mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-14 04:52:59 +02:00
05fb9ba088
- Update from version 4.18.4 to 4.18.5
- Update of rootfile not required
- Changelog
4.18.5
This is a security release in order to address the following defects:
o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
o Ralph Boehme <slow@samba.org>
* BUG 15072: CVE-2022-2127.
* BUG 15340: CVE-2023-34966.
* BUG 15341: CVE-2023-34967.
* BUG 15388: CVE-2023-34968.
* BUG 15397: CVE-2023-3347.
o Volker Lendecke <vl@samba.org>
* BUG 15072: CVE-2022-2127.
o Stefan Metzmacher <metze@samba.org>
* BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
129 lines
4.6 KiB
Plaintext
129 lines
4.6 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
VER = 4.18.5
|
|
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
|
|
|
|
THISAPP = samba-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
PROG = samba
|
|
PAK_VER = 95
|
|
|
|
DEPS = avahi cups perl-Parse-Yapp perl-JSON
|
|
|
|
SERVICES = samba
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_BLAKE2 = 24c625372c6e4f7f4393777991221f7a7ad25513717436491ea3238c8d588e738eb1a64791606f691b3608362b3f3741f390f08975b2b0578c497984a4d44392
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
b2 : $(subst %,%_BLAKE2,$(objects))
|
|
|
|
dist:
|
|
@$(PAK)
|
|
|
|
###############################################################################
|
|
# Downloading, checking, b2sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_BLAKE2,$(objects)) :
|
|
@$(B2SUM)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
|
|
cd $(DIR_APP) && ./configure \
|
|
--prefix=/usr \
|
|
--libdir=/usr/lib/ \
|
|
--sysconfdir=/var/ipfire \
|
|
--localstatedir=/var \
|
|
--without-ad-dc \
|
|
--with-cachedir=/var/lib/samba \
|
|
--with-lockdir=/var/lib/samba \
|
|
--with-piddir=/var/run \
|
|
--with-ads \
|
|
--with-acl-support \
|
|
--with-sendfile-support \
|
|
--with-winbind \
|
|
--enable-avahi \
|
|
--enable-cups \
|
|
--enable-fhs \
|
|
--with-syslog \
|
|
--without-smb1-server
|
|
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
|
|
cd $(DIR_APP) && make install
|
|
|
|
-mkdir -p /var/ipfire/samba
|
|
cd $(DIR_APP)/source3 && install -v -m644 ../examples/smb.conf.default /var/ipfire/samba
|
|
cp -vrf $(DIR_SRC)/config/samba/* /var/ipfire/samba/
|
|
chown nobody:nobody -R /var/ipfire/samba/
|
|
cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
|
|
rm -rf /var/lib/samba/private
|
|
ln -s /var/ipfire/samba/private /var/lib/samba/private
|
|
install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
|
|
|
|
-mkdir -p /var/lib/samba/winbindd_privileged
|
|
chmod 750 /var/lib/samba/winbindd_privileged
|
|
chgrp wbpriv /var/lib/samba/winbindd_privileged
|
|
|
|
# Create spool directory for print jobs
|
|
mkdir -p /var/spool/samba
|
|
chmod -v 1777 /var/spool/samba/
|
|
|
|
# Install password change helper script
|
|
install -m 755 $(DIR_SRC)/config/samba/samba-change-password /usr/sbin/samba-change-password
|
|
|
|
#install initscripts
|
|
$(call INSTALL_INITSCRIPTS,$(SERVICES))
|
|
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|