Univention Bugzilla – Bug 40853
Samba: Multiple issues (3.2)
Last modified: 2016-03-08 18:00:56 CET
The patch for CVE-2015-5252 introduced via Bug 40223 causes a regression for the special share path "/", see https://bugzilla.samba.org/show_bug.cgi?id=11647. Additionally, there will be a security update on the 8th of March, currently embargoed: * Getting and setting Windows ACLs on symlinks can change permissions on link target (CVE-2015-7560)
Unfortunately 99_sambabug11647.patch doesn't work with repo-ng + dpkg-buildpackage + quilt, apparently because it adjusts changes that 99_sambabug11395.patch has made. It's somehow related to patch order but I was unable to find a workaround in reasonable time. Since the issue is a corner case and not security related, we'll leave it at that currently. It's more important to get the CVE-2015-7560 fix out in a timely fashion. Advisory: samba.yaml
The build failed again..
I adjusted part7 and part8 of the patch for CVE-2015-7560. This is necessary because this upstream change is missing in UCS: https://git.samba.org/?p=samba.git;a=commit;h=569a4e10d9e063f79ed51a4381df80c19904d9bd . Advisory updated.
Another patch had to be backported I called it 99_CVE-2015-7560-part0.patch. Advisory updated.
OK - built with patches OK - installation OK - simple samba tests (windows join, share access) OK - ucs-test samba4 OK - YAML
<http://errata.software-univention.de/ucs/3.2/408.html>