Pullup ticket #6985 - requested by taca

net/samba4: Security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.204
- net/samba4/distinfo                                           1.115

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Thu Jul 10 15:24:29 UTC 2025

   Modified Files:
           pkgsrc/net/samba4: Makefile distinfo

   Log Message:
   net/samba4: update to 4.21.7

   This is the latest stable release of the Samba 4.21 release series.

   Important Change in Upcoming Microsoft Update
   ---------------------------------------------

   On 8th of July, Microsoft will release an important security update for
   Active Directory Domain Controllers for Windows Server versions prior to
   2025.

   This update includes a change to the Microsoft RPC Netlogon protocol,
   which improves security by tightening access checks for a set of RPC
   requests. Samba running as domain members in these environments will be
   impacted by this change if a specific configuration is used, see below
   for which configuration is affected.

   Windows Server version 2025 is already equipped with these specific
   security hardenings, and Microsoft is now planning to deploy them to all
   supported Windows Server versions down to Windows Server 2008.

   Who is affected?

   Samba installations acting as member servers in Windows AD domains will
   be affected if they are configured to use the 'ad' idmapping backend.
   Samba servers not using this configuration will not be affected by the
   change – at least to our current knowledge and understanding of the
   change – and no further action is required.

   Current versions of Samba with the affected configuration will no longer
   function correctly once the Microsoft update has been applied. Users
   will not be able to connect to the SMB service provided by Samba for any
   domain configured to use the 'ad' idmapping backend.

   See https://bugzilla.samba.org/show_bug.cgi?id=15876.

   Changes since 4.21.6
   --------------------

   o  Günther Deschner <gd@samba.org>
      * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
        calls like netr_DsRGetDCName.

   o  Stefan Metzmacher <metze@samba.org>
      * BUG 15680: Trust domains are not created.
      * BUG 15876: Windows security hardening locks out schannel'ed netlogon dc
        calls like netr_DsRGetDCName.

   o  Andreas Schneider <asn@samba.org>
      * BUG 15680: Trust domains are not created.
      * BUG 15869: Startup messages of rpc deamons fills /var/log/messages.

Author: coypoop

net/samba4/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.203 2025/06/04 14:43:09 taca Exp $
+# $NetBSD: Makefile,v 1.203.2.1 2025/07/17 02:06:58 maya Exp $
 
-DISTNAME=	samba-4.21.6
+DISTNAME=	samba-4.21.7
 CATEGORIES=	net
 MASTER_SITES=	https://download.samba.org/pub/samba/stable/
 

net/samba4/distinfo

@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.114 2025/06/19 02:08:47 gutteridge Exp $
+$NetBSD: distinfo,v 1.114.2.1 2025/07/17 02:06:58 maya Exp $
 
-BLAKE2s (samba-4.21.6.tar.gz) = 6d763bf813f948662e2783e407916c3214a9c31294e4d3b0236836ccac49b7c9
-SHA512 (samba-4.21.6.tar.gz) = 58e6d6d44f551e4271bbaade81ea9f5488ce9c811cea1228eb55199a7852dd0a7eaf368287dc691fa47ff86132bc20633926504348c749fbba58337c3385c6ab
-Size (samba-4.21.6.tar.gz) = 42682936 bytes
+BLAKE2s (samba-4.21.7.tar.gz) = 4cee4b3035ff21c547049e348ca7dac48cadfb5a653277bf06f4f9d8595a4fa9
+SHA512 (samba-4.21.7.tar.gz) = f44a0dc880b2a5694f9c46ff11c808ae263f68c91cc9b0e32869bb44f84c1fdcc49370a396f38e0f452133c29357d8ad80a689af67bd85f648b2121e7792b555
+Size (samba-4.21.7.tar.gz) = 42689509 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = b9015694b80c0e6382d75c806fd6e0eb92e5f998