Update Samba ports to close recent CVEs.

PR:		245475
Security:	CVE-2020-10730
		CVE-2020-10745
		CVE-2020-10760
		CVE-2020-14303

net/samba410/Makefile

@@ -24,7 +24,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-provision-use-ASCII-quotes.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.10.15
+SAMBA4_VERSION=			4.10.17
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -632,7 +632,7 @@ post-install: post-install-rm-junk post-install-fix-manpages
 					${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}"
 .endfor
 .if !defined(WITH_DEBUG)
-				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \
+				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
 				-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}

net/samba410/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1588122967
-SHA256 (samba-4.10.15.tar.gz) = 0b8b62558b62fbb121015f28f40fae0f07522710b6bef77c508b51bb6914ced9
-SIZE (samba-4.10.15.tar.gz) = 18383201
+TIMESTAMP = 1593889839
+SHA256 (samba-4.10.17.tar.gz) = 03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e
+SIZE (samba-4.10.17.tar.gz) = 18387328

net/samba410/files/patch-lib_util_util__paths.c

@@ -0,0 +1,15 @@
+--- lib/util/util_paths.c.orig		2020-07-04 02:14:14 UTC
++++ lib/util/util_paths.c
+@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ 	struct passwd pwd = {0};
+ 	struct passwd *pwdbuf = NULL;
+-	char buf[NSS_BUFLEN_PASSWD] = {0};
++	char buf[1024] = {0};
+ 	int rc;
+ 
+-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
++	rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
+ 	if (rc != 0 || pwdbuf == NULL ) {
+ 		int len_written;
+ 		const char *szPath = getenv("HOME");

net/samba410/files/patch-lib_util_wscript__build

@@ -1,6 +1,6 @@
 --- lib/util/wscript_build.orig	2019-05-07 08:38:21 UTC
 +++ lib/util/wscript_build
-@@ -151,7 +151,7 @@ else:
+@@ -170,7 +170,7 @@ else:
  
      bld.SAMBA_LIBRARY('samba-modules',
                        source='modules.c',

net/samba410/files/patch-source3_modules_vfs__zfsacl.c

@@ -0,0 +1,36 @@
+--- source3/modules/vfs_zfsacl.c.orig	2018-07-12 08:23:36 UTC
++++ source3/modules/vfs_zfsacl.c
+@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 	SMB_STRUCT_STAT sbuf;
+ 	const SMB_STRUCT_STAT *psbuf = NULL;
+ 	int ret;
++	bool inherited_is_present = False;
+ 	bool is_dir;
+ 
+ 	if (VALID_STAT(smb_fname->st)) {
+@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 			aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
+ 		}
+ 
++#ifdef ACE_INHERITED_ACE
++ 		if(aceprop.aceFlags & ACE_INHERITED_ACE) {
++ 			inherited_is_present = true;
++ 		}
++#endif
+ 		if(aceprop.aceFlags & ACE_OWNER) {
+ 			aceprop.flags = SMB_ACE4_ID_SPECIAL;
+ 			aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
+@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 			return NT_STATUS_NO_MEMORY;
+ 	}
+ 
++#ifdef ACE_INHERITED_ACE
++ 	if (!inherited_is_present
++	    && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){
++		DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name);
++		smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE);
++	}
++#endif
+ 	*ppacl = pacl;
+ 	return NT_STATUS_OK;
+ }

net/samba410/pkg-plist

@@ -974,6 +974,7 @@ man/man8/winbindd.8.gz
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns.py

net/samba411/Makefile

@@ -23,7 +23,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.11.8
+SAMBA4_VERSION=			4.11.11
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -630,7 +630,7 @@ post-install: post-install-rm-junk post-install-fix-manpages
 					${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${dir}"
 .endfor
 .if !defined(WITH_DEBUG)
-				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \
+				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
 				-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}

net/samba411/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1588122982
-SHA256 (samba-4.11.8.tar.gz) = bb140caa37d2bbbb1f15f849aa86b1d5f787729443099139936f0ea06a5100ca
-SIZE (samba-4.11.8.tar.gz) = 18571308
+TIMESTAMP = 1593823109
+SHA256 (samba-4.11.11.tar.gz) = 457f08a2956534269c784b95cff840250165f1e98f8db725bf64e2fca707ff60
+SIZE (samba-4.11.11.tar.gz) = 18590837

net/samba411/files/patch-lib_util_util__paths.c

@@ -0,0 +1,15 @@
+--- lib/util/util_paths.c.orig		2020-07-04 02:14:14 UTC
++++ lib/util/util_paths.c
+@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ 	struct passwd pwd = {0};
+ 	struct passwd *pwdbuf = NULL;
+-	char buf[NSS_BUFLEN_PASSWD] = {0};
++	char buf[1024] = {0};
+ 	int rc;
+ 
+-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
++	rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
+ 	if (rc != 0 || pwdbuf == NULL ) {
+ 		int len_written;
+ 		const char *szPath = getenv("HOME");

net/samba411/files/patch-lib_util_wscript__build

@@ -1,6 +1,6 @@
 --- lib/util/wscript_build.orig	2019-05-07 08:38:21 UTC
 +++ lib/util/wscript_build
-@@ -151,7 +151,7 @@ else:
+@@ -170,7 +170,7 @@ else:
  
      bld.SAMBA_LIBRARY('samba-modules',
                        source='modules.c',
@@ -9,3 +9,10 @@
                        local_include=False,
                        private_library=True)
  
+@@ -285,4 +285,5 @@ else:
+     bld.SAMBA_BINARY('test_util_paths',
+                      source='tests/test_util_paths.c',
+                      deps='cmocka replace talloc samba-util',
+-                     local_include=False)
++                     local_include=False,
++                     install=False)

net/samba411/files/patch-source3_modules_vfs__zfsacl.c

@@ -0,0 +1,36 @@
+--- source3/modules/vfs_zfsacl.c.orig	2018-07-12 08:23:36 UTC
++++ source3/modules/vfs_zfsacl.c
+@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 	SMB_STRUCT_STAT sbuf;
+ 	const SMB_STRUCT_STAT *psbuf = NULL;
+ 	int ret;
++	bool inherited_is_present = False;
+ 	bool is_dir;
+ 
+ 	if (VALID_STAT(smb_fname->st)) {
+@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 			aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
+ 		}
+ 
++#ifdef ACE_INHERITED_ACE
++ 		if(aceprop.aceFlags & ACE_INHERITED_ACE) {
++ 			inherited_is_present = true;
++ 		}
++#endif
+ 		if(aceprop.aceFlags & ACE_OWNER) {
+ 			aceprop.flags = SMB_ACE4_ID_SPECIAL;
+ 			aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
+@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(st
+ 			return NT_STATUS_NO_MEMORY;
+ 	}
+ 
++#ifdef ACE_INHERITED_ACE
++ 	if (!inherited_is_present
++	    && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){
++		DBG_DEBUG("setting dacl_protected flag on %s\n", smb_fname->base_name);
++		smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE);
++	}
++#endif
+ 	*ppacl = pacl;
+ 	return NT_STATUS_OK;
+ }

net/samba411/pkg-plist

@@ -937,6 +937,7 @@ man/man8/winbindd.8.gz
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder_helpers/server.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_forwarder.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_invalid.py
+%%PYTHON_SITELIBDIR%%/samba/tests/dns_packet.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_tkey.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns_wildcard.py
 %%PYTHON_SITELIBDIR%%/samba/tests/dns.py