Summary: | net-fs/samba 3.0.30 missing in portage | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Huemi <gentoobugs> |
Component: | New packages | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Huemi
2008-05-30 07:51:24 UTC
Actually the most important reason to use samba 3.0.30 is fix for CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched: http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch This bug was originally introduced in Samba 2.2.4 so ALL versions in portage are affected. (In reply to comment #1) > Actually the most important reason to use samba 3.0.30 is fix for > CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched: > http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch > > This bug was originally introduced in Samba 2.2.4 so ALL versions in portage > are affected. > I believe that CVE-2008-1105.patch is applied in samba-3.0.28a-r1.ebuild However, I desperately NEED 3.0.30 in portage. I fear others may feel the squeeze. http://forums.gentoo.org/viewtopic-t-694503-highlight-samba.html For anyone else, I have made a modified ebuid, similar to what is described at http://bugs.gentoo.org/show_bug.cgi?id=212955#c7 as a stop-gap. Incase portage is not updated. Yes, the security issue is handled with 3.0.28a-r1. Bumped. Please wait a couple of hours & resync. Will take the usual 30 days until it shows up in stable. (In reply to comment #4) > Yes, the security issue is handled with 3.0.28a-r1. > Bumped. Please wait a couple of hours & resync. > Will take the usual 30 days until it shows up in stable. > Haven't these 30 days passed yet? There is still no newer stable version in portage than 3.0.28a-r1. Event 3.0.31 has been in portage longer than 30 days, and I can't find any bug reports on it, so shouldn't that one be marked stable too? Well, we do not have automatic stabilization but it must be requested. I opened bug #237913 for that. Thanks for letting me know. |