From: Ian McWilliam <kaosagnt@gmail.com>
Subject: Re: security UPDATE net/samba-4.22.2
To: Bjorn Ketelaars <bket@openbsd.org>
Cc: OpenBSD ports <ports@openbsd.org>
Date: Sat, 7 Jun 2025 11:46:14 +1000

Hi,

Thanks for the update. Tests fine on both current / stable, OK

Ian McWilliam

> On 6 Jun 2025, at 3:45 am, Bjorn Ketelaars <bket@openbsd.org> wrote:
> 
> Simple diff below for updating samba to 4.22.2, which contains the
> security-relevant bugfix CVE-2025-0620: smbd doesn't pick up group
> membership changes when re-authenticating an expired SMB session
> https://www.samba.org/samba/security/CVE-2025-0620.html.
> 
> Release notes: https://www.samba.org/samba/history/samba-4.22.2.html.
> 
> Run tested on amd64.
> 
> I would like to commit this to both current and -7.7.
> 
> Comments/OK?
> 
> 
> diff --git Makefile Makefile
> index 700fd735cc2..18274fb7189 100644
> --- Makefile
> +++ Makefile
> @@ -1,4 +1,4 @@
> -VERSION =		4.22.1
> +VERSION =		4.22.2
> DISTNAME =		samba-${VERSION}
> EPOCH =			0
> 
> diff --git distinfo distinfo
> index 55a590fc189..a8b51f6a629 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (samba-4.22.1.tar.gz) = ah+J8aslkW4lXxwsOkqII1qFSvLspAu52bunVFtoSgo=
> -SIZE (samba-4.22.1.tar.gz) = 42866082
> +SHA256 (samba-4.22.2.tar.gz) = 2ayOIkogAVnmLGUc9CMH3BYiEuwl0E62gAuafM+8w8E=
> +SIZE (samba-4.22.2.tar.gz) = 42869453