diff options
| author | taca <taca@pkgsrc.org> | 2009-10-04 16:58:38 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2009-10-04 16:58:38 +0000 |
| commit | 869af6a3d74dbc4cae9b612c60bbe197fe3881b2 (patch) | |
| tree | 986afaa99b144acd19b3850ede9f4f310e381a57 /net/samba/patches | |
| parent | 0593510e0cd92b817d08b22f290acf8b738b0afb (diff) | |
| download | pkgsrc-869af6a3d74dbc4cae9b612c60bbe197fe3881b2.tar.gz | |
Update samba package to 3.0.37.
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
Please note that Samba 3.0 is not maintained any longer. This security
release is shipped on a voluntary basis.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.
Diffstat (limited to 'net/samba/patches')
| -rw-r--r-- | net/samba/patches/patch-aa | 6 | ||||
| -rw-r--r-- | net/samba/patches/patch-at | 36 | ||||
| -rw-r--r-- | net/samba/patches/patch-au | 24 | ||||
| -rw-r--r-- | net/samba/patches/patch-bg | 10 | ||||
| -rw-r--r-- | net/samba/patches/patch-bo | 6 | ||||
| -rw-r--r-- | net/samba/patches/patch-bp | 6 | ||||
| -rw-r--r-- | net/samba/patches/patch-bu | 10 | ||||
| -rw-r--r-- | net/samba/patches/patch-bw | 10 | ||||
| -rw-r--r-- | net/samba/patches/patch-ci | 13 |
9 files changed, 67 insertions, 54 deletions
diff --git a/net/samba/patches/patch-aa b/net/samba/patches/patch-aa index ee655612925..fa7f1e8e9f2 100644 --- a/net/samba/patches/patch-aa +++ b/net/samba/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.32 2008/04/03 20:19:42 jlam Exp $ +$NetBSD: patch-aa,v 1.33 2009/10/04 16:58:38 taca Exp $ ---- nsswitch/pam_winbind.c.orig 2008-03-08 10:56:27.000000000 -0500 +--- nsswitch/pam_winbind.c.orig 2009-09-30 21:21:56.000000000 +0900 +++ nsswitch/pam_winbind.c -@@ -1291,6 +1291,8 @@ static char *_pam_delete(register char * +@@ -1295,6 +1295,8 @@ static char *_pam_delete(register char * return NULL; } diff --git a/net/samba/patches/patch-at b/net/samba/patches/patch-at index a7f5927d1c6..aef644327e7 100644 --- a/net/samba/patches/patch-at +++ b/net/samba/patches/patch-at @@ -1,8 +1,8 @@ -$NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ +$NetBSD: patch-at,v 1.14 2009/10/04 16:58:38 taca Exp $ ---- configure.orig 2009-06-22 22:02:40.000000000 +0100 -+++ configure 2009-07-08 15:21:45.000000000 +0100 -@@ -765,6 +765,7 @@ +--- configure.orig 2009-09-30 22:08:58.000000000 +0900 ++++ configure +@@ -765,6 +765,7 @@ swatdir privatedir logfilebase piddir @@ -10,7 +10,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ lockdir configdir target_os -@@ -827,6 +828,7 @@ +@@ -827,6 +828,7 @@ with_fhs with_privatedir with_rootsbindir with_lockdir @@ -18,7 +18,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ with_piddir with_swatdir with_configdir -@@ -1537,6 +1539,7 @@ +@@ -1537,6 +1539,7 @@ Optional Packages: --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private) --with-rootsbindir=DIR Which directory to use for root sbin ($ac_default_prefix/sbin) --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks) @@ -26,7 +26,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ --with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks) --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat) --with-configdir=DIR Where to put configuration files ($libdir) -@@ -2296,6 +2299,7 @@ +@@ -2296,6 +2299,7 @@ fi rootsbindir="\${SBINDIR}" lockdir="\${VARDIR}/locks" @@ -34,7 +34,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ piddir="\${VARDIR}/locks" test "${mandir}" || mandir="\${prefix}/man" logfilebase="\${VARDIR}" -@@ -2310,7 +2314,8 @@ +@@ -2310,7 +2314,8 @@ swatdir="\${prefix}/swat" if test "${with_fhs+set}" = set; then withval=$with_fhs; case "$withval" in yes) @@ -44,7 +44,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ piddir="\${VARDIR}/run" mandir="\${prefix}/share/man" logfilebase="\${VARDIR}/log/samba" -@@ -2384,6 +2389,26 @@ +@@ -2384,6 +2389,26 @@ fi ################################################# @@ -71,7 +71,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ # set pid directory location # Check whether --with-piddir was given. -@@ -2624,6 +2649,7 @@ +@@ -2624,6 +2649,7 @@ fi @@ -79,7 +79,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ ## check for --enable-debug first before checking CFLAGS before ## so that we don't mix -O and -g # Check whether --enable-debug was given. -@@ -33459,7 +33485,8 @@ +@@ -33670,7 +33696,8 @@ done @@ -89,7 +89,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 -@@ -49772,6 +49799,77 @@ +@@ -49983,6 +50010,77 @@ done ################## # look for a method of finding the list of network interfaces iface=no; @@ -167,7 +167,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ { $as_echo "$as_me:$LINENO: checking for iface AIX" >&5 $as_echo_n "checking for iface AIX... " >&6; } if test "${samba_cv_HAVE_IFACE_AIX+set}" = set; then -@@ -49842,6 +49940,7 @@ +@@ -50053,6 +50151,7 @@ cat >>confdefs.h <<\_ACEOF _ACEOF fi @@ -175,7 +175,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ if test $iface = no; then { $as_echo "$as_me:$LINENO: checking for iface ifconf" >&5 -@@ -53369,9 +53468,9 @@ +@@ -53580,9 +53679,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS" @@ -188,7 +188,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF -@@ -53387,11 +53486,11 @@ +@@ -53598,11 +53697,11 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef __cplusplus extern "C" #endif @@ -202,7 +202,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ ; return 0; } -@@ -53417,13 +53516,13 @@ +@@ -53628,13 +53727,13 @@ $as_echo "$ac_try_echo") >&5 test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then @@ -218,7 +218,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ ac_cv_lib_ext_crypto=no fi -@@ -53432,11 +53531,11 @@ +@@ -53643,11 +53742,11 @@ rm -f core conftest.err conftest.$ac_obj conftest$ac_exeext conftest.$ac_ext fi @@ -234,7 +234,7 @@ $NetBSD: patch-at,v 1.13 2009/07/08 19:37:27 tron Exp $ _ACEOF fi -@@ -67188,31 +67287,39 @@ +@@ -67399,31 +67498,39 @@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o" ;; diff --git a/net/samba/patches/patch-au b/net/samba/patches/patch-au index ec08fab714f..c77ac01c5a1 100644 --- a/net/samba/patches/patch-au +++ b/net/samba/patches/patch-au @@ -1,7 +1,7 @@ -$NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ ---- configure.in.orig 2008-08-25 22:09:21.000000000 +0100 -+++ configure.in 2009-03-03 17:11:54.000000000 +0000 -@@ -38,6 +38,7 @@ +$NetBSD: patch-au,v 1.11 2009/10/04 16:58:38 taca Exp $ +--- configure.in.orig 2009-09-30 21:21:56.000000000 +0900 ++++ configure.in +@@ -38,6 +38,7 @@ AC_PREFIX_DEFAULT(/usr/local/samba) rootsbindir="\${SBINDIR}" lockdir="\${VARDIR}/locks" @@ -9,7 +9,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ piddir="\${VARDIR}/locks" test "${mandir}" || mandir="\${prefix}/man" logfilebase="\${VARDIR}" -@@ -51,7 +52,8 @@ +@@ -51,7 +52,8 @@ AC_ARG_WITH(fhs, [ --with-fhs Use FHS-compliant paths (default=no)], [ case "$withval" in yes) @@ -19,7 +19,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ piddir="\${VARDIR}/run" mandir="\${prefix}/share/man" logfilebase="\${VARDIR}/log/samba" -@@ -111,6 +113,22 @@ +@@ -111,6 +113,22 @@ AC_ARG_WITH(lockdir, esac]) ################################################# @@ -42,7 +42,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ # set pid directory location AC_ARG_WITH(piddir, [ --with-piddir=DIR Where to put pid files ($ac_default_prefix/var/locks)], -@@ -257,6 +275,7 @@ +@@ -257,6 +275,7 @@ fi AC_SUBST(configdir) AC_SUBST(lockdir) @@ -50,7 +50,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ AC_SUBST(piddir) AC_SUBST(logfilebase) AC_SUBST(privatedir) -@@ -1242,7 +1261,7 @@ +@@ -1245,7 +1264,7 @@ AC_CHECK_FUNCS(lstat64 fopen64 atexit gr AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf) AC_CHECK_FUNCS(opendir64 readdir64 seekdir64 telldir64 rewinddir64 closedir64) AC_CHECK_FUNCS(getpwent_r) @@ -59,7 +59,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink) AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) -@@ -2821,6 +2840,20 @@ +@@ -2824,6 +2843,20 @@ AC_CHECK_FUNCS(getpagesize) ################## # look for a method of finding the list of network interfaces iface=no; @@ -80,7 +80,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[ SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}" -@@ -2834,6 +2867,7 @@ +@@ -2837,6 +2870,7 @@ CPPFLAGS="$SAVE_CPPFLAGS" if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available]) fi @@ -88,7 +88,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ if test $iface = no; then AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[ -@@ -3526,7 +3560,7 @@ +@@ -3531,7 +3565,7 @@ if test x"$with_ads_support" != x"no"; t AC_CHECK_LIB_EXT(k5crypto, KRB5_LIBS, krb5_encrypt_data) # Heimdal checks. @@ -97,7 +97,7 @@ $NetBSD: patch-au,v 1.10 2009/03/03 17:50:49 sborrill Exp $ AC_CHECK_LIB_EXT(asn1, KRB5_LIBS, copy_Authenticator) AC_CHECK_LIB_EXT(roken, KRB5_LIBS, roken_getaddrinfo_hostspec) -@@ -5771,31 +5805,39 @@ +@@ -5830,31 +5864,39 @@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o" ;; diff --git a/net/samba/patches/patch-bg b/net/samba/patches/patch-bg index faf9f419c8d..a1946be3f75 100644 --- a/net/samba/patches/patch-bg +++ b/net/samba/patches/patch-bg @@ -1,8 +1,8 @@ -$NetBSD: patch-bg,v 1.2 2007/02/11 18:39:04 tron Exp $ +$NetBSD: patch-bg,v 1.3 2009/10/04 16:58:38 taca Exp $ ---- printing/nt_printing.c.orig 2007-02-04 19:09:01.000000000 +0000 -+++ printing/nt_printing.c 2007-02-11 17:43:40.000000000 +0000 -@@ -342,8 +342,7 @@ +--- printing/nt_printing.c.orig 2009-09-30 21:21:56.000000000 +0900 ++++ printing/nt_printing.c +@@ -351,8 +351,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT SEC_DESC *sec, *new_sec; TALLOC_CTX *ctx = state; int result, i; @@ -12,7 +12,7 @@ $NetBSD: patch-bg,v 1.2 2007/02/11 18:39:04 tron Exp $ DOM_SID sid; if (!data.dptr || data.dsize == 0) { -@@ -551,28 +550,28 @@ +@@ -560,28 +559,28 @@ BOOL nt_printing_init(void) if (tdb_drivers) tdb_close(tdb_drivers); diff --git a/net/samba/patches/patch-bo b/net/samba/patches/patch-bo index 4bafb3b7493..c59c5317cf5 100644 --- a/net/samba/patches/patch-bo +++ b/net/samba/patches/patch-bo @@ -1,8 +1,8 @@ -$NetBSD: patch-bo,v 1.5 2008/04/03 20:19:42 jlam Exp $ +$NetBSD: patch-bo,v 1.6 2009/10/04 16:58:38 taca Exp $ ---- nmbd/nmbd.c.orig 2008-03-08 10:56:27.000000000 -0500 +--- nmbd/nmbd.c.orig 2009-09-30 21:21:56.000000000 +0900 +++ nmbd/nmbd.c -@@ -757,6 +757,10 @@ static BOOL open_sockets(BOOL isdaemon, +@@ -769,6 +769,10 @@ static BOOL open_sockets(BOOL isdaemon, mkdir(lp_lockdir(), 0755); } diff --git a/net/samba/patches/patch-bp b/net/samba/patches/patch-bp index 887884cf4b0..2a0ba0b682f 100644 --- a/net/samba/patches/patch-bp +++ b/net/samba/patches/patch-bp @@ -1,8 +1,8 @@ -$NetBSD: patch-bp,v 1.4 2007/10/28 07:28:49 taca Exp $ +$NetBSD: patch-bp,v 1.5 2009/10/04 16:58:38 taca Exp $ ---- smbd/server.c.orig 2007-09-11 23:17:48.000000000 +0900 +--- smbd/server.c.orig 2009-09-30 21:21:56.000000000 +0900 +++ smbd/server.c -@@ -1010,6 +1010,9 @@ extern void build_options(BOOL screen); +@@ -1008,6 +1008,9 @@ extern void build_options(BOOL screen); if (!directory_exist(lp_lockdir(), NULL)) mkdir(lp_lockdir(), 0755); diff --git a/net/samba/patches/patch-bu b/net/samba/patches/patch-bu index c073ebc20f8..ac4a6011231 100644 --- a/net/samba/patches/patch-bu +++ b/net/samba/patches/patch-bu @@ -1,8 +1,8 @@ -$NetBSD: patch-bu,v 1.8 2009/07/08 19:37:27 tron Exp $ +$NetBSD: patch-bu,v 1.9 2009/10/04 16:58:38 taca Exp $ ---- ../docs/manpages/smb.conf.5.orig 2009-06-22 21:41:19.000000000 +0100 -+++ ../docs/manpages/smb.conf.5 2009-07-07 22:05:08.000000000 +0100 -@@ -7084,6 +7084,15 @@ +--- ../docs/manpages/smb.conf.5.orig 2009-09-30 21:28:02.000000000 +0900 ++++ ../docs/manpages/smb.conf.5 +@@ -7084,6 +7084,15 @@ Example: \fI\fIpasswd chat\fR\fR\fI = \fR\fI\FC"*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*"\F[]\fR\fI \fR .RE @@ -18,7 +18,7 @@ $NetBSD: patch-bu,v 1.8 2009/07/08 19:37:27 tron Exp $ passwd program (G) .\" passwd program .PP -@@ -9198,6 +9207,15 @@ +@@ -9199,6 +9208,15 @@ Default: \fI\fIstat cache\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR .RE diff --git a/net/samba/patches/patch-bw b/net/samba/patches/patch-bw index 1235f5e113c..5f767eb973d 100644 --- a/net/samba/patches/patch-bw +++ b/net/samba/patches/patch-bw @@ -1,8 +1,8 @@ -$NetBSD: patch-bw,v 1.5 2007/12/21 17:32:27 drochner Exp $ +$NetBSD: patch-bw,v 1.6 2009/10/04 16:58:38 taca Exp $ ---- include/config.h.in.orig 2007-09-11 16:22:53.000000000 +0200 +--- include/config.h.in.orig 2009-09-30 22:08:50.000000000 +0900 +++ include/config.h.in -@@ -321,9 +321,6 @@ +@@ -324,9 +324,6 @@ /* Define to 1 if you have the `delproplist' function. */ #undef HAVE_DELPROPLIST @@ -12,7 +12,7 @@ $NetBSD: patch-bw,v 1.5 2007/12/21 17:32:27 drochner Exp $ /* Whether the 'dev64_t' type is available */ #undef HAVE_DEV64_T -@@ -388,6 +385,9 @@ +@@ -391,6 +388,9 @@ /* Whether the EncryptedData struct has a etype property */ #undef HAVE_ETYPE_IN_ENCRYPTEDDATA @@ -22,7 +22,7 @@ $NetBSD: patch-bw,v 1.5 2007/12/21 17:32:27 drochner Exp $ /* Define to 1 if you have the <execinfo.h> header file. */ #undef HAVE_EXECINFO_H -@@ -661,6 +661,9 @@ +@@ -664,6 +664,9 @@ /* Whether iface AIX is available */ #undef HAVE_IFACE_AIX diff --git a/net/samba/patches/patch-ci b/net/samba/patches/patch-ci new file mode 100644 index 00000000000..35aee8e03c4 --- /dev/null +++ b/net/samba/patches/patch-ci @@ -0,0 +1,13 @@ +$NetBSD: patch-ci,v 1.1 2009/10/04 16:58:38 taca Exp $ + +--- libsmb/samlogon_cache.c.orig 2009-09-30 21:21:56.000000000 +0900 ++++ libsmb/samlogon_cache.c +@@ -34,7 +34,7 @@ static TDB_CONTEXT *netsamlogon_tdb = NU + BOOL netsamlogon_cache_init(void) + { + if (!netsamlogon_tdb) { +- netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0, ++ netsamlogon_tdb = tdb_open_log(state_path(NETSAMLOGON_TDB), 0, + TDB_DEFAULT, O_RDWR | O_CREAT, 0600); + } + |