From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8NgaOgn5aF+NAwAA0tVLHw (envelope-from ) for ; Mon, 21 Sep 2020 19:03:37 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id AFHnNQn5aF/OYgAAbx9fmQ (envelope-from ) for ; Mon, 21 Sep 2020 19:03:37 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ED869940365 for ; Mon, 21 Sep 2020 19:03:36 +0000 (UTC) Received: from localhost ([::1]:58938 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kKR66-00026k-7q for larch@yhetil.org; Mon, 21 Sep 2020 15:03:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36760) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kKR5a-00026W-QA for guix-patches@gnu.org; Mon, 21 Sep 2020 15:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44665) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kKR5a-00028d-HT for guix-patches@gnu.org; Mon, 21 Sep 2020 15:03:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kKR5a-0007bQ-DT for guix-patches@gnu.org; Mon, 21 Sep 2020 15:03:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43553] [PATCH] gnu: samba: Update to 4.12.7 [security fixes]. Resent-From: Pierre Langlois Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 21 Sep 2020 19:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 43553 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 43553@debbugs.gnu.org X-Debbugs-Original-To: Guix-patches Received: via spool by submit@debbugs.gnu.org id=B.160071493827932 (code B ref -1); Mon, 21 Sep 2020 19:03:02 +0000 Received: (at submit) by debbugs.gnu.org; 21 Sep 2020 19:02:18 +0000 Received: from localhost ([127.0.0.1]:56211 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kKR4n-0007Cf-GR for submit@debbugs.gnu.org; Mon, 21 Sep 2020 15:02:18 -0400 Received: from lists.gnu.org ([209.51.188.17]:53478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kKR4l-0007B3-Ic for submit@debbugs.gnu.org; Mon, 21 Sep 2020 15:02:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36446) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kKR4l-00021R-9x for guix-patches@gnu.org; Mon, 21 Sep 2020 15:02:11 -0400 Received: from mout.gmx.net ([212.227.15.19]:59229) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kKR4i-00022S-Ef for guix-patches@gnu.org; Mon, 21 Sep 2020 15:02:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1600714924; bh=abguCsfgij8Fo0eDZpSkJUg10yuKL3NKqPTSKXz3tRc=; h=X-UI-Sender-Class:From:To:Subject:Date; b=afT3W0TV145cJ5CHQixqnfRFC0TnxpjcGbwaZZufrzvZJiQdTtAwc9euteAtvpFMf bNYWB5m6h0LDSO8Ob938mHdbKEoisPVJPAE8GBzlYbbnYEcETDhvQOTIYxL4/n5DUq 2848SaUxOb+HR5a0kR+obzJsFm0FkRi/dM3/pzkY= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from labiere ([82.69.64.142]) by mail.gmx.com (mrgmx005 [212.227.17.184]) with ESMTPSA (Nemesis) id 1N3siA-1kSzhE1pL6-00zrcw for ; Mon, 21 Sep 2020 21:02:04 +0200 User-agent: mu4e 1.4.13; emacs 27.1 From: Pierre Langlois Date: Mon, 21 Sep 2020 20:02:03 +0100 Message-ID: <87wo0nuf6c.fsf@gmx.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Provags-ID: V03:K1:Xn3o5kgV0nCNb9Y4g5N6x9zisdRoJNjfhfLVHdqLI2OIlH2OUkN cFydoa9topTopMpJcJ3ItglAwoxaINFaovsMRHr4JCPj+4nE+KqXl1snj1h/60o9E/Ybov2 PmYbobGMO0HhoI4IxBky9crtvUD/tURbDtMcHUq9jdha0najxMcgAHzx/2r3HRJr3YPUdne +2DYO8pXxCRNyVD/hipwA== X-UI-Out-Filterresults: notjunk:1;V03:K0:cx+OEdGaK3A=:1nzj6Iq1erz0S2BxK5jNNk 6E47S6YguJ7uI/d06cEI8ro148PKq6N88uiap4RUo5kDcY61VvDl81qyt71qpqo/MlU9DSOof MhlFIhtHeKFZLX55ohd/8By9OYk6vHEgV9070gMLs9SkYkDnapkZsaSK37oCzBtZ9dJjKC3gO eGoCn3k5F0+vng7ANtmDc5/B0A/qHdAUI2XxJgZn1MP3yXIPD7EoYzuGLx92fzhLX8cNSKQwk hD+KLToxMv0Qxv2H5JcTuUsFldr8MS4O780n5aANqaiwuGbfaUxgvHJrkJuianKpVeQCtxAr3 4gjwMoFNONaxJKar4B7VIxgOBYqPTZRZaZ2wale/LKnQGJ/O6DqEwdrinKG/0yYhqSQc6H4Dd cxmFQTjZ8hseOriecIKLDd1Wni8oVD7gXPxrebluvZ+abpw2PLRLZv0YFq4wsS93vtQ740Dgd eLlD0kc2nikoFEHfeJVyWWtlooFSJi5MDpvpYijL2P5m4QtAsTN6QFImAcRegBqPB2WTeZS8x 4clIzPk94zw6fi0pH/Lw7T65RYumPRmWknRF0QkiLpZgHNkI1WkPMh8N64l4Y0Cujxwl3kYkx PUc4F9djyo9imPK6Yi1ZiUeQsWoczKdYCy0TeUfgh5SquzfbuQimIw6A5V2OJfea7MY4FPttB KK359d4r2WAMx/ePO2kkqYHiPo+a+2aEqkuMRyDX2juK6GrmCwCfNRli3FujDs+Wwmsy5hc39 EQ23JZfV/ntz4ZmA0htIVMcyOqfgAFvquD5R+YvYFaaY8CAJjeoJlaaDnpzJ42+Gm+cuVCswt K2EMGqBMne65riwC8zcturrvyd1QXsbKw1O6k64gqcRJKOct15lngNgr4419jvfIoB7JgGzM7 iarjc42oEzOmC1fsxq7Z0ewvyzg1NQlnWLbNiAnKwApLRjE8k4QmF6IpGYa5ryOCqxpI75Ptz MMVECMPdNJhuNI+1WyswC2fyyLNNyVB1ztbxmtldu6lPbrNE/YCoKOewO3hfY1kkYvSA+tjBn pbNZQfZiZen9mJeY2erfe1yGSLD7UtG0VdardHkDBLqGeR00eXKFrLzwGbxmdTGXpSvKIoH0J nThc5zQhMvJq6jidtZY+X57JV84Sjz47kzOzJimaa3GjeA77wkTWJWK1lnMylQwcTZTy4C2Ee MAcKPPzJRgvV9OaTceYxUK8dp11E8TaQu5CzwhOpHDwWMC5katTHIL6otlTBGt9OA2hfswTc/ PqE2If3+Vi0h9DhgW6lgOwWV+3doeCSIZgBYF+Q== Received-SPF: pass client-ip=212.227.15.19; envelope-from=pierre.langlois@gmx.com; helo=mout.gmx.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/21 15:02:05 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.6 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.4 (--) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmx.net header.s=badeba3b8450 header.b=afT3W0TV; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -2.11 X-TUID: 0yIqHa5pF6Uy --=-=-= Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" --==-=-= Content-Type: text/plain Hello Guix! I was just looking into fixing a Samba build issue for AArch64 (another patch incoming :-) ). But noticed the package was out-of-date and there were multiple CVEs fixes since then. OK to commit? I suppose this is trivial enough that I should be able to just push this without asking first, right? I wasn't yet feeling confident enough with my powers to do that just yet :-). Thanks, Pierre --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAl9o+KsYHHBpZXJyZS5s YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31UXzIH/3tMIsUajHSIB+G3NhHHN/Lu aUG5hpuRHf2zQPLMZSoYB4N9lA5fh5dpketD5UEqeXAVEsnFkV4YsoMzhamJZit0 yLfs4CzmCZ6zCXB6S1IRzR2kgIPdhCYm7JpQhgyXTN7nJ8ywz1OjQOvHEXqEvDlZ xUk+2xiRTqWVD3pojEm0adQ2U85eiGuGUpUXPXLRmdD9Kes0M2K7hX6KDJKneBfq joYj/z1n0kbHLvwP6JgQPw54oiq2tvVAptIHE3PD99lttH0/z/fqiQtK7R54yEsO i8PF+1rqG2ID7tN4CWjwhI4uyBqhUgbltVRBIWPzOGPxtPmEnU14qrYpSWAtaw8= =Wwm9 -----END PGP SIGNATURE----- --==-=-=-- --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-samba-Update-to-4.12.7-security-fixes.patch Content-Transfer-Encoding: quoted-printable >From 8c61bd537da8f10c83e1e8e5718fbc2d3d874d1a Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Mon, 21 Sep 2020 19:50:08 +0100 Subject: [PATCH] gnu: samba: Update to 4.12.7 [security fixes]. Fixes CVE-2020-1472 with 4.12.7. Fixes CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303 with 4.12.4. * gnu/packages/samba.org (samba): Update to 4.12.7. --- gnu/packages/samba.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm index 84e389340b..c04426c49c 100644 --- a/gnu/packages/samba.scm +++ b/gnu/packages/samba.scm @@ -8,6 +8,7 @@ ;;; Copyright =C2=A9 2018, 2019, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2018 Ricardo Wurmus ;;; Copyright =C2=A9 2019 Rutger Helling +;;; Copyright =C2=A9 2020 Pierre Langlois ;;; ;;; This file is part of GNU Guix. ;;; @@ -173,14 +174,14 @@ external dependencies.") (define-public samba (package (name "samba") - (version "4.12.3") + (version "4.12.7") (source (origin (method url-fetch) (uri (string-append "https://download.samba.org/pub/samba/stable/" "samba-" version ".tar.gz")) (sha256 - (base32 "09w7aap1cjc41ayhaksm1igc7p7gl40fad4a1l6q4ds9a2jbrb9z")) + (base32 "1lkgih0vrarf5zy6chspkwarqdylzwr63nxr3qjkpazrs86nlm9h")) (modules '((guix build utils))) (snippet '(begin --=20 2.28.0 --=-=-=--