1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Security update of net/samba32 to the 3.2.13 version.

o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".

Security:	CVE-2009-1886, CVE-2009-1888
This commit is contained in:
Timur I. Bakeyev 2009-06-26 00:35:25 +00:00
parent 900b0cc5de
commit 955b273182
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=236633
13 changed files with 66 additions and 29 deletions

View File

@ -6,7 +6,7 @@
#
PORTNAME= samba
PORTVERSION?= 3.2.11
PORTVERSION?= 3.2.13
CATEGORIES?= net
MASTER_SITES= ${MASTER_SITE_SAMBA}
MASTER_SITE_SUBDIR= . old-versions rc pre
@ -303,8 +303,7 @@ MAN8= eventlogadm.8 net.8 nmbd.8 pdbedit.8 smbd.8 smbpasswd.8 \
.if !defined(WITHOUT_WINBIND)
MAN1+= wbinfo.1
MAN7+= pam_winbind.7
MAN8+= winbindd.8
MAN8+= pam_winbind.8 winbindd.8
.endif
.if !defined(WITHOUT_SWAT)

View File

@ -1,3 +1,3 @@
MD5 (samba-3.2.11.tar.gz) = fc514bc92184b9b64544afa457e4d84e
SHA256 (samba-3.2.11.tar.gz) = 5db81a9bd2842e7bf5f2fe8eeb0533eb59e6bb75a7d5f79f9e04c13baec32ef5
SIZE (samba-3.2.11.tar.gz) = 24399021
MD5 (samba-3.2.13.tar.gz) = aed1c2df274f504d4e7d4883da4581f6
SHA256 (samba-3.2.13.tar.gz) = 91223a742183675cb3bb9ba1cc379948e8666e69735f348ea7d3794ce3bc778d
SIZE (samba-3.2.13.tar.gz) = 24436090

View File

@ -1,6 +1,30 @@
--- Makefile.in.orig 2008-12-15 08:11:28.000000000 +0000
+++ Makefile.in 2009-01-26 01:58:03.000000000 +0000
@@ -124,9 +124,8 @@
--- ./Makefile.in.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./Makefile.in 2009-06-26 00:08:10.000000000 +0000
@@ -45,7 +45,6 @@
LDSHFLAGS=@LDSHFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
LDFLAGS=@PIE_LDFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
-WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
AWK=@AWK@
PICFLAG=@PICFLAG@
DYNEXP=@DYNEXP@
@@ -64,10 +63,14 @@
LDAP_LIBS=@LDAP_LIBS@
NSCD_LIBS=@NSCD_LIBS@
UUID_LIBS=@UUID_LIBS@
+
WINBIND_LIBS=@WINBIND_LIBS@
+WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
WINBIND_NSS_EXTRA_LIBS=@WINBIND_NSS_EXTRA_LIBS@
-WINBIND_NSS_PTHREAD=@WINBIND_NSS_PTHREAD@
PAM_WINBIND_EXTRA_LIBS=@PAM_WINBIND_EXTRA_LIBS@
+WINBIND_WINS_NSS_EXTRA_LIBS=@WINBIND_WINS_NSS_EXTRA_LIBS@
+WINBIND_NSS_PTHREAD=@WINBIND_NSS_PTHREAD@
+
DNSSD_LIBS=@DNSSD_LIBS@
POPT_LIBS=@POPTLIBS@
LIBTALLOC_LIBS=@LIBTALLOC_LIBS@
@@ -122,9 +125,8 @@
# These can be overridden by command line switches (see smbd(8))
# or in smb.conf (see smb.conf(5))
LOGFILEBASE = @logfilebase@
@ -11,7 +35,7 @@
# This is where smbpasswd et al go
PRIVATEDIR = @privatedir@
@@ -153,10 +152,10 @@
@@ -148,10 +150,10 @@
# the directory where pid files go
PIDDIR = @piddir@
@ -24,3 +48,17 @@
FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4)
FLAGS = $(ISA) $(FLAGS5) -I$(srcdir)/lib -D_SAMBA_BUILD_=3
@@ -962,9 +964,10 @@
$(RPCCLIENT_NDR_OBJ) \
$(PRIVILEGES_BASIC_OBJ)
-WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \
- $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) \
- $(LIBNDR_GEN_OBJ0)
+WINBIND_WINS_NSS_OBJ = nsswitch/wins.o @WINBIND_WINS_NSS_EXTRA_OBJS@ \
+ $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLIENT_OBJ) \
+ $(LIB_NONSMBD_OBJ) \
+ $(LIBNDR_GEN_OBJ0)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o

View File

@ -1,5 +1,5 @@
--- configure.in.orig 2009-02-03 16:10:07.000000000 +0000
+++ configure.in 2009-02-08 16:14:09.000000000 +0000
--- ./configure.in.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./configure.in 2009-06-25 23:59:12.000000000 +0000
@@ -184,16 +184,6 @@
fi
fi

View File

@ -1,5 +1,5 @@
--- ./lib/iconv.c.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./lib/iconv.c 2009-01-06 17:10:53.000000000 +0000
--- ./lib/iconv.c.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./lib/iconv.c 2009-06-25 20:49:35.000000000 +0000
@@ -136,7 +136,7 @@
char **outbuf, size_t *outbytesleft)
{

View File

@ -1,5 +1,5 @@
--- ./lib/replace/libreplace_cc.m4.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./lib/replace/libreplace_cc.m4 2009-01-06 17:10:53.000000000 +0000
--- ./lib/replace/libreplace_cc.m4.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./lib/replace/libreplace_cc.m4 2009-06-25 20:49:35.000000000 +0000
@@ -145,6 +145,10 @@
AC_CHECK_TYPE(uintptr_t, unsigned long long)
AC_CHECK_TYPE(ptrdiff_t, unsigned long long)

View File

@ -1,5 +1,5 @@
--- ./m4/aclocal.m4.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./m4/aclocal.m4 2009-01-06 17:10:53.000000000 +0000
--- ./m4/aclocal.m4.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./m4/aclocal.m4 2009-06-25 20:49:35.000000000 +0000
@@ -416,101 +416,79 @@
dnl those with the standalone portable libiconv installed).
AC_MSG_CHECKING(for iconv in $1)

View File

@ -1,5 +1,5 @@
--- ./nsswitch/pam_winbind.c.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./nsswitch/pam_winbind.c 2009-01-06 17:10:53.000000000 +0000
--- ./nsswitch/pam_winbind.c.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./nsswitch/pam_winbind.c 2009-06-25 20:49:35.000000000 +0000
@@ -39,14 +39,14 @@
const void *_item)
{

View File

@ -1,5 +1,5 @@
--- ./nsswitch/wins_freebsd.c.orig 2009-01-06 17:10:53.000000000 +0000
+++ ./nsswitch/wins_freebsd.c 2009-01-06 17:10:53.000000000 +0000
--- ./nsswitch/wins_freebsd.c.orig 2009-06-25 20:49:35.000000000 +0000
+++ ./nsswitch/wins_freebsd.c 2009-06-25 20:49:35.000000000 +0000
@@ -0,0 +1,112 @@
+/*
+ Unix SMB/CIFS implementation.

View File

@ -1,5 +1,5 @@
--- ./smbd/quotas.c.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./smbd/quotas.c 2009-01-06 17:10:53.000000000 +0000
--- ./smbd/quotas.c.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./smbd/quotas.c 2009-06-25 20:49:35.000000000 +0000
@@ -1023,6 +1023,8 @@
enum clnt_stat clnt_stat;
bool ret = True;

View File

@ -1,5 +1,5 @@
--- ./smbd/statvfs.c.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./smbd/statvfs.c 2009-01-06 17:10:53.000000000 +0000
--- ./smbd/statvfs.c.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./smbd/statvfs.c 2009-06-25 20:49:35.000000000 +0000
@@ -3,6 +3,7 @@
VFS API's statvfs abstraction
Copyright (C) Alexander Bokovoy 2005

View File

@ -1,5 +1,5 @@
--- ./utils/net_time.c.orig 2008-12-19 13:57:33.000000000 +0000
+++ ./utils/net_time.c 2009-01-06 17:10:53.000000000 +0000
--- ./utils/net_time.c.orig 2009-06-22 21:05:38.000000000 +0000
+++ ./utils/net_time.c 2009-06-25 20:49:35.000000000 +0000
@@ -84,9 +84,15 @@
return "unknown";
}

View File

@ -226,7 +226,7 @@ share/swat/help/manpages/net.8.html
share/swat/help/manpages/nmbd.8.html
share/swat/help/manpages/nmblookup.1.html
share/swat/help/manpages/ntlm_auth.1.html
share/swat/help/manpages/pam_winbind.7.html
share/swat/help/manpages/pam_winbind.8.html
share/swat/help/manpages/pdbedit.8.html
share/swat/help/manpages/profiles.1.html
share/swat/help/manpages/rpcclient.1.html