diff options
author | Timur I. Bakeyev <timur@FreeBSD.org> | 2021-03-25 02:57:00 +0000 |
---|---|---|
committer | Timur I. Bakeyev <timur@FreeBSD.org> | 2021-03-25 02:57:00 +0000 |
commit | 0237d8993831781238abde55c34d7c56e8a40304 (patch) | |
tree | 47c195c3dc0593077ecd5feee85631e3873beb2e /net/samba412 | |
parent | 50d83ae9078ff27cd021d96b0e1bcc0f590efee5 (diff) | |
download | ports-0237d8993831781238abde55c34d7c56e8a40304.tar.gz ports-0237d8993831781238abde55c34d7c56e8a40304.zip |
Security update for net/samba4* ports to 4.13.6 and 4.12.13 respectively.
Mark net/samba411 s deprecated.
Relnotes: CVE-2020-27840
CVE-2021-20277
Notes
Notes:
svn path=/head/; revision=569181
Diffstat (limited to 'net/samba412')
-rw-r--r-- | net/samba412/Makefile | 4 | ||||
-rw-r--r-- | net/samba412/distinfo | 6 | ||||
-rw-r--r-- | net/samba412/files/patch-bind | 85 | ||||
-rw-r--r-- | net/samba412/files/patch-source3_lib_messages.c | 29 | ||||
-rw-r--r-- | net/samba412/files/patch-source3_modules_vfs__fruit.c | 22 | ||||
-rw-r--r-- | net/samba412/pkg-plist | 2 |
6 files changed, 93 insertions, 55 deletions
diff --git a/net/samba412/Makefile b/net/samba412/Makefile index 8b2e336f81d4..52285d6f56ac 100644 --- a/net/samba412/Makefile +++ b/net/samba412/Makefile @@ -3,7 +3,7 @@ PORTNAME= ${SAMBA4_BASENAME}412 PORTVERSION= ${SAMBA4_VERSION} -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.patch:-p1 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.12.9 +SAMBA4_VERSION= 4.12.13 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} diff --git a/net/samba412/distinfo b/net/samba412/distinfo index 5f986d594b90..6fe48275de92 100644 --- a/net/samba412/distinfo +++ b/net/samba412/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1604112111 -SHA256 (samba-4.12.9.tar.gz) = 786edf7b45b68ce637cb16daaa861097fdd71c9bac8428eec161a3a123f65060 -SIZE (samba-4.12.9.tar.gz) = 18236198 +TIMESTAMP = 1616600978 +SHA256 (samba-4.12.13.tar.gz) = 5bc1cacb4e12bd6618d882e7750a335eec910310043a58d8e18e6614fda3b98d +SIZE (samba-4.12.13.tar.gz) = 18260488 diff --git a/net/samba412/files/patch-bind b/net/samba412/files/patch-bind index b98f2338319b..78e3f5523d4f 100644 --- a/net/samba412/files/patch-bind +++ b/net/samba412/files/patch-bind @@ -1,4 +1,4 @@ ---- python/samba/provision/sambadns.py.orig 2020-03-26 08:58:46 UTC +--- python/samba/provision/sambadns.py.orig 2020-11-03 14:33:19 UTC +++ python/samba/provision/sambadns.py @@ -27,6 +27,7 @@ import time import ldb @@ -8,7 +8,7 @@ import samba from samba.tdb_util import tdb_copy from samba.mdb_util import mdb_copy -@@ -965,34 +966,35 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac +@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac stderr=subprocess.STDOUT, cwd='.').communicate()[0] bind_info = get_string(bind_info) @@ -17,6 +17,8 @@ - bind9_10 = '#' - bind9_11 = '#' - bind9_12 = '#' +- bind9_14 = '#' +- bind9_16 = '#' - if bind_info.upper().find('BIND 9.8') != -1: - bind9_8 = '' - elif bind_info.upper().find('BIND 9.9') != -1: @@ -27,8 +29,19 @@ - bind9_11 = '' - elif bind_info.upper().find('BIND 9.12') != -1: - bind9_12 = '' +- elif bind_info.upper().find('BIND 9.14') != -1: +- bind9_14 = '' +- elif bind_info.upper().find('BIND 9.16') != -1: +- bind9_16 = '' - elif bind_info.upper().find('BIND 9.7') != -1: - raise ProvisioningError("DLZ option incompatible with BIND 9.7.") +- elif bind_info.upper().find('BIND_9.13') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.15') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.17') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ + bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I) + if bind9_release: + bind9_disabled = '' @@ -39,6 +52,8 @@ + raise ProvisioningError("DLZ option incompatible with BIND 9.7.") + elif bind9_version_minor == 8: + bind9_dlz_version = "9" ++ elif bind9_version_minor in [13, 15, 17]: ++ raise ProvisioningError("Only stable/esv releases of BIND are supported.") + else: + bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor) else: @@ -61,53 +76,71 @@ - "BIND9_9": bind9_9, - "BIND9_10": bind9_10, - "BIND9_11": bind9_11, -- "BIND9_12": bind9_12 -- +- "BIND9_12": bind9_12, +- "BIND9_14": bind9_14, +- "BIND9_16": bind9_16 + "BIND9_DLZ": bind9_dlz }) --- source4/dns_server/dlz_minimal.h.orig 2019-12-06 10:10:30 UTC +++ source4/dns_server/dlz_minimal.h -@@ -23,22 +23,23 @@ - #ifndef DLZ_MINIMAL_H - #define DLZ_MINIMAL_H 1 +@@ -26,32 +26,31 @@ + #include <stdint.h> + #include <stdbool.h> -#if defined (BIND_VERSION_9_8) -# define DLZ_DLOPEN_VERSION 1 -#elif defined (BIND_VERSION_9_9) -# define DLZ_DLOPEN_VERSION 2 -# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_10) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_11) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_12) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_14) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_16) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +#if defined (BIND_VERSION) +# if BIND_VERSION == 908 +# define DLZ_DLOPEN_VERSION 1 +# elif BIND_VERSION == 909 +# define DLZ_DLOPEN_VERSION 2 +# define DNS_CLIENTINFO_VERSION 1 ++# define ISC_BOOLEAN_AS_BOOL 0 +# elif BIND_VERSION == 910 +# define DLZ_DLOPEN_VERSION 3 +# define DNS_CLIENTINFO_VERSION 1 -+# elif BIND_VERSION >= 911 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION == 911 || BIND_VERSION == 912 +# define DLZ_DLOPEN_VERSION 3 +# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION >= 914 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 1 +# else +# error Unsupported BIND version +# endif #else --# error Unsupported BIND version + # error Unsupported BIND version +# error BIND_VERSION undefined #endif - #if DLZ_DLOPEN_VERSION > 1 + #ifndef ISC_BOOLEAN_AS_BOOL --- source4/dns_server/wscript_build.orig 2019-12-06 10:11:08 UTC +++ source4/dns_server/wscript_build @@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns', @@ -119,12 +152,12 @@ private_library=True, link_name='modules/bind9/dlz_bind9.so', realname='dlz_bind9.so', -@@ -28,49 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9', +@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9', deps='samba-hostconfig samdb-common gensec popt dnsserver_common', enabled=bld.AD_DC_BUILD_IS_ENABLED()) -bld.SAMBA_LIBRARY('dlz_bind9_9', -+for bind_version in (909, 910, 911, 912, 913, 914, 916): ++for bind_version in (909, 910, 911, 912, 914, 916): + string_version='%d_%d' % (bind_version//100, bind_version % 100) + bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version), source='dlz_bind9.c', @@ -169,6 +202,26 @@ - deps='samba-hostconfig samdb-common gensec popt dnsserver_common', - enabled=bld.AD_DC_BUILD_IS_ENABLED()) - +-bld.SAMBA_LIBRARY('dlz_bind9_14', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_14', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_14.so', +- realname='dlz_bind9_14.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_16', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_16.so', +- realname='dlz_bind9_16.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- bld.SAMBA_LIBRARY('dlz_bind9_for_torture', source='dlz_bind9.c', - cflags='-DBIND_VERSION_9_8', @@ -178,7 +231,7 @@ enabled=bld.AD_DC_BUILD_IS_ENABLED()) --- source4/setup/named.conf.dlz.orig 2019-12-06 10:10:31 UTC +++ source4/setup/named.conf.dlz -@@ -7,22 +7,10 @@ +@@ -7,28 +7,10 @@ # # This configures dynamically loadable zones (DLZ) from AD schema @@ -200,6 +253,12 @@ - - # For BIND 9.12.x - ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so"; +- +- # For BIND 9.14.x +- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; +- +- # For BIND 9.16.x +- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; }; --- source4/torture/dns/wscript_build.orig 2020-04-11 03:26:46 UTC diff --git a/net/samba412/files/patch-source3_lib_messages.c b/net/samba412/files/patch-source3_lib_messages.c deleted file mode 100644 index 2b6a06139fcb..000000000000 --- a/net/samba412/files/patch-source3_lib_messages.c +++ /dev/null @@ -1,29 +0,0 @@ ---- source3/lib/messages.c.orig 2020-02-28 08:59:35 UTC -+++ source3/lib/messages.c -@@ -157,7 +157,7 @@ struct messaging_rec *messaging_rec_create( - - { - struct messaging_rec rec; -- int64_t fds64[num_fds]; -+ int64_t fds64[MAX(1, num_fds)]; - size_t i; - - for (i=0; i<num_fds; i++) { -@@ -391,7 +391,7 @@ static void messaging_recv_cb(struct tevent_context *e - private_data, struct messaging_context); - struct server_id_buf idbuf; - struct messaging_rec rec; -- int64_t fds64[MIN(num_fds, INT8_MAX)]; -+ int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))]; - size_t i; - - if (msg_len < MESSAGE_HDR_LENGTH) { -@@ -1375,7 +1375,7 @@ static void messaging_dispatch_rec(struct messaging_co - - if (ev != msg_ctx->event_ctx) { - struct iovec iov; -- int fds[rec->num_fds]; -+ int fds[MAX(1, rec->num_fds)]; - int ret; - - /* diff --git a/net/samba412/files/patch-source3_modules_vfs__fruit.c b/net/samba412/files/patch-source3_modules_vfs__fruit.c index d6b7c8696d24..952f5c12ff06 100644 --- a/net/samba412/files/patch-source3_modules_vfs__fruit.c +++ b/net/samba412/files/patch-source3_modules_vfs__fruit.c @@ -50,19 +50,29 @@ Signed-off-by: Ralph Boehme <slow@samba.org> } return ai; ---- source3/modules/vfs_fruit.c.orig 2020-05-08 09:37:56 UTC +--- source3/modules/vfs_fruit.c.orig 2021-01-26 08:16:58 UTC +++ source3/modules/vfs_fruit.c -@@ -2191,9 +2191,20 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru - { +@@ -2146,13 +2146,30 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru + struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp); ssize_t nread; int ret; + char *p = (char *)data; + if (fio->fake_fd) { + return -1; + } + nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); - if (nread == -1 || nread == n) { -+ -+ if (nread == -1) { -+ return -1; ++ if (nread <= 0) { ++ /* ++ * fruit_meta_open_stream() removes O_CREAT flag ++ * from xattr open. This results in vfs_streams_xattr ++ * not generating an FSP extension for the files_struct ++ * and causes subsequent pread() of stream to return ++ * nread=0 if pread() occurs before pwrite(). ++ */ ++ return nread; + } + + if (nread == n) { diff --git a/net/samba412/pkg-plist b/net/samba412/pkg-plist index 3b78a2a0d2d3..6b234c6bd7c8 100644 --- a/net/samba412/pkg-plist +++ b/net/samba412/pkg-plist @@ -282,7 +282,6 @@ lib/samba4/private/libshares-samba4.so lib/samba4/private/libsmb-transport-samba4.so lib/samba4/private/libsmbclient-raw-samba4.so lib/samba4/private/libsmbd-base-samba4.so -lib/samba4/private/libsmbd-conn-samba4.so lib/samba4/private/libsmbd-shim-samba4.so %%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so lib/samba4/private/libsmbpasswdparser-samba4.so @@ -306,7 +305,6 @@ lib/samba4/private/libxattr-tdb-samba4.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_10.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_11.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_12.so -%%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_13.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_14.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_16.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/gensec/krb5.so |