Re: Review and help test Wheezy LTS update of Samba
2017-04-01 4:12 GMT+02:00 Roberto C. Sánchez <firstname.lastname@example.org>:
> I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS. The
> update incorporates some cherry-picked commits from upstream, the fix
> for CVE-2017-2619, and a fix for a regression introduced by upstream's
> fix for the CVE.
> I have placed the packages here:
> The packages are signed with my GPG key that is in the Debian keyring
> (0x7731FCCC63E4E277), though I have the upload distribution set as
> UNRELESED until I am ready to actually upload.
> Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12:
> changelog | 44
> patches/CVE-2017-2619-prerequisites.patch | 270 ++++
> patches/CVE-2017-2619-race-condition-fix.patch | 1150 +++++++++++++++++++
> patches/CVE-2017-2619-regression-bug-12721-fix.patch | 179 ++
> patches/series | 3
> 5 files changed, 1646 insertions(+)
> As the statistics show, the changes are somewhat large. I have attached
> the full debdiff to this email and uploaded it alongside the packages as
> I would appreciate someone looking over the changes to give me a sanity
> check and for any people who can to test them. I was not successful in
> reproducing the "follow symlinks = no" regression, so if someone has
> been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then
> it would be great if they could test that configuration with the
> 3.6.6-6+deb7u12 packages to ensure that it works. I was able to perform
> some other limited testing and I did not encounter any issues there.
Have you tried reproducing #858648? I was reproducing it with a simple:
comment = Welcome guests
path = /srv/samba/guestok ; mkdir+chmod 777
guest ok = yes
read only = false
vfs objects = shadow_copy2
> I will wait until the end of next week, Friday, April 7th, for feedback.
> Unless there are any reports of problems with the packages I have
> prepared, I will update the upload distribution, upload the packages,
> and publish the DLA.
I won't have time to test it myself, sorry>.
> Roberto C. Sánchez