File: [cvs.NetBSD.org] / pkgsrc / net / samba33 / patches / Attic / patch-af (download)
Revision 1.1.1.1.12.1, Wed Jul 27 06:38:30 2011 UTC (12 years, 8 months ago) by sbd
Branch: pkgsrc-2011Q2
Changes since 1.1.1.1: +42 -38
lines
Pullup ticket #3479 - requested by taca
net/samba33 security update.
Revisions pulled up:
- net/samba33/Makefile 1.15
- net/samba33/distinfo 1.7
- net/samba33/patches/patch-af 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 27 00:53:37 UTC 2011
Modified Files:
pkgsrc/net/samba33: Makefile distinfo
pkgsrc/net/samba33/patches: patch-af
Log Message:
Update samba33 package to 3.3.16; security fix for swat.
==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.3.15
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
|
$NetBSD: patch-af,v 1.1.1.1.12.1 2011/07/27 06:38:30 sbd Exp $
--- configure.orig 2011-07-24 19:11:21.000000000 +0000
+++ configure
@@ -857,6 +857,7 @@ with_fhs
with_privatedir
with_rootsbindir
with_lockdir
+with_statedir
with_piddir
with_swatdir
with_configdir
@@ -1584,6 +1585,8 @@ Optional Packages:
($ac_default_prefix/sbin)
--with-lockdir=DIR Where to put lock files
($ac_default_prefix/var/locks)
+ --with-statedir=DIR Where to put state files
+ ($ac_default_prefix/var/locks)
--with-piddir=DIR Where to put pid files
($ac_default_prefix/var/locks)
--with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)
@@ -2989,6 +2992,7 @@ echo "LIBREPLACE_LOCATION_CHECKS: END"
rootsbindir="\${SBINDIR}"
lockdir="\${VARDIR}/locks"
+statedir="\${VARDIR}/locks"
piddir="\${VARDIR}/locks"
test "${mandir}" || mandir="\${prefix}/man"
logfilebase="\${VARDIR}"
@@ -3008,7 +3012,7 @@ localedir="\${prefix}/share/locale"
if test "${with_fhs+set}" = set; then :
withval=$with_fhs; case "$withval" in
yes)
- lockdir="\${VARDIR}/lib/samba"
+ lockdir="\${VARDIR}/run/samba"
piddir="\${VARDIR}/run"
mandir="\${prefix}/share/man"
logfilebase="\${VARDIR}/log/samba"
@@ -3018,8 +3022,8 @@ if test "${with_fhs+set}" = set; then :
configdir="\${sysconfdir}/samba"
swatdir="\${DATADIR}/samba/swat"
codepagedir="\${MODULESDIR}"
- statedir="\${VARDIR}/lib/samba"
- cachedir="\${VARDIR}/lib/samba"
+ statedir="\${VARDIR}/db/samba"
+ cachedir="\${VARDIR}/db/samba"
$as_echo "#define FHS_COMPATIBLE 1" >>confdefs.h
@@ -3089,6 +3093,26 @@ fi
#################################################
+# set state directory location
+
+# Check whether --with-statedir was given.
+if test "${with_statedir+set}" = set; then
+ withval=$with_statedir; case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ { $as_echo "$as_me:$LINENO: WARNING: --with-statedir called without argument - will use default" >&5
+$as_echo "$as_me: WARNING: --with-statedir called without argument - will use default" >&2;}
+ ;;
+ * )
+ statedir="$withval"
+ ;;
+ esac
+fi
+
+
+#################################################
# set pid directory location
# Check whether --with-piddir was given.
@@ -14426,7 +14450,7 @@ _ACEOF
fi
done
-for ac_func in getdents getdents64
+for ac_func in getdents getdents64 getpwent_r
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -23165,9 +23189,9 @@ LIBS="-lcrypto $KRB5_LIBS $LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_set_key in -lcrypto" >&5
-$as_echo_n "checking for des_set_key in -lcrypto... " >&6; }
-if test "${ac_cv_lib_ext_crypto_des_set_key+set}" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_des_cbc in -lcrypto" >&5
+$as_echo_n "checking for EVP_des_cbc in -lcrypto... " >&6; }
+if test "${ac_cv_lib_ext_crypto_EVP_des_cbc+set}" = set; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -23179,31 +23203,31 @@ else
#ifdef __cplusplus
extern "C"
#endif
-char des_set_key ();
+char EVP_des_cbc ();
int
main ()
{
-return des_set_key ();
+return EVP_des_cbc ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_ext_crypto_des_set_key=yes;
+ ac_cv_lib_ext_crypto_EVP_des_cbc=yes;
ac_cv_lib_ext_crypto=yes
else
- ac_cv_lib_ext_crypto_des_set_key=no;
+ ac_cv_lib_ext_crypto_EVP_des_cbc=no;
ac_cv_lib_ext_crypto=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_des_set_key" >&5
-$as_echo "$ac_cv_lib_ext_crypto_des_set_key" >&6; }
- if test $ac_cv_lib_ext_crypto_des_set_key = yes; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_EVP_des_cbc" >&5
+$as_echo "$ac_cv_lib_ext_crypto_EVP_des_cbc" >&6; }
+ if test $ac_cv_lib_ext_crypto_EVP_des_cbc = yes; then :
cat >>confdefs.h <<_ACEOF
-#define HAVE_DES_SET_KEY 1
+#define HAVE_EVP_DES_CBC 1
_ACEOF
fi
@@ -32397,31 +32421,39 @@ case "$host_os" in
NSSSONAMEVERSIONSUFFIX=".2"
WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
;;
- *freebsd[5-9]*)
- # FreeBSD winbind client is implemented as a wrapper around
- # the Linux version.
- NSSSONAMEVERSIONSUFFIX=".1"
- WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
- nsswitch/winbind_nss_linux.o"
- WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
- WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
- ;;
-
- *netbsd*[3-9]*)
- # NetBSD winbind client is implemented as a wrapper
- # around the Linux version. It needs getpwent_r() to
- # indicate libc's use of the correct nsdispatch API.
- #
- if test x"$ac_cv_func_getpwent_r" = x"yes"; then
- WINBIND_NSS_EXTRA_OBJS="\
- nsswitch/winbind_nss_netbsd.o \
+ *freebsd*)
+ case "$UNAME_R" in
+ [5-9]*)
+ # FreeBSD winbind client is implemented as a wrapper
+ # around the Linux version.
+ NSSSONAMEVERSIONSUFFIX=".1"
+ WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_freebsd.o \
nsswitch/winbind_nss_linux.o"
WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
- else
- HAVE_WINBIND=no
- winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported"
- fi
+ ;;
+ esac
+ ;;
+
+ *netbsd*)
+ case "$UNAME_R" in
+ [3-9]*)
+ # NetBSD winbind client is implemented as a wrapper
+ # around the Linux version. It needs getpwent_r() to
+ # indicate libc's use of the correct nsdispatch API.
+ #
+ if test x"$ac_cv_func_getpwent_r" = x"yes"; then
+ WINBIND_NSS_EXTRA_OBJS="\
+ nsswitch/winbind_nss_netbsd.o \
+ nsswitch/winbind_nss_linux.o"
+ WINBIND_NSS="nsswitch/nss_winbind.$SHLIBEXT"
+ WINBIND_WINS_NSS="nsswitch/nss_wins.$SHLIBEXT"
+ else
+ HAVE_WINBIND=no
+ winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported"
+ fi
+ ;;
+ esac
;;
*irix*)
# IRIX has differently named shared libraries
![[BACK]](/icons/back.gif){kind=icon}
Return to patch-af CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / samba33 / patches