samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
      protection
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 12 Apr 2016 07:26:29 -0400

samba (2:4.3.6+dfsg-1ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \serverusername to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 09 Mar 2016 08:49:12 -0500

samba (2:4.3.6+dfsg-1) unstable; urgency=medium

  * New upstream release.
   + Fixes:
    - CVE-2015-7560: Incorrect ACL get/set allowed on symlink path.
    - CVE-2016-0771 (Out-of-bounds read in internal DNS server.

 -- Jelmer Vernooij <jelmer@debian.org>  Sat, 27 Feb 2016 23:28:53 +0000

samba (2:4.3.5+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Fixed usershare.patch to apply against new version.
  * Loosen dependencies on ldb to ldb >= 1.1.21, per upstream.
  * Drop patch sockets-with-htons.patch: applied upstream.
  * Bump standards version to 3.9.7 (no changes).

 -- Jelmer Vernooij <jelmer@debian.org>  Sat, 05 Mar 2016 15:56:42 +0000

samba (2:4.3.3+dfsg-2) unstable; urgency=medium

  [ Jelmer Vernooij ]
  * Add dependency on libtevent-dev in samba-dev.

  [ Mathieu Parent ]
  * Fix CTDB behavior since CVE-2015-8543 (Closes: #813406)

 -- Mathieu Parent <sathieu@debian.org>  Thu, 04 Feb 2016 13:25:01 +0100

samba (2:4.3.3+dfsg-1ubuntu3) xenial; urgency=medium

  * No-change rebuild for gnutls transition.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:43 +0000

samba (2:4.3.3+dfsg-1ubuntu2) xenial; urgency=medium

  * Fixes regression introduced by debian/patches/CVE-2015-5252.patch.
    (LP: #1545750)

 -- Dariusz Gadomski <dariusz.gadomski@canonical.com>  Mon, 15 Feb 2016 16:05:12 +0100

samba (2:4.3.3+dfsg-1ubuntu1) xenial; urgency=medium

  * Merge with Debian; remaining changes:
    + debian/VERSION.patch: Update vendor string to "Ubuntu".
    + debian/smb.conf;
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] share, and add a comment about "valid users = %s"
         to show users how to restrict access to \serverusername to only username.
    + debian/samba-common.config:
      - Do not change prioritiy to high if dhclient3 is installed.
    + debian/control:
      - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev
    + Add ufw integration:
      - Created debian/samba.ufw.profile:
      - debian/rules, debian/samba.install: install profile
    + Add apport hook:
      - Created debian/source_samba.py.
      - debian/rules, debia/samb-common-bin.install: install hook.
    + d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
      pam_winbind krb5_ccache_type=FILE failure (LP: #1310919)

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 06 Jan 2016 07:41:39 -0500

samba (2:4.3.3+dfsg-1) unstable; urgency=medium

  * New upstream release. Closes: #808133.
   + Drop subunit dependency, no longer used.
   + Drop ntdb dependencies, no longer used.
   + Fixes:
    - CVE-2015-5252: Insufficient symlink verification in smbd
    - CVE-2015-5296: Samba client requesting encryption vulnerable
                     downgrade attack
    - CVE-2015-5299: Missing access control check in shadow copy code
    - CVE-2015-7540: Remote DoS in Samba (AD) LDAP server
    - CVE-2015-8467: Denial of service attack against Windows Active Directory
                     server
    - CVE-2015-3223: Denial of service in Samba Active Directory server
    - CVE-2015-5330: Remote memory read in Samba LDAP server
  * Remove libpam-smbpasswd, which is broken and slated for removal
    upstream. Closes: #799840
  * Remove lib/zlib/contrib/dotzlib/DotZLib.chm from excluded files in
    copyright; no longer shipped upstream.
  * Remove wins2dns.awk example script.
  * Remove the samba-doc package, and move examples files from it to
    relevant other packages. Closes: #769385
  * Move samba-dsdb-modules back from Depends to Recommends, as using
    Samba as a standalone server doesn't require the dsdb modules.

 -- Jelmer Vernooij <jelmer@debian.org>  Fri, 18 Dec 2015 01:18:42 +0000

samba (2:4.3.0+dfsg-2) experimental; urgency=medium

  * Re-enable cluster support.
   + Build samba-cluster-support as built-in library, since its dependencies
     are broken.

 -- Jelmer Vernooij <jelmer@debian.org>  Mon, 28 Sep 2015 00:34:51 +0000

# For older changelog entries, run 'apt-get changelog libwbclient0'