pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2020Q3]: pkgsrc/net/samba4 Pullup ticket #6361 - requested by ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2c51127cf483
branches:  pkgsrc-2020Q3
changeset: 441313:2c51127cf483
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Nov 01 10:50:52 2020 +0000

description:
Pullup ticket #6361 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.110
- net/samba4/distinfo                                           1.53

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Oct 30 07:17:16 UTC 2020

   Modified Files:
        pkgsrc/net/samba4: Makefile distinfo

   Log Message:
   net/samba4: update to 4.12.9

   Summary from NEWS files:

   Samba 4.12.9 (2020-10-29)

   o  CVE-2020-14318:
      The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
      request file name notification on a directory handle when a condition such as
      "new file creation" or "file size change" or "file timestamp update" occurs.

      A missing permissions check on a directory handle requesting ChangeNotify
      meant that a client with a directory handle open only for
      FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
      notify replies from the server. These replies contain information that should
      not be available to directory handles open for FILE_READ_ATTRIBUTE only.

   o  CVE-2020-14323:
      winbind in version 3.6 and later implements a request to translate multiple
      Windows SIDs into names in one request. This was done for performance
      reasons: Active Directory domain controllers can do multiple SID to name
      translations in one RPC call. It was an obvious extension to also offer this
      batch operation on the winbind unix domain stream socket that is available to
      local processes on the Samba server to reduce network round-trips to the
      domain controller.

      Due to improper input validation a hand-crafted packet can make winbind
      perform a NULL pointer dereference and thus crash.

   o  CVE-2020-14383:
      Some DNS records (such as MX and NS records) usually contain data in the
      additional section. Samba's dnsserver RPC pipe (which is an administrative
      interface not used in the DNS server itself) made an error in handling the
      case where there are no records present: instead of noticing the lack of
      records, it dereferenced uninitialised memory, causing the RPC server to
      crash. This RPC server, which also serves protocols other than dnsserver,
      will be restarted after a short delay, but it is easy for an authenticated
      non-admin attacker to crash it again as soon as it returns. The Samba DNS
      server itself will continue to operate, but many RPC services will not.

   Samba 4.12.8 (2020-10-07)

   Changes since 4.12.7
   --------------------

   o  Guenther Deschner <gd%samba.org@localhost>
      * BUG 14318: docs: Add missing winexe manpage.

   o  Volker Lendecke <vl%samba.org@localhost>
      * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
        response.

   o  Laurent Menase <laurent.menase%hpe.com@localhost>
      * BUG 14388: winbind: Fix a memleak.

   o  Stefan Metzmacher <metze%samba.org@localhost>
      * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
        response.
      * BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.

   o  Christof Schmitt <cs%samba.org@localhost>
      * BUG 14166: util: Allow symlinks in directory_create_or_exist.

   o  Andreas Schneider <asn%samba.org@localhost>
      * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
        3.6.14.
      * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.

   o  Martin Schwenke <martin%meltin.net@localhost>
      * BUG 14466: ctdb disable/enable can fail due to race condition.

diffstat:

 net/samba4/Makefile |   4 ++--
 net/samba4/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 17500a3a741e -r 2c51127cf483 net/samba4/Makefile
--- a/net/samba4/Makefile       Sun Nov 01 10:16:22 2020 +0000
+++ b/net/samba4/Makefile       Sun Nov 01 10:50:52 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.109 2020/09/19 14:00:54 taca Exp $
+# $NetBSD: Makefile,v 1.109.2.1 2020/11/01 10:50:52 bsiegert Exp $
 
-DISTNAME=      samba-4.12.7
+DISTNAME=      samba-4.12.9
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 
diff -r 17500a3a741e -r 2c51127cf483 net/samba4/distinfo
--- a/net/samba4/distinfo       Sun Nov 01 10:16:22 2020 +0000
+++ b/net/samba4/distinfo       Sun Nov 01 10:50:52 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.52 2020/09/19 14:00:54 taca Exp $
+$NetBSD: distinfo,v 1.52.2.1 2020/11/01 10:50:52 bsiegert Exp $
 
-SHA1 (samba-4.12.7.tar.gz) = b56b8390064572dd2024b23ca931fc82678ead2d
-RMD160 (samba-4.12.7.tar.gz) = 6947298acc9871f6c3245b1966b18ad490625c3e
-SHA512 (samba-4.12.7.tar.gz) = 5afb1f24b029e665bb4f6bd7b7cf915243476b09b304942b2105586fa99adc6a19b46b4753ca116e230e5bb7b82e011fbe296c62bc70a8a897e56aece55a7f0b
-Size (samba-4.12.7.tar.gz) = 18230157 bytes
+SHA1 (samba-4.12.9.tar.gz) = ec12a1e9577b70e1d1239e88ae54b2625885cf9f
+RMD160 (samba-4.12.9.tar.gz) = a34871667c3dd51b9c8866ffb0a677de90a10196
+SHA512 (samba-4.12.9.tar.gz) = 8bd3122bcaab2f5a16a73902a9b628384063a8116a08f0254541e05c148016839b3215c60ff0d3291a332e7884708950ad64137204b0ac19801012d3b6684fa6
+Size (samba-4.12.9.tar.gz) = 18236198 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7



Home | Main Index | Thread Index | Old Index