[Pkg-samba-maint] Review and help test Wheezy LTS update of Samba

Roberto C. Sánchez roberto at connexer.com
Sat Apr 1 02:12:08 UTC 2017


All,

I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS.  The
update incorporates some cherry-picked commits from upstream, the fix
for CVE-2017-2619, and a fix for a regression introduced by upstream's
fix for the CVE.

I have placed the packages here:

https://people.debian.org/~roberto/

The packages are signed with my GPG key that is in the Debian keyring
(0x7731FCCC63E4E277), though I have the upload distribution set as
UNRELESED until I am ready to actually upload.

Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12:

 changelog                                            |   44 
 patches/CVE-2017-2619-prerequisites.patch            |  270 ++++
 patches/CVE-2017-2619-race-condition-fix.patch       | 1150 +++++++++++++++++++
 patches/CVE-2017-2619-regression-bug-12721-fix.patch |  179 ++
 patches/series                                       |    3 
 5 files changed, 1646 insertions(+)

As the statistics show, the changes are somewhat large.  I have attached
the full debdiff to this email and uploaded it alongside the packages as
well.

I would appreciate someone looking over the changes to give me a sanity
check and for any people who can to test them.  I was not successful in
reproducing the "follow symlinks = no" regression, so if someone has
been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then
it would be great if they could test that configuration with the
3.6.6-6+deb7u12 packages to ensure that it works.  I was able to perform
some other limited testing and I did not encounter any issues there.

I will wait until the end of next week, Friday, April 7th, for feedback.
Unless there are any reports of problems with the packages I have
prepared, I will update the upload distribution, upload the packages,
and publish the DLA.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba_3.6.6-6+deb7u11_3.6.6-6+deb7u12.diff.xz
Type: application/x-xz
Size: 10908 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170331/93f14c0d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170331/93f14c0d/attachment.sig>


More information about the Pkg-samba-maint mailing list