Pullup ticket #6782 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.166-1.167
- net/samba4/distinfo 1.94-1.95
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 19 15:33:28 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba: update to 4.18.4.
Changes since 4.18.3
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15404: Backport --pidl-developer fixes.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14030: Named crashes on DLZ zone update.
o Bjæ—¦rn Jacke <bj@sernet.de>
* BUG 2312: smbcacls and smbcquotas do not check // before the server.
o Volker Lendecke <vl@samba.org>
* BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
* BUG 15391: smbclient leaks fds with showacls.
* BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
o Stefan Metzmacher <metze@samba.org>
* BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
causes test timeouts.
o Noel Power <noel.power@suse.com>
* BUG 15384: net ads lookup (with unspecified realm) fails.
o Christof Schmitt <cs@samba.org>
* BUG 15381: Register Samba processes with GPFS.
o Andreas Schneider <asn@samba.org>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15398: The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`.
o Jones Syue <jonessyue@qnap.com>
* BUG 15383: Remove comments about deprecated 'write cache size'.
* BUG 15403: smbget memory leak if failed to download files recursively.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 20 01:28:34 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.18.5
==============================
Release Notes for Samba 4.18.5
July 19, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
Changes since 4.18.4
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15072: CVE-2022-2127.
* BUG 15340: CVE-2023-34966.
* BUG 15341: CVE-2023-34967.
* BUG 15388: CVE-2023-34968.
* BUG 15397: CVE-2023-3347.
o Volker Lendecke <vl@samba.org>
* BUG 15072: CVE-2022-2127.
o Stefan Metzmacher <metze@samba.org>
* BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
(bsiegert)
diff -r1.165 -r1.165.2.1 pkgsrc/net/samba4/Makefile| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.165 2023/06/16 21:40:12 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.165.2.1 2023/08/15 18:21:21 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= samba-4.18.3 | 3 | DISTNAME= samba-4.18.5 | |
| 4 | CATEGORIES= net | 4 | CATEGORIES= net | |
| 5 | MASTER_SITES= https://download.samba.org/pub/samba/stable/ | 5 | MASTER_SITES= https://download.samba.org/pub/samba/stable/ | |
| 6 | 6 | |||
| 7 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 8 | HOMEPAGE= https://www.samba.org/ | 8 | HOMEPAGE= https://www.samba.org/ | |
| 9 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
| 10 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
| 11 | 11 | |||
| 12 | CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* | 12 | CONFLICTS+= ja-samba-[0-9]* winbind-[0-9]* | |
| 13 | 13 | |||
| 14 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | 14 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | |
| 15 | 15 | |||
| 16 | GCC_REQD+= 4.4 | 16 | GCC_REQD+= 4.4 |
| @@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
| 1 | $NetBSD: distinfo,v 1.93 2023/06/16 21:40:12 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.93.2.1 2023/08/15 18:21:21 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (samba-4.18.3.tar.gz) = 5cbceef6c02cbedfc24d0e74e09473a716873d1394375163a4def7a4014b78af | 3 | BLAKE2s (samba-4.18.5.tar.gz) = e7b9c7cf8adbe2c42e21d416aff8a18e7c11bcf458cc16d45747b104ed478edb | |
| 4 | SHA512 (samba-4.18.3.tar.gz) = b0980291ca124641bd03ba51d4b4e2e492facb3939f8edf491133be83a82beed66f68f00442cb02c211a9e76eb6ba08387136e30eb7df756c3c90c76034689c4 | 4 | SHA512 (samba-4.18.5.tar.gz) = c12b7cd7aba0941bf178c89604f926347bee4f5bb6ea651930cc93bcd8a2cfa983b1f10a0ccb55f99c5b34b9f158d1059d06d7f39f7bc261c7dd0d8c89c5a6f5 | |
| 5 | Size (samba-4.18.3.tar.gz) = 41294739 bytes | 5 | Size (samba-4.18.5.tar.gz) = 41315373 bytes | |
| 6 | SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 | 6 | SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 | |
| 7 | SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d | 7 | SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d | |
| 8 | SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 | 8 | SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 | |
| 9 | SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 | 9 | SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 | |
| 10 | SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 | 10 | SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 | |
| 11 | SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 | 11 | SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 | |
| 12 | SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 | 12 | SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 | |
| 13 | SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43e756c | 13 | SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43e756c | |
| 14 | SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d | 14 | SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d | |
| 15 | SHA1 (patch-lib_replace_wscript) = f75dff520034ed976c15134c950eebf78598a60b | 15 | SHA1 (patch-lib_replace_wscript) = f75dff520034ed976c15134c950eebf78598a60b | |
| 16 | SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 | 16 | SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 | |
| 17 | SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 | 17 | SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 | |
| 18 | SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 | 18 | SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 |