Hi,
this one has been published last week:
--8<--
This is a security release in order to address the following CVEs:
o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24. This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.
-->8--
Full release notes:
https://www.samba.org/samba/history/samba-4.1.22.html
I didn't have much time to test it last week, so let's publish this
early to get more feedback. Basic tests in workgroup mode on i386 only
so far, I'll probably be able to test sparc64 soon. Additional tests
reports are more than welcome, as usual. :)
If someone is using -stable and wants to test it, I can also update
net/samba4 to 4.1.22, but I'm not volunteering to backports the changes
into samba-4.1.19. Note that on -stable samba4 is located at
net/samba4, and is not hooked to the build.
Comments / test reports / oks? (:
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.212
diff -u -p -r1.212 Makefile
--- Makefile 29 Nov 2015 15:50:20 -0000 1.212
+++ Makefile 21 Dec 2015 12:21:30 -0000
@@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.212 2015/11/29 15:50:20 ajacoutot Exp $
SHARED_ONLY = Yes
-VERSION = 4.1.21
+VERSION = 4.1.22
DISTNAME = samba-${VERSION}
DOCSVERSION = v3-5-test-4c5a1b6b
DISTFILES = ${DISTNAME}${EXTRACT_SUFX} \
@@ -19,9 +19,8 @@ PKGNAME-tevent = tevent-${TEVENT_V}
PKGNAME-util = samba-util-${VERSION}
PKGNAME-docs = samba-docs-${VERSION}
-REVISION-ldb = 5
-REVISION-tevent = 3
-REVISION-main = 0
+REVISION-ldb = 6
+REVISION-tevent = 4
PKG_ARCH-docs = *
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.44
diff -u -p -r1.44 distinfo
--- distinfo 15 Oct 2015 16:57:19 -0000 1.44
+++ distinfo 21 Dec 2015 12:21:30 -0000
@@ -1,4 +1,4 @@
-SHA256 (samba-4.1.21.tar.gz) = APHCbNMQgRr7L6Gj+3KiO9LlwvZGbm79y1MDBdfDzi4=
+SHA256 (samba-4.1.22.tar.gz) = VWOhyUotrIN8z/0fCCG7JeCXr/qnOJ/vGG+c+zSGz+U=
SHA256 (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) =
bsF0WP1KT1M3jMx3Z88MbsEQ1QEq9catijXpnPm7hZA=
-SIZE (samba-4.1.21.tar.gz) = 19561830
+SIZE (samba-4.1.22.tar.gz) = 19557688
SIZE (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) = 8070761
Index: patches/patch-lib_ldb_wscript
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-lib_ldb_wscript,v
retrieving revision 1.2
diff -u -p -r1.2 patch-lib_ldb_wscript
--- patches/patch-lib_ldb_wscript 30 Sep 2015 18:14:07 -0000 1.2
+++ patches/patch-lib_ldb_wscript 21 Dec 2015 12:21:30 -0000
@@ -4,17 +4,17 @@ $OpenBSD: patch-lib_ldb_wscript,v 1.2 20
2. Use -Wl,no-undefined as on other platforms.
---- lib/ldb/wscript.orig Tue Sep 29 23:55:21 2015
-+++ lib/ldb/wscript Tue Sep 29 23:55:56 2015
-@@ -44,6 +44,7 @@ def configure(conf):
+--- lib/ldb/wscript.orig Fri Dec 18 19:20:42 2015
++++ lib/ldb/wscript Mon Dec 21 09:09:46 2015
+@@ -45,6 +45,7 @@ def configure(conf):
conf.CONFIG_PATH('LDB_MODULESDIR', conf.SUBST_ENV_VAR('MODULESDIR') +
'/ldb')
conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
+ conf.env.standalone_ldb = True
if not conf.env.standalone_ldb:
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
-@@ -64,8 +65,7 @@ def configure(conf):
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=SYSTEM_VERSION,
+@@ -65,8 +66,7 @@ def configure(conf):
# we don't want any libraries or modules to rely on runtime
# resolution of symbols
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
