package/samba4: security bump to version 4.8.4
authorBernd Kuhls <bernd.kuhls@t-online.de>
Wed, 15 Aug 2018 05:23:00 +0000 (07:23 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Fri, 24 Aug 2018 21:04:41 +0000 (23:04 +0200)
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html

Fixes

o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
o  CVE-2018-10858 (Insufficient input validation on client directory
                   listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
                   server.)

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/samba4/samba4.hash
package/samba4/samba4.mk

index 4b1b1218ac0b2be5e4b7a6eaaba04c2113b07689..00c8466078b3af1cbe3e8874ceb897b0876d9ca4 100644 (file)
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://download.samba.org/pub/samba/stable/samba-4.8.3.tar.asc
-sha256 e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed  samba-4.8.3.tar.gz
+# https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.asc
+sha256 f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406  samba-4.8.4.tar.gz
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
index 52d59ffeb9de72fdb26aa62b6ce2e3823a872041..03ef6eeeb0e6157a86319d7bacbb3c66efc17d1e 100644 (file)
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.8.3
+SAMBA4_VERSION = 4.8.4
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES