Merge lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 into lp://staging/ubuntu/lucid/likewise-open

Proposed by Scott Salley
Status: Needs review
Proposed branch: lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272
Merge into: lp://staging/ubuntu/lucid/likewise-open
Diff against target: 1427 lines (+1234/-32)
14 files modified
debian/changelog (+49/-0)
debian/control (+7/-6)
debian/likewise-open.postinst (+34/-19)
debian/likewise-open.preinst (+9/-7)
debian/likewise-open.prerm (+9/-0)
debian/patches/assume_default_domain.diff (+334/-0)
debian/patches/disable_dcerpc_auto_start.diff (+26/-0)
debian/patches/ignore_group_update_failure_on_leave.diff (+37/-0)
debian/patches/lp-security-CVE-2010-0833.diff (+390/-0)
debian/patches/lsass_turn_off_ncacn_ip_tcp.diff (+39/-0)
debian/patches/lwupgrade_multi_sz.diff (+77/-0)
debian/patches/offline_v2.diff (+201/-0)
debian/patches/reg_import_multi_sz.diff (+14/-0)
debian/patches/series (+8/-0)
To merge this branch: bzr merge lp://staging/~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272
Reviewer Review Type Date Requested Status
Dustin Kirkland  Needs Fixing
Review via email: mp+42422@code.staging.launchpad.net

Description of the change

These changes have been sitting in a PPA and tested by users and our QA team for a long while.

The changelog describes the changes in more detail but here is a short summary of fixed bugs:
lp:534629 AssumeDefaultDomain does not work
lp:575152 RequireMembershipOf Does Not Work
lp:591893 likewise-open depends on psmisc
lp:605326 Likewise open 5 or 6 conflicts with winbind
lp:572271 CacheEntryExpire setting ignored & default value of 4 hours is too
low
lp:574443 likewise-open5 upgrade mangles RequireMembershipOf settings

Additionally, many bugs dealing with installation and upgrading were corrected but matching them up to bug reports is difficult to do reproducibility.

To post a comment you must log in.
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Hi there Scott,

Reviewing this merge proposal, a couple of comments...
 1) To note that a bug is fixed in the changelog, please use this syntax: "LP: #575019", rather than "LP BUG 575019"
 2) Usually, SRUs are held to a pretty tight standard, typically fixing one or two issues; this merge fixes 9 bugs
 3) Each of those 9 bugs are going to need an SRU statement in the main body, explaining a) the impact, b) an explanation of how the bug is fixed, c) a pointer to the commit or minimal patch that solves that one issue, d) detailed instructions on how to reproduce the bug, e) a description of the regression potential
   - See: https://wiki.ubuntu.com/StableReleaseUpdates

I'll be happy to sponsor this as soon as (1) is trivially fixed in your branch, and as soon as each bug is updated per (2). Then, the package will go into the -proposed queue, and we'll need you or someone else to go through each of those 9 bugs and work their way through the reproduce instructions, noting if the new package fixes the known bugs and does cause regression.

Thanks!
Dustin

review: Needs Fixing

Unmerged revisions

18. By Scott Salley

* patches/ignore_group_update_failure_on_leave.diff: Added upstream patch
  to prevent "domainjoin-XXX leave" from failing if user/admin domain
  groups could not be removed from the builtin user/admin groups
  (LP BUG 575019)
* patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain
  (LP BUG 534629)
* patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271)
* patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values
  more robust (e.g. "RequireMembershipOf" LP BUG 574443)
* patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings
  that use the "\" character (LP BUG 575152)
* Added missing dependencies that prevent distribution and package upgrades
  from succeeding:
  - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
  - debian/control: Added psmisc (LP BUG 591893)
* Added statements to kill hung daemons that may prevent distribution and
  package upgrades from succeeding (LP BUG 621980):
  - debian/control: Added procps for pkill
  - debian/likewise-open.postinst, debian/likewise-open.preinst: Added
    explict kill for daemons that may hang
* debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
  like Scott Salley to handle likewise-open.

17. By Gerald Carter <email address hidden>

Fix lsassd crash due to invalid hDirectory handle (LP: #610300).

16. By Scott Salley

* SECURITY UPDATE: local access restrictions bypass.
  - Set the Administrator account as disabled when first provisioned.
  - Explicitly mark lsassd local provider accounts accounts as disabled
    if the account exists in its initial provisioned state
  - Force pam password changes, when run under the context of root services,
    to require the existing password for authentication
  - Enforce the "user cannot change password" field on local provider
    account in the provider interface as well as the RPC server interface
  - CVE-2010-0833
* likewise-open.postinst
  - Ensure that lsassd is properly restarted after upgrade

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches