~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to lfs/samba

  • Committer: Michael Tremer
  • Author(s): Matthias Fischer
  • Date: 2023-10-20 08:41:59 UTC
  • Revision ID: git-v1:e1a68c27a091e1165aaa18ed47d763e81e8a8de4
samba: Update to 4.19.2

For details see:

v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html
"
                  ==============================
                  Release Notes for Samba 4.19.1
                  October 10, 2023
                  ==============================

This is a security release in order to address the following defects:

o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                  existing unix domain sockets on the file system.
                  https://www.samba.org/samba/security/CVE-2023-3961.html

o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                  OVERWRITE disposition when using the acl_xattr Samba VFS
                  module with the smb.conf setting
                  "acl_xattr:ignore system acls = yes"
                  https://www.samba.org/samba/security/CVE-2023-4091.html

o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                  attributes, including secrets and passwords.  Additionally,
                  the access check fails open on error conditions.
                  https://www.samba.org/samba/security/CVE-2023-4154.html

o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                  server block for a user-defined amount of time, denying
                  service.
                  https://www.samba.org/samba/security/CVE-2023-42669.html

o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                  listeners, disrupting service on the AD DC.
                  https://www.samba.org/samba/security/CVE-2023-42670.html"

v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html
"Changes since 4.19.1
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
     after failed IPC FSCTL_PIPE_TRANSCEIVE.
   * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
     call.

o  Ralph Boehme <slow@samba.org>
   * BUG 15463: macOS mdfind returns only 50 results.

o  Volker Lendecke <vl@samba.org>
   * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
     previous cache entry value.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
     impacts sendmail, zabbix, potentially more.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
     Heimdal KDC in Samba 4.19
   * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
     in use."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Show diffs side-by-side

added added

removed removed

Lines of Context:
24
24
 
25
25
include Config
26
26
 
27
 
VER        = 4.19.0
 
27
VER        = 4.19.2
28
28
SUMMARY    = A SMB/CIFS File, Print, and Authentication Server
29
29
 
30
30
THISAPP    = samba-$(VER)
33
33
DIR_APP    = $(DIR_SRC)/$(THISAPP)
34
34
TARGET     = $(DIR_INFO)/$(THISAPP)
35
35
PROG       = samba
36
 
PAK_VER    = 96
 
36
PAK_VER    = 97
37
37
 
38
38
DEPS       = avahi cups perl-Parse-Yapp perl-JSON
39
39
 
47
47
 
48
48
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
49
49
 
50
 
$(DL_FILE)_BLAKE2 = 4e0db41d7d06e195cee994c5ec02a37892c1a7dd99ea9defb845fe2fbf96446846c469007218b6b0d6077c0886f0d08b2a4376acba1ed455b641daacd9018f12
 
50
$(DL_FILE)_BLAKE2 = cb3747f1be6e712c6e68f3720e68aee7db2e4dcc48a9210d002337d6690ed8b027919f333dc4a7c1e74b716ebceeff1d8071463899513edfe51da967d71d8148
51
51
 
52
52
install : $(TARGET)
53
53