Pullup ticket #4634 - requested by taca net/samba: security update Revisions pulled up: - net/samba/Makefile 1.253 - net/samba/distinfo 1.102 --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 24 09:54:47 UTC 2015 Modified Files: pkgsrc/net/samba: Makefile distinfo Log Message: Update samba package to 3.6.25. ============================== Release Notes for Samba 3.6.25 February 23, 2015 ============================== This is a security release in order to address CVE-2015-0240 (Unexpected code execution in smbd). o CVE-2015-0240: All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges. o CVE-2014-0178: In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY response field. The uninitialized buffer is sent back to the client. A non-default VFS module providing the get_shadow_copy_data_fn() hook must be explicitly enabled for Samba to process the aforementioned client requests. Therefore, only configurations with "shadow_copy" or "shadow_copy2" specified for the "vfs objects" parameter are vulnerable.diff -r1.252 -r1.252.4.1 pkgsrc/net/samba/Makefile
(tron)
@@ -1,25 +1,25 @@ | @@ -1,25 +1,25 @@ | |||
1 | # $NetBSD: Makefile,v 1.252 2014/07/21 06:44:30 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.252.4.1 2015/03/04 20:00:15 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= samba-${VERSION} | 3 | DISTNAME= samba-${VERSION} | |
4 | CATEGORIES= net | 4 | CATEGORIES= net | |
5 | MASTER_SITES= ${SAMBA_MIRRORS:=stable/} | 5 | MASTER_SITES= ${SAMBA_MIRRORS:=stable/} | |
6 | 6 | |||
7 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
8 | HOMEPAGE= http://www.samba.org/ | 8 | HOMEPAGE= http://www.samba.org/ | |
9 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
10 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
11 | 11 | |||
12 | VERSION= 3.6.24 | 12 | VERSION= 3.6.25 | |
13 | 13 | |||
14 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* | 14 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]* | |
15 | 15 | |||
16 | USE_GCC_RUNTIME= yes | 16 | USE_GCC_RUNTIME= yes | |
17 | 17 | |||
18 | FILESDIR= ${PKGDIR}/../../net/samba/files | 18 | FILESDIR= ${PKGDIR}/../../net/samba/files | |
19 | DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR | 19 | DESCR_SRC= ${PKGDIR}/../../net/samba/DESCR | |
20 | MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE | 20 | MESSAGE_SRC= ${PKGDIR}/../../net/samba/MESSAGE | |
21 | WRKSRC= ${WRKDIR}/${DISTNAME}/source3 | 21 | WRKSRC= ${WRKDIR}/${DISTNAME}/source3 | |
22 | BUILD_DEFS+= VARBASE | 22 | BUILD_DEFS+= VARBASE | |
23 | 23 | |||
24 | .include "../../mk/bsd.prefs.mk" | 24 | .include "../../mk/bsd.prefs.mk" | |
25 | 25 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.100 2014/06/24 14:06:30 taca Exp $ | 1 | $NetBSD: distinfo,v 1.100.6.1 2015/03/04 20:00:15 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (samba-3.6.24.tar.gz) = 6d48b55ab1e172b0c75035040f5aea65fbf0561e | 3 | SHA1 (samba-3.6.25.tar.gz) = 86fbfcfe80454cc7dbe510e7d58c02922cac3efa | |
4 | RMD160 (samba-3.6.24.tar.gz) = 0a57c49ee4a49408e75af02741f6c530828ea63f | 4 | RMD160 (samba-3.6.25.tar.gz) = 4df673ddac2a3fc8590820c8651e10f0dac90281 | |
5 | Size (samba-3.6.24.tar.gz) = 34122116 bytes | 5 | Size (samba-3.6.25.tar.gz) = 34121828 bytes | |
6 | SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e | 6 | SHA1 (patch-aa) = 6c8497adce78e8b1dea2a0402d4a980b67b57b8e | |
7 | SHA1 (patch-ab) = eb680f72ab0118e57d1b322aba869ac798b27e17 | 7 | SHA1 (patch-ab) = eb680f72ab0118e57d1b322aba869ac798b27e17 | |
8 | SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec | 8 | SHA1 (patch-ac) = 25edbd616199b7dcb41f87aa1374d0bdf19cafec | |
9 | SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070 | 9 | SHA1 (patch-ad) = 750b0c08d9975a257bec09088cb38414a1299070 | |
10 | SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a | 10 | SHA1 (patch-ae) = de70580b293f4b964bc39b95c6a27511faaf088a | |
11 | SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18 | 11 | SHA1 (patch-af) = 433379f00214ef066043c6c6763cab41a39f3e18 | |
12 | SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c | 12 | SHA1 (patch-ag) = d84aeab73f22e372f0d275276f4a1160b240199c | |
13 | SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49 | 13 | SHA1 (patch-ah) = d4dc5c01fae6b72fb8902b32c0c5b668a918ce49 | |
14 | SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521 | 14 | SHA1 (patch-ai) = 2161f55d4f1ffe13fa24387349bb9ac71dae5521 | |
15 | SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c | 15 | SHA1 (patch-aj) = bb9ad5a44922eb067d1d84cd9ea444b671297e5c | |
16 | SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439 | 16 | SHA1 (patch-ak) = 0c4e6c9f80e3ae5ecc71054ffacf39eba5c2d439 | |
17 | SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335 | 17 | SHA1 (patch-am) = c4054a6923c2a599f3c9e56a06dbde2b8fc59335 | |
18 | SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8 | 18 | SHA1 (patch-an) = d486b7a05ebaaeb494f8c66d11ad2012053713f8 |