2I7iP/ShLoRSpI4X +LYTuoWw93Hrh0ZjiCdpUt92GOYNmjDkbe46tYi8PxUT3B9brF6KVMVE6Rt9IkQBQ +lT2M/+AFny1ZLFsfg1yVp6k/3s5+4tciNqPzGkHlgnxTh7Ng/+P39ys0FAA0dZbP +yXPvWVRiarFSdSD8BsnS7JIl5ihz8PpIV2ibw1B2tGUnMJdZ1ZwSDEpH2ZLC/nsd +k/0lYWvcwCJHEoUKe6sVb7M7l3YyOaxPIk9B+I278zjMiLgBI7tK3RpovVuYMBhZ +V0sg0rmx85Ge83igtsA27Zw3BypeAFlpiiFE0urwSy42VVJ53aBgPGE7uW0a7SKm +XDkXdeFE+WMs9hVAPMuXdp/b3KTsly7TO882bZ6Z+P8rm8b5iIGjCoEx5ooMxzpS +PSRN+u1GNxS1yHf4RgzPkPwj95Fa+lVFG3VmrruH2xO1V07gksN66cxkMV3VpLtK +VaZJyo1HQN2ZZFIAPSHbWCS+q9y6NVhlpZUB1jT1SXuLIYApI60GAUECSwARAQAB +tDpTYW1iYSBEaXN0cmlidXRpb24gVmVyaWZpY2F0aW9uIEtleSA8c2FtYmEtYnVn +c0BzYW1iYS5vcmc+iQJUBBMBCgA+FiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAl/g +kNQCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQqplEL7aAtiCq +BRAAnB1C9+oXrq+Vg+lxgB998ucI4T9YopiIjc9TXwO5/n/YeyOV2TgwpGnPud5I +yMGY7E0f5p2crUMDpQOcqtWGS1O5PD7fZ4YtsiP+XHO2kDMHFIu0pc6N/OrPW2QT +jl+pRFmm1Td6kZqtNnHxqS+s2Iz87ggEtN/NMdBQDawcSpe/vN3e5VH88bkToQn0 +3AWbj/xrx/alSGNd9NlrBrdLDXz90mlmUOUljpWrlZc49FGcYOCon74/FfiLfyLn +A9rR6g5kWKLRRx+/vIVup0mThcjacPShj2Mjf2Cz5GqRb+ylqGMA64V2f5KE1lC4 +8G4uDx8aHfFfk0tfC+iHH4F6CjNxbZHF9M36ZyoQofxCpIzvto2XGLT6nNCIApXK +OYoTck8dWBy2A6fbfUybGQjBxdlumGjgTbVX++MRw9dq59fVrfrukPfdMdlrN+Yu +RHXlFUE2rS6wvc/q/ZaGj3jXxSHtGflFn8u3veBkUflgej4WrPvt8ot0elmShVGW +lSxXTWsSOxcBMLViooLEoskE0o37wlw2b6oOKAZwAQ3C4a7TKx/lEY9597nBQa0H +EkrwtKmmOqUkh6yosbZJXuXaiGt7C4Fy8yF2CpFD1mndqMJGnCcBSobwU4KxI0cX +lztWkOCsWER+7NiBoDOj+6kNQNvJPEv94D3Bmb/LIZi4I5y5Ag0EX+CQ1AEQAM7t +Fdior0EFkr9C0W3zF27jK5qgdDhz8eSxmUIJPxmrB2UZfLEczmXhwbbNplxanAQ3 +E6uyrL9Ra9JMxmGAieqSVI6lbYU/G0HrtZKSq8DPjpNi+Tg5ubNBATfDAqjkKR3r +MaCRs8Vv+ccX6avYWdJSmAoqKORCQr3ZdviG2aKrLmTRDInPyO7hJHgofu51bqD5 +Ohn8Wyjj3hrDyA17MI0zeJpMKQO9My5BfWOF0XxNz3EtJCeuUC03GmV1Up+WI04w +XUppDUJapWl+YGPdsusExKGCfHaxgclfImdT5C+YkHJhBFqFfjZq08Rv5jE4qQ50 +8vrgCPfVkF58TgO8dr6uCsV+6baTIOGrW1reraKDCSmQYKGKw1S/N9En/PzV3O7o +dCPdnRvRpto7qV+dpVAzRnbY7I164VkEVdZeqMqQZCGPeHspdEwlcAWSTkyNNJIo +rfInt38y4+XQtEuq2A9Yelvr7PZNGkCO+x60vEwGAs/xpqe+YrXd9+Mh5DUFSs1S +H3Z0xLD3ArZ6DqXFm6dXY5B08fWxYDoUkE2poAGvLqzqAIKnZEh0CDCdBeF9r0Q8 +EgpgxvWRn2dhA+iPczH9n5rldZpRWI05qXj2gFGXvzDlsn1RTbb1Jg6kiHQVx095 +Y8ZWk8iyhUL9yM5u0dfvE6HwrPq20lZTbF5neMHZABEBAAGJAjwEGAEKACYWIQSB +9eKDK9JUWhiXtxOqmUQvtoC2IAUCX+CQ1AIbDAUJA8JnAAAKCRCqmUQvtoC2IHB5 +EACYW9nnultXQ7WBCWcSN5/Rn0yshFbrylZ3dc19X6gGlvMDNUJtej9FzY/D+aY2 +wO0PEtbJRfXb0jFQ1+xucLvanqY2jpBcZTvy+5BATDyrYJTvQTtFiaxVFyWolksR +JL+iLs7RyFbsmH8P4P77hQNIhRVe8tBqbGvRKXddnAoXm7zcK4sLJg03O7rDuOhi +hgX9AKiAkYoAJesYHXPMT+2wRY3bVsuSRLSnWT9BtQa0IX9K/llQuL0ADicgG51H +suGBpYW9jjEngzhUmzGRQFmzJ2s848HDYRlT95nKtfEOE0qq9wObJRQkAj9LLnwk +sMIssTy3BHGdz7bum21FAMkMsEfsxYV9xIX9SkeJYfTIct8/lU0h57FINb5fLKF8 +7hqX66/Ib9MUxN1UnU3Zje5pXoFHYkFGMVhKdBZbxaYN/eXVmheIvpGDuWgw7Ggo +teFxe1ltp4hfiyfRL5VKQ5HW7pujC9yauL8Radcd3EsUUHRqTrh+Gy9MTMdKuHDJ +dmLsaCe5s/lHXAFT8ISRs82KsKzmu1d1uS+Kr7m+qRGODtolPDUXhOKsak/UpHjI +VZMQ9EZ/VnGQ4tkIySUpYxw/XFbnIrj1B+OtxXYE21nkWTwE5/+pWzqCkNhVUj1H +io3KuW9PvzErxENn/L44gOHhMePZ3AHR865m4ghEameeXw== +=nGpF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..950b04e --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=4 +opts=uversionmangle=s/tp/~alpha1~tp/;s/alpha/~alpha/;s/beta/~beta/;s/rc/~rc/,dversionmangle=s/\+dfsg\d*$//,pgpsigurlmangle=s/tar\.gz/tar.asc/,decompress,repacksuffix=+dfsg https://download.samba.org/pub/samba/ samba-(4\.20\..*).tar.gz diff --git a/debian/winbind.NEWS b/debian/winbind.NEWS new file mode 100644 index 0000000..10fd2a4 --- /dev/null +++ b/debian/winbind.NEWS @@ -0,0 +1,10 @@ +samba (2:3.5.11~dfsg-3) unstable; urgency=low + + PAM modules and NSS modules have been split out from the winbind + package into libpam-winbind. + + If Recommends: installs are disabled on your system you may need + to manually install the libpam-winbind package after upgrading + from former versions of winbind (for instance from squeeze) + + -- Steve Langasek <vorlon@debian.org> Fri, 21 Oct 2011 20:00:13 +0000 diff --git a/debian/winbind.default b/debian/winbind.default new file mode 100644 index 0000000..3ef6e88 --- /dev/null +++ b/debian/winbind.default @@ -0,0 +1,11 @@ +# Defaults for winbind initscript +# sourced by /etc/init.d/winbind +# + +# +# This is a POSIX shell fragment +# + + +# Winbind configuration +#WINBINDD_OPTS="-n" diff --git a/debian/winbind.init b/debian/winbind.init new file mode 100644 index 0000000..0c760eb --- /dev/null +++ b/debian/winbind.init @@ -0,0 +1,57 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: winbind +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Should-Start: samba +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Samba Winbind daemon +# Description: Name Service Switch daemon for resolving names from NT servers +### END INIT INFO + +NAME=winbindd +DAEMON=/usr/sbin/$NAME +PIDFILE=/run/samba/$NAME.pid +DESC="Samba Winbind daemon" +SCRIPT=winbind + +# clear conflicting settings from the environment +unset TMPDIR + +test -x $DAEMON || exit 0 +/usr/share/samba/is-configured $NAME || exit 0 + +[ -r /etc/default/samba ] && . /etc/default/samba +[ -r /etc/default/$SCRIPT ] && . /etc/default/$SCRIPT + +. /lib/lsb/init-functions + +case "$1" in + (start) + log_daemon_msg "Starting $DESC" $NAME + start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $WINBINDD_OPTS $WINBINDOPTIONS + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE + log_end_msg $? + ;; + (reload) + log_daemon_msg "Reloading $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc -p $PIDFILE $DAEMON $NAME + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/winbind.install b/debian/winbind.install new file mode 100755 index 0000000..4ef9447 --- /dev/null +++ b/debian/winbind.install @@ -0,0 +1,20 @@ +#!/usr/bin/dh-exec --with-scripts=filter-arch,filter-build-profiles +<pkg.samba.mitkrb5> usr/lib/*/samba/krb5/winbind_krb5_localauth.so +<pkg.samba.mitkrb5> usr/share/man/man8/winbind_krb5_localauth.8 +usr/bin/ntlm_auth +usr/bin/wbinfo +usr/lib/*/samba/idmap +usr/lib/*/samba/krb5/async_dns_krb5_locator.so +usr/lib/*/samba/krb5/winbind_krb5_locator.so +usr/lib/*/samba/libidmap-private-samba.so.0 +usr/lib/*/samba/libnss-info-private-samba.so.0 +usr/lib/*/samba/nss_info/hash.so +usr/lib/*/samba/nss_info/rfc2307.so +usr/lib/*/samba/nss_info/sfu.so +usr/lib/*/samba/nss_info/sfu20.so +usr/sbin/winbindd +usr/share/man/man1/ntlm_auth.1 +usr/share/man/man1/wbinfo.1 +usr/share/man/man8/idmap_*.8 +usr/share/man/man8/winbind_krb5_locator.8 +usr/share/man/man8/winbindd.8 diff --git a/debian/winbind.links b/debian/winbind.links new file mode 100644 index 0000000..7b4f486 --- /dev/null +++ b/debian/winbind.links @@ -0,0 +1,2 @@ +/usr/share/bug/samba-common/presubj /usr/share/bug/winbind/presubj +/usr/share/bug/samba-common/script /usr/share/bug/winbind/script diff --git a/debian/winbind.lintian-overrides b/debian/winbind.lintian-overrides new file mode 100644 index 0000000..03bde9a --- /dev/null +++ b/debian/winbind.lintian-overrides @@ -0,0 +1,7 @@ +# manpages for idmap modules: +winbind: spare-manual-page */man/man8/idmap_* +# more modules: +winbind: spare-manual-page */man/man8/winbind_krb5_locator.8* +winbind: hardening-no-fortify-functions */samba/idmap/hash.so* +winbind: hardening-no-fortify-functions */samba/idmap/tdb2.so* +winbind: hardening-no-fortify-functions */samba/nss_info/hash.so* diff --git a/debian/winbind.maintscript b/debian/winbind.maintscript new file mode 100644 index 0000000..b1de051 --- /dev/null +++ b/debian/winbind.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/logrotate.d/winbind 2:4.19.4+dfsg-3~ diff --git a/debian/winbind.pam-config b/debian/winbind.pam-config new file mode 100644 index 0000000..3079439 --- /dev/null +++ b/debian/winbind.pam-config @@ -0,0 +1,19 @@ +Name: Winbind NT/Active Directory authentication +Default: yes +Priority: 192 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass +Auth-Initial: + [success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_winbind.so +Password-Type: Primary +Password: + [success=end default=ignore] pam_winbind.so try_authtok try_first_pass +Password-Initial: + [success=end default=ignore] pam_winbind.so +Session-Type: Additional +Session: + optional pam_winbind.so diff --git a/debian/winbind.postinst b/debian/winbind.postinst new file mode 100644 index 0000000..9aadab3 --- /dev/null +++ b/debian/winbind.postinst @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +# in 4.17.4+dfsg-3 we stopped masking services, unmask them here +if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~ +then + for s in winbind; do + if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ] + then + rm -f /etc/systemd/system/$s.service + fi + done +fi + +if [ configure = "$1" -a ! "$2" ] # only do this if not upgrading +then + # groupadd --force: ok if group already exist + groupadd --system --force winbindd_priv + dir=/var/lib/samba/winbindd_privileged + [ -d $dir ] || install -d -m 0750 -g winbindd_priv $dir +fi + +#DEBHELPER# diff --git a/debian/winbind.postrm b/debian/winbind.postrm new file mode 100644 index 0000000..10ab864 --- /dev/null +++ b/debian/winbind.postrm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e +if [ "$1" = purge ]; then + rm -rf /var/lib/samba/winbindd_privileged/ + rm -f \ + /var/cache/samba/netsamlogon_cache.tdb \ + /var/lib/samba/winbindd_cache.tdb \ + /var/log/samba/log.winbind* \ + /var/log/samba/log.wb* \ + /run/samba/winbindd.pid +fi + +#DEBHELPER# diff --git a/debian/winbind.service b/debian/winbind.service new file mode 100644 index 0000000..190c868 --- /dev/null +++ b/debian/winbind.service @@ -0,0 +1,16 @@ +[Unit] +Description=Samba Winbind Daemon +Documentation=man:winbindd(8) man:samba(7) man:smb.conf(5) +After=network.target nmb.service + +[Service] +Type=notify +PIDFile=/ruin/samba/winbindd.pid +EnvironmentFile=-/etc/default/samba +ExecStart=/usr/sbin/winbindd --foreground --no-process-group $WINBINDOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +LimitCORE=infinity +ExecCondition=/usr/share/samba/is-configured winbind + +[Install] +WantedBy=multi-user.target |