diff options
author | taca <taca@pkgsrc.org> | 2017-09-20 15:14:30 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2017-09-20 15:14:30 +0000 |
commit | d3854c3958d4665bdb0bafb0ab8a511ca2ab2cdc (patch) | |
tree | 2a1efff17799e01a6b803bb329ec073e904b1ff5 | |
parent | c004243ccd18f3d043fc947f8ff5d0b2d535b2c4 (diff) | |
download | pkgsrc-d3854c3958d4665bdb0bafb0ab8a511ca2ab2cdc.tar.gz |
net/samba4: update to 4.6.8, security fix
=============================
Release Notes for Samba 4.6.8
September 20, 2017
=============================
This is a security release in order to address the following defects:
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
=======
Details
=======
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-12150.html
o https://www.samba.org/samba/security/CVE-2017-12151.html
o https://www.samba.org/samba/security/CVE-2017-12163.html
Changes since 4.6.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
* BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.
o Stefan Metzmacher <metze@samba.org>
* BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects.
* BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
when they should.
-rw-r--r-- | net/samba4/Makefile | 4 | ||||
-rw-r--r-- | net/samba4/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/samba4/Makefile b/net/samba4/Makefile index 571e06511d6..622ea6059ec 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.34 2017/09/18 06:41:46 taca Exp $ +# $NetBSD: Makefile,v 1.35 2017/09/20 15:14:30 taca Exp $ DISTNAME= samba-${VERSION} CATEGORIES= net @@ -11,7 +11,7 @@ LICENSE= gnu-gpl-v3 DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat -VERSION= 4.6.7 +VERSION= 4.6.8 CONFLICTS+= ja-samba-[0-9]* tdb-[0-9]* winbind-[0-9]* BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat diff --git a/net/samba4/distinfo b/net/samba4/distinfo index 9a324a87d4f..83501704b60 100644 --- a/net/samba4/distinfo +++ b/net/samba4/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.15 2017/09/18 06:41:46 taca Exp $ +$NetBSD: distinfo,v 1.16 2017/09/20 15:14:30 taca Exp $ -SHA1 (samba-4.6.7.tar.gz) = 260053cf4b7b17607a8a94e8bf740979183efadd -RMD160 (samba-4.6.7.tar.gz) = d755e6419a029dcf819ac12b4e6a8fe28da12b92 -SHA512 (samba-4.6.7.tar.gz) = 394c28204bae4134e6a9d2e5b8f087a425dc4ac4ceecd8b29315acff1a92349d40ef0b6a9cc34f5ad18ff5ec9979199837c87f687858cb4e6687968284303aa5 -Size (samba-4.6.7.tar.gz) = 21137329 bytes +SHA1 (samba-4.6.8.tar.gz) = 744fa10e3ad8ea7219e51c27f3792d99e25782be +RMD160 (samba-4.6.8.tar.gz) = 3ecde1cfe97ce50d4864bf5c8e732127f13468bb +SHA512 (samba-4.6.8.tar.gz) = fb40144210361bdeab09007aa49fa85077fbc8eeae2c49bcdafb01d33ec40425160882979f0829005a89766ed4fd4e36d7f952f6dbf6e0178f5b0945dc8d8efb +Size (samba-4.6.8.tar.gz) = 21139872 bytes SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 |