svn commit: r498474 - in head/net/samba48: . files
Timur I. Bakeyev
timur at FreeBSD.org
Tue Apr 9 10:07:24 UTC 2019
Author: timur
Date: Tue Apr 9 10:07:22 2019
New Revision: 498474
URL: https://svnweb.freebsd.org/changeset/ports/498474
Log:
Upgrade Samba 4.8 to the 4.8.11, addressing CVE-2019-3880.
Security: CVE-2019-3880
Added:
head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c (contents, props changed)
Modified:
head/net/samba48/Makefile
head/net/samba48/distinfo
head/net/samba48/files/patch-bind13
head/net/samba48/pkg-plist
Modified: head/net/samba48/Makefile
==============================================================================
--- head/net/samba48/Makefile Tue Apr 9 10:05:44 2019 (r498473)
+++ head/net/samba48/Makefile Tue Apr 9 10:07:22 2019 (r498474)
@@ -3,7 +3,7 @@
PORTNAME= ${SAMBA4_BASENAME}48
PORTVERSION= ${SAMBA4_VERSION}
-PORTREVISION= 1
+PORTREVISION= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@@ -24,7 +24,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-bug-228462.patch:-p
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.8.9
+SAMBA4_VERSION= 4.8.11
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@@ -68,8 +68,9 @@ CONFIGURE_ARGS+= --mandir="${MANPREFIX}/man" \
# XXX: Flags
CONFIGURE_ENV+= PTHREAD_LDFLAGS="-lpthread"
-USES= compiler:c++11-lang cpe iconv \
- localbase:ldflags perl5 pkgconfig shebangfix waf
+USES= compiler:c++11-lang cpe iconv gettext-runtime \
+ localbase:ldflags perl5 pkgconfig shebangfix \
+ ssl waf
USE_PERL5= build
USE_LDCONFIG= ${SAMBA4_LIBDIR}
WAF_CMD= buildtools/bin/waf
@@ -101,7 +102,7 @@ OPTIONS_SINGLE= GSSAPI
OPTIONS_SINGLE_GSSAPI= GSSAPI_BUILTIN GSSAPI_MIT
OPTIONS_RADIO= DNS ZEROCONF
-OPTIONS_RADIO_DNS= NSUPDATE BIND911 BIND912 BIND913
+OPTIONS_RADIO_DNS= NSUPDATE BIND911 BIND912 BIND913 BIND914
OPTIONS_RADIO_ZEROCONF= MDNSRESPONDER AVAHI
##############################################################################
AD_DC_DESC= Active Directory Domain Controller
@@ -128,6 +129,7 @@ GSSAPI_BUILTIN_DESC= GSSAPI support via bundled Heimd
BIND911_DESC= Use Bind 9.11 as AD DC DNS server frontend
BIND912_DESC= Use Bind 9.12 as AD DC DNS server frontend
BIND913_DESC= Use Bind 9.13 as AD DC DNS server frontend
+BIND914_DESC= Use Bind 9.14 as AD DC DNS server frontend
NSUPDATE_DESC= Use samba NSUPDATE utility for AD DC
##############################################################################
# XXX: Unconditional dependencies which can't be switched off(if present in
@@ -272,6 +274,7 @@ CONFIGURE_ARGS+= \
BIND911_RUN_DEPENDS= bind911>=9.11.0.0:dns/bind911
BIND912_RUN_DEPENDS= bind912>=9.12.0.0:dns/bind912
BIND913_RUN_DEPENDS= bind913>=9.13.0.0:dns/bind913
+BIND914_RUN_DEPENDS= bind914>=9.14.0.0:dns/bind914
NSUPDATE_RUN_DEPENDS= samba-nsupdate:dns/samba-nsupdate
AVAHI_CONFIGURE_ENABLE= avahi
Modified: head/net/samba48/distinfo
==============================================================================
--- head/net/samba48/distinfo Tue Apr 9 10:05:44 2019 (r498473)
+++ head/net/samba48/distinfo Tue Apr 9 10:07:22 2019 (r498474)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1549652430
-SHA256 (samba-4.8.9.tar.gz) = ad2acf6bed436c125314a054f0589308eb664ac3d96cfb02d05e654a44e09c80
-SIZE (samba-4.8.9.tar.gz) = 17750151
+TIMESTAMP = 1554714921
+SHA256 (samba-4.8.11.tar.gz) = d294a8d7455d7d252d7bafc9c474855ea6e0ebe559c3babcd303a5c24e58710a
+SIZE (samba-4.8.11.tar.gz) = 17761896
Modified: head/net/samba48/files/patch-bind13
==============================================================================
--- head/net/samba48/files/patch-bind13 Tue Apr 9 10:05:44 2019 (r498473)
+++ head/net/samba48/files/patch-bind13 Tue Apr 9 10:07:22 2019 (r498474)
@@ -1,6 +1,6 @@
--- source4/dns_server/wscript_build.orig 2018-01-14 20:41:58 UTC
+++ source4/dns_server/wscript_build
-@@ -58,6 +58,26 @@
+@@ -58,6 +58,36 @@
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
@@ -24,6 +24,16 @@
+ deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+ enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
++bld.SAMBA_LIBRARY('dlz_bind9_14',
++ source='dlz_bind9.c',
++ cflags='-DBIND_VERSION_9_14',
++ private_library=True,
++ link_name='modules/bind9/dlz_bind9_14.so',
++ realname='dlz_bind9_14.so',
++ install_path='${MODULESDIR}/bind9',
++ deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
++ enabled=bld.AD_DC_BUILD_IS_ENABLED())
++
bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
source='dlz_bind9.c',
cflags='-DBIND_VERSION_9_8',
@@ -34,13 +44,13 @@
# define DLZ_DLOPEN_VERSION 3
# define DNS_CLIENTINFO_VERSION 1
-#elif defined (BIND_VERSION_9_11)
-+#elif defined (BIND_VERSION_9_11) || defined (BIND_VERSION_9_12) || defined (BIND_VERSION_9_13)
++#elif defined (BIND_VERSION_9_11) || defined (BIND_VERSION_9_12) || defined (BIND_VERSION_9_13) || defined (BIND_VERSION_9_14)
# define DLZ_DLOPEN_VERSION 3
# define DNS_CLIENTINFO_VERSION 2
#else
--- source4/setup/named.conf.dlz.orig 2018-01-14 22:41:59 UTC
+++ source4/setup/named.conf.dlz
-@@ -21,5 +21,11 @@ dlz "AD DNS Zone" {
+@@ -21,5 +21,14 @@ dlz "AD DNS Zone" {
# For BIND 9.11.x
${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
@@ -50,20 +60,24 @@
+
+ # For BIND 9.13.x
+ ${BIND9_13} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_13.so";
++
++ # For BIND 9.14.x
++ ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
};
--- python/samba/provision/sambadns.py.orig 2018-01-17 09:08:39 UTC
+++ python/samba/provision/sambadns.py
-@@ -937,6 +937,8 @@ def create_named_conf(paths, realm, dnsd
+@@ -937,6 +937,9 @@ def create_named_conf(paths, realm, dnsd
bind9_9 = '#'
bind9_10 = '#'
bind9_11 = '#'
+ bind9_12 = '#'
+ bind9_13 = '#'
++ bind9_14 = '#'
if bind_info.upper().find('BIND 9.8') != -1:
bind9_8 = ''
elif bind_info.upper().find('BIND 9.9') != -1:
-@@ -945,6 +947,10 @@ def create_named_conf(paths, realm, dnsd
+@@ -945,6 +947,12 @@ def create_named_conf(paths, realm, dnsd
bind9_10 = ''
elif bind_info.upper().find('BIND 9.11') != -1:
bind9_11 = ''
@@ -71,17 +85,20 @@
+ bind9_12 = ''
+ elif bind_info.upper().find('BIND 9.13') != -1:
+ bind9_13 = ''
++ elif bind_info.upper().find('BIND 9.14') != -1:
++ bind9_14 = ''
elif bind_info.upper().find('BIND 9.7') != -1:
raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
else:
-@@ -955,7 +961,9 @@ def create_named_conf(paths, realm, dnsd
+@@ -955,7 +961,10 @@ def create_named_conf(paths, realm, dnsd
"BIND9_8" : bind9_8,
"BIND9_9" : bind9_9,
"BIND9_10" : bind9_10,
- "BIND9_11" : bind9_11
+ "BIND9_11" : bind9_11,
+ "BIND9_12" : bind9_12,
-+ "BIND9_13" : bind9_13
++ "BIND9_13" : bind9_13,
++ "BIND9_14" : bind9_14
})
Added: head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba48/files/patch-source3_rpc__server_mdssvc_mdssvc.c Tue Apr 9 10:07:22 2019 (r498474)
@@ -0,0 +1,15 @@
+../source3/rpc_server/mdssvc/mdssvc.c:157:9: error: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Werror,-Wformat]
+ dalloc_size(dd));
+ ^~~~~~~~~~~~~~~
+
+--- source3/rpc_server/mdssvc/mdssvc.c.orig 2019-04-09 01:04:10 UTC
++++ source3/rpc_server/mdssvc/mdssvc.c
+@@ -151,7 +151,7 @@ char *mds_dalloc_dump(DALLOC_CTX *dd, in
+ }
+
+ logstring = talloc_asprintf(dd,
+- "%s%s(#%lu): {\n",
++ "%s%s(#%zu): {\n",
+ tab_string1,
+ talloc_get_name(dd),
+ dalloc_size(dd));
Modified: head/net/samba48/pkg-plist
==============================================================================
--- head/net/samba48/pkg-plist Tue Apr 9 10:05:44 2019 (r498473)
+++ head/net/samba48/pkg-plist Tue Apr 9 10:07:22 2019 (r498474)
@@ -298,6 +298,7 @@ lib/samba4/private/libxattr-tdb-samba4.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_11.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_12.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_13.so
+%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_14.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_9.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9.so
%%AD_DC%%lib/shared-modules/gensec/krb5.so
More information about the svn-ports-all
mailing list