Tue Mar 18 12:42:57 2014 UTC ()
Pullup ticket #4348 - requested by taca
net/samba: security update

Revisions pulled up:
- net/samba/Makefile                                            1.242-1.247
- net/samba/distinfo                                            1.97-1.98
- net/samba/patches/patch-ab                                    1.29

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Tue Jan 28 12:16:39 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile

   Log Message:
   Use GNU_CONFIGURE_LIBDIR for --libdir.

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Feb 12 23:18:57 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile

   Log Message:
   Recursive PKGREVISION bump for OpenSSL API version bump.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Mon Mar  3 08:05:07 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile

   Log Message:
   simplify with SUBST_VARS.

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Mon Mar  3 08:15:10 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile distinfo
   	pkgsrc/net/samba/patches: patch-ab

   Log Message:
   Replace log dir in the default sample config file correctly.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Thu Mar 13 11:08:54 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile

   Log Message:
   Set USE_GCC_RUNTIME=yes for packages which build shared libraries but do
   not use libtool to do so.  This is required to correctly depend upon a
   gcc runtime package (e.g. gcc47-libs) when using USE_PKGSRC_GCC_RUNTIME.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Mar 17 14:01:57 UTC 2014

   Modified Files:
   	pkgsrc/net/samba: Makefile distinfo

   Log Message:
   Update samba to 3.6.23.

                      ==============================
                      Release Notes for Samba 3.6.23
                              March 11, 2014
                      ==============================

   This is a security release in order to address
   CVE-2013-4496 (Password lockout not enforced for SAMR password changes).

   o  CVE-2013-4496:
      Samba versions 3.4.0 and above allow the administrator to implement
      locking out Samba accounts after a number of bad password attempts.

      However, all released versions of Samba did not implement this check for
      password changes, such as are available over multiple SAMR and RAP
      interfaces, allowing password guessing attacks.


(tron)
diff -r1.241 -r1.241.2.1 pkgsrc/net/samba/Makefile
diff -r1.96 -r1.96.2.1 pkgsrc/net/samba/distinfo
diff -r1.28 -r1.28.18.1 pkgsrc/net/samba/patches/patch-ab
cvs diff -r1.241 -r1.241.2.1 pkgsrc/net/samba/Makefile (expand / switch to unified diff)

--- pkgsrc/net/samba/Makefile 2013/12/09 10:44:22 1.241
+++ pkgsrc/net/samba/Makefile 2014/03/18 12:42:57 1.241.2.1
@@ -1,27 +1,29 @@ @@ -1,27 +1,29 @@
1# $NetBSD: Makefile,v 1.241 2013/12/09 10:44:22 taca Exp $ 1# $NetBSD: Makefile,v 1.241.2.1 2014/03/18 12:42:57 tron Exp $
2 2
3DISTNAME= samba-${VERSION} 3DISTNAME= samba-${VERSION}
4CATEGORIES= net 4CATEGORIES= net
5MASTER_SITES= ${SAMBA_MIRRORS:=stable/} 5MASTER_SITES= ${SAMBA_MIRRORS:=stable/}
6 6
7MAINTAINER= pkgsrc-users@NetBSD.org 7MAINTAINER= pkgsrc-users@NetBSD.org
8HOMEPAGE= http://www.samba.org/ 8HOMEPAGE= http://www.samba.org/
9COMMENT= SMB/CIFS protocol server suite 9COMMENT= SMB/CIFS protocol server suite
10LICENSE= gnu-gpl-v3 10LICENSE= gnu-gpl-v3
11 11
12VERSION= 3.6.22 12VERSION= 3.6.23
13CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* 13CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]*
14 14
 15USE_GCC_RUNTIME= yes
 16
15FILESDIR= ${PKGDIR}/../../net/samba/files 17FILESDIR= ${PKGDIR}/../../net/samba/files
16DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR 18DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR
17MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE 19MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE
18WRKSRC= ${WRKDIR}/${DISTNAME}/source3 20WRKSRC= ${WRKDIR}/${DISTNAME}/source3
19BUILD_DEFS+= VARBASE 21BUILD_DEFS+= VARBASE
20 22
21.include "../../mk/bsd.prefs.mk" 23.include "../../mk/bsd.prefs.mk"
22 24
23PKG_SYSCONFSUBDIR= samba 25PKG_SYSCONFSUBDIR= samba
24SAMBA_ETCDIR?= ${PKG_SYSCONFDIR} 26SAMBA_ETCDIR?= ${PKG_SYSCONFDIR}
25SAMBA_LIBDIR?= ${PREFIX}/lib 27SAMBA_LIBDIR?= ${PREFIX}/lib
26SAMBA_LOCKDIR?= ${SAMBA_VARDIR}/run/samba 28SAMBA_LOCKDIR?= ${SAMBA_VARDIR}/run/samba
27SAMBA_LOGDIR?= ${SAMBA_VARDIR}/log 29SAMBA_LOGDIR?= ${SAMBA_VARDIR}/log
@@ -38,27 +40,27 @@ FILES_SUBST+= SAMBA_LOGDIR=${SAMBA_LOGD @@ -38,27 +40,27 @@ FILES_SUBST+= SAMBA_LOGDIR=${SAMBA_LOGD
38FILES_SUBST+= SAMBA_PIDDIR=${SAMBA_PIDDIR} 40FILES_SUBST+= SAMBA_PIDDIR=${SAMBA_PIDDIR}
39FILES_SUBST+= SAMBA_PRIVATE=${SAMBA_PRIVATE:Q} 41FILES_SUBST+= SAMBA_PRIVATE=${SAMBA_PRIVATE:Q}
40FILES_SUBST+= SAMBA_STATEDIR=${SAMBA_STATEDIR} 42FILES_SUBST+= SAMBA_STATEDIR=${SAMBA_STATEDIR}
41FILES_SUBST+= SAMBA_VARDIR=${SAMBA_VARDIR} 43FILES_SUBST+= SAMBA_VARDIR=${SAMBA_VARDIR}
42FILES_SUBST+= WINBINDD_RCD_SCRIPT=${WINBINDD_RCD_SCRIPT:Q} 44FILES_SUBST+= WINBINDD_RCD_SCRIPT=${WINBINDD_RCD_SCRIPT:Q}
43 45
44# mktemp is useful for the replacement adduser script, but don't require 46# mktemp is useful for the replacement adduser script, but don't require
45# a full dependency since it's not actually needed by samba. 47# a full dependency since it's not actually needed by samba.
46USE_TOOLS+= gmake mktemp perl:run pkg-config 48USE_TOOLS+= gmake mktemp perl:run pkg-config
47REPLACE_PERL= script/findsmb.in 49REPLACE_PERL= script/findsmb.in
48 50
49BROKEN_GETTEXT_DETECTION=yes 51BROKEN_GETTEXT_DETECTION=yes
50GNU_CONFIGURE= yes 52GNU_CONFIGURE= yes
51CONFIGURE_ARGS+= --libdir=${SAMBA_LIBDIR} 53GNU_CONFIGURE_LIBDIR= ${SAMBA_LIBDIR}
52CONFIGURE_ARGS+= --with-libiconv=${BUILDLINK_PREFIX.iconv} 54CONFIGURE_ARGS+= --with-libiconv=${BUILDLINK_PREFIX.iconv}
53CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} 55CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline}
54CONFIGURE_ARGS+= --with-configdir=${SAMBA_ETCDIR} 56CONFIGURE_ARGS+= --with-configdir=${SAMBA_ETCDIR}
55CONFIGURE_ARGS+= --with-lockdir=${SAMBA_LOCKDIR} 57CONFIGURE_ARGS+= --with-lockdir=${SAMBA_LOCKDIR}
56CONFIGURE_ARGS+= --with-logfilebase=${SAMBA_LOGDIR} 58CONFIGURE_ARGS+= --with-logfilebase=${SAMBA_LOGDIR}
57CONFIGURE_ARGS+= --with-modulesdir=${SAMBA_MODULESDIR} 59CONFIGURE_ARGS+= --with-modulesdir=${SAMBA_MODULESDIR}
58CONFIGURE_ARGS+= --with-piddir=${SAMBA_PIDDIR} 60CONFIGURE_ARGS+= --with-piddir=${SAMBA_PIDDIR}
59CONFIGURE_ARGS+= --with-privatedir=${SAMBA_PRIVATE:Q} 61CONFIGURE_ARGS+= --with-privatedir=${SAMBA_PRIVATE:Q}
60CONFIGURE_ARGS+= --with-statedir=${SAMBA_STATEDIR} 62CONFIGURE_ARGS+= --with-statedir=${SAMBA_STATEDIR}
61CONFIGURE_ARGS+= --localstatedir=${SAMBA_VARDIR} 63CONFIGURE_ARGS+= --localstatedir=${SAMBA_VARDIR}
62CONFIGURE_ARGS+= --with-mandir=${PREFIX}/${PKGMANDIR} 64CONFIGURE_ARGS+= --with-mandir=${PREFIX}/${PKGMANDIR}
63CONFIGURE_ARGS+= --with-swatdir=${PREFIX}/share/samba/swat 65CONFIGURE_ARGS+= --with-swatdir=${PREFIX}/share/samba/swat
64CONFIGURE_ARGS+= --enable-external-libtdb 66CONFIGURE_ARGS+= --enable-external-libtdb
@@ -95,32 +97,33 @@ INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR} @@ -95,32 +97,33 @@ INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR}
95 97
96DOCDIR= share/doc/${PKGBASE} 98DOCDIR= share/doc/${PKGBASE}
97EGDIR= share/examples/${PKGBASE} 99EGDIR= share/examples/${PKGBASE}
98CONF_FILES= ${PREFIX}/${EGDIR}/smb.conf.default ${SAMBA_ETCDIR}/smb.conf 100CONF_FILES= ${PREFIX}/${EGDIR}/smb.conf.default ${SAMBA_ETCDIR}/smb.conf
99MAKE_DIRS= ${SAMBA_VARDIR} ${SAMBA_LOGDIR} ${SAMBA_PIDDIR} 101MAKE_DIRS= ${SAMBA_VARDIR} ${SAMBA_LOGDIR} ${SAMBA_PIDDIR}
100OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_LOCKDIR} ${SAMBA_STATEDIR} 102OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_LOCKDIR} ${SAMBA_STATEDIR}
101OWN_DIRS_PERMS= ${SAMBA_PRIVATE} ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700 103OWN_DIRS_PERMS= ${SAMBA_PRIVATE} ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700
102RCD_SCRIPTS+= samba nmbd smbd ${WINBINDD_RCD_SCRIPT} 104RCD_SCRIPTS+= samba nmbd smbd ${WINBINDD_RCD_SCRIPT}
103 105
104SUBST_CLASSES+= paths 106SUBST_CLASSES+= paths
105SUBST_MESSAGE.paths= Fixing paths. 107SUBST_MESSAGE.paths= Fixing paths.
106SUBST_FILES.paths= ${WRKDIR}/adduser.sh ${WRKDIR}/deluser.sh 108SUBST_FILES.paths= ${WRKDIR}/adduser.sh ${WRKDIR}/deluser.sh
107SUBST_STAGE.paths= post-patch 109SUBST_STAGE.paths= post-patch
108SUBST_SED.paths+= -e 's,@AWK@,${AWK},g' 110SUBST_VARS.paths+= AWK CAT MKTEMP RM PWD_MKDB SH
109SUBST_SED.paths+= -e 's,@CAT@,${CAT},g' 111
110SUBST_SED.paths+= -e 's,@MKTEMP@,${MKTEMP},g' 112SUBST_CLASSES+= def-cfg
111SUBST_SED.paths+= -e 's,@RM@,${RM},g' 113SUBST_MESSAGE.def-cfg= Fixing default config files
112SUBST_SED.paths+= -e 's,@PWD_MKDB@,${PWD_MKDB},g' 114SUBST_FILES.def-cfg= ${WRKDIR}/${DISTNAME}/examples/smb.conf.default
113SUBST_SED.paths+= -e 's,@SH@,${SH},g' 115SUBST_STAGE.def-cfg= post-configure
 116SUBST_VARS.def-cfg= SAMBA_LOGDIR
114 117
115post-extract: 118post-extract:
116 ${CP} ${FILESDIR}/adduser.sh ${FILESDIR}/deluser.sh ${WRKDIR} 119 ${CP} ${FILESDIR}/adduser.sh ${FILESDIR}/deluser.sh ${WRKDIR}
117 for n in tdbbackup.8 tdbdump.8 tdbtool.8; do \ 120 for n in tdbbackup.8 tdbdump.8 tdbtool.8; do \
118 ${RM} ${WRKSRC}/../docs/manpages/$$n; \ 121 ${RM} ${WRKSRC}/../docs/manpages/$$n; \
119 ${RM} ${WRKSRC}/../docs/htmldocs/manpages/$$n.html; \ 122 ${RM} ${WRKSRC}/../docs/htmldocs/manpages/$$n.html; \
120 done 123 done
121 124
122post-install: 125post-install:
123 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/js 126 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/js
124 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/include 127 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/include
125 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/images 128 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/images
126 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/js 129 ${RMDIR} ${DESTDIR}${PREFIX}/share/samba/swat/lang/ja/js
cvs diff -r1.96 -r1.96.2.1 pkgsrc/net/samba/distinfo (expand / switch to unified diff)

--- pkgsrc/net/samba/distinfo 2013/12/09 10:44:22 1.96
+++ pkgsrc/net/samba/distinfo 2014/03/18 12:42:57 1.96.2.1
@@ -1,20 +1,20 @@ @@ -1,20 +1,20 @@
1$NetBSD: distinfo,v 1.96 2013/12/09 10:44:22 taca Exp $ 1$NetBSD: distinfo,v 1.96.2.1 2014/03/18 12:42:57 tron Exp $
2 2
3SHA1 (samba-3.6.22.tar.gz) = e4ce4a273cc264b01d928f1bb59f0dc38dd65f9b 3SHA1 (samba-3.6.23.tar.gz) = 5ba2f8323ab17fa6c04bf87c11d20f10a4fcfe17
4RMD160 (samba-3.6.22.tar.gz) = 66063045f4c3232764528ce7571dd336591001e4 4RMD160 (samba-3.6.23.tar.gz) = 43dc3b5dcc2ee515bed03ad77b9726841faea946
5Size (samba-3.6.22.tar.gz) = 34122131 bytes 5Size (samba-3.6.23.tar.gz) = 34122387 bytes
6SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e 6SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e
7SHA1 (patch-ab) = 0372ff2e3caca866dacd6ed25ae1d02e34a5b567 7SHA1 (patch-ab) = eb680f72ab0118e57d1b322aba869ac798b27e17
8SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec 8SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec
9SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070 9SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070
10SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a 10SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a
11SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18 11SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18
12SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c 12SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c
13SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49 13SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49
14SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521 14SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521
15SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c 15SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c
16SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439 16SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439
17SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335 17SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335
18SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8 18SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8
19SHA1 (patch-ao) = 688f4180eb728363a1e616320464a6410f1ffced 19SHA1 (patch-ao) = 688f4180eb728363a1e616320464a6410f1ffced
20SHA1 (patch-aq) = 1eef65b3a798b3f80cc71f5d1f43b54c11782c0f 20SHA1 (patch-aq) = 1eef65b3a798b3f80cc71f5d1f43b54c11782c0f
cvs diff -r1.28 -r1.28.18.1 pkgsrc/net/samba/patches/patch-ab (expand / switch to unified diff)

--- pkgsrc/net/samba/patches/patch-ab 2011/12/16 11:05:24 1.28
+++ pkgsrc/net/samba/patches/patch-ab 2014/03/18 12:42:57 1.28.18.1
@@ -1,32 +1,32 @@ @@ -1,32 +1,32 @@
1$NetBSD: patch-ab,v 1.28 2011/12/16 11:05:24 asau Exp $ 1$NetBSD: patch-ab,v 1.28.18.1 2014/03/18 12:42:57 tron Exp $
2 2
3--- ../examples/smb.conf.default.orig 2010-01-14 10:12:10.000000000 +0000 3--- ../examples/smb.conf.default.orig 2010-01-14 10:12:10.000000000 +0000
4+++ ../examples/smb.conf.default 4+++ ../examples/smb.conf.default
5@@ -26,7 +26,7 @@ 5@@ -26,7 +26,7 @@
6 workgroup = MYGROUP 6 workgroup = MYGROUP
7  7
8 # server string is the equivalent of the NT Description field 8 # server string is the equivalent of the NT Description field
9- server string = Samba Server 9- server string = Samba Server
10+ server string = Samba %v (%h) 10+ server string = Samba %v (%h)
11  11
12 # Security mode. Defines in which mode Samba will operate. Possible  12 # Security mode. Defines in which mode Samba will operate. Possible
13 # values are share, user, server, domain and ads. Most people will want  13 # values are share, user, server, domain and ads. Most people will want
14@@ -63,10 +63,10 @@ 14@@ -63,10 +63,10 @@
15  15
16 # this tells Samba to use a separate log file for each machine 16 # this tells Samba to use a separate log file for each machine
17 # that connects 17 # that connects
18- log file = /usr/local/samba/var/log.%m 18- log file = /usr/local/samba/var/log.%m
19+; log file = @VARBASE@/log/log.%m 19+; log file = @SAMBA_LOGDIR@/log.%m
20  20
21 # Put a capping on the size of the log files (in Kb). 21 # Put a capping on the size of the log files (in Kb).
22- max log size = 50 22- max log size = 50
23+; max log size = 50 23+; max log size = 50
24  24
25 # Use password server option only with security = server 25 # Use password server option only with security = server
26 # The argument list may include: 26 # The argument list may include:
27@@ -145,7 +145,7 @@ 27@@ -145,7 +145,7 @@
28  28
29 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names 29 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
30 # via DNS nslookups. The default is NO. 30 # via DNS nslookups. The default is NO.
31- dns proxy = no  31- dns proxy = no
32+; dns proxy = no  32+; dns proxy = no