Accepting request 1043954 from home:scabrero:branches:network:samba:STABLE
- Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); OBS-URL: https://build.opensuse.org/request/show/1043954 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=674
This commit is contained in:
parent
4ebecf5ac8
commit
15e4a66aab
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:fb1c21abf0553f6cad87f38e1fb63a1d2f55ae41641358806d7714d74d9adfd5
|
|
||||||
size 34240839
|
|
3
samba-4.17.4+git.300.305b22bfce.tar.bz2
Normal file
3
samba-4.17.4+git.300.305b22bfce.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:651d971d759a6d7f82e05d82d4aa5797ef3aac49f70b3e697bfe23c6301f12a5
|
||||||
|
size 34349253
|
@ -1,3 +1,57 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 15 16:45:28 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
- Update to 4.17.4
|
||||||
|
* CVE-2022-44640 Upstream Heimdal free of user-controlled
|
||||||
|
pointer in FAST; (bsc#14929);
|
||||||
|
* CVE-2021-20251 Bad password count not incremented atomically;
|
||||||
|
(bsc#14611);
|
||||||
|
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
|
||||||
|
(bsc#15203);
|
||||||
|
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
|
||||||
|
modern servers; (bso#15237);
|
||||||
|
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
|
||||||
|
possible against Samba AD DC; (bso#15231);
|
||||||
|
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
|
||||||
|
and should be avoided; (bso#15240);
|
||||||
|
* pam_winbind uses time_t and pointers assuming they are of the
|
||||||
|
same size; (bso#15224);
|
||||||
|
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||||
|
(bso#15219);
|
||||||
|
* filter-subunit is inefficient with large numbers of
|
||||||
|
knownfails; (bso#15258);
|
||||||
|
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
|
||||||
|
(bso#15252);
|
||||||
|
* The KDC logic arround msDs-supportedEncryptionTypes differs
|
||||||
|
from Windows; (bso#13135);
|
||||||
|
* libnet: change_password() doesn't work with
|
||||||
|
dcerpc_samr_ChangePasswordUser4(); (bso#15206);
|
||||||
|
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||||
|
(bso#15219);
|
||||||
|
* Memory leak in snprintf replacement functions; (bso#15230);
|
||||||
|
* RODC doesn't reset badPwdCount reliable via an RWDC
|
||||||
|
(CVE-2021-20251 regression); (bso#15253);
|
||||||
|
* Prevent EBADF errors with vfs_glusterfs; (bso#15198);
|
||||||
|
* %U for include directive doesn't work for share listing
|
||||||
|
(netshareenum); (bso#15243);
|
||||||
|
* Stack smashing in net offlinejoin requestodj; (bso#15257);
|
||||||
|
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
|
||||||
|
(bso#15197);
|
||||||
|
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||||
|
(bso#15219);
|
||||||
|
- Remove deprecated if-{down,up} scripts; (bsc#1206444);
|
||||||
|
- Adjust the systemd drop-in file for named service; (bsc#1201689);
|
||||||
|
* Paths are additive so do not repeat paths from named.service
|
||||||
|
* Prefix the samba DLZ directory with "-" to ignore this path
|
||||||
|
if it does not exists
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 12 08:56:12 UTC 2022 - Stefan Schubert <schubi@suse.com>
|
||||||
|
|
||||||
|
- Migration PAM settings to /usr/etc: Saving user changed
|
||||||
|
configuration files in /etc and restoring them while an RPM
|
||||||
|
update.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
|
Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
|
||||||
|
|
||||||
@ -6,8 +60,9 @@ Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 15 17:14:58 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
|
Tue Nov 15 17:14:58 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
|
- Update to 4.17.3
|
||||||
systems; (bsc#1205126); (bso#15203);
|
* CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
|
||||||
|
systems; (bsc#1205126); (bso#15203);
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
Tue Nov 8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
||||||
|
38
samba.spec
38
samba.spec
@ -22,7 +22,11 @@
|
|||||||
%{!?_fillupdir:%global _fillupdir /var/adm/fillup-templates}
|
%{!?_fillupdir:%global _fillupdir /var/adm/fillup-templates}
|
||||||
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
|
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
|
||||||
%{!?_pam_moduledir:%global _pam_moduledir /%{_lib}/security}
|
%{!?_pam_moduledir:%global _pam_moduledir /%{_lib}/security}
|
||||||
|
%if 0%{?suse_version} > 1500
|
||||||
|
%global _pam_confdir %{_distconfdir}/pam.d
|
||||||
|
%else
|
||||||
%{!?_pam_confdir:%global _pam_confdir %{_sysconfdir}/pam.d}
|
%{!?_pam_confdir:%global _pam_confdir %{_sysconfdir}/pam.d}
|
||||||
|
%endif
|
||||||
%{!?_pam_secconfdir:%global _pam_secconfdir %{_sysconfdir}/security}
|
%{!?_pam_secconfdir:%global _pam_secconfdir %{_sysconfdir}/security}
|
||||||
|
|
||||||
%define with_mscat 1
|
%define with_mscat 1
|
||||||
@ -148,7 +152,7 @@ BuildRequires: liburing-devel
|
|||||||
%endif
|
%endif
|
||||||
BuildRequires: sysuser-tools
|
BuildRequires: sysuser-tools
|
||||||
|
|
||||||
Version: 4.17.3+git.283.2157972742b
|
Version: 4.17.4+git.300.305b22bfce
|
||||||
Release: 0
|
Release: 0
|
||||||
URL: https://www.samba.org/
|
URL: https://www.samba.org/
|
||||||
Obsoletes: samba-32bit < %{version}
|
Obsoletes: samba-32bit < %{version}
|
||||||
@ -181,7 +185,6 @@ Provides: group(ntadmin)
|
|||||||
%define CONFIGDIR %{_sysconfdir}/samba
|
%define CONFIGDIR %{_sysconfdir}/samba
|
||||||
%define INITDIR %{_sysconfdir}/init.d
|
%define INITDIR %{_sysconfdir}/init.d
|
||||||
%define PIDDIR /run/samba
|
%define PIDDIR /run/samba
|
||||||
%define NET_CFGDIR network
|
|
||||||
%define auth_modules auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
|
%define auth_modules auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
|
||||||
%define idmap_modules idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_rfc2307,idmap_rid,idmap_tdb2
|
%define idmap_modules idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_rfc2307,idmap_rid,idmap_tdb2
|
||||||
%define pdb_modules pdb_tdbsam,pdb_ldapsam,pdb_smbpasswd,pdb_samba_dsdb
|
%define pdb_modules pdb_tdbsam,pdb_ldapsam,pdb_smbpasswd,pdb_samba_dsdb
|
||||||
@ -711,7 +714,6 @@ install -d -m 0755 -p \
|
|||||||
%{buildroot}/%_pam_confdir \
|
%{buildroot}/%_pam_confdir \
|
||||||
%{buildroot}/%{_sysconfdir}/{xinetd.d,logrotate.d} \
|
%{buildroot}/%{_sysconfdir}/{xinetd.d,logrotate.d} \
|
||||||
%{buildroot}/%{_sysconfdir}/openldap/schema \
|
%{buildroot}/%{_sysconfdir}/openldap/schema \
|
||||||
%{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/{if-{down,up}.d,scripts} \
|
|
||||||
%{buildroot}/%{_sysconfdir}/security \
|
%{buildroot}/%{_sysconfdir}/security \
|
||||||
%{buildroot}/%{_sysconfdir}/slp.reg.d \
|
%{buildroot}/%{_sysconfdir}/slp.reg.d \
|
||||||
%{buildroot}/%{CONFIGDIR} \
|
%{buildroot}/%{CONFIGDIR} \
|
||||||
@ -826,18 +828,6 @@ install -m 0644 config/samba.pamd-common %{buildroot}/%_pam_confdir/samba
|
|||||||
install -m 0644 config/dhcp.conf %{buildroot}/%{_fillupdir}/samba-client-dhcp.conf
|
install -m 0644 config/dhcp.conf %{buildroot}/%{_fillupdir}/samba-client-dhcp.conf
|
||||||
install -m 0644 config/sysconfig.dhcp-samba-client %{buildroot}/%{_fillupdir}/sysconfig.dhcp-samba-client
|
install -m 0644 config/sysconfig.dhcp-samba-client %{buildroot}/%{_fillupdir}/sysconfig.dhcp-samba-client
|
||||||
|
|
||||||
# Network scripts
|
|
||||||
NETWORK_SCRIPTS="samba-winbindd"
|
|
||||||
for script in ${NETWORK_SCRIPTS}; do
|
|
||||||
install -m 0755 "tools/${script}" "%{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/${script}"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Create ghosts for the symlinks
|
|
||||||
NETWORK_LINKS="55-samba-winbindd"
|
|
||||||
for script in ${NETWORK_LINKS}; do
|
|
||||||
touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script}
|
|
||||||
done
|
|
||||||
|
|
||||||
# Add logrotate settings for nmbd and smbd only on systems newer than 8.1.
|
# Add logrotate settings for nmbd and smbd only on systems newer than 8.1.
|
||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
|
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
|
||||||
@ -937,7 +927,7 @@ install -m 0644 examples/LDAP/samba-nds.schema %{buildroot}/%{_datadir}/samba/LD
|
|||||||
%service_add_pre nmb.service smb.service
|
%service_add_pre nmb.service smb.service
|
||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
# Prepare for migration to /usr/etc; save any old .rpmsave
|
# Prepare for migration to /usr/etc; save any old .rpmsave
|
||||||
for i in logrotate.d/samba ; do
|
for i in logrotate.d/samba pam.d/samba; do
|
||||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
||||||
done
|
done
|
||||||
%endif
|
%endif
|
||||||
@ -945,7 +935,7 @@ done
|
|||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
%posttrans
|
%posttrans
|
||||||
# Migration to /usr/etc, restore just created .rpmsave
|
# Migration to /usr/etc, restore just created .rpmsave
|
||||||
for i in logrotate.d/samba ; do
|
for i in logrotate.d/samba pam.d/samba; do
|
||||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
||||||
done
|
done
|
||||||
%endif
|
%endif
|
||||||
@ -1058,17 +1048,6 @@ done
|
|||||||
|
|
||||||
%post winbind
|
%post winbind
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
if test ${1:-0} -eq 1; then
|
|
||||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
|
|
||||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
|
|
||||||
else
|
|
||||||
for if_case in if-down.d if-up.d; do
|
|
||||||
test -h %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd || \
|
|
||||||
continue
|
|
||||||
rm -f %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd
|
|
||||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/55-samba-winbindd
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
%service_add_post winbind.service
|
%service_add_post winbind.service
|
||||||
%tmpfiles_create samba.conf
|
%tmpfiles_create samba.conf
|
||||||
%{fillup_only -ans samba winbind}
|
%{fillup_only -ans samba winbind}
|
||||||
@ -1618,9 +1597,6 @@ exit 0
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%config(noreplace) %_pam_secconfdir/pam_winbind.conf
|
%config(noreplace) %_pam_secconfdir/pam_winbind.conf
|
||||||
%{_unitdir}/winbind.service
|
%{_unitdir}/winbind.service
|
||||||
%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
|
|
||||||
%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
|
|
||||||
%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd
|
|
||||||
%{_sysusersdir}/samba-winbind.conf
|
%{_sysusersdir}/samba-winbind.conf
|
||||||
%{_bindir}/ntlm_auth
|
%{_bindir}/ntlm_auth
|
||||||
%{_bindir}/wbinfo
|
%{_bindir}/wbinfo
|
||||||
|
Loading…
Reference in New Issue
Block a user