./net/samba4, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.12.7, Package name: samba-4.12.7, Maintainer: pkgsrc-users

Samba is the standard Windows interoperability suite of programs
for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License,
the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and
print services for all clients using the SMB/CIFS protocol, such
as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix
Servers and Desktops into Active Directory environments. It can
function both as a domain controller or as a regular domain member.

This package intends to provide the current stable version of samba
within the 4.x series. (As will all packages, it may of course
sometimes contain an older stable release due to not being updated
yet.)

MESSAGE.rcd [+/-]

Required to run:
[textproc/py-expat] [converters/libiconv] [databases/openldap-client] [archivers/libarchive] [lang/perl5] [net/py-dns] [security/gnutls] [security/libgcrypt] [devel/p5-Parse-Yapp] [devel/popt] [devel/gettext-lib] [devel/readline] [net/avahi] [textproc/jansson] [devel/talloc] [time/py-iso8601] [devel/cmocka] [databases/lmdb] [lang/python37] [devel/tevent] [databases/ldb]

Required to build:
[textproc/docbook-xml] [textproc/docbook-xsl] [textproc/libxslt] [pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto]

Package options: ads, avahi, ldap, pam, winbind

Master sites:

SHA1: b56b8390064572dd2024b23ca931fc82678ead2d
RMD160: 6947298acc9871f6c3245b1966b18ad490625c3e
Filesize: 17802.888 KB

Version history: (Expand)


CVS history: (Expand)


   2020-09-19 16:00:54 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
net/samba4: update to 4.12.7

Update samba4 package to 4.12.7.

                   ==============================
                   Release Notes for Samba 4.12.7
                         September 18, 2020
                   ==============================

This is a security release in order to address the following defect:

o CVE-2020-1472: Unauthenticated domain takeover via netlogon \ 
("ZeroLogon").

The following applies to Samba used as domain controller only (most
seriously the Active Directory DC, but also the classic/NT4-style DC).

Installations running Samba as a file server only are not directly
affected by this flaw, though they may need configuration changes to
continue to talk to domain controllers (see "file servers and domain
members" below).

The netlogon protocol contains a flaw that allows an authentication
bypass. This was reported and patched by Microsoft as CVE-2020-1472.
Since the bug is a protocol level flaw, and Samba implements the
protocol, Samba is also vulnerable.

However, since version 4.8 (released in March 2018), the default
behaviour of Samba has been to insist on a secure netlogon channel,
which is a sufficient fix against the known exploits. This default is
equivalent to having 'server schannel = yes' in the smb.conf.

Therefore versions 4.8 and above are not vulnerable unless they have
the smb.conf lines 'server schannel = no' or 'server schannel = auto'.

Samba versions 4.7 and below are vulnerable unless they have 'server
schannel = yes' in the smb.conf.

Note each domain controller needs the correct settings in its smb.conf.

Vendors supporting Samba 4.7 and below are advised to patch their
installations and packages to add this line to the [global] section if
their smb.conf file.

The 'server schannel = yes' smb.conf line is equivalent to Microsoft's
'FullSecureChannelProtection=1' registry key, the introduction of
which we understand forms the core of Microsoft's fix.

Some domains employ third-party software that will not work with a
'server schannel = yes'. For these cases patches are available that
allow specific machines to use insecure netlogon. For example, the
following smb.conf:

   server schannel = yes
   server require schannel:triceratops$ = no
   server require schannel:greywacke$ = no

will allow only "triceratops$" and "greywacke$" to avoid \ 
schannel.

More details can be found here:
https://www.samba.org/samba/security/CVE-2020-1472.html
   2020-09-11 19:18:09 by Jonathan Perkin | Files touched by this commit (1)
Log message:
samba4: Limit iconv hack to NetBSD.

Resolves issue on Linux reported by sobukus on IRC.
   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-08-18 09:39:31 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
samba4: updated to 4.12.6

Changes since 4.12.5
* BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
* BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
  to work on RHEL7.
* BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
* BUG 14426: lib/debug: Set the correct default backend loglevel to
  MAX_DEBUG_LEVEL.
* BUG 14428: PANIC: Assert failed in get_lease_type().
* BUG 14422: util: Fix build on AIX by fixing the order of replace.h include.
* BUG 14355: srvsvc_NetFileEnum asserts with open files.
* BUG 14354: KDC breaks with DES keys still in the database and
  msDS-SupportedEncryptionTypes 31 indicating support for it.
* BUG 14427: s3:smbd: Make sure vfs_ChDir() always sets
  conn->cwd_fsp->fh->fd = AT_FDCWD.
* BUG 14428: PANIC: Assert failed in get_lease_type().
* BUG 14358: docs: Fix documentation for require_membership_of of
  pam_winbind.conf.
* BUG 14444: ctdb-scripts: Use nfsconf utility for variable values in CTDB
  NFS scripts.
* BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
  mode fatal.
   2020-08-17 22:20:41 by Leonardo Taccari | Files touched by this commit (2202)
Log message:
*: revbump after fontconfig bl3 changes (libuuid removal)
   2020-07-28 03:11:10 by Christos Zoulas | Files touched by this commit (2)
Log message:
Move sysvol from /var/run/sysvol to /var/db/samba4/sysvol as FreeBSD does,
so that the provisioning data gets preserved across reboots.
From Matthias Perelmann
   2020-07-21 20:42:25 by Christos Zoulas | Files touched by this commit (3)
Log message:
Fix arguments to getgroupmembership
   2020-07-21 00:19:58 by Thomas Klausner | Files touched by this commit (1)
Log message:
samba4: NetBSD current supports ACL, add it to allow-list