From ee13d4533dab262437c97192c0a2174b27b989ff Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Thu, 12 Oct 2023 19:56:11 +0800 Subject: [PATCH] samba: upgrade 4.18.6 -> 4.18.8 This is a security release in order to address the following defects: CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html Release Notes: https://www.samba.org/samba/history/samba-4.18.8.html Signed-off-by: Yi Zhao Signed-off-by: Khem Raj (cherry picked from commit f674a9d4f9feb3afecdc81f4bced5469edc3bc71) Signed-off-by: Armin Kuster --- .../samba/{samba_4.18.6.bb => samba_4.18.8.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/samba/{samba_4.18.6.bb => samba_4.18.8.bb} (99%) diff --git a/meta-networking/recipes-connectivity/samba/samba_4.18.6.bb b/meta-networking/recipes-connectivity/samba/samba_4.18.8.bb similarity index 99% rename from meta-networking/recipes-connectivity/samba/samba_4.18.6.bb rename to meta-networking/recipes-connectivity/samba/samba_4.18.8.bb index c40e102245..1ded9fe5ee 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.18.6.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.18.8.bb @@ -32,7 +32,7 @@ SRC_URI:append:libc-musl = " \ file://cmocka-uintptr_t.patch \ " -SRC_URI[sha256sum] = "284c8a994ce989c87cd6808c390fcb9d00c36b21a0dc1a8a75474b67c9e715e7" +SRC_URI[sha256sum] = "4fb87bceaeb01d832a59046c197a044b7e8e8000581548b5d577a6cda03344d1" UPSTREAM_CHECK_REGEX = "samba\-(?P4\.18(\.\d+)+).tar.gz"