webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e9062718d1247375422920a7d69ca8fd00b8b949
bpfire/lfs/samba
Adolf Belka 28c939b78f samba: Update to version 4.17.3 
- Update from version 4.17.0 to 4.17.3
- Update of rootfile (x86_64) - other architectures will need to be adjusted.
- Changelog
    Release Notes for Samba 4.17.3
	This is a security release in order to address the following defects:
	o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
	                  integer overflows when parsing a PAC on a 32-bit system, which
	                  allowed an attacker with a forged PAC to corrupt the heap.
	                  https://www.samba.org/samba/security/CVE-2022-42898.html
	o  Joseph Sutton <josephsutton@catalyst.net.nz>
	   * BUG 15203: CVE-2022-42898
	o  Nicolas Williams <nico@twosigma.com>
	   * BUG 15203: CVE-2022-42898
    Release Notes for Samba 4.17.2
	This is a security release in order to address the following defects:
	o CVE-2022-3437:  There is a limited write heap buffer overflow in the GSSAPI
	                  unwrap_des() and unwrap_des3() routines of Heimdal (included
	                  in Samba).
	                  https://www.samba.org/samba/security/CVE-2022-3437.html
	o CVE-2022-3592:  A malicious client can use a symlink to escape the exported
	                  directory.
	                  https://www.samba.org/samba/security/CVE-2022-3592.html
	o  Volker Lendecke <vl@samba.org>
	   * BUG 15207: CVE-2022-3592.
	o  Joseph Sutton <josephsutton@catalyst.net.nz>
	   * BUG 15134: CVE-2022-3437.
    Release Notes for Samba 4.17.1
	o  Jeremy Allison <jra@samba.org>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	   * BUG 15174: smbXsrv_connection_shutdown_send result leaked.
	   * BUG 15182: Flush on a named stream never completes.
	   * BUG 15195: Permission denied calling SMBC_getatr when file not exists.
	o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
	     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
	   * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
	o  Andrew Bartlett <abartlet@samba.org>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
	     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
	o  Ralph Boehme <slow@samba.org>
	   * BUG 15182: Flush on a named stream never completes.
	o  Volker Lendecke <vl@samba.org>
	   * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
	o  Gary Lockyer <gary@catalyst.net.nz>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.
	o  Stefan Metzmacher <metze@samba.org>
	   * BUG 15200: multi-channel socket passing may hit a race if one of the
	     involved processes already existed.
	   * BUG 15201: memory leak on temporary of struct imessaging_post_state and
	     struct tevent_immediate on struct imessaging_context (in
	     rpcd_spoolss and maybe others).
	o  Noel Power <noel.power@suse.com>
	   * BUG 15205: Since popt1.19 various use after free errors using result of
	     poptGetArg are now exposed.
	o  Anoop C S <anoopcs@samba.org>
	   * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
	     vfs_glusterfs.
	o  Andreas Schneider <asn@samba.org>
	   * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
	o  Joseph Sutton <josephsutton@catalyst.net.nz>
	   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
	     atomically.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
2022-11-29 13:42:21 +01:00

128 lines
4.6 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 4.17.3
SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
PAK_VER = 89
DEPS = avahi cups libtirpc perl-Parse-Yapp perl-JSON
SERVICES = samba
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = dfd8e09914aa3f7188e8672ea06aa0409b48931bad9e56e2b54af3145c1df1285ba71d2f6b166a84aaa27a539d8a1de30c9418b337d56b4ae8470ecfb6f44f01
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--libdir=/usr/lib/ \
--sysconfdir=/var/ipfire \
--localstatedir=/var \
--without-ad-dc \
--with-cachedir=/var/lib/samba \
--with-lockdir=/var/lib/samba \
--with-piddir=/var/run \
--with-ads \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--enable-avahi \
--enable-cups \
--enable-fhs \
--with-syslog
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
-mkdir -p /var/ipfire/samba
cd $(DIR_APP)/source3 && install -v -m644 ../examples/smb.conf.default /var/ipfire/samba
cp -vrf $(DIR_SRC)/config/samba/* /var/ipfire/samba/
chown nobody:nobody -R /var/ipfire/samba/
cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf
rm -rf /var/lib/samba/private
ln -s /var/ipfire/samba/private /var/lib/samba/private
install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba
-mkdir -p /var/lib/samba/winbindd_privileged
chmod 750 /var/lib/samba/winbindd_privileged
chgrp wbpriv /var/lib/samba/winbindd_privileged
# Create spool directory for print jobs
mkdir -p /var/spool/samba
chmod -v 1777 /var/spool/samba/
# Install password change helper script
install -m 755 $(DIR_SRC)/config/samba/samba-change-password /usr/sbin/samba-change-password
#install initscripts
$(call INSTALL_INITSCRIPTS,$(SERVICES))
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink