GNU bug report logs -
#43553
[PATCH] gnu: samba: Update to 4.12.7 [security fixes].
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 43553 in the body.
You can then email your comments to 43553 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#43553; Package
guix-patches.
(Mon, 21 Sep 2020 19:03:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Pierre Langlois <pierre.langlois <at> gmx.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 21 Sep 2020 19:03:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello Guix!
I was just looking into fixing a Samba build issue for AArch64 (another
patch incoming :-) ). But noticed the package was out-of-date and there
were multiple CVEs fixes since then.
OK to commit?
I suppose this is trivial enough that I should be able to just push this
without asking first, right? I wasn't yet feeling confident enough with
my powers to do that just yet :-).
Thanks,
Pierre
[signature.asc (application/pgp-signature, inline)]
[0001-gnu-samba-Update-to-4.12.7-security-fixes.patch (text/x-patch, inline)]
From 8c61bd537da8f10c83e1e8e5718fbc2d3d874d1a Mon Sep 17 00:00:00 2001
From: Pierre Langlois <pierre.langlois <at> gmx.com>
Date: Mon, 21 Sep 2020 19:50:08 +0100
Subject: [PATCH] gnu: samba: Update to 4.12.7 [security fixes].
Fixes CVE-2020-1472 with 4.12.7.
Fixes CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303
with 4.12.4.
* gnu/packages/samba.org (samba): Update to 4.12.7.
---
gnu/packages/samba.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 84e389340b..c04426c49c 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2018, 2019, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2018 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2019 Rutger Helling <rhelling <at> mykolab.com>
+;;; Copyright © 2020 Pierre Langlois <pierre.langlois <at> gmx.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -173,14 +174,14 @@ external dependencies.")
(define-public samba
(package
(name "samba")
- (version "4.12.3")
+ (version "4.12.7")
(source
(origin
(method url-fetch)
(uri (string-append "https://download.samba.org/pub/samba/stable/"
"samba-" version ".tar.gz"))
(sha256
- (base32 "09w7aap1cjc41ayhaksm1igc7p7gl40fad4a1l6q4ds9a2jbrb9z"))
+ (base32 "1lkgih0vrarf5zy6chspkwarqdylzwr63nxr3qjkpazrs86nlm9h"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.28.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#43553; Package
guix-patches.
(Mon, 21 Sep 2020 19:38:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 43553 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Sep 21, 2020 at 08:02:03PM +0100, Pierre Langlois wrote:
> Hello Guix!
>
> I was just looking into fixing a Samba build issue for AArch64 (another
> patch incoming :-) ). But noticed the package was out-of-date and there
> were multiple CVEs fixes since then.
>
> OK to commit?
>
> I suppose this is trivial enough that I should be able to just push this
> without asking first, right? I wasn't yet feeling confident enough with
> my powers to do that just yet :-).
>
> Thanks,
> Pierre
>
Yeah, you can just go ahead and push it. Everything looks good.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Pierre Langlois <pierre.langlois <at> gmx.com>:
You have taken responsibility.
(Mon, 21 Sep 2020 19:48:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Pierre Langlois <pierre.langlois <at> gmx.com>:
bug acknowledged by developer.
(Mon, 21 Sep 2020 19:48:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 43553-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Efraim Flashner writes:
> On Mon, Sep 21, 2020 at 08:02:03PM +0100, Pierre Langlois wrote:
>> Hello Guix!
>>
>> I was just looking into fixing a Samba build issue for AArch64 (another
>> patch incoming :-) ). But noticed the package was out-of-date and there
>> were multiple CVEs fixes since then.
>>
>> OK to commit?
>>
>> I suppose this is trivial enough that I should be able to just push this
>> without asking first, right? I wasn't yet feeling confident enough with
>> my powers to do that just yet :-).
>>
>> Thanks,
>> Pierre
>>
>
> Yeah, you can just go ahead and push it. Everything looks good.
Awesome, pushed with a2b25890ee37c017bc77a6b923577f258fa3fba0 !
Thanks,
Pierre
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 20 Oct 2020 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 189 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.