no objection and help from jca@ (maintainer)
(-Wl,-rpath so that libinotify.so can be found)
tested with MacOS and Windows clients + OK Ian McWilliam (maintainer)
Several fixes for the AD DC code, which AFAIK do not affect us, but also
a server memory information leak for the SMBv1 file server code (which
is disabled by default).
Release notes:
https://www.samba.org/samba/history/samba-4.16.4.html
While here reinstate the PLIST bits that I lost in the update to 4.16.X.
Tests and ok Ian McWilliam (co-maintainer) and bket@
Release notes:
https://www.samba.org/samba/history/samba-4.16.0.htmlhttps://www.samba.org/samba/history/samba-4.16.1.htmlhttps://www.samba.org/samba/history/samba-4.16.2.html
Notable packaging changes:
1. Dynamically patch out the version information from the version scripts.
2. Disable gettext support, working around a build failure
3. Many libraries lose their versioning and gain a -samba4 suffix, among
them libreplace and libutil-setid. Since it's not possible to use
regular LIB_DEPENDS any more, merge -util, -ldb and -tevent into -main.
ldb and tevent are unused outside of samba anyway, so packaging them
separately doesn't help much.
Help, runtime tests and ok from Ian McWilliam (co-maintainer) and bket@,
thanks!
It actually just starts nmbd and smbd. I had already removed the
samba_ad_dc rc script when disabling AD DC support.
Reported by bket@ who kindly provided the revert diff, sorry for the
trouble!
Latest release. Many bugs have been fixed, including possibly security
relevant ones. This long overdue update has been postponed because of
binutils-2.17 ld(1) bugs in version scripts handling. The issue is not
fixed but at least worked around.
The SHARED_LIBS handling is a bit ugly because of the .cpython-XY tag added
to some libraries names.
Tests by Ian (co-maintainer)
When missing, samba builds pytdb support using its bundled copy of tdb,
and installs it in WRKINST, as shown by update-plist. samba runs fine
with the py-tdb package registered in its RUN_DEPENDS, but this is not
what was intended. Consistently use libtdb and py-tdb from databases/tdb.
Broken since ~2018 on clang+ld.lld archs, no analysis and no diff to fix
it, so it's time to send it to the Attic. Support for AD DC mode can't
be optimal anyway, with the deprecation of the ntvfs server code and our
lack of xattrs/ACLs.
"Fine by me" Ian
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
(which is not) throughout the ports Makefiles.
* Replace find|xargs with find -exec {} +
* Replace -exec {} \; with -exec {} + if applicable.
* Use the -delete operator to remove files and empty directories.
* Combine and tweak some find(1) invocations while here.
ok kn@ rsadowski@ espie@
Fixes for:
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
samba-4.10.10 and later fail to link on ld.bfd archs. Revert until
someone(tm) tracks down the problem.
Errors look like:
/usr/bin/ld: BFD 2.17 internal error, aborting at
/usr/src/gnu/usr.bin/binutils-2.17/bfd/elfcode.h line 190 in void
bfd_elf64_swap_symbol_in(bfd *, const void *, const void *,
Elf_Internal_Sym *)
/usr/bin/ld:
/pobj/samba-4.10.10/samba-4.10.10/bin/default/lib/param/libserver-role-samba4.so:
invalid string offset 3755991007 >= 625 for section `.dynstr'
3755991007 is 0xDFDFDFDF is likely already freed memory.
build failures:
http://build-failures.rhaalovely.net/sparc64/2019-12-11/net/samba,.loghttp://build-failures.rhaalovely.net/mips64/2019-12-06/net/samba,,-ldb.log
Fixes:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
transition on Samba AD DC.
Fixes for:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes for 4.9.14 and 4.9.15:
https://www.samba.org/samba/history/samba-4.9.14.htmlhttps://www.samba.org/samba/history/samba-4.9.15.html
Tested by and ok gonzalo@
