head 1.13; access; symbols pkgsrc-2026Q1:1.13.0.82 pkgsrc-2026Q1-base:1.13 pkgsrc-2025Q4:1.13.0.80 pkgsrc-2025Q4-base:1.13 pkgsrc-2025Q3:1.13.0.78 pkgsrc-2025Q3-base:1.13 pkgsrc-2025Q2:1.13.0.76 pkgsrc-2025Q2-base:1.13 pkgsrc-2025Q1:1.13.0.74 pkgsrc-2025Q1-base:1.13 pkgsrc-2024Q4:1.13.0.72 pkgsrc-2024Q4-base:1.13 pkgsrc-2024Q3:1.13.0.70 pkgsrc-2024Q3-base:1.13 pkgsrc-2024Q2:1.13.0.68 pkgsrc-2024Q2-base:1.13 pkgsrc-2024Q1:1.13.0.66 pkgsrc-2024Q1-base:1.13 pkgsrc-2023Q4:1.13.0.64 pkgsrc-2023Q4-base:1.13 pkgsrc-2023Q3:1.13.0.62 pkgsrc-2023Q3-base:1.13 pkgsrc-2023Q2:1.13.0.60 pkgsrc-2023Q2-base:1.13 pkgsrc-2023Q1:1.13.0.58 pkgsrc-2023Q1-base:1.13 pkgsrc-2022Q4:1.13.0.56 pkgsrc-2022Q4-base:1.13 pkgsrc-2022Q3:1.13.0.54 pkgsrc-2022Q3-base:1.13 pkgsrc-2022Q2:1.13.0.52 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.13.0.50 pkgsrc-2022Q1-base:1.13 pkgsrc-2021Q4:1.13.0.48 pkgsrc-2021Q4-base:1.13 pkgsrc-2021Q3:1.13.0.46 pkgsrc-2021Q3-base:1.13 pkgsrc-2021Q2:1.13.0.44 pkgsrc-2021Q2-base:1.13 pkgsrc-2021Q1:1.13.0.42 pkgsrc-2021Q1-base:1.13 pkgsrc-2020Q4:1.13.0.40 pkgsrc-2020Q4-base:1.13 pkgsrc-2020Q3:1.13.0.38 pkgsrc-2020Q3-base:1.13 pkgsrc-2020Q2:1.13.0.34 pkgsrc-2020Q2-base:1.13 pkgsrc-2020Q1:1.13.0.14 pkgsrc-2020Q1-base:1.13 pkgsrc-2019Q4:1.13.0.36 pkgsrc-2019Q4-base:1.13 pkgsrc-2019Q3:1.13.0.32 pkgsrc-2019Q3-base:1.13 pkgsrc-2019Q2:1.13.0.30 pkgsrc-2019Q2-base:1.13 pkgsrc-2019Q1:1.13.0.28 pkgsrc-2019Q1-base:1.13 pkgsrc-2018Q4:1.13.0.26 pkgsrc-2018Q4-base:1.13 pkgsrc-2018Q3:1.13.0.24 pkgsrc-2018Q3-base:1.13 pkgsrc-2018Q2:1.13.0.22 pkgsrc-2018Q2-base:1.13 pkgsrc-2018Q1:1.13.0.20 pkgsrc-2018Q1-base:1.13 pkgsrc-2017Q4:1.13.0.18 pkgsrc-2017Q4-base:1.13 pkgsrc-2017Q3:1.13.0.16 pkgsrc-2017Q3-base:1.13 pkgsrc-2017Q2:1.13.0.12 pkgsrc-2017Q2-base:1.13 pkgsrc-2017Q1:1.13.0.10 pkgsrc-2017Q1-base:1.13 pkgsrc-2016Q4:1.13.0.8 pkgsrc-2016Q4-base:1.13 pkgsrc-2016Q3:1.13.0.6 pkgsrc-2016Q3-base:1.13 pkgsrc-2016Q2:1.13.0.4 pkgsrc-2016Q2-base:1.13 pkgsrc-2016Q1:1.13.0.2 pkgsrc-2016Q1-base:1.13 pkgsrc-2015Q4:1.12.0.20 pkgsrc-2015Q4-base:1.12 pkgsrc-2015Q3:1.12.0.18 pkgsrc-2015Q3-base:1.12 pkgsrc-2015Q2:1.12.0.16 pkgsrc-2015Q2-base:1.12 pkgsrc-2015Q1:1.12.0.14 pkgsrc-2015Q1-base:1.12 pkgsrc-2014Q4:1.12.0.12 pkgsrc-2014Q4-base:1.12 pkgsrc-2014Q3:1.12.0.10 pkgsrc-2014Q3-base:1.12 pkgsrc-2014Q2:1.12.0.8 pkgsrc-2014Q2-base:1.12 pkgsrc-2014Q1:1.12.0.6 pkgsrc-2014Q1-base:1.12 pkgsrc-2013Q4:1.12.0.4 pkgsrc-2013Q4-base:1.12 pkgsrc-2013Q3:1.12.0.2 pkgsrc-2013Q3-base:1.12 pkgsrc-2013Q2:1.11.0.6 pkgsrc-2013Q2-base:1.11 pkgsrc-2013Q1:1.11.0.4 pkgsrc-2013Q1-base:1.11 pkgsrc-2012Q4:1.11.0.2 pkgsrc-2012Q4-base:1.11 pkgsrc-2012Q3:1.10.0.8 pkgsrc-2012Q3-base:1.10 pkgsrc-2012Q2:1.10.0.6 pkgsrc-2012Q2-base:1.10 pkgsrc-2012Q1:1.10.0.4 pkgsrc-2012Q1-base:1.10 pkgsrc-2011Q4:1.10.0.2 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q3:1.8.0.42 pkgsrc-2011Q3-base:1.8 pkgsrc-2011Q2:1.8.0.40 pkgsrc-2011Q2-base:1.8 pkgsrc-2011Q1:1.8.0.38 pkgsrc-2011Q1-base:1.8 pkgsrc-2010Q4:1.8.0.36 pkgsrc-2010Q4-base:1.8 pkgsrc-2010Q3:1.8.0.34 pkgsrc-2010Q3-base:1.8 pkgsrc-2010Q2:1.8.0.32 pkgsrc-2010Q2-base:1.8 pkgsrc-2010Q1:1.8.0.30 pkgsrc-2010Q1-base:1.8 pkgsrc-2009Q4:1.8.0.28 pkgsrc-2009Q4-base:1.8 pkgsrc-2009Q3:1.8.0.26 pkgsrc-2009Q3-base:1.8 pkgsrc-2009Q2:1.8.0.24 pkgsrc-2009Q2-base:1.8 pkgsrc-2009Q1:1.8.0.22 pkgsrc-2009Q1-base:1.8 pkgsrc-2008Q4:1.8.0.20 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.18 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.16 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.14 pkgsrc-2008Q2-base:1.8 cwrapper:1.8.0.12 pkgsrc-2008Q1:1.8.0.10 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.8 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.6 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.4 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.2 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.7.0.10 pkgsrc-2006Q4-base:1.7 pkgsrc-2006Q3:1.7.0.8 pkgsrc-2006Q3-base:1.7 pkgsrc-2006Q2:1.7.0.6 pkgsrc-2006Q2-base:1.7 pkgsrc-2006Q1:1.7.0.4 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.7.0.2 pkgsrc-2005Q4-base:1.7 pkgsrc-2005Q3:1.6.0.10 pkgsrc-2005Q3-base:1.6 pkgsrc-2005Q2:1.6.0.8 pkgsrc-2005Q2-base:1.6 pkgsrc-2005Q1:1.6.0.6 pkgsrc-2005Q1-base:1.6 pkgsrc-2004Q4:1.6.0.4 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.6.0.2 pkgsrc-2004Q3-base:1.6 pkgsrc-2004Q2:1.5.0.4 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.5.0.2 pkgsrc-2004Q1-base:1.5 pkgsrc-2003Q4:1.4.0.2 pkgsrc-2003Q4-base:1.4 buildlink2-base:1.4 netbsd-1-5-RELEASE:1.3 netbsd-1-4-PATCH003:1.3 netbsd-1-4-PATCH002:1.1; locks; strict; comment @# @; 1.13 date 2016.02.29.17.13.06; author jperkin; state Exp; branches; next 1.12; commitid 2Cpw953xgY55MPWy; 1.12 date 2013.08.12.02.45.55; author taca; state Exp; branches; next 1.11; commitid EB23ZUIBzNlQT61x; 1.11 date 2012.12.14.07.39.35; author adam; state Exp; branches 1.11.6.1; next 1.10; 1.10 date 2011.12.16.22.32.06; author asau; state Exp; branches; next 1.9; 1.9 date 2011.12.16.11.05.24; author asau; state Exp; branches; next 1.8; 1.8 date 2007.02.11.18.39.04; author tron; state Exp; branches; next 1.7; 1.7 date 2005.11.14.08.05.27; author jlam; state Exp; branches 1.7.10.1; next 1.6; 1.6 date 2004.09.14.17.18.06; author jlam; state Exp; branches; next 1.5; 1.5 date 2004.01.11.02.26.31; author jlam; state Exp; branches; next 1.4; 1.4 date 2001.05.10.09.00.24; author abs; state dead; branches; next 1.3; 1.3 date 2000.09.03.09.17.00; author kei; state Exp; branches; next 1.2; 1.2 date 2000.05.02.15.24.10; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.01.19.00.42.43; author jlam; state Exp; branches; next ; 1.11.6.1 date 2013.08.12.12.20.19; author tron; state Exp; branches; next ; commitid DRsIlszbKSa45a1x; 1.7.10.1 date 2007.02.15.13.14.46; author salo; state Exp; branches; next ; desc @@ 1.13 log @Various build and install fixes for Darwin. @ text @$NetBSD: patch-af,v 1.12 2013/08/12 02:45:55 taca Exp $ Fix HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS test, from upstream. --- configure.orig 2015-02-22 14:16:23.000000000 +0000 +++ configure @@@@ -15277,20 +15277,24 @@@@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -int -main () -{ - - if (0) { - this_function_does_not_exist(); - } else { - return 1; - } - +#include +size_t __unsafe_string_function_usage_here_size_t__(void); +#define CHECK_STRING_SIZE(d, len) (sizeof(d) != (len) && sizeof(d) != sizeof(char *)) +static size_t push_string_check_fn(void *dest, const char *src, size_t dest_len) { + return 0; +} - ; - return 0; +#define push_string_check(dest, src, dest_len) \ + (CHECK_STRING_SIZE(dest, dest_len) \ + ? __unsafe_string_function_usage_here_size_t__() \ + : push_string_check_fn(dest, src, dest_len)) + +int main(int argc, char **argv) { + char outbuf[1024]; + char *p = outbuf; + const char *foo = "bar"; + p += 31 + push_string_check(p + 31, foo, sizeof(outbuf) - (p + 31 - outbuf)); + return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : @@@@ -19513,6 +19517,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs BLDSHARED="true" LDSHFLAGS="-dynamiclib -flat_namespace -undefined suppress" + SONAMEFLAG="-install_name \$(LIBDIR)/" CFLAGS="$CFLAGS -fno-common" SHLD="\${CC}" SHLIBEXT="dylib" @@@@ -19562,7 +19567,7 @@@@ fi if test "x$enable_as_needed" != xno; then saved_before_as_needed_ldflags="$LDFLAGS" - for flags in "-Wl,--as-needed" "-Wl,-z,ignore" "-z ignore" ; do + for flags in "-Wl,-z,ignore" "-z ignore" ; do saved_ldflags="$LDFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $flags works" >&5 $as_echo_n "checking if $flags works... " >&6; } @@@@ -26638,9 +26643,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_set_key in -lcrypto" >&5 -$as_echo_n "checking for des_set_key in -lcrypto... " >&6; } -if ${ac_cv_lib_ext_crypto_des_set_key+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_des_cbc in -lcrypto" >&5 +$as_echo_n "checking for EVP_des_cbc in -lcrypto... " >&6; } +if ${ac_cv_lib_ext_crypto_EVP_des_cbc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@@@ -26652,31 +26657,31 @@@@ else #ifdef __cplusplus extern "C" #endif -char des_set_key (); +char EVP_des_cbc (); int main () { -return des_set_key (); +return EVP_des_cbc (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ext_crypto_des_set_key=yes; + ac_cv_lib_ext_crypto_EVP_des_cbc=yes; ac_cv_lib_ext_crypto=yes else - ac_cv_lib_ext_crypto_des_set_key=no; + ac_cv_lib_ext_crypto_EVP_des_cbc=no; ac_cv_lib_ext_crypto=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_des_set_key" >&5 -$as_echo "$ac_cv_lib_ext_crypto_des_set_key" >&6; } - if test $ac_cv_lib_ext_crypto_des_set_key = yes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ext_crypto_EVP_des_cbc" >&5 +$as_echo "$ac_cv_lib_ext_crypto_EVP_des_cbc" >&6; } + if test $ac_cv_lib_ext_crypto_EVP_des_cbc = yes; then : cat >>confdefs.h <<_ACEOF -#define HAVE_DES_SET_KEY 1 +#define HAVE_EVP_DES_CBC 1 _ACEOF fi @@@@ -36049,31 +36054,39 @@@@ case "$host_os" in NSSSONAMEVERSIONSUFFIX=".2" WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_linux.o" ;; - *freebsd[5-9]*) - # FreeBSD winbind client is implemented as a wrapper around - # the Linux version. - NSSSONAMEVERSIONSUFFIX=".1" - WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_freebsd.o \ - ../nsswitch/winbind_nss_linux.o" - WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" - WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" - ;; - - *netbsd*[3-9]*) - # NetBSD winbind client is implemented as a wrapper - # around the Linux version. It needs getpwent_r() to - # indicate libc's use of the correct nsdispatch API. - # - if test x"$ac_cv_func_getpwent_r" = x"yes"; then - WINBIND_NSS_EXTRA_OBJS="\ - ../nsswitch/winbind_nss_netbsd.o \ + *freebsd*) + case "$UNAME_R" in + [5-9]*) + # FreeBSD winbind client is implemented as a wrapper + # around the Linux version. + NSSSONAMEVERSIONSUFFIX=".1" + WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_freebsd.o \ ../nsswitch/winbind_nss_linux.o" WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" - else - HAVE_WINBIND=no - winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported" - fi + ;; + esac + ;; + + *netbsd*) + case "$UNAME_R" in + [3-9]*) + # NetBSD winbind client is implemented as a wrapper + # around the Linux version. It needs getpwent_r() to + # indicate libc's use of the correct nsdispatch API. + # + if test x"$ac_cv_func_getpwent_r" = x"yes"; then + WINBIND_NSS_EXTRA_OBJS="\ + ../nsswitch/winbind_nss_netbsd.o \ + ../nsswitch/winbind_nss_linux.o" + WINBIND_NSS="../nsswitch/nss_winbind.$SHLIBEXT" + WINBIND_WINS_NSS="../nsswitch/nss_wins.$SHLIBEXT" + else + HAVE_WINBIND=no + winbind_no_reason=", getpwent_r is missing on $host_os so winbind is unsupported" + fi + ;; + esac ;; *irix*) # IRIX has differently named shared libraries @ 1.12 log @Update samba to 3.6.17, security release. ============================== Release Notes for Samba 3.6.17 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.6.16: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.11 2012/12/14 07:39:35 adam Exp $ d3 3 a5 1 --- configure.orig 2013-07-29 18:57:14.000000000 +0000 d7 39 a45 1 @@@@ -19513,6 +19513,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d53 1 a53 1 @@@@ -19562,7 +19563,7 @@@@ fi d62 1 a62 1 @@@@ -26638,9 +26639,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d75 1 a75 1 @@@@ -26652,31 +26653,31 @@@@ else d115 1 a115 1 @@@@ -36043,31 +36044,39 @@@@ case "$host_os" in @ 1.11 log @Major enhancements in Samba 3.6.10 include: o Respond correctly to FILE_STREAM_INFO requests. o Fix segfault when "default devmode" is disabled. o Fix segfaults in "log level = 10" on Solaris. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- configure.orig 2012-12-06 10:40:30.000000000 +0000 d5 1 a5 1 @@@@ -19487,6 +19487,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d13 1 a13 1 @@@@ -19536,7 +19537,7 @@@@ fi d22 1 a22 1 @@@@ -26337,9 +26338,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d35 1 a35 1 @@@@ -26351,31 +26352,31 @@@@ else d75 1 a75 1 @@@@ -35742,31 +35743,39 @@@@ case "$host_os" in @ 1.11.6.1 log @Pullup ticket #4207 - requested by taca net/samba: security update Revisions pulled up: - net/samba/Makefile 1.235,1.237 - net/samba/Makefile.mirrors 1.10 - net/samba/PLIST 1.54 - net/samba/distinfo 1.91-1.92 - net/samba/patches/patch-ac 1.15 - net/samba/patches/patch-ad 1.19 - net/samba/patches/patch-ae 1.11 - net/samba/patches/patch-af 1.12 - net/samba/patches/patch-ah 1.7 - net/samba/patches/patch-ai 1.7 - net/samba/patches/patch-aj 1.7 - net/samba/patches/patch-ak 1.6 - net/samba/patches/patch-an 1.4 - net/samba/patches/patch-ao 1.4 - net/samba/patches/patch-aq 1.4 - net/samba/patches/patch-as 1.4 - net/samba/patches/patch-av 1.5 - net/samba/patches/patch-aw 1.4 - net/samba/patches/patch-ba 1.11 - net/samba/patches/patch-bb 1.5 - net/samba/patches/patch-bf 1.6 --- Module Name: pkgsrc Committed By: adam Date: Wed Jul 3 20:00:48 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile PLIST distinfo pkgsrc/net/samba/patches: patch-bf Log Message: Changes 3.6.16: * BUG 9881: Link dbwrap_tool and dbwrap_torture against libtevent. * BUG 9722: Properly handle Oplock breaks in compound requests. * BUG 9822: Fix crash bug during Win8 sync. * BUG 9927: errno gets overwritten in call to check_parent_exists(). * BUG 8997: Change libreplace GPL source to LGPL. * BUG 9900: is_printer_published GUID retrieval. * BUG 9941: Fix a bug of drvupgrade of smbcontrol. * BUG 9868: Don't know how to make LIBNDR_PREG_OBJ. * BUG 9688: Remove "experimental" label on "max protocol=SMB2" parameter. * BUG 9881: Check for system libtevent. --- Module Name: pkgsrc Committed By: wiz Date: Thu Jul 4 19:31:10 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile.mirrors Log Message: Fix URL. --- Module Name: pkgsrc Committed By: taca Date: Mon Aug 12 02:45:55 UTC 2013 Modified Files: pkgsrc/net/samba: Makefile distinfo pkgsrc/net/samba/patches: patch-ac patch-ad patch-ae patch-af patch-ah patch-ai patch-aj patch-ak patch-an patch-ao patch-aq patch-as patch-av patch-aw patch-ba patch-bb Log Message: Update samba to 3.6.17, security release. ============================== Release Notes for Samba 3.6.17 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.6.16: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. @ text @d3 1 a3 1 --- configure.orig 2013-07-29 18:57:14.000000000 +0000 d5 1 a5 1 @@@@ -19513,6 +19513,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d13 1 a13 1 @@@@ -19562,7 +19563,7 @@@@ fi d22 1 a22 1 @@@@ -26638,9 +26639,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d35 1 a35 1 @@@@ -26652,31 +26653,31 @@@@ else d75 1 a75 1 @@@@ -36043,31 +36044,39 @@@@ case "$host_os" in @ 1.10 log @Update to Samba 3.6.1 Major enhancements in Samba 3.6.1 include: o Fix smbd crashes triggered by Windows XP clients (bug #8384). o Fix a Winbind race leading to 100% CPU load (bug #8409). o Several SMB2 fixes. o The VFS ACL modules are no longer experimental but production-ready. Full release notes at http://www.samba.org/samba/history/samba-3.6.1.html Major enhancements in Samba 3.6.0 include: - Changed security defaults: client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no - SMB2 support (fully functional with one omission) - Internal Winbind passdb changes - New Spoolss code - ID Mapping Changes - Endpoint Mapper - Internal restructuring - SMB Traffic Analyzer (http://holger123.wordpress.com/smb-traffic-analyzer/) - NFS quota backend on Linux Full release notes at http://www.samba.org/samba/history/samba-3.6.0.html @ text @d3 3 a5 3 --- configure.orig 2011-08-09 15:35:40.000000000 +0400 +++ configure 2011-08-23 16:12:22.000000000 +0400 @@@@ -19397,6 +19397,7 @@@@ d13 1 a13 1 @@@@ -19446,7 +19447,7 @@@@ d22 1 a22 19 @@@@ -20152,7 +20153,7 @@@@ fi - if test x"$USESHARED" == x"no" ; then + if test x"$USESHARED" = x"no" ; then LINK_LIBTALLOC=STATIC fi LIBTALLOCVERSION=`grep ^VERSION ${tallocdir}/wscript | sed -e "s/'//g" -e 's/.* //'` @@@@ -20489,7 +20490,7 @@@@ fi - if test x"$USESHARED" == x"no" ; then + if test x"$USESHARED" = x"no" ; then LINK_LIBTDB=STATIC fi LIBTDBVERSION=`grep ^VERSION ${tdbdir}/wscript | sed -e "s/'//g" -e 's/.* //'` @@@@ -26219,9 +26220,9 @@@@ d28 1 a28 1 -if test "${ac_cv_lib_ext_crypto_des_set_key+set}" = set; then : d31 1 a31 1 +if test "${ac_cv_lib_ext_crypto_EVP_des_cbc+set}" = set; then : d35 1 a35 1 @@@@ -26233,31 +26234,31 @@@@ d75 1 a75 1 @@@@ -35632,31 +35633,39 @@@@ @ 1.9 log @Update to Samba 3.5.11 from net/samba35, part of Samba packages rearrangement. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.4 2011/10/11 20:30:00 jmcneill Exp $ d3 3 a5 3 --- configure.orig 2011-08-03 18:25:14.000000000 +0000 +++ configure @@@@ -18345,6 +18345,7 @@@@ $as_echo "#define DARWINOS 1" >>confdefs d13 1 a13 2 @@@@ -18381,7 +18382,7 @@@@ fi $as_echo "$BLDSHARED" >&6; } d15 4 a18 3 saved_before_as_needed_ldflags="$LDFLAGS" -for flags in "-Wl,--as-needed" "-Wl,-z,ignore" "-z ignore" ; do +for flags in "-Wl,-z,ignore" "-z ignore" ; do d22 19 a40 1 @@@@ -25355,9 +25356,9 @@@@ LIBS="-lcrypto $KRB5_LIBS $LIBS" d53 1 a53 1 @@@@ -25369,31 +25370,31 @@@@ else d93 1 a93 1 @@@@ -34506,31 +34507,39 @@@@ case "$host_os" in a154 17 @@@@ -34728,6 +34737,16 @@@@ $as_echo "#define HAVE_PASSWD_PW_AGE 1" fi +# NetBSD + +ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "#include +" +if test "x$ac_cv_member_struct_passwd_pw_class" = x""yes; then : + +$as_echo "#define HAVE_PASSWD_PW_CLASS 1" >>confdefs.h + +fi + # AIX 4.3.x and 5.1 do not have as many members in # struct secmethod_table as AIX 5.2 @ 1.8 log @Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain = yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks = yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab = yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD$ d3 148 a150 52 --- ../examples/smb.conf.default.orig 2007-02-04 18:59:31.000000000 +0000 +++ ../examples/smb.conf.default 2007-02-11 15:22:45.000000000 +0000 @@@@ -26,7 +26,7 @@@@ workgroup = MYGROUP # server string is the equivalent of the NT Description field - server string = Samba Server + server string = Samba %v (%h) # Security mode. Defines in which mode Samba will operate. Possible # values are share, user, server, domain and ads. Most people will want @@@@ -63,10 +63,10 @@@@ # this tells Samba to use a separate log file for each machine # that connects - log file = /usr/local/samba/var/log.%m +; log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). - max log size = 50 +; max log size = 50 # Use password server option only with security = server # The argument list may include: @@@@ -145,7 +145,7 @@@@ # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The default is NO. - dns proxy = no +; dns proxy = no # These scripts are used on a domain controller or stand-alone # machine to add or delete corresponding unix accounts @@@@ -182,14 +182,14 @@@@ # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer -[printers] - comment = All Printers - path = /usr/spool/samba - browseable = no +;[printers] +; comment = All Printers +; path = /var/tmp +; browseable = no # Set public = yes to allow user 'guest account' to print - guest ok = no - writable = no - printable = yes +; guest ok = no +; writable = no +; printable = yes d152 2 a153 2 # This one is useful for people to share files ;[tmp] @ 1.7 log @Update net/samba to 3.0.20.2 from samba-3.0.20b. Recommended patches for samba-3.0.20b that are applied as part of this update include: http://www.samba.org/samba/patches/print_lprm.patch http://www.samba.org/samba/patches/quota.patch http://www.samba.org/samba/patches/bug3201_wbinfo.patch This fixes PRs pkg/31352 and pkg/31991. Important changes that were made as part of porting this Samba release to pkgsrc include the following: * The new release model for Samba includes distributing patches for urgent bug fixes that will be included in the next release of Samba, and are available at http://www.samba.org/samba/patches/. Since these patches are rather generically named, we download all DISTFILES and PATCHFILES for Samba into a ${DISTNAME}-specific directory. * The default configuration for the samba package no longer builds the "winbind" portions of samba, which are really only useful when attempting to unify logons between Unix and Microsoft Windows. When the "winbind" option is specified, we also build the RID and AD idmap backends, which allow sharing UIDs/GIDs across Unix machines. * New package options have been added to the build: "mysql", "pgsql", and "xml" allow adding optional support for experimental passdb storage backends, and "winbind" allows for optionally building the winbindd daemon and associated plugins. * Two new smb.conf options were added -- "passwd expand gecos" and "state directory". The first describes whether "&" in the GECOS field of a passwd db entry is expanded to the login name. The second describes the location where the persistent-state database files are stored. * Luke Mewburn contributed code to allow nss_winbind.so to work properly on supported NetBSD systems. The FreeBSD NSS winbind code should probably be replaced with a suitably tweaked version of the NetBSD code since the latter is much more complete in the functions that are provided, but I'll leave that to freebsd-pkg-people. * Samba dumps all of its files into "lock directory", but some of them need to persist across reboots. We make a distinction between these files and the temporary files that are re-created by the Samba daemons when they are restarted -- the former are now stored in a "state directory" and the latter are stored in the "lock directory". This is modeled after the Debian patch to Samba located in: packaging/Debian/debian-unstable/patches/fhs.patch The "lock directory" default has been moved to ${VARBASE}/run/samba to emphasize the temporary status of the files stored in that directory. * Samba persists in using PAM_AUTHTOK_RECOVER_ERR, when there is almost universal agreement that PAM_AUTHTOK_RECOVERY_ERR is the right constant to use. Even the Linux-PAM distribution ensures that PAM_AUTHTOK_RECOVERY_ERR is correctly defined. To work around this, we define PAM_AUTHTOK_RECOVER_ERR appropriately in all the places where it is used. * The configure script checks for OpenSSL's libcrypto.so by looking for the symbol "des_set_key". However, libcrypto.so might not contain that symbol because the DES functions might come from a separate library, e.g. libdes.so. In this case, the configure script will think that libcrypto.so is not available, when it actually may be. Instead, look for EVP_des_cbc, which is always provided by libcrypto.so. * Add some missing $(PASSDB_LIBS) references to the Makefile to fix compilation problems if the experimental passdb backends are statically compiled into the Samba suite programs. * Fix compilation problems in sam/idmap_rid.c and sam/idmap_ad.c if the "rid" and "ad" idmap backends are statically compiled into winbindd. Changes between version 3.0.14a and 3.0.20b include: o Reporting files as read-only instead of returning the correct error code of "access denied" o File system quota support defects o Crash bugs caused by incompatibilities on 64-bit systems. o User Manager interoperability problems. o Support for several new Win32 rpc pipes. o New 'net rpc service' tool for managing Win32 services. o Capability to set the owner on new files and directory based on the parent's ownership. o Experimental, asynchronous IO file serving support. o Support for Microsoft Print Migrator. o New Winbind IDmap plugin (ad) for retrieving uid and gid from AD servers which maintain the SFU user and group attributes. o Rewritten support for POSIX pathnames when utilizing the Linux CIFS fs client. o New asynchronous winbindd. o New Windows NT registry file I/O library. o New user right (SeTakeOwnershipPrivilege) added. o New "net share migrate" options. @ text @d3 2 a4 2 --- ../examples/smb.conf.default.orig 2005-10-12 13:03:50.000000000 -0400 +++ ../examples/smb.conf.default d27 1 a27 10 @@@@ -96,7 +96,7 @@@@ # and the manual pages for details. # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 - socket options = TCP_NODELAY +; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them @@@@ -152,7 +152,7 @@@@ d36 1 a36 1 @@@@ -189,14 +189,14 @@@@ @ 1.7.10.1 log @Pullup ticket 2019 - requested by tron security update for samba Revisions pulled up: - pkgsrc/net/samba/Makefile 1.169 - pkgsrc/net/samba/PLIST 1.35 - pkgsrc/net/samba/distinfo 1.52 - pkgsrc/net/samba/patches/patch-ab 1.26 - pkgsrc/net/samba/patches/patch-ad removed - pkgsrc/net/samba/patches/patch-af 1.8 - pkgsrc/net/samba/patches/patch-ag 1.6 - pkgsrc/net/samba/patches/patch-ai 1.4 - pkgsrc/net/samba/patches/patch-al 1.5 - pkgsrc/net/samba/patches/patch-at 1.6 - pkgsrc/net/samba/patches/patch-au 1.6 - pkgsrc/net/samba/patches/patch-aw 1.2 - pkgsrc/net/samba/patches/patch-ay 1.2 - pkgsrc/net/samba/patches/patch-ba 1.4 - pkgsrc/net/samba/patches/patch-bb 1.2 - pkgsrc/net/samba/patches/patch-bg 1.2 - pkgsrc/net/samba/patches/patch-bi 1.4 - pkgsrc/net/samba/patches/patch-bl removed - pkgsrc/net/samba/patches/patch-bm 1.2 - pkgsrc/net/samba/patches/patch-bn 1.2 - pkgsrc/net/samba/patches/patch-bu 1.4 - pkgsrc/net/samba/patches/patch-bv 1.2 - pkgsrc/net/samba/patches/patch-cd removed Module Name: pkgsrc Committed By: tron Date: Sun Feb 11 18:39:04 UTC 2007 Modified Files: pkgsrc/net/samba: Makefile PLIST distinfo pkgsrc/net/samba/patches: patch-ab patch-af patch-ag patch-ai patch-al patch-at patch-au patch-aw patch-ay patch-ba patch-bb patch-bg patch-bi patch-bm patch-bn patch-bu patch-bv Removed Files: pkgsrc/net/samba/patches: patch-ad patch-bl patch-cd Log Message: Update "samba" package to version 3.0.24. Major changes since version 3.0.22: - CVE-2007-0452 (Potential Denial of Service bug in smbd) - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind NSS library on Solaris) - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin) - Stability fixes for winbindd - Portability fixes on FreeBSD and Solaris operating systems. - Authentication failures in pam_winbind when the AD domain policy is set to not expire passwords. - Authorization failures when using smb.conf options such as "valid users" with the smbpasswd passdb backend. - Ambiguity with unqualified names in smb.conf parameters such as "force user" and "valid users". - Errors in 'net ads join' caused by bad IP address in the list of domain controllers. - SMB signing errors in the client and server code. - Domain join failures when using smbpasswd on a Samba PDC. - Failure to strip the domain name from groups when 'winbind use default domain =3D yes' - Failure in pam_winbind to correctly parse arguments. - Bad token creation of local users on member servers not running winbindd. - Failure to add users or groups to ACLs using the Windows object picker. - Failure in file serving code when 'kernel oplocks =3D yes'. - New "createupn" option to "net ads join" - Rewritten Kerberos keytab generation when 'use kerberos keytab =3D yes' - Improved 'make test' - New offline mode in winbindd. - New Kerberos support for pam_winbind.so. - New handling of unmapped users and groups. - New non-root share management tools. - Improved support for local and BUILTIN groups. - Winbind IDMAP integration with RFC2307 schema objects supported by Windows 2003 R2. - Rewritten 'net ads join' to mimic Windows XP without requiring administrative rights to join a domain. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.8 2007/02/11 18:39:04 tron Exp $ d3 2 a4 2 --- ../examples/smb.conf.default.orig 2007-02-04 18:59:31.000000000 +0000 +++ ../examples/smb.conf.default 2007-02-11 15:22:45.000000000 +0000 d27 10 a36 1 @@@@ -145,7 +145,7 @@@@ d45 1 a45 1 @@@@ -182,14 +182,14 @@@@ @ 1.6 log @Update net/samba to 3.0.7. Changes from version 3.0.5 include: o Fixes for two Denial of Service vulnerabalities (CVE ID# CAN-2004-0807 & CAN-2004-0808). o Winbind failure to return user entries under certain conditions. o Syntax errors in the OpenLDAP schema file (samba.schema). o Printing errors caused by not setting default values for the various printing commands. * Disable 'winbind enable local accounts' by default. o Schannel failure in winbindd. o Incompatibilities between the 'write list' and 'force user' smb.conf options. o Premature optimization of the open_directory() internal function that broke tools such as the ArcServe backup agent, Macromedia HomeSite, and Robocopy. o Sharing violation errors commonly seen when opening when serving Microsoft Office documents from a Samba file share. o Browsing problems caused by an apostrophe (') in the computer's description field. o Problems creating special file types from UNIX CIFS clients and enabling 'unix extensions'. o Fix stalls in smbd caused by inaccessible LDAP servers. o Remove various memory leaks. o Fix issues in the password lockout feature. o Using a cups server other than localhost. o Maintaining the service principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab o Support for maintaining individual printer names stored separately from the printer's sharename. o Support for maintaining user password history. o Support for honoring the logon times for user in a Samba domain. * Reintroduce 'force unknown acl user' parameter. When getting a security descriptor for a file, if the owner sid is not known, the owner uid is set to the current uid. Same for group sid. @ text @d3 1 a3 1 --- ../examples/smb.conf.default.orig Thu Jul 8 13:06:16 2004 d45 3 a47 1 @@@@ -191,7 +191,7 @@@@ d49 2 a50 2 [printers] comment = All Printers d52 5 a56 2 + path = /var/tmp browseable = no d58 9 a66 1 guest ok = no @ 1.5 log @Update net/samba to 3.0.1. Major changes from version 2.2.8anb6 include: * Active Directory support. Samba is able to join a ADS realm as a member server and authenticate using LDAP/Kerberos. * Unicode support. * New, more flexible authentication (passdb) system. * A new "net" command that is similar to the "net" command in Windows. * Samba now negotiates NT-style status32 codes on the wire, which greatly improves error handling. * Better Windows 2K/2K3/XP printing support. * Loadable module support for passdb backends and character sets. * More performant winbindd. * Support for migrating from a Windows NT4 domain to a Samba domain and maintaining user, group, and domain SIDs. * Support for establishing trust relationships with Windows NT4 DCs. * Initial support for a distributed Winbind architecture using an LDAP directory for storing SID-to-uid/gid mappings. * Major updates to the Samba documentation tree. * Full support for client and server SMB signing to ensure compatibility with default Windows 2K3 security settings. * Improvement of ACL mapping features. @ text @d3 1 a3 1 --- ../examples/smb.conf.default.orig Fri Aug 15 16:39:44 2003 d5 1 a5 1 @@@@ -21,7 +21,7 @@@@ d14 1 a14 1 @@@@ -58,10 +58,10 @@@@ d27 1 a27 1 @@@@ -91,7 +91,7 @@@@ d36 1 a36 1 @@@@ -147,7 +147,7 @@@@ d45 1 a45 1 @@@@ -186,7 +186,7 @@@@ @ 1.4 log @Update samba to 2.0.9: Samba 2.0.9 is a security bugfix release which correctly fixes the problem 2.0.8 was supposed to address. (A bug in the handling of temporary files that allowed local users to destroy data on local devices). @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.3 2000/09/03 09:17:00 kei Exp $ d3 51 a53 33 --- include/includes.h.orig Sat Jul 15 01:52:58 2000 +++ include/includes.h Sun Sep 3 06:23:10 2000 @@@@ -832,20 +832,20 @@@@ #define ULTRIX_AUTH 1 #endif -#ifdef HAVE_LIBREADLINE -# ifdef HAVE_READLINE_READLINE_H -# include -# ifdef HAVE_READLINE_HISTORY_H -# include +#ifdef HAVE_READLINE +# ifdef HAVE_READLINE_H +# include +# ifdef HAVE_HISTORY_H +# include # endif # else -# ifdef HAVE_READLINE_H -# include -# ifdef HAVE_HISTORY_H -# include +# ifdef HAVE_READLINE_READLINE_H +# include +# ifdef HAVE_READLINE_HISTORY_H +# include # endif # else -# undef HAVE_LIBREADLINE +# undef HAVE_READLINE # endif # endif #endif @ 1.3 log @Merged japanese/samba package to net/samba, as per discussion of Hubert Feyrer and Manuel Bouyer. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Updated samba to 2.0.7. Major changes from version 2.0.6 are below. A complete list of changes can be found at http://www.samba.org/. New Documentation in 2.0.7 -------------------------- O'Reilly and Associates have donated their book "Using Samba" to the Samba community to be updated in a collaberative way along with the Samba software. Starting with this release the html of "Using Samba" will be distributed with the Samba software as the online documentation for Samba. Bug fixes for the book are encouraged as is new material. Please help us make this documentation the best it can be for Samba ! Windows 2000 Issues ------------------- This version of Samba has been tested with Windows 2000 and the five known incompatibilities with Windows 2000 have been fixed. See the "Changes in 2.0.7" list below for details. New/Changed parameters in 2.0.7 ------------------------------- There are 5 new parameters in the smb.conf file. utmp utmp dir utmp hostname utmp consolidate wtmp directory These parameters are only available if the "--with-utmp" option was selected at configure time. The yes/no option "utmp" specifies whether utmp records should be recorded on user logon/logoff. It defaults to "no". The "utmp dir" and "wtmp dir" are string parameters specifying pathnames to the directories containing the utmp/wtmp file databases. See the smb.conf man page for more details. inherit permissions This boolean parameter causes newly created files and directories to inherit their initial permissions from their parent directory. This can be very useful in propagating such things as the set-group bit in directory heirarchies. See the smb.conf man page for more details. write cache size This integer parameter specifies (in bytes) the size of a user level per-file write cache that smbd will create for an oplocked file. This can improve performance significantly for writing files by causing writes to be done in large chunk sizes. If this parameter is set (it defaults to zero which means no write cache) to the stripe size of a raid volume then it will cause writes to be much more efficient. Up to 10 write caches can be active simultaneously per smbd (allocated for the first 10 oplocked file opens). All normal warnings about the dangers of user level caching of data apply. See the smb.conf man page for more details. source environment This pathname parameter causes Samba to read a list of environment variables from a named file on startup. This can be useful in setting up Samba in a clustered environment. See the smb.conf man page for more details. Ability to delete users added ----------------------------- SWAT and smbpasswd can now delete users from the Samba smbpasswd file. See the man page for smbpasswd for details. Roving profile behavior finalized --------------------------------- The change in behavior with roving profiles (using the "logon home" parameter instead of the "logon path" parameter) introduced in 2.0.6 has been discovered to be consistant with the way Windows NT behaves, and has been left as the default action. Please see the additional notes in the "logon home" parameter description in the smb.conf man page for more details. @ text @d3 3 a5 3 --- include/includes.h.orig Tue Apr 25 19:06:46 2000 +++ include/includes.h Fri Apr 28 16:34:56 2000 @@@@ -808,20 +808,20 @@@@ @ 1.1 log @Remove readline dependency for systems whose libedit.a has readline emulation. I've finally learned enough autoconf voodoo to do this the right way :) Also preliminary preparations for CUPS (IPP) support. @ text @d3 3 a5 3 --- include/includes.h.orig Wed Nov 10 21:36:00 1999 +++ include/includes.h Tue Jan 18 14:12:29 2000 @@@@ -775,20 +775,20 @@@@ @