From owner-svn-ports-all@FreeBSD.ORG  Tue Feb 24 20:44:13 2015
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 37647B3F;
 Tue, 24 Feb 2015 20:44:13 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 18E303B6;
 Tue, 24 Feb 2015 20:44:13 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1OKiCJi023960;
 Tue, 24 Feb 2015 20:44:12 GMT (envelope-from timur@FreeBSD.org)
Received: (from timur@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1OKiBw5023952;
 Tue, 24 Feb 2015 20:44:11 GMT (envelope-from timur@FreeBSD.org)
Message-Id: <201502242044.t1OKiBw5023952@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: timur set sender to
 timur@FreeBSD.org using -f
From: "Timur I. Bakeyev" <timur@FreeBSD.org>
Date: Tue, 24 Feb 2015 20:44:11 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r379838 - in head/net: samba36 samba4 samba4/files
 samba41 samba41/files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 20:44:13 -0000

Author: timur
Date: Tue Feb 24 20:44:10 2015
New Revision: 379838
URL: https://svnweb.freebsd.org/changeset/ports/379838
QAT: https://qat.redports.org/buildarchive/r379838/

Log:
  Update samba ports to address CVE-2015-0240
  
  Security:	CVE-2015-0240

Modified:
  head/net/samba36/Makefile
  head/net/samba4/Makefile
  head/net/samba4/distinfo
  head/net/samba4/files/samba_server.in
  head/net/samba41/Makefile
  head/net/samba41/distinfo
  head/net/samba41/files/samba_server.in

Modified: head/net/samba36/Makefile
==============================================================================
--- head/net/samba36/Makefile	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba36/Makefile	Tue Feb 24 20:44:10 2015	(r379838)
@@ -102,15 +102,30 @@ OPTIONS_DEFINE=		ACL_SUPPORT ADS AIO_SUP
 			DOCS EXAMPLES EXP_MODULES FAM IPV6 LDAP \
 			MAX_DEBUG PAM_SMBPASS POPT PTHREADPOOL QUOTAS \
 			SMBTORTURE SWAT SYSLOG UTMP WINBIND
+OPTIONS_RADIO=		GSSAPI
+OPTIONS_RADIO_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_DEFAULT=	ACL_SUPPORT AIO_SUPPORT CUPS LDAP POPT PTHREADPOOL \
-			WINBIND
+			WINBIND GSSAPI_NONE
 
 ACL_SUPPORT_DESC=	ACL support
+
 ADS_DESC=		Active Directory support
-AIO_SUPPORT_DESC=	Asynchronous IO support
-DNSUPDATE_DESC=		Dynamic DNS update (requires ADS)
+ADS_CONFIGURE_ON=	--with-ads --with-krb5="${GSSAPIBASEDIR}"
+ADS_CONFIGURE_OFF=	--without-ads --without-krb5
+
+AIO_SUPPORT_DESC=	Asyncronous IO support
+DNSUPDATE_DESC=		Dynamic DNS update(require ADS)
 EXP_MODULES_DESC=	Experimental modules
+
+GSSAPI_BASE_DESC=	Use Heimdal in base
+GSSAPI_BASE_USES=	gssapi
+GSSAPI_HEIMDAL_DESC=	Use Heimdal from ports
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
+GSSAPI_MIT_DESC=	Use MIT Kerberos V5
+GSSAPI_MIT_USES=	gssapi:mit,flags
+GSSAPI_NONE_DESC=	No Kerberos support
+
 MAX_DEBUG_DESC=		Maximum debugging
 PAM_SMBPASS_DESC=	PAM authentication via passdb backends
 POPT_DESC=		System-wide POPT library
@@ -316,26 +331,11 @@ PLIST_SUB+=		SMBTORTURE="@comment "
 ###
 
 .if ${PORT_OPTIONS:MADS}
-SAMBA_WANT_LDAP=	yes
-SAMBA_WANT_KRB5=	yes
-CONFIGURE_ARGS+=	--with-ads
-.else
-CONFIGURE_ARGS+=	--without-ads
-.endif
+.	if ${PORT_OPTIONS:MGSSAPI_NONE}
 # Kerberos5 is necessary for ADS
-.if defined(SAMBA_WANT_KRB5)
-.if defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libgssapi_krb5.so)
-CONFIGURE_ARGS+=	--with-krb5="${KRB5_HOME}"
-.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so)
-CONFIGURE_ARGS+=	--with-krb5="${HEIMDAL_HOME}"
-.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config)
-CONFIGURE_ARGS+=	--with-krb5="/usr"
-.else
-LIB_DEPENDS+=		libkrb5.so:${PORTSDIR}/security/heimdal
-CONFIGURE_ARGS+=	--with-krb5="${LOCALBASE}"
-.endif
-.else
-CONFIGURE_ARGS+=	--without-krb5
+IGNORE=	ADS support requires GSSAPI_BASE, GSSAPI_HEIMDAL, or GSSAPI_MIT
+.	endif
+SAMBA_WANT_LDAP=	yes
 .endif
 
 .if defined(SAMBA_WANT_LDAP)

Modified: head/net/samba4/Makefile
==============================================================================
--- head/net/samba4/Makefile	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba4/Makefile	Tue Feb 24 20:44:10 2015	(r379838)
@@ -18,7 +18,7 @@ CONFLICTS?=		*samba3[2-6]-3.* samba41-4.
 
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.0.24
+SAMBA4_VERSION=		4.0.25
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}

Modified: head/net/samba4/distinfo
==============================================================================
--- head/net/samba4/distinfo	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba4/distinfo	Tue Feb 24 20:44:10 2015	(r379838)
@@ -1,2 +1,2 @@
-SHA256 (samba-4.0.24.tar.gz) = e1e4068c65684848d8cb17c8997c91be426ff75ccd617f647878307817af615a
-SIZE (samba-4.0.24.tar.gz) = 22148369
+SHA256 (samba-4.0.25.tar.gz) = e6a07940a658b81d368fc7ed8e5068bd27188996d73dee1cea9755682cb9a485
+SIZE (samba-4.0.25.tar.gz) = 22150978

Modified: head/net/samba4/files/samba_server.in
==============================================================================
--- head/net/samba4/files/samba_server.in	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba4/files/samba_server.in	Tue Feb 24 20:44:10 2015	(r379838)
@@ -27,15 +27,9 @@
 
 name="samba_server"
 rcvar=${name}_enable
-
 # Defaults
 samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%"
-samba_server_config=${samba_server_config=${samba_server_config_default}}
-samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"}			#"
-#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
-testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
 smbcontrol_command="%%PREFIX%%/bin/smbcontrol"
-
 # Custom commands
 extra_commands="reload status"
 
@@ -48,7 +42,6 @@ status_cmd="samba_server_cmd"
 reload_cmd="samba_server_reload_cmd"
 rcvar_cmd="samba_server_rcvar_cmd"
 
-
 samba_server_checkconfig() {
     echo -n "Performing sanity check on Samba configuration: "
     if ${testparm_command} >/dev/null 2>&1; then
@@ -144,6 +137,14 @@ samba_server_cmd() {
 
 samba_server_config_init() {
     local name
+    # Load configuration
+    load_rc_config "${name}"
+    # Defaults
+    samba_server_enable=${samba_server_enable:=NO}
+    samba_server_config=${samba_server_config=${samba_server_config_default}}
+    samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"}			#"
+    #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
+    testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
     # Determine what daemons are necessary to run Samba in the current role
     samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null)
     case "${samba_server_role}" in
@@ -154,38 +155,34 @@ samba_server_config_init() {
 	    samba_daemons="nmbd smbd winbindd"
 	    ;;
     esac
-    # Load configuration
-    load_rc_config "${name}"
+    # Load daemons configuration
     for name in ${samba_daemons}; do
 	load_rc_config "${name}"
-    done
-    # Defaults
-    samba_server_enable=${samba_server_enable:=NO}
-    # Setup dependent variables
-    if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
-	for name in ${samba_daemons}; do
-	    # Winbindd
-	    if [ "${name}" = "winbindd" ]; then
+	# If samba_server_enable is 'YES'
+	if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
+	    if [ "${name}" != "winbindd" ]; then
+		# Set variable to 'YES' only if it is unset
+		eval ${name}_enable=\${${name}_enable-YES}
+	    else
+		# Winbindd
 		samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null)
 		if [ -n "${samba_server_idmap}" ]; then
 		    winbindd_enable="YES"
 		fi
 	    fi
-	    # Set variable to 'YES' only if it is unset
-	    eval ${name}_enable=\${${name}_enable-YES}
-	    # If variable is empty set it to 'NO'
-	    eval ${name}_enable=\${${name}_enable:-NO}
-	done
-    fi
+	fi
+	# If variable is empty, set it to 'NO'
+	eval ${name}_enable=\${${name}_enable:-NO}
+    done
+    # Fetch parameters from configuration file
+    samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)"
+    samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%}
+    samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)"
+    samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%}
 }
 
 # Load configuration variables
 samba_server_config_init
-# Fetch parameters from configuration file
-samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)
-samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%}
-samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)
-samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%}
 # Common flags
 command_args=${samba_server_configfile_arg}
 samba_flags=${samba_flags="--daemon"}

Modified: head/net/samba41/Makefile
==============================================================================
--- head/net/samba41/Makefile	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba41/Makefile	Tue Feb 24 20:44:10 2015	(r379838)
@@ -18,7 +18,7 @@ CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0
 
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.1.16
+SAMBA4_VERSION=		4.1.17
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -102,8 +102,8 @@ BUILD_DEPENDS+=		tevent>=0.9.18:${PORTSD
 RUN_DEPENDS+=		tevent>=0.9.18:${PORTSDIR}/devel/tevent
 SAMBA4_BUNDLED_LIBS+=	!tevent
 # tdb
-BUILD_DEPENDS+=		tdb>=1.2.11:${PORTSDIR}/databases/tdb
-RUN_DEPENDS+=		tdb>=1.2.11:${PORTSDIR}/databases/tdb
+BUILD_DEPENDS+=		tdb>=1.2.12:${PORTSDIR}/databases/tdb
+RUN_DEPENDS+=		tdb>=1.2.12:${PORTSDIR}/databases/tdb
 SAMBA4_BUNDLED_LIBS+=	!tdb
 # ntdb
 BUILD_DEPENDS+=		ntdb>=1.0:${PORTSDIR}/databases/ntdb

Modified: head/net/samba41/distinfo
==============================================================================
--- head/net/samba41/distinfo	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba41/distinfo	Tue Feb 24 20:44:10 2015	(r379838)
@@ -1,2 +1,2 @@
-SHA256 (samba-4.1.16.tar.gz) = 12a09c167bfa25f50b82775bcbeda94c71c5d71d3b0d1210f6dae0f23020a87b
-SIZE (samba-4.1.16.tar.gz) = 19534236
+SHA256 (samba-4.1.17.tar.gz) = 7aeb5d09e9c84bbeeb4b98d33404e9dbc4d99c54e64a447cc9c4d57e9255cb1d
+SIZE (samba-4.1.17.tar.gz) = 19536407

Modified: head/net/samba41/files/samba_server.in
==============================================================================
--- head/net/samba41/files/samba_server.in	Tue Feb 24 20:10:42 2015	(r379837)
+++ head/net/samba41/files/samba_server.in	Tue Feb 24 20:44:10 2015	(r379838)
@@ -27,15 +27,9 @@
 
 name="samba_server"
 rcvar=${name}_enable
-
 # Defaults
 samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%"
-samba_server_config=${samba_server_config=${samba_server_config_default}}
-samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"}			#"
-#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
-testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
 smbcontrol_command="%%PREFIX%%/bin/smbcontrol"
-
 # Custom commands
 extra_commands="reload status"
 
@@ -48,7 +42,6 @@ status_cmd="samba_server_cmd"
 reload_cmd="samba_server_reload_cmd"
 rcvar_cmd="samba_server_rcvar_cmd"
 
-
 samba_server_checkconfig() {
     echo -n "Performing sanity check on Samba configuration: "
     if ${testparm_command} >/dev/null 2>&1; then
@@ -144,6 +137,14 @@ samba_server_cmd() {
 
 samba_server_config_init() {
     local name
+    # Load configuration
+    load_rc_config "${name}"
+    # Defaults
+    samba_server_enable=${samba_server_enable:=NO}
+    samba_server_config=${samba_server_config=${samba_server_config_default}}
+    samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"}			#"
+    #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}"
+    testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}"
     # Determine what daemons are necessary to run Samba in the current role
     samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null)
     case "${samba_server_role}" in
@@ -154,38 +155,34 @@ samba_server_config_init() {
 	    samba_daemons="nmbd smbd winbindd"
 	    ;;
     esac
-    # Load configuration
-    load_rc_config "${name}"
+    # Load daemons configuration
     for name in ${samba_daemons}; do
 	load_rc_config "${name}"
-    done
-    # Defaults
-    samba_server_enable=${samba_server_enable:=NO}
-    # Setup dependent variables
-    if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
-	for name in ${samba_daemons}; do
-	    # Winbindd
-	    if [ "${name}" = "winbindd" ]; then
+	# If samba_server_enable is 'YES'
+	if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
+	    if [ "${name}" != "winbindd" ]; then
+		# Set variable to 'YES' only if it is unset
+		eval ${name}_enable=\${${name}_enable-YES}
+	    else
+		# Winbindd
 		samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null)
 		if [ -n "${samba_server_idmap}" ]; then
 		    winbindd_enable="YES"
 		fi
 	    fi
-	    # Set variable to 'YES' only if it is unset
-	    eval ${name}_enable=\${${name}_enable-YES}
-	    # If variable is empty set it to 'NO'
-	    eval ${name}_enable=\${${name}_enable:-NO}
-	done
-    fi
+	fi
+	# If variable is empty, set it to 'NO'
+	eval ${name}_enable=\${${name}_enable:-NO}
+    done
+    # Fetch parameters from configuration file
+    samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)"
+    samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%}
+    samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)"
+    samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%}
 }
 
 # Load configuration variables
 samba_server_config_init
-# Fetch parameters from configuration file
-samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)
-samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%}
-samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)
-samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%}
 # Common flags
 command_args=${samba_server_configfile_arg}
 samba_flags=${samba_flags="--daemon"}