CVS commit: [pkgsrc-2023Q3] pkgsrc/net/samba4

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Oct 12 15:59:15 UTC 2023

Modified Files:
        pkgsrc/net/samba4 [pkgsrc-2023Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #6808 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.170-1.171
- net/samba4/PLIST                                              1.52
- net/samba4/distinfo                                           1.97-1.98

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Wed Sep 27 12:02:48 UTC 2023

   Modified Files:
        pkgsrc/net/samba4: Makefile distinfo

   Log Message:
   net/samba4: update to 4.18.7

                     ==============================
                     Release Notes for Samba 4.18.7
                           September 27, 2023
                     ==============================

   This is the latest stable release of the Samba 4.18 release series.

   Changes since 4.18.6
   --------------------

   o  Jeremy Allison <jra%samba.org@localhost>
     * BUG 15419: Weird filename can cause assert to fail in
       openat_pathref_fsp_nosymlink().
     * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
       after failed IPC FSCTL_PIPE_TRANSCEIVE.
     * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
       pointer.

   o  Andrew Bartlett <abartlet%samba.org@localhost>
     * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
     * BUG 15407: Samba replication logs show (null) DN.

   o  Ralph Boehme <slow%samba.org@localhost>
     * BUG 15463: macOS mdfind returns only 50 results.

   o  Remi Collet <rcollet%redhat.com@localhost>
     * BUG 14808: smbc_getxattr() return value is incorrect.

   o  Volker Lendecke <vl%samba.org@localhost>
     * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
       previous cache entry value.

   o  Stefan Metzmacher <metze%samba.org@localhost>
     * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
       impacts sendmail, zabbix, potentially more.

   o  MikeLiu <mikeliu%qnap.com@localhost>
     * BUG 15453: File doesn't show when user doesn't have permission if
       aio_pthread is loaded.

   o  Martin Schwenke <mschwenke%ddn.com@localhost>
     * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
       1.9.1.

   o  Joseph Sutton <josephsutton%catalyst.net.nz@localhost>
     * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
       empty claims pac blobs (from Samba 4.19 or Windows).
     * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
       in use.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Oct 10 16:05:01 UTC 2023

   Modified Files:
        pkgsrc/net/samba4: Makefile PLIST distinfo

   Log Message:
   net/samba4: update to 4.18.8

                     ==============================
                     Release Notes for Samba 4.18.8
                            October 10, 2023
                     ==============================

   This is a security release in order to address the following defects:

   o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                    existing unix domain sockets on the file system.
                    https://www.samba.org/samba/security/CVE-2023-3961.html

   o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                    OVERWRITE disposition when using the acl_xattr Samba VFS
                    module with the smb.conf setting
                    "acl_xattr:ignore system acls = yes"
                    https://www.samba.org/samba/security/CVE-2023-4091.html

   o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                    attributes, including secrets and passwords.  Additionally,
                    the access check fails open on error conditions.
                    https://www.samba.org/samba/security/CVE-2023-4154.html

   o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                    server block for a user-defined amount of time, denying
                    service.
                    https://www.samba.org/samba/security/CVE-2023-42669.html

   o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                    listeners, disrupting service on the AD DC.
                    https://www.samba.org/samba/security/CVE-2023-42670.html


To generate a diff of this commit:
cvs rdiff -u -r1.169 -r1.169.2.1 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.51 -r1.51.4.1 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.96 -r1.96.2.1 pkgsrc/net/samba4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/samba4/Makefile
diff -u pkgsrc/net/samba4/Makefile:1.169 pkgsrc/net/samba4/Makefile:1.169.2.1
--- pkgsrc/net/samba4/Makefile:1.169    Tue Aug 29 14:50:41 2023
+++ pkgsrc/net/samba4/Makefile  Thu Oct 12 15:59:15 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.169 2023/08/29 14:50:41 taca Exp $
+# $NetBSD: Makefile,v 1.169.2.1 2023/10/12 15:59:15 bsiegert Exp $
 
-DISTNAME=      samba-4.18.6
+DISTNAME=      samba-4.18.8
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 
@@ -214,7 +214,7 @@ BUILDLINK_API_DEPENDS.ldb+= ldb>=2.7.2<2
 .include "../../devel/gettext-lib/buildlink3.mk"
 .include "../../devel/popt/buildlink3.mk"
 .include "../../devel/readline/buildlink3.mk"
-BUILDLINK_API_DEPENDS.talloc+= talloc>=2.3.4
+BUILDLINK_API_DEPENDS.talloc+= talloc>=2.4.0
 .include "../../devel/talloc/buildlink3.mk"
 .include "../../devel/tevent/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"

Index: pkgsrc/net/samba4/PLIST
diff -u pkgsrc/net/samba4/PLIST:1.51 pkgsrc/net/samba4/PLIST:1.51.4.1
--- pkgsrc/net/samba4/PLIST:1.51        Sat Apr 29 08:01:06 2023
+++ pkgsrc/net/samba4/PLIST     Thu Oct 12 15:59:15 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.51 2023/04/29 08:01:06 wiz Exp $
+@comment $NetBSD: PLIST,v 1.51.4.1 2023/10/12 15:59:15 bsiegert Exp $
 bin/cifsdd
 bin/dbwrap_tool
 bin/dumpmscat
@@ -874,7 +874,6 @@ libexec/samba/rpcd_epmapper
 libexec/samba/rpcd_fsrvp
 libexec/samba/rpcd_lsad
 libexec/samba/rpcd_mdssvc
-libexec/samba/rpcd_rpcecho
 libexec/samba/rpcd_spoolss
 libexec/samba/rpcd_winreg
 libexec/samba/samba-bgqd

Index: pkgsrc/net/samba4/distinfo
diff -u pkgsrc/net/samba4/distinfo:1.96 pkgsrc/net/samba4/distinfo:1.96.2.1
--- pkgsrc/net/samba4/distinfo:1.96     Tue Aug 29 14:50:41 2023
+++ pkgsrc/net/samba4/distinfo  Thu Oct 12 15:59:15 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.96 2023/08/29 14:50:41 taca Exp $
+$NetBSD: distinfo,v 1.96.2.1 2023/10/12 15:59:15 bsiegert Exp $
 
-BLAKE2s (samba-4.18.6.tar.gz) = 1ac1ece98abb2500ceeae06989d5f7a58680ea320a8cbf36c095ee3620215122
-SHA512 (samba-4.18.6.tar.gz) = 28e8e4e57db1f392dfe96387888e2771e08f1f8eedf860f688ea3b8bd2cee1d6bbe99b2e61c84dc9ed6ade6393baf629955bed93d6cdad5241a292a10d8a12b6
-Size (samba-4.18.6.tar.gz) = 41323359 bytes
+BLAKE2s (samba-4.18.8.tar.gz) = 29c777cfe80f360809ee6a3d62aa6729890f581ac0e5be632a930891a4133333
+SHA512 (samba-4.18.8.tar.gz) = 2924c360f6299129527457547b13c1b282e2907a0ecde1036dbca894c752935d693914b4846a9eab436b33798c53c9974692e51fd071301b1174598be944a246
+Size (samba-4.18.8.tar.gz) = 41335959 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7