Upgrade Samba ports to address November security vulnerabilities

Security:	CVE-2018-14629
		CVE-2018-16841
		CVE-2018-16851
		CVE-2018-16852
		CVE-2018-16853
		CVE-2018-16857

5 files changed, 12 insertions, 116 deletions

diff --git a/net/samba47/Makefile b/net/samba47/Makefile
index c9a12ee1800f..8ecfc8c4aeb2 100644
--- a/net/samba47/Makefile
+++ b/net/samba47/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=			${SAMBA4_BASENAME}47
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			1
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@@ -20,12 +20,11 @@ CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-689]-4.* p5-Parse-Pidl-4.*
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-audit.patch:-p1
-#EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13351.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.7.10
+SAMBA4_VERSION=			4.7.12
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -365,7 +364,7 @@ SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template nss-info_rfc2307 nss-
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry gpext_scripts perfcount_test \
 				vfs_fake_dfq vfs_skel_opaque vfs_skel_transparent vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr vfs_error_inject
+				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
 .endif
 
 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
diff --git a/net/samba47/distinfo b/net/samba47/distinfo
index fa3aaa77f46c..b290b026b2f1 100644
--- a/net/samba47/distinfo
+++ b/net/samba47/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1536019045
-SHA256 (samba-4.7.10.tar.gz) = 34596814e9b8daaec3e7a07d4d3b355d4976e6a7cf13d4e0b9aaf0388f32be70
-SIZE (samba-4.7.10.tar.gz) = 16911799
+TIMESTAMP = 1543313407
+SHA256 (samba-4.7.12.tar.gz) = 0e9c386bc32983452c5dcafdee561f37e43a411ac1919c864404e6177b1aaf4a
+SIZE (samba-4.7.12.tar.gz) = 16923189
diff --git a/net/samba48/Makefile b/net/samba48/Makefile
index e68a204d473c..5a5b68df8086 100644
--- a/net/samba48/Makefile
+++ b/net/samba48/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=			${SAMBA4_BASENAME}48
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			1
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@@ -22,12 +22,11 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-audit.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13175.patch:-p1
-EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13441-extra.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.8.5
+SAMBA4_VERSION=			4.8.7
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -383,7 +382,7 @@ SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template nss-info_rfc2307 nss-
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry gpext_scripts perfcount_test \
 				vfs_fake_dfq vfs_skel_opaque vfs_skel_transparent vfs_shadow_copy_test vfs_fake_acls \
-				vfs_nfs4acl_xattr vfs_error_inject
+				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
 .endif
 
 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
diff --git a/net/samba48/distinfo b/net/samba48/distinfo
index 4a48b94ba827..39d139d0d7d7 100644
--- a/net/samba48/distinfo
+++ b/net/samba48/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1535201844
-SHA256 (samba-4.8.5.tar.gz) = e58ee6b1262d4128b8932ceee59d5f0b0a9bbe00547eb3cc4c41552de1a65155
-SIZE (samba-4.8.5.tar.gz) = 17715401
+TIMESTAMP = 1543311377
+SHA256 (samba-4.8.7.tar.gz) = 0f6f67932e8bb23ab83b43070037ac452f9fc5f20763857d2b67e209ee7cd362
+SIZE (samba-4.8.7.tar.gz) = 17724232
diff --git a/net/samba48/files/0001-bug-13441-extra.patch b/net/samba48/files/0001-bug-13441-extra.patch
deleted file mode 100644
index 2c17bd6a4d75..000000000000
--- a/net/samba48/files/0001-bug-13441-extra.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 76b4f9879c9e83f5e20caf7242f5e30ddb1cc84c Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 7 Aug 2018 15:10:31 +0200
-Subject: [PATCH 1/2] vfs_fruit: Don't unlink the main file
-
-Follow-up to
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
-Signed-off-by: Volker Lendecke <vl@samba.org>
----
- source3/modules/vfs_fruit.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
-index 078426290a4..191477c0e1d 100644
---- a/source3/modules/vfs_fruit.c
-+++ b/source3/modules/vfs_fruit.c
-@@ -5562,7 +5562,9 @@ static int fruit_ftruncate(struct vfs_handle_struct *handle,
- 		  (intmax_t)offset);
- 
- 	if (fio == NULL) {
--		if (offset == 0 && global_fruit_config.nego_aapl) {
-+		if (offset == 0 &&
-+		    global_fruit_config.nego_aapl &&
-+		    fsp->fsp_name->stream_name != NULL) {
- 			return SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name);
- 		}
- 		return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
--- 
-2.11.0
-
-
-From a5b8908a29b7c5266381faac0471ad6dddd0f658 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl@samba.org>
-Date: Tue, 7 Aug 2018 15:11:22 +0200
-Subject: [PATCH 2/2] torture: Make sure that fruit_ftruncate only unlinks
- streams
-
-Signed-off-by: Volker Lendecke <vl@samba.org>
----
- source4/torture/vfs/fruit.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
-diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
-index 4c49a6bf532..25c0668ea5d 100644
---- a/source4/torture/vfs/fruit.c
-+++ b/source4/torture/vfs/fruit.c
-@@ -4773,6 +4773,51 @@ static bool test_setinfo_stream_eof(struct torture_context *tctx,
- 		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
- 		"Unexpected status\n");
- 
-+	torture_comment(
-+		tctx, "Setting main file EOF to 1 to force 0-truncate\n");
-+
-+	status = torture_smb2_testfile_access(
-+		tree,
-+		fname,
-+		&h1,
-+		SEC_FILE_WRITE_DATA);
-+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
-+					"torture_smb2_testfile failed\n");
-+
-+	ZERO_STRUCT(sfinfo);
-+	sfinfo.generic.in.file.handle = h1;
-+	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
-+	sfinfo.position_information.in.position = 1;
-+	status = smb2_setinfo_file(tree, &sfinfo);
-+        torture_assert_ntstatus_ok_goto(
-+		tctx,
-+		status,
-+		ret,
-+		done,
-+		"set eof 1 failed\n");
-+
-+	sfinfo.position_information.in.position = 0;
-+	status = smb2_setinfo_file(tree, &sfinfo);
-+        torture_assert_ntstatus_ok_goto(
-+		tctx,
-+		status,
-+		ret,
-+		done,
-+		"set eof 0 failed\n");
-+
-+        smb2_util_close(tree, h1);
-+
-+	ZERO_STRUCT(create);
-+	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
-+	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
-+	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
-+	create.in.create_disposition = NTCREATEX_DISP_OPEN;
-+	create.in.fname = fname;
-+
-+	status = smb2_create(tree, tctx, &create);
-+	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
-+					"torture_smb2_testfile failed\n");
-+	smb2_util_close(tree, h1);
- done:
- 	smb2_util_unlink(tree, fname);
- 	smb2_util_rmdir(tree, BASEDIR);
--- 
-2.11.0
-