./net/samba4, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.9.4nb2, Package name: samba-4.9.4nb2, Maintainer: pkgsrc-users

Samba is the standard Windows interoperability suite of programs
for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License,
the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and
print services for all clients using the SMB/CIFS protocol, such
as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix
Servers and Desktops into Active Directory environments. It can
function both as a domain controller or as a regular domain member.

This package tracks 4.x branch release.

MESSAGE.rcd [+/-]

Required to run:
[textproc/py-expat] [converters/libiconv] [databases/tdb] [archivers/libarchive] [lang/perl5] [net/py-dns] [security/gnutls] [security/libgcrypt] [devel/p5-Parse-Yapp] [devel/popt] [devel/gettext-lib] [devel/readline] [lang/python27] [textproc/jansson] [devel/talloc] [time/py-iso8601] [devel/cmocka] [databases/lmdb]

Required to build:
[textproc/docbook-xml] [textproc/docbook-xsl] [textproc/libxslt] [pkgtools/cwrappers]

Package options: ads, ldap, pam, winbind

Master sites:

SHA1: 7f8e15709e03e52d14bd9c85dd717366c106993f
RMD160: d0a43b85b85906f860de12b0b0abb1fcc5643b7a
Filesize: 17630.604 KB

Version history: (Expand)


CVS history: (Expand)


   2019-01-03 20:36:45 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
samba4: use external tevent and tdb; bump revision
   2018-12-22 02:13:52 by Adam Ciarcinski | Files touched by this commit (12)
Log message:
samba4: buidling fixes

PkgSrc changes:
* fix building on Darwin and probably other systems as well
* install manpages
* use correct install_name on Darwin
* does not collide with p5-Parse-Yapp anymore
* use cmocka and libgcrypt
* clean-ups
   2018-12-20 22:18:22 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
samba4: updated to 4.9.4

Release Notes for Samba 4.9.4

Major bug fixes include:
   o dns: Fix CNAME loop prevention using counter regression.

Changes since 4.9.3:
   * BUG 9175: libcli/smb: Don't overwrite status code.
   * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
   * BUG 13661: Session setup reauth fails to sign response.
   * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
   * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
     version for writing.
   * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
     with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
   * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
   * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
   * PEP8: fix E231: missing whitespace after ','.
   * BUG 13629: winbindd: Fix crash when taking profiles.
   * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
     regression.
   * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
   * BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
   * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
   * BUG 13696: ctdb-daemon: Exit with error if a database directory does not
     exist.
   * BUG 13498: s3:libads: Add net ads leave keep-account option.
   2018-12-10 15:42:45 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Fix another mistake. This will fix the packaging really.
   2018-12-10 01:14:23 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Remove PLIST.*=no to fix packaging
   2018-12-09 15:48:03 by Ryo ONODERA | Files touched by this commit (2)
Log message:
FIx build on 32-bit architecture environments.

ldb-lmdb part is not buildable for 32-bit architecture environments.
Tested on NetBSD/i386 8.
   2018-12-03 14:51:52 by Michael van Elst | Files touched by this commit (2)
Log message:
Set SMB_PRIVATE directory correctly.
Add two missing libraries to PLIST.
   2018-11-29 15:46:46 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/samba4: update to 4.9.3

                   =============================
                   Release Notes for Samba 4.9.3
                         November 27, 2018
                   =============================

This is a security release in order to address the following defects:

o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
                   Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
                   configuration (unsupported))
o  CVE-2018-16857 (Bad password count in AD DC not always effective)

=======
Details
=======

o  CVE-2018-14629:
   All versions of Samba from 4.0.0 onwards are vulnerable to infinite
   query recursion caused by CNAME loops. Any dns record can be added via
   ldap by an unprivileged user using the ldbadd tool, so this is a
   security issue.

o  CVE-2018-16841:
   When configured to accept smart-card authentication, Samba's KDC will call
   talloc_free() twice on the same memory if the principal in a validly signed
   certificate does not match the principal in the AS-REQ.

   This is only possible after authentication with a trusted certificate.

   talloc is robust against further corruption from a double-free with
   talloc_free() and directly calls abort(), terminating the KDC process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

o  CVE-2018-16851:
   During the processing of an LDAP search before Samba's AD DC returns
   the LDAP entries to the client, the entries are cached in a single
   memory object with a maximum size of 256MB.  When this size is
   reached, the Samba process providing the LDAP service will follow the
   NULL pointer, terminating the process.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

o  CVE-2018-16852:
   During the processing of an DNS zone in the DNS management DCE/RPC server,
   the internal DNS server or the Samba DLZ plugin for BIND9, if the
   DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
   property is set, the server will follow a NULL pointer and terminate.

   There is no further vulnerability associated with this issue, merely a
   denial of service.

o  CVE-2018-16853:
   A user in a Samba AD domain can crash the KDC when Samba is built in the
   non-default MIT Kerberos configuration.

   With this advisory we clarify that the MIT Kerberos build of the Samba
   AD DC is considered experimental.  Therefore the Samba Team will not
   issue security patches for this configuration.

o  CVE-2018-16857:
   AD DC Configurations watching for bad passwords (to restrict brute forcing
   of passwords) in a window of more than 3 minutes may not watch for bad
   passwords at all.

For more details and workarounds, please refer to the security advisories.