diff options
author | Tiziano Müller <dev-zero@gentoo.org> | 2007-11-15 14:44:00 +0000 |
---|---|---|
committer | Tiziano Müller <dev-zero@gentoo.org> | 2007-11-15 14:44:00 +0000 |
commit | a4a5a5347e217aa0739a26413d4d74c92c051c95 (patch) | |
tree | 69a5ee7a80844f26e4053717b2c70278aabc2404 /net-fs | |
parent | Version bump (diff) | |
download | historical-a4a5a5347e217aa0739a26413d4d74c92c051c95.tar.gz historical-a4a5a5347e217aa0739a26413d4d74c92c051c95.tar.bz2 historical-a4a5a5347e217aa0739a26413d4d74c92c051c95.zip |
Revision bump. Marking stable for all archs for remote vulnerability security bug (CVE-2007-5398)
Diffstat (limited to 'net-fs')
-rw-r--r-- | net-fs/samba/ChangeLog | 9 | ||||
-rw-r--r-- | net-fs/samba/Manifest | 19 | ||||
-rw-r--r-- | net-fs/samba/files/3.0.26a-CVE-2007-5398.patch | 36 | ||||
-rw-r--r-- | net-fs/samba/files/digest-samba-3.0.26a-r2 | 3 | ||||
-rw-r--r-- | net-fs/samba/samba-3.0.26a-r2.ebuild | 311 |
5 files changed, 373 insertions, 5 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog index 12e67e8492cc..e4850272be44 100644 --- a/net-fs/samba/ChangeLog +++ b/net-fs/samba/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-fs/samba # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.307 2007/11/02 22:09:42 dev-zero Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.308 2007/11/15 14:43:59 dev-zero Exp $ + +*samba-3.0.26a-r2 (15 Nov 2007) + + 15 Nov 2007; Tiziano Müller <dev-zero@gentoo.org> + +files/3.0.26a-CVE-2007-5398.patch, +samba-3.0.26a-r2.ebuild: + Revision bump. Marking stable for all archs for remote vulnerability + security bug (CVE-2007-5398) *samba-3.0.26a-r1 (02 Nov 2007) diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index bcee49f63db3..6b7afdaf351c 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -22,6 +22,10 @@ AUX 3.0.25c-py_smp.patch 914 RMD160 455ec69a623fc75a56ca7f26e243873e890360f9 SHA MD5 95c1be28c63f32afbac815dd5463a693 files/3.0.25c-py_smp.patch 914 RMD160 455ec69a623fc75a56ca7f26e243873e890360f9 files/3.0.25c-py_smp.patch 914 SHA256 676078b5e331b43f426f6cfd10db00d9c70a88df2da436abb2eccad1b49cd0db files/3.0.25c-py_smp.patch 914 +AUX 3.0.26a-CVE-2007-5398.patch 1232 RMD160 b547196a44437d6336495ea727f9abfcfd41e79c SHA1 e2b7d91446e07bf1be5930187417f26841995743 SHA256 37a0181aa647de7feb888d675ea726e135bbe53bc3099076eaf0682fc1b11b05 +MD5 79934d4dcc779a467697e7cf86046631 files/3.0.26a-CVE-2007-5398.patch 1232 +RMD160 b547196a44437d6336495ea727f9abfcfd41e79c files/3.0.26a-CVE-2007-5398.patch 1232 +SHA256 37a0181aa647de7feb888d675ea726e135bbe53bc3099076eaf0682fc1b11b05 files/3.0.26a-CVE-2007-5398.patch 1232 AUX 3.0.26a-invalid-free-fix.patch 541 RMD160 13e1b0420ae9c06a2e6d4f9a8a0a3af8c32318b9 SHA1 0457c901f55b86b9b3751dc67b86a26cb19ec4e7 SHA256 4a727b9a02cbc7e2efc00190d5068c82e12a0b9fdad2a50869a2f10bc39a06f2 MD5 1c3431c8feebecfc2e0ae8987afee555 files/3.0.26a-invalid-free-fix.patch 541 RMD160 13e1b0420ae9c06a2e6d4f9a8a0a3af8c32318b9 files/3.0.26a-invalid-free-fix.patch 541 @@ -99,10 +103,14 @@ EBUILD samba-3.0.26a-r1.ebuild 8770 RMD160 f4223617e3687035ee9e3577ddfa6c444b61e MD5 19b0f919c6d15e7ebf07a3f0899bccc0 samba-3.0.26a-r1.ebuild 8770 RMD160 f4223617e3687035ee9e3577ddfa6c444b61ee2e samba-3.0.26a-r1.ebuild 8770 SHA256 07a93917ca0d9baf6c1717069981fff449b45ebf136af93242ba1446dbf54e5e samba-3.0.26a-r1.ebuild 8770 -MISC ChangeLog 52511 RMD160 a92f778811e9b000612325c115856a4918e8eb79 SHA1 372d1739a92215c3e86731686d5ffeee88c44b33 SHA256 bed96c8f2a89905a8d9018fc72b9a70122f61439db2cc60c2bfb414676531838 -MD5 1a304b9bfc7a261225c69b1aee371d8b ChangeLog 52511 -RMD160 a92f778811e9b000612325c115856a4918e8eb79 ChangeLog 52511 -SHA256 bed96c8f2a89905a8d9018fc72b9a70122f61439db2cc60c2bfb414676531838 ChangeLog 52511 +EBUILD samba-3.0.26a-r2.ebuild 8827 RMD160 2e668f31f4c351b7fde97bf9cff9062a92ace8d5 SHA1 315b319339bedfc4d2e78bed77dd64e135b64fbb SHA256 8967cd7571aab33026f856a3bf934803a5d29aeb141e05dbe746d93610ed71d2 +MD5 3c44bc7ef1f33b538585be2437da759f samba-3.0.26a-r2.ebuild 8827 +RMD160 2e668f31f4c351b7fde97bf9cff9062a92ace8d5 samba-3.0.26a-r2.ebuild 8827 +SHA256 8967cd7571aab33026f856a3bf934803a5d29aeb141e05dbe746d93610ed71d2 samba-3.0.26a-r2.ebuild 8827 +MISC ChangeLog 52764 RMD160 dc6b567c4a31be9d0e7d2d8498368ebc9026abbe SHA1 59680f56a9e90ff7997c5ca823237491a9e26608 SHA256 504361b96fc9d6a952420da5a0a4c81140ff8badb5823a685970259e795bc89f +MD5 3ad68922daec7d500b411baa80a44570 ChangeLog 52764 +RMD160 dc6b567c4a31be9d0e7d2d8498368ebc9026abbe ChangeLog 52764 +SHA256 504361b96fc9d6a952420da5a0a4c81140ff8badb5823a685970259e795bc89f ChangeLog 52764 MISC metadata.xml 489 RMD160 36eed0edca609c521314ae415efd57ca9acfecb4 SHA1 317e61704a10a3bd888d32c6834721f5d40d00ff SHA256 6f35f13dd39bb51d304fd59b5352c92bc35a957c9c9412c5c1f3f58e98519792 MD5 324855d88a5c326d1b45b5c7719d5536 metadata.xml 489 RMD160 36eed0edca609c521314ae415efd57ca9acfecb4 metadata.xml 489 @@ -116,3 +124,6 @@ SHA256 6772b5cc291b0f6dbd584253eabd0e7ad75966af1ff8f17c48762a65e4111a9c files/di MD5 cdaa94996a44f40213ca611e5ddc5e2e files/digest-samba-3.0.26a-r1 247 RMD160 eda75ec256c84904565d4fd0c9c69baa95ee7938 files/digest-samba-3.0.26a-r1 247 SHA256 19fc1538d2f06366e50a6fb6da02b496ae459035c2d650c508d34f1ad970150e files/digest-samba-3.0.26a-r1 247 +MD5 cdaa94996a44f40213ca611e5ddc5e2e files/digest-samba-3.0.26a-r2 247 +RMD160 eda75ec256c84904565d4fd0c9c69baa95ee7938 files/digest-samba-3.0.26a-r2 247 +SHA256 19fc1538d2f06366e50a6fb6da02b496ae459035c2d650c508d34f1ad970150e files/digest-samba-3.0.26a-r2 247 diff --git a/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch new file mode 100644 index 000000000000..e27c73e596f9 --- /dev/null +++ b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch @@ -0,0 +1,36 @@ +commit 089a51061b1be809f278ab4e9a741d0a44e52750 +Author: Gerald (Jerry) Carter <jerry@samba.org> +Date: Wed Nov 14 20:51:14 2007 -0600 + + Fix for CVE-2007-5398. + + == Subject: Remote code execution in Samba's WINS + == server daemon (nmbd) when processing name + == registration followed name query requests. + == + == CVE ID#: CVE-2007-5398 + == + == Versions: Samba 3.0.0 - 3.0.26a (inclusive) + ... + Secunia Research reported a vulnerability that allows for + the execution of arbitrary code in nmbd. This defect may + only be exploited when the "wins support" parameter has + been enabled in smb.conf. + +diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c +index 87a38b9..bbcc1ec 100644 +--- a/source/nmbd/nmbd_packets.c ++++ b/source/nmbd/nmbd_packets.c +@@ -963,6 +963,12 @@ for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name), + nmb->answers->ttl = ttl; + + if (data && len) { ++ if (len < 0 || len > sizeof(nmb->answers->rdata)) { ++ DEBUG(5,("reply_netbios_packet: " ++ "invalid packet len (%d)\n", ++ len )); ++ return; ++ } + nmb->answers->rdlength = len; + memcpy(nmb->answers->rdata, data, len); + } diff --git a/net-fs/samba/files/digest-samba-3.0.26a-r2 b/net-fs/samba/files/digest-samba-3.0.26a-r2 new file mode 100644 index 000000000000..7056d3102e2e --- /dev/null +++ b/net-fs/samba/files/digest-samba-3.0.26a-r2 @@ -0,0 +1,3 @@ +MD5 16b47e6add332e5ac4523fc88c381d06 samba-3.0.26a.tar.gz 18180031 +RMD160 9a62ba3ea2747b500ddea56729499524ae4329d2 samba-3.0.26a.tar.gz 18180031 +SHA256 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37 samba-3.0.26a.tar.gz 18180031 diff --git a/net-fs/samba/samba-3.0.26a-r2.ebuild b/net-fs/samba/samba-3.0.26a-r2.ebuild new file mode 100644 index 000000000000..2a5f75117cbe --- /dev/null +++ b/net-fs/samba/samba-3.0.26a-r2.ebuild @@ -0,0 +1,311 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.0.26a-r2.ebuild,v 1.1 2007/11/15 14:43:59 dev-zero Exp $ + +inherit eutils pam python multilib versionator confutils + +MY_P=${PN}-${PV/_/} + +DESCRIPTION="A suite of SMB and CIFS client/server programs for UNIX" +HOMEPAGE="http://www.samba.org/" +SRC_URI="mirror://samba/${MY_P}.tar.gz + mirror://samba/old-versions/${MY_P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd" +IUSE_LINGUAS="linguas_ja linguas_pl" +IUSE="${IUSE_LINGUAS} acl ads async automount caps cups doc examples ipv6 kernel_linux ldap fam + pam python quotas readline selinux swat syslog winbind" + +RDEPEND="dev-libs/popt + virtual/libiconv + acl? ( kernel_linux? ( sys-apps/acl ) ) + cups? ( net-print/cups ) + ipv6? ( sys-apps/xinetd ) + ads? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( virtual/pam ) + python? ( dev-lang/python ) + readline? ( sys-libs/readline ) + selinux? ( sec-policy/selinux-samba ) + swat? ( sys-apps/xinetd ) + syslog? ( virtual/logger ) + fam? ( virtual/fam ) + caps? ( sys-libs/libcap )" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${MY_P} +CONFDIR=${FILESDIR}/config +PRIVATE_DST=/var/lib/samba/private + +pkg_setup() { + confutils_use_depend_all ads ldap +} + +src_unpack() { + unpack ${A} + cd "${S}/source" + + # This patch adds "-Wl,-z,now" to smb{mnt,umount} + # Please read ... for further informations + epatch "${FILESDIR}/${PV}-lazyldflags.patch" + + # Bug #196015 (upstream: #5021) + epatch "${FILESDIR}/${PV}-invalid-free-fix.patch" + + # Bug #197519 + epatch "${FILESDIR}/${PV}-CVE-2007-5398.patch" + + # Ok, agreed, this is ugly. But it avoids a patch we + # need for every samba version and we don't need autotools + sed -i \ + -e 's|"lib32" ||' \ + -e 's|if test -d "$i/$l" ;|if test -d "$i/$l" -o -L "$i/$l";|' \ + configure || die "sed failed" + + rm "${S}/docs/manpages"/{mount,umount}.cifs.8 +} + +src_compile() { + cd "${S}/source" + + local myconf + local mylangs + local mymod_shared + + python_version + myconf="--with-python=no" + use python && myconf="--with-python=${python}" + + mylangs="--with-manpages-langs=en" + use linguas_ja && mylangs="${mylangs},ja" + use linguas_pl && mylangs="${mylangs},pl" + + use winbind && mymod_shared="--with-shared-modules=idmap_rid" + if use ldap ; then + myconf="${myconf} $(use_with ads)" + use winbind && mymod_shared="${mymod_shared},idmap_ad" + fi + + [[ ${CHOST} == *-*bsd* ]] && myconf="${myconf} --disable-pie" + use hppa && myconf="${myconf} --disable-pie" + + use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no + + # Otherwise we get the whole swat stuff installed + if ! use swat ; then + sed -i \ + -e 's/^\(install:.*\)installswat \(.*\)/\1\2/' \ + Makefile.in || die "sed failed" + fi + + econf \ + --with-fhs \ + --sysconfdir=/etc/samba \ + --localstatedir=/var \ + --with-configdir=/etc/samba \ + --with-libdir=/usr/$(get_libdir)/samba \ + --with-swatdir=/usr/share/doc/${PF}/swat \ + --with-piddir=/var/run/samba \ + --with-lockdir=/var/cache/samba \ + --with-logfilebase=/var/log/samba \ + --with-privatedir=${PRIVATE_DST} \ + --with-libsmbclient \ + --without-spinlocks \ + --enable-socket-wrapper \ + --with-cifsmount=no \ + $(use_with acl acl-support) \ + $(use_with async aio-support) \ + $(use_with automount) \ + $(use_enable cups) \ + $(use_enable fam) \ + $(use_with ads krb5) \ + $(use_with ldap) \ + $(use_with pam) $(use_with pam pam_smbpass) \ + $(use_with quotas) $(use_with quotas sys-quotas) \ + $(use_with readline) \ + $(use_with kernel_linux smbmount) \ + $(use_with syslog) \ + $(use_with winbind) \ + ${myconf} ${mylangs} ${mymod_shared} || die "econf failed" + + emake proto || die "emake proto failed" + emake everything || die "emake everything failed" + + if use python ; then + emake python_ext || die "emake python_ext failed" + fi +} + +src_test() { + cd "${S}/source" + emake test || die "tests failed" +} + +src_install() { + cd "${S}/source" + + emake DESTDIR="${D}" install-everything || die "emake install-everything failed" + + # Extra rpctorture progs + local extra_bins="rpctorture" + for i in ${extra_bins} ; do + [[ -x "${S}/bin/${i}" ]] && dobin "${S}/bin/${i}" + done + + # remove .old stuff from /usr/bin: + rm -f "${D}"/usr/bin/*.old + + # Nsswitch extensions. Make link for wins and winbind resolvers + if use winbind ; then + dolib.so nsswitch/libnss_wins.so + dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2 + dolib.so nsswitch/libnss_winbind.so + dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2 + fi + + if use pam ; then + dopammod bin/pam_smbpass.so + use winbind && dopammod bin/pam_winbind.so + fi + + if use kernel_linux ; then + # Warning: this can byte you if /usr is + # on a separate volume and you have to mount + # a smb volume before the local mount + dosym ../usr/bin/smbmount /sbin/mount.smbfs + fperms 4755 /usr/bin/smbmnt + fperms 4755 /usr/bin/smbumount + fi + + # bug #46389: samba doesn't create symlink anymore + # beaviour seems to be changed in 3.0.6, see bug #61046 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so.0 + dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so + + # make the smb backend symlink for cups printing support (bug #133133) + if use cups ; then + dodir $(cups-config --serverbin)/backend + dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb + fi + + if use python ; then + emake DESTDIR="${D}" python_install || die "emake installpython failed" + # We're doing that manually + find "${D}/usr/$(get_libdir)/python${PYVER}/site-packages" -iname "*.pyc" -delete + fi + + cd "${S}/source" + + # General config files + insinto /etc/samba + doins "${CONFDIR}"/{smbusers,lmhosts} + newins "${CONFDIR}/smb.conf.example-samba3" smb.conf.example + + newpamd "${CONFDIR}/samba.pam" samba + use winbind && doins ${CONFDIR}/system-auth-winbind + if use swat ; then + insinto /etc/xinetd.d + newins "${CONFDIR}/swat.xinetd" swat + else + rm -f "${D}/usr/sbin/swat" + rm -f "${D}/usr/share/man/man8/swat.8" + fi + + newinitd "${FILESDIR}/samba-init" samba + newconfd "${FILESDIR}/samba-conf" samba + + if use ldap ; then + insinto /etc/openldap/schema + doins "${S}/examples/LDAP/samba.schema" + fi + + if use ipv6 ; then + insinto /etc/xinetd.d + newins "${FILESDIR}/samba-xinetd" smb + fi + + # dirs + diropts -m0700 ; keepdir ${PRIVATE_DST} + diropts -m1777 ; keepdir /var/spool/samba + + diropts -m0755 + keepdir /var/{log,run,cache}/samba + keepdir /var/lib/samba/{netlogon,profiles} + keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC} + keepdir /usr/$(get_libdir)/samba/{rpc,idmap,auth} + + # docs + dodoc "${FILESDIR}/README.gentoo" + dodoc "${S}"/{README,Roadmap,WHATSNEW.txt} + dodoc "${CONFDIR}/nsswitch.conf-wins" + use winbind && dodoc "${CONFDIR}/nsswitch.conf-winbind" + + if use examples ; then + insinto /usr/share/doc/${PF} + doins -r "${S}/examples/" + find "${D}/usr/share/doc/${PF}" -type d -print0 | xargs -0 chmod 755 + find "${D}/usr/share/doc/${PF}/examples" ! -type d -print0 | xargs -0 chmod 644 + if use python ; then + insinto /usr/share/doc/${PF}/python + doins -r "${S}/source/python/examples" + fi + fi + + if ! use doc ; then + if ! use swat ; then + rm -rf "${D}/usr/share/doc/${PF}/swat" + else + rm -rf "${D}/usr/share/doc/${PF}/swat/help"/{guide,howto,devel} + rm -rf "${D}/usr/share/doc/${PF}/swat/using_samba" + fi + fi + +} + +pkg_preinst() { + local PRIVATE_SRC=/etc/samba/private + if [[ ! -r "${ROOT}/${PRIVATE_DST}/secrets.tdb" \ + && -r "${ROOT}/${PRIVATE_SRC}/secrets.tdb" ]] ; then + ebegin "Copying ${ROOT}/${PRIVATE_SRC}/* to ${ROOT}/${PRIVATE_DST}/" + mkdir -p "${D}/${PRIVATE_DST}" + cp -pPRf "${ROOT}/${PRIVATE_SRC}"/* "${D}/${PRIVATE_DST}/" + eend $? + fi + + if [[ ! -f "${ROOT}/etc/samba/smb.conf" ]] ; then + touch "${D}/etc/samba/smb.conf" + fi +} + +pkg_postinst() { + if use python ; then + python_version + python_mod_optimize /usr/$(get_libdir)/python${PYVER}/site-packages/samba + fi + + if use swat ; then + einfo "swat must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/swat configuration" + fi + + if use ipv6 ; then + einfo "ipv6 support must be enabled by xinetd:" + einfo " change the /etc/xinetd.d/smb configuration" + fi + + elog "It is possible to start/stop daemons seperately:" + elog " Create a symlink from /etc/init.d/samba.{smbd,nmbd,winbind} to" + elog " /etc/init.d/samba. Calling /etc/init.d/samba directly will start" + elog " the daemons configured in /etc/conf.d/samba" + + elog "The mount/umount.cifs helper applications are not included anymore." + elog "Please install net-fs/mount-cifs instead." +} + +pkg_postrm() { + if use python ; then + python_version + python_mod_cleanup /usr/$(get_libdir)/python${PYVER}/site-packages/samba + fi +} |