diff options
author | J0WI <J0WI@users.noreply.github.com> | 2020-07-16 15:57:45 +0200 |
---|---|---|
committer | Rasmus Thomsen <oss@cogitri.dev> | 2020-07-26 16:40:29 +0000 |
commit | b430c8e9b07545e7ad2ecf2a3776a51ce0c28b45 (patch) | |
tree | c879769c852ec26f937245f4c50d96d3fe26a16d | |
parent | 2b15f227ad7ac485e2f015fee75d2eef1825f611 (diff) |
main/samba: upgrade to 4.12.5
-rw-r--r-- | main/samba/APKBUILD | 13 | ||||
-rw-r--r-- | main/samba/posix-bufferlen.patch | 172 |
2 files changed, 182 insertions, 3 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 1f60f6a025b..d3699684488 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba -pkgver=4.12.2 -pkgrel=2 +pkgver=4.12.5 +pkgrel=0 pkgdesc="Tools to access a server's filespace and printers via SMB" url="https://www.samba.org/" arch="all" @@ -88,6 +88,7 @@ source=" musl_rm_unistd_incl.patch add_missing___compar_fn_t.patch pidl.patch + posix-bufferlen.patch $pkgname.initd $pkgname.confd $pkgname.logrotate @@ -95,6 +96,11 @@ source=" pkggroups="winbind" # secfixes: +# 4.12.5-r0: +# - CVE-2020-10730 +# - CVE-2020-10745 +# - CVE-2020-10760 +# - CVE-2020-14303 # 4.12.2-r0: # - CVE-2020-10700 # - CVE-2020-10704 @@ -592,7 +598,7 @@ libs() { "$pkgdir"/usr } -sha512sums="c1d5f62ea2e43c246988aa65c4b690de232f73c0213cbc5d532e43c8cfbea17f1ac92435526b64c9a85c582b29381eecfb57713861efc32f6e6257000c393562 samba-4.12.2.tar.gz +sha512sums="45ef618efaca88fb24e2069edff6bf1e3f27f4bedecbc7899a57d0e4760effeaf9b0f546be1aeeee4f811219cf29a49a122ecc5caf8dc923c42ff9a25c162c2b samba-4.12.5.tar.gz c3e7f2af16f0ed640ae3c71d1f474f17442c5f75e187d4c037c090646157f698aec7d3621e97f40af564426b5b848994ec916ce63268088509694b342a39665a bind-9.14.patch 58de5e79fdfd06e828d478e112d581d333a8bee88d2602b92204d780f0d707b27dd84f8e2e6b00fca40da81c8fe99aa5bcec70d8b393d3a0a83199c72a4aa48b getpwent_r.patch b7906d66fe55a980a54161ee3f311b51bcbce76b8d4c8cc1ba6d0c5bdf98232cb192b9d2c1aa7b3e2742f5b9848c6cf429347940eefe66c3e0eda1d5aac1bf93 musl_uintptr.patch @@ -602,6 +608,7 @@ c0afe8b1dfddc5290c9aa611163d20adc3a546f54bba0081f739cda4255829f1a72bae422b6cb049 9bf4bbc8b03d9ea17d2f8ffeaf3a83541b171936a90bb8d75b08cc5afbdbaaec545c1b3782c90ae2ffc4568ab4e6f15fb21899d80c654a796301e16429c93b65 musl_rm_unistd_incl.patch bc2df70e327fea5dfbd923600225f1448815d842c37d6937dd74eab7f7699d7f52cd7a8e28a61233974649cf86661a0107dce5019d33b71205e4b41bac73f4e2 add_missing___compar_fn_t.patch c0bbe1186b150a9bb2a0b741a8cfbd7a5109e5fed1eaa07aaa38cf026ebe054d38cc01e2496f0cab7b40f743e1b7ecfbf8a4d5820810226c4152021df65f36dc pidl.patch +2064c8b2314adb8ac1fbbea4a122b9dfc19468b039d9af8f948c641878f355a45e10370db4e8025acef6a4619d78c726bbbb3cedd23b3c75adc81c2fbd3bc4f1 posix-bufferlen.patch 96070e2461370437f48571e7de550c13a332fef869480cfe92e7cac73a998f6c2ee85d2580df58211953bebd0e577691aa710c8edddf3ea0f30e9d47d0a2fd44 samba.initd e2b49cb394e758447ca97de155a61b4276499983a0a5c00b44ae621c5559b759a766f8d1c8d3ee98ad5560f4064a847a7a20cfa2e14f85c061bec8b80fd649eb samba.confd 3458a4e1f8a8b44c966afb339b2dca51615be049f594c14911fc4d8203623deee416b6fe881436e246fc7d49c97a2b3bf9c5f33ba774302b24190a1103d6b67d samba.logrotate" diff --git a/main/samba/posix-bufferlen.patch b/main/samba/posix-bufferlen.patch new file mode 100644 index 00000000000..49c809b7e26 --- /dev/null +++ b/main/samba/posix-bufferlen.patch @@ -0,0 +1,172 @@ +From 42ad8c2c4805b825317b8944df1c3cf1c2c3c2cc Mon Sep 17 00:00:00 2001 +From: Martin Schwenke <martin@meltin.net> +Date: Tue, 9 Jun 2020 11:52:50 +1000 +Subject: [PATCH] util: Simplify input validation + +It appears that snprintf(3) is being used for input validation. +However, this seems like overkill because it causes szPath to be +copied an extra time. The mostly likely protections being sought +here, according to https://cwe.mitre.org/data/definitions/20.html, +look to be DoS attacks involving CPU and memory usage. A simpler +check that uses strnlen(3) can mitigate against both of these and is +simpler. + +Signed-off-by: Martin Schwenke <martin@meltin.net> +Reviewed-by: Volker Lendecke <vl@samba.org> +Reviewed-by: Bjoern Jacke <bjacke@samba.org> +(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229) +--- + lib/util/util_paths.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index c0ee5c32c30..dec91772d9e 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -69,21 +69,20 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; + char buf[NSS_BUFLEN_PASSWD] = {0}; ++ size_t len; + int rc; + + rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { +- int len_written; + const char *szPath = getenv("HOME"); + if (szPath == NULL) { + return NULL; + } +- len_written = snprintf(buf, sizeof(buf), "%s", szPath); +- if (len_written >= sizeof(buf) || len_written < 0) { +- /* Output was truncated or an error. */ ++ len = strnlen(szPath, PATH_MAX); ++ if (len >= PATH_MAX) { + return NULL; + } +- return talloc_strdup(mem_ctx, buf); ++ return talloc_strdup(mem_ctx, szPath); + } + + return talloc_strdup(mem_ctx, pwd.pw_dir); +-- +GitLab + +From 581b581700c967d38bcbb8d81767a7dfdfe68147 Mon Sep 17 00:00:00 2001 +From: Martin Schwenke <martin@meltin.net> +Date: Fri, 5 Jun 2020 21:52:23 +1000 +Subject: [PATCH] util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD + +NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use +sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX. + +Use a dynamically allocated buffer instead of trying to cram all of +the logic into the declarations. This will come in useful later +anyway. + +Signed-off-by: Martin Schwenke <martin@meltin.net> +Reviewed-by: Volker Lendecke <vl@samba.org> +Reviewed-by: Bjoern Jacke <bjacke@samba.org> +(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b) +--- + lib/util/util_paths.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index dec91772d9e..9bc6df37e5d 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -68,24 +68,41 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + { + struct passwd pwd = {0}; + struct passwd *pwdbuf = NULL; +- char buf[NSS_BUFLEN_PASSWD] = {0}; ++ char *buf = NULL; ++ char *out = NULL; ++ long int initlen; + size_t len; + int rc; + +- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); ++ initlen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ if (initlen == -1) { ++ len = 1024; ++ } else { ++ len = (size_t)initlen; ++ } ++ buf = talloc_size(mem_ctx, len); ++ if (buf == NULL) { ++ return NULL; ++ } ++ ++ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); + if (rc != 0 || pwdbuf == NULL ) { + const char *szPath = getenv("HOME"); + if (szPath == NULL) { +- return NULL; ++ goto done; + } + len = strnlen(szPath, PATH_MAX); + if (len >= PATH_MAX) { + return NULL; + } +- return talloc_strdup(mem_ctx, szPath); ++ out = talloc_strdup(mem_ctx, szPath); ++ goto done; + } + +- return talloc_strdup(mem_ctx, pwd.pw_dir); ++ out = talloc_strdup(mem_ctx, pwd.pw_dir); ++done: ++ TALLOC_FREE(buf); ++ return out; + } + + char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d) +-- +GitLab + +From 8cffe254eda6c7ae843d79610eacb9a1020ef01a Mon Sep 17 00:00:00 2001 +From: Martin Schwenke <martin@meltin.net> +Date: Fri, 5 Jun 2020 22:05:42 +1000 +Subject: [PATCH] util: Reallocate larger buffer if getpwuid_r() returns ERANGE + +Signed-off-by: Martin Schwenke <martin@meltin.net> +Reviewed-by: Volker Lendecke <vl@samba.org> +Reviewed-by: Bjoern Jacke <bjacke@samba.org> + +Autobuild-User(master): Martin Schwenke <martins@samba.org> +Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184 + +(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c) +--- + lib/util/util_paths.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c +index 9bc6df37e5d..72cc0aab8de 100644 +--- a/lib/util/util_paths.c ++++ b/lib/util/util_paths.c +@@ -86,6 +86,19 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) + } + + rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); ++ while (rc == ERANGE) { ++ size_t newlen = 2 * len; ++ if (newlen < len) { ++ /* Overflow */ ++ goto done; ++ } ++ len = newlen; ++ buf = talloc_realloc_size(mem_ctx, buf, len); ++ if (buf == NULL) { ++ goto done; ++ } ++ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf); ++ } + if (rc != 0 || pwdbuf == NULL ) { + const char *szPath = getenv("HOME"); + if (szPath == NULL) { +-- +GitLab + |