./net/samba4, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2020Q3, Version: 4.12.9, Package name: samba-4.12.9, Maintainer: pkgsrc-users

Samba is the standard Windows interoperability suite of programs
for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License,
the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and
print services for all clients using the SMB/CIFS protocol, such
as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix
Servers and Desktops into Active Directory environments. It can
function both as a domain controller or as a regular domain member.

This package intends to provide the current stable version of samba
within the 4.x series. (As will all packages, it may of course
sometimes contain an older stable release due to not being updated
yet.)

MESSAGE.rcd [+/-]


Package options: ads, avahi, ldap, pam, winbind

Master sites:

SHA1: ec12a1e9577b70e1d1239e88ae54b2625885cf9f
RMD160: a34871667c3dd51b9c8866ffb0a677de90a10196
Filesize: 17808.787 KB

Version history: (Expand)


CVS history: (Expand)


   2020-11-01 11:50:52 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6361 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.110
- net/samba4/distinfo                                           1.53

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Oct 30 07:17:16 UTC 2020

   Modified Files:
   	pkgsrc/net/samba4: Makefile distinfo

   Log message:
   net/samba4: update to 4.12.9

   Summary from NEWS files:

   Samba 4.12.9 (2020-10-29)

   o  CVE-2020-14318:
      The SMB1/2/3 protocols have a concept of "ChangeNotify", where a \ 
client can
      request file name notification on a directory handle when a condition such as
      "new file creation" or "file size change" or \ 
"file timestamp update" occurs.

      A missing permissions check on a directory handle requesting ChangeNotify
      meant that a client with a directory handle open only for
      FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
      notify replies from the server. These replies contain information that should
      not be available to directory handles open for FILE_READ_ATTRIBUTE only.

   o  CVE-2020-14323:
      winbind in version 3.6 and later implements a request to translate multiple
      Windows SIDs into names in one request. This was done for performance
      reasons: Active Directory domain controllers can do multiple SID to name
      translations in one RPC call. It was an obvious extension to also offer this
      batch operation on the winbind unix domain stream socket that is available to
      local processes on the Samba server to reduce network round-trips to the
      domain controller.

      Due to improper input validation a hand-crafted packet can make winbind
      perform a NULL pointer dereference and thus crash.

   o  CVE-2020-14383:
      Some DNS records (such as MX and NS records) usually contain data in the
      additional section. Samba's dnsserver RPC pipe (which is an administrative
      interface not used in the DNS server itself) made an error in handling the
      case where there are no records present: instead of noticing the lack of
      records, it dereferenced uninitialised memory, causing the RPC server to
      crash. This RPC server, which also serves protocols other than dnsserver,
      will be restarted after a short delay, but it is easy for an authenticated
      non-admin attacker to crash it again as soon as it returns. The Samba DNS
      server itself will continue to operate, but many RPC services will not.

   Samba 4.12.8 (2020-10-07)

   Changes since 4.12.7
   --------------------

   o  Guenther Deschner <gd@samba.org>
      * BUG 14318: docs: Add missing winexe manpage.

   o  Volker Lendecke <vl@samba.org>
      * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
        response.

   o  Laurent Menase <laurent.menase@hpe.com>
      * BUG 14388: winbind: Fix a memleak.

   o  Stefan Metzmacher <metze@samba.org>
      * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
        response.
      * BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.

   o  Christof Schmitt <cs@samba.org>
      * BUG 14166: util: Allow symlinks in directory_create_or_exist.

   o  Andreas Schneider <asn@samba.org>
      * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
        3.6.14.
      * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.

   o  Martin Schwenke <martin@meltin.net>
      * BUG 14466: ctdb disable/enable can fail due to race condition.