Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/net/samba
From: Matthias Scheler
Date: 2013-08-12 14:20:19
Message id: 20130812122019.2F03B96@cvs.netbsd.org

Log Message:
Pullup ticket #4207 - requested by taca
net/samba: security update

Revisions pulled up:
- net/samba/Makefile                                            1.235,1.237
- net/samba/Makefile.mirrors                                    1.10
- net/samba/PLIST                                               1.54
- net/samba/distinfo                                            1.91-1.92
- net/samba/patches/patch-ac                                    1.15
- net/samba/patches/patch-ad                                    1.19
- net/samba/patches/patch-ae                                    1.11
- net/samba/patches/patch-af                                    1.12
- net/samba/patches/patch-ah                                    1.7
- net/samba/patches/patch-ai                                    1.7
- net/samba/patches/patch-aj                                    1.7
- net/samba/patches/patch-ak                                    1.6
- net/samba/patches/patch-an                                    1.4
- net/samba/patches/patch-ao                                    1.4
- net/samba/patches/patch-aq                                    1.4
- net/samba/patches/patch-as                                    1.4
- net/samba/patches/patch-av                                    1.5
- net/samba/patches/patch-aw                                    1.4
- net/samba/patches/patch-ba                                    1.11
- net/samba/patches/patch-bb                                    1.5
- net/samba/patches/patch-bf                                    1.6

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Jul  3 20:00:48 UTC 2013

   Modified Files:
   	pkgsrc/net/samba: Makefile PLIST distinfo
   	pkgsrc/net/samba/patches: patch-bf

   Log Message:
   Changes 3.6.16:
   * BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent.
   * BUG 9722: Properly handle Oplock breaks in compound requests.
   * BUG 9822: Fix crash bug during Win8 sync.
   * BUG 9927: errno gets overwritten in call to check_parent_exists().
   * BUG 8997: Change libreplace GPL source to LGPL.
   * BUG 9900: is_printer_published GUID retrieval.
   * BUG 9941: Fix a bug of drvupgrade of smbcontrol.
   * BUG 9868: Don't know how to make LIBNDR_PREG_OBJ.
   * BUG 9688: Remove "experimental" label on "max \ 
protocol=SMB2" parameter.
   * BUG 9881: Check for system libtevent.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Thu Jul  4 19:31:10 UTC 2013

   Modified Files:
   	pkgsrc/net/samba: Makefile.mirrors

   Log Message:
   Fix URL.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Aug 12 02:45:55 UTC 2013

   Modified Files:
   	pkgsrc/net/samba: Makefile distinfo
   	pkgsrc/net/samba/patches: patch-ac patch-ad patch-ae patch-af patch-ah
   	    patch-ai patch-aj patch-ak patch-an patch-ao patch-aq patch-as
   	    patch-av patch-aw patch-ba patch-bb

   Log Message:
   Update samba to 3.6.17, security release.

                      ==============================
                      Release Notes for Samba 3.6.17
                             August 05, 2013
                      ==============================

   This is a security release in order to address
   CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
   server to loop with DOS).

   o  CVE-2013-4124:
      All current released versions of Samba are vulnerable to a denial of
      service on an authenticated or guest connection. A malformed packet
      can cause the smbd server to loop the CPU performing memory
      allocations and preventing any further service.

      A connection to a file share, or a local account is needed to exploit
      this problem, either authenticated or unauthenticated if guest
      connections are allowed.

      This flaw is not exploitable beyond causing the code to loop
      allocating memory, which may cause the machine to exceed memory
      limits.

   Changes since 3.6.16:
   ---------------------

   o   Jeremy Allison <jra@samba.org>
       * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
         reading can cause server to loop with DOS.

Files:
RevisionActionfile
1.234.2.1modifypkgsrc/net/samba/Makefile
1.9.12.1modifypkgsrc/net/samba/Makefile.mirrors
1.53.2.1modifypkgsrc/net/samba/PLIST
1.90.2.1modifypkgsrc/net/samba/distinfo
1.14.14.1modifypkgsrc/net/samba/patches/patch-ac
1.18.14.1modifypkgsrc/net/samba/patches/patch-ad
1.10.14.1modifypkgsrc/net/samba/patches/patch-ae
1.11.6.1modifypkgsrc/net/samba/patches/patch-af
1.6.14.1modifypkgsrc/net/samba/patches/patch-ah
1.6.14.1modifypkgsrc/net/samba/patches/patch-ai
1.6.14.1modifypkgsrc/net/samba/patches/patch-aj
1.5.14.1modifypkgsrc/net/samba/patches/patch-ak
1.3.14.1modifypkgsrc/net/samba/patches/patch-an
1.3.14.1modifypkgsrc/net/samba/patches/patch-ao
1.3.14.1modifypkgsrc/net/samba/patches/patch-aq
1.3.14.1modifypkgsrc/net/samba/patches/patch-as
1.4.14.1modifypkgsrc/net/samba/patches/patch-av
1.3.14.1modifypkgsrc/net/samba/patches/patch-aw
1.10.14.1modifypkgsrc/net/samba/patches/patch-ba
1.4.14.1modifypkgsrc/net/samba/patches/patch-bb
1.5.14.1modifypkgsrc/net/samba/patches/patch-bf