head 1.10; access; symbols pkgsrc-2013Q2:1.10.0.6 pkgsrc-2013Q2-base:1.10 pkgsrc-2012Q4:1.10.0.4 pkgsrc-2012Q4-base:1.10 pkgsrc-2011Q4:1.10.0.2 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q3:1.9.0.18 pkgsrc-2011Q3-base:1.9 pkgsrc-2011Q2:1.9.0.16 pkgsrc-2011Q2-base:1.9 pkgsrc-2011Q1:1.9.0.14 pkgsrc-2011Q1-base:1.9 pkgsrc-2010Q4:1.9.0.12 pkgsrc-2010Q4-base:1.9 pkgsrc-2010Q3:1.9.0.10 pkgsrc-2010Q3-base:1.9 pkgsrc-2010Q2:1.9.0.8 pkgsrc-2010Q2-base:1.9 pkgsrc-2010Q1:1.9.0.6 pkgsrc-2010Q1-base:1.9 pkgsrc-2009Q4:1.9.0.4 pkgsrc-2009Q4-base:1.9 pkgsrc-2009Q3:1.9.0.2 pkgsrc-2009Q3-base:1.9 pkgsrc-2009Q2:1.7.0.4 pkgsrc-2009Q2-base:1.7 pkgsrc-2009Q1:1.7.0.2 pkgsrc-2009Q1-base:1.7 pkgsrc-2008Q4:1.6.0.10 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.8 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.6 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.4 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.2 pkgsrc-2008Q1:1.5.0.4 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.2 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.4.0.6 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.4 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.2 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.3.0.6 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.4 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.2 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.2 pkgsrc-2005Q4-base:1.1; locks; strict; comment @# @; 1.10 date 2011.12.16.11.05.25; author asau; state dead; branches; next 1.9; 1.9 date 2009.10.04.16.58.38; author taca; state Exp; branches; next 1.8; 1.8 date 2009.07.08.19.37.27; author tron; state Exp; branches; next 1.7; 1.7 date 2009.03.21.18.25.35; author tron; state Exp; branches; next 1.6; 1.6 date 2008.06.28.22.51.22; author tron; state Exp; branches; next 1.5; 1.5 date 2007.10.28.07.28.49; author taca; state Exp; branches; next 1.4; 1.4 date 2007.02.11.18.39.04; author tron; state Exp; branches 1.4.6.1; next 1.3; 1.3 date 2006.04.01.04.55.35; author jlam; state Exp; branches 1.3.6.1; next 1.2; 1.2 date 2006.01.02.22.33.36; author jlam; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2005.11.14.08.05.28; author jlam; state Exp; branches; next ; 1.4.6.1 date 2007.11.16.15.19.27; author ghen; state Exp; branches; next ; 1.3.6.1 date 2007.02.15.13.14.51; author salo; state Exp; branches; next ; 1.2.2.1 date 2006.04.02.14.16.17; author salo; state Exp; branches; next ; desc @@ 1.10 log @Update to Samba 3.5.11 from net/samba35, part of Samba packages rearrangement. @ text @$NetBSD: patch-bu,v 1.9 2009/10/04 16:58:38 taca Exp $ --- ../docs/manpages/smb.conf.5.orig 2009-09-30 21:28:02.000000000 +0900 +++ ../docs/manpages/smb.conf.5 @@@@ -7084,6 +7084,15 @@@@ Example: \fI\fIpasswd chat\fR\fR\fI = \fR\fI\FC"*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*"\F[]\fR\fI \fR .RE +passwd expand gecos (G) +.PP +.RS 4 +This boolean specifies if ampersand characters in the GECOS field of a passwd database entry should be replaced with the capitalized login name for that entry when the information is used by various Samba programs\&. This parameter is off by default\&. +.sp +Default: \fB\fIpasswd expand gecos\fR = no \fR +.TP 3n +.sp + passwd program (G) .\" passwd program .PP @@@@ -9199,6 +9208,15 @@@@ Default: \fI\fIstat cache\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR .RE +state directory (G) +.PP +.RS 4 +This parameter defines the directory the Samba daemon processes will use for storing state files that must persist across machine reboots. +.sp +Default: +\fB\fIstate directory\fR = /var/db/samba \fR +.RE + store dos attributes (S) .\" store dos attributes .PP @ 1.9 log @Update samba package to 3.0.37. This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. Please note that Samba 3.0 is not maintained any longer. This security release is shipped on a voluntary basis. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. o CVE-2009-2948: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. o CVE-2009-2906: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. @ text @d1 1 a1 1 $NetBSD: patch-bu,v 1.8 2009/07/08 19:37:27 tron Exp $ @ 1.8 log @Update "samba" package to version 3.0.35. Changes since version 3.0.34: - CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". This security fix has already been integrated into "pkggsrc" via a patch previously. The package was only updated to make future maintenance easier. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- ../docs/manpages/smb.conf.5.orig 2009-06-22 21:41:19.000000000 +0100 +++ ../docs/manpages/smb.conf.5 2009-07-07 22:05:08.000000000 +0100 @@@@ -7084,6 +7084,15 @@@@ d21 1 a21 1 @@@@ -9198,6 +9207,15 @@@@ @ 1.7 log @Update "samba" package to version 3.0.34. Changes since version 3.0.32: - Fix update of machine account passwords. - Fix SMB signing issue on Windows Vista with MS Hotfix KB955302. - Fix Winbind crashes. - Correctly detect if the current dc is the closest one. - Add saf_join_store() function to memorize the dc used at join time. This avoids problems caused by replication delays shortly after domain joins. - Fix write list in setups using "security = share". @ text @d3 4 a6 4 --- ../docs/manpages/smb.conf.5.orig 2009-01-19 10:44:00.000000000 +0000 +++ ../docs/manpages/smb.conf.5 2009-03-21 14:50:38.000000000 +0000 @@@@ -6152,6 +6152,15 @@@@ \fI\fIpasswd chat timeout\fR\fR\fI = \fR\fI2\fR\fI \fR d19 1 d21 2 a22 3 .RS 4 @@@@ -8030,6 +8039,15 @@@@ \fI\fIstat cache\fR\fR\fI = \fR\fIyes\fR\fI \fR d35 1 a36 1 .RS 4 @ 1.6 log @Update "samba" package to version 3.0.30. Changes since 3.0.28a: - Fix for CVE-2008-1105. - Remove man pages for ldb tools not included in Samba 3.0. - Fix build for pam_smbpass. - Fix a crash in tdb_wrap_log(). - BUG 5267: Fix for nmbd termination problems when no interfaces found. - BUG 5326: OS/2 servers give strange "high word" replies for print jobs. - Remove MS-DFS check that required the target host be ourself. - BUG 5372: Fix high CPU usage of cupsd on large print servers by using more efficient CUPS queries in smbd. - Rewrite integer wrap checks to deal with gcc 4.x optimizations. - BUG 5095: Fix the enforcement of the "Manage Documents" access right. - Don't free memory from getpass() in mount.cifs. - BUG 5460: Fix MS-DFS referral problem in server code. - Fix bug in Winbind that caused the parent to ignore dead children. - Fix compile warnings. - Fix build for pam_smbpass. - Document build fixes. - BUG 4235: Improve compliance to the Squid helper protocol. - BUG 5107: Fix handling of large DNS replies on AIX and Solaris. - Prevent cycle in Wibind's list of children when reaping dead processes. - BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2). - Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts. - Fix client connections and negotiation with Windows 2008 DCs in member server code. - Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2). - BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket). - Re-add samr getdispinfoindex parsing which got lost in the glue commit. - BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex(). Corrects interop problem between Citrix PM and a Samba DC. - BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace in the user's password. - BUG 4901: Fix behavior of "ldap passwd sync = only". - BUG 5317: Fix debug output from domain_client_validate(). - BUG 5338: Fix format string bug in rpcclient. - Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba DC with trusts. - BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute. - BUG 5350: Fallback to anonymous sessions if not trust password could be obtained on Samba DCs and member servers. - BUG 5366: Fix password chat on Sun OpenSolaris (Nevada). - Fix signing problem in the client with trans requests. - Fix alignment bug hitting Solaris with "reset in zero vc" activated. - Fix build with glibc 2.8. - Enable winbind child processes to do something with signals, in particular closing and reopening logs on SIGHUP. - Documentation cleanup after r emerging docs from svn to git and back-porting from the v3-2 branch. - Add implementation of machine-authenticated connection to netlogon pipe used when connecting to win2k and newer domain controllers. - Fix trusted users on a DC that uses the old idmap syntax. - Only have Winbind cache domain password policies that were successfully retrieved. - Fix alignment bug when marshalling printer data replies. - Fix DeleteDriverDriverEx() checks to prevent removing in use files. @ text @d3 4 a6 4 --- ../docs/manpages/smb.conf.5.orig 2008-05-28 14:53:22.000000000 +0100 +++ ../docs/manpages/smb.conf.5 2008-06-28 13:29:43.000000000 +0100 @@@@ -6129,6 +6129,14 @@@@ \fI\fIpasswd chat\fR\fR\fI = \fR\fI"*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*"\fR\fI \fR d17 1 d21 1 a21 1 @@@@ -7990,6 +7998,15 @@@@ @ 1.5 log @Update samba to 3.0.26a. pkgsrc change: Add support for DESTDIR. Changes from 3.0.24 are huge, please refer WHATSNEW.txt. @ text @d1 1 a1 1 $NetBSD: patch-bu,v 1.4 2007/02/11 18:39:04 tron Exp $ d3 4 a6 4 --- ../docs/manpages/smb.conf.5.orig 2007-06-19 17:02:26.000000000 +0900 +++ ../docs/manpages/smb.conf.5 @@@@ -4976,6 +4976,11 @@@@ Default: \fB\fIpasswd chat timeout\fR = 2 \fR d8 1 a8 1 .PP d10 2 d13 1 a13 1 + d16 1 d18 4 a21 4 .RS 3n The name of a program that can be used to set UNIX user passwords. Any occurrences of @@@@ -6485,6 +6490,14 @@@@ Default: \fB\fIstat cache\fR = yes \fR d23 1 a23 1 .PP d25 2 a26 1 +.RS 3n d32 1 a32 1 +.PP d34 2 a35 2 .RS 3n If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such as occurs with @ 1.4 log @Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain = yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks = yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab = yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 4 --- ../docs/manpages/smb.conf.5.orig 2006-11-14 10:02:05.000000000 +0000 +++ ../docs/manpages/smb.conf.5 2007-02-11 17:55:04.000000000 +0000 @@@@ -4182,6 +4182,11 @@@@ Default: d7 2 a8 1 .TP 3n d15 1 d17 15 a31 1 \fI%u\fR @ 1.4.6.1 log @Pullup ticket 2228 - requested by tron security update for samba - pkgsrc/net/samba/Makefile 1.175-1.177 - pkgsrc/net/samba/Makefile.patches 1.5-1.6 - pkgsrc/net/samba/PLIST 1.37 - pkgsrc/net/samba/distinfo 1.55-1.57 - pkgsrc/net/samba/options.mk 1.22 - pkgsrc/net/samba/patches/patch-ag 1.7 - pkgsrc/net/samba/patches/patch-ai removed - pkgsrc/net/samba/patches/patch-aj removed - pkgsrc/net/samba/patches/patch-al removed - pkgsrc/net/samba/patches/patch-am removed - pkgsrc/net/samba/patches/patch-au 1.7 - pkgsrc/net/samba/patches/patch-au 1.7 - pkgsrc/net/samba/patches/patch-av 1.3 - pkgsrc/net/samba/patches/patch-ay 1.3 - pkgsrc/net/samba/patches/patch-ba 1.5-1.6 - pkgsrc/net/samba/patches/patch-bb removed - pkgsrc/net/samba/patches/patch-bc 1.2 - pkgsrc/net/samba/patches/patch-bd 1.3 - pkgsrc/net/samba/patches/patch-be 1.3 - pkgsrc/net/samba/patches/patch-bf removed - pkgsrc/net/samba/patches/patch-bh 1.3 - pkgsrc/net/samba/patches/patch-bi 1.5 - pkgsrc/net/samba/patches/patch-bj removed - pkgsrc/net/samba/patches/patch-bk removed - pkgsrc/net/samba/patches/patch-bo 1.4 - pkgsrc/net/samba/patches/patch-bp 1.4 - pkgsrc/net/samba/patches/patch-br 1.3 - pkgsrc/net/samba/patches/patch-bs 1.4 - pkgsrc/net/samba/patches/patch-bt 1.3 - pkgsrc/net/samba/patches/patch-bu 1.5 - pkgsrc/net/samba/patches/patch-bw 1.4 - pkgsrc/net/samba/patches/patch-bx removed - pkgsrc/net/samba/patches/patch-by removed - pkgsrc/net/samba/patches/patch-bz removed - pkgsrc/net/samba/patches/patch-ca 1.4 - pkgsrc/net/samba/patches/patch-ce 1.1 - pkgsrc/net/samba/patches/patch-cf 1.1 - pkgsrc/net/samba/patches/patch-cg 1.1 - pkgsrc/net/samba/patches/patch-ch 1.1 Module Name: pkgsrc Committed By: taca Date: Sun Oct 28 07:28:51 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile Makefile.patches PLIST distinfo options.mk pkgsrc/net/samba/patches: patch-ag patch-at patch-au patch-av patch-ay patch-ba patch-bc patch-bd patch-be patch-bh patch-bi patch-bo patch-bp patch-br patch-bs patch-bt patch-bu patch-bw patch-ca Added Files: pkgsrc/net/samba/patches: patch-ce patch-cf patch-cg patch-ch Removed Files: pkgsrc/net/samba/patches: patch-ai patch-aj patch-al patch-am patch-bb patch-bf patch-bj patch-bk patch-bx patch-by patch-bz Log Message: Update samba to 3.0.26a. pkgsrc change: Add support for DESTDIR. Changes from 3.0.24 are huge, please refer WHATSNEW.txt. --- Module Name: pkgsrc Committed By: rillig Date: Tue Nov 6 00:47:53 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile distinfo pkgsrc/net/samba/patches: patch-ba Log Message: Fixed an expansion of @@mandir@@ that accidentally got into patch-ba in revision 1.5. PKGREVISION++ --- Module Name: pkgsrc Committed By: tron Date: Fri Nov 16 11:41:38 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile Makefile.patches distinfo Log Message: Apply security fixes for CVE-2007-4572 and CVE-2007-5398 released by the Samba project. Bump package revision. @ text @d1 1 a1 1 $NetBSD: patch-bu,v 1.4 2007/02/11 18:39:04 tron Exp $ d3 4 a6 3 --- ../docs/manpages/smb.conf.5.orig 2007-06-19 17:02:26.000000000 +0900 +++ ../docs/manpages/smb.conf.5 @@@@ -4976,6 +4976,11 @@@@ Default: d8 1 a8 2 .RE .PP a14 1 .RS 3n d16 1 a16 15 @@@@ -6485,6 +6490,14 @@@@ Default: \fB\fIstat cache\fR = yes \fR .RE .PP +state directory (G) +.RS 3n +This parameter defines the directory the Samba daemon processes will use for storing state files that must persist across machine reboots. +.sp +Default: +\fB\fIstate directory\fR = /var/db/samba \fR +.RE +.PP store dos attributes (S) .RS 3n If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such as occurs with @ 1.3 log @Update net/samba to version 3.0.22. Changes from version 3.0.21a include: * Fix CAN-2006-1059 -- samba<3.0.22 exposes the clear text of the server's machine account credentials in the winbind log files when the log level is set to 5 or higher. * Append "-pkgsrc" to the Samba version string so as to distinguish the official version from the pkgsrc version, which has the modifications for "state directory" and "passwd expand gecos". * Modify package so that we automatically determine the name of the nsswitch modules that are installed by samba with the winbind option. We extract this information by invoking the config.status script to get the value that the configure script determined. o Access checks when deleting printer driver meta-data. o Several non-default combinations schannel and SPNEGO support. o Password changes with NT4 and Win2k pre-SP4 clients. o High load issues on IRIX caused by a bug when interfacing with kernel oplocks. o Server crashes in smbd. o Compile issues on 64-bit platforms. o Crash bugs on big-endian systems. o Packaging fixes for RHEL/Fedora, Solaris, & Debian. o Over 30 bugzilla reports closed. @ text @d3 6 a8 6 --- ../docs/manpages/smb.conf.5.orig 2006-01-29 11:14:30.000000000 -0500 +++ ../docs/manpages/smb.conf.5 @@@@ -3097,6 +3097,12 @@@@ This integer specifies the number of sec Default: \fB\fIpasswd chat timeout\fR = 2 \fR .TP d13 1 a13 2 + +.TP d15 2 a16 18 The name of a program that can be used to set UNIX user passwords\&. Any occurrences of \fI%u\fR will be replaced with the user name\&. The user name is checked for existence before calling the password changing program\&. @@@@ -4079,6 +4085,15 @@@@ This parameter determines if \fBsmbd\fR( Default: \fB\fIstat cache\fR = yes \fR .TP +state directory (G) +This parameter defines the directory the Samba daemon processes will use for storing state files that must persist across machine reboots\&. + +Default: \fB\fIstate directory\fR = ${prefix}/var/locks \fR + +Example: \fB\fIstate directory\fR = /var/db/samba \fR + + +.TP store dos attributes (S) If this parameter is set Samba attempts to first read DOS attributes (SYSTEM, HIDDEN, ARCHIVE or READ\-ONLY) from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits (such as occurs with map hidden and map readonly)\&. When set, DOS attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or directory\&. For no other mapping to occur as a fall\-back, the parameters map hidden,map system, map archive and map readonly must be set to off\&. This parameter writes the DOS attributes as a string into the extended attribute named "user\&.DOSATTRIB"\&. This extended attribute is explicitly hidden from smbd clients requesting an EA list\&. On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel\&. @ 1.3.6.1 log @Pullup ticket 2019 - requested by tron security update for samba Revisions pulled up: - pkgsrc/net/samba/Makefile 1.169 - pkgsrc/net/samba/PLIST 1.35 - pkgsrc/net/samba/distinfo 1.52 - pkgsrc/net/samba/patches/patch-ab 1.26 - pkgsrc/net/samba/patches/patch-ad removed - pkgsrc/net/samba/patches/patch-af 1.8 - pkgsrc/net/samba/patches/patch-ag 1.6 - pkgsrc/net/samba/patches/patch-ai 1.4 - pkgsrc/net/samba/patches/patch-al 1.5 - pkgsrc/net/samba/patches/patch-at 1.6 - pkgsrc/net/samba/patches/patch-au 1.6 - pkgsrc/net/samba/patches/patch-aw 1.2 - pkgsrc/net/samba/patches/patch-ay 1.2 - pkgsrc/net/samba/patches/patch-ba 1.4 - pkgsrc/net/samba/patches/patch-bb 1.2 - pkgsrc/net/samba/patches/patch-bg 1.2 - pkgsrc/net/samba/patches/patch-bi 1.4 - pkgsrc/net/samba/patches/patch-bl removed - pkgsrc/net/samba/patches/patch-bm 1.2 - pkgsrc/net/samba/patches/patch-bn 1.2 - pkgsrc/net/samba/patches/patch-bu 1.4 - pkgsrc/net/samba/patches/patch-bv 1.2 - pkgsrc/net/samba/patches/patch-cd removed Module Name: pkgsrc Committed By: tron Date: Sun Feb 11 18:39:04 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile PLIST distinfo pkgsrc/net/samba/patches: patch-ab patch-af patch-ag patch-ai patch-al patch-at patch-au patch-aw patch-ay patch-ba patch-bb patch-bg patch-bi patch-bm patch-bn patch-bu patch-bv Removed Files: pkgsrc/net/samba/patches: patch-ad patch-bl patch-cd Log Message: Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain =3D yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks =3D yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab =3D yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD: patch-bu,v 1.4 2007/02/11 18:39:04 tron Exp $ d3 6 a8 6 --- ../docs/manpages/smb.conf.5.orig 2006-11-14 10:02:05.000000000 +0000 +++ ../docs/manpages/smb.conf.5 2007-02-11 17:55:04.000000000 +0000 @@@@ -4182,6 +4182,11 @@@@ Default: \fB\fIpasswd chat timeout\fR = 2 \fR .TP 3n d13 2 a14 1 +.TP 3n d16 18 a33 2 The name of a program that can be used to set UNIX user passwords. Any occurrences of \fI%u\fR @ 1.2 log @Update net/samba to 3.0.21a. Changes since version 3.0.20b include: Bugfixes: o Address a bug in the oplock code which may cause clients to stall when multiple users are accessing a share concurrently o Missing groups in a user's token when logging in via kerberos o Incompatibilities with newer MS Windows hotfixes and embedded OS platforms o Portability and crash bugs. o Performance issues in winbindd. Additions: o Complete NTLMv2 support by consolidating authentication mechanism used at the CIFS and RPC layers. o The capability to manage Unix services using the Win32 Service Control API. o The capability to view external Unix log files via the Microsoft Event Viewer. o New libmsrpc share library for application developers. o Rewrite of CIFS oplock implementation. o Performance Counter external daemon. o Winbindd auto-detection query methods when communicating with a domain controller. o The ability to enumerate long share names in libsmbclient applications. @ text @d3 1 a3 1 --- ../docs/manpages/smb.conf.5.orig 2005-12-29 11:19:48.000000000 -0500 d5 1 a5 1 @@@@ -3093,6 +3093,12 @@@@ This integer specifies the number of sec d18 1 a18 1 @@@@ -4075,6 +4081,15 @@@@ This parameter determines if \fBsmbd\fR( @ 1.2.2.1 log @Pullup ticket 1298 - requested by jlam security update for samba Revisions pulled up: - pkgsrc/net/samba/DESCR 1.4 - pkgsrc/net/samba/Makefile 1.159 - pkgsrc/net/samba/Makefile.mirrors 1.3 - pkgsrc/net/samba/PLIST 1.34 - pkgsrc/net/samba/distinfo 1.48 - pkgsrc/net/samba/options.mk 1.13 - pkgsrc/net/samba/patches/patch-am 1.7 - pkgsrc/net/samba/patches/patch-at 1.5 - pkgsrc/net/samba/patches/patch-au 1.5 - pkgsrc/net/samba/patches/patch-ba 1.3 - pkgsrc/net/samba/patches/patch-be 1.2 - pkgsrc/net/samba/patches/patch-bf 1.3 - pkgsrc/net/samba/patches/patch-bi 1.3 - pkgsrc/net/samba/patches/patch-bo 1.3 - pkgsrc/net/samba/patches/patch-bp 1.3 - pkgsrc/net/samba/patches/patch-bs 1.3 - pkgsrc/net/samba/patches/patch-bu 1.3 - pkgsrc/net/samba/patches/patch-bw 1.3 - pkgsrc/net/samba/patches/patch-ca 1.3 Module Name: pkgsrc Committed By: jlam Date: Sat Apr 1 04:55:35 UTC 2006 Modified Files: pkgsrc/net/samba: DESCR Makefile Makefile.mirrors PLIST distinfo options.mk pkgsrc/net/samba/patches: patch-am patch-at patch-au patch-ba patch-be patch-bf patch-bi patch-bo patch-bp patch-bs patch-bu patch-bw Added Files: pkgsrc/net/samba/patches: patch-ca Log Message: Update net/samba to version 3.0.22. Changes from version 3.0.21a include: * Fix CAN-2006-1059 -- samba<3.0.22 exposes the clear text of the server's machine account credentials in the winbind log files when the log level is set to 5 or higher. * Append "-pkgsrc" to the Samba version string so as to distinguish the official version from the pkgsrc version, which has the modifications for "state directory" and "passwd expand gecos". * Modify package so that we automatically determine the name of the nsswitch modules that are installed by samba with the winbind option. We extract this information by invoking the config.status script to get the value that the configure script determined. o Access checks when deleting printer driver meta-data. o Several non-default combinations schannel and SPNEGO support. o Password changes with NT4 and Win2k pre-SP4 clients. o High load issues on IRIX caused by a bug when interfacing with kernel oplocks. o Server crashes in smbd. o Compile issues on 64-bit platforms. o Crash bugs on big-endian systems. o Packaging fixes for RHEL/Fedora, Solaris, & Debian. o Over 30 bugzilla reports closed. @ text @d1 1 a1 1 $NetBSD: patch-bu,v 1.3 2006/04/01 04:55:35 jlam Exp $ d3 1 a3 1 --- ../docs/manpages/smb.conf.5.orig 2006-01-29 11:14:30.000000000 -0500 d5 1 a5 1 @@@@ -3097,6 +3097,12 @@@@ This integer specifies the number of sec d18 1 a18 1 @@@@ -4079,6 +4085,15 @@@@ This parameter determines if \fBsmbd\fR( @ 1.1 log @Update net/samba to 3.0.20.2 from samba-3.0.20b. Recommended patches for samba-3.0.20b that are applied as part of this update include: http://www.samba.org/samba/patches/print_lprm.patch http://www.samba.org/samba/patches/quota.patch http://www.samba.org/samba/patches/bug3201_wbinfo.patch This fixes PRs pkg/31352 and pkg/31991. Important changes that were made as part of porting this Samba release to pkgsrc include the following: * The new release model for Samba includes distributing patches for urgent bug fixes that will be included in the next release of Samba, and are available at http://www.samba.org/samba/patches/. Since these patches are rather generically named, we download all DISTFILES and PATCHFILES for Samba into a ${DISTNAME}-specific directory. * The default configuration for the samba package no longer builds the "winbind" portions of samba, which are really only useful when attempting to unify logons between Unix and Microsoft Windows. When the "winbind" option is specified, we also build the RID and AD idmap backends, which allow sharing UIDs/GIDs across Unix machines. * New package options have been added to the build: "mysql", "pgsql", and "xml" allow adding optional support for experimental passdb storage backends, and "winbind" allows for optionally building the winbindd daemon and associated plugins. * Two new smb.conf options were added -- "passwd expand gecos" and "state directory". The first describes whether "&" in the GECOS field of a passwd db entry is expanded to the login name. The second describes the location where the persistent-state database files are stored. * Luke Mewburn contributed code to allow nss_winbind.so to work properly on supported NetBSD systems. The FreeBSD NSS winbind code should probably be replaced with a suitably tweaked version of the NetBSD code since the latter is much more complete in the functions that are provided, but I'll leave that to freebsd-pkg-people. * Samba dumps all of its files into "lock directory", but some of them need to persist across reboots. We make a distinction between these files and the temporary files that are re-created by the Samba daemons when they are restarted -- the former are now stored in a "state directory" and the latter are stored in the "lock directory". This is modeled after the Debian patch to Samba located in: packaging/Debian/debian-unstable/patches/fhs.patch The "lock directory" default has been moved to ${VARBASE}/run/samba to emphasize the temporary status of the files stored in that directory. * Samba persists in using PAM_AUTHTOK_RECOVER_ERR, when there is almost universal agreement that PAM_AUTHTOK_RECOVERY_ERR is the right constant to use. Even the Linux-PAM distribution ensures that PAM_AUTHTOK_RECOVERY_ERR is correctly defined. To work around this, we define PAM_AUTHTOK_RECOVER_ERR appropriately in all the places where it is used. * The configure script checks for OpenSSL's libcrypto.so by looking for the symbol "des_set_key". However, libcrypto.so might not contain that symbol because the DES functions might come from a separate library, e.g. libdes.so. In this case, the configure script will think that libcrypto.so is not available, when it actually may be. Instead, look for EVP_des_cbc, which is always provided by libcrypto.so. * Add some missing $(PASSDB_LIBS) references to the Makefile to fix compilation problems if the experimental passdb backends are statically compiled into the Samba suite programs. * Fix compilation problems in sam/idmap_rid.c and sam/idmap_ad.c if the "rid" and "ad" idmap backends are statically compiled into winbindd. Changes between version 3.0.14a and 3.0.20b include: o Reporting files as read-only instead of returning the correct error code of "access denied" o File system quota support defects o Crash bugs caused by incompatibilities on 64-bit systems. o User Manager interoperability problems. o Support for several new Win32 rpc pipes. o New 'net rpc service' tool for managing Win32 services. o Capability to set the owner on new files and directory based on the parent's ownership. o Experimental, asynchronous IO file serving support. o Support for Microsoft Print Migrator. o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes. o Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client. o New asynchronous winbindd. o New Windows NT registry file I/O library. o New user right (SeTakeOwnershipPrivilege) added. o New "net share migrate" options. @ text @d3 1 a3 1 --- ../docs/manpages/smb.conf.5.orig 2005-08-19 13:53:26.000000000 -0400 d5 1 a5 1 @@@@ -2963,6 +2963,12 @@@@ This integer specifies the number of sec d18 1 a18 1 @@@@ -3923,6 +3929,15 @@@@ This parameter determines if \fBsmbd\fR( d32 1 a32 1 If this parameter is set Samba no longer attempts to map DOS attributes like SYSTEM, HIDDEN, ARCHIVE or READ\-ONLY to UNIX permission bits (such as the map hidden\&. Instead, DOS attributes will be stored onto an extended attribute in the UNIX filesystem, associated with the file or directory\&. For this to operate correctly, the parameters map hidden, map system, map archive must be set to off\&. This parameter writes the DOS attributes as a string into the extended attribute named "user\&.DOSATTRIB"\&. This extended attribute is explicitly hidden from smbd clients requesting an EA list\&. On Linux the filesystem must have been mounted with the mount option user_xattr in order for extended attributes to work, also extended attributes must be compiled into the Linux kernel\&. @