From patchwork Tue Mar 13 17:30:59 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Baruch Siach <baruch@tkos.co.il>
X-Patchwork-Id: 885327
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.136; helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=tkos.co.il
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40122c5tqLz9sSn
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Wed, 14 Mar 2018 04:31:20 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id EC6722C8FA;
	Tue, 13 Mar 2018 17:31:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id KXSmI5keW4lr; Tue, 13 Mar 2018 17:31:14 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id C64CD26EB3;
	Tue, 13 Mar 2018 17:31:14 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id B346C1C05B5
	for <buildroot@lists.busybox.net>;
	Tue, 13 Mar 2018 17:31:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id AFD9A883A9
	for <buildroot@lists.busybox.net>;
	Tue, 13 Mar 2018 17:31:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id qJOjSB0msyWo for <buildroot@lists.busybox.net>;
	Tue, 13 Mar 2018 17:31:12 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx.tkos.co.il (guitar.tcltek.co.il [192.115.133.116])
	by whitealder.osuosl.org (Postfix) with ESMTPS id A37D5883A2
	for <buildroot@busybox.net>; Tue, 13 Mar 2018 17:31:12 +0000 (UTC)
Received: from tarshish.tkos.co.il (unknown [10.0.8.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mx.tkos.co.il (Postfix) with ESMTPSA id DC4BB4402B5;
	Tue, 13 Mar 2018 19:31:09 +0200 (IST)
From: Baruch Siach <baruch@tkos.co.il>
To: buildroot@busybox.net
Date: Tue, 13 Mar 2018 19:30:59 +0200
Message-Id: 
 <7e46c960480c6cbe00fab7113c6adfd7365032ff.1520962259.git.baruch@tkos.co.il>
X-Mailer: git-send-email 2.16.1
Subject: [Buildroot] [PATCH] samba4: security bump to version 4.7.6
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.24
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

CVE-2018-1050: Vulnerability to a denial of service attack when the RPC
spoolss service is configured to be run as an external daemon.

https://www.samba.org/samba/security/CVE-2018-1050.html

CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

https://www.samba.org/samba/security/CVE-2018-1057.html

Add clnt_create() test result to cache to fix cross configure breakage.

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/samba4/samba4-cache.txt | 1 +
 package/samba4/samba4.hash      | 5 +++--
 package/samba4/samba4.mk        | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/package/samba4/samba4-cache.txt b/package/samba4/samba4-cache.txt
index 4a6471dd7a7a..0485f0dbb180 100644
--- a/package/samba4/samba4-cache.txt
+++ b/package/samba4/samba4-cache.txt
@@ -38,3 +38,4 @@ Checking value of _NSIG: "65"
 Checking value of SIGRTMAX: "64"
 Checking value of SIGRTMIN: "34"
 Checking errno of iconv for illegal multibyte sequence: "0"
+checking for clnt_create(): OK
diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash
index 28765440d130..dddd132d246d 100644
--- a/package/samba4/samba4.hash
+++ b/package/samba4/samba4.hash
@@ -1,3 +1,4 @@
-# Locally calculated
-sha256 fb12d0c4452f85b67b78bbeabd4c762d8feb8ff83e39d044d285120c2c488247  samba-4.7.4.tar.gz
+# Locally calculated after checking pgp signature
+# https://download.samba.org/pub/samba/stable/samba-4.7.6.tar.asc
+sha256 1eede30fc8ef6504e24602fb72b00baa0a7b73b59f16d25cb0771dc8c7c57d6e  samba-4.7.6.tar.gz
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk
index 6f3207fb6416..ada03c024f96 100644
--- a/package/samba4/samba4.mk
+++ b/package/samba4/samba4.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.7.4
+SAMBA4_VERSION = 4.7.6
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES