Summary: | <net-fs/samba-{4.16.11,4.17.10,4.18.5}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Krzysztof Olędzki <ole+gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ajak, hydrapolic, joakim.tjernlund |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=914842 https://bugs.gentoo.org/show_bug.cgi?id=915556 |
||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 915562 | ||
Bug Blocks: |
Description
Krzysztof Olędzki
2023-07-21 00:46:45 UTC
Regarding 4.17, some of the discussion is here: https://bugs.gentoo.org/910334#c5 (and below) If it helps, for 4.17 we can just re-use https://gitweb.gentoo.org/repo/gentoo.git/plain/net-fs/samba/samba-4.17.8.ebuild?id=d1e7521fb883fa4dd2d65487fdffda4903bd0d4a give no additional patches are needed. Optionally, if we want it to be as much similar as possible with the 4.18 one, we can change: -PYTHON_COMPAT=( python3_{10..11} ) +PYTHON_COMPAT=( python3_{9..11} ) and: PATCHES=( - "${FILESDIR}"/${PN}-4.4.0-pam.patch - "${FILESDIR}"/${PN}-4.16.1-netdb-defines.patch - "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch + "${FILESDIR}/${PN}-4.4.0-pam.patch" + "${FILESDIR}/${PN}-4.16.1-netdb-defines.patch" + "${FILESDIR}/ldb-2.5.2-skip-wav-tevent-check.patch" ) If you want, I can attach the samba-4.17.10.ebuild build file. I have been running 4.17.10 on both i386 and x86_64 for several hours, they also complied without problems. No testing for 4.18.5, yet. Also, I have no interest in 4.16 but mentioned it for the completes given it is still in the tree and [1] suggests we still have 2-3 months before it reaches EOL. [1] https://wiki.samba.org/index.php/Samba_Release_Planning#General_information Sorry, inverted my diff - the correct one: -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..11} ) PATCHES=( - "${FILESDIR}/${PN}-4.4.0-pam.patch" - "${FILESDIR}/${PN}-4.16.1-netdb-defines.patch" - "${FILESDIR}/ldb-2.5.2-skip-wav-tevent-check.patch" + "${FILESDIR}"/${PN}-4.4.0-pam.patch + "${FILESDIR}"/${PN}-4.16.1-netdb-defines.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch ) ping ? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=535bf0b4ef4a2f4b0908478b98b5db29832fc0f1 commit 535bf0b4ef4a2f4b0908478b98b5db29832fc0f1 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2023-08-11 14:12:44 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2023-08-11 14:13:10 +0000 net-fs/samba: add 4.18.5 Bug: https://bugs.gentoo.org/910606 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.18.5.ebuild | 383 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 384 insertions(+) What is the next step here? Note that while we now have both samba-4.18.5 and samba-4.18.6, samba-4.18.4 is the last "stable" ebuild and is impacted by all the security issues mentioned in the subject. Also, samba-4.18.7 (not yet in portage) is the first "usable" 4.18 version for many users, see https://bugs.gentoo.org/914842 The target for stabilization should be samba-4.18.8, see https://bugs.gentoo.org/915556 (In reply to Krzysztof Olędzki from comment #5) > What is the next step here? > For security bugs, please file them in Gentoo Security -> Vulnerabilities. They will then be closed once stabilisation is done and a GLSA is issued if appropriate. Filing bugs in the 'Current packages' component leads to ambiguity because after the bump, is it done or not? And it means we don't have any sort of tracking for missing stables. > Note that while we now have both samba-4.18.5 and samba-4.18.6, samba-4.18.4 > is the last "stable" ebuild and is impacted by all the security issues > mentioned in the subject. > > Also, samba-4.18.7 (not yet in portage) is the first "usable" 4.18 version > for many users, see https://bugs.gentoo.org/914842 Please do consider reviewing the documentation at e.g. https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers/User_Guide#Proxied_maintainer_in_metadata.xml and adopting Samba. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9df376ebb50854c82bdbbc1e4f71d408e449fc54 commit 9df376ebb50854c82bdbbc1e4f71d408e449fc54 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-19 06:05:38 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-02-19 06:10:22 +0000 [ GLSA 202402-28 ] Samba: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/891267 Bug: https://bugs.gentoo.org/910606 Bug: https://bugs.gentoo.org/915556 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202402-28.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) |