From owner-freebsd-ports-bugs@freebsd.org  Wed Dec 21 19:50:31 2016
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E86C9C8BDFD
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Wed, 21 Dec 2016 19:50:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C31E61973
 for <freebsd-ports-bugs@FreeBSD.org>; Wed, 21 Dec 2016 19:50:31 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id uBLJoVp9079252
 for <freebsd-ports-bugs@FreeBSD.org>; Wed, 21 Dec 2016 19:50:31 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 215475] net/samba44 has applicable CVE's. Successfully built a
 samba-4.4.8
Date: Wed, 21 Dec 2016 19:50:31 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: dewayne@heuristicsystems.com.au
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: timur@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 flagtypes.name
Message-ID: <bug-215475-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2016 19:50:32 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215475

            Bug ID: 215475
           Summary: net/samba44 has applicable CVE's. Successfully built a
                    samba-4.4.8
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: timur@FreeBSD.org
          Reporter: dewayne@heuristicsystems.com.au
             Flags: maintainer-feedback?(timur@FreeBSD.org)
          Assignee: timur@FreeBSD.org

Timur,
Unfortunately Samba has a few CVE's that are applicable.

Would you please review.=20=20

1, CVE 2123 - Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overfl=
ow
Remote Code Execution Vulnerability. "Any user
who can write to the dnsRecord attribute over LDAP can trigger this
memory corruption." seems applicable. Perhaps another reason to NOT use the
internal dns ;).  Applicable to all Samba4*
2. CVE 2125 - Unconditional privilege delegation to Kerberos servers in tru=
sted
realms, does apply to net/samba44
https://www.samba.org/samba/security/CVE-2016-2126.html.   Applicable to
Samba36 and all Samba4*
3. CVE 2126 As the port contains samba-4.4.5_1 then the second part of
https://www.samba.org/samba/security/CVE-2016-2126.html doesn't apply.  How=
ever
the first part may?  Applicable to all Samba4*

I've managed to build Samba 4.4.5_1 and Samba 4.4.8 on a FreeBSD 11.0 Stable
amd64 and i386 platform.  Unfortunately I needed to:
- add USE_GCC=3D 5  to the samba44/Makefile,=20
- tweak (removed a few files from) pkg-plist and=20
- removed a patch file (patch-source4__dns_server__dns_crypto.c. I spent 30
mins reviewing the updated code, it looks like the FreeBSD patch has been
incorporated, but I'm not sure about buffer_len in gensec_sign_packet.
Unfortunately (perhaps) we don't use the internal DNS, so I'm unable to tes=
t.
Unfortunately this was done over a few days and I suspect that a patch-kit =
may
be misleading.=20=20

For others, Timur is occassionally on the samba tech list, and often defers
updating the ports because something is doubtful (hackish) or a work-around
patch is needed (& requires testing).  So as frustrating as this may be, I'=
ve
found that Timur always acts in the interests of the FreeBSD-SAMBA communit=
y.=20
(So to patch/update 4.4.8 or wait for 4.4.9 on Jan 4/5?) :)

PS I used lang/gcc5 (gcc 5.4.0) in preference to lang/gcc (which is 4.9)
because there is a base/gcc that uses gcc 5.4 - so I've assumed that this is
the future direction for the base system(s)?

--=20
You are receiving this mail because:
You are the assignee for the bug.=