head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.18
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.16
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.14
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.12
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.10
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.8
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.6
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.4
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.2
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2008.06.28.22.51.22;	author tron;	state dead;
branches;
next	1.1;

1.1
date	2008.05.28.15.39.55;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.05.28.15.39.55;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.05.29.14.14.53;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update "samba" package to version 3.0.30. Changes since 3.0.28a:
- Fix for CVE-2008-1105.
- Remove man pages for ldb tools not included in Samba 3.0.
- Fix build for pam_smbpass.
- Fix a crash in tdb_wrap_log().
- BUG 5267: Fix for nmbd termination problems when no interfaces
  found.
- BUG 5326: OS/2 servers give strange "high word" replies for
  print jobs.
- Remove MS-DFS check that required the target host be ourself.
- BUG 5372: Fix high CPU usage of cupsd on large print servers
  by using more efficient CUPS queries in smbd.
- Rewrite integer wrap checks to deal with gcc 4.x optimizations.
- BUG 5095: Fix the enforcement of the "Manage Documents" access right.
- Don't free memory from getpass() in mount.cifs.
- BUG 5460: Fix MS-DFS referral problem in server code.
- Fix bug in Winbind that caused the parent to ignore dead children.
- Fix compile warnings.
- Fix build for pam_smbpass.
- Document build fixes.
- BUG 4235: Improve compliance to the Squid helper protocol.
- BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
- Prevent cycle in Wibind's list of children when reaping dead processes.
- BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
- Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
- Fix client connections and negotiation with Windows 2008 DCs
  in member server code.
- Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
- BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
- Re-add samr getdispinfoindex parsing which got lost in the glue commit.
- BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
  Corrects interop problem between Citrix PM and a Samba DC.
- BUG 3840: Fix smbclient connecting to NetApp filers when using
  whitespace in the user's password.
- BUG 4901: Fix behavior of "ldap passwd sync = only".
- BUG 5317: Fix debug output from domain_client_validate().
- BUG 5338: Fix format string bug in rpcclient.
- Ensure that "wbinfo -a trusted\\user%password" works correctly
  on a Samba DC with trusts.
- BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
  attribute.
- BUG 5350: Fallback to anonymous sessions if not trust password
  could be obtained on Samba DCs and member servers.
- BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
- Fix signing problem in the client with trans requests.
- Fix alignment bug hitting Solaris with "reset in zero vc" activated.
- Fix build with glibc 2.8.
- Enable winbind child processes to do something with signals, in
  particular closing and reopening logs on SIGHUP.
- Documentation cleanup after r emerging docs from svn to git and
  back-porting from the v3-2 branch.
- Add implementation of machine-authenticated connection to netlogon
  pipe used when connecting to win2k and newer domain controllers.
- Fix trusted users on a DC that uses the old idmap syntax.
- Only have Winbind cache domain password policies that were
  successfully retrieved.
- Fix alignment bug when marshalling printer data replies.
- Fix DeleteDriverDriverEx() checks to prevent removing in use files.
@
text
@$NetBSD: patch-ec,v 1.1 2008/05/28 15:39:55 drochner Exp $

--- lib/util_sock.c.orig	2008-03-08 16:33:34.000000000 +0100
+++ lib/util_sock.c
@@@@ -654,14 +654,13 @@@@ ssize_t read_smb_length(int fd, char *in
 }
 
 /****************************************************************************
- Read an smb from a fd. Note that the buffer *MUST* be of size
- BUFFER_SIZE+SAFETY_MARGIN.
+ Read an smb from a fd. 
  The timeout is in milliseconds. 
  This function will return on receipt of a session keepalive packet.
  Doesn't check the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
 	ssize_t len,ret;
 
@@@@ -682,25 +681,18 @@@@ BOOL receive_smb_raw(int fd, char *buffe
 		return False;
 	}
 
-	/*
-	 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
-	 * of header. Don't print the error if this fits.... JRA.
-	 */
-
-	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+	if (len > buflen) {
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",(unsigned long)len));
-		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
 
-			/*
-			 * Correct fix. smb_read_error may have already been
-			 * set. Only set it here if not already set. Global
-			 * variables still suck :-). JRA.
-			 */
+		/*
+		 * smb_read_error may have already been
+		 * set. Only set it here if not already set. Global
+		 * variables still suck :-). JRA.
+		 */
 
-			if (smb_read_error == 0)
-				smb_read_error = READ_ERROR;
-			return False;
-		}
+		if (smb_read_error == 0)
+			smb_read_error = READ_ERROR;
+		return False;
 	}
 
 	if(len > 0) {
@@@@ -730,9 +722,9 @@@@ BOOL receive_smb_raw(int fd, char *buffe
  Checks the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
-	if (!receive_smb_raw(fd, buffer, timeout)) {
+	if (!receive_smb_raw(fd, buffer, buflen, timeout)) {
 		return False;
 	}
 
@


1.1
log
@add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
(heap buffer overflow in client code)
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ec was added on branch pkgsrc-2008Q1 on 2008-05-29 14:14:53 +0000
@
text
@d1 68
@


1.1.2.2
log
@Pullup ticket #2403 - requested by drochner
Security patch for samba

Revisions pulled up:
- net/samba/Makefile		1.182
- net/samba/distinfo		1.62
- net/samba/patches/patch-ea	1.1
- net/samba/patches/patch-eb	1.1
- net/samba/patches/patch-ec	1.1
- net/samba/patches/patch-ed	1.1
- net/samba/patches/patch-ee	1.1
- net/samba/patches/patch-ef	1.1
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Wed May 28 15:39:55 UTC 2008

    Modified Files:
        pkgsrc/net/samba: Makefile distinfo
    Added Files:
        pkgsrc/net/samba/patches: patch-ea patch-eb patch-ec patch-ed patch-ee
            patch-ef

    Log Message:
    add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
    (heap buffer overflow in client code)
    bump PKGREVISION
@
text
@a0 68
$NetBSD: patch-ec,v 1.1 2008/05/28 15:39:55 drochner Exp $

--- lib/util_sock.c.orig	2008-03-08 16:33:34.000000000 +0100
+++ lib/util_sock.c
@@@@ -654,14 +654,13 @@@@ ssize_t read_smb_length(int fd, char *in
 }
 
 /****************************************************************************
- Read an smb from a fd. Note that the buffer *MUST* be of size
- BUFFER_SIZE+SAFETY_MARGIN.
+ Read an smb from a fd. 
  The timeout is in milliseconds. 
  This function will return on receipt of a session keepalive packet.
  Doesn't check the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
 	ssize_t len,ret;
 
@@@@ -682,25 +681,18 @@@@ BOOL receive_smb_raw(int fd, char *buffe
 		return False;
 	}
 
-	/*
-	 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
-	 * of header. Don't print the error if this fits.... JRA.
-	 */
-
-	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+	if (len > buflen) {
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",(unsigned long)len));
-		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
 
-			/*
-			 * Correct fix. smb_read_error may have already been
-			 * set. Only set it here if not already set. Global
-			 * variables still suck :-). JRA.
-			 */
+		/*
+		 * smb_read_error may have already been
+		 * set. Only set it here if not already set. Global
+		 * variables still suck :-). JRA.
+		 */
 
-			if (smb_read_error == 0)
-				smb_read_error = READ_ERROR;
-			return False;
-		}
+		if (smb_read_error == 0)
+			smb_read_error = READ_ERROR;
+		return False;
 	}
 
 	if(len > 0) {
@@@@ -730,9 +722,9 @@@@ BOOL receive_smb_raw(int fd, char *buffe
  Checks the MAC on signed packets.
 ****************************************************************************/
 
-BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
+BOOL receive_smb(int fd, char *buffer, size_t buflen, unsigned int timeout)
 {
-	if (!receive_smb_raw(fd, buffer, timeout)) {
+	if (!receive_smb_raw(fd, buffer, buflen, timeout)) {
 		return False;
 	}
 
@