Pullup ticket #4958 - requested by manu
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.17
- net/samba4/PLIST 1.6
- net/samba4/distinfo 1.9
---
Module Name: pkgsrc
Committed By: manu
Date: Wed Apr 13 08:26:10 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
Update net/samba4 to 4.3.8
This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities:
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
(bsiegert)
diff -r1.16 -r1.16.2.1 pkgsrc/net/samba4/Makefile| @@ -1,28 +1,27 @@ | @@ -1,28 +1,27 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.16 2016/03/05 11:29:11 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.16.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= samba-${VERSION} | 3 | DISTNAME= samba-${VERSION} | |
| 4 | PKGREVISION= 1 | |||
| 5 | CATEGORIES= net | 4 | CATEGORIES= net | |
| 6 | MASTER_SITES= http://download.samba.org/pub/samba/stable/ | 5 | MASTER_SITES= http://download.samba.org/pub/samba/stable/ | |
| 7 | 6 | |||
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 9 | HOMEPAGE= http://www.samba.org/ | 8 | HOMEPAGE= http://www.samba.org/ | |
| 10 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
| 11 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
| 12 | 11 | |||
| 13 | DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | 12 | DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | |
| 14 | 13 | |||
| 15 | VERSION= 4.3.4 | 14 | VERSION= 4.3.8 | |
| 16 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* | 15 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* | |
| 17 | 16 | |||
| 18 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | 17 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | |
| 19 | 18 | |||
| 20 | BUILD_DEFS+= VARBASE | 19 | BUILD_DEFS+= VARBASE | |
| 21 | 20 | |||
| 22 | .include "../../mk/bsd.prefs.mk" | 21 | .include "../../mk/bsd.prefs.mk" | |
| 23 | 22 | |||
| 24 | SMB_LIB?= ${PREFIX}/lib | 23 | SMB_LIB?= ${PREFIX}/lib | |
| 25 | 24 | |||
| 26 | PKG_SYSCONFSUBDIR= samba | 25 | PKG_SYSCONFSUBDIR= samba | |
| 27 | SMB_SHAREDSTATE?= ${PREFIX}/com | 26 | SMB_SHAREDSTATE?= ${PREFIX}/com | |
| 28 | SMB_LOCALSTATE?= ${VARBASE} | 27 | SMB_LOCALSTATE?= ${VARBASE} |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.5 2016/01/31 20:28:23 ryoon Exp $ | 1 | @comment $NetBSD: PLIST,v 1.5.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
| 2 | bin/cifsdd | 2 | bin/cifsdd | |
| 3 | bin/dbwrap_tool | 3 | bin/dbwrap_tool | |
| 4 | bin/eventlogadm | 4 | bin/eventlogadm | |
| 5 | bin/gentest | 5 | bin/gentest | |
| 6 | bin/ldbadd | 6 | bin/ldbadd | |
| 7 | bin/ldbdel | 7 | bin/ldbdel | |
| 8 | bin/ldbedit | 8 | bin/ldbedit | |
| 9 | bin/ldbmodify | 9 | bin/ldbmodify | |
| 10 | bin/ldbrename | 10 | bin/ldbrename | |
| 11 | bin/ldbsearch | 11 | bin/ldbsearch | |
| 12 | bin/locktest | 12 | bin/locktest | |
| 13 | bin/masktest | 13 | bin/masktest | |
| 14 | bin/ndrdump | 14 | bin/ndrdump | |
| @@ -389,38 +389,39 @@ ${PYSITELIB}/samba/tdb_util.py | @@ -389,38 +389,39 @@ ${PYSITELIB}/samba/tdb_util.py | |||
| 389 | ${PYSITELIB}/samba/tests/__init__.py | 389 | ${PYSITELIB}/samba/tests/__init__.py | |
| 390 | ${PYSITELIB}/samba/tests/auth.py | 390 | ${PYSITELIB}/samba/tests/auth.py | |
| 391 | ${PYSITELIB}/samba/tests/blackbox/__init__.py | 391 | ${PYSITELIB}/samba/tests/blackbox/__init__.py | |
| 392 | ${PYSITELIB}/samba/tests/blackbox/ndrdump.py | 392 | ${PYSITELIB}/samba/tests/blackbox/ndrdump.py | |
| 393 | ${PYSITELIB}/samba/tests/blackbox/samba_tool_drs.py | 393 | ${PYSITELIB}/samba/tests/blackbox/samba_tool_drs.py | |
| 394 | ${PYSITELIB}/samba/tests/common.py | 394 | ${PYSITELIB}/samba/tests/common.py | |
| 395 | ${PYSITELIB}/samba/tests/core.py | 395 | ${PYSITELIB}/samba/tests/core.py | |
| 396 | ${PYSITELIB}/samba/tests/credentials.py | 396 | ${PYSITELIB}/samba/tests/credentials.py | |
| 397 | ${PYSITELIB}/samba/tests/dcerpc/__init__.py | 397 | ${PYSITELIB}/samba/tests/dcerpc/__init__.py | |
| 398 | ${PYSITELIB}/samba/tests/dcerpc/bare.py | 398 | ${PYSITELIB}/samba/tests/dcerpc/bare.py | |
| 399 | ${PYSITELIB}/samba/tests/dcerpc/dnsserver.py | 399 | ${PYSITELIB}/samba/tests/dcerpc/dnsserver.py | |
| 400 | ${PYSITELIB}/samba/tests/dcerpc/integer.py | 400 | ${PYSITELIB}/samba/tests/dcerpc/integer.py | |
| 401 | ${PYSITELIB}/samba/tests/dcerpc/misc.py | 401 | ${PYSITELIB}/samba/tests/dcerpc/misc.py | |
| 402 | ${PYSITELIB}/samba/tests/dcerpc/raw_protocol.py | |||
| 402 | ${PYSITELIB}/samba/tests/dcerpc/registry.py | 403 | ${PYSITELIB}/samba/tests/dcerpc/registry.py | |
| 403 | ${PYSITELIB}/samba/tests/dcerpc/rpc_talloc.py | 404 | ${PYSITELIB}/samba/tests/dcerpc/rpc_talloc.py | |
| 404 | ${PYSITELIB}/samba/tests/dcerpc/rpcecho.py | 405 | ${PYSITELIB}/samba/tests/dcerpc/rpcecho.py | |
| 405 | ${PYSITELIB}/samba/tests/dcerpc/sam.py | 406 | ${PYSITELIB}/samba/tests/dcerpc/sam.py | |
| 406 | ${PYSITELIB}/samba/tests/dcerpc/srvsvc.py | 407 | ${PYSITELIB}/samba/tests/dcerpc/srvsvc.py | |
| 407 | ${PYSITELIB}/samba/tests/dcerpc/testrpc.py | 408 | ${PYSITELIB}/samba/tests/dcerpc/testrpc.py | |
| 408 | ${PYSITELIB}/samba/tests/dcerpc/unix.py | 409 | ${PYSITELIB}/samba/tests/dcerpc/unix.py | |
| 409 | ${PYSITELIB}/samba/tests/dns.py | 410 | ${PYSITELIB}/samba/tests/dns.py | |
| 410 | ${PYSITELIB}/samba/tests/docs.py | 411 | ${PYSITELIB}/samba/tests/docs.py | |
| 411 | ${PYSITELIB}/samba/tests/dsdb.py | 412 | ${PYSITELIB}/samba/tests/dsdb.py | |
| 412 | ${PYSITELIB}/samba/tests/gensec.py | 413 | ${PYSITELIB}/samba/tests/gensec.py | |
| 413 | ${PYSITELIB}/samba/tests/getopt.py | 414 | ${PYSITELIB}/samba/tests/get_opt.py | |
| 414 | ${PYSITELIB}/samba/tests/hostconfig.py | 415 | ${PYSITELIB}/samba/tests/hostconfig.py | |
| 415 | ${PYSITELIB}/samba/tests/kcc/__init__.py | 416 | ${PYSITELIB}/samba/tests/kcc/__init__.py | |
| 416 | ${PYSITELIB}/samba/tests/kcc/graph.py | 417 | ${PYSITELIB}/samba/tests/kcc/graph.py | |
| 417 | ${PYSITELIB}/samba/tests/kcc/graph_utils.py | 418 | ${PYSITELIB}/samba/tests/kcc/graph_utils.py | |
| 418 | ${PYSITELIB}/samba/tests/kcc/kcc_utils.py | 419 | ${PYSITELIB}/samba/tests/kcc/kcc_utils.py | |
| 419 | ${PYSITELIB}/samba/tests/kcc/ldif_import_export.py | 420 | ${PYSITELIB}/samba/tests/kcc/ldif_import_export.py | |
| 420 | ${PYSITELIB}/samba/tests/libsmb_samba_internal.py | 421 | ${PYSITELIB}/samba/tests/libsmb_samba_internal.py | |
| 421 | ${PYSITELIB}/samba/tests/messaging.py | 422 | ${PYSITELIB}/samba/tests/messaging.py | |
| 422 | ${PYSITELIB}/samba/tests/netcmd.py | 423 | ${PYSITELIB}/samba/tests/netcmd.py | |
| 423 | ${PYSITELIB}/samba/tests/ntacls.py | 424 | ${PYSITELIB}/samba/tests/ntacls.py | |
| 424 | ${PYSITELIB}/samba/tests/param.py | 425 | ${PYSITELIB}/samba/tests/param.py | |
| 425 | ${PYSITELIB}/samba/tests/policy.py | 426 | ${PYSITELIB}/samba/tests/policy.py | |
| 426 | ${PYSITELIB}/samba/tests/posixacl.py | 427 | ${PYSITELIB}/samba/tests/posixacl.py |
| @@ -1,16 +1,15 @@ | @@ -1,16 +1,15 @@ | |||
| 1 | $NetBSD: distinfo,v 1.8 2016/01/31 20:28:23 ryoon Exp $ | 1 | $NetBSD: distinfo,v 1.8.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (samba-4.3.4.tar.gz) = adb58a4d147da327148784bed1ee7842382a6f28 | 3 | SHA1 (samba-4.3.8.tar.gz) = e7ff0e040e2b273ac14f1bb3b65d643c2abf0ca7 | |
| 4 | RMD160 (samba-4.3.4.tar.gz) = c4dcb392be9d3201a7b02543b4e3ee6f7eeee646 | 4 | RMD160 (samba-4.3.8.tar.gz) = b84f715a5f46ed8486919ae2d247886cc70af2ae | |
| 5 | SHA512 (samba-4.3.4.tar.gz) = 021351534a70cd351934d7f8bfc3c4e9ed9ea3f11f778f6f9d076b3368103f7f478ff1745cb257de0bf2ee38ae76ecba58e01a4db6cbcacbd8a4876e8e1b30f2 | 5 | Size (samba-4.3.8.tar.gz) = 20568773 bytes | |
| 6 | Size (samba-4.3.4.tar.gz) = 20434434 bytes | |||
| 7 | SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 | 6 | SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 | |
| 8 | SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 | 7 | SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 | |
| 9 | SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb | 8 | SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb | |
| 10 | SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 | 9 | SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 | |
| 11 | SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b | 10 | SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b | |
| 12 | SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 | 11 | SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 | |
| 13 | SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb | 12 | SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb | |
| 14 | SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 | 13 | SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 | |
| 15 | SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 | 14 | SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 | |
| 16 | SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff | 15 | SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff |