samba-4.18.5

[Bruce Dubbs]

New point version.

[Xi Ruoyao]

Changes since 4.18.3

---

o Douglas Bagnall <douglas.bagnall@…>

• BUG 15404: Backport --pidl-developer fixes.

o Samuel Cabrero <scabrero@…>

• BUG 14030: Named crashes on DLZ zone update.

o Björn Jacke <bj@…>

• BUG 2312: smbcacls and smbcquotas do not check before the server.

o Volker Lendecke <vl@…>

• BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
• BUG 15391: smbclient leaks fds with showacls.
• BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.

o Stefan Metzmacher <metze@…>

• BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts.

o Noel Power <noel.power@…>

• BUG 15384: net ads lookup (with unspecified realm) fails.

o Christof Schmitt <cs@…>

• BUG 15381: Register Samba processes with GPFS.

o Andreas Schneider <asn@…>

• BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation).
• BUG 15398: The winbind child segfaults when listing users with `winbind scan trusted domains = yes`.

o Jones Syue <jonessyue@…>

• BUG 15383: Remove comments about deprecated 'write cache size'.
• BUG 15403: smbget memory leak if failed to download files recursively.

[Xi Ruoyao]

Is the CPPFLAGS and LDFLAGS still needed? config.log contains:

Checking for libtirpc headers
['/usr/bin/pkg-config', '--cflags', '--libs', 'libtirpc']
out: -I/usr/include/tirpc -ltirpc

So they seem automatically picked.

[Douglas R. Reno]

A new Samba is coming tomorrow with a variety of security fixes. Let's wait on that update until then.

[Douglas R. Reno]

Now 4.18.5

[Douglas R. Reno]

                   ==============================
                   Release Notes for Samba 4.18.5
                           July 19, 2023
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                  crafted request can trigger an out-of-bounds read in winbind
                  and possibly crash it.
                  https://www.samba.org/samba/security/CVE-2022-2127.html

o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                  "server signing = required" or for SMB2 connections to Domain
                  Controllers where SMB2 packet signing is mandatory.
                  https://www.samba.org/samba/security/CVE-2023-3347.html

o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                  Spotlight can be triggered by an unauthenticated attacker by
                  issuing a malformed RPC request.
                  https://www.samba.org/samba/security/CVE-2023-34966.html

o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                  Spotlight can be used by an unauthenticated attacker to
                  trigger a process crash in a shared RPC mdssvc worker process.
                  https://www.samba.org/samba/security/CVE-2023-34967.html

o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                  side absolute path of shares and files and directories in
                  search results.
                  https://www.samba.org/samba/security/CVE-2023-34968.html


Changes since 4.18.4
--------------------

o  Ralph Boehme <slow@samba.org>
   * BUG 15072: CVE-2022-2127.
   * BUG 15340: CVE-2023-34966.
   * BUG 15341: CVE-2023-34967.
   * BUG 15388: CVE-2023-34968.
   * BUG 15397: CVE-2023-3347.

o  Volker Lendecke <vl@samba.org>
   * BUG 15072: CVE-2022-2127.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.

[Douglas R. Reno]

Fixed at 030dc9f97c50067d65f266704a5b653681e46d16

SA-11.3-060 issued

[Bruce Dubbs]

Milestone renamed