git: fb71a4b64148 - main - net/samba413: Update to the 4.13.16 release to address CVE-2021-43566
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 12 Jan 2022 05:38:08 UTC
The branch main has been updated by timur:
URL: https://cgit.FreeBSD.org/ports/commit/?id=fb71a4b641481654ee4c84be00911b4e5212eb19
commit fb71a4b641481654ee4c84be00911b4e5212eb19
Author: Timur I. Bakeyev <timur@FreeBSD.org>
AuthorDate: 2022-01-12 05:22:19 +0000
Commit: Timur I. Bakeyev <timur@FreeBSD.org>
CommitDate: 2022-01-12 05:35:52 +0000
net/samba413: Update to the 4.13.16 release to address CVE-2021-43566
In addition an CVE-2021-20316 is issued, but can't be address in this
Samba release.
====================================================
Workaround and mitigating factors for CVE-2021-20316
====================================================
Do not enable SMB1 (please note SMB1 is disabled by default in Samba
from version 4.11.0 and onwards). This prevents the creation of
symbolic links via SMB1. If SMB1 must be enabled for backwards
compatibility then add the parameter:
unix extensions = no
to the [global] section of your smb.conf and restart smbd. This
prevents SMB1 clients from creating symlinks on the exported file
system.
However, if the same region of the file system is also exported using
NFS, NFS clients can create symlinks that potentially can also hit the
race condition. For non-patched versions of Samba we recommend only
exporting areas of the file system by either SMB2 or NFS, not both.
Security: CVE-2021-43566
---
net/samba413/Makefile | 2 +-
net/samba413/distinfo | 6 +++---
net/samba413/pkg-plist.python | 1 +
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/samba413/Makefile b/net/samba413/Makefile
index dc886f703a5f..a6ac7445e3ba 100644
--- a/net/samba413/Makefile
+++ b/net/samba413/Makefile
@@ -22,7 +22,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.13.14
+SAMBA4_VERSION= 4.13.16
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
diff --git a/net/samba413/distinfo b/net/samba413/distinfo
index f985138a88f2..8d9c52c21d76 100644
--- a/net/samba413/distinfo
+++ b/net/samba413/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1636505457
-SHA256 (samba-4.13.14.tar.gz) = 6611a8e8fa93ea0cb3ee2cadd6269305ded40acf7f8b6a7576547e5d13f07f80
-SIZE (samba-4.13.14.tar.gz) = 18943381
+TIMESTAMP = 1641957925
+SHA256 (samba-4.13.16.tar.gz) = 3fec748cd89961131959fca836d24bbc4843385ea7235a4295b5e129e250c041
+SIZE (samba-4.13.16.tar.gz) = 18943308
diff --git a/net/samba413/pkg-plist.python b/net/samba413/pkg-plist.python
index 8cf306b5bc07..c931ab22f63e 100644
--- a/net/samba413/pkg-plist.python
+++ b/net/samba413/pkg-plist.python
@@ -268,6 +268,7 @@ lib/samba4/private/libsamba-python%%PYTHON_EXT_SUFFIX%%-samba4.so
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/simple_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/spn_tests.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ccache.py
+%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_idmap_nss.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ldap.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_min_domain_uid.py
%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_rpc.py