./net/samba4, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2020Q2, Version: 4.12.5, Package name: samba-4.12.5, Maintainer: pkgsrc-users

Samba is the standard Windows interoperability suite of programs
for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License,
the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and
print services for all clients using the SMB/CIFS protocol, such
as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix
Servers and Desktops into Active Directory environments. It can
function both as a domain controller or as a regular domain member.

This package intends to provide the current stable version of samba
within the 4.x series. (As will all packages, it may of course
sometimes contain an older stable release due to not being updated
yet.)

MESSAGE.rcd [+/-]

Required to run:
[time/py-iso8601] [security/gnutls] [security/libgcrypt] [lang/perl5] [lang/python37] [devel/cmocka] [devel/readline] [devel/gettext-lib] [devel/talloc] [devel/popt] [devel/tevent] [devel/p5-Parse-Yapp] [net/avahi] [net/py-dns]

Required to build:
[x11/fixesproto4] [x11/xcb-proto] [x11/xorgproto]

Package options: ads, avahi, ldap, pam, winbind

Master sites:

SHA1: 67322997b5588b95c8f9d3fb85f9709deea885cd
RMD160: 5dd2eff38edbb1c0872222559fc08b7e57c5d3c7
Filesize: 17793.329 KB

Version history: (Expand)


CVS history: (Expand)


   2020-07-29 22:15:59 by Benny Siegert | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #6276 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.102
- net/samba4/PLIST                                              1.31
- net/samba4/distinfo                                           1.49
- net/samba4/patches/patch-lib_replace_system_passwd.h          1.1

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jul  6 14:38:06 UTC 2020

   Modified Files:
   	pkgsrc/net/samba4: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/net/samba4/patches: patch-lib_replace_system_passwd.h

   Log message:
   samba4: updated to 4.12.5

   Changes since 4.12.4
   --------------------
      * BUG 14301: Fix smbd panic on force-close share during async io.
      * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
        folder that contains incorrect symbols in any file name.
      * BUG 14391: Fix DFS links.
      * BUG 14310: Can't use DNS functionality after a Windows DC has been in
        domain.
      * BUG 14413: ldapi search to FreeIPA crashes.
      * BUG 14396: Add net-ads-join dnshostname=fqdn option.
      * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
      * BUG 14386: docs-xml: Update list of posible VFS operations for
        vfs_full_audit.
      * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
      * BUG 14370: Client tools are not able to read gencache anymore.

   Samba 4.12.4
   ============
   o  CVE-2020-10730:
      A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
      de-reference and further combinations with the LDAP paged_results feature can
      give a use-after-free in Samba's AD DC LDAP server.

   o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
      excessive CPU.

   o  CVE-2020-10760:
      The use of the paged_results or VLV controls against the Global Catalog LDAP
      server on the AD DC will cause a use-after-free.

   o  CVE-2020-14303:
      The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
      further requests once it receives an empty (zero-length) UDP packet to
      port 137.

   For more details, please refer to the security advisories.

   Changes since 4.12.3
   --------------------
      * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
        several seconds of CPU each.
      * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
        and VLV combined.
      * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
        server with paged_result or VLV.
      * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
        AD DC nbt_server.
      * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
        and VLV combined, ldb: Bump version to 2.1.4.