Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Dec 2016 02:51:57 +0000 (UTC)
From:      "Timur I. Bakeyev" <timur@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r429692 - in head/net: samba43 samba43/files samba44 samba44/files
Message-ID:  <201612280251.uBS2pvhA044470@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: timur
Date: Wed Dec 28 02:51:57 2016
New Revision: 429692
URL: https://svnweb.freebsd.org/changeset/ports/429692

Log:
  * Upgrade net/samba43 and net/samba44 to address multiple vulnerabilities
  * Switch port to use net/openldap24-sasl-client as some authorization methods don't work with plain openldap24-client.
  * Changed namespace used by vfs_fruit to be compatiable with net/netatalk3.
  * Removed old DNS crypto patch, as it SEEMS it was superseded by recent code changes. Please, notify me if you see that internal DNS
  doesn't handle signed requests properly anymore.
  
  Security:	CVE-2016-2123
  		CVE-2016-2125
  		CVE-2016-2126

Added:
  head/net/samba43/files/patch-source3__smbd__close.c   (contents, props changed)
  head/net/samba43/files/patch-source3__smbd__open.c   (contents, props changed)
  head/net/samba44/files/patch-source3__modules__vfs_fruit.c   (contents, props changed)
  head/net/samba44/files/patch-source3__smbd__close.c   (contents, props changed)
  head/net/samba44/files/patch-source3__smbd__open.c   (contents, props changed)
Deleted:
  head/net/samba44/files/patch-source4__dns_server__dns_crypto.c
Modified:
  head/net/samba43/Makefile
  head/net/samba43/distinfo
  head/net/samba43/pkg-plist
  head/net/samba44/Makefile
  head/net/samba44/distinfo
  head/net/samba44/pkg-plist

Modified: head/net/samba43/Makefile
==============================================================================
--- head/net/samba43/Makefile	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba43/Makefile	Wed Dec 28 02:51:57 2016	(r429692)
@@ -3,7 +3,7 @@
 
 PORTNAME?=		${SAMBA4_BASENAME}43
 PORTVERSION?=		${SAMBA4_VERSION}
-PORTREVISION?=		1
+PORTREVISION?=		0
 CATEGORIES?=		net
 MASTER_SITES=		SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=		${SAMBA4_DISTNAME}
@@ -19,7 +19,7 @@ CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0
 
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.3.11
+SAMBA4_VERSION=		4.3.13
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -157,7 +157,6 @@ CONFIGURE_ARGS+=	\
 			--with-sendfile-support \
 			--builtin-libraries=smbclient \
 			${ICONV_CONFIGURE_BASE}
-
 # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
 .if ${ARCH} == "amd64"
 CFLAGS+=		-fno-omit-frame-pointer
@@ -192,11 +191,12 @@ GDB_CMD?=		${LOCALBASE}/bin/gdb
 BUILD_DEPENDS+=		${GDB_CMD}:devel/gdb
 RUN_DEPENDS+=		${GDB_CMD}:devel/gdb
 SAMBA4_MODULES+=	auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls
-CONFIGURE_ARGS+=	--enable-developer --enable-selftest
-PLIST_SUB+=		DEVELOPER=""
+CONFIGURE_ARGS+=	--enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable
+PLIST_SUB+=		DEVELOPER="" NTVFS=""
 .else
 GDB_CMD=		true
-PLIST_SUB+=		DEVELOPER="@comment "
+CONFIGURE_ARGS+=	--without-ntvfs-fileserver
+PLIST_SUB+=		DEVELOPER="@comment " NTVFS="@comment"
 .endif
 ##############################################################################
 # XXX: That will blow up your installation
@@ -345,7 +345,7 @@ CONFIGURE_ARGS+=	--without-ads
 
 .if defined(SAMBA4_WANT_LDAP)
 USE_OPENLDAP=		yes
-#WANT_OPENLDAP_SASL=	yes
+WANT_OPENLDAP_SASL=	yes
 CONFIGURE_ARGS+=	--with-ldap
 PLIST_SUB+=		LDAP=""
 .else

Modified: head/net/samba43/distinfo
==============================================================================
--- head/net/samba43/distinfo	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba43/distinfo	Wed Dec 28 02:51:57 2016	(r429692)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1468280731
-SHA256 (samba-4.3.11.tar.gz) = 90a967310e34a31d5c9fc5f86855f334fc19815e7e59f5c2d72a9bba23cf4fec
-SIZE (samba-4.3.11.tar.gz) = 20573432
+TIMESTAMP = 1482679553
+SHA256 (samba-4.3.13.tar.gz) = 876da00b42cecd340db8bad03aabe78eb34ad6ac9a99876d190be3b39a186a97
+SIZE (samba-4.3.13.tar.gz) = 20590334

Added: head/net/samba43/files/patch-source3__smbd__close.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba43/files/patch-source3__smbd__close.c	Wed Dec 28 02:51:57 2016	(r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/close.c.orig	2016-12-25 13:09:22.100676000 +0000
++++ source3/smbd/close.c	2016-12-25 13:09:59.877256000 +0000
+@@ -168,7 +168,7 @@
+ 	unsigned int num_streams = 0;
+ 	TALLOC_CTX *frame = talloc_stackframe();
+ 	NTSTATUS status;
+-	bool saved_posix_pathnames;
++	bool saved_posix_pathnames = false;
+ 
+ 	status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ 				&num_streams, &stream_info);

Added: head/net/samba43/files/patch-source3__smbd__open.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba43/files/patch-source3__smbd__open.c	Wed Dec 28 02:51:57 2016	(r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/open.c.orig	2016-12-25 13:08:58.349614000 +0000
++++ source3/smbd/open.c	2016-12-25 13:09:10.968754000 +0000
+@@ -3890,7 +3890,7 @@
+ 	unsigned int num_streams = 0;
+ 	TALLOC_CTX *frame = talloc_stackframe();
+ 	NTSTATUS status;
+-	bool saved_posix_pathnames;
++	bool saved_posix_pathnames = false;
+ 
+ 	status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ 				&num_streams, &stream_info);

Modified: head/net/samba43/pkg-plist
==============================================================================
--- head/net/samba43/pkg-plist	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba43/pkg-plist	Wed Dec 28 02:51:57 2016	(r429692)
@@ -222,7 +222,7 @@ lib/nss_wins.so.1
 lib/pam_winbind.so
 lib/winbind_krb5_locator.so
 %%AD_DC%%lib/samba/libdlz-bind9-for-torture-samba4.so
-%%AD_DC%%lib/samba/libntvfs-samba4.so
+%%NTVFS%%lib/samba/libntvfs-samba4.so
 %%AD_DC%%lib/samba/libposix-eadb-samba4.so
 %%AD_DC%%lib/samba/libprocess-model-samba4.so
 %%AD_DC%%lib/samba/libservice-samba4.so
@@ -328,9 +328,6 @@ lib/samba/libutil-tdb-samba4.so
 lib/samba/libwinbind-client-samba4.so
 lib/samba/libwind-samba4.so.0
 lib/samba/libxattr-tdb-samba4.so
-%%DEVELOPER%%lib/samba/libnss_wrapper.so
-%%DEVELOPER%%lib/samba/libuid_wrapper.so
-%%DEVELOPER%%lib/samba/libsocket_wrapper.so
 %%AD_DC%%lib/shared-modules/bind9/dlz_bind9.so
 %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_10.so
 %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_9.so
@@ -385,7 +382,7 @@ lib/samba/libxattr-tdb-samba4.so
 %%AD_DC%%lib/shared-modules/service/nbtd.so
 %%AD_DC%%lib/shared-modules/service/ntp_signd.so
 %%AD_DC%%lib/shared-modules/service/s3fs.so
-%%AD_DC%%lib/shared-modules/service/smb.so
+%%NTVFS%%lib/shared-modules/service/smb.so
 %%AD_DC%%lib/shared-modules/service/web.so
 %%AD_DC%%lib/shared-modules/service/winbindd.so
 %%AD_DC%%lib/shared-modules/service/wrepl.so
@@ -502,7 +499,6 @@ lib/shared-modules/vfs/zfsacl.so
 %%PKGCONFIGDIR%%/smbclient-raw.pc
 %%PKGCONFIGDIR%%/torture.pc
 %%PKGCONFIGDIR%%/wbclient.pc
-%%DEVELOPER%%%%PYTHON_SITELIBDIR%%/samba/socket_wrapper.so
 %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab.so
 %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb.so
 %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/xattr_native.so

Modified: head/net/samba44/Makefile
==============================================================================
--- head/net/samba44/Makefile	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba44/Makefile	Wed Dec 28 02:51:57 2016	(r429692)
@@ -3,7 +3,7 @@
 
 PORTNAME?=		${SAMBA4_BASENAME}44
 PORTVERSION?=		${SAMBA4_VERSION}
-PORTREVISION?=		1
+PORTREVISION?=		0
 CATEGORIES?=		net
 MASTER_SITES=		SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=		${SAMBA4_DISTNAME}
@@ -19,7 +19,7 @@ CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0
 
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.4.5
+SAMBA4_VERSION=		4.4.8
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -158,7 +158,6 @@ CONFIGURE_ARGS+=	\
 			--with-sendfile-support \
 			--builtin-libraries=smbclient \
 			${ICONV_CONFIGURE_BASE}
-
 # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
 .if ${ARCH} == "amd64"
 CFLAGS+=		-fno-omit-frame-pointer
@@ -193,11 +192,12 @@ GDB_CMD?=		${LOCALBASE}/bin/gdb
 BUILD_DEPENDS+=		${GDB_CMD}:devel/gdb
 RUN_DEPENDS+=		${GDB_CMD}:devel/gdb
 SAMBA4_MODULES+=	auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls
-CONFIGURE_ARGS+=	--enable-developer --enable-selftest --abi-check-disable
-PLIST_SUB+=		DEVELOPER=""
+CONFIGURE_ARGS+=	--enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable
+PLIST_SUB+=		DEVELOPER="" NTVFS=""
 .else
 GDB_CMD=		true
-PLIST_SUB+=		DEVELOPER="@comment "
+CONFIGURE_ARGS+=	--without-ntvfs-fileserver
+PLIST_SUB+=		DEVELOPER="@comment " NTVFS="@comment"
 .endif
 ##############################################################################
 # XXX: That will blow up your installation
@@ -325,13 +325,15 @@ CONFIGURE_ARGS+=	--without-utmp
 
 .if defined(SAMBA4_WANT_ADS)
 CONFIGURE_ARGS+=	--with-ads
+PLIST_SUB+=		ADS=""
 .else
 CONFIGURE_ARGS+=	--without-ads
+PLIST_SUB+=		ADS="@comment "
 .endif
 
 .if defined(SAMBA4_WANT_LDAP)
 USE_OPENLDAP=		yes
-#WANT_OPENLDAP_SASL=	yes
+WANT_OPENLDAP_SASL=	yes
 CONFIGURE_ARGS+=	--with-ldap
 PLIST_SUB+=		LDAP=""
 .else

Modified: head/net/samba44/distinfo
==============================================================================
--- head/net/samba44/distinfo	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba44/distinfo	Wed Dec 28 02:51:57 2016	(r429692)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1468271289
-SHA256 (samba-4.4.5.tar.gz) = b876ef2e63f66265490e80a122e66ef2d7616112b839df68f56ac2e1ce17a7bd
-SIZE (samba-4.4.5.tar.gz) = 20715838
+TIMESTAMP = 1482669451
+SHA256 (samba-4.4.8.tar.gz) = 0e54de8a22b77f9712578029639331b51f818b70e194766c98475a5b99470fbf
+SIZE (samba-4.4.8.tar.gz) = 20743869

Added: head/net/samba44/files/patch-source3__modules__vfs_fruit.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__modules__vfs_fruit.c	Wed Dec 28 02:51:57 2016	(r429692)
@@ -0,0 +1,11 @@
+--- source3/modules/vfs_fruit.c.orig	2016-12-28 02:48:27.478460000 +0000
++++ source3/modules/vfs_fruit.c	2016-12-28 02:48:58.141967000 +0000
+@@ -105,7 +105,7 @@
+  * This is hokey, but what else can we do?
+  */
+ #define NETATALK_META_XATTR "org.netatalk.Metadata"
+-#if defined(HAVE_ATTROPEN) || defined(FREEBSD)
++#if defined(HAVE_ATTROPEN)
+ #define AFPINFO_EA_NETATALK NETATALK_META_XATTR
+ #define AFPRESOURCE_EA_NETATALK "org.netatalk.ResourceFork"
+ #else

Added: head/net/samba44/files/patch-source3__smbd__close.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__smbd__close.c	Wed Dec 28 02:51:57 2016	(r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/close.c.orig	2016-12-25 13:09:22.100676000 +0000
++++ source3/smbd/close.c	2016-12-25 13:09:59.877256000 +0000
+@@ -168,7 +168,7 @@
+ 	unsigned int num_streams = 0;
+ 	TALLOC_CTX *frame = talloc_stackframe();
+ 	NTSTATUS status;
+-	bool saved_posix_pathnames;
++	bool saved_posix_pathnames = false;
+ 
+ 	status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ 				&num_streams, &stream_info);

Added: head/net/samba44/files/patch-source3__smbd__open.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__smbd__open.c	Wed Dec 28 02:51:57 2016	(r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/open.c.orig	2016-12-25 13:08:58.349614000 +0000
++++ source3/smbd/open.c	2016-12-25 13:09:10.968754000 +0000
+@@ -3890,7 +3890,7 @@
+ 	unsigned int num_streams = 0;
+ 	TALLOC_CTX *frame = talloc_stackframe();
+ 	NTSTATUS status;
+-	bool saved_posix_pathnames;
++	bool saved_posix_pathnames = false;
+ 
+ 	status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ 				&num_streams, &stream_info);

Modified: head/net/samba44/pkg-plist
==============================================================================
--- head/net/samba44/pkg-plist	Wed Dec 28 02:50:27 2016	(r429691)
+++ head/net/samba44/pkg-plist	Wed Dec 28 02:51:57 2016	(r429692)
@@ -164,8 +164,6 @@ lib/samba4/libsmbconf.so
 lib/samba4/libsmbconf.so.0
 %%LDAP%%lib/samba4/libsmbldap.so
 %%LDAP%%lib/samba4/libsmbldap.so.0
-lib/samba4/libtevent-unix-util.so
-lib/samba4/libtevent-unix-util.so.0
 lib/samba4/libtevent-util.so
 lib/samba4/libtevent-util.so.0
 lib/samba4/libwbclient.so
@@ -176,7 +174,6 @@ lib/nss_wins.so.1
 lib/pam_winbind.so
 %%CUPS%%libexec/samba/smbspool_krb5_wrapper
 %%AD_DC%%lib/samba4/private/libdlz-bind9-for-torture-samba4.so
-%%AD_DC%%lib/samba4/private/libntvfs-samba4.so
 %%AD_DC%%lib/samba4/private/libposix-eadb-samba4.so
 %%AD_DC%%lib/samba4/private/libprocess-model-samba4.so
 %%AD_DC%%lib/samba4/private/libservice-samba4.so
@@ -269,6 +266,7 @@ lib/samba4/private/libsmbd-base-samba4.s
 lib/samba4/private/libsmbd-conn-samba4.so
 lib/samba4/private/libsmbd-shim-samba4.so
 %%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so
+%%NTVFS%%lib/samba4/private/libntvfs-samba4.so
 lib/samba4/private/libsmbpasswdparser-samba4.so
 lib/samba4/private/libsmbregistry-samba4.so
 lib/samba4/private/libsocket-blocking-samba4.so
@@ -339,14 +337,14 @@ lib/samba4/private/libxattr-tdb-samba4.s
 %%AD_DC%%lib/shared-modules/service/nbtd.so
 %%AD_DC%%lib/shared-modules/service/ntp_signd.so
 %%AD_DC%%lib/shared-modules/service/s3fs.so
-%%DEVELOPER%%%%AD_DC%%lib/shared-modules/service/smb.so
+%%NTVFS%%lib/shared-modules/service/smb.so
 %%AD_DC%%lib/shared-modules/service/web.so
 %%AD_DC%%lib/shared-modules/service/winbindd.so
 %%AD_DC%%lib/shared-modules/service/wrepl.so
 %%AD_DC%%lib/shared-modules/vfs/posix_eadb.so
 %%DEVELOPER%%lib/shared-modules/vfs/nfs4acl_xattr.so
 %%DEVELOPER%%lib/shared-modules/vfs/fake_dfq.so
-%%LDAP%%lib/shared-modules/idmap/rfc2307.so
+%%ADS%%lib/shared-modules/idmap/rfc2307.so
 %%MODULE_AUTH_SAMBA4%%lib/shared-modules/auth/samba4.so
 %%MODULE_AUTH_SKEL%%lib/shared-modules/auth/skel.so
 %%MODULE_AUTH_UNIX%%lib/shared-modules/auth/unix.so
@@ -585,6 +583,7 @@ lib/shared-modules/vfs/zfsacl.so
 %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/testrpc.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/unix.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
 %%PYTHON_SITELIBDIR%%/samba/tests/docs.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py
 %%PYTHON_SITELIBDIR%%/samba/tests/gensec.py



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612280251.uBS2pvhA044470>