svn commit: r541243 - in head/net: samba410 samba410/files samba411 samba411/files
Timur I. Bakeyev
timur at FreeBSD.org
Sun Jul 5 00:27:30 UTC 2020
Author: timur
Date: Sun Jul 5 00:27:27 2020
New Revision: 541243
URL: https://svnweb.freebsd.org/changeset/ports/541243
Log:
Update Samba ports to close recent CVEs.
PR: 245475
Security: CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303
Added:
head/net/samba410/files/patch-lib_util_util__paths.c (contents, props changed)
head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c (contents, props changed)
head/net/samba411/files/patch-lib_util_util__paths.c (contents, props changed)
head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c (contents, props changed)
Modified:
head/net/samba410/Makefile
head/net/samba410/distinfo
head/net/samba410/files/patch-lib_util_wscript__build
head/net/samba410/pkg-plist
head/net/samba411/Makefile
head/net/samba411/distinfo
head/net/samba411/files/patch-lib_util_wscript__build
head/net/samba411/pkg-plist
Modified: head/net/samba410/Makefile
==============================================================================
--- head/net/samba410/Makefile Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba410/Makefile Sun Jul 5 00:27:27 2020 (r541243)
@@ -24,7 +24,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-provision-use-ASCII
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.10.15
+SAMBA4_VERSION= 4.10.17
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@@ -632,7 +632,7 @@ post-install: post-install-rm-junk post-install-fix-ma
${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}"
.endfor
.if !defined(WITH_DEBUG)
- -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \
+ -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
Modified: head/net/samba410/distinfo
==============================================================================
--- head/net/samba410/distinfo Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba410/distinfo Sun Jul 5 00:27:27 2020 (r541243)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1588122967
-SHA256 (samba-4.10.15.tar.gz) = 0b8b62558b62fbb121015f28f40fae0f07522710b6bef77c508b51bb6914ced9
-SIZE (samba-4.10.15.tar.gz) = 18383201
+TIMESTAMP = 1593889839
+SHA256 (samba-4.10.17.tar.gz) = 03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e
+SIZE (samba-4.10.17.tar.gz) = 18387328
Added: head/net/samba410/files/patch-lib_util_util__paths.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba410/files/patch-lib_util_util__paths.c Sun Jul 5 00:27:27 2020 (r541243)
@@ -0,0 +1,15 @@
+--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC
++++ lib/util/util_paths.c
+@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ struct passwd pwd = {0};
+ struct passwd *pwdbuf = NULL;
+- char buf[NSS_BUFLEN_PASSWD] = {0};
++ char buf[1024] = {0};
+ int rc;
+
+- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
++ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
+ if (rc != 0 || pwdbuf == NULL ) {
+ int len_written;
+ const char *szPath = getenv("HOME");
Modified: head/net/samba410/files/patch-lib_util_wscript__build
==============================================================================
--- head/net/samba410/files/patch-lib_util_wscript__build Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba410/files/patch-lib_util_wscript__build Sun Jul 5 00:27:27 2020 (r541243)
@@ -1,6 +1,6 @@
--- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC
+++ lib/util/wscript_build
-@@ -151,7 +151,7 @@ else:
+@@ -170,7 +170,7 @@ else:
bld.SAMBA_LIBRARY('samba-modules',
source='modules.c',
Added: head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba410/files/patch-source3_modules_vfs__zfsacl.c Sun Jul 5 00:27:27 2020 (r541243)
@@ -0,0 +1,36 @@
+--- source3/modules/vfs_zfsacl.c.orig 2018-07-12 08:23:36 UTC
++++ source3/modules/vfs_zfsacl.c
+@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ SMB_STRUCT_STAT sbuf;
+ const SMB_STRUCT_STAT *psbuf = NULL;
+ int ret;
++ bool inherited_is_present = False;
+ bool is_dir;
+
+ if (VALID_STAT(smb_fname->st)) {
+@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
+ }
+
++#ifdef ACE_INHERITED_ACE
++ if(aceprop.aceFlags & ACE_INHERITED_ACE) {
++ inherited_is_present = true;
++ }
++#endif
+ if(aceprop.aceFlags & ACE_OWNER) {
+ aceprop.flags = SMB_ACE4_ID_SPECIAL;
+ aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
+@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ return NT_STATUS_NO_MEMORY;
+ }
+
++#ifdef ACE_INHERITED_ACE
++ if (!inherited_is_present
++ && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){
++ DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name);
++ smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE);
++ }
++#endif
+ *ppacl = pacl;
+ return NT_STATUS_OK;
+ }
Modified: head/net/samba410/pkg-plist
==============================================================================
--- head/net/samba410/pkg-plist Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba410/pkg-plist Sun Jul 5 00:27:27 2020 (r541243)
@@ -974,6 +974,7 @@ man/man8/winbindd.8.gz
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns.py
Modified: head/net/samba411/Makefile
==============================================================================
--- head/net/samba411/Makefile Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba411/Makefile Sun Jul 5 00:27:27 2020 (r541243)
@@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.pat
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.11.8
+SAMBA4_VERSION= 4.11.11
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@@ -630,7 +630,7 @@ post-install: post-install-rm-junk post-install-fix-ma
${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}"
.endfor
.if !defined(WITH_DEBUG)
- -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \
+ -${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
Modified: head/net/samba411/distinfo
==============================================================================
--- head/net/samba411/distinfo Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba411/distinfo Sun Jul 5 00:27:27 2020 (r541243)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1588122982
-SHA256 (samba-4.11.8.tar.gz) = bb140caa37d2bbbb1f15f849aa86b1d5f787729443099139936f0ea06a5100ca
-SIZE (samba-4.11.8.tar.gz) = 18571308
+TIMESTAMP = 1593823109
+SHA256 (samba-4.11.11.tar.gz) = 457f08a2956534269c784b95cff840250165f1e98f8db725bf64e2fca707ff60
+SIZE (samba-4.11.11.tar.gz) = 18590837
Added: head/net/samba411/files/patch-lib_util_util__paths.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba411/files/patch-lib_util_util__paths.c Sun Jul 5 00:27:27 2020 (r541243)
@@ -0,0 +1,15 @@
+--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC
++++ lib/util/util_paths.c
+@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ struct passwd pwd = {0};
+ struct passwd *pwdbuf = NULL;
+- char buf[NSS_BUFLEN_PASSWD] = {0};
++ char buf[1024] = {0};
+ int rc;
+
+- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
++ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
+ if (rc != 0 || pwdbuf == NULL ) {
+ int len_written;
+ const char *szPath = getenv("HOME");
Modified: head/net/samba411/files/patch-lib_util_wscript__build
==============================================================================
--- head/net/samba411/files/patch-lib_util_wscript__build Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba411/files/patch-lib_util_wscript__build Sun Jul 5 00:27:27 2020 (r541243)
@@ -1,6 +1,6 @@
--- lib/util/wscript_build.orig 2019-05-07 08:38:21 UTC
+++ lib/util/wscript_build
-@@ -151,7 +151,7 @@ else:
+@@ -170,7 +170,7 @@ else:
bld.SAMBA_LIBRARY('samba-modules',
source='modules.c',
@@ -9,3 +9,10 @@
local_include=False,
private_library=True)
+@@ -285,4 +285,5 @@ else:
+ bld.SAMBA_BINARY('test_util_paths',
+ source='tests/test_util_paths.c',
+ deps='cmocka replace talloc samba-util',
+- local_include=False)
++ local_include=False,
++ install=False)
Added: head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba411/files/patch-source3_modules_vfs__zfsacl.c Sun Jul 5 00:27:27 2020 (r541243)
@@ -0,0 +1,36 @@
+--- source3/modules/vfs_zfsacl.c.orig 2018-07-12 08:23:36 UTC
++++ source3/modules/vfs_zfsacl.c
+@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ SMB_STRUCT_STAT sbuf;
+ const SMB_STRUCT_STAT *psbuf = NULL;
+ int ret;
++ bool inherited_is_present = False;
+ bool is_dir;
+
+ if (VALID_STAT(smb_fname->st)) {
+@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
+ }
+
++#ifdef ACE_INHERITED_ACE
++ if(aceprop.aceFlags & ACE_INHERITED_ACE) {
++ inherited_is_present = true;
++ }
++#endif
+ if(aceprop.aceFlags & ACE_OWNER) {
+ aceprop.flags = SMB_ACE4_ID_SPECIAL;
+ aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
+@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ return NT_STATUS_NO_MEMORY;
+ }
+
++#ifdef ACE_INHERITED_ACE
++ if (!inherited_is_present
++ && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){
++ DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name);
++ smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE);
++ }
++#endif
+ *ppacl = pacl;
+ return NT_STATUS_OK;
+ }
Modified: head/net/samba411/pkg-plist
==============================================================================
--- head/net/samba411/pkg-plist Sun Jul 5 00:23:05 2020 (r541242)
+++ head/net/samba411/pkg-plist Sun Jul 5 00:27:27 2020 (r541243)
@@ -937,6 +937,7 @@ man/man8/winbindd.8.gz
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns.py
More information about the svn-ports-all
mailing list