Update to version 4.16.4
resolves: #2111490 resolves: #2108196, #2111729 - Security fixes for CVE-2022-32742 resolves: #2108205, #2111731 - Security fixes for CVE-2022-32744 resolves: #2108211, #2111732 - Security fixes for CVE-2022-32745 resolves: #2108215, #2111734 - Security fixes for CVE-2022-32746 Guenther
This commit is contained in:
parent
8939f84a48
commit
b41f002876
2
.gitignore
vendored
2
.gitignore
vendored
@ -295,3 +295,5 @@ samba-3.6.0pre1.tar.gz
|
|||||||
/samba-4.16.2.tar.asc
|
/samba-4.16.2.tar.asc
|
||||||
/samba-4.16.3.tar.xz
|
/samba-4.16.3.tar.xz
|
||||||
/samba-4.16.3.tar.asc
|
/samba-4.16.3.tar.asc
|
||||||
|
/samba-4.16.4.tar.xz
|
||||||
|
/samba-4.16.4.tar.asc
|
||||||
|
36
samba-mount_h.patch
Normal file
36
samba-mount_h.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 37b1f282d1b549063d2fca07caca812292be1d3b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schneider <asn@samba.org>
|
||||||
|
Date: Fri, 29 Jul 2022 10:08:24 +0200
|
||||||
|
Subject: [PATCH] lib:replace: Remove <sys/mount.h> from filesys.h
|
||||||
|
|
||||||
|
You need to be careful if you include <sys/mount.h> or <linux/mount.h>
|
||||||
|
at least since glibc 2.36.
|
||||||
|
|
||||||
|
Details at:
|
||||||
|
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
|
||||||
|
|
||||||
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
|
||||||
|
|
||||||
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||||
|
---
|
||||||
|
lib/replace/system/filesys.h | 4 ----
|
||||||
|
1 file changed, 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/replace/system/filesys.h b/lib/replace/system/filesys.h
|
||||||
|
index 034e5d5886c..190c6b90f93 100644
|
||||||
|
--- a/lib/replace/system/filesys.h
|
||||||
|
+++ b/lib/replace/system/filesys.h
|
||||||
|
@@ -36,10 +36,6 @@
|
||||||
|
#include <sys/param.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-#ifdef HAVE_SYS_MOUNT_H
|
||||||
|
-#include <sys/mount.h>
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
#ifdef HAVE_MNTENT_H
|
||||||
|
#include <mntent.h>
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 17eb98d3f8ebd0fe48e218bb03a3c0165b9b6e95 Mon Sep 17 00:00:00 2001
|
From 5d7ec9a00b6f4c6768c606d37d235415f2006445 Mon Sep 17 00:00:00 2001
|
||||||
From: Isaac Boukris <iboukris@gmail.com>
|
From: Isaac Boukris <iboukris@gmail.com>
|
||||||
Date: Fri, 27 Sep 2019 18:25:03 +0300
|
Date: Fri, 27 Sep 2019 18:25:03 +0300
|
||||||
Subject: [PATCH 1/4] mit-kdc: add basic loacl realm S4U support
|
Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support
|
||||||
|
|
||||||
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
||||||
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
||||||
@ -236,7 +236,7 @@ index 793fe366c35..22534c09974 100644
|
|||||||
|
|
||||||
|
|
||||||
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
||||||
index 27b15828468..994dfed312b 100644
|
index cb72b5de294..03c2c2ea1de 100644
|
||||||
--- a/source4/kdc/mit_samba.c
|
--- a/source4/kdc/mit_samba.c
|
||||||
+++ b/source4/kdc/mit_samba.c
|
+++ b/source4/kdc/mit_samba.c
|
||||||
@@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
|
@@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
|
||||||
@ -247,7 +247,7 @@ index 27b15828468..994dfed312b 100644
|
|||||||
krb5_db_entry *client,
|
krb5_db_entry *client,
|
||||||
krb5_db_entry *server,
|
krb5_db_entry *server,
|
||||||
krb5_db_entry *krbtgt,
|
krb5_db_entry *krbtgt,
|
||||||
@@ -682,7 +681,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
@@ -689,7 +688,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
||||||
context,
|
context,
|
||||||
*pac,
|
*pac,
|
||||||
server->princ,
|
server->princ,
|
||||||
@ -256,7 +256,7 @@ index 27b15828468..994dfed312b 100644
|
|||||||
deleg_blob);
|
deleg_blob);
|
||||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||||
DEBUG(0, ("Update delegation info failed: %s\n",
|
DEBUG(0, ("Update delegation info failed: %s\n",
|
||||||
@@ -1004,41 +1003,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
|
@@ -1081,41 +1080,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
|
int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
|
||||||
@ -333,13 +333,13 @@ index 4431e82a1b2..9370ab533af 100644
|
|||||||
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
|
||||||
char *pwd,
|
char *pwd,
|
||||||
--
|
--
|
||||||
2.33.1
|
2.37.1
|
||||||
|
|
||||||
|
|
||||||
From f4fc23103f47b712baf3b4b0ebcb42d0f3f3fd42 Mon Sep 17 00:00:00 2001
|
From 325912375cf54743ab8ea557172a72b870002e9f Mon Sep 17 00:00:00 2001
|
||||||
From: Isaac Boukris <iboukris@gmail.com>
|
From: Isaac Boukris <iboukris@gmail.com>
|
||||||
Date: Fri, 27 Sep 2019 18:35:30 +0300
|
Date: Fri, 27 Sep 2019 18:35:30 +0300
|
||||||
Subject: [PATCH 2/4] krb5-mit: enable S4U client support for MIT build
|
Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build
|
||||||
|
|
||||||
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
|
||||||
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
||||||
@ -350,10 +350,10 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
|
|||||||
3 files changed, 185 insertions(+), 13 deletions(-)
|
3 files changed, 185 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
|
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
|
||||||
index 61d651b4d5f..462acec90b6 100644
|
index 4321f07ca09..3fd95e47fca 100644
|
||||||
--- a/lib/krb5_wrap/krb5_samba.c
|
--- a/lib/krb5_wrap/krb5_samba.c
|
||||||
+++ b/lib/krb5_wrap/krb5_samba.c
|
+++ b/lib/krb5_wrap/krb5_samba.c
|
||||||
@@ -2699,6 +2699,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
@@ -2702,6 +2702,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -611,20 +611,20 @@ index 544d9d853cc..c14d8c72d8c 100644
|
|||||||
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
|
ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
|
||||||
ccache,
|
ccache,
|
||||||
--
|
--
|
||||||
2.33.1
|
2.37.1
|
||||||
|
|
||||||
|
|
||||||
From 48d73d552f2fbbdb07bd9aff4d0294883b70417f Mon Sep 17 00:00:00 2001
|
From a5713b1558192f24348f7794da84bf65cf78e6ec Mon Sep 17 00:00:00 2001
|
||||||
From: Isaac Boukris <iboukris@gmail.com>
|
From: Isaac Boukris <iboukris@gmail.com>
|
||||||
Date: Sat, 19 Sep 2020 14:16:20 +0200
|
Date: Sat, 19 Sep 2020 14:16:20 +0200
|
||||||
Subject: [PATCH 3/4] wip: for canonicalization with new MIT kdc code
|
Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code
|
||||||
|
|
||||||
---
|
---
|
||||||
source4/kdc/mit_samba.c | 3 +++
|
source4/kdc/mit_samba.c | 3 +++
|
||||||
1 file changed, 3 insertions(+)
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
||||||
index 994dfed312b..9d039e5601b 100644
|
index 03c2c2ea1de..30fade56531 100644
|
||||||
--- a/source4/kdc/mit_samba.c
|
--- a/source4/kdc/mit_samba.c
|
||||||
+++ b/source4/kdc/mit_samba.c
|
+++ b/source4/kdc/mit_samba.c
|
||||||
@@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
|
@@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
|
||||||
@ -638,33 +638,5 @@ index 994dfed312b..9d039e5601b 100644
|
|||||||
KRB5_KDB_FLAG_INCLUDE_PAC)) {
|
KRB5_KDB_FLAG_INCLUDE_PAC)) {
|
||||||
/*
|
/*
|
||||||
--
|
--
|
||||||
2.33.1
|
2.37.1
|
||||||
|
|
||||||
|
|
||||||
From f5f54026d151f6d899e8ff52d8829a2f9cf57f25 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Tue, 21 Dec 2021 12:17:11 +0100
|
|
||||||
Subject: [PATCH 4/4] s4:kdc: Also cannoicalize krbtgt principals when
|
|
||||||
enforcing canonicalization
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
---
|
|
||||||
source4/kdc/db-glue.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
|
|
||||||
index 8d17038cfe6..77c0c0e4746 100644
|
|
||||||
--- a/source4/kdc/db-glue.c
|
|
||||||
+++ b/source4/kdc/db-glue.c
|
|
||||||
@@ -946,7 +946,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
|
||||||
if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) {
|
|
||||||
p->is_krbtgt = true;
|
|
||||||
|
|
||||||
- if (flags & (SDB_F_CANON)) {
|
|
||||||
+ if (flags & (SDB_F_CANON|SDB_F_FORCE_CANON)) {
|
|
||||||
/*
|
|
||||||
* When requested to do so, ensure that the
|
|
||||||
* both realm values in the principal are set
|
|
||||||
--
|
|
||||||
2.33.1
|
|
||||||
|
|
||||||
|
17
samba.spec
17
samba.spec
@ -134,13 +134,13 @@
|
|||||||
|
|
||||||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||||
|
|
||||||
%global baserelease 2
|
%global baserelease 0
|
||||||
|
|
||||||
%global samba_version 4.16.3
|
%global samba_version 4.16.4
|
||||||
%global talloc_version 2.3.3
|
%global talloc_version 2.3.3
|
||||||
%global tdb_version 1.4.6
|
%global tdb_version 1.4.6
|
||||||
%global tevent_version 0.12.0
|
%global tevent_version 0.12.0
|
||||||
%global ldb_version 2.5.1
|
%global ldb_version 2.5.2
|
||||||
# This should be rc1 or nil
|
# This should be rc1 or nil
|
||||||
%global pre_release %nil
|
%global pre_release %nil
|
||||||
|
|
||||||
@ -207,6 +207,8 @@ Source201: README.downgrade
|
|||||||
Patch0: samba-s4u.patch
|
Patch0: samba-s4u.patch
|
||||||
# https://gitlab.com/samba-team/samba/-/merge_requests/2477
|
# https://gitlab.com/samba-team/samba/-/merge_requests/2477
|
||||||
Patch1: samba-4.16-waf-crypto.patch
|
Patch1: samba-4.16-waf-crypto.patch
|
||||||
|
# https://gitlab.com/samba-team/samba/-/merge_requests/2647
|
||||||
|
Patch2: samba-mount_h.patch
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
@ -2979,6 +2981,7 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
|
||||||
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
|
||||||
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
|
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
|
||||||
@ -3005,6 +3008,7 @@ fi
|
|||||||
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
|
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
|
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
|
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
|
||||||
|
%{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
|
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
|
%{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
|
||||||
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
|
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
|
||||||
@ -4163,6 +4167,13 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 27 2022 Guenther Deschner <gdeschner@redhat.com> - 4.16.4-0
|
||||||
|
- resolves: #2111490 - Update to version 4.16.4
|
||||||
|
- resolves: #2108196, #2111729 - Security fixes for CVE-2022-32742
|
||||||
|
- resolves: #2108205, #2111731 - Security fixes for CVE-2022-32744
|
||||||
|
- resolves: #2108211, #2111732 - Security fixes for CVE-2022-32745
|
||||||
|
- resolves: #2108215, #2111734 - Security fixes for CVE-2022-32746
|
||||||
|
|
||||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.16.3-2
|
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.16.3-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (samba-4.16.3.tar.xz) = aa11e65e52f57fd940d6b381fff7bac77bf94b421c1980b3731b36b815d27b6218f3192a7a8a1b9c7d27f80e381c9a7c8b7a0f76a2ec6cfad6b8748bbfd958cc
|
SHA512 (samba-4.16.4.tar.xz) = 263c33f202462c50ba9205232cc59f17eef6526bbe97cc1c6be6606e5e2fa8e235f24693da5ef00106ed126c5e2e1d83e2cfc0d2a690303ac94a8737e6760e95
|
||||||
SHA512 (samba-4.16.3.tar.asc) = 98f07c312263e3ff4594fa1204184f15212f0c4771d45b349ab48981caefaa94aa7ae5223922d1cbaac9f423554b7a5c4107cb3a3599041cf38af6f665a9289a
|
SHA512 (samba-4.16.4.tar.asc) = aec1d0dc15169dfa0f68776cff083b8a9ecfeb348d20cde02e236eda3548e1df13f6df3e9275ede6e8fdc6193b2fd304d2f493507b49f5877dbb6b7181d90367
|
||||||
|
Loading…
Reference in New Issue
Block a user