Upgrade Samba 4.10 to 4.10.18 and 4.11 to 4.11.13 to address security issue.

https://www.samba.org/samba/security/CVE-2020-1472.html Security: CVE-2020-1472
svn path=/head/; revision=549084
2020-09-20 02:15:25 +00:00 · 2020-09-20 02:15:25 +00:00 · 3dc740211f · 2021-03-31 03:12:20 +00:00
commit 3dc740211f
parent 76af9b2b69
10 changed files with 102 additions and 75 deletions
--- a/net/samba410/Makefile
+++ b/net/samba410/Makefile
@ -24,7 +24,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-provision-use-ASCII-quotes.patch:-p1

 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.10.17
+SAMBA4_VERSION=			4.10.18
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}

 WRKSRC?=			${WRKDIR}/${DISTNAME}
@ -254,8 +254,12 @@ TEST_ENV+=			PYTHON="${PYTHON_CMD}" \
 				SHA256SUM=/sbin/sha256 \
 				MD5SUM=/sbin/md5 \
 				PYTHONDONTWRITEBYTECODE=1
+
 TEST_DEPENDS+=			bash:shells/bash \
 				tshark:net/tshark
+# External Python modules
+TEST_BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
+TEST_RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
 ##############################################################################
 CONFIGURE_ARGS+=		\
 				--with-pam \
@ -282,7 +286,7 @@ FRUIT_VARS=			SAMBA4_MODULES+=vfs_fruit
 FRUIT_PLIST_FILES+=		man/man8/vfs_fruit.8.gz

 GLUSTERFS_CONFIGURE_ENABLE=	glusterfs
-GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs
+GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs7-libs
 GLUSTERFS_VARS=			SAMBA4_MODULES+=vfs_glusterfs
 GLUSTERFS_PLIST_FILES+=		man/man8/vfs_glusterfs.8.gz
 ##############################################################################
@ -414,32 +418,37 @@ SUB_LIST+=			SAMBA4_PYTHON=""
 CONFIGURE_ARGS+=		--nopycache
 MAKE_ENV+=			PYTHONDONTWRITEBYTECODE=1

-.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
+.	if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
 SAMBA4_BUNDLED_LIBS+=		pytalloc-util
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytalloc-util
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
+.	if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
 SAMBA4_BUNDLED_LIBS+=		pytevent
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytevent
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
+.	if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pytdb
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytdb
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
+.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pyldb pyldb-util
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pyldb !pyldb-util
-.endif
-# External Python modules
-BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
-RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
+.	endif
+# samba-tool requires those for *upgrade
+.	if ${PORT_OPTIONS:MAD_DC}
+BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
+RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
+
+BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
+RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
+.	endif
 .endif

 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
@ -477,7 +486,6 @@ PLIST_FILES+=			lib/samba4/private/libaesni-intel-samba4.so
 CONFIGURE_ARGS+=		--accel-aes=none
 .endif

-
 # Only for 64-bit architectures
 .if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
 .	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
--- a/net/samba410/distinfo
+++ b/net/samba410/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1593889839
-SHA256 (samba-4.10.17.tar.gz) = 03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e
-SIZE (samba-4.10.17.tar.gz) = 18387328
+TIMESTAMP = 1600564051
+SHA256 (samba-4.10.18.tar.gz) = 7dcfc2aaaac565b959068788e6a43fc79ce2a03e7d523f5843f7a9fddffc7c2c
+SIZE (samba-4.10.18.tar.gz) = 18400638
--- a/net/samba410/files/patch-lib_util_util__paths.c
+++ b/net/samba410/files/patch-lib_util_util__paths.c
@ -1,15 +0,0 @@
--- lib/util/util_paths.c.orig		2020-07-04 02:14:14 UTC
-+++ lib/util/util_paths.c
-@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
- {
- 	struct passwd pwd = {0};
- 	struct passwd *pwdbuf = NULL;
-	char buf[NSS_BUFLEN_PASSWD] = {0};
-+	char buf[1024] = {0};
- 	int rc;
- 
-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
-+	rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
- 	if (rc != 0 || pwdbuf == NULL ) {
- 		int len_written;
- 		const char *szPath = getenv("HOME");
--- a/net/samba410/files/patch-third__party_wscript
+++ b/net/samba410/files/patch-third__party_wscript
@ -0,0 +1,10 @@
+--- third_party/wscript.orig	2020-09-15 22:45:54 UTC
+++ third_party/wscript
+@@ -7,7 +7,6 @@ from waflib import Options, Errors
+ 
+ # work out what python external libraries we need to install
+ external_pkgs = {
+-    "iso8601": "pyiso8601/iso8601",
+     }
+ 
+ 
--- a/net/samba411/Makefile
+++ b/net/samba411/Makefile
@ -23,7 +23,7 @@ EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1

 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.11.11
+SAMBA4_VERSION=			4.11.13
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}

 WRKSRC?=			${WRKDIR}/${DISTNAME}
@ -253,8 +253,12 @@ TEST_ENV+=			PYTHON="${PYTHON_CMD}" \
 				SHA256SUM=/sbin/sha256 \
 				MD5SUM=/sbin/md5 \
 				PYTHONDONTWRITEBYTECODE=1
+
 TEST_DEPENDS+=			bash:shells/bash \
 				tshark:net/tshark
+# External Python modules
+TEST_BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
+TEST_RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
 ##############################################################################
 CONFIGURE_ARGS+=		\
 				--with-pam \
@ -280,7 +284,7 @@ FRUIT_VARS=			SAMBA4_MODULES+=vfs_fruit
 FRUIT_PLIST_FILES+=		man/man8/vfs_fruit.8.gz

 GLUSTERFS_CONFIGURE_ENABLE=	glusterfs
-GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs
+GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs7-libs
 GLUSTERFS_VARS=			SAMBA4_MODULES+=vfs_glusterfs
 GLUSTERFS_PLIST_FILES+=		man/man8/vfs_glusterfs.8.gz
 ##############################################################################
@ -412,32 +416,37 @@ SUB_LIST+=			SAMBA4_PYTHON=""
 CONFIGURE_ARGS+=		--nopycache
 MAKE_ENV+=			PYTHONDONTWRITEBYTECODE=1

-.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
+.	if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
 SAMBA4_BUNDLED_LIBS+=		pytalloc-util
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytalloc-util
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
+.	if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
 SAMBA4_BUNDLED_LIBS+=		pytevent
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytevent
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
+.	if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pytdb
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pytdb
-.endif
+.	endif

-.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
+.	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pyldb pyldb-util
-.else
+.	else
 SAMBA4_BUNDLED_LIBS+=		!pyldb !pyldb-util
-.endif
-# External Python modules
-BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
-RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
+.	endif
+# samba-tool requires those for *upgrade
+.	if ${PORT_OPTIONS:MAD_DC}
+BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
+RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
+
+BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
+RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
+.	endif
 .endif

 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
@ -475,7 +484,6 @@ PLIST_FILES+=			lib/samba4/private/libaesni-intel-samba4.so
 CONFIGURE_ARGS+=		--accel-aes=none
 .endif

-
 # Only for 64-bit architectures
 .if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
 .	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
--- a/net/samba411/distinfo
+++ b/net/samba411/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1593823109
-SHA256 (samba-4.11.11.tar.gz) = 457f08a2956534269c784b95cff840250165f1e98f8db725bf64e2fca707ff60
-SIZE (samba-4.11.11.tar.gz) = 18590837
+TIMESTAMP = 1600556641
+SHA256 (samba-4.11.13.tar.gz) = e71ed29ae01c5ce7be8cee1f53e0530db86dd19b911accb08fae60224e686ba1
+SIZE (samba-4.11.13.tar.gz) = 18598813
--- a/net/samba411/files/patch-lib_util_util__paths.c
+++ b/net/samba411/files/patch-lib_util_util__paths.c
@ -1,15 +0,0 @@
--- lib/util/util_paths.c.orig		2020-07-04 02:14:14 UTC
-+++ lib/util/util_paths.c
-@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
- {
- 	struct passwd pwd = {0};
- 	struct passwd *pwdbuf = NULL;
-	char buf[NSS_BUFLEN_PASSWD] = {0};
-+	char buf[1024] = {0};
- 	int rc;
- 
-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
-+	rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
- 	if (rc != 0 || pwdbuf == NULL ) {
- 		int len_written;
- 		const char *szPath = getenv("HOME");
--- a/net/samba411/files/patch-lib_util_wscript__build
+++ b/net/samba411/files/patch-lib_util_wscript__build
@ -9,9 +9,27 @@
                       local_include=False,
                       private_library=True)
 
-@@ -285,4 +285,5 @@ else:
-     bld.SAMBA_BINARY('test_util_paths',
-                      source='tests/test_util_paths.c',
+@@ -222,7 +222,7 @@ else:
+                         local_include=False,
+                         public_deps='ldb',
+                         public_headers='util_ldb.h'
+-		        )
+                        )
+ 
+ 
+     bld.SAMBA_SUBSYSTEM('UTIL_RUNCMD',
+@@ -235,7 +235,7 @@ else:
+                         source='util_pw.c',
+                         local_include=False,
+                         public_deps='talloc'
+-	                )
+                        )
+ 
+     bld.SAMBA_LIBRARY('server_id_db',
+                       source='server_id_db.c',
+@@ -291,4 +291,5 @@ else:
+     bld.SAMBA_BINARY('test_util',
+                      source='tests/test_util.c',
                      deps='cmocka replace talloc samba-util',
 -                     local_include=False)
 +                     local_include=False,
--- a/net/samba411/files/patch-third__party_wscript
+++ b/net/samba411/files/patch-third__party_wscript
@ -0,0 +1,10 @@
+--- third_party/wscript.orig	2020-09-15 22:45:54 UTC
+++ third_party/wscript
+@@ -7,7 +7,6 @@ from waflib import Options, Errors
+ 
+ # work out what python external libraries we need to install
+ external_pkgs = {
+-    "iso8601": "pyiso8601/iso8601",
+     }
+ 
+ 
--- a/net/samba411/pkg-plist
+++ b/net/samba411/pkg-plist
@ -1034,6 +1034,9 @@ man/man8/winbindd.8.gz
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/sites.py
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/timecmd.py
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_check_password_script.py
+%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_base.py
+%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
+%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA.py
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_wdigest.py
 %%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user.py