From nobody Wed Jan 12 05:38:08 2022
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0D4A019501F9;
	Wed, 12 Jan 2022 05:38:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JYbv45YNtz3KYs;
	Wed, 12 Jan 2022 05:38:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9E88B27681;
	Wed, 12 Jan 2022 05:38:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20C5c8j1036428;
	Wed, 12 Jan 2022 05:38:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20C5c8xr036427;
	Wed, 12 Jan 2022 05:38:08 GMT
	(envelope-from git)
Date: Wed, 12 Jan 2022 05:38:08 GMT
Message-Id: <202201120538.20C5c8xr036427@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Subject: git: fb71a4b64148 - main - net/samba413: Update to the 4.13.16 release to address CVE-2021-43566
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: timur
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: fb71a4b641481654ee4c84be00911b4e5212eb19
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1641965888;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=c4KJt1BvixT/UOh3+eGfXEwIV17i5chcsMBwKcSCWmY=;
	b=xtb7vle3N/yNTU1S1KztW+aCRwcBgKLgtVDRm3gJF0YQ4H13GlHrsJq6XiXri2bAqpZX2U
	yf5zdX1DWXoCn2Z7QWsoHnFE8M787HpEd5cdka7qWIvOe4nFnc+X7VyFnLDYEoHqfySjRI
	LV+TqCafenQ4+iZLtWXS5odcZY6YVF//zaglYMn978ByfEWJRMeMIWITOhUbBZCVZiyj2Z
	SIpBWIXT7mepU0Ji9NK3CmRcAQ5oBMK/7+vMV/6Le4q5CHUZAsNXk/b7+v6/QDP4vQ24mS
	sxVlOy/AG3WuOVcl5/FV6Y+gXWXQvjKQ1VfsJ1H+2nO/bqLPDaT16PuF+kqbIA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1641965888; a=rsa-sha256; cv=none;
	b=pvLqtAjqmIU4L2FvGTVBL6s87+VQE9WjmarbfPB6jnior3h2rC0bZi7UZbHlTDj7DL0hSF
	q6zJANJNsiAo1FGkJo3A0mUFlTLaam9o36N5R7TxIJ7rWeq0rtDwoYdMKoaPj/+yALK8sR
	DMG0yNzuRFVJIZ+36H2InVKweXkDmEzuPQPYBQBQbtmSQX3IoUMQCw17+GU8A31YLA8OGj
	kixCVGAECcRfXZRpjlIjFifqbG/1ZC4u1BxUydNM9rdPtw5FCgrltR1qn8ZTnF+2OiupmB
	Osd2qVMWbN0m5FXo8j+fqJpn3xT3yLLVJ/9VMvtsu/f7ju/eGmHTdJMaicm0Nw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by timur:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fb71a4b641481654ee4c84be00911b4e5212eb19

commit fb71a4b641481654ee4c84be00911b4e5212eb19
Author:     Timur I. Bakeyev <timur@FreeBSD.org>
AuthorDate: 2022-01-12 05:22:19 +0000
Commit:     Timur I. Bakeyev <timur@FreeBSD.org>
CommitDate: 2022-01-12 05:35:52 +0000

    net/samba413: Update to the 4.13.16 release to address CVE-2021-43566
    
    In addition an CVE-2021-20316 is issued, but can't be address in this
    Samba release.
    
    ====================================================
    Workaround and mitigating factors for CVE-2021-20316
    ====================================================
    
    Do not enable SMB1 (please note SMB1 is disabled by default in Samba
    from version 4.11.0 and onwards). This prevents the creation of
    symbolic links via SMB1. If SMB1 must be enabled for backwards
    compatibility then add the parameter:
    
    unix extensions = no
    
    to the [global] section of your smb.conf and restart smbd. This
    prevents SMB1 clients from creating symlinks on the exported file
    system.
    
    However, if the same region of the file system is also exported using
    NFS, NFS clients can create symlinks that potentially can also hit the
    race condition. For non-patched versions of Samba we recommend only
    exporting areas of the file system by either SMB2 or NFS, not both.
    
    Security:       CVE-2021-43566
---
 net/samba413/Makefile         | 2 +-
 net/samba413/distinfo         | 6 +++---
 net/samba413/pkg-plist.python | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/samba413/Makefile b/net/samba413/Makefile
index dc886f703a5f..a6ac7445e3ba 100644
--- a/net/samba413/Makefile
+++ b/net/samba413/Makefile
@@ -22,7 +22,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.13.14
+SAMBA4_VERSION=			4.13.16
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
diff --git a/net/samba413/distinfo b/net/samba413/distinfo
index f985138a88f2..8d9c52c21d76 100644
--- a/net/samba413/distinfo
+++ b/net/samba413/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1636505457
-SHA256 (samba-4.13.14.tar.gz) = 6611a8e8fa93ea0cb3ee2cadd6269305ded40acf7f8b6a7576547e5d13f07f80
-SIZE (samba-4.13.14.tar.gz) = 18943381
+TIMESTAMP = 1641957925
+SHA256 (samba-4.13.16.tar.gz) = 3fec748cd89961131959fca836d24bbc4843385ea7235a4295b5e129e250c041
+SIZE (samba-4.13.16.tar.gz) = 18943308
diff --git a/net/samba413/pkg-plist.python b/net/samba413/pkg-plist.python
index 8cf306b5bc07..c931ab22f63e 100644
--- a/net/samba413/pkg-plist.python
+++ b/net/samba413/pkg-plist.python
@@ -268,6 +268,7 @@ lib/samba4/private/libsamba-python%%PYTHON_EXT_SUFFIX%%-samba4.so
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/simple_tests.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/spn_tests.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ccache.py
+%%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_idmap_nss.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_ldap.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_min_domain_uid.py
 %%PYTHON_SITELIBDIR%%/samba/tests/krb5/test_rpc.py