All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit] package/samba4: security bump version to 4.11.13
@ 2020-09-20 13:06 Thomas Petazzoni
  0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2020-09-20 13:06 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=e56f54220ee14ccdbfdb60bf56e2a88b35877394
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Version 4.11.11 fixed
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
		  LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
		  excessive CPU
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
		  paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.

Version 4.11.12 was a bugfix-only release.

Version 4.11.13 fixes CVE-2020-1472.

Release notes:
https://www.samba.org/samba/history/samba-4.11.11.html
https://www.samba.org/samba/history/samba-4.11.12.html
https://www.samba.org/samba/security/CVE-2020-1472.html

Rebased patches 0001 & 0002.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/samba4/0001-libreplace-disable-libbsd-support.patch          | 4 ++--
 .../0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch  | 5 +++--
 package/samba4/samba4.hash                                           | 4 ++--
 package/samba4/samba4.mk                                             | 2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/package/samba4/0001-libreplace-disable-libbsd-support.patch b/package/samba4/0001-libreplace-disable-libbsd-support.patch
index a303fa6669..79216860dd 100644
--- a/package/samba4/0001-libreplace-disable-libbsd-support.patch
+++ b/package/samba4/0001-libreplace-disable-libbsd-support.patch
@@ -9,7 +9,7 @@ This causes redefinition conflicts for link(2) when both standard
 unistd.h and bsd/unistd.h get included.
 
 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-[Bernd: rebased for versions 4.7.3, 4.8.0 & 4.8.5]
+[Bernd: rebased for versions 4.7.3, 4.8.0, 4.8.5 & 4.11.13]
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 ---
  lib/replace/wscript | 15 ---------------
@@ -19,7 +19,7 @@ diff --git a/lib/replace/wscript b/lib/replace/wscript
 index 240d730cbee..c6d8df43c74 100644
 --- a/lib/replace/wscript
 +++ b/lib/replace/wscript
-@@ -381,21 +381,6 @@ def configure(conf):
+@@ -406,21 +406,6 @@ def configure(conf):
  
      strlcpy_in_bsd = False
  
diff --git a/package/samba4/0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch b/package/samba4/0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch
index 563b274d57..b8636958ee 100644
--- a/package/samba4/0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch
+++ b/package/samba4/0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch
@@ -33,6 +33,7 @@ BUG: https://bugzilla.samba.org/show_bug.cgi?id=14164
 
 Signed-off-by: Uri Simchoni <uri@samba.org>
 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+[Bernd: rebased for version 4.11.13]
 ---
  wscript_configure_embedded_heimdal | 11 +++++++++++
  wscript_configure_system_heimdal   | 11 -----------
@@ -59,7 +60,7 @@ diff --git a/wscript_configure_system_heimdal b/wscript_configure_system_heimdal
 index 0ff6dad2f55..f77c177442f 100644
 --- a/wscript_configure_system_heimdal
 +++ b/wscript_configure_system_heimdal
-@@ -36,14 +36,6 @@ def check_system_heimdal_lib(name, functions='', headers='', onlyif=None):
+@@ -37,14 +37,6 @@ def check_system_heimdal_lib(name, functions='', headers='', onlyif=None):
      conf.define('USING_SYSTEM_%s' % name.upper(), 1)
      return True
  
@@ -74,7 +75,7 @@ index 0ff6dad2f55..f77c177442f 100644
  check_system_heimdal_lib("com_err", "com_right_r com_err", "com_err.h")
  
  if check_system_heimdal_lib("roken", "rk_socket_set_reuseaddr", "roken.h"):
-@@ -88,7 +88,4 @@
+@@ -96,7 +96,4 @@
  #if conf.CHECK_BUNDLED_SYSTEM('tommath', checkfunctions='mp_init', headers='tommath.h'):
  #    conf.define('USING_SYSTEM_TOMMATH', 1)
  
diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash
index 34ae6f84bc..4d47871fc5 100644
--- a/package/samba4/samba4.hash
+++ b/package/samba4/samba4.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://download.samba.org/pub/samba/stable/samba-4.11.10.tar.asc
-sha256  4346ed80c90132a4117fe2dd3e846954f44f006f4d057de3a3544116364e012f  samba-4.11.10.tar.gz
+# https://download.samba.org/pub/samba/stable/samba-4.11.13.tar.asc
+sha256  e71ed29ae01c5ce7be8cee1f53e0530db86dd19b911accb08fae60224e686ba1  samba-4.11.13.tar.gz
 sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk
index b6fe1a827c..48ac48c180 100644
--- a/package/samba4/samba4.mk
+++ b/package/samba4/samba4.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.11.10
+SAMBA4_VERSION = 4.11.13
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2020-09-20 13:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-20 13:06 [Buildroot] [git commit] package/samba4: security bump version to 4.11.13 Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.