head 1.7; access; symbols pkgsrc-2014Q4:1.6.0.12 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.10 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.6.0.8 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.6 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.4 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.2 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.5.0.6 pkgsrc-2013Q2-base:1.5 pkgsrc-2013Q1:1.5.0.4 pkgsrc-2013Q1-base:1.5 pkgsrc-2012Q4:1.5.0.2 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q3:1.4.0.8 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.6 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.4 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.2 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.3.0.4 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.2.0.2 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.1.1.1.0.2 pkgsrc-2010Q4-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.7 date 2015.02.25.15.00.20; author taca; state dead; branches; next 1.6; commitid 43G89p61KLWHToby; 1.6 date 2013.08.12.02.47.32; author taca; state Exp; branches; next 1.5; commitid CfTLzSYulRBuU61x; 1.5 date 2012.12.17.12.01.35; author taca; state Exp; branches 1.5.6.1; next 1.4; 1.4 date 2011.10.11.20.30.00; author jmcneill; state Exp; branches; next 1.3; 1.3 date 2011.06.15.11.45.08; author adam; state Exp; branches; next 1.2; 1.2 date 2011.03.08.08.30.07; author adam; state Exp; branches; next 1.1; 1.1 date 2010.12.06.17.01.23; author adam; state Exp; branches 1.1.1.1; next ; 1.5.6.1 date 2013.08.12.14.21.30; author tron; state Exp; branches; next ; commitid udOa9UdiEH1EKa1x; 1.1.1.1 date 2010.12.06.17.01.23; author adam; state Exp; branches; next ; desc @@ 1.7 log @Remove samba35 package. Samba 3.5.x was EOL Oct 2013. @ text @$NetBSD: patch-af,v 1.6 2013/08/12 02:47:32 taca Exp $ Patch to join an Active Directory from http://www.ogris.de/samba/unix-active-directory.html. --- configure.orig 2013-07-24 19:08:24.000000000 +0000 +++ configure @@@@ -18294,6 +18294,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs BLDSHARED="true" LDSHFLAGS="-dynamiclib -flat_namespace -undefined suppress" + SONAMEFLAG="-install_name \$(LIBDIR)/" CFLAGS="$CFLAGS -fno-common" SHLD="\${CC}" SHLIBEXT="dylib" @@@@ -18330,7 +18331,7 @@@@ fi $as_echo "$BLDSHARED" >&6; } saved_before_as_needed_ldflags="$LDFLAGS" -for flags in "-Wl,--as-needed" "-Wl,-z,ignore" "-z ignore" ; do +for flags in "-Wl,-z,ignore" "-z ignore" ; do saved_ldflags="$LDFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $flags works" >&5 $as_echo_n "checking if $flags works... " >&6; } @@@@ -25294,9 +25295,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_set_key in -lcrypto" >&5 -$as_echo_n "checking for des_set_key in -lcrypto... " >&6; } -if ${ac_cv_lib_ext_crypto_des_set_key+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_des_cbc in -lcrypto" >&5 +$as_echo_n "checking for EVP_des_cbc in -lcrypto... " >&6; } +if test "${ac_cv_lib_ext_crypto_EVP_des_cbc+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@@@ -25308,31 +25309,31 @@@@ else #ifdef __cplusplus extern "C" #endif -char des_set_key (); +char EVP_des_cbc (); int main () { -return des_set_key (); +return EVP_des_cbc (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ext_crypto_des_set_key=yes; + ac_cv_lib_ext_crypto_EVP_des_cbc=yes; ac_cv_lib_ext_crypto=yes else - ac_cv_lib_ext_crypto_des_set_key=no; + ac_cv_lib_ext_crypto_EVP_des_cbc=no; ac_cv_lib_ext_crypto=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_des_set_key" >&5 -$as_echo "$ac_cv_lib_ext_crypto_des_set_key" >&6; } - if test $ac_cv_lib_ext_crypto_des_set_key = yes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_EVP_des_cbc" >&5 +$as_echo "$ac_cv_lib_ext_crypto_EVP_des_cbc" >&6; } + if test $ac_cv_lib_ext_crypto_EVP_des_cbc = yes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_DES_SET_KEY 1 +#define HAVE_EVP_DES_CBC 1 _ACEOF fi @@@@ -34441,31 +34442,39 @@@@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_linux.o" ;; - *freebsd[5-9]*) - # FreeBSD winbind client is implemented as a wrapper around - # the Linux version. - NSSSONAMEVERSIONSUFFIX=".1" - WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_freebsd.o \ - ../nsswitch/winbind_nss_linux.o" - WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" - WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" - ;; - - *netbsd*[3-9]*) - # NetBSD winbind client is implemented as a wrapper - # around the Linux version. It needs getpwent_r() to - # indicate libc's use of the correct nsdispatch API. - # - if test x"$ac_cv_func_getpwent_r" = x"yes"; then - WINBIND_NSS_EXTRA_OBJS="\ - ../nsswitch/winbind_nss_netbsd.o \ + *freebsd*) + case "$UNAME_R" in + [5-9]*) + # FreeBSD winbind client is implemented as a wrapper + # around the Linux version. + NSSSONAMEVERSIONSUFFIX=".1" + WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_freebsd.o \ ../nsswitch/winbind_nss_linux.o" WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" - else - HAVE_WINBIND=no - winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported" - fi + ;; + esac + ;; + + *netbsd*) + case "$UNAME_R" in + [3-9]*) + # NetBSD winbind client is implemented as a wrapper + # around the Linux version. It needs getpwent_r() to + # indicate libc's use of the correct nsdispatch API. + # + if test x"$ac_cv_func_getpwent_r" = x"yes"; then + WINBIND_NSS_EXTRA_OBJS="\ + ../nsswitch/winbind_nss_netbsd.o \ + ../nsswitch/winbind_nss_linux.o" + WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" + WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" + else + HAVE_WINBIND=no + winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported" + fi + ;; + esac ;; *irix*) # IRIX has differently named shared libraries @@@@ -34663,6 +34672,16 @@@@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" fi +# NetBSD + +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "#include +" +if test "x$ac_cv_member_struct_passwd_pw_class" = x""yes; then : + +$as_echo "#define HAVE_PASSWD_PW_CLASS 1" >>confdefs.h + +fi + # AIX 4.3.x and 5.1 do not have as many members in # struct secmethod_table as AIX 5.2 @ 1.6 log @Update samba35 to 3.5.22, security release. ============================== Release Notes for Samba 3.5.22 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.5.21: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.5 2012/12/17 12:01:35 taca Exp $ @ 1.5 log @Updaet samba35 to 3.5.20. * 3.5.20 Changes since 3.5.19: --------------------- o Jeremy Allison * BUG 7781: Samba transforms ShareName to lowercase (sharename) when adding new share via MMC. * BUG 9236: Apply ACL masks correctly when setting ACLs. * BUG 9455: munmap called for an address location not mapped by Samba. o Bj«Órn Baumbach * BUG 9345: Fix usage of tag. o Stefan Metzmacher * BUG 9390: Fix segfaults in log level = 10 on Solaris. * BUG 9402: Fix dns updates against BIND9 (used in a Samba4 domain). * 3.5.19 Changes since 3.5.18: --------------------- o Jeremy Allison * BUG 9016: Connection to outbound trusted domain goes offline. * BUG 9117: smbclient can't connect to a Windows 7 server using NTLMv2. * BUG 9213: Bad ASN.1 NegTokenInit packet can cause invalid free. * BUG 9236: ACL masks incorrectly applied when setting ACLs. o Andrew Bartlett * BUG 8788: libsmb: Initialise ticket to ensure we do not free invalid memory. o Bj«Órn Jacke * BUG 8344: autoconf: Fix --with(out)-sendfile-support option handling. * BUG 8732: Fix compile of krb5 locator on Solaris. * BUG 9172: Add quota support for gfs2. o Matthieu Patou * BUG 9259: lib-addns: Ensure that allocated buffer are pre set to 0. o Andreas Schneider * BUG 9218: Samba panics if a user specifies an invalid port number. * 3.5.18 Changes since 3.5.17: --------------------- o Michael Adam * BUG 7788: Clarify the idmap_rid manpage. o Jeremy Allison * BUG 9098: Winbind does not refresh Kerberos tickets. * BUG 9147: Winbind can't fetch user or group info from AD via LDAP. * BUG 9150: Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests. o Neil R. Goldberg * BUG 9100: Winbind doesn't return "Domain Local" groups from own domain. o Hargagan * BUG 9085: NMB registration for a duplicate workstation fails with registration refuse. o Bj«Órn Jacke * BUG 7814: Fix build of sysquote_xfs. * BUG 8402: Winbind log spammed with idmap messages. o Volker Lendecke * BUG 9084: Fix a smbd crash in reply_lockingX_error. o Herb Lewis * BUG 9104: Fix Winbind crashes caused by mis-identified idle clients. o Luca Lorenzetto * BUG 9013: Desktop Managers (xdm, gdm, lightdm...) crash with SIGSEGV in _pam_winbind_change_pwd() when password is expiring. * 3.5.17 Changes since 3.5.16: --------------------- o Jeremy Allison * BUG 9034: Fix typo in set_re_uid() call when USE_SETRESUID selected in configure. o Bj«Órn Jacke * BUG 8996: Fix build without ads support. * BUG 9011: Second part of a fix for bug #9011 (Build on HP-UX broken). o Stefan Metzmacher * BUG 9022: Make vfs_gpfs less verbose in get/set_xattr functions. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.4 2011/10/11 20:30:00 jmcneill Exp $ d6 1 a6 1 --- configure.orig 2012-09-21 08:32:29.000000000 +0000 d8 1 a8 1 @@@@ -18255,6 +18255,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d16 1 a16 1 @@@@ -18291,7 +18292,7 @@@@ fi d25 1 a25 1 @@@@ -25255,9 +25256,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d38 1 a38 1 @@@@ -25269,31 +25270,31 @@@@ else d78 1 a78 1 @@@@ -34400,31 +34401,39 @@@@ case "$host_os" in d140 1 a140 1 @@@@ -34622,6 +34631,16 @@@@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" @ 1.5.6.1 log @Pullup ticket #4208 - requested by taca net/samba35: security update Revisions pulled up: - net/samba35/Makefile 1.31 - net/samba35/distinfo 1.16 - net/samba35/patches/patch-af 1.6 - net/samba35/patches/patch-ah 1.3 - net/samba35/patches/patch-ap 1.2 - net/samba35/patches/patch-aq 1.4 - net/samba35/patches/patch-av 1.3 - net/samba35/patches/patch-aw 1.2 - net/samba35/patches/patch-ba 1.2 - net/samba35/patches/patch-bb 1.2 --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 12 02:47:32 UTC 2013 Modified Files: pkgsrc/net/samba35: Makefile distinfo pkgsrc/net/samba35/patches: patch-af patch-ah patch-ap patch-aq patch-av patch-aw patch-ba patch-bb Log Message: Update samba35 to 3.5.22, security release. ============================== Release Notes for Samba 3.5.22 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.5.21: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d1 1 a1 1 $NetBSD$ d6 1 a6 1 --- configure.orig 2013-07-24 19:08:24.000000000 +0000 d8 1 a8 1 @@@@ -18294,6 +18294,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d16 1 a16 1 @@@@ -18330,7 +18331,7 @@@@ fi d25 1 a25 1 @@@@ -25294,9 +25295,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d38 1 a38 1 @@@@ -25308,31 +25309,31 @@@@ else d78 1 a78 1 @@@@ -34441,31 +34442,39 @@@@ case "$host_os" in d140 1 a140 1 @@@@ -34663,6 +34672,16 @@@@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" @ 1.4 log @integrate the patch from the following url: http://www.ogris.de/samba/unix-active-directory.html and install nss_winbind. bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 1 --- configure.orig 2011-08-03 18:25:14.000000000 +0000 d8 1 a8 1 @@@@ -18345,6 +18345,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d16 1 a16 1 @@@@ -18381,7 +18382,7 @@@@ fi d25 1 a25 1 @@@@ -25355,9 +25356,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d31 1 a31 1 -if test "${ac_cv_lib_ext_crypto_des_set_key+set}" = set; then : d38 1 a38 1 @@@@ -25369,31 +25370,31 @@@@ else d78 1 a78 1 @@@@ -34506,31 +34507,39 @@@@ case "$host_os" in d140 1 a140 1 @@@@ -34728,6 +34737,16 @@@@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" @ 1.3 log @Major enhancements in Samba 3.5.9 include: * Sgid bit lost on folder rename. * ACL can get lost when files are being renamed. * Respect "allow trusted domains = no" in Winbind. @ text @d3 1 a3 1 --- configure.orig 2011-06-14 11:18:38.000000000 +0000 d5 1 a5 1 @@@@ -18317,6 +18317,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d13 1 a13 1 @@@@ -18353,7 +18354,7 @@@@ fi d22 1 a22 1 @@@@ -25327,9 +25328,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d35 1 a35 1 @@@@ -25341,31 +25342,31 @@@@ else d75 1 a75 1 @@@@ -34478,31 +34479,39 @@@@ case "$host_os" in d137 17 @ 1.2 log @Changes 3.5.8: * Fix Winbind crash bug when no DC is available * Fix finding users on domain members * Fix memory leaks in Winbind * Fix printing with Windows 7 clients @ text @d3 1 a3 1 --- configure.orig 2011-03-06 18:58:41.000000000 +0000 d5 1 a5 1 @@@@ -52168,6 +52168,7 @@@@ _ACEOF d13 1 a13 1 @@@@ -52208,7 +52209,7 @@@@ fi d20 1 a20 1 { $as_echo "$as_me:$LINENO: checking if $flags works" >&5 d22 1 a22 1 @@@@ -65482,9 +65483,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d26 1 a26 1 - { $as_echo "$as_me:$LINENO: checking for des_set_key in -lcrypto" >&5 d28 2 a29 2 -if test "${ac_cv_lib_ext_crypto_des_set_key+set}" = set; then + { $as_echo "$as_me:$LINENO: checking for EVP_des_cbc -lcrypto" >&5 d31 1 a31 1 +if test "${ac_cv_lib_ext_crypto_EVP_des_cbc+set}" = set; then d34 2 a35 2 cat >conftest.$ac_ext <<_ACEOF @@@@ -65500,11 +65501,11 @@@@ cat >>conftest.$ac_ext <<_ACEOF d49 2 a50 4 @@@@ -65530,13 +65531,13 @@@@ $as_echo "$ac_try_echo") >&5 test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then d55 2 a56 5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_ext_crypto_des_set_key=no; + ac_cv_lib_ext_crypto_EVP_des_cbc=no; d59 2 a60 3 @@@@ -65545,11 +65546,11 @@@@ rm -f core conftest.err conftest.$ac_obj conftest$ac_exeext conftest.$ac_ext d63 1 a63 1 -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_crypto_des_set_key" >&5 d65 2 a66 2 - if test $ac_cv_lib_ext_crypto_des_set_key = yes; then +{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_crypto_EVP_des_cbc" >&5 d68 1 a68 1 + if test $ac_cv_lib_ext_crypto_EVP_des_cbc = yes; then d75 1 a75 1 @@@@ -81694,31 +81695,39 @@@@ case "$host_os" in @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- configure.orig 2010-10-07 16:42:24.000000000 +0000 d5 1 a5 1 @@@@ -52166,6 +52166,7 @@@@ _ACEOF d13 1 a13 1 @@@@ -52206,7 +52206,7 @@@@ fi d22 1 a22 1 @@@@ -65398,9 +65398,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d35 1 a35 1 @@@@ -65416,11 +65416,11 @@@@ cat >>conftest.$ac_ext <<_ACEOF d49 1 a49 1 @@@@ -65446,13 +65446,13 @@@@ $as_echo "$ac_try_echo") >&5 d65 1 a65 1 @@@@ -65461,11 +65461,11 @@@@ rm -f core conftest.err conftest.$ac_obj d81 1 a81 1 @@@@ -81610,31 +81610,39 @@@@ case "$host_os" in @ 1.1.1.1 log @Samba provides file and print services for Microsoft Windows clients. These services may be hosted off any TCP/IP-enabled platform. The Samba project includes not only an impressive feature set in file and print serving capabilities, but has been extended to include client functionality, utilities to ease migration to Samba, tools to aid interoperability with Microsoft Windows, and administration tools. @ text @@