From 6c1b6166e9d8b4c4adf120f64f635d25c9af720a Mon Sep 17 00:00:00 2001 From: snj Date: Wed, 8 Jun 2005 01:29:22 +0000 Subject: Pullup ticket 544 - requested by Lubomir Sedlacik security fix for samba2 Revisions pulled up: - pkgsrc/net/samba2/Makefile 1.23 - pkgsrc/net/samba2/Makefile.common 1.7 - pkgsrc/net/samba2/distinfo 1.4, 1.5 - pkgsrc/net/samba2/patches/patch-ap 1.2 Module Name: pkgsrc Committed By: wiz Date: Wed May 25 13:15:40 UTC 2005 Modified Files: pkgsrc/net/samba2: distinfo Log Message: Add RMD160 checksum. ---- Module Name: pkgsrc Committed By: salo Date: Mon Jun 6 13:25:12 UTC 2005 Modified Files: pkgsrc/net/samba2: Makefile Makefile.common distinfo pkgsrc/net/samba2/patches: patch-ap Log Message: Security fixes for CAN-2004-0882, CAN-2004-0930 and CAN-2004-1154. Patches adapted from SuSE. Functionality not tested beyond simple smbclient operations. This package is marked for removal before next stable branch is cut. --- net/samba2/Makefile | 5 ++--- net/samba2/Makefile.common | 8 +++++++- net/samba2/distinfo | 14 ++++++++++++-- net/samba2/patches/patch-ap | 20 ++++++++++---------- 4 files changed, 31 insertions(+), 16 deletions(-) diff --git a/net/samba2/Makefile b/net/samba2/Makefile index a2da6aa98ae..cddafe81a52 100644 --- a/net/samba2/Makefile +++ b/net/samba2/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.19 2005/02/07 11:35:45 jlam Exp $ +# $NetBSD: Makefile,v 1.19.2.1 2005/06/08 01:29:22 snj Exp $ .include "Makefile.common" -PKGREVISION= # empty1 MAINTAINER= tech-pkg@NetBSD.org HOMEPAGE= http://www.samba.org/ -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= SMB/CIFS protocol server suite for UNIX USE_BUILDLINK3= yes diff --git a/net/samba2/Makefile.common b/net/samba2/Makefile.common index 81f34ab36bb..dda17129e18 100644 --- a/net/samba2/Makefile.common +++ b/net/samba2/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.5 2004/10/25 17:05:41 jdolecek Exp $ +# $NetBSD: Makefile.common,v 1.5.4.1 2005/06/08 01:29:22 snj Exp $ # # NOTE: This file is included by: # @@ -18,6 +18,12 @@ MASTER_SITES+= ftp://${COUNTRY}.samba.org/pub/samba/old-versions/ .endfor EXTRACT_SUFX= .tar.gz +PATCH_SITES= ${MASTER_SITE_LOCAL} +PATCHFILES= samba-2.2.12-CAN-2004-0882.diff.gz \ + samba-2.2.12-CAN-2004-0930.diff.gz \ + samba-2.2.12-CAN-2004-1154.diff.gz +PATCH_DIST_STRIP= -p2 + DISTINFO_FILE?= ${.CURDIR}/../../net/samba2/distinfo PATCHDIR?= ${.CURDIR}/../../net/samba2/patches diff --git a/net/samba2/distinfo b/net/samba2/distinfo index dc9ec032be1..1a548317097 100644 --- a/net/samba2/distinfo +++ b/net/samba2/distinfo @@ -1,7 +1,17 @@ -$NetBSD: distinfo,v 1.3 2004/10/25 17:05:41 jdolecek Exp $ +$NetBSD: distinfo,v 1.3.4.1 2005/06/08 01:29:22 snj Exp $ SHA1 (samba-2.2.12.tar.gz) = 9f8cf8bef5f7aace692d06c7d1f60be61b046bad +RMD160 (samba-2.2.12.tar.gz) = a01c42c8d3d44c1de339be3b012cc9d4168b0d3e Size (samba-2.2.12.tar.gz) = 5459704 bytes +SHA1 (samba-2.2.12-CAN-2004-0882.diff.gz) = df1e3e070aa3c2814ab07df5f6fa2d3a286a659b +RMD160 (samba-2.2.12-CAN-2004-0882.diff.gz) = 0f3ac1329e827d2570eeafe55ab9d26dacc2d55f +Size (samba-2.2.12-CAN-2004-0882.diff.gz) = 1432 bytes +SHA1 (samba-2.2.12-CAN-2004-0930.diff.gz) = bfb7398b438f16ead569b3eab263d8066d70f8e5 +RMD160 (samba-2.2.12-CAN-2004-0930.diff.gz) = 2db2e9695eb9c08b5cc598ba75c48aca8e04ad31 +Size (samba-2.2.12-CAN-2004-0930.diff.gz) = 3027 bytes +SHA1 (samba-2.2.12-CAN-2004-1154.diff.gz) = 5dde5315bf8e7851344322b7d4676774ee5c4a2d +RMD160 (samba-2.2.12-CAN-2004-1154.diff.gz) = e788027f207bb0481d31e33e5d535dd56e4912b8 +Size (samba-2.2.12-CAN-2004-1154.diff.gz) = 59813 bytes SHA1 (patch-aa) = 7f85ab121ffbcb67eb1f1c59f49245dda2eff44d SHA1 (patch-ab) = 8be47e3f277f191aff18f77d8ed5ef4d8903ec5f SHA1 (patch-ac) = cfde267ffe57046de18691f612e73ecdd1158d86 @@ -10,7 +20,7 @@ SHA1 (patch-ag) = e296e076c6bfe20b839f6f6be83873d7cfcc9d89 SHA1 (patch-ah) = e87f2e393db68acc7028fe20d4772455379ad7aa SHA1 (patch-aj) = e2c5f7580a8c701b6bf35d0d3004f714f2c810cb SHA1 (patch-al) = 9507677d964044416802e91597c29310c61c9622 -SHA1 (patch-ap) = cc0b3d73d0c7de4cd46e66b0d66b2c3bbaddeb41 +SHA1 (patch-ap) = 1a8409ba329a18b8b1b8a4ff63f510089465dbdc SHA1 (patch-aq) = ea9cd9097cf91dd2b9f1acd9e6ff6f9445505774 SHA1 (patch-ar) = e5b442fb7eb837bb2771ac71c73e6f95ae6fdfc2 SHA1 (patch-as) = 019cd56e1a0f3c4517e1701e09d0a7cbd741df93 diff --git a/net/samba2/patches/patch-ap b/net/samba2/patches/patch-ap index 207e1041f88..9e537b680af 100644 --- a/net/samba2/patches/patch-ap +++ b/net/samba2/patches/patch-ap @@ -1,9 +1,9 @@ -$NetBSD: patch-ap,v 1.1.1.1 2004/01/11 00:41:13 jlam Exp $ +$NetBSD: patch-ap,v 1.1.1.1.10.1 2005/06/08 01:29:22 snj Exp $ Expand & in the gecos field to a capitalized login name. ---- lib/util_getent.c.orig Sat Feb 2 19:46:42 2002 -+++ lib/util_getent.c Sun Oct 13 21:37:56 2002 +--- lib/util_getent.c.orig 2005-04-09 19:27:42.000000000 +0200 ++++ lib/util_getent.c 2005-04-09 19:35:09.000000000 +0200 @@ -155,6 +155,11 @@ struct sys_pwent *plist; struct sys_pwent *pent; @@ -14,7 +14,7 @@ Expand & in the gecos field to a capitalized login name. + int buflen; +#endif - pent = (struct sys_pwent *) malloc(sizeof(struct sys_pwent)); + pent = SMB_MALLOC_P(struct sys_pwent); if (pent == NULL) { @@ -178,9 +183,38 @@ pent->pw_uid = pwd->pw_uid; @@ -31,10 +31,10 @@ Expand & in the gecos field to a capitalized login name. + if (bp >= &buf[BUFLEN - 1]) + /* buffer overflow */ + goto gecos_done; -+ if (*p == '&') { ++ if (*p == '&') { + /* interpolate full name */ + snprintf(bp, BUFLEN - (bp - buf), -+ "%s", pwd->pw_name); ++ "%s", pwd->pw_name); + *bp = toupper(*bp); + bp += strlen(bp); + } @@ -42,16 +42,16 @@ Expand & in the gecos field to a capitalized login name. + *bp++ = *p; + } + *bp = '\0'; -+ if ((pent->pw_name = strdup(buf)) == NULL) ++ if ((pent->pw_name = SMB_STRDUP(buf)) == NULL) + goto err; +#else - if ((pent->pw_name = strdup(pwd->pw_gecos)) == NULL) + if ((pent->pw_name = SMB_STRDUP(pwd->pw_gecos)) == NULL) goto err; +#endif } +#ifdef BSD -+ gecos_done: ++ gecos_done: +#endif if (pwd->pw_dir) { - if ((pent->pw_name = strdup(pwd->pw_dir)) == NULL) + if ((pent->pw_name = SMB_STRDUP(pwd->pw_dir)) == NULL) goto err; -- cgit v1.2.3