Date: Sun, 5 Jul 2020 00:27:27 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r541243 - in head/net: samba410 samba410/files samba411 samba411/files Message-ID: <202007050027.0650RRUZ096842@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Sun Jul 5 00:27:27 2020 New Revision: 541243 URL: https://svnweb.freebsd.org/changeset/ports/541243 Log: Update Samba ports to close recent CVEs. PR: 245475 Security: CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Added: head/net/samba410/files/patch-lib_util_util__paths.c (contents, props changed) head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c (contents, props changed) head/net/samba411/files/patch-lib_util_util__paths.c (contents, props changed) head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c (contents, props changed) Modified: head/net/samba410/Makefile head/net/samba410/distinfo head/net/samba410/files/patch-lib_util_wscript__build head/net/samba410/pkg-plist head/net/samba411/Makefile head/net/samba411/distinfo head/net/samba411/files/patch-lib_util_wscript__build head/net/samba411/pkg-plist Modified: head/net/samba410/Makefile ============================================================================== --- head/net/samba410/Makefile Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba410/Makefile Sun Jul 5 00:27:27 2020 (r541243) @@ -24,7 +24,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-provision-use-ASCII SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.10.15 +SAMBA4_VERSION= 4.10.17 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -632,7 +632,7 @@ post-install: post-install-rm-junk post-install-fix-ma ${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}" .endfor .if !defined(WITH_DEBUG) - -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \ + -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \ -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} -${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \ -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} Modified: head/net/samba410/distinfo ============================================================================== --- head/net/samba410/distinfo Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba410/distinfo Sun Jul 5 00:27:27 2020 (r541243) @@ -1,3 +1,3 @@ -TIMESTAMP = 1588122967 -SHA256 (samba-4.10.15.tar.gz) = 0b8b62558b62fbb121015f28f40fae0f07522710b6bef77c508b51bb6914ced9 -SIZE (samba-4.10.15.tar.gz) = 18383201 +TIMESTAMP = 1593889839 +SHA256 (samba-4.10.17.tar.gz) = 03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e +SIZE (samba-4.10.17.tar.gz) = 18387328 Added: head/net/samba410/files/patch-lib_util_util__paths.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba410/files/patch-lib_util_util__paths.c Sun Jul 5 00:27:27 2020 (r541243) @@ -0,0 +1,15 @@ +--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC ++++ lib/util/util_paths.c +@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + { + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; +- char buf[NSS_BUFLEN_PASSWD] = {0}; ++ char buf[1024] = {0}; + int rc; + +- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); ++ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { + int len_written; + const char *szPath = getenv("HOME"); Modified: head/net/samba410/files/patch-lib_util_wscript__build ============================================================================== --- head/net/samba410/files/patch-lib_util_wscript__build Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba410/files/patch-lib_util_wscript__build Sun Jul 5 00:27:27 2020 (r541243) @@ -1,6 +1,6 @@ --- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC +++ lib/util/wscript_build -@@ -151,7 +151,7 @@ else: +@@ -170,7 +170,7 @@ else: bld.SAMBA_LIBRARY('samba-modules', source='modules.c', Added: head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c Sun Jul 5 00:27:27 2020 (r541243) @@ -0,0 +1,36 @@ +--- source3/modules/vfs_zfsacl.c.orig 2018-07-12 08:23:36 UTC ++++ source3/modules/vfs_zfsacl.c +@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st + SMB_STRUCT_STAT sbuf; + const SMB_STRUCT_STAT *psbuf = NULL; + int ret; ++ bool inherited_is_present = False; + bool is_dir; + + if (VALID_STAT(smb_fname->st)) { +@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st + aceprop.aceMask |= SMB_ACE4_DELETE_CHILD; + } + ++#ifdef ACE_INHERITED_ACE ++ if(aceprop.aceFlags & ACE_INHERITED_ACE) { ++ inherited_is_present = true; ++ } ++#endif + if(aceprop.aceFlags & ACE_OWNER) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_OWNER; +@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st + return NT_STATUS_NO_MEMORY; + } + ++#ifdef ACE_INHERITED_ACE ++ if (!inherited_is_present ++ && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){ ++ DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name); ++ smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE); ++ } ++#endif + *ppacl = pacl; + return NT_STATUS_OK; + } Modified: head/net/samba410/pkg-plist ============================================================================== --- head/net/samba410/pkg-plist Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba410/pkg-plist Sun Jul 5 00:27:27 2020 (r541243) @@ -974,6 +974,7 @@ man/man8/winbindd.8.gz %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py +%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py %%PYTHON_SITELIBDIR%%/samba/tests/dns.py Modified: head/net/samba411/Makefile ============================================================================== --- head/net/samba411/Makefile Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba411/Makefile Sun Jul 5 00:27:27 2020 (r541243) @@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.pat SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.11.8 +SAMBA4_VERSION= 4.11.11 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -630,7 +630,7 @@ post-install: post-install-rm-junk post-install-fix-ma ${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}" .endfor .if !defined(WITH_DEBUG) - -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \ + -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \ -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} -${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \ -type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD} Modified: head/net/samba411/distinfo ============================================================================== --- head/net/samba411/distinfo Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba411/distinfo Sun Jul 5 00:27:27 2020 (r541243) @@ -1,3 +1,3 @@ -TIMESTAMP = 1588122982 -SHA256 (samba-4.11.8.tar.gz) = bb140caa37d2bbbb1f15f849aa86b1d5f787729443099139936f0ea06a5100ca -SIZE (samba-4.11.8.tar.gz) = 18571308 +TIMESTAMP = 1593823109 +SHA256 (samba-4.11.11.tar.gz) = 457f08a2956534269c784b95cff840250165f1e98f8db725bf64e2fca707ff60 +SIZE (samba-4.11.11.tar.gz) = 18590837 Added: head/net/samba411/files/patch-lib_util_util__paths.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba411/files/patch-lib_util_util__paths.c Sun Jul 5 00:27:27 2020 (r541243) @@ -0,0 +1,15 @@ +--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC ++++ lib/util/util_paths.c +@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + { + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; +- char buf[NSS_BUFLEN_PASSWD] = {0}; ++ char buf[1024] = {0}; + int rc; + +- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); ++ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { + int len_written; + const char *szPath = getenv("HOME"); Modified: head/net/samba411/files/patch-lib_util_wscript__build ============================================================================== --- head/net/samba411/files/patch-lib_util_wscript__build Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba411/files/patch-lib_util_wscript__build Sun Jul 5 00:27:27 2020 (r541243) @@ -1,6 +1,6 @@ --- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC +++ lib/util/wscript_build -@@ -151,7 +151,7 @@ else: +@@ -170,7 +170,7 @@ else: bld.SAMBA_LIBRARY('samba-modules', source='modules.c', @@ -9,3 +9,10 @@ local_include=False, private_library=True) +@@ -285,4 +285,5 @@ else: + bld.SAMBA_BINARY('test_util_paths', + source='tests/test_util_paths.c', + deps='cmocka replace talloc samba-util', +- local_include=False) ++ local_include=False, ++ install=False) Added: head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c Sun Jul 5 00:27:27 2020 (r541243) @@ -0,0 +1,36 @@ +--- source3/modules/vfs_zfsacl.c.orig 2018-07-12 08:23:36 UTC ++++ source3/modules/vfs_zfsacl.c +@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st + SMB_STRUCT_STAT sbuf; + const SMB_STRUCT_STAT *psbuf = NULL; + int ret; ++ bool inherited_is_present = False; + bool is_dir; + + if (VALID_STAT(smb_fname->st)) { +@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st + aceprop.aceMask |= SMB_ACE4_DELETE_CHILD; + } + ++#ifdef ACE_INHERITED_ACE ++ if(aceprop.aceFlags & ACE_INHERITED_ACE) { ++ inherited_is_present = true; ++ } ++#endif + if(aceprop.aceFlags & ACE_OWNER) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_OWNER; +@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st + return NT_STATUS_NO_MEMORY; + } + ++#ifdef ACE_INHERITED_ACE ++ if (!inherited_is_present ++ && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){ ++ DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name); ++ smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE); ++ } ++#endif + *ppacl = pacl; + return NT_STATUS_OK; + } Modified: head/net/samba411/pkg-plist ============================================================================== --- head/net/samba411/pkg-plist Sun Jul 5 00:23:05 2020 (r541242) +++ head/net/samba411/pkg-plist Sun Jul 5 00:27:27 2020 (r541243) @@ -937,6 +937,7 @@ man/man8/winbindd.8.gz %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py +%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py %%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py %%PYTHON_SITELIBDIR%%/samba/tests/dns.py
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007050027.0650RRUZ096842>