Received: by mail.netbsd.org (Postfix, from userid 605) id 46FDA84E61; Tue, 9 Aug 2022 17:56:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 8022784D72 for ; Tue, 9 Aug 2022 17:56:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id YuE3qEGUXgNv for ; Tue, 9 Aug 2022 17:56:09 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 84D2A84D0E for ; Tue, 9 Aug 2022 17:56:09 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 81DF3FB1A; Tue, 9 Aug 2022 17:56:09 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_166006776967650" MIME-Version: 1.0 Date: Tue, 9 Aug 2022 17:56:09 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/net/samba4 To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20220809175609.81DF3FB1A@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_166006776967650 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Tue Aug 9 17:56:09 UTC 2022 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Removed Files: pkgsrc/net/samba4: PLIST.heimdal PLIST.mit-krb5 Log Message: samba4: updated to 4.16.4 Release Notes for Samba 4.16.4 This is a security release in order to address the following defects: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html To generate a diff of this commit: cvs rdiff -u -r1.147 -r1.148 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/samba4/PLIST cvs rdiff -u -r1.1 -r0 pkgsrc/net/samba4/PLIST.heimdal \ pkgsrc/net/samba4/PLIST.mit-krb5 cvs rdiff -u -r1.79 -r1.80 pkgsrc/net/samba4/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_166006776967650 Content-Disposition: inline Content-Length: 7140 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/samba4/Makefile diff -u pkgsrc/net/samba4/Makefile:1.147 pkgsrc/net/samba4/Makefile:1.148 --- pkgsrc/net/samba4/Makefile:1.147 Fri Jul 29 20:33:38 2022 +++ pkgsrc/net/samba4/Makefile Tue Aug 9 17:56:09 2022 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.147 2022/07/29 20:33:38 jperkin Exp $ +# $NetBSD: Makefile,v 1.148 2022/08/09 17:56:09 adam Exp $ -DISTNAME= samba-4.16.3 +DISTNAME= samba-4.16.4 CATEGORIES= net MASTER_SITES= https://download.samba.org/pub/samba/stable/ @@ -91,7 +91,6 @@ CONFIGURE_ARGS+= --with-privatelibdir=${ CONFIGURE_ARGS+= --with-privileged-socket-dir=${SMB_PRIVSOCKETS} CONFIGURE_ARGS+= --with-configdir=${SMB_CONFIG} CONFIGURE_ARGS+= --with-libiconv=${BUILDLINK_PREFIX.iconv} -#CONFIGURE_ARGS+= --bundled-libraries=com_err CONFIGURE_ARGS+= --abi-check-disable CONFIGURE_ARGS+= --disable-symbol-versions .if defined(MAKE_JOBS) && !empty(MAKE_JOBS) && !(defined(MAKE_JOBS_SAFE) && !empty(MAKE_JOBS_SAFE:M[nN][oO])) @@ -101,15 +100,17 @@ CONFIGURE_ARGS+= --jobs=1 .endif CONFIGURE_ARGS+= --without-gpgme -.include "../../mk/krb5.buildlink3.mk" - -PLIST_SRC= ${PLIST_SRC_DFLT} -PLIST_SRC+= PLIST.${KRB5_TYPE} - -.if ${KRB5_TYPE} == "mit-krb5" -CONFIGURE_ARGS+= --with-system-mitkrb5 --with-experimental-mit-ad-dc -CONFIGURE_ARGS+= --with-system-mitkdc=${KRB5BASE}/sbin/krb5kdc -.endif +# XXX: currenlty Samba requires embedded Heimdall +#.include "../../mk/krb5.buildlink3.mk" +#.if ${KRB5_TYPE} == "mit-krb5" +#BUILDLINK_API_DEPENDS.mit-krb5+= mit-krb5>=1.19.0 +#CONFIGURE_ARGS+= --with-experimental-mit-ad-dc +#CONFIGURE_ARGS+= --with-system-mitkdc=${KRB5BASE}/sbin/krb5kdc +#CONFIGURE_ARGS+= --with-system-mitkrb5 +#.else +# XXX: does not work with AD +#CONFIGURE_ARGS+= --with-system-heimdalkrb5 +#.endif # Depends on ncurses, explicitly disable for now. CONFIGURE_ARGS+= --without-regedit @@ -219,7 +220,7 @@ REPLACE_PYTHON+= source4/scripting/bin/* .endif .include "../../archivers/libarchive/buildlink3.mk" .include "../../converters/libiconv/buildlink3.mk" -BUILDLINK_API_DEPENDS.ldb+= ldb>=2.5.1 +BUILDLINK_API_DEPENDS.ldb+= ldb>=2.5.2 .include "../../databases/ldb/buildlink3.mk" .include "../../databases/lmdb/buildlink3.mk" .include "../../devel/cmocka/buildlink3.mk" Index: pkgsrc/net/samba4/PLIST diff -u pkgsrc/net/samba4/PLIST:1.45 pkgsrc/net/samba4/PLIST:1.46 --- pkgsrc/net/samba4/PLIST:1.45 Fri Jul 29 20:33:38 2022 +++ pkgsrc/net/samba4/PLIST Tue Aug 9 17:56:09 2022 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.45 2022/07/29 20:33:38 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.46 2022/08/09 17:56:09 adam Exp $ bin/cifsdd bin/dbwrap_tool bin/dumpmscat @@ -466,6 +466,7 @@ ${PYSITELIB}/samba/tests/krb5/kcrypto.py ${PYSITELIB}/samba/tests/krb5/kdc_base_test.py ${PYSITELIB}/samba/tests/krb5/kdc_tests.py ${PYSITELIB}/samba/tests/krb5/kdc_tgs_tests.py +${PYSITELIB}/samba/tests/krb5/kpasswd_tests.py ${PYSITELIB}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py ${PYSITELIB}/samba/tests/krb5/pac_align_tests.py ${PYSITELIB}/samba/tests/krb5/raw_testcase.py @@ -672,6 +673,7 @@ ${PLIST.ads}lib/samba/nss_info/rfc2307.$ ${PLIST.ads}lib/samba/nss_info/sfu.${SOEXT} ${PLIST.ads}lib/samba/nss_info/sfu20.${SOEXT} lib/samba/private/libCHARSET3-samba4.so +${PLIST.ads}lib/samba/private/libHDB-SAMBA4-samba4.so lib/samba/private/libLIBWBCLIENT-OLD-samba4.so lib/samba/private/libMESSAGING-SEND-samba4.so lib/samba/private/libMESSAGING-samba4.so @@ -680,6 +682,7 @@ lib/samba/private/libRPC-SERVER-LOOP-sam lib/samba/private/libRPC-WORKER-samba4.so lib/samba/private/libaddns-samba4.so lib/samba/private/libads-samba4.so +${PLIST.ads}lib/samba/private/libasn1-samba4.so lib/samba/private/libasn1util-samba4.so lib/samba/private/libauth-samba4.so lib/samba/private/libauth-unix-token-samba4.so @@ -696,6 +699,7 @@ lib/samba/private/libclidns-samba4.so lib/samba/private/libcluster-samba4.so lib/samba/private/libcmdline-contexts-samba4.so lib/samba/private/libcmdline-samba4.so +${PLIST.ads}lib/samba/private/libcom-err-samba4.so lib/samba/private/libcommon-auth-samba4.so ${PLIST.ads}lib/samba/private/libdb-glue-samba4.so lib/samba/private/libdbwrap-samba4.so @@ -714,10 +718,19 @@ lib/samba/private/libgensec-samba4.so lib/samba/private/libgpext-samba4.so lib/samba/private/libgpo-samba4.so lib/samba/private/libgse-samba4.so +${PLIST.ads}lib/samba/private/libgss-preauth-samba4.so +${PLIST.ads}lib/samba/private/libgssapi-samba4.so +${PLIST.ads}lib/samba/private/libhcrypto-samba4.so +${PLIST.ads}lib/samba/private/libhdb-samba4.so +${PLIST.ads}lib/samba/private/libheimbase-samba4.so +${PLIST.ads}lib/samba/private/libheimntlm-samba4.so lib/samba/private/libhttp-samba4.so +${PLIST.ads}lib/samba/private/libhx509-samba4.so lib/samba/private/libidmap-samba4.so lib/samba/private/libinterfaces-samba4.so lib/samba/private/libiov-buf-samba4.so +${PLIST.ads}lib/samba/private/libkdc-samba4.so +${PLIST.ads}lib/samba/private/libkrb5-samba4.so lib/samba/private/libkrb5samba-samba4.so lib/samba/private/libldbsamba-samba4.so lib/samba/private/liblibcli-lsa3-samba4.so @@ -741,6 +754,7 @@ lib/samba/private/libprinting-migrate-sa ${PLIST.ads}lib/samba/private/libprocess-model-samba4.so lib/samba/private/libregistry-samba4.so lib/samba/private/libreplace-samba4.so +${PLIST.ads}lib/samba/private/libroken-samba4.so lib/samba/private/libsamba-cluster-support-samba4.so lib/samba/private/libsamba-debug-samba4.so lib/samba/private/libsamba-modules-samba4.so @@ -773,6 +787,7 @@ lib/samba/private/libtrusts-util-samba4. lib/samba/private/libutil-reg-samba4.so lib/samba/private/libutil-setid-samba4.so lib/samba/private/libutil-tdb-samba4.so +${PLIST.ads}lib/samba/private/libwind-samba4.so lib/samba/private/libxattr-tdb-samba4.so ${PLIST.ads}lib/samba/process_model/prefork.${SOEXT} ${PLIST.ads}lib/samba/process_model/standard.${SOEXT} Index: pkgsrc/net/samba4/distinfo diff -u pkgsrc/net/samba4/distinfo:1.79 pkgsrc/net/samba4/distinfo:1.80 --- pkgsrc/net/samba4/distinfo:1.79 Fri Jul 29 20:33:38 2022 +++ pkgsrc/net/samba4/distinfo Tue Aug 9 17:56:09 2022 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.79 2022/07/29 20:33:38 jperkin Exp $ +$NetBSD: distinfo,v 1.80 2022/08/09 17:56:09 adam Exp $ -BLAKE2s (samba-4.16.3.tar.gz) = 465d98b2aaec2d305d81e38d6d61de0b1f5061802aeba284a9df52e83f0ee05c -SHA512 (samba-4.16.3.tar.gz) = 8f082654251e6a3284ba8f411c55b854dc00a9c6b07c486ca01f53af2b6ec09d34c21d66a2a1afc7a8c62a9f715c643c1a22fc7688699d23f8fcafe6995b5ebd -Size (samba-4.16.3.tar.gz) = 30593657 bytes +BLAKE2s (samba-4.16.4.tar.gz) = a897a1150df7abf26af0c53923a9dc085d08eeaf2585dbbe0bc64e28ceb6d7ae +SHA512 (samba-4.16.4.tar.gz) = 9754275ace30755b75f747e201f8ad4550a823c8606e550c0ce6b3ccbaf048dd895bf2c21127271298304be7f80de9b6451091c4949ebe267ee1cf3ab497cd85 +Size (samba-4.16.4.tar.gz) = 30605121 bytes SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 --_----------=_166006776967650--