kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/samba/patches/patch-at
taca 869af6a3d7 Update samba package to 3.0.37. 
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
Please note that Samba 3.0 is not maintained any longer. This security
release is shipped on a voluntary basis.

   o CVE-2009-2813:
     In all versions of Samba later than 3.0.11, connecting to the home
     share of a user will use the root of the filesystem
     as the home directory if this user is misconfigured to have
     an empty home directory in /etc/passwd.

   o CVE-2009-2948:
     If mount.cifs is installed as a setuid program, a user can pass it a
     credential or password path to which he or she does not have access and
     then use the --verbose option to view the first line of that file.

   o CVE-2009-2906:
     Specially crafted SMB requests on authenticated SMB connections can
     send smbd into a 100% CPU loop, causing a DoS on the Samba server.
2009-10-04 16:58:38 +00:00

298 lines
8.7 KiB
Text
Raw Blame History

$NetBSD: patch-at,v 1.14 2009/10/04 16:58:38 taca Exp $
--- configure.orig 2009-09-30 22:08:58.000000000 +0900
+++ configure
@@ -765,6 +765,7 @@ swatdir
privatedir
logfilebase
piddir
+statedir
lockdir
configdir
target_os
@@ -827,6 +828,7 @@ with_fhs
with_privatedir
with_rootsbindir
with_lockdir
+with_statedir
with_piddir
with_swatdir
with_configdir
@@ -1537,6 +1539,7 @@ Optional Packages:
--with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)
--with-rootsbindir=DIR Which directory to use for root sbin ($ac_default_prefix/sbin)
--with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)
+ --with-statedir=DIR Where to put state files ($ac_default_prefix/var/locks)
--with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks)
--with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)
--with-configdir=DIR Where to put configuration files ($libdir)
@@ -2296,6 +2299,7 @@ fi
rootsbindir="\${SBINDIR}"
lockdir="\${VARDIR}/locks"
+statedir="\${VARDIR}/locks"
piddir="\${VARDIR}/locks"
test "${mandir}" || mandir="\${prefix}/man"
logfilebase="\${VARDIR}"
@@ -2310,7 +2314,8 @@ swatdir="\${prefix}/swat"
if test "${with_fhs+set}" = set; then
withval=$with_fhs; case "$withval" in
yes)
- lockdir="\${VARDIR}/lib/samba"
+ lockdir="\${VARDIR}/run/samba"
+ statedir="\${VARDIR}/lib/samba"
piddir="\${VARDIR}/run"
mandir="\${prefix}/share/man"
logfilebase="\${VARDIR}/log/samba"
@@ -2384,6 +2389,26 @@ fi
#################################################
+# set state directory location
+
+# Check whether --with-statedir was given.
+if test "${with_statedir+set}" = set; then
+ withval=$with_statedir; case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ { $as_echo "$as_me:$LINENO: WARNING: --with-statedir called without argument - will use default" >&5
+$as_echo "$as_me: WARNING: --with-statedir called without argument - will use default" >&2;}
+ ;;
+ * )
+ statedir="$withval"
+ ;;
+ esac
+fi
+
+
+#################################################
# set pid directory location
# Check whether --with-piddir was given.
@@ -2624,6 +2649,7 @@ fi
+
## check for --enable-debug first before checking CFLAGS before
## so that we don't mix -O and -g
# Check whether --enable-debug was given.
@@ -33670,7 +33696,8 @@ done
-for ac_func in getdents getdents64
+
+for ac_func in getdents getdents64 getpwent_r
do
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -49983,6 +50010,77 @@ done
##################
# look for a method of finding the list of network interfaces
iface=no;
+{ $as_echo "$as_me:$LINENO: checking for iface ifaddrs" >&5
+$as_echo_n "checking for iface ifaddrs... " >&6; }
+if test "${samba_cv_HAVE_IFACE_IFADDRS+set}" = set; then
+ $as_echo_n "(cached) " >&6
+else
+
+SAVE_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}"
+if test "$cross_compiling" = yes; then
+ samba_cv_HAVE_IFACE_IFADDRS=cross
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#define HAVE_IFACE_IFADDRS 1
+#define AUTOCONF_TEST 1
+#include "${srcdir-.}/lib/interfaces.c"
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ samba_cv_HAVE_IFACE_IFADDRS=yes
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+samba_cv_HAVE_IFACE_IFADDRS=no
+fi
+rm -rf conftest.dSYM
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $samba_cv_HAVE_IFACE_IFADDRS" >&5
+$as_echo "$samba_cv_HAVE_IFACE_IFADDRS" >&6; }
+CPPFLAGS="$SAVE_CPPFLAGS"
+if test x"$samba_cv_HAVE_IFACE_IFADDRS" = x"yes"; then
+ iface=yes;
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_IFACE_IFADDRS 1
+_ACEOF
+
+fi
+
+if test $iface = no; then
{ $as_echo "$as_me:$LINENO: checking for iface AIX" >&5
$as_echo_n "checking for iface AIX... " >&6; }
if test "${samba_cv_HAVE_IFACE_AIX+set}" = set; then
@@ -50053,6 +50151,7 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
fi
+fi
if test $iface = no; then
{ $as_echo "$as_me:$LINENO: checking for iface ifconf" >&5
@@ -53580,9 +53679,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS"
- { $as_echo "$as_me:$LINENO: checking for des_set_key in -lcrypto" >&5
-$as_echo_n "checking for des_set_key in -lcrypto... " >&6; }
-if test "${ac_cv_lib_ext_crypto_des_set_key+set}" = set; then
+ { $as_echo "$as_me:$LINENO: checking for EVP_des_cbc in -lcrypto" >&5
+$as_echo_n "checking for EVP_des_cbc in -lcrypto... " >&6; }
+if test "${ac_cv_lib_ext_crypto_EVP_des_cbc+set}" = set; then
$as_echo_n "(cached) " >&6
else
cat >conftest.$ac_ext <<_ACEOF
@@ -53598,11 +53697,11 @@ cat >>conftest.$ac_ext <<_ACEOF
#ifdef __cplusplus
extern "C"
#endif
-char des_set_key ();
+char EVP_des_cbc ();
int
main ()
{
-return des_set_key ();
+return EVP_des_cbc ();
;
return 0;
}
@@ -53628,13 +53727,13 @@ $as_echo "$ac_try_echo") >&5
test "$cross_compiling" = yes ||
$as_test_x conftest$ac_exeext
}; then
- ac_cv_lib_ext_crypto_des_set_key=yes;
+ ac_cv_lib_ext_crypto_EVP_des_cbc=yes;
ac_cv_lib_ext_crypto=yes
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_lib_ext_crypto_des_set_key=no;
+ ac_cv_lib_ext_crypto_EVP_des_cbc=no;
ac_cv_lib_ext_crypto=no
fi
@@ -53643,11 +53742,11 @@ rm -f core conftest.err conftest.$ac_obj
conftest$ac_exeext conftest.$ac_ext
fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_crypto_des_set_key" >&5
-$as_echo "$ac_cv_lib_ext_crypto_des_set_key" >&6; }
- if test $ac_cv_lib_ext_crypto_des_set_key = yes; then
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_crypto_EVP_des_cbc" >&5
+$as_echo "$ac_cv_lib_ext_crypto_EVP_des_cbc" >&6; }
+ if test $ac_cv_lib_ext_crypto_EVP_des_cbc = yes; then
cat >>confdefs.h <<_ACEOF
-#define HAVE_DES_SET_KEY 1
+#define HAVE_EVP_DES_CBC 1
_ACEOF
fi
@@ -67399,31 +67498,39 @@ case "$host_os" in
NSSSONAMEVERSIONSUFFIX=".2"
WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
;;
- *freebsd[5-9]*)
- # FreeBSD winbind client is implemented as a wrapper around
- # the Linux version.
- NSSSONAMEVERSIONSUFFIX=".1"
- WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
- nsswitch/winbind_nss_linux.o"
- WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
- WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
- ;;
-
- *netbsd*[3-9]*)
- # NetBSD winbind client is implemented as a wrapper
- # around the Linux version. It needs getpwent_r() to
- # indicate libc's use of the correct nsdispatch API.
- #
- if test x"$ac_cv_func_getpwent_r" = x"yes"; then
- WINBIND_NSS_EXTRA_OBJS="\
- nsswitch/winbind_nss_netbsd.o \
+ *freebsd*)
+ case "$UNAME_R" in
+ [5-9]*)
+ # FreeBSD winbind client is implemented as a wrapper
+ # around the Linux version.
+ NSSSONAMEVERSIONSUFFIX=".1"
+ WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
nsswitch/winbind_nss_linux.o"
WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
- else
- HAVE_WINBIND=no
- winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported"
- fi
+ ;;
+ esac
+ ;;
+
+ *netbsd*)
+ case "$UNAME_R" in
+ [3-9]*)
+ # NetBSD winbind client is implemented as a wrapper
+ # around the Linux version. It needs getpwent_r() to
+ # indicate libc's use of the correct nsdispatch API.
+ #
+ if test x"$ac_cv_func_getpwent_r" = x"yes"; then
+ WINBIND_NSS_EXTRA_OBJS="\
+ nsswitch/winbind_nss_netbsd.o \
+ nsswitch/winbind_nss_linux.o"
+ WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
+ WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
+ else
+ HAVE_WINBIND=no
+ winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported"
+ fi
+ ;;
+ esac
;;
*irix*)
# IRIX has differently named shared libraries
Reference in a new issue View git blame Copy permalink