| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bump PKGREVISION.
|
|
|
|
(It was added to this rc.d script as part of the upgrade to 3.0.20b, but
winbindd in 3.0.20b does not have a -B flag).
|
|
|
|
Samba 3.0 and 3.3. They were completely broken before this.
Bump PKGREVISION for both samba and samba33.
Fix from PR pkg/38961 by Makoto Fujiwara <makoto at ki dot nu>.
|
|
response to the recent symlink attack problem
approved by Takahiro Kambe
bump PKGREVISION
|
|
|
|
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
Please note that Samba 3.0 is not maintained any longer. This security
release is shipped on a voluntary basis.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
o CVE-2009-2948:
If mount.cifs is installed as a setuid program, a user can pass it a
credential or password path to which he or she does not have access and
then use the --verbose option to view the first line of that file.
o CVE-2009-2906:
Specially crafted SMB requests on authenticated SMB connections can
send smbd into a 100% CPU loop, causing a DoS on the Samba server.
|
|
Requested in PR 34444 and by David A. Holland.
Bump PKGREVISION.
|
|
double-negative test to a positive one.
|
|
|
|
Please note, that the 3.0 series will be DISCONTINUED after this release!
There will be neither any bugfix release nor any security release. Updating
to the latest release series is strongly recommended. For more information
on current Samba releases, please see
Major enhancements included in Samba 3.0.36 are:
o Fix Winbind crash on 'getent group' (bug #5906).
o Excel save operation corrupts file ACLs (bug #4308).
o Prevent segmentation fault on joining a very long domain name.
|
|
- CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
This security fix has already been integrated into "pkggsrc" via a patch
previously. The package was only updated to make future maintenance easier.
|
|
CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
bump PKGREVISION
|
|
|
|
major change.
Reported by Robert Elz in PR 41345.
|
|
- Fix update of machine account passwords.
- Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
- Fix Winbind crashes.
- Correctly detect if the current dc is the closest one.
- Add saf_join_store() function to memorize the dc used at join time.
This avoids problems caused by replication delays shortly after
domain joins.
- Fix write list in setups using "security = share".
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
AIX method was being chosen in preference (on NetBSD 5.0 at least). This
broke net and rpcclient, etc. as they failed to enumerate interfaces
correctly.
|
|
source directory source/smbd/build_options.c and __FILE__ lines in DEBUG().
Give up wrkref checks here.
|
|
http://www.samba.org/samba/security/CVE-2008-4314.html
Bump PKGREVISION.
|
|
|
|
- Prevent crash bug in Winbind caused by a race condition
when a child process becomes unresponsive.
- Fix interactive password prompting in the "net" command.
- Documentation clarifications and typographical fixes.
- Correct issues with running Winbind running on a Samba PDC.
- Problems with trusted Windows 2008 domains.
- Difficulty joining an NT4 or Windows 2000 AD domain.
|
|
- Fix for CVE-2008-1105.
- Remove man pages for ldb tools not included in Samba 3.0.
- Fix build for pam_smbpass.
- Fix a crash in tdb_wrap_log().
- BUG 5267: Fix for nmbd termination problems when no interfaces
found.
- BUG 5326: OS/2 servers give strange "high word" replies for
print jobs.
- Remove MS-DFS check that required the target host be ourself.
- BUG 5372: Fix high CPU usage of cupsd on large print servers
by using more efficient CUPS queries in smbd.
- Rewrite integer wrap checks to deal with gcc 4.x optimizations.
- BUG 5095: Fix the enforcement of the "Manage Documents" access right.
- Don't free memory from getpass() in mount.cifs.
- BUG 5460: Fix MS-DFS referral problem in server code.
- Fix bug in Winbind that caused the parent to ignore dead children.
- Fix compile warnings.
- Fix build for pam_smbpass.
- Document build fixes.
- BUG 4235: Improve compliance to the Squid helper protocol.
- BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
- Prevent cycle in Wibind's list of children when reaping dead processes.
- BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
- Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
- Fix client connections and negotiation with Windows 2008 DCs
in member server code.
- Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
- BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
- Re-add samr getdispinfoindex parsing which got lost in the glue commit.
- BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
Corrects interop problem between Citrix PM and a Samba DC.
- BUG 3840: Fix smbclient connecting to NetApp filers when using
whitespace in the user's password.
- BUG 4901: Fix behavior of "ldap passwd sync = only".
- BUG 5317: Fix debug output from domain_client_validate().
- BUG 5338: Fix format string bug in rpcclient.
- Ensure that "wbinfo -a trusted\\user%password" works correctly
on a Samba DC with trusts.
- BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet
attribute.
- BUG 5350: Fallback to anonymous sessions if not trust password
could be obtained on Samba DCs and member servers.
- BUG 5366: Fix password chat on Sun OpenSolaris (Nevada).
- Fix signing problem in the client with trans requests.
- Fix alignment bug hitting Solaris with "reset in zero vc" activated.
- Fix build with glibc 2.8.
- Enable winbind child processes to do something with signals, in
particular closing and reopening logs on SIGHUP.
- Documentation cleanup after r emerging docs from svn to git and
back-porting from the v3-2 branch.
- Add implementation of machine-authenticated connection to netlogon
pipe used when connecting to win2k and newer domain controllers.
- Fix trusted users on a DC that uses the old idmap syntax.
- Only have Winbind cache domain password policies that were
successfully retrieved.
- Fix alignment bug when marshalling printer data replies.
- Fix DeleteDriverDriverEx() checks to prevent removing in use files.
|
|
(heap buffer overflow in client code)
bump PKGREVISION
|
|
through PLIST_SUBST to the plist module.
|
|
CHANGES FOR PKGSRC:
==================
Makefile:
+ Modify section that manually handles the ELF symlinks for samba
shared libraries -- add additional libraries that are built (addns,
smbsharemodes) and reorganize so we don't need two loops where one
will do.
+ Pass --with-included-popt to the configure script to force using
the popt distribution included with samba to avoid any library
mismatch errors between samba and any installed popt. This fixes
PR pkg/34444 by Jason Lingohr.
+ Don't build the smbmount programs on Linux -- they're deprecated in
favor of the mount.cifs programs.
+ Remove some pkgviews-related settings -- I'm not supporting pkgviews
installation of samba.
Makefile.patches:
+ Empty out PATCHFILES because we are updating to the latest release
of samba, which has all previous patches for security advisories
already rolled into the main sources.
Makefile.mirrors:
+ Update SAMBA_MIRRORS in Makefile.mirrors to the latest list of FTP
mirrors.
options.mk:
+ Only show the ``acl'' option on platforms that actually support
POSIX ACLs.
+ Add a new ``fam'' option to enable building the notify_fam VFS
module.
patch-ab, patch-ax:
+ Remove patch-ab and update patch-ax -- there's nothing for the
scripts to back up so we don't need to patch the install* scripts
to avoid this.
patch-ae, patch-ah:
+ Update patch-ae and remove patch-ah -- we should definitely check
that PAM_AUTHTOK_RECOVERY_ERR is defined before using its value to
define PAM_AUTHTOK_RECOVER_ERR.
patch-at, patch-au:
+ Fix patch-at and patch-au -- in configure.in, we need to "escape"
left and right brackets or else m4 will strip them away in the
resulting configure script. This should fix the detection of FreeBSD
and NetBSD systems capable of using nss_winbind noted in PR pkg/38076
by Ingo Meyer.
patch-ay:
+ Remove some unnecessary changes -- we can safely just do "mkdir" in
some places because we know the parent and any intermediate directories
exist.
patch-be:
+ Fix a bug in locating WINS_LIST -- nmbd/nmbd_winsserver.c was
referring to WINS_LIST under the state directory in one place and
under the lock directory in another; change all references to be
under the state directory.
patch-db:
+ Add patch to fix the build of samba on older BSDs. Patch supplied
in PR pkg/37487 by John Frear.
All remaining changes to patches/patch-* are simply to remove fuzz.
MAJOR CHANGES FROM VERSION 3.0.26a:
* Fix failure to join Windows 2008 domains.
* Fix Windows Vista (including SP1 RC) inter-op issues.
* Add a new ``administrative share'' service parameter for defining
hidden shares that cannot be managed from Windows.
* Fix for CVS-2007-6015 (already fixed in 3.0.26anb4 in pkgsrc).
* Fix for CVS-2007-5398 (already fixed in 3.0.26anb4 in pkgsrc).
* Fix for CVS-2007-4572 (already fixed in 3.0.26anb4 in pkgsrc). Also
subsequent fix for regression experienced by smbfs clients caused by
the fix for CVS-2007-4572, noted in PR pkg/38300 by Dave Barnes.
* Many other bugs fixed and memory leaks plugged.
|
|
|
|
a getifaddrs-based implementation,
fix another botch in the patch for "configure",
bump PKGREVISION
|
|
PKGREVISION++
|
|
Samba project. Bump package revision.
|
|
revision 1.5.
PKGREVISION++
|
|
pkgsrc change: Add support for DESTDIR.
Changes from 3.0.24 are huge, please refer WHATSNEW.txt.
<http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_26/WHATSNEW.txt?rev=22651&view=markup>
|
|
|
|
|
|
|
|
"sbin/umount.cifs" were missing. Bump package revision.
This should fix PR pkg/36372 by Ondrej Tuma.
|
|
from Samba website. Bump package revision because of these security fixes.
|
|
10 w/ UFS (ZFS/NFSv4 style ACLs not yet supported as of this release
of Samba).
|
|
o security = share and NTLMv2
Fixes an issues with servers set to "security = share" and Vista
clients that send NTLMv2 responses by default.
o Vista Point-n-Print
Fixes several point-n-print bugs with Vista clients.
o BUG 4361
Fix failure when using the Vista backup utility.
o BUG 4093
Fix expansion of the %a smb.conf variable for Vista clients.
o BUG 4356
Fix MS-DFS referrals with Windows Vista clients.
o BUG 4188
Fix for Vista failing to delete directories on a Samba share.
Bump PKGREVISION.
|
|
- Explictly specify PAM_INSTMODULEDIR with --with-pammodulesdir.
(Now Samba itself install pam modules.)
- Don't install pam modules in post-install process.
|
|
|
|
the latest version of Samba.
|
|
Samba distribution since version 3.0.23. "mysql" and "pgsql" passdb backends
are now maintained via http://pdbsql.sourceforge.net/ and will have to be
packaged separately.
|
|
Major changes since version 3.0.22:
- CVE-2007-0452 (Potential Denial of Service bug in smbd)
- CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
- CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
- Stability fixes for winbindd
- Portability fixes on FreeBSD and Solaris operating systems.
- Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
- Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
- Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
- Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
- SMB signing errors in the client and server code.
- Domain join failures when using smbpasswd on a Samba PDC.
- Failure to strip the domain name from groups when 'winbind
use default domain = yes'
- Failure in pam_winbind to correctly parse arguments.
- Bad token creation of local users on member servers not
running winbindd.
- Failure to add users or groups to ACLs using the Windows
object picker.
- Failure in file serving code when 'kernel oplocks = yes'.
- New "createupn" option to "net ads join"
- Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
- Improved 'make test'
- New offline mode in winbindd.
- New Kerberos support for pam_winbind.so.
- New handling of unmapped users and groups.
- New non-root share management tools.
- Improved support for local and BUILTIN groups.
- Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
- Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
|
|
blows up very early in build with -j, it seems make may not be aware
of dependencies on some generated .h/.c files
|
|
extracted source tree. That expands them at parse time, and without the
source tree, causes all kinds of headaches in bmake, e.g.
/usr/bin/awk: can't open file /export/SRC/netbsd/pkgsrc/net/samba/work.i386/samba-3.0.22/source/Makefile.in source line number 1
make: "/usr/bin/awk -F= '/^LIBMSRPC_MAJOR/ { print $2; }' /export/SRC/netbsd/pkgsrc/net/samba/work.i386/samba-3.0.22/source/Makefile.in" returned non-zero status
Rewrite to use a shell loop.
|
|
files-check: No backup copies of the Samba binaries are made.
Before using ln -s, the destination file is removed. This is necessary
for installing the package over an already-installed version.
|
|
|
|
This closes PR pkg/34520. OK'd by agc@.
|
