Bug 246721
| Summary: | net/samba410: MFH security updates to quaterly branch | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Jochen Neumeister <joneum> | ||||
| Component: | Individual Port(s) | Assignee: | Ben Woods <woodsb02> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | joneum, ports-secteam, timur, woodsb02 | ||||
| Priority: | --- | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Jochen Neumeister
2020-05-25 14:15:16 UTC
Hi joneum,
== FIX ==
This occurs because there is a duplicate patch file. This can be fixed with:
$ svn del ${2020Q2DIR}/net/samba410/files/patch-bind14
== BACKGROUND ==
The relevant commit is here:
https://svnweb.freebsd.org/ports?view=revision&revision=531462
This included the following changes:
1. files/patch-bind14 was copied to files/patch-bind
2. subsequent changes were made to files/patch-bind
3. files/patch-bind14 was deleted
By copying the current state of the port from head to quarterly, you have achieve steps 1-2, but not step 3.
Note also that you likely lost the svn history for files/patch-bind from step 1 in the process, as copying the file from head to quarterly would show as a new file instead of a copy of the previous file files/patch-bind14 with subsequent modifications.
== OTHER INFO ==
The main reason for this change was because dns/bind914 had been deleted from the ports head branch, with dns/bind916 being introduced to the ports tree in February 2020 (before 2020Q2 branch) as the new replacement.
http://svnweb.freebsd.org/changeset/ports/533423
Fortunately, this change has also been made to the ports quarterly branch, making it easier to backport this update to net/samba410 to the quarterly branch:
https://svnweb.freebsd.org/changeset/ports/535306
I am running a poudriere testport build on 2020Q2 of net/samba410 copied from head to quarterly now.
Created attachment 215085 [details]
Patch branches/2020Q2/net/samba410 to bring inline with head/net/samba410
The attached patch will bring branches/2020Q2/net/samba410 inline with head/net/samba410 (update from 4.10.13 to 4.10.15, introducing fixes for CVE-2020-10700 and CVE-2020-10704).
Other changes to head since 2020Q2 was branched relevant to net/samba410:
- net/bind914 - removed - incorporated in 2020Q2 (r535306)
- net/bind916 - updated 9.16.1 to 9.16.3_2 - not in 2020Q2, assume not req'd
- security/libtasn1 - updated 4.15.0 to 4.16.0 - not in 2020Q2, assume not req'd
- archivers/libarchive - updated 3.4.2,1 to 3.4.3,1 - not in 2020Q2, assume not req'd
poudriere testport looks good for this patch on 2020Q2 Note I haven't been able to perform runtime testing (In reply to Ben Woods from comment #3) Hi, Ben! Looks good, if you can commit it to the 2020Q2 - you have my blessing. Otherwise I have to repeat your steps :) With regards, Timur joneum - can you please confirm I have your ports-secteam approval to commit this to 2020Q2?
MFH: r531462 r533307
Update Samba 4.10 to the 4.10.14 release.
Security update samba410 to the 4.10.15
Security: CVE-2020-10700
CVE-2020-10704
PR: 246721
Approved by: timur (maintainer)
Approved by: ports-secteam (joneum)
Yes, LGTM :-) A commit references this bug: Author: woodsb02 Date: Mon Jun 1 08:35:20 UTC 2020 New revision: 537468 URL: https://svnweb.freebsd.org/changeset/ports/537468 Log: MFH: r531462 r533307 Update Samba 4.10 to the 4.10.14 release. Security update samba410 to the 4.10.15 Security: CVE-2020-10700 CVE-2020-10704 PR: 246721 Approved by: timur (maintainer) Approved by: ports-secteam (joneum) Changes: branches/2020Q2/net/samba410/Makefile branches/2020Q2/net/samba410/distinfo branches/2020Q2/net/samba410/files/patch-bind branches/2020Q2/net/samba410/files/patch-bind14 branches/2020Q2/net/samba410/pkg-plist Committed to 2020Q2 - thanks! |