samba-4.20.0 (and add --with-system-mitkrb5, recommend krb5 dependency)

[Bruce Dubbs]

New minor version.

[Rahul Chandra]

​https://www.samba.org/samba/history/samba-4.20.0.html

[Rahul Chandra]

It mentions CVE-2022-37967 because it is forcing samba to be built with a newer version of Kerberos. I don't think this needs a new Security Advisory as even current versions of Samba built against mitkrb 1.21.X have the fix.

[Tim Tassonis]

Any news here?

[Tim Tassonis]

Seems, it needs a system kerberos. I only got the client libs (krb5 and gssapi), is that not enough?

[Xi Ruoyao]

Replying to Rahul Chandra:

It mentions CVE-2022-37967 because it is forcing samba to be built with a newer version of Kerberos. I don't think this needs a new Security Advisory as even current versions of Samba built against mitkrb 1.21.X have the fix.

Oops, it's building an internal copy of krb5 w/o --with-system-mitkrb5 so we are vulnerable.

I'd suggest to add --with-system-mitkrb5 into the book and raise krb5 to recommended (it will also save some building time). It works for me but not Tim (see the blfs-dev discuss, let's wait for Tim's response).

[Tim Tassonis]

OK, I can happily confirm that, after fixing my MIT Kerberos V5 build, I now successfully built samba 4.20.0 against it.

I have not made any extensive tests, but a very simple server runs and the smbclient cann connect to it.

[Tim Tassonis]

Gonna build and install it now on my main (private) LDAP based Fileserver/Torrent Download Directory and use it a little, can always revert.

[Rahul Chandra]

Fixed @
2a406a80d09225e7b9f316a1dcfe0dd881d0e74c - Update to node.js-20.12.1
995d8944b59459835ce51e65dfd10573c3a7ad75 - Update to samba-4.20.0
b759af786bac343cff0d53b398c18eacdbbd0c72 - Update to mesa-24.0.4