Update to Samba 4.13.14

resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124 resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717 resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718 resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719 resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721 resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722 resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738 resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192 Guenther
2021-11-09 19:30:09 +01:00 · 2021-11-09 19:30:09 +01:00 · 85d7de80b2
parent afe3fcb7fd
commit 85d7de80b2
5 changed files with 614 additions and 902 deletions
--- a/.gitignore
+++ b/.gitignore
@ -249,3 +249,5 @@ samba-3.6.0pre1.tar.gz
 /samba-4.13.12.tar.asc
 /samba-4.13.13.tar.xz
 /samba-4.13.13.tar.asc
+/samba-4.13.14.tar.xz
+/samba-4.13.14.tar.asc
--- a/samba-4.13-redhat.patch
+++ b/samba-4.13-redhat.patch
--- a/samba-s4u.patch
+++ b/samba-s4u.patch
@ -1,19 +1,18 @@
-From fe300549844509624d944b93fc64dc6d382e71c1 Mon Sep 17 00:00:00 2001
+From e649f9aedfa8a0d5caa241743bb4191927430879 Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Fri, 27 Sep 2019 18:25:03 +0300
-Subject: [PATCH 3/7] mit-kdc: add basic loacl realm S4U support
+Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support

 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
 ---
- source4/kdc/mit-kdb/kdb_samba_policies.c      | 148 +++++++++---------
- source4/kdc/mit_samba.c                       |  47 ++----
- source4/kdc/mit_samba.h                       |   6 +-
- wscript_configure_system_mitkrb5              |   3 +
- 6 files changed, 91 insertions(+), 115 deletions(-)
+ source4/kdc/mit-kdb/kdb_samba_policies.c | 124 +++++++++++------------
+ source4/kdc/mit_samba.c                  |  47 ++-------
+ source4/kdc/mit_samba.h                  |   6 +-
+ 3 files changed, 71 insertions(+), 106 deletions(-)

 diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
-index 9197551ed61..944324d9a2f 100644
+index 7bc9a7b3347..fc20bfed2f4 100644
 --- a/source4/kdc/mit-kdb/kdb_samba_policies.c
 +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -192,13 +192,17 @@ static krb5_error_code ks_verify_pac(krb5_context context,
@ -134,16 +133,15 @@ index 9197551ed61..944324d9a2f 100644
 
 	return code;
 }
-@@ -324,7 +335,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- {
- #endif
+@@ -328,6 +339,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 	krb5_authdata **pac_auth_data = NULL;
 	krb5_authdata **authdata = NULL;
-	krb5_boolean is_as_req;
+ 	krb5_boolean is_as_req;
 +	krb5_const_principal pac_client;
 	krb5_error_code code;
 	krb5_pac pac = NULL;
 	krb5_data pac_data;
-@@ -334,24 +345,21 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+@@ -341,11 +353,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 	krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
 #endif
 
@ -152,13 +150,13 @@ index 9197551ed61..944324d9a2f 100644
 -		return KRB5_KDB_DBTYPE_NOSUP;
 -	}
 -
-	is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
-
-	if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) {
-		code = ks_get_pac(context, client, client_key, &pac);
-		if (code != 0) {
-			goto done;
-		}
+ 	is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
+ 
+ 	/*
+@@ -406,6 +413,16 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 		ks_client_princ = client->princ;
+ 	}
+ 
 +	/* In protocol transition, we are currently not provided with the tgt
 +	 * client name to verify the PAC, we could probably skip the name
 +	 * verification and just verify the signatures, but since we don't
@ -166,59 +164,31 @@ index 9197551ed61..944324d9a2f 100644
 +	if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
 +		pac_client = server->princ;
 +	} else {
-+		pac_client = client_princ;
- 	}
- 
-	if (!is_as_req) {
-+	/* TGS request */
-+	if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY)) {
- 		code = ks_verify_pac(context,
- 				     flags,
-				     client_princ,
-+				     pac_client,
- 				     client,
- 				     server,
- 				     krbtgt,
-@@ -363,14 +371,28 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- 		if (code != 0) {
- 			goto done;
- 		}
-+
-+		/* We require PAC as we don't support LSA_TRUST_TYPE_MIT */
-+		if (pac == NULL) {
-+			code = KRB5_KDB_DBTYPE_NOSUP;
-+			goto done;
-+		}
- 	}
- 
-	if (pac == NULL && client != NULL) {
-+	if (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) {
-+		krb5_pac_free(context, pac);
-+		pac = NULL;
+		pac_client = ks_client_princ;
 +	}
- 
-+	/* AS request or local realm protocol transition */
-+	if ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) ||
-+	    (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
- 		code = ks_get_pac(context, client, client_key, &pac);
- 		if (code != 0) {
- 			goto done;
- 		}
-+		/* We require a pac! */
-+		SMB_ASSERT(pac != NULL);
+
+ 	if (client_entry == NULL) {
+ 		client_entry = client;
 	}
+@@ -470,7 +487,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 
- 	if (pac == NULL) {
-@@ -379,7 +401,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
- 	}
- 
- 	code = krb5_pac_sign(context, pac, authtime, client_princ,
+ 			code = ks_verify_pac(context,
+ 					     flags,
+-					     ks_client_princ,
+					     pac_client,
+ 					     client_entry,
+ 					     server,
+ 					     krbtgt,
+@@ -510,7 +527,7 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+ 		  is_as_req ? "AS-REQ" : "TGS-REQ",
+ 		  client_name);
+ 	code = krb5_pac_sign(context, pac, authtime, ks_client_princ,
 -			server_key, krbtgt_key, &pac_data);
 +			     server_key, krbtgt_key, &pac_data);
 	if (code != 0) {
 		DBG_ERR("krb5_pac_sign failed: %d\n", code);
 		goto done;
-@@ -405,11 +427,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
+@@ -536,12 +553,6 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					      KRB5_AUTHDATA_IF_RELEVANT,
 					      authdata,
 					      signed_auth_data);
@ -227,10 +197,11 @@ index 9197551ed61..944324d9a2f 100644
 -	}
 -
 -	code = 0;
- 
+-
 done:
- 	krb5_pac_free(context, pac);
-@@ -432,32 +449,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
+ 	if (client_entry != NULL && client_entry != client) {
+ 		ks_free_principal(context, client_entry);
+@@ -567,32 +578,13 @@ krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
 	 * server; -> delegating service
 	 * proxy; -> target principal
 	 */
@ -265,10 +236,10 @@ index 9197551ed61..944324d9a2f 100644
 
 
 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index 54dcd545ea1..f23327c9613 100644
+index e015c5a52db..2a48d731501 100644
 --- a/source4/kdc/mit_samba.c
 +++ b/source4/kdc/mit_samba.c
-@@ -467,7 +467,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
+@@ -475,7 +475,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 				    krb5_context context,
 				    int flags,
@ -276,7 +247,7 @@ index 54dcd545ea1..f23327c9613 100644
 				    krb5_db_entry *client,
 				    krb5_db_entry *server,
 				    krb5_db_entry *krbtgt,
-@@ -615,7 +614,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
+@@ -639,7 +638,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 								  context,
 								  *pac,
 								  server->princ,
@ -285,7 +256,7 @@ index 54dcd545ea1..f23327c9613 100644
 								  deleg_blob);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(0, ("Update delegation info failed: %s\n",
-@@ -937,41 +936,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
+@@ -961,41 +960,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
 }
 
 int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@ -338,7 +309,7 @@ index 54dcd545ea1..f23327c9613 100644
 
 static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
 diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
-index ba824557bd5..5aadf206443 100644
+index 636c77ec97c..9cb00c9610e 100644
 --- a/source4/kdc/mit_samba.h
 +++ b/source4/kdc/mit_samba.h
@@ -56,7 +56,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@ -362,12 +333,13 @@ index ba824557bd5..5aadf206443 100644
 int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
 				      char *pwd,
 -- 
-2.25.4
+2.33.1

-From ff1b225493ede3d43cfad571770dacb73f75ec42 Mon Sep 17 00:00:00 2001
+
+From 9eca7b08a3987d6320d6584e146005bbc01720f6 Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Fri, 27 Sep 2019 18:35:30 +0300
-Subject: [PATCH 5/7] krb5-mit: enable S4U client support for MIT build
+Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build

 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -375,13 +347,13 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
 lib/krb5_wrap/krb5_samba.c            | 185 ++++++++++++++++++++++++++
 lib/krb5_wrap/krb5_samba.h            |   2 -
 source4/auth/kerberos/kerberos_util.c |  11 --
- 4 files changed, 185 insertions(+), 14 deletions(-)
+ 3 files changed, 185 insertions(+), 13 deletions(-)

 diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
-index 20ce86c708d..e72ab3c30f7 100644
+index fff5b4e2a22..791b417d5ba 100644
 --- a/lib/krb5_wrap/krb5_samba.c
 +++ b/lib/krb5_wrap/krb5_samba.c
-@@ -2568,6 +2568,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
+@@ -2694,6 +2694,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 
 	return 0;
 }
@ -574,7 +546,7 @@ index 20ce86c708d..e72ab3c30f7 100644
 
 #if !defined(HAVE_KRB5_MAKE_PRINCIPAL) && defined(HAVE_KRB5_BUILD_PRINCIPAL_ALLOC_VA)
 diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
-index ca9a893e4f7..3264ce5eb3b 100644
+index 56a2a975278..5af9c6d73c1 100644
 --- a/lib/krb5_wrap/krb5_samba.h
 +++ b/lib/krb5_wrap/krb5_samba.h
@@ -252,7 +252,6 @@ krb5_error_code smb_krb5_kinit_password_ccache(krb5_context ctx,
@ -639,14 +611,13 @@ index 544d9d853cc..c14d8c72d8c 100644
 				ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
 								     ccache,
 -- 
-2.25.4
+2.33.1


-
-From cf1b9bdc09180d68e2b30258839d2f78b7af9c62 Mon Sep 17 00:00:00 2001
+From 80289eca2bb614aacd0df86bcf7ad7027c080671 Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Sat, 19 Sep 2020 14:16:20 +0200
-Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
+Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code

 ---
 source4/heimdal/lib/hdb/hdb.h | 1 +
@ -656,7 +627,7 @@ Subject: [PATCH 7/7] wip: for canonicalization with new MIT kdc code
 4 files changed, 11 insertions(+), 2 deletions(-)

 diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h
-index 6a09ecb6fe1..bc5211fef35 100644
+index 5ef9d9565f3..dafaffc6c2d 100644
 --- a/source4/heimdal/lib/hdb/hdb.h
 +++ b/source4/heimdal/lib/hdb/hdb.h
@@ -63,6 +63,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
@ -668,7 +639,7 @@ index 6a09ecb6fe1..bc5211fef35 100644
 /* hdb_capability_flags */
 #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
 diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
-index a560a1cd84b..c27b6a8ef4c 100644
+index aff74f2ee71..d16b4c3329a 100644
 --- a/source4/kdc/db-glue.c
 +++ b/source4/kdc/db-glue.c
@@ -916,17 +916,21 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
@ -696,7 +667,7 @@ index a560a1cd84b..c27b6a8ef4c 100644
 		ret = smb_krb5_make_principal(context, &entry_ex->entry.principal, lpcfg_realm(lp_ctx), samAccountName, NULL);
 		if (ret) {
 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index f23327c9613..4084e893cc2 100644
+index 2a48d731501..a8d3e7ed493 100644
 --- a/source4/kdc/mit_samba.c
 +++ b/source4/kdc/mit_samba.c
@@ -198,6 +198,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
@ -722,5 +693,5 @@ index c929acccce6..a9115ec23d7 100644
 void sdb_free_entry(struct sdb_entry_ex *e);
 void free_sdb_entry(struct sdb_entry *s);
 -- 
-2.25.4
+2.33.1

--- a/samba.spec
+++ b/samba.spec
@ -10,11 +10,11 @@

 %define main_release 0

-%define samba_version 4.13.13
+%define samba_version 4.13.14
 %define talloc_version 2.3.1
 %define tdb_version 1.4.3
 %define tevent_version 0.10.2
-%define ldb_version 2.2.2
+%define ldb_version 2.2.3
 # This should be rc1 or nil
 %define pre_release %nil

@ -1493,6 +1493,7 @@ fi
 %{_libdir}/samba/libcommon-auth-samba4.so
 %{_libdir}/samba/libctdb-event-client-samba4.so
 %{_libdir}/samba/libdbwrap-samba4.so
+%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
 %{_libdir}/samba/libdcerpc-samba-samba4.so
 %{_libdir}/samba/libevents-samba4.so
 %{_libdir}/samba/libflag-mapping-samba4.so
@ -2305,6 +2306,7 @@ fi
 %{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
@ -2323,6 +2325,8 @@ fi
 %{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
+%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
 %{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
@ -2484,6 +2488,7 @@ fi
 %{python3_sitearch}/samba/tests/dns_tkey.py
 %{python3_sitearch}/samba/tests/dns_wildcard.py
 %{python3_sitearch}/samba/tests/dsdb.py
+%{python3_sitearch}/samba/tests/dsdb_api.py
 %{python3_sitearch}/samba/tests/dsdb_lock.py
 %{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
 %{python3_sitearch}/samba/tests/docs.py
@ -2521,6 +2526,7 @@ fi
 %{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
 %dir %{python3_sitearch}/samba/tests/krb5
 %dir %{python3_sitearch}/samba/tests/krb5/__pycache__
+%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
@ -2537,11 +2543,15 @@ fi
 %{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/alias_tests.py
 %{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
 %{python3_sitearch}/samba/tests/krb5/as_req_tests.py
 %{python3_sitearch}/samba/tests/krb5/compatability_tests.py
@ -2558,14 +2568,18 @@ fi
 %{python3_sitearch}/samba/tests/krb5/s4u_tests.py
 %{python3_sitearch}/samba/tests/krb5/salt_tests.py
 %{python3_sitearch}/samba/tests/krb5/simple_tests.py
+%{python3_sitearch}/samba/tests/krb5/spn_tests.py
 %{python3_sitearch}/samba/tests/krb5/test_ccache.py
 %{python3_sitearch}/samba/tests/krb5/test_ldap.py
+%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
 %{python3_sitearch}/samba/tests/krb5/test_rpc.py
 %{python3_sitearch}/samba/tests/krb5/test_smb.py
 %{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
 %{python3_sitearch}/samba/tests/krb5_credentials.py
 %{python3_sitearch}/samba/tests/ldap_raw.py
 %{python3_sitearch}/samba/tests/ldap_referrals.py
+%{python3_sitearch}/samba/tests/ldap_spn.py
+%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
 %{python3_sitearch}/samba/tests/libsmb.py
 %{python3_sitearch}/samba/tests/loadparm.py
 %{python3_sitearch}/samba/tests/lsa_string.py
@ -3660,6 +3674,17 @@ fi
 %endif

 %changelog
+* Tue Nov 09 2021 Guenther Deschner <gdeschner@redhat.com> - 4.13.14-0
+- Update to Samba 4.13.14
+- resolves: #2019660, #2021711 - Security fixes for CVE-2016-2124
+- resolves: #2019672, #2021716 - Security fixes for CVE-2020-25717
+- resolves: #2019726, #2021718 - Security fixes for CVE-2020-25718
+- resolves: #2019732, #2021719 - Security fixes for CVE-2020-25719
+- resolves: #2021728, #2021729 - Security fixes for CVE-2020-25721
+- resolves: #2019764, #2021721 - Security fixes for CVE-2020-25722
+- resolves: #2021726, #2021727 - Security fixes for CVE-2021-3738
+- resolves: #2019666, #2021715 - Security fixes for CVE-2021-23192
+
 * Fri Oct 29 2021 Guenther Deschner <gdeschner@redhat.com> - 4.13.13-0
 - Update to Samba 4.13.13

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (samba-4.13.13.tar.xz) = dbc4f64a7a3d3d7566df3bcd6baa132bce6e13642fd283b22945db1431c2a3eaad1e9fc7f3b7907383561e63c4648129633aedc16e5f452c5747754143d9485c
-SHA512 (samba-4.13.13.tar.asc) = 51b2d0c2f18a3a94bef08d825214e90708d1c4c273f54b33d83d8efdb3f77062147c225db64f077550b69378689c64675bf5e8b552769d89f4aecb33ddee0b17
+SHA512 (samba-4.13.14.tar.xz) = 9df1de1ef80010e83ac36239d4af7958fe4f44a0cad4c68cdde71d63d502372767dfe4e01f4743e3ab1d23fe3b65ac7571c14ef9614a3b6feba53c2295a7f28e
+SHA512 (samba-4.13.14.tar.asc) = 525f0d8087076e39db3205d878a2aba8242ef79927bca253963b2df7f181439dc825efd5ed457103a06251f2870fda68811ed1395a6cb7a995630e8f193153e7