pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/net/samba4
From: Adam Ciarcinski
Date: 2020-07-06 16:38:06
Message id: 20200706143806.679D2FB28@cvs.NetBSD.org

Log Message:
samba4: updated to 4.12.5

Changes since 4.12.4
--------------------
   * BUG 14301: Fix smbd panic on force-close share during async io.
   * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
     folder that contains incorrect symbols in any file name.
   * BUG 14391: Fix DFS links.
   * BUG 14310: Can't use DNS functionality after a Windows DC has been in
     domain.
   * BUG 14413: ldapi search to FreeIPA crashes.
   * BUG 14396: Add net-ads-join dnshostname=fqdn option.
   * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
   * BUG 14386: docs-xml: Update list of posible VFS operations for
     vfs_full_audit.
   * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
   * BUG 14370: Client tools are not able to read gencache anymore.

Samba 4.12.4
============
o  CVE-2020-10730:
   A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
   de-reference and further combinations with the LDAP paged_results feature can
   give a use-after-free in Samba's AD DC LDAP server.

o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
   excessive CPU.

o  CVE-2020-10760:
   The use of the paged_results or VLV controls against the Global Catalog LDAP
   server on the AD DC will cause a use-after-free.

o  CVE-2020-14303:
   The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
   further requests once it receives an empty (zero-length) UDP packet to
   port 137.

For more details, please refer to the security advisories.

Changes since 4.12.3
--------------------
   * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
     several seconds of CPU each.
   * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
     and VLV combined.
   * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
     server with paged_result or VLV.
   * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
     AD DC nbt_server.
   * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
     and VLV combined, ldb: Bump version to 2.1.4.

Files:

Revision	Action	file
1.102	modify	pkgsrc/net/samba4/Makefile
1.31	modify	pkgsrc/net/samba4/PLIST
1.49	modify	pkgsrc/net/samba4/distinfo
1.1	add	pkgsrc/net/samba4/patches/patch-lib_replace_system_passwd.h