From owner-svn-ports-all@freebsd.org Wed Dec 28 02:51:59 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B78A7C935BD; Wed, 28 Dec 2016 02:51:59 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 860291A6A; Wed, 28 Dec 2016 02:51:59 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uBS2pwue044481; Wed, 28 Dec 2016 02:51:58 GMT (envelope-from timur@FreeBSD.org) Received: (from timur@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uBS2pvhA044470; Wed, 28 Dec 2016 02:51:57 GMT (envelope-from timur@FreeBSD.org) Message-Id: <201612280251.uBS2pvhA044470@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: timur set sender to timur@FreeBSD.org using -f From: "Timur I. Bakeyev" Date: Wed, 28 Dec 2016 02:51:57 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r429692 - in head/net: samba43 samba43/files samba44 samba44/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Dec 2016 02:51:59 -0000 Author: timur Date: Wed Dec 28 02:51:57 2016 New Revision: 429692 URL: https://svnweb.freebsd.org/changeset/ports/429692 Log: * Upgrade net/samba43 and net/samba44 to address multiple vulnerabilities * Switch port to use net/openldap24-sasl-client as some authorization methods don't work with plain openldap24-client. * Changed namespace used by vfs_fruit to be compatiable with net/netatalk3. * Removed old DNS crypto patch, as it SEEMS it was superseded by recent code changes. Please, notify me if you see that internal DNS doesn't handle signed requests properly anymore. Security: CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 Added: head/net/samba43/files/patch-source3__smbd__close.c (contents, props changed) head/net/samba43/files/patch-source3__smbd__open.c (contents, props changed) head/net/samba44/files/patch-source3__modules__vfs_fruit.c (contents, props changed) head/net/samba44/files/patch-source3__smbd__close.c (contents, props changed) head/net/samba44/files/patch-source3__smbd__open.c (contents, props changed) Deleted: head/net/samba44/files/patch-source4__dns_server__dns_crypto.c Modified: head/net/samba43/Makefile head/net/samba43/distinfo head/net/samba43/pkg-plist head/net/samba44/Makefile head/net/samba44/distinfo head/net/samba44/pkg-plist Modified: head/net/samba43/Makefile ============================================================================== --- head/net/samba43/Makefile Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba43/Makefile Wed Dec 28 02:51:57 2016 (r429692) @@ -3,7 +3,7 @@ PORTNAME?= ${SAMBA4_BASENAME}43 PORTVERSION?= ${SAMBA4_VERSION} -PORTREVISION?= 1 +PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -19,7 +19,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.3.11 +SAMBA4_VERSION= 4.3.13 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -157,7 +157,6 @@ CONFIGURE_ARGS+= \ --with-sendfile-support \ --builtin-libraries=smbclient \ ${ICONV_CONFIGURE_BASE} - # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack) .if ${ARCH} == "amd64" CFLAGS+= -fno-omit-frame-pointer @@ -192,11 +191,12 @@ GDB_CMD?= ${LOCALBASE}/bin/gdb BUILD_DEPENDS+= ${GDB_CMD}:devel/gdb RUN_DEPENDS+= ${GDB_CMD}:devel/gdb SAMBA4_MODULES+= auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls -CONFIGURE_ARGS+= --enable-developer --enable-selftest -PLIST_SUB+= DEVELOPER="" +CONFIGURE_ARGS+= --enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable +PLIST_SUB+= DEVELOPER="" NTVFS="" .else GDB_CMD= true -PLIST_SUB+= DEVELOPER="@comment " +CONFIGURE_ARGS+= --without-ntvfs-fileserver +PLIST_SUB+= DEVELOPER="@comment " NTVFS="@comment" .endif ############################################################################## # XXX: That will blow up your installation @@ -345,7 +345,7 @@ CONFIGURE_ARGS+= --without-ads .if defined(SAMBA4_WANT_LDAP) USE_OPENLDAP= yes -#WANT_OPENLDAP_SASL= yes +WANT_OPENLDAP_SASL= yes CONFIGURE_ARGS+= --with-ldap PLIST_SUB+= LDAP="" .else Modified: head/net/samba43/distinfo ============================================================================== --- head/net/samba43/distinfo Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba43/distinfo Wed Dec 28 02:51:57 2016 (r429692) @@ -1,3 +1,3 @@ -TIMESTAMP = 1468280731 -SHA256 (samba-4.3.11.tar.gz) = 90a967310e34a31d5c9fc5f86855f334fc19815e7e59f5c2d72a9bba23cf4fec -SIZE (samba-4.3.11.tar.gz) = 20573432 +TIMESTAMP = 1482679553 +SHA256 (samba-4.3.13.tar.gz) = 876da00b42cecd340db8bad03aabe78eb34ad6ac9a99876d190be3b39a186a97 +SIZE (samba-4.3.13.tar.gz) = 20590334 Added: head/net/samba43/files/patch-source3__smbd__close.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba43/files/patch-source3__smbd__close.c Wed Dec 28 02:51:57 2016 (r429692) @@ -0,0 +1,11 @@ +--- source3/smbd/close.c.orig 2016-12-25 13:09:22.100676000 +0000 ++++ source3/smbd/close.c 2016-12-25 13:09:59.877256000 +0000 +@@ -168,7 +168,7 @@ + unsigned int num_streams = 0; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; +- bool saved_posix_pathnames; ++ bool saved_posix_pathnames = false; + + status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); Added: head/net/samba43/files/patch-source3__smbd__open.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba43/files/patch-source3__smbd__open.c Wed Dec 28 02:51:57 2016 (r429692) @@ -0,0 +1,11 @@ +--- source3/smbd/open.c.orig 2016-12-25 13:08:58.349614000 +0000 ++++ source3/smbd/open.c 2016-12-25 13:09:10.968754000 +0000 +@@ -3890,7 +3890,7 @@ + unsigned int num_streams = 0; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; +- bool saved_posix_pathnames; ++ bool saved_posix_pathnames = false; + + status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); Modified: head/net/samba43/pkg-plist ============================================================================== --- head/net/samba43/pkg-plist Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba43/pkg-plist Wed Dec 28 02:51:57 2016 (r429692) @@ -222,7 +222,7 @@ lib/nss_wins.so.1 lib/pam_winbind.so lib/winbind_krb5_locator.so %%AD_DC%%lib/samba/libdlz-bind9-for-torture-samba4.so -%%AD_DC%%lib/samba/libntvfs-samba4.so +%%NTVFS%%lib/samba/libntvfs-samba4.so %%AD_DC%%lib/samba/libposix-eadb-samba4.so %%AD_DC%%lib/samba/libprocess-model-samba4.so %%AD_DC%%lib/samba/libservice-samba4.so @@ -328,9 +328,6 @@ lib/samba/libutil-tdb-samba4.so lib/samba/libwinbind-client-samba4.so lib/samba/libwind-samba4.so.0 lib/samba/libxattr-tdb-samba4.so -%%DEVELOPER%%lib/samba/libnss_wrapper.so -%%DEVELOPER%%lib/samba/libuid_wrapper.so -%%DEVELOPER%%lib/samba/libsocket_wrapper.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_10.so %%AD_DC%%lib/shared-modules/bind9/dlz_bind9_9.so @@ -385,7 +382,7 @@ lib/samba/libxattr-tdb-samba4.so %%AD_DC%%lib/shared-modules/service/nbtd.so %%AD_DC%%lib/shared-modules/service/ntp_signd.so %%AD_DC%%lib/shared-modules/service/s3fs.so -%%AD_DC%%lib/shared-modules/service/smb.so +%%NTVFS%%lib/shared-modules/service/smb.so %%AD_DC%%lib/shared-modules/service/web.so %%AD_DC%%lib/shared-modules/service/winbindd.so %%AD_DC%%lib/shared-modules/service/wrepl.so @@ -502,7 +499,6 @@ lib/shared-modules/vfs/zfsacl.so %%PKGCONFIGDIR%%/smbclient-raw.pc %%PKGCONFIGDIR%%/torture.pc %%PKGCONFIGDIR%%/wbclient.pc -%%DEVELOPER%%%%PYTHON_SITELIBDIR%%/samba/socket_wrapper.so %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab.so %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb.so %%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/xattr_native.so Modified: head/net/samba44/Makefile ============================================================================== --- head/net/samba44/Makefile Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba44/Makefile Wed Dec 28 02:51:57 2016 (r429692) @@ -3,7 +3,7 @@ PORTNAME?= ${SAMBA4_BASENAME}44 PORTVERSION?= ${SAMBA4_VERSION} -PORTREVISION?= 1 +PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -19,7 +19,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.4.5 +SAMBA4_VERSION= 4.4.8 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -158,7 +158,6 @@ CONFIGURE_ARGS+= \ --with-sendfile-support \ --builtin-libraries=smbclient \ ${ICONV_CONFIGURE_BASE} - # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack) .if ${ARCH} == "amd64" CFLAGS+= -fno-omit-frame-pointer @@ -193,11 +192,12 @@ GDB_CMD?= ${LOCALBASE}/bin/gdb BUILD_DEPENDS+= ${GDB_CMD}:devel/gdb RUN_DEPENDS+= ${GDB_CMD}:devel/gdb SAMBA4_MODULES+= auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls -CONFIGURE_ARGS+= --enable-developer --enable-selftest --abi-check-disable -PLIST_SUB+= DEVELOPER="" +CONFIGURE_ARGS+= --enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable +PLIST_SUB+= DEVELOPER="" NTVFS="" .else GDB_CMD= true -PLIST_SUB+= DEVELOPER="@comment " +CONFIGURE_ARGS+= --without-ntvfs-fileserver +PLIST_SUB+= DEVELOPER="@comment " NTVFS="@comment" .endif ############################################################################## # XXX: That will blow up your installation @@ -325,13 +325,15 @@ CONFIGURE_ARGS+= --without-utmp .if defined(SAMBA4_WANT_ADS) CONFIGURE_ARGS+= --with-ads +PLIST_SUB+= ADS="" .else CONFIGURE_ARGS+= --without-ads +PLIST_SUB+= ADS="@comment " .endif .if defined(SAMBA4_WANT_LDAP) USE_OPENLDAP= yes -#WANT_OPENLDAP_SASL= yes +WANT_OPENLDAP_SASL= yes CONFIGURE_ARGS+= --with-ldap PLIST_SUB+= LDAP="" .else Modified: head/net/samba44/distinfo ============================================================================== --- head/net/samba44/distinfo Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba44/distinfo Wed Dec 28 02:51:57 2016 (r429692) @@ -1,3 +1,3 @@ -TIMESTAMP = 1468271289 -SHA256 (samba-4.4.5.tar.gz) = b876ef2e63f66265490e80a122e66ef2d7616112b839df68f56ac2e1ce17a7bd -SIZE (samba-4.4.5.tar.gz) = 20715838 +TIMESTAMP = 1482669451 +SHA256 (samba-4.4.8.tar.gz) = 0e54de8a22b77f9712578029639331b51f818b70e194766c98475a5b99470fbf +SIZE (samba-4.4.8.tar.gz) = 20743869 Added: head/net/samba44/files/patch-source3__modules__vfs_fruit.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba44/files/patch-source3__modules__vfs_fruit.c Wed Dec 28 02:51:57 2016 (r429692) @@ -0,0 +1,11 @@ +--- source3/modules/vfs_fruit.c.orig 2016-12-28 02:48:27.478460000 +0000 ++++ source3/modules/vfs_fruit.c 2016-12-28 02:48:58.141967000 +0000 +@@ -105,7 +105,7 @@ + * This is hokey, but what else can we do? + */ + #define NETATALK_META_XATTR "org.netatalk.Metadata" +-#if defined(HAVE_ATTROPEN) || defined(FREEBSD) ++#if defined(HAVE_ATTROPEN) + #define AFPINFO_EA_NETATALK NETATALK_META_XATTR + #define AFPRESOURCE_EA_NETATALK "org.netatalk.ResourceFork" + #else Added: head/net/samba44/files/patch-source3__smbd__close.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba44/files/patch-source3__smbd__close.c Wed Dec 28 02:51:57 2016 (r429692) @@ -0,0 +1,11 @@ +--- source3/smbd/close.c.orig 2016-12-25 13:09:22.100676000 +0000 ++++ source3/smbd/close.c 2016-12-25 13:09:59.877256000 +0000 +@@ -168,7 +168,7 @@ + unsigned int num_streams = 0; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; +- bool saved_posix_pathnames; ++ bool saved_posix_pathnames = false; + + status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); Added: head/net/samba44/files/patch-source3__smbd__open.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba44/files/patch-source3__smbd__open.c Wed Dec 28 02:51:57 2016 (r429692) @@ -0,0 +1,11 @@ +--- source3/smbd/open.c.orig 2016-12-25 13:08:58.349614000 +0000 ++++ source3/smbd/open.c 2016-12-25 13:09:10.968754000 +0000 +@@ -3890,7 +3890,7 @@ + unsigned int num_streams = 0; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; +- bool saved_posix_pathnames; ++ bool saved_posix_pathnames = false; + + status = vfs_streaminfo(conn, NULL, fname, talloc_tos(), + &num_streams, &stream_info); Modified: head/net/samba44/pkg-plist ============================================================================== --- head/net/samba44/pkg-plist Wed Dec 28 02:50:27 2016 (r429691) +++ head/net/samba44/pkg-plist Wed Dec 28 02:51:57 2016 (r429692) @@ -164,8 +164,6 @@ lib/samba4/libsmbconf.so lib/samba4/libsmbconf.so.0 %%LDAP%%lib/samba4/libsmbldap.so %%LDAP%%lib/samba4/libsmbldap.so.0 -lib/samba4/libtevent-unix-util.so -lib/samba4/libtevent-unix-util.so.0 lib/samba4/libtevent-util.so lib/samba4/libtevent-util.so.0 lib/samba4/libwbclient.so @@ -176,7 +174,6 @@ lib/nss_wins.so.1 lib/pam_winbind.so %%CUPS%%libexec/samba/smbspool_krb5_wrapper %%AD_DC%%lib/samba4/private/libdlz-bind9-for-torture-samba4.so -%%AD_DC%%lib/samba4/private/libntvfs-samba4.so %%AD_DC%%lib/samba4/private/libposix-eadb-samba4.so %%AD_DC%%lib/samba4/private/libprocess-model-samba4.so %%AD_DC%%lib/samba4/private/libservice-samba4.so @@ -269,6 +266,7 @@ lib/samba4/private/libsmbd-base-samba4.s lib/samba4/private/libsmbd-conn-samba4.so lib/samba4/private/libsmbd-shim-samba4.so %%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so +%%NTVFS%%lib/samba4/private/libntvfs-samba4.so lib/samba4/private/libsmbpasswdparser-samba4.so lib/samba4/private/libsmbregistry-samba4.so lib/samba4/private/libsocket-blocking-samba4.so @@ -339,14 +337,14 @@ lib/samba4/private/libxattr-tdb-samba4.s %%AD_DC%%lib/shared-modules/service/nbtd.so %%AD_DC%%lib/shared-modules/service/ntp_signd.so %%AD_DC%%lib/shared-modules/service/s3fs.so -%%DEVELOPER%%%%AD_DC%%lib/shared-modules/service/smb.so +%%NTVFS%%lib/shared-modules/service/smb.so %%AD_DC%%lib/shared-modules/service/web.so %%AD_DC%%lib/shared-modules/service/winbindd.so %%AD_DC%%lib/shared-modules/service/wrepl.so %%AD_DC%%lib/shared-modules/vfs/posix_eadb.so %%DEVELOPER%%lib/shared-modules/vfs/nfs4acl_xattr.so %%DEVELOPER%%lib/shared-modules/vfs/fake_dfq.so -%%LDAP%%lib/shared-modules/idmap/rfc2307.so +%%ADS%%lib/shared-modules/idmap/rfc2307.so %%MODULE_AUTH_SAMBA4%%lib/shared-modules/auth/samba4.so %%MODULE_AUTH_SKEL%%lib/shared-modules/auth/skel.so %%MODULE_AUTH_UNIX%%lib/shared-modules/auth/unix.so @@ -585,6 +583,7 @@ lib/shared-modules/vfs/zfsacl.so %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/testrpc.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/unix.py %%PYTHON_SITELIBDIR%%/samba/tests/dns.py +%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py %%PYTHON_SITELIBDIR%%/samba/tests/docs.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py %%PYTHON_SITELIBDIR%%/samba/tests/gensec.py