pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q1]: pkgsrc/net/samba Pullup ticket #2403 - requested by d...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e3c7a143ab06
branches:  pkgsrc-2008Q1
changeset: 540384:e3c7a143ab06
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu May 29 14:14:53 2008 +0000

description:
Pullup ticket #2403 - requested by drochner
Security patch for samba

Revisions pulled up:
- net/samba/Makefile            1.182
- net/samba/distinfo            1.62
- net/samba/patches/patch-ea    1.1
- net/samba/patches/patch-eb    1.1
- net/samba/patches/patch-ec    1.1
- net/samba/patches/patch-ed    1.1
- net/samba/patches/patch-ee    1.1
- net/samba/patches/patch-ef    1.1
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Wed May 28 15:39:55 UTC 2008

    Modified Files:
        pkgsrc/net/samba: Makefile distinfo
    Added Files:
        pkgsrc/net/samba/patches: patch-ea patch-eb patch-ec patch-ed patch-ee
            patch-ef

    Log Message:
    add patches from redhat bugzilla (#446724) to fix CVE-2008-1105
    (heap buffer overflow in client code)
    bump PKGREVISION

diffstat:

 net/samba/Makefile         |   3 +-
 net/samba/distinfo         |   8 ++++-
 net/samba/patches/patch-ea |  13 ++++++++
 net/samba/patches/patch-eb |  13 ++++++++
 net/samba/patches/patch-ec |  68 ++++++++++++++++++++++++++++++++++++++++++++++
 net/samba/patches/patch-ed |  38 +++++++++++++++++++++++++
 net/samba/patches/patch-ee |  14 +++++++++
 net/samba/patches/patch-ef |  22 ++++++++++++++
 8 files changed, 177 insertions(+), 2 deletions(-)

diffs (225 lines):

diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/Makefile
--- a/net/samba/Makefile        Tue May 27 13:29:33 2008 +0000
+++ b/net/samba/Makefile        Thu May 29 14:14:53 2008 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.180 2008/04/03 20:19:42 jlam Exp $
+# $NetBSD: Makefile,v 1.180.2.1 2008/05/29 14:14:53 tron Exp $
 
 .include "Makefile.mirrors"
 
 DISTNAME=              samba-${VERSION}
+PKGREVISION=           1
 CATEGORIES=            net
 MASTER_SITES=          ${SAMBA_MIRRORS:=old-versions/}
 
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/distinfo
--- a/net/samba/distinfo        Tue May 27 13:29:33 2008 +0000
+++ b/net/samba/distinfo        Thu May 29 14:14:53 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.61 2008/04/03 20:19:42 jlam Exp $
+$NetBSD: distinfo,v 1.61.2.1 2008/05/29 14:14:53 tron Exp $
 
 SHA1 (samba-3.0.28a.tar.gz) = b4829b133af3865f6518bae14af4d989b6f1c31a
 RMD160 (samba-3.0.28a.tar.gz) = 646680c49fd56d98430d325884a5911d406e13be
@@ -40,3 +40,9 @@
 SHA1 (patch-ch) = 3c4c404519154e294cee134ddb4d2b9c7d8e02a2
 SHA1 (patch-da) = 2dddd250b2207d658b02ff43b46199ce4305b7f8
 SHA1 (patch-db) = a43800408fae9bc2bfdd0db4d481dda6b936778b
+SHA1 (patch-ea) = 22ca7f088703ad11ba92b61afdf79b2b9cb0fd16
+SHA1 (patch-eb) = ee8b9e5daa2611e21eb9767fcdbabcbf779112de
+SHA1 (patch-ec) = bee1ce2c1ad1e7a98dff053774bb8aee00411389
+SHA1 (patch-ed) = cdeae921837f36ae87aba1b6a8a7d1ebdc84ae9c
+SHA1 (patch-ee) = 89ce3342fe7f0d83f738f4450f84ec91e7fed276
+SHA1 (patch-ef) = f15af3dfd6c8894713fe7e435a458b4a43c84035
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-ea
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-ea        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ea,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- client/client.c.orig       2008-03-08 16:56:26.000000000 +0100
++++ client/client.c
+@@ -3626,7 +3626,7 @@ static void readline_callback(void)
+          session keepalives and then drop them here.
+       */
+       if (FD_ISSET(cli->fd,&fds)) {
+-              if (!receive_smb(cli->fd,cli->inbuf,0)) {
++              if (!receive_smb(cli->fd,cli->inbuf,cli->bufsize,0)) {
+                       DEBUG(0, ("Read from server failed, maybe it closed the "
+                               "connection\n"));
+                       return;
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-eb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-eb        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-eb,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- client/smbctool.c.orig     2008-03-08 16:33:34.000000000 +0100
++++ client/smbctool.c
+@@ -3304,7 +3304,7 @@ static void readline_callback(void)
+          session keepalives and then drop them here.
+       */
+       if (FD_ISSET(cli->fd,&fds)) {
+-              receive_smb(cli->fd,cli->inbuf,0);
++              receive_smb(cli->fd,cli->inbuf,cli->bufsize,0);
+               goto again;
+       }
+         
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-ec
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-ec        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,68 @@
+$NetBSD: patch-ec,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- lib/util_sock.c.orig       2008-03-08 16:33:34.000000000 +0100
++++ lib/util_sock.c
+@@ -654,14 +654,13 @@ ssize_t read_smb_length(int fd, char *in
+ }
+ 
+ /****************************************************************************
+- Read an smb from a fd. Note that the buffer *MUST* be of size
+- BUFFER_SIZE+SAFETY_MARGIN.
++ Read an smb from a fd. 
+  The timeout is in milliseconds. 
+  This function will return on receipt of a session keepalive packet.
+  Doesn't check the MAC on signed packets.
+ ****************************************************************************/
+ 
+-BOOL receive_smb_raw(int fd, char *buffer, unsigned int timeout)
++BOOL receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout)
+ {
+       ssize_t len,ret;
+ 
+@@ -682,25 +681,18 @@ BOOL receive_smb_raw(int fd, char *buffe
+               return False;
+       }
+ 
+-      /*
+-       * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
+-       * of header. Don't print the error if this fits.... JRA.
+-       */
+-
+-      if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
++      if (len > buflen) {
+               DEBUG(0,("Invalid packet length! (%lu bytes).\n",(unsigned long)len));
+-              if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
+ 
+-                      /*
+-                       * Correct fix. smb_read_error may have already been
+-                       * set. Only set it here if not already set. Global
+-                       * variables still suck :-). JRA.
+-                       */
++              /*
++               * smb_read_error may have already been
++               * set. Only set it here if not already set. Global
++               * variables still suck :-). JRA.
++               */
+ 
+-                      if (smb_read_error == 0)
+-                              smb_read_error = READ_ERROR;
+-                      return False;
+-              }
++              if (smb_read_error == 0)
++                      smb_read_error = READ_ERROR;
++              return False;
+       }
+ 
+       if(len > 0) {
+@@ -730,9 +722,9 @@ BOOL receive_smb_raw(int fd, char *buffe
+  Checks the MAC on signed packets.
+ ****************************************************************************/
+ 
+-BOOL receive_smb(int fd, char *buffer, unsigned int timeout)
++BOOL receive_smb(int fd, char *buffer, size_t buflen, unsigned int timeout)
+ {
+-      if (!receive_smb_raw(fd, buffer, timeout)) {
++      if (!receive_smb_raw(fd, buffer, buflen, timeout)) {
+               return False;
+       }
+ 
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-ed
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-ed        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,38 @@
+$NetBSD: patch-ed,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- libsmb/clientgen.c.orig    2008-03-08 16:33:35.000000000 +0100
++++ libsmb/clientgen.c
+@@ -44,8 +44,7 @@ int cli_set_port(struct cli_state *cli, 
+ }
+ 
+ /****************************************************************************
+- Read an smb from a fd ignoring all keepalive packets. Note that the buffer 
+- *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
++ Read an smb from a fd ignoring all keepalive packets.
+  The timeout is in milliseconds
+ 
+  This is exactly the same as receive_smb except that it never returns
+@@ -54,12 +53,12 @@ int cli_set_port(struct cli_state *cli, 
+  should never go into a blocking read.
+ ****************************************************************************/
+ 
+-static BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
++static BOOL client_receive_smb(int fd,char *buffer, size_t bufsize, unsigned int timeout)
+ {
+       BOOL ret;
+ 
+       for(;;) {
+-              ret = receive_smb_raw(fd, buffer, timeout);
++              ret = receive_smb_raw(fd, buffer, bufsize, timeout);
+ 
+               if (!ret) {
+                       DEBUG(10,("client_receive_smb failed\n"));
+@@ -88,7 +87,7 @@ BOOL cli_receive_smb(struct cli_state *c
+               return False; 
+ 
+  again:
+-      ret = client_receive_smb(cli->fd,cli->inbuf,cli->timeout);
++      ret = client_receive_smb(cli->fd,cli->inbuf, cli->bufsize, cli->timeout);
+       
+       if (ret) {
+               /* it might be an oplock break request */
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-ee
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-ee        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ee,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- smbd/process.c.orig        2008-03-08 16:33:36.000000000 +0100
++++ smbd/process.c
+@@ -521,7 +521,8 @@ static BOOL receive_message_or_smb(char 
+               goto again;
+       }
+ 
+-      return receive_smb(smbd_server_fd(), buffer, 0);
++      return receive_smb(smbd_server_fd(), buffer,
++                      BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE, 0);
+ }
+ 
+ /*
diff -r ac6db68b1858 -r e3c7a143ab06 net/samba/patches/patch-ef
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba/patches/patch-ef        Thu May 29 14:14:53 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ef,v 1.1.2.2 2008/05/29 14:14:53 tron Exp $
+
+--- utils/smbfilter.c.orig     2008-03-08 16:33:37.000000000 +0100
++++ utils/smbfilter.c
+@@ -140,7 +140,7 @@ static void filter_child(int c, struct i
+               if (num <= 0) continue;
+               
+               if (c != -1 && FD_ISSET(c, &fds)) {
+-                      if (!receive_smb(c, packet, 0)) {
++                      if (!receive_smb(c, packet, BUFFER_SIZE, 0)) {
+                               d_printf("client closed connection\n");
+                               exit(0);
+                       }
+@@ -151,7 +151,7 @@ static void filter_child(int c, struct i
+                       }                       
+               }
+               if (s != -1 && FD_ISSET(s, &fds)) {
+-                      if (!receive_smb(s, packet, 0)) {
++                      if (!receive_smb(s, packet, BUFFER_SIZE, 0)) {
+                               d_printf("server closed connection\n");
+                               exit(0);
+                       }



Home | Main Index | Thread Index | Old Index