diff options
| author | taca <taca@pkgsrc.org> | 2013-01-30 11:42:54 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2013-01-30 11:42:54 +0000 |
| commit | 4cd9d72c398a292365acc7b9aa935cb3672c2920 (patch) | |
| tree | 7c4c56d5d7e84f86d982d062adfbf72acea3fa6a /net/samba | |
| parent | 38d04248282e8fafe1ee1a4cfc7a5e9829764ffd (diff) | |
| download | pkgsrc-4cd9d72c398a292365acc7b9aa935cb3672c2920.tar.gz | |
Update samba to 3.6.12.
==============================
Release Notes for Samba 3.6.12
January 30, 2013
==============================
This is a security release in order to address
CVE-2013-0213 (Clickjacking issue in SWAT) and
CVE-2013-0214 (Potential XSRF in SWAT).
o CVE-2013-0213:
All current released versions of Samba are vulnerable to clickjacking in the
Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into
a malicious web page via a frame or iframe and then overlaid by other content,
an attacker could trick an administrator to potentially change Samba settings.
In order to be vulnerable, SWAT must have been installed and enabled
either as a standalone server launched from inetd or xinetd, or as a
CGI plugin to Apache. If SWAT has not been installed or enabled (which
is the default install state for Samba) this advisory can be ignored.
o CVE-2013-0214:
All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By guessing a
user's password and then tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is possible to manipulate
SWAT.
In order to be vulnerable, the attacker needs to know the victim's password.
Additionally SWAT must have been installed and enabled either as a standalone
server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has
not been installed or enabled (which is the default install state for Samba)
this advisory can be ignored.
Changes since 3.6.11:
--------------------
o Kai Blin <kai@samba.org>
* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT.
* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT.
Diffstat (limited to 'net/samba')
| -rw-r--r-- | net/samba/Makefile | 9 | ||||
| -rw-r--r-- | net/samba/distinfo | 8 |
2 files changed, 8 insertions, 9 deletions
diff --git a/net/samba/Makefile b/net/samba/Makefile index 5b3f37e7f67..2b7e0ef7f5b 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,9 +1,6 @@ -# $NetBSD: Makefile,v 1.227 2013/01/26 21:38:37 adam Exp $ - -.include "../../net/samba/Makefile.mirrors" +# $NetBSD: Makefile,v 1.228 2013/01/30 11:42:54 taca Exp $ DISTNAME= samba-${VERSION} -PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ${SAMBA_MIRRORS:=stable/} @@ -12,7 +9,7 @@ HOMEPAGE= http://www.samba.org/ COMMENT= SMB/CIFS protocol server suite LICENSE= gnu-gpl-v3 -VERSION= 3.6.10 +VERSION= 3.6.12 CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* FILESDIR= ${PKGDIR}/../../net/samba/files @@ -155,6 +152,8 @@ post-install: ${DESTDIR}${PREFIX}/${EGDIR} ${CHMOD} ${SHAREMODE} ${DESTDIR}${PREFIX}/include/*.h +.include "../../net/samba/Makefile.mirrors" + .if ${OPSYS} == "Linux" .include "../../devel/libuuid/buildlink3.mk" .endif diff --git a/net/samba/distinfo b/net/samba/distinfo index 3527a5bc857..47673e7442e 100644 --- a/net/samba/distinfo +++ b/net/samba/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.87 2012/12/14 07:39:34 adam Exp $ +$NetBSD: distinfo,v 1.88 2013/01/30 11:42:54 taca Exp $ -SHA1 (samba-3.6.10.tar.gz) = da22200c30bf156843db121e8ee323fac3fafc10 -RMD160 (samba-3.6.10.tar.gz) = 072d56d4b72dda40492614df4766796792971fb2 -Size (samba-3.6.10.tar.gz) = 34076720 bytes +SHA1 (samba-3.6.12.tar.gz) = e32ed81bbfaf71a6f7fcc7e1fc7a7a49b41f8bd8 +RMD160 (samba-3.6.12.tar.gz) = f7f95d1a0a22861f393c4e9059c756a14795dad5 +Size (samba-3.6.12.tar.gz) = 34073788 bytes SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e SHA1 (patch-ab) = 0372ff2e3caca866dacd6ed25ae1d02e34a5b567 SHA1 (patch-ac) = 5b1c0fdb781cb75f81af71ed2695144d4a35e032 |