2017-04-01 4:12 GMT+02:00 Roberto C. Sánchez <robe...@connexer.com>: > All, Hello Roberto,
> I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS. The > update incorporates some cherry-picked commits from upstream, the fix > for CVE-2017-2619, and a fix for a regression introduced by upstream's > fix for the CVE. > > I have placed the packages here: > > https://people.debian.org/~roberto/ > > The packages are signed with my GPG key that is in the Debian keyring > (0x7731FCCC63E4E277), though I have the upload distribution set as > UNRELESED until I am ready to actually upload. > > Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12: > > changelog | 44 > patches/CVE-2017-2619-prerequisites.patch | 270 ++++ > patches/CVE-2017-2619-race-condition-fix.patch | 1150 > +++++++++++++++++++ > patches/CVE-2017-2619-regression-bug-12721-fix.patch | 179 ++ > patches/series | 3 > 5 files changed, 1646 insertions(+) > > As the statistics show, the changes are somewhat large. I have attached > the full debdiff to this email and uploaded it alongside the packages as > well. > > I would appreciate someone looking over the changes to give me a sanity > check and for any people who can to test them. I was not successful in > reproducing the "follow symlinks = no" regression, so if someone has > been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then > it would be great if they could test that configuration with the > 3.6.6-6+deb7u12 packages to ensure that it works. I was able to perform > some other limited testing and I did not encounter any issues there. Have you tried reproducing #858648? I was reproducing it with a simple: [guestok] comment = Welcome guests path = /srv/samba/guestok ; mkdir+chmod 777 guest ok = yes read only = false vfs objects = shadow_copy2 > I will wait until the end of next week, Friday, April 7th, for feedback. > Unless there are any reports of problems with the packages I have > prepared, I will update the upload distribution, upload the packages, > and publish the DLA. I won't have time to test it myself, sorry>. > Regards, Regards > -Roberto > > -- > Roberto C. Sánchez > http://people.connexer.com/~roberto > http://www.connexer.com -- Mathieu
