Sat Dec 17 21:14:11 UTC 2022

patches/packages/samba-4.15.13-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher. On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with. The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak. Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Note that there are several important behavior changes included in this release, which may cause compatibility problems interacting with system still expecting the former behavior. Please read the advisories of CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 carefully! For more information, see: https://www.samba.org/samba/security/CVE-2022-37966.html https://www.samba.org/samba/security/CVE-2022-37967.html https://www.samba.org/samba/security/CVE-2022-38023.html https://www.samba.org/samba/security/CVE-2022-45141.html https://www.cve.org/CVERecord?id=CVE-2022-37966 https://www.cve.org/CVERecord?id=CVE-2022-37967 https://www.cve.org/CVERecord?id=CVE-2022-38023 https://www.cve.org/CVERecord?id=CVE-2022-45141 (* Security fix *)
2024-12-27 09:59:16 +01:00 · 2022-12-17 21:14:11 +00:00 · 2022-12-17 21:14:11 +00:00 · 373b059753
commit 373b059753
parent b5eac9957b
5 changed files with 113 additions and 25 deletions
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@ -11,9 +11,57 @@
      <description>Tracking Slackware development in git.</description>
      <language>en-us</language>
      <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed, 14 Dec 2022 21:19:34 GMT</pubDate>
-      <lastBuildDate>Thu, 15 Dec 2022 12:30:40 GMT</lastBuildDate>
+      <pubDate>Sat, 17 Dec 2022 21:14:11 GMT</pubDate>
+      <lastBuildDate>Sun, 18 Dec 2022 12:29:56 GMT</lastBuildDate>
      <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Sat, 17 Dec 2022 21:14:11 GMT</title>
+         <pubDate>Sat, 17 Dec 2022 21:14:11 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20221217211411</link>
+         <guid isPermaLink="false">20221217211411</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/samba-4.15.13-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
+  Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
+  A Samba Active Directory DC will issue weak rc4-hmac session keys for
+  use between modern clients and servers despite all modern Kerberos
+  implementations supporting the aes256-cts-hmac-sha1-96 cipher.
+  On Samba Active Directory DCs and members
+  'kerberos encryption types = legacy'
+  would force rc4-hmac as a client even if the server supports
+  aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
+  This is the Samba CVE for the Windows Kerberos Elevation of Privilege
+  Vulnerability disclosed by Microsoft on Nov 8 2022.
+  A service account with the special constrained delegation permission
+  could forge a more powerful ticket than the one it was presented with.
+  The "RC4" protection of the NetLogon Secure channel uses the same
+  algorithms as rc4-hmac cryptography in Kerberos, and so must also be
+  assumed to be weak.
+  Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
+  was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed
+  that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue
+  rc4-hmac encrypted tickets despite the target server supporting better
+  encryption (eg aes256-cts-hmac-sha1-96).
+  Note that there are several important behavior changes included in this
+  release, which may cause compatibility problems interacting with system
+  still expecting the former behavior.
+  Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
+  CVE-2022-38023 carefully!
+  For more information, see:
+    https://www.samba.org/samba/security/CVE-2022-37966.html
+    https://www.samba.org/samba/security/CVE-2022-37967.html
+    https://www.samba.org/samba/security/CVE-2022-38023.html
+    https://www.samba.org/samba/security/CVE-2022-45141.html
+    https://www.cve.org/CVERecord?id=CVE-2022-37966
+    https://www.cve.org/CVERecord?id=CVE-2022-37967
+    https://www.cve.org/CVERecord?id=CVE-2022-38023
+    https://www.cve.org/CVERecord?id=CVE-2022-45141
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
      <item>
         <title>Wed, 14 Dec 2022 21:19:34 GMT</title>
         <pubDate>Wed, 14 Dec 2022 21:19:34 GMT</pubDate>
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,3 +1,43 @@
+Sat Dec 17 21:14:11 UTC 2022
+patches/packages/samba-4.15.13-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
+  Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
+  A Samba Active Directory DC will issue weak rc4-hmac session keys for
+  use between modern clients and servers despite all modern Kerberos
+  implementations supporting the aes256-cts-hmac-sha1-96 cipher.
+  On Samba Active Directory DCs and members
+  'kerberos encryption types = legacy'
+  would force rc4-hmac as a client even if the server supports
+  aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
+  This is the Samba CVE for the Windows Kerberos Elevation of Privilege
+  Vulnerability disclosed by Microsoft on Nov 8 2022.
+  A service account with the special constrained delegation permission
+  could forge a more powerful ticket than the one it was presented with.
+  The "RC4" protection of the NetLogon Secure channel uses the same
+  algorithms as rc4-hmac cryptography in Kerberos, and so must also be
+  assumed to be weak.
+  Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
+  was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed
+  that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue
+  rc4-hmac encrypted tickets despite the target server supporting better
+  encryption (eg aes256-cts-hmac-sha1-96).
+  Note that there are several important behavior changes included in this
+  release, which may cause compatibility problems interacting with system
+  still expecting the former behavior.
+  Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
+  CVE-2022-38023 carefully!
+  For more information, see:
+    https://www.samba.org/samba/security/CVE-2022-37966.html
+    https://www.samba.org/samba/security/CVE-2022-37967.html
+    https://www.samba.org/samba/security/CVE-2022-38023.html
+    https://www.samba.org/samba/security/CVE-2022-45141.html
+    https://www.cve.org/CVERecord?id=CVE-2022-37966
+    https://www.cve.org/CVERecord?id=CVE-2022-37967
+    https://www.cve.org/CVERecord?id=CVE-2022-38023
+    https://www.cve.org/CVERecord?id=CVE-2022-45141
+  (* Security fix *)
+--------------------------+
 Wed Dec 14 21:19:34 UTC 2022
 patches/packages/mozilla-firefox-102.6.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@ -1,20 +1,20 @@
-Wed Dec 14 21:23:51 UTC 2022
+Sat Dec 17 21:16:44 UTC 2022

 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.

-drwxr-xr-x 12 root root      4096 2022-12-14 21:19 .
+drwxr-xr-x 12 root root      4096 2022-12-17 21:14 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16609 2022-03-30 19:03 ./CHANGES_AND_HINTS.TXT
-rw-r--r--  1 root root   1162736 2022-12-09 19:48 ./CHECKSUMS.md5
-rw-r--r--  1 root root       163 2022-12-09 19:48 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root   1163940 2022-12-14 21:24 ./CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2022-12-14 21:24 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
-rw-r--r--  1 root root   1965872 2022-12-14 21:19 ./ChangeLog.txt
+-rw-r--r--  1 root root   1968131 2022-12-17 21:14 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
-rw-r--r--  1 root root   1518947 2022-12-09 19:47 ./FILELIST.TXT
+-rw-r--r--  1 root root   1520358 2022-12-14 21:23 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@ -738,13 +738,13 @@ drwxr-xr-x  2 root root      4096 2008-05-07 05:21 ./pasture/source/php/pear
 -rwxr-xr-x  1 root root      9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild
 -rw-r--r--  1 root root       775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz
 -rw-r--r--  1 root root       830 2005-12-09 05:18 ./pasture/source/php/slack-desc
-drwxr-xr-x  4 root root      4096 2022-12-14 21:23 ./patches
-rw-r--r--  1 root root     58727 2022-12-14 21:23 ./patches/CHECKSUMS.md5
-rw-r--r--  1 root root       163 2022-12-14 21:23 ./patches/CHECKSUMS.md5.asc
-rw-r--r--  1 root root     79234 2022-12-14 21:23 ./patches/FILE_LIST
-rw-r--r--  1 root root  11890336 2022-12-14 21:23 ./patches/MANIFEST.bz2
-rw-r--r--  1 root root     42425 2022-12-14 21:23 ./patches/PACKAGES.TXT
-drwxr-xr-x  3 root root     16384 2022-12-14 21:23 ./patches/packages
+drwxr-xr-x  4 root root      4096 2022-12-17 21:16 ./patches
+-rw-r--r--  1 root root     58727 2022-12-17 21:16 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root       163 2022-12-17 21:16 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root     79234 2022-12-17 21:16 ./patches/FILE_LIST
+-rw-r--r--  1 root root  11887756 2022-12-17 21:16 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root     42425 2022-12-17 21:16 ./patches/PACKAGES.TXT
+drwxr-xr-x  3 root root     20480 2022-12-17 21:16 ./patches/packages
 -rw-r--r--  1 root root       327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
 -rw-r--r--  1 root root     10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@ -896,9 +896,9 @@ drwxr-xr-x  2 root root      4096 2022-11-29 21:00 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       385 2022-11-24 20:10 ./patches/packages/ruby-3.0.5-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   7740336 2022-11-24 20:10 ./patches/packages/ruby-3.0.5-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-11-24 20:10 ./patches/packages/ruby-3.0.5-x86_64-1_slack15.0.txz.asc
-rw-r--r--  1 root root       507 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txt
-rw-r--r--  1 root root  12970372 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz
-rw-r--r--  1 root root       163 2022-11-17 01:46 ./patches/packages/samba-4.15.12-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       507 2022-12-17 19:58 ./patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt
+-rw-r--r--  1 root root  13030204 2022-12-17 19:58 ./patches/packages/samba-4.15.13-x86_64-1_slack15.0.txz
+-rw-r--r--  1 root root       163 2022-12-17 19:58 ./patches/packages/samba-4.15.13-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       392 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root  38098032 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-09-29 20:19 ./patches/packages/seamonkey-2.53.14-x86_64-1_slack15.0.txz.asc
@ -947,7 +947,7 @@ drwxr-xr-x  2 root root      4096 2022-11-29 21:00 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       388 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root    105356 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-10-15 04:05 ./patches/packages/zlib-1.2.13-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 59 root root      4096 2022-12-14 21:16 ./patches/source
+drwxr-xr-x 59 root root      4096 2022-12-17 21:12 ./patches/source
 drwxr-xr-x  2 root root      4096 2022-01-16 05:07 ./patches/source/aaa_base
 -rw-r--r--  1 root root     11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
 -rwxr-xr-x  1 root root      3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild
@ -1417,14 +1417,14 @@ drwxr-xr-x  2 root root      4096 2022-11-24 20:07 ./patches/source/ruby
 -rw-r--r--  1 root root  15531585 2022-11-24 13:05 ./patches/source/ruby/ruby-3.0.5.tar.lz
 -rwxr-xr-x  1 root root      4817 2022-04-13 18:14 ./patches/source/ruby/ruby.SlackBuild
 -rw-r--r--  1 root root       837 2019-03-13 16:43 ./patches/source/ruby/slack-desc
-drwxr-xr-x  2 root root      4096 2022-11-16 19:16 ./patches/source/samba
+drwxr-xr-x  2 root root      4096 2022-12-17 19:52 ./patches/source/samba
 -rw-r--r--  1 root root       703 2016-06-13 04:19 ./patches/source/samba/doinst.sh.gz
 -rw-r--r--  1 root root       940 2016-06-04 17:50 ./patches/source/samba/rc.samba
-rw-r--r--  1 root root       833 2022-11-15 07:22 ./patches/source/samba/samba-4.15.12.tar.asc
-rw-r--r--  1 root root  11910047 2022-11-15 07:22 ./patches/source/samba/samba-4.15.12.tar.lz
+-rw-r--r--  1 root root       833 2022-12-15 16:08 ./patches/source/samba/samba-4.15.13.tar.asc
+-rw-r--r--  1 root root  11925267 2022-12-15 16:08 ./patches/source/samba/samba-4.15.13.tar.lz
 -rwxr-xr-x  1 root root      7654 2022-05-02 18:04 ./patches/source/samba/samba.SlackBuild
 -rw-r--r--  1 root root       227 2019-02-06 20:36 ./patches/source/samba/samba.libsmbclient.h.ffmpeg.compat.diff.gz
-rw-r--r--  1 root root       131 2022-10-25 16:46 ./patches/source/samba/samba.url
+-rw-r--r--  1 root root       131 2022-12-17 19:52 ./patches/source/samba/samba.url
 -rw-r--r--  1 root root       960 2018-02-27 06:13 ./patches/source/samba/slack-desc
 -rw-r--r--  1 root root      7921 2018-04-29 17:31 ./patches/source/samba/smb.conf.default
 -rw-r--r--  1 root root      7933 2018-01-14 20:41 ./patches/source/samba/smb.conf.default.orig
--- a/patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt
+++ b/patches/packages/samba-4.15.13-x86_64-1_slack15.0.txt
--- a/patches/source/samba/samba.url
+++ b/patches/source/samba/samba.url
@ -1,2 +1,2 @@
-https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz
-https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.asc
+https://download.samba.org/pub/samba/stable/samba-4.15.13.tar.gz
+https://download.samba.org/pub/samba/stable/samba-4.15.13.tar.asc