From c79a66b51f4ab90ad2cd4cbb280582cb9cf05e64 Mon Sep 17 00:00:00 2001 From: taca Date: Sat, 19 Jun 2010 14:08:56 +0000 Subject: Add a patch to fix CVE-2010-2063. Bump PKGREVISION. --- net/samba/Makefile | 4 ++-- net/samba/Makefile.mirrors | 6 ++++-- net/samba/distinfo | 3 ++- net/samba/patches/patch-ee | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 net/samba/patches/patch-ee (limited to 'net') diff --git a/net/samba/Makefile b/net/samba/Makefile index 1ca8c7c2d83..5d8b2076b5c 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.200 2010/04/15 09:38:09 sborrill Exp $ +# $NetBSD: Makefile,v 1.201 2010/06/19 14:08:56 taca Exp $ .include "Makefile.mirrors" DISTNAME= samba-${VERSION} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= net MASTER_SITES= ${SAMBA_MIRRORS:=old-versions/} diff --git a/net/samba/Makefile.mirrors b/net/samba/Makefile.mirrors index e79e044bec7..ed4fce9933b 100644 --- a/net/samba/Makefile.mirrors +++ b/net/samba/Makefile.mirrors @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.mirrors,v 1.6 2009/10/11 09:18:04 wiz Exp $ +# $NetBSD: Makefile.mirrors,v 1.7 2010/06/19 14:08:56 taca Exp $ # # This Makefile fragment contains the mirror sites for fetching Samba. @@ -23,4 +23,6 @@ SAMBA_MIRRORS= \ ftp://pl.samba.org/pub/unix/net/samba/ \ ftp://ftp.chg.ru/packages/samba/ \ ftp://ftp.oss.eznetsols.org/samba/ \ - ftp://us5.samba.org/pub/samba-ftp/ + ftp://us5.samba.org/pub/samba-ftp/ \ + ftp://download.samba.org/pub/samba/ \ + http://download.samba.org/samba/ftp/ diff --git a/net/samba/distinfo b/net/samba/distinfo index 8a24cf65810..14cf70f0ec7 100644 --- a/net/samba/distinfo +++ b/net/samba/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.73 2010/02/09 16:08:36 drochner Exp $ +$NetBSD: distinfo,v 1.74 2010/06/19 14:08:56 taca Exp $ SHA1 (samba-3.0.37.tar.gz) = 5ec6bc6558b3c799f747eb49fbba019d5edf0cbd RMD160 (samba-3.0.37.tar.gz) = 06b76ae22729e10c83d6af42d03b03ad69e49103 @@ -39,3 +39,4 @@ SHA1 (patch-cg) = 2755a019759826a39c3e201f6a0d1646e6dd2fba SHA1 (patch-ch) = 3c4c404519154e294cee134ddb4d2b9c7d8e02a2 SHA1 (patch-ci) = d78298d0997cf7877cfe2411355fb6c61dec17f6 SHA1 (patch-da) = 2dddd250b2207d658b02ff43b46199ce4305b7f8 +SHA1 (patch-ee) = d52511dc7d065db7ba1464138c4bc85cfe2f0d59 diff --git a/net/samba/patches/patch-ee b/net/samba/patches/patch-ee new file mode 100644 index 00000000000..4c18e087c1c --- /dev/null +++ b/net/samba/patches/patch-ee @@ -0,0 +1,40 @@ +$NetBSD: patch-ee,v 1.3 2010/06/19 14:08:56 taca Exp $ + +Patch to fix CVE-2010-2063. + +--- smbd/process.c.orig 2009-09-30 12:21:56.000000000 +0000 ++++ smbd/process.c +@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf + { + static char *orig_inbuf; + static char *orig_outbuf; ++ static int orig_size; + int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0); + unsigned smb_off2 = SVAL(inbuf,smb_vwv1); + char *inbuf2, *outbuf2; +@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf + /* this is the first part of the chain */ + orig_inbuf = inbuf; + orig_outbuf = outbuf; ++ orig_size = size; ++ } ++ ++ /* Validate smb_off2 */ ++ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { ++ exit_server_cleanly("Bad chained packet"); ++ return -1; + } + + /* +@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf + SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf)); + SCVAL(outbuf,smb_vwv0,smb_com2); + ++ if (outsize <= smb_wct) { ++ exit_server_cleanly("Bad chained packet"); ++ return -1; ++ } ++ + /* remember how much the caller added to the chain, only counting stuff + after the parameter words */ + chain_size += outsize - smb_wct; -- cgit v1.2.3