Skip to content

samba: 4.15.3 -> 4.15.5#157709

Merged
bachp merged 1 commit intoNixOS:stagingfrom
mweinelt:samba
Feb 1, 2022
Merged

samba: 4.15.3 -> 4.15.5#157709
bachp merged 1 commit intoNixOS:stagingfrom
mweinelt:samba

Conversation

@mweinelt
Copy link
Member

@mweinelt mweinelt commented Feb 1, 2022
edited by bachp
Loading

Motivation for this change

https://www.openwall.com/lists/oss-security/2022/02/01/1

This is a security release in order to address the following defects:

o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html

o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html

o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@mweinelt mweinelt added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-21.11 labels Feb 1, 2022
@mweinelt
Copy link
Member Author

mweinelt commented Feb 1, 2022

The samba NixOS test still completes for me.

/nix/store/jc8n23k6ain055imd3g3fsz2cdpzm35z-vm-test-run-samba

bachp
bachp approved these changes Feb 1, 2022
View reviewed changes
Copy link
Member

@bachp bachp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sucessfully deployed and tested

@bachp bachp merged commit 7da384c into NixOS:staging Feb 1, 2022
@mweinelt mweinelt deleted the samba branch February 1, 2022 17:11
@bachp bachp mentioned this pull request Feb 1, 2022
Merged
@github-actions github-actions bot mentioned this pull request Feb 1, 2022
Closed
1 task
@github-actions
Copy link
Contributor

github-actions bot commented Feb 1, 2022

Successfully created backport PR #157721 for staging-21.11.

@vcunat
Copy link
Member

vcunat commented Feb 1, 2022
edited
Loading

Any particular reason for targeting staging and not at least staging-next? I thought it's normally a relatively small rebuild, e.g. #154571

EDIT: the same applies for release-21.11 instead of staging-21.11.

@ofborg ofborg bot requested a review from aneeshusa February 1, 2022 17:59
@ofborg ofborg bot added 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux. labels Feb 1, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Feb 1, 2022

The process '/usr/bin/git' failed with exit code 1

1 similar comment
@github-actions
Copy link
Contributor

github-actions bot commented Feb 1, 2022

The process '/usr/bin/git' failed with exit code 1

@mweinelt
Copy link
Member Author

mweinelt commented Feb 1, 2022

I expected it to be larger and didn't check explicitly how many rebuilds it would cause.

We can pick the commit into master.

@mweinelt
Copy link
Member Author

mweinelt commented Feb 1, 2022

#157729

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bachp bachp bachp approved these changes

@aneeshusa aneeshusa Awaiting requested review from aneeshusa

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 101-500 This PR causes between 101 and 500 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mweinelt @vcunat @bachp