pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/samba4 net/samba4: update to 4.6.8, security fix



details:   https://anonhg.NetBSD.org/pkgsrc/rev/af452c27ed20
branches:  trunk
changeset: 368893:af452c27ed20
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed Sep 20 15:14:30 2017 +0000

description:
net/samba4: update to 4.6.8, security fix


                   =============================
                   Release Notes for Samba 4.6.8
                         September 20, 2017
                   =============================


This is a security release in order to address the following defects:

o  CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
   should)
o  CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o  CVE-2017-12163 (Server memory information leak over SMB1)


=======
Details
=======

o  CVE-2017-12150:
   A man in the middle attack may hijack client connections.

o  CVE-2017-12151:
   A man in the middle attack can read and may alter confidential
   documents transferred via a client connection, which are reached
   via DFS redirect when the original connection used SMB3.

o  CVE-2017-12163:
   Client with write access to a share can cause server memory contents to be
   written into a file or printer.

For more details and workarounds, please see the security advisories:

   o https://www.samba.org/samba/security/CVE-2017-12150.html
   o https://www.samba.org/samba/security/CVE-2017-12151.html
   o https://www.samba.org/samba/security/CVE-2017-12163.html


Changes since 4.6.7:
--------------------

o  Jeremy Allison <jra%samba.org@localhost>
   * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
     async.
   * BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
     writing server memory to file.

o  Ralph Boehme <slow%samba.org@localhost>
   * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
     directly.

o  Stefan Metzmacher <metze%samba.org@localhost>
   * BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
     redirects.
   * BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
     when they should.

diffstat:

 net/samba4/Makefile |   4 ++--
 net/samba4/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (36 lines):

diff -r 750e580089f5 -r af452c27ed20 net/samba4/Makefile
--- a/net/samba4/Makefile       Wed Sep 20 14:33:25 2017 +0000
+++ b/net/samba4/Makefile       Wed Sep 20 15:14:30 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.34 2017/09/18 06:41:46 taca Exp $
+# $NetBSD: Makefile,v 1.35 2017/09/20 15:14:30 taca Exp $
 
 DISTNAME=      samba-${VERSION}
 CATEGORIES=    net
@@ -11,7 +11,7 @@
 
 DEPENDS+=      ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
 
-VERSION=       4.6.7
+VERSION=       4.6.8
 CONFLICTS+=    ja-samba-[0-9]* tdb-[0-9]* winbind-[0-9]*
 
 BUILD_DEPENDS+=        ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
diff -r 750e580089f5 -r af452c27ed20 net/samba4/distinfo
--- a/net/samba4/distinfo       Wed Sep 20 14:33:25 2017 +0000
+++ b/net/samba4/distinfo       Wed Sep 20 15:14:30 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.15 2017/09/18 06:41:46 taca Exp $
+$NetBSD: distinfo,v 1.16 2017/09/20 15:14:30 taca Exp $
 
-SHA1 (samba-4.6.7.tar.gz) = 260053cf4b7b17607a8a94e8bf740979183efadd
-RMD160 (samba-4.6.7.tar.gz) = d755e6419a029dcf819ac12b4e6a8fe28da12b92
-SHA512 (samba-4.6.7.tar.gz) = 394c28204bae4134e6a9d2e5b8f087a425dc4ac4ceecd8b29315acff1a92349d40ef0b6a9cc34f5ad18ff5ec9979199837c87f687858cb4e6687968284303aa5
-Size (samba-4.6.7.tar.gz) = 21137329 bytes
+SHA1 (samba-4.6.8.tar.gz) = 744fa10e3ad8ea7219e51c27f3792d99e25782be
+RMD160 (samba-4.6.8.tar.gz) = 3ecde1cfe97ce50d4864bf5c8e732127f13468bb
+SHA512 (samba-4.6.8.tar.gz) = fb40144210361bdeab09007aa49fa85077fbc8eeae2c49bcdafb01d33ec40425160882979f0829005a89766ed4fd4e36d7f952f6dbf6e0178f5b0945dc8d8efb
+Size (samba-4.6.8.tar.gz) = 21139872 bytes
 SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5
 SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824
 SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18



Home | Main Index | Thread Index | Old Index