Upgrade Samba ports to address November security vulnerabilities

Security: CVE-2018-14629 CVE-2018-16841 CVE-2018-16851 CVE-2018-16852 CVE-2018-16853 CVE-2018-16857
svn path=/head/; revision=486043
2024-12-20 04:02:27 +00:00 · 2018-11-27 17:25:53 +00:00 · 2018-11-27 17:25:53 +00:00 · 80c5c4a355 · 2021-03-31 03:12:20 +00:00
commit 80c5c4a355
parent eb8381a4a6
5 changed files with 12 additions and 116 deletions
--- a/net/samba47/Makefile
+++ b/net/samba47/Makefile
@ -3,7 +3,7 @@

 PORTNAME=			${SAMBA4_BASENAME}47
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			1
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@ -20,12 +20,11 @@ CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-689]-4.* p5-Parse-Pidl-4.*
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-audit.patch:-p1
-#EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13351.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1

 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.7.10
+SAMBA4_VERSION=			4.7.12
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}

 WRKSRC?=			${WRKDIR}/${DISTNAME}
@ -365,7 +364,7 @@ SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template nss-info_rfc2307 nss-
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry gpext_scripts perfcount_test \
 				vfs_fake_dfq vfs_skel_opaque vfs_skel_transparent vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr vfs_error_inject
+				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
 .endif

 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
--- a/net/samba47/distinfo
+++ b/net/samba47/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1536019045
-SHA256 (samba-4.7.10.tar.gz) = 34596814e9b8daaec3e7a07d4d3b355d4976e6a7cf13d4e0b9aaf0388f32be70
-SIZE (samba-4.7.10.tar.gz) = 16911799
+TIMESTAMP = 1543313407
+SHA256 (samba-4.7.12.tar.gz) = 0e9c386bc32983452c5dcafdee561f37e43a411ac1919c864404e6177b1aaf4a
+SIZE (samba-4.7.12.tar.gz) = 16923189
--- a/net/samba48/Makefile
+++ b/net/samba48/Makefile
@ -3,7 +3,7 @@

 PORTNAME=			${SAMBA4_BASENAME}48
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			1
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@ -22,12 +22,11 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-audit.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13175.patch:-p1
-EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13441-extra.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1

 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.8.5
+SAMBA4_VERSION=			4.8.7
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}

 WRKSRC?=			${WRKDIR}/${DISTNAME}
@ -383,7 +382,7 @@ SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template nss-info_rfc2307 nss-
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry gpext_scripts perfcount_test \
 				vfs_fake_dfq vfs_skel_opaque vfs_skel_transparent vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr vfs_error_inject
+				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
 .endif

 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
--- a/net/samba48/distinfo
+++ b/net/samba48/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1535201844
-SHA256 (samba-4.8.5.tar.gz) = e58ee6b1262d4128b8932ceee59d5f0b0a9bbe00547eb3cc4c41552de1a65155
-SIZE (samba-4.8.5.tar.gz) = 17715401
+TIMESTAMP = 1543311377
+SHA256 (samba-4.8.7.tar.gz) = 0f6f67932e8bb23ab83b43070037ac452f9fc5f20763857d2b67e209ee7cd362
+SIZE (samba-4.8.7.tar.gz) = 17724232
--- a/net/samba48/files/0001-bug-13441-extra.patch
+++ b/net/samba48/files/0001-bug-13441-extra.patch
@ -1,102 +0,0 @@
-From 76b4f9879c9e83f5e20caf7242f5e30ddb1cc84c Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 7 Aug 2018 15:10:31 +0200
-Subject: [PATCH 1/2] vfs_fruit: Don't unlink the main file
-
-Follow-up to
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
-Signed-off-by: Volker Lendecke <vl@samba.org>
---
- source3/modules/vfs_fruit.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
-index 078426290a4..191477c0e1d 100644
--- a/source3/modules/vfs_fruit.c
-+++ b/source3/modules/vfs_fruit.c
-@@ -5562,7 +5562,9 @@ static int fruit_ftruncate(struct vfs_handle_struct *handle,
- 		  (intmax_t)offset);
- 
- 	if (fio == NULL) {
-		if (offset == 0 && global_fruit_config.nego_aapl) {
-+		if (offset == 0 &&
-+		    global_fruit_config.nego_aapl &&
-+		    fsp->fsp_name->stream_name != NULL) {
- 			return SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name);
- 		}
- 		return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
-- 
-2.11.0
-
-
-From a5b8908a29b7c5266381faac0471ad6dddd0f658 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 7 Aug 2018 15:11:22 +0200
-Subject: [PATCH 2/2] torture: Make sure that fruit_ftruncate only unlinks
- streams
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
---
- source4/torture/vfs/fruit.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
-diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
-index 4c49a6bf532..25c0668ea5d 100644
--- a/source4/torture/vfs/fruit.c
-+++ b/source4/torture/vfs/fruit.c
-@@ -4773,6 +4773,51 @@ static bool test_setinfo_stream_eof(struct torture_context *tctx,
- 		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
- 		"Unexpected status\n");
- 
-+	torture_comment(
-+		tctx, "Setting main file EOF to 1 to force 0-truncate\n");
-+
-+	status = torture_smb2_testfile_access(
-+		tree,
-+		fname,
-+		&h1,
-+		SEC_FILE_WRITE_DATA);
-+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
-+					"torture_smb2_testfile failed\n");
-+
-+	ZERO_STRUCT(sfinfo);
-+	sfinfo.generic.in.file.handle = h1;
-+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
-+	sfinfo.position_information.in.position = 1;
-+	status = smb2_setinfo_file(tree, &sfinfo);
-+        torture_assert_ntstatus_ok_goto(
-+		tctx,
-+		status,
-+		ret,
-+		done,
-+		"set eof 1 failed\n");
-+
-+	sfinfo.position_information.in.position = 0;
-+	status = smb2_setinfo_file(tree, &sfinfo);
-+        torture_assert_ntstatus_ok_goto(
-+		tctx,
-+		status,
-+		ret,
-+		done,
-+		"set eof 0 failed\n");
-+
-+        smb2_util_close(tree, h1);
-+
-+	ZERO_STRUCT(create);
-+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
-+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
-+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
-+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
-+	create.in.fname = fname;
-+
-+	status = smb2_create(tree, tctx, &create);
-+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
-+					"torture_smb2_testfile failed\n");
-+	smb2_util_close(tree, h1);
- done:
- 	smb2_util_unlink(tree, fname);
- 	smb2_util_rmdir(tree, BASEDIR);
-- 
-2.11.0
-