webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
bbd49cbcca5cd025da2ffc082be8db63cf222184
bpfire/lfs/samba
Matthias Fischer e1a68c27a0 samba: Update to 4.19.2 
For details see:

v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html
"
                  ==============================
                  Release Notes for Samba 4.19.1
                  October 10, 2023
                  ==============================

This is a security release in order to address the following defects:

o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                  existing unix domain sockets on the file system.
                  https://www.samba.org/samba/security/CVE-2023-3961.html

o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                  OVERWRITE disposition when using the acl_xattr Samba VFS
                  module with the smb.conf setting
                  "acl_xattr:ignore system acls = yes"
                  https://www.samba.org/samba/security/CVE-2023-4091.html

o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                  attributes, including secrets and passwords.  Additionally,
                  the access check fails open on error conditions.
                  https://www.samba.org/samba/security/CVE-2023-4154.html

o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                  server block for a user-defined amount of time, denying
                  service.
                  https://www.samba.org/samba/security/CVE-2023-42669.html

o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                  listeners, disrupting service on the AD DC.
                  https://www.samba.org/samba/security/CVE-2023-42670.html"

v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html
"Changes since 4.19.1
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
     after failed IPC FSCTL_PIPE_TRANSCEIVE.
   * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
     call.

o  Ralph Boehme <slow@samba.org>
   * BUG 15463: macOS mdfind returns only 50 results.

o  Volker Lendecke <vl@samba.org>
   * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
     previous cache entry value.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
     impacts sendmail, zabbix, potentially more.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
     Heimdal KDC in Samba 4.19
   * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
     in use."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2023-10-20 08:41:59 +00:00

129 lines
4.6 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 4.19.2
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
PAK_VER = 97
DEPS = avahi cups perl-Parse-Yapp perl-JSON
SERVICES = samba
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = cb3747f1be6e712c6e68f3720e68aee7db2e4dcc48a9210d002337d6690ed8b027919f333dc4a7c1e74b716ebceeff1d8071463899513edfe51da967d71d8148
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--libdir=/usr/lib/ \
--sysconfdir=/var/ipfire \
--localstatedir=/var \
--without-ad-dc \
--with-cachedir=/var/lib/samba \
--with-lockdir=/var/lib/samba \
--with-piddir=/var/run \
--with-ads \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--enable-avahi \
--enable-cups \
--enable-fhs \
--with-syslog \
--without-smb1-server
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
-mkdir -p /var/ipfire/samba
cd $(DIR_APP)/source3 && install -v -m644 ../examples/smb.conf.default /var/ipfire/samba
cp -vrf $(DIR_SRC)/config/samba/* /var/ipfire/samba/
chown nobody:nobody -R /var/ipfire/samba/
cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
rm -rf /var/lib/samba/private
ln -s /var/ipfire/samba/private /var/lib/samba/private
install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
-mkdir -p /var/lib/samba/winbindd_privileged
chmod 750 /var/lib/samba/winbindd_privileged
chgrp wbpriv /var/lib/samba/winbindd_privileged
# Create spool directory for print jobs
mkdir -p /var/spool/samba
chmod -v 1777 /var/spool/samba/
# Install password change helper script
install -m 755 $(DIR_SRC)/config/samba/samba-change-password /usr/sbin/samba-change-password
#install initscripts
$(call INSTALL_INITSCRIPTS,$(SERVICES))
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink