Security: CVE-2010-2063

Feature safe:	yes
Address CVE-2010-2063

net/samba32/Makefile

@@ -7,6 +7,7 @@
 
 PORTNAME=		samba
 PORTVERSION?=		3.2.15
+PORTREVISION?=		1
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
 MASTER_SITE_SUBDIR=	. old-versions rc pre
@@ -15,7 +16,12 @@ DISTNAME=		${PORTNAME}-${PORTVERSION:S/.p/pre/:S/.r/rc/}
 MAINTAINER?=		timur@FreeBSD.org
 COMMENT?=		A free SMB and CIFS client and server for UNIX
 
-CONFLICTS?=		*samba-3.[03].* samba4* tdb-1.* talloc-1.*
+CONFLICTS?=		*samba-3.[03-5].* samba4* tdb-1.* talloc-1.*
+
+EXPIRATION_DATE=	2010-09-01
+DEPRECATED=		Unsupported by the upstream. Please, consider to upgrade.
+
+EXTRA_PATCHES=		${PATCHDIR}/CVE-2010-2063_samba-3.3.patch
 
 USE_GMAKE=		yes
 USE_ICONV=		yes

net/samba32/files/CVE-2010-2063_samba-3.3.patch

@@ -0,0 +1,37 @@
+diff --git a/source/smbd/process.c b/source/smbd/process.c
+index 446b868..403c7c6 100644
+--- smbd/process.c
++++ smbd/process.c
+@@ -1645,6 +1645,7 @@ void construct_reply_common(const char *inbuf, char *outbuf)
+ void chain_reply(struct smb_request *req)
+ {
+ 	static char *orig_inbuf;
++	static int orig_size;
+ 
+ 	/*
+ 	 * Dirty little const_discard: We mess with req->inbuf, which is
+@@ -1679,13 +1680,24 @@ void chain_reply(struct smb_request *req)
+ 	if (chain_size == 0) {
+ 		/* this is the first part of the chain */
+ 		orig_inbuf = inbuf;
++		orig_size = size;
+ 	}
+ 
++	/* Validate smb_off2 */
++	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
++		exit_server_cleanly("Bad chained packet");
++		return;
++	}
+ 	/*
+ 	 * We need to save the output the caller added to the chain so that we
+ 	 * can splice it into the final output buffer later.
+ 	 */
+ 
++	if (outsize <= smb_wct) {
++		exit_server_cleanly("Bad chained packet");
++		return;
++	}
++
+ 	caller_outputlen = outsize - smb_wct;
+ 
+ 	caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);