[7.1 SECURITY UPDATE] samba-4.15.9

Jeremie Courreges-Anglas Thu, 28 Jul 2022 15:36:43 -0700


Similar to the 4.16.4 update for -current:


Several fixes for the AD DC code, which AFAIK do not affect us, but also
a server memory information leak for the SMBv1 file server code (which
is disabled by default).  More details about the latter:
https://www.samba.org/samba/security/CVE-2022-32742.html

Release notes:
https://www.samba.org/samba/history/samba-4.15.9.html

Runtime test reports and oks welcome.


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.311
diff -u -p -r1.311 Makefile
--- Makefile    23 Mar 2022 20:00:48 -0000      1.311
+++ Makefile    28 Jul 2022 22:35:40 -0000
@@ -1,7 +1,7 @@
-VERSION =              4.15.6
+VERSION =              4.15.9
 DISTNAME =             samba-${VERSION}
 EPOCH =                        0
-REVISION-tevent =      4
+REVISION-tevent =      5
 
 COMMENT-main =         SMB and CIFS client and server for UNIX
 COMMENT-ldb =          LDAP-like embedded database
@@ -17,7 +17,7 @@ PKGNAME-docs =                samba-docs-${VERSION}
 
 PKG_ARCH-docs =                *
 
-LDB_V =                        2.4.2
+LDB_V =                        2.4.4
 TEVENT_V =             0.11.0
 
 SHARED_LIBS =          asn1-samba4             2.0 \
@@ -34,7 +34,7 @@ SHARED_LIBS =         asn1-samba4             2.0 \
                        hx509-samba4            1.0 \
                        kdc-samba4              1.0 \
                        krb5-samba4             1.1 \
-                       ldb                     2.0 \
+                       ldb                     2.1 \
                        ndr                     3.0 \
                        ndr-krb5pac             1.1 \
                        ndr-nbt                 1.0 \
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.91
diff -u -p -r1.91 distinfo
--- distinfo    23 Mar 2022 20:00:48 -0000      1.91
+++ distinfo    28 Jul 2022 22:35:40 -0000
@@ -1,2 +1,2 @@
-SHA256 (samba-4.15.6.tar.gz) = BXW5makEhEWCBCjcVAuoqVJ85Zb6Zq8C6iuh6pV4vLQ=
-SIZE (samba-4.15.6.tar.gz) = 19290189
+SHA256 (samba-4.15.9.tar.gz) = loKixxwv8lOqJ8uwEmDqyJf/YlzznbIO4yBz5Thv4hk=
+SIZE (samba-4.15.9.tar.gz) = 19324742
Index: patches/patch-auth_auth_log_c
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-auth_auth_log_c,v
retrieving revision 1.6
diff -u -p -r1.6 patch-auth_auth_log_c
--- patches/patch-auth_auth_log_c       10 Mar 2022 00:04:07 -0000      1.6
+++ patches/patch-auth_auth_log_c       28 Jul 2022 22:35:40 -0000
@@ -3,7 +3,7 @@ Avoid printf("%s", NULL);
 Index: auth/auth_log.c
 --- auth/auth_log.c.orig
 +++ auth/auth_log.c
-@@ -610,7 +610,8 @@ static void log_authentication_event_human_readable(
+@@ -622,7 +622,8 @@ static void log_authentication_event_human_readable(
                        ui->netlogon_trust_account.account_name);
                nl = talloc_asprintf(frame,
                        " NETLOGON computer [%s] trust account [%s]",
@@ -13,7 +13,7 @@ Index: auth/auth_log.c
        }
  
        remote = tsocket_address_string(ui->remote_host, frame);
-@@ -628,8 +629,10 @@ static void log_authentication_event_human_readable(
+@@ -640,8 +641,10 @@ static void log_authentication_event_human_readable(
                logon_line = talloc_asprintf(
                                frame,
                                " mapped to [%s]\\[%s].",
@@ -26,16 +26,15 @@ Index: auth/auth_log.c
        }
  
        DEBUGC(DBGC_AUTH_AUDIT, debug_level,
-@@ -639,13 +642,15 @@ static void log_authentication_event_human_readable(
+@@ -651,13 +654,14 @@ static void log_authentication_event_human_readable(
                "%s local host [%s]"
                " %s\n",
                ui->service_description,
 -              ui->auth_description,
--              log_escape(frame, ui->client.domain_name),
+-              log_escape(frame, clientDomain),
 +              ui->auth_description ? ui->auth_description : "(NULL)",
-+              log_escape(frame, ui->client.domain_name ?
-+                  ui->client.domain_name : "(NULL)"),
-               log_escape(frame, ui->client.account_name),
++              log_escape(frame, clientDomain ? clientDomain : "(NULL)"),
+               log_escape(frame, clientAccount),
                ts,
 -              password_type,
 +              password_type ? password_type : "(NULL)",
Index: patches/patch-source3_wscript
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-source3_wscript,v
retrieving revision 1.15
diff -u -p -r1.15 patch-source3_wscript
--- patches/patch-source3_wscript       23 Mar 2022 20:00:48 -0000      1.15
+++ patches/patch-source3_wscript       28 Jul 2022 22:35:40 -0000
@@ -22,7 +22,7 @@ Index: source3/wscript
          conf.ADD_LDFLAGS("-Wl,--export-dynamic", testflags=True)
  
      # We crash without vfs_default
-@@ -1683,6 +1684,7 @@ main() {
+@@ -1687,6 +1688,7 @@ main() {
  
      conf.CHECK_CODE('void seekdir(DIR *d, long loc) { return; }',
                      'SEEKDIR_RETURNS_VOID',
@@ -30,7 +30,7 @@ Index: source3/wscript
                      headers='sys/types.h dirent.h',
                      msg='Checking whether seekdir returns void')
  
-@@ -1796,7 +1798,7 @@ main() {
+@@ -1800,7 +1802,7 @@ main() {
          else:
              conf.fatal('AFS headers not available, but --with-fake-kaserver 
was specified')
  
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
retrieving revision 1.63
diff -u -p -r1.63 PLIST-main
--- pkg/PLIST-main      13 Mar 2022 00:09:45 -0000      1.63
+++ pkg/PLIST-main      28 Jul 2022 22:35:40 -0000
@@ -1001,6 +1001,8 @@ lib/python${MODPY_VERSION}/site-packages
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tests.${MODPY_PYC_MAGIC_TAG}pyc
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tgs_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tgs_tests.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kpasswd_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kpasswd_tests.${MODPY_PYC_MAGIC_TAG}pyc
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}ms_kile_client_principal_lookup_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}ms_kile_client_principal_lookup_tests.${MODPY_PYC_MAGIC_TAG}pyc
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}raw_testcase.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -1042,6 +1044,7 @@ lib/python${MODPY_VERSION}/site-packages
 lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_base_test.py
 lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_tests.py
 lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_tgs_tests.py
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kpasswd_tests.py
 
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
 lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/raw_testcase.py
 lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/rfc4120_constants.py

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

[7.1 SECURITY UPDATE] samba-4.15.9

Reply via email to