Merge lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 into lp://staging/ubuntu/lucid/likewise-open
Status: | Needs review | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 | ||||||||||||||||||||||||||||
Merge into: | lp://staging/ubuntu/lucid/likewise-open | ||||||||||||||||||||||||||||
Diff against target: |
1427 lines (+1234/-32) 14 files modified
debian/changelog (+49/-0) debian/control (+7/-6) debian/likewise-open.postinst (+34/-19) debian/likewise-open.preinst (+9/-7) debian/likewise-open.prerm (+9/-0) debian/patches/assume_default_domain.diff (+334/-0) debian/patches/disable_dcerpc_auto_start.diff (+26/-0) debian/patches/ignore_group_update_failure_on_leave.diff (+37/-0) debian/patches/lp-security-CVE-2010-0833.diff (+390/-0) debian/patches/lsass_turn_off_ncacn_ip_tcp.diff (+39/-0) debian/patches/lwupgrade_multi_sz.diff (+77/-0) debian/patches/offline_v2.diff (+201/-0) debian/patches/reg_import_multi_sz.diff (+14/-0) debian/patches/series (+8/-0) |
||||||||||||||||||||||||||||
To merge this branch: | bzr merge lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 | ||||||||||||||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Dustin Kirkland | Needs Fixing | ||
Review via email: mp+42422@code.staging.launchpad.net |
Description of the change
These changes have been sitting in a PPA and tested by users and our QA team for a long while.
The changelog describes the changes in more detail but here is a short summary of fixed bugs:
lp:534629 AssumeDefaultDomain does not work
lp:575152 RequireMembershipOf Does Not Work
lp:591893 likewise-open depends on psmisc
lp:605326 Likewise open 5 or 6 conflicts with winbind
lp:572271 CacheEntryExpire setting ignored & default value of 4 hours is too
low
lp:574443 likewise-open5 upgrade mangles RequireMembershipOf settings
Additionally, many bugs dealing with installation and upgrading were corrected but matching them up to bug reports is difficult to do reproducibility.
Unmerged revisions
- 18. By Scott Salley
-
* patches/
ignore_ group_update_ failure_ on_leave. diff: Added upstream patch
to prevent "domainjoin-XXX leave" from failing if user/admin domain
groups could not be removed from the builtin user/admin groups
(LP BUG 575019)
* patches/assume_ default_ domain. diff: Fix regression in AssumeDefaultDomain
(LP BUG 534629)
* patches/offline_ v2.diff: Additional offline logon fixes (LP BUG 572271)
* patches/lwupgrade_ mulit_sz. diff: Make preservation of multi-string values
more robust (e.g. "RequireMembershipOf" LP BUG 574443)
* patches/reg_import_ multi_sz. diff: Fix importing REG_MULTI_SZ strings
that use the "\" character (LP BUG 575152)
* Added missing dependencies that prevent distribution and package upgrades
from succeeding:
- debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
- debian/control: Added psmisc (LP BUG 591893)
* Added statements to kill hung daemons that may prevent distribution and
package upgrades from succeeding (LP BUG 621980):
- debian/control: Added procps for pkill
- debian/likewise- open.postinst, debian/ likewise- open.preinst: Added
explict kill for daemons that may hang
* debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
like Scott Salley to handle likewise-open. - 17. By Gerald Carter <email address hidden>
-
Fix lsassd crash due to invalid hDirectory handle (LP: #610300).
- 16. By Scott Salley
-
* SECURITY UPDATE: local access restrictions bypass.
- Set the Administrator account as disabled when first provisioned.
- Explicitly mark lsassd local provider accounts accounts as disabled
if the account exists in its initial provisioned state
- Force pam password changes, when run under the context of root services,
to require the existing password for authentication
- Enforce the "user cannot change password" field on local provider
account in the provider interface as well as the RPC server interface
- CVE-2010-0833
* likewise-open.postinst
- Ensure that lsassd is properly restarted after upgrade
Hi there Scott,
Reviewing this merge proposal, a couple of comments... /wiki.ubuntu. com/StableRelea seUpdates
1) To note that a bug is fixed in the changelog, please use this syntax: "LP: #575019", rather than "LP BUG 575019"
2) Usually, SRUs are held to a pretty tight standard, typically fixing one or two issues; this merge fixes 9 bugs
3) Each of those 9 bugs are going to need an SRU statement in the main body, explaining a) the impact, b) an explanation of how the bug is fixed, c) a pointer to the commit or minimal patch that solves that one issue, d) detailed instructions on how to reproduce the bug, e) a description of the regression potential
- See: https:/
I'll be happy to sponsor this as soon as (1) is trivially fixed in your branch, and as soon as each bug is updated per (2). Then, the package will go into the -proposed queue, and we'll need you or someone else to go through each of those 9 bugs and work their way through the reproduce instructions, noting if the new package fixes the known bugs and does cause regression.
Thanks!
Dustin