From owner-svn-ports-all@freebsd.org Thu Mar 25 02:57:02 2021 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A54975AD07B; Thu, 25 Mar 2021 02:57:02 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F5VBQ4F51z4S63; Thu, 25 Mar 2021 02:57:02 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 848681F9D6; Thu, 25 Mar 2021 02:57:02 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 12P2v2ab000868; Thu, 25 Mar 2021 02:57:02 GMT (envelope-from timur@FreeBSD.org) Received: (from timur@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 12P2v1b6000859; Thu, 25 Mar 2021 02:57:01 GMT (envelope-from timur@FreeBSD.org) Message-Id: <202103250257.12P2v1b6000859@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: timur set sender to timur@FreeBSD.org using -f From: "Timur I. Bakeyev" Date: Thu, 25 Mar 2021 02:57:01 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r569181 - in head/net: samba411 samba412 samba412/files samba413 X-SVN-Group: ports-head X-SVN-Commit-Author: timur X-SVN-Commit-Paths: in head/net: samba411 samba412 samba412/files samba413 X-SVN-Commit-Revision: 569181 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2021 02:57:02 -0000 Author: timur Date: Thu Mar 25 02:57:00 2021 New Revision: 569181 URL: https://svnweb.freebsd.org/changeset/ports/569181 Log: Security update for net/samba4* ports to 4.13.6 and 4.12.13 respectively. Mark net/samba411 s deprecated. Relnotes: CVE-2020-27840 CVE-2021-20277 Deleted: head/net/samba412/files/patch-source3_lib_messages.c Modified: head/net/samba411/Makefile head/net/samba412/Makefile head/net/samba412/distinfo head/net/samba412/files/patch-bind head/net/samba412/files/patch-source3_modules_vfs__fruit.c head/net/samba412/pkg-plist head/net/samba413/Makefile head/net/samba413/distinfo Modified: head/net/samba411/Makefile ============================================================================== --- head/net/samba411/Makefile Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba411/Makefile Thu Mar 25 02:57:00 2021 (r569181) @@ -14,6 +14,9 @@ COMMENT= Free SMB/CIFS and AD/DC server and client f LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING +DEPRECATED= Security Support ends on 03 Dec 2020 +EXPIRATION_DATE= 2021-04-22 + IGNORE_NONTHREAD_PYTHON= needs port lang/python${PYTHON_SUFFIX} to be build with THREADS support CONFLICTS_INSTALL?= samba4-4.0.* samba4[1-9]-4.* samba41[02-9]-4.1* p5-Parse-Pidl-4.* Modified: head/net/samba412/Makefile ============================================================================== --- head/net/samba412/Makefile Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba412/Makefile Thu Mar 25 02:57:00 2021 (r569181) @@ -3,7 +3,7 @@ PORTNAME= ${SAMBA4_BASENAME}412 PORTVERSION= ${SAMBA4_VERSION} -PORTREVISION= 2 +PORTREVISION= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.pat SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.12.9 +SAMBA4_VERSION= 4.12.13 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} Modified: head/net/samba412/distinfo ============================================================================== --- head/net/samba412/distinfo Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba412/distinfo Thu Mar 25 02:57:00 2021 (r569181) @@ -1,3 +1,3 @@ -TIMESTAMP = 1604112111 -SHA256 (samba-4.12.9.tar.gz) = 786edf7b45b68ce637cb16daaa861097fdd71c9bac8428eec161a3a123f65060 -SIZE (samba-4.12.9.tar.gz) = 18236198 +TIMESTAMP = 1616600978 +SHA256 (samba-4.12.13.tar.gz) = 5bc1cacb4e12bd6618d882e7750a335eec910310043a58d8e18e6614fda3b98d +SIZE (samba-4.12.13.tar.gz) = 18260488 Modified: head/net/samba412/files/patch-bind ============================================================================== --- head/net/samba412/files/patch-bind Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba412/files/patch-bind Thu Mar 25 02:57:00 2021 (r569181) @@ -1,4 +1,4 @@ ---- python/samba/provision/sambadns.py.orig 2020-03-26 08:58:46 UTC +--- python/samba/provision/sambadns.py.orig 2020-11-03 14:33:19 UTC +++ python/samba/provision/sambadns.py @@ -27,6 +27,7 @@ import time import ldb @@ -8,7 +8,7 @@ import samba from samba.tdb_util import tdb_copy from samba.mdb_util import mdb_copy -@@ -965,34 +966,35 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac +@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac stderr=subprocess.STDOUT, cwd='.').communicate()[0] bind_info = get_string(bind_info) @@ -17,6 +17,8 @@ - bind9_10 = '#' - bind9_11 = '#' - bind9_12 = '#' +- bind9_14 = '#' +- bind9_16 = '#' - if bind_info.upper().find('BIND 9.8') != -1: - bind9_8 = '' - elif bind_info.upper().find('BIND 9.9') != -1: @@ -27,8 +29,19 @@ - bind9_11 = '' - elif bind_info.upper().find('BIND 9.12') != -1: - bind9_12 = '' +- elif bind_info.upper().find('BIND 9.14') != -1: +- bind9_14 = '' +- elif bind_info.upper().find('BIND 9.16') != -1: +- bind9_16 = '' - elif bind_info.upper().find('BIND 9.7') != -1: - raise ProvisioningError("DLZ option incompatible with BIND 9.7.") +- elif bind_info.upper().find('BIND_9.13') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.15') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") +- elif bind_info.upper().find('BIND_9.17') != -1: +- raise ProvisioningError("Only stable/esv releases of BIND are supported.") ++ + bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I) + if bind9_release: + bind9_disabled = '' @@ -39,6 +52,8 @@ + raise ProvisioningError("DLZ option incompatible with BIND 9.7.") + elif bind9_version_minor == 8: + bind9_dlz_version = "9" ++ elif bind9_version_minor in [13, 15, 17]: ++ raise ProvisioningError("Only stable/esv releases of BIND are supported.") + else: + bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor) else: @@ -61,53 +76,71 @@ - "BIND9_9": bind9_9, - "BIND9_10": bind9_10, - "BIND9_11": bind9_11, -- "BIND9_12": bind9_12 -- +- "BIND9_12": bind9_12, +- "BIND9_14": bind9_14, +- "BIND9_16": bind9_16 + "BIND9_DLZ": bind9_dlz }) --- source4/dns_server/dlz_minimal.h.orig 2019-12-06 10:10:30 UTC +++ source4/dns_server/dlz_minimal.h -@@ -23,22 +23,23 @@ - #ifndef DLZ_MINIMAL_H - #define DLZ_MINIMAL_H 1 +@@ -26,32 +26,31 @@ + #include + #include -#if defined (BIND_VERSION_9_8) -# define DLZ_DLOPEN_VERSION 1 -#elif defined (BIND_VERSION_9_9) -# define DLZ_DLOPEN_VERSION 2 -# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_10) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 1 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_11) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 -#elif defined (BIND_VERSION_9_12) -# define DLZ_DLOPEN_VERSION 3 -# define DNS_CLIENTINFO_VERSION 2 +-# define ISC_BOOLEAN_AS_BOOL 0 +-#elif defined (BIND_VERSION_9_14) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +-#elif defined (BIND_VERSION_9_16) +-# define DLZ_DLOPEN_VERSION 3 +-# define DNS_CLIENTINFO_VERSION 2 +#if defined (BIND_VERSION) +# if BIND_VERSION == 908 +# define DLZ_DLOPEN_VERSION 1 +# elif BIND_VERSION == 909 +# define DLZ_DLOPEN_VERSION 2 +# define DNS_CLIENTINFO_VERSION 1 ++# define ISC_BOOLEAN_AS_BOOL 0 +# elif BIND_VERSION == 910 +# define DLZ_DLOPEN_VERSION 3 +# define DNS_CLIENTINFO_VERSION 1 -+# elif BIND_VERSION >= 911 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION == 911 || BIND_VERSION == 912 +# define DLZ_DLOPEN_VERSION 3 +# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 0 ++# elif BIND_VERSION >= 914 ++# define DLZ_DLOPEN_VERSION 3 ++# define DNS_CLIENTINFO_VERSION 2 ++# define ISC_BOOLEAN_AS_BOOL 1 +# else +# error Unsupported BIND version +# endif #else --# error Unsupported BIND version + # error Unsupported BIND version +# error BIND_VERSION undefined #endif - #if DLZ_DLOPEN_VERSION > 1 + #ifndef ISC_BOOLEAN_AS_BOOL --- source4/dns_server/wscript_build.orig 2019-12-06 10:11:08 UTC +++ source4/dns_server/wscript_build @@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns', @@ -119,12 +152,12 @@ private_library=True, link_name='modules/bind9/dlz_bind9.so', realname='dlz_bind9.so', -@@ -28,49 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9', +@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9', deps='samba-hostconfig samdb-common gensec popt dnsserver_common', enabled=bld.AD_DC_BUILD_IS_ENABLED()) -bld.SAMBA_LIBRARY('dlz_bind9_9', -+for bind_version in (909, 910, 911, 912, 913, 914, 916): ++for bind_version in (909, 910, 911, 912, 914, 916): + string_version='%d_%d' % (bind_version//100, bind_version % 100) + bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version), source='dlz_bind9.c', @@ -169,6 +202,26 @@ - deps='samba-hostconfig samdb-common gensec popt dnsserver_common', - enabled=bld.AD_DC_BUILD_IS_ENABLED()) - +-bld.SAMBA_LIBRARY('dlz_bind9_14', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_14', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_14.so', +- realname='dlz_bind9_14.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- +-bld.SAMBA_LIBRARY('dlz_bind9_16', +- source='dlz_bind9.c', +- cflags='-DBIND_VERSION_9_16', +- private_library=True, +- link_name='modules/bind9/dlz_bind9_16.so', +- realname='dlz_bind9_16.so', +- install_path='${MODULESDIR}/bind9', +- deps='samba-hostconfig samdb-common gensec popt dnsserver_common', +- enabled=bld.AD_DC_BUILD_IS_ENABLED()) +- bld.SAMBA_LIBRARY('dlz_bind9_for_torture', source='dlz_bind9.c', - cflags='-DBIND_VERSION_9_8', @@ -178,7 +231,7 @@ enabled=bld.AD_DC_BUILD_IS_ENABLED()) --- source4/setup/named.conf.dlz.orig 2019-12-06 10:10:31 UTC +++ source4/setup/named.conf.dlz -@@ -7,22 +7,10 @@ +@@ -7,28 +7,10 @@ # # This configures dynamically loadable zones (DLZ) from AD schema @@ -200,6 +253,12 @@ - - # For BIND 9.12.x - ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so"; +- +- # For BIND 9.14.x +- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so"; +- +- # For BIND 9.16.x +- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; }; --- source4/torture/dns/wscript_build.orig 2020-04-11 03:26:46 UTC Modified: head/net/samba412/files/patch-source3_modules_vfs__fruit.c ============================================================================== --- head/net/samba412/files/patch-source3_modules_vfs__fruit.c Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba412/files/patch-source3_modules_vfs__fruit.c Thu Mar 25 02:57:00 2021 (r569181) @@ -50,19 +50,29 @@ Signed-off-by: Ralph Boehme } return ai; ---- source3/modules/vfs_fruit.c.orig 2020-05-08 09:37:56 UTC +--- source3/modules/vfs_fruit.c.orig 2021-01-26 08:16:58 UTC +++ source3/modules/vfs_fruit.c -@@ -2191,9 +2191,20 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru - { +@@ -2146,13 +2146,30 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_stru + struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp); ssize_t nread; int ret; + char *p = (char *)data; + if (fio->fake_fd) { + return -1; + } + nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); - if (nread == -1 || nread == n) { -+ -+ if (nread == -1) { -+ return -1; ++ if (nread <= 0) { ++ /* ++ * fruit_meta_open_stream() removes O_CREAT flag ++ * from xattr open. This results in vfs_streams_xattr ++ * not generating an FSP extension for the files_struct ++ * and causes subsequent pread() of stream to return ++ * nread=0 if pread() occurs before pwrite(). ++ */ ++ return nread; + } + + if (nread == n) { Modified: head/net/samba412/pkg-plist ============================================================================== --- head/net/samba412/pkg-plist Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba412/pkg-plist Thu Mar 25 02:57:00 2021 (r569181) @@ -282,7 +282,6 @@ lib/samba4/private/libshares-samba4.so lib/samba4/private/libsmb-transport-samba4.so lib/samba4/private/libsmbclient-raw-samba4.so lib/samba4/private/libsmbd-base-samba4.so -lib/samba4/private/libsmbd-conn-samba4.so lib/samba4/private/libsmbd-shim-samba4.so %%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so lib/samba4/private/libsmbpasswdparser-samba4.so @@ -306,7 +305,6 @@ lib/samba4/private/libxattr-tdb-samba4.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_10.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_11.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_12.so -%%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_13.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_14.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/bind9/dlz_bind9_16.so %%AD_DC%%%%SAMBA4_MODULEDIR%%/gensec/krb5.so Modified: head/net/samba413/Makefile ============================================================================== --- head/net/samba413/Makefile Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba413/Makefile Thu Mar 25 02:57:00 2021 (r569181) @@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.pat SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.13.4 +SAMBA4_VERSION= 4.13.7 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} Modified: head/net/samba413/distinfo ============================================================================== --- head/net/samba413/distinfo Thu Mar 25 02:00:23 2021 (r569180) +++ head/net/samba413/distinfo Thu Mar 25 02:57:00 2021 (r569181) @@ -1,3 +1,3 @@ -TIMESTAMP = 1613866662 -SHA256 (samba-4.13.4.tar.gz) = a1b34c63f7100cc8626902d80f335c7cb0b45d4707dd3c4b010f7a28ed615c78 -SIZE (samba-4.13.4.tar.gz) = 18429050 +TIMESTAMP = 1616597731 +SHA256 (samba-4.13.7.tar.gz) = 4e7d700867071047be74d802e25f071255bb7f382c2d788ecb7526fa61c95baa +SIZE (samba-4.13.7.tar.gz) = 18432921