head 1.102; access; symbols pkgsrc-2023Q4:1.100.0.2 pkgsrc-2023Q4-base:1.100 pkgsrc-2023Q3:1.96.0.2 pkgsrc-2023Q3-base:1.96 pkgsrc-2023Q2:1.93.0.2 pkgsrc-2023Q2-base:1.93 pkgsrc-2023Q1:1.90.0.2 pkgsrc-2023Q1-base:1.90 pkgsrc-2022Q4:1.87.0.2 pkgsrc-2022Q4-base:1.87 pkgsrc-2022Q3:1.83.0.2 pkgsrc-2022Q3-base:1.83 pkgsrc-2022Q2:1.77.0.2 pkgsrc-2022Q2-base:1.77 pkgsrc-2022Q1:1.76.0.2 pkgsrc-2022Q1-base:1.76 pkgsrc-2021Q4:1.70.0.2 pkgsrc-2021Q4-base:1.70 pkgsrc-2021Q3:1.65.0.2 pkgsrc-2021Q3-base:1.65 pkgsrc-2021Q2:1.63.0.2 pkgsrc-2021Q2-base:1.63 pkgsrc-2021Q1:1.58.0.2 pkgsrc-2021Q1-base:1.58 pkgsrc-2020Q4:1.55.0.2 pkgsrc-2020Q4-base:1.55 pkgsrc-2020Q3:1.52.0.2 pkgsrc-2020Q3-base:1.52 pkgsrc-2020Q2:1.48.0.2 pkgsrc-2020Q2-base:1.48 pkgsrc-2020Q1:1.42.0.2 pkgsrc-2020Q1-base:1.42 pkgsrc-2019Q4:1.38.0.4 pkgsrc-2019Q4-base:1.38 pkgsrc-2019Q3:1.36.0.2 pkgsrc-2019Q3-base:1.36 pkgsrc-2019Q2:1.32.0.2 pkgsrc-2019Q2-base:1.32 pkgsrc-2019Q1:1.25.0.2 pkgsrc-2019Q1-base:1.25 pkgsrc-2018Q4:1.22.0.2 pkgsrc-2018Q4-base:1.22 pkgsrc-2018Q3:1.18.0.2 pkgsrc-2018Q3-base:1.18 pkgsrc-2018Q2:1.17.0.6 pkgsrc-2018Q2-base:1.17 pkgsrc-2018Q1:1.17.0.4 pkgsrc-2018Q1-base:1.17 pkgsrc-2017Q4:1.17.0.2 pkgsrc-2017Q4-base:1.17 pkgsrc-2017Q3:1.16.0.4 pkgsrc-2017Q3-base:1.16 pkgsrc-2017Q2:1.14.0.2 pkgsrc-2017Q2-base:1.14 pkgsrc-2017Q1:1.11.0.6 pkgsrc-2017Q1-base:1.11 pkgsrc-2016Q4:1.11.0.4 pkgsrc-2016Q4-base:1.11 pkgsrc-2016Q3:1.11.0.2 pkgsrc-2016Q3-base:1.11 pkgsrc-2016Q2:1.10.0.2 pkgsrc-2016Q2-base:1.10 pkgsrc-2016Q1:1.8.0.2 pkgsrc-2016Q1-base:1.8 pkgsrc-2015Q4:1.6.0.2 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.3.0.4 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.2 pkgsrc-2015Q2-base:1.3; locks; strict; comment @# @; 1.102 date 2024.02.20.05.21.35; author adam; state Exp; branches; next 1.101; commitid stRrckLnTm3rc8ZE; 1.101 date 2024.01.10.08.39.30; author adam; state Exp; branches; next 1.100; commitid xmF4J5M0sY08CSTE; 1.100 date 2023.11.27.17.08.25; author adam; state Exp; branches; next 1.99; commitid pr0dQkl2lY7lQgOE; 1.99 date 2023.11.15.18.54.43; author wiz; state Exp; branches; next 1.98; commitid fiF0sOo1KnyBOJME; 1.98 date 2023.10.10.16.05.01; author taca; state Exp; branches; next 1.97; commitid nBrLwNKe7U9t26IE; 1.97 date 2023.09.27.12.02.48; author taca; state Exp; branches; next 1.96; commitid 7EM70hsqh05h7pGE; 1.96 date 2023.08.29.14.50.41; author taca; state Exp; branches 1.96.2.1; next 1.95; commitid Gk6CRz1LdE8GYGCE; 1.95 date 2023.07.20.01.28.34; author taca; state Exp; branches; next 1.94; commitid mJSgoEgLmDiaPtxE; 1.94 date 2023.07.19.15.33.27; author wiz; state Exp; branches; next 1.93; commitid nsLlco8fa2m4xqxE; 1.93 date 2023.06.16.21.40.12; author wiz; state Exp; branches 1.93.2.1; next 1.92; commitid 9vvUivsOyssDCdtE; 1.92 date 2023.04.29.08.01.06; author wiz; state Exp; branches; next 1.91; commitid 8eZ9Hjsd0f4iDYmE; 1.91 date 2023.04.01.08.49.05; author taca; state Exp; branches; next 1.90; commitid 6KQx3NbHxbZyNnjE; 1.90 date 2023.03.17.14.01.50; author taca; state Exp; branches 1.90.2.1; next 1.89; commitid k0UCc8mfspUJ0uhE; 1.89 date 2023.01.28.13.52.03; author taca; state Exp; branches; next 1.88; commitid xyUq6ghvne12vjbE; 1.88 date 2023.01.03.15.27.23; author wiz; state Exp; branches; next 1.87; commitid pOhinCxJWnAAP68E; 1.87 date 2022.11.29.13.20.23; author jperkin; state Exp; branches 1.87.2.1; next 1.86; commitid 1MgzZVvg3NwpeB3E; 1.86 date 2022.11.25.10.21.14; author wiz; state Exp; branches; next 1.85; commitid rMVF0fJXk0Mho43E; 1.85 date 2022.10.25.16.15.35; author taca; state Exp; branches; next 1.84; commitid 69P4h9zdE2PBl7ZD; 1.84 date 2022.10.25.07.46.11; author wiz; state Exp; branches; next 1.83; commitid iWIi5gW2mTzOw4ZD; 1.83 date 2022.09.12.16.04.57; author adam; state Exp; branches 1.83.2.1; next 1.82; commitid NgfBfJOyL5XxFATD; 1.82 date 2022.09.03.18.49.21; author jperkin; state Exp; branches; next 1.81; commitid C9TlOpAn4IFvRrSD; 1.81 date 2022.08.30.17.47.50; author jperkin; state Exp; branches; next 1.80; commitid nCe7d2ZfoWQREVRD; 1.80 date 2022.08.09.17.56.09; author adam; state Exp; branches; next 1.79; commitid UG8yI4LpGtWsnePD; 1.79 date 2022.07.29.20.33.38; author jperkin; state Exp; branches; next 1.78; commitid WeTUApJ2bWL7APND; 1.78 date 2022.07.21.09.35.19; author adam; state Exp; branches; next 1.77; commitid bda48AXwIwz7dKMD; 1.77 date 2022.04.25.16.25.02; author jperkin; state Exp; branches 1.77.2.1; next 1.76; commitid ZggtYwxtgggyhBBD; 1.76 date 2022.03.24.10.16.13; author hauke; state Exp; branches; next 1.75; commitid OLwo1kEojYchgsxD; 1.75 date 2022.03.20.21.53.53; author adam; state Exp; branches; next 1.74; commitid tN1dj2ZKMuoWf0xD; 1.74 date 2022.03.07.22.45.49; author thor; state Exp; branches; next 1.73; commitid bxtzsuPgYXx5XkvD; 1.73 date 2022.03.07.21.40.37; author thor; state Exp; branches; next 1.72; commitid lThpKNoRM9eEAkvD; 1.72 date 2022.01.31.13.45.12; author taca; state Exp; branches; next 1.71; commitid DCJhvO2HXZp66NqD; 1.71 date 2022.01.10.14.11.16; author taca; state Exp; branches; next 1.70; commitid jqiRLDu7vmXUU5oD; 1.70 date 2021.12.25.03.36.01; author taca; state Exp; branches 1.70.2.1; next 1.69; commitid AsvoxLsFx7SIUYlD; 1.69 date 2021.11.10.13.33.20; author adam; state Exp; branches; next 1.68; commitid tniNhZdUEpOaFfgD; 1.68 date 2021.10.26.11.06.54; author nia; state Exp; branches; next 1.67; commitid G83yJyZF8er6kjeD; 1.67 date 2021.10.08.13.20.34; author adam; state Exp; branches; next 1.66; commitid daqB6l6mkFfEE0cD; 1.66 date 2021.10.07.14.42.46; author nia; state Exp; branches; next 1.65; commitid EMvsIaZgYm1t8TbD; 1.65 date 2021.09.13.10.13.33; author adam; state Exp; branches 1.65.2.1; next 1.64; commitid Q5Uutm7H6SMoqM8D; 1.64 date 2021.07.25.15.58.04; author taca; state Exp; branches; next 1.63; commitid BS2QrB099TmmWn2D; 1.63 date 2021.06.22.09.36.41; author nia; state Exp; branches; next 1.62; commitid XB9IvSIzuWBgT6YC; 1.62 date 2021.06.01.08.30.17; author adam; state Exp; branches; next 1.61; commitid Ewx0T0sxiqj9cpVC; 1.61 date 2021.04.29.15.21.16; author taca; state Exp; branches; next 1.60; commitid 1gf1ylntP8ERwcRC; 1.60 date 2021.04.22.15.47.45; author adam; state Exp; branches; next 1.59; commitid 1x2EHEonvh80UiQC; 1.59 date 2021.04.14.19.11.20; author adam; state Exp; branches; next 1.58; commitid eEYvwmWgAe7lhiPC; 1.58 date 2021.03.24.16.33.46; author adam; state Exp; branches; next 1.57; commitid upcuNfyyNe7A5AMC; 1.57 date 2021.03.20.19.27.35; author adam; state Exp; branches; next 1.56; commitid EPdbcSqxpQkcb5MC; 1.56 date 2021.01.27.06.17.17; author adam; state Exp; branches; next 1.55; commitid AOoM0sdxjqAFtkFC; 1.55 date 2020.12.17.12.15.43; author adam; state Exp; branches; next 1.54; commitid yxzELDHkQUVoM5AC; 1.54 date 2020.11.12.06.37.18; author adam; state Exp; branches; next 1.53; commitid N2EOSSOe0GDw1zvC; 1.53 date 2020.10.30.07.17.16; author taca; state Exp; branches; next 1.52; commitid FZEE8tiE84GdFTtC; 1.52 date 2020.09.19.14.00.54; author taca; state Exp; branches 1.52.2.1; next 1.51; commitid WiD7AkVBwAsXdFoC; 1.51 date 2020.08.18.07.39.31; author adam; state Exp; branches; next 1.50; commitid wWpUAnL1IgYT8wkC; 1.50 date 2020.07.21.18.42.25; author christos; state Exp; branches; next 1.49; commitid OMzlXaQ1v2p1IYgC; 1.49 date 2020.07.06.14.38.06; author adam; state Exp; branches; next 1.48; commitid PeoO8iGiep9BP1fC; 1.48 date 2020.05.26.13.11.01; author jperkin; state Exp; branches 1.48.2.1; next 1.47; commitid KUSR3TG7t0K1GK9C; 1.47 date 2020.05.19.16.51.43; author adam; state Exp; branches; next 1.46; commitid NGP0q6h8CAXk7S8C; 1.46 date 2020.05.19.12.13.51; author hauke; state Exp; branches; next 1.45; commitid tSTpodiBIt8lzQ8C; 1.45 date 2020.04.29.10.01.18; author adam; state Exp; branches; next 1.44; commitid jsE7RvvZYDyFug6C; 1.44 date 2020.04.07.08.17.28; author adam; state Exp; branches; next 1.43; commitid Swrn0lRG21YKCq3C; 1.43 date 2020.04.02.11.21.41; author adam; state Exp; branches; next 1.42; commitid Wa63wLmymJoRNN2C; 1.42 date 2020.01.29.12.44.14; author adam; state Exp; branches; next 1.41; commitid Ft9rRscMTD1TjAUB; 1.41 date 2020.01.21.14.12.36; author taca; state Exp; branches; next 1.40; commitid R8cy68NAs36a4zTB; 1.40 date 2020.01.08.10.40.02; author jperkin; state Exp; branches; next 1.39; commitid JTHVtaCO1cS8jSRB; 1.39 date 2019.12.30.13.58.35; author adam; state Exp; branches; next 1.38; commitid jBv9BqAlUqK8HJQB; 1.38 date 2019.12.10.13.03.41; author adam; state Exp; branches 1.38.4.1; next 1.37; commitid exnIIiwpSrzc2aOB; 1.37 date 2019.11.10.17.01.58; author adam; state Exp; branches; next 1.36; commitid RfZ7NLoOHs32jkKB; 1.36 date 2019.09.05.12.39.56; author hauke; state Exp; branches; next 1.35; commitid FDfCDHERNAH2XOBB; 1.35 date 2019.09.03.19.11.58; author adam; state Exp; branches; next 1.34; commitid n4Ws0PhstpHPdBBB; 1.34 date 2019.08.23.10.52.41; author adam; state Exp; branches; next 1.33; commitid Dfh2jB8P5bKJN8AB; 1.33 date 2019.08.03.06.54.39; author adam; state Exp; branches; next 1.32; commitid zdQ1HJfb8rWs8yxB; 1.32 date 2019.06.28.17.13.50; author jperkin; state Exp; branches 1.32.2.1; next 1.31; commitid ipiCsvP09XMYIYsB; 1.31 date 2019.06.22.13.27.12; author jmcneill; state Exp; branches; next 1.30; commitid UATDAJdcQ2ybFbsB; 1.30 date 2019.06.19.21.22.59; author adam; state Exp; branches; next 1.29; commitid CJxMDzg9GqS9oQrB; 1.29 date 2019.05.22.19.57.12; author adam; state Exp; branches; next 1.28; commitid MGrqLlWvexjsOeoB; 1.28 date 2019.05.15.09.07.21; author adam; state Exp; branches; next 1.27; commitid 6V5qbVH5za4HrhnB; 1.27 date 2019.04.08.18.35.59; author adam; state Exp; branches; next 1.26; commitid MBFzI2jtBlScMziB; 1.26 date 2019.04.03.14.23.06; author adam; state Exp; branches; next 1.25; commitid KrC3GuFYnGkDxUhB; 1.25 date 2019.03.20.19.09.10; author adam; state Exp; branches 1.25.2.1; next 1.24; commitid 6hMtylCUPtqDz8gB; 1.24 date 2019.03.13.18.02.31; author adam; state Exp; branches; next 1.23; commitid DyVu5DbUUsQRqefB; 1.23 date 2019.03.01.20.03.24; author roy; state Exp; branches; next 1.22; commitid CCqSohpqU2hauHdB; 1.22 date 2018.12.22.01.13.52; author adam; state Exp; branches; next 1.21; commitid O1rUV8UEulLrrJ4B; 1.21 date 2018.12.20.21.18.22; author adam; state Exp; branches; next 1.20; commitid 0awto6raLNLgbA4B; 1.20 date 2018.11.29.14.46.46; author taca; state Exp; branches; next 1.19; commitid 3n6VlGyhepKXGQ1B; 1.19 date 2018.11.23.07.30.02; author ryoon; state Exp; branches; next 1.18; commitid lXbvlXjrqhr9t21B; 1.18 date 2018.09.20.18.24.08; author tnn; state Exp; branches; next 1.17; commitid C7EwI6E10bfR8SSA; 1.17 date 2017.11.11.01.32.47; author jklos; state Exp; branches; next 1.16; commitid eLcqjp2mShC6ByeA; 1.16 date 2017.09.20.15.14.30; author taca; state Exp; branches; next 1.15; commitid cxgtn081ryriPW7A; 1.15 date 2017.09.18.06.41.46; author taca; state Exp; branches; next 1.14; commitid EehgoW58DizG0E7A; 1.14 date 2017.06.27.13.37.16; author fhajny; state Exp; branches; next 1.13; commitid 6BpVXNTDKYJ111Xz; 1.13 date 2017.05.24.15.51.32; author he; state Exp; branches; next 1.12; commitid 5IOOcMdr6ubgRESz; 1.12 date 2017.04.08.08.56.27; author ryoon; state Exp; branches; next 1.11; commitid 3lgBE7lbcfxA2IMz; 1.11 date 2016.07.07.16.44.14; author taca; state Exp; branches 1.11.6.1; next 1.10; commitid fvo7xor6AT6xspdz; 1.10 date 2016.05.07.03.09.33; author taca; state Exp; branches 1.10.2.1; next 1.9; commitid rzBHOqkZO1U1Vu5z; 1.9 date 2016.04.13.08.26.10; author manu; state Exp; branches; next 1.8; commitid b2ePpkM5ydbBor2z; 1.8 date 2016.01.31.20.28.23; author ryoon; state Exp; branches 1.8.2.1; next 1.7; commitid 1kXukBWnXZkSM7Ty; 1.7 date 2015.12.29.23.58.32; author wiz; state Exp; branches; next 1.6; commitid 2N2rs9cSE7Qo0UOy; 1.6 date 2015.12.13.08.48.36; author wiz; state Exp; branches 1.6.2.1; next 1.5; commitid ofwX9taBOYGquLMy; 1.5 date 2015.11.04.00.35.36; author agc; state Exp; branches; next 1.4; commitid K5R8pkzReRJy0IHy; 1.4 date 2015.09.28.17.37.04; author ryoon; state Exp; branches; next 1.3; commitid QJCLUHHtJXo9R2Dy; 1.3 date 2015.06.26.16.09.49; author jperkin; state Exp; branches; next 1.2; commitid Cc8Xam97HYwDmXqy; 1.2 date 2015.05.26.15.11.25; author jperkin; state Exp; branches; next 1.1; commitid yv3YawOxBiKg4Ymy; 1.1 date 2015.05.12.12.19.52; author ryoon; state Exp; branches; next ; commitid 4reC5lBSgnPrz9ly; 1.96.2.1 date 2023.10.12.15.59.15; author bsiegert; state Exp; branches; next 1.96.2.2; commitid B2Gn1WZtGvDxWlIE; 1.96.2.2 date 2023.12.09.21.54.35; author bsiegert; state Exp; branches; next ; commitid peUemP3qpoMC2QPE; 1.93.2.1 date 2023.08.15.18.21.21; author bsiegert; state Exp; branches; next ; commitid oFvE1dEt5fwSAUAE; 1.90.2.1 date 2023.04.01.18.55.38; author bsiegert; state Exp; branches; next ; commitid NV8Ic2WDcMfG9rjE; 1.87.2.1 date 2023.02.12.19.23.21; author spz; state Exp; branches; next ; commitid fPBawgR5jaPPQgdE; 1.83.2.1 date 2022.11.05.17.58.53; author bsiegert; state Exp; branches; next ; commitid Zywn5VYsyA4azx0E; 1.77.2.1 date 2022.08.28.08.13.40; author spz; state Exp; branches; next ; commitid ZKj34OE4h4QTxCRD; 1.70.2.1 date 2022.01.21.15.49.25; author bsiegert; state Exp; branches; next 1.70.2.2; commitid aqeBbpGuDLnH6wpD; 1.70.2.2 date 2022.02.06.19.11.23; author bsiegert; state Exp; branches; next ; commitid iokNkSEvbEo6IArD; 1.65.2.1 date 2021.11.24.12.45.47; author tm; state Exp; branches; next ; commitid zSasPyPOfE7iX2iD; 1.52.2.1 date 2020.11.01.10.50.52; author bsiegert; state Exp; branches; next ; commitid 9fHMDGbqSvV6NauC; 1.48.2.1 date 2020.07.29.20.15.59; author bsiegert; state Exp; branches; next ; commitid T9NABfw8xjjjY0iC; 1.38.4.1 date 2020.01.29.13.13.05; author bsiegert; state Exp; branches; next ; commitid Cn2dZW2VUDoWtAUB; 1.32.2.1 date 2019.09.15.09.11.02; author bsiegert; state Exp; branches; next ; commitid OqJr2FM5oHHVv5DB; 1.25.2.1 date 2019.04.10.10.27.05; author bsiegert; state Exp; branches; next 1.25.2.2; commitid 9s1bv2ozkN2U0NiB; 1.25.2.2 date 2019.06.04.16.17.37; author spz; state Exp; branches; next ; commitid cS4ldoGgKZjxbTpB; 1.11.6.1 date 2017.05.27.19.01.15; author bsiegert; state Exp; branches; next ; commitid L4aF9F0XhIvrO3Tz; 1.10.2.1 date 2016.07.20.18.52.47; author spz; state Exp; branches; next ; commitid 4EWM6pWzPyjjL5fz; 1.8.2.1 date 2016.04.15.07.25.11; author bsiegert; state Exp; branches; next 1.8.2.2; commitid ZamU0dLDbaUK2H2z; 1.8.2.2 date 2016.05.13.14.49.20; author bsiegert; state Exp; branches; next ; commitid G7SkCJ55TBdkBk6z; 1.6.2.1 date 2016.01.02.09.44.52; author bsiegert; state Exp; branches; next ; commitid 8E8RIhfn84vW9lPy; desc @@ 1.102 log @samba4: updated to 4.19.5 Changes since 4.19.4 -------------------- * BUG 13688: Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot. * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before that). * BUG 12421: Fake directory create times has no effect. * BUG 15550: ctime mixed up with mtime by smbd. * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site. * BUG 15557: gpupdate: The root cert import when NDES is not available is broken. * BUG 15552: samba-gpupdate should print a useful message if cepces-submit can't be found. * BUG 15558: samba-gpupdate logging doesn't work. * BUG 15555: smbpasswd reset permissions only if not 0600. @ text @$NetBSD: distinfo,v 1.101 2024/01/10 08:39:30 adam Exp $ BLAKE2s (samba-4.19.5.tar.gz) = 98182d21d4688af08cf657c2320eee5cfd0bfdf3b75fcb79e6eed64cfee9e00b SHA512 (samba-4.19.5.tar.gz) = 5b0934f2e44a28ffc4aa07e5495b339cf3a7548c49e29d1bae87de6c3a6f57c2a9130592dce782895079f559ed3bc8b5e4514c9c0fd8d5638aef68f0d0a3391f Size (samba-4.19.5.tar.gz) = 41840159 bytes SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926 SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7 SHA1 (patch-buildtools_wafsamba_samba__utils.py) = 0a587421870c1974175fadbb02dde215f35938f2 SHA1 (patch-buildtools_wafsamba_wscript) = 0ca4c3a9d2e07f9165784e495f6f6b2b21db2758 SHA1 (patch-dynconfig_wscript) = 1858e5fcca913f21aa3e7868d9760b9c40c9f5c4 SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 SHA1 (patch-lib_pthreadpool_pthreadpool.c) = 4b0c3d49d578b5ab12f5bad1ebeb50efb43e756c SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d SHA1 (patch-lib_tdb_common_mutex.c) = 74162bf9dfd440fc0b9782982e83776c9671a983 SHA1 (patch-lib_tevent_tevent.c) = 109e7a516dc291372e982b9f21c6ce8c0e5d3ca4 SHA1 (patch-lib_tevent_tevent__threads.c) = e5e82db82cff4d550451cd9290b3a351b25d4de4 SHA1 (patch-lib_tsocket_tsocket__bsd.c) = 0ac414e02ee3a326d3dd34515bfffce6e8da5e46 SHA1 (patch-lib_util_charset_charset__macosxfs.c) = 9772fc52fff48aec2a7e279223f73bb791217c26 SHA1 (patch-lib_util_smb__threads.h) = 817591a2b69f31ac29497a2006fe21f0b4b0aaea SHA1 (patch-lib_util_tfork.c) = a9acb5561c5bba76450c48904a22019c8b14cbec SHA1 (patch-lib_util_time.h) = 5048614e301cf6922ff7fa6693fa58bfe17ff10e SHA1 (patch-libcli_dns_wscript__build) = 4103a144aa1bb4662fd7a62270941f1a3d01fe89 SHA1 (patch-nsswitch_stress-nss-libwbclient.c) = c546f00184b0d22b6c150e210962cdfc6fc12df2 SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 1214bfbd7714b64f3ff3eb97b6f24e3d2629370f SHA1 (patch-nsswitch_wscript__build) = 5be3e07f8a34ae3e2f68126eb6f05f8b65f5be2f SHA1 (patch-source3_libsmb_pylibsmb.c) = 962bb35b140ec11c0035ffa7fb83c9143fa5615f SHA1 (patch-source3_modules_vfs__solarisacl.c) = 1a56006393d08d9977c60e75fddfcf501e2233f7 SHA1 (patch-source3_modules_vfs__solarisacl.h) = 11f8664641a14fd83d78b1a7e10056a77b7b634f SHA1 (patch-source3_printing_samba-bgqd.c) = e9b83c35fbb24c702650d745b82fe6c9efbcdf76 SHA1 (patch-source3_smbd_quotas.c) = 7f959964fac3ee435c57a115c8f5b6407e57b777 SHA1 (patch-source3_smbd_smb1__process.c) = ff59b9b4f4bdfff2761613ff84fbd669899ea540 SHA1 (patch-source3_utils_net__offlinejoin.c) = defb3ad930ba88ec040bda8899efd24e2a95f294 SHA1 (patch-source4_auth_gensec_wscript__build) = 01f3cdf787833e05f2e0b49ff0af7c8bbad2c161 SHA1 (patch-source4_dsdb_samdb_ldb__modules_wscript__build__server) = 47f55ec16b667a0a4d38de5ac89a117f2ac8f898 SHA1 (patch-source4_scripting_wscript__build) = 816d44f48b6cbc6d999995e00eaea1d2dc477159 SHA1 (patch-third__party_heimdal__build_roken.h) = 59d5523676fe8c0315e969247f26b4ea2f900402 SHA1 (patch-third__party_heimdal_include_heim__threads.h) = 5ad13530cf9688e46f9ad487bb0fddab668c8276 SHA1 (patch-third__party_heimdal_lib_hcrypto_evp.c) = 8e8e23198ef4afdc24a6930bd57aa5a898f1826f SHA1 (patch-third__party_heimdal_lib_roken_getauxval.h) = 23c9cf574d9f042c9f6dd1b0377c91045e755b5b @ 1.101 log @samba4: updated to 4.19.4 Changes since 4.19.3 * BUG 13577: net changesecretpw cannot set the machine account password if secrets.tdb is empty. * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES. * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c. * BUG 15542: vfs_linux_xfs is incorrectly named. * BUG 15377: systemd stumbled over copyright-message at smbd startup. * BUG 15505: Following intermediate abolute share-local symlinks is broken. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15544: shadow_copy2 broken when current fileset's directories are removed. * BUG 15377: systemd stumbled over copyright-message at smbd startup. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel exclusion. * BUG 15469: 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set. * BUG 15525: smbget debug logging doesn't work. * BUG 15532: smget: username in the smburl and interactive password entry doesn't work. * BUG 15538: smbget auth function doesn't set values for password prompt correctly. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15440: Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module. * BUG 15547: Multichannel refresh network information. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.100 2023/11/27 17:08:25 adam Exp $ d3 3 a5 3 BLAKE2s (samba-4.19.4.tar.gz) = c82f3664fa70e6d718b7765c735326b84b4d271cf1efbefb6fe16ba3af1e0558 SHA512 (samba-4.19.4.tar.gz) = 9a66f685cb1b5b89c59c75ccb67292b3f792b40b30ca76dfc483e805f5bb680bac027117a28a117f42713452fca41c439bed1724ba7d436fe0b0cb30a34f5b45 Size (samba-4.19.4.tar.gz) = 41839810 bytes @ 1.100 log @samba4: updated to 4.19.3 Release Notes for Samba 4.19.3 This is the latest stable release of the Samba 4.19 release series. It contains the security-relevant bugfix CVE-2018-14628: Wrong ntSecurityDescriptor values for "CN=Deleted Objects" allow read of object tombstones over LDAP (Administrator action required!) https://www.samba.org/samba/security/CVE-2018-14628.html Description of CVE-2018-14628 ----------------------------- All versions of Samba from 4.0.0 onwards are vulnerable to an information leak (compared with the established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain Controller. When a domain was provisioned with an unpatched Samba version, the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object instead of being very strict (as on a Windows provisioned domain). This means also non privileged users can use the LDAP_SERVER_SHOW_DELETED_OID control in order to view, the names and preserved attributes of deleted objects. No information that was hidden before the deletion is visible, but in with the correct ntSecurityDescriptor value in place the whole object is also not visible without administrative rights. There is no further vulnerability associated with this error, merely an information disclosure. Action required in order to resolve CVE-2018-14628! --------------------------------------------------- The patched Samba does NOT protect existing domains! The administrator needs to run the following command (on only one domain controller) in order to apply the protection to an existing domain: samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix The above requires manual interaction in order to review the changes before they are applied. Typicall question look like this: Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default? Owner mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref) DA(in current) Part dacl is different between reference and current here is the detail: (A;;LCRPLORC;;;AU) ACE is not present in the reference (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current (A;;LCRP;;;BA) ACE is not present in the current [y/N/all/none] y Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org' The change should be confirmed with 'y' for all objects starting with 'CN=Deleted Objects'. Changes since 4.19.2 -------------------- o Douglas Bagnall * BUG 15520: sid_strings test broken by unix epoch > 1700000000. o Ralph Boehme * BUG 15487: smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set. * BUG 15521: smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(). o Pavel FilipenskĂ˝ * BUG 15499: Improve logging for failover scenarios. o Björn Jacke * BUG 15093: Files without "read attributes" NFS4 ACL permission are not listed in directories. o Stefan Metzmacher * BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users. * BUG 15492: Kerberos TGS-REQ with User2User does not work for normal accounts. o Christof Schmitt * BUG 15507: vfs_gpfs stat calls fail due to file system permissions. o Andreas Schneider * BUG 15513: Samba doesn't build with Python 3.12. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.99 2023/11/15 18:54:43 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.19.3.tar.gz) = a23d3f9698807486c7a68fd3e374b633406995fa6d28c08b9f436c1a5be25dc5 SHA512 (samba-4.19.3.tar.gz) = 1eacc6be2866ecc7cbb13c5d17a32ad14cc8148e811db9c730a11065ac3ed84a82e406e750dc97fbc884377346c4538a38d8031e63db6b09acd78fbd2c02d702 Size (samba-4.19.3.tar.gz) = 41829749 bytes d25 1 a25 1 SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 2773ec9269d1fe0d7ce7ed220f6a7122d187fabe d33 1 a33 1 SHA1 (patch-source3_utils_net__offlinejoin.c) = 773a4686d5e2a7eaebf9430529708e8318d45c77 @ 1.99 log @samba: update to 4.19.2. This is the first stable release of the Samba 4.19 release series. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.98 2023/10/10 16:05:01 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.19.2.tar.gz) = 49ff9bc974e87a6a210897868132ea7523b6b000d80f29777d1e8dd00b1c52b2 SHA512 (samba-4.19.2.tar.gz) = d2fb64013e77d138a52b100377a042951c132884936b2b6dbf60506355e3f6882d5f3008a6bb855dd19b8981f7dc14da4f91ddbea7458978c1c4ab009608faf5 Size (samba-4.19.2.tar.gz) = 41817924 bytes @ 1.98 log @net/samba4: update to 4.18.8 ============================== Release Notes for Samba 4.18.8 October 10, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html o CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.97 2023/09/27 12:02:48 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.8.tar.gz) = 29c777cfe80f360809ee6a3d62aa6729890f581ac0e5be632a930891a4133333 SHA512 (samba-4.18.8.tar.gz) = 2924c360f6299129527457547b13c1b282e2907a0ecde1036dbca894c752935d693914b4846a9eab436b33798c53c9974692e51fd071301b1174598be944a246 Size (samba-4.18.8.tar.gz) = 41335959 bytes a14 1 SHA1 (patch-lib_replace_wscript) = f75dff520034ed976c15134c950eebf78598a60b a17 1 SHA1 (patch-lib_tevent_wscript) = fbbe2024096b57d651d90064f53489a974db9d7a d39 1 a39 1 SHA1 (patch-third__party_heimdal_lib_hcrypto_evp.c) = db1be175f7328d7aa9551ba2e641be15e348c84a @ 1.97 log @net/samba4: update to 4.18.7 ============================== Release Notes for Samba 4.18.7 September 27, 2023 ============================== This is the latest stable release of the Samba 4.18 release series. Changes since 4.18.6 -------------------- o Jeremy Allison * BUG 15419: Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink(). * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE. * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized pointer. o Andrew Bartlett * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect. * BUG 15407: Samba replication logs show (null) DN. o Ralph Boehme * BUG 15463: macOS mdfind returns only 50 results. o Remi Collet * BUG 14808: smbc_getxattr() return value is incorrect. o Volker Lendecke * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value. o Stefan Metzmacher * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more. o MikeLiu * BUG 15453: File doesn't show when user doesn't have permission if aio_pthread is loaded. o Martin Schwenke * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1. o Joseph Sutton * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with empty claims pac blobs (from Samba 4.19 or Windows). * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is in use. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.96 2023/08/29 14:50:41 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.7.tar.gz) = 22a5e1b4039e18e913dcb19794fe8862990a431cc7ebda73e6fa53f100d753b8 SHA512 (samba-4.18.7.tar.gz) = 86baf5c76e92f4b194726441e1d0efe11dc3db4d399f141f76c1abb4f4a3ab05473dded3294d2019f7999305ca6d5e56961d71434e9e214b960895e53bedd7a9 Size (samba-4.18.7.tar.gz) = 41328101 bytes @ 1.96 log @net/samba4: update to 4.18.5 Changes since 4.18.5 -------------------- o Jeremy Allison * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp pointer. * BUG 15430: Missing return in reply_exit_done(). o Andrew Bartlett * BUG 15289: post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself. * BUG 9959: Windows client join fails if a second container CN=System exists somewhere. o Ralph Boehme * BUG 15342: Spotlight sometimes returns no results on latest macOS. * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination. * BUG 15427: Spotlight results return wrong date in result list. o Günther Deschner * BUG 15414: "net offlinejoin provision" does not work as non-root user. o Pavel Filipenský * BUG 15400: rpcserver no longer accepts double backslash in dfs pathname. * BUG 15433: cm_prepare_connection() calls close(fd) for the second time. o Stefan Metzmacher * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2. * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed. o Noel Power * BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation). * BUG 15435: Regression DFS not working with widelinks = true. o Arvid Requate * BUG 9959: Windows client join fails if a second container CN=System exists somewhere. o Jones Syue * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open(). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.95 2023/07/20 01:28:34 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.6.tar.gz) = 1ac1ece98abb2500ceeae06989d5f7a58680ea320a8cbf36c095ee3620215122 SHA512 (samba-4.18.6.tar.gz) = 28e8e4e57db1f392dfe96387888e2771e08f1f8eedf860f688ea3b8bd2cee1d6bbe99b2e61c84dc9ed6ade6393baf629955bed93d6cdad5241a292a10d8a12b6 Size (samba-4.18.6.tar.gz) = 41323359 bytes @ 1.96.2.1 log @Pullup ticket #6808 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.170-1.171 - net/samba4/PLIST 1.52 - net/samba4/distinfo 1.97-1.98 --- Module Name: pkgsrc Committed By: taca Date: Wed Sep 27 12:02:48 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.18.7 ============================== Release Notes for Samba 4.18.7 September 27, 2023 ============================== This is the latest stable release of the Samba 4.18 release series. Changes since 4.18.6 -------------------- o Jeremy Allison * BUG 15419: Weird filename can cause assert to fail in openat_pathref_fsp_nosymlink(). * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE. * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized pointer. o Andrew Bartlett * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect. * BUG 15407: Samba replication logs show (null) DN. o Ralph Boehme * BUG 15463: macOS mdfind returns only 50 results. o Remi Collet * BUG 14808: smbc_getxattr() return value is incorrect. o Volker Lendecke * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value. o Stefan Metzmacher * BUG 15464: libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more. o MikeLiu * BUG 15453: File doesn't show when user doesn't have permission if aio_pthread is loaded. o Martin Schwenke * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1. o Joseph Sutton * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with empty claims pac blobs (from Samba 4.19 or Windows). * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is in use. --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 10 16:05:01 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: net/samba4: update to 4.18.8 ============================== Release Notes for Samba 4.18.8 October 10, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. https://www.samba.org/samba/security/CVE-2023-3961.html o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" https://www.samba.org/samba/security/CVE-2023-4091.html o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. https://www.samba.org/samba/security/CVE-2023-4154.html o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. https://www.samba.org/samba/security/CVE-2023-42669.html o CVE-2023-42670: Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. https://www.samba.org/samba/security/CVE-2023-42670.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.96 2023/08/29 14:50:41 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.8.tar.gz) = 29c777cfe80f360809ee6a3d62aa6729890f581ac0e5be632a930891a4133333 SHA512 (samba-4.18.8.tar.gz) = 2924c360f6299129527457547b13c1b282e2907a0ecde1036dbca894c752935d693914b4846a9eab436b33798c53c9974692e51fd071301b1174598be944a246 Size (samba-4.18.8.tar.gz) = 41335959 bytes @ 1.96.2.2 log @Pullup ticket #6825 - requested by taca net/samba4: security fix Update to 4.18.9 (via patch) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (samba-4.18.9.tar.gz) = d914d5e4518a0b222ef0a30cb913a488e3b067e162f45547fd7074d08144d593 SHA512 (samba-4.18.9.tar.gz) = 93a6c878bca583f59208df2a7865bbd453f7a65dc2f39a863797ef807bdeced4d632c5edd4579e341f8cf3b0b2fbe41e68a815a1510518bdd43e9a25a973c94c Size (samba-4.18.9.tar.gz) = 41332779 bytes @ 1.95 log @net/samba4: update to 4.18.5 ============================== Release Notes for Samba 4.18.5 July 19, 2023 ============================== This is a security release in order to address the following defects: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html Changes since 4.18.4 -------------------- o Ralph Boehme * BUG 15072: CVE-2022-2127. * BUG 15340: CVE-2023-34966. * BUG 15341: CVE-2023-34967. * BUG 15388: CVE-2023-34968. * BUG 15397: CVE-2023-3347. o Volker Lendecke * BUG 15072: CVE-2022-2127. o Stefan Metzmacher * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.94 2023/07/19 15:33:27 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.5.tar.gz) = e7b9c7cf8adbe2c42e21d416aff8a18e7c11bcf458cc16d45747b104ed478edb SHA512 (samba-4.18.5.tar.gz) = c12b7cd7aba0941bf178c89604f926347bee4f5bb6ea651930cc93bcd8a2cfa983b1f10a0ccb55f99c5b34b9f158d1059d06d7f39f7bc261c7dd0d8c89c5a6f5 Size (samba-4.18.5.tar.gz) = 41315373 bytes @ 1.94 log @samba: update to 4.18.4. Changes since 4.18.3 -------------------- o Douglas Bagnall * BUG 15404: Backport --pidl-developer fixes. o Samuel Cabrero * BUG 14030: Named crashes on DLZ zone update. o Björn Jacke * BUG 2312: smbcacls and smbcquotas do not check // before the server. o Volker Lendecke * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. * BUG 15391: smbclient leaks fds with showacls. * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. o Stefan Metzmacher * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts. o Noel Power * BUG 15384: net ads lookup (with unspecified realm) fails. o Christof Schmitt * BUG 15381: Register Samba processes with GPFS. o Andreas Schneider * BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation). * BUG 15398: The winbind child segfaults when listing users with `winbind scan trusted domains = yes`. o Jones Syue * BUG 15383: Remove comments about deprecated 'write cache size'. * BUG 15403: smbget memory leak if failed to download files recursively. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.93 2023/06/16 21:40:12 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.4.tar.gz) = 10d5c7dc7c05f4f47dc5bceb936c820db574208bdfd4ed3e4625275756f30b69 SHA512 (samba-4.18.4.tar.gz) = bc8d792b510061556c07b6844a825801a4271eed45e01133a4718c1839d123e2908fa0e31e67af43098500e98a9082eb104052e711a8a034fac23d86e15c29ee Size (samba-4.18.4.tar.gz) = 41311410 bytes @ 1.93 log @samba: update to 4.18.3. Changes since 4.18.2 -------------------- o Ralph Boehme * BUG 15375: Symlinks to files can have random DOS mode information in a directory listing. * BUG 15378: vfs_fruit might cause a failing open for delete. o Volker Lendecke * BUG 15361: winbind recurses into itself via rpcd_lsad. * BUG 15366: wbinfo -u fails on ad dc with >1000 users. o Stefan Metzmacher * BUG 15338: DS ACEs might be inherited to unrelated object classes. * BUG 15362: a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND. * BUG 15374: aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(). o Andreas Schneider * BUG 15360: Setting veto files = /.*/ break listing directories. o Joseph Sutton * BUG 15363: "samba-tool domain provision" does not run interactive mode if no arguments are given. o Nathaniel W. Turner * BUG 15325: dsgetdcname: assumes local system uses IPv4. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.92 2023/04/29 08:01:06 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.3.tar.gz) = 5cbceef6c02cbedfc24d0e74e09473a716873d1394375163a4def7a4014b78af SHA512 (samba-4.18.3.tar.gz) = b0980291ca124641bd03ba51d4b4e2e492facb3939f8edf491133be83a82beed66f68f00442cb02c211a9e76eb6ba08387136e30eb7df756c3c90c76034689c4 Size (samba-4.18.3.tar.gz) = 41294739 bytes @ 1.93.2.1 log @Pullup ticket #6782 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.166-1.167 - net/samba4/distinfo 1.94-1.95 --- Module Name: pkgsrc Committed By: wiz Date: Wed Jul 19 15:33:28 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba: update to 4.18.4. Changes since 4.18.3 -------------------- o Douglas Bagnall * BUG 15404: Backport --pidl-developer fixes. o Samuel Cabrero * BUG 14030: Named crashes on DLZ zone update. o Björn Jacke * BUG 2312: smbcacls and smbcquotas do not check // before the server. o Volker Lendecke * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. * BUG 15391: smbclient leaks fds with showacls. * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. o Stefan Metzmacher * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts. o Noel Power * BUG 15384: net ads lookup (with unspecified realm) fails. o Christof Schmitt * BUG 15381: Register Samba processes with GPFS. o Andreas Schneider * BUG 15390: Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation). * BUG 15398: The winbind child segfaults when listing users with `winbind scan trusted domains = yes`. o Jones Syue * BUG 15383: Remove comments about deprecated 'write cache size'. * BUG 15403: smbget memory leak if failed to download files recursively. --- Module Name: pkgsrc Committed By: taca Date: Thu Jul 20 01:28:34 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.18.5 ============================== Release Notes for Samba 4.18.5 July 19, 2023 ============================== This is a security release in order to address the following defects: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html Changes since 4.18.4 -------------------- o Ralph Boehme * BUG 15072: CVE-2022-2127. * BUG 15340: CVE-2023-34966. * BUG 15341: CVE-2023-34967. * BUG 15388: CVE-2023-34968. * BUG 15397: CVE-2023-3347. o Volker Lendecke * BUG 15072: CVE-2022-2127. o Stefan Metzmacher * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.93 2023/06/16 21:40:12 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.5.tar.gz) = e7b9c7cf8adbe2c42e21d416aff8a18e7c11bcf458cc16d45747b104ed478edb SHA512 (samba-4.18.5.tar.gz) = c12b7cd7aba0941bf178c89604f926347bee4f5bb6ea651930cc93bcd8a2cfa983b1f10a0ccb55f99c5b34b9f158d1059d06d7f39f7bc261c7dd0d8c89c5a6f5 Size (samba-4.18.5.tar.gz) = 41315373 bytes @ 1.92 log @samba: update to 4.18.2. 4.18.2 Changes since 4.18.1 -------------------- o Jeremy Allison * BUG 15302: Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. * BUG 15306: Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c. o Andrew Bartlett * BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. * BUG 15329: Reduce flapping of ridalloc test. * BUG 15351: large_ldap test is unreliable. o Ralph Boehme * BUG 15143: New filename parser doesn't check veto files smb.conf parameter. * BUG 15354: mdssvc may crash when initializing. o Volker Lendecke * BUG 15313: large directory optimization broken for non-lcomp path elements. * BUG 15357: streams_depot fails to create streams. * BUG 15358: shadow_copy2 and streams_depot don't play well together. o Rob van der Linde * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py. o Stefan Metzmacher * BUG 15317: winbindd idmap child contacts the domain controller without a need. * BUG 15318: idmap_autorid may fail to map sids of trusted domains for the first time. * BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings. * BUG 15323: net ads search -P doesn't work against servers in other domains. * BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed. o Joseph Sutton * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py. * BUG 15343: Tests use depricated and removed methods like assertRegexpMatches. 4.18.1 This is a security release in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html Changes since 4.18.0 -------------------- o Douglas Bagnall * BUG 15276: CVE-2023-0225. o Andrew Bartlett * BUG 15270: CVE-2023-0614. * BUG 15331: ldb wildcard matching makes excessive allocations. * BUG 15332: large_ldap test is inefficient. o Rob van der Linde * BUG 15315: CVE-2023-0922. o Joseph Sutton * BUG 15270: CVE-2023-0614. * BUG 15276: CVE-2023-0225. 4.18.0 This is the first stable release of the Samba 4.18 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== SMB Server performance improvements ----------------------------------- The security improvements in recent releases (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races, caused performance regressions for metadata heavy workloads. While 4.17 already improved the situation quite a lot, with 4.18 the locking overhead for contended path based operations is reduced by an additional factor of ~ 3 compared to 4.17. It means the throughput of open/close operations reached the level of 4.12 again. More succinct samba-tool error messages --------------------------------------- Historically samba-tool has reported user error or misconfiguration by means of a Python traceback, showing you where in its code it noticed something was wrong, but not always exactly what is amiss. Now it tries harder to identify the true cause and restrict its output to describing that. Particular cases include: * a username or password is incorrect * an ldb database filename is wrong (including in smb.conf) * samba-tool dns: various zones or records do not exist * samba-tool ntacl: certain files are missing * the network seems to be down * bad --realm or --debug arguments Accessing the old samba-tool messages ------------------------------------- This is not new, but users are reminded they can get the full Python stack trace, along with other noise, by using the argument '-d3'. This may be useful when searching the web. The intention is that when samba-tool encounters an unrecognised problem (especially a bug), it will still output a Python traceback. If you encounter a problem that has been incorrectly identified by samba-tool, please report it on https://bugzilla.samba.org. Colour output with samba-tool --color ------------------------------------- For some time a few samba-tool commands have had a --color=yes|no|auto option, which determines whether the command outputs ANSI colour codes. Now all samba-tool commands support this option, which now also accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no', and 'tty' and 'if-tty' for 'auto' (this more closely matches convention). With --color=auto, or when --color is omitted, colour codes are only used when output is directed to a terminal. Most commands have very little colour in any case. For those that already used it, the defaults have changed slightly. * samba-tool drs showrepl: default is now 'auto', not 'no' * samba-tool visualize: the interactions between --color-scheme, --color, and --output have changed slightly. When --color-scheme is set it overrides --color for the purpose of the output diagram, but not for other output like error messages. New samba-tool dsacl subcommand for deleting ACES ------------------------------------------------- The samba-tool dsacl tool can now delete entries in directory access control lists. The interface for 'samba-tool dsacl delete' is similar to that of 'samba-tool dsacl set', with the difference being that the ACEs described by the --sddl argument are deleted rather than added. No colour with NO_COLOR environment variable -------------------------------------------- With both samba-tool --color=auto (see above) and some other places where we use ANSI colour codes, the NO_COLOR environment variable will disable colour output. See https://no-color.org/ for a description of this variable. `samba-tool --color=always` will use colour regardless of NO_COLOR. New wbinfo option --change-secret-at ------------------------------------ The wbinfo command has a new option, --change-secret-at= which forces the trust account password to be changed at a specified domain controller. If the specified domain controller cannot be contacted the password change fails rather than trying other DCs. New option to change the NT ACL default location ------------------------------------------------ Usually the NT ACLs are stored in the security.NTACL extended attribute (xattr) of files and directories. The new "acl_xattr:security_acl_name" option allows to redefine the default location. The default "security.NTACL" is a protected location, which means the content of the security.NTACL attribute is not accessible from normal users outside of Samba. When this option is set to use a user-defined value, e.g. user.NTACL then any user can potentially access and overwrite this information. The module prevents access to this xattr over SMB, but the xattr may still be accessed by other means (eg local access, SSH, NFS). This option must only be used when this consequence is clearly understood and when specific precautions are taken to avoid compromising the ACL content. Azure Active Directory / Office365 synchronisation improvements -------------------------------------------------------------- Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. REMOVED FEATURES ================ smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- acl_xattr:security_acl_name New security.NTACL server addresses New CHANGES SINCE 4.18.0rc4 ======================= o Jeremy Allison * BUG 15314: streams_xattr is creating unexpected locks on folders. o Volker Lendecke * BUG 15310: New samba-dcerpc architecture does not scale gracefully. CHANGES SINCE 4.18.0rc3 ======================= o Andreas Schneider * BUG 15308: Avoid that tests fail because other tests didn't do cleanup on failure. o baixiangcpp * BUG 15311: fd_load() function implicitly closes the fd where it should not. CHANGES SINCE 4.18.0rc2 ======================= o Jeremy Allison * BUG 15301: Improve file_modtime() and issues around smb3 unix test. o Ralph Boehme * BUG 15299: Spotlight doesn't work with latest macOS Ventura. o Stefan Metzmacher * BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0). (tevent 0.14.1 and ldb 2.7.1 are already released...) o John Mulligan * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat. o Andreas Schneider * BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1. * BUG 15301: Improve file_modtime() and issues around smb3 unix test. CHANGES SINCE 4.18.0rc1 ======================= o Andrew Bartlett * BUG 10635: Office365 azure Password Sync not working. o Stefan Metzmacher * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. o Noel Power * BUG 15293: With clustering enabled samba-bgqd can core dump due to use after free. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.91 2023/04/01 08:49:05 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.18.2.tar.gz) = 2c6e47de5b9f6e52f65c4d60e273cd56309904e3ea1ebecff23aca54bc63cd0e SHA512 (samba-4.18.2.tar.gz) = e13f1313ae23c65580f3d9eec8ba556f77327d4876f09387a1701dc62df5c7c18955ed42a50250c0ebd53d90afcfdea2743dc6776b63c900c47239afacfa4aba Size (samba-4.18.2.tar.gz) = 41285033 bytes @ 1.91 log @net/samba4: update to 4.17.7 ============================== Release Notes for Samba 4.17.7 March 29, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.90 2023/03/17 14:01:50 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.7.tar.gz) = 80304d23cf0add5af1790379c533f0226a88fa81615528bc658289790fb493ec SHA512 (samba-4.17.7.tar.gz) = ab6c4fedb1769447f028e4fa1ae91b2a80ad9cb809e6a78562350c90d7ef493793e876d19057854b2f87553655a8b766306deeda6e78a062e9d5daea49994fe4 Size (samba-4.17.7.tar.gz) = 30862665 bytes d15 1 a15 1 SHA1 (patch-lib_replace_wscript) = 4250bdfd8ee82fcdb43315f24a124b7ae8d7e36f @ 1.90 log @net/samba4: update to 4.17.6 ============================== Release Notes for Samba 4.17.6 March 09, 2023 ============================== This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.5 -------------------- o Jeremy Allison * BUG 15314: streams_xattr is creating unexpected locks on folders. o Andrew Bartlett * BUG 10635: Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. o Ralph Boehme * BUG 15299: Spotlight doesn't work with latest macOS Ventura. o Volker Lendecke * BUG 15310: New samba-dcerpc architecture does not scale gracefully. o John Mulligan * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat. o Noel Power * BUG 15293: With clustering enabled samba-bgqd can core dump due to use after free. o baixiangcpp * BUG 15311: fd_load() function implicitly closes the fd where it should not. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.89 2023/01/28 13:52:03 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.6.tar.gz) = b3c858a1989063022715c30e79ba7c587306f00c61624e52b7521914b6eb25f3 SHA512 (samba-4.17.6.tar.gz) = f3571828b471eb34dd10d49708d189c0c2820892b002c8bf272969421e69a3d92259088f30bd87304e6fae614621371cab5a3b581c47a925904b420246af6553 Size (samba-4.17.6.tar.gz) = 30857472 bytes @ 1.90.2.1 log @Pullup ticket #6744 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.161 - net/samba4/distinfo 1.91 --- Module Name: pkgsrc Committed By: taca Date: Sat Apr 1 08:49:05 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.17.7 ============================== Release Notes for Samba 4.17.7 March 29, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.90 2023/03/17 14:01:50 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.7.tar.gz) = 80304d23cf0add5af1790379c533f0226a88fa81615528bc658289790fb493ec SHA512 (samba-4.17.7.tar.gz) = ab6c4fedb1769447f028e4fa1ae91b2a80ad9cb809e6a78562350c90d7ef493793e876d19057854b2f87553655a8b766306deeda6e78a062e9d5daea49994fe4 Size (samba-4.17.7.tar.gz) = 30862665 bytes @ 1.89 log @net/samba4: update to 4.17.5 ============================== Release Notes for Samba 4.17.5 January 26, 2023 ============================== This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.4 -------------------- o Jeremy Allison * BUG 14808: smbc_getxattr() return value is incorrect. * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly. * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors. * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS. * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle. * BUG 15277: DFS links don't work anymore on Mac clients since 4.17. * BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value). o Samuel Cabrero * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes). o Volker Lendecke * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4. * BUG 15269: ctdb: use-after-free in run_proc. o Stefan Metzmacher * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4. * BUG 15280: irpc_destructor may crash during shutdown. * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. o Andreas Schneider * BUG 15268: smbclient segfaults with use after free on an optimized build. o Jones Syue * BUG 15282: smbstatus leaking files in msg.sock and msg.lock. o Andrew Walker * BUG 15164: Leak in wbcCtxPingDc2. * BUG 15265: Access based share enum does not work in Samba 4.16+. * BUG 15267: Crash during share enumeration. * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer. o Florian Weimer * BUG 15281: Avoid relying on C89 features in a few places. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.88 2023/01/03 15:27:23 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.5.tar.gz) = 693514a7a8b9ec6b091be330c8ff5d31e0c5f37e1b6d38d5260f934255453b8f SHA512 (samba-4.17.5.tar.gz) = 352ae8bc161fb07ac6c7330c6ebd02c27eb453ffc1c32c8437edc441ba3044cb2e9b31c8cf181664a2b47098c75a55f06c105f5397c57ce75826ef2af331afa9 Size (samba-4.17.5.tar.gz) = 30846334 bytes @ 1.88 log @samba: update to 4.17.4. This is the latest stable release of the Samba 4.17 release series. It also contains security changes in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher. On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. https://www.samba.org/samba/security/CVE-2022-37966.html o CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with. https://www.samba.org/samba/security/CVE-2022-37967.html o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak. https://www.samba.org/samba/security/CVE-2022-38023.html Note that there are several important behavior changes included in this release, which may cause compatibility problems interacting with system still expecting the former behavior. Please read the advisories of CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 carefully! samba-tool got a new 'domain trust modify' subcommand ----------------------------------------------------- This allows "msDS-SupportedEncryptionTypes" to be changed on trustedDomain objects. Even against remote DCs (including Windows) using the --local-dc-ipaddress= (and other --local-dc-* options). See 'samba-tool domain trust modify --help' for further details. smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- allow nt4 crypto Deprecated no allow nt4 crypto:COMPUTERACCOUNT New kdc default domain supported enctypes New (see manpage) kdc supported enctypes New (see manpage) kdc force enable rc4 weak session keys New No reject md5 clients New Default, Deprecated Yes reject md5 servers New Default, Deprecated Yes server schannel Deprecated Yes server schannel require seal New, Deprecated Yes server schannel require seal:COMPUTERACCOUNT New winbind sealed pipes Deprecated Yes Changes since 4.17.3 -------------------- o Jeremy Allison * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Andrew Bartlett * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15237: CVE-2022-37966. * BUG 15258: filter-subunit is inefficient with large numbers of knownfails. o Ralph Boehme * BUG 15240: CVE-2022-38023. * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories. o Stefan Metzmacher * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from Windows. * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing vulnerability. * BUG 15206: libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(). * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15230: Memory leak in snprintf replacement functions. * BUG 15237: CVE-2022-37966. * BUG 15240: CVE-2022-38023. * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression). o Noel Power * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Anoop C S * BUG 15198: Prevent EBADF errors with vfs_glusterfs. o Andreas Schneider * BUG 15237: CVE-2022-37966. * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15257: Stack smashing in net offlinejoin requestodj. o Joseph Sutton * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15231: CVE-2022-37967. * BUG 15237: CVE-2022-37966. o Nicolas Williams * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.87 2022/11/29 13:20:23 jperkin Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.4.tar.gz) = 48f84916b249d40ae96aa31f48406470cab0923a3f297a35cbcb0bd6f0b8a1f7 SHA512 (samba-4.17.4.tar.gz) = 3f8ec51e30b1a8ef947f9bf4666fe8b30463d8ea3fa8cab6ff9dc8cfe7e71e2116eaea68aec66f18c84a8726ab628f9ee320b56e3de9d537b96f2230286a64f7 Size (samba-4.17.4.tar.gz) = 30838334 bytes @ 1.87 log @samba4: Build krb5.so module statically. Avoids issues when building on systems that have a native libkrb5.so. Samba libraries that try to link against krb5.so, which during the build phase is named libgensec_module_krb5.so, end up with incorrect library dependencies, likely due to wrapper interactions. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.86 2022/11/25 10:21:14 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.3.tar.gz) = c85427eb0dbd444f3e6b7478f70b45d874ce7dcdf2fbbe216c74a2ce73cbdb46 SHA512 (samba-4.17.3.tar.gz) = a5482bfe66f7f34fdf855e69b7b0fc2a4f9e756947357201651af70f3b10e236474c1b4ae4d9367b122e2d4565601659c373d3b17717a3c5c66aa9258eb58ff0 Size (samba-4.17.3.tar.gz) = 30805080 bytes @ 1.87.2.1 log @Pullup ticket #6728 - requested by taca net/samba4: security update Revisions pulled up: - net/samba4/Makefile 1.155,1.157-1.159 - net/samba4/PLIST 1.49-1.50 - net/samba4/distinfo 1.88-1.89 - net/samba4/options.mk 1.18 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Tue Jan 3 15:27:23 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo options.mk Log Message: samba: update to 4.17.4. This is the latest stable release of the Samba 4.17 release series. It also contains security changes in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher. On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. https://www.samba.org/samba/security/CVE-2022-37966.html o CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with. https://www.samba.org/samba/security/CVE-2022-37967.html o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak. https://www.samba.org/samba/security/CVE-2022-38023.html Note that there are several important behavior changes included in this release, which may cause compatibility problems interacting with system still expecting the former behavior. Please read the advisories of CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 carefully! samba-tool got a new 'domain trust modify' subcommand ----------------------------------------------------- This allows "msDS-SupportedEncryptionTypes" to be changed on trustedDomain objects. Even against remote DCs (including Windows) using the --local-dc-ipaddress= (and other --local-dc-* options). See 'samba-tool domain trust modify --help' for further details. smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- allow nt4 crypto Deprecated no allow nt4 crypto:COMPUTERACCOUNT New kdc default domain supported enctypes New (see manpage) kdc supported enctypes New (see manpage) kdc force enable rc4 weak session keys New No reject md5 clients New Default, Deprecated Yes reject md5 servers New Default, Deprecated Yes server schannel Deprecated Yes server schannel require seal New, Deprecated Yes server schannel require seal:COMPUTERACCOUNT New winbind sealed pipes Deprecated Yes Changes since 4.17.3 -------------------- o Jeremy Allison * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Andrew Bartlett * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15237: CVE-2022-37966. * BUG 15258: filter-subunit is inefficient with large numbers of knownfails. o Ralph Boehme * BUG 15240: CVE-2022-38023. * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories. o Stefan Metzmacher * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from Windows. * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing vulnerability. * BUG 15206: libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(). * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15230: Memory leak in snprintf replacement functions. * BUG 15237: CVE-2022-37966. * BUG 15240: CVE-2022-38023. * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression). o Noel Power * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Anoop C S * BUG 15198: Prevent EBADF errors with vfs_glusterfs. o Andreas Schneider * BUG 15237: CVE-2022-37966. * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15257: Stack smashing in net offlinejoin requestodj. o Joseph Sutton * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15231: CVE-2022-37967. * BUG 15237: CVE-2022-37966. o Nicolas Williams * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST. To generate a diff of this commit: cvs rdiff -u -r1.154 -r1.155 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/samba4/PLIST cvs rdiff -u -r1.87 -r1.88 pkgsrc/net/samba4/distinfo cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/samba4/options.mk ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tnn Date: Tue Jan 10 02:12:40 UTC 2023 Modified Files: pkgsrc/net/samba4: PLIST Log Message: samba4: fix PLIST error when option ads is off To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/samba4/PLIST ------------------------------------------------------------------- Module Name: pkgsrc Committed By: hauke Date: Thu Jan 19 16:32:54 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile Log Message: Un-break FreeBSD build - it does not define ENODATA. See also this thread . To generate a diff of this commit: cvs rdiff -u -r1.156 -r1.157 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jan 23 09:13:52 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile Log Message: samba4: add upper bound for ldb and remove reference to non-existent file To generate a diff of this commit: cvs rdiff -u -r1.157 -r1.158 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Sat Jan 28 13:52:03 UTC 2023 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.17.5 =============== Release Notes for Samba 4.17.5 January 26, 2023 =============== This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.4 -------------------- o Jeremy Allison * BUG 14808: smbc_getxattr() return value is incorrect. * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly. * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors. * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS. * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle. * BUG 15277: DFS links don't work anymore on Mac clients since 4.17. * BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value). o Samuel Cabrero * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes). o Volker Lendecke * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4. * BUG 15269: ctdb: use-after-free in run_proc. o Stefan Metzmacher * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15266: Shares missing from netshareenum response in samba 4.17.4. * BUG 15280: irpc_destructor may crash during shutdown. * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo. o Andreas Schneider * BUG 15268: smbclient segfaults with use after free on an optimized build. o Jones Syue * BUG 15282: smbstatus leaking files in msg.sock and msg.lock. o Andrew Walker * BUG 15164: Leak in wbcCtxPingDc2. * BUG 15265: Access based share enum does not work in Samba 4.16+. * BUG 15267: Crash during share enumeration. * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer. o Florian Weimer * BUG 15281: Avoid relying on C89 features in a few places. To generate a diff of this commit: cvs rdiff -u -r1.158 -r1.159 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/samba4/distinfo @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.87 2022/11/29 13:20:23 jperkin Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.4.tar.gz) = 48f84916b249d40ae96aa31f48406470cab0923a3f297a35cbcb0bd6f0b8a1f7 SHA512 (samba-4.17.4.tar.gz) = 3f8ec51e30b1a8ef947f9bf4666fe8b30463d8ea3fa8cab6ff9dc8cfe7e71e2116eaea68aec66f18c84a8726ab628f9ee320b56e3de9d537b96f2230286a64f7 Size (samba-4.17.4.tar.gz) = 30838334 bytes @ 1.86 log @samba: update to 4.17.3. This is a security release in order to address the following defects: o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. https://www.samba.org/samba/security/CVE-2022-42898.html Changes since 4.17.2 -------------------- o Joseph Sutton * BUG 15203: CVE-2022-42898 o Nicolas Williams * BUG 15203: CVE-2022-42898 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.85 2022/10/25 16:15:35 taca Exp $ d36 1 @ 1.85 log @net/samba4: update to 4.17.2 4.17.2 (2022/10-25) o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html o CVE-2022-3592: A malicious client can use a symlink to escape the exported directory. https://www.samba.org/samba/security/CVE-2022-3592.html Changes since 4.17.1 -------------------- o Volker Lendecke * BUG 15207: CVE-2022-3592. o Joseph Sutton * BUG 15134: CVE-2022-3437. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.84 2022/10/25 07:46:11 wiz Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.2.tar.gz) = 08fa04395290fe3715297bb33967c2772e656e3f878bd38f0f966e2152047d8c SHA512 (samba-4.17.2.tar.gz) = 31d52d3366e39048a02550ee53d4e0956eedfda0d7d8dcb8f1f23b2435852023eb0eb8c1252aa2780ce8e7dd81f402e84ab8c17156dd18fe80d8b763eb83ce79 Size (samba-4.17.2.tar.gz) = 30802416 bytes @ 1.84 log @samba: update to 4.17.1. Changes since 4.17.0 -------------------- o Jeremy Allison * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15174: smbXsrv_connection_shutdown_send result leaked. * BUG 15182: Flush on a named stream never completes. * BUG 15195: Permission denied calling SMBC_getatr when file not exists. o Douglas Bagnall * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir. o Andrew Bartlett * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later. over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. o Ralph Boehme * BUG 15182: Flush on a named stream never completes. o Volker Lendecke * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106. o Gary Lockyer * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. o Stefan Metzmacher * BUG 15200: multi-channel socket passing may hit a race if one of the involved processes already existed. * BUG 15201: memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others). o Noel Power * BUG 15205: Since popt1.19 various use after free errors using result of poptGetArg are now exposed. o Anoop C S * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs. o Andreas Schneider * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth. o Joseph Sutton * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. ============================== Release Notes for Samba 4.17.0 September 13, 2022 ============================== This is the first stable release of the Samba 4.17 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== SMB Server performance improvements ----------------------------------- The security improvements in recent releases (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races, caused performance regressions for meta data heavy workloads. With 4.17 the situation improved a lot again: - Pathnames given by a client are devided into dirname and basename. The amount of syscalls to validate dirnames is reduced to 2 syscalls (openat, close) per component. On modern Linux kernels (>= 5.6) smbd makes use of the openat2() syscall with RESOLVE_NO_SYMLINKS, in order to just use 2 syscalls (openat2, close) for the whole dirname. - Contended path based operations used to generate a lot of unsolicited wakeup events causing thundering herd problems, which lead to masive latencies for some clients. These events are now avoided in order to provide stable latencies and much higher throughput of open/close operations. Configure without the SMB1 Server --------------------------------- It is now possible to configure Samba without support for the SMB1 protocol in smbd. This can be selected at configure time with either of the options: --with-smb1-server --without-smb1-server By default (without either of these options set) Samba is configured to include SMB1 support (i.e. --with-smb1-server is the default). When Samba is configured without SMB1 support, none of the SMB1 code is included inside smbd except the minimal stub code needed to allow a client to connect as SMB1 and immediately negotiate the selected protocol into SMB2 (as a Windows server also allows). None of the SMB1-only smb.conf parameters are removed when configured without SMB1, but these parameters are ignored by the smbd server. This allows deployment without having to change an existing smb.conf file. This option allows sites, OEMs and integrators to configure Samba to remove the old and insecure SMB1 protocol from their products. Note that the Samba client libraries still support SMB1 connections even when Samba is configured as --without-smb1-server. This is to ensure maximum compatibility with environments containing old SMB1 servers. Bronze bit and S4U support now also with MIT Kerberos 1.20 ---------------------------------------------------------- In 2020 Microsoft Security Response Team received another Kerberos-related report. Eventually, that led to a security update of the CVE-2020-17049, Kerberos KDC Security Feature Bypass Vulnerability, also known as a ‘Bronze Bit’. With this vulnerability, a compromised service that is configured to use Kerberos constrained delegation feature could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. With the release of MIT Kerberos 1.20, Samba AD DC is able able to mitigate the ‘Bronze Bit’ attack. MIT Kerberos KDC's KDB (Kerberos Database Driver) API was changed to allow passing more details between KDC and KDB components. When built against MIT Kerberos, Samba AD DC supports MIT Kerberos 1.19 and 1.20 versions but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20. In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports S4U2Self and S4U2Proxy Kerberos extensions. Note the default (Heimdal-based) KDC was already fixed in 2021, see https://bugzilla.samba.org/show_bug.cgi?id=14642 Resource Based Constrained Delegation (RBCD) support ---------------------------------------------------- Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite. samba-tool delegation got the 'add-principal' and 'del-principal' subcommands in order to manage RBCD. To complete RBCD support and make it useful to Administrators we added the Asserted Identity [1] SID into the PAC for constrained delegation. This is available for Samba AD compiled with MIT Kerberos 1.20. Note the default (Heimdal-based) KDC does not support RBCD yet. [1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview Customizable DNS listening port ------------------------------- It is now possible to set a custom listening port for the builtin DNS service, making easy to host another DNS on the same system that would bind to the default port and forward the domain-specific queries to Samba using the custom port. This is the opposite configuration of setting a forwarder in Samba. It makes possible to use another DNS server as a front and forward to Samba. Dynamic DNS updates may not be proxied by the front DNS server when forwarding to Samba. Dynamic DNS update proxying depends on the features of the other DNS server used as a front. CTDB changes ------------ * When Samba is configured with both --with-cluster-support and --systemd-install-services then a systemd service file for CTDB will be installed. * ctdbd_wrapper has been removed. ctdbd is now started directly from a systemd service file or init script. * The syntax for the ctdb.tunables configuration file has been relaxed. However, trailing garbage after the value, including comments, is no longer permitted. Please see ctdb-tunables(7) for more details. Operation without the (unsalted) NT password hash ------------------------------------------------- When Samba is configured with 'nt hash store = never' then Samba will no longer store the (unsalted) NT password hash for users in Active Directory. (Trust accounts, like computers, domain controllers and inter-domain trusts are not impacted). In the next version of Samba the default for 'nt hash store' will change from 'always' to 'auto', where it will follow (behave as 'nt hash store = never' when 'ntlm auth = disabled' is set. Security-focused deployments of Samba that have eliminated NTLM from their networks will find setting 'ntlm auth = disabled' with 'nt hash store = always' as a useful way to improve compliance with best-practice guidance on password storage (which is to always use an interated hash). Note that when 'nt hash store = never' is set, then arcfour-hmac-md5 Kerberos keys will not be available for users who subsequently change their password, as these keys derive their values from NT hashes. AES keys are stored by default for all deployments of Samba with Domain Functional Level 2008 or later, are supported by all modern clients, and are much more secure. Finally, also note that password history in Active Directory is stored in nTPwdHistory using a series of NT hash values. Therefore the full password history feature is not available in this mode. To provide some protection against password re-use previous Kerberos hash values (the current, old and older values are already stored) are used, providing a history length of 3. There is one small limitation of this workaround: Changing the sAMAccountName, userAccountControl or userPrincipalName of an account can cause the Kerberos password salt to change. This means that after *both* an account rename and a password change, only the current password will be recognised for password history purposes. Python API for smbconf ---------------------- Samba's smbconf library provides a generic frontend to various configuration backends (plain text file, registry) as a C library. A new Python wrapper, importable as 'samba.smbconf' is available. An additional module, 'samba.samba3.smbconf', is also available to enable registry backend support. These libraries allow Python programs to read, and optionally write, Samba configuration natively. JSON support for smbstatus -------------------------- It is now possible to print detailed information in JSON format in the smbstatus program using the new option --json. The JSON output covers all the existing text output including sessions, connections, open files, byte-range locks, notifies and profile data with all low-level information maintained by Samba in the respective databases. Protected Users security group ------------------------------ Samba AD DC now includes support for the Protected Users security group introduced in Windows Server 2012 R2. The feature reduces the attack surface of user accounts by preventing the use of weak encryption types. It also mitigates the effects of credential theft by limiting credential lifetime and scope. The protections are intended for user accounts only, and service or computer accounts should not be added to the Protected Users group. User accounts added to the group are granted the following security protections: * NTLM authentication is disabled. * Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are not issued to or accepted from affected principals. Tickets encrypted with AES, and service tickets encrypted with RC4, are not affected by this restriction. * The lifetime of Kerberos TGTs is restricted to a maximum of four hours. * Kerberos constrained and unconstrained delegation is disabled. If the Protected Users group is not already present in the domain, it can be created with 'samba-tool group add'. The new '--special' parameter must be specified, with 'Protected Users' as the name of the group. An example command invocation is: samba-tool group add 'Protected Users' --special or against a remote server: samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U Administrator The Protected Users group is identified in the domain by its having a RID of 525. Thus, it should only be created with samba-tool and the '--special' parameter, as above, so that it has the required RID to function correctly. REMOVED FEATURES ================ LanMan Authentication and password storage removed from the AD DC ----------------------------------------------------------------- The storage and authentication with LanMan passwords has been entirely removed from the Samba AD DC, even when "lanman auth = yes" is set. smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- dns port New default 53 fruit:zero_file_id New default yes nt hash store New parameter always smb1 unix extensions Replaces "unix extensions" volume serial number New parameter -1 winbind debug traceid New parameter no @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.83 2022/09/12 16:04:57 adam Exp $ d3 3 a5 3 BLAKE2s (samba-4.17.1.tar.gz) = 9d634b7d20f81312c4e5fa5ed048df97c02ae2402f25c56c58189c2dd9acd3eb SHA512 (samba-4.17.1.tar.gz) = b62605caed837e6638f3f87ce73d21976125ec890deca38bde41d3f8e299cc8da268f1b0884845ac947e5cbd29eb1300e36e638d08c38f127d3058dfef9547f8 Size (samba-4.17.1.tar.gz) = 30795757 bytes a37 1 SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = cbba15c2c0e1eee9d07424510a96b596f46992b4 @ 1.83 log @samba4: updated to 4.16.5 Changes since 4.16.4 -------------------- * BUG 15128: Possible use after free of connection_struct when iterating smbd_server_connection->connections. * BUG 15086: Spotlight RPC service returns wrong response when Spotlight is disabled on a share. * BUG 15126: acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr. * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. * BUG 15161: assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197. * BUG 15148: Missing READ_LEASE break could cause data corruption. * BUG 15124: rpcclient can crash using setuserinfo(2). * BUG 15132: Samba fails to build with glibc 2.36 caused by including in libreplace. * BUG 15152: SMB1 negotiation can fail to handle connection errors. * BUG 15078: samba-tool domain join segfault when joining a samba ad domain. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.82 2022/09/03 18:49:21 jperkin Exp $ d3 3 a5 3 BLAKE2s (samba-4.16.5.tar.gz) = 45cea3971f35b3c158cd225ea0cf605b2d1278002d23bc4280827cd388c82edf SHA512 (samba-4.16.5.tar.gz) = 9c4cd2ccbb6a4910d0da220e24bf3bf2cf25acaaebb5aa7358d8910016fac29b8ed1889f8ee0b4953d695583ff04d8de7bfffc2d97ae30aa7730e157aa7acfcf Size (samba-4.16.5.tar.gz) = 30613439 bytes d17 1 a17 1 SHA1 (patch-lib_tevent_tevent.c) = dc782c5b7214abf52a4c8c242018b1989bca08e3 d24 1 a24 1 SHA1 (patch-lib_util_time.h) = 56e3d418d492a029eda03c82397f47c7f0cda6ba a32 2 SHA1 (patch-source3_smbd_open.c) = 002f26f77dad54617bf9c0fe4fa12f093ef3b66c SHA1 (patch-source3_smbd_process.c) = 3a6f9682aca6473e364d0be0f601774df4fd1296 d34 1 d37 1 a37 1 SHA1 (patch-source4_scripting_wsript_build) = 816d44f48b6cbc6d999995e00eaea1d2dc477159 @ 1.83.2.1 log @Pullup ticket #6694 - requested by taca devel/samba4: security fix via patch -- update to 4.16.6 --- Samba 4.16.6 fixes these security problems. 4.16.6 (2022-10-25) This is a security release in order to address the following defect: o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html Changes since 4.16.5 --------------------- o Joseph Sutton * BUG 15134: CVE-2022-3437. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (samba-4.16.6.tar.gz) = 6854780b4ae265df90c9010fb5ac21d2ddc0088c4c002c1c199e15f7cce0a47f SHA512 (samba-4.16.6.tar.gz) = c5f5614b20d612bbc56fb2a4af60572e0b439c979c282cf0a3289b1f3a0891aefce56d1540638de88afaf0c6ecb3f5c7ccb27ed21af1d333761547c0c33d6cf8 Size (samba-4.16.6.tar.gz) = 30619049 bytes @ 1.82 log @samba4: Remove gensec/krb5 patch. It doesn't appear to solve the problem, I must have had a stale install directory around when testing. Still none the wiser as to why the krb5 module isn't being built correctly, but apparently it seems to work for some folks, so it will have to be left broken on SunOS for a bit. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.81 2022/08/30 17:47:50 jperkin Exp $ d3 3 a5 3 BLAKE2s (samba-4.16.4.tar.gz) = a897a1150df7abf26af0c53923a9dc085d08eeaf2585dbbe0bc64e28ceb6d7ae SHA512 (samba-4.16.4.tar.gz) = 9754275ace30755b75f747e201f8ad4550a823c8606e550c0ce6b3ccbaf048dd895bf2c21127271298304be7f80de9b6451091c4949ebe267ee1cf3ab497cd85 Size (samba-4.16.4.tar.gz) = 30605121 bytes @ 1.81 log @samba4: Various build fixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.80 2022/08/09 17:56:09 adam Exp $ a36 1 SHA1 (patch-source4_auth_gensec_wscript__build) = 61400e5594600b38c831604aca4c11e7a5bfcb12 @ 1.80 log @samba4: updated to 4.16.4 Release Notes for Samba 4.16.4 This is a security release in order to address the following defects: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.79 2022/07/29 20:33:38 jperkin Exp $ d35 1 d37 1 d43 1 @ 1.79 log @samba4: Add support for mit-krb5. The builtin heimdal no longer builds and it's unclear how it can possibly work as it uses functions that do not exist anywhere. Also fix some SunOS build issues. I'm not convinced this won't break builds that use heimdal but will keep an eye out for failures. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.78 2022/07/21 09:35:19 adam Exp $ d3 3 a5 3 BLAKE2s (samba-4.16.3.tar.gz) = 465d98b2aaec2d305d81e38d6d61de0b1f5061802aeba284a9df52e83f0ee05c SHA512 (samba-4.16.3.tar.gz) = 8f082654251e6a3284ba8f411c55b854dc00a9c6b07c486ca01f53af2b6ec09d34c21d66a2a1afc7a8c62a9f715c643c1a22fc7688699d23f8fcafe6995b5ebd Size (samba-4.16.3.tar.gz) = 30593657 bytes @ 1.78 log @samba4: updated to 4.16.3 Changes since 4.16.2 -------------------- * BUG 15099: Using vfs_streams_xattr and deleting a file causes a panic. * BUG 14986: Add support for bind 9.18. * BUG 15076: logging dsdb audit to specific files does not work. * BUG 14979: Problem when winbind renews Kerberos. * BUG 15095: Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode. * BUG 15105: Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL. * BUG 15118: Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(). * BUG 15100: smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS. * BUG 15120: Fix check for chown when processing NFSv4 ACL. * BUG 15082: The pcap background queue process should not be stopped. * BUG 15097: testparm: Fix typo in idmap rangesize check. * BUG 15106: net ads info returns LDAP server and LDAP server name as null. * BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link. * BUG 15090: CTDB child process logging does not work as expected. Changes since 4.16.1 -------------------- * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie. * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted. * BUG 15087: netgroups support removed. * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted server. * BUG 15062: Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS. * BUG 15071: waf produces incorrect names for python extensions with Python 3.11. * BUG 15075: smbclient -E doesn't work as advertised. * BUG 15071: waf produces incorrect names for python extensions with Python 3.11. * BUG 15081: The samba background daemon doesn't refresh the printcap cache on startup. * BUG 14443: Out-by-4 error in smbd read reply max_send clamp.. Changes since 4.16.0 -------------------- * BUG 14831: Share and server swapped in smbget password prompt. * BUG 15022: Durable handles won't reconnect if the leased file is written to. * BUG 15023: rmdir silently fails if directory contains unreadable files and hide unreadable is yes. * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle. * BUG 8731: Need to describe --builtin-libraries= better (compare with --bundled-libraries). * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback. * BUG 15035: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes. * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew error. * BUG 15041: Username map - samba erroneously applies unix group memberships to user account entries. * BUG 14951: KVNO off by 100000. * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module. * BUG 15055: vfs_gpfs recalls=no option prevents listing files. * BUG 15054: smbd doesn't handle UPNs for looking up names. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.77 2022/04/25 16:25:02 jperkin Exp $ d20 1 d41 1 @ 1.77 log @samba4: Build fixes, primarily for SunOS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.76 2022/03/24 10:16:13 hauke Exp $ d3 3 a5 3 BLAKE2s (samba-4.15.6.tar.gz) = b11fd56c12dfbb3e0dc3e7b5e25b73f964b3b26afcc504293f2050c9bb9b0cfd SHA512 (samba-4.15.6.tar.gz) = cd193d74173831449abc24f1769f0af2dabd5dd8a65507af7b09fde6dd5780d30336d59600add939b044cfa5781f357ec9192c7fed1a1e7278812b6c07b824e2 Size (samba-4.15.6.tar.gz) = 19290189 bytes d23 1 d27 1 a27 1 SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb d29 1 a29 1 SHA1 (patch-source3_modules_vfs__solarisacl.c) = 087db5db78bce27a71caee5c78eb4f9aba81b428 a35 2 SHA1 (patch-source4_heimdal__build_roken.h) = c9fbcb1cf505022ae1483774ed429d74ac091253 SHA1 (patch-source4_heimdal_include_heim__threads.h) = 1108fe804f235c72a93bcda0ec14454828ed030f d38 2 @ 1.77.2.1 log @Pullup tickets #6664 #6669 - requested by taca net/samba4: security update databases/ldb: dependency update Update net/samba4 to 4.15.9 from samba-4.15.6 by patch, since HEAD is on a later minor. Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (samba-4.15.9.tar.gz) = 04b96cc4ab3db3ed375c061d45300d0b9f1bbc741de67c93d0bca78227d9d0b5 SHA512 (samba-4.15.9.tar.gz) = 2ee5d66f5a7c1ff5b27c959be6310335eb6484476c1eadb3b8ca1bc84fb2260487136c1318539e1dc459b81bca66f268fd979f6a816ff5f905bd605a99685004 Size (samba-4.15.9.tar.gz) = 19324742 bytes @ 1.76 log @Restore a SYSCONFDIR path substitution that had gone lost, probably as a result of running mkpatches after 'make configure'. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.75 2022/03/20 21:53:53 adam Exp $ d28 3 @ 1.75 log @samba4: updated to 4.15.6 Changes since 4.15.5 -------------------- * BUG 14169: Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND. * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key. * BUG 14938: NT error code is not set when overwriting a file during rename in libsmbclient. * BUG 14996: Fix ldap simple bind with TLS auditing. * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted server. * BUG 14979: Problem when winbind renews Kerberos. * BUG 8691: pam_winbind will not allow gdm login if password about to expire. * BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file. * BUG 13631: DFS fix for AIX broken. * BUG 14974: Solaris and AIX acl modules: wrong function arguments. * BUG 7239: Function aixacl_sys_acl_get_file not declared / coredump. * BUG 14900: Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam. * BUG 14989: Fix a use-after-free in SMB1 server. * BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2. * BUG 14984: changing the machine password against an RODC likely destroys the domain join. * BUG 14993: authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument. * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot. * BUG 14967: Samba autorid fails to map AD users if id rangesize fits in the id range only once. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.74 2022/03/07 22:45:49 thor Exp $ d32 1 a32 1 SHA1 (patch-source4_heimdal__build_roken.h) = 4d2b5ab1f5db994263c3a451175f01ff688ad20d @ 1.74 log @net/samba4: security update to 4.15.5 This is a security release in order to address the following defects: o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists. https://www.samba.org/samba/security/CVE-2021-44141.html o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module. https://www.samba.org/samba/security/CVE-2021-44142.html o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks. https://www.samba.org/samba/security/CVE-2022-0336.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.73 2022/03/07 21:40:37 thor Exp $ d3 3 a5 3 BLAKE2s (samba-4.15.5.tar.gz) = 0193cc5a426c605baeb261ed881cd6127749fe9d85f1be9ccce52ca23c266077 SHA512 (samba-4.15.5.tar.gz) = 808e0f15931bab18a1e36298528a01a1250efaef9f99508dd620d6936dd4a2fc3ccc64ab9dcc94bd73460697d16d6ca0652ccbcdbe1644ffedce0137d796d3ca Size (samba-4.15.5.tar.gz) = 19279071 bytes @ 1.73 log @net/samba4: version 4.15.4 This includes a patch (already posted upstream) to fix updated Samba on NetBSD's /proc, so the upgrade is not blocked anymore. Release notes for 4.15: EW FEATURES/CHANGES ==================== VFS --- The effort to modernize Samba's VFS interface is complete and Samba 4.15.0 ships with a modernized VFS designed for the post SMB1 world. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the . Bind DLZ: add the ability to set allow/deny lists for zone transfer clients --------------------------------------------------------------------------- Up to now, any client could use a DNS zone transfer request to the bind server, and get an answer from Samba. Now the default behaviour will be to deny those request. Two new options have been added to manage the list of authorized/denied clients for zone transfer requests. In order to be accepted, the request must be issued by a client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental ----------------------------------------------------- This option is enabled by default starting with 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. samba-tool available without the ad-dc -------------------------------------- The 'samba-tool' command is now available when samba is configured "--without-ad-dc". Not all features will work, and some ad-dc specific options have been disabled. The 'samba-tool domain' options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable 'samba-tool'. Improved command line user experience ------------------------------------- Samba utilities did not consistently implement their command line interface. A number of options were requiring to specify values in one tool and not in the other, some options meant different in different tools. These should be stories of the past now. A new command line parser has been implemented with sanity checking. Also the command line interface has been simplified and provides better control for encryption, signing and kerberos. Previously many tools silently ignored unknown options. To prevent unexpected behaviour all tools will now consistently reject unknown options. Also several command line options have a smb.conf variable to control the default now. All tools are now logging to stderr by default. You can use "--debug-stdout" to change the behavior. All servers will log to stderr at early startup until logging is setup to go to a file by default. ### Common parser: Options added: --client-protection=off|sign|encrypt Options renamed: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --use-ccache -> --use-winbind-ccache Options removed: -e|--encrypt -C removed from --use-winbind-ccache -i removed from --netbios-scope -S|--signing ### Duplicates in command line utils ldbadd/ldbdel/ldbedit/ldbmodify/ldbrename/ldbsearch: -e is still available as an alias for --editor, as it used to be. -s is no longer reported as an alias for --configfile, it never worked that way as it was shadowed by '-s' for '--scope'. ndrdump: -l is not available for --load-dso anymore net: -l is not available for --long anymore sharesec: -V is not available for --viewsddl anymore smbcquotas: --user -> --quota-user nmbd: --log-stdout -> --debug-stdout smbd: --log-stdout -> --debug-stdout winbindd: --log-stdout -> --debug-stdout Scanning of trusted domains and enterprise principals ----------------------------------------------------- As an artifact from the NT4 times, we still scanned the list of trusted domains on winbindd startup. This is wrong as we never can get a full picture in Active Directory. It is time to change the default value to "No". Also with this change we always use enterprise principals for Kerberos so that the DC will be able to redirect ticket requests to the right DC. This is e.g. needed for one way trusts. The options `winbind use krb5 enterprise principals` and `winbind scan trusted domains` will be deprecated in one of the next releases. Support for Offline Domain Join (ODJ) ------------------------------------- The net utility is now able to support the offline domain join feature as known from the Windows djoin.exe command for many years. Samba's implementation is accessible via the 'net offlinejoin' subcommand. It can provision computers and request offline joining for both Windows and Unix machines. It is also possible to provision computers from Windows (using djoin.exe) and use the generated data in Samba's 'net' utility. The existing options for the provisioning and joining steps are documented in the net(8) manpage. 'samba-tool dns zoneoptions' for aging control ---------------------------------------------- The 'samba-tool dns zoneoptions' command can be used to turn aging on and off, alter the refresh and no-refresh periods, and manipulate the timestamps of existing records. To turn aging on for a zone, you can use something like this: samba-tool dns zoneoptions --aging=1 --refreshinterval=306600 which turns on aging and ensures no records less than five years old are aged out and scavenged. After aging has been on for sufficient time for records to be renewed, the command samba-tool dns zoneoptions --refreshinterval=168 will set the refresh period to the standard seven days. Using this two step process will help prevent the temporary loss of dynamic records if scavenging happens before their first renewal. Marking old records as static or dynamic with 'samba-tool' ---------------------------------------------------------- A bug in Samba versions prior to 4.9 meant records that were meant to be static were marked as dynamic and vice versa. To fix the timestamps in these domains, it is possible to use the following options, preferably before turning aging on. --mark-old-records-static --mark-records-dynamic-regex --mark-records-static-regex The "--mark-old-records-static" option will make records older than the specified date static (that is, with a zero timestamp). For example, if you upgraded to Samba 4.9 in November 2018, you could use ensure no old records will be mistakenly interpreted as dynamic using the following option: samba-tool dns zoneoptions --mark-old-records-static=2018-11-30 Then, if you know that that will have marked some records as static that should be dynamic, and you know which those are due to your naming scheme, you can use commands like: samba-tool dns zoneoptions --mark-records-dynamic-regex='\w+-desktop' where '\w+-desktop' is a perl-compatible regular expression that will match 'bob-desktop', 'alice-desktop', and so on. These options are deliberately long and cumbersome to type, so people have a chance to think before they get to the end. You can make a mess if you get it wrong. All 'samba-tool dns zoneoptions' modes can be given a "--dry-run/-n" argument that allows you to inspect the likely results before going ahead. NOTE: for aging to work, you need to have "dns zone scavenging = yes" set in the smb.conf of at least one server. DNS tombstones are now deleted as appropriate --------------------------------------------- When all the records for a DNS name have been deleted, the node is put in a tombstoned state (separate from general AD object tombstoning, which deleted nodes also go through). These tombstones should be cleaned up periodically. Due to a conflation of scavenging and tombstoning, we have only been deleting tombstones when aging is enabled. If you have a lot of tombstoned DNS nodes (that is, DNS names for which you have removed all the records), cleaning up these DNS tombstones may take a noticeable time. DNS tombstones use a consistent timestamp format ------------------------------------------------ DNS records use an hours-since-1601 timestamp format except for in the case of tombstone records where a 100-nanosecond-intervals-since-1601 format is used (this latter format being the most common in Windows). We had mixed that up, which might have had strange effects in zones where aging was enabled (and hence tombstone timestamps were used). samba-tool dns update and RPC changes ------------------------------------- The dnsserver DCERPC pipe can be used by 'samba-tool' and Windows tools to manipulate dns records on the remote server. A bug in Samba meant it was not possible to update an existing DNS record to change the TTL. The general behaviour of RPC updates is now closer to that of Windows. 'samba-tool dns update' is now a bit more careful in rejecting and warning you about malformed IPv4 and IPv6 addresses. CVE-2021-3671: Crash in Heimdal KDC and updated security release policy ----------------------------------------------------------------------- An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. Per Samba's updated security process a specific security release was not made for this issue as it is a recoverable Denial Of Service. See https://wiki.samba.org/index.php/Samba_Security_Proces samba-tool domain backup offline with the LMDB backend ------------------------------------------------------ samba-tool domain backup offline, when operating with the LMDB backend now correctly takes out locks against concurrent modification of the database during the backup. If you use this tool on a Samba AD DC using LMDB, you should upgrade to this release for safer backups. REMOVED FEATURES ================ Tru64 ACL support has been removed from this release. The last supported release of Tru64 UNIX was in 2012. NIS support has been removed from this release. This is not available in Linux distributions anymore. The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9, which have been out of support since 2018. smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- client use kerberos New desired client max protocol Values Removed client min protocol Values Removed client protection New default client smb3 signing algorithms New see man smb.conf client smb3 encryption algorithms New see man smb.conf preopen:posix-basic-regex New No preopen:nomatch_log_level New 5 preopen:match_log_level New 5 preopen:nodigits_log_level New 1 preopen:founddigits_log_level New 3 preopen:reset_log_level New 5 preopen:push_log_level New 3 preopen:queue_log_level New 10 server max protocol Values Removed server min protocol Values Removed server multi channel support Changed Yes (on Linux and FreeBSD) server smb3 signing algorithms New see man smb.conf server smb3 encryption algorithms New see man smb.conf winbind use krb5 enterprise principals Changed Yes winbind scan trusted domains Changed No Release notes for 4.14: NEW FEATURES/CHANGES ==================== Here is a copy of a clarification note added to the Samba code in the file: VFS-License-clarification.txt. -------------------------------------------------------------- A clarification of our GNU GPL License enforcement boundary within the Samba Virtual File System (VFS) layer. Samba is licensed under the GNU GPL. All code committed to the Samba project or that creates a "modified version" or software "based on" Samba must be either licensed under the GNU GPL or a compatible license. Samba has several plug-in interfaces where external code may be called from Samba GNU GPL licensed code. The most important of these is the Samba VFS layer. Samba VFS modules are intimately connected by header files and API definitions to the part of the Samba code that provides file services, and as such, code that implements a plug-in Samba VFS module must be licensed under the GNU GPL or a compatible license. However, Samba VFS modules may themselves call third-party external libraries that are not part of the Samba project and are externally developed and maintained. As long as these third-party external libraries do not use any of the Samba internal structure, APIs or interface definitions created by the Samba project (to the extent that they would be considered subject to the GNU GPL), then the Samba Team will not consider such third-party external libraries called from Samba VFS modules as "based on" and/or creating a "modified version" of the Samba code for the purposes of GNU GPL. Accordingly, we do not require such libraries be licensed under the GNU GPL or a GNU GPL compatible license. VFS --- The effort to modernize Samba's VFS interface has reached a major milestone with the next release Samba 4.14. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the . Printing -------- Publishing printers in AD is more reliable and more printer features are added to the published information in AD. Samba now also supports Windows drivers for the ARM64 architecture. Client Group Policy ------------------- This release extends Samba to support Group Policy functionality for Winbind clients. Active Directory Administrators can set policies that apply Sudoers configuration, and cron jobs to run hourly, daily, weekly or monthly. To enable the application of Group Policies on a client, set the global smb.conf option 'apply group policies' to 'yes'. Policies are applied on an interval of every 90 minutes, plus a random offset between 0 and 30 minutes. Policies applied by Samba are 'non-tattooing', meaning that changes can be reverted by executing the `samba-gpupdate --unapply` command. Policies can be re-applied using the `samba-gpupdate --force` command. To view what policies have been or will be applied to a system, use the `samba-gpupdate --rsop` command. Administration of Samba policy requires that a Samba ADMX template be uploaded to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is provided as a convenient method for adding this policy. Once uploaded, policies can be modified in the Group Policy Management Editor under Computer Configuration/Policies/Administrative Templates. Alternatively, Samba policy may be managed using the `samba-tool gpo manage` command. This tool does not require the admx templates to be installed. Python 3.6 or later required ---------------------------- Samba's minimum runtime requirement for python was raised to Python 3.6 with samba 4.13. Samba 4.14 raises this minimum version to Python 3.6 also to build Samba. It is no longer possible to build Samba (even just the file server) with Python versions 2.6 and 2.7. As Python 2.7 has been End Of Life upstream since April 2020, Samba is dropping ALL Python 2.x support in this release. Miscellaneous samba-tool changes -------------------------------- The 'samba-tool' subcommands to manage AD objects (e.g. users, computers and groups) now consistently use the "add" command when adding a new object to the AD. The previous deprecation warnings when using the 'add' commands have been removed. For compatibility reasons, both the 'add' and 'create' commands can be used now. Users, groups and contacts can now be renamed with the respective rename commands. Locked users can be unlocked with the new 'samba-tool user unlock' command. The 'samba-tool user list' and 'samba-tool group listmembers' commands provide additional options to hide expired and disabled user accounts (--hide-expired and --hide-disabled). CTDB CHANGES ============ * The NAT gateway and LVS features now uses the term "leader" to refer to the main node in a group through which traffic is routed and "follower" for other members of a group. The command for determining the leader has changed to "ctdb natgw leader" (from "ctdb natgw master"). The configuration keyword for indicating that a node can not be the leader of a group has changed to "follower-only" (from "slave-only"). Identical changes were made for LVS. * Remove "ctdb isnotrecmaster" command. It isn't used by CTDB's scripts and can be checked by users with "ctdb pnn" and "ctdb recmaster". smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- smb encrypt Removed async dns timeout New 10 client smb encrypt New default honor change notify privilege New No smbd force process locks New No server smb encrypt New default @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.71 2022/01/10 14:11:16 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.15.4.tar.gz) = e0555b6353bbbd77a39f7c725b77c9c1c608a36d8e144a321f73f1104edbf3ac SHA512 (samba-4.15.4.tar.gz) = e55473dd4971816a01880870309ca44f022625cd529511bcf386c865a2e7e79118577ee4866559f607952de47dc0d310d6426bd08dd4293db95ddbbe3982383d Size (samba-4.15.4.tar.gz) = 19280813 bytes @ 1.72 log @net/samba4: udpate to 4.13.17 =============================== Release Notes for Samba 4.13.17 January 31, 2022 =============================== This is a security release in order to address the following defects: o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module. https://www.samba.org/samba/security/CVE-2021-44142.html o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks. https://www.samba.org/samba/security/CVE-2022-0336.html Changes since 4.13.16 --------------------- o Ralph Boehme * BUG 14914: CVE-2021-44142 o Joseph Sutton * BUG 14950: CVE-2022-0336 @ text @d3 3 a5 3 BLAKE2s (samba-4.13.17.tar.gz) = 0f3a2899ad8c92c9506500fef617e05201b00d169ecb31784ea12b85000dc69b SHA512 (samba-4.13.17.tar.gz) = 3f47cc588c370510a11a1d5dc1a9f64872d765a2940a0dd39f02718f9a81b134dda9c9cb593f291f2aa1657de65b26458adcda33369c0858e16edf7f088edaf4 Size (samba-4.13.17.tar.gz) = 18952829 bytes d15 1 a15 1 SHA1 (patch-lib_replace_wscript) = 2a754e7310850b376d5881b82a8467041284fce9 a26 1 SHA1 (patch-source3_libsmb_libsmb__stat.c) = 1f88759babfd64b525df8087ea143c7bc3171549 d28 1 d30 1 d32 1 a32 1 SHA1 (patch-source4_heimdal__build_roken.h) = f467a541fa09e2aa483d10ed9d49df9167a3443a d34 2 a35 3 SHA1 (patch-source4_scripting_wsript_build) = bd4feddcaadf1c3d2d25eb7914e7b5843e4e9511 SHA1 (patch-source4_torture_libsmbclient_libsmbclient.c) = 38bb8b53581d5f0b5b0e9f0fce58f51148e91c20 SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = b0cbbcd4ebedd443dc9f9a59d1dad2e039bb9663 @ 1.71 log @net/samba4: update to 4.13.16 =============================== Release Notes for Samba 4.13.16 January 10, 2022 =============================== This is a security release in order to address the following defects: o CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o CVE-2021-43566: All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks that can race the server by renaming an existing path and then replacing it with a symlink. If the client wins the race it can cause the server to create a directory under the new symlink target after the exported share path check has been done. This new symlink target can point to anywhere on the server file system. The authenticated user must have permissions to create a directory under the target directory of the symlink. This is a difficult race to win, but theoretically possible. Note that the proof of concept code supplied wins the race only when the server is slowed down and put under heavy load. Exploitation of this bug has not been seen in the wild. Changes since 4.13.15 --------------------- o Jeremy Allison * BUG 13979: CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.70 2021/12/25 03:36:01 taca Exp $ d3 3 a5 3 BLAKE2s (samba-4.13.16.tar.gz) = c8f818d4334e46db117b152a953f6820868999eca1db5766b60645225fcdf04e SHA512 (samba-4.13.16.tar.gz) = 8645248327dbc1329db37f649f7514be02cc75dd6531b599a7dd51714699a6a804313135935ecf1567b5ec58910458819d1f0e1849d1e4cddf4bf9713725ffe3 Size (samba-4.13.16.tar.gz) = 18943308 bytes @ 1.70 log @net/samba4: update to 4.13.15 This release contain security fixes. =============================== Release Notes for Samba 4.13.15 December 15, 2021 =============================== This is the latest stable release of the Samba 4.13 release series. Important Notes =============== There have been a few regressions in the security release 4.13.14: o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/security/CVE-2020-25717.html PLEASE [RE-]READ! The instructions have been updated and some workarounds initially adviced for 4.13.14 are no longer required and should be reverted in most cases. o BUG-14902: User with multiple spaces (eg FredNurk) become un-deletable. While this release should fix this bug, it is adviced to have a look at the bug report for more detailed information, see https://bugzilla.samba.org/show_bug.cgi?id=14902. Changes since 4.13.14 --------------------- o Andrew Bartlett * BUG 14656: Spaces incorrectly collapsed in ldb attributes. * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token. * BUG 14902: User with multiple spaces (eg FredNurk) become un- deletable. o Ralph Boehme * BUG 14922: Kerberos authentication on standalone server in MIT realm broken. o Alexander Bokovoy * BUG 14903: Support for ROLE_IPA_DC is incomplete. o Stefan Metzmacher * BUG 14899: winbindd doesn't start when "allow trusted domains" is off. * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token. o Joseph Sutton * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.69 2021/11/10 13:33:20 adam Exp $ d3 3 a5 3 BLAKE2s (samba-4.13.15.tar.gz) = a77479237477a75e1400517ba431beb8417d12f2dfab0037ae956f7682fd54a4 SHA512 (samba-4.13.15.tar.gz) = dc059650831d6f473d510502a92a8122bba9079f2204cecf375873a160b1d8e60434a8aa01ff479d4e1b7d34b0058b1468a7c8600782c4dbddb16717181acad8 Size (samba-4.13.15.tar.gz) = 18944873 bytes @ 1.70.2.1 log @Pullup ticket #6572 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.135 - net/samba4/distinfo 1.71 --- Module Name: pkgsrc Committed By: taca Date: Mon Jan 10 14:11:16 UTC 2022 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.13.16 =============================== Release Notes for Samba 4.13.16 January 10, 2022 =============================== This is a security release in order to address the following defects: o CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o CVE-2021-43566: All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks that can race the server by renaming an existing path and then replacing it with a symlink. If the client wins the race it can cause the server to create a directory under the new symlink target after the exported share path check has been done. This new symlink target can point to anywhere on the server file system. The authenticated user must have permissions to create a directory under the target directory of the symlink. This is a difficult race to win, but theoretically possible. Note that the proof of concept code supplied wins the race only when the server is slowed down and put under heavy load. Exploitation of this bug has not been seen in the wild. Changes since 4.13.15 --------------------- o Jeremy Allison * BUG 13979: CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (samba-4.13.16.tar.gz) = c8f818d4334e46db117b152a953f6820868999eca1db5766b60645225fcdf04e SHA512 (samba-4.13.16.tar.gz) = 8645248327dbc1329db37f649f7514be02cc75dd6531b599a7dd51714699a6a804313135935ecf1567b5ec58910458819d1f0e1849d1e4cddf4bf9713725ffe3 Size (samba-4.13.16.tar.gz) = 18943308 bytes @ 1.70.2.2 log @Pullup ticket #6577 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.136-1.137 - net/samba4/distinfo 1.72 --- Module Name: pkgsrc Committed By: gdt Date: Tue Jan 25 19:25:01 UTC 2022 Modified Files: pkgsrc/net/samba4: Makefile Log Message: net/samba4: Add upstream bug report URL --- Module Name: pkgsrc Committed By: taca Date: Mon Jan 31 13:45:12 UTC 2022 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: udpate to 4.13.17 =============================== Release Notes for Samba 4.13.17 January 31, 2022 =============================== This is a security release in order to address the following defects: o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module. https://www.samba.org/samba/security/CVE-2021-44142.html o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks. https://www.samba.org/samba/security/CVE-2022-0336.html Changes since 4.13.16 --------------------- o Ralph Boehme * BUG 14914: CVE-2021-44142 o Joseph Sutton * BUG 14950: CVE-2022-0336 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.70.2.1 2022/01/21 15:49:25 bsiegert Exp $ d3 3 a5 3 BLAKE2s (samba-4.13.17.tar.gz) = 0f3a2899ad8c92c9506500fef617e05201b00d169ecb31784ea12b85000dc69b SHA512 (samba-4.13.17.tar.gz) = 3f47cc588c370510a11a1d5dc1a9f64872d765a2940a0dd39f02718f9a81b134dda9c9cb593f291f2aa1657de65b26458adcda33369c0858e16edf7f088edaf4 Size (samba-4.13.17.tar.gz) = 18952829 bytes @ 1.69 log @samba4: updated to 4.13.14 Changes since 4.13.13 --------------------- o Douglas Bagnall * CVE-2020-25722 o Andrew Bartlett * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 o Ralph Boehme * CVE-2020-25717 o Alexander Bokovoy * CVE-2020-25717 o Samuel Cabrero * CVE-2020-25717 o Nadezhda Ivanova * CVE-2020-25722 o Stefan Metzmacher * CVE-2016-2124 * CVE-2020-25717 * CVE-2020-25719 * CVE-2020-25722 * CVE-2021-23192 * CVE-2021-3738 * ldb: version 2.2.3 o Andreas Schneider * CVE-2020-25719 o Joseph Sutton * CVE-2020-17049 * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 * MS CVE-2020-17049 Changes since 4.13.12 --------------------- o Douglas Bagnall * BUG 14868: rodc_rwdc test flaps. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Andrew Bartlett * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14845: "in" operator on ldb.Message is case sensitive. * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. * BUG 14874: Allow special chars like "@@" in samAccountName when generating the salt. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Isaac Boukris * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Viktor Dukhovni * BUG 12998: Fix transit path validation. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Luke Howard * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Stefan Metzmacher * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o David Mulder * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Andreas Schneider * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Joseph Sutton * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb. * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14845: "in" operator on ldb.Message is case sensitive. * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. * BUG 14868: rodc_rwdc test flaps. * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. * BUG 14874: Allow special chars like "@@" in samAccountName when generating the salt. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Nicolas Williams * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.68 2021/10/26 11:06:54 nia Exp $ d3 3 a5 3 BLAKE2s (samba-4.13.14.tar.gz) = 801388e4323c8b4c53b046fd06beb5fd4d5e719da137e77b8207f682d23dfc1b SHA512 (samba-4.13.14.tar.gz) = cf15d6dba308502dac1630cbc48dff035da90a4ffeb7cba523741f0946a02d16952a6a88728574a83678f284933af8f8fb4f924e27c8afb9b3472c0c4be50dd2 Size (samba-4.13.14.tar.gz) = 18943381 bytes @ 1.68 log @ net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.67 2021/10/08 13:20:34 adam Exp $ d3 3 a5 3 BLAKE2s (samba-4.13.12.tar.gz) = beb30c0f119e2b8603faada6240d19d30728253d20925ff7700d2d8e54de4dec SHA512 (samba-4.13.12.tar.gz) = 6447733e4c07669bd2dd95a0056be92c507fa4f8c29dd0bc86881004cc24206d9c2c49ace1cb00c4fc7f08109cbf110015f51cd3ab77f2fa95818bcebc437974 Size (samba-4.13.12.tar.gz) = 18586809 bytes @ 1.67 log @samba4: updated to 4.13.12 Changes since 4.13.11 --------------------- * BUG 14806: Address a signifcant performance regression in database access in the AD DC since Samba 4.12. * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14818: Address flapping samba_tool_drs_showrepl test. * BUG 14819: Address flapping dsdb_schema_attributes test. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14784: Fix CTDB flag/status update race conditions. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.66 2021/10/07 14:42:46 nia Exp $ d3 1 a3 1 RMD160 (samba-4.13.12.tar.gz) = 7a1edf12ddc292ae7d4d30df5d031a2f7560a7cf @ 1.66 log @net: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.65 2021/09/13 10:13:33 adam Exp $ d3 3 a5 3 RMD160 (samba-4.13.11.tar.gz) = 60c81dc61a1a360d5d78a981b5d214f84bcc36c7 SHA512 (samba-4.13.11.tar.gz) = d22da31ebbea4c4fb33827b47ab0d21e7753802ab310b68fb5edc48a2419f419737f4df6cc138488f28b70142734e68865ad63944445ede921ea09ebc83fbce7 Size (samba-4.13.11.tar.gz) = 18476158 bytes @ 1.65 log @samba4: updated to 4.3.11 Changes since 4.13.10 * BUG 14769: smbd panic on force-close share during offload write. * BUG 14731: Fix returned attributes on fake quota file handle and avoid hitting the VFS. * BUG 14783: smbd "deadtime" parameter doesn't work anymore. * BUG 14787: net conf list crashes when run as normal user. * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7. * BUG 14793: Start the SMB encryption as soon as possible. * BUG 14792: Winbind should not start if the socket path for the privileged pipe is too long. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.64 2021/07/25 15:58:04 taca Exp $ a2 1 SHA1 (samba-4.13.11.tar.gz) = 754b6fd2f0a6a9dc3b5aa03fe777d98036b2a99d @ 1.65.2.1 log @Pullup ticket #6537 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.130-1.132 - net/samba4/PLIST 1.39-1.40 - net/samba4/distinfo 1.67,1.69 --- Module Name: pkgsrc Committed By: adam Date: Wed Sep 29 19:01:31 UTC 2021 Modified Files: pkgsrc/archivers/ark: Makefile pkgsrc/archivers/innoextract: Makefile pkgsrc/archivers/libcomprex: Makefile buildlink3.mk pkgsrc/archivers/libzip: Makefile buildlink3.mk pkgsrc/archivers/php-pecl-zip: Makefile pkgsrc/archivers/php-zip: Makefile pkgsrc/audio/ardour: Makefile pkgsrc/audio/ario: Makefile pkgsrc/audio/audacious-plugins: Makefile pkgsrc/audio/bmp-scrobbler: Makefile pkgsrc/audio/cmusfm: Makefile pkgsrc/audio/csound6: Makefile pkgsrc/audio/din: Makefile pkgsrc/audio/flactag: Makefile pkgsrc/audio/forked-daapd: Makefile pkgsrc/audio/gbemol: Makefile pkgsrc/audio/glyr: Makefile buildlink3.mk pkgsrc/audio/grip: Makefile pkgsrc/audio/herrie: Makefile pkgsrc/audio/hydrogen: Makefile pkgsrc/audio/icecast: Makefile pkgsrc/audio/jack-rack: Makefile pkgsrc/audio/libmusicbrainz: Makefile buildlink3.mk pkgsrc/audio/libmusicbrainz5: Makefile buildlink3.mk pkgsrc/audio/libofa: Makefile pkgsrc/audio/mad123: Makefile pkgsrc/audio/moc: Makefile pkgsrc/audio/mp3diags: Makefile pkgsrc/audio/mpdas: Makefile pkgsrc/audio/musicpd: Makefile pkgsrc/audio/ncmpcpp: Makefile pkgsrc/audio/pianobar: Makefile pkgsrc/audio/pragha: Makefile pkgsrc/audio/qmmp: Makefile pkgsrc/audio/sound-juicer: Makefile pkgsrc/audio/strawberry: Makefile pkgsrc/audio/streamtuner: Makefile buildlink3.mk pkgsrc/audio/terminatorx: Makefile pkgsrc/audio/tremor-tools: Makefile pkgsrc/audio/vimpc: Makefile pkgsrc/audio/vorbis-tools: Makefile pkgsrc/biology/canu: Makefile pkgsrc/biology/coordgenlibs: Makefile buildlink3.mk pkgsrc/biology/htslib: Makefile pkgsrc/biology/maeparser: Makefile buildlink3.mk pkgsrc/biology/ncbi-blast+: Makefile pkgsrc/biology/openbabel: Makefile pkgsrc/cad/kicad: Makefile pkgsrc/cad/librecad: Makefile pkgsrc/cad/openscad: Makefile pkgsrc/chat/anope: Makefile pkgsrc/chat/bitlbee: Makefile pkgsrc/chat/centerim: Makefile pkgsrc/chat/ctrlproxy: Makefile pkgsrc/chat/ekg: Makefile pkgsrc/chat/farstream: Makefile pkgsrc/chat/gloox: Makefile pkgsrc/chat/ircd-hybrid: Makefile pkgsrc/chat/konversation: Makefile pkgsrc/chat/ktp-accounts-kcm: Makefile pkgsrc/chat/ktp-approver: Makefile pkgsrc/chat/ktp-auth-handler: Makefile pkgsrc/chat/ktp-common-internals: Makefile buildlink3.mk pkgsrc/chat/ktp-contact-list: Makefile pkgsrc/chat/ktp-contact-runner: Makefile pkgsrc/chat/ktp-desktop-applets: Makefile pkgsrc/chat/ktp-filetransfer-handler: Makefile pkgsrc/chat/ktp-kded-integration-module: Makefile pkgsrc/chat/ktp-send-file: Makefile pkgsrc/chat/ktp-text-ui: Makefile pkgsrc/chat/libgadu: Makefile buildlink3.mk pkgsrc/chat/libpurple: Makefile pkgsrc/chat/mumble: Makefile pkgsrc/chat/profanity: Makefile pkgsrc/chat/scrollz: Makefile pkgsrc/chat/spectrum: Makefile pkgsrc/chat/swift: Makefile pkgsrc/chat/telepathy-gabble: Makefile pkgsrc/chat/unrealircd: Makefile pkgsrc/chat/weechat: Makefile pkgsrc/chat/znc: Makefile pkgsrc/comms/asterisk13: Makefile pkgsrc/comms/asterisk16: Makefile pkgsrc/comms/asterisk18: Makefile pkgsrc/comms/gammu: Makefile pkgsrc/converters/libabw: Makefile buildlink3.mk pkgsrc/converters/libcdr: Makefile buildlink3.mk pkgsrc/converters/libe-book: Makefile buildlink3.mk pkgsrc/converters/libepubgen: Makefile buildlink3.mk pkgsrc/converters/libetonyek: Makefile buildlink3.mk pkgsrc/converters/libfreehand: Makefile buildlink3.mk pkgsrc/converters/libmspub: Makefile buildlink3.mk pkgsrc/converters/libmwaw: Makefile buildlink3.mk pkgsrc/converters/libpagemaker: Makefile buildlink3.mk pkgsrc/converters/libqxp: Makefile buildlink3.mk pkgsrc/converters/librevenge: Makefile buildlink3.mk pkgsrc/converters/libstaroffice: Makefile pkgsrc/converters/libvisio: Makefile buildlink3.mk pkgsrc/converters/libwpd: Makefile buildlink3.mk pkgsrc/converters/libwpg: Makefile buildlink3.mk pkgsrc/converters/libwps: Makefile buildlink3.mk pkgsrc/converters/libzmf: Makefile pkgsrc/converters/orcus: Makefile pkgsrc/converters/rss2html: Makefile pkgsrc/databases/couchdb: Makefile pkgsrc/databases/freetds: Makefile buildlink3.mk pkgsrc/databases/libcassandra: Makefile pkgsrc/databases/mariadb104-client: Makefile pkgsrc/databases/mariadb104-server: Makefile pkgsrc/databases/mariadb105-client: Makefile pkgsrc/databases/mariadb105-server: Makefile pkgsrc/databases/mariadb106-client: Makefile pkgsrc/databases/mariadb106-server: Makefile pkgsrc/databases/mongodb: Makefile pkgsrc/databases/mongodb3: Makefile pkgsrc/databases/mysql-workbench: Makefile pkgsrc/databases/mysql57-client: Makefile pkgsrc/databases/mysql57-server: Makefile pkgsrc/databases/p5-DBD-Sybase: Makefile pkgsrc/databases/p5-sqlrelay: Makefile pkgsrc/databases/p5-sybperl: Makefile pkgsrc/databases/php-mssql: Makefile pkgsrc/databases/php-pdo_dblib: Makefile pkgsrc/databases/php-sqlrelay: Makefile pkgsrc/databases/postgresql-postgis2: Makefile pkgsrc/databases/py-mssql: Makefile pkgsrc/databases/py-sqlrelay: Makefile pkgsrc/databases/py-sybase: Makefile pkgsrc/databases/qore-freetds-module: Makefile pkgsrc/databases/ruby-sqlrelay: Makefile pkgsrc/databases/ruby-tiny_tds: Makefile pkgsrc/databases/soci: Makefile pkgsrc/databases/sqlrelay: Makefile buildlink3.mk pkgsrc/databases/sqlrelay-freetds: Makefile pkgsrc/databases/sqlrelay-mysql: Makefile pkgsrc/databases/sqlrelay-nodejs: Makefile pkgsrc/databases/sqlrelay-odbc: Makefile pkgsrc/databases/sqlrelay-pgsql: Makefile pkgsrc/databases/sqlrelay-sqlite: Makefile pkgsrc/databases/sqsh: Makefile pkgsrc/databases/virtuoso: Makefile pkgsrc/devel/aegis: Makefile pkgsrc/devel/cfitsio: Makefile pkgsrc/devel/cmake: Makefile pkgsrc/devel/cmake-gui: Makefile pkgsrc/devel/darcs: Makefile pkgsrc/devel/ecore: Makefile buildlink3.mk pkgsrc/devel/eio: Makefile buildlink3.mk pkgsrc/devel/exempi: Makefile pkgsrc/devel/fifengine: Makefile pkgsrc/devel/gearmand: Makefile buildlink3.mk pkgsrc/devel/git-base: Makefile pkgsrc/devel/gnustep-base: Makefile pkgsrc/devel/kdesdk-kioslaves: Makefile pkgsrc/devel/kdesdk-strigi-analyzers: Makefile pkgsrc/devel/kdesdk-thumbnailers: Makefile pkgsrc/devel/kdevelop4: Makefile pkgsrc/devel/kdevplatform: Makefile pkgsrc/devel/kio-extras: Makefile pkgsrc/devel/libcutl: Makefile pkgsrc/devel/libftdi1: Makefile pkgsrc/devel/libgit2: Makefile pkgsrc/devel/libkgapi: Makefile pkgsrc/devel/librelp: Makefile buildlink3.mk pkgsrc/devel/libthrift: Makefile pkgsrc/devel/libxenserver: Makefile buildlink3.mk pkgsrc/devel/mad-flute: Makefile pkgsrc/devel/mdds: Makefile pkgsrc/devel/mdds1.2: Makefile pkgsrc/devel/netcdf: Makefile buildlink3.mk pkgsrc/devel/netcdf-cxx: Makefile buildlink3.mk pkgsrc/devel/netcdf-fortran: Makefile buildlink3.mk pkgsrc/devel/okteta: Makefile pkgsrc/devel/php-gearman: Makefile pkgsrc/devel/radare2: Makefile buildlink3.mk pkgsrc/devel/radare2-cutter: Makefile pkgsrc/devel/rudiments: Makefile buildlink3.mk pkgsrc/devel/sdcc3: Makefile pkgsrc/devel/ucommon: Makefile buildlink3.mk pkgsrc/devel/vera++: Makefile pkgsrc/editors/Sigil: Makefile pkgsrc/editors/TeXmacs: Makefile pkgsrc/editors/abiword: Makefile buildlink3.mk pkgsrc/editors/abiword-plugins: Makefile pkgsrc/editors/codelite: Makefile pkgsrc/editors/emacs25: Makefile pkgsrc/editors/emacs26: Makefile pkgsrc/editors/emacs27: Makefile pkgsrc/editors/gobby: Makefile pkgsrc/editors/lyx: Makefile pkgsrc/editors/obby: Makefile buildlink3.mk pkgsrc/editors/poedit: Makefile pkgsrc/editors/xournalpp: Makefile pkgsrc/emulators/cannonball: Makefile pkgsrc/emulators/ckmame: Makefile pkgsrc/emulators/dolphin-emu: Makefile pkgsrc/emulators/emulationstation: Makefile pkgsrc/emulators/libretro-dolphin: Makefile pkgsrc/emulators/mgba: Makefile pkgsrc/emulators/qemu: Makefile pkgsrc/emulators/wine: Makefile pkgsrc/filesystems/cloudfuse: Makefile pkgsrc/filesystems/fuse-curlftpfs: Makefile pkgsrc/filesystems/fuse-wdfs: Makefile pkgsrc/finance/QuantLib: Makefile pkgsrc/finance/bitcoin: Makefile pkgsrc/finance/cpuminer: Makefile pkgsrc/finance/gnucash: Makefile pkgsrc/finance/ledger: Makefile pkgsrc/finance/libofx: Makefile pkgsrc/fonts/ghostscript-cidfonts-ryumin: Makefile pkgsrc/games/7kaa: Makefile pkgsrc/games/amor: Makefile pkgsrc/games/asc: Makefile pkgsrc/games/assaultcube: Makefile pkgsrc/games/bastet: Makefile pkgsrc/games/bzflag: Makefile pkgsrc/games/criticalmass: Makefile pkgsrc/games/crossfire-client: Makefile pkgsrc/games/crossfire-server: Makefile pkgsrc/games/dhewm3: Makefile pkgsrc/games/dopewars: Makefile pkgsrc/games/enigma: Makefile pkgsrc/games/etlegacy: Makefile pkgsrc/games/etlegacy-server: Makefile pkgsrc/games/flightgear: Makefile pkgsrc/games/freeciv-client: Makefile pkgsrc/games/freeciv-server: Makefile pkgsrc/games/freeciv-share: Makefile pkgsrc/games/ggz-client-libs: Makefile buildlink3.mk pkgsrc/games/holtz: Makefile pkgsrc/games/ioquake3: Makefile pkgsrc/games/iortcw: Makefile pkgsrc/games/klavaro: Makefile pkgsrc/games/lgogdownloader: Makefile pkgsrc/games/libggz: Makefile buildlink3.mk pkgsrc/games/manaplus: Makefile pkgsrc/games/megaglest: Makefile pkgsrc/games/minetest: Makefile pkgsrc/games/naev: Makefile pkgsrc/games/openmw: Makefile pkgsrc/games/openrct2: Makefile pkgsrc/games/pingus: Makefile pkgsrc/games/powder-toy: Makefile pkgsrc/games/quakeforge: Makefile pkgsrc/games/scummvm: Makefile pkgsrc/games/scummvm-tools: Makefile pkgsrc/games/simgear: Makefile buildlink3.mk pkgsrc/games/supertux: Makefile pkgsrc/games/supertuxkart: Makefile pkgsrc/games/taisei: Makefile pkgsrc/games/ufoai: Makefile pkgsrc/games/violetland: Makefile pkgsrc/games/warmux: Makefile pkgsrc/games/warzone2100: Makefile pkgsrc/games/wesnoth: Makefile pkgsrc/games/widelands: Makefile pkgsrc/games/yquake2: Makefile pkgsrc/geography/R-rgdal: Makefile pkgsrc/geography/R-sf: Makefile pkgsrc/geography/gdal-lib: Makefile buildlink3.mk pkgsrc/geography/mapserver: Makefile pkgsrc/geography/merkaartor: Makefile pkgsrc/geography/opencpn: Makefile pkgsrc/geography/osm2pgsql: Makefile pkgsrc/geography/pdal-lib: Makefile buildlink3.mk pkgsrc/geography/py-gdal: Makefile pkgsrc/geography/qgis: Makefile pkgsrc/geography/qlandkartegt: Makefile pkgsrc/geography/qlandkartem: Makefile pkgsrc/geography/viking: Makefile pkgsrc/graphics/GMT: Makefile pkgsrc/graphics/GraphicsMagick: Makefile buildlink3.mk pkgsrc/graphics/ImageMagick: Makefile buildlink3.mk pkgsrc/graphics/ImageMagick6: Makefile buildlink3.mk pkgsrc/graphics/aqsis: Makefile pkgsrc/graphics/autotrace: Makefile pkgsrc/graphics/blender: Makefile pkgsrc/graphics/blender-lts: Makefile pkgsrc/graphics/camlimages: Makefile pkgsrc/graphics/darktable: Makefile pkgsrc/graphics/digikam: Makefile pkgsrc/graphics/drawpile: Makefile pkgsrc/graphics/dx: Makefile pkgsrc/graphics/edje: Makefile buildlink3.mk pkgsrc/graphics/enblend-enfuse: Makefile pkgsrc/graphics/feh: Makefile pkgsrc/graphics/gimmage: Makefile pkgsrc/graphics/gmic: Makefile pkgsrc/graphics/gource: Makefile pkgsrc/graphics/gpick: Makefile pkgsrc/graphics/graphviz: Makefile pkgsrc/graphics/gri: Makefile pkgsrc/graphics/hugin: Makefile pkgsrc/graphics/jp2a: Makefile pkgsrc/graphics/kde-base-artwork: Makefile pkgsrc/graphics/kdegraphics-strigi-analyzer: Makefile pkgsrc/graphics/kgamma: Makefile pkgsrc/graphics/koverartist: Makefile pkgsrc/graphics/kqtquickcharts4: Makefile pkgsrc/graphics/krita: Makefile pkgsrc/graphics/libgltf: Makefile pkgsrc/graphics/libkexiv2-kde4: Makefile pkgsrc/graphics/libsixel: Makefile pkgsrc/graphics/lsix: Makefile pkgsrc/graphics/luminance-hdr: Makefile pkgsrc/graphics/ncview: Makefile pkgsrc/graphics/openimageio: Makefile buildlink3.mk pkgsrc/graphics/osg: Makefile buildlink3.mk pkgsrc/graphics/p5-GraphicsMagick: Makefile pkgsrc/graphics/p5-PerlMagick: Makefile pkgsrc/graphics/pcl: Makefile buildlink3.mk pkgsrc/graphics/pfstools: Makefile pkgsrc/graphics/php-imagick: Makefile pkgsrc/graphics/pstoedit: Makefile pkgsrc/graphics/ruby-RMagick: Makefile pkgsrc/graphics/sane-airscan: Makefile pkgsrc/graphics/shotwell: Makefile pkgsrc/graphics/tango-icon-theme: Makefile pkgsrc/graphics/vtk: Makefile buildlink3.mk pkgsrc/graphics/zbar: Makefile pkgsrc/graphics/zphoto: Makefile pkgsrc/ham/fldigi: Makefile pkgsrc/ham/gnuradio-channels: Makefile pkgsrc/ham/gnuradio-companion: Makefile pkgsrc/ham/gnuradio-core: Makefile pkgsrc/ham/gnuradio-ctrlport: Makefile pkgsrc/ham/gnuradio-digital: Makefile pkgsrc/ham/gnuradio-doxygen: Makefile pkgsrc/ham/gnuradio-dtv: Makefile pkgsrc/ham/gnuradio-fec: Makefile pkgsrc/ham/gnuradio-network: Makefile pkgsrc/ham/gnuradio-qtgui: Makefile pkgsrc/ham/gnuradio-soapy-sdr: Makefile pkgsrc/ham/gnuradio-trellis: Makefile pkgsrc/ham/gnuradio-uhd: Makefile pkgsrc/ham/gnuradio-utils: Makefile pkgsrc/ham/gnuradio-video-sdl: Makefile pkgsrc/ham/gnuradio-vocoder: Makefile pkgsrc/ham/gnuradio-wavelet: Makefile pkgsrc/ham/gnuradio-zeromq: Makefile pkgsrc/ham/gpredict: Makefile pkgsrc/ham/gr-fcdproplus: Makefile pkgsrc/ham/gr-osmosdr: Makefile pkgsrc/ham/trustedQSL: Makefile pkgsrc/ham/uhd: Makefile pkgsrc/inputmethod/fcitx5-chinese-addons: Makefile pkgsrc/inputmethod/fcitx5-mozc: Makefile pkgsrc/inputmethod/fcitx5-table-extra: Makefile pkgsrc/inputmethod/fcitx5-table-other: Makefile pkgsrc/inputmethod/ibus-mozc: Makefile pkgsrc/inputmethod/libime: Makefile pkgsrc/inputmethod/librime: Makefile pkgsrc/inputmethod/mozc-elisp: Makefile pkgsrc/inputmethod/mozc-renderer: Makefile pkgsrc/inputmethod/mozc-server: Makefile pkgsrc/inputmethod/mozc-tool: Makefile pkgsrc/inputmethod/uim-mozc: Makefile pkgsrc/lang/konoha: Makefile pkgsrc/lang/nodejs10: Makefile buildlink3.mk pkgsrc/lang/nodejs12: Makefile buildlink3.mk pkgsrc/lang/openjdk11: Makefile pkgsrc/lang/openjdk8: Makefile pkgsrc/lang/rust: Makefile pkgsrc/mail/akonadi: Makefile pkgsrc/mail/balsa: Makefile pkgsrc/mail/claws-mail: Makefile pkgsrc/mail/claws-mail-archive: Makefile pkgsrc/mail/claws-mail-attachwarner: Makefile pkgsrc/mail/claws-mail-attremover: Makefile pkgsrc/mail/claws-mail-bogofilter: Makefile pkgsrc/mail/claws-mail-dillo: Makefile pkgsrc/mail/claws-mail-fetchinfo: Makefile pkgsrc/mail/claws-mail-libravatar: Makefile pkgsrc/mail/claws-mail-mailmbox: Makefile pkgsrc/mail/claws-mail-managesieve: Makefile pkgsrc/mail/claws-mail-newmail: Makefile pkgsrc/mail/claws-mail-notification: Makefile pkgsrc/mail/claws-mail-pgpcore: Makefile pkgsrc/mail/claws-mail-pgpinline: Makefile pkgsrc/mail/claws-mail-pgpmime: Makefile pkgsrc/mail/claws-mail-rssyl: Makefile pkgsrc/mail/claws-mail-smime: Makefile pkgsrc/mail/claws-mail-spamassassin: Makefile pkgsrc/mail/claws-mail-spamreport: Makefile pkgsrc/mail/claws-mail-tnef: Makefile pkgsrc/mail/claws-mail-vcalendar: Makefile pkgsrc/mail/cone: Makefile pkgsrc/mail/evolution-data-server: Makefile pkgsrc/mail/libetpan: Makefile buildlink3.mk pkgsrc/mail/mailfront: Makefile pkgsrc/mail/milter-greylist: Makefile pkgsrc/mail/mpop: Makefile pkgsrc/mail/msmtp: Makefile pkgsrc/mail/mutt: Makefile pkgsrc/mail/nmh: Makefile pkgsrc/mail/nullmailer: Makefile pkgsrc/mail/wmbiff: Makefile pkgsrc/mail/xfce4-mailwatch-plugin: Makefile pkgsrc/math/R: Makefile pkgsrc/math/R-CGIwithR: Makefile pkgsrc/math/R-RNetCDF: Makefile pkgsrc/math/R-ncdf: Makefile pkgsrc/math/R-ncdf4: Makefile pkgsrc/math/cantor: Makefile pkgsrc/math/cgal: Makefile buildlink3.mk pkgsrc/math/grace: Makefile pkgsrc/math/libixion: Makefile pkgsrc/math/octave: Makefile pkgsrc/math/py-Scientific: Makefile pkgsrc/math/py-libixion: Makefile pkgsrc/math/py-netCDF4: Makefile pkgsrc/math/qalculate: Makefile buildlink3.mk pkgsrc/math/qalculate-gtk: Makefile pkgsrc/math/sc-im: Makefile pkgsrc/math/volk: Makefile pkgsrc/math/vowpal_wabbit: Makefile pkgsrc/math/xmgr: Makefile pkgsrc/misc/bibletime: Makefile pkgsrc/misc/esniper: Makefile pkgsrc/misc/fbreader: Makefile pkgsrc/misc/gwaei: Makefile pkgsrc/misc/kaccessible: Makefile pkgsrc/misc/kchmviewer: Makefile pkgsrc/misc/kde-wallpapers4: Makefile pkgsrc/misc/kdeartwork4: Makefile pkgsrc/misc/kdepim-runtime4: Makefile pkgsrc/misc/kdepim4: Makefile pkgsrc/misc/kdepimlibs4: Makefile buildlink3.mk pkgsrc/misc/kdeplasma-addons4: Makefile pkgsrc/misc/kremotecontrol: Makefile pkgsrc/misc/kstars: Makefile pkgsrc/misc/ktux: Makefile pkgsrc/misc/libcarddav: Makefile pkgsrc/misc/libkdeedu: Makefile buildlink3.mk pkgsrc/misc/libreoffice: Makefile pkgsrc/misc/ocaml-opam: Makefile pkgsrc/misc/parley: Makefile pkgsrc/misc/rocs: Makefile pkgsrc/misc/step: Makefile pkgsrc/misc/superkaramba: Makefile pkgsrc/misc/sweeper: Makefile pkgsrc/misc/sword: Makefile buildlink3.mk pkgsrc/misc/usbprog: Makefile pkgsrc/misc/wandio: Makefile buildlink3.mk pkgsrc/multimedia/audiocd-kio: Makefile pkgsrc/multimedia/dvdauthor: Makefile pkgsrc/multimedia/ffmpeg2: Makefile pkgsrc/multimedia/ffmpeg3: Makefile pkgsrc/multimedia/ffmpeg4: Makefile pkgsrc/multimedia/ffmpegthumbs: Makefile pkgsrc/multimedia/gnome-mplayer: Makefile pkgsrc/multimedia/gpac: Makefile pkgsrc/multimedia/kscd: Makefile pkgsrc/multimedia/libkcddb: Makefile buildlink3.mk pkgsrc/multimedia/lightspark: Makefile pkgsrc/multimedia/mediatomb: Makefile pkgsrc/multimedia/mkvtoolnix: Makefile pkgsrc/multimedia/mkvtoolnix-old: Makefile pkgsrc/multimedia/mplayerthumbs: Makefile pkgsrc/multimedia/nostt: Makefile pkgsrc/multimedia/obs-studio: Makefile pkgsrc/multimedia/omxplayer: Makefile pkgsrc/multimedia/totem: Makefile pkgsrc/multimedia/transcode: Makefile pkgsrc/multimedia/vlc: Makefile pkgsrc/multimedia/xine-lib: Makefile pkgsrc/multimedia/xine-ui: Makefile pkgsrc/net/aiccu: Makefile pkgsrc/net/bbk_cli: Makefile pkgsrc/net/btget: Makefile pkgsrc/net/cclive: Makefile pkgsrc/net/ccrtp: Makefile buildlink3.mk pkgsrc/net/choqok: Makefile pkgsrc/net/chrony: Makefile pkgsrc/net/dc_gui2: Makefile pkgsrc/net/deforaos-vncviewer: Makefile pkgsrc/net/doh: Makefile pkgsrc/net/ettercap: Makefile pkgsrc/net/ettercap-gtk: Makefile pkgsrc/net/filezilla: Makefile pkgsrc/net/flickcurl: Makefile pkgsrc/net/freeDiameter: Makefile pkgsrc/net/freeradius-freetds: Makefile pkgsrc/net/freeradius-rest: Makefile pkgsrc/net/glib-networking: Makefile pkgsrc/net/grilo: Makefile buildlink3.mk pkgsrc/net/grilo-plugins: Makefile pkgsrc/net/grive2: Makefile pkgsrc/net/gst-plugins0.10-rtmp: Makefile pkgsrc/net/gst-plugins1-rtmp: Makefile pkgsrc/net/gtk-gnutella: Makefile pkgsrc/net/gtk-vnc: Makefile buildlink3.mk pkgsrc/net/guacamole-server: Makefile pkgsrc/net/icinga2: Makefile pkgsrc/net/jigdo: Makefile pkgsrc/net/kdenetwork-filesharing: Makefile pkgsrc/net/kdenetwork-strigi-analyzers: Makefile pkgsrc/net/kget: Makefile pkgsrc/net/kmldonkey: Makefile pkgsrc/net/knot: Makefile pkgsrc/net/kopete: Makefile pkgsrc/net/kppp: Makefile pkgsrc/net/krdc: Makefile pkgsrc/net/krfb: Makefile pkgsrc/net/ktorrent: Makefile pkgsrc/net/lftp: Makefile pkgsrc/net/libcmis: Makefile pkgsrc/net/libfilezilla: Makefile pkgsrc/net/libgdata: Makefile buildlink3.mk pkgsrc/net/libktorrent: Makefile buildlink3.mk pkgsrc/net/libquvi: Makefile pkgsrc/net/libtorrent-rasterbar: Makefile buildlink3.mk pkgsrc/net/libtrace: Makefile pkgsrc/net/libvncserver: Makefile buildlink3.mk pkgsrc/net/libzrtpcpp: Makefile buildlink3.mk pkgsrc/net/megatools: Makefile pkgsrc/net/nanotodon: Makefile pkgsrc/net/ncdc: Makefile pkgsrc/net/net6: Makefile buildlink3.mk pkgsrc/net/netatalk22: Makefile pkgsrc/net/netatalk3: Makefile pkgsrc/net/ntopng: Makefile pkgsrc/net/ocamlnet: Makefile pkgsrc/net/ocsync: Makefile buildlink3.mk pkgsrc/net/openvpn: Makefile pkgsrc/net/podcastdl: Makefile pkgsrc/net/powerdns: Makefile pkgsrc/net/py-smbc: Makefile pkgsrc/net/qbittorrent: Makefile pkgsrc/net/quvi: Makefile pkgsrc/net/rdesktop: Makefile pkgsrc/net/remmina: Makefile pkgsrc/net/rtmpdump: Makefile buildlink3.mk pkgsrc/net/rtorrent: Makefile pkgsrc/net/samba: Makefile pkgsrc/net/samba4: Makefile buildlink3.mk pkgsrc/net/snort: Makefile pkgsrc/net/synergy: Makefile pkgsrc/net/taskserver: Makefile pkgsrc/net/tcpflow: Makefile pkgsrc/net/tigervnc: Makefile pkgsrc/net/transmission: Makefile pkgsrc/net/transmission-gtk: Makefile pkgsrc/net/transmission-qt: Makefile pkgsrc/net/unbound: Makefile buildlink3.mk pkgsrc/net/urlgfe: Makefile pkgsrc/net/vinagre: Makefile pkgsrc/net/vino: Makefile pkgsrc/net/wget: Makefile pkgsrc/net/wireshark: Makefile pkgsrc/net/wmget: Makefile pkgsrc/net/zeroconf-ioslave: Makefile pkgsrc/news/neix: Makefile pkgsrc/news/newsbeuter: Makefile pkgsrc/news/pan: Makefile pkgsrc/parallel/slurm-wlm: Makefile pkgsrc/print/auctex: Makefile pkgsrc/print/brlaser: Makefile pkgsrc/print/cups: Makefile pkgsrc/print/cups-base: Makefile buildlink3.mk pkgsrc/print/cups-drivers-Magicolor5440DL: Makefile pkgsrc/print/cups-filters: Makefile buildlink3.mk pkgsrc/print/cups-pdf: Makefile pkgsrc/print/dspdfviewer: Makefile pkgsrc/print/epdfview: Makefile pkgsrc/print/ghostscript: Makefile buildlink3.mk pkgsrc/print/ghostscript-gpl: Makefile buildlink3.mk pkgsrc/print/gtklp: Makefile pkgsrc/print/gutenprint-lib: Makefile pkgsrc/print/hplip: Makefile pkgsrc/print/libcups: Makefile buildlink3.mk pkgsrc/print/mupdf: Makefile buildlink3.mk pkgsrc/print/okular: Makefile pkgsrc/print/p5-Net-CUPS: Makefile pkgsrc/print/pdf2djvu: Makefile pkgsrc/print/py-cups: Makefile pkgsrc/print/qpdfview: Makefile pkgsrc/print/scribus-qt4: Makefile pkgsrc/print/scribus-qt5: Makefile pkgsrc/print/xpdf4: Makefile pkgsrc/print/xpp: Makefile pkgsrc/print/zathura-pdf-mupdf: Makefile pkgsrc/security/ap-modsecurity2: Makefile pkgsrc/security/botan-devel: Makefile buildlink3.mk pkgsrc/security/clamav: Makefile pkgsrc/security/dirb: Makefile pkgsrc/security/gnupg: Makefile pkgsrc/security/gnupg-pkcs11-scd: Makefile pkgsrc/security/gnupg2: Makefile pkgsrc/security/gnutls: Makefile buildlink3.mk pkgsrc/security/gsasl: Makefile pkgsrc/security/kgpg: Makefile pkgsrc/security/lastpass-cli: Makefile pkgsrc/security/libfprint: Makefile pkgsrc/security/liboauth: Makefile buildlink3.mk pkgsrc/security/libprelude: Makefile buildlink3.mk pkgsrc/security/libprelude-lua: Makefile pkgsrc/security/libprelude-perl: Makefile pkgsrc/security/libprelude-python: Makefile pkgsrc/security/libpreludedb: Makefile buildlink3.mk pkgsrc/security/libpreludedb-mysql: Makefile pkgsrc/security/libpreludedb-perl: Makefile pkgsrc/security/libpreludedb-pgsql: Makefile pkgsrc/security/libpreludedb-python: Makefile pkgsrc/security/libpreludedb-sqlite3: Makefile pkgsrc/security/libykneomgr: Makefile pkgsrc/security/opendnssec2: Makefile pkgsrc/security/opensaml: Makefile pkgsrc/security/openvas-libnasl: Makefile pkgsrc/security/openvas-libraries: Makefile pkgsrc/security/openvas-plugins: Makefile pkgsrc/security/openvas-server: Makefile pkgsrc/security/pam-yubico: Makefile pkgsrc/security/php-oauth: Makefile pkgsrc/security/php-oauth1: Makefile pkgsrc/security/pkcs11-helper: Makefile buildlink3.mk pkgsrc/security/prelude-lml: Makefile pkgsrc/security/prelude-manager: Makefile pkgsrc/security/prelude-pflogger: Makefile pkgsrc/security/rvault: Makefile pkgsrc/security/softhsm2: Makefile buildlink3.mk pkgsrc/security/ykclient: Makefile buildlink3.mk pkgsrc/sysutils/baloo: Makefile pkgsrc/sysutils/cfengine3: Makefile pkgsrc/sysutils/collectd-curl: Makefile pkgsrc/sysutils/collectd-riemann: Makefile pkgsrc/sysutils/collectd-virt: Makefile pkgsrc/sysutils/collectd-write_prometheus: Makefile pkgsrc/sysutils/conky: Makefile pkgsrc/sysutils/edbus: Makefile buildlink3.mk pkgsrc/sysutils/efreet: Makefile buildlink3.mk pkgsrc/sysutils/gkrellm: Makefile pkgsrc/sysutils/gnome-control-center: Makefile pkgsrc/sysutils/gnome-settings-daemon: Makefile pkgsrc/sysutils/gvfs: Makefile pkgsrc/sysutils/k3b: Makefile pkgsrc/sysutils/kcron: Makefile pkgsrc/sysutils/kfilemetadata: Makefile pkgsrc/sysutils/kfilemetadata5: Makefile pkgsrc/sysutils/kuser: Makefile pkgsrc/sysutils/libbaloo4: Makefile pkgsrc/sysutils/mc: Makefile pkgsrc/sysutils/openxenmanager: Makefile pkgsrc/sysutils/riemann-client: Makefile buildlink3.mk pkgsrc/sysutils/rsyslog: Makefile pkgsrc/sysutils/rsyslog-dbi: Makefile pkgsrc/sysutils/rsyslog-elasticsearch: Makefile pkgsrc/sysutils/rsyslog-gnutls: Makefile pkgsrc/sysutils/rsyslog-gssapi: Makefile pkgsrc/sysutils/rsyslog-kafka: Makefile pkgsrc/sysutils/rsyslog-libgcrypt: Makefile pkgsrc/sysutils/rsyslog-mysql: Makefile pkgsrc/sysutils/rsyslog-omprog: Makefile pkgsrc/sysutils/rsyslog-pgsql: Makefile pkgsrc/sysutils/rsyslog-rabbitmq: Makefile pkgsrc/sysutils/rsyslog-relp: Makefile pkgsrc/sysutils/rsyslog-snmp: Makefile pkgsrc/sysutils/strigi: Makefile buildlink3.mk pkgsrc/sysutils/syslog-ng-curl: Makefile pkgsrc/sysutils/virt-viewer: Makefile pkgsrc/sysutils/zabbix: Makefile pkgsrc/sysutils/zabbix50-agent: Makefile pkgsrc/sysutils/zabbix50-proxy: Makefile pkgsrc/sysutils/zabbix50-server: Makefile pkgsrc/textproc/FlightCrew: Makefile pkgsrc/textproc/dikt: Makefile pkgsrc/textproc/ebook-tools: Makefile buildlink3.mk pkgsrc/textproc/iksemel: Makefile pkgsrc/textproc/libclucene: Makefile buildlink3.mk pkgsrc/textproc/libkolabxml: Makefile buildlink3.mk pkgsrc/textproc/liblrdf: Makefile buildlink3.mk pkgsrc/textproc/libnxml: Makefile buildlink3.mk pkgsrc/textproc/libodfgen: Makefile buildlink3.mk pkgsrc/textproc/lucene++: Makefile pkgsrc/textproc/multimarkdown: Makefile pkgsrc/textproc/odt2tex: Makefile pkgsrc/textproc/p5-Syntax-SourceHighlight: Makefile pkgsrc/textproc/raptor: Makefile buildlink3.mk pkgsrc/textproc/raptor2: Makefile buildlink3.mk pkgsrc/textproc/rasqal: Makefile buildlink3.mk pkgsrc/textproc/redland: Makefile buildlink3.mk pkgsrc/textproc/soprano: Makefile buildlink3.mk pkgsrc/textproc/source-highlight: Makefile buildlink3.mk pkgsrc/textproc/translate-shell: Makefile pkgsrc/textproc/xmlrpc-c: Makefile buildlink3.mk pkgsrc/textproc/xmltooling: Makefile pkgsrc/time/taskwarrior: Makefile pkgsrc/wm/compiz: Makefile pkgsrc/www/R-RCurl: Makefile pkgsrc/www/R-curl: Makefile pkgsrc/www/SOGo: Makefile pkgsrc/www/SOGo4: Makefile pkgsrc/www/ap-auth-openidc: Makefile pkgsrc/www/ap-authnz-crowd: Makefile pkgsrc/www/ap2-auth-mellon: Makefile pkgsrc/www/ap2-passenger: Makefile pkgsrc/www/apache24: Makefile pkgsrc/www/aws: Makefile pkgsrc/www/aws-demos: Makefile pkgsrc/www/cadaver: Makefile pkgsrc/www/curl: Makefile buildlink3.mk pkgsrc/www/elinks: Makefile pkgsrc/www/felinks: Makefile pkgsrc/www/htdavlock: Makefile pkgsrc/www/htmldoc: Makefile pkgsrc/www/kore: Makefile pkgsrc/www/libmicrohttpd: Makefile buildlink3.mk pkgsrc/www/libmrss: Makefile buildlink3.mk pkgsrc/www/lighttpd: Makefile pkgsrc/www/litmus: Makefile pkgsrc/www/lua-curl: Makefile pkgsrc/www/lynx: Makefile pkgsrc/www/neon: Makefile buildlink3.mk pkgsrc/www/netsurf: Makefile pkgsrc/www/nghttp2: buildlink3.mk pkgsrc/www/nspluginwrapper: Makefile pkgsrc/www/ocaml-curl: Makefile pkgsrc/www/p5-Net-Curl: Makefile pkgsrc/www/passenger: Makefile pkgsrc/www/php-curl: Makefile pkgsrc/www/php-http: Makefile pkgsrc/www/php-http3: Makefile pkgsrc/www/py-curl: Makefile pkgsrc/www/rekonq: Makefile pkgsrc/www/ruby-patron: Makefile pkgsrc/www/shibboleth-sp: Makefile pkgsrc/www/sitecopy: Makefile pkgsrc/www/snownews: Makefile pkgsrc/www/squid4: Makefile pkgsrc/www/wwwoffle: Makefile pkgsrc/www/yahttp: Makefile pkgsrc/x11/elementary: Makefile buildlink3.mk pkgsrc/x11/enlightenment: Makefile buildlink3.mk pkgsrc/x11/gtk2: Makefile pkgsrc/x11/gtk3: Makefile pkgsrc/x11/gtk4: Makefile pkgsrc/x11/kactivities: Makefile buildlink3.mk pkgsrc/x11/kactivities-stats: Makefile pkgsrc/x11/kactivities5: Makefile pkgsrc/x11/kde-baseapps4: Makefile pkgsrc/x11/kde-runtime4: Makefile buildlink3.mk pkgsrc/x11/kde-workspace4: Makefile buildlink3.mk pkgsrc/x11/kdelibs4: Makefile buildlink3.mk pkgsrc/x11/libkactivities4: Makefile buildlink3.mk pkgsrc/x11/qt4-libs: Makefile pkgsrc/x11/qt5-qtbase: Makefile pkgsrc/x11/qt5-qtwebengine: Makefile pkgsrc/x11/vte3: Makefile pkgsrc/x11/wmweather: Makefile pkgsrc/x11/x11vnc: Makefile pkgsrc/x11/x2go-client: Makefile pkgsrc/x11/xfce4-tumbler: Makefile pkgsrc/x11/xlockmore: Makefile Log Message: revbump for boost-libs --- Module Name: pkgsrc Committed By: adam Date: Fri Oct 8 13:20:34 UTC 2021 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: samba4: updated to 4.13.12 Changes since 4.13.11 --------------------- * BUG 14806: Address a signifcant performance regression in database access in the AD DC since Samba 4.12. * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14818: Address flapping samba_tool_drs_showrepl test. * BUG 14819: Address flapping dsdb_schema_attributes test. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14784: Fix CTDB flag/status update race conditions. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. --- Module Name: pkgsrc Committed By: adam Date: Wed Nov 10 13:33:20 UTC 2021 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: samba4: updated to 4.13.14 Changes since 4.13.13 --------------------- o Douglas Bagnall * CVE-2020-25722 o Andrew Bartlett * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 o Ralph Boehme * CVE-2020-25717 o Alexander Bokovoy * CVE-2020-25717 o Samuel Cabrero * CVE-2020-25717 o Nadezhda Ivanova * CVE-2020-25722 o Stefan Metzmacher * CVE-2016-2124 * CVE-2020-25717 * CVE-2020-25719 * CVE-2020-25722 * CVE-2021-23192 * CVE-2021-3738 * ldb: version 2.2.3 o Andreas Schneider * CVE-2020-25719 o Joseph Sutton * CVE-2020-17049 * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 * MS CVE-2020-17049 Changes since 4.13.12 --------------------- o Douglas Bagnall * BUG 14868: rodc_rwdc test flaps. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Andrew Bartlett * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14845: "in" operator on ldb.Message is case sensitive. * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. * BUG 14874: Allow special chars like "@@" in samAccountName when generating the salt. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Isaac Boukris * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Viktor Dukhovni * BUG 12998: Fix transit path validation. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Luke Howard * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Stefan Metzmacher * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o David Mulder * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Andreas Schneider * BUG 14870: Prepare to operate with MIT krb5 >= 1.20. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Joseph Sutton * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb. * BUG 14836: Python ldb.msg_diff() memory handling failure. * BUG 14845: "in" operator on ldb.Message is case sensitive. * BUG 14848: Release LDB 2.3.1 for Samba 4.14.9. * BUG 14868: rodc_rwdc test flaps. * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED. * BUG 14874: Allow special chars like "@@" in samAccountName when generating the salt. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o Nicolas Williams * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal. * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.13.14.tar.gz) = de0c94d20e444de0fccbfdae4f93355e977a488b RMD160 (samba-4.13.14.tar.gz) = 6fefcf16043ece8ea270586858576e75a6078ec4 SHA512 (samba-4.13.14.tar.gz) = cf15d6dba308502dac1630cbc48dff035da90a4ffeb7cba523741f0946a02d16952a6a88728574a83678f284933af8f8fb4f924e27c8afb9b3472c0c4be50dd2 Size (samba-4.13.14.tar.gz) = 18943381 bytes @ 1.64 log @net/samba4: update to 4.3.10 Changes since 4.13.9 -------------------- o Jeremy Allison * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. * BUG 14721: Take a copy to make sure we don't reference free'd memory. * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. o Andrew Bartlett * BUG 14575: samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID. o Ralph Boehme * BUG 14714: smbd: Correctly initialize close timestamp fields. * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs. o Volker Lendecke * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). o Stefan Metzmacher * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. * BUG 14752: smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. o Joseph Sutton * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ backend. * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for restoring a backup. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.63 2021/06/22 09:36:41 nia Exp $ d3 4 a6 4 SHA1 (samba-4.13.10.tar.gz) = 43086c42e641fa6657bbb1d5cc5b64704230b824 RMD160 (samba-4.13.10.tar.gz) = fd8fec4699e9814a811c53a8f80615b1fee41673 SHA512 (samba-4.13.10.tar.gz) = dc4ad2dabc630575150d7b6db7818cd62827bdd9cc955c856bf0ba1684a1258d6306acd6e373aff1893255ad42d97fe8bf67c6fc30c5cffb1624fbfe4a238865 Size (samba-4.13.10.tar.gz) = 18450805 bytes @ 1.63 log @samba4: downgrade to 4.13.9, as discussed on netbsd-users@@ @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.62 2021/06/01 08:30:17 adam Exp $ d3 4 a6 4 SHA1 (samba-4.13.9.tar.gz) = 53e167dc014b77b4314943f177a1e9ff77daf320 RMD160 (samba-4.13.9.tar.gz) = 97fa709930487bdd08d0da5bce18d7dc05e17d9f SHA512 (samba-4.13.9.tar.gz) = 35c98979c1141fe4bd700e3c8f2439ec08876697faeaced6668ea6a9fea1d8303ca34e82123499aa4a41054b9ed6e1260ae779ea8d59978ba6de6b5861f21948 Size (samba-4.13.9.tar.gz) = 18443813 bytes @ 1.62 log @samba4: updated to 4.14.5 Changes since 4.14.4 -------------------- * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. * BUG 14721: s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). * BUG 14689: docs: Expand the "log level" docs on audit logging. * BUG 14714: smbd: Correctly initialize close timestamp fields. * BUG 14699: Fix gcc11 compiler issues. * BUG 14718: docs-xml: Update smbcacls manpage. * BUG 14719: docs: Update list of available commands in rpcclient. * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be set. * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.61 2021/04/29 15:21:16 taca Exp $ d3 4 a6 4 SHA1 (samba-4.14.5.tar.gz) = 498f9aec010962b790b363adf2fe1fcd68e44db6 RMD160 (samba-4.14.5.tar.gz) = 9e7997033b458967fb63be9809ba2df1e2d3e025 SHA512 (samba-4.14.5.tar.gz) = ef50aae93141a41034a10eb0b1a135d4b8b28c63663b930d24d6199d9ffd1fd139b6443d1859df19d3299b507a4a1c2810de057e2affd4e8b8cfc7175fdd7b39 Size (samba-4.14.5.tar.gz) = 18653694 bytes d18 1 a18 1 SHA1 (patch-lib_tevent_tevent.c) = c5100a1ab65ab5a645901e9a9fb021a6f38cc2c5 d22 1 a22 1 SHA1 (patch-lib_util_smb__threads.h) = ee8366e4d68d1c8965e9d86bdade965822133ca6 d28 1 d35 1 @ 1.61 log @net/samba4: update to 4.14.4 pkgsrc changes: remove extra spaces in some patch files. ============================== Release Notes for Samba 4.14.4 April 29, 2021 ============================== This is a security release in order to address the following defect: o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token. ======= Details ======= o CVE-2021-20254: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw caused the calling code to crash, but an alert user (Peter Eriksson, IT Department, Linköping University) found this flaw by noticing an unprivileged user was able to delete a file within a network share that they should have been disallowed access to. Analysis of the code paths has not allowed us to discover a way for a remote user to be able to trigger this flaw reproducibly or on demand, but this CVE has been issued out of an abundance of caution. Changes since 4.14.3 -------------------- o Volker Lendecke * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.60 2021/04/22 15:47:45 adam Exp $ d3 4 a6 4 SHA1 (samba-4.14.4.tar.gz) = 123281ce6b0049648be3bd4fe7094057526d6340 RMD160 (samba-4.14.4.tar.gz) = ee779e5f3b2b32516b6b59761659c6fa3a2c3f10 SHA512 (samba-4.14.4.tar.gz) = 200b2b2b08b369915e045f22ee993d5deea7a2533c6c582d4b88c614adcad5529109d449e843a2a1f292e5cfb1877d66421b5b0801ad988896cbe5413717e4dc Size (samba-4.14.4.tar.gz) = 18645552 bytes @ 1.60 log @samba4: updated to 4.14.3 Changes since 4.14.2 -------------------- * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. * BUG 14586: build: Notice if flex is missing at configure time. * BUG 14672: Fix smbd panic when two clients open same file. * BUG 14675: Fix memory leak in the RPC server. * BUG 14679: s3: smbd: fix deferred renames. * BUG 14675: s3-iremotewinspool: Set the per-request memory context. * BUG 14675: Fix memory leak in the RPC server. * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. * BUG 14665: samba-gpupdate: Test that sysvol paths download in case-insensitive way. * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict. * BUG 14288: build: Only add -Wl,--as-needed when supported. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.59 2021/04/14 19:11:20 adam Exp $ d3 4 a6 4 SHA1 (samba-4.14.3.tar.gz) = 33520e1a6bdec0f85a521129bb6dbc4575e27175 RMD160 (samba-4.14.3.tar.gz) = 7e03b9f45c58458dae5aeaf02571536cb8fce806 SHA512 (samba-4.14.3.tar.gz) = b8cd12c65d2a34c71a40c18eb2c74e86b75be734437ba71106e41352691359fbaf7e5ce7e386846fd84d4c19d100e02ea74dfd6f1ec34f66a10e5c20c0fb3cc6 Size (samba-4.14.3.tar.gz) = 18643265 bytes d14 1 a14 1 SHA1 (patch-lib_pthreadpool_pthreadpool.c) = c29490473063d6bdbe5c50780a21bf2869ae959f d17 3 a19 3 SHA1 (patch-lib_tdb_common_mutex.c) = 12dbcf870e6ba17ef7f92a8ce7f0b7462f820232 SHA1 (patch-lib_tevent_tevent.c) = 4a20506e2bfbab85bad664299b884575326e73fd SHA1 (patch-lib_tevent_tevent__threads.c) = 14867888dd0b7c4613914752ab368c39bfdbb943 d22 2 a23 2 SHA1 (patch-lib_util_smb__threads.h) = 93bbc4276ad927ad6faf305af093064f47c09254 SHA1 (patch-lib_util_tfork.c) = cd70dcff5f2ce94ffe642e0f029f03ee07dff27d d25 1 a25 1 SHA1 (patch-nsswitch_stress-nss-libwbclient.c) = bf327282a59aefeeb2d6bf9eccf9b3a832033066 d28 2 a29 2 SHA1 (patch-source3_libsmb_pylibsmb.c) = 50c3aaecf345449e02642e387eeac3dd7043e77a SHA1 (patch-source3_smbd_process.c) = 532d2426b9bd2a215d133bc489741558aa07f849 d32 1 a32 1 SHA1 (patch-source4_heimdal_include_heim__threads.h) = c93e0c80790ea2045333822c80e66d371bf2249c @ 1.59 log @samba4: updated to 4.14.2 Samba 4.14.2 This is a follow-up release to depend on the correct ldb version. This is only needed when building against a system ldb library. This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. Samba 4.14.1 This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. Samba 4.14.0 This is the first stable release of the Samba 4.14 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== Here is a copy of a clarification note added to the Samba code in the file: VFS-License-clarification.txt. -------------------------------------------------------------- A clarification of our GNU GPL License enforcement boundary within the Samba Virtual File System (VFS) layer. Samba is licensed under the GNU GPL. All code committed to the Samba project or that creates a "modified version" or software "based on" Samba must be either licensed under the GNU GPL or a compatible license. Samba has several plug-in interfaces where external code may be called from Samba GNU GPL licensed code. The most important of these is the Samba VFS layer. Samba VFS modules are intimately connected by header files and API definitions to the part of the Samba code that provides file services, and as such, code that implements a plug-in Samba VFS module must be licensed under the GNU GPL or a compatible license. However, Samba VFS modules may themselves call third-party external libraries that are not part of the Samba project and are externally developed and maintained. As long as these third-party external libraries do not use any of the Samba internal structure, APIs or interface definitions created by the Samba project (to the extent that they would be considered subject to the GNU GPL), then the Samba Team will not consider such third-party external libraries called from Samba VFS modules as "based on" and/or creating a "modified version" of the Samba code for the purposes of GNU GPL. Accordingly, we do not require such libraries be licensed under the GNU GPL or a GNU GPL compatible license. VFS --- The effort to modernize Samba's VFS interface has reached a major milestone with the next release Samba 4.14. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the . Printing -------- Publishing printers in AD is more reliable and more printer features are added to the published information in AD. Samba now also supports Windows drivers for the ARM64 architecture. Client Group Policy ------------------- This release extends Samba to support Group Policy functionality for Winbind clients. Active Directory Administrators can set policies that apply Sudoers configuration, and cron jobs to run hourly, daily, weekly or monthly. To enable the application of Group Policies on a client, set the global smb.conf option 'apply group policies' to 'yes'. Policies are applied on an interval of every 90 minutes, plus a random offset between 0 and 30 minutes. Policies applied by Samba are 'non-tattooing', meaning that changes can be reverted by executing the `samba-gpupdate --unapply` command. Policies can be re-applied using the `samba-gpupdate --force` command. To view what policies have been or will be applied to a system, use the `samba-gpupdate --rsop` command. Administration of Samba policy requires that a Samba ADMX template be uploaded to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is provided as a convenient method for adding this policy. Once uploaded, policies can be modified in the Group Policy Management Editor under Computer Configuration/Policies/Administrative Templates. Alternatively, Samba policy may be managed using the `samba-tool gpo manage` command. This tool does not require the admx templates to be installed. Python 3.6 or later required ---------------------------- Samba's minimum runtime requirement for python was raised to Python 3.6 with samba 4.13. Samba 4.14 raises this minimum version to Python 3.6 also to build Samba. It is no longer possible to build Samba (even just the file server) with Python versions 2.6 and 2.7. As Python 2.7 has been End Of Life upstream since April 2020, Samba is dropping ALL Python 2.x support in this release. Miscellaneous samba-tool changes -------------------------------- The 'samba-tool' subcommands to manage AD objects (e.g. users, computers and groups) now consistently use the "add" command when adding a new object to the AD. The previous deprecation warnings when using the 'add' commands have been removed. For compatibility reasons, both the 'add' and 'create' commands can be used now. Users, groups and contacts can now be renamed with the respective rename commands. Locked users can be unlocked with the new 'samba-tool user unlock' command. The 'samba-tool user list' and 'samba-tool group listmembers' commands provide additional options to hide expired and disabled user accounts (--hide-expired and --hide-disabled). CTDB CHANGES ============ * The NAT gateway and LVS features now uses the term "leader" to refer to the main node in a group through which traffic is routed and "follower" for other members of a group. The command for determining the leader has changed to "ctdb natgw leader" (from "ctdb natgw master"). The configuration keyword for indicating that a node can not be the leader of a group has changed to "follower-only" (from "slave-only"). Identical changes were made for LVS. * Remove "ctdb isnotrecmaster" command. It isn't used by CTDB's scripts and can be checked by users with "ctdb pnn" and "ctdb recmaster". @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.58 2021/03/24 16:33:46 adam Exp $ d3 4 a6 4 SHA1 (samba-4.14.2.tar.gz) = faf830e239d4b77d3130c2f7a3dbaeb4864d91a8 RMD160 (samba-4.14.2.tar.gz) = 90932f7fc49abdc0d7d2308af0a87801fc0d6ef4 SHA512 (samba-4.14.2.tar.gz) = 8dd97abb14d531c3865747512abdf4d2db84b4daa5c15b67cd4f03326e30270d947ba0154493c5897aaa357039b472cfa669c80698b0f572e46d730f70a29b43 Size (samba-4.14.2.tar.gz) = 18636757 bytes a34 1 SHA1 (patch-third__party_socket__wrapper_socket__wrapper.c) = 0cc01c932f21e9f6219fb9d204e6fdf3682938f8 @ 1.58 log @ldb: updated to 2.2.1; samba: updated to 4.13.7 ============================== Release Notes for Samba 4.13.7 March 24, 2021 ============================== This is a follow-up release to depend on the correct ldb version. This is only needed when building against a system ldb library. This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. ======= Details ======= o CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. o CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server. For more details, please refer to the security advisories. Changes since 4.13.6 -------------------- o Release with dependency on ldb version 2.2.1. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.57 2021/03/20 19:27:35 adam Exp $ d3 4 a6 4 SHA1 (samba-4.13.7.tar.gz) = c9c2238b04cc2e93054628fcdf82335c6ca51967 RMD160 (samba-4.13.7.tar.gz) = e1baf0f450814cece012c00514f8abe2d9e35cb6 SHA512 (samba-4.13.7.tar.gz) = eac0c0b60d50591ecd8e730bd6f24ec3d5731a9dd4172640259d841cca988f20265e5a57967a070713ab7b4bd95766a21247cc8e6b32177b79eb766520a3288a Size (samba-4.13.7.tar.gz) = 18432921 bytes d21 1 a27 1 SHA1 (patch-source3_libsmb_libsmb__stat.c) = 1f88759babfd64b525df8087ea143c7bc3171549 a33 1 SHA1 (patch-source4_torture_libsmbclient_libsmbclient.c) = 38bb8b53581d5f0b5b0e9f0fce58f51148e91c20 @ 1.57 log @samba4: updated to 4.13.5 Changes since 4.13.4 -------------------- * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure. * BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection. * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services. * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones. * BUG 14503: s3: Fix fcntl waf configure check. * BUG 14602: s3/auth: Implement "winbind:ignore domains". * BUG 14617: smbd: Use fsp->conn->session_info for the initial delete-on-close token. * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path. * BUG 14624: classicupgrade: Treat old never expires value right. * BUG 14636: g_lock: Fix uninitalized variable reads. * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file(). * BUG 14625: lib:util: Avoid free'ing our own pointer. * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.56 2021/01/27 06:17:17 adam Exp $ d3 4 a6 4 SHA1 (samba-4.13.5.tar.gz) = abdfc52c7326e30508a6167d5e3e9256e17e1980 RMD160 (samba-4.13.5.tar.gz) = 8148c4debd7c56693676b405970306ce7cf8b695 SHA512 (samba-4.13.5.tar.gz) = 4187337fecf60fa133c6e81e894634f36028d34ccc521e5e856a5736a4f58fc2ad2cd136a206d141f17f7bc519a6168a27e83705fb2d38559667a60b24ad1c1f Size (samba-4.13.5.tar.gz) = 18426722 bytes @ 1.56 log @samba4: updated to 4.13.4 Changes 4.13.4 * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7. * BUG 14612: Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does. * BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging functions. * BUG 14579: Do not create an empty DB when accessing a sam.ldb. * BUG 14596: vfs_fruit may close wrong backend fd. * BUG 14612: Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does. * BUG 14606: vfs_virusfilter: Allocate separate memory for config char*. * BUG 14596: vfs_fruit may close wrong backend fd. * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7. * BUG 14601: The cache directory for the user gencache should be created recursively. * BUG 14594: Be more flexible with repository names in CentOS 8 test environments. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.55 2020/12/17 12:15:43 adam Exp $ d3 4 a6 4 SHA1 (samba-4.13.4.tar.gz) = 491057e200b5851a9d7e34ff3653a7f069dab678 RMD160 (samba-4.13.4.tar.gz) = 8b4bbf4cfe85a03ebc2ce97816e137213a534ab7 SHA512 (samba-4.13.4.tar.gz) = fb7b0e2ad122a72ef534de6446e5a44b842553963fc331c68454e8ff761f16e921a0dcdd653fe6b5e90d4ccf28869bd13df53d615d86cccd85a5ec3589268cf6 Size (samba-4.13.4.tar.gz) = 18429050 bytes @ 1.55 log @samba4: updated to 4.13.3 Changes since 4.13.2 * BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob. * BUG 14486: s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function. * BUG 14515: s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(). * BUG 14568: s3: spoolss: Make parameters in call to user_ok_token() match all other uses. * BUG 14590: s3: smbd: Quiet log messages from usershares for an unknown share. * BUG 14248: samba process does not honor max log size. * BUG 14587: vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@@ ACE. * BUG 13124: s3-libads: Pass timeout to open_socket_out in ms. * BUG 14486: s3-vfs_glusterfs: Always disable write-behind translator. * BUG 14517: smbclient: Fix recursive mget. * BUG 14581: clitar: Use do_list()'s recursion in clitar.c. * BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind translator. * BUG 14573: vfs_shadow_copy2: Preserve all open flags assuming ROFS. * BUG 14514: interface: Fix if_index is not parsed correctly. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.54 2020/11/12 06:37:18 adam Exp $ d3 4 a6 4 SHA1 (samba-4.13.3.tar.gz) = 69787e767b237c434d3152f0314c0fcacd56d51d RMD160 (samba-4.13.3.tar.gz) = f165b07b78488efebee221be57dd320fe08c6489 SHA512 (samba-4.13.3.tar.gz) = e7d29a89ba31ac6ca6c2dfd2629b8e07e47f4b1f265907847b43845dcf19a2200bcb1ca9f6845dd39c1ffca5dbf89f998bcc4defe33f5e3c4d8006ec9c6e88ab Size (samba-4.13.3.tar.gz) = 18422056 bytes @ 1.54 log @samba4: updated to 4.13.2 Changes since 4.13.1 -------------------- * BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return. * BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special. * BUG 14538: smb.conf.5: Add clarification how configuration changes reflected by Samba. * BUG 14552: daemons: Report status to systemd even when running in foreground. * BUG 14553: DNS Resolver: Support both dnspython before and after 2.0.0. * BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is present. * BUG 14487: provision: Add support for BIND 9.16.x. * BUG 14537: ctdb-common: Avoid aliasing errors during code optimization. * BUG 14541: libndr: Avoid assigning duplicate versions to symbols. * BUG 14522: docs: Fix default value of spoolss:architecture. * BUG 14388: winbind: Fix a memleak. * BUG 14531: s4:dsdb:acl_read: Implement "List Object" mode feature. * BUG 14486: docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs. * nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. * BUG 14530: vfs_shadow_copy2: Avoid closing snapsdir twice. * BUG 14547: third_party: Update resolv_wrapper to version 1.1.7. * BUG 14550: examples:auth: Do not install example plugin. * BUG 14513: ctdb-recoverd: Drop unnecessary and broken code. * BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special. Changes since 4.13.0 -------------------- * BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST. * BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using 'samba-tool'. * BUG 14472: CVE-2020-14383: Remote crash after adding MX records. * BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS. 4.31.0: NEW FEATURES/CHANGES ==================== Python 3.6 or later required ---------------------------- Samba's minimum runtime requirement for python was raised to Python 3.5 with samba 4.12. Samba 4.13 raises this minimum version to Python 3.6 both to access new features and because this is the oldest version we test with in our CI infrastructure. This is also the last release where it will be possible to build Samba (just the file server) with Python versions 2.6 and 2.7. As Python 2.7 has been End Of Life upstream since April 2020, Samba is dropping ALL Python 2.x support in the NEXT release. Samba 4.14 to be released in March 2021 will require Python 3.6 or later to build. wide links functionality ------------------------ For this release, the code implementing the insecure "wide links = yes" functionality has been moved out of the core smbd code and into a separate VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded by smbd as the last but one module before vfs_default if "wide links = yes" is enabled on the share (note, the existing restrictions on enabling wide links around the SMB1 "unix extensions" and the "allow insecure wide links" parameters are still in force). The implicit loading was done to allow existing users of "wide links = yes" to keep this functionality without having to make a change to existing working smb.conf files. Please note that the Samba developers recommend changing any Samba installations that currently use "wide links = yes" to use bind mounts as soon as possible, as "wide links = yes" is an inherently insecure configuration which we would like to remove from Samba. Moving the feature into a VFS module allows this to be done in a cleaner way in future. A future release to be determined will remove this implicit linkage, causing administrators who need this functionality to have to explicitly add the vfs_widelinks module into the "vfs objects =" parameter lists. The release notes will be updated to note this change when it occurs. NT4-like 'classic' Samba domain controllers ------------------------------------------- Samba 4.13 deprecates Samba's original domain controller mode. Sites using Samba as a Domain Controller should upgrade from the NT4-like 'classic' Domain Controller to a Samba Active Directory DC to ensure full operation with modern windows clients. SMBv1 only protocol options deprecated -------------------------------------- A number of smb.conf parameters for less-secure authentication methods which are only possible over SMBv1 are deprecated in this release. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.53 2020/10/30 07:17:16 taca Exp $ d3 4 a6 4 SHA1 (samba-4.13.2.tar.gz) = 07cccec91790c2fac51d5ce8337878308b45f229 RMD160 (samba-4.13.2.tar.gz) = 7bb6b908f239e5959773c853e7e2259295435dae SHA512 (samba-4.13.2.tar.gz) = 60b8597b7fad13dd55ffec4c750ee4f5f39220d8e8d52232d3a8c4d830a5ff29254716a7230b0182e0717585e5a34b01373527caecd1d32f2170c6063a97d070 Size (samba-4.13.2.tar.gz) = 18418249 bytes @ 1.53 log @net/samba4: update to 4.12.9 Summary from NEWS files: Samba 4.12.9 (2020-10-29) o CVE-2020-14318: The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can request file name notification on a directory handle when a condition such as "new file creation" or "file size change" or "file timestamp update" occurs. A missing permissions check on a directory handle requesting ChangeNotify meant that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. o CVE-2020-14323: winbind in version 3.6 and later implements a request to translate multiple Windows SIDs into names in one request. This was done for performance reasons: Active Directory domain controllers can do multiple SID to name translations in one RPC call. It was an obvious extension to also offer this batch operation on the winbind unix domain stream socket that is available to local processes on the Samba server to reduce network round-trips to the domain controller. Due to improper input validation a hand-crafted packet can make winbind perform a NULL pointer dereference and thus crash. o CVE-2020-14383: Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba's dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non-admin attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. Samba 4.12.8 (2020-10-07) Changes since 4.12.7 -------------------- o Gnther Deschner * BUG 14318: docs: Add missing winexe manpage. o Volker Lendecke * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. o Laurent Menase * BUG 14388: winbind: Fix a memleak. o Stefan Metzmacher * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. * BUG 14482: Compilation of heimdal tree fails if libbsd is not installed. o Christof Schmitt * BUG 14166: util: Allow symlinks in directory_create_or_exist. o Andreas Schneider * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14. * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name. o Martin Schwenke * BUG 14466: ctdb disable/enable can fail due to race condition. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.52 2020/09/19 14:00:54 taca Exp $ d3 4 a6 4 SHA1 (samba-4.12.9.tar.gz) = ec12a1e9577b70e1d1239e88ae54b2625885cf9f RMD160 (samba-4.12.9.tar.gz) = a34871667c3dd51b9c8866ffb0a677de90a10196 SHA512 (samba-4.12.9.tar.gz) = 8bd3122bcaab2f5a16a73902a9b628384063a8116a08f0254541e05c148016839b3215c60ff0d3291a332e7884708950ad64137204b0ac19801012d3b6684fa6 Size (samba-4.12.9.tar.gz) = 18236198 bytes a20 2 SHA1 (patch-lib_tsocket_tsocket.h) = d8699b21a591a4c531ee91e7fa45bfe269164da6 SHA1 (patch-lib_tsocket_tsocket__bsd.c) = 3143adde8c4711599608592f737cbe0fab912fa0 d27 1 d34 1 @ 1.52 log @net/samba4: update to 4.12.7 Update samba4 package to 4.12.7. ============================== Release Notes for Samba 4.12.7 September 18, 2020 ============================== This is a security release in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are not directly affected by this flaw, though they may need configuration changes to continue to talk to domain controllers (see "file servers and domain members" below). The netlogon protocol contains a flaw that allows an authentication bypass. This was reported and patched by Microsoft as CVE-2020-1472. Since the bug is a protocol level flaw, and Samba implements the protocol, Samba is also vulnerable. However, since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf. Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'. Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf. Note each domain controller needs the correct settings in its smb.conf. Vendors supporting Samba 4.7 and below are advised to patch their installations and packages to add this line to the [global] section if their smb.conf file. The 'server schannel = yes' smb.conf line is equivalent to Microsoft's 'FullSecureChannelProtection=1' registry key, the introduction of which we understand forms the core of Microsoft's fix. Some domains employ third-party software that will not work with a 'server schannel = yes'. For these cases patches are available that allow specific machines to use insecure netlogon. For example, the following smb.conf: server schannel = yes server require schannel:triceratops$ = no server require schannel:greywacke$ = no will allow only "triceratops$" and "greywacke$" to avoid schannel. More details can be found here: https://www.samba.org/samba/security/CVE-2020-1472.html @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.51 2020/08/18 07:39:31 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.7.tar.gz) = b56b8390064572dd2024b23ca931fc82678ead2d RMD160 (samba-4.12.7.tar.gz) = 6947298acc9871f6c3245b1966b18ad490625c3e SHA512 (samba-4.12.7.tar.gz) = 5afb1f24b029e665bb4f6bd7b7cf915243476b09b304942b2105586fa99adc6a19b46b4753ca116e230e5bb7b82e011fbe296c62bc70a8a897e56aece55a7f0b Size (samba-4.12.7.tar.gz) = 18230157 bytes @ 1.52.2.1 log @Pullup ticket #6361 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.110 - net/samba4/distinfo 1.53 --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 30 07:17:16 UTC 2020 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.12.9 Summary from NEWS files: Samba 4.12.9 (2020-10-29) o CVE-2020-14318: The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can request file name notification on a directory handle when a condition such as "new file creation" or "file size change" or "file timestamp update" occurs. A missing permissions check on a directory handle requesting ChangeNotify meant that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. o CVE-2020-14323: winbind in version 3.6 and later implements a request to translate multiple Windows SIDs into names in one request. This was done for performance reasons: Active Directory domain controllers can do multiple SID to name translations in one RPC call. It was an obvious extension to also offer this batch operation on the winbind unix domain stream socket that is available to local processes on the Samba server to reduce network round-trips to the domain controller. Due to improper input validation a hand-crafted packet can make winbind perform a NULL pointer dereference and thus crash. o CVE-2020-14383: Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba's dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non-admin attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. Samba 4.12.8 (2020-10-07) Changes since 4.12.7 -------------------- o Guenther Deschner * BUG 14318: docs: Add missing winexe manpage. o Volker Lendecke * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. o Laurent Menase * BUG 14388: winbind: Fix a memleak. o Stefan Metzmacher * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. * BUG 14482: Compilation of heimdal tree fails if libbsd is not installed. o Christof Schmitt * BUG 14166: util: Allow symlinks in directory_create_or_exist. o Andreas Schneider * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14. * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name. o Martin Schwenke * BUG 14466: ctdb disable/enable can fail due to race condition. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.52 2020/09/19 14:00:54 taca Exp $ d3 4 a6 4 SHA1 (samba-4.12.9.tar.gz) = ec12a1e9577b70e1d1239e88ae54b2625885cf9f RMD160 (samba-4.12.9.tar.gz) = a34871667c3dd51b9c8866ffb0a677de90a10196 SHA512 (samba-4.12.9.tar.gz) = 8bd3122bcaab2f5a16a73902a9b628384063a8116a08f0254541e05c148016839b3215c60ff0d3291a332e7884708950ad64137204b0ac19801012d3b6684fa6 Size (samba-4.12.9.tar.gz) = 18236198 bytes @ 1.51 log @samba4: updated to 4.12.6 Changes since 4.12.5 * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server. * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7. * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs. * BUG 14426: lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL. * BUG 14428: PANIC: Assert failed in get_lease_type(). * BUG 14422: util: Fix build on AIX by fixing the order of replace.h include. * BUG 14355: srvsvc_NetFileEnum asserts with open files. * BUG 14354: KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it. * BUG 14427: s3:smbd: Make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD. * BUG 14428: PANIC: Assert failed in get_lease_type(). * BUG 14358: docs: Fix documentation for require_membership_of of pam_winbind.conf. * BUG 14444: ctdb-scripts: Use nfsconf utility for variable values in CTDB NFS scripts. * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.50 2020/07/21 18:42:25 christos Exp $ d3 4 a6 4 SHA1 (samba-4.12.6.tar.gz) = 52b3da01a95ec7c12a2bbe5de872ba299d62bb58 RMD160 (samba-4.12.6.tar.gz) = 842bbb9000a7d46d551f7b6ce5b35f0087221916 SHA512 (samba-4.12.6.tar.gz) = 16a4ced3942bc6d51e80db257e8caeaa426980f66caf2aaf2324f091ec5063bc6b9029d90ff2f321b68be4cede7555d1ebf142405105468bd581e7a7bf9f0be5 Size (samba-4.12.6.tar.gz) = 18224870 bytes @ 1.50 log @Fix arguments to getgroupmembership @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.49 2020/07/06 14:38:06 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.5.tar.gz) = 67322997b5588b95c8f9d3fb85f9709deea885cd RMD160 (samba-4.12.5.tar.gz) = 5dd2eff38edbb1c0872222559fc08b7e57c5d3c7 SHA512 (samba-4.12.5.tar.gz) = 45ef618efaca88fb24e2069edff6bf1e3f27f4bedecbc7899a57d0e4760effeaf9b0f546be1aeeee4f811219cf29a49a122ecc5caf8dc923c42ff9a25c162c2b Size (samba-4.12.5.tar.gz) = 18220369 bytes @ 1.49 log @samba4: updated to 4.12.5 Changes since 4.12.4 -------------------- * BUG 14301: Fix smbd panic on force-close share during async io. * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name. * BUG 14391: Fix DFS links. * BUG 14310: Can't use DNS functionality after a Windows DC has been in domain. * BUG 14413: ldapi search to FreeIPA crashes. * BUG 14396: Add net-ads-join dnshostname=fqdn option. * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC. * BUG 14386: docs-xml: Update list of posible VFS operations for vfs_full_audit. * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit. * BUG 14370: Client tools are not able to read gencache anymore. Samba 4.12.4 ============ o CVE-2020-10730: A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU. o CVE-2020-10760: The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free. o CVE-2020-14303: The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives an empty (zero-length) UDP packet to port 137. For more details, please refer to the security advisories. Changes since 4.12.3 -------------------- * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use several seconds of CPU each. * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined. * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV. * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC nbt_server. * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, ldb: Bump version to 2.1.4. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.48 2020/05/26 13:11:01 jperkin Exp $ d27 1 a27 1 SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 71d8acd0aa4c297d75555fba650461c778495caa @ 1.48 log @samba4: Avoid conflict with host s_addr. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.47 2020/05/19 16:51:43 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.3.tar.gz) = 08109949a70c88010dd4b53d1ae088b7e1a282eb RMD160 (samba-4.12.3.tar.gz) = 9d4a4d7d1da5367a1f442ba0ff3ea8abde1ba69e SHA512 (samba-4.12.3.tar.gz) = 5de66c21db0710880b6e0347ae1eff17ff1881eb926e9a0cf5af9ddc27599cf8daa9ca6ea35b2a0a2158226a38cdf7074b28a51e460a139720c78a522b1a5908 Size (samba-4.12.3.tar.gz) = 18203604 bytes d15 1 @ 1.48.2.1 log @Pullup ticket #6276 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.102 - net/samba4/PLIST 1.31 - net/samba4/distinfo 1.49 - net/samba4/patches/patch-lib_replace_system_passwd.h 1.1 --- Module Name: pkgsrc Committed By: adam Date: Mon Jul 6 14:38:06 UTC 2020 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Added Files: pkgsrc/net/samba4/patches: patch-lib_replace_system_passwd.h Log Message: samba4: updated to 4.12.5 Changes since 4.12.4 -------------------- * BUG 14301: Fix smbd panic on force-close share during async io. * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name. * BUG 14391: Fix DFS links. * BUG 14310: Can't use DNS functionality after a Windows DC has been in domain. * BUG 14413: ldapi search to FreeIPA crashes. * BUG 14396: Add net-ads-join dnshostname=fqdn option. * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC. * BUG 14386: docs-xml: Update list of posible VFS operations for vfs_full_audit. * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit. * BUG 14370: Client tools are not able to read gencache anymore. Samba 4.12.4 ============ o CVE-2020-10730: A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU. o CVE-2020-10760: The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free. o CVE-2020-14303: The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives an empty (zero-length) UDP packet to port 137. For more details, please refer to the security advisories. Changes since 4.12.3 -------------------- * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use several seconds of CPU each. * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined. * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV. * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC nbt_server. * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, ldb: Bump version to 2.1.4. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.12.5.tar.gz) = 67322997b5588b95c8f9d3fb85f9709deea885cd RMD160 (samba-4.12.5.tar.gz) = 5dd2eff38edbb1c0872222559fc08b7e57c5d3c7 SHA512 (samba-4.12.5.tar.gz) = 45ef618efaca88fb24e2069edff6bf1e3f27f4bedecbc7899a57d0e4760effeaf9b0f546be1aeeee4f811219cf29a49a122ecc5caf8dc923c42ff9a25c162c2b Size (samba-4.12.5.tar.gz) = 18220369 bytes a14 1 SHA1 (patch-lib_replace_system_passwd.h) = 652be067b2560310ce3a4bbf37c24cb2fa8eb82d @ 1.47 log @net/samba4 databases/ldb: updated to 4.12.3 2.1.3 Changes 4.12.3: * BUG 14301: Fix smbd panic on force-close share during async io. * BUG 14343: s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array. * BUG 14361: vfs_io_uring: Fix data corruption with Windows clients. * BUG 14372: Fix smbd crashes when MacOS Catalina connects if iconv initialization fails. * BUG 14150: Exporting from macOS Adobe Illustrator creates multiple copies. * BUG 14256: smbd does a chdir() twice per request. * BUG 14320: smbd mistakenly updates a file's write-time on close. * BUG 14350: vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename(). * BUG 14375: Fix Windows 7 clients problem after upgrading samba file server. * BUG 14359: s3: Pass DCE RPC handle type to create_policy_hnd. * BUG 14155: Fix uxsuccess test with new MIT krb5 library 1.18. * BUG 14342: mit-kdc: Explicitly reject S4U requests. * BUG 14352: dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked(). * BUG 14345: lib:util: Fix smbclient -l basename dir. * BUG 14336: s3:libads: Fix ads_get_upn(). * BUG 14348: ctdb: Fix a memleak. * BUG 14366: Malicous SMB1 server can crash libsmbclient. * BUG 14330: ldb: Bump version to 2.1.3, LMDB databases can grow without bounds * BUG 14361: vfs_io_uring: Fix data corruption with Windows clients. * BUG 14344: s3/librpc/crypto: Fix double free with unresolved credential cache. * BUG 14358: docs-xml: Fix usernames in pam_winbind manpages. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.46 2020/05/19 12:13:51 hauke Exp $ d20 2 @ 1.46 log @The smb.conf(5) man page builds fine on netbsd-9, so re-add it. This is probably the most important of the Samba man pages, and it should not have been excluded from the build without a detailed explanation, "just to make the pkg build". @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.45 2020/04/29 10:01:18 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.2.tar.gz) = c7c5b42fbcba4d2cbb505d8827ae43544d978c32 RMD160 (samba-4.12.2.tar.gz) = 0abe010cfe12b10583bbbfa37d9fdde224ac7801 SHA512 (samba-4.12.2.tar.gz) = c1d5f62ea2e43c246988aa65c4b690de232f73c0213cbc5d532e43c8cfbea17f1ac92435526b64c9a85c582b29381eecfb57713861efc32f6e6257000c393562 Size (samba-4.12.2.tar.gz) = 18192360 bytes @ 1.45 log @samba4: updated to 4.12.2 Samba 4.12.2 This is a security release in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.44 2020/04/07 08:17:28 adam Exp $ a11 1 SHA1 (patch-docs-xml_wscript__build) = 5aa5cbf61882604b7ec9d19f0cd1537a23705ad0 @ 1.44 log @samba4: updated to 4.12.1 Samba 4.12.1 * BUG 14295: nmblib: Avoid undefined behaviour in handle_name_ptrs(). * BUG 14296: samba-tool group: Handle group names with special chars correctly. * BUG 14293: Add missing check for DMAPI offline status in async DOS attributes. * BUG 14295: Starting ctdb node that was powered off hard before results in recovery loop. * BUG 14307: smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs. * BUG 14316: vfs_recycle: Prevent flooding the log if we're called on non-existant paths. * BUG 14313: librpc: Fix IDL for svcctl_ChangeServiceConfigW. * BUG 14327: nsswitch: Fix use-after-free causing segfault in _pam_delete_cred. * BUG 13622: fruit:time machine max size is broken on arm. * BUG 14294: CTDB recovery corner cases can cause record resurrection and node banning. * BUG 14332: s3/utils: Fix double free error with smbtree. * BUG 14294: CTDB recovery corner cases can cause record resurrection and node banning. * BUG 14295: Starting ctdb node that was powered off hard before results in recovery loop. * BUG 14324: CTDB recovery daemon can crash due to dereference of NULL pointer. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.43 2020/04/02 11:21:41 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.1.tar.gz) = 0add762e21e6e4f51d2ba97bcc86ea80d5c5e110 RMD160 (samba-4.12.1.tar.gz) = d290d3d8c44324c7cdcb6139acdc17364bb1dd97 SHA512 (samba-4.12.1.tar.gz) = 2645f72dcc4718bd2e85af73a54b3e6d0ca9e11bd6991a47a6c17a8b89b69f294a0875ef9762dde28a25d1ff030e0e2d0e073a6993e2df0d6b17e75b72d1cd26 Size (samba-4.12.1.tar.gz) = 18159628 bytes @ 1.43 log @samba4: updated to 4.12.0 samba 4.12.0: NEW FEATURES/CHANGES ==================== Python 3.5 Required ------------------- Samba's minimum runtime requirement for python was raised to Python 3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python 3.5 both to access new features and because this is the oldest version we test with in our CI infrastructure. (Build time support for the file server with Python 2.6 has not changed) Removing in-tree cryptography: GnuTLS 3.4.7 required ---------------------------------------------------- Samba is making efforts to remove in-tree cryptographic functionality, and to instead rely on externally maintained libraries. To this end, Samba has chosen GnuTLS as our standard cryptographic provider. Samba now requires GnuTLS 3.4.7 to be installed (including development headers at build time) for all configurations, not just the Samba AD DC. Thanks to this work Samba no longer ships an in-tree DES implementation and on GnuTLS 3.6.5 or later Samba will include no in-tree cryptography other than the MD4 hash and that implemented in our copy of Heimdal. Using GnuTLS for SMB3 encryption you will notice huge performance and copy speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3 show a 3x speed improvement for writing and a 2.5x speed improvement for reads! NOTE WELL: The use of GnuTLS means that Samba will honour the system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic standard) and so will not operate in many still common situations if this system-wide parameter is in effect, as many of our protocols rely on outdated cryptography. A future Samba version will mitigate this to some extent where good cryptography effectively wraps bad cryptography, but for now that above applies. zlib library is now required to build Samba ------------------------------------------- Samba no longer includes a local copy of zlib in our source tarball. By removing this we do not need to ship (even where we did not build) the old, broken zip encryption code found there. New Spotlight backend for Elasticsearch --------------------------------------- Support for the macOS specific Spotlight search protocol has been enhanced significantly. Starting with 4.12 Samba supports using Elasticsearch as search backend. Various new parameters have been added to configure this: spotlight backend = noindex | elasticsearch | tracker elasticsearch:address = ADDRESS elasticsearch:port = PORT elasticsearch:use tls = BOOLEAN elasticsearch:index = INDEXNAME elasticsearch:mappings = PATH elasticsearch:max results = NUMBER Samba also ships a Spotlight client command "mdfind" which can be used to search any SMB server that runs the Spotlight RPC service. See the manpage of mdfind for details. Note that when upgrading existing installations that are using the previous default Spotlight backend Gnome Tracker must explicitly set "spotlight backend = tracker" as the new default is "noindex". 'net ads kerberos pac save' and 'net eventlog export' ----------------------------------------------------- The 'net ads kerberos pac save' and 'net eventlog export' tools will no longer silently overwrite an existing file during data export. If the filename given exits, an error will be shown. Fuzzing ------- A large number of fuzz targets have been added to Samba, and Samba has been registered in Google's oss-fuzz cloud fuzzing service. In particular, we now have good fuzzing coverage of our generated NDR parsing code. A large number of issues have been found and fixed thanks to this effort. 'samba-tool' improvements add contacts as member to groups ---------------------------------------------------------- Previously 'samba-tool group addmemers' can just add users, groups and computers as members to groups. But also contacts can be members of groups. Samba 4.12 adds the functionality to add contacts to groups. Since contacts have no sAMAccountName, it's possible that there are more than one contact with the same name in different organizational units. Therefore it's necessary to have an option to handle group members by their DN. To get the DN of an object there is now the "--full-dn" option available for all necessary commands. The MS Windows UI allows to search for specific types of group members when searching for new members for a group. This feature is included here with the new samba-tool group addmembers "--object-type=OBJECTYPE" option. The different types are selected accordingly to the Windows UI. The default samba-toole behaviour shouldn't be changed. Allow filtering by OU or subtree in samba-tool ---------------------------------------------- A new "--base-dn" and "--member-base-dn" option is added to relevant samba-tool user, group and ou management commands to allow operation on just one part of the AD tree, such as a single OU. VFS === SMB_VFS_NTIMES -------------- Samba now uses a sentinel value based on utimensat(2) UTIME_OMIT to denote to-be-ignored timestamp variables passed to the SMB_VFS_NTIMES() VFS function. VFS modules can check whether any of the time values inside a struct smb_file_time is to be ignored by calling is_omit_timespec() on the value. 'io_uring' vfs module --------------------- The module makes use of the new io_uring infrastructure (intruduced in Linux 5.1), see https://lwn.net/Articles/776703/ Currently this implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV and avoids the overhead of the userspace threadpool in the default vfs backend. See also vfs_io_uring(8). In order to build the module you need the liburing userspace library and its developement headers installed, see https://git.kernel.dk/cgit/liburing/ At runtime you'll need a Linux kernel with version 5.1 or higher. Note that 5.4.14 and 5.4.15 have a regression that breaks the Samba module! The regression was fixed in Linux 5.4.16 again. MS-DFS changes in the VFS ------------------------- This release changes set getting and setting of MS-DFS redirects on the filesystem to go through two new VFS functions: SMB_VFS_CREATE_DFS_PATHAT() SMB_VFS_READ_DFS_PATHAT() instead of smbd explicitly storing MS-DFS redirects inside symbolic links on the filesystem. The underlying default implementations of this has not changed, the redirects are still stored inside symbolic links on the filesystem, but moving the creation and reading of these links into the VFS as first-class functions now allows alternate methods of storing them (maybe in extended attributes) for OEMs who don't want to mis-use filesystem symbolic links in this way. CTDB changes ============ * The ctdb_mutex_fcntl_helper periodically re-checks the lock file The re-check period is specified using a 2nd argument to this helper. The default re-check period is 5s. If the file no longer exists or the inode number changes then the helper exits. This triggers an election. REMOVED FEATURES ================ The smb.conf parameter "write cache size" has been removed. Since the in-memory write caching code was written, our write path has changed significantly. In particular we have gained very flexible support for async I/O, with the new linux io_uring interface in development. The old write cache concept which cached data in main memory followed by a blocking pwrite no longer gives any improvement on modern systems, and may make performance worse on memory-contrained systems, so this functionality should not be enabled in core smbd code. In addition, it complicated the write code, which is a performance critical code path. If required for specialist purposes, it can be recreated as a VFS module. Retiring DES encryption types in Kerberos. ------------------------------------------ With this release, support for DES encryption types has been removed from Samba, and setting DES_ONLY flag for an account will cause Kerberos authentication to fail for that account (see RFC-6649). Samba-DC: DES keys no longer saved in DB. ----------------------------------------- When a new password is set for an account, Samba DC will store random keys in DB instead of DES keys derived from the password. If the account is being migrated to Windbows or to an older version of Samba in order to use DES keys, the password must be reset to make it work. Heimdal-DC: removal of weak-crypto. ----------------------------------- Following removal of DES encryption types from Samba, the embedded Heimdal build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO). vfs_netatalk: The netatalk VFS module has been removed. ------------------------------------------------------- The netatalk VFS module has been removed. It was unmaintained and is not needed any more. BIND9_FLATFILE deprecated ------------------------- The BIND9_FLATFILE DNS backend is deprecated in this release and will be removed in the future. This was only practically useful on a single domain controller or under expert care and supervision. This release removes the 'rndc command' smb.conf parameter, which supported this configuration by writing out a list of DCs permitted to make changes to the DNS Zone and nudging the 'named' server if a new DC was added to the domain. Administrators using BIND9_FLATFILE will need to maintain this manually from now on. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.42 2020/01/29 12:44:14 adam Exp $ d3 4 a6 4 SHA1 (samba-4.12.0.tar.gz) = c852939a700d273c78663a47944d944c5bc81498 RMD160 (samba-4.12.0.tar.gz) = 0ffcc753270568944c5a40193b0307959514ca4e SHA512 (samba-4.12.0.tar.gz) = d50be899675b8e3504311e73bb75fbb8264e918e0d1765239ecb5b14e15c0917565f8a9ce1877fb604151bf4f23dfc4c2f7f30a53c872681e3d2571d3ed5ef82 Size (samba-4.12.0.tar.gz) = 18156651 bytes @ 1.42 log @samba4: updated to 4.11.6 Changes since 4.11.5: * BUG 14209: pygpo: Use correct method flags. * BUG 14216: vfs_ceph_snapshots: Fix root relative path handling. * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. * BUG 14218: source4/utils/oLschema2ldif: Include stdint.h before cmocka.h. * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. * BUG 14251: smbd: Fix the build with clang. * BUG 14199: upgradedns: Ensure lmdb lock files linked. * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir. * BUG 14101: smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file. * BUG 14219: librpc: Fix string length checking in ndr_pull_charset_to_null(). * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection info. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.41 2020/01/21 14:12:36 taca Exp $ d3 4 a6 4 SHA1 (samba-4.11.6.tar.gz) = 29b5c678ddf47dd77fe459c17c183c8273e6c850 RMD160 (samba-4.11.6.tar.gz) = 28ea01683005e9ec4e7f9adc73035983c6b089f0 SHA512 (samba-4.11.6.tar.gz) = 3815080a1693c596a126371a5ea4e8534317a7266803c7de13a7e5b3ee9757dfbf13c0de20d498a6683d3aaf56941ed42f289e3c24f88713529a5f047a691af2 Size (samba-4.11.6.tar.gz) = 18541566 bytes d9 1 a9 1 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = a7cc41a55ce032c3fe1e0b660f88fa7871710e0e d29 2 a30 3 SHA1 (patch-source4_dsdb_samdb_ldb__modules_count__attrs.c) = a9cb90484e192e8533a39d9afc6ce7d55cac84ac SHA1 (patch-source4_dsdb_samdb_ldb__modules_wscript__build__server) = c322cf56995192039fa22548d6d6e50641c4c796 SHA1 (patch-source4_heimdal__build_roken.h) = ee535f8e7cc46a3487d95bc859438c476a88fe60 @ 1.41 log @net/samba4: update to 4.11.5 Update samba4 to 4.11.5. ============================== Release Notes for Samba 4.11.5 January 21, 2020 ============================== This is a security release in order to address the following defects: o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. ======= Details ======= o CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. o CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. o CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.40 2020/01/08 10:40:02 jperkin Exp $ d3 4 a6 4 SHA1 (samba-4.11.5.tar.gz) = d06abddcbb5ec1800f30ac2f9b760515e3f2f2ce RMD160 (samba-4.11.5.tar.gz) = 137535478b546f364f2c2410ada2ff5289c202fa SHA512 (samba-4.11.5.tar.gz) = b81edc4563e87c0d4fd7b3ed659def80980c961d0b9cf09be42f0a1334f823f8cf3cd5d57315451c0b7af2489a5fa1af8410cd65f6dc521aad0c5aa7014327c6 Size (samba-4.11.5.tar.gz) = 18534895 bytes @ 1.40 log @samba4: Disable more fmemopen utilities on SunOS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.39 2019/12/30 13:58:35 adam Exp $ d3 4 a6 4 SHA1 (samba-4.11.4.tar.gz) = 923c21d75bc54f2305caf86374eaf62530885177 RMD160 (samba-4.11.4.tar.gz) = ac3e90fbb260da95efc6154a9e4bddc8486d79fe SHA512 (samba-4.11.4.tar.gz) = 18ae1cb8b092c441a3fd4c6ecc9f35841dc51e3061f435107f7d2579b5e8ca6f8c96a947627dbd401b81c7de2293ff2587c30be694e160bf8a10c6d15aa73880 Size (samba-4.11.4.tar.gz) = 18530105 bytes @ 1.39 log @samba4: updated to 4.11.4 Changes since 4.11.3: * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx. * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. * BUG 14205: Prevent smbd crash after invalid SMB1 negprot. * BUG 13745: s3:printing: Fix %J substition. * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). * BUG 14069: Incomplete conversion of former parametric options. * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. * BUG 14171: vfs_fruit returns capped resource fork length. * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. * BUG 14211: smbd: Increase a debug level. * BUG 14153: Prevent azure ad connect from reporting discovery errors: reference-value-not-ldap-conformant. * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system library. * BUG 14168: replace: Only link libnsl and libsocket if requrired. * BUG 14175: ctdb: Incoming queue can be orphaned causing communication breakdown. * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute. * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.38 2019/12/10 13:03:41 adam Exp $ d34 1 @ 1.38 log @samba4: updated to 4.11.3 Samba 4.11.3 This is a security release in order to address the following defects: o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.37 2019/11/10 17:01:58 adam Exp $ d3 4 a6 4 SHA1 (samba-4.11.3.tar.gz) = cd90090cbe834d9aa86b065eca4dbf3ff7e521f4 RMD160 (samba-4.11.3.tar.gz) = 81e0b803f97b640882f0dfc6d83c331aaddc9015 SHA512 (samba-4.11.3.tar.gz) = 11882791cf7c4e3155e50732c8b0858312caf9ce90767fa2703cb3bbe41e981035a0e14e658e9f51b67bdf1882cb9bc987a32f4515ae8a9ad0da3270629abe8b Size (samba-4.11.3.tar.gz) = 18520441 bytes @ 1.38.4.1 log @Pullup ticket #6125 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.86-1.89 - net/samba4/PLIST 1.25 - net/samba4/distinfo 1.39-1.41 - net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build 1.1 --- Module Name: pkgsrc Committed By: adam Date: Mon Dec 30 13:58:35 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: samba4: updated to 4.11.4 Changes since 4.11.3: * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx. * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. * BUG 14205: Prevent smbd crash after invalid SMB1 negprot. * BUG 13745: s3:printing: Fix %J substition. * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). * BUG 14069: Incomplete conversion of former parametric options. * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. * BUG 14171: vfs_fruit returns capped resource fork length. * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. * BUG 14211: smbd: Increase a debug level. * BUG 14153: Prevent azure ad connect from reporting discovery errors: reference-value-not-ldap-conformant. * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system library. * BUG 14168: replace: Only link libnsl and libsocket if requrired. * BUG 14175: ctdb: Incoming queue can be orphaned causing communication breakdown. * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute. * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. --- Module Name: pkgsrc Committed By: jperkin Date: Wed Jan 8 10:40:03 UTC 2020 Modified Files: pkgsrc/net/samba4: distinfo Added Files: pkgsrc/net/samba4/patches: patch-source4_utils_oLschema2ldif_wscript__build Log Message: samba4: Disable more fmemopen utilities on SunOS. --- Module Name: pkgsrc Committed By: jperkin Date: Sat Jan 18 21:51:16 UTC 2020 Modified Files: pkgsrc/net/samba4: Makefile Log Message: *: Recursive revision bump for openssl 1.1.1. --- Module Name: pkgsrc Committed By: taca Date: Tue Jan 21 14:12:36 UTC 2020 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: net/samba4: update to 4.11.5 Update samba4 to 4.11.5. ============================== Release Notes for Samba 4.11.5 January 21, 2020 ============================== This is a security release in order to address the following defects: o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. ======= Details ======= o CVE-2019-14902: The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. o CVE-2019-14907: When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs. o CVE-2019-19344: During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed. --- Module Name: pkgsrc Committed By: taca Date: Mon Jan 27 14:04:13 UTC 2020 Modified Files: pkgsrc/net/samba4: Makefile Log Message: net/samba4: update depdendency Update dependency for daabases/ldb and devel/talloc. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.38 2019/12/10 13:03:41 adam Exp $ d3 4 a6 4 SHA1 (samba-4.11.5.tar.gz) = d06abddcbb5ec1800f30ac2f9b760515e3f2f2ce RMD160 (samba-4.11.5.tar.gz) = 137535478b546f364f2c2410ada2ff5289c202fa SHA512 (samba-4.11.5.tar.gz) = b81edc4563e87c0d4fd7b3ed659def80980c961d0b9cf09be42f0a1334f823f8cf3cd5d57315451c0b7af2489a5fa1af8410cd65f6dc521aad0c5aa7014327c6 Size (samba-4.11.5.tar.gz) = 18534895 bytes a33 1 SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = b0cbbcd4ebedd443dc9f9a59d1dad2e039bb9663 @ 1.37 log @samba4: updated to 4.11.2 4.11.2: This is a security release in order to address the following defects: o CVE-2019-10218: Client code can return filenames containing path separators. o CVE-2019-14833: Samba AD DC check password script does not receive the full password. o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. 4.11.1: This is the latest stable release of the Samba 4.11 release series. Changes since 4.11.0: * BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH group. * BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(). * BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls. * BUG 14137: Fix stale file handle error when using mkstemp on a share. * BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14130: s3-winbindd: Fix forest trusts with additional trust attributes. * BUG 14134: auth/gensec: Fix non-AES schannel seal. * BUG 14147: Deleted records can be resurrected during recovery. * BUG 14136: Fix uncaught exception in classicupgrade. * BUG 14139: fault.c: Improve fault_report message text pointing to our wiki. * BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI. * BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests. * BUG 14131: Remove 'pod2man' as it is no longer needed. * BUG 13884: Joining Active Directory should not use SAMR to set the password. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14155: 'kpasswd' fails when built with MIT Kerberos. * BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted nodes. 4.11.0: * BUG 14049: ldb: Don't try to save a value that isn't there. * ldb_dn: Free dn components on explode failure. * ldb: Do not allow adding a DN as a base to itself. * ldb: Release ldb 2.0.7. * BUG 13695: ldb: Correct Pigeonhole principle validation in ldb_filter_attrs(). * BUG 14049: Fix ldb dn crash. * BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords = no". * BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust mutexes. * BUG 14121: smbd returns bad File-ID on filehandle used to create a file or directory. * BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations. * BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint to load balancers or servers with "multi-tenancy" support. * BUG 14113: Fix byte range locking bugs/regressions. * ldb: Fix mem-leak if talloc_realloc fails. * BUG 14007: Fix join with don't exists machine account. * BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map. CHANGES SINCE 4.11.0rc2 * BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what is happening). * BUG 14092: docs: Deprecate "rndc command" for Samba 4.11. * BUG 14059: ldb: Free memory when repacking database. * BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id. * BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and st_ex_iflags. * BUG 14093: vfs_glusterfs: Enable profiling for file system operations. * BUG 14059: Backport sambadowngradedatabase for v4.11. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14032: vfs_gpfs: Implement special case for denying owner access to ACL. * BUG 14084: Avoid marking a node as connected before it can receive packets. * BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7. * BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing databases. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.36 2019/09/05 12:39:56 hauke Exp $ d3 4 a6 4 SHA1 (samba-4.11.2.tar.gz) = b85b2cf8ad09ceeee744c6ca10c719411902977a RMD160 (samba-4.11.2.tar.gz) = e6142442130fba3a1c0cf85763f3b9febef36dd8 SHA512 (samba-4.11.2.tar.gz) = f91053f019c9f979d7e29af00ea9b03a79c6f8efe91413ac2d6dca823f45ca9c30686264fdc0545dddabc687ad369a80c9ec78ebe75d1787dfc9b834233e12c1 Size (samba-4.11.2.tar.gz) = 18516056 bytes @ 1.36 log @Solarish pthreads expect mutex datastructures to be properly zeroed out, unlike the Linux implementation, which upstream mainly targets. This leads to "tdb_open_ex: tdb_mutex_init failed for /var/samba/lock/gencache.tdb: Device busy" errors, described in . Illumos kernel code attempted to mitigate the problem as of , but the changes have yet to show up in releases. The patches originate from , modified appropriately. Tested on omniosce r151030. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2019/09/03 19:11:58 adam Exp $ d3 5 a7 5 SHA1 (samba-4.10.8.tar.gz) = e0fafe34e7205c4f9ab54f96ab2ee72d1b9cfaca RMD160 (samba-4.10.8.tar.gz) = ee2f253b30e1ecdd796c8c92f3d7c5fae7ec0694 SHA512 (samba-4.10.8.tar.gz) = 14d463dfba36473f4a1d2b306ff2a18c664e1a01bc8077ef62afc6796cf4dd65461d72b519b8df3a777eaf322cb98653b416468d770541cd21fab2383c8dce66 Size (samba-4.10.8.tar.gz) = 18316560 bytes SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = 0f9ca14e3a77d7dfad06aa8c4d2de2f6cc3c0646 d11 1 a11 1 SHA1 (patch-buildtools_wafsamba_wscript) = 117fb13f5266dc90568b18ffa8faa34a45bc94c5 d23 1 a23 1 SHA1 (patch-libcli_dns_wscript__build) = 40e6f864e2fb1b6abb198f1a51bb2c95bc8c6fb2 d29 1 a31 1 SHA1 (patch-source4_heimdal__build_wscript__configure) = 82f9da47f7dc4c3fc29f93b1e9829a1a3b54c095 @ 1.35 log @samba4: updated to 4.10.8 Samba 4.10.8: This is a security release in order to address the following defect: o CVE-2019-10197: Combination of parameters and permissions can allow user to escape from the share path definition. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2019/08/23 10:52:41 adam Exp $ d11 1 a11 1 SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 d15 1 d17 3 d21 2 d24 1 d27 2 d32 1 d34 1 @ 1.34 log @samba4: updated to 4.10.7 Samba 4.10.7 * BUG 14010: Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module. * BUG 13844: build: Allow build when '--disable-gnutls' is set. * BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py. * BUG 14008: Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade. * BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC. * BUG 14046: join: Use a specific attribute order for the DsAddEntry nTDSDSA object. * BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname(). * BUG 14091: lookup_name: Allow own domain lookup when flags == 0. * BUG 13932: s4 librpc rpc pyrpc: Ensure tevent_context deleted last. * BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log file. * BUG 13949: Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto". * BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days. * BUG 13969: dnsProperty fails to decode values from older Windows versions. * BUG 13973: samba-tool: Use only one LDAP modify for dns partition fsmo role transfer. * BUG 13960: third_party: Update waf to version 2.0.17. * BUG 14051: netcmd: Allow 'drs replicate --local' to create partitions. * BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2019/08/03 06:54:39 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.7.tar.gz) = a6ded8b82f6b6417185fb8393863997ad23d8e46 RMD160 (samba-4.10.7.tar.gz) = 821f683117dfaf3f4c3ec986c0ed1c866c11ec61 SHA512 (samba-4.10.7.tar.gz) = 3ef05754fc12343cf76c7981ca25e4898bd0bf133f394b9fbe9393e8447b18626977e80ddc76f1597921abc378ad058cc363f1f277856d6fa4d783c902514c88 Size (samba-4.10.7.tar.gz) = 18318281 bytes @ 1.33 log @samba4: updated to 4.10.6 Changes 4.10.6: * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. * BUG 13964: smbd does not correctly parse arguments passed to dfree and quota scripts. * BUG 13965: samba-tool dns: use bytes for inet_ntop. * BUG 13828: samba-tool domain provision: Fix --interactive module in python3. * BUG 13893: ldb_kv: Skip @@ records early in a search full scan. * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" connection. * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option instead of "state dir". * BUG 13840: registry: Add a missing include. * BUG 13944: Fix SMB guest authentication. * BUG 13958: AppleDouble conversion breaks Resourceforks. * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). * BUG 13987: s3:mdssvc: Fix flex compilation error. * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly: * BUG 13799: dsdb:samdb: schemainfo update with relax control. * BUG 13964: s3:util: Move static file_pload() function to lib/util. * BUG 13957: smbd: Fix a panic. * BUG 12478: ldap server: Generate correct referral schemes. * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value. * BUG 13942: s4 dsdb: Fix use after free in samldb_rename_search_base_callback. * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can apply it. * BUG 12478: ldb: Release ldb 1.5.5 * BUG 13713: Schema replication fails if link crosses chunk boundary backwards. * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision. * BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL. * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary. * BUG 13939: Using Kerberos credentials to print using spoolss doesn't work. * BUG 13998: wafsamba: Use native waf timer. * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2019/06/28 17:13:50 jperkin Exp $ d3 4 a6 4 SHA1 (samba-4.10.6.tar.gz) = dfa9fd24d8f00c427158c7ea83d0d071bc6c819a RMD160 (samba-4.10.6.tar.gz) = b8e8bf3b46acd8a097b9d1e4c36280d46fbf9fcb SHA512 (samba-4.10.6.tar.gz) = 6c06a55ac686210965cf52f79190700a3d3a5cba8ea54b32e5bdb4d6b6167f1fa9aef308c3d5fdc7078496aa78b46d5cea3c623438d3a049b11fc58d334f8d0f Size (samba-4.10.6.tar.gz) = 18306135 bytes @ 1.32 log @samba4: Build fixes for SunOS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2019/06/22 13:27:12 jmcneill Exp $ d3 4 a6 4 SHA1 (samba-4.10.5.tar.gz) = 9444a1a0cafd2c734eab39d76908c5344421df99 RMD160 (samba-4.10.5.tar.gz) = c6ebda08f6dba92446383b18d0f3cce3a2199312 SHA512 (samba-4.10.5.tar.gz) = 82961791a43511aa42f0d648edd13f0533cb20e1d673903e6a1f6235b0df19dfc0755ab0c8e6d4518ca19c188968a38a6c8e8c80d05a20141c097fb0b3e2b795 Size (samba-4.10.5.tar.gz) = 18290612 bytes @ 1.32.2.1 log @Pullup ticket #6047 - requested by taca databases/ldb: dependent update net/samba4: security fix Revisions pulled up: - databases/ldb/Makefile 1.6 - databases/ldb/buildlink3.mk 1.2 - databases/ldb/distinfo 1.3 - net/samba4/Makefile 1.75,1.77-1.78 - net/samba4/PLIST 1.23 - net/samba4/distinfo 1.33-1.35 --- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 20 22:46:59 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile buildlink3.mk Log Message: *: recursive bump for nettle 3.5.1 --- Module Name: pkgsrc Committed By: wiz Date: Sun Jul 21 22:26:08 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile Log Message: *: recursive bump for gdk-pixbuf2-2.38.1 --- Module Name: pkgsrc Committed By: adam Date: Sat Aug 3 06:54:39 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: samba4: updated to 4.10.6 Changes 4.10.6: * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. * BUG 13964: smbd does not correctly parse arguments passed to dfree and quota scripts. * BUG 13965: samba-tool dns: use bytes for inet_ntop. * BUG 13828: samba-tool domain provision: Fix --interactive module in python3. * BUG 13893: ldb_kv: Skip @@ records early in a search full scan. * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" connection. * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option instead of "state dir". * BUG 13840: registry: Add a missing include. * BUG 13944: Fix SMB guest authentication. * BUG 13958: AppleDouble conversion breaks Resourceforks. * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). * BUG 13987: s3:mdssvc: Fix flex compilation error. * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly: * BUG 13799: dsdb:samdb: schemainfo update with relax control. * BUG 13964: s3:util: Move static file_pload() function to lib/util. * BUG 13957: smbd: Fix a panic. * BUG 12478: ldap server: Generate correct referral schemes. * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value. * BUG 13942: s4 dsdb: Fix use after free in samldb_rename_search_base_callback. * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can apply it. * BUG 12478: ldb: Release ldb 1.5.5 * BUG 13713: Schema replication fails if link crosses chunk boundary backwards. * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision. * BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL. * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary. * BUG 13939: Using Kerberos credentials to print using spoolss doesn't work. * BUG 13998: wafsamba: Use native waf timer. * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check. --- Module Name: pkgsrc Committed By: wiz Date: Sun Aug 11 13:25:21 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile Log Message: Bump PKGREVISIONs for perl 5.30.0 --- Module Name: pkgsrc Committed By: adam Date: Fri Aug 23 10:52:41 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba4: updated to 4.10.7 Samba 4.10.7 * BUG 14010: Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module. * BUG 13844: build: Allow build when '--disable-gnutls' is set. * BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py. * BUG 14008: Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade. * BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC. * BUG 14046: join: Use a specific attribute order for the DsAddEntry nTDSDSA object. * BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname(). * BUG 14091: lookup_name: Allow own domain lookup when flags == 0. * BUG 13932: s4 librpc rpc pyrpc: Ensure tevent_context deleted last. * BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log file. * BUG 13949: Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto". * BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days. * BUG 13969: dnsProperty fails to decode values from older Windows versions. * BUG 13973: samba-tool: Use only one LDAP modify for dns partition fsmo role transfer. * BUG 13960: third_party: Update waf to version 2.0.17. * BUG 14051: netcmd: Allow 'drs replicate --local' to create partitions. * BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file. --- Module Name: pkgsrc Committed By: adam Date: Tue Sep 3 19:11:58 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba4: updated to 4.10.8 Samba 4.10.8: This is a security release in order to address the following defect: o CVE-2019-10197: Combination of parameters and permissions can allow user to escape from the share path definition. --- Module Name: pkgsrc Committed By: adam Date: Sat Aug 3 06:52:32 UTC 2019 Modified Files: pkgsrc/databases/ldb: Makefile buildlink3.mk distinfo Log Message: ldb: updated to 1.5.5 1.5.5: Unknown changes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2019/06/28 17:13:50 jperkin Exp $ d3 4 a6 4 SHA1 (samba-4.10.8.tar.gz) = e0fafe34e7205c4f9ab54f96ab2ee72d1b9cfaca RMD160 (samba-4.10.8.tar.gz) = ee2f253b30e1ecdd796c8c92f3d7c5fae7ec0694 SHA512 (samba-4.10.8.tar.gz) = 14d463dfba36473f4a1d2b306ff2a18c664e1a01bc8077ef62afc6796cf4dd65461d72b519b8df3a777eaf322cb98653b416468d770541cd21fab2383c8dce66 Size (samba-4.10.8.tar.gz) = 18316560 bytes @ 1.31 log @Fixes a build failure when the letter 'j' appears in MAKEFLAGS. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2019/06/19 21:22:59 adam Exp $ d17 1 @ 1.30 log @samba4: updated to 4.10.5 Release Notes for Samba 4.10.5 This is a security release in order to address the following defects: o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server (dnsserver)) o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches)) Details ======= o CVE-2019-12435: An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference. o CVE-2019-12436: An user with read access to the directory can cause a NULL pointer dereference using the paged search control. For more details and workarounds, please refer to the security advisories. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2019/05/22 19:57:12 adam Exp $ d10 1 @ 1.29 log @samba4: updated to 4.10.4 Changes since 4.10.3: * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's. * BUG 13882: py/provision: Fix for Python 2.6. * BUG 13873: netcmd: Fix 'passwordsettings --max-pwd-age' command. * BUG 13938: s3:smbd: Don't use recvfile on streams. * BUG 13861: s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@@forestroot". * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. * BUG 13895: ctdb-common: Avoid race between fd and signal events. * BUG 13943: ctdb-common: Fix memory leak in run_proc. * BUG 13892: lib: Initialize getline() arguments. * BUG 13903: winbind: Fix overlapping id ranges. * BUG 13902: lib util debug: Increase format buffer to 4KiB. * BUG 13927: nsswitch pam_winbind: Fix Asan use after free. * BUG 13929: s4 lib socket: Ensure address string owned by parent struct. * BUG 13936: s3 rpc_client: Fix Asan stack use after scope. * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO. * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. * BUG 12845: smb2_sesssetup: avoid STATUS_PENDING responses for session setup. * BUG 13698: smb2_tcon: Avoid STATUS_PENDING completely on tdis. * BUG 13796: smb2_sesssetup: avoid STATUS_PENDING responses for session setup. * BUG 13843: dbcheck: Fix the err_empty_attribute() check. * BUG 13858: vfs_snapper: Drop unneeded fstat handler. * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check. * BUG 13863: smb2_server: Grant all 8192 credits to clients. * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. * BUG 13872: s3/vfs_glusterfs: Dynamically determine NAME_MAX. * BUG 13918: s3: modules: ceph: Use current working directory instead of share path. * BUG 13831: winbind: Use domain name from lsa query for sid_to_name cache entry. * BUG 13865: memcache: Increase size of default memcache to 512k. * BUG 13857: docs: Update smbclient manpage for "--max-protocol". * BUG 13861: 'net ads join' to child domain fails when using "-U admin@@forestroot". * BUG 13937: s3:utils: If share is NULL in smbcacls, don't print it. * BUG 13939: s3:smbspool: Fix regression printing with Kerberos credentials. * BUG 13860: ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd. * BUG 13888: ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake". * BUG 13930: ctdb-daemon: Never use 0 as a client ID. * BUG 13943: ctdb-common: Fix memory leak. * BUG 13904: s3:debug: Enable logging for early startup failures. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2019/05/15 09:07:21 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.4.tar.gz) = 3429469f420bb952f459051906fd5c9d03f046f9 RMD160 (samba-4.10.4.tar.gz) = c743f58fe2d81d4a7f1953ba0afc98d508a789e7 SHA512 (samba-4.10.4.tar.gz) = 10799f866b896903baaea5141af89cf442f3892d9c6f74b7acf217dd95abfe77b09f2bb001273cccf2e433bd2e845fad90651970952b4e18e8cd37bde956cf4e Size (samba-4.10.4.tar.gz) = 18289224 bytes @ 1.28 log @samba4: updated to 4.10.3 Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2019/04/08 18:35:59 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.3.tar.gz) = e37c84ba448fb942479742ab56d265ba9855c366 RMD160 (samba-4.10.3.tar.gz) = c57512aa01094f0f9f5e4df0d09b50548e5a35ab SHA512 (samba-4.10.3.tar.gz) = b247eaf4438b219ed0fdbc8dbdef94798cdb3eb5eb39831e89f2955842576ac90aa9201323ce6976f0e93dba69c6c6b7842d7bfc9e0a97ac9986d2f6a31882f8 Size (samba-4.10.3.tar.gz) = 18281572 bytes @ 1.27 log @samba4: updated to 4.10.2 Release Notes for Samba 4.10.2 This is a security release in order to address the following defects: o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) o CVE-2019-3880 (Save registry file outside share as unprivileged user) Details o CVE-2019-3870: During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. o CVE-2019-3880: Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share. For more details and workarounds, please refer to the security advisories. Changes since 4.10.1: * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for smbd.mkdir(). * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of SaveKey/RestoreKey. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2019/04/03 14:23:06 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.2.tar.gz) = b0b5dd49e92b266315cea6530dcfc926f27dd4ed RMD160 (samba-4.10.2.tar.gz) = 6d91d2d581e095753deaae1fae28b8a048e103fc SHA512 (samba-4.10.2.tar.gz) = 3d146ea12567ebb02a7babcad779b82339ffbfb19f6f2be5cac33eb18af2c9b546dc1cd910072a5c9e152ba9c4a632ed6870c48a8f6ad9d04304b130f240a4bf Size (samba-4.10.2.tar.gz) = 18280710 bytes @ 1.26 log @samba4: updated to 4.10.1 Changes since 4.10.0: * BUG 13837: py/kcc_utils: py2.6 compatibility. * BUG 13869: libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response. * BUG 13840: regfio: Improve handling of malformed registry hive files. * BUG 13789: ctdb-version: Simplify version string usage. * BUG 13859: lib: Make fd_load work for non-regular files. * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option. * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(). * BUG 13854: s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so. * BUG 13836: acl_read: Fix regression for empty lists. * BUG 13841: s4:dlz make b9_has_soa check dc=@@ node. * BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth. * BUG 13847: s4:librpc: Fix installation of Samba. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13793: s3:utils: Add 'smbstatus -L --resolve-uids' to show username. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. * BUG 13789: ctdb-build: Drop creation of .distversion in tarball. * BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2019/03/20 19:09:10 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.1.tar.gz) = 4dc043bd680ac625a54bbe94e4df85ac3598359c RMD160 (samba-4.10.1.tar.gz) = d1bb83f5acc18ec2399beae32a2ceba010f1f6cc SHA512 (samba-4.10.1.tar.gz) = cfd86999d2eacb7700f03a25112211f4c79f64685d758744f690046728b5f5d66e4699d6cc9dc3e1ae108eb630ed18d9f62791ca101daabcebafa3cca2b3d838 Size (samba-4.10.1.tar.gz) = 18280677 bytes @ 1.25 log @samba4: updated to 4.10.0 Release Notes for Samba 4.10.0 This is the first stable release of the Samba 4.10 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== GPO Improvements ---------------- A new 'samba-tool gpo backup' command has been added that can export a set of Group Policy Objects from a domain in a generalised XML format. A corresponding 'samba-tool gpo restore' command has been added to rebuild the Group Policy Objects from the XML after generalization. (The administrator needs to correct the values of XML entities between the backup and restore to account for the change in domain). KDC prefork ----------- The KDC now supports the pre-fork process model and worker processes will be forked for the KDC when the pre-fork process model is selected for samba. Prefork 'prefork children' -------------------------- The default value for this smdb.conf parameter has been increased from 1 to 4. Netlogon prefork ---------------- DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are pre-forked when the prefork process model is selected for samba. Offline domain backups ---------------------- The 'samba-tool domain backup' command has been extended with a new 'offline' option. This safely creates a backup of the local DC's database directly from disk. The main benefits of an offline backup are it's quicker, it stores more database details (for forensic purposes), and the samba process does not have to be running when the backup is made. Refer to the samba-tool help for more details on using this command. Group membership statistics --------------------------- A new 'samba-tool group stats' command has been added. This provides summary information about how the users are spread across groups in your domain. The 'samba-tool group list --verbose' command has also been updated to include the number of users in each group. Paged results LDAP control -------------------------- The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696) has been changed to more closely match Windows servers, to improve memory usage. Paged results may be used internally (or is requested by the user) by LDAP libraries or tools that deal with large result sizes, for example, when listing all the objects in the database. Previously, results were returned as a snapshot of the database but now, some changes made to the set of results while paging may be reflected in the responses. If strict inter-record consistency is required in answers (which is not possible on Windows with large result sets), consider avoiding the paged results control or alternatively, it might be possible to enforce restrictions using the LDAP filter expression. For further details see https://wiki.samba.org/index.php/Paged_Results Prefork process restart ----------------------- The pre-fork process model now restarts failed processes. The delay between restart attempts is controlled by the "prefork backoff increment" (default = 10) and "prefork maximum backoff" (default = 120) smbd.conf parameters. A linear back off strategy is used with "prefork backoff increment" added to the delay between restart attempts up until it reaches "prefork maximum backoff". Using the default sequence the restart delays (in seconds) are: 0, 10, 20, ..., 120, 120, ... Standard process model ---------------------- When using the standard process model samba forks a new process to handle ldap and netlogon connections. Samba now honours the 'max smbd processes' smb.conf parameter. The default value of 0, indicates there is no limit. The limit is applied individually to netlogon and ldap. When the process limit is exceeded Samba drops new connections immediately. python3 support --------------- This is the first release of Samba which has full support for Python 3. Samba 4.10 still has support for Python 2, however, Python 3 will be used by default, i.e. 'configure' & 'make' will execute using python3. To build Samba with python2 you *must* set the 'PYTHON' environment variable for both the 'configure' and 'make' steps, i.e. 'PYTHON=python2 ./configure' 'PYTHON=python2 make' This will override the python3 default. Alternatively, it is possible to produce Samba Python bindings for both Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2' as part of the 'configure' command. Note that python3 will still be used as the default in this case. Note that Samba 4.10 supports Python 3.4 onwards. Future Python support --------------------- Samba 4.10 will be the last release that comes with full support for Python 2. Unfortunately, the Samba Team doesn't have the resources to support both Python 2 and Python 3 long-term. Samba 4.11 will not have any runtime support for Python 2. This means if you use Python 2 bindings it is time to migrate to Python 3 now. If you are building Samba using the '--disable-python' option (i.e. you're excluding all the run-time Python support), then this will continue to work on a system that supports either python2 or python3. Also note that Samba 4.11 will most likely only support Python 3.6 onwards. JSON logging ------------ Authentication messages now contain the Windows Event Id "eventId" and logon type "logonType". The supported event codes and logon types are: Event codes: 4624 Successful logon 4625 Unsuccessful logon Logon Types: 2 Interactive 3 Network 8 NetworkCleartext The version number for Authentication messages is now 1.1, changed from 1.0 Password change messages now contain the Windows Event Id "eventId", the supported event Id's are: 4723 Password changed 4724 Password reset The version number for PasswordChange messages is now 1.1, changed from 1.0 Group membership change messages now contain the Windows Event Id "eventId", the supported event Id's are: 4728 A member was added to a security enabled global group 4729 A member was removed from a security enabled global group 4732 A member was added to a security enabled local group 4733 A member was removed from a security enabled local group 4746 A member was added to a security disabled local group 4747 A member was removed from a security disabled local group 4751 A member was added to a security disabled global group 4752 A member was removed from a security disabled global group 4756 A member was added to a security enabled universal group 4757 A member was removed from a security enabled universal group 4761 A member was added to a security disabled universal group 4762 A member was removed from a security disabled universal group The version number for GroupChange messages is now 1.1, changed from 1.0. Also A GroupChange message is generated when a new user is created to log that the user has been added to their primary group. The leading "JSON :" and source file prefix of the JSON formatted log entries has been removed to make the parsing of the JSON log messages easier. JSON log entries now start with 2 spaces followed by an opening brace i.e. " {" SMBv2 samba-tool support ------------------------ On previous releases, some samba-tool commands would not work against a remote DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool. The affected commands are 'samba-tool domain backup|rename' and the 'samba-tool gpo' set of commands. New glusterfs_fuse VFS module ----------------------------- The new vfs_glusterfs_fuse module improves performance when Samba accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace as part of the Linux kernel). It achieves that by leveraging a mechanism to retrieve the appropriate case of filenames by querying a specific extended attribute in the filesystem. No extra configuration is required to use this module, only glusterfs_fuse needs to be set in the "vfs objects" parameter. Further details can be found in the vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does not replace the existing vfs_glusterfs module, it just provides an additional, alternative mechanism to access a Gluster volume. REMOVED FEATURES ================ MIT Kerberos build of the AD DC ------------------------------- While not removed, the MIT Kerberos build of the Samba AD DC is still considered experimental. Because Samba will not issue security patches for this configuration, such builds now require the explicit configure option: --with-experimental-mit-ad-dc For further details see https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC samba_backup ------------ The samba_backup script has been removed. This has now been replaced by the 'samba-tool domain backup offline' command. SMB client Python bindings -------------------------- The SMB client python bindings are now deprecated and will be removed in future Samba releases. This will only affects users that may have used the Samba Python bindings to write their own utilities, i.e. users with a custom Python script that includes the line 'from samba import smb'. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2019/03/13 18:02:31 adam Exp $ d3 4 a6 4 SHA1 (samba-4.10.0.tar.gz) = 14769a5f9a296359269e15e989d2995fd79ef2e2 RMD160 (samba-4.10.0.tar.gz) = 3bfd51a04666ca115cf86e801c2ec021883d263c SHA512 (samba-4.10.0.tar.gz) = e82a8ec78cea666a653bddab066eaa22382f5b016b38f7618492e39f470d6f4c3ddd6dc21e9f0e9fde73ab98c4dd3da1a3823fd457f085ac14c36070b447ac90 Size (samba-4.10.0.tar.gz) = 18270804 bytes @ 1.25.2.1 log @Pullup ticket #5933 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.64-1.65 - net/samba4/PLIST 1.22 - net/samba4/distinfo 1.26-1.27 --- Module Name: pkgsrc Committed By: adam Date: Wed Apr 3 14:23:06 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba4: updated to 4.10.1 Changes since 4.10.0: * BUG 13837: py/kcc_utils: py2.6 compatibility. * BUG 13869: libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response. * BUG 13840: regfio: Improve handling of malformed registry hive files. * BUG 13789: ctdb-version: Simplify version string usage. * BUG 13859: lib: Make fd_load work for non-regular files. * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option. * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(). * BUG 13854: s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so. * BUG 13836: acl_read: Fix regression for empty lists. * BUG 13841: s4:dlz make b9_has_soa check dc=@@ node. * BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth. * BUG 13847: s4:librpc: Fix installation of Samba. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13793: s3:utils: Add 'smbstatus -L --resolve-uids' to show username. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. * BUG 13789: ctdb-build: Drop creation of .distversion in tarball. * BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory. --- Module Name: pkgsrc Committed By: adam Date: Mon Apr 8 18:35:59 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: samba4: updated to 4.10.2 Release Notes for Samba 4.10.2 This is a security release in order to address the following defects: o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) o CVE-2019-3880 (Save registry file outside share as unprivileged user) Details o CVE-2019-3870: During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. o CVE-2019-3880: Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share. For more details and workarounds, please refer to the security advisories. Changes since 4.10.1: * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for smbd.mkdir(). * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of SaveKey/RestoreKey. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.10.2.tar.gz) = b0b5dd49e92b266315cea6530dcfc926f27dd4ed RMD160 (samba-4.10.2.tar.gz) = 6d91d2d581e095753deaae1fae28b8a048e103fc SHA512 (samba-4.10.2.tar.gz) = 3d146ea12567ebb02a7babcad779b82339ffbfb19f6f2be5cac33eb18af2c9b546dc1cd910072a5c9e152ba9c4a632ed6870c48a8f6ad9d04304b130f240a4bf Size (samba-4.10.2.tar.gz) = 18280710 bytes @ 1.25.2.2 log @Pullup ticket #5972 - requested by taca net/samba4: security update Revisions pulled up: - net/samba4/Makefile 1.67 - net/samba4/PLIST.Linux 1.2 - net/samba4/distinfo 1.28 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Tue Apr 23 07:42:53 UTC 2019 Modified Files: pkgsrc/net/samba4: PLIST.Linux Log Message: samba4: update Linux-specific PLIST entries from mmoll in https://github.com/NetBSD/pkgsrc/pull/46 I am not adding the SunOS part because the files are in the non-OS specific PLIST, now (the SunOS entries seem to be duplicated) To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/samba4/PLIST.Linux ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Thu Apr 25 07:33:32 UTC 2019 Modified Files: pkgsrc/archivers/bmap-tools: Makefile pkgsrc/archivers/engrampa: Makefile pkgsrc/archivers/rox-archive: Makefile pkgsrc/audio/aeneas: Makefile pkgsrc/audio/amaroc: Makefile pkgsrc/audio/ardour: Makefile pkgsrc/audio/aubio: Makefile pkgsrc/audio/cplay: Makefile pkgsrc/audio/csound5: Makefile pkgsrc/audio/csound6: Makefile pkgsrc/audio/csound6-manual: Makefile pkgsrc/audio/exaile: Makefile pkgsrc/audio/eyeD3: Makefile pkgsrc/audio/gtkpod: Makefile pkgsrc/audio/icecast1: Makefile pkgsrc/audio/ices-mp3: Makefile pkgsrc/audio/libmatemixer: Makefile pkgsrc/audio/lilv: Makefile pkgsrc/audio/lv2: Makefile pkgsrc/audio/moss: Makefile pkgsrc/audio/picard: Makefile pkgsrc/audio/playitslowly: Makefile pkgsrc/audio/pocketsphinx: Makefile pkgsrc/audio/pulseaudio: Makefile pkgsrc/audio/py-beets: Makefile pkgsrc/audio/quodlibet2: Makefile pkgsrc/audio/rhythmbox: Makefile pkgsrc/audio/solfege: Makefile pkgsrc/audio/sonata: Makefile pkgsrc/audio/sphinxtrain: Makefile pkgsrc/audio/suil: Makefile pkgsrc/audio/tunapie: Makefile pkgsrc/benchmarks/fio: Makefile pkgsrc/benchmarks/glmark2: Makefile pkgsrc/biology/bcftools: Makefile pkgsrc/biology/hisat2: Makefile pkgsrc/biology/ncbi-blast+: Makefile pkgsrc/biology/samtools: Makefile pkgsrc/biology/stacks: Makefile pkgsrc/cad/geda: Makefile pkgsrc/cad/klayout: Makefile pkgsrc/cad/openscad: Makefile pkgsrc/chat/bitlbee: Makefile pkgsrc/chat/centerim: Makefile pkgsrc/chat/centerim5: Makefile pkgsrc/chat/empathy: Makefile pkgsrc/chat/gajim: Makefile pkgsrc/chat/gajim-plugin-omemo: Makefile pkgsrc/chat/hexchat: Makefile pkgsrc/chat/konversation: Makefile pkgsrc/chat/libpurple: Makefile pkgsrc/chat/libtelepathy: Makefile pkgsrc/chat/spectrum: Makefile pkgsrc/chat/swift: Makefile pkgsrc/chat/telepathy-farsight: Makefile pkgsrc/chat/telepathy-gabble: Makefile pkgsrc/chat/telepathy-glib: Makefile pkgsrc/chat/telepathy-idle: Makefile pkgsrc/chat/telepathy-logger: Makefile pkgsrc/chat/telepathy-mission-control: Makefile pkgsrc/chat/telepathy-mission-control5: Makefile pkgsrc/chat/telepathy-qt: Makefile pkgsrc/chat/tootstream: Makefile pkgsrc/comms/multisync-gui: Makefile pkgsrc/converters/libkkc: Makefile pkgsrc/converters/sratom: Makefile pkgsrc/converters/unoconv: Makefile pkgsrc/converters/wkhtmltopdf: Makefile pkgsrc/databases/apache-cassandra: Makefile pkgsrc/databases/apache-cassandra2: Makefile pkgsrc/databases/gourmet: Makefile pkgsrc/databases/gramps3: Makefile pkgsrc/databases/ldb: Makefile pkgsrc/databases/libpqxx: Makefile pkgsrc/databases/luma: Makefile pkgsrc/databases/mongodb: Makefile pkgsrc/databases/mysql-cluster: Makefile pkgsrc/databases/mysql-workbench: Makefile pkgsrc/databases/oraedit: Makefile pkgsrc/databases/postgresql10-plpython: Makefile pkgsrc/databases/postgresql11-plpython: Makefile pkgsrc/databases/postgresql93-plpython: Makefile pkgsrc/databases/postgresql94-plpython: Makefile pkgsrc/databases/postgresql95-plpython: Makefile pkgsrc/databases/postgresql96-plpython: Makefile pkgsrc/databases/skytools: Makefile pkgsrc/databases/sqlrelay-nodejs: Makefile pkgsrc/databases/tdb: Makefile pkgsrc/devel/ExmanIDE: Makefile pkgsrc/devel/GConf: Makefile pkgsrc/devel/RBTools: Makefile pkgsrc/devel/accerciser: Makefile pkgsrc/devel/accerciser3: Makefile pkgsrc/devel/anjuta: Makefile pkgsrc/devel/appdata-tools: Makefile pkgsrc/devel/arcanist: Makefile pkgsrc/devel/boa-constructor: Makefile pkgsrc/devel/bpython: Makefile pkgsrc/devel/bzr: Makefile pkgsrc/devel/bzr-explorer: Makefile pkgsrc/devel/bzr-gtk: Makefile pkgsrc/devel/bzr-svn: Makefile pkgsrc/devel/bzrtools: Makefile pkgsrc/devel/clion-bin: Makefile pkgsrc/devel/coccinelle: Makefile pkgsrc/devel/codeville: Makefile pkgsrc/devel/cppcheck: Makefile pkgsrc/devel/ctemplate: Makefile pkgsrc/devel/cvs-fast-export: Makefile pkgsrc/devel/cvs2svn: Makefile pkgsrc/devel/dconf: Makefile pkgsrc/devel/diffuse: Makefile pkgsrc/devel/distcc-pump: Makefile pkgsrc/devel/doxygen: Makefile pkgsrc/devel/epydoc: Makefile pkgsrc/devel/eric4: Makefile pkgsrc/devel/etrace: Makefile pkgsrc/devel/fromcvs: Makefile pkgsrc/devel/gdb: Makefile pkgsrc/devel/gdb7: Makefile pkgsrc/devel/gdbus-codegen: Makefile pkgsrc/devel/git-remote-hg: Makefile pkgsrc/devel/glib2: Makefile pkgsrc/devel/glib2-tools: Makefile pkgsrc/devel/global: Makefile pkgsrc/devel/gnatpython: Makefile pkgsrc/devel/go-cli: Makefile pkgsrc/devel/go-termbox: Makefile pkgsrc/devel/gobject-introspection: Makefile pkgsrc/devel/gps: Makefile pkgsrc/devel/hyperscan: Makefile pkgsrc/devel/include-what-you-use: Makefile pkgsrc/devel/intellij-ce-bin: Makefile pkgsrc/devel/intellij-ue-bin: Makefile pkgsrc/devel/kcachegrind: Makefile pkgsrc/devel/kde-dev-scripts: Makefile pkgsrc/devel/ko-po-check: Makefile pkgsrc/devel/kpackage: Makefile pkgsrc/devel/kpeople: Makefile pkgsrc/devel/kpty: Makefile pkgsrc/devel/kservice: Makefile pkgsrc/devel/lettuce: Makefile pkgsrc/devel/libdbusmenu-tools: Makefile pkgsrc/devel/libftdi1: Makefile pkgsrc/devel/libgit2: Makefile pkgsrc/devel/libhid: Makefile pkgsrc/devel/libpeas: Makefile pkgsrc/devel/librdkafka: Makefile pkgsrc/devel/lld: Makefile pkgsrc/devel/lldb: Makefile pkgsrc/devel/lokalize: Makefile pkgsrc/devel/mate-common: Makefile pkgsrc/devel/meld: Makefile pkgsrc/devel/mercurial: Makefile pkgsrc/devel/ncc: Makefile pkgsrc/devel/netbeans-ide: Makefile pkgsrc/devel/ninja-build: Makefile pkgsrc/devel/phpstorm-bin: Makefile pkgsrc/devel/ply: Makefile pkgsrc/devel/py-gobject-shared: Makefile pkgsrc/devel/py-proteus: Makefile pkgsrc/devel/pycharm-bin: Makefile pkgsrc/devel/pythontidy: Makefile pkgsrc/devel/qbzr: Makefile pkgsrc/devel/radare2-cutter: Makefile pkgsrc/devel/reposurgeon: Makefile pkgsrc/devel/ropper: Makefile pkgsrc/devel/roundup: Makefile pkgsrc/devel/rox-lib: Makefile pkgsrc/devel/rubymine-bin: Makefile pkgsrc/devel/sdcc3: Makefile pkgsrc/devel/stgit: Makefile pkgsrc/devel/subversion: Makefile pkgsrc/devel/swig2: Makefile pkgsrc/devel/tailor: Makefile pkgsrc/devel/talloc: Makefile pkgsrc/devel/tevent: Makefile pkgsrc/devel/umbrello: Makefile pkgsrc/devel/undebt: Makefile pkgsrc/devel/waf: Makefile pkgsrc/editors/Sigil: Makefile pkgsrc/editors/TeXmacs: Makefile pkgsrc/editors/cooledit: Makefile pkgsrc/editors/gedit-python: Makefile pkgsrc/editors/gedit3: Makefile pkgsrc/editors/kate: Makefile pkgsrc/editors/lyx: Makefile pkgsrc/editors/medit: Makefile pkgsrc/editors/nts: Makefile pkgsrc/editors/pluma: Makefile pkgsrc/editors/retext: Makefile pkgsrc/editors/rox-edit: Makefile pkgsrc/emulators/dynagen: Makefile pkgsrc/emulators/fs-uae-arcade: Makefile pkgsrc/emulators/fs-uae-launcher: Makefile pkgsrc/emulators/gns3: Makefile pkgsrc/emulators/hatari: Makefile pkgsrc/emulators/keystone: Makefile pkgsrc/emulators/libretro-dolphin: Makefile pkgsrc/emulators/mame: Makefile pkgsrc/emulators/openmsx: Makefile pkgsrc/emulators/qemu: Makefile pkgsrc/emulators/simulavr: Makefile pkgsrc/emulators/snes9x-gtk: Makefile pkgsrc/emulators/unicorn: Makefile pkgsrc/filesystems/fuse-gmailfs: Makefile pkgsrc/filesystems/fuse-pcachefs: Makefile pkgsrc/filesystems/fuse-wikipediafs: Makefile pkgsrc/filesystems/glusterfs: Makefile pkgsrc/filesystems/tahoe-lafs: Makefile pkgsrc/finance/gnucash: Makefile pkgsrc/finance/ledger: Makefile pkgsrc/finance/moneyguru: Makefile pkgsrc/fonts/fontforge: Makefile pkgsrc/fonts/mftrace: Makefile pkgsrc/fonts/mkfontalias: Makefile pkgsrc/games/4stAttack: Makefile pkgsrc/games/accelerator3d: Makefile pkgsrc/games/blindmine: Makefile pkgsrc/games/crossfire-server: Makefile pkgsrc/games/duckmaze: Makefile pkgsrc/games/flare-engine: Makefile pkgsrc/games/flare-game: Makefile pkgsrc/games/gcompris: Makefile pkgsrc/games/gnome-games: Makefile pkgsrc/games/jools: Makefile pkgsrc/games/kajongg: Makefile pkgsrc/games/kye: Makefile pkgsrc/games/monsterz: Makefile pkgsrc/games/pysolfc: Makefile pkgsrc/games/pytraffic: Makefile pkgsrc/games/quakeforge: Makefile pkgsrc/games/scid: Makefile pkgsrc/games/singularity: Makefile pkgsrc/games/stegavorto: Makefile pkgsrc/games/teeworlds: Makefile pkgsrc/games/wesnoth: Makefile pkgsrc/geography/gpsd: Makefile pkgsrc/geography/proj-swig: Makefile pkgsrc/geography/qgis: Makefile pkgsrc/graphics/MesaLib: Makefile pkgsrc/graphics/MesaLib18: Makefile pkgsrc/graphics/MesaLib7: Makefile pkgsrc/graphics/aqsis: Makefile pkgsrc/graphics/asymptote: Makefile pkgsrc/graphics/blender: Makefile pkgsrc/graphics/cinepaint: Makefile pkgsrc/graphics/comix: Makefile pkgsrc/graphics/dia-python: Makefile pkgsrc/graphics/edje: Makefile pkgsrc/graphics/eog: Makefile pkgsrc/graphics/gif2png: Makefile pkgsrc/graphics/graphite2: Makefile pkgsrc/graphics/hugin: Makefile pkgsrc/graphics/inkscape: Makefile pkgsrc/graphics/jbig2dec: Makefile pkgsrc/graphics/kiconthemes: Makefile pkgsrc/graphics/krita: Makefile pkgsrc/graphics/lensfun: Makefile pkgsrc/graphics/libepoxy: Makefile pkgsrc/graphics/libscigraphica: Makefile pkgsrc/graphics/mate-backgrounds: Makefile pkgsrc/graphics/mate-icon-theme: Makefile pkgsrc/graphics/mate-icon-theme-faenza: Makefile pkgsrc/graphics/mate-themes: Makefile pkgsrc/graphics/mypaint: Makefile pkgsrc/graphics/opencv: Makefile pkgsrc/graphics/opencv-contrib-face: Makefile pkgsrc/graphics/opencv2: Makefile pkgsrc/graphics/scidavis: Makefile pkgsrc/graphics/scigraphica: Makefile pkgsrc/graphics/skencil: Makefile pkgsrc/graphics/veusz: Makefile pkgsrc/graphics/xdot: Makefile pkgsrc/ham/chirp: Makefile pkgsrc/ham/cwtext: Makefile pkgsrc/ham/gr-fcdproplus: Makefile pkgsrc/ham/gr-osmosdr: Makefile pkgsrc/ham/hackrf: Makefile pkgsrc/ham/uhd: Makefile pkgsrc/inputmethod/ibus: Makefile pkgsrc/inputmethod/ibus-anthy: Makefile pkgsrc/inputmethod/ibus-array: Makefile pkgsrc/inputmethod/ibus-hangul: Makefile pkgsrc/inputmethod/ibus-libpinyin: Makefile pkgsrc/inputmethod/ibus-pinyin: Makefile pkgsrc/inputmethod/ibus-table: Makefile pkgsrc/inputmethod/ibus-table-others: Makefile pkgsrc/inputmethod/ibus-tegaki: Makefile pkgsrc/inputmethod/tegaki-pygtk: Makefile pkgsrc/inputmethod/tegaki-python: Makefile pkgsrc/inputmethod/tegaki-recognize: Makefile pkgsrc/inputmethod/tegaki-tools: Makefile pkgsrc/inputmethod/tegaki-train: Makefile pkgsrc/inputmethod/tegaki-wagomu: Makefile pkgsrc/lang/clang: Makefile pkgsrc/lang/clang-static-analyzer: Makefile pkgsrc/lang/clang-tools-extra: Makefile pkgsrc/lang/compiler-rt: Makefile pkgsrc/lang/coq: Makefile pkgsrc/lang/coreclr: Makefile pkgsrc/lang/gcc8: Makefile pkgsrc/lang/libLLVM: Makefile pkgsrc/lang/libLLVM34: Makefile pkgsrc/lang/libLLVM4: Makefile pkgsrc/lang/likepython: Makefile pkgsrc/lang/llvm: Makefile pkgsrc/lang/micropython: Makefile pkgsrc/lang/mono: Makefile pkgsrc/lang/mono2: Makefile pkgsrc/lang/npm: Makefile pkgsrc/lang/nuitka: Makefile pkgsrc/lang/pfe: Makefile pkgsrc/lang/rust: Makefile pkgsrc/lang/spidermonkey185: Makefile pkgsrc/lang/spidermonkey52: Makefile pkgsrc/mail/archivemail: Makefile pkgsrc/mail/evolution-data-server: Makefile pkgsrc/mail/fetchmailconf: Makefile pkgsrc/mail/getmail: Makefile pkgsrc/mail/mailman: Makefile pkgsrc/mail/newspipe: Makefile pkgsrc/mail/notmuch: Makefile pkgsrc/mail/offlineimap: Makefile pkgsrc/mail/pymsgauth: Makefile pkgsrc/mail/queue-repair: Makefile pkgsrc/mail/roundcube-plugin-enigma: Makefile pkgsrc/mail/roundcube-plugin-password: Makefile pkgsrc/mail/roundcube-plugin-zipdownload: Makefile pkgsrc/mail/rss2email: Makefile pkgsrc/mail/tmda: Makefile pkgsrc/math/cantor: Makefile pkgsrc/math/crfsuite: Makefile pkgsrc/math/djbsort: Makefile pkgsrc/math/gnumeric112: Makefile pkgsrc/math/libshorttext: Makefile pkgsrc/math/libsvm: Makefile pkgsrc/math/maxima: Makefile pkgsrc/math/sundials: Makefile pkgsrc/math/units: Makefile pkgsrc/math/z3: Makefile pkgsrc/meta-pkgs/boost: Makefile pkgsrc/meta-pkgs/bulk-large: Makefile pkgsrc/meta-pkgs/bulk-medium: Makefile pkgsrc/meta-pkgs/bulk-small: Makefile pkgsrc/meta-pkgs/gnome: Makefile pkgsrc/meta-pkgs/py-gnome-bindings: Makefile pkgsrc/meta-pkgs/qmail-server: Makefile pkgsrc/misc/byobu: Makefile pkgsrc/misc/calibre: Makefile pkgsrc/misc/deskbar-applet: Makefile pkgsrc/misc/gaupol: Makefile pkgsrc/misc/khard: Makefile pkgsrc/misc/kig: Makefile pkgsrc/misc/kunitconversion: Makefile pkgsrc/misc/labelnation: Makefile pkgsrc/misc/libkkc-data: Makefile pkgsrc/misc/libmateweather: Makefile pkgsrc/misc/libreoffice: Makefile pkgsrc/misc/mate-calc: Makefile pkgsrc/misc/mate-utils: Makefile pkgsrc/misc/mnemosyne: Makefile pkgsrc/misc/mtail: Makefile pkgsrc/misc/orca: Makefile pkgsrc/misc/rlwrap: Makefile pkgsrc/misc/routeplanner-cli: Makefile pkgsrc/misc/rox-memo: Makefile pkgsrc/misc/superkaramba: Makefile pkgsrc/misc/tellico: Makefile pkgsrc/misc/todoman: Makefile pkgsrc/multimedia/farsight2: Makefile pkgsrc/multimedia/kodi: Makefile pkgsrc/multimedia/mate-media: Makefile pkgsrc/multimedia/mpv: Makefile pkgsrc/multimedia/pitivi: Makefile pkgsrc/multimedia/streamlink: Makefile pkgsrc/net/Radicale: Makefile pkgsrc/net/Radicale2: Makefile pkgsrc/net/bittornado: Makefile pkgsrc/net/bittornado-gui: Makefile pkgsrc/net/bittorrent: Makefile pkgsrc/net/bittorrent-gui: Makefile pkgsrc/net/calypso: Makefile pkgsrc/net/coda: Makefile pkgsrc/net/coherence: Makefile pkgsrc/net/coursera-dl: Makefile pkgsrc/net/exabgp: Makefile pkgsrc/net/flow-tools: Makefile pkgsrc/net/freeradius-python: Makefile pkgsrc/net/gallery-dl: Makefile pkgsrc/net/gitso: Makefile pkgsrc/net/glib-networking: Makefile pkgsrc/net/gupnp: Makefile pkgsrc/net/httpstat: Makefile pkgsrc/net/ipcheck: Makefile pkgsrc/net/knot: Makefile pkgsrc/net/mate-user-share: Makefile pkgsrc/net/mimms: Makefile pkgsrc/net/mitmproxy: Makefile pkgsrc/net/nagstamon: Makefile pkgsrc/net/ndiff: Makefile pkgsrc/net/netatalk3: Makefile pkgsrc/net/netatalk30: Makefile pkgsrc/net/nicotine: Makefile pkgsrc/net/nicovideo-dl: Makefile pkgsrc/net/ntop: Makefile pkgsrc/net/nyx: Makefile pkgsrc/net/omniORB: Makefile pkgsrc/net/onionbalance: Makefile pkgsrc/net/openconnect: Makefile pkgsrc/net/pygopherd: Makefile pkgsrc/net/rabbitmq: Makefile pkgsrc/net/ruby-recog: Makefile pkgsrc/net/samba4: Makefile pkgsrc/net/scapy: Makefile pkgsrc/net/speedtest-cli: Makefile pkgsrc/net/syncthing-gtk: Makefile pkgsrc/net/upnpinspector: Makefile pkgsrc/net/wireshark: Makefile pkgsrc/net/youtube-dl: Makefile pkgsrc/net/zenmap: Makefile pkgsrc/news/hellanzb: Makefile pkgsrc/news/lottanzb: Makefile pkgsrc/parallel/ganglia-monitor-core: Makefile pkgsrc/parallel/slurm-wlm: Makefile pkgsrc/pkgtools/gnome-packagekit: Makefile pkgsrc/pkgtools/packagekit: Makefile pkgsrc/print/atril: Makefile pkgsrc/print/bg5pdf: Makefile pkgsrc/print/bg5ps: Makefile pkgsrc/print/electrix: Makefile pkgsrc/print/hplip: Makefile pkgsrc/print/lilypond: Makefile pkgsrc/print/pdf-redact-tools: Makefile pkgsrc/print/pdfshuffler: Makefile pkgsrc/print/poppler-glib: Makefile pkgsrc/print/scribus-qt4: Makefile pkgsrc/print/tex-changes: Makefile pkgsrc/print/tex-minted: Makefile pkgsrc/security/PACK: Makefile pkgsrc/security/botan: Makefile pkgsrc/security/botan-devel: Makefile pkgsrc/security/fail2ban: Makefile pkgsrc/security/flawfinder: Makefile pkgsrc/security/fsh: Makefile pkgsrc/security/hitch: Makefile pkgsrc/security/kwallet: Makefile pkgsrc/security/libprelude-python: Makefile pkgsrc/security/libpreludedb-python: Makefile pkgsrc/security/mate-polkit: Makefile pkgsrc/security/mbedtls: Makefile pkgsrc/security/mixminion: Makefile pkgsrc/security/pcsc-lite: Makefile pkgsrc/security/prelude-correlator: Makefile pkgsrc/security/pyca: Makefile pkgsrc/security/sqlmap: Makefile pkgsrc/security/sshfp: Makefile pkgsrc/security/volatility: Makefile pkgsrc/shells/autojump: Makefile pkgsrc/shells/fish: Makefile pkgsrc/shells/lshell: Makefile pkgsrc/shells/xonsh: Makefile pkgsrc/sysutils/ansible2: Makefile pkgsrc/sysutils/binwalk: Makefile pkgsrc/sysutils/bup: Makefile pkgsrc/sysutils/caja: Makefile pkgsrc/sysutils/caja-dropbox: Makefile pkgsrc/sysutils/caja-extensions: Makefile pkgsrc/sysutils/cuisine: Makefile pkgsrc/sysutils/dbus-python-common: Makefile pkgsrc/sysutils/dupeguru: Makefile pkgsrc/sysutils/duplicity: Makefile pkgsrc/sysutils/fabric: Makefile pkgsrc/sysutils/gnome-commander: Makefile pkgsrc/sysutils/htop: Makefile pkgsrc/sysutils/kfilemetadata5: Makefile pkgsrc/sysutils/libvirt: Makefile pkgsrc/sysutils/lnav: Makefile pkgsrc/sysutils/logfinder: Makefile pkgsrc/sysutils/manifold: Makefile pkgsrc/sysutils/mate-notification-daemon: Makefile pkgsrc/sysutils/mate-power-manager: Makefile pkgsrc/sysutils/mate-sensors-applet: Makefile pkgsrc/sysutils/monitoring: Makefile pkgsrc/sysutils/munin-doc: Makefile pkgsrc/sysutils/munin-node: Makefile pkgsrc/sysutils/openstack_init: Makefile pkgsrc/sysutils/openxenmanager: Makefile pkgsrc/sysutils/ovmf: Makefile pkgsrc/sysutils/polysh: Makefile pkgsrc/sysutils/rdiff-backup: Makefile pkgsrc/sysutils/rsyslog: Makefile pkgsrc/sysutils/rsyslog-dbi: Makefile pkgsrc/sysutils/rsyslog-elasticsearch: Makefile pkgsrc/sysutils/rsyslog-gnutls: Makefile pkgsrc/sysutils/rsyslog-gssapi: Makefile pkgsrc/sysutils/rsyslog-kafka: Makefile pkgsrc/sysutils/rsyslog-libgcrypt: Makefile pkgsrc/sysutils/rsyslog-mysql: Makefile pkgsrc/sysutils/rsyslog-omprog: Makefile pkgsrc/sysutils/rsyslog-pgsql: Makefile pkgsrc/sysutils/rsyslog-rabbitmq: Makefile pkgsrc/sysutils/rsyslog-relp: Makefile pkgsrc/sysutils/rsyslog-snmp: Makefile pkgsrc/sysutils/salt: Makefile pkgsrc/sysutils/salt-docs: Makefile pkgsrc/sysutils/tdir: Makefile pkgsrc/sysutils/virt-manager: Makefile pkgsrc/sysutils/virtinst: Makefile pkgsrc/sysutils/vxargs: Makefile pkgsrc/sysutils/xenkernel411: Makefile pkgsrc/sysutils/xenkernel42: Makefile pkgsrc/sysutils/xenkernel45: Makefile pkgsrc/sysutils/xenkernel46: Makefile pkgsrc/sysutils/xenkernel48: Makefile pkgsrc/sysutils/xenstoretools: Makefile pkgsrc/sysutils/xentools411: Makefile pkgsrc/sysutils/xentools42: Makefile pkgsrc/sysutils/xentools45: Makefile pkgsrc/sysutils/xentools46: Makefile pkgsrc/sysutils/xentools48: Makefile pkgsrc/textproc/asciidoc: Makefile pkgsrc/textproc/cmark: Makefile pkgsrc/textproc/coccigrep: Makefile pkgsrc/textproc/csvkit: Makefile pkgsrc/textproc/csvtomd: Makefile pkgsrc/textproc/dblatex: Makefile pkgsrc/textproc/doclifter: Makefile pkgsrc/textproc/gnome-doc-utils: Makefile pkgsrc/textproc/gtk-doc: Makefile pkgsrc/textproc/icu: Makefile pkgsrc/textproc/iso-codes: Makefile pkgsrc/textproc/ispell-lt: Makefile pkgsrc/textproc/itstool: Makefile pkgsrc/textproc/kapidox: Makefile pkgsrc/textproc/libplist: Makefile pkgsrc/textproc/libxlsxwriter: Makefile pkgsrc/textproc/queequeg: Makefile pkgsrc/textproc/rubber: Makefile pkgsrc/textproc/serd: Makefile pkgsrc/textproc/sord: Makefile pkgsrc/textproc/subliminal: Makefile pkgsrc/textproc/translate-toolkit: Makefile pkgsrc/textproc/xmlada: Makefile pkgsrc/textproc/xxdiff-scripts: Makefile pkgsrc/textproc/yelp-tools: Makefile pkgsrc/textproc/yelp-xsl: Makefile pkgsrc/textproc/yodl: Makefile pkgsrc/time/etm: Makefile pkgsrc/time/hamster-applet: Makefile pkgsrc/time/khal: Makefile pkgsrc/time/ntpsec: Makefile pkgsrc/time/wxRemind: Makefile pkgsrc/wm/bmpanel2: Makefile pkgsrc/wm/ccsm: Makefile pkgsrc/wm/marco: Makefile pkgsrc/wm/mate-netbook: Makefile pkgsrc/wm/openbox: Makefile pkgsrc/wm/oroborox: Makefile pkgsrc/www/aws: Makefile pkgsrc/www/bluefish: Makefile pkgsrc/www/browser-bookmarks-menu: Makefile pkgsrc/www/cherokee: Makefile pkgsrc/www/clearsilver: Makefile pkgsrc/www/cliqz: Makefile pkgsrc/www/cppcms: Makefile pkgsrc/www/ies4linux: Makefile pkgsrc/www/ikiwiki: Makefile pkgsrc/www/libpsl: Makefile pkgsrc/www/loggerhead: Makefile pkgsrc/www/nghttp2: Makefile pkgsrc/www/php-concrete5: Makefile pkgsrc/www/php-nextcloud: Makefile pkgsrc/www/php-owncloud: Makefile pkgsrc/www/py-flask-restplus: Makefile pkgsrc/www/ruby-pygments.rb: Makefile pkgsrc/www/trac: Makefile pkgsrc/www/trafficserver: Makefile pkgsrc/www/urlgrabber: Makefile pkgsrc/www/varnish: Makefile pkgsrc/www/viewvc: Makefile pkgsrc/www/webkit-gtk: Makefile pkgsrc/www/zopeedit: Makefile pkgsrc/x11/alacarte: Makefile pkgsrc/x11/arandr: Makefile pkgsrc/x11/avant-window-navigator: Makefile pkgsrc/x11/caribou: Makefile pkgsrc/x11/driconf: Makefile pkgsrc/x11/gnome-applets: Makefile pkgsrc/x11/gnome-desktop: Makefile pkgsrc/x11/gnome-mag: Makefile pkgsrc/x11/gnome-terminal: Makefile pkgsrc/x11/gtk2: Makefile pkgsrc/x11/gtkada: Makefile pkgsrc/x11/kconfigwidgets: Makefile pkgsrc/x11/kde-runtime4: Makefile pkgsrc/x11/kde-workspace4: Makefile pkgsrc/x11/kde4-l10n-sr: Makefile pkgsrc/x11/kitty: Makefile pkgsrc/x11/ktextwidgets: Makefile pkgsrc/x11/kxmlgui: Makefile pkgsrc/x11/libdesktop-agnostic: Makefile pkgsrc/x11/libmatekbd: Makefile pkgsrc/x11/libxcb: Makefile pkgsrc/x11/mate-applets: Makefile pkgsrc/x11/mate-control-center: Makefile pkgsrc/x11/mate-desktop: Makefile pkgsrc/x11/mate-indicator-applet: Makefile pkgsrc/x11/mate-menus: Makefile pkgsrc/x11/mate-panel: Makefile pkgsrc/x11/mate-screensaver: Makefile pkgsrc/x11/mate-session-manager: Makefile pkgsrc/x11/mate-settings-daemon: Makefile pkgsrc/x11/mate-terminal: Makefile pkgsrc/x11/mozo: Makefile pkgsrc/x11/qt5-qtdeclarative: Makefile pkgsrc/x11/qt5-qtwebkit: Makefile pkgsrc/x11/rox-session: Makefile pkgsrc/x11/rox-wallpaper: Makefile pkgsrc/x11/xcb-proto: Makefile Log Message: PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Wed May 15 09:07:21 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba4: updated to 4.10.3 Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum). To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/samba4/distinfo @ text @d3 4 a6 4 SHA1 (samba-4.10.3.tar.gz) = e37c84ba448fb942479742ab56d265ba9855c366 RMD160 (samba-4.10.3.tar.gz) = c57512aa01094f0f9f5e4df0d09b50548e5a35ab SHA512 (samba-4.10.3.tar.gz) = b247eaf4438b219ed0fdbc8dbdef94798cdb3eb5eb39831e89f2955842576ac90aa9201323ce6976f0e93dba69c6c6b7842d7bfc9e0a97ac9986d2f6a31882f8 Size (samba-4.10.3.tar.gz) = 18281572 bytes @ 1.24 log @py-twine: updated to 1.13.0 Twine is a utility for publishing Python packages on PyPI. It provides build system independent uploads of source and binary distribution artifacts for both new and existing projects. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2019/03/01 20:03:24 roy Exp $ d3 4 a6 4 SHA1 (samba-4.9.5.tar.gz) = a79e3f75903daa46318cdf1f2c19efb615ec0920 RMD160 (samba-4.9.5.tar.gz) = a29749fbfd2441ee5989fc26ed133308207b154c SHA512 (samba-4.9.5.tar.gz) = 0ce49721dcd1b16148448bdf516c42f8fdeb3cb48e7fa8113fac508f8585251ead23d5b679f99eb7925e7a6fbedc2da75d339946b0cecb15698f3ea0cb542750 Size (samba-4.9.5.tar.gz) = 18065757 bytes d8 2 a9 2 SHA1 (patch-buildtools_wafsamba_samba__install.py) = 82e91af3125931767df06821983d40e6f94140c3 SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = 1469d23fd2094ce0ecf979df6ff8cfd69fae53a6 d12 1 a12 2 SHA1 (patch-dynconfig_wscript) = b77bc4aabaab2943962112c51dc539a65d015400 SHA1 (patch-lib_ldb_ldb__mdb_ldb__mdb.c) = e6d10c0eb44bbad4fbdd52a9e66116ead8e1818d d14 1 a14 1 SHA1 (patch-lib_replace_wscript) = b6a042c2c13c0be78d7b64c0ce2efdaf4bbb1f3b d16 1 d18 1 d20 1 a21 1 SHA1 (patch-source4_torture_local_nss__tests.c) = 8c878a8ed771ba996a7a325a1ad41bd13016c70c @ 1.23 log @Add a patch taken from upstream to allow smbd to work when winbindd has been started but not configured. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2018/12/22 01:13:52 adam Exp $ d3 5 a7 4 SHA1 (samba-4.9.4.tar.gz) = 7f8e15709e03e52d14bd9c85dd717366c106993f RMD160 (samba-4.9.4.tar.gz) = d0a43b85b85906f860de12b0b0abb1fcc5643b7a SHA512 (samba-4.9.4.tar.gz) = ecd9937caa12d409b9b4cf34982b1670346fa64c7ecd111b390e296771476e13eb7b868997bfe489f36b7bdc5c9fc3af42cd5ad276e9d85aaedfa8ac4cfc0617 Size (samba-4.9.4.tar.gz) = 18053738 bytes a17 1 SHA1 (patch-source3_auth_token_util.c) = fbe67b501fa4325c9fb3e37c51bc424847f5e908 @ 1.22 log @samba4: buidling fixes PkgSrc changes: * fix building on Darwin and probably other systems as well * install manpages * use correct install_name on Darwin * does not collide with p5-Parse-Yapp anymore * use cmocka and libgcrypt * clean-ups @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2018/12/20 21:18:22 adam Exp $ d17 1 @ 1.21 log @samba4: updated to 4.9.4 Release Notes for Samba 4.9.4 Major bug fixes include: o dns: Fix CNAME loop prevention using counter regression. Changes since 4.9.3: * BUG 9175: libcli/smb: Don't overwrite status code. * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work. * BUG 13661: Session setup reauth fails to sign response. * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream. * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing. * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name. * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. * PEP8: fix E231: missing whitespace after ','. * BUG 13629: winbindd: Fix crash when taking profiles. * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression. * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. * BUG 13571: CVE-2018-16853: Do not segfault if client is not set. * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation. * BUG 13696: ctdb-daemon: Exit with error if a database directory does not exist. * BUG 13498: s3:libads: Add net ads leave keep-account option. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2018/11/29 14:46:46 taca Exp $ d7 2 d10 3 a12 2 SHA1 (patch-dynconfig_wscript) = 4d769a4d07487b5f62c112d3b0095196bb058117 SHA1 (patch-lib_ldb_ldb__mdb_ldb__mdb.c) = 3dcee7618a15058351d488ad003929effa100e41 a16 1 SHA1 (patch-pidl_lib_wscript__build) = 82a4b42c20df7e6d8927b53471123f0536c81866 d19 1 @ 1.20 log @net/samba4: update to 4.9.3 ============================= Release Notes for Samba 4.9.3 November 27, 2018 ============================= This is a security release in order to address the following defects: o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) ======= Details ======= o CVE-2018-14629: All versions of Samba from 4.0.0 onwards are vulnerable to infinite query recursion caused by CNAME loops. Any dns record can be added via ldap by an unprivileged user using the ldbadd tool, so this is a security issue. o CVE-2018-16841: When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16851: During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16852: During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service. o CVE-2018-16853: A user in a Samba AD domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory we clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. o CVE-2018-16857: AD DC Configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. For more details and workarounds, please refer to the security advisories. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2018/11/23 07:30:02 ryoon Exp $ d3 4 a6 4 SHA1 (samba-4.9.3.tar.gz) = 99d9006495aa5d0c4b904ff8ab0b8daf0e694183 RMD160 (samba-4.9.3.tar.gz) = 830c0052e6704f97e1d3c6d07564e9cb0fc4d928 SHA512 (samba-4.9.3.tar.gz) = bdcba835857f1f41d47932e5c06cff446301c916b78195124814eac89dfce93f12e6e7aa1b53cfff30fdd12d8ce6409dda4e454d8f26fb7ea8e0a97996f93783 Size (samba-4.9.3.tar.gz) = 18043670 bytes @ 1.19 log @Update to 4.9.2 Changelog: * Many bugfixes * Update some bundled libraries @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2018/09/20 18:24:08 tnn Exp $ d3 4 a6 4 SHA1 (samba-4.9.2.tar.gz) = 3b777a95aed4946717094bbe830279ba5ee2370f RMD160 (samba-4.9.2.tar.gz) = 4db2cf6684e724514f3ea1eaa7ed93c756f72f28 SHA512 (samba-4.9.2.tar.gz) = 67de5faeda45e5c245bf02cc195cdf9ca4b63f17625837badf7c50d97250e94de5309c9ef824bd7890bc771b1dc0a3bfbafea09880850b5167f0bf8a8ef488ed Size (samba-4.9.2.tar.gz) = 18042752 bytes @ 1.18 log @samba4: fix PLIST error if building while pkg is already installed @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2017/11/11 01:32:47 jklos Exp $ d3 4 a6 4 SHA1 (samba-4.6.8.tar.gz) = 744fa10e3ad8ea7219e51c27f3792d99e25782be RMD160 (samba-4.6.8.tar.gz) = 3ecde1cfe97ce50d4864bf5c8e732127f13468bb SHA512 (samba-4.6.8.tar.gz) = fb40144210361bdeab09007aa49fa85077fbc8eeae2c49bcdafb01d33ec40425160882979f0829005a89766ed4fd4e36d7f952f6dbf6e0178f5b0945dc8d8efb Size (samba-4.6.8.tar.gz) = 21139872 bytes d9 1 a9 1 SHA1 (patch-lib_nss__wrapper_nss__wrapper.c) = c692fa33ec17ed4f1dc1e40c1fadf7846d976824 d12 1 a12 1 SHA1 (patch-lib_tevent_wscript) = 9617b9e40d2ffc8d6297390a20ba9bd44147d669 a14 1 SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 4b4be0691322afc70769602069c8a1bbd81ab639 d16 1 a16 2 SHA1 (patch-source4_scripting_wsript_build) = 6053076427835ac4fe97d93b2ff67d2caccc71f4 SHA1 (patch-testprogs_blackbox_dbcheck-oldrelease.sh) = 0bd2067b77a1db93e3cb5d80964a7be2b06802ff @ 1.17 log @Fixes PR # 52711. Allows installation of package in /usr/local LOCALBASE. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2017/09/20 15:14:30 taca Exp $ d14 1 @ 1.16 log @net/samba4: update to 4.6.8, security fix ============================= Release Notes for Samba 4.6.8 September 20, 2017 ============================= This is a security release in order to address the following defects: o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they should) o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects) o CVE-2017-12163 (Server memory information leak over SMB1) ======= Details ======= o CVE-2017-12150: A man in the middle attack may hijack client connections. o CVE-2017-12151: A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used SMB3. o CVE-2017-12163: Client with write access to a share can cause server memory contents to be written into a file or printer. For more details and workarounds, please see the security advisories: o https://www.samba.org/samba/security/CVE-2017-12150.html o https://www.samba.org/samba/security/CVE-2017-12151.html o https://www.samba.org/samba/security/CVE-2017-12163.html Changes since 4.6.7: -------------------- o Jeremy Allison * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async. * BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file. o Ralph Boehme * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly. o Stefan Metzmacher * BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs redirects. * BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing when they should. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2017/09/18 06:41:46 taca Exp $ d8 1 @ 1.15 log @net/samba4: update to 4.6.7 4.6.7 (2017/08/09): the latest stable release of the Samba 4.6 release series. Changes since 4.6.6 --------------------- o Jeremy Allison * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async. o Andrew Bartlett * BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified. o Ralph Boehme * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly. * BUG 12910: s3/notifyd: Ensure notifyd doesn't return from smbd_notifyd_init. o Günther Deschner * BUG 12840: vfs_fruit: Add fruit:model = parametric option. o David Disseldorp * BUG 12911: vfs_ceph: Fix cephwrap_chdir(). o Dustin L. Howett * BUG 12720: idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN. o Thomas Jarosch * BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p. o Volker Lendecke * BUG 12925: smbd: Fix a connection run-down race condition. o Stefan Metzmacher * BUG 12782: winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change. * BUG 12890: s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface(). o Noel Power * BUG 12937: smbcacls: Don't fail against a directory on Windows using SMB2. o Arvid Requate * BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping. o Garming Sam * BUG 12813: dnsserver: Stop dns_name_equal doing OOB read. o Andreas Schneider * BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for authentication. o Martin Schwenke * BUG 12898: ctdb-common: Set close-on-exec when creating PID file. 4.6.6 (2017/07/12): security release in order to address the following defect: o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) Changes since 4.6.5: --------------------- o Jeffrey Altman * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation 4.6.5 (2017/06/06): the latest stable release of the Samba 4.6 release series. Changes since 4.6.4: --------------------- o Jeremy Allison * BUG 12804: s3: VFS: Catia: Ensure path name is also converted. o Christian Ambach * BUG 12765: s3:smbcacls add prompt for password. o Ralph Boehme * BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if ignore_system_acls is set. * BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory. * BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool. * BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area. * BUG 12798: s3/smbd: Fix exclusive lease optimisation. o Alexander Bokovoy * BUG 12751: Allow passing trusted domain password as plain-text to PASSDB layer. * BUG 12764: systemd: Fix detection of libsystemd. o Amitay Isaacs * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to complete. * BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value. o Shilpa Krishnareddy * BUG 12756: notify: Fix ordering of events in notifyd. o Volker Lendecke * BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails. o Stefan Metzmacher * BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions immediately. o Doug Nazar * BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array. o Andreas Schneider * BUG 12687: vfs_expand_msdfs tries to open the remote address as a file path. o Martin Schwenke * BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes with wrong exit code. * BUG 12814: ctdb-common: Fix crash in logging initialisation. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2017/06/27 13:37:16 fhajny Exp $ d3 4 a6 4 SHA1 (samba-4.6.7.tar.gz) = 260053cf4b7b17607a8a94e8bf740979183efadd RMD160 (samba-4.6.7.tar.gz) = d755e6419a029dcf819ac12b4e6a8fe28da12b92 SHA512 (samba-4.6.7.tar.gz) = 394c28204bae4134e6a9d2e5b8f087a425dc4ac4ceecd8b29315acff1a92349d40ef0b6a9cc34f5ad18ff5ec9979199837c87f687858cb4e6687968284303aa5 Size (samba-4.6.7.tar.gz) = 21137329 bytes @ 1.14 log @Substitute SYSCONFDIR assumed by the embedded Heimdal code properly. Fixes calls to e.g. krb5.keytab that were hardcoded to /etc. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2017/05/24 15:51:32 he Exp $ d3 4 a6 4 SHA1 (samba-4.6.4.tar.gz) = eabfbb4d4ed17e25feb1aec81187011fca0f5f8a RMD160 (samba-4.6.4.tar.gz) = 91b77289adb41b1570e82411795fd8e7bb9a7543 SHA512 (samba-4.6.4.tar.gz) = c20e6ad35b701816c35959fd242470dd899fb1b0bf02277ebdc87624dc1059199854b8d759374ab8b23f4842aa01347389a34319635091ade5afb5a94810eac1 Size (samba-4.6.4.tar.gz) = 21108045 bytes @ 1.13 log @Update samba4 to version 4.6.4. Pkgsrc changes: * Adapt PLIST, new .so installed. Upstream changes: Changes since 4.6.3: --------------------- o Volker Lendecke * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable share. Changes since 4.6.2: -------------------- o Michael Adam * BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend. o Jeremy Allison * BUG 12559: Fix for Solaris C compiler. * BUG 12628: s3: locking: Update oplock optimization for the leases era. * BUG 12693: Make the Solaris C compiler happy. * BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. * BUG 12747: Fix buffer overflow caused by wrong use of getgroups. o Hanno Boeck * BUG 12746: lib: debug: Avoid negative array access. * BUG 12748: cleanupdb: Fix a memory read error. o Ralph Boehme * BUG 7537: streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY. * BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from other backends. * BUG 12565: vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY. * BUG 12615: manpages/vfs_fruit: Document global options. * BUG 12624: lib/pthreadpool: Fix a memory leak. * BUG 12727: Lookup-domain for well-known SIDs on a DC. * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation. o Alexander Bokovoy * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case. * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4. o Amitay Isaacs * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to complete. * BUG 12723: ctdb_event monitor command crashes if event is not specified. * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'. o Volker Lendecke * BUG 12558: smbd: Fix smb1 findfirst with DFS. * BUG 12610: smbd: Do an early exit on negprot failure. * BUG 12699: winbindd: Fix substitution for 'template homedir'. o Stefan Metzmacher * BUG 12554: s4:kdc: Disable principal based autodetected referral detection. * BUG 12613: idmap_autorid: Allocate new domain range if the callers knows the sid is valid. * BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path. * BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain. * BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again. o Christof Schmitt * BUG 12725: winbindd: Fix password policy for pam authentication. o Andreas Schneider * BUG 12554: s3:gse: Correctly handle external trusts with MIT. * BUG 12611: auth/credentials: Always set the realm if we set the principal from the ccache. * BUG 12686: replace: Include sysmacros.h. * BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file. * BUG 12704: s3:libsmb: Only print error message if kerberos use is forced. * BUG 12708: winbindd: Child process crashes when kerberos-authenticating a user with wrong password. o Uri Simchoni * BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to CNID semantics. * BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2017/04/08 08:56:27 ryoon Exp $ d14 1 @ 1.12 log @Update to 4.6.2 * Use internal heimdal Changelog: Changes since 4.6.1: -------------------- o Jeremy Allison * BUG 12721: Fix regression with "follow symlinks = no". Changes since 4.6.0: -------------------- o Jeremy Allison * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share directory. o Ralph Boehme * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share directory. CHANGES SINCE 4.6.0rc4 ====================== o Jeremy Allison * BUG 12592: Fix several issues found by covscan. * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. o Ralph Boehme * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream. * BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is set to "file". * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch. o Volker Lendecke * BUG 12612: Re-enable token groups fallback. o Stefan Metzmacher * BUG 9048: Samba4 ldap error codes. * BUG 12557: gensec:spnego: Add debug message for the failed principal. * BUG 12605: s3:winbindd: Fix endless forest trust scan. * BUG 12612: winbindd: Find the domain based on the sid within wb_lookupusergroups_send(). o Andreas Schneider * BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly. * BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash manpage. * BUG 12592: Fix several issues found by covscan. o Martin Schwenke * BUG 12592: ctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS). CHANGES SINCE 4.6.0rc3 ====================== o Jeremy Allison * BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType". * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution. o Ralph Boehme * BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD. * BUG 12536: s3/smbd: Check for invalid access_mask smbd_calculate_access_mask(). * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp. o Amitay Isaacs * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler(). * BUG 12595: build: Fix generation of CTDB manpages while creating tarball. o Bryan Mason * BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if AUTH_INFO_REQUIRED is not set or is not "negotiate". o Stefan Metzmacher * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP against trusted domains. * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the trust password. * BUG 12585: librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping. * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without netr_LogonSamLogonEx. * BUG 12587: winbindd child segfaults on connect to an NT4 domain. * BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK with a valid tree connect. * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain, while it shouldn't. * BUG 12601: Backport pytalloc_GenericObject_reference() related changes to 4.6. o Garming Sam * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are alive. o Andreas Schneider * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir(). o Martin Schwenke * BUG 12589: CTDB statd-callout does not cause grace period when CTDB_NFS_CALLOUT="". * BUG 12595: ctdb-build: Fix RPM build. CHANGES SINCE 4.6.0rc2 ====================== o Jeremy Allison * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly. * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck(). * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories. o Andrew Bartlett * BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and use_xattrs. * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and requiredFeatures. * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a rename. o Ralph Boehme * BUG 12184: s3/rpc_server: Shared rpc modules loading. * BUG 12520: Ensure global "smb encrypt = off" is effective. * BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem. * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses readdirattr. o Volker Lendecke * BUG 12551: smbd: Fix "map acl inherit" = yes. o Stefan Metzmacher * BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S * BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot. o John Mulligan * BUG 12542: docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage. o Andreas Schneider * BUG 12552: waf: Do not install the unit test binary for krb5samba. o Amitay Isaacs * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel. * BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value. o Garming Sam * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a rename. o Uri Simchoni * BUG 12529: waf: Backport finding of pkg-config. CHANGES SINCE 4.6.0rc1 ====================== o Amitay Isaacs * BUG 12469: CTDB lock helper getting stuck trying to lock a record. * BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket I/O. * BUG 12510: sock_daemon_test 4 crashes with SEGV. * BUG 12513: ctdb-daemon: Remove stale eventd socket. o Björn Jacke * BUG 12535: vfs_default: Unlock the right file in copy chunk. o Volker Lendecke * BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets. * BUG 12538: Backport winbind fixes. o Stefan Metzmacher * BUG 12501: s3:winbindd: talloc_steal the extra_data in winbindd_list_users_recv(). o Martin Schwenke * BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to send. * BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp". * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple 'default' entries. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2016/07/07 16:44:14 taca Exp $ d3 4 a6 4 SHA1 (samba-4.6.2.tar.gz) = a369c58a8abe1b0035132d2b3b4919e26d8a840a RMD160 (samba-4.6.2.tar.gz) = f153cb7259dd211805bffc87536133279bab4eed SHA512 (samba-4.6.2.tar.gz) = d64129b7fc65bf30cc06e34a07ac5cf04b52bf6639950eff48ae0ec27b0de44614df6a7c44b62b1859553fc7051f493b2d8216739da2232ac1caeaea81d328df Size (samba-4.6.2.tar.gz) = 21097045 bytes @ 1.11 log @Update samba4 to 4.3.11 (Samba 4.3.11), including security fix for CVE-2016-2119. Changes from 4.3.9 to 4.3.10 are too many to write here, please refer WHATSNEW.txt file. ============================== Release Notes for Samba 4.3.11 July 07, 2016 ============================== This is a security release in order to address the following defect: o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded) ======= Details ======= o CVE-2016-2119: It's possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can impersonate a server being connected to by Samba, and return malicious results. The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking to domain controllers as a member server, and trusted domains as a domain controller. These DCE/RPC connections were intended to protected by the combination of "client ipc signing" and "client ipc max protocol" in their effective default settings ("mandatory" and "SMB3_11"). Additionally, management tools like net, samba-tool and rpcclient use DCERPC over SMB2/3 connections. By default, other tools in Samba are unprotected, but rarely they are configured to use smb signing, via the "client signing" parameter (the default is "if_required"). Even more rarely the "client max protocol" is set to SMB2, rather than the NT1 default. If both these conditions are met, then this issue would also apply to these other tools, including command line tools like smbcacls, smbcquota, smbclient, smbget and applications using libsmbclient. Changes since 4.3.10: -------------------- o Stefan Metzmacher * BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade. * BUG 11948: Total dcerpc response payload more than 0x400000. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2016/05/07 03:09:33 taca Exp $ d3 4 a6 4 SHA1 (samba-4.3.11.tar.gz) = 44399fdcbcf5eba5f86548781e8aef490264de6b RMD160 (samba-4.3.11.tar.gz) = 641234bb6e4f1ef8d65ab3f0c9b90ede41dd2f89 SHA512 (samba-4.3.11.tar.gz) = 7b9bcdf158c64a26c81e5a03a94a521f238a7573ab31c1252e90f2604ae0d1303c998d3bcda18c4feb9049a659371a3af2bdfcc546b5251314f19a500b6a0b7a Size (samba-4.3.11.tar.gz) = 20573432 bytes d9 1 a9 1 SHA1 (patch-lib_param_loadparm.h) = d1c9df37bb9969d2788dd70e613067df6bb64f26 d13 1 a13 1 SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 26cd7dc3a5a282f5b80e00b52db6abd722555254 @ 1.11.6.1 log @Pullup ticket #5431 - requested by he net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.28-1.30 - net/samba4/PLIST 1.11-1.12 - net/samba4/distinfo 1.12-1.13 - net/samba4/options.mk 1.4 - net/samba4/patches/patch-lib_param_loadparm.h 1.2 - net/samba4/patches/patch-source3_script_tests_test__smbclient__s3.sh 1.3 --- Module Name: pkgsrc Committed By: ryoon Date: Sat Apr 8 08:56:27 UTC 2017 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo options.mk pkgsrc/net/samba4/patches: patch-lib_param_loadparm.h patch-source3_script_tests_test__smbclient__s3.sh Log Message: Update to 4.6.2 * Use internal heimdal Changelog: Changes since 4.6.1: -------------------- o Jeremy Allison * BUG 12721: Fix regression with "follow symlinks = no". Changes since 4.6.0: -------------------- o Jeremy Allison * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share directory. o Ralph Boehme * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share directory. CHANGES SINCE 4.6.0rc4 ====================== o Jeremy Allison * BUG 12592: Fix several issues found by covscan. * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. o Ralph Boehme * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream. * BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is set to "file". * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch. o Volker Lendecke * BUG 12612: Re-enable token groups fallback. o Stefan Metzmacher * BUG 9048: Samba4 ldap error codes. * BUG 12557: gensec:spnego: Add debug message for the failed principal. * BUG 12605: s3:winbindd: Fix endless forest trust scan. * BUG 12612: winbindd: Find the domain based on the sid within wb_lookupusergroups_send(). o Andreas Schneider * BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly. * BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash manpage. * BUG 12592: Fix several issues found by covscan. o Martin Schwenke * BUG 12592: ctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS). CHANGES SINCE 4.6.0rc3 ====================== o Jeremy Allison * BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType". * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution. o Ralph Boehme * BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD. * BUG 12536: s3/smbd: Check for invalid access_mask smbd_calculate_access_mask(). * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp. o Amitay Isaacs * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler(). * BUG 12595: build: Fix generation of CTDB manpages while creating tarball. o Bryan Mason * BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if AUTH_INFO_REQUIRED is not set or is not "negotiate". o Stefan Metzmacher * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP against trusted domains. * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the trust password. * BUG 12585: librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping. * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without netr_LogonSamLogonEx. * BUG 12587: winbindd child segfaults on connect to an NT4 domain. * BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK with a valid tree connect. * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain, while it shouldn't. * BUG 12601: Backport pytalloc_GenericObject_reference() related changes to 4.6. o Garming Sam * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are alive. o Andreas Schneider * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir(). o Martin Schwenke * BUG 12589: CTDB statd-callout does not cause grace period when CTDB_NFS_CALLOUT="". * BUG 12595: ctdb-build: Fix RPM build. CHANGES SINCE 4.6.0rc2 ====================== o Jeremy Allison * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly. * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck(). * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories. o Andrew Bartlett * BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and use_xattrs. * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and requiredFeatures. * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a rename. o Ralph Boehme * BUG 12184: s3/rpc_server: Shared rpc modules loading. * BUG 12520: Ensure global "smb encrypt = off" is effective. * BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem. * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses readdirattr. o Volker Lendecke * BUG 12551: smbd: Fix "map acl inherit" = yes. o Stefan Metzmacher * BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S * BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot. o John Mulligan * BUG 12542: docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage. o Andreas Schneider * BUG 12552: waf: Do not install the unit test binary for krb5samba. o Amitay Isaacs * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel. * BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value. o Garming Sam * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a rename. o Uri Simchoni * BUG 12529: waf: Backport finding of pkg-config. CHANGES SINCE 4.6.0rc1 ====================== o Amitay Isaacs * BUG 12469: CTDB lock helper getting stuck trying to lock a record. * BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket I/O. * BUG 12510: sock_daemon_test 4 crashes with SEGV. * BUG 12513: ctdb-daemon: Remove stale eventd socket. o Björn Jacke * BUG 12535: vfs_default: Unlock the right file in copy chunk. o Volker Lendecke * BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets. * BUG 12538: Backport winbind fixes. o Stefan Metzmacher * BUG 12501: s3:winbindd: talloc_steal the extra_data in winbindd_list_users_recv(). o Martin Schwenke * BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to send. * BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp". * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple 'default' entries. --- Module Name: pkgsrc Committed By: jnemeth Date: Mon Apr 10 15:27:22 UTC 2017 Modified Files: pkgsrc/net/samba4: Makefile Log Message: Add pkg-config to USE_TOOLS, which is needed to find gnutls. Problem found in a bulk build. Not bumping PKGREVISION since it shouldn't change the binary package when it built. --- Module Name: pkgsrc Committed By: he Date: Wed May 24 15:51:32 UTC 2017 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: Update samba4 to version 4.6.4. Pkgsrc changes: * Adapt PLIST, new .so installed. Upstream changes: Changes since 4.6.3: --------------------- o Volker Lendecke * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable share. Changes since 4.6.2: -------------------- o Michael Adam * BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend. o Jeremy Allison * BUG 12559: Fix for Solaris C compiler. * BUG 12628: s3: locking: Update oplock optimization for the leases era. * BUG 12693: Make the Solaris C compiler happy. * BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. * BUG 12747: Fix buffer overflow caused by wrong use of getgroups. o Hanno Boeck * BUG 12746: lib: debug: Avoid negative array access. * BUG 12748: cleanupdb: Fix a memory read error. o Ralph Boehme * BUG 7537: streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY. * BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from other backends. * BUG 12565: vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY. * BUG 12615: manpages/vfs_fruit: Document global options. * BUG 12624: lib/pthreadpool: Fix a memory leak. * BUG 12727: Lookup-domain for well-known SIDs on a DC. * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation. o Alexander Bokovoy * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case. * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4. o Amitay Isaacs * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to complete. * BUG 12723: ctdb_event monitor command crashes if event is not specified. * BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'. o Volker Lendecke * BUG 12558: smbd: Fix smb1 findfirst with DFS. * BUG 12610: smbd: Do an early exit on negprot failure. * BUG 12699: winbindd: Fix substitution for 'template homedir'. o Stefan Metzmacher * BUG 12554: s4:kdc: Disable principal based autodetected referral detection. * BUG 12613: idmap_autorid: Allocate new domain range if the callers knows the sid is valid. * BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path. * BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain. * BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again. o Christof Schmitt * BUG 12725: winbindd: Fix password policy for pam authentication. o Andreas Schneider * BUG 12554: s3:gse: Correctly handle external trusts with MIT. * BUG 12611: auth/credentials: Always set the realm if we set the principal from the ccache. * BUG 12686: replace: Include sysmacros.h. * BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file. * BUG 12704: s3:libsmb: Only print error message if kerberos use is forced. * BUG 12708: winbindd: Child process crashes when kerberos-authenticating a user with wrong password. o Uri Simchoni * BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to CNID semantics. * BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.6.4.tar.gz) = eabfbb4d4ed17e25feb1aec81187011fca0f5f8a RMD160 (samba-4.6.4.tar.gz) = 91b77289adb41b1570e82411795fd8e7bb9a7543 SHA512 (samba-4.6.4.tar.gz) = c20e6ad35b701816c35959fd242470dd899fb1b0bf02277ebdc87624dc1059199854b8d759374ab8b23f4842aa01347389a34319635091ade5afb5a94810eac1 Size (samba-4.6.4.tar.gz) = 21108045 bytes d9 1 a9 1 SHA1 (patch-lib_param_loadparm.h) = 0216b69d33d1e17260a446e11bee764116c52b18 d13 1 a13 1 SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = 4b4be0691322afc70769602069c8a1bbd81ab639 @ 1.10 log @Update samba4 to 4.3.8, which contains security fix. This release fixes some regressions introduced by the last security fixes. Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of bugs addressing these regressions and more information. Changes since 4.3.8: -------------------- o Jeremy Allison * BUG 11742: lib: tevent: Fix memory leak when old signal action restored. * BUG 11771: lib: tevent: Fix memory leak when old signal action restored. * BUG 11822: s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1. o Andrew Bartlett * BUG 11780: smbd: Only check dev/inode in open_directory, not the full stat(). * BUG 11789: pydsdb: Fix returning of ldb.MessageElement. o Berend De Schouwer * BUG 11643: docs: Add example for domain logins to smbspool man page. o Günther Deschner * BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build. o Alberto Maria Fiaschi * BUG 8093: access based share enum: Handle permission set in configuration files. o Volker Lendecke * BUG 11816: nwrap: Fix the build on Solaris. * BUG 11827: vfs_catia: Fix memleak. * BUG 11878: smbd: Avoid large reads beyond EOF. o Stefan Metzmacher * BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before dereferencing an ioctl response. * BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np. * BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on ldap_add. * BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action restored. * BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain list. * BUG 11789: s3:wscript: pylibsmb depends on pycredentials. * BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share. * BUG 11847: Only validate MIC if "map to guest" is not being used. * BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego option for testing. * BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN. * BUG 11858: Allow anonymous smb connections. * BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5). * BUG 11872: Fix 'wbinfo -u' and 'net ads search'. o Noel Power * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee. o Garming Sam * BUG 11789: build: Mark explicit dependencies on pytalloc-util. o Partha Sarathi * BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel. o Jorge Schrauwen * BUG 11816: configure: Don't check for inotify on illumos. o Uri Simchoni * BUG 11691: winbindd: Return trust parameters when listing trusts. * BUG 11753: smbd: Ignore SVHDX create context. * BUG 11763: passdb: Add linefeed to debug message. * BUG 11788: build: Fix disk-free quota support on Solaris 10. * BUG 11798: build: Fix build when '--without-quota' specified. * BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set. * BUG 11852: libads: Record session expiry for spnego sasl binds. o Hemanth Thummala * BUG 11740: Real memory leak(buildup) issue in loadparm. * BUG 11840: Mask general purpose signals for notifyd. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2016/04/13 08:26:10 manu Exp $ d3 4 a6 4 SHA1 (samba-4.3.9.tar.gz) = d31423f80918af52cd6d5b2005d76d02975dbfd5 RMD160 (samba-4.3.9.tar.gz) = 8bfd170d9c14f75e728a051dea335d3365c2afea SHA512 (samba-4.3.9.tar.gz) = bc90c88d8defd3acec7c671e8ceacec31e3111540aabee7ec6f11cdeaf61bbd993525e2b765e3b50801c8079e1168cf496b3e5e6a56118d6493ae5da60d34c41 Size (samba-4.3.9.tar.gz) = 20570849 bytes @ 1.10.2.1 log @Pullup ticket #5060 - requested by taca net/samba4: security update Revisions pulled up: - net/samba4/Makefile 1.19-1.22 - net/samba4/PLIST 1.8-1.9 - net/samba4/distinfo 1.11 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Jul 7 16:44:14 UTC 2016 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: Update samba4 to 4.3.11 (Samba 4.3.11), including security fix for CVE-2016-2119. Changes from 4.3.9 to 4.3.10 are too many to write here, please refer WHATSNEW.txt file. ============================== Release Notes for Samba 4.3.11 July 07, 2016 ============================== This is a security release in order to address the following defect: o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded) ======= Details ======= o CVE-2016-2119: It's possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can impersonate a server being connected to by Samba, and return malicious results. The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking to domain controllers as a member server, and trusted domains as a domain controller. These DCE/RPC connections were intended to protected by the combination of "client ipc signing" and "client ipc max protocol" in their effective default settings ("mandatory" and "SMB3_11"). Additionally, management tools like net, samba-tool and rpcclient use DCERPC over SMB2/3 connections. By default, other tools in Samba are unprotected, but rarely they are configured to use smb signing, via the "client signing" parameter (the default is "if_required"). Even more rarely the "client max protocol" is set to SMB2, rather than the NT1 default. If both these conditions are met, then this issue would also apply to these other tools, including command line tools like smbcacls, smbcquota, smbclient, smbget and applications using libsmbclient. Changes since 4.3.10: -------------------- o Stefan Metzmacher * BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade. * BUG 11948: Total dcerpc response payload more than 0x400000. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/samba4/PLIST cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/samba4/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 9 06:39:18 UTC 2016 Modified Files: pkgsrc/archivers/dar: Makefile pkgsrc/archivers/file-roller: Makefile pkgsrc/archivers/libzip: Makefile pkgsrc/archivers/upx: Makefile pkgsrc/audio/abcde: Makefile pkgsrc/audio/amarok: Makefile pkgsrc/audio/ardour: Makefile pkgsrc/audio/arts: Makefile pkgsrc/audio/disc-cover: Makefile pkgsrc/audio/distmp3: Makefile pkgsrc/audio/festival: Makefile pkgsrc/audio/flac2mp3: Makefile pkgsrc/audio/gtkpod: Makefile pkgsrc/audio/jack: Makefile pkgsrc/audio/kid3: Makefile pkgsrc/audio/libgroove: Makefile pkgsrc/audio/liteamp: Makefile pkgsrc/audio/lmms: Makefile pkgsrc/audio/mkcdtoc: Makefile pkgsrc/audio/mp32ogg: Makefile pkgsrc/audio/mp3cut: Makefile pkgsrc/audio/mserv: Makefile pkgsrc/audio/mserv-devel: Makefile pkgsrc/audio/mserv-irman: Makefile pkgsrc/audio/mstream: Makefile pkgsrc/audio/nas-auscope: Makefile pkgsrc/audio/normalize: Makefile pkgsrc/audio/oggasm: Makefile pkgsrc/audio/paprefs: Makefile pkgsrc/audio/pavucontrol: Makefile pkgsrc/audio/pavumeter: Makefile pkgsrc/audio/rip: Makefile pkgsrc/audio/sphinxbase: Makefile pkgsrc/audio/sphinxtrain: Makefile pkgsrc/benchmarks/bonnie++: Makefile pkgsrc/benchmarks/bytebench: Makefile pkgsrc/benchmarks/hbench: Makefile pkgsrc/benchmarks/iozone: Makefile pkgsrc/benchmarks/lmbench: Makefile pkgsrc/biology/bioperl: Makefile pkgsrc/biology/bodr: Makefile pkgsrc/biology/bwa: Makefile pkgsrc/biology/cdhit: Makefile pkgsrc/biology/gnome-chemistry-utils: Makefile pkgsrc/biology/gromacs: Makefile pkgsrc/biology/mpqc: Makefile pkgsrc/biology/mummer: Makefile pkgsrc/cad/dinotrace: Makefile pkgsrc/cad/freehdl: Makefile pkgsrc/cad/geda: Makefile pkgsrc/cad/gwave: Makefile pkgsrc/cad/spiceprm: Makefile pkgsrc/chat/anope: Makefile pkgsrc/chat/bitchbot: Makefile pkgsrc/chat/centerim: Makefile pkgsrc/chat/cgiirc: Makefile pkgsrc/chat/dccserver: Makefile pkgsrc/chat/dircproxy: Makefile pkgsrc/chat/finch: Makefile pkgsrc/chat/inspircd: Makefile pkgsrc/chat/inspircd12: Makefile pkgsrc/chat/ircd-hybrid: Makefile pkgsrc/chat/ircservices: Makefile pkgsrc/chat/jabberd2: Makefile pkgsrc/chat/kgb-bot: Makefile pkgsrc/chat/kmess: Makefile pkgsrc/chat/konversation: Makefile pkgsrc/chat/konversation-kde3: Makefile pkgsrc/chat/libpurple: Makefile pkgsrc/chat/pidgin-libnotify: Makefile pkgsrc/chat/pidgin-otr: Makefile pkgsrc/chat/pidgin-sametime: Makefile pkgsrc/chat/pidgin-silc: Makefile pkgsrc/chat/sirc: Makefile pkgsrc/chat/vicq: Makefile pkgsrc/chat/xchat: Makefile pkgsrc/chat/xchat-python: Makefile pkgsrc/comms/asterisk: Makefile pkgsrc/comms/asterisk13: Makefile pkgsrc/comms/asterisk18: Makefile pkgsrc/comms/fidogate: Makefile pkgsrc/comms/gnome-pilot: Makefile pkgsrc/comms/mgetty+sendfax: Makefile pkgsrc/comms/op_panel: Makefile pkgsrc/comms/p5-Asterisk: Makefile pkgsrc/comms/pilot-link: Makefile pkgsrc/comms/pilotmgr: Makefile pkgsrc/converters/2vcard: Makefile pkgsrc/converters/bibtex2html: Makefile pkgsrc/converters/code2html: Makefile pkgsrc/converters/convmv: Makefile pkgsrc/converters/doc2html: Makefile pkgsrc/converters/docx2txt: Makefile pkgsrc/converters/dos2unix: Makefile pkgsrc/converters/help2man: Makefile pkgsrc/converters/jcode-perl: Makefile pkgsrc/converters/libabw: Makefile pkgsrc/converters/libfreehand: Makefile pkgsrc/converters/libvisio: Makefile pkgsrc/converters/libwpg: Makefile pkgsrc/converters/nkf: Makefile pkgsrc/converters/rpm2cpio: Makefile pkgsrc/converters/skf: Makefile pkgsrc/converters/smbchartool: Makefile pkgsrc/converters/txt2html: Makefile pkgsrc/converters/txt2pdbdoc: Makefile pkgsrc/cross/avr-binutils: Makefile pkgsrc/cross/avr-gcc: Makefile pkgsrc/cross/avr-libc: Makefile pkgsrc/cross/binutils-mips-current: Makefile pkgsrc/cross/cc65: Makefile pkgsrc/cross/cross-binutils: Makefile pkgsrc/cross/cross-libtool-base: Makefile pkgsrc/cross/gcc-mips-current: Makefile pkgsrc/cross/nios2-gcc: Makefile pkgsrc/cross/nios2-gcc3: Makefile pkgsrc/cross/nios2-gcc41: Makefile pkgsrc/databases/couchdb: Makefile pkgsrc/databases/cstore: Makefile pkgsrc/databases/gnome-mime-data: Makefile pkgsrc/databases/gq: Makefile pkgsrc/databases/idzebra: Makefile pkgsrc/databases/innotop: Makefile pkgsrc/databases/krecipes: Makefile pkgsrc/databases/lbdb: Makefile pkgsrc/databases/libcassandra: Makefile pkgsrc/databases/maatkit: Makefile pkgsrc/databases/mariadb55-client: Makefile pkgsrc/databases/mysql-cluster: Makefile pkgsrc/databases/mysql51-client: Makefile pkgsrc/databases/mysql55-client: Makefile pkgsrc/databases/mysql56-client: Makefile pkgsrc/databases/mysqltuner: Makefile pkgsrc/databases/mytop: Makefile pkgsrc/databases/p5-DBI: Makefile pkgsrc/databases/p5-DBIWrapper: Makefile pkgsrc/databases/p5-perl-ldap: Makefile pkgsrc/databases/p5-postgresql: Makefile pkgsrc/databases/p5-sybperl: Makefile pkgsrc/databases/p5-tokyocabinet: Makefile pkgsrc/databases/p5-tokyotyrant: Makefile pkgsrc/databases/percona-toolkit: Makefile pkgsrc/databases/pgbuildfarm: Makefile pkgsrc/databases/postgresql-postgis2: Makefile pkgsrc/databases/postgresql91: Makefile pkgsrc/databases/postgresql91-docs: Makefile pkgsrc/databases/postgresql91-plperl: Makefile pkgsrc/databases/postgresql92: Makefile pkgsrc/databases/postgresql92-docs: Makefile pkgsrc/databases/postgresql92-plperl: Makefile pkgsrc/databases/postgresql93: Makefile pkgsrc/databases/postgresql93-docs: Makefile pkgsrc/databases/postgresql93-plperl: Makefile pkgsrc/databases/postgresql94: Makefile pkgsrc/databases/postgresql94-docs: Makefile pkgsrc/databases/postgresql94-plperl: Makefile pkgsrc/databases/postgresql95: Makefile pkgsrc/databases/postgresql95-docs: Makefile pkgsrc/databases/postgresql95-plperl: Makefile pkgsrc/databases/rdb: Makefile pkgsrc/databases/rrdtool: Makefile pkgsrc/databases/rrdtool12: Makefile pkgsrc/databases/sqlrelay: Makefile pkgsrc/databases/yasql: Makefile pkgsrc/devel/GConf: Makefile pkgsrc/devel/MoarVM: Makefile pkgsrc/devel/RTx-RightsMatrix: Makefile pkgsrc/devel/adocman: Makefile pkgsrc/devel/aegis: Makefile pkgsrc/devel/anjuta: Makefile pkgsrc/devel/atkmm: Makefile pkgsrc/devel/autoconf: Makefile pkgsrc/devel/autoconf213: Makefile pkgsrc/devel/autogen: Makefile pkgsrc/devel/automake: Makefile pkgsrc/devel/automake14: Makefile pkgsrc/devel/bglibs: Makefile pkgsrc/devel/binutils: Makefile pkgsrc/devel/bison: Makefile pkgsrc/devel/bugzilla: Makefile pkgsrc/devel/bugzilla3: Makefile pkgsrc/devel/cogito: Makefile pkgsrc/devel/colordiff: Makefile pkgsrc/devel/commit-patch: Makefile pkgsrc/devel/cook: Makefile pkgsrc/devel/cqual: Makefile pkgsrc/devel/ctemplate: Makefile pkgsrc/devel/cvs2cl: Makefile pkgsrc/devel/cvs2html: Makefile pkgsrc/devel/cvsd: Makefile pkgsrc/devel/cvsutils: Makefile pkgsrc/devel/darcs: Makefile pkgsrc/devel/delta: Makefile pkgsrc/devel/devhelp: Makefile pkgsrc/devel/doxygen: Makefile pkgsrc/devel/easygit: Makefile pkgsrc/devel/etrace: Makefile pkgsrc/devel/gconfmm: Makefile pkgsrc/devel/gcvs: Makefile pkgsrc/devel/gdb: Makefile pkgsrc/devel/gdbus-codegen: Makefile pkgsrc/devel/gdl: Makefile pkgsrc/devel/geany: Makefile pkgsrc/devel/git-base: Makefile pkgsrc/devel/git-docs: Makefile pkgsrc/devel/gitolite: Makefile pkgsrc/devel/glib2: Makefile pkgsrc/devel/glibmm: Makefile pkgsrc/devel/global: Makefile pkgsrc/devel/gmake: Makefile pkgsrc/devel/gperftools: Makefile pkgsrc/devel/gps: Makefile pkgsrc/devel/jemalloc: Makefile pkgsrc/devel/kdbg: Makefile pkgsrc/devel/kdesdk-kioslaves: Makefile pkgsrc/devel/kdesdk3: Makefile pkgsrc/devel/kdevelop-base: Makefile pkgsrc/devel/kdevelop4: Makefile pkgsrc/devel/kdevplatform: Makefile pkgsrc/devel/kdoctools: Makefile pkgsrc/devel/ktexteditor: Makefile pkgsrc/devel/lcov: Makefile pkgsrc/devel/ldapsdk: Makefile pkgsrc/devel/libbonobo: Makefile pkgsrc/devel/libcerf: Makefile pkgsrc/devel/libcompizconfig: Makefile pkgsrc/devel/libgnomeui: Makefile pkgsrc/devel/libidn: Makefile pkgsrc/devel/libpgm: Makefile pkgsrc/devel/libsigc++: Makefile pkgsrc/devel/libstatgrab: Makefile pkgsrc/devel/libthrift: Makefile pkgsrc/devel/libtool: Makefile pkgsrc/devel/libtool-base: Makefile pkgsrc/devel/libtool-fortran: Makefile pkgsrc/devel/libwhisker2: Makefile pkgsrc/devel/lua-posix: Makefile pkgsrc/devel/memcached: Makefile pkgsrc/devel/monodevelop: Makefile pkgsrc/devel/monotone: Makefile pkgsrc/devel/mr: Makefile pkgsrc/devel/nasm: Makefile pkgsrc/devel/ncurses: Makefile pkgsrc/devel/netbeans-ide: Makefile pkgsrc/devel/nspr: Makefile pkgsrc/devel/nss: Makefile pkgsrc/devel/ossp-uuid: Makefile pkgsrc/devel/p5-App-perlbrew: Makefile pkgsrc/devel/p5-B-Hooks-OP-Annotation: Makefile pkgsrc/devel/p5-EV: Makefile pkgsrc/devel/p5-Event: Makefile pkgsrc/devel/p5-LDAP: Makefile pkgsrc/devel/p5-Log-Any-Adapter-Log4perl: Makefile pkgsrc/devel/p5-Log-Log4perl: Makefile pkgsrc/devel/p5-Test-Log4perl: Makefile pkgsrc/devel/pangomm: Makefile pkgsrc/devel/papaya: Makefile pkgsrc/devel/patchutils: Makefile pkgsrc/devel/prcs: Makefile pkgsrc/devel/pstreams: Makefile pkgsrc/devel/quilt: Makefile pkgsrc/devel/refinecvs: Makefile pkgsrc/devel/rpc2: Makefile pkgsrc/devel/rt-mysql: Makefile pkgsrc/devel/rt4: Makefile pkgsrc/devel/sdcc: Makefile pkgsrc/devel/sdcc3: Makefile pkgsrc/devel/sparse: Makefile pkgsrc/devel/startbug1: Makefile pkgsrc/devel/stfl: Makefile pkgsrc/devel/stgit: Makefile pkgsrc/devel/subversion: Makefile pkgsrc/devel/sunifdef: Makefile pkgsrc/devel/svk: Makefile pkgsrc/devel/tet3: Makefile pkgsrc/devel/tmake: Makefile pkgsrc/devel/valgrind: Makefile pkgsrc/devel/xfce4-conf: Makefile pkgsrc/devel/xulrunner10: Makefile pkgsrc/devel/xulrunner17: Makefile pkgsrc/devel/xulrunner192: Makefile pkgsrc/editors/TeXmacs: Makefile pkgsrc/editors/conglomerate: Makefile pkgsrc/editors/emacs20: Makefile pkgsrc/editors/emacs21: Makefile pkgsrc/editors/emacs22: Makefile pkgsrc/editors/gedit: Makefile pkgsrc/editors/gedit-python: Makefile pkgsrc/editors/gedit3: Makefile pkgsrc/editors/kile: Makefile pkgsrc/editors/kile-kde3: Makefile pkgsrc/editors/lyx: Makefile pkgsrc/editors/nvi-m17n: Makefile pkgsrc/editors/vigor: Makefile pkgsrc/editors/xemacs-packages: Makefile pkgsrc/emulators/darwin_lib: Makefile pkgsrc/emulators/freebsd_lib: Makefile pkgsrc/emulators/fuse-emulator: Makefile pkgsrc/emulators/hercules: Makefile pkgsrc/emulators/kegs: Makefile pkgsrc/emulators/libspectrum: Makefile pkgsrc/emulators/osf1_lib: Makefile pkgsrc/emulators/palmosemulator: Makefile pkgsrc/emulators/qemu: Makefile pkgsrc/emulators/qemu0: Makefile pkgsrc/emulators/raine: Makefile pkgsrc/emulators/shoebill: Makefile pkgsrc/emulators/snes9x-gtk: Makefile pkgsrc/emulators/suse100_base: Makefile pkgsrc/emulators/suse121_base: Makefile pkgsrc/emulators/suse131_base: Makefile pkgsrc/emulators/tme: Makefile pkgsrc/emulators/z26: Makefile pkgsrc/filesystems/fuse-svnfs: Makefile pkgsrc/finance/gkrellm-stock: Makefile pkgsrc/finance/gnucash: Makefile pkgsrc/finance/kmymoney2: Makefile pkgsrc/fonts/fntsample: Makefile pkgsrc/fonts/ja-shinonome: Makefile pkgsrc/fonts/monafonts: Makefile pkgsrc/fonts/terminus-font: Makefile pkgsrc/fonts/tex-accfonts: Makefile pkgsrc/fonts/tex-dosepsbin: Makefile pkgsrc/fonts/tex-fontools: Makefile pkgsrc/fonts/tex-mf2pt1: Makefile pkgsrc/fonts/ttf2pt1: Makefile pkgsrc/fonts/type1inst: Makefile pkgsrc/fonts/unifont: Makefile pkgsrc/games/asc: Makefile pkgsrc/games/asciiquarium: Makefile pkgsrc/games/bzflag: Makefile pkgsrc/games/crossfire-client: Makefile pkgsrc/games/crossfire-server: Makefile pkgsrc/games/eboard: Makefile pkgsrc/games/frozen-bubble: Makefile pkgsrc/games/minami: Makefile pkgsrc/games/netmaj: Makefile pkgsrc/games/wesnoth: Makefile pkgsrc/games/xboard: Makefile pkgsrc/games/xracer: Makefile pkgsrc/games/xscorch: Makefile pkgsrc/games/zoom: Makefile pkgsrc/geography/gpsdrive: Makefile pkgsrc/geography/proj-swig: Makefile pkgsrc/geography/qgis: Makefile pkgsrc/graphics/GraphicsMagick: Makefile pkgsrc/graphics/ImageMagick: Makefile pkgsrc/graphics/ImageMagick6: Makefile pkgsrc/graphics/OpenRM: Makefile pkgsrc/graphics/asymptote: Makefile pkgsrc/graphics/cairomm: Makefile pkgsrc/graphics/cdlabelgen: Makefile pkgsrc/graphics/cheese: Makefile pkgsrc/graphics/circos: Makefile pkgsrc/graphics/claraocr: Makefile pkgsrc/graphics/compface: Makefile pkgsrc/graphics/digikam: Makefile pkgsrc/graphics/digikam-doc-kde3: Makefile pkgsrc/graphics/digikam-kde3: Makefile pkgsrc/graphics/enblend-enfuse: Makefile pkgsrc/graphics/fly: Makefile pkgsrc/graphics/g2: Makefile pkgsrc/graphics/gd: Makefile pkgsrc/graphics/get_ds7: Makefile pkgsrc/graphics/gimp: Makefile pkgsrc/graphics/gimp-docs-en: Makefile pkgsrc/graphics/gimp-ufraw: Makefile pkgsrc/graphics/gnome-icon-theme: Makefile pkgsrc/graphics/goocanvasmm: Makefile pkgsrc/graphics/graphviz: Makefile pkgsrc/graphics/gri: Makefile pkgsrc/graphics/gtkam: Makefile pkgsrc/graphics/gtkglext: Makefile pkgsrc/graphics/gwenview-kde3: Makefile pkgsrc/graphics/icon-naming-utils: Makefile pkgsrc/graphics/inkscape: Makefile pkgsrc/graphics/kbarcode: Makefile pkgsrc/graphics/kipi-plugins-calendar-kde3: Makefile pkgsrc/graphics/kipi-plugins-kde3: Makefile pkgsrc/graphics/koverartist: Makefile pkgsrc/graphics/magicpoint: Makefile pkgsrc/graphics/netpbm: Makefile pkgsrc/graphics/pfstools: Makefile pkgsrc/graphics/ps2eps: Makefile pkgsrc/graphics/ristretto: Makefile pkgsrc/graphics/showimg: Makefile pkgsrc/graphics/tex-a2ping: Makefile pkgsrc/graphics/tex-epstopdf: Makefile pkgsrc/graphics/tex-pdfcrop: Makefile pkgsrc/graphics/ucview: Makefile pkgsrc/graphics/unicap: Makefile pkgsrc/graphics/xplot: Makefile pkgsrc/graphics/xplot-devel: Makefile pkgsrc/graphics/zphoto: Makefile pkgsrc/ham/fldigi: Makefile pkgsrc/ham/gnuradio-core: Makefile pkgsrc/ham/hamlib: Makefile pkgsrc/ham/linpsk: Makefile pkgsrc/ham/osmo-sdr: Makefile pkgsrc/ham/trustedQSL: Makefile pkgsrc/inputmethod/scim: Makefile pkgsrc/inputmethod/xcin: Makefile pkgsrc/lang/asn1c: Makefile pkgsrc/lang/cim: Makefile pkgsrc/lang/clang-static-analyzer: Makefile pkgsrc/lang/erlang: Makefile pkgsrc/lang/fort77: Makefile pkgsrc/lang/g95: Makefile pkgsrc/lang/gcc-aux: Makefile pkgsrc/lang/gcc44: Makefile pkgsrc/lang/gcc45: Makefile pkgsrc/lang/gcc46: Makefile pkgsrc/lang/gcc47: Makefile pkgsrc/lang/gcc48: Makefile pkgsrc/lang/gcc49: Makefile pkgsrc/lang/gcc5: Makefile pkgsrc/lang/gforth: Makefile pkgsrc/lang/ghc: Makefile pkgsrc/lang/ghc-bootstrap: Makefile pkgsrc/lang/ghc7: Makefile pkgsrc/lang/go: Makefile pkgsrc/lang/go14: Makefile pkgsrc/lang/guile: Makefile pkgsrc/lang/gwydion-dylan: Makefile pkgsrc/lang/libLLVM: Makefile pkgsrc/lang/llvm: Makefile pkgsrc/lang/mercury: Makefile pkgsrc/lang/mono: Makefile pkgsrc/lang/mono2: Makefile pkgsrc/lang/moscow_ml: Makefile pkgsrc/lang/nqp: Makefile pkgsrc/lang/oo2c: Makefile pkgsrc/lang/ossp-js: Makefile pkgsrc/lang/parrot: Makefile pkgsrc/lang/pfe: Makefile pkgsrc/lang/rakudo-star: Makefile pkgsrc/lang/sather: Makefile pkgsrc/lang/see: Makefile pkgsrc/lang/spidermonkey17: Makefile pkgsrc/mail/YoSucker: Makefile pkgsrc/mail/amavis-perl: Makefile pkgsrc/mail/amavisd-new: Makefile pkgsrc/mail/anomy-sanitizer: Makefile pkgsrc/mail/avenger: Makefile pkgsrc/mail/balsa: Makefile pkgsrc/mail/bogofilter: Makefile pkgsrc/mail/claws-mail: Makefile pkgsrc/mail/claws-mail-vcalendar: Makefile pkgsrc/mail/clawsker: Makefile pkgsrc/mail/cone: Makefile pkgsrc/mail/courier-analog: Makefile pkgsrc/mail/courier-imap: Makefile pkgsrc/mail/courier-maildir: Makefile pkgsrc/mail/cyrus-imapd: Makefile pkgsrc/mail/cyrus-imapd23: Makefile pkgsrc/mail/cyrus-imapd24: Makefile pkgsrc/mail/dcc: Makefile pkgsrc/mail/demime: Makefile pkgsrc/mail/distribute: Makefile pkgsrc/mail/dspam: Makefile pkgsrc/mail/elmo: Makefile pkgsrc/mail/etpan: Makefile pkgsrc/mail/exim: Makefile pkgsrc/mail/exim3: Makefile pkgsrc/mail/faces: Makefile pkgsrc/mail/fetchyahoo: Makefile pkgsrc/mail/fix-mime-charset: Makefile pkgsrc/mail/fml: Makefile pkgsrc/mail/fromto: Makefile pkgsrc/mail/grepmail: Makefile pkgsrc/mail/imapsync: Makefile pkgsrc/mail/kbiff: Makefile pkgsrc/mail/mailagent: Makefile pkgsrc/mail/maildrop: Makefile pkgsrc/mail/mailgraph: Makefile pkgsrc/mail/mailhops: Makefile pkgsrc/mail/mailserv: Makefile pkgsrc/mail/mailsort: Makefile pkgsrc/mail/majordomo: Makefile pkgsrc/mail/mb2md: Makefile pkgsrc/mail/mdfrm: Makefile pkgsrc/mail/mhonarc: Makefile pkgsrc/mail/mime-construct: Makefile pkgsrc/mail/minimalist: Makefile pkgsrc/mail/mutt: Makefile pkgsrc/mail/opendkim: Makefile pkgsrc/mail/opendmarc: Makefile pkgsrc/mail/policyd-weight: Makefile pkgsrc/mail/poppy: Makefile pkgsrc/mail/postfix: Makefile pkgsrc/mail/postgrey: Makefile pkgsrc/mail/prayer: Makefile pkgsrc/mail/qgreylist: Makefile pkgsrc/mail/qmHandle: Makefile pkgsrc/mail/qmail-lint: Makefile pkgsrc/mail/qmqtool: Makefile pkgsrc/mail/rspamd: Makefile pkgsrc/mail/sendmail-qtool: Makefile pkgsrc/mail/sendymail: Makefile pkgsrc/mail/spamassassin: Makefile pkgsrc/mail/squirrelmail: Makefile pkgsrc/mail/sqwebmail: Makefile pkgsrc/mail/teapop: Makefile pkgsrc/mail/thunderbird-enigmail: Makefile pkgsrc/mail/turba: Makefile pkgsrc/math/R: Makefile pkgsrc/math/R-gdata: Makefile pkgsrc/math/R-genetics: Makefile pkgsrc/math/antixls: Makefile pkgsrc/math/ess: Makefile pkgsrc/math/fftw: Makefile pkgsrc/math/fftwf: Makefile pkgsrc/math/genius: Makefile pkgsrc/math/maxima: Makefile pkgsrc/math/ntl: Makefile pkgsrc/math/ocaml-zarith: Makefile pkgsrc/math/octave: Makefile pkgsrc/math/pari: Makefile pkgsrc/math/pari23: Makefile pkgsrc/math/ppl: Makefile pkgsrc/math/pspp: Makefile pkgsrc/math/qalculate-kde: Makefile pkgsrc/math/superlu: Makefile pkgsrc/math/udunits: Makefile pkgsrc/math/xmgr: Makefile pkgsrc/math/yacas: Makefile pkgsrc/mbone/beacon: Makefile pkgsrc/meta-pkgs/bulk-medium: Makefile pkgsrc/meta-pkgs/bulk-small: Makefile pkgsrc/meta-pkgs/kde3: Makefile pkgsrc/meta-pkgs/kde4: Makefile pkgsrc/meta-pkgs/netbsd-www: Makefile pkgsrc/meta-pkgs/texlive-collection-bibtexextra: Makefile pkgsrc/meta-pkgs/texlive-collection-latexextra: Makefile pkgsrc/meta-pkgs/texlive-collection-pstricks: Makefile pkgsrc/meta-pkgs/xfce4: Makefile pkgsrc/misc/bbweather: Makefile pkgsrc/misc/byobu: Makefile pkgsrc/misc/colorize: Makefile pkgsrc/misc/cowsay: Makefile pkgsrc/misc/dpkg: Makefile pkgsrc/misc/gkrellm-weather: Makefile pkgsrc/misc/gnome-utils: Makefile pkgsrc/misc/gwaei: Makefile pkgsrc/misc/ipbt: Makefile pkgsrc/misc/kanjipad: Makefile pkgsrc/misc/kdepim3: Makefile pkgsrc/misc/kdepim4: Makefile pkgsrc/misc/koffice: Makefile pkgsrc/misc/libcdio: Makefile pkgsrc/misc/libcdio-paranoia: Makefile pkgsrc/misc/libreoffice: Makefile pkgsrc/misc/libreoffice4: Makefile pkgsrc/misc/libreoffice43: Makefile pkgsrc/misc/loco: Makefile pkgsrc/misc/mirmon: Makefile pkgsrc/misc/nxtvepg: Makefile pkgsrc/misc/openoffice3: Makefile pkgsrc/misc/p5-Locale-libintl: Makefile pkgsrc/misc/pdmenu: Makefile pkgsrc/misc/reed: Makefile pkgsrc/misc/rlwrap: Makefile pkgsrc/misc/rpm: Makefile pkgsrc/misc/stellarium: Makefile pkgsrc/misc/taskjuggler: Makefile pkgsrc/misc/tds: Makefile pkgsrc/misc/tellico-kde3: Makefile pkgsrc/misc/teseq: Makefile pkgsrc/misc/topless: Makefile pkgsrc/misc/vfu: Makefile pkgsrc/misc/vym: Makefile pkgsrc/misc/whohas: Makefile pkgsrc/multimedia/acidrip: Makefile pkgsrc/multimedia/dirac: Makefile pkgsrc/multimedia/dvb-apps: Makefile pkgsrc/multimedia/dvdrip: Makefile pkgsrc/multimedia/ffmpeg2: Makefile pkgsrc/multimedia/ffmpeg3: Makefile pkgsrc/multimedia/gmediaserver: Makefile pkgsrc/multimedia/gnome-media: Makefile pkgsrc/multimedia/gst-plugins0.10-base: Makefile pkgsrc/multimedia/gst-plugins0.10-ffmpeg: Makefile pkgsrc/multimedia/gst-plugins1-base: Makefile pkgsrc/multimedia/gst-plugins1-libav: Makefile pkgsrc/multimedia/gst-plugins1-omx: Makefile pkgsrc/multimedia/gstreamer0.10: Makefile pkgsrc/multimedia/gstreamer1: Makefile pkgsrc/multimedia/gxine: Makefile pkgsrc/multimedia/handbrake: Makefile pkgsrc/multimedia/kdenlive: Makefile pkgsrc/multimedia/kmplayer: Makefile pkgsrc/multimedia/kmplayer-kde3: Makefile pkgsrc/multimedia/libvpx: Makefile pkgsrc/multimedia/ming: Makefile pkgsrc/multimedia/mpv: Makefile pkgsrc/multimedia/vlc: Makefile pkgsrc/multimedia/vlc20: Makefile pkgsrc/multimedia/x264-devel: Makefile pkgsrc/multimedia/xawtv: Makefile pkgsrc/multimedia/xine-lib: Makefile pkgsrc/net/amule: Makefile pkgsrc/net/argus: Makefile pkgsrc/net/arp-scan: Makefile pkgsrc/net/bind910: Makefile pkgsrc/net/bind99: Makefile pkgsrc/net/choqok: Makefile pkgsrc/net/clive: Makefile pkgsrc/net/coda: Makefile pkgsrc/net/dctc: Makefile pkgsrc/net/ddclient: Makefile pkgsrc/net/dhcpd-pools: Makefile pkgsrc/net/dlint: Makefile pkgsrc/net/dnscheck: Makefile pkgsrc/net/dnstracer: Makefile pkgsrc/net/exabgp: Makefile pkgsrc/net/fpdns: Makefile pkgsrc/net/freeradius: Makefile pkgsrc/net/get-flash-videos: Makefile pkgsrc/net/gift: Makefile pkgsrc/net/gnapfetch: Makefile pkgsrc/net/ipcalc: Makefile pkgsrc/net/irrd: Makefile pkgsrc/net/kftpgrabber: Makefile pkgsrc/net/kismet: Makefile pkgsrc/net/kmldonkey-kde3: Makefile pkgsrc/net/ktorrent: Makefile pkgsrc/net/ktorrent-kde3: Makefile pkgsrc/net/ldns: Makefile pkgsrc/net/lftp: Makefile pkgsrc/net/libktorrent: Makefile pkgsrc/net/libquic: Makefile pkgsrc/net/librsync: Makefile pkgsrc/net/logjam: Makefile pkgsrc/net/md-whois: Makefile pkgsrc/net/mirror: Makefile pkgsrc/net/mldonkey: Makefile pkgsrc/net/monsoon: Makefile pkgsrc/net/mrtg: Makefile pkgsrc/net/nagios-nrpe: Makefile pkgsrc/net/nagios-nsca: Makefile pkgsrc/net/nagios-plugin-snmp: Makefile pkgsrc/net/nagios-plugin-spamd: Makefile pkgsrc/net/nagios-plugins: Makefile pkgsrc/net/nasd: Makefile pkgsrc/net/net-snmp: Makefile pkgsrc/net/netatalk22: Makefile pkgsrc/net/netatalk30: Makefile pkgsrc/net/netdisco: Makefile pkgsrc/net/nocol: Makefile pkgsrc/net/ns: Makefile pkgsrc/net/ntp4: Makefile pkgsrc/net/ocsinventory-agent: Makefile pkgsrc/net/oinkmaster: Makefile pkgsrc/net/openwbem: Makefile pkgsrc/net/perlbal: Makefile pkgsrc/net/pfnet: Makefile pkgsrc/net/proftpd: Makefile pkgsrc/net/quagga: Makefile pkgsrc/net/radiusd-cistron: Makefile pkgsrc/net/rancid: Makefile pkgsrc/net/remmina: Makefile pkgsrc/net/remmina-plugins: Makefile pkgsrc/net/samba: Makefile pkgsrc/net/samba4: Makefile pkgsrc/net/sitescooper: Makefile pkgsrc/net/smokeping: Makefile pkgsrc/net/snmptt: Makefile pkgsrc/net/spread: Makefile pkgsrc/net/stripes: Makefile pkgsrc/net/tacacs: Makefile pkgsrc/net/tacacs-shrubbery: Makefile pkgsrc/net/tigervnc: Makefile pkgsrc/net/tightvnc: Makefile pkgsrc/net/torrentutils: Makefile pkgsrc/net/tsclient: Makefile pkgsrc/net/udpcast: Makefile pkgsrc/net/vcheck: Makefile pkgsrc/net/vino: Makefile pkgsrc/net/vnc: Makefile pkgsrc/net/vpnc: Makefile pkgsrc/net/walker: Makefile pkgsrc/net/wget: Makefile pkgsrc/net/whois3: Makefile pkgsrc/net/wireshark: Makefile pkgsrc/net/wireshark1: Makefile pkgsrc/net/wol: Makefile pkgsrc/news/cleanscore: Makefile pkgsrc/news/newsbeuter: Makefile pkgsrc/news/nntpcache: Makefile pkgsrc/news/tin: Makefile pkgsrc/news/trn: Makefile pkgsrc/parallel/gridscheduler: Makefile pkgsrc/parallel/mpi-ch: Makefile pkgsrc/parallel/openmpi: Makefile pkgsrc/parallel/parallel: Makefile pkgsrc/parallel/pdsh: Makefile pkgsrc/parallel/sge: Makefile pkgsrc/parallel/slurm: Makefile pkgsrc/pkgtools/gnome-packagekit: Makefile pkgsrc/pkgtools/lintpkgsrc: Makefile pkgsrc/pkgtools/pkg_distinst: Makefile pkgsrc/pkgtools/pkg_filecheck: Makefile pkgsrc/pkgtools/pkg_notify: Makefile pkgsrc/pkgtools/pkg_p5up2date: Makefile pkgsrc/pkgtools/pkgdep: Makefile pkgsrc/pkgtools/pkgdepgraph: Makefile pkgsrc/pkgtools/pkgdiff: Makefile pkgsrc/pkgtools/pkglint4: Makefile pkgsrc/pkgtools/pkgse: Makefile pkgsrc/pkgtools/pkgsrc-todo: Makefile pkgsrc/pkgtools/port2pkg: Makefile pkgsrc/pkgtools/revbump: Makefile pkgsrc/pkgtools/texlive2pkg: Makefile pkgsrc/pkgtools/url2pkg: Makefile pkgsrc/print/a2ps: Makefile pkgsrc/print/bibtool: Makefile pkgsrc/print/chktex: Makefile pkgsrc/print/cups: Makefile pkgsrc/print/cups-pdf: Makefile pkgsrc/print/cups15: Makefile pkgsrc/print/enscript: Makefile pkgsrc/print/foomatic-filters: Makefile pkgsrc/print/foomatic4-db-engine: Makefile pkgsrc/print/foomatic4-filters: Makefile pkgsrc/print/ghostscript-agpl: Makefile pkgsrc/print/ghostscript-gpl: Makefile pkgsrc/print/gutenprint-lib: Makefile pkgsrc/print/gv: Makefile pkgsrc/print/hplip: Makefile pkgsrc/print/html2ps: Makefile pkgsrc/print/if-psprint: Makefile pkgsrc/print/ja-a2ps: Makefile pkgsrc/print/kbibtex: Makefile pkgsrc/print/kbibtex-kde3: Makefile pkgsrc/print/latexmk: Makefile pkgsrc/print/lilypond: Makefile pkgsrc/print/luatex: Makefile pkgsrc/print/pdflib: Makefile pkgsrc/print/pdflib-lite: Makefile pkgsrc/print/psjoin: Makefile pkgsrc/print/pslib: Makefile pkgsrc/print/psutils: Makefile pkgsrc/print/qpdf: Makefile pkgsrc/print/scribus: Makefile pkgsrc/print/scribus-qt4: Makefile pkgsrc/print/tex-cjk-gs-integrate: Makefile pkgsrc/print/tex-glossaries: Makefile pkgsrc/print/tex-kotex-utils: Makefile pkgsrc/print/tex-oberdiek: Makefile pkgsrc/print/tex-pdftex-doc: Makefile pkgsrc/print/tex-pdftools: Makefile pkgsrc/print/tex-pkfix: Makefile pkgsrc/print/tex-tetex: Makefile pkgsrc/print/tex-texlive.infra: Makefile pkgsrc/print/tex-thumbpdf: Makefile pkgsrc/print/tex-xetex: Makefile pkgsrc/print/tex4ht: Makefile pkgsrc/print/xetex: Makefile pkgsrc/print/yup: Makefile pkgsrc/security/Bastille: Makefile pkgsrc/security/CSP: Makefile pkgsrc/security/antonym: Makefile pkgsrc/security/apg: Makefile pkgsrc/security/base: Makefile pkgsrc/security/boringssl: Makefile pkgsrc/security/caff: Makefile pkgsrc/security/ccid: Makefile pkgsrc/security/clusterssh: Makefile pkgsrc/security/courier-authlib: Makefile pkgsrc/security/dnssec-tools: Makefile pkgsrc/security/egd: Makefile pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile pkgsrc/security/gnutls: Makefile pkgsrc/security/gpg2dot: Makefile pkgsrc/security/hackbot: Makefile pkgsrc/security/lasso: Makefile pkgsrc/security/libprelude: Makefile pkgsrc/security/libprelude-perl: Makefile pkgsrc/security/libpreludedb: Makefile pkgsrc/security/libpreludedb-mysql: Makefile pkgsrc/security/libpreludedb-perl: Makefile pkgsrc/security/libpreludedb-pgsql: Makefile pkgsrc/security/libpreludedb-python: Makefile pkgsrc/security/libpreludedb-sqlite3: Makefile pkgsrc/security/log2timeline: Makefile pkgsrc/security/mbedtls: Makefile pkgsrc/security/mbedtls1: Makefile pkgsrc/security/mhash: Makefile pkgsrc/security/mit-krb5: Makefile pkgsrc/security/munge: Makefile pkgsrc/security/nikto: Makefile pkgsrc/security/openpam: Makefile pkgsrc/security/openssh: Makefile pkgsrc/security/openssl: Makefile pkgsrc/security/p5-pcsc: Makefile pkgsrc/security/pcsc-tools: Makefile pkgsrc/security/pgp5: Makefile pkgsrc/security/pgpenvelope: Makefile pkgsrc/security/policykit: Makefile pkgsrc/security/policykit-gnome: Makefile pkgsrc/security/polkit: Makefile pkgsrc/security/py-lasso: Makefile pkgsrc/security/racoon2: Makefile pkgsrc/security/sfs: Makefile pkgsrc/security/skey: Makefile pkgsrc/security/sks: Makefile pkgsrc/security/sleuthkit: Makefile pkgsrc/security/snortsnarf: Makefile pkgsrc/security/stunnel: Makefile pkgsrc/security/tct: Makefile pkgsrc/security/validns: Makefile pkgsrc/security/zebedee: Makefile pkgsrc/security/zoneminder: Makefile pkgsrc/shells/mksh: Makefile pkgsrc/shells/perlsh: Makefile pkgsrc/shells/xsh: Makefile pkgsrc/sysutils/amanda-common: Makefile pkgsrc/sysutils/amtterm: Makefile pkgsrc/sysutils/backuppc: Makefile pkgsrc/sysutils/bacula: Makefile pkgsrc/sysutils/boxbackup-client: Makefile pkgsrc/sysutils/boxbackup-server: Makefile pkgsrc/sysutils/bup: Makefile pkgsrc/sysutils/cdbkup: Makefile pkgsrc/sysutils/cdrkit: Makefile pkgsrc/sysutils/cfengine2: Makefile pkgsrc/sysutils/collectd: Makefile pkgsrc/sysutils/consolekit: Makefile pkgsrc/sysutils/coreutils: Makefile pkgsrc/sysutils/cpogm: Makefile pkgsrc/sysutils/cvsreport: Makefile pkgsrc/sysutils/dirvish: Makefile pkgsrc/sysutils/diskscrub: Makefile pkgsrc/sysutils/dmassage: Makefile pkgsrc/sysutils/dmesg2gif: Makefile pkgsrc/sysutils/etckeeper: Makefile pkgsrc/sysutils/etcmanage: Makefile pkgsrc/sysutils/filelight-kde3: Makefile pkgsrc/sysutils/gdmap: Makefile pkgsrc/sysutils/gio-fam: Makefile pkgsrc/sysutils/gnome-commander: Makefile pkgsrc/sysutils/gnome-device-manager: Makefile pkgsrc/sysutils/gnome-mount: Makefile pkgsrc/sysutils/gnome-power-manager: Makefile pkgsrc/sysutils/gnome-system-tools: Makefile pkgsrc/sysutils/gnome-volume-manager: Makefile pkgsrc/sysutils/hal: Makefile pkgsrc/sysutils/hal-info: Makefile pkgsrc/sysutils/k3b: Makefile pkgsrc/sysutils/k3b-kde3: Makefile pkgsrc/sysutils/k4dirstat: Makefile pkgsrc/sysutils/krusader: Makefile pkgsrc/sysutils/lavaps: Makefile pkgsrc/sysutils/libgtop: Makefile pkgsrc/sysutils/liboobs: Makefile pkgsrc/sysutils/libvirt: Makefile pkgsrc/sysutils/lilo: Makefile pkgsrc/sysutils/lsof: Makefile pkgsrc/sysutils/lxpanel: Makefile pkgsrc/sysutils/magicrescue: Makefile pkgsrc/sysutils/mc: Makefile pkgsrc/sysutils/mc46: Makefile pkgsrc/sysutils/memconf: Makefile pkgsrc/sysutils/mgm: Makefile pkgsrc/sysutils/munin-doc: Makefile pkgsrc/sysutils/munin-node: Makefile pkgsrc/sysutils/munin-server: Makefile pkgsrc/sysutils/pflogsumm: Makefile pkgsrc/sysutils/rconfig: Makefile pkgsrc/sysutils/roller: Makefile pkgsrc/sysutils/rsnapshot: Makefile pkgsrc/sysutils/safetynet: Makefile pkgsrc/sysutils/sarah: Makefile pkgsrc/sysutils/shelldap: Makefile pkgsrc/sysutils/smbldap-tools: Makefile pkgsrc/sysutils/stow: Makefile pkgsrc/sysutils/strace: Makefile pkgsrc/sysutils/strigi: Makefile pkgsrc/sysutils/swatch: Makefile pkgsrc/sysutils/tenshi: Makefile pkgsrc/sysutils/vifm: Makefile pkgsrc/sysutils/webmin: Makefile pkgsrc/sysutils/xentools3: Makefile pkgsrc/sysutils/xentools3-hvm: Makefile pkgsrc/sysutils/xentools33: Makefile pkgsrc/sysutils/xentools41: Makefile pkgsrc/sysutils/xentools42: Makefile pkgsrc/sysutils/xentools45: Makefile pkgsrc/sysutils/xentools46: Makefile pkgsrc/sysutils/xps: Makefile pkgsrc/sysutils/znapzend: Makefile pkgsrc/textproc/Markdown: Makefile pkgsrc/textproc/aspell: Makefile pkgsrc/textproc/aspell-da: Makefile pkgsrc/textproc/aspell-fo: Makefile pkgsrc/textproc/btparse: Makefile pkgsrc/textproc/c2html: Makefile pkgsrc/textproc/cdif: Makefile pkgsrc/textproc/cmigemo: Makefile pkgsrc/textproc/crush-tools: Makefile pkgsrc/textproc/dict-mueller7: Makefile pkgsrc/textproc/diffsplit: Makefile pkgsrc/textproc/docbook-xsl: Makefile pkgsrc/textproc/dsssl-docbook-modular: Makefile pkgsrc/textproc/dtdparse: Makefile pkgsrc/textproc/eb: Makefile pkgsrc/textproc/freepwing: Makefile pkgsrc/textproc/grep: Makefile pkgsrc/textproc/groff: Makefile pkgsrc/textproc/gtk-doc: Makefile pkgsrc/textproc/halibut: Makefile pkgsrc/textproc/html2wml: Makefile pkgsrc/textproc/hunspell: Makefile pkgsrc/textproc/hunspell-de: Makefile pkgsrc/textproc/hyphen: Makefile pkgsrc/textproc/intltool: Makefile pkgsrc/textproc/ispell-de: Makefile pkgsrc/textproc/ja-groff: Makefile pkgsrc/textproc/kdoc: Makefile pkgsrc/textproc/latex2html: Makefile pkgsrc/textproc/libxml++: Makefile pkgsrc/textproc/libxslt: Makefile pkgsrc/textproc/mdoclint: Makefile pkgsrc/textproc/multimarkdown: Makefile pkgsrc/textproc/mythes: Makefile pkgsrc/textproc/namazu: Makefile pkgsrc/textproc/ndtpd: Makefile pkgsrc/textproc/openjade: Makefile pkgsrc/textproc/opensp: Makefile pkgsrc/textproc/p5-libxml: Makefile pkgsrc/textproc/p5-mecab: Makefile pkgsrc/textproc/p5-mobiperl: Makefile pkgsrc/textproc/po4a: Makefile pkgsrc/textproc/pod2mdoc: Makefile pkgsrc/textproc/postgresql-autodoc: Makefile pkgsrc/textproc/redland: Makefile pkgsrc/textproc/rfcutil: Makefile pkgsrc/textproc/sablotron: Makefile pkgsrc/textproc/sub2srt: Makefile pkgsrc/textproc/tex-latexdiff: Makefile pkgsrc/textproc/tex-latexdiff-doc: Makefile pkgsrc/textproc/texi2html: Makefile pkgsrc/textproc/troffcvt: Makefile pkgsrc/textproc/xapian-omega: Makefile pkgsrc/textproc/xmltoman: Makefile pkgsrc/textproc/yamcha: Makefile pkgsrc/time/hebcal: Makefile pkgsrc/time/ical2rem: Makefile pkgsrc/time/libical: Makefile pkgsrc/time/rem2ics: Makefile pkgsrc/time/remind: Makefile pkgsrc/time/rsibreak: Makefile pkgsrc/time/rsibreak-kde3: Makefile pkgsrc/time/titrax: Makefile pkgsrc/wm/afterstep: Makefile pkgsrc/wm/bbkeys: Makefile pkgsrc/wm/bbkeys09: Makefile pkgsrc/wm/compiz-fusion-plugins-extra: Makefile pkgsrc/wm/enlightenment: Makefile pkgsrc/wm/fvwm: Makefile pkgsrc/wm/fvwm-devel: Makefile pkgsrc/wm/fvwm-themes: Makefile pkgsrc/wm/i3: Makefile pkgsrc/wm/ratpoison: Makefile pkgsrc/wm/waimea: Makefile pkgsrc/wm/windowmaker: Makefile pkgsrc/wm/wmakerconf: Makefile pkgsrc/www/SpeedyCGI: Makefile pkgsrc/www/adzap: Makefile pkgsrc/www/album: Makefile pkgsrc/www/album_themes: Makefile pkgsrc/www/amaya: Makefile pkgsrc/www/ap2-perl: Makefile pkgsrc/www/apache22: Makefile pkgsrc/www/apache24: Makefile pkgsrc/www/awstats: Makefile pkgsrc/www/bannerfilter: Makefile pkgsrc/www/bins: Makefile pkgsrc/www/bluefish: Makefile pkgsrc/www/calamaris: Makefile pkgsrc/www/checkbot: Makefile pkgsrc/www/clearsilver: Makefile pkgsrc/www/cronolog: Makefile pkgsrc/www/curl: Makefile pkgsrc/www/cvsweb: Makefile pkgsrc/www/dansguardian: Makefile pkgsrc/www/davical: Makefile pkgsrc/www/dillo: Makefile pkgsrc/www/drraw: Makefile pkgsrc/www/firefox: Makefile pkgsrc/www/firefox24: Makefile pkgsrc/www/firefox31: Makefile pkgsrc/www/firefox38: Makefile pkgsrc/www/firefox45: Makefile pkgsrc/www/gallery: Makefile pkgsrc/www/gitweb: Makefile pkgsrc/www/h2o: Makefile pkgsrc/www/htmlfix: Makefile pkgsrc/www/htmllint: Makefile pkgsrc/www/icedtea-web: Makefile pkgsrc/www/ikiwiki: Makefile pkgsrc/www/kannel: Makefile pkgsrc/www/kdewebdev3: Makefile pkgsrc/www/libwww: Makefile pkgsrc/www/liferea: Makefile pkgsrc/www/llgal: Makefile pkgsrc/www/make_album: Makefile pkgsrc/www/mknmz-wwwoffle: Makefile pkgsrc/www/moodle: Makefile pkgsrc/www/neon: Makefile pkgsrc/www/netsurf: Makefile pkgsrc/www/nvu: Makefile pkgsrc/www/p5-HTMLObject: Makefile pkgsrc/www/p5-libwww: Makefile pkgsrc/www/php-owncloud: Makefile pkgsrc/www/privoxy: Makefile pkgsrc/www/py-moin: Makefile pkgsrc/www/screws: Makefile pkgsrc/www/snownews: Makefile pkgsrc/www/squid3: Makefile pkgsrc/www/squidGuard: Makefile pkgsrc/www/squidanalyzer: Makefile pkgsrc/www/squidclamav: Makefile pkgsrc/www/surfraw: Makefile pkgsrc/www/swish-e: Makefile pkgsrc/www/w3m: Makefile pkgsrc/www/wApua: Makefile pkgsrc/www/wdg-validate: Makefile pkgsrc/www/webkit-gtk: Makefile pkgsrc/www/webkit24-gtk: Makefile pkgsrc/www/weblint: Makefile pkgsrc/www/webnew: Makefile pkgsrc/www/whisker: Makefile pkgsrc/www/wml: Makefile pkgsrc/www/wwwoffle: Makefile pkgsrc/www/yaws: Makefile pkgsrc/x11/alacarte: Makefile pkgsrc/x11/eterm: Makefile pkgsrc/x11/gcolor2: Makefile pkgsrc/x11/gnome-desktop: Makefile pkgsrc/x11/gnome-panel: Makefile pkgsrc/x11/gnome-session: Makefile pkgsrc/x11/gnome-terminal: Makefile pkgsrc/x11/gtk: Makefile pkgsrc/x11/gtk-sharp: Makefile pkgsrc/x11/gtk2: Makefile pkgsrc/x11/gtk2-chtheme: Makefile pkgsrc/x11/gtk3: Makefile pkgsrc/x11/gtkada: Makefile pkgsrc/x11/gtkmm: Makefile pkgsrc/x11/gtkmm3: Makefile pkgsrc/x11/gtksourceview: Makefile pkgsrc/x11/gtksourceview2: Makefile pkgsrc/x11/gtksourceviewmm: Makefile pkgsrc/x11/kconfigwidgets: Makefile pkgsrc/x11/kdebindings-ruby: Makefile pkgsrc/x11/kdelibs3: Makefile pkgsrc/x11/p5-Wx: Makefile pkgsrc/x11/pixman: Makefile pkgsrc/x11/py-wxWidgets: Makefile pkgsrc/x11/qt5-qtbase: Makefile pkgsrc/x11/wxGTK30: Makefile pkgsrc/x11/xephem: Makefile pkgsrc/x11/xfce4-exo: Makefile pkgsrc/x11/xfce4-whiskermenu-plugin: Makefile pkgsrc/x11/xkbset: Makefile pkgsrc/x11/xplanet: Makefile pkgsrc/x11/xscreensaver: Makefile Log Message: Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 9 13:04:18 UTC 2016 Modified Files: pkgsrc/audio/ardour: Makefile pkgsrc/audio/aubio: Makefile pkgsrc/audio/csound5: Makefile pkgsrc/audio/csound6: Makefile pkgsrc/audio/csound6-manual: Makefile pkgsrc/audio/exaile: Makefile pkgsrc/audio/eyeD3: Makefile pkgsrc/audio/moss: Makefile pkgsrc/audio/mutagen-tools: Makefile pkgsrc/audio/picard: Makefile pkgsrc/audio/py-acoustid: Makefile pkgsrc/audio/py-ao: Makefile pkgsrc/audio/py-beets: Makefile pkgsrc/audio/py-cddb: Makefile pkgsrc/audio/py-daap: Makefile pkgsrc/audio/py-discogs_client: Makefile pkgsrc/audio/py-id3: Makefile pkgsrc/audio/py-id3lib: Makefile pkgsrc/audio/py-karaoke: Makefile pkgsrc/audio/py-libmtag: Makefile pkgsrc/audio/py-mad: Makefile pkgsrc/audio/py-musicbrainz: Makefile pkgsrc/audio/py-musique: Makefile pkgsrc/audio/py-ogg: Makefile pkgsrc/audio/py-vorbis: Makefile pkgsrc/audio/quodlibet2: Makefile pkgsrc/audio/rhythmbox: Makefile pkgsrc/audio/solfege: Makefile pkgsrc/audio/sonata: Makefile pkgsrc/audio/streamtuner: options.mk pkgsrc/audio/tunapie: Makefile pkgsrc/benchmarks/glmark2: Makefile pkgsrc/biology/py-mol: Makefile pkgsrc/cad/py-MyHDL: Makefile pkgsrc/chat/empathy: Makefile pkgsrc/chat/gajim: Makefile options.mk pkgsrc/chat/libtelepathy: Makefile pkgsrc/chat/py-xmpppy: Makefile pkgsrc/chat/spectrum: Makefile pkgsrc/chat/telepathy-farsight: Makefile pkgsrc/chat/telepathy-gabble: Makefile pkgsrc/chat/telepathy-glib: Makefile pkgsrc/chat/telepathy-haze: Makefile pkgsrc/chat/telepathy-idle: Makefile pkgsrc/chat/telepathy-logger: Makefile pkgsrc/chat/telepathy-mission-control5: Makefile pkgsrc/chat/telepathy-qt: Makefile pkgsrc/chat/xchat-python: Makefile pkgsrc/comms/multisync-gui: Makefile pkgsrc/comms/py-gammu: Makefile pkgsrc/converters/py-jpCodecs: Makefile pkgsrc/converters/py-yenc: Makefile pkgsrc/converters/py-zbase32: Makefile pkgsrc/converters/py-zfec: Makefile pkgsrc/converters/py-zhCodecs: Makefile pkgsrc/databases/gourmet: Makefile pkgsrc/databases/gramps3: Makefile options.mk pkgsrc/databases/libpqxx: Makefile pkgsrc/databases/luma: Makefile pkgsrc/databases/mongodb: Makefile pkgsrc/databases/py-PgSQL: Makefile pkgsrc/databases/py-bdb-xml: Makefile pkgsrc/databases/py-carbon: Makefile options.mk pkgsrc/databases/py-cassa: Makefile pkgsrc/databases/py-cdb: Makefile pkgsrc/databases/py-ckanclient: Makefile pkgsrc/databases/py-couchdb: Makefile pkgsrc/databases/py-datapkg: Makefile pkgsrc/databases/py-elixir: Makefile pkgsrc/databases/py-ldap: Makefile pkgsrc/databases/py-metakit: Makefile pkgsrc/databases/py-mssql: Makefile pkgsrc/databases/py-mysqldb: Makefile pkgsrc/databases/py-python-rrdtool: Makefile pkgsrc/databases/py-sqlalchemy-migrate: Makefile pkgsrc/databases/py-sqlite: Makefile pkgsrc/databases/py-sqlite2: Makefile pkgsrc/databases/py-sqlrelay: Makefile pkgsrc/databases/py-sybase: Makefile pkgsrc/databases/py-table: Makefile pkgsrc/databases/py-tokyocabinet: Makefile pkgsrc/databases/py-whisper: Makefile pkgsrc/databases/skytools: Makefile pkgsrc/databases/tdb: Makefile pkgsrc/devel/ExmanIDE: Makefile pkgsrc/devel/GConf: Makefile pkgsrc/devel/RBTools: Makefile pkgsrc/devel/accerciser: Makefile pkgsrc/devel/boa-constructor: Makefile pkgsrc/devel/bokken: Makefile pkgsrc/devel/bpython: Makefile pkgsrc/devel/bugs-everywhere: Makefile pkgsrc/devel/bzr: Makefile pkgsrc/devel/bzr-explorer: Makefile pkgsrc/devel/bzr-gtk: Makefile pkgsrc/devel/bzr-svn: Makefile pkgsrc/devel/bzrtools: Makefile pkgsrc/devel/codeville: Makefile pkgsrc/devel/cvs2svn: Makefile pkgsrc/devel/diffuse: Makefile pkgsrc/devel/distcc-pump: Makefile pkgsrc/devel/doxygen: Makefile pkgsrc/devel/epydoc: Makefile pkgsrc/devel/eric4: Makefile pkgsrc/devel/gdb: options.mk pkgsrc/devel/gnatpython: Makefile pkgsrc/devel/googletest: Makefile pkgsrc/devel/gps: options.mk pkgsrc/devel/gyp: Makefile pkgsrc/devel/kdesdk3: Makefile pkgsrc/devel/ko-po-check: Makefile pkgsrc/devel/lettuce: Makefile pkgsrc/devel/libappindicator: Makefile pkgsrc/devel/libappindicator3: Makefile pkgsrc/devel/libftdi1: Makefile pkgsrc/devel/libgit2: Makefile pkgsrc/devel/libhid: Makefile pkgsrc/devel/meld: Makefile pkgsrc/devel/py-InlineEgg: Makefile pkgsrc/devel/py-Optik: Makefile pkgsrc/devel/py-astroid: Makefile pkgsrc/devel/py-at-spi: Makefile pkgsrc/devel/py-buildbot: Makefile pkgsrc/devel/py-buildbot-slave: Makefile pkgsrc/devel/py-cached-property: Makefile pkgsrc/devel/py-checker: Makefile pkgsrc/devel/py-cheetah: Makefile pkgsrc/devel/py-compizconfig: Makefile pkgsrc/devel/py-daemon: Makefile pkgsrc/devel/py-darcsver: Makefile pkgsrc/devel/py-dialog2: Makefile pkgsrc/devel/py-distorm3: Makefile pkgsrc/devel/py-doctor: Makefile pkgsrc/devel/py-enum34: Makefile pkgsrc/devel/py-expect: Makefile pkgsrc/devel/py-fastimport: Makefile pkgsrc/devel/py-futures: Makefile pkgsrc/devel/py-gflags: Makefile pkgsrc/devel/py-gobject: Makefile pkgsrc/devel/py-google-apputils: Makefile pkgsrc/devel/py-hg-fastimport: Makefile pkgsrc/devel/py-hg-git: Makefile pkgsrc/devel/py-hglib: Makefile pkgsrc/devel/py-hglist: Makefile pkgsrc/devel/py-hgnested: Makefile pkgsrc/devel/py-hgview: Makefile pkgsrc/devel/py-ipaddr: Makefile pkgsrc/devel/py-ipython010: Makefile pkgsrc/devel/py-ipython013: Makefile pkgsrc/devel/py-jersey: Makefile pkgsrc/devel/py-kjbuckets: Makefile pkgsrc/devel/py-kqueue: Makefile pkgsrc/devel/py-logilab-astng: Makefile pkgsrc/devel/py-logilab-common: Makefile pkgsrc/devel/py-memcached: Makefile pkgsrc/devel/py-mercurial: Makefile.version pkgsrc/devel/py-multiprocessing: Makefile pkgsrc/devel/py-newt: Makefile pkgsrc/devel/py-open-vcdiff: Makefile pkgsrc/devel/py-pqueue: Makefile pkgsrc/devel/py-proteus: options.mk pkgsrc/devel/py-protobuf: Makefile pkgsrc/devel/py-pylint: Makefile pkgsrc/devel/py-pytemplate: Makefile pkgsrc/devel/py-pyutil: Makefile pkgsrc/devel/py-quixote: Makefile pkgsrc/devel/py-rope: Makefile pkgsrc/devel/py-ruamel-ordereddict: Makefile pkgsrc/devel/py-setuptools_trial: Makefile pkgsrc/devel/py-singledispatch: Makefile pkgsrc/devel/py-stompclient: Makefile pkgsrc/devel/py-subprocess32: Makefile pkgsrc/devel/py-subvertpy: Makefile pkgsrc/devel/py-tabular: Makefile pkgsrc/devel/py-tortoisehg: Makefile pkgsrc/devel/py-tryton: options.mk pkgsrc/devel/py-trytond: Makefile.common options.mk pkgsrc/devel/py-unit: Makefile pkgsrc/devel/py-unitgui: Makefile pkgsrc/devel/py-usb: Makefile pkgsrc/devel/py-windbg: Makefile pkgsrc/devel/py-zanata-python-client: Makefile pkgsrc/devel/py-zconfig: Makefile pkgsrc/devel/qbzr: Makefile pkgsrc/devel/reposurgeon: Makefile pkgsrc/devel/roundup: Makefile pkgsrc/devel/rox-lib: Makefile pkgsrc/devel/scons: Makefile pkgsrc/devel/stgit: Makefile pkgsrc/devel/tailor: Makefile pkgsrc/devel/talloc: Makefile pkgsrc/devel/transifex-client: Makefile pkgsrc/devel/umbrello: Makefile pkgsrc/devel/xulrunner10: mozilla-common.mk pkgsrc/devel/xulrunner17: mozilla-common.mk pkgsrc/devel/xulrunner192: mozilla-common.mk pkgsrc/editors/gedit-python: Makefile pkgsrc/editors/kdissert: Makefile pkgsrc/editors/lyx: Makefile pkgsrc/editors/medit: Makefile pkgsrc/editors/nts: Makefile pkgsrc/editors/pluma: options.mk pkgsrc/editors/zim: Makefile pkgsrc/emulators/fs-uae-launcher: Makefile pkgsrc/emulators/gns3: Makefile pkgsrc/emulators/hatari: Makefile pkgsrc/emulators/mame: Makefile pkgsrc/emulators/openmsx: Makefile pkgsrc/emulators/qemu: Makefile pkgsrc/emulators/qemu0: Makefile pkgsrc/emulators/unicorn: Makefile pkgsrc/filesystems/fuse-gmailfs: Makefile pkgsrc/filesystems/fuse-pcachefs: Makefile pkgsrc/filesystems/fuse-wikipediafs: Makefile pkgsrc/filesystems/glusterfs: Makefile pkgsrc/filesystems/py-filesystem: Makefile pkgsrc/filesystems/py-fuse-bindings: Makefile pkgsrc/filesystems/tahoe-lafs: Makefile pkgsrc/finance/gnucash: Makefile pkgsrc/finance/moneyguru: Makefile pkgsrc/finance/py-stripe: Makefile pkgsrc/finance/py-vatnumber: Makefile pkgsrc/fonts/mftrace: Makefile pkgsrc/fonts/py-TTFQuery: Makefile pkgsrc/games/4stAttack: Makefile pkgsrc/games/blindmine: Makefile pkgsrc/games/freeciv-share: Makefile.common pkgsrc/games/gcompris: Makefile pkgsrc/games/gnome-games: Makefile pkgsrc/games/jools: Makefile pkgsrc/games/kajongg: Makefile pkgsrc/games/kye: Makefile pkgsrc/games/monsterz: Makefile pkgsrc/games/py-easyAI: Makefile pkgsrc/games/py-renpy: Makefile pkgsrc/games/pysolfc: Makefile pkgsrc/games/pytraffic: Makefile pkgsrc/games/teeworlds: Makefile pkgsrc/games/wesnoth: Makefile pkgsrc/geography/gpsd: Makefile pkgsrc/geography/proj-swig: Makefile pkgsrc/geography/py-google-maps-services-python: Makefile pkgsrc/geography/py-obspy: Makefile pkgsrc/geography/qgis: options.mk pkgsrc/graphics/MesaLib: Makefile pkgsrc/graphics/MesaLib7: Makefile pkgsrc/graphics/blender: Makefile pkgsrc/graphics/comix: Makefile pkgsrc/graphics/dia-python: Makefile pkgsrc/graphics/eog: Makefile pkgsrc/graphics/eom: options.mk pkgsrc/graphics/gimp-docs-en: Makefile.common pkgsrc/graphics/libscigraphica: Makefile pkgsrc/graphics/mypaint: Makefile pkgsrc/graphics/py-OpenGL: Makefile pkgsrc/graphics/py-aafigure: Makefile pkgsrc/graphics/py-biggles: Makefile pkgsrc/graphics/py-cairo: Makefile pkgsrc/graphics/py-chart: Makefile pkgsrc/graphics/py-dot: Makefile pkgsrc/graphics/py-gdchart: Makefile pkgsrc/graphics/py-gdmodule: Makefile pkgsrc/graphics/py-gnuplot: Makefile pkgsrc/graphics/py-goocanvas: Makefile pkgsrc/graphics/py-gtkglext: Makefile pkgsrc/graphics/py-imaging: Makefile pkgsrc/graphics/py-imagingtk: Makefile pkgsrc/graphics/py-matplotlib-gtk2: Makefile pkgsrc/graphics/py-mcomix: Makefile pkgsrc/graphics/py-piddle: Makefile pkgsrc/graphics/py-pycha: Makefile pkgsrc/graphics/py-sk1libs: Makefile pkgsrc/graphics/py-uniconvertor: Makefile pkgsrc/graphics/scigraphica: Makefile pkgsrc/graphics/skencil: Makefile pkgsrc/graphics/xdot: Makefile pkgsrc/ham/gnuradio-core: Makefile.common pkgsrc/inputmethod/ibus-python: Makefile pkgsrc/inputmethod/ibus-tegaki: Makefile pkgsrc/inputmethod/mozc-server: Makefile.common pkgsrc/inputmethod/py-input-pad: Makefile pkgsrc/inputmethod/py-zinnia: Makefile pkgsrc/inputmethod/scim-python: Makefile pkgsrc/inputmethod/tegaki-pygtk: Makefile pkgsrc/inputmethod/tegaki-python: Makefile pkgsrc/inputmethod/tegaki-recognize: Makefile pkgsrc/inputmethod/tegaki-tools: Makefile pkgsrc/inputmethod/tegaki-train: Makefile pkgsrc/inputmethod/tegaki-wagomu: Makefile pkgsrc/lang/clang-static-analyzer: Makefile pkgsrc/lang/nodejs: Makefile.common pkgsrc/lang/py-basicproperty: Makefile pkgsrc/lang/py-pyrex: Makefile pkgsrc/lang/py-pythonz: Makefile pkgsrc/lang/python: pyversion.mk pkgsrc/mail/archivemail: Makefile pkgsrc/mail/fetchmailconf: Makefile pkgsrc/mail/getmail: Makefile pkgsrc/mail/mailman: Makefile pkgsrc/mail/offlineimap: Makefile pkgsrc/mail/py-libgmail: Makefile pkgsrc/mail/thunderbird-enigmail: Makefile.common pkgsrc/mail/tmda: Makefile pkgsrc/math/gnumeric: Makefile pkgsrc/math/gnumeric110: Makefile pkgsrc/math/gnumeric112: Makefile pkgsrc/math/py-Numeric: Makefile pkgsrc/math/py-Scientific: Makefile pkgsrc/math/py-cdecimal: Makefile pkgsrc/math/py-ephem: Makefile pkgsrc/math/py-fftw: Makefile pkgsrc/math/py-fpconst: Makefile pkgsrc/math/py-networkx: Makefile pkgsrc/math/py-numarray: Makefile pkgsrc/math/py-simpleeval: Makefile pkgsrc/meta-pkgs/bulk-large: Makefile pkgsrc/meta-pkgs/bulk-medium: Makefile pkgsrc/meta-pkgs/gnome: Makefile pkgsrc/meta-pkgs/py-gnome-bindings: Makefile pkgsrc/misc/byobu: Makefile pkgsrc/misc/calibre: Makefile pkgsrc/misc/calibre1: Makefile pkgsrc/misc/deskbar-applet: Makefile pkgsrc/misc/kdeutils3: Makefile pkgsrc/misc/khard: Makefile pkgsrc/misc/koffice: Makefile pkgsrc/misc/mnemosyne: Makefile pkgsrc/misc/openoffice3: Makefile pkgsrc/misc/orca: Makefile pkgsrc/misc/py-anita: Makefile pkgsrc/misc/py-anki2: Makefile pkgsrc/misc/py-carddav: Makefile pkgsrc/misc/py-stdnum: Makefile pkgsrc/misc/routeplanner-cli: Makefile pkgsrc/misc/superkaramba: Makefile pkgsrc/multimedia/farsight2: Makefile pkgsrc/multimedia/kodi: Makefile pkgsrc/multimedia/libkate: options.mk pkgsrc/multimedia/livestreamer: Makefile pkgsrc/multimedia/pitivi: Makefile pkgsrc/multimedia/py-gstreamer0.10: Makefile pkgsrc/multimedia/py-ming: Makefile pkgsrc/multimedia/totem: Makefile.common pkgsrc/net/Radicale: options.mk pkgsrc/net/avahi: options.mk pkgsrc/net/bittornado: Makefile pkgsrc/net/bittornado-gui: Makefile pkgsrc/net/bittorrent: Makefile pkgsrc/net/bittorrent-gui: Makefile pkgsrc/net/calypso: Makefile pkgsrc/net/coherence: Makefile pkgsrc/net/coilmq: Makefile pkgsrc/net/exabgp: Makefile pkgsrc/net/gitso: Makefile pkgsrc/net/gtk-vnc: options.mk pkgsrc/net/mimms: Makefile pkgsrc/net/mitmproxy: Makefile pkgsrc/net/nagstamon: Makefile pkgsrc/net/nicotine: Makefile pkgsrc/net/nmap: options.mk pkgsrc/net/omniORB: Makefile pkgsrc/net/py-GeoIP: Makefile pkgsrc/net/py-ORBit: Makefile pkgsrc/net/py-adns: Makefile pkgsrc/net/py-beanstalkc: Makefile pkgsrc/net/py-bitmessage: Makefile pkgsrc/net/py-caldav: Makefile pkgsrc/net/py-dpkt: Makefile pkgsrc/net/py-eventlib: Makefile pkgsrc/net/py-foolscap: Makefile pkgsrc/net/py-gevent: Makefile pkgsrc/net/py-google: Makefile pkgsrc/net/py-ipaddress: Makefile pkgsrc/net/py-kenosis: Makefile pkgsrc/net/py-libdnet: Makefile pkgsrc/net/py-libpcap: Makefile pkgsrc/net/py-medusa: Makefile pkgsrc/net/py-metar: Makefile pkgsrc/net/py-netifaces: Makefile pkgsrc/net/py-netsnmp: Makefile pkgsrc/net/py-omniORBpy: Makefile pkgsrc/net/py-pcap: Makefile pkgsrc/net/py-s3cmd: Makefile pkgsrc/net/py-soappy: Makefile pkgsrc/net/py-socketpool: Makefile pkgsrc/net/py-spreadmodule: Makefile pkgsrc/net/py-suds: Makefile pkgsrc/net/py-tweepy: Makefile pkgsrc/net/py-twisted: Makefile.common pkgsrc/net/py-txamqp: Makefile pkgsrc/net/py-zsi: Makefile pkgsrc/net/pygopherd: Makefile pkgsrc/net/samba4: Makefile pkgsrc/net/scapy: Makefile options.mk pkgsrc/net/upnpinspector: Makefile pkgsrc/net/wireshark: Makefile pkgsrc/net/wireshark1: Makefile pkgsrc/news/hellanzb: Makefile pkgsrc/news/lottanzb: Makefile pkgsrc/pkgtools/gnome-packagekit: Makefile pkgsrc/pkgtools/packagekit: Makefile pkgsrc/print/hplip: options.mk pkgsrc/print/lilypond: Makefile pkgsrc/print/pdfshuffler: Makefile pkgsrc/print/py-pisa: Makefile pkgsrc/print/py-poppler: Makefile pkgsrc/print/py-reportlab: Makefile pkgsrc/print/scribus: Makefile pkgsrc/print/scribus-qt4: Makefile pkgsrc/security/botan: Makefile pkgsrc/security/lasso: Makefile pkgsrc/security/libprelude-python: Makefile pkgsrc/security/libpreludedb-python: Makefile pkgsrc/security/mixminion: Makefile pkgsrc/security/prelude-correlator: Makefile pkgsrc/security/py-SSLCrypto: Makefile pkgsrc/security/py-backports.ssl_match_hostname: Makefile pkgsrc/security/py-cryptkit: Makefile pkgsrc/security/py-cryptopp: Makefile pkgsrc/security/py-cybox: Makefile pkgsrc/security/py-denyhosts: Makefile pkgsrc/security/py-gnupg: Makefile pkgsrc/security/py-lasso: Makefile pkgsrc/security/py-libtaxii: Makefile pkgsrc/security/py-m2crypto: Makefile pkgsrc/security/py-mcrypt: Makefile pkgsrc/security/py-oauth2: Makefile pkgsrc/security/py-openid: Makefile pkgsrc/security/py-prewikka: Makefile pkgsrc/security/py-service_identity: Makefile pkgsrc/security/py-stix: Makefile pkgsrc/security/py-tlslite: Makefile pkgsrc/security/py-urllib2-kerberos: Makefile pkgsrc/security/py-xmlsec: Makefile pkgsrc/security/py-yara: Makefile pkgsrc/security/py-yubiauth: Makefile pkgsrc/security/volatility: Makefile pkgsrc/shells/lshell: Makefile pkgsrc/sysutils/ansible: Makefile pkgsrc/sysutils/bup: Makefile pkgsrc/sysutils/caja-dropbox: Makefile pkgsrc/sysutils/cuisine: Makefile pkgsrc/sysutils/dbus-python-common: Makefile pkgsrc/sysutils/duplicity: Makefile pkgsrc/sysutils/euca2ools: Makefile pkgsrc/sysutils/fabric: Makefile pkgsrc/sysutils/gnome-commander: Makefile pkgsrc/sysutils/libvirt: Makefile pkgsrc/sysutils/manifold: Makefile pkgsrc/sysutils/monitoring: Makefile pkgsrc/sysutils/openxenmanager: Makefile pkgsrc/sysutils/polysh: Makefile pkgsrc/sysutils/py-borgbackup: Makefile pkgsrc/sysutils/py-gnome-menus: Makefile pkgsrc/sysutils/py-notify: Makefile pkgsrc/sysutils/py-notify-python: Makefile pkgsrc/sysutils/py-pefile: Makefile pkgsrc/sysutils/py-xattr: Makefile pkgsrc/sysutils/rdiff-backup: Makefile pkgsrc/sysutils/salt: Makefile pkgsrc/sysutils/salt-docs: Makefile pkgsrc/sysutils/virt-manager: Makefile pkgsrc/sysutils/virtinst: Makefile pkgsrc/sysutils/xenkernel3: Makefile pkgsrc/sysutils/xenkernel33: Makefile pkgsrc/sysutils/xenkernel41: Makefile pkgsrc/sysutils/xenkernel42: Makefile pkgsrc/sysutils/xenkernel45: Makefile pkgsrc/sysutils/xenkernel46: Makefile pkgsrc/sysutils/xentools3: Makefile pkgsrc/sysutils/xentools3-hvm: Makefile pkgsrc/sysutils/xentools33: Makefile pkgsrc/sysutils/xentools41: Makefile pkgsrc/sysutils/xentools42: Makefile pkgsrc/sysutils/xentools45: Makefile pkgsrc/sysutils/xentools46: Makefile pkgsrc/textproc/asciidoc: Makefile pkgsrc/textproc/coccigrep: Makefile pkgsrc/textproc/dblatex: Makefile pkgsrc/textproc/gnome-doc-utils: Makefile pkgsrc/textproc/gtk-doc: Makefile pkgsrc/textproc/ispell-lt: Makefile pkgsrc/textproc/itstool: Makefile pkgsrc/textproc/libplist: Makefile pkgsrc/textproc/markdown2social: Makefile pkgsrc/textproc/py-4Suite: Makefile pkgsrc/textproc/py-Excelerator: Makefile pkgsrc/textproc/py-HappyDoc: Makefile pkgsrc/textproc/py-Whoosh: Makefile pkgsrc/textproc/py-X2: Makefile pkgsrc/textproc/py-cabocha: Makefile pkgsrc/textproc/py-cjson: Makefile pkgsrc/textproc/py-cmTemplate: Makefile pkgsrc/textproc/py-elementtree: Makefile pkgsrc/textproc/py-empy: Makefile pkgsrc/textproc/py-generateDS: Makefile pkgsrc/textproc/py-gnosis-utils: Makefile pkgsrc/textproc/py-iniparse: Makefile pkgsrc/textproc/py-jsonlib: Makefile pkgsrc/textproc/py-libxslt: Makefile pkgsrc/textproc/py-marisa: Makefile pkgsrc/textproc/py-mecab: Makefile pkgsrc/textproc/py-relatorio: Makefile pkgsrc/textproc/py-vobject: Makefile pkgsrc/textproc/py-xlwt: Makefile pkgsrc/textproc/py-xml: Makefile pkgsrc/textproc/py-yamcha: Makefile pkgsrc/textproc/queequeg: Makefile pkgsrc/textproc/rubber: Makefile pkgsrc/textproc/xmlada: Makefile pkgsrc/time/etm: Makefile pkgsrc/time/gdeskcal: Makefile pkgsrc/time/hamster-applet: Makefile pkgsrc/time/py-goocalendar: Makefile pkgsrc/time/py-mxDateTime: Makefile pkgsrc/time/wxRemind: Makefile pkgsrc/wm/bmpanel2: Makefile pkgsrc/wm/ccsm: Makefile pkgsrc/wm/py-tyle: Makefile pkgsrc/www/ap-scgi: Makefile pkgsrc/www/bluefish: Makefile pkgsrc/www/browser-bookmarks-menu: Makefile pkgsrc/www/cherokee: Makefile pkgsrc/www/clearsilver: Makefile pkgsrc/www/firefox: mozilla-common.mk pkgsrc/www/firefox24: mozilla-common.mk pkgsrc/www/firefox31: mozilla-common.mk pkgsrc/www/firefox38: mozilla-common.mk pkgsrc/www/firefox45: mozilla-common.mk pkgsrc/www/ies4linux: Makefile pkgsrc/www/loggerhead: Makefile pkgsrc/www/py-ClientForm: Makefile pkgsrc/www/py-HTMLgen: Makefile pkgsrc/www/py-beautifulsoup: Makefile pkgsrc/www/py-blosxom: Makefile pkgsrc/www/py-clearsilver: Makefile pkgsrc/www/py-django-appmedia: Makefile pkgsrc/www/py-django-mezzanine-filebrowser: Makefile pkgsrc/www/py-django-mezzanine-grappelli: Makefile pkgsrc/www/py-django-photologue: Makefile pkgsrc/www/py-django14: Makefile options.mk pkgsrc/www/py-djangorestframework: Makefile pkgsrc/www/py-flup: Makefile pkgsrc/www/py-gdata: Makefile pkgsrc/www/py-google-api-python-client: Makefile pkgsrc/www/py-graphite-web: Makefile pkgsrc/www/py-jonpy: Makefile pkgsrc/www/py-mechanize: Makefile pkgsrc/www/py-mezzanine: Makefile pkgsrc/www/py-moin: Makefile pkgsrc/www/py-nevow: Makefile pkgsrc/www/py-pendrell: Makefile pkgsrc/www/py-python-digest: Makefile pkgsrc/www/py-pywebdav: Makefile pkgsrc/www/py-recaptcha: Makefile pkgsrc/www/py-scgi: Makefile pkgsrc/www/py-simpletal: Makefile pkgsrc/www/py-swish-e: Makefile pkgsrc/www/py-twill: Makefile pkgsrc/www/py-uliweb: Makefile pkgsrc/www/py-webpy: Makefile pkgsrc/www/py-werkzeug-docs: Makefile pkgsrc/www/ruby-pygments.rb: Makefile pkgsrc/www/trac: Makefile pkgsrc/www/urlgrabber: Makefile pkgsrc/www/viewvc: Makefile pkgsrc/www/webkit-gtk: Makefile pkgsrc/www/webkit24-gtk: Makefile.common pkgsrc/x11/alacarte: Makefile pkgsrc/x11/arandr: Makefile pkgsrc/x11/avant-window-navigator: Makefile pkgsrc/x11/driconf: Makefile pkgsrc/x11/gnome-applets: Makefile pkgsrc/x11/gnome-mag: Makefile pkgsrc/x11/gnome-panel: Makefile pkgsrc/x11/gnome-terminal: Makefile pkgsrc/x11/gtk2: Makefile pkgsrc/x11/kde-workspace4: Makefile pkgsrc/x11/libdesktop-agnostic: Makefile pkgsrc/x11/mozo: Makefile pkgsrc/x11/py-Pmw: Makefile pkgsrc/x11/py-gnome2: Makefile pkgsrc/x11/py-gnome2-desktop: Makefile pkgsrc/x11/py-gnome2-extras: Makefile pkgsrc/x11/py-gtk2: Makefile pkgsrc/x11/py-gtksourceview: Makefile pkgsrc/x11/py-keybinder: Makefile pkgsrc/x11/py-kiwi: Makefile pkgsrc/x11/py-qwt-qt4: Makefile pkgsrc/x11/py-terminator: Makefile pkgsrc/x11/py-vte: Makefile pkgsrc/x11/py-wxWidgets: Makefile pkgsrc/x11/rox-session: Makefile pkgsrc/x11/tint2: Makefile Log Message: Remove python33: adapt all packages that refer to it. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 11 12:28:17 UTC 2016 Modified Files: pkgsrc/net/samba4: Makefile PLIST Log Message: If py-dns or py-iso8601 are installed, the PLIST is wrong because the separate copy coming with samba4 is not installed. Depend on the two packages and never install the separate copies. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/samba4/PLIST @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.3.11.tar.gz) = 44399fdcbcf5eba5f86548781e8aef490264de6b RMD160 (samba-4.3.11.tar.gz) = 641234bb6e4f1ef8d65ab3f0c9b90ede41dd2f89 SHA512 (samba-4.3.11.tar.gz) = 7b9bcdf158c64a26c81e5a03a94a521f238a7573ab31c1252e90f2604ae0d1303c998d3bcda18c4feb9049a659371a3af2bdfcc546b5251314f19a500b6a0b7a Size (samba-4.3.11.tar.gz) = 20573432 bytes @ 1.9 log @Update net/samba4 to 4.3.8 This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities: o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) o CVE-2016-2115 (SMB IPC traffic is not integrity protected) o CVE-2016-2114 ("server signing = mandatory" not enforced) o CVE-2016-2113 (Missing TLS certificate validation) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) o CVE-2015-5370 (Multiple errors in DCE-RPC code) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2016/01/31 20:28:23 ryoon Exp $ d3 4 a6 3 SHA1 (samba-4.3.8.tar.gz) = e7ff0e040e2b273ac14f1bb3b65d643c2abf0ca7 RMD160 (samba-4.3.8.tar.gz) = b84f715a5f46ed8486919ae2d247886cc70af2ae Size (samba-4.3.8.tar.gz) = 20568773 bytes a8 1 SHA1 (patch-lib_nss__wrapper_wscript) = 1ce37974f93e791c9e0b1bdc34d26890583fdbfb @ 1.8 log @Update to 4.3.4 Changelog: ============================= Release Notes for Samba 4.3.4 January 12, 2016 ============================= This is the latest stable release of Samba 4.3. Changes since 4.3.3: -------------------- o Michael Adam * BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap config. * BUG 11647: s3:smbd: Fix a corner case of the symlink verification. o Jeremy Allison * BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections. * BUG 11625: Reduce the memory footprint of empty string options. o Douglas Bagnall * BUG 11659: Update lastLogon and lastLogonTimestamp. o Ralph Boehme * BUG 11065: vfs_fruit: Enable POSIX directory rename semantics. * BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix. * BUG 11645: smbd: Make "hide dot files" option work with "store dos attributes = yes". o Günther Deschner * BUG 11639: lib/async_req: Do not install async_connect_send_test. o Stefan Metzmacher * BUG 11394: Crash: Bad talloc magic value - access after free. o Rowland Penny * BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given. o Karolin Seeger * BUG 11619: docs: Fix some typos in the idmap backend section. * BUG 11641: docs: Fix typos in man vfs_gpfs. o Uri Simchoni * BUG 11649: smbd: Do not disable "store dos attributes" on-the-fly. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2015/12/29 23:58:32 wiz Exp $ d3 3 a5 4 SHA1 (samba-4.3.4.tar.gz) = adb58a4d147da327148784bed1ee7842382a6f28 RMD160 (samba-4.3.4.tar.gz) = c4dcb392be9d3201a7b02543b4e3ee6f7eeee646 SHA512 (samba-4.3.4.tar.gz) = 021351534a70cd351934d7f8bfc3c4e9ed9ea3f11f778f6f9d076b3368103f7f478ff1745cb257de0bf2ee38ae76ecba58e01a4db6cbcacbd8a4876e8e1b30f2 Size (samba-4.3.4.tar.gz) = 20434434 bytes @ 1.8.2.1 log @Pullup ticket #4958 - requested by manu net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.17 - net/samba4/PLIST 1.6 - net/samba4/distinfo 1.9 --- Module Name: pkgsrc Committed By: manu Date: Wed Apr 13 08:26:10 UTC 2016 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Log Message: Update net/samba4 to 4.3.8 This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities: o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) o CVE-2016-2115 (SMB IPC traffic is not integrity protected) o CVE-2016-2114 ("server signing = mandatory" not enforced) o CVE-2016-2113 (Missing TLS certificate validation) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) o CVE-2015-5370 (Multiple errors in DCE-RPC code) @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 3 SHA1 (samba-4.3.8.tar.gz) = e7ff0e040e2b273ac14f1bb3b65d643c2abf0ca7 RMD160 (samba-4.3.8.tar.gz) = b84f715a5f46ed8486919ae2d247886cc70af2ae Size (samba-4.3.8.tar.gz) = 20568773 bytes @ 1.8.2.2 log @Pullup ticket #5011 - requested by taca net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.18 - net/samba4/PLIST 1.7 - net/samba4/distinfo 1.10 - net/samba4/patches/patch-lib_nss__wrapper_wscript deleted --- Module Name: pkgsrc Committed By: taca Date: Sat May 7 03:09:33 UTC 2016 Modified Files: pkgsrc/net/samba4: Makefile PLIST distinfo Removed Files: pkgsrc/net/samba4/patches: patch-lib_nss__wrapper_wscript Log Message: Update samba4 to 4.3.8, which contains security fix. This release fixes some regressions introduced by the last security fixes. Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of bugs addressing these regressions and more information. Changes since 4.3.8: -------------------- o Jeremy Allison * BUG 11742: lib: tevent: Fix memory leak when old signal action restored. * BUG 11771: lib: tevent: Fix memory leak when old signal action restored. * BUG 11822: s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1. o Andrew Bartlett * BUG 11780: smbd: Only check dev/inode in open_directory, not the full stat(). * BUG 11789: pydsdb: Fix returning of ldb.MessageElement. o Berend De Schouwer * BUG 11643: docs: Add example for domain logins to smbspool man page. o Günther Deschner * BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build. o Alberto Maria Fiaschi * BUG 8093: access based share enum: Handle permission set in configuration files. o Volker Lendecke * BUG 11816: nwrap: Fix the build on Solaris. * BUG 11827: vfs_catia: Fix memleak. * BUG 11878: smbd: Avoid large reads beyond EOF. o Stefan Metzmacher * BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before dereferencing an ioctl response. * BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np. * BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on ldap_add. * BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action restored. * BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain list. * BUG 11789: s3:wscript: pylibsmb depends on pycredentials. * BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share. * BUG 11847: Only validate MIC if "map to guest" is not being used. * BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego option for testing. * BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN. * BUG 11858: Allow anonymous smb connections. * BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5). * BUG 11872: Fix 'wbinfo -u' and 'net ads search'. o Noel Power * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee. o Garming Sam * BUG 11789: build: Mark explicit dependencies on pytalloc-util. o Partha Sarathi * BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel. o Jorge Schrauwen * BUG 11816: configure: Don't check for inotify on illumos. o Uri Simchoni * BUG 11691: winbindd: Return trust parameters when listing trusts. * BUG 11753: smbd: Ignore SVHDX create context. * BUG 11763: passdb: Add linefeed to debug message. * BUG 11788: build: Fix disk-free quota support on Solaris 10. * BUG 11798: build: Fix build when '--without-quota' specified. * BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set. * BUG 11852: libads: Record session expiry for spnego sasl binds. o Hemanth Thummala * BUG 11740: Real memory leak(buildup) issue in loadparm. * BUG 11840: Mask general purpose signals for notifyd. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8.2.1 2016/04/15 07:25:11 bsiegert Exp $ d3 3 a5 4 SHA1 (samba-4.3.9.tar.gz) = d31423f80918af52cd6d5b2005d76d02975dbfd5 RMD160 (samba-4.3.9.tar.gz) = 8bfd170d9c14f75e728a051dea335d3365c2afea SHA512 (samba-4.3.9.tar.gz) = bc90c88d8defd3acec7c671e8ceacec31e3111540aabee7ec6f11cdeaf61bbd993525e2b765e3b50801c8079e1168cf496b3e5e6a56118d6493ae5da60d34c41 Size (samba-4.3.9.tar.gz) = 20570849 bytes d8 1 @ 1.7 log @Update samba4 to 4.3.3. ============================= Release Notes for Samba 4.3.3 December 16, 2015 ============================= This is a security release in order to address the following CVEs: o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba client requesting encryption vulnerable to downgrade attack) o CVE-2015-8467 (Denial of service attack against Windows Active Directory server) o CVE-2015-5330 (Remote memory read in Samba LDAP server) Please note that if building against a system libldb, the required version has been bumped to ldb-1.1.24. This is needed to ensure we build against a system ldb library that contains the fixes for CVE-2015-5330 and CVE-2015-3223. ======= Details ======= o CVE-2015-3223: All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all ldb versions up to 1.1.23 inclusive) are vulnerable to a denial of service attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests. This flaw is not exploitable beyond causing the code to loop expending CPU resources. o CVE-2015-5252: All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with another directory on the file system, the smbd daemon may allow the client to follow a symlink pointing to a file or directory in that other directory, even if the share parameter "wide links" is set to "no" (the default). o CVE-2015-5299: All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to a missing access control check in the vfs_shadow_copy2 module. When looking for the shadow copy directory under the share path the current accessing user should have DIRECTORY_LIST access rights in order to view the current snapshots. This was not being checked in the affected versions of Samba. o CVE-2015-5296: Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that signing is negotiated when creating an encrypted client connection to a server. Without this a man-in-the-middle attack could downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection. o CVE-2015-8467: Samba, operating as an AD DC, is sometimes operated in a domain with a mix of Samba and Windows Active Directory Domain Controllers. All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as an AD DC in the same domain with Windows DCs, could be used to override the protection against the MS15-096 / CVE-2015-2535 security issue in Windows. Prior to MS16-096 it was possible to bypass the quota of machine accounts a non-administrative user could create. Pure Samba domains are not impacted, as Samba does not implement the SeMachineAccountPrivilege functionality to allow non-administrator users to create new computer objects. o CVE-2015-5330: All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all ldb versions up to 1.1.23 inclusive) are vulnerable to a remote memory read attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server in the samba daemon process to return heap memory beyond the length of the requested value. This memory may contain data that the client should not be allowed to see, allowing compromise of the server. The memory may either be returned to the client in an error string, or stored in the database by a suitabily privileged user. If untrusted users can create objects in your database, please confirm that all DN and name attributes are reasonable. Changes since 4.3.2: -------------------- o Andrew Bartlett * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl. o Jeremy Allison * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS. * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file access outside the share). * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on snapdir. o Douglas Bagnall * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB. o Stefan Metzmacher * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing smb encryption on the client side. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2015/12/13 08:48:36 wiz Exp $ d3 4 a6 4 SHA1 (samba-4.3.3.tar.gz) = db188ea6986b2373463a2a4f3ad026cf38e03ca8 RMD160 (samba-4.3.3.tar.gz) = 83bfb21dfd26937fb5930c02f2b81cfb97897c51 SHA512 (samba-4.3.3.tar.gz) = 2c66d97f543e22a25ff77481359e7c69817d97c20b77a3ab02a1aab415e0b8a9a6024f4466abcca8312979f9b26596e016ca5bb78ccfe3746e3e9cec0fa303be Size (samba-4.3.3.tar.gz) = 20427281 bytes @ 1.6 log @Update samba4 to 4.3.2. While here, comment a patch. Changes since 4.3.1: -------------------- o Michael Adam * BUG 11577: ctdb: Open the RO tracking db with perms 0600 instead of 0000. o Jeremy Allison * BUG 11452: s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero. * BUG 11565: auth: gensec: Fix a memory leak. * BUG 11566: lib: util: Make non-critical message a warning. * BUG 11589: s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them. * BUG 11615: s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle. o Ralph Boehme * BUG 11562: s4:lib/messaging: Use correct path for names.tdb. * BUG 11564: async_req: Fix non-blocking connect(). o Volker Lendecke * BUG 11243: vfs_gpfs: Re-enable share modes. * BUG 11570: smbd: Send SMB2 oplock breaks unencrypted. * BUG 11612: winbind: Fix crash on invalid idmap configs. o YvanM * BUG 11584: manpage: Correct small typo error. o Stefan Metzmacher * BUG 11327: dcerpc.idl: Accept invalid dcerpc_bind_nak pdus. * BUG 11581: s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer. o Marc Muehlfeld * BUG 9912: Changing log level of two entries to DBG_NOTICE. * BUG 11581: s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(). o Noel Power * BUG 11569: Fix winbindd crashes with samlogon for trusted domain user. * BUG 11597: Backport some valgrind fixes from upstream master. o Andreas Schneider * BUG 11511: Add libreplace dependency to texpect, fixes a linking error on Solaris. * BUG 11512: s4: Fix linking of 'smbtorture' on Solaris. o Uri Simchoni * BUG 11608: auth: Consistent handling of well-known alias as primary gid. Changes since 4.3.0: -------------------- o Jeremy Allison * BUG 10252: s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows. * BUG 10634: smbd: Fix file name buflen and padding in notify repsonse. * BUG 11486: s3: smbd: Fix mkdir race condition. * BUG 11522: s3: smbd: Fix opening/creating :stream files on the root share directory. * BUG 11535: s3: smbd: Fix NULL pointer bug introduced by previous 'raw' * stream fix (bug #11522). * BUG 11555: s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect. o Ralph Boehme * BUG 11535: s3: smbd: Fix a crash in unix_convert(). * BUG 11543: vfs_fruit: Return value of ad_pack in vfs_fruit.c. * BUG 11549: s3:locking: Initialize lease pointer in share_mode_traverse_fn(). * BUG 11550: s3:smbstatus: Add stream name to share_entry_forall(). * BUG 11555: s3:lib: Validate domain name in lookup_wellknown_name(). o Günther Deschner * BUG 11038: kerberos: Make sure we only use prompter type when available. o Volker Lendecke * BUG 11038: winbind: Fix 100% loop. * BUG 11053: source3/lib/msghdr.c: Fix compiling error on Solaris. o Stefan Metzmacher * BUG 11316: s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket. * BUG 11515: s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs. * BUG 11526: lib/param: Fix hiding of FLAG_SYNONYM values. o Björn Jacke * BUG 10365: nss_winbind: Fix hang on Solaris on big groups. * BUG 11355: build: Use as-needed linker flag also on OpenBSD. o Har Gagan Sahai * BUG 11509: s3: dfs: Fix a crash when the dfs targets are disabled. o Andreas Schneider * BUG 11502: pam_winbind: Fix a segfault if initialization fails. o Uri Simchoni * BUG 11528: net: Fix a crash with 'net ads keytab create'. * BUG 11547: vfs_commit: set the fd on open before calling SMB_VFS_FSTAT. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2015/11/04 00:35:36 agc Exp $ d3 4 a6 4 SHA1 (samba-4.3.2.tar.gz) = 01c094648e14924137386ca18f5c3131f2ff326e RMD160 (samba-4.3.2.tar.gz) = 00197478e245f5b26e35c747fbe6a3b0c4782898 SHA512 (samba-4.3.2.tar.gz) = b01330c3e56731c1749e2179b160233c852c739c394be7999f9792e27891679ae2a15bbad50d8917a08a40b39ae3c6990ae2aa0f6345871d51058d234dad2528 Size (samba-4.3.2.tar.gz) = 20425622 bytes @ 1.6.2.1 log @Pullup ticket #4881 - requested by wiz net/samba4: security fix Revisions pulled up: - net/samba4/Makefile 1.14 - net/samba4/distinfo 1.7 --- Module Name: pkgsrc Committed By: wiz Date: Tue Dec 29 23:58:32 UTC 2015 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: Update samba4 to 4.3.3. ============================= Release Notes for Samba 4.3.3 December 16, 2015 ============================= This is a security release in order to address the following CVEs: o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba client requesting encryption vulnerable to downgrade attack) o CVE-2015-8467 (Denial of service attack against Windows Active Directory server) o CVE-2015-5330 (Remote memory read in Samba LDAP server) Please note that if building against a system libldb, the required version has been bumped to ldb-1.1.24. This is needed to ensure we build against a system ldb library that contains the fixes for CVE-2015-5330 and CVE-2015-3223. ======= Details ======= o CVE-2015-3223: All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all ldb versions up to 1.1.23 inclusive) are vulnerable to a denial of service attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server in the samba daemon process to become unresponsive, preventing the server from servicing any other requests. This flaw is not exploitable beyond causing the code to loop expending CPU resources. o CVE-2015-5252: All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path. If a Samba share is configured with a path that shares a common path prefix with another directory on the file system, the smbd daemon may allow the client to follow a symlink pointing to a file or directory in that other directory, even if the share parameter "wide links" is set to "no" (the default). o CVE-2015-5299: All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to a missing access control check in the vfs_shadow_copy2 module. When looking for the shadow copy directory under the share path the current accessing user should have DIRECTORY_LIST access rights in order to view the current snapshots. This was not being checked in the affected versions of Samba. o CVE-2015-5296: Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that signing is negotiated when creating an encrypted client connection to a server. Without this a man-in-the-middle attack could downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection. o CVE-2015-8467: Samba, operating as an AD DC, is sometimes operated in a domain with a mix of Samba and Windows Active Directory Domain Controllers. All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as an AD DC in the same domain with Windows DCs, could be used to override the protection against the MS15-096 / CVE-2015-2535 security issue in Windows. Prior to MS16-096 it was possible to bypass the quota of machine accounts a non-administrative user could create. Pure Samba domains are not impacted, as Samba does not implement the SeMachineAccountPrivilege functionality to allow non-administrator users to create new computer objects. o CVE-2015-5330: All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all ldb versions up to 1.1.23 inclusive) are vulnerable to a remote memory read attack in the samba daemon LDAP server. A malicious client can send packets that cause the LDAP server in the samba daemon process to return heap memory beyond the length of the requested value. This memory may contain data that the client should not be allowed to see, allowing compromise of the server. The memory may either be returned to the client in an error string, or stored in the database by a suitabily privileged user. If untrusted users can create objects in your database, please confirm that all DN and name attributes are reasonable. Changes since 4.3.2: -------------------- o Andrew Bartlett * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl. o Jeremy Allison * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS. * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file access outside the share). * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on snapdir. o Douglas Bagnall * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB. o Stefan Metzmacher * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing smb encryption on the client side. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (samba-4.3.3.tar.gz) = db188ea6986b2373463a2a4f3ad026cf38e03ca8 RMD160 (samba-4.3.3.tar.gz) = 83bfb21dfd26937fb5930c02f2b81cfb97897c51 SHA512 (samba-4.3.3.tar.gz) = 2c66d97f543e22a25ff77481359e7c69817d97c20b77a3ab02a1aab415e0b8a9a6024f4466abcca8312979f9b26596e016ca5bb78ccfe3746e3e9cec0fa303be Size (samba-4.3.3.tar.gz) = 20427281 bytes @ 1.5 log @Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2015/09/28 17:37:04 ryoon Exp $ d3 4 a6 4 SHA1 (samba-4.3.0.tar.gz) = 0ad147d8570bf11715156c654942216b7ac77869 RMD160 (samba-4.3.0.tar.gz) = ac416fa1bc45b8bc12ba9e567412aa7e0f003d6f SHA512 (samba-4.3.0.tar.gz) = 7edad171dd98a332ebfd51c7c380b1def3d1508399755fc2d333671ce4a7d5e73782871c5760341cb71460d3f7fc4b666d906d61b9e2b28f977301d08bc9a872 Size (samba-4.3.0.tar.gz) = 20417699 bytes d14 1 a14 1 SHA1 (patch-source3_script_tests_test__smbclient__s3.sh) = f55b02e266dc82cabf32723b66b5759e76213ab5 @ 1.4 log @Update to 4.3.0 Changelog: ============================= Release Notes for Samba 4.3.0 September 8, 2015 ============================= This is the first stable release of Samba 4.3. UPGRADING ========= Read the "New FileChangeNotify subsystem" and "smb.conf changes" sections (below). NEW FEATURES ============ Logging ------- The logging code now supports logging to multiple backends. In addition to the previously available syslog and file backends, the backends for logging to the systemd-journal, lttng and gpfs have been added. Please consult the section for the 'logging' parameter in the smb.conf manpage for details. Spotlight --------- Support for Apple's Spotlight has been added by integrating with Gnome Tracker. For detailed instructions how to build and setup Samba for Spotlight, please see the Samba wiki: New FileChangeNotify subsystem ------------------------------ Samba now contains a new subsystem to do FileChangeNotify. The previous system used a central database, notify_index.tdb, to store all notification requests. In particular in a cluster this turned out to be a major bottleneck, because some hot records need to be bounced back and forth between nodes on every change event like a new created file. The new FileChangeNotify subsystem works with a central daemon per node. Every FileChangeNotify request and every event are handled by an asynchronous message from smbd to the notify daemon. The notify daemon maintains a database of all FileChangeNotify requests in memory and will distribute the notify events accordingly. This database is asynchronously distributed in the cluster by the notify daemons. The notify daemon is supposed to scale a lot better than the previous implementation. The functional advantage is cross-node kernel change notify: Files created via NFS will be seen by SMB clients on other nodes per FileChangeNotify, despite the fact that popular cluster file systems do not offer cross-node inotify. Two changes to the configuration were required for this new subsystem: The parameters "change notify" and "kernel change notify" are not per-share anymore but must be set globally. So it is no longer possible to enable or disable notify per share, the notify daemon has no notion of a share, it only works on absolute paths. New SMB profiling code ---------------------- The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead of sysv IPC shared memory. This avoids performance problems and NUMA effects. The profile stats are a bit more detailed than before. Improved DCERPC man in the middle detection for kerberos -------------------------------------------------------- The gssapi based kerberos backends for gensec have support for DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY. SMB signing required in winbindd by default ------------------------------------------- The effective value for "client signing" is required by default for winbindd, if the primary domain uses active directory. Experimental NTDB was removed ----------------------------- The experimental NTDB library introduced in Samba 4.0 has been removed again. Improved support for trusted domains (as AD DC) ----------------------------------------------- The support for trusted domains/forests has improved a lot. samba-tool got "domain trust" subcommands to manage trusts: create - Create a domain or forest trust. delete - Delete a domain trust. list - List domain trusts. namespaces - Manage forest trust namespaces. show - Show trusted domain details. validate - Validate a domain trust. External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trust. The transitive routing into the other forest is fully functional for kerberos, but not yet supported for NTLMSSP. While a lot of things are working fine, there are currently a few limitations: - Both sides of the trust need to fully trust each other! - No SID filtering rules are applied at all! - This means DCs of domain A can grant domain admin rights in domain B. - It's not possible to add users/groups of a trusted domain into domain groups. SMB 3.1.1 supported ------------------- Both client and server have support for SMB 3.1.1 now. This is the dialect introduced with Windows 10, it improves the secure negotiation of SMB dialects and features. There's also a new optinal encryption algorithm aes-gcm-128, but for now this is only selected as fallback and aes-ccm-128 is preferred because of the better performance. This might change in future versions when hardware encryption will be supported. See https://bugzilla.samba.org/show_bug.cgi?id=11451. New smbclient subcommands ------------------------- - Query a directory for change notifications: notify - Server side copy: scopy New rpcclient subcommands ------------------------- netshareenumall - Enumerate all shares netsharegetinfo - Get Share Info netsharesetinfo - Set Share Info netsharesetdfsflags - Set DFS flags netfileenum - Enumerate open files netnamevalidate - Validate sharename netfilegetsec - Get File security netsessdel - Delete Session netsessenum - Enumerate Sessions netdiskenum - Enumerate Disks netconnenum - Enumerate Connections netshareadd - Add share netsharedel - Delete share New modules ----------- idmap_script - see 'man 8 idmap_script' vfs_unityed_media - see 'man 8 vfs_unityed_media' vfs_shell_snap - see 'man 8 vfs_shell_snap' New sparsely connected replia graph (Improved KCC) -------------------------------------------------- The Knowledge Consistency Checker (KCC) maintains a replication graph for DCs across an AD network. The existing Samba KCC uses a fully connected graph, so that each DC replicates from all the others, which does not scale well with large networks. In 4.3 there is an experimental new KCC that creates a sparsely connected replication graph and closely follows Microsoft's specification. It is turned off by default. To use the new KCC, set "kccsrv:samba_kcc=true" in smb.conf and let us know how it goes. You should consider doing this if you are making a large new network. For small networks there is little benefit and you can always switch over at a later date. Configurable TLS protocol support, with better defaults ------------------------------------------------------- The "tls priority" option can be used to change the supported TLS protocols. The default is to disable SSLv3, which is no longer considered secure. Samba-tool now supports all 7 FSMO roles ------------------------------------------------------- Previously "samba-tool fsmo" could only show, transfer or seize the five well-known FSMO roles: Schema Master Domain Naming Master RID Master PDC Emulator Infrastructure Master It can now also show, transfer or seize the DNS infrastructure roles: DomainDnsZones Infrastructure Master ForestDnsZones Infrastructure Master CTDB logging changes -------------------- The destination for CTDB logging is now set via a single new configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for details of CTDB_LOGGING. CTDB no longer runs a separate logging daemon. CTDB NFS support changes ------------------------ CTDB's NFS service management has been combined into a single 60.nfs event script. This updated 60.nfs script now uses a call-out to interact with different NFS implementations. See the CTDB_NFS_CALLOUT option in the ctdbd.conf(5) manual page for details. A default call-out is provided to interact with the Linux kernel NFS implementation. The 60.ganesha event script has been removed - a sample call-out is provided for NFS Ganesha, based on this script. The method of configuring NFS RPC checks has been improved. See ctdb/config/nfs-checks.d/README for details. Improved Cross-Compiling Support -------------------------------- A new "hybrid" build configuration mode is added to improve cross-compilation support. A common challenge in cross-compilation is that of obtaining the results of tests that have to run on the target, during the configuration phase of the build. The Samba build system already supports the following means to do so: - Executing configure tests using the --cross-execute parameter - Obtaining the results from an answers file using the --cross-answers parameter The first method has the drawback of inaccurate results if the tests are run using an emulator, or a need to be connected to a running target while building, if the tests are to be run on an actual target. The second method presents a challenge of figuring out the test results. The new hybrid mode runs the tests and records the result in an answer file. To activate this mode, use both --cross-execute and --cross-answers in the same configure invocation. This mode can be activated once against a running target, and then the generated answers file can be used in subsequent builds. Also supplied is an example script that can be used as the cross-execute program. This script copies the test to a running target and runs the test on the target, obtaining the result. The obtained results are more accurate than running the test with an emulator, because they reflect the exact kernel and system libraries that exist on the target. Improved Sparse File Support ---------------------------- Support for the FSCTL_SET_ZERO_DATA and FSCTL_QUERY_ALLOCATED_RANGES SMB2 requests has been added to the smbd file server. This allows for clients to deallocate (hole punch) regions within a sparse file, and check which portions of a file are allocated. ###################################################################### Changes ####### smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- logging New (empty) msdfs shuffle referrals New no smbd profiling level New off spotlight New no tls priority New NORMAL:-VERS-SSL3.0 use ntdb Removed change notify Changed to [global] kernel change notify Changed to [global] client max protocol Changed default SMB3_11 server max protocol Changed default SMB3_11 Removed modules --------------- vfs_notify_fam - see section 'New FileChangeNotify subsystem'. KNOWN ISSUES ============ Currently none. CHANGES SINCE 4.2.0rc4 ====================== o Andrew Bartlett * Bug 10973: No objectClass found in replPropertyMetaData on ordinary objects (non-deleted) * Bug 11429: Python bindings don't check integer types * Bug 11430: Python bindings don't check array sizes o Ralph Boehme * Bug 11467: Handling of 0 byte resource fork stream o Volker Lendecke * Bug 11488: AD samr GetGroupsForUser fails for users with "()" in their name o Stefan Metzmacher * Bug 11429: Python bindings don't check integer types o Matthieu Patou * Bug 10973: No objectClass found in replPropertyMetaData on ordinary objects (non-deleted) CHANGES SINCE 4.2.0rc3 ====================== o Ralph Boehme * Bug 11444: Crash in notify_remove caused by change notify = no o Günther Deschner * Bug 11411: smbtorture does not build when configured --with-system-mitkrb5 o Volker Lendecke * Bug 11455: fix recursion problem in rep_strtoll in lib/replace/replace.c * Bug 11464: xid2sid gives inconsistent results * Bug 11465: ctdb: Fix the build on FreeBSD 10.1 o Roel van Meer * Bug 11427: nmbd incorrectly matches netbios names as own name o Stefan Metzmacher * Bug 11451: Poor SMB3 encryption performance with AES-GCM * Bug 11458: --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install o Andreas Schneider * Bug 9862: Samba "map to guest = Bad uid" doesn't work CHANGES SINCE 4.3.0rc2 ====================== o Andrew Bartlett * Bug 11436: samba-tool uncaught exception error * Bug 10493: revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes o Ralph Boehme * Bug 11278: Stream names with colon don't work with fruit:encoding = native * Bug 11426: net share allowedusers crashes o Amitay Isaacs * Bug 11432: Fix crash in nested ctdb banning * Bug 11434: Cannot build ctdbpmda * Bug 11431: CTDB's eventscript error handling is broken o Stefan Metzmacher * Bug 11451: Poor SMB3 encryption performance with AES-GCM (part1) * Bug 11316: tevent_fd needs to be destroyed before closing the fd o Arvid Requate * Bug 11291: NetApp joined to a Samba/ADDC cannot resolve SIDs o Martin Schwenke * Bug 11432: Fix crash in nested ctdb banning CHANGES SINCE 4.3.0rc1 ====================== o Jeremy Allison * BUG 11359: strsep is not available on Solaris o Björn Baumbach * BUG 11421: Build with GPFS support is broken o Justin Maggard * BUG 11320: "force group" with local group not working o Martin Schwenke