svn commit: r429692 - in head/net: samba43 samba43/files samba44 samba44/files
Timur I. Bakeyev
timur at FreeBSD.org
Wed Dec 28 02:51:59 UTC 2016
Author: timur
Date: Wed Dec 28 02:51:57 2016
New Revision: 429692
URL: https://svnweb.freebsd.org/changeset/ports/429692
Log:
* Upgrade net/samba43 and net/samba44 to address multiple vulnerabilities
* Switch port to use net/openldap24-sasl-client as some authorization methods don't work with plain openldap24-client.
* Changed namespace used by vfs_fruit to be compatiable with net/netatalk3.
* Removed old DNS crypto patch, as it SEEMS it was superseded by recent code changes. Please, notify me if you see that internal DNS
doesn't handle signed requests properly anymore.
Security: CVE-2016-2123
CVE-2016-2125
CVE-2016-2126
Added:
head/net/samba43/files/patch-source3__smbd__close.c (contents, props changed)
head/net/samba43/files/patch-source3__smbd__open.c (contents, props changed)
head/net/samba44/files/patch-source3__modules__vfs_fruit.c (contents, props changed)
head/net/samba44/files/patch-source3__smbd__close.c (contents, props changed)
head/net/samba44/files/patch-source3__smbd__open.c (contents, props changed)
Deleted:
head/net/samba44/files/patch-source4__dns_server__dns_crypto.c
Modified:
head/net/samba43/Makefile
head/net/samba43/distinfo
head/net/samba43/pkg-plist
head/net/samba44/Makefile
head/net/samba44/distinfo
head/net/samba44/pkg-plist
Modified: head/net/samba43/Makefile
==============================================================================
--- head/net/samba43/Makefile Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba43/Makefile Wed Dec 28 02:51:57 2016 (r429692)
@@ -3,7 +3,7 @@
PORTNAME?= ${SAMBA4_BASENAME}43
PORTVERSION?= ${SAMBA4_VERSION}
-PORTREVISION?= 1
+PORTREVISION?= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@@ -19,7 +19,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.3.11
+SAMBA4_VERSION= 4.3.13
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@@ -157,7 +157,6 @@ CONFIGURE_ARGS+= \
--with-sendfile-support \
--builtin-libraries=smbclient \
${ICONV_CONFIGURE_BASE}
-
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
.if ${ARCH} == "amd64"
CFLAGS+= -fno-omit-frame-pointer
@@ -192,11 +191,12 @@ GDB_CMD?= ${LOCALBASE}/bin/gdb
BUILD_DEPENDS+= ${GDB_CMD}:devel/gdb
RUN_DEPENDS+= ${GDB_CMD}:devel/gdb
SAMBA4_MODULES+= auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls
-CONFIGURE_ARGS+= --enable-developer --enable-selftest
-PLIST_SUB+= DEVELOPER=""
+CONFIGURE_ARGS+= --enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable
+PLIST_SUB+= DEVELOPER="" NTVFS=""
.else
GDB_CMD= true
-PLIST_SUB+= DEVELOPER="@comment "
+CONFIGURE_ARGS+= --without-ntvfs-fileserver
+PLIST_SUB+= DEVELOPER="@comment " NTVFS="@comment"
.endif
##############################################################################
# XXX: That will blow up your installation
@@ -345,7 +345,7 @@ CONFIGURE_ARGS+= --without-ads
.if defined(SAMBA4_WANT_LDAP)
USE_OPENLDAP= yes
-#WANT_OPENLDAP_SASL= yes
+WANT_OPENLDAP_SASL= yes
CONFIGURE_ARGS+= --with-ldap
PLIST_SUB+= LDAP=""
.else
Modified: head/net/samba43/distinfo
==============================================================================
--- head/net/samba43/distinfo Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba43/distinfo Wed Dec 28 02:51:57 2016 (r429692)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1468280731
-SHA256 (samba-4.3.11.tar.gz) = 90a967310e34a31d5c9fc5f86855f334fc19815e7e59f5c2d72a9bba23cf4fec
-SIZE (samba-4.3.11.tar.gz) = 20573432
+TIMESTAMP = 1482679553
+SHA256 (samba-4.3.13.tar.gz) = 876da00b42cecd340db8bad03aabe78eb34ad6ac9a99876d190be3b39a186a97
+SIZE (samba-4.3.13.tar.gz) = 20590334
Added: head/net/samba43/files/patch-source3__smbd__close.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba43/files/patch-source3__smbd__close.c Wed Dec 28 02:51:57 2016 (r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/close.c.orig 2016-12-25 13:09:22.100676000 +0000
++++ source3/smbd/close.c 2016-12-25 13:09:59.877256000 +0000
+@@ -168,7 +168,7 @@
+ unsigned int num_streams = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+- bool saved_posix_pathnames;
++ bool saved_posix_pathnames = false;
+
+ status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ &num_streams, &stream_info);
Added: head/net/samba43/files/patch-source3__smbd__open.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba43/files/patch-source3__smbd__open.c Wed Dec 28 02:51:57 2016 (r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/open.c.orig 2016-12-25 13:08:58.349614000 +0000
++++ source3/smbd/open.c 2016-12-25 13:09:10.968754000 +0000
+@@ -3890,7 +3890,7 @@
+ unsigned int num_streams = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+- bool saved_posix_pathnames;
++ bool saved_posix_pathnames = false;
+
+ status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ &num_streams, &stream_info);
Modified: head/net/samba43/pkg-plist
==============================================================================
--- head/net/samba43/pkg-plist Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba43/pkg-plist Wed Dec 28 02:51:57 2016 (r429692)
@@ -222,7 +222,7 @@ lib/nss_wins.so.1
lib/pam_winbind.so
lib/winbind_krb5_locator.so
%%AD_DC%%lib/samba/libdlz-bind9-for-torture-samba4.so
-%%AD_DC%%lib/samba/libntvfs-samba4.so
+%%NTVFS%%lib/samba/libntvfs-samba4.so
%%AD_DC%%lib/samba/libposix-eadb-samba4.so
%%AD_DC%%lib/samba/libprocess-model-samba4.so
%%AD_DC%%lib/samba/libservice-samba4.so
@@ -328,9 +328,6 @@ lib/samba/libutil-tdb-samba4.so
lib/samba/libwinbind-client-samba4.so
lib/samba/libwind-samba4.so.0
lib/samba/libxattr-tdb-samba4.so
-%%DEVELOPER%%lib/samba/libnss_wrapper.so
-%%DEVELOPER%%lib/samba/libuid_wrapper.so
-%%DEVELOPER%%lib/samba/libsocket_wrapper.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_10.so
%%AD_DC%%lib/shared-modules/bind9/dlz_bind9_9.so
@@ -385,7 +382,7 @@ lib/samba/libxattr-tdb-samba4.so
%%AD_DC%%lib/shared-modules/service/nbtd.so
%%AD_DC%%lib/shared-modules/service/ntp_signd.so
%%AD_DC%%lib/shared-modules/service/s3fs.so
-%%AD_DC%%lib/shared-modules/service/smb.so
+%%NTVFS%%lib/shared-modules/service/smb.so
%%AD_DC%%lib/shared-modules/service/web.so
%%AD_DC%%lib/shared-modules/service/winbindd.so
%%AD_DC%%lib/shared-modules/service/wrepl.so
@@ -502,7 +499,6 @@ lib/shared-modules/vfs/zfsacl.so
%%PKGCONFIGDIR%%/smbclient-raw.pc
%%PKGCONFIGDIR%%/torture.pc
%%PKGCONFIGDIR%%/wbclient.pc
-%%DEVELOPER%%%%PYTHON_SITELIBDIR%%/samba/socket_wrapper.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/dckeytab.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/posix_eadb.so
%%AD_DC%%%%PYTHON_SITELIBDIR%%/samba/xattr_native.so
Modified: head/net/samba44/Makefile
==============================================================================
--- head/net/samba44/Makefile Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba44/Makefile Wed Dec 28 02:51:57 2016 (r429692)
@@ -3,7 +3,7 @@
PORTNAME?= ${SAMBA4_BASENAME}44
PORTVERSION?= ${SAMBA4_VERSION}
-PORTREVISION?= 1
+PORTREVISION?= 0
CATEGORIES?= net
MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc
DISTNAME= ${SAMBA4_DISTNAME}
@@ -19,7 +19,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
-SAMBA4_VERSION= 4.4.5
+SAMBA4_VERSION= 4.4.8
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@@ -158,7 +158,6 @@ CONFIGURE_ARGS+= \
--with-sendfile-support \
--builtin-libraries=smbclient \
${ICONV_CONFIGURE_BASE}
-
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
.if ${ARCH} == "amd64"
CFLAGS+= -fno-omit-frame-pointer
@@ -193,11 +192,12 @@ GDB_CMD?= ${LOCALBASE}/bin/gdb
BUILD_DEPENDS+= ${GDB_CMD}:devel/gdb
RUN_DEPENDS+= ${GDB_CMD}:devel/gdb
SAMBA4_MODULES+= auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls
-CONFIGURE_ARGS+= --enable-developer --enable-selftest --abi-check-disable
-PLIST_SUB+= DEVELOPER=""
+CONFIGURE_ARGS+= --enable-developer --enable-selftest --with-ntvfs-fileserver --abi-check-disable
+PLIST_SUB+= DEVELOPER="" NTVFS=""
.else
GDB_CMD= true
-PLIST_SUB+= DEVELOPER="@comment "
+CONFIGURE_ARGS+= --without-ntvfs-fileserver
+PLIST_SUB+= DEVELOPER="@comment " NTVFS="@comment"
.endif
##############################################################################
# XXX: That will blow up your installation
@@ -325,13 +325,15 @@ CONFIGURE_ARGS+= --without-utmp
.if defined(SAMBA4_WANT_ADS)
CONFIGURE_ARGS+= --with-ads
+PLIST_SUB+= ADS=""
.else
CONFIGURE_ARGS+= --without-ads
+PLIST_SUB+= ADS="@comment "
.endif
.if defined(SAMBA4_WANT_LDAP)
USE_OPENLDAP= yes
-#WANT_OPENLDAP_SASL= yes
+WANT_OPENLDAP_SASL= yes
CONFIGURE_ARGS+= --with-ldap
PLIST_SUB+= LDAP=""
.else
Modified: head/net/samba44/distinfo
==============================================================================
--- head/net/samba44/distinfo Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba44/distinfo Wed Dec 28 02:51:57 2016 (r429692)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1468271289
-SHA256 (samba-4.4.5.tar.gz) = b876ef2e63f66265490e80a122e66ef2d7616112b839df68f56ac2e1ce17a7bd
-SIZE (samba-4.4.5.tar.gz) = 20715838
+TIMESTAMP = 1482669451
+SHA256 (samba-4.4.8.tar.gz) = 0e54de8a22b77f9712578029639331b51f818b70e194766c98475a5b99470fbf
+SIZE (samba-4.4.8.tar.gz) = 20743869
Added: head/net/samba44/files/patch-source3__modules__vfs_fruit.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__modules__vfs_fruit.c Wed Dec 28 02:51:57 2016 (r429692)
@@ -0,0 +1,11 @@
+--- source3/modules/vfs_fruit.c.orig 2016-12-28 02:48:27.478460000 +0000
++++ source3/modules/vfs_fruit.c 2016-12-28 02:48:58.141967000 +0000
+@@ -105,7 +105,7 @@
+ * This is hokey, but what else can we do?
+ */
+ #define NETATALK_META_XATTR "org.netatalk.Metadata"
+-#if defined(HAVE_ATTROPEN) || defined(FREEBSD)
++#if defined(HAVE_ATTROPEN)
+ #define AFPINFO_EA_NETATALK NETATALK_META_XATTR
+ #define AFPRESOURCE_EA_NETATALK "org.netatalk.ResourceFork"
+ #else
Added: head/net/samba44/files/patch-source3__smbd__close.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__smbd__close.c Wed Dec 28 02:51:57 2016 (r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/close.c.orig 2016-12-25 13:09:22.100676000 +0000
++++ source3/smbd/close.c 2016-12-25 13:09:59.877256000 +0000
+@@ -168,7 +168,7 @@
+ unsigned int num_streams = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+- bool saved_posix_pathnames;
++ bool saved_posix_pathnames = false;
+
+ status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ &num_streams, &stream_info);
Added: head/net/samba44/files/patch-source3__smbd__open.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/samba44/files/patch-source3__smbd__open.c Wed Dec 28 02:51:57 2016 (r429692)
@@ -0,0 +1,11 @@
+--- source3/smbd/open.c.orig 2016-12-25 13:08:58.349614000 +0000
++++ source3/smbd/open.c 2016-12-25 13:09:10.968754000 +0000
+@@ -3890,7 +3890,7 @@
+ unsigned int num_streams = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+- bool saved_posix_pathnames;
++ bool saved_posix_pathnames = false;
+
+ status = vfs_streaminfo(conn, NULL, fname, talloc_tos(),
+ &num_streams, &stream_info);
Modified: head/net/samba44/pkg-plist
==============================================================================
--- head/net/samba44/pkg-plist Wed Dec 28 02:50:27 2016 (r429691)
+++ head/net/samba44/pkg-plist Wed Dec 28 02:51:57 2016 (r429692)
@@ -164,8 +164,6 @@ lib/samba4/libsmbconf.so
lib/samba4/libsmbconf.so.0
%%LDAP%%lib/samba4/libsmbldap.so
%%LDAP%%lib/samba4/libsmbldap.so.0
-lib/samba4/libtevent-unix-util.so
-lib/samba4/libtevent-unix-util.so.0
lib/samba4/libtevent-util.so
lib/samba4/libtevent-util.so.0
lib/samba4/libwbclient.so
@@ -176,7 +174,6 @@ lib/nss_wins.so.1
lib/pam_winbind.so
%%CUPS%%libexec/samba/smbspool_krb5_wrapper
%%AD_DC%%lib/samba4/private/libdlz-bind9-for-torture-samba4.so
-%%AD_DC%%lib/samba4/private/libntvfs-samba4.so
%%AD_DC%%lib/samba4/private/libposix-eadb-samba4.so
%%AD_DC%%lib/samba4/private/libprocess-model-samba4.so
%%AD_DC%%lib/samba4/private/libservice-samba4.so
@@ -269,6 +266,7 @@ lib/samba4/private/libsmbd-base-samba4.s
lib/samba4/private/libsmbd-conn-samba4.so
lib/samba4/private/libsmbd-shim-samba4.so
%%LDAP%%lib/samba4/private/libsmbldaphelper-samba4.so
+%%NTVFS%%lib/samba4/private/libntvfs-samba4.so
lib/samba4/private/libsmbpasswdparser-samba4.so
lib/samba4/private/libsmbregistry-samba4.so
lib/samba4/private/libsocket-blocking-samba4.so
@@ -339,14 +337,14 @@ lib/samba4/private/libxattr-tdb-samba4.s
%%AD_DC%%lib/shared-modules/service/nbtd.so
%%AD_DC%%lib/shared-modules/service/ntp_signd.so
%%AD_DC%%lib/shared-modules/service/s3fs.so
-%%DEVELOPER%%%%AD_DC%%lib/shared-modules/service/smb.so
+%%NTVFS%%lib/shared-modules/service/smb.so
%%AD_DC%%lib/shared-modules/service/web.so
%%AD_DC%%lib/shared-modules/service/winbindd.so
%%AD_DC%%lib/shared-modules/service/wrepl.so
%%AD_DC%%lib/shared-modules/vfs/posix_eadb.so
%%DEVELOPER%%lib/shared-modules/vfs/nfs4acl_xattr.so
%%DEVELOPER%%lib/shared-modules/vfs/fake_dfq.so
-%%LDAP%%lib/shared-modules/idmap/rfc2307.so
+%%ADS%%lib/shared-modules/idmap/rfc2307.so
%%MODULE_AUTH_SAMBA4%%lib/shared-modules/auth/samba4.so
%%MODULE_AUTH_SKEL%%lib/shared-modules/auth/skel.so
%%MODULE_AUTH_UNIX%%lib/shared-modules/auth/unix.so
@@ -585,6 +583,7 @@ lib/shared-modules/vfs/zfsacl.so
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/testrpc.py
%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/unix.py
%%PYTHON_SITELIBDIR%%/samba/tests/dns.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
%%PYTHON_SITELIBDIR%%/samba/tests/docs.py
%%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py
%%PYTHON_SITELIBDIR%%/samba/tests/gensec.py
More information about the svn-ports-head
mailing list