From patchwork Tue Jul 25 14:37:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7026 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4R9KPL6nnnz3whv for ; Tue, 25 Jul 2023 14:37:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4R9KPK19bNzGB; Tue, 25 Jul 2023 14:37:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4R9KPK0YYyz2y1C; Tue, 25 Jul 2023 14:37:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4R9KPH42dSz2xPW for ; Tue, 25 Jul 2023 14:37:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4R9KPG2F7BzGB; Tue, 25 Jul 2023 14:37:22 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1690295842; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=lFczx3wDv7RSDba1TQ2GeEUPfKI44ztuOJkJdvZnbWc=; b=uOtNA6wAoGgnRth6kz6y3mkmOXDdzTmxJbFHTnFQUeRKWf/50H/Ca8bZxe726TdaVzAYSt 7PeBscBbAViOSeAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1690295842; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=lFczx3wDv7RSDba1TQ2GeEUPfKI44ztuOJkJdvZnbWc=; b=ATYVGwvL1dsTwqOYcysOhssI/2t5WsF5Fz63Rw6HNEcqrsQX86Bs0jcjNWFo3t6Wl3Hldh 94KhGY27Hpv2JPoR2tZWrXjp+qn+B/yRy2BvQKrykSKaeNo/bJM8HO/00cg+47wFhgFLAf J+Gdsj2ucsNN1SLeXvPGNDUegP3dG1dTSKRIDeLOxtOAnD/B243RQ4WZ4Eiop2UilFtFP6 TH0V0bEVCsM2VULqiSqpfn1iXmVrIXL2TZjVCl4LxhDdxLKXnGGXa8FfwrjhCKlzQ/tLvM Vfcytn7leUQuSo72ZilxpgsdjuV4kKaE31gbwOLYe0UDwiOiUF43lKhN4MAw+A== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] samba: Update to version 4.18.5 Date: Tue, 25 Jul 2023 16:37:17 +0200 Message-ID: <20230725143717.3458626-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 4.18.4 to 4.18.5 - Update of rootfile not required - Changelog 4.18.5 This is a security release in order to address the following defects: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html o Ralph Boehme * BUG 15072: CVE-2022-2127. * BUG 15340: CVE-2023-34966. * BUG 15341: CVE-2023-34967. * BUG 15388: CVE-2023-34968. * BUG 15397: CVE-2023-3347. o Volker Lendecke * BUG 15072: CVE-2022-2127. o Stefan Metzmacher * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. Signed-off-by: Adolf Belka --- lfs/samba | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/samba b/lfs/samba index 9e104f64a..99f211a3c 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.18.4 +VER = 4.18.5 SUMMARY = A SMB/CIFS File, Print, and Authentication Server THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 94 +PAK_VER = 95 DEPS = avahi cups perl-Parse-Yapp perl-JSON @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1f1aab7eb933111b9b1c72af8c3dd379fe34014085129e9d5cc400b4e434742e1c08ad4fdf2a98291d6063ce9b2ddc811e9ab5dbb133a85e97f2158f83dd7c96 +$(DL_FILE)_BLAKE2 = 24c625372c6e4f7f4393777991221f7a7ad25513717436491ea3238c8d588e738eb1a64791606f691b3608362b3f3741f390f08975b2b0578c497984a4d44392 install : $(TARGET)