Reviewed-by: Adolf Belka On 19/10/2023 19:03, Matthias Fischer wrote: > For details see: > > v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html > " > ============================== > Release Notes for Samba 4.19.1 > October 10, 2023 > ============================== > > This is a security release in order to address the following defects: > > o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to > existing unix domain sockets on the file system. > https://www.samba.org/samba/security/CVE-2023-3961.html > > o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with > OVERWRITE disposition when using the acl_xattr Samba VFS > module with the smb.conf setting > "acl_xattr:ignore system acls = yes" > https://www.samba.org/samba/security/CVE-2023-4091.html > > o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all > attributes, including secrets and passwords. Additionally, > the access check fails open on error conditions. > https://www.samba.org/samba/security/CVE-2023-4154.html > > o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the > server block for a user-defined amount of time, denying > service. > https://www.samba.org/samba/security/CVE-2023-42669.html > > o CVE-2023-42670: Samba can be made to start multiple incompatible RPC > listeners, disrupting service on the AD DC. > https://www.samba.org/samba/security/CVE-2023-42670.html" > > v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html > "Changes since 4.19.1 > -------------------- > > o Jeremy Allison > * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown > after failed IPC FSCTL_PIPE_TRANSCEIVE. > * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown() > call. > > o Ralph Boehme > * BUG 15463: macOS mdfind returns only 50 results. > > o Volker Lendecke > * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with > previous cache entry value. > > o Stefan Metzmacher > * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, > impacts sendmail, zabbix, potentially more. > > o Martin Schwenke > * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs. > > o Joseph Sutton > * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the > Heimdal KDC in Samba 4.19 > * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is > in use." > > Signed-off-by: Matthias Fischer > --- > config/rootfiles/packages/x86_64/samba | 1 - > lfs/samba | 6 +++--- > 2 files changed, 3 insertions(+), 4 deletions(-) > > diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba > index 4e5cee3a8..7a44b9cdb 100644 > --- a/config/rootfiles/packages/x86_64/samba > +++ b/config/rootfiles/packages/x86_64/samba > @@ -923,7 +923,6 @@ usr/libexec/samba/rpcd_epmapper > usr/libexec/samba/rpcd_fsrvp > usr/libexec/samba/rpcd_lsad > usr/libexec/samba/rpcd_mdssvc > -usr/libexec/samba/rpcd_rpcecho > usr/libexec/samba/rpcd_spoolss > usr/libexec/samba/rpcd_winreg > usr/libexec/samba/samba-bgqd > diff --git a/lfs/samba b/lfs/samba > index 77bb569cd..2f2184ecc 100644 > --- a/lfs/samba > +++ b/lfs/samba > @@ -24,7 +24,7 @@ > > include Config > > -VER = 4.19.0 > +VER = 4.19.2 > SUMMARY = A SMB/CIFS File, Print, and Authentication Server > > THISAPP = samba-$(VER) > @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = samba > -PAK_VER = 96 > +PAK_VER = 97 > > DEPS = avahi cups perl-Parse-Yapp perl-JSON > > @@ -47,7 +47,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 4e0db41d7d06e195cee994c5ec02a37892c1a7dd99ea9defb845fe2fbf96446846c469007218b6b0d6077c0886f0d08b2a4376acba1ed455b641daacd9018f12 > +$(DL_FILE)_BLAKE2 = cb3747f1be6e712c6e68f3720e68aee7db2e4dcc48a9210d002337d6690ed8b027919f333dc4a7c1e74b716ebceeff1d8071463899513edfe51da967d71d8148 > > install : $(TARGET) > -- Sent from my laptop