Update to version 4.18.5
resolves: #2224040 Security fix for CVE-2022-2127 resolves: #2222791, #2224254 Security fix for CVE-2023-3347 resolves: #2222792, #2224255 Security fix for CVE-2023-34966 resolves: #2222793, #2224253 Security fix for CVE-2023-34967 resolves: #2222794, #2224252 Security fix for CVE-2023-34968 resolves: #2222795, #2224250 Guenther
This commit is contained in:
parent
64ef2ec2d2
commit
9ae16cc49b
2
.gitignore
vendored
2
.gitignore
vendored
@ -335,3 +335,5 @@ samba-3.6.0pre1.tar.gz
|
|||||||
/samba-4.18.3.tar.asc
|
/samba-4.18.3.tar.asc
|
||||||
/samba-4.18.4.tar.xz
|
/samba-4.18.4.tar.xz
|
||||||
/samba-4.18.4.tar.asc
|
/samba-4.18.4.tar.asc
|
||||||
|
/samba-4.18.5.tar.xz
|
||||||
|
/samba-4.18.5.tar.asc
|
||||||
|
@ -1,351 +0,0 @@
|
|||||||
From 5f87888ed53320538cf773d64868390d8641a40e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Date: Sat, 15 Jul 2023 17:20:32 +0200
|
|
||||||
Subject: [PATCH 1/4] netlogon.idl: add support for netr_LogonGetCapabilities
|
|
||||||
response level 2
|
|
||||||
|
|
||||||
We don't have any documentation about this yet, but tests against
|
|
||||||
a Windows Server 2022 patched with KB5028166 revealed that
|
|
||||||
the response for query_level=2 is exactly the same as
|
|
||||||
for querey_level=1.
|
|
||||||
|
|
||||||
Until we know the reason for query_level=2 we won't
|
|
||||||
use it as client nor support it in the server, but
|
|
||||||
we want ndrdump to work.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
---
|
|
||||||
librpc/idl/netlogon.idl | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
|
|
||||||
index 48a8c8f9310..85dd73ee7e4 100644
|
|
||||||
--- a/librpc/idl/netlogon.idl
|
|
||||||
+++ b/librpc/idl/netlogon.idl
|
|
||||||
@@ -1236,6 +1236,7 @@ interface netlogon
|
|
||||||
/* Function 0x15 */
|
|
||||||
typedef [switch_type(uint32)] union {
|
|
||||||
[case(1)] netr_NegotiateFlags server_capabilities;
|
|
||||||
+ [case(2)] netr_NegotiateFlags server_capabilities;
|
|
||||||
} netr_Capabilities;
|
|
||||||
|
|
||||||
NTSTATUS netr_LogonGetCapabilities(
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
||||||
|
|
||||||
From 404ce08e9088968311c714e756f5d58ce2cef715 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Date: Sat, 15 Jul 2023 17:25:05 +0200
|
|
||||||
Subject: [PATCH 2/4] s4:torture/rpc: let rpc.schannel also check
|
|
||||||
netr_LogonGetCapabilities with different levels
|
|
||||||
|
|
||||||
The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
for unsupported query_levels, we allow it to work with servers
|
|
||||||
with or without support for query_level=2.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
---
|
|
||||||
.../knownfail.d/netr_LogonGetCapabilities | 3 +
|
|
||||||
source4/torture/rpc/netlogon.c | 77 ++++++++++++++++++-
|
|
||||||
2 files changed, 79 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
|
|
||||||
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000000..30aadf3bb9d
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
@@ -0,0 +1,3 @@
|
|
||||||
+^samba3.rpc.schannel.*\.schannel\(nt4_dc
|
|
||||||
+^samba3.rpc.schannel.*\.schannel\(ad_dc
|
|
||||||
+^samba4.rpc.schannel.*\.schannel\(ad_dc
|
|
||||||
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
|
|
||||||
index 1f068eb7826..a3d190f13dd 100644
|
|
||||||
--- a/source4/torture/rpc/netlogon.c
|
|
||||||
+++ b/source4/torture/rpc/netlogon.c
|
|
||||||
@@ -2056,8 +2056,47 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
|
|
||||||
r.out.capabilities = &capabilities;
|
|
||||||
r.out.return_authenticator = &return_auth;
|
|
||||||
|
|
||||||
- torture_comment(tctx, "Testing LogonGetCapabilities\n");
|
|
||||||
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=0\n");
|
|
||||||
|
|
||||||
+ r.in.query_level = 0;
|
|
||||||
+ ZERO_STRUCT(return_auth);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * we need to operate on a temporary copy of creds
|
|
||||||
+ * because dcerpc_netr_LogonGetCapabilities with
|
|
||||||
+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
|
|
||||||
+ * without looking a the authenticator.
|
|
||||||
+ */
|
|
||||||
+ tmp_creds = *creds;
|
|
||||||
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
|
|
||||||
+
|
|
||||||
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
|
|
||||||
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
|
|
||||||
+ "LogonGetCapabilities query_level=0 failed");
|
|
||||||
+
|
|
||||||
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=3\n");
|
|
||||||
+
|
|
||||||
+ r.in.query_level = 3;
|
|
||||||
+ ZERO_STRUCT(return_auth);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * we need to operate on a temporary copy of creds
|
|
||||||
+ * because dcerpc_netr_LogonGetCapabilities with
|
|
||||||
+ * an unknown query level returns DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
|
|
||||||
+ * without looking a the authenticator.
|
|
||||||
+ */
|
|
||||||
+ tmp_creds = *creds;
|
|
||||||
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
|
|
||||||
+
|
|
||||||
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
|
|
||||||
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE,
|
|
||||||
+ "LogonGetCapabilities query_level=0 failed");
|
|
||||||
+
|
|
||||||
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=1\n");
|
|
||||||
+
|
|
||||||
+ r.in.query_level = 1;
|
|
||||||
ZERO_STRUCT(return_auth);
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -2077,6 +2116,42 @@ bool test_netlogon_capabilities(struct dcerpc_pipe *p, struct torture_context *t
|
|
||||||
|
|
||||||
*creds = tmp_creds;
|
|
||||||
|
|
||||||
+ torture_assert(tctx, netlogon_creds_client_check(creds,
|
|
||||||
+ &r.out.return_authenticator->cred),
|
|
||||||
+ "Credential chaining failed");
|
|
||||||
+
|
|
||||||
+ torture_assert_int_equal(tctx, creds->negotiate_flags,
|
|
||||||
+ capabilities.server_capabilities,
|
|
||||||
+ "negotiate flags");
|
|
||||||
+
|
|
||||||
+ torture_comment(tctx, "Testing LogonGetCapabilities with query_level=2\n");
|
|
||||||
+
|
|
||||||
+ r.in.query_level = 2;
|
|
||||||
+ ZERO_STRUCT(return_auth);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * we need to operate on a temporary copy of creds
|
|
||||||
+ * because dcerpc_netr_LogonGetCapabilities with
|
|
||||||
+ * an query level 2 may returns DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
+ * => NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
|
|
||||||
+ * without looking a the authenticator.
|
|
||||||
+ */
|
|
||||||
+ tmp_creds = *creds;
|
|
||||||
+ netlogon_creds_client_authenticator(&tmp_creds, &auth);
|
|
||||||
+
|
|
||||||
+ status = dcerpc_netr_LogonGetCapabilities_r(b, tctx, &r);
|
|
||||||
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
|
|
||||||
+ /*
|
|
||||||
+ * an server without KB5028166 returns
|
|
||||||
+ * DCERPC_NCA_S_FAULT_INVALID_TAG =>
|
|
||||||
+ * NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
|
|
||||||
+ */
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
+ torture_assert_ntstatus_ok(tctx, status, "LogonGetCapabilities query_level=2 failed");
|
|
||||||
+
|
|
||||||
+ *creds = tmp_creds;
|
|
||||||
+
|
|
||||||
torture_assert(tctx, netlogon_creds_client_check(creds,
|
|
||||||
&r.out.return_authenticator->cred),
|
|
||||||
"Credential chaining failed");
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
||||||
|
|
||||||
From d5f1097b6220676d56ed5fc6707acf667b704518 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Date: Sat, 15 Jul 2023 16:11:48 +0200
|
|
||||||
Subject: [PATCH 3/4] s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for
|
|
||||||
invalid netr_LogonGetCapabilities levels
|
|
||||||
|
|
||||||
This is important as Windows clients with KB5028166 seem to
|
|
||||||
call netr_LogonGetCapabilities with query_level=2 after
|
|
||||||
a call with query_level=1.
|
|
||||||
|
|
||||||
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
for query_level values other than 1.
|
|
||||||
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
|
|
||||||
later fails to marshall the response, which results
|
|
||||||
in DCERPC_FAULT_BAD_STUB_DATA instead.
|
|
||||||
|
|
||||||
Because we don't have any documentation for level 2 yet,
|
|
||||||
we just try to behave like an unpatched server and
|
|
||||||
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
|
|
||||||
DCERPC_FAULT_BAD_STUB_DATA.
|
|
||||||
Which allows patched Windows clients to keep working
|
|
||||||
against a Samba DC.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
---
|
|
||||||
.../knownfail.d/netr_LogonGetCapabilities | 2 --
|
|
||||||
source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 ++++++++++++++++---
|
|
||||||
2 files changed, 24 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
index 30aadf3bb9d..99c7ac711ed 100644
|
|
||||||
--- a/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
+++ b/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
@@ -1,3 +1 @@
|
|
||||||
^samba3.rpc.schannel.*\.schannel\(nt4_dc
|
|
||||||
-^samba3.rpc.schannel.*\.schannel\(ad_dc
|
|
||||||
-^samba4.rpc.schannel.*\.schannel\(ad_dc
|
|
||||||
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
||||||
index 6ccba65d3bf..dc2167f08b2 100644
|
|
||||||
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
||||||
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
|
|
||||||
@@ -2364,6 +2364,30 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
|
|
||||||
struct netlogon_creds_CredentialState *creds;
|
|
||||||
NTSTATUS status;
|
|
||||||
|
|
||||||
+ switch (r->in.query_level) {
|
|
||||||
+ case 1:
|
|
||||||
+ break;
|
|
||||||
+ case 2:
|
|
||||||
+ /*
|
|
||||||
+ * Until we know the details behind KB5028166
|
|
||||||
+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
+ * like an unpatched Windows Server.
|
|
||||||
+ */
|
|
||||||
+ FALL_THROUGH;
|
|
||||||
+ default:
|
|
||||||
+ /*
|
|
||||||
+ * There would not be a way to marshall the
|
|
||||||
+ * the response. Which would mean our final
|
|
||||||
+ * ndr_push would fail an we would return
|
|
||||||
+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA.
|
|
||||||
+ *
|
|
||||||
+ * But it's important to match a Windows server
|
|
||||||
+ * especially before KB5028166, see also our bug #15418
|
|
||||||
+ * Otherwise Windows client would stop talking to us.
|
|
||||||
+ */
|
|
||||||
+ DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
status = dcesrv_netr_creds_server_step_check(dce_call,
|
|
||||||
mem_ctx,
|
|
||||||
r->in.computer_name,
|
|
||||||
@@ -2375,10 +2399,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
|
|
||||||
}
|
|
||||||
NT_STATUS_NOT_OK_RETURN(status);
|
|
||||||
|
|
||||||
- if (r->in.query_level != 1) {
|
|
||||||
- return NT_STATUS_NOT_SUPPORTED;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
r->out.capabilities->server_capabilities = creds->negotiate_flags;
|
|
||||||
|
|
||||||
return NT_STATUS_OK;
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
||||||
|
|
||||||
From dfeabce44fbb78083fbbb2aa634fc4172cf83db9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Date: Sat, 15 Jul 2023 16:11:48 +0200
|
|
||||||
Subject: [PATCH 4/4] s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for
|
|
||||||
invalid netr_LogonGetCapabilities levels
|
|
||||||
|
|
||||||
This is important as Windows clients with KB5028166 seem to
|
|
||||||
call netr_LogonGetCapabilities with query_level=2 after
|
|
||||||
a call with query_level=1.
|
|
||||||
|
|
||||||
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
for query_level values other than 1.
|
|
||||||
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
|
|
||||||
later fails to marshall the response, which results
|
|
||||||
in DCERPC_FAULT_BAD_STUB_DATA instead.
|
|
||||||
|
|
||||||
Because we don't have any documentation for level 2 yet,
|
|
||||||
we just try to behave like an unpatched server and
|
|
||||||
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
|
|
||||||
DCERPC_FAULT_BAD_STUB_DATA.
|
|
||||||
Which allows patched Windows clients to keep working
|
|
||||||
against a Samba DC.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
|
|
||||||
|
|
||||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
|
|
||||||
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
|
|
||||||
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224
|
|
||||||
---
|
|
||||||
.../knownfail.d/netr_LogonGetCapabilities | 1 -
|
|
||||||
source3/rpc_server/netlogon/srv_netlog_nt.c | 29 ++++++++++++++++---
|
|
||||||
2 files changed, 25 insertions(+), 5 deletions(-)
|
|
||||||
delete mode 100644 selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
|
|
||||||
diff --git a/selftest/knownfail.d/netr_LogonGetCapabilities b/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
deleted file mode 100644
|
|
||||||
index 99c7ac711ed..00000000000
|
|
||||||
--- a/selftest/knownfail.d/netr_LogonGetCapabilities
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1 +0,0 @@
|
|
||||||
-^samba3.rpc.schannel.*\.schannel\(nt4_dc
|
|
||||||
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
||||||
index 3ba58e61206..e8aa14167fc 100644
|
|
||||||
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
||||||
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
||||||
@@ -2284,6 +2284,31 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
|
|
||||||
struct netlogon_creds_CredentialState *creds;
|
|
||||||
NTSTATUS status;
|
|
||||||
|
|
||||||
+ switch (r->in.query_level) {
|
|
||||||
+ case 1:
|
|
||||||
+ break;
|
|
||||||
+ case 2:
|
|
||||||
+ /*
|
|
||||||
+ * Until we know the details behind KB5028166
|
|
||||||
+ * just return DCERPC_NCA_S_FAULT_INVALID_TAG
|
|
||||||
+ * like an unpatched Windows Server.
|
|
||||||
+ */
|
|
||||||
+ FALL_THROUGH;
|
|
||||||
+ default:
|
|
||||||
+ /*
|
|
||||||
+ * There would not be a way to marshall the
|
|
||||||
+ * the response. Which would mean our final
|
|
||||||
+ * ndr_push would fail an we would return
|
|
||||||
+ * an RPC-level fault with DCERPC_FAULT_BAD_STUB_DATA.
|
|
||||||
+ *
|
|
||||||
+ * But it's important to match a Windows server
|
|
||||||
+ * especially before KB5028166, see also our bug #15418
|
|
||||||
+ * Otherwise Windows client would stop talking to us.
|
|
||||||
+ */
|
|
||||||
+ p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG;
|
|
||||||
+ return NT_STATUS_NOT_SUPPORTED;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
become_root();
|
|
||||||
status = dcesrv_netr_creds_server_step_check(p->dce_call,
|
|
||||||
p->mem_ctx,
|
|
||||||
@@ -2296,10 +2321,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (r->in.query_level != 1) {
|
|
||||||
- return NT_STATUS_NOT_SUPPORTED;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
r->out.capabilities->server_capabilities = creds->negotiate_flags;
|
|
||||||
|
|
||||||
return NT_STATUS_OK;
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
14
samba.spec
14
samba.spec
@ -137,8 +137,8 @@
|
|||||||
|
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%global samba_version 4.18.4
|
%global samba_version 4.18.5
|
||||||
%global baserelease 3
|
%global baserelease 0
|
||||||
# This should be rc1 or %%nil
|
# This should be rc1 or %%nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
|
|
||||||
@ -234,8 +234,6 @@ Source17: samba-usershares-systemd-sysusers.conf
|
|||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
Source202: samba.abignore
|
Source202: samba.abignore
|
||||||
|
|
||||||
Patch0: master-netlogongetcaps.patch
|
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
|
|
||||||
Requires(pre): %{name}-common = %{samba_depver}
|
Requires(pre): %{name}-common = %{samba_depver}
|
||||||
@ -4335,6 +4333,14 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 20 2023 Guenther Deschner <gdeschner@redhat.com> - 4.18.5-0
|
||||||
|
- resolves: #2224040 - Update to version 4.18.5
|
||||||
|
- resolves: #2222791, #2224254 - Security fix for CVE-2022-2127
|
||||||
|
- resolves: #2222792, #2224255 - Security fix for CVE-2023-3347
|
||||||
|
- resolves: #2222793, #2224253 - Security fix for CVE-2023-34966
|
||||||
|
- resolves: #2222794, #2224252 - Security fix for CVE-2023-34967
|
||||||
|
- resolves: #2222795, #2224250 - Security fix for CVE-2023-34968
|
||||||
|
|
||||||
* Sat Jul 15 2023 Guenther Deschner <gdeschner@redhat.com> - 4.18.4-3
|
* Sat Jul 15 2023 Guenther Deschner <gdeschner@redhat.com> - 4.18.4-3
|
||||||
- resolves: #2223091 - Fix netlogon LogonGetCapabilities level 2 error handling
|
- resolves: #2223091 - Fix netlogon LogonGetCapabilities level 2 error handling
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (samba-4.18.4.tar.xz) = 9b9ed3111e8c1f8fbb990e2cf78bdd00bbe03e79247ec87a3ee51744acfbc6692f110dc88ccb1049b7d9c6aaa8fd6ba3ab4acd7ad0480dbb9df8b61980c0da83
|
SHA512 (samba-4.18.5.tar.xz) = 3e405731813d5b0937e6c16938c6dcf8e182dafd29010dc75711afc397a63ee459fda04e78ff24e31fa0efd213e25a7e6c214a5bdf82d4d0f0123f2c6a8ebdd6
|
||||||
SHA512 (samba-4.18.4.tar.asc) = bc13d14b8da6a05494a79b8a8fb35fc27670f7ab8609eaeb3f3df49dd04bdb1389e77c2d571db5efcdd85532971c423eb977d46c2a5cbee3daadd6c6eca721ec
|
SHA512 (samba-4.18.5.tar.asc) = 29b541a95dc565e541526a9aeecff5d4df4e7df38c5c00ec8cc848b13c683c0d0c7dee442ab1a2d03e0f88b960cec7fb5a2cb8ea44c53ce29c858f5a058e7f84
|
||||||
|
Loading…
Reference in New Issue
Block a user