Upgrade port to the 4.0.12 version, closing CVE-2013-4475 and CVE-2013-4476.

Remove dependency from gettext. Converted to STAGEDIR.

PR:		183872, 183885
Security:	CVE-2013-4475
		CVE-2013-4476
Sponsored by:	my wife
This commit is contained in:
Timur I. Bakeyev 2013-11-19 21:49:39 +00:00
parent 06d52b52d3
commit a5ced76f06
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=334354
13 changed files with 283 additions and 72 deletions

View file

@ -18,7 +18,7 @@ CONFLICTS?= *samba3[2-6]-3.*
SAMBA4_BASENAME= samba
SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4
SAMBA4_VERSION= 4.0.8
SAMBA4_VERSION= 4.0.12
SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
WRKSRC?= ${WRKDIR}/${DISTNAME}
@ -57,6 +57,8 @@ CONFIGURE_ARGS+= --prefix="${PREFIX}" \
--with-privatedir="${SAMBA4_PRIVATEDIR}" \
--with-logfilebase="${SAMBA4_LOGDIR}"
DESTDIRNAME= --destdir
WAF_TOOL= buildtools/bin/waf
HAS_CONFIGURE= yes
CONFIGURE_SCRIPT= ${WAF_TOOL} configure
@ -66,33 +68,32 @@ CONFIGURE_ENV+= PTHREAD_CFLAGS="${PTHREAD_CFLAGS}" \
PTHREAD_LDFLAGS="${PTHREAD_LIBS}"
USE_PYTHON_BUILD= -2.7
USE_PERL5= build
USE_GCC= 4.2+
USE_PYTHON= yes
USES= pkgconfig gettext iconv perl5
USES= compiler perl5 pkgconfig iconv
USE_PERL5= build
USE_LDCONFIG= ${SAMBA4_LIBDIR}
PKGCONFIGDIR?= ${PREFIX}/libdata/pkgconfig
PLIST_SUB+= PKGCONFIGDIR=${PKGCONFIGDIR:S;${PREFIX}/;;}
# XXX: Unconditional dependencies which can't be switched off(if present in the system)
# popt
LIB_DEPENDS+= popt:${PORTSDIR}/devel/popt
LIB_DEPENDS+= libpopt.so:${PORTSDIR}/devel/popt
# XXX: We should try to switch to libunwind, libexecinfo is gcc specific(?)
# backtrace
LIB_DEPENDS+= execinfo:${PORTSDIR}/devel/libexecinfo
LIB_DEPENDS+= libexecinfo.so:${PORTSDIR}/devel/libexecinfo
# inotify
LIB_DEPENDS+= inotify:${PORTSDIR}/devel/libinotify
LIB_DEPENDS+= libinotify.so:${PORTSDIR}/devel/libinotify
# SASL
LIB_DEPENDS+= sasl2:${PORTSDIR}/security/cyrus-sasl2
LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
# GNUTLS
LIB_DEPENDS+= gcrypt:${PORTSDIR}/security/libgcrypt
LIB_DEPENDS+= gnutls:${PORTSDIR}/security/gnutls
LIB_DEPENDS+= libgcrypt.so:${PORTSDIR}/security/libgcrypt
LIB_DEPENDS+= libgnutls.so:${PORTSDIR}/security/gnutls
# NFS4 ACL glue
LIB_DEPENDS+= sunacl:${PORTSDIR}/sysutils/libsunacl
LIB_DEPENDS+= libsunacl.so:${PORTSDIR}/sysutils/libsunacl
# External Samba dependencies
# IDL compiler
BUILD_DEPENDS+= p5-Parse-Pidl>=${SAMBA4_VERSION}:${PORTSDIR}/devel/p5-Parse-Pidl
BUILD_DEPENDS+= p5-Parse-Pidl>=4.0.0:${PORTSDIR}/devel/p5-Parse-Pidl
# talloc
BUILD_DEPENDS+= talloc>=2.0.8:${PORTSDIR}/devel/talloc
RUN_DEPENDS+= talloc>=2.0.8:${PORTSDIR}/devel/talloc
@ -109,9 +110,11 @@ SAMBA4_BUNDLED_LIBS+= !tdb
BUILD_DEPENDS+= ldb>=1.1.15:${PORTSDIR}/databases/ldb
RUN_DEPENDS+= ldb>=1.1.15:${PORTSDIR}/databases/ldb
SAMBA4_BUNDLED_LIBS+= !ldb
# Don't use external libcom_err
SAMBA4_BUNDLED_LIBS+= com_err
##############################################################################
# Options
OPTIONS_DEFINE= ACL_SUPPORT ADS AIO_SUPPORT AVAHI CUPS DEBUG \
OPTIONS_DEFINE= ACL_SUPPORT ADS AIO_SUPPORT CUPS DEBUG \
DNSUPDATE FAM_SUPPORT LDAP PAM_SMBPASS \
PTHREADPOOL QUOTAS SWAT SYSLOG UTMP WINBIND
@ -141,10 +144,12 @@ OPTIONS_SINGLE_DNS= NSUPDATE BIND98 BIND99
BIND98_DESC= Use bind98 as a DNS server frontend
BIND99_DESC= Use bind99 as a DNS server frontend
NSUPDATE_DESC= Use internal DNS with NSUPDATE utility
OPTIONS_DEFAULT+= NSUPDATE
NO_STAGE= yes
OPTIONS_RADIO= ZEROCONF
OPTIONS_RADIO_ZEROCONF= AVAHI MDNSRESPONDER
OPTIONS_DEFAULT+= AVAHI
.include <bsd.port.options.mk>
# !SAMBA4_SUBPORT
@ -157,11 +162,15 @@ NO_STAGE= yes
CONFIGURE_ARGS+= \
--with-pam \
--with-iconv \
--without-gettext \
--with-sendfile-support \
--builtin-libraries=smbclient \
${ICONV_CONFIGURE_BASE} \
--with-gettext="${LOCALBASE}"
${ICONV_CONFIGURE_BASE}
# No fancy error messages
.if ${COMPILER_TYPE} == "clang"
CFLAGS+= -fno-color-diagnostics
.endif
# for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
.if ${ARCH} == "amd64"
CFLAGS+= -fno-omit-frame-pointer
@ -173,7 +182,7 @@ SUB_LIST+= NSUPDATE="@comment "
.elif ${PORT_OPTIONS:MBIND99}
RUN_DEPENDS+= bind99>=9.9.0.0:${PORTSDIR}/dns/bind99
SUB_LIST+= NSUPDATE="@comment "
.else
.elif ${PORT_OPTIONS:MNSUPDATE}
RUN_DEPENDS+= samba-nsupdate:${PORTSDIR}/dns/samba-nsupdate
SUB_LIST+= NSUPDATE=""
.endif
@ -187,14 +196,14 @@ CONFIGURE_ARGS+= --enable-debug
# https://bugzilla.samba.org/show_bug.cgi?id=8969
.if ${PORT_OPTIONS:MDEVELOPER}
GDB_CMD?= gdb76
GDB_CMD?= gdb761
BUILD_DEPENDS+= ${GDB_CMD}:${PORTSDIR}/devel/gdb
RUN_DEPENDS+= ${GDB_CMD}:${PORTSDIR}/devel/gdb
SAMBA4_MODULES+= auth_skel perfcount_test pdb_test vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent vfs_fake_acls
CONFIGURE_ARGS+= --enable-developer --enable-socket-wrapper --enable-nss-wrapper --enable-selftest
PLIST_SUB+= DEVELOPER=""
.else
GDB_CMD= /usr/bin/true
GDB_CMD= true
PLIST_SUB+= DEVELOPER="@comment "
.endif
##############################################################################
@ -228,7 +237,7 @@ WANT_EXP_MODULES= idmap_ad vfs_cacheprime gpext_scripts gpext_security gpext_reg
.if ${PORT_OPTIONS:MACL_SUPPORT}
. if ${OSVERSION} > 800000
LIB_DEPENDS+= sunacl:${PORTSDIR}/sysutils/libsunacl
LIB_DEPENDS+= libsunacl.so:${PORTSDIR}/sysutils/libsunacl
WANT_EXP_MODULES+= vfs_zfsacl
SAMBA4_MODULES+= vfs_zfsacl
. endif
@ -250,14 +259,21 @@ CONFIGURE_ARGS+= --without-aio-support
.endif
.if ${PORT_OPTIONS:MAVAHI}
LIB_DEPENDS+= avahi-client:${PORTSDIR}/net/avahi-app
LIB_DEPENDS+= libavahi-client.so:${PORTSDIR}/net/avahi-app
CONFIGURE_ARGS+= --enable-avahi
.else
CONFIGURE_ARGS+= --disable-avahi
.endif
.if ${PORT_OPTIONS:MMDNSRESPONDER}
LIB_DEPENDS+= libdns_sd.so:${PORTSDIR}/net/mDNSResponder
CONFIGURE_ARGS+= --enable-dnssd
.else
CONFIGURE_ARGS+= --disable-dnssd
.endif
.if ${PORT_OPTIONS:MCUPS}
LIB_DEPENDS+= cups:${PORTSDIR}/print/cups-client
LIB_DEPENDS+= libcups.so:${PORTSDIR}/print/cups-client
CONFIGURE_ARGS+= --enable-cups --enable-iprint
.else
CONFIGURE_ARGS+= --disable-cups --disable-iprint
@ -364,7 +380,7 @@ PLIST_REINPLACE_${m:U}= s|^@comment ${m} ||g
.endfor
##############################################################################
.if ! ${PORT_OPTIONS:MMANPAGES}
CONFIGURE_ENV+= XSLTPROC="/usr/bin/true"
CONFIGURE_ENV+= XSLTPROC="true"
.else
BUILD_DEPENDS+= ${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:${PORTSDIR}/textproc/docbook-xsl \
xsltproc:${PORTSDIR}/textproc/libxslt
@ -392,7 +408,7 @@ CONFIGURE_ARGS+= --jobs=${MAKE_JOBS_NUMBER}
_MAKE_JOBS+= --jobs=${MAKE_JOBS_NUMBER}
.endif
MAN1+= dbwrap_tool.1 findsmb.1 gentest.1 locktest.1 \
SAMBA_MAN1+= dbwrap_tool.1 findsmb.1 gentest.1 locktest.1 \
log2pcap.1 masktest.1 ndrdump.1 nmblookup.1 \
nmblookup4.1 ntlm_auth.1 oLschema2ldif.1 \
profiles.1 regdiff.1 regpatch.1 regshell.1 \
@ -401,12 +417,12 @@ MAN1+= dbwrap_tool.1 findsmb.1 gentest.1 locktest.1 \
smbstatus.1 smbtar.1 smbtorture.1 smbtree.1 \
testparm.1 vfstest.1 wbinfo.1
MAN5+= lmhosts.5 smbgetrc.5 smbpasswd.5 pam_winbind.conf.5 \
SAMBA_MAN5+= lmhosts.5 smbgetrc.5 smbpasswd.5 pam_winbind.conf.5 \
smb.conf.5
MAN7+= samba.7 winbind_krb5_locator.7
SAMBA_MAN7+= samba.7 winbind_krb5_locator.7
MAN8+= eventlogadm.8 idmap_ad.8 idmap_autorid.8 idmap_hash.8 \
SAMBA_MAN8+= eventlogadm.8 idmap_ad.8 idmap_autorid.8 idmap_hash.8 \
idmap_ldap.8 idmap_nss.8 idmap_rid.8 idmap_tdb.8 \
idmap_tdb2.8 net.8 nmbd.8 pam_winbind.8 pdbedit.8 \
samba-tool.8 samba.8 smbd.8 smbpasswd.8 smbspool.8 \
@ -423,8 +439,6 @@ MAN8+= eventlogadm.8 idmap_ad.8 idmap_autorid.8 idmap_hash.8 \
vfs_streams_depot.8 vfs_streams_xattr.8 vfs_time_audit.8 \
vfs_tsmsm.8 vfs_xattr_tdb.8 winbindd.8
MLINKS= smb.conf.5 smb4.conf.5 samba.8 samba4.8
PORTDOCS= README.FreeBSD
ALL_TARGET= build
@ -479,7 +493,7 @@ pre-build:
@${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
. endfor
-@${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
. for man in ${MAN1} ${MAN5} ${MAN7} ${MAN8}
. for man in ${SAMBA_MAN1} ${SAMBA_MAN5} ${SAMBA_MAN7} ${SAMBA_MAN8}
-@${INSTALL_MAN} ${BUILD_WRKSRC}/docs/manpages/${man} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
. endfor
.endif
@ -499,13 +513,12 @@ do-install:
post-install:
.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
@${MKDIR} ${STAGEDIR}${DOCSDIR}
. for doc in ${PORTDOCS}
@${INSTALL_DATA} ${WRKDIR}/${doc} ${DOCSDIR}
@${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
. endfor
@${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/man/man5/smb4.conf.5.gz
.endif
@${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
@${CAT} ${PKGMESSAGE}
.if ${PORT_OPTIONS:MDEVELOPER}
test: build

View file

@ -1,2 +1,2 @@
SHA256 (samba-4.0.8.tar.gz) = 5c6d4ff8249ad4377dc2e854de6744ce0058d1ff28ece6008f5152e922993a88
SIZE (samba-4.0.8.tar.gz) = 22076951
SHA256 (samba-4.0.12.tar.gz) = 2f4176a35cbf4d76906592e88d31f6c9479c061439f0e7509a5265b779e68822
SIZE (samba-4.0.12.tar.gz) = 22099958

View file

@ -1,10 +1,11 @@
--- ./lib/replace/wscript.orig 2013-02-05 12:25:25.000000000 +0000
+++ ./lib/replace/wscript 2013-02-15 06:29:28.649888344 +0000
@@ -344,7 +344,6 @@
conf.CHECK_FUNCS_IN('gettext', 'intl', checklibc=True, headers='libintl.h')
--- lib/replace/wscript.orig 2013-09-06 09:39:57.000000000 +0000
+++ lib/replace/wscript 2013-10-15 15:11:25.307472084 +0000
@@ -398,8 +398,6 @@
'it with --with-gettext=</path/to/gettext> or ' +
'--without-gettext to build without''')
conf.CHECK_FUNCS_IN('dgettext gettext', 'intl', headers='libintl.h')
- conf.CHECK_FUNCS_IN('pthread_create', 'pthread', checklibc=True, headers='pthread.h')
-
conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True)
conf.CHECK_VARIABLE('rl_event_hook', define='HAVE_DECL_RL_EVENT_HOOK', always=True,

View file

@ -0,0 +1,10 @@
--- lib/replace/xattr.c.orig 2013-11-19 12:05:06.297639060 +0000
+++ lib/replace/xattr.c 2013-11-19 12:05:15.450326063 +0000
@@ -25,6 +25,7 @@
License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
+#define UID_WRAPPER_NOT_REPLACE
#include "replace.h"
#include "system/filesys.h"
#include "system/dir.h"

View file

@ -0,0 +1,11 @@
--- source3/client/dnsbrowse.c.orig 2013-11-12 10:20:03.145351798 +0100
+++ source3/client/dnsbrowse.c 2013-11-12 10:20:11.762761273 +0100
@@ -91,7 +91,7 @@
}
}
- TALLOC_FREE(fdset);
+ TALLOC_FREE(ctx);
DNSServiceRefDeallocate(mdns_conn_sdref);
}

View file

@ -0,0 +1,11 @@
--- source3/lib/sysquotas_nfs.c.orig 2013-11-05 12:08:05.568859038 +0000
+++ source3/lib/sysquotas_nfs.c 2013-11-05 12:08:28.560058330 +0000
@@ -154,7 +154,7 @@
gq_args.gqa_uid = id.uid;
DEBUG(10, ("sys_get_nfs_quotas: Asking for quota of path '%s' on "
- "host '%s', rpcprog '%i', rpcvers '%i', network '%s'\n",
+ "host '%s', rpcprog '%li', rpcvers '%li', network '%s'\n",
host, testpath+1, RQUOTAPROG, RQUOTAVERS, "udp"));
clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp");

View file

@ -1,6 +1,6 @@
--- ./source3/smbd/quotas.c.orig 2010-04-01 15:26:22.000000000 +0200
+++ ./source3/smbd/quotas.c 2010-04-23 01:08:35.000000000 +0200
@@ -1235,6 +1235,7 @@
--- ./source3/smbd/quotas.c.orig 2012-10-02 08:24:45.000000000 +0000
+++ ./source3/smbd/quotas.c 2013-11-18 22:45:12.800444516 +0000
@@ -144,6 +144,7 @@
if (!cutstr)
return False;
@ -8,7 +8,7 @@
memset(cutstr, '\0', len+1);
host = strncat(cutstr,mnttype, sizeof(char) * len );
DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
@@ -1243,7 +1244,7 @@
@@ -152,7 +153,7 @@
args.gqa_pathp = testpath+1;
args.gqa_uid = uid;

View file

@ -0,0 +1,11 @@
--- ./source3/utils/net_lookup.c.orig 2013-11-18 23:13:25.859884543 +0000
+++ ./source3/utils/net_lookup.c 2013-11-18 23:21:48.283312520 +0000
@@ -321,7 +321,7 @@
print_sockaddr(addr, sizeof(addr), &kdcs[i].ss);
- d_printf("%s:%hd\n", addr, kdcs[i].port);
+ d_printf("%s:%u\n", addr, kdcs[i].port);
}
return 0;

View file

@ -1,6 +1,25 @@
--- ./source3/wscript.orig 2013-02-05 12:25:26.000000000 +0000
+++ ./source3/wscript 2013-02-15 17:54:40.099886239 +0000
@@ -475,7 +475,7 @@
--- ./source3/wscript.orig 2013-10-07 08:49:10.000000000 +0000
+++ ./source3/wscript 2013-11-18 22:45:12.808702339 +0000
@@ -35,6 +35,7 @@
opt.SAMBA3_ADD_OPTION('utmp')
opt.SAMBA3_ADD_OPTION('pthreadpool', with_name="enable", without_name="disable", default=True)
opt.SAMBA3_ADD_OPTION('avahi', with_name="enable", without_name="disable")
+ opt.SAMBA3_ADD_OPTION('dnssd', with_name="enable", without_name="disable")
opt.SAMBA3_ADD_OPTION('iconv')
opt.SAMBA3_ADD_OPTION('acl-support')
opt.SAMBA3_ADD_OPTION('dnsupdate')
@@ -312,7 +312,9 @@
# Check if the compiler will optimize out functions
conf.CHECK_CODE('''
-if (0) {
+char s = "string";
+int len = 6;
+if (sizeof(s) != len && sizeof(s) != sizeof(char *)) {
this_function_does_not_exist();
} else {
return 1;
@@ -502,7 +504,7 @@
conf.CHECK_CODE('struct aiocb a; return aio_return(&a);', 'HAVE_AIO_RETURN', msg='Checking for aio_return', headers='aio.h', lib='aio rt')
conf.CHECK_CODE('struct aiocb a; return aio_error(&a);', 'HAVE_AIO_ERROR', msg='Checking for aio_error', headers='aio.h', lib='aio rt')
conf.CHECK_CODE('struct aiocb a; return aio_cancel(1, &a);', 'HAVE_AIO_CANCEL', msg='Checking for aio_cancel', headers='aio.h', lib='aio rt')
@ -9,7 +28,25 @@
if not conf.CONFIG_SET('HAVE_AIO'):
conf.DEFINE('HAVE_NO_AIO', '1')
else:
@@ -1644,26 +1644,8 @@
@@ -812,6 +813,17 @@
conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
+ if Options.options.with_dnssd:
+ conf.env.with_dnssd = True
+ if not conf.CHECK_HEADERS('dns_sd.h'):
+ conf.env.with_dnssd = False
+ if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
+ conf.env.with_dnssd = False
+ if conf.env.with_dnssd:
+ conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
+ else:
+ conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
+
if Options.options.with_iconv:
conf.env.with_iconv = True
if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):
@@ -1670,26 +1670,8 @@
if PTHREAD_LDFLAGS == 'error':
if conf.CHECK_FUNCS_IN('pthread_attr_init', 'pthread'):
@ -37,7 +74,7 @@
if PTHREAD_CFLAGS != 'error' and PTHREAD_LDFLAGS != 'error':
conf.ADD_CFLAGS(PTHREAD_CFLAGS)
@@ -1693,8 +1675,8 @@
@@ -1719,8 +1701,8 @@
auth_script vfs_readahead vfs_xattr_tdb vfs_posix_eadb
vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb
vfs_smb_traffic_analyzer vfs_preopen vfs_catia vfs_scannedonly
@ -48,7 +85,7 @@
vfs_crossrename vfs_linux_xfs_sgid
vfs_time_audit idmap_autorid idmap_tdb2
idmap_rid idmap_hash'''))
@@ -1707,7 +1689,7 @@
@@ -1733,7 +1715,7 @@
if Options.options.enable_selftest or Options.options.developer:
default_shared_modules.extend(TO_LIST('vfs_fake_acls'))
@ -57,12 +94,12 @@
if conf.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
default_static_modules.extend(TO_LIST('pdb_samba_dsdb auth_samba4 vfs_dfs_samba4'))
@@ -1740,7 +1722,7 @@
@@ -1766,7 +1748,7 @@
default_static_modules.extend(TO_LIST('charset_macosxfs'))
if conf.CONFIG_SET('HAVE_GPFS'):
- default_shared_modules.extend(TO_LIST('vfs_gpfs'))
+ default_shared_modules.extend(TO_LIST('vfs_gpfs'))
explicit_shared_modules = TO_LIST(Options.options.shared_modules, delimiter=',')
explicit_static_modules = TO_LIST(Options.options.static_modules, delimiter=',')
if conf.CONFIG_SET('SAMBA_FAM_LIBS'):
default_shared_modules.extend(TO_LIST('vfs_notify_fam'))

View file

@ -1,5 +1,5 @@
--- ./source3/wscript_build.orig 2012-12-11 17:10:13.000000000 +0000
+++ ./source3/wscript_build 2013-02-05 04:25:57.199878484 +0000
--- source3/wscript_build.orig 2013-07-01 09:15:40.000000000 +0200
+++ source3/wscript_build 2013-11-12 10:13:36.004046408 +0100
@@ -1,7 +1,8 @@
#!/usr/bin/env python
@ -28,7 +28,7 @@
source=WINBIND_WINS_NSS_SRC,
deps='''param libsmb LIBTSOCKET''',
realname='libnss_wins.so.2',
@@ -972,10 +982,11 @@
@@ -972,10 +982,12 @@
LIBAFS_SETTOKEN
RPC_SERVER
NDR_SMBXSRV
@ -38,10 +38,19 @@
NDR_SMB_ACL
netapi
+ inotify
+ dns_sd
''' + bld.env['dmapi_lib'],
private_library=True,
vars=locals())
@@ -1629,7 +1640,7 @@
@@ -1277,6 +1289,7 @@
libsmb
msrpc3
RPC_NDR_SRVSVC
+ dns_sd
cli_smb_common''')
bld.SAMBA3_BINARY('net',
@@ -1629,7 +1642,7 @@
bld.SAMBA3_PYTHON('pylibsmb',
source='libsmb/pylibsmb.c',

View file

@ -12,9 +12,9 @@ Signed-off-by: Guenter Kukkukk <kukks@samba.org>
diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
index 7604a05..71adf68 100644
--- ./source4/dns_server/dns_crypto.c
+++ ./source4/dns_server/dns_crypto.c
@@ -244,6 +244,8 @@ WERROR dns_sign_tsig(struct dns_server *dns,
--- ./source4/dns_server/dns_crypto.c.orig 2012-10-02 08:24:46.000000000 +0000
+++ ./source4/dns_server/dns_crypto.c 2013-11-18 22:45:12.818702284 +0000
@@ -244,6 +244,8 @@
DATA_BLOB packet_blob, tsig_blob, sig;
uint8_t *buffer = NULL;
size_t buffer_len = 0;
@ -23,7 +23,7 @@ index 7604a05..71adf68 100644
struct dns_server_tkey * tkey = NULL;
struct dns_res_rec *tsig = talloc_zero(mem_ctx, struct dns_res_rec);
@@ -298,16 +300,44 @@ WERROR dns_sign_tsig(struct dns_server *dns,
@@ -298,16 +300,44 @@
return DNS_ERR(SERVER_FAILURE);
}
@ -40,18 +40,18 @@ index 7604a05..71adf68 100644
+ length bytes of the MIC (here 16 + 12 = 28 bytes) */
+ miclen_bytes = sizeof(state->tsig->rdata.tsig_record.mac_size);
+ mic_size = miclen_bytes + state->tsig->rdata.tsig_record.mac_size;
+
- memcpy(buffer, packet_blob.data, packet_blob.length);
- memcpy(buffer+packet_blob.length, tsig_blob.data, tsig_blob.length);
+ buffer_len = mic_size + packet_blob.length + tsig_blob.length;
+ buffer = talloc_zero_array(mem_ctx, uint8_t, buffer_len);
+ if (buffer == NULL) {
+ return WERR_NOMEM;
+ }
- memcpy(buffer, packet_blob.data, packet_blob.length);
- memcpy(buffer+packet_blob.length, tsig_blob.data, tsig_blob.length);
+ /* copy the 2 length bytes of request MIC in big-endian order */
+ RSSVAL(buffer,0,state->tsig->rdata.tsig_record.mac_size);
+
+ /* copy the request MIC itself */
+ memcpy(buffer + miclen_bytes, state->tsig->rdata.tsig_record.mac,
+ state->tsig->rdata.tsig_record.mac_size);
@ -65,15 +65,13 @@ index 7604a05..71adf68 100644
+ if (buffer == NULL) {
+ return WERR_NOMEM;
+ }
+
+ memcpy(buffer, packet_blob.data, packet_blob.length);
+ memcpy(buffer+packet_blob.length, tsig_blob.data, tsig_blob.length);
+ }
+
+ /* FIXME: as in the verify case, some padding is wrong */
+ buffer_len -=2;
status = gensec_sign_packet(tkey->gensec, mem_ctx, buffer, buffer_len,
buffer, buffer_len, &sig);
if (!NT_STATUS_IS_OK(status)) {
--
1.7.3.4

View file

@ -0,0 +1,11 @@
--- source4/heimdal/lib/roken/rkpty.c.orig 2013-11-05 12:05:01.120532069 +0000
+++ source4/heimdal/lib/roken/rkpty.c 2013-11-05 12:05:17.764730404 +0000
@@ -232,7 +232,7 @@
errx(1, "timeout waiting for %s (line %u)",
c->str, c->lineno);
else if (alarmset)
- errx(1, "got a signal %d waiting for %s (line %u)",
+ errx(1, "got a signal %ld waiting for %s (line %u)",
alarmset, c->str, c->lineno);
if (sret <= 0)
errx(1, "end command while waiting for %s (line %u)",

View file

@ -800,6 +800,7 @@ libdata/pkgconfig/wbclient.pc
@dirrm %%PYTHON_SITELIBDIR%%/samba/dcerpc
@dirrm %%PYTHON_SITELIBDIR%%/samba
@dirrmtry %%PYTHON_SITELIBDIR%%
@dirrmtry %%PYTHON_LIBDIR%%
%%DATADIR%%/codepages/de.msg
%%DATADIR%%/codepages/en.msg
%%DATADIR%%/codepages/fi.msg
@ -956,3 +957,101 @@ libdata/pkgconfig/wbclient.pc
@dirrm %%DATADIR%%/setup
@dirrm %%DATADIR%%/codepages
@dirrm %%DATADIR%%
man/man1/dbwrap_tool.1.gz
man/man1/findsmb.1.gz
man/man1/gentest.1.gz
man/man1/locktest.1.gz
man/man1/log2pcap.1.gz
man/man1/masktest.1.gz
man/man1/ndrdump.1.gz
man/man1/nmblookup.1.gz
man/man1/nmblookup4.1.gz
man/man1/ntlm_auth.1.gz
man/man1/oLschema2ldif.1.gz
man/man1/profiles.1.gz
man/man1/regdiff.1.gz
man/man1/regpatch.1.gz
man/man1/regshell.1.gz
man/man1/regtree.1.gz
man/man1/rpcclient.1.gz
man/man1/sharesec.1.gz
man/man1/smbcacls.1.gz
man/man1/smbclient.1.gz
man/man1/smbcontrol.1.gz
man/man1/smbcquotas.1.gz
man/man1/smbget.1.gz
man/man1/smbstatus.1.gz
man/man1/smbtar.1.gz
man/man1/smbtorture.1.gz
man/man1/smbtree.1.gz
man/man1/testparm.1.gz
man/man1/vfstest.1.gz
man/man1/wbinfo.1.gz
man/man5/lmhosts.5.gz
man/man5/pam_winbind.conf.5.gz
man/man5/smb.conf.5.gz
man/man5/smb4.conf.5.gz
man/man5/smbgetrc.5.gz
man/man5/smbpasswd.5.gz
man/man7/samba.7.gz
man/man7/winbind_krb5_locator.7.gz
man/man8/eventlogadm.8.gz
man/man8/idmap_ad.8.gz
man/man8/idmap_autorid.8.gz
man/man8/idmap_hash.8.gz
man/man8/idmap_ldap.8.gz
man/man8/idmap_nss.8.gz
man/man8/idmap_rid.8.gz
man/man8/idmap_tdb.8.gz
man/man8/idmap_tdb2.8.gz
man/man8/net.8.gz
man/man8/nmbd.8.gz
man/man8/pam_winbind.8.gz
man/man8/pdbedit.8.gz
man/man8/samba-tool.8.gz
man/man8/samba.8.gz
man/man8/smbd.8.gz
man/man8/smbpasswd.8.gz
man/man8/smbspool.8.gz
man/man8/smbta-util.8.gz
man/man8/swat.8.gz
man/man8/vfs_acl_tdb.8.gz
man/man8/vfs_acl_xattr.8.gz
man/man8/vfs_aio_fork.8.gz
man/man8/vfs_aio_linux.8.gz
man/man8/vfs_aio_pthread.8.gz
man/man8/vfs_audit.8.gz
man/man8/vfs_cacheprime.8.gz
man/man8/vfs_cap.8.gz
man/man8/vfs_catia.8.gz
man/man8/vfs_commit.8.gz
man/man8/vfs_crossrename.8.gz
man/man8/vfs_default_quota.8.gz
man/man8/vfs_dirsort.8.gz
man/man8/vfs_extd_audit.8.gz
man/man8/vfs_fake_perms.8.gz
man/man8/vfs_fileid.8.gz
man/man8/vfs_full_audit.8.gz
man/man8/vfs_gpfs.8.gz
man/man8/vfs_media_harmony.8.gz
man/man8/vfs_netatalk.8.gz
man/man8/vfs_notify_fam.8.gz
man/man8/vfs_prealloc.8.gz
man/man8/vfs_preopen.8.gz
man/man8/vfs_readahead.8.gz
man/man8/vfs_readonly.8.gz
man/man8/vfs_recycle.8.gz
man/man8/vfs_scannedonly.8.gz
man/man8/vfs_shadow_copy.8.gz
man/man8/vfs_shadow_copy2.8.gz
man/man8/vfs_smb_traffic_analyzer.8.gz
man/man8/vfs_streams_depot.8.gz
man/man8/vfs_streams_xattr.8.gz
man/man8/vfs_time_audit.8.gz
man/man8/vfs_tsmsm.8.gz
man/man8/vfs_xattr_tdb.8.gz
man/man8/winbindd.8.gz
@dirrmtry /var/run/samba4
@dirrmtry /var/log/samba4
@dirrmtry /var/db/samba4/private
@dirrmtry /var/db/samba4