Bug 40990

Comment 1 Arvid Requate 2016-04-06 21:49:57 CEST

Done:
• for p in talloc tevent tdb ldb samba; do
   repo_admin.py --cherrypick --release 4.1-0 --source errata4.1-1 \
                 --releasedest 3.2-0 --dest errata3.2-8 --package $p;
   b32-scope errata3.2-8 $p
   done
• patches merged from 2:4.1.0-1-errata3.2-8 to 2:4.3.7-1-errata3.2-8:
  01_multiarch.patch 02_compat.patch 05_dependencies.patch 06_symbols.patch
  15_add_samba4_init.patch 16_remove_upstart_support.patch 
• Additional patches for Samba 4.3.7:
  20_ldap_server_require_strong_auth.patch 20_tls_verify_peer.patch

• svn cp ucs-school-3.2r2/univention-ldb-modules ucs-3.2-8/services/
• Dependency adjusted for Samba 3.2.7 package names & ldb version
• univention-ldb-modules/modules:
  Backport from ucs-school-4.1 package version 4.0.0-2:
  relax strict version checks in ldb modules
• build ucs_3.2-0-errata3.2-8 ucs-3.2-8/services/univention-ldb-modules

• b32-scope errata3.2-8 winexe

• Selective backport from errata4.2-5 for:
   univention-samba univention-samba4


Current version matrix:

talloc:
2.1.5-1.37.201604061642:        ucs_3.1-0-extsec3.1
2.1.5-1.38.201604061644:        ucs_3.2-0-errata3.2-8
2.1.5-1.39.201604061650:        ucs_3.3-0
2.1.5-1.40.201604061653:        ucs_4.0-0-errata4.0-5
2.1.5-1.41.201512111354:        ucs_4.1-0-errata4.1-0 # no update

tevent:
0.9.26-1.29.201604061703:       ucs_3.1-0-extsec3.1
0.9.26-1.30.201604061703:       ucs_3.2-0-errata3.2-8
0.9.26-1.31.201604061703:       ucs_3.3-0
0.9.26-1.32.201604061703:       ucs_4.0-0-errata4.0-5
0.9.26-1.33.201512111415:       ucs_4.1-0-errata4.1-0 # no update

tdb:
1.3.8-1.50.201604061726:        ucs_3.1-0-extsec3.1
1.3.8-1.51.201604061726:        ucs_3.2-0-errata3.2-8
1.3.8-1.52.201604061744:        ucs_3.3-0
1.3.8-1.53.201604061726:        ucs_4.0-0-errata4.0-5
1.3.8-1.54.201512111342:        ucs_4.1-0-errata4.1-0 # no update

ldb:
Version:        2:1.1.25-1.68.201604061731:     ucs_3.1-0-extsec3.1
Version:        2:1.1.25-1.69.201604061731:     ucs_3.2-0-errata3.2-8
Version:        2:1.1.25-1.70.201604061731:     ucs_3.3-0
Version:        2:1.1.25-1.71.201604061731:     ucs_4.0-0-errata4.0-5
Version:        2:1.1.25-1.72.201604061731:     ucs_4.1-0-errata4.1-1

samba:
Version:        2:4.3.7-1.826.201604061853:     ucs_3.1-0-extsec3.1
Version:        2:4.3.7-1.827.201604061853:     ucs_3.2-0-errata3.2-8
Version:        2:4.3.6-1.874.201604011331:     ucs_3.3-0     ## TODO
Version:        2:4.3.7-1.829.201604062049:     ucs_4.0-0-errata4.0-5
Version:        2:4.3.7-1.830.201604062051:     ucs_4.1-0-errata4.1-1

Comment 2 Arvid Requate 2016-04-06 21:51:02 CEST

Sorry, typo:

• Selective backport from errata4.0-5 for:
   univention-samba univention-samba4 unvention-s4-connector

Comment 3 Arvid Requate 2016-04-06 21:53:38 CEST

The 96_dnsupdate_exclude_interfaces.patch from errata4.1-1 has not been merged.

Comment 4 Arvid Requate 2016-04-12 18:05:36 CEST

Resolved for final QA and release stage.

Comment 5 Felix Botner 2016-04-12 18:38:20 CEST

Tests, see http://bladis.knut.univention.de/71iBVhOsGa

OK - Install
OK - Update

OK - ldb.yaml
OK - samba.yaml
OK - talloc.yaml
OK - tdb.yaml
OK - tevent.yaml
OK - univention-ldb-modules.yaml
OK - univention-s4-connector.yaml
OK - univention-samba4.yaml
OK - univention-samba.yaml

Comment 6 Janek Walkenhorst 2016-04-12 19:23:41 CEST

<http://errata.software-univention.de/ucs/3.2/412.html>
<http://errata.software-univention.de/ucs/3.2/413.html>
<http://errata.software-univention.de/ucs/3.2/414.html>
<http://errata.software-univention.de/ucs/3.2/415.html>
<http://errata.software-univention.de/ucs/3.2/416.html>
<http://errata.software-univention.de/ucs/3.2/417.html>
<http://errata.software-univention.de/ucs/3.2/418.html>
<http://errata.software-univention.de/ucs/3.2/419.html>
<http://errata.software-univention.de/ucs/3.2/420.html>

Comment 7 Arvid Requate 2016-04-12 19:49:18 CEST

Fixes: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
       CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118