Older Samba servers (<= 3.5.x) reply with auth_pad_length = 8 (or other invalid values) in BIND_ACK and ALTER_RESP messages. The fixes for CVE-2015-5370 make our client side too strict, we no longer ignore these invalid values.
Created attachment 12192 [details] Possible patches for master
Created attachment 12209 [details] Patches for v4-4-test
Created attachment 12211 [details] Patches for v4-3-test
Created attachment 12213 [details] Patches for v4-2-test
Comment on attachment 12209 [details] Patches for v4-4-test LGTM
Comment on attachment 12211 [details] Patches for v4-3-test LGTM
Comment on attachment 12213 [details] Patches for v4-2-test LGTM
Pushed to autobuild-v4-[4|3]-test. 4.2 is in the security fixes only mode. Should these patches be included in the next 4.2 security release?
*** Bug 12000 has been marked as a duplicate of this bug. ***
(In reply to Karolin Seeger from comment #8) I'd propose that, because otherwise people need to downgrade to a version before the badlock fixes, see bug #11982.
(In reply to Karolin Seeger from comment #8) Pushed to v4-3-test and v4-4-test.
Patch for 4.2 does not apply on current v4-2-test branch. Re-assigning to metze.
Created attachment 12308 [details] Patches for v4-2-test
Reassigning to Karolin for inclusion in 4.2
(In reply to Ralph Böhme from comment #14) Pushed to autobuild-v4-2-test and applied on v4-2-stable. Thanks!
(In reply to Karolin Seeger from comment #15) Pushed to v4-2-test. Closing out bug report. Thanks!