head 1.19; access; symbols pkgsrc-2026Q1:1.19.0.102 pkgsrc-2026Q1-base:1.19 pkgsrc-2025Q4:1.19.0.100 pkgsrc-2025Q4-base:1.19 pkgsrc-2025Q3:1.19.0.98 pkgsrc-2025Q3-base:1.19 pkgsrc-2025Q2:1.19.0.96 pkgsrc-2025Q2-base:1.19 pkgsrc-2025Q1:1.19.0.94 pkgsrc-2025Q1-base:1.19 pkgsrc-2024Q4:1.19.0.92 pkgsrc-2024Q4-base:1.19 pkgsrc-2024Q3:1.19.0.90 pkgsrc-2024Q3-base:1.19 pkgsrc-2024Q2:1.19.0.88 pkgsrc-2024Q2-base:1.19 pkgsrc-2024Q1:1.19.0.86 pkgsrc-2024Q1-base:1.19 pkgsrc-2023Q4:1.19.0.84 pkgsrc-2023Q4-base:1.19 pkgsrc-2023Q3:1.19.0.82 pkgsrc-2023Q3-base:1.19 pkgsrc-2023Q2:1.19.0.80 pkgsrc-2023Q2-base:1.19 pkgsrc-2023Q1:1.19.0.78 pkgsrc-2023Q1-base:1.19 pkgsrc-2022Q4:1.19.0.76 pkgsrc-2022Q4-base:1.19 pkgsrc-2022Q3:1.19.0.74 pkgsrc-2022Q3-base:1.19 pkgsrc-2022Q2:1.19.0.72 pkgsrc-2022Q2-base:1.19 pkgsrc-2022Q1:1.19.0.70 pkgsrc-2022Q1-base:1.19 pkgsrc-2021Q4:1.19.0.68 pkgsrc-2021Q4-base:1.19 pkgsrc-2021Q3:1.19.0.66 pkgsrc-2021Q3-base:1.19 pkgsrc-2021Q2:1.19.0.64 pkgsrc-2021Q2-base:1.19 pkgsrc-2021Q1:1.19.0.62 pkgsrc-2021Q1-base:1.19 pkgsrc-2020Q4:1.19.0.60 pkgsrc-2020Q4-base:1.19 pkgsrc-2020Q3:1.19.0.58 pkgsrc-2020Q3-base:1.19 pkgsrc-2020Q2:1.19.0.54 pkgsrc-2020Q2-base:1.19 pkgsrc-2020Q1:1.19.0.34 pkgsrc-2020Q1-base:1.19 pkgsrc-2019Q4:1.19.0.56 pkgsrc-2019Q4-base:1.19 pkgsrc-2019Q3:1.19.0.52 pkgsrc-2019Q3-base:1.19 pkgsrc-2019Q2:1.19.0.50 pkgsrc-2019Q2-base:1.19 pkgsrc-2019Q1:1.19.0.48 pkgsrc-2019Q1-base:1.19 pkgsrc-2018Q4:1.19.0.46 pkgsrc-2018Q4-base:1.19 pkgsrc-2018Q3:1.19.0.44 pkgsrc-2018Q3-base:1.19 pkgsrc-2018Q2:1.19.0.42 pkgsrc-2018Q2-base:1.19 pkgsrc-2018Q1:1.19.0.40 pkgsrc-2018Q1-base:1.19 pkgsrc-2017Q4:1.19.0.38 pkgsrc-2017Q4-base:1.19 pkgsrc-2017Q3:1.19.0.36 pkgsrc-2017Q3-base:1.19 pkgsrc-2017Q2:1.19.0.32 pkgsrc-2017Q2-base:1.19 pkgsrc-2017Q1:1.19.0.30 pkgsrc-2017Q1-base:1.19 pkgsrc-2016Q4:1.19.0.28 pkgsrc-2016Q4-base:1.19 pkgsrc-2016Q3:1.19.0.26 pkgsrc-2016Q3-base:1.19 pkgsrc-2016Q2:1.19.0.24 pkgsrc-2016Q2-base:1.19 pkgsrc-2016Q1:1.19.0.22 pkgsrc-2016Q1-base:1.19 pkgsrc-2015Q4:1.19.0.20 pkgsrc-2015Q4-base:1.19 pkgsrc-2015Q3:1.19.0.18 pkgsrc-2015Q3-base:1.19 pkgsrc-2015Q2:1.19.0.16 pkgsrc-2015Q2-base:1.19 pkgsrc-2015Q1:1.19.0.14 pkgsrc-2015Q1-base:1.19 pkgsrc-2014Q4:1.19.0.12 pkgsrc-2014Q4-base:1.19 pkgsrc-2014Q3:1.19.0.10 pkgsrc-2014Q3-base:1.19 pkgsrc-2014Q2:1.19.0.8 pkgsrc-2014Q2-base:1.19 pkgsrc-2014Q1:1.19.0.6 pkgsrc-2014Q1-base:1.19 pkgsrc-2013Q4:1.19.0.4 pkgsrc-2013Q4-base:1.19 pkgsrc-2013Q3:1.19.0.2 pkgsrc-2013Q3-base:1.19 pkgsrc-2013Q2:1.18.0.14 pkgsrc-2013Q2-base:1.18 pkgsrc-2013Q1:1.18.0.12 pkgsrc-2013Q1-base:1.18 pkgsrc-2012Q4:1.18.0.10 pkgsrc-2012Q4-base:1.18 pkgsrc-2012Q3:1.18.0.8 pkgsrc-2012Q3-base:1.18 pkgsrc-2012Q2:1.18.0.6 pkgsrc-2012Q2-base:1.18 pkgsrc-2012Q1:1.18.0.4 pkgsrc-2012Q1-base:1.18 pkgsrc-2011Q4:1.18.0.2 pkgsrc-2011Q4-base:1.18 pkgsrc-2011Q2:1.17.0.22 pkgsrc-2011Q2-base:1.17 pkgsrc-2009Q4:1.17.0.20 pkgsrc-2009Q4-base:1.17 pkgsrc-2008Q4:1.17.0.18 pkgsrc-2008Q4-base:1.17 pkgsrc-2008Q3:1.17.0.16 pkgsrc-2008Q3-base:1.17 cube-native-xorg:1.17.0.14 cube-native-xorg-base:1.17 pkgsrc-2008Q2:1.17.0.12 pkgsrc-2008Q2-base:1.17 pkgsrc-2008Q1:1.17.0.10 pkgsrc-2008Q1-base:1.17 pkgsrc-2007Q4:1.17.0.8 pkgsrc-2007Q4-base:1.17 pkgsrc-2007Q3:1.17.0.6 pkgsrc-2007Q3-base:1.17 pkgsrc-2007Q2:1.17.0.4 pkgsrc-2007Q2-base:1.17 pkgsrc-2007Q1:1.17.0.2 pkgsrc-2007Q1-base:1.17 pkgsrc-2006Q4:1.16.0.10 pkgsrc-2006Q4-base:1.16 pkgsrc-2006Q3:1.16.0.8 pkgsrc-2006Q3-base:1.16 pkgsrc-2006Q2:1.16.0.6 pkgsrc-2006Q2-base:1.16 pkgsrc-2006Q1:1.16.0.4 pkgsrc-2006Q1-base:1.16 pkgsrc-2005Q4:1.16.0.2 pkgsrc-2005Q4-base:1.16 pkgsrc-2005Q3:1.15.0.8 pkgsrc-2005Q3-base:1.15 pkgsrc-2005Q2:1.15.0.6 pkgsrc-2005Q2-base:1.15 pkgsrc-2005Q1:1.15.0.4 pkgsrc-2005Q1-base:1.15 pkgsrc-2004Q4:1.15.0.2 pkgsrc-2004Q4-base:1.15 pkgsrc-2004Q3:1.14.0.6 pkgsrc-2004Q3-base:1.14 pkgsrc-2004Q2:1.14.0.4 pkgsrc-2004Q2-base:1.14 pkgsrc-2004Q1:1.14.0.2 pkgsrc-2004Q1-base:1.14 pkgsrc-2003Q4:1.12.0.2 pkgsrc-2003Q4-base:1.12 netbsd-1-6-1:1.11.0.2 netbsd-1-6-1-base:1.11 buildlink2:1.9.0.2 netbsd-1-6:1.9.0.4 netbsd-1-6-RELEASE-base:1.9 buildlink2-base:1.9 netbsd-1-5-PATCH001:1.5 netbsd-1-5-RELEASE:1.2 netbsd-1-4-PATCH003:1.2 netbsd-1-4-PATCH002:1.1; locks; strict; comment @# @; 1.19 date 2013.08.12.02.45.55; author taca; state Exp; branches; next 1.18; commitid EB23ZUIBzNlQT61x; 1.18 date 2011.12.16.11.05.24; author asau; state Exp; branches 1.18.14.1; next 1.17; 1.17 date 2007.02.11.18.39.04; author tron; state dead; branches; next 1.16; 1.16 date 2005.11.14.08.05.27; author jlam; state Exp; branches 1.16.10.1; next 1.15; 1.15 date 2004.12.17.18.55.47; author tron; state Exp; branches; next 1.14; 1.14 date 2004.02.17.11.51.54; author jlam; state Exp; branches; next 1.13; 1.13 date 2004.01.11.02.26.31; author jlam; state Exp; branches; next 1.12; 1.12 date 2003.03.16.07.57.46; author martti; state Exp; branches; next 1.11; 1.11 date 2002.10.18.11.50.28; author martti; state Exp; branches 1.11.2.1; next 1.10; 1.10 date 2002.08.25.21.50.14; author jlam; state Exp; branches; next 1.9; 1.9 date 2002.07.30.23.05.13; author jlam; state Exp; branches 1.9.2.1; next 1.8; 1.8 date 2001.07.13.16.08.41; author taca; state dead; branches; next 1.7; 1.7 date 2001.06.01.15.17.23; author groo; state Exp; branches; next 1.6; 1.6 date 2001.05.14.18.57.01; author jlam; state dead; branches; next 1.5; 1.5 date 2001.05.10.09.00.24; author abs; state Exp; branches; next 1.4; 1.4 date 2001.04.18.12.54.47; author tron; state Exp; branches; next 1.3; 1.3 date 2001.04.07.10.00.42; author hubertf; state Exp; branches; next 1.2; 1.2 date 2000.05.02.15.24.10; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.01.19.00.42.43; author jlam; state Exp; branches; next ; 1.18.14.1 date 2013.08.12.12.20.19; author tron; state Exp; branches; next ; commitid DRsIlszbKSa45a1x; 1.16.10.1 date 2007.02.15.13.14.46; author salo; state dead; branches; next ; 1.11.2.1 date 2003.03.23.01.24.13; author jmc; state Exp; branches; next ; 1.9.2.1 date 2002.07.30.23.05.13; author jlam; state dead; branches; next 1.9.2.2; 1.9.2.2 date 2002.08.25.21.20.34; author jlam; state Exp; branches; next ; desc @@ 1.19 log @Update samba to 3.6.17, security release. ============================== Release Notes for Samba 3.6.17 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.6.16: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @$NetBSD: patch-ad,v 1.18 2011/12/16 11:05:24 asau Exp $ --- VERSION.orig 2013-07-29 18:55:18.000000000 +0000 +++ VERSION @@@@ -84,7 +84,7 @@@@ SAMBA_VERSION_IS_GIT_SNAPSHOT=no # SAMBA_VERSION_VENDOR_FUNCTION # # # ######################################################## -SAMBA_VERSION_VENDOR_SUFFIX= +SAMBA_VERSION_VENDOR_SUFFIX="pkgsrc" SAMBA_VERSION_VENDOR_PATCH= ######################################################## @ 1.18 log @Update to Samba 3.5.11 from net/samba35, part of Samba packages rearrangement. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.1.1.1 2010/12/06 17:01:23 adam Exp $ d3 1 a3 1 --- VERSION.orig 2010-01-14 10:12:10.000000000 +0000 d5 1 a5 1 @@@@ -84,7 +84,7 @@@@ SAMBA_VERSION_IS_GIT_SNAPSHOT= @ 1.18.14.1 log @Pullup ticket #4207 - requested by taca net/samba: security update Revisions pulled up: - net/samba/Makefile 1.235,1.237 - net/samba/Makefile.mirrors 1.10 - net/samba/PLIST 1.54 - net/samba/distinfo 1.91-1.92 - net/samba/patches/patch-ac 1.15 - net/samba/patches/patch-ad 1.19 - net/samba/patches/patch-ae 1.11 - net/samba/patches/patch-af 1.12 - net/samba/patches/patch-ah 1.7 - net/samba/patches/patch-ai 1.7 - net/samba/patches/patch-aj 1.7 - net/samba/patches/patch-ak 1.6 - net/samba/patches/patch-an 1.4 - net/samba/patches/patch-ao 1.4 - net/samba/patches/patch-aq 1.4 - net/samba/patches/patch-as 1.4 - net/samba/patches/patch-av 1.5 - net/samba/patches/patch-aw 1.4 - net/samba/patches/patch-ba 1.11 - net/samba/patches/patch-bb 1.5 - net/samba/patches/patch-bf 1.6 --- Module Name: pkgsrc Committed By: adam Date: Wed Jul 3 20:00:48 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile PLIST distinfo pkgsrc/net/samba/patches: patch-bf Log Message: Changes 3.6.16: * BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent. * BUG 9722: Properly handle Oplock breaks in compound requests. * BUG 9822: Fix crash bug during Win8 sync. * BUG 9927: errno gets overwritten in call to check_parent_exists(). * BUG 8997: Change libreplace GPL source to LGPL. * BUG 9900: is_printer_published GUID retrieval. * BUG 9941: Fix a bug of drvupgrade of smbcontrol. * BUG 9868: Don't know how to make LIBNDR_PREG_OBJ. * BUG 9688: Remove "experimental" label on "max protocol=SMB2" parameter. * BUG 9881: Check for system libtevent. --- Module Name: pkgsrc Committed By: wiz Date: Thu Jul 4 19:31:10 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile.mirrors Log Message: Fix URL. --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 12 02:45:55 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo pkgsrc/net/samba/patches: patch-ac patch-ad patch-ae patch-af patch-ah patch-ai patch-aj patch-ak patch-an patch-ao patch-aq patch-as patch-av patch-aw patch-ba patch-bb Log Message: Update samba to 3.6.17, security release. ============================== Release Notes for Samba 3.6.17 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.6.16: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- VERSION.orig 2013-07-29 18:55:18.000000000 +0000 d5 1 a5 1 @@@@ -84,7 +84,7 @@@@ SAMBA_VERSION_IS_GIT_SNAPSHOT=no @ 1.17 log @Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain = yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks = yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab = yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.16 2005/11/14 08:05:27 jlam Exp $ d3 11 a13 11 --- lib/util_getent.c.orig 2005-10-12 13:03:30.000000000 -0400 +++ lib/util_getent.c @@@@ -156,7 +156,7 @@@@ struct sys_pwent * getpwent_list(void) pent->pw_uid = pwd->pw_uid; pent->pw_gid = pwd->pw_gid; if (pwd->pw_gecos) { - if ((pent->pw_gecos = SMB_STRDUP(pwd->pw_gecos)) == NULL) + if ((pent->pw_gecos = passwd_expand_gecos(pwd)) == NULL) goto err; } if (pwd->pw_dir) { @ 1.16 log @Update net/samba to 3.0.20.2 from samba-3.0.20b. Recommended patches for samba-3.0.20b that are applied as part of this update include: http://www.samba.org/samba/patches/print_lprm.patch http://www.samba.org/samba/patches/quota.patch http://www.samba.org/samba/patches/bug3201_wbinfo.patch This fixes PRs pkg/31352 and pkg/31991. Important changes that were made as part of porting this Samba release to pkgsrc include the following: * The new release model for Samba includes distributing patches for urgent bug fixes that will be included in the next release of Samba, and are available at http://www.samba.org/samba/patches/. Since these patches are rather generically named, we download all DISTFILES and PATCHFILES for Samba into a ${DISTNAME}-specific directory. * The default configuration for the samba package no longer builds the "winbind" portions of samba, which are really only useful when attempting to unify logons between Unix and Microsoft Windows. When the "winbind" option is specified, we also build the RID and AD idmap backends, which allow sharing UIDs/GIDs across Unix machines. * New package options have been added to the build: "mysql", "pgsql", and "xml" allow adding optional support for experimental passdb storage backends, and "winbind" allows for optionally building the winbindd daemon and associated plugins. * Two new smb.conf options were added -- "passwd expand gecos" and "state directory". The first describes whether "&" in the GECOS field of a passwd db entry is expanded to the login name. The second describes the location where the persistent-state database files are stored. * Luke Mewburn contributed code to allow nss_winbind.so to work properly on supported NetBSD systems. The FreeBSD NSS winbind code should probably be replaced with a suitably tweaked version of the NetBSD code since the latter is much more complete in the functions that are provided, but I'll leave that to freebsd-pkg-people. * Samba dumps all of its files into "lock directory", but some of them need to persist across reboots. We make a distinction between these files and the temporary files that are re-created by the Samba daemons when they are restarted -- the former are now stored in a "state directory" and the latter are stored in the "lock directory". This is modeled after the Debian patch to Samba located in: packaging/Debian/debian-unstable/patches/fhs.patch The "lock directory" default has been moved to ${VARBASE}/run/samba to emphasize the temporary status of the files stored in that directory. * Samba persists in using PAM_AUTHTOK_RECOVER_ERR, when there is almost universal agreement that PAM_AUTHTOK_RECOVERY_ERR is the right constant to use. Even the Linux-PAM distribution ensures that PAM_AUTHTOK_RECOVERY_ERR is correctly defined. To work around this, we define PAM_AUTHTOK_RECOVER_ERR appropriately in all the places where it is used. * The configure script checks for OpenSSL's libcrypto.so by looking for the symbol "des_set_key". However, libcrypto.so might not contain that symbol because the DES functions might come from a separate library, e.g. libdes.so. In this case, the configure script will think that libcrypto.so is not available, when it actually may be. Instead, look for EVP_des_cbc, which is always provided by libcrypto.so. * Add some missing $(PASSDB_LIBS) references to the Makefile to fix compilation problems if the experimental passdb backends are statically compiled into the Samba suite programs. * Fix compilation problems in sam/idmap_rid.c and sam/idmap_ad.c if the "rid" and "ad" idmap backends are statically compiled into winbindd. Changes between version 3.0.14a and 3.0.20b include: o Reporting files as read-only instead of returning the correct error code of "access denied" o File system quota support defects o Crash bugs caused by incompatibilities on 64-bit systems. o User Manager interoperability problems. o Support for several new Win32 rpc pipes. o New 'net rpc service' tool for managing Win32 services. o Capability to set the owner on new files and directory based on the parent's ownership. o Experimental, asynchronous IO file serving support. o Support for Microsoft Print Migrator. o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes. o Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client. o New asynchronous winbindd. o New Windows NT registry file I/O library. o New user right (SeTakeOwnershipPrivilege) added. o New "net share migrate" options. @ text @d1 1 a1 1 $NetBSD$ @ 1.16.10.1 log @Pullup ticket 2019 - requested by tron security update for samba Revisions pulled up: - pkgsrc/net/samba/Makefile 1.169 - pkgsrc/net/samba/PLIST 1.35 - pkgsrc/net/samba/distinfo 1.52 - pkgsrc/net/samba/patches/patch-ab 1.26 - pkgsrc/net/samba/patches/patch-ad removed - pkgsrc/net/samba/patches/patch-af 1.8 - pkgsrc/net/samba/patches/patch-ag 1.6 - pkgsrc/net/samba/patches/patch-ai 1.4 - pkgsrc/net/samba/patches/patch-al 1.5 - pkgsrc/net/samba/patches/patch-at 1.6 - pkgsrc/net/samba/patches/patch-au 1.6 - pkgsrc/net/samba/patches/patch-aw 1.2 - pkgsrc/net/samba/patches/patch-ay 1.2 - pkgsrc/net/samba/patches/patch-ba 1.4 - pkgsrc/net/samba/patches/patch-bb 1.2 - pkgsrc/net/samba/patches/patch-bg 1.2 - pkgsrc/net/samba/patches/patch-bi 1.4 - pkgsrc/net/samba/patches/patch-bl removed - pkgsrc/net/samba/patches/patch-bm 1.2 - pkgsrc/net/samba/patches/patch-bn 1.2 - pkgsrc/net/samba/patches/patch-bu 1.4 - pkgsrc/net/samba/patches/patch-bv 1.2 - pkgsrc/net/samba/patches/patch-cd removed Module Name: pkgsrc Committed By: tron Date: Sun Feb 11 18:39:04 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile PLIST distinfo pkgsrc/net/samba/patches: patch-ab patch-af patch-ag patch-ai patch-al patch-at patch-au patch-aw patch-ay patch-ba patch-bb patch-bg patch-bi patch-bm patch-bn patch-bu patch-bv Removed Files: pkgsrc/net/samba/patches: patch-ad patch-bl patch-cd Log Message: Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain =3D yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks =3D yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab =3D yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.16 2005/11/14 08:05:27 jlam Exp $ @ 1.15 log @Update "samba" package to version 3.0.10. Changes since version 3.0.9: - Added checks surrounding all *alloc() calls to fix CAN-2004-1154. - Fix long standing memory size bug in bitmap_allocate(). - Remove bogus error check in deferred open file serving code. - Fix autoconf script on platforms using a version of GNU ld that does not include a date stamp in the output of --version. - Fix the swat install script to deal with the new image destination directory used by the docs. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.14 2004/02/17 11:51:54 jlam Exp $ d3 1 a3 1 --- lib/util_getent.c.orig Fri Feb 13 11:02:10 2004 d5 1 a5 13 @@@@ -133,6 +133,11 @@@@ struct sys_pwent * getpwent_list(void) struct sys_pwent *plist; struct sys_pwent *pent; struct passwd *pwd; +#ifdef BSD +# define GECOS_BUFLEN 1024 + char *bp, *gecos, *p, buf[GECOS_BUFLEN]; + int buflen; +#endif pent = SMB_MALLOC_P(struct sys_pwent); if (pent == NULL) { @@@@ -156,9 +161,38 @@@@ struct sys_pwent * getpwent_list(void) d9 2 a10 26 +#ifdef BSD + gecos = pwd->pw_gecos; + if (*gecos == '*') + gecos++; + bp = buf; + + /* copy gecos, interpolating & to be full name */ + for (p = gecos; *p != '\0'; p++) { + if (bp >= &buf[GECOS_BUFLEN - 1]) + /* buffer overflow */ + goto gecos_done; + if (*p == '&') { + /* interpolate full name */ + snprintf(bp, GECOS_BUFLEN - (bp - buf), + "%s", pwd->pw_name); + *bp = toupper(*bp); + bp += strlen(bp); + } else { + *bp++ = *p; + } + } + *bp = '\0'; + if ((pent->pw_gecos = SMB_STRDUP(buf)) == NULL) + goto err; +#else if ((pent->pw_gecos = SMB_STRDUP(pwd->pw_gecos)) == NULL) a11 1 +#endif a12 3 +#ifdef BSD + gecos_done: +#endif a13 2 if ((pent->pw_dir = SMB_STRDUP(pwd->pw_dir)) == NULL) goto err; @ 1.14 log @Update net/samba to 3.0.2a. Fixes from version 3.0.1 include: o Joining a Samba domain from Pre-SP2 Windows 2000 clients. o Logging onto a Samba domain from Windows XP clients. o Problems with the %U and %u smb.conf variables in relation to Windows 9x/ME clients. o Kerberos failures due to an invalid in memory keytab detection test. o Updates to the ntlm_auth tool. o Fixes for various SMB signing errors. o Better separation of WINS and DNS queries for domain controllers. o Issues with nss_winbind FreeBSD and Solaris. o Several crash bugs in smbd and winbindd. o Output formatting fixes for smbclient for better compatibility with scripts based on the 2.2 version. @ text @d1 1 a1 1 $NetBSD$ d15 1 a15 1 pent = (struct sys_pwent *) malloc(sizeof(struct sys_pwent)); d43 1 a43 1 + if ((pent->pw_gecos = strdup(buf)) == NULL) d46 1 a46 1 if ((pent->pw_gecos = strdup(pwd->pw_gecos)) == NULL) d54 1 a54 1 if ((pent->pw_dir = strdup(pwd->pw_dir)) == NULL) @ 1.13 log @Update net/samba to 3.0.1. Major changes from version 2.2.8anb6 include: * Active Directory support. Samba is able to join a ADS realm as a member server and authenticate using LDAP/Kerberos. * Unicode support. * New, more flexible authentication (passdb) system. * A new "net" command that is similar to the "net" command in Windows. * Samba now negotiates NT-style status32 codes on the wire, which greatly improves error handling. * Better Windows 2K/2K3/XP printing support. * Loadable module support for passdb backends and character sets. * More performant winbindd. * Support for migrating from a Windows NT4 domain to a Samba domain and maintaining user, group, and domain SIDs. * Support for establishing trust relationships with Windows NT4 DCs. * Initial support for a distributed Winbind architecture using an LDAP directory for storing SID-to-uid/gid mappings. * Major updates to the Samba documentation tree. * Full support for client and server SMB signing to ensure compatibility with default Windows 2K3 security settings. * Improvement of ACL mapping features. @ text @d3 1 a3 1 --- lib/util_getent.c.orig Sat Jun 7 13:57:33 2003 d10 2 a11 2 +# define BUFLEN 1024 + char *bp, *gecos, *p, buf[BUFLEN]; d29 1 a29 1 + if (bp >= &buf[BUFLEN - 1]) d34 1 a34 1 + snprintf(bp, BUFLEN - (bp - buf), d38 2 a40 2 + else + *bp++ = *p; d43 1 a43 1 + if ((pent->pw_name = strdup(buf)) == NULL) d46 1 a46 1 if ((pent->pw_name = strdup(pwd->pw_gecos)) == NULL) d54 1 a54 1 if ((pent->pw_name = strdup(pwd->pw_dir)) == NULL) @ 1.12 log @Updated samba to 2.2.8 **************************************** * IMPORTANT: Security bugfix for Samba * **************************************** The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445. Advice created by Andrew Tridgell, the leader of the Samba Team, on how to protect an unpatched Samba server is given at the end of this section. The SMB/CIFS protocol implemented by Samba is vulnerable to many attacks, even without specific security holes. The TCP ports 139 and the new port 445 (used by Win2k and the Samba 3.0 alpha code in particular) should never be exposed to untrusted networks. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.11 2002/10/18 11:50:28 martti Exp $ d3 23 a25 7 --- Makefile.in.orig Fri Feb 28 15:56:06 2003 +++ Makefile.in Sun Mar 16 09:02:19 2003 @@@@ -91,6 +91,8 @@@@ FLAGS = $(ISA) $(FLAGS5) $(PASSWD_FLAGS) FLAGS32 = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS) +PAM_NEEDS_LIBC = @@PAM_NEEDS_LIBC@@ d27 29 a55 21 WINBIND_PROGS = @@WINBIND_TARGETS@@ WINBIND_SPROGS = @@WINBIND_STARGETS@@ WINBIND_PAM_PROGS = @@WINBIND_PAM_TARGETS@@ @@@@ -658,7 +660,7 @@@@ bin/pam_smbpass.@@SHLIBEXT@@: $(PAM_SMBPASS_OBJ) bin/.dummy @@echo Linking shared library $@@ - $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(LDAPLIBS) -lc \ + $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(LDAPLIBS) $(PAM_NEEDS_LIBC) \ @@SONAMEFLAG@@`basename $@@` nsswitch/libnss_wins.so: $(NSS_OBJ) @@@@ -682,7 +684,7 @@@@ nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) @@echo Linking $@@ - @@$(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_WINBIND_OBJ) \ + @@$(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_WINBIND_OBJ) $(LDFLAGS) $(DYNEXP) $(PAM_NEEDS_LIBC) \ @@SONAMEFLAG@@`basename $@@` bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ @ 1.11 log @Updated samba to 2.2.6 * Fixes for MS-RPC printing issues affecting Windows 2000 clients * New support for smb.conf generation in SWAT * Inclusion of several performance enhancements * Fixes for several file locking bugs and returned status codes @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.10 2002/08/25 21:50:14 jlam Exp $ d3 3 a5 3 --- Makefile.in.orig Wed Oct 9 22:27:15 2002 +++ Makefile.in Fri Oct 18 13:04:01 2002 @@@@ -89,6 +89,8 @@@@ d14 1 a14 1 @@@@ -654,7 +656,7 @@@@ d23 1 a23 1 @@@@ -678,7 +680,7 @@@@ @ 1.11.2.1 log @Pullup rev 1.12 (requested by bouyer in ticket #1220) Updated samba to 2.2.8 **************************************** * IMPORTANT: Security bugfix for Samba * **************************************** The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445. Advice created by Andrew Tridgell, the leader of the Samba Team, on how to protect an unpatched Samba server is given at the end of this section. The SMB/CIFS protocol implemented by Samba is vulnerable to many attacks, even without specific security holes. The TCP ports 139 and the new port 445 (used by Win2k and the Samba 3.0 alpha code in particular) should never be exposed to untrusted networks. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- Makefile.in.orig Fri Feb 28 15:56:06 2003 +++ Makefile.in Sun Mar 16 09:02:19 2003 @@@@ -91,6 +91,8 @@@@ d14 1 a14 1 @@@@ -658,7 +660,7 @@@@ d23 1 a23 1 @@@@ -682,7 +684,7 @@@@ @ 1.10 log @Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.9.2.1 2002/08/25 21:20:34 jlam Exp $ d3 3 a5 3 --- Makefile.in.orig Sun Jul 28 18:13:04 2002 +++ Makefile.in @@@@ -89,6 +89,8 @@@@ FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $ d14 1 a14 1 @@@@ -650,7 +652,7 @@@@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOB d18 2 a19 2 - $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \ + $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(PAM_NEEDS_LIBC) \ d23 1 a23 1 @@@@ -674,7 +676,7 @@@@ nsswitch/libnss_winbind.so: $(WINBIND_NS @ 1.9 log @Factor out common parts of samba and winbind into net/samba/Makefile.common and merge their patch collections. These two packages are built from the same source tree, and updates to the main distfile should be shared by both packages. @ text @d1 1 a1 1 $NetBSD$ @ 1.9.2.1 log @file patch-ad was added on branch buildlink2 on 2002-08-25 21:20:34 +0000 @ text @d1 31 @ 1.9.2.2 log @Merge changes in the main trunk into the buildlink2 branch for those packages that have been converted to USE_BUILDLINK2. @ text @a0 31 $NetBSD: patch-ad,v 1.9.2.1 2002/08/25 21:20:34 jlam Exp $ --- Makefile.in.orig Sun Jul 28 18:13:04 2002 +++ Makefile.in @@@@ -89,6 +89,8 @@@@ FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $ FLAGS = $(ISA) $(FLAGS5) $(PASSWD_FLAGS) FLAGS32 = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS) +PAM_NEEDS_LIBC = @@PAM_NEEDS_LIBC@@ + WINBIND_PROGS = @@WINBIND_TARGETS@@ WINBIND_SPROGS = @@WINBIND_STARGETS@@ WINBIND_PAM_PROGS = @@WINBIND_PAM_TARGETS@@ @@@@ -650,7 +652,7 @@@@ bin/libsmbclient.a: $(LIBSMBCLIENT_PICOB bin/pam_smbpass.@@SHLIBEXT@@: $(PAM_SMBPASS_OBJ) bin/.dummy @@echo Linking shared library $@@ - $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) -lc \ + $(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_SMBPASS_OBJ) $(LDFLAGS) -lpam $(DYNEXP) $(LIBS) $(PAM_NEEDS_LIBC) \ @@SONAMEFLAG@@`basename $@@` nsswitch/libnss_wins.so: $(NSS_OBJ) @@@@ -674,7 +676,7 @@@@ nsswitch/libnss_winbind.so: $(WINBIND_NS nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) @@echo Linking $@@ - @@$(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_WINBIND_OBJ) \ + @@$(SHLD) @@LDSHFLAGS@@ -o $@@ $(PAM_WINBIND_OBJ) $(LDFLAGS) $(DYNEXP) $(PAM_NEEDS_LIBC) \ @@SONAMEFLAG@@`basename $@@` bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ @ 1.8 log @Update samba to 2.2.1a. WHATS NEW IN Samba 2.2.1a: 11th July 2001 ========================================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. This is a minor bugfix release for 2.2.1, *NOT* security related. 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or Windows2000 machine into a Samba hosted PDC would fail due to our stricter user name checking. We were disallowing user names containing '$', which is needed when using smbpasswd to add a machine into a domain. Automatically adding machines (using the native Windows tools) into a Samba domain worked correctly. 2.2.1a fixes this single problem. New/Changed parameters in 2.2.1 ------------------------------- Added parameters. ----------------- obey pam restrictions When Samba is configured to use PAM, turns on or off Samba checking the PAM account restrictions. Defaults to off. pam password change When Samba is configured to use PAM, turns on or off Samba passing the password changes to PAM. Defaults to off. large readwrite New option to allow new Windows 2000 large file (64k) streaming read/write options. Needs a 64 bit underlying operating system (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance by 10% with Windows 2000 clients. Defaults to off. Not as tested as some other Samba code paths. hide unreadable Prevents clients from seeing the existance of files that cannot be read. Off by default. enhanced browsing Turn on/off the enhanced Samba browing functionality (*1B names). Default is "on". Can prevent eternal machines in workgroups when WINS servers are not synchronised. Removed parameters. ------------------- domain groups domain admin users domain guest users Changes in 2.2.1 ----------------- 1). "find" command removed for smbclient. Internal code now used. 2). smbspool updates to retry connections from Michael Sweet. 3). Fix for mapping 8859-15 characters to UNICODE. 4). Changed "security=server" to try with invalid username to prevent account lockouts. 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC. 6). Support for Windows 9x Nexus tools to allow security changes from Win9x. 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network lock tester tool for distributed databases. 8). Preliminary support added for Windows 2000 large file read/write SMBs. 9). Changed random number generator in Samba to prevent guess attacks. 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb. smbd's clean the tdb files on startup and shutdown. 11). Fixes for default ACLs on Solaris. 12). Tidyup of password entry caching code. 13). Correct shutdowns added for send fails. Helps tdb cleanup code. 14). Prevent invalid '/' characters in workgroup names. 15). Removed more static arrays in SAMR code. 16). Client code is now UNICODE on the wire. 17). Fix 2 second timstamp resolution everywhere if dos timestamp set to yes. 18). All tdb opens now going through logging function. 19). Add pam password changing and pam restrictions code. 20). Printer driver management improvements (delete driver). 21). Fix difference between NULL security descriptors and empty security descriptors. 22). Fix SID returns for server roles. 23). Allow Windows 2000 mmc to view and set Samba share security descriptors. 24). Allow smbcontrol to forcibly disconnect a share. 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent mmap/file read/write cache. 26). Fix race condition in returning create disposition for file create/open. 27). Fix NT rewriting of security descriptors to their canonical form for ACLs. 28). Fix for Samba running on top of Linux VFAT ftruncate bug. 29). Swat fixes for being run with xinetd that doesn't set the umask. 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft TCP stack early ack specification error. 31). Changed lock & persistant tdb directory to /var/cache/samba by default on RedHat and Mandrake as they clear the /var/lock/samba directory on reboot. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.7 2001/06/01 15:17:23 groo Exp $ d3 5 a7 5 --- tdb/tdb.c.orig Thu May 31 23:27:21 2001 +++ tdb/tdb.c Thu May 31 23:29:55 2001 @@@@ -439,20 +439,24 @@@@ the database up to a multiple of TDB_PAGE_SIZE */ size = TDB_ALIGN(tdb->map_size + size*10, TDB_PAGE_SIZE) - tdb->map_size; d9 1 a9 2 + if (!(tdb->flags & TDB_INTERNAL) && tdb->map_ptr) + tdb->map_ptr = tdb_munmap(tdb->map_ptr, tdb->map_size); d11 4 a14 7 /* expand the file itself */ if (!(tdb->flags & TDB_INTERNAL)) { - lseek(tdb->fd, tdb->map_size + size - 1, SEEK_SET); + if (lseek(tdb->fd, tdb->map_size + size - 1, SEEK_SET)!=tdb->map_size + size - 1) + goto fail; if (write(tdb->fd, &b, 1) != 1) goto fail; } d16 5 a20 4 - if (!(tdb->flags & TDB_INTERNAL) && tdb->map_ptr) - tdb->map_ptr = tdb_munmap(tdb->map_ptr, tdb->map_size); - tdb->map_size += size; d22 2 a23 2 if (tdb->flags & TDB_INTERNAL) tdb->map_ptr = realloc(tdb->map_ptr, tdb->map_size); d25 5 a29 13 + if (!(tdb->flags & TDB_NOMMAP)) + tdb->map_ptr = tdb_mmap(tdb->map_size, 0, tdb->fd); + /* form a new freelist record */ memset(&rec,'\0',sizeof(rec)); rec.rec_len = size - sizeof(rec); @@@@ -460,9 +464,6 @@@@ /* link it into the free list */ offset = tdb->map_size - size; if (tdb_free(tdb, offset, &rec) == -1) goto fail; - - if (!(tdb->flags & TDB_NOMMAP)) - tdb->map_ptr = tdb_mmap(tdb->map_size, 0, tdb->fd); d31 1 a31 2 tdb_unlock(tdb, -1, F_WRLCK); return 0; @ 1.7 log @Apply patch to tdb.c so that it works on pre-UBC systems. .tdb databases were previously enlarged by the sequence: lseek, write, munmap, mmap and are now enlarged by: munmap, lseek, write, mmap. The Samba team is already aware of the problem. I expect this patch will be incorporated in a future release. @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @Remove unneeded patches after samba update to 2.2.0. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.5 2001/05/10 09:00:24 abs Exp $ d3 5 a7 5 --- configure.in.orig Wed Apr 18 00:00:52 2001 +++ configure.in @@@@ -234,9 +234,6 @@@@ AC_CHECK_TYPE(offset_t,loff_t) AC_CHECK_TYPE(ssize_t, int) d9 13 a21 2 -# we need libcups for CUPS support... -AC_CHECK_LIB(cups,httpConnect) d23 1 a23 17 # we need libdl for PAM and the new VFS code AC_CHECK_LIB(dl,main) @@@@ -312,7 +309,14 @@@@ # test for where we get readline() from if test "$ac_cv_header_readline_h" = "yes" || test "$ac_cv_header_readline_readline_h" = "yes"; then - AC_CHECK_LIB(readline,readline) + AC_CHECK_LIB(termcap, tputs) + if test "$ac_cv_lib_termcap_tputs" = "yes"; then + AC_CHECK_LIB(edit, readline, , [AC_CHECK_LIB(readline, readline)]) + if test "$ac_cv_lib_edit_readline" = "yes" || + test "$ac_cv_lib_readline_readline" = "yes"; then + AC_DEFINE(HAVE_READLINE) + fi + fi fi d25 2 d28 2 a29 4 @@@@ -1160,6 +1164,24 @@@@ AC_DEFINE(BROKEN_NISPLUS_INCLUDE_FILES) fi d31 10 a40 17 +################################################# +# check for CUPS support +AC_MSG_CHECKING(whether to use CUPS) +AC_ARG_WITH(cups, +[ --with-cups Include CUPS support + --without-cups Don't include CUPS support (default)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_CHECK_LIB(cups, httpConnect) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) d42 2 a43 2 ################################################# # check for smbwrapper support @ 1.5 log @Update samba to 2.0.9: Samba 2.0.9 is a security bugfix release which correctly fixes the problem 2.0.8 was supposed to address. (A bug in the handling of temporary files that allowed local users to destroy data on local devices). @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update "samba" package to version 2.0.8: Samba 2.0.8 is a security bugfix release. Previous versions of Samba had a bug with the handling of temporary files that allows local users to destroy data on local devices. This bug was discovered during a routine security audit by Caldera. While no exploitation of this bug is known to have occurred it is fairly easy to exploit so sites with untrusted local users should take the threat seriously. Unfortunately we lose japanese language support by this update. @ text @d3 53 a55 83 --- client/client.c.orig Wed Apr 18 01:00:52 2001 +++ client/client.c Wed Apr 18 14:32:09 2001 @@@@ -1180,7 +1180,7 @@@@ "find . -name \"%s\" -print > %s",p,tmpname); else slprintf(cmd,sizeof(pstring)-1, - "find . -maxdepth 1 -name \"%s\" -print > %s",p,tmpname); + "ls -1 %s > %s",p,tmpname); system(cmd); close(fd); @@@@ -1615,22 +1615,19 @@@@ return True; } -#if defined(HAVE_LIBREADLINE) +#if defined(HAVE_READLINE) # if defined(HAVE_READLINE_HISTORY_H) || defined(HAVE_HISTORY_H) /**************************************************************************** history ****************************************************************************/ static void cmd_history(void) { - HIST_ENTRY **hlist; register int i; - hlist = history_list (); /* Get pointer to history list */ - - if (hlist) /* If list not empty */ + if (history_length) /* If history is not empty */ { - for (i = 0; hlist[i]; i++) /* then display it */ - DEBUG(0, ("%d: %s\n", i, hlist[i]->line)); + for (i = 1; i <= history_length; i++) /* then display it */ + DEBUG(0, ("%d: %s\n", i, history_get(i)->line)); } } # endif @@@@ -1691,7 +1688,7 @@@@ {"setmode",cmd_setmode,"filename change modes of file",{COMPL_REMOTE,COMPL_NONE}}, {"help",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}}, {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}}, -#ifdef HAVE_LIBREADLINE +#ifdef HAVE_READLINE {"history",cmd_history,"displays the command history",{COMPL_NONE,COMPL_NONE}}, #endif {"!",NULL,"run a shell command on the local system",{COMPL_NONE,COMPL_NONE}}, @@@@ -1751,7 +1748,7 @@@@ } } -#ifndef HAVE_LIBREADLINE +#ifndef HAVE_READLINE /**************************************************************************** wait for keyboard activity, swallowing network packets ****************************************************************************/ @@@@ -1830,7 +1827,7 @@@@ pstring line; char *ptr; -#ifdef HAVE_LIBREADLINE +#ifdef HAVE_READLINE /* Minimal readline support, 29Jun1999, s.xenitellis@@rhbnc.ac.uk */ #ifdef PROMPTSIZE #undef PROMPTSIZE @@@@ -1844,7 +1841,7 @@@@ while (!feof(stdin)) { fstring tok; int i; -#ifdef HAVE_LIBREADLINE +#ifdef HAVE_READLINE if ( temp != (char *)NULL ) { free( temp ); /* Free memory allocated every time by readline() */ @@@@ -2231,7 +2228,7 @@@@ DEBUGLEVEL = 2; -#ifdef HAVE_LIBREADLINE +#ifdef HAVE_READLINE /* Allow conditional parsing of the ~/.inputrc file. */ rl_readline_name = "smbclient"; #endif @ 1.3 log @In smbclient 'mput' command, don't use find(1) with "-maxdepth" argument which NetBSD doesn't support. Use ls(1) instead. Patch contributed by Claude Marinier in PR 12564. @ text @d3 3 a5 3 --- client/client.c.orig Wed May 10 16:28:49 2000 +++ client/client.c @@@@ -1165,7 +1165,7 @@@@ d12 1 d14 1 a14 2 f = sys_fopen(tmpname,"r"); @@@@ -1599,22 +1599,19 @@@@ d41 1 a41 1 @@@@ -1675,7 +1672,7 @@@@ d50 1 a50 1 @@@@ -1735,7 +1732,7 @@@@ d59 1 a59 1 @@@@ -1814,7 +1811,7 @@@@ d68 1 a68 1 @@@@ -1828,7 +1825,7 @@@@ d77 1 a77 1 @@@@ -2215,7 +2212,7 @@@@ @ 1.2 log @Updated samba to 2.0.7. Major changes from version 2.0.6 are below. A complete list of changes can be found at http://www.samba.org/. New Documentation in 2.0.7 -------------------------- O'Reilly and Associates have donated their book "Using Samba" to the Samba community to be updated in a collaberative way along with the Samba software. Starting with this release the html of "Using Samba" will be distributed with the Samba software as the online documentation for Samba. Bug fixes for the book are encouraged as is new material. Please help us make this documentation the best it can be for Samba ! Windows 2000 Issues ------------------- This version of Samba has been tested with Windows 2000 and the five known incompatibilities with Windows 2000 have been fixed. See the "Changes in 2.0.7" list below for details. New/Changed parameters in 2.0.7 ------------------------------- There are 5 new parameters in the smb.conf file. utmp utmp dir utmp hostname utmp consolidate wtmp directory These parameters are only available if the "--with-utmp" option was selected at configure time. The yes/no option "utmp" specifies whether utmp records should be recorded on user logon/logoff. It defaults to "no". The "utmp dir" and "wtmp dir" are string parameters specifying pathnames to the directories containing the utmp/wtmp file databases. See the smb.conf man page for more details. inherit permissions This boolean parameter causes newly created files and directories to inherit their initial permissions from their parent directory. This can be very useful in propagating such things as the set-group bit in directory heirarchies. See the smb.conf man page for more details. write cache size This integer parameter specifies (in bytes) the size of a user level per-file write cache that smbd will create for an oplocked file. This can improve performance significantly for writing files by causing writes to be done in large chunk sizes. If this parameter is set (it defaults to zero which means no write cache) to the stripe size of a raid volume then it will cause writes to be much more efficient. Up to 10 write caches can be active simultaneously per smbd (allocated for the first 10 oplocked file opens). All normal warnings about the dangers of user level caching of data apply. See the smb.conf man page for more details. source environment This pathname parameter causes Samba to read a list of environment variables from a named file on startup. This can be useful in setting up Samba in a clustered environment. See the smb.conf man page for more details. Ability to delete users added ----------------------------- SWAT and smbpasswd can now delete users from the Samba smbpasswd file. See the man page for smbpasswd for details. Roving profile behavior finalized --------------------------------- The change in behavior with roving profiles (using the "logon home" parameter instead of the "logon path" parameter) introduced in 2.0.6 has been discovered to be consistant with the way Windows NT behaves, and has been left as the default action. Please see the additional notes in the "logon home" parameter description in the smb.conf man page for more details. @ text @d3 11 a13 2 --- client/client.c.orig Tue Apr 25 19:06:41 2000 +++ client/client.c Fri Apr 28 16:29:58 2000 @ 1.1 log @Remove readline dependency for systems whose libedit.a has readline emulation. I've finally learned enough autoconf voodoo to do this the right way :) Also preliminary preparations for CUPS (IPP) support. @ text @d3 3 a5 3 --- client/client.c.orig Wed Nov 10 21:35:59 1999 +++ client/client.c Tue Jan 18 15:27:27 2000 @@@@ -1588,22 +1588,19 @@@@ d32 1 a32 1 @@@@ -1664,7 +1661,7 @@@@ d41 1 a41 1 @@@@ -1724,7 +1721,7 @@@@ d50 1 a50 1 @@@@ -1806,7 +1803,7 @@@@ d57 3 a59 3 const int PromptSize = 2048; char prompt_str[PromptSize]; /* This holds the buffer "smb: \dir1\> " */ @@@@ -1817,7 +1814,7 @@@@ d68 1 a68 1 @@@@ -2197,7 +2194,7 @@@@ @