Samba 3.0.28 is a security release to address CVE-2007-6015.

Approved by: portmgr (marcus)
author: Timur I. Bakeyev <timur@FreeBSD.org> 2007-12-15 00:00:02 +0000
committer: Timur I. Bakeyev <timur@FreeBSD.org> 2007-12-15 00:00:02 +0000
commit: 16c048e9f14bd5f03f793ba5872ed0112648c43e (patch)
tree: 05c221830f3030bd1e3b22080577f1ab1e67526c /net/samba3
parent: - Update to 20070523i (diff)
6 files changed, 189 insertions, 38 deletions
diff --git a/net/samba3/Makefile b/net/samba3/Makefile
index 7145dc00d83f..634d1f65c9ee 100644
--- a/net/samba3/Makefile
+++ b/net/samba3/Makefile
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=		samba
-PORTVERSION?=		3.0.26a
-PORTREVISION=		2
+PORTVERSION?=		3.0.28
+PORTREVISION=		0
 PORTEPOCH?=		1
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
@@ -17,9 +17,7 @@ DISTNAME=		${PORTNAME}-${PORTVERSION:S/.p/pre/:S/.r/rc/}
 MAINTAINER?=		timur@FreeBSD.org
 COMMENT?=		A free SMB and CIFS client and server for UNIX
 
-FORBIDDEN=		http://vuxml.freebsd.org/ffcbd42d-a8c5-11dc-bec2-02e0185f8d72.html
-
-CONFLICTS?=		ja-samba-2.* ja-samba-3.* samba-2.* sharity-light-1.*
+CONFLICTS?=		ja-samba-2.* ja-samba-3.* samba-2.* sharity-light-1.* tdb-1.*
 
 USE_ICONV=		yes
 GNU_CONFIGURE=		yes
@@ -46,10 +44,6 @@ SAMBA_LIB=		lib
 SAMBA_LIBDIR=		${PREFIX}/${SAMBA_LIB}
 SAMBA_MODULEDIR=	${SAMBA_LIBDIR}/samba
 
-PATCH_SITES=	http://us1.samba.org/samba/ftp/patches/security/	
-PATCHFILES=	samba-3.0.26a-CVE-2007-4572.patch samba-3.0.26a-CVE-2007-5398.patch
-PATCH_DIST_STRIP=	-p2
-
 CONFIGURE_TARGET=	--build="${MACHINE_ARCH}-portbld-freebsd${OSREL}"
 
 CONFIGURE_ARGS+=	--exec-prefix="${PREFIX}" \
@@ -111,6 +105,11 @@ CONFIGURE_ARGS+=	--with-pam --with-readline --with-sendfile-support \
 			--without-libaddns --with-included-iniparser \
 			--enable-largefile
 
+# Sanity checks
+.if exists(${LOCALBASE}/include/tdb.h)
+IGNORE=			doesn't compile when tdb is installed. Uninstall databases/tdb port
+.endif
+
 # Let proccess generate meaningful backtrace on core dump
 LIB_DEPENDS+=		execinfo.1:${PORTSDIR}/devel/libexecinfo
 
@@ -181,13 +180,7 @@ PLIST_SUB+=		WINBIND="@comment " WINBIND_NSS="@comment "
 SUB_LIST+=		WINBIND="@comment " WINBIND_NSS="@comment "
 .endif
 
-.if defined(WITH_FAM_SUPPORT)
-USE_FAM=		yes
-CONFIGURE_ARGS+=	--enable-fam
-.else
-CONFIGURE_ARGS+=	--disable-fam
-.endif
-
+# Add some shared modules
 .if defined(WITH_EXP_MODULES)
 .	if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
 WANT_EXP_MODULES=	idmap_ad idmap_rid charset_weird
@@ -196,6 +189,17 @@ WANT_EXP_MODULES+=	rpc_echo
 .		endif
 WANT_EXP_MODULES+=	vfs_catia vfs_cacheprime vfs_commit
 .	endif
+.endif
+
+.if defined(WITH_FAM_SUPPORT)
+USE_FAM=		yes
+CONFIGURE_ARGS+=	--enable-fam
+WANT_EXP_MODULES+=	vfs_notify_fam
+.else
+CONFIGURE_ARGS+=	--disable-fam
+.endif
+
+.if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
 USE_EXP_MODULES!=	${ECHO_CMD} ${WANT_EXP_MODULES} | ${SED} -E 's/ +/,/g'
 CONFIGURE_ARGS+=	--with-shared-modules="${USE_EXP_MODULES}"
 .endif
diff --git a/net/samba3/distinfo b/net/samba3/distinfo
index 98b61afc8206..739512b33345 100644
--- a/net/samba3/distinfo
+++ b/net/samba3/distinfo
@@ -1,9 +1,3 @@
-MD5 (samba-3.0.26a.tar.gz) = 16b47e6add332e5ac4523fc88c381d06
-SHA256 (samba-3.0.26a.tar.gz) = 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37
-SIZE (samba-3.0.26a.tar.gz) = 18180031
-MD5 (samba-3.0.26a-CVE-2007-4572.patch) = 545990971f3f3757ee0f175170b7bcb6
-SHA256 (samba-3.0.26a-CVE-2007-4572.patch) = d960cf7d26788e87983ee7acb8af8c45d22a034c028cce619582f6a115108491
-SIZE (samba-3.0.26a-CVE-2007-4572.patch) = 8203
-MD5 (samba-3.0.26a-CVE-2007-5398.patch) = 79934d4dcc779a467697e7cf86046631
-SHA256 (samba-3.0.26a-CVE-2007-5398.patch) = 37a0181aa647de7feb888d675ea726e135bbe53bc3099076eaf0682fc1b11b05
-SIZE (samba-3.0.26a-CVE-2007-5398.patch) = 1232
+MD5 (samba-3.0.28.tar.gz) = 8761cd7c02833d959fbebd4f69895075
+SHA256 (samba-3.0.28.tar.gz) = dcaf9213b9f7c749b346214ae21808cd336947c71693b4eca1af6f037725d98e
+SIZE (samba-3.0.28.tar.gz) = 18159912
diff --git a/net/samba3/files/patch-Makefile.in b/net/samba3/files/patch-Makefile.in
index 7eed1927ae02..eb3c4672833e 100644
--- a/net/samba3/files/patch-Makefile.in
+++ b/net/samba3/files/patch-Makefile.in
@@ -1,5 +1,5 @@
 --- Makefile.in.orig	Tue Jun 19 19:11:39 2007
-+++ Makefile.in	Thu Aug 30 23:19:54 2007
++++ Makefile.in	Mon Oct 15 03:26:15 2007
 @@ -424,6 +424,7 @@
  VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o
  VFS_IRIXACL_OBJ = modules/vfs_irixacl.o
@@ -8,6 +8,17 @@
  VFS_CATIA_OBJ = modules/vfs_catia.o
  VFS_CACHEPRIME_OBJ = modules/vfs_cacheprime.o
  VFS_PREALLOC_OBJ = modules/vfs_prealloc.o
+@@ -746,8 +747,8 @@
+             $(RPC_NTSVCS_OBJ) $(RPC_INITSHUTDOWN_OBJ) utils/passwd_util.o \
+ 	    $(LIBGPO_OBJ) $(NSS_INFO_OBJ)
+ 
+-WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \
+-	$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ)
++WINBIND_WINS_NSS_OBJ = $(PARAM_OBJ) $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
++		$(NSSWINS_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ) @WINBIND_WINS_NSS_EXTRA_OBJS@
+ 
+ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
+ 		pam_smbpass/pam_smb_acct.o pam_smbpass/support.o
 @@ -1477,6 +1478,11 @@
  	@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_TRU64ACL_OBJ) \
  		@SONAMEFLAG@`basename $@`
diff --git a/net/samba3/files/patch-configure.in b/net/samba3/files/patch-configure.in
index 83cd1371ccdb..28d9c588b054 100644
--- a/net/samba3/files/patch-configure.in
+++ b/net/samba3/files/patch-configure.in
@@ -1,6 +1,6 @@
---- configure.in.orig	Mon Aug 20 15:04:51 2007
-+++ configure.in	Fri Aug 31 00:59:33 2007
-@@ -1041,6 +1041,21 @@
+--- configure.in.orig	Wed Nov 21 04:58:01 2007
++++ configure.in	Thu Dec 13 04:34:07 2007
+@@ -1052,6 +1052,21 @@
     AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
  fi
  
@@ -22,7 +22,7 @@
  AC_CACHE_CHECK([for struct timespec type],samba_cv_struct_timespec, [
      AC_TRY_COMPILE([
  #include <sys/types.h>
-@@ -1244,6 +1259,7 @@
+@@ -1255,6 +1270,7 @@
  
  # Find a method of generating a stack trace
  AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h)
@@ -30,7 +30,7 @@
  AC_CHECK_FUNCS(backtrace_symbols)
  AC_CHECK_LIB(exc, trace_back_stack)
  
-@@ -4041,10 +4057,10 @@
+@@ -4052,10 +4068,10 @@
  
    ################################################################
    # first test for Active Directory support being enabled
@@ -45,7 +45,7 @@
    ##################################################################
    # then test for uuid.h (necessary to generate unique DNS keynames
    # (uuid.h is required for this test)
-@@ -5115,7 +5131,7 @@
+@@ -5126,7 +5142,7 @@
  #################################################
  # check for ACL support
  
@@ -54,7 +54,7 @@
  AC_ARG_WITH(acl-support,
  [  --with-acl-support      Include ACL support (default=no)],
  [ case "$withval" in
-@@ -5123,43 +5139,37 @@
+@@ -5134,43 +5150,37 @@
  
  	case "$host_os" in
  	*sysv5*)
@@ -105,7 +105,7 @@
  	*linux*)
  		AC_CHECK_LIB(attr,getxattr,[ACL_LIBS="$ACL_LIBS -lattr"])
         		AC_CHECK_LIB(acl,acl_get_file,[ACL_LIBS="$ACL_LIBS -lacl"])
-@@ -5180,7 +5190,7 @@
+@@ -5191,7 +5201,7 @@
  			LIBS=$acl_LIBS
  		])
  		if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
@@ -114,7 +114,7 @@
  			AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether POSIX ACLs are available])
  			AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[
  				acl_LIBS=$LIBS
-@@ -5201,12 +5211,18 @@
+@@ -5212,12 +5222,18 @@
  				AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
  			fi
  		fi
@@ -137,7 +137,7 @@
  			AC_TRY_LINK([
  				#include <sys/types.h>
  				#include <sys/acl.h>
-@@ -5219,20 +5235,20 @@
+@@ -5230,20 +5246,20 @@
  			[samba_cv_HAVE_POSIX_ACLS=yes],
  			[samba_cv_HAVE_POSIX_ACLS=no])
  			LIBS=$acl_LIBS
@@ -163,7 +163,7 @@
  				],
  				[samba_cv_HAVE_ACL_GET_PERM_NP=yes],
  				[samba_cv_HAVE_ACL_GET_PERM_NP=no])
-@@ -5241,17 +5257,22 @@
+@@ -5252,17 +5268,22 @@
  			if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then
  				AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available])
  			fi
@@ -188,7 +188,24 @@
  )
  
  if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then
-@@ -6082,6 +6103,7 @@
+@@ -5736,6 +5757,7 @@
+ 		NSSSONAMEVERSIONSUFFIX=".1"
+ 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
+ 		    nsswitch/winbind_nss_linux.o"
++		WINBIND_WINS_NSS_EXTRA_OBJS="nsswitch/wins_freebsd.o nsswitch/wins.o"
+ 		WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
+ 		WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
+ 		;;
+@@ -5792,6 +5814,8 @@
+ AC_SUBST(WINBIND_NSS_LDSHFLAGS)
+ AC_SUBST(WINBIND_NSS_EXTRA_OBJS)
+ AC_SUBST(WINBIND_NSS_EXTRA_LIBS)
++AC_SUBST(WINBIND_WINS_NSS_EXTRA_OBJS)
++AC_SUBST(WINBIND_WINS_NSS_EXTRA_LIBS)
+ AC_SUBST(NSSSONAMEVERSIONSUFFIX)
+ 
+ AC_SUBST(SMB_KRB5_LOCATOR)
+@@ -6093,12 +6117,14 @@
  SMB_MODULE(vfs_irixacl, \$(VFS_IRIXACL_OBJ), "bin/irixacl.$SHLIBEXT", VFS)
  SMB_MODULE(vfs_hpuxacl, \$(VFS_HPUXACL_OBJ), "bin/hpuxacl.$SHLIBEXT", VFS)
  SMB_MODULE(vfs_tru64acl, \$(VFS_TRU64ACL_OBJ), "bin/tru64acl.$SHLIBEXT", VFS)
@@ -196,3 +213,10 @@
  SMB_MODULE(vfs_catia, \$(VFS_CATIA_OBJ), "bin/catia.$SHLIBEXT", VFS)
  SMB_MODULE(vfs_cacheprime, \$(VFS_CACHEPRIME_OBJ), "bin/cacheprime.$SHLIBEXT", VFS)
  SMB_MODULE(vfs_prealloc, \$(VFS_PREALLOC_OBJ), "bin/prealloc.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_commit, \$(VFS_COMMIT_OBJ), "bin/commit.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), "bin/gpfs.$SHLIBEXT", VFS)
+ SMB_MODULE(vfs_readahead, \$(VFS_READAHEAD_OBJ), "bin/readahead.$SHLIBEXT", VFS)
++SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
+ 
+ SMB_SUBSYSTEM(VFS,smbd/vfs.o)
+ 
diff --git a/net/samba3/files/patch-nsswitch__wins_freebsd.c b/net/samba3/files/patch-nsswitch__wins_freebsd.c
new file mode 100644
index 000000000000..0c52fad92a28
--- /dev/null
+++ b/net/samba3/files/patch-nsswitch__wins_freebsd.c
@@ -0,0 +1,116 @@
+--- /dev/null	Mon Oct 15 03:11:01 2007
++++ nsswitch/wins_freebsd.c	Mon Oct 15 03:18:44 2007
+@@ -0,0 +1,113 @@
++/* 
++   Unix SMB/CIFS implementation.
++
++   Copyright (C) Timur I. Bakeyev 2007
++   
++   This library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Library General Public
++   License as published by the Free Software Foundation; either
++   version 2 of the License, or (at your option) any later version.
++   
++   This library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Library General Public License for more details.
++   
++   You should have received a copy of the GNU Library General Public
++   License along with this library; if not, write to the
++   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
++   Boston, MA  02111-1307, USA.   
++*/
++
++#include "winbind_client.h"
++
++NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he,
++			  char *buffer, size_t buflen, int *h_errnop);
++
++NSS_STATUS _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he,
++			   char *buffer, size_t buflen, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_wins_freebsd_gethostbyname_r);
++NSS_METHOD_PROTOTYPE(__nss_wins_freebsd_gethostbyname2_r);
++
++static ns_mtab methods[] =
++{
++/*
++	{ NSDB_HOSTS, "getaddrinfo",	  NULL, NULL },
++	{ NSDB_HOSTS, "ghbyname",	  NULL, NULL },
++	{ NSDB_HOSTS, "ghbyaddr",	  NULL, NULL },
++*/
++	{ NSDB_HOSTS, "gethostbyaddr_r",  __nss_wins_freebsd_gethostbyname_r,  _nss_wins_gethostbyname_r },
++	{ NSDB_HOSTS, "gethostbyname2_r", __nss_wins_freebsd_gethostbyname2_r, _nss_wins_gethostbyname2_r },
++/*
++	{ NSDB_HOSTS, "getnetbyname_r",	  NULL, NULL },
++	{ NSDB_HOSTS, "getnetbyaddr_r",	  NULL, NULL },
++	{ NSDB_HOSTS, "gethostbyname",	  NULL, NULL },
++	{ NSDB_HOSTS, "gethostbyaddr",	  NULL, NULL },
++	{ NSDB_HOSTS, "getnetbyname",	  NULL, NULL },
++	{ NSDB_HOSTS, "getnetbyaddr",	  NULL, NULL }
++*/
++};
++
++int
++__nss_wins_freebsd_gethostbyname_r(void *retval, void *mdata, va_list ap)
++{
++	int (*fn)(const char *, struct hostent *, char *, size_t, int *);
++	const char	*hostname;
++	struct hostent	*he;
++	char		*buffer;
++	size_t		buflen;
++	int		*h_errnop;
++	enum nss_status	 status;
++	
++	fn = mdata;
++	hostname = va_arg(ap, const char *);
++	he = va_arg(ap, struct hostent *);
++	buffer = va_arg(ap, char *);
++	buflen = va_arg(ap, size_t);
++	h_errnop = va_arg(ap, int *);
++
++	status = fn(hostname, he, buffer, buflen, h_errnop);
++	status = __nss_compat_result(status, *h_errnop);
++	if (status == NS_SUCCESS)
++		*(struct hostent **)retval = he;
++	
++	return (status);
++}
++
++int
++__nss_wins_freebsd_gethostbyname2_r(void *retval, void *mdata, va_list ap)
++{
++	int (*fn)(const char *, int, struct hostent *, char *, size_t, int *);
++	const char	*hostname;
++	int		af;
++	struct hostent	*he;
++	char		*buffer;
++	size_t		buflen;
++	int		*h_errnop;
++	enum nss_status	 status;
++	
++	fn = mdata;
++	hostname = va_arg(ap, const char *);
++	af = va_arg(ap, int);
++	he = va_arg(ap, struct hostent *);
++	buffer = va_arg(ap, char *);
++	buflen = va_arg(ap, size_t);
++	h_errnop = va_arg(ap, int *);
++
++	status = fn(hostname, af, he, buffer, buflen, h_errnop);
++	status = __nss_compat_result(status, *h_errnop);
++	if (status == NS_SUCCESS)
++		*(struct hostent **)retval = he;
++	
++	return (status);
++}
++
++ns_mtab *
++nss_module_register(const char *source __unused, unsigned int *mtabsize,
++    nss_module_unregister_fn *unreg)
++{
++	*mtabsize = sizeof(methods) / sizeof(methods[0]);
++	*unreg = NULL;
++	return (methods);
++}
diff --git a/net/samba3/pkg-plist b/net/samba3/pkg-plist
index 00a2c3b9ba1d..d65e9cd1b04e 100644
--- a/net/samba3/pkg-plist
+++ b/net/samba3/pkg-plist
@@ -48,6 +48,8 @@ sbin/swat
 %%EXAMPLESDIR%%/VFS/Makefile.in
 %%EXAMPLESDIR%%/VFS/README
 %%EXAMPLESDIR%%/VFS/autogen.sh
+%%EXAMPLESDIR%%/VFS/config.guess
+%%EXAMPLESDIR%%/VFS/config.sub
 %%EXAMPLESDIR%%/VFS/configure.in
 %%EXAMPLESDIR%%/VFS/install-sh
 %%EXAMPLESDIR%%/VFS/shadow_copy_test.c
author	Timur I. Bakeyev <timur@FreeBSD.org>	2007-12-15 00:00:02 +0000
committer	Timur I. Bakeyev <timur@FreeBSD.org>	2007-12-15 00:00:02 +0000
commit	16c048e9f14bd5f03f793ba5872ed0112648c43e (patch)
tree	05c221830f3030bd1e3b22080577f1ab1e67526c /net/samba3
parent	- Update to 20070523i (diff)