Accepted samba 2:3.6.6-6+deb7u12 (source amd64 all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted samba 2:3.6.6-6+deb7u12 (source amd64 all) into oldstable
From: roberto@debian.org (Roberto C. Sanchez)
Date: Tue, 11 Apr 2017 13:20:34 +0000
Message-id: <[🔎] E1cxvik-0005Gw-68@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 31 Mar 2017 17:58:52 -0400
Source: samba
Binary: samba samba-common-bin samba-common samba-tools smbclient swat samba-doc samba-doc-pdf libpam-smbpass libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind samba-dbg libwbclient0 libwbclient-dev
Architecture: source amd64 all
Version: 2:3.6.6-6+deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description: 
 libnss-winbind - Samba nameservice integration plugins
 libpam-smbpass - pluggable authentication module for Samba
 libpam-winbind - Windows domain authentication integration plugin
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient-dev - Samba winbind client library - development files
 libwbclient0 - Samba winbind client library
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - common files used by both the Samba server and client
 samba-dbg  - Samba debugging symbols
 samba-doc  - Samba documentation
 samba-doc-pdf - Samba documentation in PDF format
 samba-tools - Samba testing utilities
 smbclient  - command-line SMB/CIFS clients for Unix
 swat       - Samba Web Administration Tool
 winbind    - Samba nameservice integration server
Changes: 
 samba (2:3.6.6-6+deb7u12) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
     - CVE-2017-2619: symlink race permits opening files outside share directory
   * Cherry-pick the following upstream changes required for CVE-2017-2619:
     - s3: smbd: Maintain a back-pointer to the fsp in struct smb_Dir.
     - s3: vfs: Change vfs_dirsort.c from MALLOC -> TALLOC.
     - s3: vfs: Protect against early error in SMB_VFS_NEXT_READDIR.
     - s3: vfs: Use an index i rather than re-using a state variable.
     - s3: vfs: Protect open_and_sort_dir() from the directory changing size.
     - s3: vfs: Clean error paths in opendir and fd_opendir.
     - s3: vfs: Check SMB_VFS_NEXT_OPENDIR return in dirsort_opendir().
     - s3: vfs: Convert mtime from a time_t to a struct timespec.
     - s3: vfs: Remove the use of dirfd inside the vfs_dirsort.c.
   * CVE-2017-2619 requires the following changes:
     - s3: smbd: re-open directory after dptr_CloseDir()
     - s3: vfs: dirsort doesn't handle opendir of "." correctly.
     - s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same
       path as streams_xattr_recheck().
     - vfs_streams_xattr: use fsp, not base_fsp
     - s3: smbd: Create wrapper function for OpenDir in preparation for making
       robust.
     - s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
     - s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
     - s3: smbd: OpenDir_fsp() use early returns.
     - s3: smbd: OpenDir_fsp() - Fix memory leak on error.
     - s3: smbd: Move the reference counting and destructor setup to just before
       retuning success.
     - s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported
       on system.
     - s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
     - s3: smbd: Move special handling of symlink errno's into a utility
       function.
     - s3: smbd: Add the core functions to prevent symlink open races.
     - s3: smbd: Use the new non_widelink_open() function.
   * The initial CVE-2017-2619 fix caused a regression when the configuration
     option "follow symlink = no" was set, requiring these changes:
     - s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496
       (CVE-2017-2619).
     - s3: smbd: Fix "follow symlink = no" regression part 2.
     - s3: smbd: Fix "follow symlink = no" regression part 2.
   * The regression fix was accompanied by these unit test changes/updates:
     - s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
     - s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
     - s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Checksums-Sha1: 
 2f4d99f7ab6dd0d0feb8b7cf9c1954e2e22a84de 3093 samba_3.6.6-6+deb7u12.dsc
 ed52b3ed1896627c13acc7592486d9eee0f5cd05 535109 samba_3.6.6-6+deb7u12.debian.tar.gz
 1fcea62807cb6486208632f1025ae0fe874c3d61 4310740 samba_3.6.6-6+deb7u12_amd64.deb
 ad6f61b738c274f16eb10561e5039638938f5881 3895238 samba-common-bin_3.6.6-6+deb7u12_amd64.deb
 a11fd587a4f093d7dc15719d35a1499e397b30d5 216824 samba-common_3.6.6-6+deb7u12_all.deb
 e5eba940d9d2540749b7cf82e1c20ca2a0b48aa2 5500660 samba-tools_3.6.6-6+deb7u12_amd64.deb
 afa3c8a8b4becc54ae879c7fd4fc53bc3d3938f7 6031026 smbclient_3.6.6-6+deb7u12_amd64.deb
 04091e90767d18835a189427f07c3deeb315ca5d 1776046 swat_3.6.6-6+deb7u12_amd64.deb
 df487131fa41e0372566f81435fcd08f9accd05d 5778632 samba-doc_3.6.6-6+deb7u12_all.deb
 0437e0e0b717007186991923577bc9df7814ef39 7070450 samba-doc-pdf_3.6.6-6+deb7u12_all.deb
 95ecb8e9b6b024582d08845e7289a50a82a01132 699802 libpam-smbpass_3.6.6-6+deb7u12_amd64.deb
 e2297a2c3fc0d01392abcbd5c4b962ad6d45adba 1569710 libsmbclient_3.6.6-6+deb7u12_amd64.deb
 ae0078342aff4f97409e27075e691d7b39767b90 1905798 libsmbclient-dev_3.6.6-6+deb7u12_amd64.deb
 1256c25627d1d749acc3de14adaeb5c331f764ec 2702140 winbind_3.6.6-6+deb7u12_amd64.deb
 a18eff7213a115f5e34ec01bce2c2189dd7ad42c 106068 libpam-winbind_3.6.6-6+deb7u12_amd64.deb
 0d9cbcab831a3595ca51a7b0757c890d26cd6630 579724 libnss-winbind_3.6.6-6+deb7u12_amd64.deb
 43ee3f3266fdae8d6a8dbc4f757540220be0b18a 76506182 samba-dbg_3.6.6-6+deb7u12_amd64.deb
 e6efcbf3e2c7e41dfbaaf8ab5a930b33a9bcb81b 99426 libwbclient0_3.6.6-6+deb7u12_amd64.deb
 e5fe2b0534c439f691a95dc67f19bb9d6f723b67 86934 libwbclient-dev_3.6.6-6+deb7u12_amd64.deb
Checksums-Sha256: 
 6d127460a8bdbe333841484d8428cbb3fb6e949bbbde977618ffc6cac72cd22c 3093 samba_3.6.6-6+deb7u12.dsc
 1c1ed2fb08b60bac6a49a4ab32732e91cc4f3fa9efa64fbde0a672af1c1e2bdc 535109 samba_3.6.6-6+deb7u12.debian.tar.gz
 9643bfbedf32862b96f0749184be0622fe5fec5e6161d6468398c3e34224ba8b 4310740 samba_3.6.6-6+deb7u12_amd64.deb
 89feb6ca5db2cc79ba9157e5e58eb4e45d9b35daedd32a484defce0a67b2ee64 3895238 samba-common-bin_3.6.6-6+deb7u12_amd64.deb
 8d425ca4721c2b44e74eb309615970c7778a37780cc65a226ece50f573688b27 216824 samba-common_3.6.6-6+deb7u12_all.deb
 926bb354c960f4e28fef2082c4266018d209c17f889e18097cbe440c09d35167 5500660 samba-tools_3.6.6-6+deb7u12_amd64.deb
 fe8c4585c946ec1f70162a73c5423f40ca993e26314f00d13a7bd319ec0e7938 6031026 smbclient_3.6.6-6+deb7u12_amd64.deb
 4eb437eb19959cc052bf37f37d6f0de980f8de968d8f58cfa363482c3d41ccfa 1776046 swat_3.6.6-6+deb7u12_amd64.deb
 65b67eb1007bf32b7ed05e7ce495638ec81d35ce90d4191bf04e2abb9c6874e3 5778632 samba-doc_3.6.6-6+deb7u12_all.deb
 78212be9b092fe0d76f4289627525bb99be2f80ac8ebb05fc2984cd6006297b6 7070450 samba-doc-pdf_3.6.6-6+deb7u12_all.deb
 55fef85ac5f5707016308fc0ed26447f9b350141dc442e815066446c786b24c0 699802 libpam-smbpass_3.6.6-6+deb7u12_amd64.deb
 dfd6f4f8275c358fff76368d270c4b005eee27100f5a8da89e482e8580195c24 1569710 libsmbclient_3.6.6-6+deb7u12_amd64.deb
 7f434b8bc6602c6c41fe37de058abe166e9c34c5d9b8500370babb0e25cf3b31 1905798 libsmbclient-dev_3.6.6-6+deb7u12_amd64.deb
 d61526d7688435f9a1d5c3df8a58a821e893fc534abb2e3a43120e54ecfcd90b 2702140 winbind_3.6.6-6+deb7u12_amd64.deb
 261016fd2cd2f120b22f9da0443b6fd43ace3f6fdce4d1f8e3f6eb882312aa43 106068 libpam-winbind_3.6.6-6+deb7u12_amd64.deb
 6874ffca8ef6d20e0f773b678d6380d7a937d2ec624858cc30419fe28a0dd28d 579724 libnss-winbind_3.6.6-6+deb7u12_amd64.deb
 a2681a390c0f6d6e651be7b24a46e5d74d9b44f6de948498b0c6f529179f748b 76506182 samba-dbg_3.6.6-6+deb7u12_amd64.deb
 75b245fc1b17c8cfe0ff039fee486700f4692c4f88568b5b132547daecd94626 99426 libwbclient0_3.6.6-6+deb7u12_amd64.deb
 dbe1b6dde1de2d242f19f520c0e5fbb35a45bd8eba5ac0379c9d4847c6edc130 86934 libwbclient-dev_3.6.6-6+deb7u12_amd64.deb
Files: 
 634ee55bf6b038461e725d8da11d3b9b 3093 net optional samba_3.6.6-6+deb7u12.dsc
 66e156c75fb80dc288c3be5ea3b60792 535109 net optional samba_3.6.6-6+deb7u12.debian.tar.gz
 f1153b0f2445f55b0a3ca095be5e1d22 4310740 net optional samba_3.6.6-6+deb7u12_amd64.deb
 3a6985f6d3ce49d759028ada41ac1212 3895238 net optional samba-common-bin_3.6.6-6+deb7u12_amd64.deb
 68e1a8ca3bd7b0d41f5d1249022a28dd 216824 net optional samba-common_3.6.6-6+deb7u12_all.deb
 42b78d41387eabc0d56fdda46f3e4fae 5500660 net optional samba-tools_3.6.6-6+deb7u12_amd64.deb
 64b4d1faec5234ac1484862314921728 6031026 net optional smbclient_3.6.6-6+deb7u12_amd64.deb
 de1102bcb0eba5a9ab5b4a075ad056f9 1776046 net optional swat_3.6.6-6+deb7u12_amd64.deb
 04b3f84313bc767483ef903e213f2450 5778632 doc optional samba-doc_3.6.6-6+deb7u12_all.deb
 1b5614c6538dd94f5f7c7e56668e6953 7070450 doc optional samba-doc-pdf_3.6.6-6+deb7u12_all.deb
 97d4ba900092a91e05055388ee040e6b 699802 admin extra libpam-smbpass_3.6.6-6+deb7u12_amd64.deb
 90acbec3091410d54ebe4f9364df9974 1569710 libs optional libsmbclient_3.6.6-6+deb7u12_amd64.deb
 d9003c6653742ed6292b483f588ee63b 1905798 libdevel extra libsmbclient-dev_3.6.6-6+deb7u12_amd64.deb
 a691264d5977b8fb4f29ab53761996be 2702140 net optional winbind_3.6.6-6+deb7u12_amd64.deb
 3a7088f1122694669ea2df25bc97e798 106068 net optional libpam-winbind_3.6.6-6+deb7u12_amd64.deb
 ec143a6dbb13e95f4fce48ee4311695f 579724 net optional libnss-winbind_3.6.6-6+deb7u12_amd64.deb
 932bbbfc4b31d68969d9dc3827748d63 76506182 debug extra samba-dbg_3.6.6-6+deb7u12_amd64.deb
 9de0984edbba53add01586a115754102 99426 libs optional libwbclient0_3.6.6-6+deb7u12_amd64.deb
 03c627ec616231715bf22179d06d0373 86934 libdevel optional libwbclient-dev_3.6.6-6+deb7u12_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJY7NLfAAoJECzXeF7dp7IPw6sP/0L7zYOz3RUlegaIsjQI9K0O
WWIdOz2o4vKWrcmi6n9mdqHDK/sbzc2xF9m1fnGYGx1p0HFILza50KiZZyuPJ8kG
OmzUVX9SZ6orxjZDRYfwYtM3VhDWfiMHncuRX8tDxezDG5ZjGkT/VBkPBEtCNLLz
/CMlGiryBB3Q1KtRgZ8tkwjv5ilPTR1f2v8YkJDm4q7HIWK40CQiuZkSjwYAnB2L
BzMqYnlETItreFnI2IwOc7Ky5fHjITGLv3L0HiGQPAn4ELcfwGx+V7aW+/TYOTdu
v3huQcsaUVbN42KOgDI2to6waPEIUf+ZK60kNvlLsaz0pRnN7su29wLanyhqIsNN
r6SMjH0T/wGOpMTWjQ/sMDBFpVfW8lcEnuHR8H6i9X+2X54lqqoDQEMetYktU796
VFpqtWf/RjtU8InZoWPaouAoai6FFvDMFlXOqp3P0bUb0sRZyYxq4KP8IEbKO6BY
QcR/9Cpeowe0XRbvnNq6KNocJBySRptmBTlwHk13bYR/JCbxUILjYP81MDZi4jc5
rOW4M2plWgkwIKux5ewlbZkyhyNEJhM26OLVQ1XVQPvwVdv1cbQ0O3vd2uk/7mYg
5eyw2IYbYWdrUjmKQkvYTpTM2sTaeqpu0FOBFiOuBgCp8BbKWYbjP0z+WSzfnWig
pJdB5YUerSHobQNjCOgd
=5PhO
-----END PGP SIGNATURE-----
Reply to:
Prev by Date: Accepted bouncycastle 1.44+dfsg-3.1+deb7u2 (source all amd64) into oldstable
Next by Date: Accepted openoffice.org-dictionaries 1:3.3.0~rc10-4+deb7u1 (source all) into oldstable
Previous by thread: Accepted bouncycastle 1.44+dfsg-3.1+deb7u2 (source all amd64) into oldstable
Next by thread: Accepted openoffice.org-dictionaries 1:3.3.0~rc10-4+deb7u1 (source all) into oldstable
Index(es):
- Date
- Thread