Created attachment 244676 [details] Git-formatted patch pkg-audit nags me about: https://vuxml.freebsd.org/freebsd/441e1e1a-27a5-11ee-a156-080027f5fec9.html I tried to produce a reasonable patch for 4.13.x for the time being. Started from https://www.samba.org/samba/history/#4.18.5 using 4.16.11 as a foundation based on: https://www.samba.org/samba/history/samba-4.16.11.html. Cloned the repo and checked out v4-16-stable, search for all commits with those CVEs: # git log --oneline "--grep=CVE-2022-2127" "--grep=CVE-2023-3347" "--grep=CVE-2023-34966" "--grep=CVE-2023-34967" "--grep=CVE-2023-34968" 1809843614b CVE-2023-34968: mdssvc: return a fake share path cecd415a0ab CVE-2023-34968: mdscli: return share relative paths d6b9c5234ff CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() 0fdfc85f28a CVE-2023-34968: mdssvc: switch to doing an early return 34f9f1b37ec CVE-2023-34968: mdssvc: remove response blob allocation 739f72a0703 CVE-2023-34968: rpcclient: remove response blob allocation 7bbaa191be6 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c 82cc2a422db CVE-2023-34968: mdscli: remove response blob allocation 3636b54616e CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob 8c95f7ae6b3 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties() b09e22cfc79 CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map 843ec381de3 CVE-2023-34968: lib: Move subdir_of() to source3/lib/util_path.c 5b4353cc60b CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key() 92d014bc44b CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key() cb6f3e22024 CVE-2023-34966: mdssvc: harden sl_unpack_loop() 01cf3cf7a83 CVE-2023-34966: CI: test for sl_unpack_loop() 2eabbe31f64 CVE-2022-2127: ntlm_auth: cap lanman response length value 5c6fe5a491b CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks 1dd3ae281b9 CVE-2022-2127: s3:winbind: Move big NTLMv2 blob checks to parent process Then branched off v-4-13-stable and started to cherry pick from 1dd3ae281b9 to 1809843614b. There were a few conflicts I had to resolve. Looking at the code in 4.16.x and 4.13.x I hopefully made the right decisions to pick hunks and produced a series of patches with "git format-patch". Attached you will find a Git-formatted patch with the necessary changes in the Makefile as will as the back-ported security fixes in EXTRA_PATCHES. Please try to reproduce the patches and check whether I have resolved the conflicts correctly. Poudriere pending...
Poudriere is happy on 12.4-RELEASE AMD64: > =>> Checking for staging violations... done > =======================<phase: package >============================ > ===== env: DEVELOPER_MODE=yes PACKAGES=/tmp/pkgs PKGREPOSITORY=/tmp/pkgs PKGLATESTREPOSITORY=/tmp/pkgs/Latest 'PKG_NOTES=build_timestamp ports_top_git_hash ports_top_checkout_unclean port_git_hash port_checkout_unclean built_by' 'PKG_NOTE_build_timestamp=2023-09-06T12:10:29+0000' 'PKG_NOTE_ports_top_git_hash=1f8d93452f0c' 'PKG_NOTE_ports_top_checkout_unclean=yes' 'PKG_NOTE_port_git_hash=1f8d93452f0c' 'PKG_NOTE_port_checkout_unclean=yes' 'PKG_NOTE_built_by=poudriere-git-3.3.99.20220831' STRICT_DEPENDS=yes USER=nobody UID=65534 GID=65534 > ===> Building package for samba413-4.13.17_6 > =========================================================================== > =>> Recording filesystem state for preinst... done > =======================<phase: install >============================ > ===== env: DEVELOPER_MODE=yes STRICT_DEPENDS=yes USER=root UID=0 GID=0 > ===> Installing for samba413-4.13.17_6 > ===> Checking if samba413 is already installed > ===> Registering installation for samba413-4.13.17_6 > [124-release-amd64-default-head] Installing samba413-4.13.17_6... > How to start: http://wiki.samba.org/index.php/Samba4/HOWTO > > * Your configuration is: /usr/local/etc/smb4.conf > > * All the relevant databases are under: /var/db/samba4 > > * All the logs are under: /var/log/samba4 > > * Provisioning script is: /usr/local/bin/samba-tool > > For additional documentation check: http://wiki.samba.org/index.php/Samba4 > > Bug reports should go to the: https://bugzilla.samba.org/ > > ===> SECURITY REPORT: > This port has installed the following files which may act as network > servers and may therefore pose a remote security risk to the system. > /usr/local/lib/samba4/private/libsamba-sockets-samba4.so > /usr/local/lib/samba4/private/libsmb-transport-samba4.so > /usr/local/bin/nmblookup > /usr/local/lib/samba4/private/libgse-samba4.so > /usr/local/lib/samba4/private/libkrb5-samba4.so.26 > /usr/local/sbin/winbindd > /usr/local/lib/samba4/private/libsmbd-base-samba4.so > /usr/local/lib/samba4/libsmbconf.so.0 > /usr/local/sbin/smbd > > If there are vulnerabilities in these programs there may be a security > risk to the system. FreeBSD makes no guarantee about the security of > ports included in the Ports Collection. Please type 'make deinstall' > to deinstall the port if this is a concern. > > For more information, and contact details about the security > status of this software, see the following webpage: > https://www.samba.org/ > =========================================================================== > =>> Checking shared library dependencies > 0x0000000000000001 NEEDED Shared library: [libCHARSET3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libHDB-SAMBA4-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libLIBWBCLIENT-OLD-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libMESSAGING-SEND-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libMESSAGING-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libaddns-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libads-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libarchive.so.13] > 0x0000000000000001 NEEDED Shared library: [libasn1-samba4.so.8] > 0x0000000000000001 NEEDED Shared library: [libasn1util-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libauth-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libauth-unix-token-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libauth4-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libauthkrb5-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libavahi-client.so.3] > 0x0000000000000001 NEEDED Shared library: [libavahi-common.so.3] > 0x0000000000000001 NEEDED Shared library: [libc.so.7] > 0x0000000000000001 NEEDED Shared library: [libcli-cldap-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcli-ldap-common-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcli-ldap-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcli-nbt-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcli-smb-common-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcli-spoolss-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcliauth-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libclidns-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcluster-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcmdline-contexts-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcmdline-credentials-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcom_err-samba4.so.0] > 0x0000000000000001 NEEDED Shared library: [libcommon-auth-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libcrypt.so.5] > 0x0000000000000001 NEEDED Shared library: [libdb-glue-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdbwrap-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-binding.so.0] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-pkt-auth-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-samba-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-server-core.so.0] > 0x0000000000000001 NEEDED Shared library: [libdcerpc-server.so.0] > 0x0000000000000001 NEEDED Shared library: [libdcerpc.so.0] > 0x0000000000000001 NEEDED Shared library: [libdfs-server-ad-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdlz-bind9-for-torture-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdnsserver-common-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdsdb-garbage-collect-tombstones-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libdsdb-module-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libevents-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libexecinfo.so.1] > 0x0000000000000001 NEEDED Shared library: [libfam.so.0] > 0x0000000000000001 NEEDED Shared library: [libflag-mapping-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libform.so.5] > 0x0000000000000001 NEEDED Shared library: [libgenrand-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libgensec-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libgnutls.so.30] > 0x0000000000000001 NEEDED Shared library: [libgpo-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libgse-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libgssapi-samba4.so.2] > 0x0000000000000001 NEEDED Shared library: [libhcrypto-samba4.so.5] > 0x0000000000000001 NEEDED Shared library: [libhdb-samba4.so.11] > 0x0000000000000001 NEEDED Shared library: [libheimbase-samba4.so.1] > 0x0000000000000001 NEEDED Shared library: [libhttp-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libhx509-samba4.so.5] > 0x0000000000000001 NEEDED Shared library: [libidmap-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libinotify.so.0] > 0x0000000000000001 NEEDED Shared library: [libinterfaces-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libiov-buf-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libjansson.so.4] > 0x0000000000000001 NEEDED Shared library: [libkdc-samba4.so.2] > 0x0000000000000001 NEEDED Shared library: [libkrb5-samba4.so.26] > 0x0000000000000001 NEEDED Shared library: [libkrb5samba-samba4.so] > 0x0000000000000001 NEEDED Shared library: [liblber.so.2] > 0x0000000000000001 NEEDED Shared library: [libldap.so.2] > 0x0000000000000001 NEEDED Shared library: [libldb-cmdline-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libldb-key-value-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libldb-mdb-int-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libldb-tdb-err-map-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libldb-tdb-int-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libldb.so.2] > 0x0000000000000001 NEEDED Shared library: [libldbsamba-samba4.so] > 0x0000000000000001 NEEDED Shared library: [liblibcli-lsa3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [liblibcli-netlogon3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [liblibsmb-samba4.so] > 0x0000000000000001 NEEDED Shared library: [liblmdb.so.0] > 0x0000000000000001 NEEDED Shared library: [libmessages-dgm-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libmessages-util-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libmscat-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libmsghdr-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libmsrpc3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libncurses.so.8] > 0x0000000000000001 NEEDED Shared library: [libndr-krb5pac.so.0] > 0x0000000000000001 NEEDED Shared library: [libndr-nbt.so.0] > 0x0000000000000001 NEEDED Shared library: [libndr-samba-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libndr-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libndr-standard.so.0] > 0x0000000000000001 NEEDED Shared library: [libndr.so.1] > 0x0000000000000001 NEEDED Shared library: [libnet-keytab-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libnetapi.so.0] > 0x0000000000000001 NEEDED Shared library: [libnetif-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libnpa-tstream-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libnss-info-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libpac-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libpam.so.6] > 0x0000000000000001 NEEDED Shared library: [libpanel.so.5] > 0x0000000000000001 NEEDED Shared library: [libpopt-samba3-cmdline-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libpopt-samba3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libpopt.so.0] > 0x0000000000000001 NEEDED Shared library: [libposix-eadb-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libprinter-driver-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libprinting-migrate-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libprocess-model-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libpyldb-util.cpython-39.so.2] > 0x0000000000000001 NEEDED Shared library: [libpytalloc-util.cpython-39.so.2] > 0x0000000000000001 NEEDED Shared library: [libpython3.9.so.1.0] > 0x0000000000000001 NEEDED Shared library: [libreadline.so.8] > 0x0000000000000001 NEEDED Shared library: [libregistry-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libreplace-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libroken-samba4.so.19] > 0x0000000000000001 NEEDED Shared library: [libsamba-cluster-support-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-credentials.so.0] > 0x0000000000000001 NEEDED Shared library: [libsamba-debug-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-errors.so.1] > 0x0000000000000001 NEEDED Shared library: [libsamba-hostconfig.so.0] > 0x0000000000000001 NEEDED Shared library: [libsamba-modules-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-net.cpython-39-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-passdb.so.0] > 0x0000000000000001 NEEDED Shared library: [libsamba-policy.cpython-39.so.0] > 0x0000000000000001 NEEDED Shared library: [libsamba-python.cpython-39-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-security-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-sockets-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamba-util.so.0] > 0x0000000000000001 NEEDED Shared library: [libsamba3-util-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamdb-common-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsamdb.so.0] > 0x0000000000000001 NEEDED Shared library: [libscavenge-dns-records-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsecrets3-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libserver-id-db-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libserver-role-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libservice-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libshares-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmb-transport-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmbclient-raw-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmbclient.so.0] > 0x0000000000000001 NEEDED Shared library: [libsmbconf.so.0] > 0x0000000000000001 NEEDED Shared library: [libsmbd-base-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmbd-shim-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmbldap.so.2] > 0x0000000000000001 NEEDED Shared library: [libsmbldaphelper-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsmbpasswdparser-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsocket-blocking-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libsunacl.so.1] > 0x0000000000000001 NEEDED Shared library: [libsys-rw-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libtalloc-report-printf-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libtalloc.so.2] > 0x0000000000000001 NEEDED Shared library: [libtasn1.so.6] > 0x0000000000000001 NEEDED Shared library: [libtdb-wrap-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libtdb.so.1] > 0x0000000000000001 NEEDED Shared library: [libtevent-util.so.0] > 0x0000000000000001 NEEDED Shared library: [libtevent.so.0] > 0x0000000000000001 NEEDED Shared library: [libthr.so.3] > 0x0000000000000001 NEEDED Shared library: [libtime-basic-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libtorture-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libtrusts-util-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libunwind-x86_64.so.8] > 0x0000000000000001 NEEDED Shared library: [libunwind.so.8] > 0x0000000000000001 NEEDED Shared library: [libutil-cmdline-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libutil-reg-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libutil-setid-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libutil-tdb-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libwbclient.so.0] > 0x0000000000000001 NEEDED Shared library: [libwinbind-client-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libwind-samba4.so.0] > 0x0000000000000001 NEEDED Shared library: [libxattr-tdb-samba4.so] > 0x0000000000000001 NEEDED Shared library: [libz.so.6] > =======================<phase: deinstall >============================ > ===== env: DEVELOPER_MODE=yes STRICT_DEPENDS=yes USER=root UID=0 GID=0 > ===> Deinstalling for samba413 > ===> Deinstalling samba413-4.13.17_6 > Updating database digests format: .......... done > Checking integrity... done (0 conflicting) > Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): > > Installed packages to be REMOVED: > samba413: 4.13.17_6 > > Number of packages to be removed: 1 > > The operation will free 83 MiB. > [124-release-amd64-default-head] [1/1] Deinstalling samba413-4.13.17_6... > [124-release-amd64-default-head] [1/1] Deleting files for samba413-4.13.17_6: .......... done > =========================================================================== > =>> Checking for extra files and directories > [00:06:12] Installing from package > [124-release-amd64-default-head] Installing samba413-4.13.17_6... > [124-release-amd64-default-head] Extracting samba413-4.13.17_6: .......... done > ===== > Message from samba413-4.13.17_6: > > -- > How to start: http://wiki.samba.org/index.php/Samba4/HOWTO > > * Your configuration is: /usr/local/etc/smb4.conf > > * All the relevant databases are under: /var/db/samba4 > > * All the logs are under: /var/log/samba4 > > * Provisioning script is: /usr/local/bin/samba-tool > > For additional documentation check: http://wiki.samba.org/index.php/Samba4 > > Bug reports should go to the: https://bugzilla.samba.org/ > [00:06:15] Cleaning up > ===> Cleaning for samba413-4.13.17_6 > [00:06:15] Deinstalling package > Updating database digests format: . done > Checking integrity... done (0 conflicting) > Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): > > Installed packages to be REMOVED: > samba413: 4.13.17_6 > > Number of packages to be removed: 1 > > The operation will free 83 MiB. > [124-release-amd64-default-head] [1/1] Deinstalling samba413-4.13.17_6... > [124-release-amd64-default-head] [1/1] Deleting files for samba413-4.13.17_6: .......... done > build of net/samba413 | samba413-4.13.17_6 ended at Wed Sep 6 14:15:49 CEST 2023 > build time: 00:05:20 > [00:06:16] Logs: /var/poudriere/data/logs/bulk/124-release-amd64-default-head/2023-09-06T14:09:33 > [00:06:16] Cleaning up > [00:06:16] Unmounting file systems
When this is applied VuXML needs to be changed to require 4.13.17_6 and not 4.13.18.
poudriere testport looks good in 13.2-RELEASE-p2 and 15.0-CURRENT jails, but I'm seeing some strange pkg-plist issues in a 12.4-RELEASE-p2 jail. These are all amd64.bb ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: bin/ecp.KtZTzUHk Error: Orphaned: bin/ecp.P7QWUOMC Error: Orphaned: bin/ecp.ecij3ggU Error: Orphaned: sbin/ecp.3yLQTR3A Error: Orphaned: sbin/ecp.8tgXAB1C Error: Orphaned: sbin/ecp.Xu9zEsL3 Error: Orphaned: sbin/ecp.i3RrFO3n Error: Orphaned: sbin/ecp.jdn4Wcca Error: Orphaned: sbin/ecp.sNl1TV2k ===> Checking for items in pkg-plist which are not in STAGEDIR ===> Error: Plist issues found. *** Error code 1 It's strange that you don't see these issues. The patch seemed to apply fine but with some whitespace warnings. % fetch -qo - "https://bugs.freebsd.org/bugzilla/attachment.cgi?id=244676" | git am Applying: net/samba413: back port security fixes from 4.16.11 .git/rebase-apply/patch:120: space before tab in indent. DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n", (unsigned long)state->pid, .git/rebase-apply/patch:121: space before tab in indent. name_domain, name_user)); .git/rebase-apply/patch:122: trailing whitespace. .git/rebase-apply/patch:135: space before tab in indent. lm_resp = data_blob_talloc(state->mem_ctx, state->request->data.auth_crap.lm_resp, .git/rebase-apply/patch:136: space before tab in indent. state->request->data.auth_crap.lm_resp_len); warning: squelched 584 whitespace errors warning: 589 lines add whitespace errors. I also asked bofh@ to also test in a 12.4 amd64 poudriere jail.
(In reply to Joseph Mingrone from comment #3) * orphan issue: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255626 * the whitespace thing is weird, need to take a look, but all patches have been done with Git...
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=fe495574527e3f97cbb57438f8c468fad8842e9d commit fe495574527e3f97cbb57438f8c468fad8842e9d Author: Michael Osipov <michael.osipov@siemens.com> AuthorDate: 2023-09-06 10:21:59 +0000 Commit: Joseph Mingrone <jrm@FreeBSD.org> CommitDate: 2023-10-02 13:15:28 +0000 net/samba413: back port security fixes from 4.16.11 The security defects addressed in these fixes are described at https://www.samba.org/samba/history/samba-4.16.11.html PR: 273595 Approved by: maintainer timeout net/samba413/Makefile | 27 +- ...winbind-Move-big-NTLMv2-blob-checks.patch (new) | 67 +++ ...bindd-Fix-WINBINDD_PAM_AUTH_CRAP-le.patch (new) | 71 +++ ...m_auth-cap-lanman-response-length-v.patch (new) | 40 ++ ...23-34966-CI-test-for-sl_unpack_loop.patch (new) | 135 ++++++ ...-34966-mdssvc-harden-sl_unpack_loop.patch (new) | 73 +++ ...-add-a-test-for-type-checking-of-da.patch (new) | 172 +++++++ ...ssvc-add-type-checking-to-dalloc_va.patch (new) | 120 +++++ ...-add-a-test-for-type-checking-of-da.patch (new) | 17 + ...ssvc-add-type-checking-to-dalloc_va.patch (new) | 16 + ...b-Move-subdir_of-to-source3-lib-uti.patch (new) | 101 +++++ ...ssvc-cache-and-reuse-stat-info-in-s.patch (new) | 93 ++++ ...ssvc-add-missing-kMDSStoreMetaScope.patch (new) | 34 ++ ...scli-use-correct-TALLOC-memory-cont.patch (new) | 60 +++ ...scli-remove-response-blob-allocatio.patch (new) | 86 ++++ ...btorture-remove-response-blob-alloc.patch (new) | 77 ++++ ...cclient-remove-response-blob-alloca.patch (new) | 53 +++ ...ssvc-remove-response-blob-allocatio.patch (new) | 45 ++ ...ssvc-switch-to-doing-an-early-retur.patch (new) | 57 +++ ...ssvc-introduce-an-allocating-wrappe.patch (new) | 456 +++++++++++++++++++ ...-mdscli-return-share-relative-paths.patch (new) | 504 +++++++++++++++++++++ ...968-mdssvc-return-a-fake-share-path.patch (new) | 222 +++++++++ 22 files changed, 2524 insertions(+), 2 deletions(-)
Committed. Thanks.
Needs vuxml update (as mentioned in comment 2). See bug 274392
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7494968ff838521e8fa52cbb0148ff5893450a6b commit 7494968ff838521e8fa52cbb0148ff5893450a6b Author: Joseph Mingrone <jrm@FreeBSD.org> AuthorDate: 2023-10-13 20:09:54 +0000 Commit: Joseph Mingrone <jrm@FreeBSD.org> CommitDate: 2023-10-13 20:18:08 +0000 security/vuxml: Update version range for samba413 vulnerabilities Security fixes were back-ported from Samba 4.6.11 to samba413-4.13.17_6 in fe495574527e3f97cbb57438f8c468fad8842e9d. PR: 273595 Sponsored by: The FreeBSD Foundation security/vuxml/vuln/2023.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(In reply to commit-hook from comment #8) Thank you.