Pullup ticket #4634 - requested by taca
net/samba: security update
Revisions pulled up:
- net/samba/Makefile 1.253
- net/samba/distinfo 1.102
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Feb 24 09:54:47 UTC 2015
Modified Files:
pkgsrc/net/samba: Makefile distinfo
Log Message:
Update samba package to 3.6.25.
==============================
Release Notes for Samba 3.6.25
February 23, 2015
==============================
This is a security release in order to address CVE-2015-0240 (Unexpected
code execution in smbd).
o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.
A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
o CVE-2014-0178:
In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
response field. The uninitialized buffer is sent back to the client.
A non-default VFS module providing the get_shadow_copy_data_fn() hook
must be explicitly enabled for Samba to process the aforementioned
client requests. Therefore, only configurations with "shadow_copy" or
"shadow_copy2" specified for the "vfs objects" parameter are vulnerable.
(tron)
diff -r1.252 -r1.252.4.1 pkgsrc/net/samba/Makefile| @@ -1,25 +1,25 @@ | @@ -1,25 +1,25 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.252 2014/07/21 06:44:30 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.252.4.1 2015/03/04 20:00:15 tron Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= samba-${VERSION} | 3 | DISTNAME= samba-${VERSION} | |
| 4 | CATEGORIES= net | 4 | CATEGORIES= net | |
| 5 | MASTER_SITES= ${SAMBA_MIRRORS:=stable/} | 5 | MASTER_SITES= ${SAMBA_MIRRORS:=stable/} | |
| 6 | 6 | |||
| 7 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 8 | HOMEPAGE= http://www.samba.org/ | 8 | HOMEPAGE= http://www.samba.org/ | |
| 9 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
| 10 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
| 11 | 11 | |||
| 12 | VERSION= 3.6.24 | 12 | VERSION= 3.6.25 | |
| 13 | 13 | |||
| 14 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* | 14 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* | |
| 15 | 15 | |||
| 16 | USE_GCC_RUNTIME= yes | 16 | USE_GCC_RUNTIME= yes | |
| 17 | 17 | |||
| 18 | FILESDIR= ${PKGDIR}/../../net/samba/files | 18 | FILESDIR= ${PKGDIR}/../../net/samba/files | |
| 19 | DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR | 19 | DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR | |
| 20 | MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE | 20 | MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE | |
| 21 | WRKSRC= ${WRKDIR}/${DISTNAME}/source3 | 21 | WRKSRC= ${WRKDIR}/${DISTNAME}/source3 | |
| 22 | BUILD_DEFS+= VARBASE | 22 | BUILD_DEFS+= VARBASE | |
| 23 | 23 | |||
| 24 | .include "../../mk/bsd.prefs.mk" | 24 | .include "../../mk/bsd.prefs.mk" | |
| 25 | 25 |
| @@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
| 1 | $NetBSD: distinfo,v 1.100 2014/06/24 14:06:30 taca Exp $ | 1 | $NetBSD: distinfo,v 1.100.6.1 2015/03/04 20:00:15 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (samba-3.6.24.tar.gz) = 6d48b55ab1e172b0c75035040f5aea65fbf0561e | 3 | SHA1 (samba-3.6.25.tar.gz) = 86fbfcfe80454cc7dbe510e7d58c02922cac3efa | |
| 4 | RMD160 (samba-3.6.24.tar.gz) = 0a57c49ee4a49408e75af02741f6c530828ea63f | 4 | RMD160 (samba-3.6.25.tar.gz) = 4df673ddac2a3fc8590820c8651e10f0dac90281 | |
| 5 | Size (samba-3.6.24.tar.gz) = 34122116 bytes | 5 | Size (samba-3.6.25.tar.gz) = 34121828 bytes | |
| 6 | SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e | 6 | SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e | |
| 7 | SHA1 (patch-ab) = eb680f72ab0118e57d1b322aba869ac798b27e17 | 7 | SHA1 (patch-ab) = eb680f72ab0118e57d1b322aba869ac798b27e17 | |
| 8 | SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec | 8 | SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec | |
| 9 | SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070 | 9 | SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070 | |
| 10 | SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a | 10 | SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a | |
| 11 | SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18 | 11 | SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18 | |
| 12 | SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c | 12 | SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c | |
| 13 | SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49 | 13 | SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49 | |
| 14 | SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521 | 14 | SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521 | |
| 15 | SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c | 15 | SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c | |
| 16 | SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439 | 16 | SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439 | |
| 17 | SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335 | 17 | SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335 | |
| 18 | SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8 | 18 | SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8 |