diff options
| author | tron <tron> | 2013-08-12 14:21:30 +0000 |
|---|---|---|
| committer | tron <tron> | 2013-08-12 14:21:30 +0000 |
| commit | bd0acc25312be7cc27db7bc606a71af2c4b7d2b1 (patch) | |
| tree | e9d2ee9af14c5e8e35d7cb06f9ff9ad816245f77 | |
| parent | 38c15b64b33d8734ebcc2c0b99fbe927045d1d89 (diff) | |
| download | pkgsrc-bd0acc25312be7cc27db7bc606a71af2c4b7d2b1.tar.gz | |
Pullup ticket #4208 - requested by taca
net/samba35: security update
Revisions pulled up:
- net/samba35/Makefile 1.31
- net/samba35/distinfo 1.16
- net/samba35/patches/patch-af 1.6
- net/samba35/patches/patch-ah 1.3
- net/samba35/patches/patch-ap 1.2
- net/samba35/patches/patch-aq 1.4
- net/samba35/patches/patch-av 1.3
- net/samba35/patches/patch-aw 1.2
- net/samba35/patches/patch-ba 1.2
- net/samba35/patches/patch-bb 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 12 02:47:32 UTC 2013
Modified Files:
pkgsrc/net/samba35: Makefile distinfo
pkgsrc/net/samba35/patches: patch-af patch-ah patch-ap patch-aq
patch-av patch-aw patch-ba patch-bb
Log Message:
Update samba35 to 3.5.22, security release.
==============================
Release Notes for Samba 3.5.22
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.5.21:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
| -rw-r--r-- | net/samba35/Makefile | 5 | ||||
| -rw-r--r-- | net/samba35/distinfo | 24 | ||||
| -rw-r--r-- | net/samba35/patches/patch-af | 16 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ah | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ap | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-aq | 8 | ||||
| -rw-r--r-- | net/samba35/patches/patch-av | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-aw | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ba | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-bb | 6 |
10 files changed, 44 insertions, 45 deletions
diff --git a/net/samba35/Makefile b/net/samba35/Makefile index 8404b31a025..cdb4444288d 100644 --- a/net/samba35/Makefile +++ b/net/samba35/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2013/06/12 12:35:35 wiz Exp $ +# $NetBSD: Makefile,v 1.29.2.1 2013/08/12 14:21:30 tron Exp $ .include "../../net/samba/Makefile.mirrors" DISTNAME= samba-${VERSION} -PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ${SAMBA_MIRRORS:=stable/} @@ -12,7 +11,7 @@ HOMEPAGE= http://www.samba.org/ COMMENT= SMB/CIFS protocol server suite LICENSE= gnu-gpl-v3 -VERSION= 3.5.21 +VERSION= 3.5.22 CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* FILESDIR= ${PKGDIR}/../../net/samba/files diff --git a/net/samba35/distinfo b/net/samba35/distinfo index 69b183d9f9c..bd6cdb4e844 100644 --- a/net/samba35/distinfo +++ b/net/samba35/distinfo @@ -1,16 +1,16 @@ -$NetBSD: distinfo,v 1.15 2013/01/30 11:41:44 taca Exp $ +$NetBSD: distinfo,v 1.15.4.1 2013/08/12 14:21:30 tron Exp $ -SHA1 (samba-3.5.21.tar.gz) = 4da59c901fe76040201e5a861687580e93a44ddb -RMD160 (samba-3.5.21.tar.gz) = 6bfa7876f55791bb927d6032987b9c88e658d38e -Size (samba-3.5.21.tar.gz) = 35377315 bytes +SHA1 (samba-3.5.22.tar.gz) = 6c807dc64c0cd02bd560c4cfc5fe485964777e49 +RMD160 (samba-3.5.22.tar.gz) = ed8d8f9c5c1123334773fa9d47dca1e32ce54b6b +Size (samba-3.5.22.tar.gz) = 35385144 bytes SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e SHA1 (patch-ab) = 0372ff2e3caca866dacd6ed25ae1d02e34a5b567 SHA1 (patch-ac) = 5b1c0fdb781cb75f81af71ed2695144d4a35e032 SHA1 (patch-ad) = 447aaf4ea4cc98f0ccd5a3a22e1ffec0e69a3971 SHA1 (patch-ae) = 6698c698dc64c0f3df159157d182eae6aaa70958 -SHA1 (patch-af) = 247c745717eb6eeadec258b88aa5df9f09d6769c +SHA1 (patch-af) = b01d199b3ec87074b3fda4edc4dae89ea051e2e9 SHA1 (patch-ag) = 92fd576c4b05a913051925e461cde9f5a2f2d6bf -SHA1 (patch-ah) = 6142078efec4263124aa793108c43eef0ce61da4 +SHA1 (patch-ah) = 048843723a1e0de89b2bed1569157902fed94484 SHA1 (patch-ai) = 0a12dcfabcab7986968493d5f06701d06c3d5386 SHA1 (patch-aj) = aecf98cf53e6bf6890e0fc9a40e6936df5f20a1a SHA1 (patch-ak) = cb51a96310eb7dde14351e4f12b68ce8d52c92c3 @@ -18,16 +18,16 @@ SHA1 (patch-al) = f347808c376922da057256d3614a34b556721a66 SHA1 (patch-am) = 13744f8a5cce3016c37002079eba3c47077e8d6d SHA1 (patch-an) = a9b31b791d979a1062006bbe55375aaab69210a1 SHA1 (patch-ao) = bc31d3003bdaad141652daff2e0b6b3cafcee8c1 -SHA1 (patch-ap) = 3a47d212b1c29a6b3c46b83903c4f011c28a8c3c -SHA1 (patch-aq) = c3d1a3045364bebaa6c90967837907bd1de0964b +SHA1 (patch-ap) = 9aeb4b039b300d31b214662f285ed58ea9a90bb8 +SHA1 (patch-aq) = 153e4746e0f196828f119b8a50eed6081311e9f3 SHA1 (patch-ar) = 5213b0a3d95d106939c2e268a8538c5e2901079a SHA1 (patch-as) = a9fcb1813d55d598bf1226cf004de85701c93e61 SHA1 (patch-at) = dcfbe79496065559380e5713a758816e538e728b SHA1 (patch-au) = f94b27a5792acfa3742b4c07b23b3395b73eba84 -SHA1 (patch-av) = fccde3e48f2b3de3b1adfaa488a67c57696d1a83 -SHA1 (patch-aw) = 36cb31313cdbd1e4670f33924371df5ed3390420 -SHA1 (patch-ba) = 87799a62831b45e6cde8c36fbafbc08596411f98 -SHA1 (patch-bb) = 6283ffa8781d0c069f81e80704a018028e6b2b50 +SHA1 (patch-av) = 3c1ae1bc10b3fd4551e1b3a8b8290e4dd93ef730 +SHA1 (patch-aw) = ebd83ff1c3b7827654a27ea1cf99cf58aa15f29a +SHA1 (patch-ba) = 0206145c2973f5a78cbae33a3905c288399af864 +SHA1 (patch-bb) = 26a055d036ed3620681f5d043fcb564d17d16628 SHA1 (patch-bc) = 857e2400c8852f3c878f8d82857e80f214be2aea SHA1 (patch-bd) = b78324305bbf67fa4a7dd627e0af1618d2bf7b47 SHA1 (patch-be) = 2b298e596f2f57a595b83619ba68f6ad95febaaa diff --git a/net/samba35/patches/patch-af b/net/samba35/patches/patch-af index ee1f49f8602..497020aad08 100644 --- a/net/samba35/patches/patch-af +++ b/net/samba35/patches/patch-af @@ -1,11 +1,11 @@ -$NetBSD: patch-af,v 1.5 2012/12/17 12:01:35 taca Exp $ +$NetBSD: patch-af,v 1.5.6.1 2013/08/12 14:21:30 tron Exp $ Patch to join an Active Directory from http://www.ogris.de/samba/unix-active-directory.html. ---- configure.orig 2012-09-21 08:32:29.000000000 +0000 +--- configure.orig 2013-07-24 19:08:24.000000000 +0000 +++ configure -@@ -18255,6 +18255,7 @@ $as_echo "#define DARWINOS 1" >>confdefs +@@ -18294,6 +18294,7 @@ $as_echo "#define DARWINOS 1" >>confdefs BLDSHARED="true" LDSHFLAGS="-dynamiclib -flat_namespace -undefined suppress" @@ -13,7 +13,7 @@ http://www.ogris.de/samba/unix-active-directory.html. CFLAGS="$CFLAGS -fno-common" SHLD="\${CC}" SHLIBEXT="dylib" -@@ -18291,7 +18292,7 @@ fi +@@ -18330,7 +18331,7 @@ fi $as_echo "$BLDSHARED" >&6; } saved_before_as_needed_ldflags="$LDFLAGS" @@ -22,7 +22,7 @@ http://www.ogris.de/samba/unix-active-directory.html. saved_ldflags="$LDFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $flags works" >&5 $as_echo_n "checking if $flags works... " >&6; } -@@ -25255,9 +25256,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS" +@@ -25294,9 +25295,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS" @@ -35,7 +35,7 @@ http://www.ogris.de/samba/unix-active-directory.html. $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -25269,31 +25270,31 @@ else +@@ -25308,31 +25309,31 @@ else #ifdef __cplusplus extern "C" #endif @@ -75,7 +75,7 @@ http://www.ogris.de/samba/unix-active-directory.html. _ACEOF fi -@@ -34400,31 +34401,39 @@ case "$host_os" in +@@ -34441,31 +34442,39 @@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_linux.o" ;; @@ -137,7 +137,7 @@ http://www.ogris.de/samba/unix-active-directory.html. ;; *irix*) # IRIX has differently named shared libraries -@@ -34622,6 +34631,16 @@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" +@@ -34663,6 +34672,16 @@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" fi diff --git a/net/samba35/patches/patch-ah b/net/samba35/patches/patch-ah index ff355c63c25..00b4b6698b4 100644 --- a/net/samba35/patches/patch-ah +++ b/net/samba35/patches/patch-ah @@ -1,8 +1,8 @@ -$NetBSD: patch-ah,v 1.2 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-ah,v 1.2.18.1 2013/08/12 14:21:30 tron Exp $ ---- libsmb/cliconnect.c.orig 2010-12-05 16:06:50.000000000 +0000 +--- libsmb/cliconnect.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ libsmb/cliconnect.c -@@ -2555,7 +2555,7 @@ struct cli_state *get_ipc_connect_master +@@ -2583,7 +2583,7 @@ struct cli_state *get_ipc_connect_master if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list, &count))) { DEBUG(99, ("No master browsers responded\n")); diff --git a/net/samba35/patches/patch-ap b/net/samba35/patches/patch-ap index 4392b507010..3792b07766b 100644 --- a/net/samba35/patches/patch-ap +++ b/net/samba35/patches/patch-ap @@ -1,8 +1,8 @@ -$NetBSD: patch-ap,v 1.1.1.1 2010/12/06 17:01:23 adam Exp $ +$NetBSD: patch-ap,v 1.1.1.1.22.1 2013/08/12 14:21:30 tron Exp $ ---- nmbd/nmbd.c.orig 2010-10-07 16:41:16.000000000 +0000 +--- nmbd/nmbd.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ nmbd/nmbd.c -@@ -916,6 +916,10 @@ static bool open_sockets(bool isdaemon, +@@ -917,6 +917,10 @@ static bool open_sockets(bool isdaemon, mkdir(lp_lockdir(), 0755); } diff --git a/net/samba35/patches/patch-aq b/net/samba35/patches/patch-aq index 97da0ead82e..20a88888f34 100644 --- a/net/samba35/patches/patch-aq +++ b/net/samba35/patches/patch-aq @@ -1,8 +1,8 @@ -$NetBSD: patch-aq,v 1.3 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-aq,v 1.3.18.1 2013/08/12 14:21:30 tron Exp $ Add support for passwd expand gecos ---- param/loadparm.c.orig 2011-06-14 11:17:28.000000000 +0000 +--- param/loadparm.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ param/loadparm.c @@ -310,6 +310,7 @@ struct global { bool bUnixPasswdSync; @@ -28,7 +28,7 @@ Add support for passwd expand gecos .label = "check password script", .type = P_STRING, .p_class = P_GLOBAL, -@@ -5074,6 +5084,7 @@ static void init_globals(bool first_time +@@ -5083,6 +5093,7 @@ static void init_globals(bool first_time Globals.bPamPasswordChange = False; Globals.bPasswdChatDebug = False; Globals.iPasswdChatTimeout = 2; /* 2 second default. */ @@ -36,7 +36,7 @@ Add support for passwd expand gecos Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bNTStatusSupport = True; /* Use NT status by default. */ Globals.bStatCache = True; /* use stat cache by default */ -@@ -5528,6 +5539,7 @@ FN_GLOBAL_BOOL(lp_pam_password_change, & +@@ -5538,6 +5549,7 @@ FN_GLOBAL_BOOL(lp_pam_password_change, & FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync) FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug) FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, &Globals.iPasswdChatTimeout) diff --git a/net/samba35/patches/patch-av b/net/samba35/patches/patch-av index 2e63684ab11..de4d602da13 100644 --- a/net/samba35/patches/patch-av +++ b/net/samba35/patches/patch-av @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.2 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-av,v 1.2.18.1 2013/08/12 14:21:30 tron Exp $ ---- smbd/server.c.orig 2010-10-07 16:41:16.000000000 +0000 +--- smbd/server.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ smbd/server.c -@@ -1210,6 +1210,9 @@ extern void build_options(bool screen); +@@ -1213,6 +1213,9 @@ extern void build_options(bool screen); if (!directory_exist(lp_lockdir())) mkdir(lp_lockdir(), 0755); diff --git a/net/samba35/patches/patch-aw b/net/samba35/patches/patch-aw index fcd63798941..fe66aff1896 100644 --- a/net/samba35/patches/patch-aw +++ b/net/samba35/patches/patch-aw @@ -1,8 +1,8 @@ -$NetBSD: patch-aw,v 1.1.1.1 2010/12/06 17:01:23 adam Exp $ +$NetBSD: patch-aw,v 1.1.1.1.22.1 2013/08/12 14:21:30 tron Exp $ ---- winbindd/winbindd_cache.c.orig 2010-12-05 21:02:29.000000000 +0000 +--- winbindd/winbindd_cache.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ winbindd/winbindd_cache.c -@@ -4438,7 +4438,7 @@ struct winbindd_tdc_domain * wcache_tdc_ +@@ -4563,7 +4563,7 @@ struct winbindd_tdc_domain * wcache_tdc_ DEBUG(10,("wcache_tdc_fetch_domain: Searching for domain %s\n", name)); if ( !init_wcache() ) { diff --git a/net/samba35/patches/patch-ba b/net/samba35/patches/patch-ba index 65a91bdb547..aa7dfd5cb3a 100644 --- a/net/samba35/patches/patch-ba +++ b/net/samba35/patches/patch-ba @@ -1,8 +1,8 @@ -$NetBSD: patch-ba,v 1.1 2011/10/11 20:30:00 jmcneill Exp $ +$NetBSD: patch-ba,v 1.1.14.1 2013/08/12 14:21:30 tron Exp $ ---- configure.in.orig 2011-08-03 18:24:05.000000000 +0000 +--- configure.in.orig 2013-07-24 18:53:49.000000000 +0000 +++ configure.in -@@ -6239,6 +6239,11 @@ AC_CHECK_MEMBER(struct passwd.pw_age, +@@ -6244,6 +6244,11 @@ AC_CHECK_MEMBER(struct passwd.pw_age, AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]),, [#include <pwd.h>]) diff --git a/net/samba35/patches/patch-bb b/net/samba35/patches/patch-bb index fa5b087d489..99f90bc4a6a 100644 --- a/net/samba35/patches/patch-bb +++ b/net/samba35/patches/patch-bb @@ -1,8 +1,8 @@ -$NetBSD: patch-bb,v 1.1 2011/10/11 20:30:00 jmcneill Exp $ +$NetBSD: patch-bb,v 1.1.14.1 2013/08/12 14:21:30 tron Exp $ ---- include/config.h.in.orig 2011-08-03 18:25:13.000000000 +0000 +--- include/config.h.in.orig 2013-07-24 19:08:23.000000000 +0000 +++ include/config.h.in -@@ -1688,6 +1688,9 @@ +@@ -1694,6 +1694,9 @@ /* Defined if struct passwd has pw_age field */ #undef HAVE_PASSWD_PW_AGE |