Pullup ticket #4958 - requested by manu net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.17 - net/samba4/PLIST 1.6 - net/samba4/distinfo 1.9 --- Module Name: pkgsrc Committed By: manu Date: Wed Apr 13 08:26:10 UTC 2016 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: Update net/samba4 to 4.3.8 This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities: o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) o CVE-2016-2115 (SMB IPC traffic is not integrity protected) o CVE-2016-2114 ("server signing = mandatory" not enforced) o CVE-2016-2113 (Missing TLS certificate validation) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) o CVE-2015-5370 (Multiple errors in DCE-RPC code)diff -r1.16 -r1.16.2.1 pkgsrc/net/samba4/Makefile
(bsiegert)
@@ -1,28 +1,27 @@ | @@ -1,28 +1,27 @@ | |||
1 | # $NetBSD: Makefile,v 1.16 2016/03/05 11:29:11 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.16.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= samba-${VERSION} | 3 | DISTNAME= samba-${VERSION} | |
4 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 4 | CATEGORIES= net | |
6 | MASTER_SITES= http://download.samba.org/pub/samba/stable/ | 5 | MASTER_SITES= http://download.samba.org/pub/samba/stable/ | |
7 | 6 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.samba.org/ | 8 | HOMEPAGE= http://www.samba.org/ | |
10 | COMMENT= SMB/CIFS protocol server suite | 9 | COMMENT= SMB/CIFS protocol server suite | |
11 | LICENSE= gnu-gpl-v3 | 10 | LICENSE= gnu-gpl-v3 | |
12 | 11 | |||
13 | DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | 12 | DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | |
14 | 13 | |||
15 | VERSION= 4.3.4 | 14 | VERSION= 4.3.8 | |
16 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* | 15 | CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* | |
17 | 16 | |||
18 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | 17 | BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat | |
19 | 18 | |||
20 | BUILD_DEFS+= VARBASE | 19 | BUILD_DEFS+= VARBASE | |
21 | 20 | |||
22 | .include "../../mk/bsd.prefs.mk" | 21 | .include "../../mk/bsd.prefs.mk" | |
23 | 22 | |||
24 | SMB_LIB?= ${PREFIX}/lib | 23 | SMB_LIB?= ${PREFIX}/lib | |
25 | 24 | |||
26 | PKG_SYSCONFSUBDIR= samba | 25 | PKG_SYSCONFSUBDIR= samba | |
27 | SMB_SHAREDSTATE?= ${PREFIX}/com | 26 | SMB_SHAREDSTATE?= ${PREFIX}/com | |
28 | SMB_LOCALSTATE?= ${VARBASE} | 27 | SMB_LOCALSTATE?= ${VARBASE} |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.5 2016/01/31 20:28:23 ryoon Exp $ | 1 | @comment $NetBSD: PLIST,v 1.5.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
2 | bin/cifsdd | 2 | bin/cifsdd | |
3 | bin/dbwrap_tool | 3 | bin/dbwrap_tool | |
4 | bin/eventlogadm | 4 | bin/eventlogadm | |
5 | bin/gentest | 5 | bin/gentest | |
6 | bin/ldbadd | 6 | bin/ldbadd | |
7 | bin/ldbdel | 7 | bin/ldbdel | |
8 | bin/ldbedit | 8 | bin/ldbedit | |
9 | bin/ldbmodify | 9 | bin/ldbmodify | |
10 | bin/ldbrename | 10 | bin/ldbrename | |
11 | bin/ldbsearch | 11 | bin/ldbsearch | |
12 | bin/locktest | 12 | bin/locktest | |
13 | bin/masktest | 13 | bin/masktest | |
14 | bin/ndrdump | 14 | bin/ndrdump | |
@@ -389,38 +389,39 @@ ${PYSITELIB}/samba/tdb_util.py | @@ -389,38 +389,39 @@ ${PYSITELIB}/samba/tdb_util.py | |||
389 | ${PYSITELIB}/samba/tests/__init__.py | 389 | ${PYSITELIB}/samba/tests/__init__.py | |
390 | ${PYSITELIB}/samba/tests/auth.py | 390 | ${PYSITELIB}/samba/tests/auth.py | |
391 | ${PYSITELIB}/samba/tests/blackbox/__init__.py | 391 | ${PYSITELIB}/samba/tests/blackbox/__init__.py | |
392 | ${PYSITELIB}/samba/tests/blackbox/ndrdump.py | 392 | ${PYSITELIB}/samba/tests/blackbox/ndrdump.py | |
393 | ${PYSITELIB}/samba/tests/blackbox/samba_tool_drs.py | 393 | ${PYSITELIB}/samba/tests/blackbox/samba_tool_drs.py | |
394 | ${PYSITELIB}/samba/tests/common.py | 394 | ${PYSITELIB}/samba/tests/common.py | |
395 | ${PYSITELIB}/samba/tests/core.py | 395 | ${PYSITELIB}/samba/tests/core.py | |
396 | ${PYSITELIB}/samba/tests/credentials.py | 396 | ${PYSITELIB}/samba/tests/credentials.py | |
397 | ${PYSITELIB}/samba/tests/dcerpc/__init__.py | 397 | ${PYSITELIB}/samba/tests/dcerpc/__init__.py | |
398 | ${PYSITELIB}/samba/tests/dcerpc/bare.py | 398 | ${PYSITELIB}/samba/tests/dcerpc/bare.py | |
399 | ${PYSITELIB}/samba/tests/dcerpc/dnsserver.py | 399 | ${PYSITELIB}/samba/tests/dcerpc/dnsserver.py | |
400 | ${PYSITELIB}/samba/tests/dcerpc/integer.py | 400 | ${PYSITELIB}/samba/tests/dcerpc/integer.py | |
401 | ${PYSITELIB}/samba/tests/dcerpc/misc.py | 401 | ${PYSITELIB}/samba/tests/dcerpc/misc.py | |
402 | ${PYSITELIB}/samba/tests/dcerpc/raw_protocol.py | |||
402 | ${PYSITELIB}/samba/tests/dcerpc/registry.py | 403 | ${PYSITELIB}/samba/tests/dcerpc/registry.py | |
403 | ${PYSITELIB}/samba/tests/dcerpc/rpc_talloc.py | 404 | ${PYSITELIB}/samba/tests/dcerpc/rpc_talloc.py | |
404 | ${PYSITELIB}/samba/tests/dcerpc/rpcecho.py | 405 | ${PYSITELIB}/samba/tests/dcerpc/rpcecho.py | |
405 | ${PYSITELIB}/samba/tests/dcerpc/sam.py | 406 | ${PYSITELIB}/samba/tests/dcerpc/sam.py | |
406 | ${PYSITELIB}/samba/tests/dcerpc/srvsvc.py | 407 | ${PYSITELIB}/samba/tests/dcerpc/srvsvc.py | |
407 | ${PYSITELIB}/samba/tests/dcerpc/testrpc.py | 408 | ${PYSITELIB}/samba/tests/dcerpc/testrpc.py | |
408 | ${PYSITELIB}/samba/tests/dcerpc/unix.py | 409 | ${PYSITELIB}/samba/tests/dcerpc/unix.py | |
409 | ${PYSITELIB}/samba/tests/dns.py | 410 | ${PYSITELIB}/samba/tests/dns.py | |
410 | ${PYSITELIB}/samba/tests/docs.py | 411 | ${PYSITELIB}/samba/tests/docs.py | |
411 | ${PYSITELIB}/samba/tests/dsdb.py | 412 | ${PYSITELIB}/samba/tests/dsdb.py | |
412 | ${PYSITELIB}/samba/tests/gensec.py | 413 | ${PYSITELIB}/samba/tests/gensec.py | |
413 | ${PYSITELIB}/samba/tests/getopt.py | 414 | ${PYSITELIB}/samba/tests/get_opt.py | |
414 | ${PYSITELIB}/samba/tests/hostconfig.py | 415 | ${PYSITELIB}/samba/tests/hostconfig.py | |
415 | ${PYSITELIB}/samba/tests/kcc/__init__.py | 416 | ${PYSITELIB}/samba/tests/kcc/__init__.py | |
416 | ${PYSITELIB}/samba/tests/kcc/graph.py | 417 | ${PYSITELIB}/samba/tests/kcc/graph.py | |
417 | ${PYSITELIB}/samba/tests/kcc/graph_utils.py | 418 | ${PYSITELIB}/samba/tests/kcc/graph_utils.py | |
418 | ${PYSITELIB}/samba/tests/kcc/kcc_utils.py | 419 | ${PYSITELIB}/samba/tests/kcc/kcc_utils.py | |
419 | ${PYSITELIB}/samba/tests/kcc/ldif_import_export.py | 420 | ${PYSITELIB}/samba/tests/kcc/ldif_import_export.py | |
420 | ${PYSITELIB}/samba/tests/libsmb_samba_internal.py | 421 | ${PYSITELIB}/samba/tests/libsmb_samba_internal.py | |
421 | ${PYSITELIB}/samba/tests/messaging.py | 422 | ${PYSITELIB}/samba/tests/messaging.py | |
422 | ${PYSITELIB}/samba/tests/netcmd.py | 423 | ${PYSITELIB}/samba/tests/netcmd.py | |
423 | ${PYSITELIB}/samba/tests/ntacls.py | 424 | ${PYSITELIB}/samba/tests/ntacls.py | |
424 | ${PYSITELIB}/samba/tests/param.py | 425 | ${PYSITELIB}/samba/tests/param.py | |
425 | ${PYSITELIB}/samba/tests/policy.py | 426 | ${PYSITELIB}/samba/tests/policy.py | |
426 | ${PYSITELIB}/samba/tests/posixacl.py | 427 | ${PYSITELIB}/samba/tests/posixacl.py |
@@ -1,16 +1,15 @@ | @@ -1,16 +1,15 @@ | |||
1 | $NetBSD: distinfo,v 1.8 2016/01/31 20:28:23 ryoon Exp $ | 1 | $NetBSD: distinfo,v 1.8.2.1 2016/04/15 07:25:11 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (samba-4.3.4.tar.gz) = adb58a4d147da327148784bed1ee7842382a6f28 | 3 | SHA1 (samba-4.3.8.tar.gz) = e7ff0e040e2b273ac14f1bb3b65d643c2abf0ca7 | |
4 | RMD160 (samba-4.3.4.tar.gz) = c4dcb392be9d3201a7b02543b4e3ee6f7eeee646 | 4 | RMD160 (samba-4.3.8.tar.gz) = b84f715a5f46ed8486919ae2d247886cc70af2ae | |
5 | SHA512 (samba-4.3.4.tar.gz) = 021351534a70cd351934d7f8bfc3c4e9ed9ea3f11f778f6f9d076b3368103f7f478ff1745cb257de0bf2ee38ae76ecba58e01a4db6cbcacbd8a4876e8e1b30f2 | 5 | Size (samba-4.3.8.tar.gz) = 20568773 bytes | |
6 | Size (samba-4.3.4.tar.gz) = 20434434 bytes | |||
7 | SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 | 6 | SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 | |
8 | SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 | 7 | SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 | |
9 | SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb | 8 | SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb | |
10 | SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 | 9 | SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 | |
11 | SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b | 10 | SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b | |
12 | SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 | 11 | SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 | |
13 | SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb | 12 | SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb | |
14 | SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 | 13 | SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 | |
15 | SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 | 14 | SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 | |
16 | SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff | 15 | SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff |