./net/samba4, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.11.5, Package name: samba-4.11.5, Maintainer: pkgsrc-users

Samba is the standard Windows interoperability suite of programs
for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License,
the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and
print services for all clients using the SMB/CIFS protocol, such
as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix
Servers and Desktops into Active Directory environments. It can
function both as a domain controller or as a regular domain member.

This package tracks 4.x branch release.

MESSAGE.rcd [+/-]

Required to run:
[textproc/py-expat] [converters/libiconv] [databases/openldap-client] [archivers/libarchive] [lang/perl5] [net/py-dns] [security/gnutls] [security/libgcrypt] [devel/p5-Parse-Yapp] [devel/popt] [devel/gettext-lib] [devel/readline] [net/avahi] [textproc/jansson] [devel/talloc] [time/py-iso8601] [devel/cmocka] [databases/lmdb] [lang/python37] [devel/tevent] [databases/ldb]

Required to build:
[textproc/docbook-xml] [textproc/docbook-xsl] [textproc/libxslt] [pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Package options: ads, ldap, pam, winbind

Master sites:

SHA1: d06abddcbb5ec1800f30ac2f9b760515e3f2f2ce
RMD160: 137535478b546f364f2c2410ada2ff5289c202fa
Filesize: 18100.483 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-21 15:12:36 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/samba4: update to 4.11.5

Update samba4 to 4.11.5.

                   ==============================
                   Release Notes for Samba 4.11.5
                          January 21, 2020
		   ==============================

This is a security release in order to address the following defects:

o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
		  Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
		  above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.

=======
Details
=======

o  CVE-2019-14902:
   The implementation of ACL inheritance in the Samba AD DC was not complete,
   and so absent a 'full-sync' replication, ACLs could get out of sync between
   domain controllers.

o  CVE-2019-14907:
   When processing untrusted string input Samba can read past the end of the
   allocated buffer when printing a "Conversion error" message to the logs.

o  CVE-2019-19344:
   During DNS zone scavenging (of expired dynamic entries) there is a read of
   memory after it has been freed.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-08 11:40:03 by Jonathan Perkin | Files touched by this commit (2)
Log message:
samba4: Disable more fmemopen utilities on SunOS.
   2019-12-30 14:58:35 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
samba4: updated to 4.11.4

Changes since 4.11.3:
* BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode
  number.
* BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum()
  on an SMB1 connection.
* BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
  SMBC_opendir_ctx.
* BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if
  encrypting an interim response.
* BUG 14205: Prevent smbd crash after invalid SMB1 negprot.
* BUG 13745: s3:printing: Fix %J substition.
* BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context().
* BUG 14069: Incomplete conversion of former parametric options.
* BUG 14070: Fix sync dosmode fallback in async dosmode codepath.
* BUG 14171: vfs_fruit returns capped resource fork length.
* BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries.
* BUG 14211: smbd: Increase a debug level.
* BUG 14153: Prevent azure ad connect from reporting discovery errors:
  reference-value-not-ldap-conformant.
* BUG 14179: krb5_plugin: Fix developer build with newer heimdal system
  library.
* BUG 14168: replace: Only link libnsl and libsocket if requrired.
* BUG 14175: ctdb: Incoming queue can be orphaned causing communication
  breakdown.
* BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take
  cross-answers or cross-execute.
* BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in
  asn1_compile-generated code.
   2019-12-10 14:03:41 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
samba4: updated to 4.11.3

Samba 4.11.3
This is a security release in order to address the following defects:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
		  management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
		  on Samba AD DC.
   2019-11-23 09:45:45 by Makoto Fujiwara | Files touched by this commit (7)
Log message:
Recursive revbump based on devel/cmocka 1.1.3 -> 1.1.5
   2019-11-10 18:02:34 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
samba4: add missing patch
   2019-11-10 18:01:58 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
samba4: updated to 4.11.2

4.11.2:
This is a security release in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the full
		  password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC \ 
LDAP server
		  via dirsync.

4.11.1:
This is the latest stable release of the Samba 4.11 release series.

Changes since 4.11.0:
* BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH
  group.
* BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and
  smbc_lseekdir().
* BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into
  SMB1-specific calls.
* BUG 14137: Fix stale file handle error when using mkstemp on a share.
* BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server.
* BUG 14140: Overlinking libreplace against librt and pthread against every
  binary or library causes issues.
* BUG 14130: s3-winbindd: Fix forest trusts with additional trust attributes.
* BUG 14134: auth/gensec: Fix non-AES schannel seal.
* BUG 14147: Deleted records can be resurrected during recovery.
* BUG 14136: Fix uncaught exception in classicupgrade.
* BUG 14139: fault.c: Improve fault_report message text pointing to our wiki.
* BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI.
* BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users
  of trusted domains/forests.
* BUG 14131: Remove 'pod2man' as it is no longer needed.
* BUG 13884: Joining Active Directory should not use SAMR to set the
  password.
* BUG 14140: Overlinking libreplace against librt and pthread against every
  binary or library causes issues.
* BUG 14155: 'kpasswd' fails when built with MIT Kerberos.
* BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted
  nodes.

4.11.0:
* BUG 14049: ldb: Don't try to save a value that isn't there.
* ldb_dn: Free dn components on explode failure.
* ldb: Do not allow adding a DN as a base to itself.
* ldb: Release ldb 2.0.7.
* BUG 13695: ldb: Correct Pigeonhole principle validation in
  ldb_filter_attrs().
* BUG 14049: Fix ldb dn crash.
* BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords \ 
= no".
* BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust
  mutexes.
* BUG 14121: smbd returns bad File-ID on filehandle used to create a file or
  directory.
* BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations.
* BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint to
  load balancers or servers with "multi-tenancy" support.
* BUG 14113: Fix byte range locking bugs/regressions.
* ldb: Fix mem-leak if talloc_realloc fails.
* BUG 14007: Fix join with don't exists machine account.
* BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map.

CHANGES SINCE 4.11.0rc2
* BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data
  loss in CTDB cluster.
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
  from the share.
* BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what
  is happening).
* BUG 14092: docs: Deprecate "rndc command" for Samba 4.11.
* BUG 14059: ldb: Free memory when repacking database.
* BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id.
* BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and
  st_ex_iflags.
* BUG 14093: vfs_glusterfs: Enable profiling for file system operations.
* BUG 14059: Backport sambadowngradedatabase for v4.11.
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
  from the share.
* BUG 14032: vfs_gpfs: Implement special case for denying owner access to
  ACL.
* BUG 14084: Avoid marking a node as connected before it can receive packets.
* BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7.
* BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing
  databases.