[Bug 290329] net/samba420: backport fixes for Oct 2025 CVEs [patch]

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 17 Oct 2025 18:45:40 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290329

            Bug ID: 290329
           Summary: net/samba420: backport fixes for Oct 2025 CVEs [patch]
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: samba@FreeBSD.org
          Reporter: ml@netfence.it
             Flags: maintainer-feedback?(samba@FreeBSD.org)
          Assignee: samba@FreeBSD.org

Created attachment 264660
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=264660&action=edit
Git patch

A couple of days ago, Samba released new versions in order to close a couple of
CVEs:
https://www.samba.org/samba/security/CVE-2025-10230.html
https://www.samba.org/samba/security/CVE-2025-9640.html

Of course 4.20 is out of support and did not receive any update.

I know we are at 4.20.7 (not 4.20.8) and that the upgrade was deemed as "not
worth the effort" in #287927, I know there's ongoing work to bring 4.22
(#287985) and 4.23 (#290327) in (and I hope to test them soon), but currently
4.20 is the most recent version we have in the port tree.

I'm attaching a patch to backport the aforementioned fixes. I've been running
it for a couple of days without any apparent trouble (but I don't use WINS).
Any testing and feedback is appreciated.

-- 
You are receiving this mail because:
You are the assignee for the bug.