[Pkg-samba-maint] Fwd: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download

Roberto C. Sánchez roberto at connexer.com
Fri Mar 31 04:32:37 UTC 2017 

On Thu, Mar 23, 2017 at 11:30:09AM +0100, Mathieu Parent wrote:
> Hi,
> 
> Today samba has released a security fix for a symlink race (leading to
> information disclosure).
> 
> Salvatore will take care of the jessie upload, I have uploaded for
> sid, but we have not done anything on the wheezy side.
> 
> See attached the backported patches for 3.6 (those are from the samba
> bugzilla which is still embargoed).
> 
> Please take care of it.
> 

Hello all,

I have been able to figure out the minimum changes to cherry pick from
the v3-6-stable branch in upstream Git.  The commits are:

8234c6a
629e302
0a3b024
bc3714f
d302cb6
94f7d0c
33ead72
66ee839
77cacee

I was able to concatenate them into a single patch, which applied with
only two offsets.  After that the patch from upstream (3-6-racefix)
applied with a bunch of small offsets.

I have attached the consolidated and quilt-refreshed versions of both
patches to this email.  The patch containing the cherry picked commits
which I have determined to be pre-requisites for upstream's patch is
called 3-6-racefix-prereq.patch.  The other patch file is the
quilt-refreshed version of upstream's patch.

Both of the attached patches apply cleanly to the 3.6.6-6+deb7u11
version of samba currently in wheezy.

I have also built a 3.6.6-6+deb7u12 package with the two patches.  The
packages can be found here:

https://people.debian.org/~roberto/

I still need to clean up the changelog entry.  The packages could use
some testing as well.  I will try to do some testing, but give the scope
of the changes (~850 lines of diff in total) more testing would
certainly be a good thing.

Also, I would appreciate any suggestions/feedback on minimizing the
prereq patch.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3-6-racefix-prereq.patch
Type: text/x-diff
Size: 7074 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170331/ab96c5f4/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3-6-racefix.patch
Type: text/x-diff
Size: 23848 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170331/ab96c5f4/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170331/ab96c5f4/attachment-0001.sig>

More information about the Pkg-samba-maint mailing list