From 72b0ea4b5dc4384ca51ffb1f470ffcca11cd832a Mon Sep 17 00:00:00 2001
From: Andy Walsh <andy.walsh44+github@gmail.com>
Date: Sat, 13 Jun 2020 20:39:26 +0200
Subject: [PATCH] samba4: update to 4.11.9

* update to 4.11.9
* remove merged upstream patches
* disable netbios port 139 on 'DISABLE_NETBIOS' option or missing 'nmbd'
* fixes CVE-2020-10700, CVE-2020-10704

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
---
 net/samba4/Makefile                           | 11 +++++-----
 net/samba4/files/samba.init                   |  2 ++
 .../patches/103-tmsize-overflow-fix.patch     | 21 -------------------
 3 files changed, 8 insertions(+), 26 deletions(-)
 delete mode 100644 net/samba4/patches/103-tmsize-overflow-fix.patch

diff --git a/net/samba4/Makefile b/net/samba4/Makefile
index d1f6bdb476..90f2f1139b 100644
--- a/net/samba4/Makefile
+++ b/net/samba4/Makefile
@@ -2,7 +2,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=samba
-PKG_VERSION:=4.11.6
+PKG_VERSION:=4.11.9
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -13,7 +13,7 @@ PKG_SOURCE_URL:= \
 		http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
 		http://samba.mirror.bit.nl/samba/ftp/stable/ \
 		https://download.samba.org/pub/samba/stable/
-PKG_HASH:=91438f4d7b71f673421435fa7f26b03b613f214139636ce50af35bc2ff09ef38
+PKG_HASH:=ad8cef354cf3f3a8835b04c896906b839270bee763d941db52af037ab5ec8dcc
 
 PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
 PKG_LICENSE:=GPL-3.0-only
@@ -21,8 +21,8 @@ PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:samba:samba
 
 # samba4=(asn1_compile,compile_et) rpcsvc-proto=(rpcgen)
-HOST_BUILD_DEPENDS:=python3/host perl/host
-PKG_BUILD_DEPENDS:=samba4/host libtasn1/host rpcsvc-proto/host
+HOST_BUILD_DEPENDS:=python3/host rpcsvc-proto/host perl/host
+PKG_BUILD_DEPENDS:=samba4/host libtasn1/host
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_SAMBA4_SERVER_NETBIOS \
@@ -33,12 +33,13 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_kmod-fs-btrfs \
 	CONFIG_PACKAGE_kmod-fs-xfs
 
+PYTHON3_PKG_BUILD:=0
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/host-build.mk
 include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/version.mk
 include ../../lang/python/python3-host.mk
-#include ../../lang/python/python-package.mk
 include ../../lang/python/python3-package.mk
 
 define Package/samba4/Default
diff --git a/net/samba4/files/samba.init b/net/samba4/files/samba.init
index 2050f03cf6..92313cf480 100644
--- a/net/samba4/files/samba.init
+++ b/net/samba4/files/samba.init
@@ -50,6 +50,8 @@ smb_header() {
 		printf "\n######### Dynamic written config options #########\n"
 		if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then
 			printf "\tdisable netbios = yes\n"
+			# note: samba opens port 139 even if netbios is disabled via option above, so adjust listening ports
+			printf "\tsmb ports = 445\n"
 		fi
 
 		if [ "$DISABLE_ASYNC_IO" -eq 1 ]; then
diff --git a/net/samba4/patches/103-tmsize-overflow-fix.patch b/net/samba4/patches/103-tmsize-overflow-fix.patch
deleted file mode 100644
index 5d6cebe162..0000000000
--- a/net/samba4/patches/103-tmsize-overflow-fix.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/source3/modules/vfs_fruit.c	2019-07-09
-+++ b/source3/modules/vfs_fruit.c	2019-07-09
-@@ -6995,12 +6995,12 @@ static bool fruit_tmsize_do_dirent(vfs_h
- 		return true;
- 	}
- 
--	if (bandsize > SIZE_MAX/nbands) {
--		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
--			bandsize, nbands);
--		return false;
--	}
--	tm_size = bandsize * nbands;
-+	// if (bandsize > SIZE_MAX/nbands) {
-+		// DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
-+			// bandsize, nbands);
-+		// return false;
-+	// }
-+	tm_size = (off_t)bandsize * (off_t)nbands;
- 
- 	if (state->total_size + tm_size < state->total_size) {
- 		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
-- 
2.30.2