[le11] samba: update to 4.17.10

[heitbaum]

• Backport of [le12] samba: update to 4.17.9 #7970
• Backport of [le12] samba: update to 4.17.10 #8000

Changes since 4.17.8

o Douglas Bagnall [email protected]

• BUG 15404: Backport --pidl-developer fixes.

o Ralph Boehme [email protected]

• BUG 15275: smbd_scavenger crashes when service smbd is stopped.
• BUG 15378: vfs_fruit might cause a failing open for delete.

o Samuel Cabrero [email protected]

• BUG 14030: named crashes on DLZ zone update.

o Volker Lendecke [email protected]

• BUG 15361: winbind recurses into itself via rpcd_lsad.
• BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
• BUG 15391: smbclient leaks fds with showacls.

o Stefan Metzmacher [email protected]

• BUG 15374: aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse().
• BUG 15413: winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR.

o Jones Syue [email protected]

• BUG 15403: smbget memory leak if failed to download files recursively.

[heitbaum]

                   ===============================
                   Release Notes for Samba 4.17.10
                            July 19, 2023
                   ===============================


This is a security release in order to address the following defects:

o CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                  crafted request can trigger an out-of-bounds read in winbind
                  and possibly crash it.
                  https://www.samba.org/samba/security/CVE-2022-2127.html

o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                  "server signing = required" or for SMB2 connections to Domain
                  Controllers where SMB2 packet signing is mandatory.
                  https://www.samba.org/samba/security/CVE-2023-3347.html

o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                  Spotlight can be triggered by an unauthenticated attacker by
                  issuing a malformed RPC request.
                  https://www.samba.org/samba/security/CVE-2023-34966.html

o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                  Spotlight can be used by an unauthenticated attacker to
                  trigger a process crash in a shared RPC mdssvc worker process.
                  https://www.samba.org/samba/security/CVE-2023-34967.html

o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                  side absolute path of shares and files and directories in
                  search results.
                  https://www.samba.org/samba/security/CVE-2023-34968.html


Changes since 4.17.9
--------------------

o  Ralph Boehme <[email protected]>
   * BUG 15072: CVE-2022-2127.
   * BUG 15340: CVE-2023-34966.
   * BUG 15341: CVE-2023-34967.
   * BUG 15388: CVE-2023-34968.
   * BUG 15397: CVE-2023-3347.

o  Volker Lendecke <[email protected]>
   * BUG 15072: CVE-2022-2127.

o  Stefan Metzmacher <[email protected]>
   * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.