Upgrade Samba 4.10 to 4.10.18 and 4.11 to 4.11.13 to address security issue.
https://www.samba.org/samba/security/CVE-2020-1472.html Security: CVE-2020-1472
This commit is contained in:
parent
76af9b2b69
commit
3dc740211f
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=549084
@ -24,7 +24,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-provision-use-ASCII-quotes.patch:-p1
|
||||
|
||||
SAMBA4_BASENAME= samba
|
||||
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
|
||||
SAMBA4_VERSION= 4.10.17
|
||||
SAMBA4_VERSION= 4.10.18
|
||||
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
|
||||
|
||||
WRKSRC?= ${WRKDIR}/${DISTNAME}
|
||||
@ -254,8 +254,12 @@ TEST_ENV+= PYTHON="${PYTHON_CMD}" \
|
||||
SHA256SUM=/sbin/sha256 \
|
||||
MD5SUM=/sbin/md5 \
|
||||
PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
TEST_DEPENDS+= bash:shells/bash \
|
||||
tshark:net/tshark
|
||||
# External Python modules
|
||||
TEST_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
TEST_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
##############################################################################
|
||||
CONFIGURE_ARGS+= \
|
||||
--with-pam \
|
||||
@ -282,7 +286,7 @@ FRUIT_VARS= SAMBA4_MODULES+=vfs_fruit
|
||||
FRUIT_PLIST_FILES+= man/man8/vfs_fruit.8.gz
|
||||
|
||||
GLUSTERFS_CONFIGURE_ENABLE= glusterfs
|
||||
GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs
|
||||
GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs7-libs
|
||||
GLUSTERFS_VARS= SAMBA4_MODULES+=vfs_glusterfs
|
||||
GLUSTERFS_PLIST_FILES+= man/man8/vfs_glusterfs.8.gz
|
||||
##############################################################################
|
||||
@ -414,32 +418,37 @@ SUB_LIST+= SAMBA4_PYTHON=""
|
||||
CONFIGURE_ARGS+= --nopycache
|
||||
MAKE_ENV+= PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytalloc-util
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytalloc-util
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytevent
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytevent
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytdb
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytdb
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
|
||||
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pyldb pyldb-util
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pyldb !pyldb-util
|
||||
.endif
|
||||
# External Python modules
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
. endif
|
||||
# samba-tool requires those for *upgrade
|
||||
. if ${PORT_OPTIONS:MAD_DC}
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
|
||||
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
|
||||
. endif
|
||||
.endif
|
||||
|
||||
.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
|
||||
@ -477,7 +486,6 @@ PLIST_FILES+= lib/samba4/private/libaesni-intel-samba4.so
|
||||
CONFIGURE_ARGS+= --accel-aes=none
|
||||
.endif
|
||||
|
||||
|
||||
# Only for 64-bit architectures
|
||||
.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
|
||||
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1593889839
|
||||
SHA256 (samba-4.10.17.tar.gz) = 03dc9758e7bfa2faf7cdeb45b4d40997e2ee16a41e71996aa666bc069e70ba3e
|
||||
SIZE (samba-4.10.17.tar.gz) = 18387328
|
||||
TIMESTAMP = 1600564051
|
||||
SHA256 (samba-4.10.18.tar.gz) = 7dcfc2aaaac565b959068788e6a43fc79ce2a03e7d523f5843f7a9fddffc7c2c
|
||||
SIZE (samba-4.10.18.tar.gz) = 18400638
|
||||
|
@ -1,15 +0,0 @@
|
||||
--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC
|
||||
+++ lib/util/util_paths.c
|
||||
@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
struct passwd pwd = {0};
|
||||
struct passwd *pwdbuf = NULL;
|
||||
- char buf[NSS_BUFLEN_PASSWD] = {0};
|
||||
+ char buf[1024] = {0};
|
||||
int rc;
|
||||
|
||||
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
|
||||
+ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
|
||||
if (rc != 0 || pwdbuf == NULL ) {
|
||||
int len_written;
|
||||
const char *szPath = getenv("HOME");
|
10
net/samba410/files/patch-third__party_wscript
Normal file
10
net/samba410/files/patch-third__party_wscript
Normal file
@ -0,0 +1,10 @@
|
||||
--- third_party/wscript.orig 2020-09-15 22:45:54 UTC
|
||||
+++ third_party/wscript
|
||||
@@ -7,7 +7,6 @@ from waflib import Options, Errors
|
||||
|
||||
# work out what python external libraries we need to install
|
||||
external_pkgs = {
|
||||
- "iso8601": "pyiso8601/iso8601",
|
||||
}
|
||||
|
||||
|
@ -23,7 +23,7 @@ EXTRA_PATCHES+= ${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
|
||||
|
||||
SAMBA4_BASENAME= samba
|
||||
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
|
||||
SAMBA4_VERSION= 4.11.11
|
||||
SAMBA4_VERSION= 4.11.13
|
||||
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
|
||||
|
||||
WRKSRC?= ${WRKDIR}/${DISTNAME}
|
||||
@ -253,8 +253,12 @@ TEST_ENV+= PYTHON="${PYTHON_CMD}" \
|
||||
SHA256SUM=/sbin/sha256 \
|
||||
MD5SUM=/sbin/md5 \
|
||||
PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
TEST_DEPENDS+= bash:shells/bash \
|
||||
tshark:net/tshark
|
||||
# External Python modules
|
||||
TEST_BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
TEST_RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
##############################################################################
|
||||
CONFIGURE_ARGS+= \
|
||||
--with-pam \
|
||||
@ -280,7 +284,7 @@ FRUIT_VARS= SAMBA4_MODULES+=vfs_fruit
|
||||
FRUIT_PLIST_FILES+= man/man8/vfs_fruit.8.gz
|
||||
|
||||
GLUSTERFS_CONFIGURE_ENABLE= glusterfs
|
||||
GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs
|
||||
GLUSTERFS_LIB_DEPENDS= libglusterfs.so:net/glusterfs7-libs
|
||||
GLUSTERFS_VARS= SAMBA4_MODULES+=vfs_glusterfs
|
||||
GLUSTERFS_PLIST_FILES+= man/man8/vfs_glusterfs.8.gz
|
||||
##############################################################################
|
||||
@ -412,32 +416,37 @@ SUB_LIST+= SAMBA4_PYTHON=""
|
||||
CONFIGURE_ARGS+= --nopycache
|
||||
MAKE_ENV+= PYTHONDONTWRITEBYTECODE=1
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytalloc-util
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytalloc-util
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytevent
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytevent
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
|
||||
. if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pytdb
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pytdb
|
||||
.endif
|
||||
. endif
|
||||
|
||||
.if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
|
||||
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
|
||||
SAMBA4_BUNDLED_LIBS+= pyldb pyldb-util
|
||||
.else
|
||||
. else
|
||||
SAMBA4_BUNDLED_LIBS+= !pyldb !pyldb-util
|
||||
.endif
|
||||
# External Python modules
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
|
||||
. endif
|
||||
# samba-tool requires those for *upgrade
|
||||
. if ${PORT_OPTIONS:MAD_DC}
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}dnspython>=1.15.0:dns/py-dnspython@${PY_FLAVOR}
|
||||
|
||||
BUILD_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
|
||||
RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}markdown>=2.6.11:textproc/py-markdown@${PY_FLAVOR}
|
||||
. endif
|
||||
.endif
|
||||
|
||||
.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
|
||||
@ -475,7 +484,6 @@ PLIST_FILES+= lib/samba4/private/libaesni-intel-samba4.so
|
||||
CONFIGURE_ARGS+= --accel-aes=none
|
||||
.endif
|
||||
|
||||
|
||||
# Only for 64-bit architectures
|
||||
.if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
|
||||
. if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1593823109
|
||||
SHA256 (samba-4.11.11.tar.gz) = 457f08a2956534269c784b95cff840250165f1e98f8db725bf64e2fca707ff60
|
||||
SIZE (samba-4.11.11.tar.gz) = 18590837
|
||||
TIMESTAMP = 1600556641
|
||||
SHA256 (samba-4.11.13.tar.gz) = e71ed29ae01c5ce7be8cee1f53e0530db86dd19b911accb08fae60224e686ba1
|
||||
SIZE (samba-4.11.13.tar.gz) = 18598813
|
||||
|
@ -1,15 +0,0 @@
|
||||
--- lib/util/util_paths.c.orig 2020-07-04 02:14:14 UTC
|
||||
+++ lib/util/util_paths.c
|
||||
@@ -68,10 +68,10 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
struct passwd pwd = {0};
|
||||
struct passwd *pwdbuf = NULL;
|
||||
- char buf[NSS_BUFLEN_PASSWD] = {0};
|
||||
+ char buf[1024] = {0};
|
||||
int rc;
|
||||
|
||||
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
|
||||
+ rc = getpwuid_r(getuid(), &pwd, buf, 1024, &pwdbuf);
|
||||
if (rc != 0 || pwdbuf == NULL ) {
|
||||
int len_written;
|
||||
const char *szPath = getenv("HOME");
|
@ -9,9 +9,27 @@
|
||||
local_include=False,
|
||||
private_library=True)
|
||||
|
||||
@@ -285,4 +285,5 @@ else:
|
||||
bld.SAMBA_BINARY('test_util_paths',
|
||||
source='tests/test_util_paths.c',
|
||||
@@ -222,7 +222,7 @@ else:
|
||||
local_include=False,
|
||||
public_deps='ldb',
|
||||
public_headers='util_ldb.h'
|
||||
- )
|
||||
+ )
|
||||
|
||||
|
||||
bld.SAMBA_SUBSYSTEM('UTIL_RUNCMD',
|
||||
@@ -235,7 +235,7 @@ else:
|
||||
source='util_pw.c',
|
||||
local_include=False,
|
||||
public_deps='talloc'
|
||||
- )
|
||||
+ )
|
||||
|
||||
bld.SAMBA_LIBRARY('server_id_db',
|
||||
source='server_id_db.c',
|
||||
@@ -291,4 +291,5 @@ else:
|
||||
bld.SAMBA_BINARY('test_util',
|
||||
source='tests/test_util.c',
|
||||
deps='cmocka replace talloc samba-util',
|
||||
- local_include=False)
|
||||
+ local_include=False,
|
||||
|
10
net/samba411/files/patch-third__party_wscript
Normal file
10
net/samba411/files/patch-third__party_wscript
Normal file
@ -0,0 +1,10 @@
|
||||
--- third_party/wscript.orig 2020-09-15 22:45:54 UTC
|
||||
+++ third_party/wscript
|
||||
@@ -7,7 +7,6 @@ from waflib import Options, Errors
|
||||
|
||||
# work out what python external libraries we need to install
|
||||
external_pkgs = {
|
||||
- "iso8601": "pyiso8601/iso8601",
|
||||
}
|
||||
|
||||
|
@ -1034,6 +1034,9 @@ man/man8/winbindd.8.gz
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/sites.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/timecmd.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_check_password_script.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_base.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_virtualCryptSHA.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user_wdigest.py
|
||||
%%PYTHON_SITELIBDIR%%/samba/tests/samba_tool/user.py
|
||||
|
Loading…
Reference in New Issue
Block a user