cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
129,652 Commits 1 Branch 0 Tags
Commit Graph

314 Commits

Author SHA1 Message Date
jca
cbdee8d517 Not needed any more now that sys/socket.h is standalone. 2018-05-22 20:54:06 +00:00
jca
3a143468d2 Update to samba-4.7.7 
ChangeLog: https://www.samba.org/samba/history/samba-4.7.7.html

Tests + LGTM from Ian (co-maintainer)
 2018-04-26 13:42:45 +00:00
jca
eb677c2a82 SECURITY update to samba-4.7.6 
o  CVE-2018-1050 (Denial of Service Attack on external print server.)
o  CVE-2018-1057 (Authenticated users can change other users' password.)

If you have an AD setup, you are *strongly* advised to upgrade asap
and/or apply the documented workarounds.

More details at
  https://www.samba.org/samba/history/samba-4.7.6.html
 2018-03-13 12:19:33 +00:00
sthen
b6c377654d { 
"port": "net/samba",
  "new_dependency": {
    "type": "LIB_DEPENDS",
    "name": "devel/jansson",
    "reason": "missing hidden dependency"
  },
  "ok": "jca@"
}
 2018-02-20 08:37:50 +00:00
jca
3d0c20239e Update to samba-4.7.5 
Bulk build & ok ajacoutot@ (thanks!).  Let's put this in now so more
people can test, discussed with Ian.

Release notes:
https://www.samba.org/samba/history/samba-4.7.5.html

All release notes for the 4.7 series:
https://git.samba.org/?p=samba.git;a=blob;f=WHATSNEW.txt;h=2914f57c60273c797e756d66759ab81704516864;hb=refs/heads/v4-7-stable
 2018-02-15 09:59:44 +00:00
jca
f4fb7658d0 Update to samba-4.6.12 2018-01-16 17:35:05 +00:00
rpe
214644a454 Now that all ports rc.* scripts are using #!/bin/ksh 
- change [] tests to [[]]
- change arithmetic [] tests to (())
- change = to == inside [[]]
- remove unecessary quoting inside [[]]

OK aja@
 2018-01-14 14:42:18 +00:00
rpe
9a8b5ccd06 Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d 
daemon scripts and bump subpackages that contain the *.rc scripts.

discussed with and OK aja@
OK tb
 2018-01-11 19:27:01 +00:00
jca
b079a2af84 Update to samba-4.6.11 
See https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
for a ChangeLog.  samba-4.6.10 bulk build & ok ajacoutot@, tests by Ian;
samba-4.6.11 just adds a bunch of security fixes over 4.6.10.
 2017-11-22 16:15:44 +00:00
jca
b8bde0576b SECURITY update to samba-4.5.15 
Fixes for:
o  CVE-2017-14746 (Use-after-free vulnerability.)
o  CVE-2017-15275 (Server heap memory information leak.)

More details at:
   o https://www.samba.org/samba/security/CVE-2017-14746.html
   o https://www.samba.org/samba/security/CVE-2017-15275.html
 2017-11-22 15:09:24 +00:00
jca
99115b8769 Using lld for samba alone is not enough, remove tentative fix 
eg sysutils/usmb doesn't link, and using lld for all samba consumers
seems a bit far-fetched.

ok sthen@
 2017-11-02 23:46:37 +00:00
jca
67ad8f1c16 Hopefully fix samba, still using lld; looks like previous commit wasn't enough 
Also bump -util just to be safe.
 2017-11-02 19:56:29 +00:00
sthen
c8e88ae04a build samba with -fuse-ld=lld on CLANG_ARCHS, ok jca@ jca@ jca@ 2017-11-02 17:40:54 +00:00
jca
499879e197 Avoid nested function in waf test 
Innocuous, but changes the actual output of a command (smbd -b), so
bump.
 2017-09-25 13:26:52 +00:00
jca
1c71931c58 SECURITY update to samba-4.5.14 
o  CVE-2017-12150 (SMB1/2/3 connections may not require signing where
   they should)
o  CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
   redirects)
o  CVE-2017-12163 (Server memory information leak over SMB1)
 2017-09-23 22:59:18 +00:00
jca
0b267664fe Update to samba-4.5.13, the latest release of the 4.5.x series 
Putting this in now to help handle future possible security issues on
the 6.2 branch.  Tested by Ian McWilliam.
 2017-09-18 11:52:04 +00:00
jca
469cbd8164 SECURITY fix for CVE-2017-11103 
CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass

The fix affects the embedded Heimdal copy.

  6dd3eb836b
  https://www.orpheus-lyre.info/
  https://www.samba.org/samba/security/CVE-2017-11103.html
 2017-07-13 00:52:29 +00:00
jca
81a6ece78c SECURITY fix for CVE-2017-7494 
o CVE-2017-7494 rpc_server3: Refuse to open pipe names with /
 2017-05-24 11:58:29 +00:00
ajacoutot
4ee307450d /usr/local/include/samba-4.0/ was not registered in any subpackage; make 
-tevent own it since all include/samba-4.0 consumers depend on it.
 2017-05-16 08:45:32 +00:00
jca
1b25cfdd16 Update to samba-4.5.8 
Fix regression with "follow symlinks = no".  ok Ian sthen@
 2017-04-01 11:37:38 +00:00
jca
47ea351ebe SECURITY update to samba-4.5.7 
o CVE-2017-2619 (Symlink race allows access outside share definition)
 2017-03-25 17:00:01 +00:00
jca
f004286ada Update to samba-4.5.6 
Tests by Ian
 2017-03-16 09:53:33 +00:00
jca
165b6b53cc Regen PLIST to use MODPY_PYOEXTENSION 2017-03-12 22:19:50 +00:00
sthen
94e8aee89a zap zero-byte files, list from rsadowski 2017-01-27 18:52:26 +00:00
jca
4be4d71e52 SECURITY update to samba-4.5.3 
CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).

CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).

CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).

ok Ian McWilliam
 2016-12-20 14:15:11 +00:00
jca
d8700eb3ee Update to samba-4.5.2 2016-12-19 10:12:18 +00:00
ajacoutot
963b076884 -util should own the /usr/local/lib/samba/ directory to prevent the following 
warning when pkg_delete samba:
Error deleting directory /usr/local/lib/samba: Directory not empty

ok jca@ (maintainer)
 2016-11-11 15:16:57 +00:00
jca
005e273761 Update to samba-4.5.1 
Changes:
  https://www.samba.org/samba/history/samba-4.5.0.html
  https://www.samba.org/samba/history/samba-4.5.1.html

powerpc build test kirby@, ok Ian McWilliam
 2016-11-09 15:59:37 +00:00
jca
f6fa1e8195 Repair samba-tool domain provision --use-ntvfs 
The situation is a mess.  Upstream says that s3fs (the original smb code
from samba3) requires filesystem ACLs, which we don't have.  The ntvfs
code (new in samba4, but now deprecated) fit the job, but
adding --with-ntvfs-fileserver doesn't actually provide a working 'smb'
service (see "server services" in smb.conf(5)).

So right now it seems that the workaround is to provision
using --use-ntvfs, but then to strip 'smb' from the 'server services'
line.

Reports welcome...
 2016-09-12 15:38:22 +00:00
jca
55dada1e0e SECURITY update to samba-4.4.5 
* CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)

ok ajacoutot@, Ian McWilliam, sthen@ on a previous version.  ok danj@
who noted missing entries in PLIST.
 2016-07-08 18:39:50 +00:00
jca
b16be23fd8 Update to samba-4.4.4 
Diff from Ian, tests & ok sthen@
 2016-07-06 16:43:16 +00:00
jca
92a6e55dfb Fix quota handling that resulted in spam in logs. 
Prodded by jung@, ok jung@ Ian
 2016-05-15 01:10:07 +00:00
jca
99da75d56f Update to samba-4.4.3, bringing fixes for the regression introduced by 4.4.2. 
Tested by Vijay Sankar and I.
 2016-05-06 11:34:41 +00:00
jca
d7fb3db25d Better comment. 
mips64 has atomic support now, don't mention atomic_add_32
 2016-04-27 08:50:03 +00:00
jca
80b1bfa469 Committed upstream. 2016-04-26 12:23:05 +00:00
jca
6ba3931a94 Better workaround for clearenv 2016-04-25 15:01:29 +00:00
jca
3bfa72277a Drop gettext module 2016-04-25 08:58:10 +00:00
jca
a001ab7285 Update to samba-4.4.2 
Tests by Vijay Sankar and Ian, ok Ian

This release contains the security fixes introduced by 4.4.2, plus the
new features and improvements from 4.4.0:

  https://www.samba.org/samba/history/samba-4.4.0.html
 2016-04-22 11:48:36 +00:00
jca
d6e8759b50 SECURITY update to samba-4.3.8 
ok sthen@ Ian McWilliam

CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)

See https://www.samba.org/samba/history/samba-4.3.8.html for more
information.
 2016-04-13 11:25:40 +00:00
jca
13f7dce85d Update to samba-4.3.6 
i386 build by danj@, ok sthen@

The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories.  samba-4.3.8 will follow.
 2016-04-12 17:42:09 +00:00
jca
e19d82005b Stop fetching and packaging outdated pdf docs; ok Ian 2016-03-23 19:08:15 +00:00
naddy
a90d3a4179 remove SHARED_ONLY 2016-03-20 15:58:26 +00:00
jca
16c613f366 SECURITY update to samba-4.1.23; ok Ian McWilliam 
Fixes for CVE-2015-7560 and CVE-2016-0771.
 2016-03-09 19:40:11 +00:00
sthen
275b716f52 bump tevent 2016-01-18 12:10:51 +00:00
sthen
9005d1d063 sync WANTLIB 2016-01-17 17:29:07 +00:00
jca
fb9197ada0 SECURITY update to samba-4.1.22; ok Ian McWilliam 
ChangeLog and descriptions of the relevant CVE's:

  https://www.samba.org/samba/history/samba-4.1.22.html

This update changed the signature of a few functions in libsamba-util,
so bump the shlib major.  Also update Ian's email adress while here.
 2015-12-23 12:37:21 +00:00
ajacoutot
d60b768928 daemon_timeout is not passed to the child scripts either. 2015-11-29 15:50:20 +00:00
jca
a536651fbb Bugfix update to samba-4.1.21 
"diff looks fine" Ian McWilliam
 2015-10-15 16:57:19 +00:00
jca
cba377ac48 Backport usage warning for smbstatus(1), picked from upstream. 
Problem noticed and different patch proposed by giovanni@.
ok giovanni@ Ian McWilliam
 2015-09-30 18:16:14 +00:00
jca
dfec945430 Use -Wl,--no-undefined just like other platforms, -Wl,--as-needed works fine now. 
Tested earlier on powerpc (sthen@), and on i386/amd64.  ok Ian McWilliam.
 2015-09-30 18:14:07 +00:00