diff options
| author | wiz <wiz@pkgsrc.org> | 2022-10-25 07:46:11 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2022-10-25 07:46:11 +0000 |
| commit | f1eea6e8cb87c5322a69e57f10bac1836eb6876c (patch) | |
| tree | 8cf42936c93051523906dc2c2a95eabb4755c2d5 | |
| parent | cc0c2fd937307e31257231a5abc5aa83357a7730 (diff) | |
| download | pkgsrc-f1eea6e8cb87c5322a69e57f10bac1836eb6876c.tar.gz | |
samba: update to 4.17.1.
Changes since 4.17.0
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15174: smbXsrv_connection_shutdown_send result leaked.
* BUG 15182: Flush on a named stream never completes.
* BUG 15195: Permission denied calling SMBC_getatr when file not exists.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
* BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
o Ralph Boehme <slow@samba.org>
* BUG 15182: Flush on a named stream never completes.
o Volker Lendecke <vl@samba.org>
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
o Stefan Metzmacher <metze@samba.org>
* BUG 15200: multi-channel socket passing may hit a race if one of the
involved processes already existed.
* BUG 15201: memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others).
o Noel Power <noel.power@suse.com>
* BUG 15205: Since popt1.19 various use after free errors using result of
poptGetArg are now exposed.
o Anoop C S <anoopcs@samba.org>
* BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
==============================
Release Notes for Samba 4.17.0
September 13, 2022
==============================
This is the first stable release of the Samba 4.17 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
SMB Server performance improvements
-----------------------------------
The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for meta data heavy workloads.
With 4.17 the situation improved a lot again:
- Pathnames given by a client are devided into dirname and basename.
The amount of syscalls to validate dirnames is reduced to 2 syscalls
(openat, close) per component. On modern Linux kernels (>= 5.6) smbd
makes use of the openat2() syscall with RESOLVE_NO_SYMLINKS,
in order to just use 2 syscalls (openat2, close) for the whole dirname.
- Contended path based operations used to generate a lot of unsolicited
wakeup events causing thundering herd problems, which lead to masive
latencies for some clients. These events are now avoided in order
to provide stable latencies and much higher throughput of open/close
operations.
Configure without the SMB1 Server
---------------------------------
It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:
--with-smb1-server
--without-smb1-server
By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).
None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.
This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.
Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.
Bronze bit and S4U support now also with MIT Kerberos 1.20
----------------------------------------------------------
In 2020 Microsoft Security Response Team received another Kerberos-related
report. Eventually, that led to a security update of the CVE-2020-17049,
Kerberos KDC Security Feature Bypass Vulnerability, also known as a ‘Bronze
Bit’. With this vulnerability, a compromised service that is configured to use
Kerberos constrained delegation feature could tamper with a service ticket that
is not valid for delegation to force the KDC to accept it.
With the release of MIT Kerberos 1.20, Samba AD DC is able able to mitigate the
‘Bronze Bit’ attack. MIT Kerberos KDC's KDB (Kerberos Database Driver) API was
changed to allow passing more details between KDC and KDB components. When built
against MIT Kerberos, Samba AD DC supports MIT Kerberos 1.19 and 1.20 versions
but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20.
In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports
S4U2Self and S4U2Proxy Kerberos extensions.
Note the default (Heimdal-based) KDC was already fixed in 2021,
see https://bugzilla.samba.org/show_bug.cgi?id=14642
Resource Based Constrained Delegation (RBCD) support
----------------------------------------------------
Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT
Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite.
samba-tool delegation got the 'add-principal' and 'del-principal' subcommands
in order to manage RBCD.
To complete RBCD support and make it useful to Administrators we added the
Asserted Identity [1] SID into the PAC for constrained delegation. This is
available for Samba AD compiled with MIT Kerberos 1.20.
Note the default (Heimdal-based) KDC does not support RBCD yet.
[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Customizable DNS listening port
-------------------------------
It is now possible to set a custom listening port for the builtin DNS service,
making easy to host another DNS on the same system that would bind to the
default port and forward the domain-specific queries to Samba using the custom
port. This is the opposite configuration of setting a forwarder in Samba.
It makes possible to use another DNS server as a front and forward to Samba.
Dynamic DNS updates may not be proxied by the front DNS server when forwarding
to Samba. Dynamic DNS update proxying depends on the features of the other DNS
server used as a front.
CTDB changes
------------
* When Samba is configured with both --with-cluster-support and
--systemd-install-services then a systemd service file for CTDB will
be installed.
* ctdbd_wrapper has been removed. ctdbd is now started directly from
a systemd service file or init script.
* The syntax for the ctdb.tunables configuration file has been
relaxed. However, trailing garbage after the value, including
comments, is no longer permitted. Please see ctdb-tunables(7) for
more details.
Operation without the (unsalted) NT password hash
-------------------------------------------------
When Samba is configured with 'nt hash store = never' then Samba will
no longer store the (unsalted) NT password hash for users in Active
Directory. (Trust accounts, like computers, domain controllers and
inter-domain trusts are not impacted).
In the next version of Samba the default for 'nt hash store' will
change from 'always' to 'auto', where it will follow (behave as 'nt
hash store = never' when 'ntlm auth = disabled' is set.
Security-focused deployments of Samba that have eliminated NTLM from
their networks will find setting 'ntlm auth = disabled' with 'nt hash
store = always' as a useful way to improve compliance with
best-practice guidance on password storage (which is to always use an
interated hash).
Note that when 'nt hash store = never' is set, then arcfour-hmac-md5
Kerberos keys will not be available for users who subsequently change
their password, as these keys derive their values from NT hashes. AES
keys are stored by default for all deployments of Samba with Domain
Functional Level 2008 or later, are supported by all modern clients,
and are much more secure.
Finally, also note that password history in Active Directory is stored
in nTPwdHistory using a series of NT hash values. Therefore the full
password history feature is not available in this mode.
To provide some protection against password re-use previous Kerberos
hash values (the current, old and older values are already stored) are
used, providing a history length of 3.
There is one small limitation of this workaround: Changing the
sAMAccountName, userAccountControl or userPrincipalName of an account
can cause the Kerberos password salt to change. This means that after
*both* an account rename and a password change, only the current
password will be recognised for password history purposes.
Python API for smbconf
----------------------
Samba's smbconf library provides a generic frontend to various
configuration backends (plain text file, registry) as a C library. A
new Python wrapper, importable as 'samba.smbconf' is available. An
additional module, 'samba.samba3.smbconf', is also available to enable
registry backend support. These libraries allow Python programs to
read, and optionally write, Samba configuration natively.
JSON support for smbstatus
--------------------------
It is now possible to print detailed information in JSON format in
the smbstatus program using the new option --json. The JSON output
covers all the existing text output including sessions, connections,
open files, byte-range locks, notifies and profile data with all
low-level information maintained by Samba in the respective databases.
Protected Users security group
------------------------------
Samba AD DC now includes support for the Protected Users security
group introduced in Windows Server 2012 R2. The feature reduces the
attack surface of user accounts by preventing the use of weak
encryption types. It also mitigates the effects of credential theft by
limiting credential lifetime and scope.
The protections are intended for user accounts only, and service or
computer accounts should not be added to the Protected Users
group. User accounts added to the group are granted the following
security protections:
* NTLM authentication is disabled.
* Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are
not issued to or accepted from affected principals. Tickets
encrypted with AES, and service tickets encrypted with RC4, are
not affected by this restriction.
* The lifetime of Kerberos TGTs is restricted to a maximum of four
hours.
* Kerberos constrained and unconstrained delegation is disabled.
If the Protected Users group is not already present in the domain, it
can be created with 'samba-tool group add'. The new '--special'
parameter must be specified, with 'Protected Users' as the name of the
group. An example command invocation is:
samba-tool group add 'Protected Users' --special
or against a remote server:
samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U Administrator
The Protected Users group is identified in the domain by its having a
RID of 525. Thus, it should only be created with samba-tool and the
'--special' parameter, as above, so that it has the required RID
to function correctly.
REMOVED FEATURES
================
LanMan Authentication and password storage removed from the AD DC
-----------------------------------------------------------------
The storage and authentication with LanMan passwords has been entirely
removed from the Samba AD DC, even when "lanman auth = yes" is set.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
dns port New default 53
fruit:zero_file_id New default yes
nt hash store New parameter always
smb1 unix extensions Replaces "unix extensions"
volume serial number New parameter -1
winbind debug traceid New parameter no
| -rw-r--r-- | net/samba4/Makefile | 8 | ||||
| -rw-r--r-- | net/samba4/PLIST | 60 | ||||
| -rw-r--r-- | net/samba4/distinfo | 17 | ||||
| -rw-r--r-- | net/samba4/patches/patch-lib_tevent_tevent.c | 10 | ||||
| -rw-r--r-- | net/samba4/patches/patch-lib_util_time.h | 8 | ||||
| -rw-r--r-- | net/samba4/patches/patch-source3_smbd_open.c | 19 | ||||
| -rw-r--r-- | net/samba4/patches/patch-source3_smbd_smb1__process.c (renamed from net/samba4/patches/patch-source3_smbd_process.c) | 6 | ||||
| -rw-r--r-- | net/samba4/patches/patch-source4_scripting_wscript__build (renamed from net/samba4/patches/patch-source4_scripting_wsript_build) | 2 | ||||
| -rw-r--r-- | net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build | 12 |
9 files changed, 61 insertions, 81 deletions
diff --git a/net/samba4/Makefile b/net/samba4/Makefile index adeb845ef37..c62441a4a57 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.150 2022/09/12 16:04:57 adam Exp $ +# $NetBSD: Makefile,v 1.151 2022/10/25 07:46:11 wiz Exp $ -DISTNAME= samba-4.16.5 +DISTNAME= samba-4.17.1 CATEGORIES= net MASTER_SITES= https://download.samba.org/pub/samba/stable/ @@ -69,9 +69,7 @@ BROKEN_GETTEXT_DETECTION= yes #CONFIGURE_ARGS+= --fatal-errors HAS_CONFIGURE= yes -CONFIG_SHELL= ${PYTHONBIN} -CONFIGURE_SCRIPT= ${WRKSRC}/buildtools/bin/waf -CONFIGURE_ARGS+= configure +CONFIGURE_SCRIPT= ${WRKSRC}/configure CONFIGURE_ARGS+= --prefix=${PREFIX} CONFIGURE_ARGS+= --infodir=${SMB_INFO} CONFIGURE_ARGS+= --mandir=${SMB_MAN} diff --git a/net/samba4/PLIST b/net/samba4/PLIST index fc8e67cd6c1..0f25745a7b6 100644 --- a/net/samba4/PLIST +++ b/net/samba4/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.46 2022/08/09 17:56:09 adam Exp $ +@comment $NetBSD: PLIST,v 1.47 2022/10/25 07:46:11 wiz Exp $ bin/cifsdd bin/dbwrap_tool bin/dumpmscat @@ -143,8 +143,8 @@ lib/libndr-standard.so lib/libndr-standard.so.0 lib/libndr-standard.so.0.0.1 lib/libndr.so -lib/libndr.so.2 -lib/libndr.so.2.0.0 +lib/libndr.so.3 +lib/libndr.so.3.0.0 lib/libnetapi.so lib/libnetapi.so.1 lib/libnetapi.so.1.0.0 @@ -154,6 +154,7 @@ lib/libsamba-credentials.so.1 lib/libsamba-credentials.so.1.0.0 lib/libsamba-errors.so lib/libsamba-errors.so.1 +lib/libsamba-errors.so.1.0.0 lib/libsamba-hostconfig.so lib/libsamba-hostconfig.so.0 lib/libsamba-hostconfig.so.0.0.1 @@ -265,24 +266,35 @@ ${PYSITELIB}/samba/emulate/traffic_packets.py ${PYSITELIB}/samba/forest_update.py ${PYSITELIB}/samba/gensec.so ${PYSITELIB}/samba/getopt.py -${PYSITELIB}/samba/gp_cert_auto_enroll_ext.py -${PYSITELIB}/samba/gp_chromium_ext.py -${PYSITELIB}/samba/gp_ext_loader.py -${PYSITELIB}/samba/gp_firefox_ext.py -${PYSITELIB}/samba/gp_firewalld_ext.py -${PYSITELIB}/samba/gp_gnome_settings_ext.py -${PYSITELIB}/samba/gp_msgs_ext.py +${PYSITELIB}/samba/gp/gp_centrify_crontab_ext.py +${PYSITELIB}/samba/gp/gp_centrify_sudoers_ext.py +${PYSITELIB}/samba/gp/gp_cert_auto_enroll_ext.py +${PYSITELIB}/samba/gp/gp_chromium_ext.py +${PYSITELIB}/samba/gp/gp_ext_loader.py +${PYSITELIB}/samba/gp/gp_firefox_ext.py +${PYSITELIB}/samba/gp/gp_firewalld_ext.py +${PYSITELIB}/samba/gp/gp_gnome_settings_ext.py +${PYSITELIB}/samba/gp/gp_msgs_ext.py +${PYSITELIB}/samba/gp/gp_scripts_ext.py +${PYSITELIB}/samba/gp/gp_sec_ext.py +${PYSITELIB}/samba/gp/gp_smb_conf_ext.py +${PYSITELIB}/samba/gp/gp_sudoers_ext.py +${PYSITELIB}/samba/gp/gpclass.py +${PYSITELIB}/samba/gp/util/logging.py +${PYSITELIB}/samba/gp/vgp_access_ext.py +${PYSITELIB}/samba/gp/vgp_files_ext.py +${PYSITELIB}/samba/gp/vgp_issue_ext.py +${PYSITELIB}/samba/gp/vgp_motd_ext.py +${PYSITELIB}/samba/gp/vgp_openssh_ext.py +${PYSITELIB}/samba/gp/vgp_startup_scripts_ext.py +${PYSITELIB}/samba/gp/vgp_sudoers_ext.py +${PYSITELIB}/samba/gp/vgp_symlink_ext.py ${PYSITELIB}/samba/gp_parse/__init__.py ${PYSITELIB}/samba/gp_parse/gp_aas.py ${PYSITELIB}/samba/gp_parse/gp_csv.py ${PYSITELIB}/samba/gp_parse/gp_inf.py ${PYSITELIB}/samba/gp_parse/gp_ini.py ${PYSITELIB}/samba/gp_parse/gp_pol.py -${PYSITELIB}/samba/gp_scripts_ext.py -${PYSITELIB}/samba/gp_sec_ext.py -${PYSITELIB}/samba/gp_smb_conf_ext.py -${PYSITELIB}/samba/gp_sudoers_ext.py -${PYSITELIB}/samba/gpclass.py ${PYSITELIB}/samba/gpo.so ${PYSITELIB}/samba/graph.py ${PYSITELIB}/samba/hostconfig.py @@ -353,12 +365,14 @@ ${PYSITELIB}/samba/samba3/libsmb_samba_internal.py ${PYSITELIB}/samba/samba3/mdscli.so ${PYSITELIB}/samba/samba3/param.so ${PYSITELIB}/samba/samba3/passdb.so +${PYSITELIB}/samba/samba3/smbconf.so ${PYSITELIB}/samba/samba3/smbd.so ${PYSITELIB}/samba/samdb.py ${PYSITELIB}/samba/schema.py ${PYSITELIB}/samba/sd_utils.py ${PYSITELIB}/samba/security.so ${PYSITELIB}/samba/sites.py +${PYSITELIB}/samba/smbconf.so ${PYSITELIB}/samba/subnets.py ${PYSITELIB}/samba/subunit/__init__.py ${PYSITELIB}/samba/subunit/run.py @@ -382,6 +396,7 @@ ${PYSITELIB}/samba/tests/blackbox/check_output.py ${PYSITELIB}/samba/tests/blackbox/downgradedatabase.py ${PYSITELIB}/samba/tests/blackbox/mdsearch.py ${PYSITELIB}/samba/tests/blackbox/ndrdump.py +${PYSITELIB}/samba/tests/blackbox/netads_dns.py ${PYSITELIB}/samba/tests/blackbox/netads_json.py ${PYSITELIB}/samba/tests/blackbox/samba_dnsupdate.py ${PYSITELIB}/samba/tests/blackbox/smbcacls.py @@ -467,8 +482,11 @@ ${PYSITELIB}/samba/tests/krb5/kdc_base_test.py ${PYSITELIB}/samba/tests/krb5/kdc_tests.py ${PYSITELIB}/samba/tests/krb5/kdc_tgs_tests.py ${PYSITELIB}/samba/tests/krb5/kpasswd_tests.py +${PYSITELIB}/samba/tests/krb5/lockout_tests.py ${PYSITELIB}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py +${PYSITELIB}/samba/tests/krb5/nt_hash_tests.py ${PYSITELIB}/samba/tests/krb5/pac_align_tests.py +${PYSITELIB}/samba/tests/krb5/protected_users_tests.py ${PYSITELIB}/samba/tests/krb5/raw_testcase.py ${PYSITELIB}/samba/tests/krb5/rfc4120_constants.py ${PYSITELIB}/samba/tests/krb5/rfc4120_pyasn1.py @@ -491,6 +509,7 @@ ${PYSITELIB}/samba/tests/ldap_spn.py ${PYSITELIB}/samba/tests/ldap_upn_sam_account.py ${PYSITELIB}/samba/tests/libsmb.py ${PYSITELIB}/samba/tests/loadparm.py +${PYSITELIB}/samba/tests/logfiles.py ${PYSITELIB}/samba/tests/lsa_string.py ${PYSITELIB}/samba/tests/messaging.py ${PYSITELIB}/samba/tests/ndr.py @@ -507,6 +526,7 @@ ${PYSITELIB}/samba/tests/ntlm_auth_krb5.py ${PYSITELIB}/samba/tests/ntlmdisabled.py ${PYSITELIB}/samba/tests/pam_winbind.py ${PYSITELIB}/samba/tests/pam_winbind_chauthtok.py +${PYSITELIB}/samba/tests/pam_winbind_setcred.py ${PYSITELIB}/samba/tests/pam_winbind_warn_pwd_expire.py ${PYSITELIB}/samba/tests/param.py ${PYSITELIB}/samba/tests/password_hash.py @@ -575,8 +595,10 @@ ${PYSITELIB}/samba/tests/samdb_api.py ${PYSITELIB}/samba/tests/sddl.py ${PYSITELIB}/samba/tests/security.py ${PYSITELIB}/samba/tests/segfault.py +${PYSITELIB}/samba/tests/sid_strings.py ${PYSITELIB}/samba/tests/smb-notify.py ${PYSITELIB}/samba/tests/smb.py +${PYSITELIB}/samba/tests/smbconf.py ${PYSITELIB}/samba/tests/smbd_base.py ${PYSITELIB}/samba/tests/smbd_fuzztest.py ${PYSITELIB}/samba/tests/source.py @@ -593,14 +615,6 @@ ${PYSITELIB}/samba/trust_utils.py ${PYSITELIB}/samba/upgrade.py ${PYSITELIB}/samba/upgradehelpers.py ${PYSITELIB}/samba/uptodateness.py -${PYSITELIB}/samba/vgp_access_ext.py -${PYSITELIB}/samba/vgp_files_ext.py -${PYSITELIB}/samba/vgp_issue_ext.py -${PYSITELIB}/samba/vgp_motd_ext.py -${PYSITELIB}/samba/vgp_openssh_ext.py -${PYSITELIB}/samba/vgp_startup_scripts_ext.py -${PYSITELIB}/samba/vgp_sudoers_ext.py -${PYSITELIB}/samba/vgp_symlink_ext.py ${PYSITELIB}/samba/werror.so ${PYSITELIB}/samba/xattr.py ${PYSITELIB}/samba/xattr_native.so diff --git a/net/samba4/distinfo b/net/samba4/distinfo index 657550facfb..804d3589c87 100644 --- a/net/samba4/distinfo +++ b/net/samba4/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.83 2022/09/12 16:04:57 adam Exp $ +$NetBSD: distinfo,v 1.84 2022/10/25 07:46:11 wiz Exp $ -BLAKE2s (samba-4.16.5.tar.gz) = 45cea3971f35b3c158cd225ea0cf605b2d1278002d23bc4280827cd388c82edf -SHA512 (samba-4.16.5.tar.gz) = 9c4cd2ccbb6a4910d0da220e24bf3bf2cf25acaaebb5aa7358d8910016fac29b8ed1889f8ee0b4953d695583ff04d8de7bfffc2d97ae30aa7730e157aa7acfcf -Size (samba-4.16.5.tar.gz) = 30613439 bytes +BLAKE2s (samba-4.17.1.tar.gz) = 9d634b7d20f81312c4e5fa5ed048df97c02ae2402f25c56c58189c2dd9acd3eb +SHA512 (samba-4.17.1.tar.gz) = b62605caed837e6638f3f87ce73d21976125ec890deca38bde41d3f8e299cc8da268f1b0884845ac947e5cbd29eb1300e36e638d08c38f127d3058dfef9547f8 +Size (samba-4.17.1.tar.gz) = 30795757 bytes SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 @@ -14,14 +14,14 @@ SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43 SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d SHA1 (patch-lib_replace_wscript) = 4250bdfd8ee82fcdb43315f24a124b7ae8d7e36f SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 -SHA1 (patch-lib_tevent_tevent.c) = dc782c5b7214abf52a4c8c242018b1989bca08e3 +SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 SHA1 (patch-lib_tevent_wscript) = fbbe2024096b57d651d90064f53489a974db9d7a SHA1 (patch-lib_tsocket_tsocket__bsd.c) = 0ac414e02ee3a326d3dd34515bfffce6e8da5e46 SHA1 (patch-lib_util_charset_charset__macosxfs.c) = 9772fc52fff48aec2a7e279223f73bb791217c26 SHA1 (patch-lib_util_smb__threads.h) = 817591a2b69f31ac29497a2006fe21f0b4b0aaea SHA1 (patch-lib_util_tfork.c) = a9acb5561c5bba76450c48904a22019c8b14cbec -SHA1 (patch-lib_util_time.h) = 56e3d418d492a029eda03c82397f47c7f0cda6ba +SHA1 (patch-lib_util_time.h) = 5048614e301cf6922ff7fa6693fa58bfe17ff10e SHA1 (patch-libcli_dns_wscript__build) = 4103a144aa1bb4662fd7a62270941f1a3d01fe89 SHA1 (patch-nsswitch_stress-nss-libwbclient.c) = c546f00184b0d22b6c150e210962cdfc6fc12df2 SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 2773ec9269d1fe0d7ce7ed220f6a7122d187fabe @@ -30,12 +30,11 @@ SHA1 (patch-source3_libsmb_pylibsmb.c) = 962bb35b140ec11c0035ffa7fb83c9143fa5615 SHA1 (patch-source3_modules_vfs__solarisacl.c) = 1a56006393d08d9977c60e75fddfcf501e2233f7 SHA1 (patch-source3_modules_vfs__solarisacl.h) = 11f8664641a14fd83d78b1a7e10056a77b7b634f SHA1 (patch-source3_printing_samba-bgqd.c) = e9b83c35fbb24c702650d745b82fe6c9efbcdf76 -SHA1 (patch-source3_smbd_open.c) = 002f26f77dad54617bf9c0fe4fa12f093ef3b66c -SHA1 (patch-source3_smbd_process.c) = 3a6f9682aca6473e364d0be0f601774df4fd1296 SHA1 (patch-source3_smbd_quotas.c) = 7f959964fac3ee435c57a115c8f5b6407e57b777 +SHA1 (patch-source3_smbd_smb1__process.c) = ff59b9b4f4bdfff2761613ff84fbd669899ea540 SHA1 (patch-source3_utils_net__offlinejoin.c) = 773a4686d5e2a7eaebf9430529708e8318d45c77 SHA1 (patch-source4_dsdb_samdb_ldb__modules_wscript__build__server) = 47f55ec16b667a0a4d38de5ac89a117f2ac8f898 -SHA1 (patch-source4_scripting_wsript_build) = 816d44f48b6cbc6d999995e00eaea1d2dc477159 +SHA1 (patch-source4_scripting_wscript__build) = 816d44f48b6cbc6d999995e00eaea1d2dc477159 SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = cbba15c2c0e1eee9d07424510a96b596f46992b4 SHA1 (patch-third__party_heimdal__build_roken.h) = 59d5523676fe8c0315e969247f26b4ea2f900402 SHA1 (patch-third__party_heimdal_include_heim__threads.h) = 5ad13530cf9688e46f9ad487bb0fddab668c8276 diff --git a/net/samba4/patches/patch-lib_tevent_tevent.c b/net/samba4/patches/patch-lib_tevent_tevent.c index 923a2e7698b..6aff4fc174e 100644 --- a/net/samba4/patches/patch-lib_tevent_tevent.c +++ b/net/samba4/patches/patch-lib_tevent_tevent.c @@ -1,13 +1,13 @@ -$NetBSD: patch-lib_tevent_tevent.c,v 1.3 2021/06/22 09:36:41 nia Exp $ +$NetBSD: patch-lib_tevent_tevent.c,v 1.4 2022/10/25 07:46:11 wiz Exp $ On SunOS (OpenSolaris), pthread_mutex_init() expects a zeroed-out mutex data structure ---- lib/tevent/tevent.c.orig 2020-07-09 09:33:56.000000000 +0000 +--- lib/tevent/tevent.c.orig 2022-08-08 14:15:39.148190500 +0000 +++ lib/tevent/tevent.c -@@ -423,6 +423,7 @@ static int tevent_common_context_constru - return ret; - } +@@ -476,6 +476,7 @@ static int tevent_common_context_constru + + #ifdef HAVE_PTHREAD + memset(&ev->scheduled_mutex, 0, sizeof(pthread_mutex_t)); ret = pthread_mutex_init(&ev->scheduled_mutex, NULL); diff --git a/net/samba4/patches/patch-lib_util_time.h b/net/samba4/patches/patch-lib_util_time.h index ae14a8833f5..9e6c7c8bcac 100644 --- a/net/samba4/patches/patch-lib_util_time.h +++ b/net/samba4/patches/patch-lib_util_time.h @@ -1,12 +1,12 @@ -$NetBSD: patch-lib_util_time.h,v 1.1 2022/07/21 09:35:50 adam Exp $ +$NetBSD: patch-lib_util_time.h,v 1.2 2022/10/25 07:46:11 wiz Exp $ Define timeval/timespec. ---- lib/util/time.h.orig 2022-07-20 13:08:26.333843041 +0000 +--- lib/util/time.h.orig 2022-08-08 14:15:39.172190700 +0000 +++ lib/util/time.h -@@ -28,6 +28,18 @@ - #include <stdint.h> +@@ -29,6 +29,18 @@ #include <talloc.h> + #include <time.h> +/* From "system/time.h" */ +#ifdef TIME_WITH_SYS_TIME diff --git a/net/samba4/patches/patch-source3_smbd_open.c b/net/samba4/patches/patch-source3_smbd_open.c deleted file mode 100644 index e964c1e709e..00000000000 --- a/net/samba4/patches/patch-source3_smbd_open.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-source3_smbd_open.c,v 1.1 2022/03/07 21:40:38 thor Exp $ - ---- source3/smbd/open.c.orig 2022-01-27 18:20:00.791110968 +0000 -+++ source3/smbd/open.c -@@ -1189,11 +1189,13 @@ static NTSTATUS reopen_from_procfd(struc - - fsp->fsp_flags.is_pathref = false; - -+ /* O_CREAT not useful for reopening, and it upsets BSD kernels, -+ * see https://bugzilla.samba.org/show_bug.cgi?id=14727 . */ - new_fd = SMB_VFS_OPENAT(fsp->conn, - fsp->conn->cwd_fsp, - &proc_fname, - fsp, -- flags, -+ flags & ~O_CREAT, - mode); - if (new_fd == -1) { - status = map_nt_error_from_unix(errno); diff --git a/net/samba4/patches/patch-source3_smbd_process.c b/net/samba4/patches/patch-source3_smbd_smb1__process.c index 99950d4f9c1..ee1cb3ae6cd 100644 --- a/net/samba4/patches/patch-source3_smbd_process.c +++ b/net/samba4/patches/patch-source3_smbd_smb1__process.c @@ -1,10 +1,10 @@ -$NetBSD: patch-source3_smbd_process.c,v 1.2 2021/04/29 15:21:16 taca Exp $ +$NetBSD: patch-source3_smbd_smb1__process.c,v 1.1 2022/10/25 07:46:11 wiz Exp $ On SunOS (OpenSolaris), pthread_mutex_init() expects a zeroed-out mutex data structure ---- source3/smbd/process.c.orig 2019-01-15 10:07:00.000000000 +0000 -+++ source3/smbd/process.c +--- source3/smbd/smb1_process.c.orig 2019-01-15 10:07:00.000000000 +0000 ++++ source3/smbd/smb1_process.c @@ -3342,6 +3342,7 @@ bool fork_echo_handler(struct smbXsrv_co goto fail; } diff --git a/net/samba4/patches/patch-source4_scripting_wsript_build b/net/samba4/patches/patch-source4_scripting_wscript__build index f6839d56143..41b5a1a355e 100644 --- a/net/samba4/patches/patch-source4_scripting_wsript_build +++ b/net/samba4/patches/patch-source4_scripting_wscript__build @@ -1,4 +1,4 @@ -$NetBSD: patch-source4_scripting_wsript_build,v 1.4 2022/03/07 21:40:38 thor Exp $ +$NetBSD: patch-source4_scripting_wscript__build,v 1.1 2022/10/25 07:46:11 wiz Exp $ Avoid getting strange ending # character on interpreter name like: diff --git a/net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build b/net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build deleted file mode 100644 index 0a9d8e3190f..00000000000 --- a/net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build +++ /dev/null @@ -1,12 +0,0 @@ -$NetBSD: patch-source4_utils_oLschema2ldif_wscript__build,v 1.2 2022/03/07 21:40:38 thor Exp $ - ---- source4/utils/oLschema2ldif/wscript_build.orig 2021-08-09 13:38:37.571391800 +0000 -+++ source4/utils/oLschema2ldif/wscript_build -@@ -1,5 +1,7 @@ - #!/usr/bin/env python - -+import sys -+ - bld.SAMBA_SUBSYSTEM('oLschema2ldif-lib', - source='lib.c', - deps='samdb', |