mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-16 07:58:04 +00:00
Code Issues Releases Activity
d763116bc0
freebsd-ports/net/samba413/files/patch-bind
Timur I. Bakeyev 3887986f67 PR: 255415 
254033
		252385
Security:	CVE-2021-20254

Updated net/samba412 and net/samba413 to fix CVE-2021-20254.

Also fixed:
* Incorrect include line for the bind backend(255415)
* Broken pkg-plist with NO_PYTHON(254033)
* Broken URL parsing in LDAP client(252385)
2021-05-04 02:26:52 +02:00

275 lines
11 KiB
Plaintext
Raw Blame History

--- python/samba/provision/sambadns.py.orig 2020-11-03 14:33:19 UTC
+++ python/samba/provision/sambadns.py
@@ -27,6 +27,7 @@ import time
import ldb
from base64 import b64encode
import subprocess
+import re
import samba
from samba.tdb_util import tdb_copy
from samba.mdb_util import mdb_copy
@@ -957,47 +958,38 @@ def create_named_conf(paths, realm, dnsdomain, dns_bac
stderr=subprocess.STDOUT,
cwd='.').communicate()[0]
bind_info = get_string(bind_info)
- bind9_8 = '#'
- bind9_9 = '#'
- bind9_10 = '#'
- bind9_11 = '#'
- bind9_12 = '#'
- bind9_14 = '#'
- bind9_16 = '#'
- if bind_info.upper().find('BIND 9.8') != -1:
- bind9_8 = ''
- elif bind_info.upper().find('BIND 9.9') != -1:
- bind9_9 = ''
- elif bind_info.upper().find('BIND 9.10') != -1:
- bind9_10 = ''
- elif bind_info.upper().find('BIND 9.11') != -1:
- bind9_11 = ''
- elif bind_info.upper().find('BIND 9.12') != -1:
- bind9_12 = ''
- elif bind_info.upper().find('BIND 9.14') != -1:
- bind9_14 = ''
- elif bind_info.upper().find('BIND 9.16') != -1:
- bind9_16 = ''
- elif bind_info.upper().find('BIND 9.7') != -1:
- raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
- elif bind_info.upper().find('BIND_9.13') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.15') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
- elif bind_info.upper().find('BIND_9.17') != -1:
- raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+
+ bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
+ if bind9_release:
+ bind9_disabled = ''
+ bind9_version = bind9_release.group(0) + "x"
+ bind9_version_major = int(bind9_release.group(1))
+ bind9_version_minor = int(bind9_release.group(2))
+ if bind9_version_minor == 7:
+ raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+ elif bind9_version_minor == 8:
+ bind9_dlz_version = "9"
+ elif bind9_version_minor in [13, 15, 17]:
+ raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+ else:
+ bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
else:
+ bind9_disabled = '# '
+ bind9_version = "BIND z.y.x"
+ bind9_dlz_version = "z_y"
logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
+
+ bind9_dlz = (
+ ' # For %s\n'
+ ' %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
+ ) % (
+ bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
+ )
+
setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
"NAMED_CONF": paths.namedconf,
"MODULESDIR": samba.param.modules_dir(),
- "BIND9_8": bind9_8,
- "BIND9_9": bind9_9,
- "BIND9_10": bind9_10,
- "BIND9_11": bind9_11,
- "BIND9_12": bind9_12,
- "BIND9_14": bind9_14,
- "BIND9_16": bind9_16
+ "BIND9_DLZ": bind9_dlz
})
--- source4/dns_server/dlz_minimal.h.orig 2019-12-06 10:10:30 UTC
+++ source4/dns_server/dlz_minimal.h
@@ -26,32 +26,31 @@
#include <stdint.h>
#include <stdbool.h>
-#if defined (BIND_VERSION_9_8)
-# define DLZ_DLOPEN_VERSION 1
-#elif defined (BIND_VERSION_9_9)
-# define DLZ_DLOPEN_VERSION 2
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_10)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 1
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_11)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_12)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-# define ISC_BOOLEAN_AS_BOOL 0
-#elif defined (BIND_VERSION_9_14)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
-#elif defined (BIND_VERSION_9_16)
-# define DLZ_DLOPEN_VERSION 3
-# define DNS_CLIENTINFO_VERSION 2
+#if defined (BIND_VERSION)
+# if BIND_VERSION == 908
+# define DLZ_DLOPEN_VERSION 1
+# elif BIND_VERSION == 909
+# define DLZ_DLOPEN_VERSION 2
+# define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 910
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION == 911 || BIND_VERSION == 912
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+# elif BIND_VERSION >= 914
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 1
+# else
+# error Unsupported BIND version
+# endif
#else
# error Unsupported BIND version
+# error BIND_VERSION undefined
#endif
#ifndef ISC_BOOLEAN_AS_BOOL
--- source4/dns_server/wscript_build.orig 2019-12-06 10:11:08 UTC
+++ source4/dns_server/wscript_build
@@ -20,7 +20,7 @@ bld.SAMBA_MODULE('service_dns',
# a bind9 dlz module giving access to the Samba DNS SAM
bld.SAMBA_LIBRARY('dlz_bind9',
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_8',
+ cflags='-DBIND_VERSION=908',
private_library=True,
link_name='modules/bind9/dlz_bind9.so',
realname='dlz_bind9.so',
@@ -28,69 +28,21 @@ bld.SAMBA_LIBRARY('dlz_bind9',
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
-bld.SAMBA_LIBRARY('dlz_bind9_9',
+for bind_version in (909, 910, 911, 912, 914, 916):
+ string_version='%d_%d' % (bind_version//100, bind_version % 100)
+ bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_9',
+ cflags='-DBIND_VERSION=%d' % bind_version,
private_library=True,
- link_name='modules/bind9/dlz_bind9_9.so',
- realname='dlz_bind9_9.so',
+ link_name='modules/bind9/dlz_bind%s.so' % (string_version),
+ realname='dlz_bind%s.so' % (string_version),
install_path='${MODULESDIR}/bind9',
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
-bld.SAMBA_LIBRARY('dlz_bind9_10',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_10',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_10.so',
- realname='dlz_bind9_10.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_11',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_11',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_11.so',
- realname='dlz_bind9_11.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_12',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_12',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_12.so',
- realname='dlz_bind9_12.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_14',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_14',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_14.so',
- realname='dlz_bind9_14.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
-bld.SAMBA_LIBRARY('dlz_bind9_16',
- source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_16',
- private_library=True,
- link_name='modules/bind9/dlz_bind9_16.so',
- realname='dlz_bind9_16.so',
- install_path='${MODULESDIR}/bind9',
- deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
- enabled=bld.AD_DC_BUILD_IS_ENABLED())
-
bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
source='dlz_bind9.c',
- cflags='-DBIND_VERSION_9_8',
+ cflags='-DBIND_VERSION=908',
private_library=True,
deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
enabled=bld.AD_DC_BUILD_IS_ENABLED())
--- source4/setup/named.conf.dlz.orig 2019-12-06 10:10:31 UTC
+++ source4/setup/named.conf.dlz
@@ -7,28 +7,10 @@
#
# This configures dynamically loadable zones (DLZ) from AD schema
-# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
- # For BIND 9.8.x
- ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
- # For BIND 9.9.x
- ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
+${BIND9_DLZ}
- # For BIND 9.10.x
- ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
-
- # For BIND 9.11.x
- ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
-
- # For BIND 9.12.x
- ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
-
- # For BIND 9.14.x
- ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
-
- # For BIND 9.16.x
- ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
};
--- source4/torture/dns/wscript_build.orig 2020-04-11 03:26:46 UTC
+++ source4/torture/dns/wscript_build
@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
source='dlz_bind9.c',
subsystem='smbtorture',
init_function='torture_bind_dns_init',
- cflags='-DBIND_VERSION_9_8',
+ cflags='-DBIND_VERSION=908',
deps='torture talloc torturemain dlz_bind9_for_torture',
internal_module=True
)
Reference in New Issue View Git Blame Copy Permalink