This one kinda fell through the cracks (published on Nov 9). Sorry about that. Release notes:
https://www.samba.org/samba/history/samba-4.15.2.html o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/security/CVE-2020-25717.html (PLEASE READ! There are important behaviour changes described) o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC. https://www.samba.org/samba/security/CVE-2020-25718.html o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets. https://www.samba.org/samba/security/CVE-2020-25719.html o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). https://www.samba.org/samba/security/CVE-2020-25721.html o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored. https://www.samba.org/samba/security/CVE-2020-25722.html o CVE-2021-3738: Use after free in Samba AD DC RPC server. https://www.samba.org/samba/security/CVE-2021-3738.html o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability. https://www.samba.org/samba/security/CVE-2021-23192.html Tests / oks welcome. Index: Makefile =================================================================== RCS file: /cvs/ports/net/samba/Makefile,v retrieving revision 1.304 diff -u -p -r1.304 Makefile --- Makefile 2 Nov 2021 00:01:52 -0000 1.304 +++ Makefile 19 Nov 2021 13:12:20 -0000 @@ -1,12 +1,9 @@ # $OpenBSD: Makefile,v 1.304 2021/11/02 00:01:52 sthen Exp $ -VERSION = 4.15.0 +VERSION = 4.15.2 DISTNAME = samba-${VERSION} EPOCH = 0 -REVISION-main = 0 -REVISION-ldb = 0 -REVISION-tevent = 0 -REVISION-util = 0 +REVISION-tevent = 1 COMMENT-main = SMB and CIFS client and server for UNIX COMMENT-ldb = LDAP-like embedded database @@ -22,10 +19,10 @@ PKGNAME-docs = samba-docs-${VERSION} PKG_ARCH-docs = * -LDB_V = 2.4.0 +LDB_V = 2.4.1 TEVENT_V = 0.11.0 -SHARED_LIBS = asn1-samba4 1.0 \ +SHARED_LIBS = asn1-samba4 2.0 \ com_err-samba4 1.0 \ dcerpc 1.0 \ dcerpc-binding 4.0 \ @@ -38,21 +35,21 @@ SHARED_LIBS = asn1-samba4 1.0 \ heimntlm-samba4 1.0 \ hx509-samba4 1.0 \ kdc-samba4 1.0 \ - krb5-samba4 1.0 \ + krb5-samba4 1.1 \ ldb 2.0 \ ndr 3.0 \ - ndr-krb5pac 1.0 \ + ndr-krb5pac 1.1 \ ndr-nbt 1.0 \ ndr-standard 4.0 \ netapi 3.1 \ roken-samba4 1.0 \ samba-credentials 1.1 \ samba-errors 2.1 \ - samba-hostconfig 8.0 \ + samba-hostconfig 9.0 \ samba-passdb 3.0 \ samba-util 7.0 \ - samdb 1.0 \ - smbclient 6.0 \ + samdb 2.0 \ + smbclient 6.1 \ smbconf 10.0 \ smbldap 1.0 \ tevent 2.0 \ Index: distinfo =================================================================== RCS file: /cvs/ports/net/samba/distinfo,v retrieving revision 1.87 diff -u -p -r1.87 distinfo --- distinfo 18 Oct 2021 12:25:20 -0000 1.87 +++ distinfo 19 Nov 2021 13:12:20 -0000 @@ -1,2 +1,2 @@ -SHA256 (samba-4.15.0.tar.gz) = sfNHCDhiMVYoNzPmKV9JzWrkSn5hu5w0YxXR5mjSRkA= -SIZE (samba-4.15.0.tar.gz) = 18895040 +SHA256 (samba-4.15.2.tar.gz) = YoHXxqjEn3mQqfJJpmeEs1GA/iSVV+8RR82KbRZqIRM= +SIZE (samba-4.15.2.tar.gz) = 19252338 Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v retrieving revision 1.58 diff -u -p -r1.58 PLIST-main --- pkg/PLIST-main 18 Oct 2021 12:25:20 -0000 1.58 +++ pkg/PLIST-main 19 Nov 2021 13:12:20 -0000 @@ -621,6 +621,8 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}domain_backup_offline.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb_api.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb_api.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb_dns.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb_dns.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}dsdb_lock.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -657,6 +659,10 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_raw.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_referrals.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_referrals.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_spn.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_spn.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_upn_sam_account.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}ldap_upn_sam_account.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}libsmb.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}libsmb.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/${MODPY_PYCACHE}loadparm.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -932,6 +938,7 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/domain_backup.py lib/python${MODPY_VERSION}/site-packages/samba/tests/domain_backup_offline.py lib/python${MODPY_VERSION}/site-packages/samba/tests/dsdb.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/dsdb_api.py lib/python${MODPY_VERSION}/site-packages/samba/tests/dsdb_dns.py lib/python${MODPY_VERSION}/site-packages/samba/tests/dsdb_lock.py lib/python${MODPY_VERSION}/site-packages/samba/tests/dsdb_schema_attributes.py @@ -977,6 +984,8 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/kcc/ldif_import_export.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/ ${MODPY_COMMENT}lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}/ +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}alias_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}alias_tests.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}as_canonicalization_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}as_canonicalization_tests.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}as_req_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} @@ -1001,20 +1010,29 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}rfc4120_constants.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}rfc4120_pyasn1.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}rfc4120_pyasn1.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}rodc_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}rodc_tests.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}s4u_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}s4u_tests.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}salt_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}salt_tests.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}simple_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}simple_tests.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}spn_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}spn_tests.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_ccache.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_ccache.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_ldap.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_ldap.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_min_domain_uid.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_min_domain_uid.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_rpc.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_rpc.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_smb.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}test_smb.${MODPY_PYC_MAGIC_TAG}pyc lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}xrealm_tests.${MODPY_PYC_MAGIC_TAG}${MODPY_PYOEXTENSION} lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/${MODPY_PYCACHE}xrealm_tests.${MODPY_PYC_MAGIC_TAG}pyc +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/alias_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/as_canonicalization_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/as_req_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/compatability_tests.py @@ -1027,16 +1045,22 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/raw_testcase.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/rfc4120_constants.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/rfc4120_pyasn1.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/rodc_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/s4u_tests.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/salt_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/simple_tests.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/spn_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/test_ccache.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/test_ldap.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/test_min_domain_uid.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/test_rpc.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/test_smb.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5/xrealm_tests.py lib/python${MODPY_VERSION}/site-packages/samba/tests/krb5_credentials.py lib/python${MODPY_VERSION}/site-packages/samba/tests/ldap_raw.py lib/python${MODPY_VERSION}/site-packages/samba/tests/ldap_referrals.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/ldap_spn.py +lib/python${MODPY_VERSION}/site-packages/samba/tests/ldap_upn_sam_account.py lib/python${MODPY_VERSION}/site-packages/samba/tests/libsmb.py lib/python${MODPY_VERSION}/site-packages/samba/tests/loadparm.py lib/python${MODPY_VERSION}/site-packages/samba/tests/lsa_string.py -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
