Re: Review and help test Wheezy LTS update of Samba

2017-04-01 Thread Mathieu Parent 
2017-04-01 4:12 GMT+02:00 Roberto C. Sánchez :
> All,
Hello Roberto,

> I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS.  The
> update incorporates some cherry-picked commits from upstream, the fix
> for CVE-2017-2619, and a fix for a regression introduced by upstream's
> fix for the CVE.
>
> I have placed the packages here:
>
> https://people.debian.org/~roberto/
>
> The packages are signed with my GPG key that is in the Debian keyring
> (0x7731FCCC63E4E277), though I have the upload distribution set as
> UNRELESED until I am ready to actually upload.
>
> Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12:
>
>  changelog|   44
>  patches/CVE-2017-2619-prerequisites.patch|  270 
>  patches/CVE-2017-2619-race-condition-fix.patch   | 1150 
> +++
>  patches/CVE-2017-2619-regression-bug-12721-fix.patch |  179 ++
>  patches/series   |3
>  5 files changed, 1646 insertions(+)
>
> As the statistics show, the changes are somewhat large.  I have attached
> the full debdiff to this email and uploaded it alongside the packages as
> well.
>
> I would appreciate someone looking over the changes to give me a sanity
> check and for any people who can to test them.  I was not successful in
> reproducing the "follow symlinks = no" regression, so if someone has
> been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then
> it would be great if they could test that configuration with the
> 3.6.6-6+deb7u12 packages to ensure that it works.  I was able to perform
> some other limited testing and I did not encounter any issues there.

Have you tried reproducing #858648? I was reproducing it with a simple:

[guestok]
comment = Welcome guests
path = /srv/samba/guestok ; mkdir+chmod 777
guest ok = yes
read only = false
vfs objects = shadow_copy2


> I will wait until the end of next week, Friday, April 7th, for feedback.
> Unless there are any reports of problems with the packages I have
> prepared, I will update the upload distribution, upload the packages,
> and publish the DLA.

I won't have time to test it myself, sorry>.

> Regards,

Regards

> -Roberto
>
> --
> Roberto C. Sánchez
> http://people.connexer.com/~roberto
> http://www.connexer.com



-- 
Mathieu

Review and help test Wheezy LTS update of Samba

2017-03-31 Thread Roberto C . Sánchez 
All,

I have prepared the 3.6.6-6+deb7u12 update of Samba for Wheezy LTS.  The
update incorporates some cherry-picked commits from upstream, the fix
for CVE-2017-2619, and a fix for a regression introduced by upstream's
fix for the CVE.

I have placed the packages here:

https://people.debian.org/~roberto/

The packages are signed with my GPG key that is in the Debian keyring
(0x7731FCCC63E4E277), though I have the upload distribution set as
UNRELESED until I am ready to actually upload.

Here is the diffstat between 3.6.6-6+deb7u11 and 3.6.6-6+deb7u12:

 changelog|   44 
 patches/CVE-2017-2619-prerequisites.patch|  270 
 patches/CVE-2017-2619-race-condition-fix.patch   | 1150 +++
 patches/CVE-2017-2619-regression-bug-12721-fix.patch |  179 ++
 patches/series   |3 
 5 files changed, 1646 insertions(+)

As the statistics show, the changes are somewhat large.  I have attached
the full debdiff to this email and uploaded it alongside the packages as
well.

I would appreciate someone looking over the changes to give me a sanity
check and for any people who can to test them.  I was not successful in
reproducing the "follow symlinks = no" regression, so if someone has
been able to reproduce that with the 4.2.14+dfsg-0+deb8u4 package, then
it would be great if they could test that configuration with the
3.6.6-6+deb7u12 packages to ensure that it works.  I was able to perform
some other limited testing and I did not encounter any issues there.

I will wait until the end of next week, Friday, April 7th, for feedback.
Unless there are any reports of problems with the packages I have
prepared, I will update the upload distribution, upload the packages,
and publish the DLA.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


samba_3.6.6-6+deb7u11_3.6.6-6+deb7u12.diff.xz
Description: application/xz


signature.asc
Description: Digital signature