Hi, this one has been published last week: --8<-- This is a security release in order to address the following CVEs:
o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba client requesting encryption vulnerable to downgrade attack) o CVE-2015-8467 (Denial of service attack against Windows Active Directory server) o CVE-2015-5330 (Remote memory read in Samba LDAP server) Please note that if building against a system libldb, the required version has been bumped to ldb-1.1.24. This is needed to ensure we build against a system ldb library that contains the fixes for CVE-2015-5330 and CVE-2015-3223. -->8-- Full release notes: https://www.samba.org/samba/history/samba-4.1.22.html I didn't have much time to test it last week, so let's publish this early to get more feedback. Basic tests in workgroup mode on i386 only so far, I'll probably be able to test sparc64 soon. Additional tests reports are more than welcome, as usual. :) If someone is using -stable and wants to test it, I can also update net/samba4 to 4.1.22, but I'm not volunteering to backports the changes into samba-4.1.19. Note that on -stable samba4 is located at net/samba4, and is not hooked to the build. Comments / test reports / oks? (: Index: Makefile =================================================================== RCS file: /cvs/ports/net/samba/Makefile,v retrieving revision 1.212 diff -u -p -r1.212 Makefile --- Makefile 29 Nov 2015 15:50:20 -0000 1.212 +++ Makefile 21 Dec 2015 12:21:30 -0000 @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.212 2015/11/29 15:50:20 ajacoutot Exp $ SHARED_ONLY = Yes -VERSION = 4.1.21 +VERSION = 4.1.22 DISTNAME = samba-${VERSION} DOCSVERSION = v3-5-test-4c5a1b6b DISTFILES = ${DISTNAME}${EXTRACT_SUFX} \ @@ -19,9 +19,8 @@ PKGNAME-tevent = tevent-${TEVENT_V} PKGNAME-util = samba-util-${VERSION} PKGNAME-docs = samba-docs-${VERSION} -REVISION-ldb = 5 -REVISION-tevent = 3 -REVISION-main = 0 +REVISION-ldb = 6 +REVISION-tevent = 4 PKG_ARCH-docs = * Index: distinfo =================================================================== RCS file: /cvs/ports/net/samba/distinfo,v retrieving revision 1.44 diff -u -p -r1.44 distinfo --- distinfo 15 Oct 2015 16:57:19 -0000 1.44 +++ distinfo 21 Dec 2015 12:21:30 -0000 @@ -1,4 +1,4 @@ -SHA256 (samba-4.1.21.tar.gz) = APHCbNMQgRr7L6Gj+3KiO9LlwvZGbm79y1MDBdfDzi4= +SHA256 (samba-4.1.22.tar.gz) = VWOhyUotrIN8z/0fCCG7JeCXr/qnOJ/vGG+c+zSGz+U= SHA256 (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) = bsF0WP1KT1M3jMx3Z88MbsEQ1QEq9catijXpnPm7hZA= -SIZE (samba-4.1.21.tar.gz) = 19561830 +SIZE (samba-4.1.22.tar.gz) = 19557688 SIZE (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) = 8070761 Index: patches/patch-lib_ldb_wscript =================================================================== RCS file: /cvs/ports/net/samba/patches/patch-lib_ldb_wscript,v retrieving revision 1.2 diff -u -p -r1.2 patch-lib_ldb_wscript --- patches/patch-lib_ldb_wscript 30 Sep 2015 18:14:07 -0000 1.2 +++ patches/patch-lib_ldb_wscript 21 Dec 2015 12:21:30 -0000 @@ -4,17 +4,17 @@ $OpenBSD: patch-lib_ldb_wscript,v 1.2 20 2. Use -Wl,no-undefined as on other platforms. ---- lib/ldb/wscript.orig Tue Sep 29 23:55:21 2015 -+++ lib/ldb/wscript Tue Sep 29 23:55:56 2015 -@@ -44,6 +44,7 @@ def configure(conf): +--- lib/ldb/wscript.orig Fri Dec 18 19:20:42 2015 ++++ lib/ldb/wscript Mon Dec 21 09:09:46 2015 +@@ -45,6 +45,7 @@ def configure(conf): conf.CONFIG_PATH('LDB_MODULESDIR', conf.SUBST_ENV_VAR('MODULESDIR') + '/ldb') conf.env.standalone_ldb = conf.IN_LAUNCH_DIR() + conf.env.standalone_ldb = True if not conf.env.standalone_ldb: - if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION, -@@ -64,8 +65,7 @@ def configure(conf): + if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=SYSTEM_VERSION, +@@ -65,8 +66,7 @@ def configure(conf): # we don't want any libraries or modules to rely on runtime # resolution of symbols -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE