From 992c0174ed8a0d3134af80cf03115961ce777203 Mon Sep 17 00:00:00 2001 From: timur Date: Thu, 31 Jan 2013 15:59:44 +0000 Subject: Security update of the port to the 3.6.12 version Security: CVE-2013-0213, CVE-2013-0214 --- net/samba36/Makefile | 14 ++--- net/samba36/distinfo | 4 +- .../files/patch-lib__tevent__tevent_signal.c | 2 +- net/samba36/files/patch-source3__configure.in | 70 ++++++---------------- net/samba36/files/patch-source3__utils__net.c | 18 ++++++ net/samba36/files/pkg-deinstall.in | 1 + net/samba36/files/samba.in | 16 +++-- 7 files changed, 60 insertions(+), 65 deletions(-) create mode 100644 net/samba36/files/patch-source3__utils__net.c diff --git a/net/samba36/Makefile b/net/samba36/Makefile index fbe5385ec6fd..d968f67a9cb6 100644 --- a/net/samba36/Makefile +++ b/net/samba36/Makefile @@ -6,7 +6,7 @@ # PORTNAME= ${SAMBA_BASENAME}36 -PORTVERSION= 3.6.9 +PORTVERSION= 3.6.12 PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} @@ -65,8 +65,8 @@ CONFIGURE_ARGS+= --exec-prefix="${PREFIX}" \ --datadir="${DATADIR}" \ --with-swatdir="${SAMBA_SWATDIR}" \ --libdir="${SAMBA_LIBDIR}" \ - --with-modulesdir="${SAMBA_MODULEDIR}" \ --with-pammodulesdir="${SAMBA_LIBDIR}" \ + --with-modulesdir="${SAMBA_MODULEDIR}" \ --localstatedir="${VARDIR}" \ --with-piddir="${SAMBA_RUNDIR}" \ --with-ncalrpcdir="${SAMBA_RUNDIR}/ncalrpc" \ @@ -116,7 +116,7 @@ OPTIONS= LDAP "With LDAP support" on \ PAM_SMBPASS "With PAM authentication vs passdb backends" off \ DNSUPDATE "With dynamic DNS update(require ADS)" off \ AVAHI "With Bonjour service discovery support" off \ - PTHREADPOOL "With pthread pool" off \ + PTHREADPOOL "With pthread pool" on \ EXP_MODULES "With experimental modules" off \ POPT "With system-wide POPT library" on \ IPV6 "With IPv6 support" on \ @@ -184,10 +184,10 @@ SUB_LIST+= CUPS="@comment " CPPFLAGS+= -g LDFLAGS+= -g LIB_DEPENDS+= dmalloc.1:${PORTSDIR}/devel/dmalloc -CONFIGURE_ARGS+= --enable-debug \ - --enable-socket-wrapper --enable-nss-wrapper \ - --enable-developer --enable-krb5developer \ - --enable-dmalloc --with-profiling-data +CONFIGURE_ARGS+= --enable-debug +# --enable-socket-wrapper --enable-nss-wrapper \ +# --enable-developer --enable-krb5developer \ +# --enable-dmalloc --with-profiling-data CONFIGURE_ARGS+= --with-smbtorture4-path=${WRKDIR}/${DISTNAME}/source4/torture .else diff --git a/net/samba36/distinfo b/net/samba36/distinfo index d438c20efeb1..79cde8b0fec2 100644 --- a/net/samba36/distinfo +++ b/net/samba36/distinfo @@ -1,2 +1,2 @@ -SHA256 (samba-3.6.9.tar.gz) = 9714b50c1bbdb0d3521bdbf403bb112b5405040685cb0b4ff3f9a370d1e84020 -SIZE (samba-3.6.9.tar.gz) = 34077002 +SHA256 (samba-3.6.12.tar.gz) = 6ff797c1772613bd5172d2c8b900fd56bf096d7252faee8b47c4925a4fdc9f8b +SIZE (samba-3.6.12.tar.gz) = 34073788 diff --git a/net/samba36/files/patch-lib__tevent__tevent_signal.c b/net/samba36/files/patch-lib__tevent__tevent_signal.c index 8d5915339835..d62b2e6eec8d 100644 --- a/net/samba36/files/patch-lib__tevent__tevent_signal.c +++ b/net/samba36/files/patch-lib__tevent__tevent_signal.c @@ -5,7 +5,7 @@ #include "tevent_util.h" -#define TEVENT_NUM_SIGNALS 64 -+#define TEVENT_NUM_SIGNALS SIGRTMAX ++#define TEVENT_NUM_SIGNALS (SIGRTMAX+1) /* maximum number of SA_SIGINFO signals to hold in the queue. NB. This *MUST* be a power of 2, in order for the ring buffer diff --git a/net/samba36/files/patch-source3__configure.in b/net/samba36/files/patch-source3__configure.in index d2433daf9d44..30a50f9ade93 100644 --- a/net/samba36/files/patch-source3__configure.in +++ b/net/samba36/files/patch-source3__configure.in @@ -1,26 +1,6 @@ ---- ./source3/configure.in.orig 2012-10-29 09:05:46.000000000 +0000 -+++ ./source3/configure.in 2012-11-01 13:16:20.589876378 +0000 -@@ -759,7 +759,6 @@ - if test x"$ac_cv_header_md5_h" = x"yes"; then - AC_DEFINE(HAVE_MD5_H, 1, - [Whether md5.h is available.]) -- AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5]) - fi - - if test x"$ac_cv_header_md5_h" = x"yes" -a \ -@@ -769,6 +768,11 @@ - - if test x"$ac_cv_header_md5_h" = x"yes" -a \ - x"$samba_cv_md5lib" = x"none" ; then -+ AC_CHECK_LIB(md5, MD5Update, [samba_cv_md5lib=md5]) -+fi -+ -+if test x"$ac_cv_header_md5_h" = x"yes" -a \ -+ x"$samba_cv_md5lib" = x"none" ; then - AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=""]) - fi - -@@ -868,9 +872,13 @@ +--- ./source3/configure.in.orig 2013-01-18 10:41:08.000000000 +0000 ++++ ./source3/configure.in 2013-01-30 01:24:19.349878982 +0000 +@@ -864,9 +864,13 @@ AC_PATH_PROG(CUPS_CONFIG, cups-config) if test "x$CUPS_CONFIG" != x; then @@ -35,7 +15,7 @@ AC_CHECK_HEADERS(cups/cups.h cups/language.h) if test x"$ac_cv_header_cups_cups_h" = xyes -a \ -@@ -879,7 +887,7 @@ +@@ -875,7 +879,7 @@ # underlinked. With cups-config --libs we pull in unwanted and unneeded # dendencies including thread libraries - use cups-config only if really # required. @@ -44,7 +24,7 @@ [PRINT_LIBS="$ac_save_PRINT_LIBS -lcups"], [AC_MSG_WARN([your cups library doesn't link with -lcups alone, it might be underlinked.]) ; PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"]) -@@ -889,10 +897,10 @@ +@@ -885,10 +889,10 @@ AC_CHECK_LIB_EXT(cups, PRINT_LIBS, httpConnectEncrypt) else AC_MSG_WARN([cups-config around but cups-devel not installed]) @@ -57,7 +37,7 @@ elif test x"$enable_cups" = x"yes"; then AC_MSG_ERROR(Cups support required but cups-config not located. Make sure cups-devel related files are installed.) -@@ -1849,7 +1857,7 @@ +@@ -1845,7 +1849,7 @@ fi if test x"$BLDSHARED" = x"true" ; then @@ -66,7 +46,7 @@ fi AC_MSG_RESULT($BLDSHARED) -@@ -1980,9 +1988,6 @@ +@@ -1976,9 +1980,6 @@ AC_MSG_CHECKING([PICFLAG]) AC_MSG_RESULT([$PICFLAG]) @@ -76,7 +56,7 @@ AC_CACHE_CHECK([whether building shared libraries actually works], [ac_cv_shlib_works],[ # try building a trivial shared library -@@ -4639,15 +4644,51 @@ +@@ -4656,15 +4657,51 @@ x"$ac_cv_header_pam_pam_modules_h" = x"no" ; then if test x"${try_pam}" = x"yes";then AC_MSG_ERROR([--with-pam=yes but pam_modules.h not found]) @@ -132,7 +112,7 @@ if test x"$create_pam_modules" = x"yes"; then AC_DEFINE(WITH_PAM_MODULES,1,[Whether to include PAM MODULES support]) -@@ -4657,7 +4698,7 @@ +@@ -4674,7 +4711,7 @@ AC_CHECK_HEADERS(pam/pam_ext.h pam/_pam_macros.h) AC_CHECK_FUNC_EXT(pam_vsyslog,$PAM_LIBS) else @@ -141,28 +121,16 @@ fi fi AC_MSG_CHECKING(whether to use PAM support) -@@ -5859,9 +5900,17 @@ - [AC_MSG_RESULT(no)]) +@@ -5877,7 +5914,7 @@ AC_MSG_CHECKING(for aio_suspend) -- AC_LINK_IFELSE([#include --int main() { struct aiocb a; return aio_suspend(&a, 1, NULL); }], --[AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)], -+ AC_LINK_IFELSE([ -+ #include -+ #if STDC_HEADERS -+ #include -+ #include -+ #endif -+ int main() { -+ struct aiocb *a[1]; -+ return aio_suspend((const struct aiocb**)&a, 1, NULL); -+ } -+ ], [AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)], + AC_LINK_IFELSE([#include +-int main() { struct aiocb a; struct timespec t; return aio_suspend(&a, 1, &t); }], ++int main() { struct aiocb *a[[1]]; struct timespec t; return aio_suspend((const struct aiocb**)&a, 1, &t); }], + [AC_DEFINE(HAVE_AIO_SUSPEND, 1, [Have aio_suspend]) AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) fi - -@@ -6319,12 +6368,13 @@ +@@ -6336,12 +6373,13 @@ NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_linux.o" ;; @@ -177,7 +145,7 @@ WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" ;; -@@ -6471,10 +6521,14 @@ +@@ -6488,10 +6526,14 @@ AC_MSG_RESULT(no$winbind_no_reason) fi @@ -192,7 +160,7 @@ AC_SUBST(NSSSONAMEVERSIONSUFFIX) AC_SUBST(WINBIND_KRB5_LOCATOR) -@@ -6793,13 +6847,21 @@ +@@ -6810,13 +6852,21 @@ # Start AC_CHECK_FUNC(getmntent) @@ -215,7 +183,7 @@ int main(void) { struct statfs fsd; -@@ -7099,6 +7161,16 @@ +@@ -7116,6 +7166,16 @@ LIBS="$LIBS -ldmalloc" fi @@ -232,7 +200,7 @@ dnl Remove -L/usr/lib/? from LDFLAGS and LIBS LIB_REMOVE_USR_LIB(LDFLAGS) LIB_REMOVE_USR_LIB(LIBS) -@@ -7147,6 +7219,7 @@ +@@ -7164,6 +7224,7 @@ AC_SUBST(SMBD_LIBS) CFLAGS="${CFLAGS} \$(FLAGS)" diff --git a/net/samba36/files/patch-source3__utils__net.c b/net/samba36/files/patch-source3__utils__net.c new file mode 100644 index 000000000000..aa4853a7624e --- /dev/null +++ b/net/samba36/files/patch-source3__utils__net.c @@ -0,0 +1,18 @@ +--- ./source3/utils/net.c.orig 2013-01-29 08:49:31.000000000 +0000 ++++ ./source3/utils/net.c 2013-01-31 15:04:24.069877314 +0000 +@@ -898,8 +898,13 @@ + set_global_myname(c->opt_requester_name); + } + +- if (!c->opt_user_name && getenv("LOGNAME")) { +- c->opt_user_name = getenv("LOGNAME"); ++ if (!c->opt_user_name) { ++ if(getenv("LOGNAME")) ++ c->opt_user_name = getenv("LOGNAME"); ++ else ++ d_fprintf(stderr, ++ _("Environment LOGNAME is not defined." ++ " Trying anonymous access.\n")); + } + + if (!c->opt_workgroup) { diff --git a/net/samba36/files/pkg-deinstall.in b/net/samba36/files/pkg-deinstall.in index 29ecc2cc31b5..fbe0993634eb 100644 --- a/net/samba36/files/pkg-deinstall.in +++ b/net/samba36/files/pkg-deinstall.in @@ -31,6 +31,7 @@ post-deinstall() { ${RMDIR} ${SAMBA_RUNDIR} 2>/dev/null || true ${RMDIR} ${SAMBA_LOCKDIR} 2>/dev/null || true ${RMDIR} ${SAMBA_PRIVATEDIR} 2>/dev/null || true + ${ECHO_CMD} ${ECHO_CMD} "WARNING: If you will *NOT* use this package anymore, please remove the" ${ECHO_CMD} " following directories manually:" ${ECHO_CMD} " ${SAMBA_PRIVATEDIR}" diff --git a/net/samba36/files/samba.in b/net/samba36/files/samba.in index 94f70ff13b39..208f33e76e16 100644 --- a/net/samba36/files/samba.in +++ b/net/samba36/files/samba.in @@ -94,16 +94,20 @@ samba_rcvar_cmd() { } samba_reload_cmd() { - local name rcvar command pidfile + local name rcvar command pidfile force_run # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" + # Ignore rcvar and run command + if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then + force_run=yes + fi # Apply to all daemons for name in ${samba_daemons}; do rcvar=${name}_enable command="%%PREFIX%%/sbin/${name}" pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid" # Daemon should be enabled and running - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then if [ -n "$(check_pidfile "${pidfile}" "${command}")" ]; then debug "reloading ${name} configuration" echo "Reloading ${name}." @@ -115,13 +119,17 @@ samba_reload_cmd() { } samba_cmd() { - local name rcvar rcvars v command pidfile samba_daemons result + local name rcvar rcvars v command pidfile samba_daemons result force_run # Prevent recursive calling unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd" # Stop processes in the reverse order if [ "${rc_arg}" = "stop" ] ; then samba_daemons=$(reverse_list ${samba_daemons}) fi + # Ignore rcvar and run command + if [ -n "${_rc_prefix}" -a "${_rc_prefix}" = "one" ] || [ -n "${rc_force}" ] || [ -n "${rc_fast}" ]; then + force_run=yes + fi # Assume success result=0 # Apply to all daemons @@ -132,7 +140,7 @@ samba_cmd() { command="%%PREFIX%%/sbin/${name}" pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid" # Daemon should be enabled and running - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if ( [ -n "${rcvar}" ] && checkyesno "${rcvar}" ) || [ -n "$force_run" ]; then run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args} # If any of the commands failed, take it as a global result result=$((${result} || $?)) -- cgit