diff options
| author | taca <taca@pkgsrc.org> | 2013-08-12 02:47:32 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2013-08-12 02:47:32 +0000 |
| commit | 7614489029ec929bd6f72595e40d23535862a860 (patch) | |
| tree | 8eb5faacf4daa668495ba034e3b4358cac13baff /net | |
| parent | 13ac9780504d3ff935587bde39ee4cd783cc1542 (diff) | |
| download | pkgsrc-7614489029ec929bd6f72595e40d23535862a860.tar.gz | |
Update samba35 to 3.5.22, security release.
==============================
Release Notes for Samba 3.5.22
August 05, 2013
==============================
This is a security release in order to address
CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
server to loop with DOS).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes since 3.5.21:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
Diffstat (limited to 'net')
| -rw-r--r-- | net/samba35/Makefile | 5 | ||||
| -rw-r--r-- | net/samba35/distinfo | 24 | ||||
| -rw-r--r-- | net/samba35/patches/patch-af | 16 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ah | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ap | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-aq | 8 | ||||
| -rw-r--r-- | net/samba35/patches/patch-av | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-aw | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-ba | 6 | ||||
| -rw-r--r-- | net/samba35/patches/patch-bb | 6 |
10 files changed, 44 insertions, 45 deletions
diff --git a/net/samba35/Makefile b/net/samba35/Makefile index 7a55a2006d5..5aa6d842c4b 100644 --- a/net/samba35/Makefile +++ b/net/samba35/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.30 2013/07/15 02:02:27 ryoon Exp $ +# $NetBSD: Makefile,v 1.31 2013/08/12 02:47:32 taca Exp $ .include "../../net/samba/Makefile.mirrors" DISTNAME= samba-${VERSION} -PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ${SAMBA_MIRRORS:=stable/} @@ -12,7 +11,7 @@ HOMEPAGE= http://www.samba.org/ COMMENT= SMB/CIFS protocol server suite LICENSE= gnu-gpl-v3 -VERSION= 3.5.21 +VERSION= 3.5.22 CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* FILESDIR= ${PKGDIR}/../../net/samba/files diff --git a/net/samba35/distinfo b/net/samba35/distinfo index 69b183d9f9c..7c28bb2c575 100644 --- a/net/samba35/distinfo +++ b/net/samba35/distinfo @@ -1,16 +1,16 @@ -$NetBSD: distinfo,v 1.15 2013/01/30 11:41:44 taca Exp $ +$NetBSD: distinfo,v 1.16 2013/08/12 02:47:32 taca Exp $ -SHA1 (samba-3.5.21.tar.gz) = 4da59c901fe76040201e5a861687580e93a44ddb -RMD160 (samba-3.5.21.tar.gz) = 6bfa7876f55791bb927d6032987b9c88e658d38e -Size (samba-3.5.21.tar.gz) = 35377315 bytes +SHA1 (samba-3.5.22.tar.gz) = 6c807dc64c0cd02bd560c4cfc5fe485964777e49 +RMD160 (samba-3.5.22.tar.gz) = ed8d8f9c5c1123334773fa9d47dca1e32ce54b6b +Size (samba-3.5.22.tar.gz) = 35385144 bytes SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e SHA1 (patch-ab) = 0372ff2e3caca866dacd6ed25ae1d02e34a5b567 SHA1 (patch-ac) = 5b1c0fdb781cb75f81af71ed2695144d4a35e032 SHA1 (patch-ad) = 447aaf4ea4cc98f0ccd5a3a22e1ffec0e69a3971 SHA1 (patch-ae) = 6698c698dc64c0f3df159157d182eae6aaa70958 -SHA1 (patch-af) = 247c745717eb6eeadec258b88aa5df9f09d6769c +SHA1 (patch-af) = b01d199b3ec87074b3fda4edc4dae89ea051e2e9 SHA1 (patch-ag) = 92fd576c4b05a913051925e461cde9f5a2f2d6bf -SHA1 (patch-ah) = 6142078efec4263124aa793108c43eef0ce61da4 +SHA1 (patch-ah) = 048843723a1e0de89b2bed1569157902fed94484 SHA1 (patch-ai) = 0a12dcfabcab7986968493d5f06701d06c3d5386 SHA1 (patch-aj) = aecf98cf53e6bf6890e0fc9a40e6936df5f20a1a SHA1 (patch-ak) = cb51a96310eb7dde14351e4f12b68ce8d52c92c3 @@ -18,16 +18,16 @@ SHA1 (patch-al) = f347808c376922da057256d3614a34b556721a66 SHA1 (patch-am) = 13744f8a5cce3016c37002079eba3c47077e8d6d SHA1 (patch-an) = a9b31b791d979a1062006bbe55375aaab69210a1 SHA1 (patch-ao) = bc31d3003bdaad141652daff2e0b6b3cafcee8c1 -SHA1 (patch-ap) = 3a47d212b1c29a6b3c46b83903c4f011c28a8c3c -SHA1 (patch-aq) = c3d1a3045364bebaa6c90967837907bd1de0964b +SHA1 (patch-ap) = 9aeb4b039b300d31b214662f285ed58ea9a90bb8 +SHA1 (patch-aq) = 153e4746e0f196828f119b8a50eed6081311e9f3 SHA1 (patch-ar) = 5213b0a3d95d106939c2e268a8538c5e2901079a SHA1 (patch-as) = a9fcb1813d55d598bf1226cf004de85701c93e61 SHA1 (patch-at) = dcfbe79496065559380e5713a758816e538e728b SHA1 (patch-au) = f94b27a5792acfa3742b4c07b23b3395b73eba84 -SHA1 (patch-av) = fccde3e48f2b3de3b1adfaa488a67c57696d1a83 -SHA1 (patch-aw) = 36cb31313cdbd1e4670f33924371df5ed3390420 -SHA1 (patch-ba) = 87799a62831b45e6cde8c36fbafbc08596411f98 -SHA1 (patch-bb) = 6283ffa8781d0c069f81e80704a018028e6b2b50 +SHA1 (patch-av) = 3c1ae1bc10b3fd4551e1b3a8b8290e4dd93ef730 +SHA1 (patch-aw) = ebd83ff1c3b7827654a27ea1cf99cf58aa15f29a +SHA1 (patch-ba) = 0206145c2973f5a78cbae33a3905c288399af864 +SHA1 (patch-bb) = 26a055d036ed3620681f5d043fcb564d17d16628 SHA1 (patch-bc) = 857e2400c8852f3c878f8d82857e80f214be2aea SHA1 (patch-bd) = b78324305bbf67fa4a7dd627e0af1618d2bf7b47 SHA1 (patch-be) = 2b298e596f2f57a595b83619ba68f6ad95febaaa diff --git a/net/samba35/patches/patch-af b/net/samba35/patches/patch-af index ee1f49f8602..a728983ffe6 100644 --- a/net/samba35/patches/patch-af +++ b/net/samba35/patches/patch-af @@ -1,11 +1,11 @@ -$NetBSD: patch-af,v 1.5 2012/12/17 12:01:35 taca Exp $ +$NetBSD: patch-af,v 1.6 2013/08/12 02:47:32 taca Exp $ Patch to join an Active Directory from http://www.ogris.de/samba/unix-active-directory.html. ---- configure.orig 2012-09-21 08:32:29.000000000 +0000 +--- configure.orig 2013-07-24 19:08:24.000000000 +0000 +++ configure -@@ -18255,6 +18255,7 @@ $as_echo "#define DARWINOS 1" >>confdefs +@@ -18294,6 +18294,7 @@ $as_echo "#define DARWINOS 1" >>confdefs BLDSHARED="true" LDSHFLAGS="-dynamiclib -flat_namespace -undefined suppress" @@ -13,7 +13,7 @@ http://www.ogris.de/samba/unix-active-directory.html. CFLAGS="$CFLAGS -fno-common" SHLD="\${CC}" SHLIBEXT="dylib" -@@ -18291,7 +18292,7 @@ fi +@@ -18330,7 +18331,7 @@ fi $as_echo "$BLDSHARED" >&6; } saved_before_as_needed_ldflags="$LDFLAGS" @@ -22,7 +22,7 @@ http://www.ogris.de/samba/unix-active-directory.html. saved_ldflags="$LDFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $flags works" >&5 $as_echo_n "checking if $flags works... " >&6; } -@@ -25255,9 +25256,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS" +@@ -25294,9 +25295,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS" @@ -35,7 +35,7 @@ http://www.ogris.de/samba/unix-active-directory.html. $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -25269,31 +25270,31 @@ else +@@ -25308,31 +25309,31 @@ else #ifdef __cplusplus extern "C" #endif @@ -75,7 +75,7 @@ http://www.ogris.de/samba/unix-active-directory.html. _ACEOF fi -@@ -34400,31 +34401,39 @@ case "$host_os" in +@@ -34441,31 +34442,39 @@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_linux.o" ;; @@ -137,7 +137,7 @@ http://www.ogris.de/samba/unix-active-directory.html. ;; *irix*) # IRIX has differently named shared libraries -@@ -34622,6 +34631,16 @@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" +@@ -34663,6 +34672,16 @@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" fi diff --git a/net/samba35/patches/patch-ah b/net/samba35/patches/patch-ah index ff355c63c25..2a73f45f6ae 100644 --- a/net/samba35/patches/patch-ah +++ b/net/samba35/patches/patch-ah @@ -1,8 +1,8 @@ -$NetBSD: patch-ah,v 1.2 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-ah,v 1.3 2013/08/12 02:47:32 taca Exp $ ---- libsmb/cliconnect.c.orig 2010-12-05 16:06:50.000000000 +0000 +--- libsmb/cliconnect.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ libsmb/cliconnect.c -@@ -2555,7 +2555,7 @@ struct cli_state *get_ipc_connect_master +@@ -2583,7 +2583,7 @@ struct cli_state *get_ipc_connect_master if (!NT_STATUS_IS_OK(name_resolve_bcast(MSBROWSE, 1, &ip_list, &count))) { DEBUG(99, ("No master browsers responded\n")); diff --git a/net/samba35/patches/patch-ap b/net/samba35/patches/patch-ap index 4392b507010..d37ea10d61b 100644 --- a/net/samba35/patches/patch-ap +++ b/net/samba35/patches/patch-ap @@ -1,8 +1,8 @@ -$NetBSD: patch-ap,v 1.1.1.1 2010/12/06 17:01:23 adam Exp $ +$NetBSD: patch-ap,v 1.2 2013/08/12 02:47:32 taca Exp $ ---- nmbd/nmbd.c.orig 2010-10-07 16:41:16.000000000 +0000 +--- nmbd/nmbd.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ nmbd/nmbd.c -@@ -916,6 +916,10 @@ static bool open_sockets(bool isdaemon, +@@ -917,6 +917,10 @@ static bool open_sockets(bool isdaemon, mkdir(lp_lockdir(), 0755); } diff --git a/net/samba35/patches/patch-aq b/net/samba35/patches/patch-aq index 97da0ead82e..6064585d291 100644 --- a/net/samba35/patches/patch-aq +++ b/net/samba35/patches/patch-aq @@ -1,8 +1,8 @@ -$NetBSD: patch-aq,v 1.3 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-aq,v 1.4 2013/08/12 02:47:32 taca Exp $ Add support for passwd expand gecos ---- param/loadparm.c.orig 2011-06-14 11:17:28.000000000 +0000 +--- param/loadparm.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ param/loadparm.c @@ -310,6 +310,7 @@ struct global { bool bUnixPasswdSync; @@ -28,7 +28,7 @@ Add support for passwd expand gecos .label = "check password script", .type = P_STRING, .p_class = P_GLOBAL, -@@ -5074,6 +5084,7 @@ static void init_globals(bool first_time +@@ -5083,6 +5093,7 @@ static void init_globals(bool first_time Globals.bPamPasswordChange = False; Globals.bPasswdChatDebug = False; Globals.iPasswdChatTimeout = 2; /* 2 second default. */ @@ -36,7 +36,7 @@ Add support for passwd expand gecos Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bNTStatusSupport = True; /* Use NT status by default. */ Globals.bStatCache = True; /* use stat cache by default */ -@@ -5528,6 +5539,7 @@ FN_GLOBAL_BOOL(lp_pam_password_change, & +@@ -5538,6 +5549,7 @@ FN_GLOBAL_BOOL(lp_pam_password_change, & FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync) FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug) FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, &Globals.iPasswdChatTimeout) diff --git a/net/samba35/patches/patch-av b/net/samba35/patches/patch-av index 2e63684ab11..ecd01cb905d 100644 --- a/net/samba35/patches/patch-av +++ b/net/samba35/patches/patch-av @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.2 2011/06/15 11:45:08 adam Exp $ +$NetBSD: patch-av,v 1.3 2013/08/12 02:47:32 taca Exp $ ---- smbd/server.c.orig 2010-10-07 16:41:16.000000000 +0000 +--- smbd/server.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ smbd/server.c -@@ -1210,6 +1210,9 @@ extern void build_options(bool screen); +@@ -1213,6 +1213,9 @@ extern void build_options(bool screen); if (!directory_exist(lp_lockdir())) mkdir(lp_lockdir(), 0755); diff --git a/net/samba35/patches/patch-aw b/net/samba35/patches/patch-aw index fcd63798941..de1bcf532c8 100644 --- a/net/samba35/patches/patch-aw +++ b/net/samba35/patches/patch-aw @@ -1,8 +1,8 @@ -$NetBSD: patch-aw,v 1.1.1.1 2010/12/06 17:01:23 adam Exp $ +$NetBSD: patch-aw,v 1.2 2013/08/12 02:47:32 taca Exp $ ---- winbindd/winbindd_cache.c.orig 2010-12-05 21:02:29.000000000 +0000 +--- winbindd/winbindd_cache.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ winbindd/winbindd_cache.c -@@ -4438,7 +4438,7 @@ struct winbindd_tdc_domain * wcache_tdc_ +@@ -4563,7 +4563,7 @@ struct winbindd_tdc_domain * wcache_tdc_ DEBUG(10,("wcache_tdc_fetch_domain: Searching for domain %s\n", name)); if ( !init_wcache() ) { diff --git a/net/samba35/patches/patch-ba b/net/samba35/patches/patch-ba index 65a91bdb547..19612fe8443 100644 --- a/net/samba35/patches/patch-ba +++ b/net/samba35/patches/patch-ba @@ -1,8 +1,8 @@ -$NetBSD: patch-ba,v 1.1 2011/10/11 20:30:00 jmcneill Exp $ +$NetBSD: patch-ba,v 1.2 2013/08/12 02:47:32 taca Exp $ ---- configure.in.orig 2011-08-03 18:24:05.000000000 +0000 +--- configure.in.orig 2013-07-24 18:53:49.000000000 +0000 +++ configure.in -@@ -6239,6 +6239,11 @@ AC_CHECK_MEMBER(struct passwd.pw_age, +@@ -6244,6 +6244,11 @@ AC_CHECK_MEMBER(struct passwd.pw_age, AC_DEFINE(HAVE_PASSWD_PW_AGE, 1, [Defined if struct passwd has pw_age field]),, [#include <pwd.h>]) diff --git a/net/samba35/patches/patch-bb b/net/samba35/patches/patch-bb index fa5b087d489..1f9ffb42b55 100644 --- a/net/samba35/patches/patch-bb +++ b/net/samba35/patches/patch-bb @@ -1,8 +1,8 @@ -$NetBSD: patch-bb,v 1.1 2011/10/11 20:30:00 jmcneill Exp $ +$NetBSD: patch-bb,v 1.2 2013/08/12 02:47:32 taca Exp $ ---- include/config.h.in.orig 2011-08-03 18:25:13.000000000 +0000 +--- include/config.h.in.orig 2013-07-24 19:08:23.000000000 +0000 +++ include/config.h.in -@@ -1688,6 +1688,9 @@ +@@ -1694,6 +1694,9 @@ /* Defined if struct passwd has pw_age field */ #undef HAVE_PASSWD_PW_AGE |