Thursday, July 28, 2022

[7.1 SECURITY UPDATE] samba-4.15.9

Similar to the 4.16.4 update for -current:

Several fixes for the AD DC code, which AFAIK do not affect us, but also
a server memory information leak for the SMBv1 file server code (which
is disabled by default). More details about the latter:
https://www.samba.org/samba/security/CVE-2022-32742.html

Release notes:
https://www.samba.org/samba/history/samba-4.15.9.html

Runtime test reports and oks welcome.


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.311
diff -u -p -r1.311 Makefile
--- Makefile 23 Mar 2022 20:00:48 -0000 1.311
+++ Makefile 28 Jul 2022 22:35:40 -0000
@@ -1,7 +1,7 @@
-VERSION = 4.15.6
+VERSION = 4.15.9
DISTNAME = samba-${VERSION}
EPOCH = 0
-REVISION-tevent = 4
+REVISION-tevent = 5

COMMENT-main = SMB and CIFS client and server for UNIX
COMMENT-ldb = LDAP-like embedded database
@@ -17,7 +17,7 @@ PKGNAME-docs = samba-docs-${VERSION}

PKG_ARCH-docs = *

-LDB_V = 2.4.2
+LDB_V = 2.4.4
TEVENT_V = 0.11.0

SHARED_LIBS = asn1-samba4 2.0 \
@@ -34,7 +34,7 @@ SHARED_LIBS = asn1-samba4 2.0 \
hx509-samba4 1.0 \
kdc-samba4 1.0 \
krb5-samba4 1.1 \
- ldb 2.0 \
+ ldb 2.1 \
ndr 3.0 \
ndr-krb5pac 1.1 \
ndr-nbt 1.0 \
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.91
diff -u -p -r1.91 distinfo
--- distinfo 23 Mar 2022 20:00:48 -0000 1.91
+++ distinfo 28 Jul 2022 22:35:40 -0000
@@ -1,2 +1,2 @@
-SHA256 (samba-4.15.6.tar.gz) = BXW5makEhEWCBCjcVAuoqVJ85Zb6Zq8C6iuh6pV4vLQ=
-SIZE (samba-4.15.6.tar.gz) = 19290189
+SHA256 (samba-4.15.9.tar.gz) = loKixxwv8lOqJ8uwEmDqyJf/YlzznbIO4yBz5Thv4hk=
+SIZE (samba-4.15.9.tar.gz) = 19324742
Index: patches/patch-auth_auth_log_c
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-auth_auth_log_c,v
retrieving revision 1.6
diff -u -p -r1.6 patch-auth_auth_log_c
--- patches/patch-auth_auth_log_c 10 Mar 2022 00:04:07 -0000 1.6
+++ patches/patch-auth_auth_log_c 28 Jul 2022 22:35:40 -0000
@@ -3,7 +3,7 @@ Avoid printf("%s", NULL);
Index: auth/auth_log.c
--- auth/auth_log.c.orig
+++ auth/auth_log.c
-@@ -610,7 +610,8 @@ static void log_authentication_event_human_readable(
+@@ -622,7 +622,8 @@ static void log_authentication_event_human_readable(
ui->netlogon_trust_account.account_name);
nl = talloc_asprintf(frame,
" NETLOGON computer [%s] trust account [%s]",
@@ -13,7 +13,7 @@ Index: auth/auth_log.c
}

remote = tsocket_address_string(ui->remote_host, frame);
-@@ -628,8 +629,10 @@ static void log_authentication_event_human_readable(
+@@ -640,8 +641,10 @@ static void log_authentication_event_human_readable(
logon_line = talloc_asprintf(
frame,
" mapped to [%s]\\[%s].",
@@ -26,16 +26,15 @@ Index: auth/auth_log.c
}

DEBUGC(DBGC_AUTH_AUDIT, debug_level,
-@@ -639,13 +642,15 @@ static void log_authentication_event_human_readable(
+@@ -651,13 +654,14 @@ static void log_authentication_event_human_readable(
"%s local host [%s]"
" %s\n",
ui->service_description,
- ui->auth_description,
-- log_escape(frame, ui->client.domain_name),
+- log_escape(frame, clientDomain),
+ ui->auth_description ? ui->auth_description : "(NULL)",
-+ log_escape(frame, ui->client.domain_name ?
-+ ui->client.domain_name : "(NULL)"),
- log_escape(frame, ui->client.account_name),
++ log_escape(frame, clientDomain ? clientDomain : "(NULL)"),
+ log_escape(frame, clientAccount),
ts,
- password_type,
+ password_type ? password_type : "(NULL)",
Index: patches/patch-source3_wscript
===================================================================
RCS file: /cvs/ports/net/samba/patches/patch-source3_wscript,v
retrieving revision 1.15
diff -u -p -r1.15 patch-source3_wscript
--- patches/patch-source3_wscript 23 Mar 2022 20:00:48 -0000 1.15
+++ patches/patch-source3_wscript 28 Jul 2022 22:35:40 -0000
@@ -22,7 +22,7 @@ Index: source3/wscript
conf.ADD_LDFLAGS("-Wl,--export-dynamic", testflags=True)

# We crash without vfs_default
-@@ -1683,6 +1684,7 @@ main() {
+@@ -1687,6 +1688,7 @@ main() {

conf.CHECK_CODE('void seekdir(DIR *d, long loc) { return; }',
'SEEKDIR_RETURNS_VOID',
@@ -30,7 +30,7 @@ Index: source3/wscript
headers='sys/types.h dirent.h',
msg='Checking whether seekdir returns void')

-@@ -1796,7 +1798,7 @@ main() {
+@@ -1800,7 +1802,7 @@ main() {
else:
conf.fatal('AFS headers not available, but --with-fake-kaserver was specified')

Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
retrieving revision 1.63
diff -u -p -r1.63 PLIST-main
--- pkg/PLIST-main 13 Mar 2022 00:09:45 -0000 1.63
+++ pkg/PLIST-main 28 Jul 2022 22:35:40 -0000
@@ -1001,6 +1001,8 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tests.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tgs_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kdc_tgs_tests.${MODPY_PYC_MAGIC_TAG}pyc
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kpasswd_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}kpasswd_tests.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}ms_kile_client_principal_lookup_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}ms_kile_client_principal_lookup_tests.${MODPY_PYC_MAGIC_TAG}pyc
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}raw_testcase.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION}
@@ -1042,6 +1044,7 @@ lib/python${MODPY_VERSION}/site-packages
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_base_test.py
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_tests.py
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kdc_tgs_tests.py
+lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/kpasswd_tests.py
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/raw_testcase.py
lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/rfc4120_constants.py

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)