All, I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS. The update incorporates some cherry-picked commits from upstream, the fix for CVE-2017-2619, and a fix for a regression introduced by upstream's fix for the CVE.
I have placed the packages here: https://people.debian.org/~roberto/ The packages are signed with my GPG key that is in the Debian keyring (0x7731FCCC63E4E277), though I have the upload distribution set as UNRELESED until I am ready to actually upload. Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12: changelog | 44 patches/CVE-2017-2619-prerequisites.patch | 270 ++++ patches/CVE-2017-2619-race-condition-fix.patch | 1150 +++++++++++++++++++ patches/CVE-2017-2619-regression-bug-12721-fix.patch | 179 ++ patches/series | 3 5 files changed, 1646 insertions(+) As the statistics show, the changes are somewhat large. I have attached the full debdiff to this email and uploaded it alongside the packages as well. I would appreciate someone looking over the changes to give me a sanity check and for any people who can to test them. I was not successful in reproducing the "follow symlinks = no" regression, so if someone has been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then it would be great if they could test that configuration with the 3.6.6-6+deb7u12 packages to ensure that it works. I was able to perform some other limited testing and I did not encounter any issues there. I will wait until the end of next week, Friday, April 7th, for feedback. Unless there are any reports of problems with the packages I have prepared, I will update the upload distribution, upload the packages, and publish the DLA. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
samba_3.6.6-6+deb7u11_3.6.6-6+deb7u12.diff.xz
Description: application/xz
signature.asc
Description: Digital signature
