23.04.2023 23:24, Jeremie Courreges-Anglas пишет:
This diff is valid for both -stable and -current. The 4.17.7 release
was intended to be a security release, but two CVEs affect the AD DC
server which we don't build, the third CVE (CVE-2023-0922) affects
samba-tool. I guess some people may use samba-tool on OpenBSD, though
I haven't tested joining a domain with samba-tool recently.
https://www.samba.org/samba/security/CVE-2023-0225.html
https://www.samba.org/samba/security/CVE-2023-0922.html
https://www.samba.org/samba/security/CVE-2023-0614.html
Release notes:
https://www.samba.org/samba/history/samba-4.17.7.html
Packaging-wise, libldb gets new symbols so it gets a minor bump. Not
relevant as far as the ports tree is concerned, there are no consumers
of libldb in ports.
Tests and oks welcome.
(We'll move to samba-4.18.x afterwards.)
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.329
diff -u -p -r1.329 Makefile
--- Makefile 15 Mar 2023 09:38:11 -0000 1.329
+++ Makefile 23 Apr 2023 20:16:49 -0000
@@ -1,4 +1,4 @@
-VERSION = 4.17.6
+VERSION = 4.17.7
DISTNAME = samba-${VERSION}
EPOCH = 0
@@ -14,7 +14,7 @@ SHARED_LIBS = dcerpc 1.1 \
dcerpc-binding 4.0 \
dcerpc-samr 1.0 \
dcerpc-server-core 3.0 \
- ldb 2.1 \
+ ldb 2.2 \
ndr 3.0 \
ndr-krb5pac 1.1 \
ndr-nbt 1.0 \
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.103
diff -u -p -r1.103 distinfo
--- distinfo 15 Mar 2023 09:38:11 -0000 1.103
+++ distinfo 23 Apr 2023 20:16:49 -0000
@@ -1,2 +1,2 @@
-SHA256 (samba-4.17.6.tar.gz) = iubtbmKzybPqa+Yn3UBXfPPPmkQtUjcFWAbGLdRgsUo=
-SIZE (samba-4.17.6.tar.gz) = 30857472
+SHA256 (samba-4.17.7.tar.gz) = lcnBa2VKiM+u/ZWAUt1XPi+F7N8RTk7Owxh1N6CU2Rk=
+SIZE (samba-4.17.7.tar.gz) = 30862665
Index: patches/patch-source4_dsdb_samdb_ldb_modules_acl_c
===================================================================
RCS file:
/cvs/ports/net/samba/patches/patch-source4_dsdb_samdb_ldb_modules_acl_c,v
retrieving revision 1.6
diff -u -p -r1.6 patch-source4_dsdb_samdb_ldb_modules_acl_c
--- patches/patch-source4_dsdb_samdb_ldb_modules_acl_c 5 Oct 2022 17:03:41
-0000 1.6
+++ patches/patch-source4_dsdb_samdb_ldb_modules_acl_c 23 Apr 2023 20:16:49
-0000
@@ -3,7 +3,7 @@ Avoid printf("%s", NULL);
Index: source4/dsdb/samdb/ldb_modules/acl.c
--- source4/dsdb/samdb/ldb_modules/acl.c.orig
+++ source4/dsdb/samdb/ldb_modules/acl.c
-@@ -677,7 +677,7 @@ fail:
+@@ -575,7 +575,7 @@ fail:
(int)samAccountName->length, samAccountName->data,
dnsHostName != NULL ? (int)dnsHostName->length : 0,
dnsHostName != NULL ? (const char *)dnsHostName->data :
"",
i'm sorry for the noise, but samba package in openbsd has some bug since
7.2
It erroneously map "nobody" as a homes share when it should not.
example config:
/*
[global]
map to guest = Bad User
[homes]
browseable = no
writable = yes
*/
with this config, samba will return nobody as a home share:
/*
[kasak@kasakoff ~]$ smbclient -L \\\\172.16.12.111
Password for [WORKGROUP\kasak]:
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba 4.17.6)
nobody Disk Home directory of nobody
SMB1 disabled -- no workgroup available
*/
it shouldn't be like that. And it was not, prior 7.2.
I even tryed to create home directory for nobody user, but it seems
there is no way you can use it:
[kasak@kasakoff ~]$ smbclient \\\\172.16.12.111\\nobody -U guest%guest
tree connect failed: NT_STATUS_ACCESS_DENIED
I have many other samba hosts, and I often use [homes] special share,
but it never map "nobody" as a home share.
So i think this is a bug somewhere, but i can't figure out from where it
come from. All i know that it was ok in 7.1 and not ok since 7.2
