Security update for net/samba4* ports to 4.13.6 and 4.12.13 respectively.

Mark net/samba411 s deprecated. Relnotes: CVE-2020-27840 CVE-2021-20277
author: Timur I. Bakeyev <timur@FreeBSD.org> 2021-03-25 02:57:00 +0000
committer: Timur I. Bakeyev <timur@FreeBSD.org> 2021-03-25 02:57:00 +0000
commit: 0237d8993831781238abde55c34d7c56e8a40304 (patch)
tree: 47c195c3dc0593077ecd5feee85631e3873beb2e /net/samba412
parent: 50d83ae9078ff27cd021d96b0e1bcc0f590efee5 (diff)
download: ports-0237d8993831781238abde55c34d7c56e8a40304.tar.gz
ports-0237d8993831781238abde55c34d7c56e8a40304.zip
6 files changed, 93 insertions, 55 deletions
diff --git a/net/samba412/Makefile b/net/samba412/Makefile
index 8b2e336f81d4..52285d6f56ac 100644
--- a/net/samba412/Makefile
+++ b/net/samba412/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=			${SAMBA4_BASENAME}412
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			2
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@@ -23,7 +23,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.12.9
+SAMBA4_VERSION=			4.12.13
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
diff --git a/net/samba412/distinfo b/net/samba412/distinfo
index 5f986d594b90..6fe48275de92 100644
--- a/net/samba412/distinfo
+++ b/net/samba412/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1604112111
-SHA256 (samba-4.12.9.tar.gz) = 786edf7b45b68ce637cb16daaa861097fdd71c9bac8428eec161a3a123f65060
-SIZE (samba-4.12.9.tar.gz) = 18236198
+TIMESTAMP = 1616600978
+SHA256 (samba-4.12.13.tar.gz) = 5bc1cacb4e12bd6618d882e7750a335eec910310043a58d8e18e6614fda3b98d
+SIZE (samba-4.12.13.tar.gz) = 18260488
diff --git a/net/samba412/files/patch-bind b/net/samba412/files/patch-bind
index b98f2338319b..78e3f5523d4f 100644
--- a/net/samba412/files/patch-bind
+++ b/net/samba412/files/patch-bind
@@ -1,4 +1,4 @@
---- python/samba/provision/sambadns.py.orig	2020-03-26 08:58:46 UTC
+--- python/samba/provision/sambadns.py.orig	2020-11-03 14:33:19 UTC
 +++ python/samba/provision/sambadns.py
 @@ -27,6 +27,7 @@ import time
  import ldb
@@ -8,7 +8,7 @@
  import samba
  from samba.tdb_util import tdb_copy
  from samba.mdb_util import mdb_copy
-@@ -965,34 +966,35 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac
+@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac
                                       stderr=subprocess.STDOUT,
                                       cwd='.').communicate()[0]
          bind_info = get_string(bind_info)
@@ -17,6 +17,8 @@
 -        bind9_10 = '#'
 -        bind9_11 = '#'
 -        bind9_12 = '#'
+-        bind9_14 = '#'
+-        bind9_16 = '#'
 -        if bind_info.upper().find('BIND 9.8') != -1:
 -            bind9_8 = ''
 -        elif bind_info.upper().find('BIND 9.9') != -1:
@@ -27,8 +29,19 @@
 -            bind9_11 = ''
 -        elif bind_info.upper().find('BIND 9.12') != -1:
 -            bind9_12 = ''
+-        elif bind_info.upper().find('BIND 9.14') != -1:
+-            bind9_14 = ''
+-        elif bind_info.upper().find('BIND 9.16') != -1:
+-            bind9_16 = ''
 -        elif bind_info.upper().find('BIND 9.7') != -1:
 -            raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+-        elif bind_info.upper().find('BIND_9.13') != -1:
+-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+-        elif bind_info.upper().find('BIND_9.15') != -1:
+-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+-        elif bind_info.upper().find('BIND_9.17') != -1:
+-            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
++
 +        bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
 +        if bind9_release:
 +            bind9_disabled = ''
@@ -39,6 +52,8 @@
 +                raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
 +            elif bind9_version_minor == 8:
 +                bind9_dlz_version = "9"
++            elif bind9_version_minor in [13, 15, 17]:
++                raise ProvisioningError("Only stable/esv releases of BIND are supported.")
 +            else:
 +                bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
          else:
@@ -61,53 +76,71 @@
 -                    "BIND9_9": bind9_9,
 -                    "BIND9_10": bind9_10,
 -                    "BIND9_11": bind9_11,
--                    "BIND9_12": bind9_12
--
+-                    "BIND9_12": bind9_12,
+-                    "BIND9_14": bind9_14,
+-                    "BIND9_16": bind9_16
 +                    "BIND9_DLZ": bind9_dlz
                      })
  
  
 --- source4/dns_server/dlz_minimal.h.orig	2019-12-06 10:10:30 UTC
 +++ source4/dns_server/dlz_minimal.h
-@@ -23,22 +23,23 @@
- #ifndef DLZ_MINIMAL_H
- #define DLZ_MINIMAL_H 1
+@@ -26,32 +26,31 @@
+ #include <stdint.h>
+ #include <stdbool.h>
  
 -#if defined (BIND_VERSION_9_8)
 -# define DLZ_DLOPEN_VERSION 1
 -#elif defined (BIND_VERSION_9_9)
 -# define DLZ_DLOPEN_VERSION 2
 -# define DNS_CLIENTINFO_VERSION 1
+-# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_10)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 1
+-# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_11)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
+-# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_12)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
+-# define ISC_BOOLEAN_AS_BOOL 0
+-#elif defined (BIND_VERSION_9_14)
+-# define DLZ_DLOPEN_VERSION 3
+-# define DNS_CLIENTINFO_VERSION 2
+-#elif defined (BIND_VERSION_9_16)
+-# define DLZ_DLOPEN_VERSION 3
+-# define DNS_CLIENTINFO_VERSION 2
 +#if defined (BIND_VERSION)
 +# if BIND_VERSION == 908
 +#  define DLZ_DLOPEN_VERSION 1
 +# elif BIND_VERSION == 909
 +#  define DLZ_DLOPEN_VERSION 2
 +#  define DNS_CLIENTINFO_VERSION 1
++#  define ISC_BOOLEAN_AS_BOOL 0
 +# elif BIND_VERSION == 910
 +#  define DLZ_DLOPEN_VERSION 3
 +#  define DNS_CLIENTINFO_VERSION 1
-+# elif BIND_VERSION >= 911
++#  define ISC_BOOLEAN_AS_BOOL 0
++# elif BIND_VERSION == 911 || BIND_VERSION == 912
 +#  define DLZ_DLOPEN_VERSION 3
 +#  define DNS_CLIENTINFO_VERSION 2
++#  define ISC_BOOLEAN_AS_BOOL 0
++# elif BIND_VERSION >= 914
++#  define DLZ_DLOPEN_VERSION 3
++#  define DNS_CLIENTINFO_VERSION 2
++#  define ISC_BOOLEAN_AS_BOOL 1
 +# else
 +#  error Unsupported BIND version
 +# endif
  #else
--# error Unsupported BIND version
+ # error Unsupported BIND version
 +# error BIND_VERSION undefined
  #endif
  
- #if DLZ_DLOPEN_VERSION > 1
+ #ifndef ISC_BOOLEAN_AS_BOOL
 --- source4/dns_server/wscript_build.orig	2019-12-06 10:11:08 UTC
 +++ source4/dns_server/wscript_build
 @@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns',
@@ -119,12 +152,12 @@
                    private_library=True,
                    link_name='modules/bind9/dlz_bind9.so',
                    realname='dlz_bind9.so',
-@@ -28,49 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9',
+@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9',
                    deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                    enabled=bld.AD_DC_BUILD_IS_ENABLED())
  
 -bld.SAMBA_LIBRARY('dlz_bind9_9',
-+for bind_version in (909, 910, 911, 912, 913, 914, 916):
++for bind_version in (909, 910, 911, 912, 914, 916):
 +    string_version='%d_%d' % (bind_version//100, bind_version % 100)
 +    bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
                    source='dlz_bind9.c',
@@ -169,6 +202,26 @@
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
+-bld.SAMBA_LIBRARY('dlz_bind9_14',
+-                  source='dlz_bind9.c',
+-                  cflags='-DBIND_VERSION_9_14',
+-                  private_library=True,
+-                  link_name='modules/bind9/dlz_bind9_14.so',
+-                  realname='dlz_bind9_14.so',
+-                  install_path='${MODULESDIR}/bind9',
+-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+-
+-bld.SAMBA_LIBRARY('dlz_bind9_16',
+-                  source='dlz_bind9.c',
+-                  cflags='-DBIND_VERSION_9_16',
+-                  private_library=True,
+-                  link_name='modules/bind9/dlz_bind9_16.so',
+-                  realname='dlz_bind9_16.so',
+-                  install_path='${MODULESDIR}/bind9',
+-                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+-                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+-
  bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
                    source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_8',
@@ -178,7 +231,7 @@
                    enabled=bld.AD_DC_BUILD_IS_ENABLED())
 --- source4/setup/named.conf.dlz.orig	2019-12-06 10:10:31 UTC
 +++ source4/setup/named.conf.dlz
-@@ -7,22 +7,10 @@
+@@ -7,28 +7,10 @@
  
  #
  # This configures dynamically loadable zones (DLZ) from AD schema
@@ -200,6 +253,12 @@
 -
 -    # For BIND 9.12.x
 -    ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
+-
+-    # For BIND 9.14.x
+-    ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
+-
+-    # For BIND 9.16.x
+-    ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
  };
  
 --- source4/torture/dns/wscript_build.orig	2020-04-11 03:26:46 UTC
diff --git a/net/samba412/files/patch-source3_lib_messages.c b/net/samba412/files/patch-source3_lib_messages.c
deleted file mode 100644
index 2b6a06139fcb..000000000000
--- a/net/samba412/files/patch-source3_lib_messages.c
+++ /dev/null
@@ -1,29 +0,0 @@
---- source3/lib/messages.c.orig	2020-02-28 08:59:35 UTC
-+++ source3/lib/messages.c
-@@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create(
- 
- 	{
- 		struct messaging_rec rec;
--		int64_t fds64[num_fds];
-+		int64_t fds64[MAX(1, num_fds)];
- 		size_t i;
- 
- 		for (i=0; i<num_fds; i++) {
-@@ -391,7 +391,7 @@ static void messaging_recv_cb(struct tevent_context *e
- 		private_data, struct messaging_context);
- 	struct server_id_buf idbuf;
- 	struct messaging_rec rec;
--	int64_t fds64[MIN(num_fds, INT8_MAX)];
-+	int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))];
- 	size_t i;
- 
- 	if (msg_len < MESSAGE_HDR_LENGTH) {
-@@ -1375,7 +1375,7 @@ static void messaging_dispatch_rec(struct messaging_co
- 
- 	if (ev != msg_ctx->event_ctx) {
- 		struct iovec iov;
--		int fds[rec->num_fds];
-+		int fds[MAX(1, rec->num_fds)];
- 		int ret;
- 
- 		/*
diff --git a/net/samba412/files/patch-source3_modules_vfs__fruit.c b/net/samba412/files/patch-source3_modules_vfs__fruit.c
index d6b7c8696d24..952f5c12ff06 100644
--- a/net/samba412/files/patch-source3_modules_vfs__fruit.c
+++ b/net/samba412/files/patch-source3_modules_vfs__fruit.c
@@ -50,19 +50,29 @@ Signed-off-by: Ralph Boehme <slow@samba.org>
  	}
  
  	return ai;
---- source3/modules/vfs_fruit.c.orig	2020-05-08 09:37:56 UTC
+--- source3/modules/vfs_fruit.c.orig	2021-01-26 08:16:58 UTC
 +++ source3/modules/vfs_fruit.c
-@@ -2191,9 +2191,20 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
- {
+@@ -2146,13 +2146,30 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru
+ 	struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
  	ssize_t nread;
  	int ret;
 +	char *p = (char *)data;
  
+ 	if (fio->fake_fd) {
+ 		return -1;
+ 	}
+ 
  	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
 -	if (nread == -1 || nread == n) {
-+
-+	if (nread == -1) {
-+		return -1;
++	if (nread <= 0) {
++		/*
++		 * fruit_meta_open_stream() removes O_CREAT flag
++		 * from xattr open. This results in vfs_streams_xattr
++		 * not generating an FSP extension for the files_struct
++		 * and causes subsequent pread() of stream to return
++		 * nread=0 if pread() occurs before pwrite().
++		 */
++		return nread;
 +	}
 +
 +	if (nread == n) {
diff --git a/net/samba412/pkg-plist b/net/samba412/pkg-plist
index 3b78a2a0d2d3..6b234c6bd7c8 100644
--- a/net/samba412/pkg-plist
+++ b/net/samba412/pkg-plist
@@ -282,7 +282,6 @@ lib/samba4/private/libshares-samba4.so
 lib/samba4/private/libsmb-transport-samba4.so
 lib/samba4/private/libsmbclient-raw-samba4.so
 lib/samba4/private/libsmbd-base-samba4.so
-lib/samba4/private/libsmbd-conn-samba4.so
 lib/samba4/private/libsmbd-shim-samba4.so
 %%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so
 lib/samba4/private/libsmbpasswdparser-samba4.so
@@ -306,7 +305,6 @@ lib/samba4/private/libxattr-tdb-samba4.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_10.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_11.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_12.so
-%%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_13.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_14.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_16.so
 %%AD_DC%%%%SAMBA4_MODULEDIR%%/gensec/krb5.so
author	Timur I. Bakeyev <timur@FreeBSD.org>	2021-03-25 02:57:00 +0000
committer	Timur I. Bakeyev <timur@FreeBSD.org>	2021-03-25 02:57:00 +0000
commit	0237d8993831781238abde55c34d7c56e8a40304 (patch)
tree	47c195c3dc0593077ecd5feee85631e3873beb2e /net/samba412
parent	50d83ae9078ff27cd021d96b0e1bcc0f590efee5 (diff)
download	ports-0237d8993831781238abde55c34d7c56e8a40304.tar.gz ports-0237d8993831781238abde55c34d7c56e8a40304.zip