samba: Update to 4.19.2

For details see: v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html " ============================== Release Notes for Samba 4.19.1 October 10, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html o CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html" v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html "Changes since 4.19.1 -------------------- o Jeremy Allison <jra@samba.org> * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE. * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown() call. o Ralph Boehme <slow@samba.org> * BUG 15463: macOS mdfind returns only 50 results. o Volker Lendecke <vl@samba.org> * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value. o Stefan Metzmacher <metze@samba.org> * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more. o Martin Schwenke <mschwenke@ddn.com> * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19 * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is in use." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2023-10-19 19:03:24 +02:00
parent 37678a4f82
commit e1a68c27a0
2 changed files with 3 additions and 4 deletions
--- a/config/rootfiles/packages/x86_64/samba
+++ b/config/rootfiles/packages/x86_64/samba
@@ -923,7 +923,6 @@ usr/libexec/samba/rpcd_epmapper
 usr/libexec/samba/rpcd_fsrvp
 usr/libexec/samba/rpcd_lsad
 usr/libexec/samba/rpcd_mdssvc
-usr/libexec/samba/rpcd_rpcecho
 usr/libexec/samba/rpcd_spoolss
 usr/libexec/samba/rpcd_winreg
 usr/libexec/samba/samba-bgqd
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@

 include Config

-VER        = 4.19.0
+VER        = 4.19.2
 SUMMARY    = A SMB/CIFS File, Print, and Authentication Server

 THISAPP    = samba-$(VER)
@@ -33,7 +33,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 96
+PAK_VER    = 97

 DEPS       = avahi cups perl-Parse-Yapp perl-JSON

@@ -47,7 +47,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 4e0db41d7d06e195cee994c5ec02a37892c1a7dd99ea9defb845fe2fbf96446846c469007218b6b0d6077c0886f0d08b2a4376acba1ed455b641daacd9018f12
+$(DL_FILE)_BLAKE2 = cb3747f1be6e712c6e68f3720e68aee7db2e4dcc48a9210d002337d6690ed8b027919f333dc4a7c1e74b716ebceeff1d8071463899513edfe51da967d71d8148

 install : $(TARGET)