[pkgsrc/pkgsrc-2019Q4]: pkgsrc/net/samba4 Pullup ticket #6125 - requested by ...

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f9fb0e373d26
branches:  pkgsrc-2019Q4
changeset: 419730:f9fb0e373d26
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Jan 29 13:13:05 2020 +0000

description:
Pullup ticket #6125 - requested by taca
net/samba4: security fix

Revisions pulled up:
- net/samba4/Makefile                                           1.86-1.89
- net/samba4/PLIST                                              1.25
- net/samba4/distinfo                                           1.39-1.41
- net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build 1.1

---
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Mon Dec 30 13:58:35 UTC 2019

   Modified Files:
        pkgsrc/net/samba4: Makefile PLIST distinfo

   Log Message:
   samba4: updated to 4.11.4

   Changes since 4.11.3:
   * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode
     number.
   * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum()
     on an SMB1 connection.
   * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
     SMBC_opendir_ctx.
   * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if
     encrypting an interim response.
   * BUG 14205: Prevent smbd crash after invalid SMB1 negprot.
   * BUG 13745: s3:printing: Fix %J substition.
   * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context().
   * BUG 14069: Incomplete conversion of former parametric options.
   * BUG 14070: Fix sync dosmode fallback in async dosmode codepath.
   * BUG 14171: vfs_fruit returns capped resource fork length.
   * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries.
   * BUG 14211: smbd: Increase a debug level.
   * BUG 14153: Prevent azure ad connect from reporting discovery errors:
     reference-value-not-ldap-conformant.
   * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system
     library.
   * BUG 14168: replace: Only link libnsl and libsocket if requrired.
   * BUG 14175: ctdb: Incoming queue can be orphaned causing communication
     breakdown.
   * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take
     cross-answers or cross-execute.
   * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in
     asn1_compile-generated code.

---
   Module Name: pkgsrc
   Committed By:        jperkin
   Date:                Wed Jan  8 10:40:03 UTC 2020

   Modified Files:
        pkgsrc/net/samba4: distinfo
   Added Files:
        pkgsrc/net/samba4/patches:
            patch-source4_utils_oLschema2ldif_wscript__build

   Log Message:
   samba4: Disable more fmemopen utilities on SunOS.

---
   Module Name: pkgsrc
   Committed By:        jperkin
   Date:                Sat Jan 18 21:51:16 UTC 2020

   Modified Files:
        pkgsrc/net/samba4: Makefile

   Log Message:
   *: Recursive revision bump for openssl 1.1.1.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Jan 21 14:12:36 UTC 2020

   Modified Files:
        pkgsrc/net/samba4: Makefile distinfo

   Log Message:
   net/samba4: update to 4.11.5

   Update samba4 to 4.11.5.

                      ==============================
                      Release Notes for Samba 4.11.5
                             January 21, 2020
                   ==============================

   This is a security release in order to address the following defects:

   o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
                  Directory not automatic.
   o CVE-2019-14907: Crash after failed character conversion at log level 3 or
                  above.
   o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.

   =======
   Details
   =======

   o  CVE-2019-14902:
      The implementation of ACL inheritance in the Samba AD DC was not complete,
      and so absent a 'full-sync' replication, ACLs could get out of sync between
      domain controllers.

   o  CVE-2019-14907:
      When processing untrusted string input Samba can read past the end of the
      allocated buffer when printing a "Conversion error" message to the logs.

   o  CVE-2019-19344:
      During DNS zone scavenging (of expired dynamic entries) there is a read of
      memory after it has been freed.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jan 27 14:04:13 UTC 2020

   Modified Files:
        pkgsrc/net/samba4: Makefile

   Log Message:
   net/samba4: update depdendency

   Update dependency for daabases/ldb and devel/talloc.

   Bump PKGREVISION.

diffstat:

 net/samba4/Makefile                                                 |   8 ++-
 net/samba4/PLIST                                                    |   3 +-
 net/samba4/distinfo                                                 |  11 ++--
 net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build |  24 ++++++++++
 4 files changed, 37 insertions(+), 9 deletions(-)

diffs (98 lines):

diff -r 65e9eb652f3e -r f9fb0e373d26 net/samba4/Makefile
--- a/net/samba4/Makefile       Wed Jan 29 12:50:10 2020 +0000
+++ b/net/samba4/Makefile       Wed Jan 29 13:13:05 2020 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.85 2019/12/10 13:03:41 adam Exp $
+# $NetBSD: Makefile,v 1.85.4.1 2020/01/29 13:13:05 bsiegert Exp $
 
-DISTNAME=      samba-4.11.3
+DISTNAME=      samba-4.11.5
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 
@@ -205,13 +206,14 @@
 .endif
 .include "../../archivers/libarchive/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"
+BUILDLINK_API_DEPENDS.ldb+=    ldb>=2.0.8
 .include "../../databases/ldb/buildlink3.mk"
 .include "../../databases/lmdb/buildlink3.mk"
 .include "../../devel/cmocka/buildlink3.mk"
 .include "../../devel/gettext-lib/buildlink3.mk"
 .include "../../devel/popt/buildlink3.mk"
 .include "../../devel/readline/buildlink3.mk"
-BUILDLINK_API_DEPENDS.talloc+= talloc>=2.1.9
+BUILDLINK_API_DEPENDS.talloc+= talloc>=2.2.0
 .include "../../devel/talloc/buildlink3.mk"
 .include "../../devel/tevent/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
diff -r 65e9eb652f3e -r f9fb0e373d26 net/samba4/PLIST
--- a/net/samba4/PLIST  Wed Jan 29 12:50:10 2020 +0000
+++ b/net/samba4/PLIST  Wed Jan 29 13:13:05 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2019/11/10 17:01:58 adam Exp $
+@comment $NetBSD: PLIST,v 1.24.4.1 2020/01/29 13:13:05 bsiegert Exp $
 bin/cifsdd
 bin/dbwrap_tool
 bin/dumpmscat
@@ -500,6 +500,7 @@
 ${PYSITELIB}/samba/tests/segfault.py
 ${PYSITELIB}/samba/tests/smb.py
 ${PYSITELIB}/samba/tests/smbd_base.py
+${PYSITELIB}/samba/tests/smbd_fuzztest.py
 ${PYSITELIB}/samba/tests/source.py
 ${PYSITELIB}/samba/tests/strings.py
 ${PYSITELIB}/samba/tests/subunitrun.py
diff -r 65e9eb652f3e -r f9fb0e373d26 net/samba4/distinfo
--- a/net/samba4/distinfo       Wed Jan 29 12:50:10 2020 +0000
+++ b/net/samba4/distinfo       Wed Jan 29 13:13:05 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.38 2019/12/10 13:03:41 adam Exp $
+$NetBSD: distinfo,v 1.38.4.1 2020/01/29 13:13:05 bsiegert Exp $
 
-SHA1 (samba-4.11.3.tar.gz) = cd90090cbe834d9aa86b065eca4dbf3ff7e521f4
-RMD160 (samba-4.11.3.tar.gz) = 81e0b803f97b640882f0dfc6d83c331aaddc9015
-SHA512 (samba-4.11.3.tar.gz) = 11882791cf7c4e3155e50732c8b0858312caf9ce90767fa2703cb3bbe41e981035a0e14e658e9f51b67bdf1882cb9bc987a32f4515ae8a9ad0da3270629abe8b
-Size (samba-4.11.3.tar.gz) = 18520441 bytes
+SHA1 (samba-4.11.5.tar.gz) = d06abddcbb5ec1800f30ac2f9b760515e3f2f2ce
+RMD160 (samba-4.11.5.tar.gz) = 137535478b546f364f2c2410ada2ff5289c202fa
+SHA512 (samba-4.11.5.tar.gz) = b81edc4563e87c0d4fd7b3ed659def80980c961d0b9cf09be42f0a1334f823f8cf3cd5d57315451c0b7af2489a5fa1af8410cd65f6dc521aad0c5aa7014327c6
+Size (samba-4.11.5.tar.gz) = 18534895 bytes
 SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = a7cc41a55ce032c3fe1e0b660f88fa7871710e0e
@@ -31,4 +31,5 @@
 SHA1 (patch-source4_heimdal__build_roken.h) = ee535f8e7cc46a3487d95bc859438c476a88fe60
 SHA1 (patch-source4_heimdal_include_heim__threads.h) = c93e0c80790ea2045333822c80e66d371bf2249c
 SHA1 (patch-source4_scripting_wsript_build) = bd4feddcaadf1c3d2d25eb7914e7b5843e4e9511
+SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = b0cbbcd4ebedd443dc9f9a59d1dad2e039bb9663
 SHA1 (patch-third__party_socket__wrapper_socket__wrapper.c) = 0cc01c932f21e9f6219fb9d204e6fdf3682938f8
diff -r 65e9eb652f3e -r f9fb0e373d26 net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build       Wed Jan 29 13:13:05 2020 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-source4_utils_oLschema2ldif_wscript__build,v 1.1.2.2 2020/01/29 13:13:05 bsiegert Exp $
+
+Don't build test_oLschema2ldif on SunOS (lacks fmemopen).
+
+--- source4/utils/oLschema2ldif/wscript_build.orig     2019-12-06 09:49:26.000000000 +0000
++++ source4/utils/oLschema2ldif/wscript_build
+@@ -1,5 +1,7 @@
+ #!/usr/bin/env python
+ 
++import sys
++
+ bld.SAMBA_SUBSYSTEM('oLschema2ldif-lib',
+       source='lib.c',
+       deps='samdb',
+@@ -11,7 +13,8 @@ bld.SAMBA_BINARY('oLschema2ldif',
+       deps='oLschema2ldif-lib POPT_SAMBA',
+       )
+ 
+-bld.SAMBA_BINARY('test_oLschema2ldif',
++if not sys.platform.startswith('sunos'):
++  bld.SAMBA_BINARY('test_oLschema2ldif',
+       source='test.c',
+       deps='cmocka oLschema2ldif-lib',
+       local_include=False,