ports/69131: Security update for net/samba3

Thu Jul 15 21:50:15 UTC 2004

>Number:         69131
>Category:       ports
>Synopsis:       Security update for net/samba3
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 15 21:50:14 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Timur I. Bakeyev
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD timur.home.bat.ru 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Tue Apr 6 20:29:11 CEST 2004 root at timur.home.bat.ru:/usr/src/sys/i386/compile/COMMON i386

>Description:

	This patch effectivelly updates net/samba3 to 3.0.5 version, which
	is a security fix for the 3.0.4.

>How-To-Repeat:

>Fix:
	
	Attached file contains the patch against the current port.















From: "Timur I. Bakeyev" <timur at com.bat.ru>
To: freebsd
Cc: 
Bcc: 
Subject: t
Reply-To: 
X-Organization: RIPE Network Coordination Centre
X-Phone: +31 20 535 4444
X-Fax:   +31 20 535 4445
X-WWW: http://www.ripe.net


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="samba.diff"

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/samba3/Makefile,v
retrieving revision 1.124
diff -u -u -r1.124 Makefile

--- Makefile	3 Jul 2004 12:46:41 -0000	1.124
+++ Makefile	15 Jul 2004 21:08:20 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=		samba
 PORTVERSION=		3.0.4
-PORTREVISION?=		3
+PORTREVISION?=		4
 PORTEPOCH?=		1
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
Index: files/patch-lib_util_str.c
===================================================================
RCS file: /home/ncvs/ports/net/samba3/files/patch-lib_util_str.c,v
retrieving revision 1.1
diff -u -u -r1.1 patch-lib_util_str.c
--- files/patch-lib_util_str.c	18 May 2004 14:52:47 -0000	1.1
+++ files/patch-lib_util_str.c	15 Jul 2004 21:05:01 -0000
@@ -1,6 +1,36 @@
---- lib/util_str.c.orig	Tue Apr 20 22:42:55 2004
-+++ lib/util_str.c	Fri May 14 02:02:30 2004
-@@ -1980,10 +1980,16 @@
+--- lib/util_str.c.orig	Thu Jul 15 22:49:39 2004
++++ lib/util_str.c	Thu Jul 15 23:03:08 2004
+@@ -1980,7 +1980,9 @@
+ 		s++; i++;
+ 	}
+ 
+-	if (*s == '=') n -= 1;
++	if ((n > 0) && (*s == '=')) {
++		n -= 1;
++	}
+ 
+ 	/* fix up length */
+ 	decoded.length = n;
+@@ -1993,9 +1995,15 @@
+ void base64_decode_inplace(char *s)
+ {
+ 	DATA_BLOB decoded = base64_decode_data_blob(s);
+-	memcpy(s, decoded.data, decoded.length);
+-	/* null terminate */
+-	s[decoded.length] = '\0';
++
++	if ( decoded.length != 0 ) {
++		memcpy(s, decoded.data, decoded.length);
++
++		/* null terminate */
++		s[decoded.length] = '\0';
++	} else {
++		*s = '\0';
++	}
+ 
+ 	data_blob_free(&decoded);
+ }
+@@ -2009,10 +2017,16 @@
  {
  	int bits = 0;
  	int char_count = 0;

--WIyZ46R2i8wDzkSu--
>Release-Note:
>Audit-Trail:
>Unformatted:
 --WIyZ46R2i8wDzkSu
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 

