head 1.5; access; symbols pkgsrc-2014Q4:1.4.0.12 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.10 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.8 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.6 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.4 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.2 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.3.0.18 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.16 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.14 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.12 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.10 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.8 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.4 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.2 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.2.0.2 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.1.1.1.0.2 pkgsrc-2010Q4-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.5 date 2015.02.25.15.00.20; author taca; state dead; branches; next 1.4; commitid 43G89p61KLWHToby; 1.4 date 2013.08.12.02.47.32; author taca; state Exp; branches; next 1.3; commitid CfTLzSYulRBuU61x; 1.3 date 2011.06.15.11.45.08; author adam; state Exp; branches 1.3.18.1; next 1.2; 1.2 date 2011.03.08.08.30.08; author adam; state Exp; branches; next 1.1; 1.1 date 2010.12.06.17.01.23; author adam; state Exp; branches 1.1.1.1; next ; 1.3.18.1 date 2013.08.12.14.21.30; author tron; state Exp; branches; next ; commitid udOa9UdiEH1EKa1x; 1.1.1.1 date 2010.12.06.17.01.23; author adam; state Exp; branches; next ; desc @@ 1.5 log @Remove samba35 package. Samba 3.5.x was EOL Oct 2013. @ text @$NetBSD: patch-aq,v 1.4 2013/08/12 02:47:32 taca Exp $ Add support for passwd expand gecos --- param/loadparm.c.orig 2013-07-24 18:53:49.000000000 +0000 +++ param/loadparm.c @@@@ -310,6 +310,7 @@@@ struct global { bool bUnixPasswdSync; bool bPasswdChatDebug; int iPasswdChatTimeout; + bool bPasswdExpandGecos; bool bTimestampLogs; bool bNTSmbSupport; bool bNTPipeSupport; @@@@ -1297,6 +1298,15 @@@@ static struct parm_struct parm_table[] = .flags = FLAG_ADVANCED, }, { + .label = "passwd expand gecos", + .type = P_BOOL, + .p_class = P_GLOBAL, + .ptr = &Globals.bPasswdExpandGecos, + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { .label = "check password script", .type = P_STRING, .p_class = P_GLOBAL, @@@@ -5083,6 +5093,7 @@@@ static void init_globals(bool first_time Globals.bPamPasswordChange = False; Globals.bPasswdChatDebug = False; Globals.iPasswdChatTimeout = 2; /* 2 second default. */ + Globals.bPasswdExpandGecos = False; Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bNTStatusSupport = True; /* Use NT status by default. */ Globals.bStatCache = True; /* use stat cache by default */ @@@@ -5538,6 +5549,7 @@@@ FN_GLOBAL_BOOL(lp_pam_password_change, & FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync) FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug) FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, &Globals.iPasswdChatTimeout) +FN_GLOBAL_BOOL(lp_passwd_expand_gecos, &Globals.bPasswdExpandGecos) FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport) FN_GLOBAL_BOOL(lp_nt_status_support, &Globals.bNTStatusSupport) FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache) @ 1.4 log @Update samba35 to 3.5.22, security release. ============================== Release Notes for Samba 3.5.22 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.5.21: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d1 1 a1 1 $NetBSD: patch-aq,v 1.3 2011/06/15 11:45:08 adam Exp $ @ 1.3 log @Major enhancements in Samba 3.5.9 include: * Sgid bit lost on folder rename. * ACL can get lost when files are being renamed. * Respect "allow trusted domains = no" in Winbind. @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- param/loadparm.c.orig 2011-06-14 11:17:28.000000000 +0000 d31 1 a31 1 @@@@ -5074,6 +5084,7 @@@@ static void init_globals(bool first_time d39 1 a39 1 @@@@ -5528,6 +5539,7 @@@@ FN_GLOBAL_BOOL(lp_pam_password_change, & @ 1.3.18.1 log @Pullup ticket #4208 - requested by taca net/samba35: security update Revisions pulled up: - net/samba35/Makefile 1.31 - net/samba35/distinfo 1.16 - net/samba35/patches/patch-af 1.6 - net/samba35/patches/patch-ah 1.3 - net/samba35/patches/patch-ap 1.2 - net/samba35/patches/patch-aq 1.4 - net/samba35/patches/patch-av 1.3 - net/samba35/patches/patch-aw 1.2 - net/samba35/patches/patch-ba 1.2 - net/samba35/patches/patch-bb 1.2 --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 12 02:47:32 UTC 2013 Modified Files: pkgsrc/net/samba35: Makefile distinfo pkgsrc/net/samba35/patches: patch-af patch-ah patch-ap patch-aq patch-av patch-aw patch-ba patch-bb Log Message: Update samba35 to 3.5.22, security release. ============================== Release Notes for Samba 3.5.22 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.5.21: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d5 1 a5 1 --- param/loadparm.c.orig 2013-07-24 18:53:49.000000000 +0000 d31 1 a31 1 @@@@ -5083,6 +5093,7 @@@@ static void init_globals(bool first_time d39 1 a39 1 @@@@ -5538,6 +5549,7 @@@@ FN_GLOBAL_BOOL(lp_pam_password_change, & @ 1.2 log @Changes 3.5.8: * Fix Winbind crash bug when no DC is available * Fix finding users on domain members * Fix memory leaks in Winbind * Fix printing with Windows 7 clients @ text @d5 1 a5 1 --- param/loadparm.c.orig 2011-03-06 18:48:05.000000000 +0000 d15 1 a15 1 @@@@ -1296,6 +1297,15 @@@@ static struct parm_struct parm_table[] = d31 1 a31 1 @@@@ -5064,6 +5074,7 @@@@ static void init_globals(bool first_time d39 1 a39 1 @@@@ -5518,6 +5529,7 @@@@ FN_GLOBAL_BOOL(lp_pam_password_change, & @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD: patch-aq,v 1.2 2010/03/02 14:56:22 taca Exp $ d5 1 a5 1 --- param/loadparm.c.orig 2010-02-25 09:46:35.000000000 +0000 d7 1 a7 1 @@@@ -297,6 +298,7 @@@@ struct global { d15 1 a15 1 @@@@ -1248,6 +1250,15 @@@@ static struct parm_struct parm_table[] = d31 1 a31 1 @@@@ -4759,6 +4780,7 @@@@ static void init_globals(bool first_time d39 1 a39 1 @@@@ -5178,6 +5201,7 @@@@ FN_GLOBAL_BOOL(lp_pam_password_change, & @ 1.1.1.1 log @Samba provides file and print services for Microsoft Windows clients. These services may be hosted off any TCP/IP-enabled platform. The Samba project includes not only an impressive feature set in file and print serving capabilities, but has been extended to include client functionality, utilities to ease migration to Samba, tools to aid interoperability with Microsoft Windows, and administration tools. @ text @@