Add a patch to fix CVE-2010-2063.

Bump PKGREVISION.

4 files changed, 48 insertions, 5 deletions

diff --git a/net/samba/Makefile b/net/samba/Makefile
index 1ca8c7c2d83..5d8b2076b5c 100644
--- a/net/samba/Makefile
+++ b/net/samba/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.200 2010/04/15 09:38:09 sborrill Exp $
+# $NetBSD: Makefile,v 1.201 2010/06/19 14:08:56 taca Exp $
 
 .include "Makefile.mirrors"
 
 DISTNAME=		samba-${VERSION}
-PKGREVISION=		3
+PKGREVISION=		4
 CATEGORIES=		net
 MASTER_SITES=		${SAMBA_MIRRORS:=old-versions/}
 
diff --git a/net/samba/Makefile.mirrors b/net/samba/Makefile.mirrors
index e79e044bec7..ed4fce9933b 100644
--- a/net/samba/Makefile.mirrors
+++ b/net/samba/Makefile.mirrors
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.mirrors,v 1.6 2009/10/11 09:18:04 wiz Exp $
+# $NetBSD: Makefile.mirrors,v 1.7 2010/06/19 14:08:56 taca Exp $
 #
 # This Makefile fragment contains the mirror sites for fetching Samba.
 
@@ -23,4 +23,6 @@ SAMBA_MIRRORS=	\
 	ftp://pl.samba.org/pub/unix/net/samba/ \
 	ftp://ftp.chg.ru/packages/samba/ \
 	ftp://ftp.oss.eznetsols.org/samba/ \
-	ftp://us5.samba.org/pub/samba-ftp/
+	ftp://us5.samba.org/pub/samba-ftp/ \
+	ftp://download.samba.org/pub/samba/ \
+	http://download.samba.org/samba/ftp/
diff --git a/net/samba/distinfo b/net/samba/distinfo
index 8a24cf65810..14cf70f0ec7 100644
--- a/net/samba/distinfo
+++ b/net/samba/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.73 2010/02/09 16:08:36 drochner Exp $
+$NetBSD: distinfo,v 1.74 2010/06/19 14:08:56 taca Exp $
 
 SHA1 (samba-3.0.37.tar.gz) = 5ec6bc6558b3c799f747eb49fbba019d5edf0cbd
 RMD160 (samba-3.0.37.tar.gz) = 06b76ae22729e10c83d6af42d03b03ad69e49103
@@ -39,3 +39,4 @@ SHA1 (patch-cg) = 2755a019759826a39c3e201f6a0d1646e6dd2fba
 SHA1 (patch-ch) = 3c4c404519154e294cee134ddb4d2b9c7d8e02a2
 SHA1 (patch-ci) = d78298d0997cf7877cfe2411355fb6c61dec17f6
 SHA1 (patch-da) = 2dddd250b2207d658b02ff43b46199ce4305b7f8
+SHA1 (patch-ee) = d52511dc7d065db7ba1464138c4bc85cfe2f0d59
diff --git a/net/samba/patches/patch-ee b/net/samba/patches/patch-ee
new file mode 100644
index 00000000000..4c18e087c1c
--- /dev/null
+++ b/net/samba/patches/patch-ee
@@ -0,0 +1,40 @@
+$NetBSD: patch-ee,v 1.3 2010/06/19 14:08:56 taca Exp $
+
+Patch to fix CVE-2010-2063.
+
+--- smbd/process.c.orig	2009-09-30 12:21:56.000000000 +0000
++++ smbd/process.c
+@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf
+ {
+ 	static char *orig_inbuf;
+ 	static char *orig_outbuf;
++	static int orig_size;
+ 	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
+ 	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
+ 	char *inbuf2, *outbuf2;
+@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf
+ 		/* this is the first part of the chain */
+ 		orig_inbuf = inbuf;
+ 		orig_outbuf = outbuf;
++		orig_size = size;
++	}
++
++	/* Validate smb_off2 */
++	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
++		exit_server_cleanly("Bad chained packet");
++		return -1;
+ 	}
+ 
+ 	/*
+@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf
+ 	SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
+ 	SCVAL(outbuf,smb_vwv0,smb_com2);
+ 
++	if (outsize <= smb_wct) {
++		exit_server_cleanly("Bad chained packet");
++		return -1;
++	}
++
+ 	/* remember how much the caller added to the chain, only counting stuff
+ 		after the parameter words */
+ 	chain_size += outsize - smb_wct;