Fri May 13 14:49:20 2016 UTC ()
Pullup ticket #5011 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.18
- net/samba4/PLIST                                              1.7
- net/samba4/distinfo                                           1.10
- net/samba4/patches/patch-lib_nss__wrapper_wscript             deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat May  7 03:09:33 UTC 2016

   Modified Files:
   	pkgsrc/net/samba4: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/net/samba4/patches: patch-lib_nss__wrapper_wscript

   Log Message:
   Update samba4 to 4.3.8, which contains security fix.

   This release fixes some regressions introduced by the last security fixes.
   Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
   bugs addressing these regressions and more information.

   Changes since 4.3.8:
   --------------------

   o  Jeremy Allison <jra@samba.org>
     * BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
     * BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
     * BUG 11822: s3: libsmb: Fix error where short name length was read as 2
       bytes, should be 1.

   o  Andrew Bartlett <abartlet@samba.org>
     * BUG 11780: smbd: Only check dev/inode in open_directory, not the full
       stat().
     * BUG 11789: pydsdb: Fix returning of ldb.MessageElement.

   o  Berend De Schouwer <berend.de.schouwer@gmail.com>
     * BUG 11643: docs: Add example for domain logins to smbspool man page.

   o  Gç«Żnther Deschner <gd@samba.org>
     * BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.

   o  Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
     * BUG 8093: access based share enum: Handle permission set in configuration
        files.

   o  Volker Lendecke <vl@samba.org>
     * BUG 11816: nwrap: Fix the build on Solaris.
     * BUG 11827: vfs_catia: Fix memleak.
     * BUG 11878: smbd: Avoid large reads beyond EOF.

   o  Stefan Metzmacher <metze@samba.org>
     * BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
       dereferencing an ioctl response.
     * BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
     * BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
       ldap_add.
     * BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
       restored.
     * BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
       list.
     * BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
     * BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
     * BUG 11847: Only validate MIC if "map to guest" is not being used.
     * BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
       option for testing.
     * BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
     * BUG 11858: Allow anonymous smb connections.
     * BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
     * BUG 11872: Fix 'wbinfo -u' and 'net ads search'.

   o  Noel Power <noel.power@suse.com>
     * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.

   o  Garming Sam <garming@catalyst.net.nz>
     * BUG 11789: build: Mark explicit dependencies on pytalloc-util.

   o  Partha Sarathi <partha@exablox.com>
     * BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
       infolevel.

   o  Jorge Schrauwen <sjorge@blackdot.be>
     * BUG 11816: configure: Don't check for inotify on illumos.

   o  Uri Simchoni <uri@samba.org>
     * BUG 11691: winbindd: Return trust parameters when listing trusts.
     * BUG 11753: smbd: Ignore SVHDX create context.
     * BUG 11763: passdb: Add linefeed to debug message.
     * BUG 11788: build: Fix disk-free quota support on Solaris 10.
     * BUG 11798: build: Fix build when '--without-quota' specified.
     * BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
       is set.
     * BUG 11852: libads: Record session expiry for spnego sasl binds.

   o  Hemanth Thummala <hemanth.thummala@nutanix.com>
     * BUG 11740: Real memory leak(buildup) issue in loadparm.
     * BUG 11840: Mask general purpose signals for notifyd.


(bsiegert)
diff -r1.16.2.1 -r1.16.2.2 pkgsrc/net/samba4/Makefile
diff -r1.5.2.1 -r1.5.2.2 pkgsrc/net/samba4/PLIST
diff -r1.8.2.1 -r1.8.2.2 pkgsrc/net/samba4/distinfo
diff -r1.1 -r0 pkgsrc/net/samba4/patches/patch-lib_nss__wrapper_wscript
cvs diff -r1.16.2.1 -r1.16.2.2 pkgsrc/net/samba4/Makefile (expand / switch to unified diff)

--- pkgsrc/net/samba4/Makefile 2016/04/15 07:25:11 1.16.2.1
+++ pkgsrc/net/samba4/Makefile 2016/05/13 14:49:20 1.16.2.2
@@ -1,27 +1,27 @@ @@ -1,27 +1,27 @@
1# $NetBSD: Makefile,v 1.16.2.1 2016/04/15 07:25:11 bsiegert Exp $ 1# $NetBSD: Makefile,v 1.16.2.2 2016/05/13 14:49:20 bsiegert Exp $
2 2
3DISTNAME= samba-${VERSION} 3DISTNAME= samba-${VERSION}
4CATEGORIES= net 4CATEGORIES= net
5MASTER_SITES= http://download.samba.org/pub/samba/stable/ 5MASTER_SITES= http://download.samba.org/pub/samba/stable/
6 6
7MAINTAINER= pkgsrc-users@NetBSD.org 7MAINTAINER= pkgsrc-users@NetBSD.org
8HOMEPAGE= http://www.samba.org/ 8HOMEPAGE= http://www.samba.org/
9COMMENT= SMB/CIFS protocol server suite 9COMMENT= SMB/CIFS protocol server suite
10LICENSE= gnu-gpl-v3 10LICENSE= gnu-gpl-v3
11 11
12DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat 12DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
13 13
14VERSION= 4.3.8 14VERSION= 4.3.9
15CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]* 15CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]*
16 16
17BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat 17BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
18 18
19BUILD_DEFS+= VARBASE 19BUILD_DEFS+= VARBASE
20 20
21.include "../../mk/bsd.prefs.mk" 21.include "../../mk/bsd.prefs.mk"
22 22
23SMB_LIB?= ${PREFIX}/lib 23SMB_LIB?= ${PREFIX}/lib
24 24
25PKG_SYSCONFSUBDIR= samba 25PKG_SYSCONFSUBDIR= samba
26SMB_SHAREDSTATE?= ${PREFIX}/com 26SMB_SHAREDSTATE?= ${PREFIX}/com
27SMB_LOCALSTATE?= ${VARBASE} 27SMB_LOCALSTATE?= ${VARBASE}
cvs diff -r1.5.2.1 -r1.5.2.2 pkgsrc/net/samba4/PLIST (expand / switch to unified diff)

--- pkgsrc/net/samba4/PLIST 2016/04/15 07:25:11 1.5.2.1
+++ pkgsrc/net/samba4/PLIST 2016/05/13 14:49:20 1.5.2.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.5.2.1 2016/04/15 07:25:11 bsiegert Exp $ 1@comment $NetBSD: PLIST,v 1.5.2.2 2016/05/13 14:49:20 bsiegert Exp $
2bin/cifsdd 2bin/cifsdd
3bin/dbwrap_tool 3bin/dbwrap_tool
4bin/eventlogadm 4bin/eventlogadm
5bin/gentest 5bin/gentest
6bin/ldbadd 6bin/ldbadd
7bin/ldbdel 7bin/ldbdel
8bin/ldbedit 8bin/ldbedit
9bin/ldbmodify 9bin/ldbmodify
10bin/ldbrename 10bin/ldbrename
11bin/ldbsearch 11bin/ldbsearch
12bin/locktest 12bin/locktest
13bin/masktest 13bin/masktest
14bin/ndrdump 14bin/ndrdump
@@ -639,27 +639,27 @@ lib/samba/private/libsmbd-conn-samba4.so @@ -639,27 +639,27 @@ lib/samba/private/libsmbd-conn-samba4.so
639lib/samba/private/libsmbd-shim-samba4.so 639lib/samba/private/libsmbd-shim-samba4.so
640${PLIST.ldap}lib/samba/private/libsmbldaphelper-samba4.so 640${PLIST.ldap}lib/samba/private/libsmbldaphelper-samba4.so
641lib/samba/private/libsmbpasswdparser-samba4.so 641lib/samba/private/libsmbpasswdparser-samba4.so
642lib/samba/private/libsmbregistry-samba4.so 642lib/samba/private/libsmbregistry-samba4.so
643lib/samba/private/libsocket-blocking-samba4.so 643lib/samba/private/libsocket-blocking-samba4.so
644lib/samba/private/libsys-rw-samba4.so 644lib/samba/private/libsys-rw-samba4.so
645lib/samba/private/libtalloc-report-samba4.so 645lib/samba/private/libtalloc-report-samba4.so
646lib/samba/private/libtalloc.so.2 646lib/samba/private/libtalloc.so.2
647lib/samba/private/libtalloc.so.2.1.3 647lib/samba/private/libtalloc.so.2.1.3
648lib/samba/private/libtdb-wrap-samba4.so 648lib/samba/private/libtdb-wrap-samba4.so
649lib/samba/private/libtdb.so.1 649lib/samba/private/libtdb.so.1
650lib/samba/private/libtdb.so.1.3.7 650lib/samba/private/libtdb.so.1.3.7
651lib/samba/private/libtevent.so.0 651lib/samba/private/libtevent.so.0
652lib/samba/private/libtevent.so.0.9.25 652lib/samba/private/libtevent.so.0.9.28
653lib/samba/private/libtime-basic-samba4.so 653lib/samba/private/libtime-basic-samba4.so
654lib/samba/private/libtrusts-util-samba4.so 654lib/samba/private/libtrusts-util-samba4.so
655lib/samba/private/libutil-cmdline-samba4.so 655lib/samba/private/libutil-cmdline-samba4.so
656lib/samba/private/libutil-reg-samba4.so 656lib/samba/private/libutil-reg-samba4.so
657lib/samba/private/libutil-setid-samba4.so 657lib/samba/private/libutil-setid-samba4.so
658lib/samba/private/libutil-tdb-samba4.so 658lib/samba/private/libutil-tdb-samba4.so
659lib/samba/private/libwinbind-client-samba4.so 659lib/samba/private/libwinbind-client-samba4.so
660lib/samba/private/libxattr-tdb-samba4.so 660lib/samba/private/libxattr-tdb-samba4.so
661${PLIST.pam}lib/samba/security/pam_smbpass.so 661${PLIST.pam}lib/samba/security/pam_smbpass.so
662${PLIST.pam}lib/samba/security/pam_winbind.so 662${PLIST.pam}lib/samba/security/pam_winbind.so
663lib/samba/vfs/acl_tdb.so 663lib/samba/vfs/acl_tdb.so
664lib/samba/vfs/acl_xattr.so 664lib/samba/vfs/acl_xattr.so
665lib/samba/vfs/aio_fork.so 665lib/samba/vfs/aio_fork.so
cvs diff -r1.8.2.1 -r1.8.2.2 pkgsrc/net/samba4/distinfo (expand / switch to unified diff)

--- pkgsrc/net/samba4/distinfo 2016/04/15 07:25:11 1.8.2.1
+++ pkgsrc/net/samba4/distinfo 2016/05/13 14:49:20 1.8.2.2
@@ -1,15 +1,15 @@ @@ -1,15 +1,15 @@
1$NetBSD: distinfo,v 1.8.2.1 2016/04/15 07:25:11 bsiegert Exp $ 1$NetBSD: distinfo,v 1.8.2.2 2016/05/13 14:49:20 bsiegert Exp $
2 2
3SHA1 (samba-4.3.8.tar.gz) = e7ff0e040e2b273ac14f1bb3b65d643c2abf0ca7 3SHA1 (samba-4.3.9.tar.gz) = d31423f80918af52cd6d5b2005d76d02975dbfd5
4RMD160 (samba-4.3.8.tar.gz) = b84f715a5f46ed8486919ae2d247886cc70af2ae 4RMD160 (samba-4.3.9.tar.gz) = 8bfd170d9c14f75e728a051dea335d3365c2afea
5Size (samba-4.3.8.tar.gz) = 20568773 bytes 5SHA512 (samba-4.3.9.tar.gz) = bc90c88d8defd3acec7c671e8ceacec31e3111540aabee7ec6f11cdeaf61bbd993525e2b765e3b50801c8079e1168cf496b3e5e6a56118d6493ae5da60d34c41
 6Size (samba-4.3.9.tar.gz) = 20570849 bytes
6SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 7SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5
7SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 8SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824
8SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb 
9SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 9SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26
10SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b 10SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b
11SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 11SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669
12SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb 12SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb
13SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 13SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254
14SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 14SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4
15SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff 15SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff
File Deleted: pkgsrc/net/samba4/patches/Attic/patch-lib_nss__wrapper_wscript