git: fb71a4b64148 - main - net/samba413: Update to the 4.13.16 release to address CVE-2021-43566

From: Timur I. Bakeyev <timur_at_FreeBSD.org>
Date: Wed, 12 Jan 2022 05:38:08 UTC
The branch main has been updated by timur:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fb71a4b641481654ee4c84be00911b4e5212eb19

commit fb71a4b641481654ee4c84be00911b4e5212eb19
Author:     Timur I. Bakeyev <timur@FreeBSD.org>
AuthorDate: 2022-01-12 05:22:19 +0000
Commit:     Timur I. Bakeyev <timur@FreeBSD.org>
CommitDate: 2022-01-12 05:35:52 +0000

    net/samba413: Update to the 4.13.16 release to address CVE-2021-43566
    
    In addition an CVE-2021-20316 is issued, but can't be address in this
    Samba release.
    
    ====================================================
    Workaround and mitigating factors for CVE-2021-20316
    ====================================================
    
    Do not enable SMB1 (please note SMB1 is disabled by default in Samba
    from version 4.11.0 and onwards). This prevents the creation of
    symbolic links via SMB1. If SMB1 must be enabled for backwards
    compatibility then add the parameter:
    
    unix extensions = no
    
    to the [global] section of your smb.conf and restart smbd. This
    prevents SMB1 clients from creating symlinks on the exported file
    system.
    
    However, if the same region of the file system is also exported using
    NFS, NFS clients can create symlinks that potentially can also hit the
    race condition. For non-patched versions of Samba we recommend only
    exporting areas of the file system by either SMB2 or NFS, not both.
    
    Security:       CVE-2021-43566
---
 net/samba413/Makefile         | 2 +-
 net/samba413/distinfo         | 6 +++---
 net/samba413/pkg-plist.python | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/samba413/Makefile b/net/samba413/Makefile
index dc886f703a5f..a6ac7445e3ba 100644
--- a/net/samba413/Makefile
+++ b/net/samba413/Makefile
@@ -22,7 +22,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.13.14
+SAMBA4_VERSION=			4.13.16
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
diff --git a/net/samba413/distinfo b/net/samba413/distinfo
index f985138a88f2..8d9c52c21d76 100644
--- a/net/samba413/distinfo
+++ b/net/samba413/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1636505457
-SHA256 (samba-4.13.14.tar.gz) = 6611a8e8fa93ea0cb3ee2cadd6269305ded40acf7f8b6a7576547e5d13f07f80
-SIZE (samba-4.13.14.tar.gz) = 18943381
+TIMESTAMP = 1641957925
+SHA256 (samba-4.13.16.tar.gz) = 3fec748cd89961131959fca836d24bbc4843385ea7235a4295b5e129e250c041
+SIZE (samba-4.13.16.tar.gz) = 18943308
diff --git a/net/samba413/pkg-plist.python b/net/samba413/pkg-plist.python
index 8cf306b5bc07..c931ab22f63e 100644
--- a/net/samba413/pkg-plist.python
+++ b/net/samba413/pkg-plist.python
@@ -268,6 +268,7 @@ lib/samba4/private/libsamba-python%%PYTHON_EXT_SUFFIX%%-samba4.so
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/simple_tests.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/spn_tests.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ccache.py
+%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_idmap_nss.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ldap.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_min_domain_uid.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_rpc.py