Security update of net/samba33 to the version 3.3.6

o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". Security: CVE-2009-1888
svn path=/head/; revision=236635
2009-06-26 01:21:57 +00:00 · 2009-06-26 01:21:57 +00:00 · 5862dc49c1 · 2021-03-31 03:12:20 +00:00
commit 5862dc49c1
parent ef06291191
15 changed files with 85 additions and 48 deletions
--- a/net/samba33/Makefile
+++ b/net/samba33/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=		samba
-PORTVERSION?=		3.3.4
+PORTVERSION?=		3.3.6
 PORTREVISION?=		0
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
@ -76,11 +76,11 @@ OPTIONS=	LDAP		"With LDAP support" on \
 		MAX_DEBUG	"With maximum debugging" off \
 		SMBTORTURE	"With smbtorture" off

+.include <bsd.port.pre.mk>
+
 # Disable for now on
 .undef WITH_SHARED_LIBS

-.include <bsd.port.pre.mk>
-
 CONFIGURE_ENV+=		CPPFLAGS="${CPPFLAGS}" LDFLAGS="${LDFLAGS}"
 CPPFLAGS+=		-I${LOCALBASE}/include
 LDFLAGS+=		-L${LOCALBASE}/lib
@ -328,8 +328,8 @@ MAN8=		eventlogadm.8 net.8 nmbd.8 pdbedit.8 smbd.8 smbpasswd.8 \

 .if !defined(WITHOUT_WINBIND)
 MAN1+=		wbinfo.1
-MAN7+=		pam_winbind.7 winbind_krb5_locator.7
-MAN8+=		winbindd.8
+MAN7+=		winbind_krb5_locator.7
+MAN8+=		pam_winbind.8 winbindd.8
 .endif

 .if !defined(WITHOUT_SWAT)
--- a/net/samba33/distinfo
+++ b/net/samba33/distinfo
@ -1,3 +1,3 @@
-MD5 (samba-3.3.4.tar.gz) = 1443165edb7cb3f56f1e77aec1ee3266
-SHA256 (samba-3.3.4.tar.gz) = f33ffe6a2a47ee52b1441d391718cd0dccab5b91fc737e0c2b956820b09e27e2
-SIZE (samba-3.3.4.tar.gz) = 26075373
+MD5 (samba-3.3.6.tar.gz) = 858cb6c640358be0e81297c5de615a3c
+SHA256 (samba-3.3.6.tar.gz) = da66e05f87ce6540ef709fbd347a706bc8e3b69cfab568ebf58bfe2e9ed44263
+SIZE (samba-3.3.6.tar.gz) = 26097470
--- a/net/samba33/files/patch-Makefile.in
+++ b/net/samba33/files/patch-Makefile.in
@ -1,6 +1,29 @@
--- Makefile.in.orig	2009-04-01 11:48:54.000000000 +0000
-+++ Makefile.in	2009-04-07 01:38:20.000000000 +0000
-@@ -125,7 +125,7 @@
+--- ./Makefile.in.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./Makefile.in	2009-06-26 00:45:24.000000000 +0000
+@@ -45,7 +45,6 @@
+ LDSHFLAGS=@LDSHFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
+ LDFLAGS=@PIE_LDFLAGS@ @RELRO_LDFLAGS@ @LDFLAGS@
+ 
+-WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
+ AWK=@AWK@
+ PICFLAG=@PICFLAG@
+ DYNEXP=@DYNEXP@
+@@ -64,10 +63,14 @@
+ LDAP_LIBS=@LDAP_LIBS@
+ NSCD_LIBS=@NSCD_LIBS@
+ UUID_LIBS=@UUID_LIBS@
+
+ WINBIND_LIBS=@WINBIND_LIBS@
+WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
+ WINBIND_NSS_EXTRA_LIBS=@WINBIND_NSS_EXTRA_LIBS@
+ WINBIND_NSS_PTHREAD=@WINBIND_NSS_PTHREAD@
+WINBIND_WINS_NSS_EXTRA_LIBS=@WINBIND_WINS_NSS_EXTRA_LIBS@
+ PAM_WINBIND_EXTRA_LIBS=@PAM_WINBIND_EXTRA_LIBS@
+
+ DNSSD_LIBS=@DNSSD_LIBS@
+ AVAHI_LIBS=@AVAHI_LIBS@
+ POPT_LIBS=@POPTLIBS@
+@@ -125,7 +128,7 @@
 # These can be overridden by command line switches (see smbd(8))
 # or in smb.conf (see smb.conf(5))
 LOGFILEBASE = @logfilebase@
@ -9,7 +32,7 @@
 LMHOSTSFILE = $(CONFIGDIR)/lmhosts
 
 # This is where smbpasswd et al go
-@@ -153,10 +153,10 @@
+@@ -153,10 +156,10 @@
 # the directory where pid files go
 PIDDIR = @piddir@
 
@ -22,7 +45,7 @@
 FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4)
 FLAGS  = $(ISA) $(FLAGS5) -I$(srcdir)/lib -D_SAMBA_BUILD_=3
 
-@@ -791,8 +791,9 @@
+@@ -791,8 +794,9 @@
 	     $(LIBADS_OBJ) $(POPT_LIB_OBJ) \
 	     $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(LDB_OBJ) 
 
@ -34,7 +57,21 @@
 
 LIBSMBCLIENT_OBJ0 = \
 		    libsmb/libsmb_cache.o \
-@@ -1222,6 +1223,7 @@
+@@ -986,9 +990,10 @@
+                  $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
+ 		 $(LIBNDR_GEN_OBJ0)
+ 
+-WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \
+-	$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) \
+-	$(LIBNDR_GEN_OBJ0)
+WINBIND_WINS_NSS_OBJ = nsswitch/wins.o @WINBIND_WINS_NSS_EXTRA_OBJS@ \
+		$(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLIENT_OBJ) \
+		$(LIB_NONSMBD_OBJ) \
+		$(LIBNDR_GEN_OBJ0)
+ 
+ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
+ 		pam_smbpass/pam_smb_acct.o pam_smbpass/support.o
+@@ -1222,6 +1227,7 @@
 
 .SUFFIXES:
 .SUFFIXES: .c .o .lo
@ -42,7 +79,7 @@
 
 SHOWFLAGS::
 	@echo "Using FLAGS      = $(FLAGS)"
-@@ -1264,6 +1266,9 @@
+@@ -1264,6 +1270,9 @@
 		$(COMPILE_CC) >/dev/null 2>&1
 @BROKEN_CC@	-mv `echo $@ | sed 's%^.*/%%g'` $@
 
@ -52,7 +89,7 @@
 PRECOMPILED_HEADER = $(builddir)/include/includes.h.gch
 
 # this adds support for precompiled headers. To use it, install a snapshot
-@@ -2212,8 +2217,11 @@
+@@ -2212,8 +2221,11 @@
 
 bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo "Linking shared library $@"
@ -66,7 +103,7 @@
 
 bin/builtin.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ)
 	@echo "Building plugin $@"
-@@ -2494,7 +2502,8 @@
+@@ -2494,7 +2506,8 @@
 	@echo "Linking shared library $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
 		$(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \
@ -76,7 +113,7 @@
 
 bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
 	@echo Linking $@
-@@ -2793,7 +2802,7 @@
+@@ -2793,7 +2806,7 @@
 	@$(LIB_PATH_VAR)=./bin && \
 	export $(LIB_PATH_VAR) && \
 	for module in $(PAM_MODULES); do \
--- a/net/samba33/files/patch-configure.in
+++ b/net/samba33/files/patch-configure.in
@ -1,5 +1,5 @@
--- ./configure.in.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./configure.in	2009-04-07 01:39:14.000000000 +0000
+--- ./configure.in.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./configure.in	2009-06-26 00:41:37.000000000 +0000
@@ -189,16 +189,6 @@
        fi
 fi
@ -107,7 +107,7 @@
 		fi
 	fi
 	AC_MSG_CHECKING(whether to use PAM support)
-@@ -5958,6 +5981,7 @@
+@@ -5968,6 +5991,7 @@
 		NSSSONAMEVERSIONSUFFIX=".1"
 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
 		    nsswitch/winbind_nss_linux.o"
@ -115,7 +115,7 @@
 		WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
 		WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
 		;;
-@@ -6036,23 +6060,15 @@
+@@ -6046,23 +6070,15 @@
 fi
 
 # Display test results
@ -139,7 +139,7 @@
 	## Only worry about libwbclient if we have shared library support
 	## and winbindd
         LIBWBCLIENT_SHARED=$LIBWBCLIENT_SHARED_TARGET
-@@ -6070,26 +6086,34 @@
+@@ -6080,26 +6096,34 @@
 
 	EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/wbinfo\$(EXEEXT)"
 	EXTRA_SBIN_PROGS="$EXTRA_SBIN_PROGS bin/winbindd\$(EXEEXT)"
@ -178,7 +178,7 @@
 
 AC_SUBST(WINBIND_KRB5_LOCATOR)
 
-@@ -6276,13 +6300,21 @@
+@@ -6286,13 +6310,21 @@
 # Start
 AC_CHECK_FUNC(getmntent)
 
@ -201,7 +201,7 @@
 		int main(void)
 		{
 			struct statfs fsd;
-@@ -6539,6 +6571,16 @@
+@@ -6549,6 +6581,16 @@
 
 fi
 
@ -218,7 +218,7 @@
 dnl Remove -L/usr/lib/? from LDFLAGS and LIBS
 LIB_REMOVE_USR_LIB(LDFLAGS)
 LIB_REMOVE_USR_LIB(LIBS)
-@@ -6595,6 +6637,8 @@
+@@ -6605,6 +6647,8 @@
 	  pkgconfig/wbclient.pc
 	  pkgconfig/netapi.pc
 	  pkgconfig/smbsharemodes.pc
--- a/net/samba33/files/patch-include__includes.h
+++ b/net/samba33/files/patch-include__includes.h
@ -1,5 +1,5 @@
--- ./include/includes.h.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./include/includes.h	2009-04-07 01:39:14.000000000 +0000
+--- ./include/includes.h.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./include/includes.h	2009-06-26 00:41:37.000000000 +0000
@@ -873,7 +873,7 @@
 #endif
 
--- a/net/samba33/files/patch-libreplacelibreplace_cc.m4
+++ b/net/samba33/files/patch-libreplacelibreplace_cc.m4
@ -1,5 +1,5 @@
--- ./lib/replace/libreplace_cc.m4.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./lib/replace/libreplace_cc.m4	2009-04-07 01:39:14.000000000 +0000
+--- ./lib/replace/libreplace_cc.m4.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./lib/replace/libreplace_cc.m4	2009-06-26 00:41:37.000000000 +0000
@@ -145,6 +145,10 @@
 AC_CHECK_TYPE(uintptr_t, unsigned long long)
 AC_CHECK_TYPE(ptrdiff_t, unsigned long long)
--- a/net/samba33/files/patch-m4__aclocal.m4
+++ b/net/samba33/files/patch-m4__aclocal.m4
@ -1,5 +1,5 @@
--- ./m4/aclocal.m4.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./m4/aclocal.m4	2009-04-07 01:39:14.000000000 +0000
+--- ./m4/aclocal.m4.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./m4/aclocal.m4	2009-06-26 00:41:37.000000000 +0000
@@ -97,14 +97,14 @@
 		build_lib=yes
 		;;
--- a/net/samba33/files/patch-nsswitch__pam_winbind.c
+++ b/net/samba33/files/patch-nsswitch__pam_winbind.c
@ -1,5 +1,5 @@
--- ./nsswitch/pam_winbind.c.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./nsswitch/pam_winbind.c	2009-04-07 01:39:14.000000000 +0000
+--- ./nsswitch/pam_winbind.c.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./nsswitch/pam_winbind.c	2009-06-26 00:41:37.000000000 +0000
@@ -161,7 +161,6 @@
 }
 #endif
@ -77,7 +77,7 @@
 
 		return true;
 	}
-@@ -2694,8 +2699,7 @@
+@@ -2695,8 +2700,7 @@
 		ret = PAM_USER_UNKNOWN;
 		goto out;
 	case 0:
--- a/net/samba33/files/patch-nsswitch__wins_freebsd.c
+++ b/net/samba33/files/patch-nsswitch__wins_freebsd.c
@ -1,5 +1,5 @@
--- ./nsswitch/wins_freebsd.c.orig	2009-04-07 01:39:14.000000000 +0000
-+++ ./nsswitch/wins_freebsd.c	2009-04-07 01:39:14.000000000 +0000
+--- ./nsswitch/wins_freebsd.c.orig	2009-06-26 00:41:37.000000000 +0000
+++ ./nsswitch/wins_freebsd.c	2009-06-26 00:41:37.000000000 +0000
@@ -0,0 +1,108 @@
 +/* 
 +   Unix SMB/CIFS implementation.
--- a/net/samba33/files/patch-scripttestsdlopen.sh
+++ b/net/samba33/files/patch-scripttestsdlopen.sh
@ -1,5 +1,5 @@
--- ./script/tests/dlopen.sh.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./script/tests/dlopen.sh	2009-04-07 01:39:14.000000000 +0000
+--- ./script/tests/dlopen.sh.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./script/tests/dlopen.sh	2009-06-26 00:41:37.000000000 +0000
@@ -67,7 +67,7 @@
 	esac
 done
--- a/net/samba33/files/patch-smbd__aio.c
+++ b/net/samba33/files/patch-smbd__aio.c
@ -1,5 +1,5 @@
--- ./smbd/aio.c.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./smbd/aio.c	2009-04-07 01:39:14.000000000 +0000
+--- ./smbd/aio.c.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./smbd/aio.c	2009-06-26 00:41:37.000000000 +0000
@@ -24,9 +24,6 @@
 
 /* The signal we'll use to signify aio done. */
--- a/net/samba33/files/patch-smbd__quotas.c
+++ b/net/samba33/files/patch-smbd__quotas.c
@ -1,5 +1,5 @@
--- ./smbd/quotas.c.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./smbd/quotas.c	2009-04-07 01:39:14.000000000 +0000
+--- ./smbd/quotas.c.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./smbd/quotas.c	2009-06-26 00:41:37.000000000 +0000
@@ -1023,6 +1023,8 @@
 	enum clnt_stat clnt_stat;
 	bool ret = True;
--- a/net/samba33/files/patch-smbd__statvfs.c
+++ b/net/samba33/files/patch-smbd__statvfs.c
@ -1,5 +1,5 @@
--- ./smbd/statvfs.c.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./smbd/statvfs.c	2009-04-07 01:39:14.000000000 +0000
+--- ./smbd/statvfs.c.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./smbd/statvfs.c	2009-06-26 00:41:37.000000000 +0000
@@ -3,6 +3,7 @@
    VFS API's statvfs abstraction
    Copyright (C) Alexander Bokovoy			2005
--- a/net/samba33/files/patch-utils__net_time.c
+++ b/net/samba33/files/patch-utils__net_time.c
@ -1,5 +1,5 @@
--- ./utils/net_time.c.orig	2009-04-01 11:48:54.000000000 +0000
-+++ ./utils/net_time.c	2009-04-07 01:39:14.000000000 +0000
+--- ./utils/net_time.c.orig	2009-06-23 09:35:13.000000000 +0000
+++ ./utils/net_time.c	2009-06-26 00:41:37.000000000 +0000
@@ -84,9 +84,15 @@
 		return "unknown";
 	}
--- a/net/samba33/pkg-plist.swat
+++ b/net/samba33/pkg-plist.swat
@ -230,7 +230,7 @@ share/swat/help/manpages/net.8.html
 share/swat/help/manpages/nmbd.8.html
 share/swat/help/manpages/nmblookup.1.html
 share/swat/help/manpages/ntlm_auth.1.html
-share/swat/help/manpages/pam_winbind.7.html
+share/swat/help/manpages/pam_winbind.8.html
 share/swat/help/manpages/pdbedit.8.html
 share/swat/help/manpages/profiles.1.html
 share/swat/help/manpages/rpcclient.1.html