Hi timur, after your commit r533307 net/samba410 should continue after 2020Q2. I have copied the current state of the port to the current Quaterly Branch. Unfortunately this fails in Poudriere: http://joneumbox.org/data/121amd64quaterly-quaterly/2020-05-25_16h07m35s/logs/errors/samba410-4.10.15.log Could you please have a look at this, because samba410 has security holes in the Quaterly Branch and needs to be fixed. Greetings joneum (ports-secteam)
Hi joneum, == FIX == This occurs because there is a duplicate patch file. This can be fixed with: $ svn del ${2020Q2DIR}/net/samba410/files/patch-bind14 == BACKGROUND == The relevant commit is here: https://svnweb.freebsd.org/ports?view=revision&revision=531462 This included the following changes: 1. files/patch-bind14 was copied to files/patch-bind 2. subsequent changes were made to files/patch-bind 3. files/patch-bind14 was deleted By copying the current state of the port from head to quarterly, you have achieve steps 1-2, but not step 3. Note also that you likely lost the svn history for files/patch-bind from step 1 in the process, as copying the file from head to quarterly would show as a new file instead of a copy of the previous file files/patch-bind14 with subsequent modifications. == OTHER INFO == The main reason for this change was because dns/bind914 had been deleted from the ports head branch, with dns/bind916 being introduced to the ports tree in February 2020 (before 2020Q2 branch) as the new replacement. http://svnweb.freebsd.org/changeset/ports/533423 Fortunately, this change has also been made to the ports quarterly branch, making it easier to backport this update to net/samba410 to the quarterly branch: https://svnweb.freebsd.org/changeset/ports/535306 I am running a poudriere testport build on 2020Q2 of net/samba410 copied from head to quarterly now.
Created attachment 215085 [details] Patch branches/2020Q2/net/samba410 to bring inline with head/net/samba410 The attached patch will bring branches/2020Q2/net/samba410 inline with head/net/samba410 (update from 4.10.13 to 4.10.15, introducing fixes for CVE-2020-10700 and CVE-2020-10704). Other changes to head since 2020Q2 was branched relevant to net/samba410: - net/bind914 - removed - incorporated in 2020Q2 (r535306) - net/bind916 - updated 9.16.1 to 9.16.3_2 - not in 2020Q2, assume not req'd - security/libtasn1 - updated 4.15.0 to 4.16.0 - not in 2020Q2, assume not req'd - archivers/libarchive - updated 3.4.2,1 to 3.4.3,1 - not in 2020Q2, assume not req'd
poudriere testport looks good for this patch on 2020Q2 Note I haven't been able to perform runtime testing
(In reply to Ben Woods from comment #3) Hi, Ben! Looks good, if you can commit it to the 2020Q2 - you have my blessing. Otherwise I have to repeat your steps :) With regards, Timur
joneum - can you please confirm I have your ports-secteam approval to commit this to 2020Q2? MFH: r531462 r533307 Update Samba 4.10 to the 4.10.14 release. Security update samba410 to the 4.10.15 Security: CVE-2020-10700 CVE-2020-10704 PR: 246721 Approved by: timur (maintainer) Approved by: ports-secteam (joneum)
Yes, LGTM :-)
A commit references this bug: Author: woodsb02 Date: Mon Jun 1 08:35:20 UTC 2020 New revision: 537468 URL: https://svnweb.freebsd.org/changeset/ports/537468 Log: MFH: r531462 r533307 Update Samba 4.10 to the 4.10.14 release. Security update samba410 to the 4.10.15 Security: CVE-2020-10700 CVE-2020-10704 PR: 246721 Approved by: timur (maintainer) Approved by: ports-secteam (joneum) Changes: branches/2020Q2/net/samba410/Makefile branches/2020Q2/net/samba410/distinfo branches/2020Q2/net/samba410/files/patch-bind branches/2020Q2/net/samba410/files/patch-bind14 branches/2020Q2/net/samba410/pkg-plist
Committed to 2020Q2 - thanks!