From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] samba: Update to version 4.17.3
Date: Mon, 28 Nov 2022 14:23:49 +0100
Message-ID: <20221128132349.1572581-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1244476071706897284=="
List-Id: <development.lists.ipfire.org>

--===============1244476071706897284==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Update from version 4.17.0 to 4.17.3
- Update of rootfile (x86_64) - other architectures will need to be adjusted.
- Changelog
    Release Notes for Samba 4.17.3
	This is a security release in order to address the following defects:
	o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard again=
st
	                  integer overflows when parsing a PAC on a 32-bit system, w=
hich
	                  allowed an attacker with a forged PAC to corrupt the heap.
	                  https://www.samba.org/samba/security/CVE-2022-42898.html
	o  Joseph Sutton <josephsutton(a)catalyst.net.nz>
	   * BUG 15203: CVE-2022-42898
	o  Nicolas Williams <nico(a)twosigma.com>
	   * BUG 15203: CVE-2022-42898
    Release Notes for Samba 4.17.2
	This is a security release in order to address the following defects:
	o CVE-2022-3437:  There is a limited write heap buffer overflow in the GSSAPI
	                  unwrap_des() and unwrap_des3() routines of Heimdal (includ=
ed
	                  in Samba).
	                  https://www.samba.org/samba/security/CVE-2022-3437.html
	o CVE-2022-3592:  A malicious client can use a symlink to escape the exported
	                  directory.
	                  https://www.samba.org/samba/security/CVE-2022-3592.html
	o  Volker Lendecke <vl(a)samba.org>
	   * BUG 15207: CVE-2022-3592.
	o  Joseph Sutton <josephsutton(a)catalyst.net.nz>
	   * BUG 15134: CVE-2022-3437.
    Release Notes for Samba 4.17.1
	o  Jeremy Allison <jra(a)samba.org>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	   * BUG 15174: smbXsrv_connection_shutdown_send result leaked.
	   * BUG 15182: Flush on a named stream never completes.
	   * BUG 15195: Permission denied calling SMBC_getatr when file not exists.
	o  Douglas Bagnall <douglas.bagnall(a)catalyst.net.nz>
	   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
	     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
	   * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
	o  Andrew Bartlett <abartlet(a)samba.org>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
	     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
	o  Ralph Boehme <slow(a)samba.org>
	   * BUG 15182: Flush on a named stream never completes.
	o  Volker Lendecke <vl(a)samba.org>
	   * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
	o  Gary Lockyer <gary(a)catalyst.net.nz>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	o  Stefan Metzmacher <metze(a)samba.org>
	   * BUG 15200: multi-channel socket passing may hit a race if one of the
	     involved processes already existed.
	   * BUG 15201: memory leak on temporary of struct imessaging_post_state and
	     struct tevent_immediate on struct imessaging_context (in
	     rpcd_spoolss and maybe others).
	o  Noel Power <noel.power(a)suse.com>
	   * BUG 15205: Since popt1.19 various use after free errors using result of
	     poptGetArg are now exposed.
	o  Anoop C S <anoopcs(a)samba.org>
	   * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
	     vfs_glusterfs.
	o  Andreas Schneider <asn(a)samba.org>
	   * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM au=
th.
	o  Joseph Sutton <josephsutton(a)catalyst.net.nz>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/rootfiles/packages/x86_64/samba | 1 +
 lfs/samba                              | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packag=
es/x86_64/samba
index 2d8f0ae0d..e360fa494 100644
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -514,6 +514,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tests.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_tgs_tests.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/kpasswd_tests.py
+#usr/lib/python3.10/site-packages/samba/tests/krb5/lockout_tests.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/ms_kile_client_principal_=
lookup_tests.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/nt_hash_tests.py
 #usr/lib/python3.10/site-packages/samba/tests/krb5/pac_align_tests.py
diff --git a/lfs/samba b/lfs/samba
index f743bfa30..ee1d2be94 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 4.17.0
+VER        =3D 4.17.3
 SUMMARY    =3D A SMB/CIFS File, Print, and Authentication Server
=20
 THISAPP    =3D samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D samba
-PAK_VER    =3D 88
+PAK_VER    =3D 89
=20
 DEPS       =3D avahi cups libtirpc perl-Parse-Yapp perl-JSON
=20
@@ -47,7 +47,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D d05b17748092bc151b0b627156b1da4a8b30b603569adcef376640=
745425321617a755add41315af0b38876344323a20185063e131c342c9b6fdcb9542be73f1
+$(DL_FILE)_BLAKE2 =3D dfd8e09914aa3f7188e8672ea06aa0409b48931bad9e56e2b54af3=
145c1df1285ba71d2f6b166a84aaa27a539d8a1de30c9418b337d56b4ae8470ecfb6f44f01
=20
 install : $(TARGET)
=20
--=20
2.38.1


--===============1244476071706897284==--