From owner-svn-ports-all@freebsd.org Tue Apr 9 10:07:24 2019 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA862157C1DA; Tue, 9 Apr 2019 10:07:23 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 888C886592; Tue, 9 Apr 2019 10:07:23 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 644A39764; Tue, 9 Apr 2019 10:07:23 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x39A7NCe051444; Tue, 9 Apr 2019 10:07:23 GMT (envelope-from timur@FreeBSD.org) Received: (from timur@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x39A7Mwn051439; Tue, 9 Apr 2019 10:07:22 GMT (envelope-from timur@FreeBSD.org) Message-Id: <201904091007.x39A7Mwn051439@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: timur set sender to timur@FreeBSD.org using -f From: "Timur I. Bakeyev" Date: Tue, 9 Apr 2019 10:07:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r498474 - in head/net/samba48: . files X-SVN-Group: ports-head X-SVN-Commit-Author: timur X-SVN-Commit-Paths: in head/net/samba48: . files X-SVN-Commit-Revision: 498474 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 888C886592 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.99)[-0.994,0]; NEURAL_HAM_SHORT(-0.98)[-0.975,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Apr 2019 10:07:24 -0000 Author: timur Date: Tue Apr 9 10:07:22 2019 New Revision: 498474 URL: https://svnweb.freebsd.org/changeset/ports/498474 Log: Upgrade Samba 4.8 to the 4.8.11, addressing CVE-2019-3880. Security: CVE-2019-3880 Added: head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c (contents, props changed) Modified: head/net/samba48/Makefile head/net/samba48/distinfo head/net/samba48/files/patch-bind13 head/net/samba48/pkg-plist Modified: head/net/samba48/Makefile ============================================================================== --- head/net/samba48/Makefile Tue Apr 9 10:05:44 2019 (r498473) +++ head/net/samba48/Makefile Tue Apr 9 10:07:22 2019 (r498474) @@ -3,7 +3,7 @@ PORTNAME= ${SAMBA4_BASENAME}48 PORTVERSION= ${SAMBA4_VERSION} -PORTREVISION= 1 +PORTREVISION= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -24,7 +24,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-228462.patch:-p SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.8.9 +SAMBA4_VERSION= 4.8.11 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -68,8 +68,9 @@ CONFIGURE_ARGS+= --mandir="${MANPREFIX}/man" \ # XXX: Flags CONFIGURE_ENV+= PTHREAD_LDFLAGS="-lpthread" -USES= compiler:c++11-lang cpe iconv \ - localbase:ldflags perl5 pkgconfig shebangfix waf +USES= compiler:c++11-lang cpe iconv gettext-runtime \ + localbase:ldflags perl5 pkgconfig shebangfix \ + ssl waf USE_PERL5= build USE_LDCONFIG= ${SAMBA4_LIBDIR} WAF_CMD= buildtools/bin/waf @@ -101,7 +102,7 @@ OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BUILTIN GSSAPI_MIT OPTIONS_RADIO= DNS ZEROCONF -OPTIONS_RADIO_DNS= NSUPDATE BIND911 BIND912 BIND913 +OPTIONS_RADIO_DNS= NSUPDATE BIND911 BIND912 BIND913 BIND914 OPTIONS_RADIO_ZEROCONF= MDNSRESPONDER AVAHI ############################################################################## AD_DC_DESC= Active Directory Domain Controller @@ -128,6 +129,7 @@ GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimd BIND911_DESC= Use Bind 9.11 as AD DC DNS server frontend BIND912_DESC= Use Bind 9.12 as AD DC DNS server frontend BIND913_DESC= Use Bind 9.13 as AD DC DNS server frontend +BIND914_DESC= Use Bind 9.14 as AD DC DNS server frontend NSUPDATE_DESC= Use samba NSUPDATE utility for AD DC ############################################################################## # XXX: Unconditional dependencies which can't be switched off(if present in @@ -272,6 +274,7 @@ CONFIGURE_ARGS+= \ BIND911_RUN_DEPENDS= bind911>=9.11.0.0:dns/bind911 BIND912_RUN_DEPENDS= bind912>=9.12.0.0:dns/bind912 BIND913_RUN_DEPENDS= bind913>=9.13.0.0:dns/bind913 +BIND914_RUN_DEPENDS= bind914>=9.14.0.0:dns/bind914 NSUPDATE_RUN_DEPENDS= samba-nsupdate:dns/samba-nsupdate AVAHI_CONFIGURE_ENABLE= avahi Modified: head/net/samba48/distinfo ============================================================================== --- head/net/samba48/distinfo Tue Apr 9 10:05:44 2019 (r498473) +++ head/net/samba48/distinfo Tue Apr 9 10:07:22 2019 (r498474) @@ -1,3 +1,3 @@ -TIMESTAMP = 1549652430 -SHA256 (samba-4.8.9.tar.gz) = ad2acf6bed436c125314a054f0589308eb664ac3d96cfb02d05e654a44e09c80 -SIZE (samba-4.8.9.tar.gz) = 17750151 +TIMESTAMP = 1554714921 +SHA256 (samba-4.8.11.tar.gz) = d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a +SIZE (samba-4.8.11.tar.gz) = 17761896 Modified: head/net/samba48/files/patch-bind13 ============================================================================== --- head/net/samba48/files/patch-bind13 Tue Apr 9 10:05:44 2019 (r498473) +++ head/net/samba48/files/patch-bind13 Tue Apr 9 10:07:22 2019 (r498474) @@ -1,6 +1,6 @@ --- source4/dns_server/wscript_build.orig 2018-01-14 20:41:58 UTC +++ source4/dns_server/wscript_build -@@ -58,6 +58,26 @@ +@@ -58,6 +58,36 @@ deps='samba-hostconfig samdb-common gensec popt dnsserver_common', enabled=bld.AD_DC_BUILD_IS_ENABLED()) @@ -24,6 +24,16 @@ + deps='samba-hostconfig samdb-common gensec popt dnsserver_common', + enabled=bld.AD_DC_BUILD_IS_ENABLED()) + ++bld.SAMBA_LIBRARY('dlz_bind9_14', ++ source='dlz_bind9.c', ++ cflags='-DBIND_VERSION_9_14', ++ private_library=True, ++ link_name='modules/bind9/dlz_bind9_14.so', ++ realname='dlz_bind9_14.so', ++ install_path='${MODULESDIR}/bind9', ++ deps='samba-hostconfig samdb-common gensec popt dnsserver_common', ++ enabled=bld.AD_DC_BUILD_IS_ENABLED()) ++ bld.SAMBA_LIBRARY('dlz_bind9_for_torture', source='dlz_bind9.c', cflags='-DBIND_VERSION_9_8', @@ -34,13 +44,13 @@ # define DLZ_DLOPEN_VERSION 3 # define DNS_CLIENTINFO_VERSION 1 -#elif defined (BIND_VERSION_9_11) -+#elif defined (BIND_VERSION_9_11) || defined (BIND_VERSION_9_12) || defined (BIND_VERSION_9_13) ++#elif defined (BIND_VERSION_9_11) || defined (BIND_VERSION_9_12) || defined (BIND_VERSION_9_13) || defined (BIND_VERSION_9_14) # define DLZ_DLOPEN_VERSION 3 # define DNS_CLIENTINFO_VERSION 2 #else --- source4/setup/named.conf.dlz.orig 2018-01-14 22:41:59 UTC +++ source4/setup/named.conf.dlz -@@ -21,5 +21,11 @@ dlz "AD DNS Zone" { +@@ -21,5 +21,14 @@ dlz "AD DNS Zone" { # For BIND 9.11.x ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so"; @@ -50,20 +60,24 @@ + + # For BIND 9.13.x + ${BIND9_13} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_13.so"; ++ ++ # For BIND 9.14.x ++ ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; }; --- python/samba/provision/sambadns.py.orig 2018-01-17 09:08:39 UTC +++ python/samba/provision/sambadns.py -@@ -937,6 +937,8 @@ def create_named_conf(paths, realm, dnsd +@@ -937,6 +937,9 @@ def create_named_conf(paths, realm, dnsd bind9_9 = '#' bind9_10 = '#' bind9_11 = '#' + bind9_12 = '#' + bind9_13 = '#' ++ bind9_14 = '#' if bind_info.upper().find('BIND 9.8') != -1: bind9_8 = '' elif bind_info.upper().find('BIND 9.9') != -1: -@@ -945,6 +947,10 @@ def create_named_conf(paths, realm, dnsd +@@ -945,6 +947,12 @@ def create_named_conf(paths, realm, dnsd bind9_10 = '' elif bind_info.upper().find('BIND 9.11') != -1: bind9_11 = '' @@ -71,17 +85,20 @@ + bind9_12 = '' + elif bind_info.upper().find('BIND 9.13') != -1: + bind9_13 = '' ++ elif bind_info.upper().find('BIND 9.14') != -1: ++ bind9_14 = '' elif bind_info.upper().find('BIND 9.7') != -1: raise ProvisioningError("DLZ option incompatible with BIND 9.7.") else: -@@ -955,7 +961,9 @@ def create_named_conf(paths, realm, dnsd +@@ -955,7 +961,10 @@ def create_named_conf(paths, realm, dnsd "BIND9_8" : bind9_8, "BIND9_9" : bind9_9, "BIND9_10" : bind9_10, - "BIND9_11" : bind9_11 + "BIND9_11" : bind9_11, + "BIND9_12" : bind9_12, -+ "BIND9_13" : bind9_13 ++ "BIND9_13" : bind9_13, ++ "BIND9_14" : bind9_14 }) Added: head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c Tue Apr 9 10:07:22 2019 (r498474) @@ -0,0 +1,15 @@ +../source3/rpc_server/mdssvc/mdssvc.c:157:9: error: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat] + dalloc_size(dd)); + ^~~~~~~~~~~~~~~ + +--- source3/rpc_server/mdssvc/mdssvc.c.orig 2019-04-09 01:04:10 UTC ++++ source3/rpc_server/mdssvc/mdssvc.c +@@ -151,7 +151,7 @@ char *mds_dalloc_dump(DALLOC_CTX *dd, in + } + + logstring = talloc_asprintf(dd, +- "%s%s(#%lu): {\n", ++ "%s%s(#%zu): {\n", + tab_string1, + talloc_get_name(dd), + dalloc_size(dd)); Modified: head/net/samba48/pkg-plist ============================================================================== --- head/net/samba48/pkg-plist Tue Apr 9 10:05:44 2019 (r498473) +++ head/net/samba48/pkg-plist Tue Apr 9 10:07:22 2019 (r498474) @@ -298,6 +298,7 @@ lib/samba4/private/libxattr-tdb-samba4.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_11.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_12.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_13.so +%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_14.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_9.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9.so %%AD_DC%%lib/shared-modules/gensec/krb5.so