cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
124,181 Commits 1 Branch 0 Tags
Commit Graph

304 Commits

Author SHA1 Message Date
jca
99115b8769 Using lld for samba alone is not enough, remove tentative fix 
eg sysutils/usmb doesn't link, and using lld for all samba consumers
seems a bit far-fetched.

ok sthen@
 2017-11-02 23:46:37 +00:00
jca
67ad8f1c16 Hopefully fix samba, still using lld; looks like previous commit wasn't enough 
Also bump -util just to be safe.
 2017-11-02 19:56:29 +00:00
sthen
c8e88ae04a build samba with -fuse-ld=lld on CLANG_ARCHS, ok jca@ jca@ jca@ 2017-11-02 17:40:54 +00:00
jca
499879e197 Avoid nested function in waf test 
Innocuous, but changes the actual output of a command (smbd -b), so
bump.
 2017-09-25 13:26:52 +00:00
jca
1c71931c58 SECURITY update to samba-4.5.14 
o  CVE-2017-12150 (SMB1/2/3 connections may not require signing where
   they should)
o  CVE-2017-12151 (SMB3 connections don't keep encryption across DFS
   redirects)
o  CVE-2017-12163 (Server memory information leak over SMB1)
 2017-09-23 22:59:18 +00:00
jca
0b267664fe Update to samba-4.5.13, the latest release of the 4.5.x series 
Putting this in now to help handle future possible security issues on
the 6.2 branch.  Tested by Ian McWilliam.
 2017-09-18 11:52:04 +00:00
jca
469cbd8164 SECURITY fix for CVE-2017-11103 
CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass

The fix affects the embedded Heimdal copy.

  6dd3eb836b
  https://www.orpheus-lyre.info/
  https://www.samba.org/samba/security/CVE-2017-11103.html
 2017-07-13 00:52:29 +00:00
jca
81a6ece78c SECURITY fix for CVE-2017-7494 
o CVE-2017-7494 rpc_server3: Refuse to open pipe names with /
 2017-05-24 11:58:29 +00:00
ajacoutot
4ee307450d /usr/local/include/samba-4.0/ was not registered in any subpackage; make 
-tevent own it since all include/samba-4.0 consumers depend on it.
 2017-05-16 08:45:32 +00:00
jca
1b25cfdd16 Update to samba-4.5.8 
Fix regression with "follow symlinks = no".  ok Ian sthen@
 2017-04-01 11:37:38 +00:00
jca
47ea351ebe SECURITY update to samba-4.5.7 
o CVE-2017-2619 (Symlink race allows access outside share definition)
 2017-03-25 17:00:01 +00:00
jca
f004286ada Update to samba-4.5.6 
Tests by Ian
 2017-03-16 09:53:33 +00:00
jca
165b6b53cc Regen PLIST to use MODPY_PYOEXTENSION 2017-03-12 22:19:50 +00:00
sthen
94e8aee89a zap zero-byte files, list from rsadowski 2017-01-27 18:52:26 +00:00
jca
4be4d71e52 SECURITY update to samba-4.5.3 
CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).

CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).

CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).

ok Ian McWilliam
 2016-12-20 14:15:11 +00:00
jca
d8700eb3ee Update to samba-4.5.2 2016-12-19 10:12:18 +00:00
ajacoutot
963b076884 -util should own the /usr/local/lib/samba/ directory to prevent the following 
warning when pkg_delete samba:
Error deleting directory /usr/local/lib/samba: Directory not empty

ok jca@ (maintainer)
 2016-11-11 15:16:57 +00:00
jca
005e273761 Update to samba-4.5.1 
Changes:
  https://www.samba.org/samba/history/samba-4.5.0.html
  https://www.samba.org/samba/history/samba-4.5.1.html

powerpc build test kirby@, ok Ian McWilliam
 2016-11-09 15:59:37 +00:00
jca
f6fa1e8195 Repair samba-tool domain provision --use-ntvfs 
The situation is a mess.  Upstream says that s3fs (the original smb code
from samba3) requires filesystem ACLs, which we don't have.  The ntvfs
code (new in samba4, but now deprecated) fit the job, but
adding --with-ntvfs-fileserver doesn't actually provide a working 'smb'
service (see "server services" in smb.conf(5)).

So right now it seems that the workaround is to provision
using --use-ntvfs, but then to strip 'smb' from the 'server services'
line.

Reports welcome...
 2016-09-12 15:38:22 +00:00
jca
55dada1e0e SECURITY update to samba-4.4.5 
* CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)

ok ajacoutot@, Ian McWilliam, sthen@ on a previous version.  ok danj@
who noted missing entries in PLIST.
 2016-07-08 18:39:50 +00:00
jca
b16be23fd8 Update to samba-4.4.4 
Diff from Ian, tests & ok sthen@
 2016-07-06 16:43:16 +00:00
jca
92a6e55dfb Fix quota handling that resulted in spam in logs. 
Prodded by jung@, ok jung@ Ian
 2016-05-15 01:10:07 +00:00
jca
99da75d56f Update to samba-4.4.3, bringing fixes for the regression introduced by 4.4.2. 
Tested by Vijay Sankar and I.
 2016-05-06 11:34:41 +00:00
jca
d7fb3db25d Better comment. 
mips64 has atomic support now, don't mention atomic_add_32
 2016-04-27 08:50:03 +00:00
jca
80b1bfa469 Committed upstream. 2016-04-26 12:23:05 +00:00
jca
6ba3931a94 Better workaround for clearenv 2016-04-25 15:01:29 +00:00
jca
3bfa72277a Drop gettext module 2016-04-25 08:58:10 +00:00
jca
a001ab7285 Update to samba-4.4.2 
Tests by Vijay Sankar and Ian, ok Ian

This release contains the security fixes introduced by 4.4.2, plus the
new features and improvements from 4.4.0:

  https://www.samba.org/samba/history/samba-4.4.0.html
 2016-04-22 11:48:36 +00:00
jca
d6e8759b50 SECURITY update to samba-4.3.8 
ok sthen@ Ian McWilliam

CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)

See https://www.samba.org/samba/history/samba-4.3.8.html for more
information.
 2016-04-13 11:25:40 +00:00
jca
13f7dce85d Update to samba-4.3.6 
i386 build by danj@, ok sthen@

The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories.  samba-4.3.8 will follow.
 2016-04-12 17:42:09 +00:00
jca
e19d82005b Stop fetching and packaging outdated pdf docs; ok Ian 2016-03-23 19:08:15 +00:00
naddy
a90d3a4179 remove SHARED_ONLY 2016-03-20 15:58:26 +00:00
jca
16c613f366 SECURITY update to samba-4.1.23; ok Ian McWilliam 
Fixes for CVE-2015-7560 and CVE-2016-0771.
 2016-03-09 19:40:11 +00:00
sthen
275b716f52 bump tevent 2016-01-18 12:10:51 +00:00
sthen
9005d1d063 sync WANTLIB 2016-01-17 17:29:07 +00:00
jca
fb9197ada0 SECURITY update to samba-4.1.22; ok Ian McWilliam 
ChangeLog and descriptions of the relevant CVE's:

  https://www.samba.org/samba/history/samba-4.1.22.html

This update changed the signature of a few functions in libsamba-util,
so bump the shlib major.  Also update Ian's email adress while here.
 2015-12-23 12:37:21 +00:00
ajacoutot
d60b768928 daemon_timeout is not passed to the child scripts either. 2015-11-29 15:50:20 +00:00
jca
a536651fbb Bugfix update to samba-4.1.21 
"diff looks fine" Ian McWilliam
 2015-10-15 16:57:19 +00:00
jca
cba377ac48 Backport usage warning for smbstatus(1), picked from upstream. 
Problem noticed and different patch proposed by giovanni@.
ok giovanni@ Ian McWilliam
 2015-09-30 18:16:14 +00:00
jca
dfec945430 Use -Wl,--no-undefined just like other platforms, -Wl,--as-needed works fine now. 
Tested earlier on powerpc (sthen@), and on i386/amd64.  ok Ian McWilliam.
 2015-09-30 18:14:07 +00:00
jca
11f801ff63 Back in May, miod gave nm(1) a -D flag. 2015-09-28 22:51:25 +00:00
jca
fe52d5d1d9 gc leftover from samba3 2015-09-28 22:48:06 +00:00
jca
43c2e95697 Fix two tests to allow building on hppa/mips64. 
Those tests (for __sync_fetch_and_add and atomic_add_32) were broken,
yet waf thinks they succeed.

...
 2015-09-28 22:46:06 +00:00
jca
203324e9ed Update to samba-4.1.20; ok sthen@ 2015-09-11 11:35:09 +00:00
jca
1dcc435ff4 Do not mention SWAT, it has been removed. 2015-08-26 18:05:31 +00:00
jca
fa14e12281 Stray @sample /var/run/samba, noticed earlier by ajacoutot@ 
/var/run gets cleaned at boot time.  The samba daemons create this
directory at startup.
 2015-08-25 15:38:16 +00:00
ajacoutot
0176f4ec4e No need to explicitely list textproc/libxslt; the dependency on 
docbook-xsl is enough.

ok jca@ (maintainer)
 2015-08-25 12:03:21 +00:00
jca
48d3e06ff7 Add a note about nmbd being broken in AD DC setups, and bump. 
Requested by giovanni@, putting it here instead of current.html so that
new users will be aware too.
 2015-08-25 11:41:15 +00:00
jca
67d00b96ba Add an rc script for samba in AD DC mode. 2015-08-25 11:39:25 +00:00
jca
cb12b0e70a Ian McWilliam and I will co-maintain this. 2015-08-25 11:10:41 +00:00