main/samba: upgrade to 4.12.5

author: J0WI <J0WI@users.noreply.github.com> 2020-07-16 15:57:45 +0200
committer: Rasmus Thomsen <oss@cogitri.dev> 2020-07-26 16:40:29 +0000
commit: b430c8e9b07545e7ad2ecf2a3776a51ce0c28b45 (patch)
tree: c879769c852ec26f937245f4c50d96d3fe26a16d
parent: 2b15f227ad7ac485e2f015fee75d2eef1825f611 (diff)
2 files changed, 182 insertions, 3 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD
index 1f60f6a025b..d3699684488 100644
--- a/main/samba/APKBUILD
+++ b/main/samba/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=samba
-pkgver=4.12.2
-pkgrel=2
+pkgver=4.12.5
+pkgrel=0
 pkgdesc="Tools to access a server's filespace and printers via SMB"
 url="https://www.samba.org/"
 arch="all"
@@ -88,6 +88,7 @@ source="
 	musl_rm_unistd_incl.patch
 	add_missing___compar_fn_t.patch
 	pidl.patch
+	posix-bufferlen.patch
 	$pkgname.initd
 	$pkgname.confd
 	$pkgname.logrotate
@@ -95,6 +96,11 @@ source="
 pkggroups="winbind"
 
 # secfixes:
+#   4.12.5-r0:
+#     - CVE-2020-10730
+#     - CVE-2020-10745
+#     - CVE-2020-10760
+#     - CVE-2020-14303
 #   4.12.2-r0:
 #     - CVE-2020-10700
 #     - CVE-2020-10704
@@ -592,7 +598,7 @@ libs() {
 		"$pkgdir"/usr
 }
 
-sha512sums="c1d5f62ea2e43c246988aa65c4b690de232f73c0213cbc5d532e43c8cfbea17f1ac92435526b64c9a85c582b29381eecfb57713861efc32f6e6257000c393562  samba-4.12.2.tar.gz
+sha512sums="45ef618efaca88fb24e2069edff6bf1e3f27f4bedecbc7899a57d0e4760effeaf9b0f546be1aeeee4f811219cf29a49a122ecc5caf8dc923c42ff9a25c162c2b  samba-4.12.5.tar.gz
 c3e7f2af16f0ed640ae3c71d1f474f17442c5f75e187d4c037c090646157f698aec7d3621e97f40af564426b5b848994ec916ce63268088509694b342a39665a  bind-9.14.patch
 58de5e79fdfd06e828d478e112d581d333a8bee88d2602b92204d780f0d707b27dd84f8e2e6b00fca40da81c8fe99aa5bcec70d8b393d3a0a83199c72a4aa48b  getpwent_r.patch
 b7906d66fe55a980a54161ee3f311b51bcbce76b8d4c8cc1ba6d0c5bdf98232cb192b9d2c1aa7b3e2742f5b9848c6cf429347940eefe66c3e0eda1d5aac1bf93  musl_uintptr.patch
@@ -602,6 +608,7 @@ c0afe8b1dfddc5290c9aa611163d20adc3a546f54bba0081f739cda4255829f1a72bae422b6cb049
 9bf4bbc8b03d9ea17d2f8ffeaf3a83541b171936a90bb8d75b08cc5afbdbaaec545c1b3782c90ae2ffc4568ab4e6f15fb21899d80c654a796301e16429c93b65  musl_rm_unistd_incl.patch
 bc2df70e327fea5dfbd923600225f1448815d842c37d6937dd74eab7f7699d7f52cd7a8e28a61233974649cf86661a0107dce5019d33b71205e4b41bac73f4e2  add_missing___compar_fn_t.patch
 c0bbe1186b150a9bb2a0b741a8cfbd7a5109e5fed1eaa07aaa38cf026ebe054d38cc01e2496f0cab7b40f743e1b7ecfbf8a4d5820810226c4152021df65f36dc  pidl.patch
+2064c8b2314adb8ac1fbbea4a122b9dfc19468b039d9af8f948c641878f355a45e10370db4e8025acef6a4619d78c726bbbb3cedd23b3c75adc81c2fbd3bc4f1  posix-bufferlen.patch
 96070e2461370437f48571e7de550c13a332fef869480cfe92e7cac73a998f6c2ee85d2580df58211953bebd0e577691aa710c8edddf3ea0f30e9d47d0a2fd44  samba.initd
 e2b49cb394e758447ca97de155a61b4276499983a0a5c00b44ae621c5559b759a766f8d1c8d3ee98ad5560f4064a847a7a20cfa2e14f85c061bec8b80fd649eb  samba.confd
 3458a4e1f8a8b44c966afb339b2dca51615be049f594c14911fc4d8203623deee416b6fe881436e246fc7d49c97a2b3bf9c5f33ba774302b24190a1103d6b67d  samba.logrotate"
diff --git a/main/samba/posix-bufferlen.patch b/main/samba/posix-bufferlen.patch
new file mode 100644
index 00000000000..49c809b7e26
--- /dev/null
+++ b/main/samba/posix-bufferlen.patch
@@ -0,0 +1,172 @@
+From 42ad8c2c4805b825317b8944df1c3cf1c2c3c2cc Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Tue, 9 Jun 2020 11:52:50 +1000
+Subject: [PATCH] util: Simplify input validation
+
+It appears that snprintf(3) is being used for input validation.
+However, this seems like overkill because it causes szPath to be
+copied an extra time.  The mostly likely protections being sought
+here, according to https://cwe.mitre.org/data/definitions/20.html,
+look to be DoS attacks involving CPU and memory usage.  A simpler
+check that uses strnlen(3) can mitigate against both of these and is
+simpler.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Bjoern Jacke <bjacke@samba.org>
+(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229)
+---
+ lib/util/util_paths.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
+index c0ee5c32c30..dec91772d9e 100644
+--- a/lib/util/util_paths.c
++++ b/lib/util/util_paths.c
+@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ 	struct passwd pwd = {0};
+ 	struct passwd *pwdbuf = NULL;
+ 	char buf[NSS_BUFLEN_PASSWD] = {0};
++	size_t len;
+ 	int rc;
+ 
+ 	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ 	if (rc != 0 || pwdbuf == NULL ) {
+-		int len_written;
+ 		const char *szPath = getenv("HOME");
+ 		if (szPath == NULL) {
+ 			return NULL;
+ 		}
+-		len_written = snprintf(buf, sizeof(buf), "%s", szPath);
+-		if (len_written >= sizeof(buf) || len_written < 0) {
+-			/* Output was truncated or an error. */
++		len = strnlen(szPath, PATH_MAX);
++		if (len >= PATH_MAX) {
+ 			return NULL;
+ 		}
+-		return talloc_strdup(mem_ctx, buf);
++		return talloc_strdup(mem_ctx, szPath);
+ 	}
+ 
+ 	return talloc_strdup(mem_ctx, pwd.pw_dir);
+-- 
+GitLab
+
+From 581b581700c967d38bcbb8d81767a7dfdfe68147 Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Fri, 5 Jun 2020 21:52:23 +1000
+Subject: [PATCH] util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
+
+NSS_BUFLEN_PASSWD is not defined on FreeBSD.  Use
+sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
+
+Use a dynamically allocated buffer instead of trying to cram all of
+the logic into the declarations.  This will come in useful later
+anyway.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Bjoern Jacke <bjacke@samba.org>
+(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b)
+---
+ lib/util/util_paths.c | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
+index dec91772d9e..9bc6df37e5d 100644
+--- a/lib/util/util_paths.c
++++ b/lib/util/util_paths.c
+@@ -68,24 +68,41 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ {
+ 	struct passwd pwd = {0};
+ 	struct passwd *pwdbuf = NULL;
+-	char buf[NSS_BUFLEN_PASSWD] = {0};
++	char *buf = NULL;
++	char *out = NULL;
++	long int initlen;
+ 	size_t len;
+ 	int rc;
+ 
+-	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
++	initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
++	if (initlen == -1) {
++		len = 1024;
++	} else {
++		len = (size_t)initlen;
++	}
++	buf = talloc_size(mem_ctx, len);
++	if (buf == NULL) {
++		return NULL;
++	}
++
++	rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ 	if (rc != 0 || pwdbuf == NULL ) {
+ 		const char *szPath = getenv("HOME");
+ 		if (szPath == NULL) {
+-			return NULL;
++			goto done;
+ 		}
+ 		len = strnlen(szPath, PATH_MAX);
+ 		if (len >= PATH_MAX) {
+ 			return NULL;
+ 		}
+-		return talloc_strdup(mem_ctx, szPath);
++		out = talloc_strdup(mem_ctx, szPath);
++		goto done;
+ 	}
+ 
+-	return talloc_strdup(mem_ctx, pwd.pw_dir);
++	out = talloc_strdup(mem_ctx, pwd.pw_dir);
++done:
++	TALLOC_FREE(buf);
++	return out;
+ }
+ 
+ char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
+-- 
+GitLab
+
+From 8cffe254eda6c7ae843d79610eacb9a1020ef01a Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Fri, 5 Jun 2020 22:05:42 +1000
+Subject: [PATCH] util: Reallocate larger buffer if getpwuid_r() returns ERANGE
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Bjoern Jacke <bjacke@samba.org>
+
+Autobuild-User(master): Martin Schwenke <martins@samba.org>
+Autobuild-Date(master): Tue Jun  9 21:07:24 UTC 2020 on sn-devel-184
+
+(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)
+---
+ lib/util/util_paths.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
+index 9bc6df37e5d..72cc0aab8de 100644
+--- a/lib/util/util_paths.c
++++ b/lib/util/util_paths.c
+@@ -86,6 +86,19 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+ 	}
+ 
+ 	rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
++	while (rc == ERANGE) {
++		size_t newlen = 2 * len;
++		if (newlen < len) {
++			/* Overflow */
++			goto done;
++		}
++		len = newlen;
++		buf = talloc_realloc_size(mem_ctx, buf, len);
++		if (buf == NULL) {
++			goto done;
++		}
++		rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
++	}
+ 	if (rc != 0 || pwdbuf == NULL ) {
+ 		const char *szPath = getenv("HOME");
+ 		if (szPath == NULL) {
+-- 
+GitLab
+
author	J0WI <J0WI@users.noreply.github.com>	2020-07-16 15:57:45 +0200
committer	Rasmus Thomsen <oss@cogitri.dev>	2020-07-26 16:40:29 +0000
commit	b430c8e9b07545e7ad2ecf2a3776a51ce0c28b45 (patch)
tree	c879769c852ec26f937245f4c50d96d3fe26a16d
parent	2b15f227ad7ac485e2f015fee75d2eef1825f611 (diff)