package/samba4: security bump version to 4.15.11
Added patch from Gentoo to fix uClibc build:
access.c:(.text+0x1e8): undefined reference to `innetgr'
Release notes:
https://www.samba.org/samba/history/samba-4.15.8.html
https://www.samba.org/samba/history/samba-4.15.9.html
o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
o CVE-2022-32744: Samba AD users can forge password change requests for any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
https://www.samba.org/samba/history/samba-4.15.10.html
https://www.samba.org/samba/history/samba-4.15.11.html
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8941d02bf1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
09322d970b