Re: Review and help test Wheezy LTS update of Samba

To: "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: Review and help test Wheezy LTS update of Samba
From: Mathieu Parent <math.parent@gmail.com>
Date: Sat, 1 Apr 2017 21:33:33 +0200
Message-id: <[🔎] CAFX5sbwjc=G_sFeJQQzrKe+N3nFnR=ouY-=ScZdhaEhJpNmyJg@mail.gmail.com>
In-reply-to: <[🔎] 20170401021208.GI29369@connexer.com>
References: <[🔎] 20170401021208.GI29369@connexer.com>

2017-04-01 4:12 GMT+02:00 Roberto C. Sánchez <roberto@connexer.com>:
> All,
Hello Roberto,

> I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS.  The
> update incorporates some cherry-picked commits from upstream, the fix
> for CVE-2017-2619, and a fix for a regression introduced by upstream's
> fix for the CVE.
>
> I have placed the packages here:
>
> https://people.debian.org/~roberto/
>
> The packages are signed with my GPG key that is in the Debian keyring
> (0x7731FCCC63E4E277), though I have the upload distribution set as
> UNRELESED until I am ready to actually upload.
>
> Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12:
>
>  changelog                                            |   44
>  patches/CVE-2017-2619-prerequisites.patch            |  270 ++++
>  patches/CVE-2017-2619-race-condition-fix.patch       | 1150 +++++++++++++++++++
>  patches/CVE-2017-2619-regression-bug-12721-fix.patch |  179 ++
>  patches/series                                       |    3
>  5 files changed, 1646 insertions(+)
>
> As the statistics show, the changes are somewhat large.  I have attached
> the full debdiff to this email and uploaded it alongside the packages as
> well.
>
> I would appreciate someone looking over the changes to give me a sanity
> check and for any people who can to test them.  I was not successful in
> reproducing the "follow symlinks = no" regression, so if someone has
> been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then
> it would be great if they could test that configuration with the
> 3.6.6-6+deb7u12 packages to ensure that it works.  I was able to perform
> some other limited testing and I did not encounter any issues there.

Have you tried reproducing #858648? I was reproducing it with a simple:

[guestok]
comment = Welcome guests
path = /srv/samba/guestok ; mkdir+chmod 777
guest ok = yes
read only = false
vfs objects = shadow_copy2


> I will wait until the end of next week, Friday, April 7th, for feedback.
> Unless there are any reports of problems with the packages I have
> prepared, I will update the upload distribution, upload the packages,
> and publish the DLA.

I won't have time to test it myself, sorry>.

> Regards,

Regards

> -Roberto
>
> --
> Roberto C. Sánchez
> http://people.connexer.com/~roberto
> http://www.connexer.com



-- 
Mathieu

Reply to:

References:
- Review and help test Wheezy LTS update of Samba
  - From: Roberto C. Sánchez <roberto@connexer.com>

Prev by Date: LTS Report for March 2017
Next by Date: Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2
Previous by thread: Review and help test Wheezy LTS update of Samba
Next by thread: Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2
Index(es):
- Date
- Thread