CVS commit: pkgsrc/net/samba

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Wed May 24 15:36:42 UTC 2017

Modified Files:
        pkgsrc/net/samba: Makefile distinfo
Added Files:
        pkgsrc/net/samba/patches: patch-source3_rpc__server_srv__pipe.c

Log Message:
Adapt & apply fix for
https://bugzilla.samba.org/show_bug.cgi?id=12780 (non-public)
from
https://www.samba.org/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch
Should fix CVE-2017-7494.
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.260 -r1.261 pkgsrc/net/samba/Makefile
cvs rdiff -u -r1.105 -r1.106 pkgsrc/net/samba/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/net/samba/patches/patch-source3_rpc__server_srv__pipe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/samba/Makefile
diff -u pkgsrc/net/samba/Makefile:1.260 pkgsrc/net/samba/Makefile:1.261
--- pkgsrc/net/samba/Makefile:1.260     Fri May 19 13:29:03 2017
+++ pkgsrc/net/samba/Makefile   Wed May 24 15:36:42 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.260 2017/05/19 13:29:03 prlw1 Exp $
+# $NetBSD: Makefile,v 1.261 2017/05/24 15:36:42 he Exp $
 
 DISTNAME=      samba-${VERSION}
 CATEGORIES=    net
@@ -10,7 +10,7 @@ COMMENT=      SMB/CIFS protocol server suite
 LICENSE=       gnu-gpl-v3
 
 VERSION=       3.6.25
-PKGREVISION=   5
+PKGREVISION=   6
 
 CONFLICTS+=    ja-samba-[0-9]* pam-smbpass-[0-9]* winbind-[0-9]*
 

Index: pkgsrc/net/samba/distinfo
diff -u pkgsrc/net/samba/distinfo:1.105 pkgsrc/net/samba/distinfo:1.106
--- pkgsrc/net/samba/distinfo:1.105     Mon Feb 29 17:13:06 2016
+++ pkgsrc/net/samba/distinfo   Wed May 24 15:36:42 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.105 2016/02/29 17:13:06 jperkin Exp $
+$NetBSD: distinfo,v 1.106 2017/05/24 15:36:42 he Exp $
 
 SHA1 (samba-3.6.25.tar.gz) = 86fbfcfe80454cc7dbe510e7d58c02922cac3efa
 RMD160 (samba-3.6.25.tar.gz) = 4df673ddac2a3fc8590820c8651e10f0dac90281
@@ -33,3 +33,4 @@ SHA1 (patch-bf) = 19932332d11ce447293b06
 SHA1 (patch-eg) = af5ebab1c8e183020bb9a5914d0a218ad91d1a0b
 SHA1 (patch-lib_crypto_sha256.h) = f4bd82ba7e63d078543e388621bf30f6f31e0d18
 SHA1 (patch-smbd_notify__inotify.c) = b950f16f4284e1bc4096c10c24a490e5b2b66915
+SHA1 (patch-source3_rpc__server_srv__pipe.c) = dcf7dbce59de071d1d6f574cdba0f9e0231be2c3

Added files:

Index: pkgsrc/net/samba/patches/patch-source3_rpc__server_srv__pipe.c
diff -u /dev/null pkgsrc/net/samba/patches/patch-source3_rpc__server_srv__pipe.c:1.1
--- /dev/null   Wed May 24 15:36:42 2017
+++ pkgsrc/net/samba/patches/patch-source3_rpc__server_srv__pipe.c      Wed May 24 15:36:42 2017
@@ -0,0 +1,22 @@
+$NetBSD: patch-source3_rpc__server_srv__pipe.c,v 1.1 2017/05/24 15:36:42 he Exp $
+
+Adapt & apply fix for
+https://bugzilla.samba.org/show_bug.cgi?id=12780 (non-public)
+from
+https://www.samba.org/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch
+Should fix CVE-2017-7494.
+
+--- ../source3/rpc_server/srv_pipe.c.orig      2015-02-22 14:11:32.000000000 +0000
++++ ../source3/rpc_server/srv_pipe.c
+@@ -376,6 +376,11 @@ bool is_known_pipename(const char *cli_f
+       const char *pipename = cli_filename;
+       NTSTATUS status;
+ 
++      if (strchr(pipename, '/')) {
++              DEBUG(1, ("Refusing open on pipe %s\n", pipename));
++              return false;
++      }
++
+       if (strnequal(pipename, "\\PIPE\\", 6)) {
+               pipename += 5;
+       }