Updated samba to 2.2.8

****************************************
* IMPORTANT: Security bugfix for Samba *
****************************************

The SuSE security audit team, in particular Sebastian Krahmer
<krahmer@suse.de>, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server.

This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a
inclusive.  This is a serious problem and all sites should either
upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139
and 445. Advice created by Andrew Tridgell, the leader of the Samba
Team, on how to protect an unpatched Samba server is given at the end
of this section.

The SMB/CIFS protocol implemented by Samba is vulnerable to many
attacks, even without specific security holes.  The TCP ports 139 and
the new port 445 (used by Win2k and the Samba 3.0 alpha code in
particular) should never be exposed to untrusted networks.

7 files changed, 29 insertions, 30 deletions

diff --git a/net/samba/Makefile b/net/samba/Makefile
index 48fff010f51..98ddaa734a5 100644
--- a/net/samba/Makefile
+++ b/net/samba/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.94 2003/02/18 11:25:57 jdolecek Exp $
+# $NetBSD: Makefile,v 1.95 2003/03/16 07:57:43 martti Exp $
 
 .include "Makefile.common"
 
-PKGREVISION=		1
 MAINTAINER=		packages@netbsd.org
 HOMEPAGE=		http://www.samba.org/
 COMMENT=		SMB/CIFS protocol server suite for UNIX
diff --git a/net/samba/Makefile.common b/net/samba/Makefile.common
index d4595d5dc47..c8e0f3ca788 100644
--- a/net/samba/Makefile.common
+++ b/net/samba/Makefile.common
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.5 2002/12/13 08:37:08 martti Exp $
+# $NetBSD: Makefile.common,v 1.6 2003/03/16 07:57:44 martti Exp $
 
 DISTNAME=		samba-${SAMBA_DIST_VERS}
-SAMBA_DIST_VERS=	2.2.7a
+SAMBA_DIST_VERS=	2.2.8
 WRKSRC?=		${WRKDIR}/${DISTNAME}/source
 CATEGORIES?=		net
 MASTER_SITES=		ftp://ftp.samba.org/pub/samba/ \
diff --git a/net/samba/distinfo b/net/samba/distinfo
index af11033405d..e825b9e7fe6 100644
--- a/net/samba/distinfo
+++ b/net/samba/distinfo
@@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.26 2003/02/18 11:25:57 jdolecek Exp $
+$NetBSD: distinfo,v 1.27 2003/03/16 07:57:44 martti Exp $
 
-SHA1 (samba-2.2.7a.tar.bz2) = 0c8c61bc81dbad7517985d9044d6961089682b2e
-Size (samba-2.2.7a.tar.bz2) = 4370869 bytes
-SHA1 (patch-aa) = b63fe8b5d277b250c8ad806e6a646a0eec8de04c
-SHA1 (patch-ab) = 3f4dbf623e7bab33f8c43fb0237d1d1f4707ee49
+SHA1 (samba-2.2.8.tar.bz2) = 2c7c683a9b4cba86148e0ec40070f440afece1f1
+Size (samba-2.2.8.tar.bz2) = 4504858 bytes
+SHA1 (patch-aa) = 7f85ab121ffbcb67eb1f1c59f49245dda2eff44d
+SHA1 (patch-ab) = 8be47e3f277f191aff18f77d8ed5ef4d8903ec5f
 SHA1 (patch-ac) = cfde267ffe57046de18691f612e73ecdd1158d86
-SHA1 (patch-ad) = 6e9ee82a00235572bec1738ef388e1ca17c3474e
+SHA1 (patch-ad) = 4b475533e36668e55b5c57a53133f216f9e72ea3
 SHA1 (patch-ag) = 256a7e1edb961985398a94c0b738fd96fe781f9c
 SHA1 (patch-ah) = e87f2e393db68acc7028fe20d4772455379ad7aa
 SHA1 (patch-aj) = e2c5f7580a8c701b6bf35d0d3004f714f2c810cb
 SHA1 (patch-al) = 9507677d964044416802e91597c29310c61c9622
 SHA1 (patch-ap) = cc0b3d73d0c7de4cd46e66b0d66b2c3bbaddeb41
 SHA1 (patch-aq) = ea9cd9097cf91dd2b9f1acd9e6ff6f9445505774
-SHA1 (patch-ar) = 51f2ba2a0934022bff6df35ff849ed533504ee42
+SHA1 (patch-ar) = e5b442fb7eb837bb2771ac71c73e6f95ae6fdfc2
diff --git a/net/samba/patches/patch-aa b/net/samba/patches/patch-aa
index 31cd1e40f82..d65c004c320 100644
--- a/net/samba/patches/patch-aa
+++ b/net/samba/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.23 2002/12/13 08:37:10 martti Exp $
+$NetBSD: patch-aa,v 1.24 2003/03/16 07:57:45 martti Exp $
 
---- configure.in.orig	Tue Dec 10 02:01:00 2002
-+++ configure.in	Fri Dec 13 08:33:10 2002
-@@ -2007,6 +2007,10 @@
+--- configure.in.orig	Fri Feb 28 15:56:18 2003
++++ configure.in	Sun Mar 16 09:01:24 2003
+@@ -2033,6 +2033,10 @@
  # we can't build a pam module if we don't have pam.
  AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)])
  
diff --git a/net/samba/patches/patch-ab b/net/samba/patches/patch-ab
index cb3dd999d0a..f24ca257cd7 100644
--- a/net/samba/patches/patch-ab
+++ b/net/samba/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.19 2002/12/13 08:37:11 martti Exp $
+$NetBSD: patch-ab,v 1.20 2003/03/16 07:57:46 martti Exp $
 
---- configure.orig	Tue Dec 10 02:01:00 2002
-+++ configure	Fri Dec 13 08:33:48 2002
-@@ -12039,6 +12039,49 @@
+--- configure.orig	Fri Feb 28 15:56:18 2003
++++ configure	Sun Mar 16 09:01:58 2003
+@@ -12074,6 +12074,49 @@
  fi
  
  
@@ -52,7 +52,7 @@ $NetBSD: patch-ab,v 1.19 2002/12/13 08:37:11 martti Exp $
  #################################################
  # check for pam_smbpass support
  echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
-@@ -14408,6 +14451,7 @@
+@@ -14491,6 +14534,7 @@
  s%@TERMLDFLAGS@%$TERMLDFLAGS%g
  s%@ROFF@%$ROFF%g
  s%@DYNEXP@%$DYNEXP%g
diff --git a/net/samba/patches/patch-ad b/net/samba/patches/patch-ad
index e1fe7174974..265bd446e49 100644
--- a/net/samba/patches/patch-ad
+++ b/net/samba/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.11 2002/10/18 11:50:28 martti Exp $
+$NetBSD: patch-ad,v 1.12 2003/03/16 07:57:46 martti Exp $
 
---- Makefile.in.orig	Wed Oct  9 22:27:15 2002
-+++ Makefile.in	Fri Oct 18 13:04:01 2002
-@@ -89,6 +89,8 @@
+--- Makefile.in.orig	Fri Feb 28 15:56:06 2003
++++ Makefile.in	Sun Mar 16 09:02:19 2003
+@@ -91,6 +91,8 @@
  FLAGS  = $(ISA) $(FLAGS5) $(PASSWD_FLAGS)
  FLAGS32  = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS)
  
@@ -11,7 +11,7 @@ $NetBSD: patch-ad,v 1.11 2002/10/18 11:50:28 martti Exp $
  WINBIND_PROGS = @WINBIND_TARGETS@
  WINBIND_SPROGS = @WINBIND_STARGETS@
  WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@
-@@ -654,7 +656,7 @@
+@@ -658,7 +660,7 @@
  
  bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ) bin/.dummy
  	@echo Linking shared library $@
@@ -20,7 +20,7 @@ $NetBSD: patch-ad,v 1.11 2002/10/18 11:50:28 martti Exp $
  		@SONAMEFLAG@`basename $@`
  
  nsswitch/libnss_wins.so: $(NSS_OBJ)
-@@ -678,7 +680,7 @@
+@@ -682,7 +684,7 @@
  
  nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ)
  	@echo Linking $@
diff --git a/net/samba/patches/patch-ar b/net/samba/patches/patch-ar
index b31a4100462..00c7b27f47f 100644
--- a/net/samba/patches/patch-ar
+++ b/net/samba/patches/patch-ar
@@ -1,8 +1,8 @@
-$NetBSD: patch-ar,v 1.1 2003/02/18 11:25:58 jdolecek Exp $
+$NetBSD: patch-ar,v 1.2 2003/03/16 07:57:47 martti Exp $
 
---- smbd/open.c.orig	Tue Feb 18 11:59:26 2003
-+++ smbd/open.c	Tue Feb 18 11:59:39 2003
-@@ -947,8 +947,11 @@
+--- smbd/open.c.orig	Fri Feb 28 15:56:20 2003
++++ smbd/open.c	Sun Mar 16 09:03:17 2003
+@@ -979,8 +979,11 @@
  	fsp_open = open_file(fsp,conn,fname,psbuf,flags|flags2,mode,desired_access);
  
  	if (!fsp_open && (flags == O_RDWR) && (errno != ENOENT) && fcbopen) {