MFH: r418448

Update Samba 4.2, 4.3 and 4.4 to the lates version to address CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded).

Security:	CVE-2016-2119

Approved by:	ports-secteam (with hat)
This commit is contained in:
Mark Felder 2016-07-13 13:32:56 +00:00
parent 5eff0abaf1
commit a08a0b65da
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2016Q3/; revision=418477
11 changed files with 32 additions and 72 deletions

View file

@ -19,7 +19,7 @@ EXTRA_PATCHES= ${PATCHDIR}/extra-patch-progress:-p1
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.2.12
SAMBA4_VERSION= 4.2.14
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}

View file

@ -1,2 +1,3 @@
SHA256 (samba-4.2.12.tar.gz) = b334a86a92a1c2759c0b3dce20965e7fe820f0abafee38e6fd82eb9c5cd80514
SIZE (samba-4.2.12.tar.gz) = 20878216
TIMESTAMP = 1468280138
SHA256 (samba-4.2.14.tar.gz) = db820a9947e44f04b0eb25e4aa0c3db32c4042fca541775ee8e2905093e888e6
SIZE (samba-4.2.14.tar.gz) = 20883281

View file

@ -15,11 +15,11 @@ LICENSE= GPLv3
CONFLICTS?= *samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba42-4.2.* samba44-4.4.*
EXTRA_PATCHES= ${PATCHDIR}/extra-patch-progress:-p1
#EXTRA_PATCHES= ${PATCHDIR}/extra-patch-progress:-p1
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.3.9
SAMBA4_VERSION= 4.3.11
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@ -89,6 +89,10 @@ BUILD_DEPENDS+= p5-Parse-Pidl>=4.3.1:devel/p5-Parse-Pidl
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:dns/py-dnspython
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:dns/py-dnspython
PLIST_SUB+= PY_DNSPYTHON="@comment "
#
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=0.1.11:devel/py-iso8601
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=0.1.11:devel/py-iso8601
PLIST_SUB+= PY_ISO8601="@comment "
# talloc
BUILD_DEPENDS+= talloc>=2.1.5:devel/talloc
RUN_DEPENDS+= talloc>=2.1.5:devel/talloc

View file

@ -1,2 +1,3 @@
SHA256 (samba-4.3.9.tar.gz) = 1f22c61a7f24c5357a9ef4d10833a2cd161f40f3db03bcbe586d7cd3a56139f3
SIZE (samba-4.3.9.tar.gz) = 20570849
TIMESTAMP = 1468280731
SHA256 (samba-4.3.11.tar.gz) = 90a967310e34a31d5c9fc5f86855f334fc19815e7e59f5c2d72a9bba23cf4fec
SIZE (samba-4.3.11.tar.gz) = 20573432

View file

@ -1,31 +0,0 @@
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index c65fb08..13713fc 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1005,7 +1005,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
entry,
"gecos",
ctx);
- if (unix_pw.pw_gecos) {
+ if (unix_pw.pw_gecos==NULL) {
unix_pw.pw_gecos = fullname;
}
unix_pw.pw_dir = smbldap_talloc_single_attribute(
@@ -1013,7 +1013,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
entry,
"homeDirectory",
ctx);
- if (unix_pw.pw_dir) {
+ if (unix_pw.pw_dir==NULL) {
unix_pw.pw_dir = discard_const_p(char, "");
}
unix_pw.pw_shell = smbldap_talloc_single_attribute(
@@ -1021,7 +1021,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
entry,
"loginShell",
ctx);
- if (unix_pw.pw_shell) {
+ if (unix_pw.pw_shell==NULL) {
unix_pw.pw_shell = discard_const_p(char, "");
}

View file

@ -1,11 +0,0 @@
--- source3/client/smbspool_krb5_wrapper.c.orig 2016-04-21 00:26:35.874203000 +0000
+++ source3/client/smbspool_krb5_wrapper.c 2016-04-21 00:47:23.148722000 +0000
@@ -195,7 +195,7 @@
* Make sure we do not have LD_PRELOAD or other security relevant
* environment variables set.
*/
- clearenv();
+ environ = NULL;
CUPS_SMB_DEBUG("Setting KRB5CCNAME to '%s'", gen_cc);
setenv("KRB5CCNAME", gen_cc, 1);

View file

@ -657,6 +657,7 @@ lib/shared-modules/vfs/zfsacl.so
%%PYTHON_SITELIBDIR%%/samba/tests/samba3sam.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/base.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/fsmo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/gpo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/group.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/ntacl.py
@ -673,10 +674,10 @@ lib/shared-modules/vfs/zfsacl.so
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovision.py
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovisionneeddc.py
%%PYTHON_SITELIBDIR%%/samba/tests/xattr.py
%%PYTHON_SITELIBDIR%%/samba/third_party/__init__.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/__init__.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/iso8601.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/test_iso8601.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/__init__.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/__init__.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/iso8601.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/test_iso8601.py
%%PYTHON_SITELIBDIR%%/samba/upgrade.py
%%PYTHON_SITELIBDIR%%/samba/upgradehelpers.py
%%PYTHON_SITELIBDIR%%/samba/web_server/__init__.py

View file

@ -3,7 +3,7 @@
PORTNAME?= ${SAMBA4_BASENAME}44
PORTVERSION?= ${SAMBA4_VERSION}
PORTREVISION?= 1
PORTREVISION?= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@ -19,7 +19,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba42-4.2.* samba43-4
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.4.3
SAMBA4_VERSION= 4.4.5
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@ -90,6 +90,10 @@ BUILD_DEPENDS+= p5-Parse-Pidl>=4.3.1:devel/p5-Parse-Pidl
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:dns/py-dnspython
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:dns/py-dnspython
PLIST_SUB+= PY_DNSPYTHON="@comment "
#
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=0.1.11:devel/py-iso8601
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=0.1.11:devel/py-iso8601
PLIST_SUB+= PY_ISO8601="@comment "
# talloc
BUILD_DEPENDS+= talloc>=2.1.6:devel/talloc
RUN_DEPENDS+= talloc>=2.1.6:devel/talloc

View file

@ -1,2 +1,3 @@
SHA256 (samba-4.4.3.tar.gz) = 031e6ada6d15deae6850845eed41497af32207fb679d6c6c74f19acc99d437ba
SIZE (samba-4.4.3.tar.gz) = 20705861
TIMESTAMP = 1468271289
SHA256 (samba-4.4.5.tar.gz) = b876ef2e63f66265490e80a122e66ef2d7616112b839df68f56ac2e1ce17a7bd
SIZE (samba-4.4.5.tar.gz) = 20715838

View file

@ -1,11 +0,0 @@
--- source3/client/smbspool_krb5_wrapper.c.orig 2016-04-21 00:26:35.874203000 +0000
+++ source3/client/smbspool_krb5_wrapper.c 2016-04-21 00:47:23.148722000 +0000
@@ -195,7 +195,7 @@
* Make sure we do not have LD_PRELOAD or other security relevant
* environment variables set.
*/
- clearenv();
+ environ = NULL;
CUPS_SMB_DEBUG("Setting KRB5CCNAME to '%s'", gen_cc);
setenv("KRB5CCNAME", gen_cc, 1);

View file

@ -608,6 +608,7 @@ lib/shared-modules/vfs/zfsacl.so
%%PYTHON_SITELIBDIR%%/samba/tests/samba3sam.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/__init__.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/base.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/fsmo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/gpo.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/group.py
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/ntacl.py
@ -625,10 +626,10 @@ lib/shared-modules/vfs/zfsacl.so
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovision.py
%%PYTHON_SITELIBDIR%%/samba/tests/upgradeprovisionneeddc.py
%%PYTHON_SITELIBDIR%%/samba/tests/xattr.py
%%PYTHON_SITELIBDIR%%/samba/third_party/__init__.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/__init__.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/iso8601.py
%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/test_iso8601.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/__init__.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/__init__.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/iso8601.py
%%PY_ISO8601%%%%PYTHON_SITELIBDIR%%/samba/third_party/iso8601/test_iso8601.py
%%PYTHON_SITELIBDIR%%/samba/upgrade.py
%%PYTHON_SITELIBDIR%%/samba/upgradehelpers.py
%%PYTHON_SITELIBDIR%%/samba/web_server/__init__.py