cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY update to Samba 3.0.37. From Brad.

Browse Source 
This is a security release to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
This commit is contained in:
sthen 2009-10-11 19:45:46 +00:00
parent d37bb1a21f
commit 78368fdc7f
6 changed files with 39 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/samba/Makefile
View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.106 2009/09/15 17:37:21 jasper Exp $
# $OpenBSD: Makefile,v 1.107 2009/10/11 19:45:46 sthen Exp $
COMMENT-main= SMB and CIFS client and server for UNIX
COMMENT-docs= additional documentation and examples for Samba
DISTNAME= samba-3.0.34
PKGNAME-main= ${DISTNAME}p2
FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/}p0
DISTNAME= samba-3.0.37
PKGNAME-main= ${DISTNAME}
FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/}
SHARED_LIBS= smbclient 1.0 \
msrpc 1.0

10
net/samba/distinfo
View File

@ -1,5 +1,5 @@
MD5 (samba-3.0.34.tar.gz) = YkBPObs90KN9Y5bFfgTJBw==
RMD160 (samba-3.0.34.tar.gz) = 15zVRLWrK0pxMLjFLBntz8iQg+o=
SHA1 (samba-3.0.34.tar.gz) = GBBNG/UJzT/TEHwJ+mIFZm4ErBY=
SHA256 (samba-3.0.34.tar.gz) = UweT3p9BFPSzkdky4oM7ryWgBJgxdHHNdaBo8zeMKZ4=
SIZE (samba-3.0.34.tar.gz) = 24835363
MD5 (samba-3.0.37.tar.gz) = Ee0r/vQJC9VzaxlLQ/ZyiQ==
RMD160 (samba-3.0.37.tar.gz) = Brdq4icp4QyD1q9C0DsDrWnkkQM=
SHA1 (samba-3.0.37.tar.gz) = Xsa8ZVizx5n3R+tJ+7oBnV7fDL0=
SHA256 (samba-3.0.37.tar.gz) = u2fA4T1My9hLkgDIc5OT/dmzFFtarSFpNNxnDw/OomY=
SIZE (samba-3.0.37.tar.gz) = 23416703

12
net/samba/patches/patch-Makefile_in
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-Makefile_in,v 1.11 2008/07/11 11:40:33 brad Exp $
--- Makefile.in.orig Wed May 28 08:41:11 2008
+++ Makefile.in Fri Jul 4 00:36:10 2008
$OpenBSD: patch-Makefile_in,v 1.12 2009/10/11 19:45:46 sthen Exp $
--- Makefile.in.orig Wed Sep 30 08:21:56 2009
+++ Makefile.in Sat Oct 10 20:04:44 2009
@@ -109,11 +109,13 @@ LOCKDIR = @lockdir@
# the directory where pid files go
PIDDIR = @piddir@
@ -32,7 +32,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/07/11 11:40:33 brad Exp $
PASSWD_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DPRIVATE_DIR=\"$(PRIVATE_DIR)\"
PATH_FLAGS1 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\"
@@ -1152,11 +1154,10 @@ bin/libaddns.a: proto_exists $(LIBADDNS_OBJ)
@@ -1159,11 +1161,10 @@ bin/libaddns.a: proto_exists $(LIBADDNS_OBJ)
@echo Linking libaddns non-shared library $@
@-$(AR) -rc $@ $(LIBADDNS_OBJ)
@ -46,7 +46,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/07/11 11:40:33 brad Exp $
bin/libsmbclient.a: proto_exists $(LIBSMBCLIENT_OBJ)
@echo Linking libsmbclient non-shared library $@
@@ -1172,10 +1173,9 @@ bin/libsmbsharemodes.a: proto_exists $(LIBSMBSHAREMODE
@@ -1179,10 +1180,9 @@ bin/libsmbsharemodes.a: proto_exists $(LIBSMBSHAREMODE
@echo Linking libsmbsharemodes non-shared library $@
@-$(AR) -rc $@ $(LIBSMBSHAREMODES_OBJ)
@ -59,7 +59,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/07/11 11:40:33 brad Exp $
bin/libmsrpc.a: proto_exists $(CAC_OBJ)
@echo Linking libmsrpc non-shared library $@
@@ -1623,14 +1623,14 @@ installswat: installdirs installmsg
@@ -1633,14 +1633,14 @@ installswat: installdirs installmsg
installclientlib: installdirs libsmbclient
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS) $(DESTDIR) $(LIBDIR)

46
net/samba/patches/patch-docs_manpages_swat_8
View File

@ -1,19 +1,19 @@
$OpenBSD: patch-docs_manpages_swat_8,v 1.6 2008/07/11 11:40:33 brad Exp $
--- ../docs/manpages/swat.8.orig Thu Jul 3 22:20:31 2008
+++ ../docs/manpages/swat.8 Thu Jul 3 22:22:36 2008
@@ -103,49 +103,6 @@ will be appended (e\.g\. log\.smbclient, log\.smbd, et
$OpenBSD: patch-docs_manpages_swat_8,v 1.7 2009/10/11 19:45:46 sthen Exp $
--- ../docs/manpages/swat.8.orig Wed Sep 30 08:28:45 2009
+++ ../docs/manpages/swat.8 Sat Oct 10 20:14:20 2009
@@ -261,49 +261,6 @@ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd
.RS 4
Print a summary of command line options\.
Print a summary of command line options\&.
.RE
-.SH "INSTALLATION"
-.PP
-Swat is included as binary package with most distributions\. The package manager in this case takes care of the installation and configuration\. This section is only for those who have compiled swat from scratch\.
-Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
-.PP
-After you compile SWAT you need to run
-make install
-\FCmake install \F[]
-to install the
-swat
-binary and the various help files and images\. A default install would put these in:
-\FCswat\F[]
-binary and the various help files and images\&. A default install would put these in:
-.sp
-.RS 4
-.ie n \{\
@ -51,30 +51,30 @@ $OpenBSD: patch-docs_manpages_swat_8,v 1.6 2008/07/11 11:40:33 brad Exp $
.SS "Inetd Installation"
.PP
You need to edit your
@@ -173,7 +130,7 @@ In
\fI/etc/inetd\.conf\fR
@@ -331,7 +288,7 @@ In
\FC/etc/inetd\&.conf\F[]
you should add a line like this:
.PP
-swat stream tcp nowait\.400 root /usr/local/samba/sbin/swat swat
+swat stream tcp nowait\.400 root ${PREFIX}/libexec/swat swat
-\FCswat stream tcp nowait\&.400 root /usr/local/samba/sbin/swat swat\F[]
+\FCswat stream tcp nowait\&.400 root ${PREFIX}/libexec/swat swat\F[]
.PP
Once you have edited
\fI/etc/services\fR
@@ -199,14 +156,12 @@ This file must contain suitable startup information fo
This file must contain a mapping of service name (e\.g\., swat) to service port (e\.g\., 901) and protocol type (e\.g\., tcp)\.
\FC/etc/services\F[]
@@ -357,14 +314,12 @@ This file must contain suitable startup information fo
This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
.RE
.PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI${SYSCONFDIR}/samba/smb\.conf\fR
-\FC/usr/local/samba/lib/smb\&.conf\F[]
+\FC${SYSCONFDIR}/samba/smb\&.conf\F[]
.RS 4
This is the default location of the
\fBsmb.conf\fR(5)
-server configuration file that swat edits\. Other common places that systems install this file are
-\fI /usr/samba/lib/smb\.conf\fR
-server configuration file that swat edits\&. Other common places that systems install this file are
-\FC /usr/samba/lib/smb\&.conf\F[]
-and
-\fI/etc/smb\.conf \fR\. This file describes all the services the server is to make available to clients\.
+server configuration file that swat edits\.
+This file describes all the services the server is to make available to clients\.
-\FC/etc/smb\&.conf \F[]\&. This file describes all the services the server is to make available to clients\&.
+server configuration file that swat edits\&.
+This file describes all the services the server is to make available to clients\&.
.RE
.SH "WARNINGS"
.PP

15
net/samba/patches/patch-smbd_posix_acls_c
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-smbd_posix_acls_c,v 1.1 2009/06/30 21:38:38 naddy Exp $
Resolve CVE-2009-1888
--- smbd/posix_acls.c.orig Tue Nov 18 10:37:41 2008
+++ smbd/posix_acls.c Mon Jun 29 19:14:43 2009
@@ -2296,6 +2296,8 @@ static BOOL acl_group_override(connection_struct *conn
{
SMB_STRUCT_STAT sbuf;
+ ZERO_STRUCT(sbuf);
+
if ((errno != EPERM) && (errno != EACCES)) {
return False;
}

3
net/samba/pkg/PLIST-main
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST-main,v 1.9 2009/05/14 17:05:46 giovanni Exp $
@comment $OpenBSD: PLIST-main,v 1.10 2009/10/11 19:45:46 sthen Exp $
@conflict samba-docs-<=3.0.31p1
@pkgpath ${BASE_PKGPATH}
bin/eventlogadm
@ -71,7 +71,6 @@ libexec/swat
@man man/man7/libsmbclient.7
@man man/man7/pam_winbind.7
@man man/man7/samba.7
@man man/man8/cifs.upcall.8
@man man/man8/eventlogadm.8
@man man/man8/idmap_ad.8
@man man/man8/idmap_ldap.8