Samba security releases have been made available: - 4.24.3 for -current and 7.9 - 4.23.8 for 7.8 These updates address the following defects: CVE-2026-1933: Missing access checks on reparse point operations CVE-2026-2340: WORM vfs module does not block overwrites CVE-2026-3012: auto-enrolment GPO installing CA certificate over http without verification CVE-2026-3238: Denial of service against AD DC WINS server CVE-2026-4408: Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR server CVE-2026-4480: Unauthenticated Remote Code Execution in Samba printing subsystem More information can be found at https://www.samba.org/samba/history/samba-4.24.3.html and https://www.samba.org/samba/history/samba-4.23.8.html. Enclosed are 3 diffs: current-samba-4.24.3.patch: updates Samba on current 7.9-samba-4.24.3.patch: updates Samba on 7.9 7.8-samba-4.23.8.patch: updates Samba on 7.8 These updates need FIX_EXTRACT_PERMISSIONS=Yes. Minor of libsamba-util has been bumped. All three diffs have been lightly run tested. OK to commit to -current, 7.9 and 7.8?
Index: Makefile =================================================================== RCS file: /cvs/ports/net/samba/Makefile,v diff -u -p -r1.374 Makefile --- Makefile 15 May 2026 07:31:04 -0000 1.374 +++ Makefile 26 May 2026 15:10:42 -0000 @@ -1,4 +1,4 @@ -VERSION = 4.24.2 +VERSION = 4.24.3 DISTNAME = samba-${VERSION} EPOCH = 0 @@ -25,7 +25,7 @@ SHARED_LIBS = dcerpc 3.0 \ samba-hostconfig 19.0 \ samba-passdb 3.2 \ samba-policy 0.0 \ - samba-util 13.0 \ + samba-util 13.1 \ samdb 6.0 \ smbclient 6.3 \ smbconf 19.1 \ @@ -54,6 +54,8 @@ WANTLIB-docs = SITES = https://download.samba.org/pub/samba/stable/ \ https://download.samba.org/pub/samba/old-versions/ + +FIX_EXTRACT_PERMISSIONS = Yes MULTI_PACKAGES = -main -docs DEBUG_PACKAGES = ${BUILD_PACKAGES} Index: distinfo =================================================================== RCS file: /cvs/ports/net/samba/distinfo,v diff -u -p -r1.139 distinfo --- distinfo 15 May 2026 07:31:04 -0000 1.139 +++ distinfo 26 May 2026 15:10:42 -0000 @@ -1,2 +1,2 @@ -SHA256 (samba-4.24.2.tar.gz) = rCRYPycagqwyT3xvrXMn9ltZGtNJLh3M/umI4sHIHdE= -SIZE (samba-4.24.2.tar.gz) = 43409510 +SHA256 (samba-4.24.3.tar.gz) = Sl4O0eoZK3mMhz2ZV8UKV2fBDCdnzMsA1W7MQn6U+Ok= +SIZE (samba-4.24.3.tar.gz) = 43446520
? 7.9-samba-4.24.3.patch Index: Makefile =================================================================== RCS file: /cvs/ports/net/samba/Makefile,v diff -u -p -r1.372.2.1 Makefile --- Makefile 20 May 2026 18:00:12 -0000 1.372.2.1 +++ Makefile 26 May 2026 16:05:25 -0000 @@ -1,4 +1,4 @@ -VERSION = 4.24.2 +VERSION = 4.24.3 DISTNAME = samba-${VERSION} EPOCH = 0 @@ -25,7 +25,7 @@ SHARED_LIBS = dcerpc 3.0 \ samba-hostconfig 19.0 \ samba-passdb 3.2 \ samba-policy 0.0 \ - samba-util 13.0 \ + samba-util 13.1 \ samdb 6.0 \ smbclient 6.3 \ smbconf 19.1 \ @@ -54,6 +54,8 @@ WANTLIB-docs = SITES = https://download.samba.org/pub/samba/stable/ \ https://download.samba.org/pub/samba/old-versions/ + +FIX_EXTRACT_PERMISSIONS = Yes MULTI_PACKAGES = -main -docs DEBUG_PACKAGES = ${BUILD_PACKAGES} Index: distinfo =================================================================== RCS file: /cvs/ports/net/samba/distinfo,v diff -u -p -r1.138.2.1 distinfo --- distinfo 20 May 2026 18:00:12 -0000 1.138.2.1 +++ distinfo 26 May 2026 16:05:25 -0000 @@ -1,2 +1,2 @@ -SHA256 (samba-4.24.2.tar.gz) = rCRYPycagqwyT3xvrXMn9ltZGtNJLh3M/umI4sHIHdE= -SIZE (samba-4.24.2.tar.gz) = 43409510 +SHA256 (samba-4.24.3.tar.gz) = Sl4O0eoZK3mMhz2ZV8UKV2fBDCdnzMsA1W7MQn6U+Ok= +SIZE (samba-4.24.3.tar.gz) = 43446520
Index: Makefile =================================================================== RCS file: /cvs/ports/net/samba/Makefile,v diff -u -p -r1.365.2.5 Makefile --- Makefile 1 Mar 2026 19:38:10 -0000 1.365.2.5 +++ Makefile 26 May 2026 18:08:07 -0000 @@ -1,4 +1,4 @@ -VERSION = 4.23.6 +VERSION = 4.23.8 DISTNAME = samba-${VERSION} EPOCH = 0 @@ -25,7 +25,7 @@ SHARED_LIBS = dcerpc 3.0 \ samba-hostconfig 17.0 \ samba-passdb 3.2 \ samba-policy 0.0 \ - samba-util 12.0 \ + samba-util 12.1 \ samdb 5.0 \ smbclient 6.3 \ smbconf 18.0 \ @@ -54,6 +54,8 @@ WANTLIB-docs = SITES = https://download.samba.org/pub/samba/stable/ \ https://download.samba.org/pub/samba/old-versions/ + +FIX_EXTRACT_PERMISSIONS = Yes MULTI_PACKAGES = -main -docs DEBUG_PACKAGES = ${BUILD_PACKAGES} Index: distinfo =================================================================== RCS file: /cvs/ports/net/samba/distinfo,v diff -u -p -r1.131.2.5 distinfo --- distinfo 1 Mar 2026 19:38:10 -0000 1.131.2.5 +++ distinfo 26 May 2026 18:08:07 -0000 @@ -1,2 +1,2 @@ -SHA256 (samba-4.23.6.tar.gz) = 49q9i15C3Jdmn6D67wMlEKlOSWtY9wZwguUDbYjw5wI= -SIZE (samba-4.23.6.tar.gz) = 43306831 +SHA256 (samba-4.23.8.tar.gz) = l2EphHRW3Ft4wA+P+3ncYFxJ1qrKiyqncv0i27afrgE= +SIZE (samba-4.23.8.tar.gz) = 43360349 Index: patches/patch-buildtools_wafsamba_samba_autoconf_py =================================================================== RCS file: /cvs/ports/net/samba/patches/patch-buildtools_wafsamba_samba_autoconf_py,v diff -u -p -r1.24 patch-buildtools_wafsamba_samba_autoconf_py --- patches/patch-buildtools_wafsamba_samba_autoconf_py 15 Sep 2025 04:27:32 -0000 1.24 +++ patches/patch-buildtools_wafsamba_samba_autoconf_py 26 May 2026 18:08:07 -0000 @@ -5,7 +5,7 @@ Index: buildtools/wafsamba/samba_autoconf.py --- buildtools/wafsamba/samba_autoconf.py.orig +++ buildtools/wafsamba/samba_autoconf.py -@@ -958,6 +958,27 @@ def ADD_LDFLAGS(conf, flags, testflags=False): +@@ -963,6 +963,27 @@ def ADD_LDFLAGS(conf, flags, testflags=False): if not 'EXTRA_LDFLAGS' in conf.env: conf.env['EXTRA_LDFLAGS'] = [] conf.env['EXTRA_LDFLAGS'].extend(TO_LIST(flags)) @@ -33,7 +33,7 @@ Index: buildtools/wafsamba/samba_autocon return flags -@@ -1029,7 +1050,7 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf): +@@ -1034,7 +1055,7 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf): # symbols used for fuzzers are only defined by compiler wrappers. return
No comments:
Post a Comment