DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 61
+PAK_VER = 62
DEPS = "cups krb5"
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
+
cd $(DIR_APP)/source3 && ./autogen.sh
cd $(DIR_APP)/source3 && ./configure \
--prefix=/usr \
--- /dev/null
+From 82fa625540abf8b8ec23d43c41e2ca906a9928a5 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Apr 2016 11:56:08 +0200
+Subject: [PATCH] s3:rpc_server: Fix a regression verifying the security
+ trailer
+
+We do not support header signing so we should not check verify it if a
+client sends the flag.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index d659705..fa354a6 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -1552,7 +1552,6 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct dcerpc_sec_verification_trailer *vt = NULL;
+- const uint32_t bitmask1 = 0;
+ const struct dcerpc_sec_vt_pcontext pcontext = {
+ .abstract_syntax = pipe_fns->syntax,
+ .transfer_syntax = ndr_transfer_syntax,
+@@ -1573,7 +1572,7 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ goto done;
+ }
+
+- ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
++ ret = dcerpc_sec_verification_trailer_check(vt, NULL,
+ &pcontext, &header2);
+ done:
+ TALLOC_FREE(frame);
+--
+1.9.1
+
--- /dev/null
+From 0abef6992dc342d443137f8a2ac6c01f490cecee Mon Sep 17 00:00:00 2001
+From: Christian Ambach <ambi@samba.org>
+Date: Wed, 20 Feb 2013 16:59:05 +0100
+Subject: [PATCH] s3:rpc_client fix a crash
+
+state->cli->dc does not have to be set (e.g. when running
+net rpc join against an older Samba PDC), so check it before dereferencing it
+
+This fixes Bug 9669 - net rpc join crashes against a Samba 3.0.33 PDC
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=9669
+
+Signed-off-by: Christian Ambach <ambi@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Christian Ambach <ambi@samba.org>
+Autobuild-Date(master): Wed Feb 20 19:00:52 CET 2013 on sn-devel-104
+(cherry picked from commit 3d29bb2d37b02909ecb500e864f3c13e06957a86)
+
+(cherry picked from commit ff658bb36c28c9db91fc80a68725e893ffe300aa)
+---
+ source3/rpc_client/cli_pipe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index 5ddabb7..a211d92 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -2136,7 +2136,7 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+ TALLOC_FREE(subreq);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+- if (state->cli->dc->negotiate_flags &
++ if (state->cli->dc && state->cli->dc->negotiate_flags &
+ NETLOGON_NEG_SUPPORTS_AES) {
+ DEBUG(5, ("AES is not supported and the error was %s\n",
+ nt_errstr(status)));
+--
+1.9.1
+
--- /dev/null
+From 2d0424e7bb2c30bf9049529b207c73b55370dfc8 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 10 Jan 2012 16:38:16 +0100
+Subject: [PATCH] s3-rpc_client: Fix updating netlogon credentials.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+(cherry picked from commit 33206b1e240e55acedad606aed4f1952f7496b35)
+---
+ source3/rpc_client/cli_pipe.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index a211d92..92ca494 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -2128,9 +2128,6 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ struct rpc_pipe_bind_state *state =
+ tevent_req_data(req,
+ struct rpc_pipe_bind_state);
+- struct schannel_state *schannel_auth =
+- talloc_get_type_abort(state->cli->auth->auth_ctx,
+- struct schannel_state);
+ NTSTATUS status;
+
+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+@@ -2188,8 +2185,8 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ return;
+ }
+
+- TALLOC_FREE(schannel_auth->creds);
+- schannel_auth->creds = talloc_steal(state->cli, state->creds);
++ TALLOC_FREE(state->cli->dc);
++ state->cli->dc = talloc_steal(state->cli, state->creds);
+
+ if (!NT_STATUS_IS_OK(state->r.out.result)) {
+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
+@@ -3385,10 +3382,12 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
+ * The credentials on a new netlogon pipe are the ones we are passed
+ * in - copy them over
+ */
+- result->dc = netlogon_creds_copy(result, *pdc);
+ if (result->dc == NULL) {
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_MEMORY;
++ result->dc = netlogon_creds_copy(result, *pdc);
++ if (result->dc == NULL) {
++ TALLOC_FREE(result);
++ return NT_STATUS_NO_MEMORY;
++ }
+ }
+
+ DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
+--
+1.9.1
+