head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.6
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.4
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.2
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q3:1.3.0.14
	pkgsrc-2011Q3-base:1.3
	pkgsrc-2011Q2:1.3.0.12
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2011Q1:1.3.0.10
	pkgsrc-2011Q1-base:1.3
	pkgsrc-2010Q4:1.3.0.8
	pkgsrc-2010Q4-base:1.3
	pkgsrc-2010Q3:1.3.0.6
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.3.0.4
	pkgsrc-2010Q2-base:1.3
	pkgsrc-2010Q1:1.3.0.2
	pkgsrc-2009Q4:1.2.0.10
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.8
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.6
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.4
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.2
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.4
date	2011.12.16.11.05.25;	author asau;	state dead;
branches;
next	1.3;

1.3
date	2010.06.19.14.08.56;	author taca;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2008.06.28.22.51.22;	author tron;	state dead;
branches;
next	1.1;

1.1
date	2008.05.28.15.39.55;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.3.2.1
date	2010.06.19.14.08.56;	author tron;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2010.06.19.15.36.44;	author tron;	state Exp;
branches;
next	;

1.1.2.1
date	2008.05.28.15.39.55;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.05.29.14.14.53;	author tron;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update to Samba 3.5.11 from net/samba35, part of Samba packages rearrangement.
@
text
@$NetBSD: patch-ee,v 1.3 2010/06/19 14:08:56 taca Exp $

Patch to fix CVE-2010-2063.

--- smbd/process.c.orig	2009-09-30 12:21:56.000000000 +0000
+++ smbd/process.c
@@@@ -1159,6 +1159,7 @@@@ int chain_reply(char *inbuf,char *outbuf
 {
 	static char *orig_inbuf;
 	static char *orig_outbuf;
+	static int orig_size;
 	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
 	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
 	char *inbuf2, *outbuf2;
@@@@ -1178,6 +1179,13 @@@@ int chain_reply(char *inbuf,char *outbuf
 		/* this is the first part of the chain */
 		orig_inbuf = inbuf;
 		orig_outbuf = outbuf;
+		orig_size = size;
+	}
+
+	/* Validate smb_off2 */
+	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
+		exit_server_cleanly("Bad chained packet");
+		return -1;
 	}
 
 	/*
@@@@ -1192,6 +1200,11 @@@@ int chain_reply(char *inbuf,char *outbuf
 	SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
 	SCVAL(outbuf,smb_vwv0,smb_com2);
 
+	if (outsize <= smb_wct) {
+		exit_server_cleanly("Bad chained packet");
+		return -1;
+	}
+
 	/* remember how much the caller added to the chain, only counting stuff
 		after the parameter words */
 	chain_size += outsize - smb_wct;
@


1.3
log
@Add a patch to fix CVE-2010-2063.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.3.2.1
log
@file patch-ee was added on branch pkgsrc-2010Q1 on 2010-06-19 15:36:44 +0000
@
text
@d1 40
@


1.3.2.2
log
@Pullup ticket #3150 - requested by taca
net/samba: security patch

Revisions pulled up:
- net/samba/Makefile			1.201
- net/samba/Makefile.mirrors		1.7
- net/samba/distinfo			1.74
- net/samba/patches/patch-ee		1.3
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Sat Jun 19 14:08:56 UTC 2010

Modified Files:
	pkgsrc/net/samba: Makefile Makefile.mirrors distinfo
Added Files:
	pkgsrc/net/samba/patches: patch-ee

Log Message:
Add a patch to fix CVE-2010-2063.

Bump PKGREVISION.
@
text
@a0 40
$NetBSD$

Patch to fix CVE-2010-2063.

--- smbd/process.c.orig	2009-09-30 12:21:56.000000000 +0000
+++ smbd/process.c
@@@@ -1159,6 +1159,7 @@@@ int chain_reply(char *inbuf,char *outbuf
 {
 	static char *orig_inbuf;
 	static char *orig_outbuf;
+	static int orig_size;
 	int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
 	unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
 	char *inbuf2, *outbuf2;
@@@@ -1178,6 +1179,13 @@@@ int chain_reply(char *inbuf,char *outbuf
 		/* this is the first part of the chain */
 		orig_inbuf = inbuf;
 		orig_outbuf = outbuf;
+		orig_size = size;
+	}
+
+	/* Validate smb_off2 */
+	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
+		exit_server_cleanly("Bad chained packet");
+		return -1;
 	}
 
 	/*
@@@@ -1192,6 +1200,11 @@@@ int chain_reply(char *inbuf,char *outbuf
 	SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
 	SCVAL(outbuf,smb_vwv0,smb_com2);
 
+	if (outsize <= smb_wct) {
+		exit_server_cleanly("Bad chained packet");
+		return -1;
+	}
+
 	/* remember how much the caller added to the chain, only counting stuff
 		after the parameter words */
 	chain_size += outsize - smb_wct;
@


1.2
log
@Update "samba" package to version 3.0.30. Changes since 3.0.28a:
- Fix for CVE-2008-1105.
- Remove man pages for ldb tools not included in Samba 3.0.
- Fix build for pam_smbpass.
- Fix a crash in tdb_wrap_log().
- BUG 5267: Fix for nmbd termination problems when no interfaces
  found.
- BUG 5326: OS/2 servers give strange "high word" replies for
  print jobs.
- Remove MS-DFS check that required the target host be ourself.
- BUG 5372: Fix high CPU usage of cupsd on large print servers
  by using more efficient CUPS queries in smbd.
- Rewrite integer wrap checks to deal with gcc 4.x optimizations.
- BUG 5095: Fix the enforcement of the "Manage Documents" access right.
- Don't free memory from getpass() in mount.cifs.
- BUG 5460: Fix MS-DFS referral problem in server code.
- Fix bug in Winbind that caused the parent to ignore dead children.
- Fix compile warnings.
- Fix build for pam_smbpass.
- Document build fixes.
- BUG 4235: Improve compliance to the Squid helper protocol.
- BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
- Prevent cycle in Wibind's list of children when reaping dead processes.
- BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
- Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
- Fix client connections and negotiation with Windows 2008 DCs
  in member server code.
- Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
- BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
- Re-add samr getdispinfoindex parsing which got lost in the glue commit.
- BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
  Corrects interop problem between Citrix PM and a Samba DC.
- BUG 3840: Fix smbclient connecting to NetApp filers when using
  whitespace in the user's password.
- BUG 4901: Fix behavior of "ldap passwd sync = only".
- BUG 5317: Fix debug output from domain_client_validate().
- BUG 5338: Fix format string bug in rpcclient.
- Ensure that "wbinfo -a trusted\\user%password" works correctly
  on a Samba DC with trusts.
- BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
  attribute.
- BUG 5350: Fallback to anonymous sessions if not trust password
  could be obtained on Samba DCs and member servers.
- BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
- Fix signing problem in the client with trans requests.
- Fix alignment bug hitting Solaris with "reset in zero vc" activated.
- Fix build with glibc 2.8.
- Enable winbind child processes to do something with signals, in
  particular closing and reopening logs on SIGHUP.
- Documentation cleanup after r emerging docs from svn to git and
  back-porting from the v3-2 branch.
- Add implementation of machine-authenticated connection to netlogon
  pipe used when connecting to win2k and newer domain controllers.
- Fix trusted users on a DC that uses the old idmap syntax.
- Only have Winbind cache domain password policies that were
  successfully retrieved.
- Fix alignment bug when marshalling printer data replies.
- Fix DeleteDriverDriverEx() checks to prevent removing in use files.
@
text
@d1 1
a1 1
$NetBSD: patch-ee,v 1.1 2008/05/28 15:39:55 drochner Exp $
d3 3
a5 1
--- smbd/process.c.orig	2008-03-08 16:33:36.000000000 +0100
d7 19
a25 2
@@@@ -521,7 +521,8 @@@@ static BOOL receive_message_or_smb(char 
 		goto again;
d28 4
a31 4
-	return receive_smb(smbd_server_fd(), buffer, 0);
+	return receive_smb(smbd_server_fd(), buffer,
+			BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE, 0);
 }
d33 8
a40 1
 /*
@


1.1
log
@add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
(heap buffer overflow in client code)
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ee was added on branch pkgsrc-2008Q1 on 2008-05-29 14:14:53 +0000
@
text
@d1 14
@


1.1.2.2
log
@Pullup ticket #2403 - requested by drochner
Security patch for samba

Revisions pulled up:
- net/samba/Makefile		1.182
- net/samba/distinfo		1.62
- net/samba/patches/patch-ea	1.1
- net/samba/patches/patch-eb	1.1
- net/samba/patches/patch-ec	1.1
- net/samba/patches/patch-ed	1.1
- net/samba/patches/patch-ee	1.1
- net/samba/patches/patch-ef	1.1
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Wed May 28 15:39:55 UTC 2008

    Modified Files:
        pkgsrc/net/samba: Makefile distinfo
    Added Files:
        pkgsrc/net/samba/patches: patch-ea patch-eb patch-ec patch-ed patch-ee
            patch-ef

    Log Message:
    add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
    (heap buffer overflow in client code)
    bump PKGREVISION
@
text
@a0 14
$NetBSD: patch-ee,v 1.1 2008/05/28 15:39:55 drochner Exp $

--- smbd/process.c.orig	2008-03-08 16:33:36.000000000 +0100
+++ smbd/process.c
@@@@ -521,7 +521,8 @@@@ static BOOL receive_message_or_smb(char 
 		goto again;
 	}
 
-	return receive_smb(smbd_server_fd(), buffer, 0);
+	return receive_smb(smbd_server_fd(), buffer,
+			BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE, 0);
 }
 
 /*
@