CVS commit: pkgsrc/net/samba4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/samba4
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Wed, 27 May 2026 06:06:20 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed May 27 06:06:20 UTC 2026

Modified Files:
        pkgsrc/net/samba4: Makefile distinfo

Log Message:
samba4: updated to 4.24.3

4.24.3

This is a security release in order to address the following defects:

o CVE-2026-1933:   Missing access checks on reparse point operations

                   On a share marked "read only = yes" and
                   on file handles opened R/O users can set
                   or delete the reparse point xattrs on files
                   that the user has write-access in the file
                   system for.

                   https://www.samba.org/samba/security/CVE-2026-1933.html

o CVE-2026-2340:   WORM vfs module does not block overwrites

                   The WORM (Write-Once, Read Many) vfs module
                   is supposed to lock write access to shared
                   files, so they cannot be altered after initial
                   writes. It was allowing files to be overwritten
                   by renaming a newly created file over a protected
                   file.

                   https://www.samba.org/samba/security/CVE-2026-2340.html

o CVE-2026-3012:   auto-enrolment GPO installing CA certificate over http
                   without verification

                   To bootstrap a certificate chain a domain member must
                   fetch a certificate without TLS. It was trusting HTTP
                   for this when a more secure encrypted LDAP channel
                   was also available.

                   https://www.samba.org/samba/security/CVE-2026-3012.html

o CVE-2026-3238:   Denial of service against AD DC WINS server

                   The WINS server component of the Active
                   Directory Domain controller code in Samba
                   is vulnerable to a NULL pointer dereference
                   and crash caused by a unauthenticated UDP
                   packet.

                   https://www.samba.org/samba/security/CVE-2026-3238.html

o CVE-2026-4408:   Unauthenticated Remote Code Execution in Samba DCE/RPC SAMR
                   server

                   Samba file servers and classic (non-AD) domain controllers
                   with samba-dcerpcd started as a system service and with a
                   "check password script" that has the %u substitution
                   character are vulnerable to a remote code execution.

                   https://www.samba.org/samba/security/CVE-2026-4408.html

o CVE-2026-4480:   Unauthenticated Remote Code Execution in Samba printing
                   subsystem

                   Samba print servers with a "print command"
                   that has the %J substitution character
                   are vulnerable to a Remote Code Execution.

                   https://www.samba.org/samba/security/CVE-2026-4480.html


To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.125 -r1.126 pkgsrc/net/samba4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/samba4/Makefile
diff -u pkgsrc/net/samba4/Makefile:1.216 pkgsrc/net/samba4/Makefile:1.217
--- pkgsrc/net/samba4/Makefile:1.216    Thu May 14 16:41:51 2026
+++ pkgsrc/net/samba4/Makefile  Wed May 27 06:06:20 2026
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.216 2026/05/14 16:41:51 ryoon Exp $
+# $NetBSD: Makefile,v 1.217 2026/05/27 06:06:20 adam Exp $
 
 # XXX: Fails to build when mit-krb5 is installed.
-DISTNAME=      samba-4.24.2
-PKGREVISION=   1
+DISTNAME=      samba-4.24.3
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 

Index: pkgsrc/net/samba4/distinfo
diff -u pkgsrc/net/samba4/distinfo:1.125 pkgsrc/net/samba4/distinfo:1.126
--- pkgsrc/net/samba4/distinfo:1.125    Wed May 13 09:29:20 2026
+++ pkgsrc/net/samba4/distinfo  Wed May 27 06:06:20 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.125 2026/05/13 09:29:20 adam Exp $
+$NetBSD: distinfo,v 1.126 2026/05/27 06:06:20 adam Exp $
 
-BLAKE2s (samba-4.24.2.tar.gz) = 1aa6813b03c518cadd7a70ada9d495507441271e88a39d4c4774120d51394ce5
-SHA512 (samba-4.24.2.tar.gz) = 54f65c200815f7f05eca5ee1e69e554acd93be912913d5e8fde1f8ed9b1b809dad4b47559053e4ce9780f271cf61b0abc3a25dce331ca237730574417cf5c5e7
-Size (samba-4.24.2.tar.gz) = 43409510 bytes
+BLAKE2s (samba-4.24.3.tar.gz) = 41e24d03c7d01d9ed00d99efd6d51c5c161bc148e0bd0ce8e14e5f5e1083bb68
+SHA512 (samba-4.24.3.tar.gz) = 769445f861bfd978bc8eccc53135c03d94b5e2b402f45df8c3ae202999d6f8e35a2a78bb4bada34f09cf177cfe8be4013ffd6da8d311cf6a7ff2a4a8222c6b4f
+Size (samba-4.24.3.tar.gz) = 43446520 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = b9015694b80c0e6382d75c806fd6e0eb92e5f998

Prev by Date: CVS commit: pkgsrc/devel/py-urwid
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/py-urwid
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index