On 2009-10-11, Brad <[email protected]> wrote:
> Please test. Here is a security / bug fix roll up update. This is
> the last 3.0 release. The 3.4 port in progress needs to shape up
> and get commited at some point after this.
Working fine on i386. Still building on my slow sparc64.
Anyone else looking at this?
> Index: Makefile
>===================================================================
> RCS file: /cvs/ports/net/samba/Makefile,v
> retrieving revision 1.106
> diff -u -p -r1.106 Makefile
> --- Makefile 15 Sep 2009 17:37:21 -0000 1.106
> +++ Makefile 11 Oct 2009 00:03:24 -0000
> @@ -3,9 +3,9 @@
> COMMENT-main= SMB and CIFS client and server for UNIX
> COMMENT-docs= additional documentation and examples for Samba
>
> -DISTNAME= samba-3.0.34
> -PKGNAME-main= ${DISTNAME}p2
> -FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/}p0
> +DISTNAME= samba-3.0.37
> +PKGNAME-main= ${DISTNAME}
> +FULLPKGNAME-docs= ${DISTNAME:S/-/-docs-/}
> SHARED_LIBS= smbclient 1.0 \
> msrpc 1.0
>
> Index: distinfo
>===================================================================
> RCS file: /cvs/ports/net/samba/distinfo,v
> retrieving revision 1.15
> diff -u -p -r1.15 distinfo
> --- distinfo 14 May 2009 17:05:46 -0000 1.15
> +++ distinfo 11 Oct 2009 00:04:19 -0000
> @@ -1,5 +1,5 @@
> -MD5 (samba-3.0.34.tar.gz) = YkBPObs90KN9Y5bFfgTJBw==
> -RMD160 (samba-3.0.34.tar.gz) = 15zVRLWrK0pxMLjFLBntz8iQg+o=
> -SHA1 (samba-3.0.34.tar.gz) = GBBNG/UJzT/TEHwJ+mIFZm4ErBY=
> -SHA256 (samba-3.0.34.tar.gz) = UweT3p9BFPSzkdky4oM7ryWgBJgxdHHNdaBo8zeMKZ4=
> -SIZE (samba-3.0.34.tar.gz) = 24835363
> +MD5 (samba-3.0.37.tar.gz) = Ee0r/vQJC9VzaxlLQ/ZyiQ==
> +RMD160 (samba-3.0.37.tar.gz) = Brdq4icp4QyD1q9C0DsDrWnkkQM=
> +SHA1 (samba-3.0.37.tar.gz) = Xsa8ZVizx5n3R+tJ+7oBnV7fDL0=
> +SHA256 (samba-3.0.37.tar.gz) = u2fA4T1My9hLkgDIc5OT/dmzFFtarSFpNNxnDw/OomY=
> +SIZE (samba-3.0.37.tar.gz) = 23416703
> Index: patches/patch-Makefile_in
>===================================================================
> RCS file: /cvs/ports/net/samba/patches/patch-Makefile_in,v
> retrieving revision 1.11
> diff -u -p -r1.11 patch-Makefile_in
> --- patches/patch-Makefile_in 11 Jul 2008 11:40:33 -0000 1.11
> +++ patches/patch-Makefile_in 11 Oct 2009 00:14:30 -0000
> @@ -1,6 +1,6 @@
> $OpenBSD: patch-Makefile_in,v 1.11 2008/07/11 11:40:33 brad Exp $
> ---- Makefile.in.orig Wed May 28 08:41:11 2008
> -+++ Makefile.in Fri Jul 4 00:36:10 2008
> +--- Makefile.in.orig Wed Sep 30 08:21:56 2009
> ++++ Makefile.in Sat Oct 10 20:04:44 2009
> @@ -109,11 +109,13 @@ LOCKDIR = @lockdir@
> # the directory where pid files go
> PIDDIR = @piddir@
> @@ -32,7 +32,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/
>
> PASSWD_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\"
> -DPRIVATE_DIR=\"$(PRIVATE_DIR)\"
> PATH_FLAGS1 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\"
> -@@ -1152,11 +1154,10 @@ bin/libaddns.a: proto_exists $(LIBADDNS_OBJ)
> +@@ -1159,11 +1161,10 @@ bin/libaddns.a: proto_exists $(LIBADDNS_OBJ)
> @echo Linking libaddns non-shared library $@
> @-$(AR) -rc $@ $(LIBADDNS_OBJ)
>
> @@ -46,7 +46,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/
>
> bin/libsmbclient.a: proto_exists $(LIBSMBCLIENT_OBJ)
> @echo Linking libsmbclient non-shared library $@
> -@@ -1172,10 +1173,9 @@ bin/libsmbsharemodes.a: proto_exists $(LIBSMBSHAREMODE
> +@@ -1179,10 +1180,9 @@ bin/libsmbsharemodes.a: proto_exists $(LIBSMBSHAREMODE
> @echo Linking libsmbsharemodes non-shared library $@
> @-$(AR) -rc $@ $(LIBSMBSHAREMODES_OBJ)
>
> @@ -59,7 +59,7 @@ $OpenBSD: patch-Makefile_in,v 1.11 2008/
>
> bin/libmsrpc.a: proto_exists $(CAC_OBJ)
> @echo Linking libmsrpc non-shared library $@
> -@@ -1623,14 +1623,14 @@ installswat: installdirs installmsg
> +@@ -1633,14 +1633,14 @@ installswat: installdirs installmsg
>
> installclientlib: installdirs libsmbclient
> @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS) $(DESTDIR)
> $(LIBDIR)
> Index: patches/patch-docs_manpages_swat_8
>===================================================================
> RCS file: /cvs/ports/net/samba/patches/patch-docs_manpages_swat_8,v
> retrieving revision 1.6
> diff -u -p -r1.6 patch-docs_manpages_swat_8
> --- patches/patch-docs_manpages_swat_8 11 Jul 2008 11:40:33 -0000
> 1.6
> +++ patches/patch-docs_manpages_swat_8 11 Oct 2009 00:16:41 -0000
> @@ -1,19 +1,19 @@
> $OpenBSD: patch-docs_manpages_swat_8,v 1.6 2008/07/11 11:40:33 brad Exp $
> ---- ../docs/manpages/swat.8.orig Thu Jul 3 22:20:31 2008
> -+++ ../docs/manpages/swat.8 Thu Jul 3 22:22:36 2008
> -@@ -103,49 +103,6 @@ will be appended (e\.g\. log\.smbclient, log\.smbd, et
> +--- ../docs/manpages/swat.8.orig Wed Sep 30 08:28:45 2009
> ++++ ../docs/manpages/swat.8 Sat Oct 10 20:14:20 2009
> +@@ -261,49 +261,6 @@ will be appended (e\&.g\&. log\&.smbclient, log\&.smbd
> .RS 4
> - Print a summary of command line options\.
> + Print a summary of command line options\&.
> .RE
> -.SH "INSTALLATION"
> -.PP
> --Swat is included as binary package with most distributions\. The package
> manager in this case takes care of the installation and configuration\. This
> section is only for those who have compiled swat from scratch\.
> +-Swat is included as binary package with most distributions\&. The package
> manager in this case takes care of the installation and configuration\&. This
> section is only for those who have compiled swat from scratch\&.
> -.PP
> -After you compile SWAT you need to run
> --make install
> +-\FCmake install \F[]
> -to install the
> --swat
> --binary and the various help files and images\. A default install would put
> these in:
> +-\FCswat\F[]
> +-binary and the various help files and images\&. A default install would put
> these in:
> -.sp
> -.RS 4
> -.ie n \{\
> @@ -51,30 +51,30 @@ $OpenBSD: patch-docs_manpages_swat_8,v 1
> .SS "Inetd Installation"
> .PP
> You need to edit your
> -@@ -173,7 +130,7 @@ In
> - \fI/etc/inetd\.conf\fR
> +@@ -331,7 +288,7 @@ In
> + \FC/etc/inetd\&.conf\F[]
> you should add a line like this:
> .PP
> --swat stream tcp nowait\.400 root /usr/local/samba/sbin/swat swat
> -+swat stream tcp nowait\.400 root ${PREFIX}/libexec/swat swat
> +-\FCswat stream tcp nowait\&.400 root /usr/local/samba/sbin/swat swat\F[]
> ++\FCswat stream tcp nowait\&.400 root ${PREFIX}/libexec/swat swat\F[]
> .PP
> Once you have edited
> - \fI/etc/services\fR
> -@@ -199,14 +156,12 @@ This file must contain suitable startup information fo
> - This file must contain a mapping of service name (e\.g\., swat) to service
> port (e\.g\., 901) and protocol type (e\.g\., tcp)\.
> + \FC/etc/services\F[]
> +@@ -357,14 +314,12 @@ This file must contain suitable startup information fo
> + This file must contain a mapping of service name (e\&.g\&., swat) to
> service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
> .RE
> .PP
> --\fI/usr/local/samba/lib/smb\.conf\fR
> -+\fI${SYSCONFDIR}/samba/smb\.conf\fR
> +-\FC/usr/local/samba/lib/smb\&.conf\F[]
> ++\FC${SYSCONFDIR}/samba/smb\&.conf\F[]
> .RS 4
> This is the default location of the
> \fBsmb.conf\fR(5)
> --server configuration file that swat edits\. Other common places that
> systems install this file are
> --\fI /usr/samba/lib/smb\.conf\fR
> +-server configuration file that swat edits\&. Other common places that
> systems install this file are
> +-\FC /usr/samba/lib/smb\&.conf\F[]
> -and
> --\fI/etc/smb\.conf \fR\. This file describes all the services the server is
> to make available to clients\.
> -+server configuration file that swat edits\.
> -+This file describes all the services the server is to make available to
> clients\.
> +-\FC/etc/smb\&.conf \F[]\&. This file describes all the services the server
> is to make available to clients\&.
> ++server configuration file that swat edits\&.
> ++This file describes all the services the server is to make available to
> clients\&.
> .RE
> .SH "WARNINGS"
> .PP
> Index: patches/patch-smbd_posix_acls_c
>===================================================================
> RCS file: patches/patch-smbd_posix_acls_c
> diff -N patches/patch-smbd_posix_acls_c
> --- patches/patch-smbd_posix_acls_c 30 Jun 2009 21:38:38 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,15 +0,0 @@
> -$OpenBSD: patch-smbd_posix_acls_c,v 1.1 2009/06/30 21:38:38 naddy Exp $
> -
> -Resolve CVE-2009-1888
> -
> ---- smbd/posix_acls.c.orig Tue Nov 18 10:37:41 2008
> -+++ smbd/posix_acls.c Mon Jun 29 19:14:43 2009
> -@@ -2296,6 +2296,8 @@ static BOOL acl_group_override(connection_struct *conn
> - {
> - SMB_STRUCT_STAT sbuf;
> -
> -+ ZERO_STRUCT(sbuf);
> -+
> - if ((errno != EPERM) && (errno != EACCES)) {
> - return False;
> - }
> Index: pkg/PLIST-main
>===================================================================
> RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
> retrieving revision 1.9
> diff -u -p -r1.9 PLIST-main
> --- pkg/PLIST-main 14 May 2009 17:05:46 -0000 1.9
> +++ pkg/PLIST-main 11 Oct 2009 00:47:35 -0000
> @@ -71,7 +71,6 @@ libexec/swat
> @man man/man7/libsmbclient.7
> @man man/man7/pam_winbind.7
> @man man/man7/samba.7
> -...@man man/man8/cifs.upcall.8
> @man man/man8/eventlogadm.8
> @man man/man8/idmap_ad.8
> @man man/man8/idmap_ldap.8
>
