From patchwork Thu Apr 1 11:37:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 4010 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FB1Px5gmBz3x1r for ; Thu, 1 Apr 2021 11:37:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FB1Px0DRlz20G; Thu, 1 Apr 2021 11:37:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FB1Pw6cy2z2xmG; Thu, 1 Apr 2021 11:37:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FB1Pv5K9Cz2xZs for ; Thu, 1 Apr 2021 11:37:39 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FB1Pt6Zdsz2x; Thu, 1 Apr 2021 11:37:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1617277059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zd+8PoyeWH+Cn8c+UAvq9e6LeiHgTrzA/WKmQGB0grc=; b=RTMFy+S6NgxsLqXWa+j7O4JpBhyNDgtgMt745lanwQby4dy3OAkY9J9Puhn6nFxJ7u2Nj2 z2yqJZZz6xGhPZVFZ7JJQYB6DObQiM0BGFYTLY2Y+TXlNqBlLRo2iOgNaoIgW2b3t3ctHP JkHuR5z8MN/lYCMPaPFay917ilSMK30lsdqOsxY63p5pF0loUSvHWkjkNDQ88mpPPvxH94 nmOeJV5P1Uw85AnH0a7XWR+40H/R7/0aupS9CI8CqDqZH8lxmYpLP0AAXTDrRInQPimhr0 ftRNujnctolkBsfPpS28OAbFI6w0NbLlEJhcjRRQOK1iJZl0aAPJvjEZlhm9vg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1617277059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Zd+8PoyeWH+Cn8c+UAvq9e6LeiHgTrzA/WKmQGB0grc=; b=XOeriPzOsChVnWuYR3iUjO42xWUvkN7LZVfjiw9rRiH8LhYBhJHzHarv9XZf0WU6Gy1xsw fZaL9zqMTHvGpRBg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] samba: Update to 4.13.7 Date: Thu, 1 Apr 2021 13:37:35 +0200 Message-Id: <20210401113735.3720-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 4.13.4 to 4.13.7 - Update of x68_64 rootfile - Changelog Release Notes for Samba 4.13.7 March 24, 2021 This is a security release in order to address the following defects: o CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. Douglas Bagnall * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs. o CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server. Andrew Bartlett * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. Douglas Bagnall * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. Release Notes for Samba 4.13.5 March 09, 2021 This is the latest stable release of the Samba 4.13 release series. o Trever L. Adams * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure. o Jeremy Allison * BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection. * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services. o Andrew Bartlett * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones. o Ralph Boehme conn->session_info for the initial delete-on-close token. o Peter Eriksson * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path. o Björn Jacke * BUG 14624: classicupgrade: Treat old never expires value right. o Volker Lendecke * BUG 14636: g_lock: Fix uninitalized variable reads. o Stefan Metzmacher * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file(). o Andreas Schneider * BUG 14625: lib:util: Avoid free'ing our own pointer. o Paul Wise * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work. Signed-off-by: Adolf Belka --- config/rootfiles/packages/x86_64/samba | 5 ++--- lfs/samba | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index 590479da7..93c35b51e 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -667,7 +667,7 @@ usr/lib/samba/libldb-key-value-samba4.so usr/lib/samba/libldb-tdb-err-map-samba4.so usr/lib/samba/libldb-tdb-int-samba4.so usr/lib/samba/libldb.so.2 -usr/lib/samba/libldb.so.2.2.0 +usr/lib/samba/libldb.so.2.2.1 usr/lib/samba/libldbsamba-samba4.so usr/lib/samba/liblibcli-lsa3-samba4.so usr/lib/samba/liblibcli-netlogon3-samba4.so @@ -688,7 +688,7 @@ usr/lib/samba/libposix-eadb-samba4.so usr/lib/samba/libprinter-driver-samba4.so usr/lib/samba/libprinting-migrate-samba4.so usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2 -usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2.2.0 +usr/lib/samba/libpyldb-util.cpython-38-x86-64-linux-gnu.so.2.2.1 usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2 usr/lib/samba/libpytalloc-util.cpython-38-x86-64-linux-gnu.so.2.3.1 usr/lib/samba/libregistry-samba4.so @@ -711,7 +711,6 @@ usr/lib/samba/libshares-samba4.so usr/lib/samba/libsmb-transport-samba4.so usr/lib/samba/libsmbclient-raw-samba4.so usr/lib/samba/libsmbd-base-samba4.so -usr/lib/samba/libsmbd-conn-samba4.so usr/lib/samba/libsmbd-shim-samba4.so usr/lib/samba/libsmbldaphelper-samba4.so usr/lib/samba/libsmbpasswdparser-samba4.so diff --git a/lfs/samba b/lfs/samba index d218ecf38..ea8fcd428 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.13.4 +VER = 4.13.7 THISAPP = samba-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 76 +PAK_VER = 77 DEPS = avahi cups libtirpc krb5 perl-Parse-Yapp @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ba89901019e05585f9511f52a4667d4f +$(DL_FILE)_MD5 = 1a900f45d5251b53c9bd28887e588583 install : $(TARGET)