cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137,832 Commits 1 Branch 0 Tags
Commit Graph

332 Commits

Author SHA1 Message Date
jca
b396b7b2d5 Fix @conflict marker 
ok naddy@
 2019-04-12 18:21:17 +00:00
jca
d500286fa0 SECURITY update to samba-4.8.11 
Fixes:
- CVE-2019-3880 (Save registry file outside share as unprivileged user)

Release notes:
  https://www.samba.org/samba/history/samba-4.8.11.html

Tests by Ian McWilliam and Kurt Mosiejczuk, ok sthen@
 2019-04-11 14:05:58 +00:00
jca
1640d1178d Update to samba-4.8.9 
Tests by Ian McWilliam
 2019-03-10 18:08:05 +00:00
jca
3d969613ea Work around lld-7.0.1 strictness wrt version scripts 
It's not clear to me whether lld rightfully complains here:

ld: error: duplicate symbol 'pdb_search_init' in version script

Work around the error for now (tm) to unlock samba and consumers in the
llvm-7.0.1 test bulk builds.
 2019-01-23 01:46:19 +00:00
jca
5aa2c7cc1b Fix pexp 
If you run samba_ad_dc you'll need to kill samba manually and remove
/var/run/rc.d/samba_ad_dc for the change to take effect.
 2018-11-30 15:17:31 +00:00
jca
ff6ba84cdf Respect LDFLAGS as well as CFLAGS 2018-11-30 14:47:54 +00:00
jca
dfdbec6a0e The ldb tools link against libldb-cmdline-samba4.so. 2018-11-28 16:36:05 +00:00
jca
8849a0163f Adapt WANTLIB/LIB_DEPENDS to the recent changes in -main and -ldb 2018-11-27 11:10:30 +00:00
jca
e8967feb1d SECURITY update to samba-4.8.7 
Fixes for:
o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in
AD Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT
Kerberos configuration (unsupported))
 2018-11-27 10:15:58 +00:00
jca
955efd894f Move ldb-related files in the appropriate subpackages 2018-11-17 00:20:50 +00:00
jca
43ac6bb7cb Update to samba-4.8.6 
ChangeLog:
https://www.samba.org/samba/history/samba-4.8.6.html

Tests by Ian McWilliam
 2018-10-17 07:33:04 +00:00
ajacoutot
8cb62739b4 Bad bump after READE PKGSTEM change. 2018-09-05 08:54:26 +00:00
espie
93aef53599 and of course some would conflict... finish PKGSTEM changes manually 2018-09-04 12:53:16 +00:00
jca
321250daed Avoid printing NULL values 
There is still one known case in the quota code, but it needs more
analysis.

Reported and tested by Ian McWilliam.
 2018-09-02 16:41:56 +00:00
jca
b6e6c1fee2 Update to samba-4.8.5 
Tests by Ian McWilliam
 2018-08-29 11:40:23 +00:00
jca
688d33e494 SECURITY update to samba-4.8.4 
Fixes:
o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
o  CVE-2018-10858 (Insufficient input validation on client directory
                   listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC
		   DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure
		   from the AD LDAP server.)

See https://www.samba.org/samba/history/samba-4.8.4.html for more
information.
 2018-08-14 10:35:00 +00:00
jca
02cac1c86b Update to samba-4.8.3 
Tested by Ian McWilliam and Vijay Sankar.
 2018-08-02 11:39:33 +00:00
jca
53e022c847 Update to samba-4.8.2 
Release notes:
https://www.samba.org/samba/history/samba-4.8.0.html
https://www.samba.org/samba/history/samba-4.8.1.html
https://www.samba.org/samba/history/samba-4.8.2.html

Tested by Ian, who hit a crash and contributed a fix.  Looks like the
new virusfilter.so vfs module is broken.
 2018-06-11 11:59:51 +00:00
jca
cbdee8d517 Not needed any more now that sys/socket.h is standalone. 2018-05-22 20:54:06 +00:00
jca
3a143468d2 Update to samba-4.7.7 
ChangeLog: https://www.samba.org/samba/history/samba-4.7.7.html

Tests + LGTM from Ian (co-maintainer)
 2018-04-26 13:42:45 +00:00
jca
eb677c2a82 SECURITY update to samba-4.7.6 
o  CVE-2018-1050 (Denial of Service Attack on external print server.)
o  CVE-2018-1057 (Authenticated users can change other users' password.)

If you have an AD setup, you are *strongly* advised to upgrade asap
and/or apply the documented workarounds.

More details at
  https://www.samba.org/samba/history/samba-4.7.6.html
 2018-03-13 12:19:33 +00:00
sthen
b6c377654d { 
"port": "net/samba",
  "new_dependency": {
    "type": "LIB_DEPENDS",
    "name": "devel/jansson",
    "reason": "missing hidden dependency"
  },
  "ok": "jca@"
}
 2018-02-20 08:37:50 +00:00
jca
3d0c20239e Update to samba-4.7.5 
Bulk build & ok ajacoutot@ (thanks!).  Let's put this in now so more
people can test, discussed with Ian.

Release notes:
https://www.samba.org/samba/history/samba-4.7.5.html

All release notes for the 4.7 series:
https://git.samba.org/?p=samba.git;a=blob;f=WHATSNEW.txt;h=2914f57c60273c797e756d66759ab81704516864;hb=refs/heads/v4-7-stable
 2018-02-15 09:59:44 +00:00
jca
f4fb7658d0 Update to samba-4.6.12 2018-01-16 17:35:05 +00:00
rpe
214644a454 Now that all ports rc.* scripts are using #!/bin/ksh 
- change [] tests to [[]]
- change arithmetic [] tests to (())
- change = to == inside [[]]
- remove unecessary quoting inside [[]]

OK aja@
 2018-01-14 14:42:18 +00:00
rpe
9a8b5ccd06 Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d 
daemon scripts and bump subpackages that contain the *.rc scripts.

discussed with and OK aja@
OK tb
 2018-01-11 19:27:01 +00:00
jca
b079a2af84 Update to samba-4.6.11 
See https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
for a ChangeLog.  samba-4.6.10 bulk build & ok ajacoutot@, tests by Ian;
samba-4.6.11 just adds a bunch of security fixes over 4.6.10.
 2017-11-22 16:15:44 +00:00
jca
b8bde0576b SECURITY update to samba-4.5.15 
Fixes for:
o  CVE-2017-14746 (Use-after-free vulnerability.)
o  CVE-2017-15275 (Server heap memory information leak.)

More details at:
   o https://www.samba.org/samba/security/CVE-2017-14746.html
   o https://www.samba.org/samba/security/CVE-2017-15275.html
 2017-11-22 15:09:24 +00:00
jca
99115b8769 Using lld for samba alone is not enough, remove tentative fix 
eg sysutils/usmb doesn't link, and using lld for all samba consumers
seems a bit far-fetched.

ok sthen@
 2017-11-02 23:46:37 +00:00
jca
67ad8f1c16 Hopefully fix samba, still using lld; looks like previous commit wasn't enough 
Also bump -util just to be safe.
 2017-11-02 19:56:29 +00:00
sthen
c8e88ae04a build samba with -fuse-ld=lld on CLANG_ARCHS, ok jca@ jca@ jca@ 2017-11-02 17:40:54 +00:00
jca
499879e197 Avoid nested function in waf test 
Innocuous, but changes the actual output of a command (smbd -b), so
bump.
 2017-09-25 13:26:52 +00:00
jca
1c71931c58 SECURITY update to samba-4.5.14 
o  CVE-2017-12150 (SMB1/2/3 connections may not require signing where
   they should)
o  CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
   redirects)
o  CVE-2017-12163 (Server memory information leak over SMB1)
 2017-09-23 22:59:18 +00:00
jca
0b267664fe Update to samba-4.5.13, the latest release of the 4.5.x series 
Putting this in now to help handle future possible security issues on
the 6.2 branch.  Tested by Ian McWilliam.
 2017-09-18 11:52:04 +00:00
jca
469cbd8164 SECURITY fix for CVE-2017-11103 
CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass

The fix affects the embedded Heimdal copy.

  6dd3eb836b
  https://www.orpheus-lyre.info/
  https://www.samba.org/samba/security/CVE-2017-11103.html
 2017-07-13 00:52:29 +00:00
jca
81a6ece78c SECURITY fix for CVE-2017-7494 
o CVE-2017-7494 rpc_server3: Refuse to open pipe names with /
 2017-05-24 11:58:29 +00:00
ajacoutot
4ee307450d /usr/local/include/samba-4.0/ was not registered in any subpackage; make 
-tevent own it since all include/samba-4.0 consumers depend on it.
 2017-05-16 08:45:32 +00:00
jca
1b25cfdd16 Update to samba-4.5.8 
Fix regression with "follow symlinks = no".  ok Ian sthen@
 2017-04-01 11:37:38 +00:00
jca
47ea351ebe SECURITY update to samba-4.5.7 
o CVE-2017-2619 (Symlink race allows access outside share definition)
 2017-03-25 17:00:01 +00:00
jca
f004286ada Update to samba-4.5.6 
Tests by Ian
 2017-03-16 09:53:33 +00:00
jca
165b6b53cc Regen PLIST to use MODPY_PYOEXTENSION 2017-03-12 22:19:50 +00:00
sthen
94e8aee89a zap zero-byte files, list from rsadowski 2017-01-27 18:52:26 +00:00
jca
4be4d71e52 SECURITY update to samba-4.5.3 
CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).

CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).

CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).

ok Ian McWilliam
 2016-12-20 14:15:11 +00:00
jca
d8700eb3ee Update to samba-4.5.2 2016-12-19 10:12:18 +00:00
ajacoutot
963b076884 -util should own the /usr/local/lib/samba/ directory to prevent the following 
warning when pkg_delete samba:
Error deleting directory /usr/local/lib/samba: Directory not empty

ok jca@ (maintainer)
 2016-11-11 15:16:57 +00:00
jca
005e273761 Update to samba-4.5.1 
Changes:
  https://www.samba.org/samba/history/samba-4.5.0.html
  https://www.samba.org/samba/history/samba-4.5.1.html

powerpc build test kirby@, ok Ian McWilliam
 2016-11-09 15:59:37 +00:00
jca
f6fa1e8195 Repair samba-tool domain provision --use-ntvfs 
The situation is a mess.  Upstream says that s3fs (the original smb code
from samba3) requires filesystem ACLs, which we don't have.  The ntvfs
code (new in samba4, but now deprecated) fit the job, but
adding --with-ntvfs-fileserver doesn't actually provide a working 'smb'
service (see "server services" in smb.conf(5)).

So right now it seems that the workaround is to provision
using --use-ntvfs, but then to strip 'smb' from the 'server services'
line.

Reports welcome...
 2016-09-12 15:38:22 +00:00
jca
55dada1e0e SECURITY update to samba-4.4.5 
* CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)

ok ajacoutot@, Ian McWilliam, sthen@ on a previous version.  ok danj@
who noted missing entries in PLIST.
 2016-07-08 18:39:50 +00:00
jca
b16be23fd8 Update to samba-4.4.4 
Diff from Ian, tests & ok sthen@
 2016-07-06 16:43:16 +00:00
jca
92a6e55dfb Fix quota handling that resulted in spam in logs. 
Prodded by jung@, ok jung@ Ian
 2016-05-15 01:10:07 +00:00