Pullup ticket #6782 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.166-1.167 - net/samba4/distinfo 1.94-1.95 --- Module Name: pkgsrc Committed By: wiz Date: Wed Jul 19 15:33:28 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba: update to 4.18.4. Changes since 4.18.3 -------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 15404: Backport --pidl-developer fixes. o Samuel Cabrero <scabrero@samba.org> * BUG 14030: Named crashes on DLZ zone update. o Bjæ—¦rn Jacke <bj@sernet.de> * BUG 2312: smbcacls and smbcquotas do not check // before the server. o Volker Lendecke <vl@samba.org> * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. * BUG 15391: smbclient leaks fds with showacls. * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. o Stefan Metzmacher <metze@samba.org> * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts. o Noel Power <noel.power@suse.com> * BUG 15384: net ads lookup (with unspecified realm) fails. o Christof Schmitt <cs@samba.org> * BUG 15381: Register Samba processes with GPFS. o Andreas Schneider <asn@samba.org> * BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation). * BUG 15398: The winbind child segfaults when listing users with `winbind scan trusted domains = yes`. o Jones Syue <jonessyue@qnap.com> * BUG 15383: Remove comments about deprecated 'write cache size'. * BUG 15403: smbget memory leak if failed to download files recursively. --- Module Name: pkgsrc Committed By: taca Date: Thu Jul 20 01:28:34 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.18.5 ============================== Release Notes for Samba 4.18.5 July 19, 2023 ============================== This is a security release in order to address the following defects: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html Changes since 4.18.4 -------------------- o Ralph Boehme <slow@samba.org> * BUG 15072: CVE-2022-2127. * BUG 15340: CVE-2023-34966. * BUG 15341: CVE-2023-34967. * BUG 15388: CVE-2023-34968. * BUG 15397: CVE-2023-3347. o Volker Lendecke <vl@samba.org> * BUG 15072: CVE-2022-2127. o Stefan Metzmacher <metze@samba.org> * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.diff -r1.165 -r1.165.2.1 pkgsrc/net/samba4/Makefile
(bsiegert)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.165 2023/06/16 21:40:12 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.165.2.1 2023/08/15 18:21:21 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= samba-4.18.3 | 3 | DISTNAME= samba-4.18.5 | |
4 | CATEGORIES= net | 4 | CATEGORIES= net | |
5 | MASTER_SITES= https://download.samba.org/pub/samba/stable/ | 5 | MASTER_SITES= https://download.samba.org/pub/samba/stable/ | |
6 | 6 | |||
7 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
8 | HOMEPAGE= https://www.samba.org/ | 8 | HOMEPAGE= https://www.samba.org/ | |
9 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
10 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
11 | 11 | |||
12 | CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* | 12 | CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* | |
13 | 13 | |||
14 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | 14 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | |
15 | 15 | |||
16 | GCC_REQD+= 4.4 | 16 | GCC_REQD+= 4.4 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.93 2023/06/16 21:40:12 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.93.2.1 2023/08/15 18:21:21 bsiegert Exp $ | |
2 | 2 | |||
3 | BLAKE2s (samba-4.18.3.tar.gz) = 5cbceef6c02cbedfc24d0e74e09473a716873d1394375163a4def7a4014b78af | 3 | BLAKE2s (samba-4.18.5.tar.gz) = e7b9c7cf8adbe2c42e21d416aff8a18e7c11bcf458cc16d45747b104ed478edb | |
4 | SHA512 (samba-4.18.3.tar.gz) = b0980291ca124641bd03ba51d4b4e2e492facb3939f8edf491133be83a82beed66f68f00442cb02c211a9e76eb6ba08387136e30eb7df756c3c90c76034689c4 | 4 | SHA512 (samba-4.18.5.tar.gz) = c12b7cd7aba0941bf178c89604f926347bee4f5bb6ea651930cc93bcd8a2cfa983b1f10a0ccb55f99c5b34b9f158d1059d06d7f39f7bc261c7dd0d8c89c5a6f5 | |
5 | Size (samba-4.18.3.tar.gz) = 41294739 bytes | 5 | Size (samba-4.18.5.tar.gz) = 41315373 bytes | |
6 | SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 | 6 | SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 | |
7 | SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d | 7 | SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d | |
8 | SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 | 8 | SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 | |
9 | SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 | 9 | SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 | |
10 | SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 | 10 | SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 | |
11 | SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 | 11 | SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 | |
12 | SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 | 12 | SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 | |
13 | SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43e756c | 13 | SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43e756c | |
14 | SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d | 14 | SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d | |
15 | SHA1 (patch-lib_replace_wscript) = f75dff520034ed976c15134c950eebf78598a60b | 15 | SHA1 (patch-lib_replace_wscript) = f75dff520034ed976c15134c950eebf78598a60b | |
16 | SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 | 16 | SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 | |
17 | SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 | 17 | SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 | |
18 | SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 | 18 | SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 |