Add a patch to fix CVE-2010-2063. Bump PKGREVISION.diff -r1.200 -r1.201 pkgsrc/net/samba/Makefile
(taca)
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.200 2010/04/15 09:38:09 sborrill Exp $ | 1 | # $NetBSD: Makefile,v 1.201 2010/06/19 14:08:56 taca Exp $ | |
2 | 2 | |||
3 | .include "Makefile.mirrors" | 3 | .include "Makefile.mirrors" | |
4 | 4 | |||
5 | DISTNAME= samba-${VERSION} | 5 | DISTNAME= samba-${VERSION} | |
6 | PKGREVISION= 3 | 6 | PKGREVISION= 4 | |
7 | CATEGORIES= net | 7 | CATEGORIES= net | |
8 | MASTER_SITES= ${SAMBA_MIRRORS:=old-versions/} | 8 | MASTER_SITES= ${SAMBA_MIRRORS:=old-versions/} | |
9 | 9 | |||
10 | .include "Makefile.patches" | 10 | .include "Makefile.patches" | |
11 | 11 | |||
12 | MAINTAINER= pkgsrc-users@NetBSD.org | 12 | MAINTAINER= pkgsrc-users@NetBSD.org | |
13 | HOMEPAGE= http://www.samba.org/ | 13 | HOMEPAGE= http://www.samba.org/ | |
14 | COMMENT= SMB/CIFS protocol server suite | 14 | COMMENT= SMB/CIFS protocol server suite | |
15 | LICENSE= gnu-gpl-v2 | 15 | LICENSE= gnu-gpl-v2 | |
16 | 16 | |||
17 | VERSION= 3.0.37 | 17 | VERSION= 3.0.37 | |
18 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* \ | 18 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* \ | |
19 | winbind-[0-9]* | 19 | winbind-[0-9]* |
@@ -1,26 +1,28 @@ | @@ -1,26 +1,28 @@ | |||
1 | # $NetBSD: Makefile.mirrors,v 1.6 2009/10/11 09:18:04 wiz Exp $ | 1 | # $NetBSD: Makefile.mirrors,v 1.7 2010/06/19 14:08:56 taca Exp $ | |
2 | # | 2 | # | |
3 | # This Makefile fragment contains the mirror sites for fetching Samba. | 3 | # This Makefile fragment contains the mirror sites for fetching Samba. | |
4 | 4 | |||
5 | ### | 5 | ### | |
6 | ### This list was last updated on 20080403 from: | 6 | ### This list was last updated on 20080403 from: | |
7 | ### http://www.samba.org/samba/download/ftp_mirrors.html | 7 | ### http://www.samba.org/samba/download/ftp_mirrors.html | |
8 | ### | 8 | ### | |
9 | SAMBA_MIRRORS= \ | 9 | SAMBA_MIRRORS= \ | |
10 | ftp://ftp.easynet.be/samba/ \ | 10 | ftp://ftp.easynet.be/samba/ \ | |
11 | http://mirrors.uol.com.br/pub/samba/ \ | 11 | http://mirrors.uol.com.br/pub/samba/ \ | |
12 | ftp://ca.samba.org/ \ | 12 | ftp://ca.samba.org/ \ | |
13 | ftp://mirrors.dotsrc.org/samba/ \ | 13 | ftp://mirrors.dotsrc.org/samba/ \ | |
14 | ftp://de3.samba.org/pub/samba/ \ | 14 | ftp://de3.samba.org/pub/samba/ \ | |
15 | ftp://ftp.ntua.gr/pub/net/samba/ \ | 15 | ftp://ftp.ntua.gr/pub/net/samba/ \ | |
16 | ftp://ftp.hkmirror.org/pub/samba/sambaftp/ \ | 16 | ftp://ftp.hkmirror.org/pub/samba/sambaftp/ \ | |
17 | ftp://ftp.heanet.ie/pub/samba/ \ | 17 | ftp://ftp.heanet.ie/pub/samba/ \ | |
18 | ftp://ftp.ring.gr.jp/pub/net/samba/ \ | 18 | ftp://ftp.ring.gr.jp/pub/net/samba/ \ | |
19 | ftp://ftp.samba.gr.jp/pub/samba/ \ | 19 | ftp://ftp.samba.gr.jp/pub/samba/ \ | |
20 | http://samba.osmirror.nl/samba/ftp/ \ | 20 | http://samba.osmirror.nl/samba/ftp/ \ | |
21 | ftp://ftp.bit.nl/mirror/samba/ \ | 21 | ftp://ftp.bit.nl/mirror/samba/ \ | |
22 | ftp://www.bibsyst.no/pub/samba/ \ | 22 | ftp://www.bibsyst.no/pub/samba/ \ | |
23 | ftp://pl.samba.org/pub/unix/net/samba/ \ | 23 | ftp://pl.samba.org/pub/unix/net/samba/ \ | |
24 | ftp://ftp.chg.ru/packages/samba/ \ | 24 | ftp://ftp.chg.ru/packages/samba/ \ | |
25 | ftp://ftp.oss.eznetsols.org/samba/ \ | 25 | ftp://ftp.oss.eznetsols.org/samba/ \ | |
26 | ftp://us5.samba.org/pub/samba-ftp/ | 26 | ftp://us5.samba.org/pub/samba-ftp/ \ | |
27 | ftp://download.samba.org/pub/samba/ \ | |||
28 | http://download.samba.org/samba/ftp/ |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.73 2010/02/09 16:08:36 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.74 2010/06/19 14:08:56 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (samba-3.0.37.tar.gz) = 5ec6bc6558b3c799f747eb49fbba019d5edf0cbd | 3 | SHA1 (samba-3.0.37.tar.gz) = 5ec6bc6558b3c799f747eb49fbba019d5edf0cbd | |
4 | RMD160 (samba-3.0.37.tar.gz) = 06b76ae22729e10c83d6af42d03b03ad69e49103 | 4 | RMD160 (samba-3.0.37.tar.gz) = 06b76ae22729e10c83d6af42d03b03ad69e49103 | |
5 | Size (samba-3.0.37.tar.gz) = 23416703 bytes | 5 | Size (samba-3.0.37.tar.gz) = 23416703 bytes | |
6 | SHA1 (patch-aa) = c3a1fd7cf6f8db8ea4001c697b19df555b496b29 | 6 | SHA1 (patch-aa) = c3a1fd7cf6f8db8ea4001c697b19df555b496b29 | |
7 | SHA1 (patch-ac) = 47529dfe904768e6a3076131978c89fe2d1e3619 | 7 | SHA1 (patch-ac) = 47529dfe904768e6a3076131978c89fe2d1e3619 | |
8 | SHA1 (patch-ae) = 28fc3d1ad158f8025f1f9ba8e170d93c31fa45ba | 8 | SHA1 (patch-ae) = 28fc3d1ad158f8025f1f9ba8e170d93c31fa45ba | |
9 | SHA1 (patch-af) = 9f14842b7d0b5e66bf1d52bcacefe5e1aa392b7c | 9 | SHA1 (patch-af) = 9f14842b7d0b5e66bf1d52bcacefe5e1aa392b7c | |
10 | SHA1 (patch-ag) = c73e717e053b6618b2a334602fefabe5a5f98a98 | 10 | SHA1 (patch-ag) = c73e717e053b6618b2a334602fefabe5a5f98a98 | |
11 | SHA1 (patch-ak) = 0c69720954282022c7982d36eaee94a03db7b689 | 11 | SHA1 (patch-ak) = 0c69720954282022c7982d36eaee94a03db7b689 | |
12 | SHA1 (patch-at) = de18d1fa7f1d4a2e9e3c0b28173584c7d42ed710 | 12 | SHA1 (patch-at) = de18d1fa7f1d4a2e9e3c0b28173584c7d42ed710 | |
13 | SHA1 (patch-au) = e8a86ff28c2e22e1a9c3b80b90bcaea573b856ca | 13 | SHA1 (patch-au) = e8a86ff28c2e22e1a9c3b80b90bcaea573b856ca | |
14 | SHA1 (patch-av) = c29ba19e96c24ef95a9a043f8678d77c00d73506 | 14 | SHA1 (patch-av) = c29ba19e96c24ef95a9a043f8678d77c00d73506 | |
@@ -29,13 +29,14 @@ SHA1 (patch-bp) = ab55020e477ff36403b1e5 | @@ -29,13 +29,14 @@ SHA1 (patch-bp) = ab55020e477ff36403b1e5 | |||
29 | SHA1 (patch-bq) = dc25eb43336d4ad7ecef1b4ea8c5dcd72cc91a7b | 29 | SHA1 (patch-bq) = dc25eb43336d4ad7ecef1b4ea8c5dcd72cc91a7b | |
30 | SHA1 (patch-br) = fc0d4c1f638a534f86e59ed8ebaddbf1978fa64f | 30 | SHA1 (patch-br) = fc0d4c1f638a534f86e59ed8ebaddbf1978fa64f | |
31 | SHA1 (patch-bs) = da62a8e59fbab1b9ef9fbcd623f5d63816667447 | 31 | SHA1 (patch-bs) = da62a8e59fbab1b9ef9fbcd623f5d63816667447 | |
32 | SHA1 (patch-bu) = 317d0a197e4564c6ab734890302c1f73cc54e1df | 32 | SHA1 (patch-bu) = 317d0a197e4564c6ab734890302c1f73cc54e1df | |
33 | SHA1 (patch-bv) = 2d80f4e24edab32bf4f620f651e70b9e63d28cc5 | 33 | SHA1 (patch-bv) = 2d80f4e24edab32bf4f620f651e70b9e63d28cc5 | |
34 | SHA1 (patch-bw) = 83a57fd2c21e1abd1bfab046e867096d46931958 | 34 | SHA1 (patch-bw) = 83a57fd2c21e1abd1bfab046e867096d46931958 | |
35 | SHA1 (patch-ca) = 0c2c4c1bdb3348de3e8719cc468a6e0c28a36b73 | 35 | SHA1 (patch-ca) = 0c2c4c1bdb3348de3e8719cc468a6e0c28a36b73 | |
36 | SHA1 (patch-ce) = 81c6c2d9c6c0df7180d41a0382f2b4600f545620 | 36 | SHA1 (patch-ce) = 81c6c2d9c6c0df7180d41a0382f2b4600f545620 | |
37 | SHA1 (patch-cf) = 8b50f657f8f4fa71936ec4766c2517ca5d128ff7 | 37 | SHA1 (patch-cf) = 8b50f657f8f4fa71936ec4766c2517ca5d128ff7 | |
38 | SHA1 (patch-cg) = 2755a019759826a39c3e201f6a0d1646e6dd2fba | 38 | SHA1 (patch-cg) = 2755a019759826a39c3e201f6a0d1646e6dd2fba | |
39 | SHA1 (patch-ch) = 3c4c404519154e294cee134ddb4d2b9c7d8e02a2 | 39 | SHA1 (patch-ch) = 3c4c404519154e294cee134ddb4d2b9c7d8e02a2 | |
40 | SHA1 (patch-ci) = d78298d0997cf7877cfe2411355fb6c61dec17f6 | 40 | SHA1 (patch-ci) = d78298d0997cf7877cfe2411355fb6c61dec17f6 | |
41 | SHA1 (patch-da) = 2dddd250b2207d658b02ff43b46199ce4305b7f8 | 41 | SHA1 (patch-da) = 2dddd250b2207d658b02ff43b46199ce4305b7f8 | |
42 | SHA1 (patch-ee) = d52511dc7d065db7ba1464138c4bc85cfe2f0d59 |
$NetBSD: patch-ee,v 1.3 2010/06/19 14:08:56 taca Exp $
Patch to fix CVE-2010-2063.
--- smbd/process.c.orig 2009-09-30 12:21:56.000000000 +0000
+++ smbd/process.c
@@ -1159,6 +1159,7 @@ int chain_reply(char *inbuf,char *outbuf
{
static char *orig_inbuf;
static char *orig_outbuf;
+ static int orig_size;
int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
char *inbuf2, *outbuf2;
@@ -1178,6 +1179,13 @@ int chain_reply(char *inbuf,char *outbuf
/* this is the first part of the chain */
orig_inbuf = inbuf;
orig_outbuf = outbuf;
+ orig_size = size;
+ }
+
+ /* Validate smb_off2 */
+ if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
+ exit_server_cleanly("Bad chained packet");
+ return -1;
}
/*
@@ -1192,6 +1200,11 @@ int chain_reply(char *inbuf,char *outbuf
SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
SCVAL(outbuf,smb_vwv0,smb_com2);
+ if (outsize <= smb_wct) {
+ exit_server_cleanly("Bad chained packet");
+ return -1;
+ }
+
/* remember how much the caller added to the chain, only counting stuff
after the parameter words */
chain_size += outsize - smb_wct;