Date: Wed, 1 Jun 2011 23:52:09 GMT From: Ryan Steinmetz <rpsfa@rit.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/157513: [update] net/samba35 to 3.5.8 Message-ID: <201106012352.p51Nq97U047241@red.freebsd.org> Resent-Message-ID: <201106020000.p5200JmX066554@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157513 >Category: ports >Synopsis: [update] net/samba35 to 3.5.8 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Jun 02 00:00:19 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Ryan Steinmetz >Release: 8.2-RELEASE >Organization: Rochester Institute of Technology >Environment: >Description: Update to 3.5.8: -Remove patch to source3/passdb/pdb_ldap.c -Update CONFIGURE_ENV CPPFLAGS to make portlint happy In addition to the items listed below, this release also appears to resolve bug #6563, which has plagued FreeRADIUS users that utilize ntlm_auth. I have confirmed that the NT_KEY returned in this release is the same as the previous 'working' releases of samba: https://bugzilla.samba.org/show_bug.cgi?id=6563 ================================================= This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.8 include: o Fix Winbind crash bug when no DC is available (bug #7730). o Fix finding users on domain members (bug #7743). o Fix memory leaks in Winbind (bug #7879). o Fix printing with Windows 7 clients (bug #7567). Changes since 3.5.7: -------------------- o Michael Adam <obnox@samba.org> * BUG 7594: Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'. * BUG 7871: Fix 'net ads dns register' in cluster setups. * BUG 7894: Fix sporadic Winbind panic in rpc query_user_list. o Jeremy Allison <jra@samba.org> * BUG 7409: Raise debug level for "reduce_name: couldn't get realpath" messages. * BUG 7716: Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules. * BUG 7733: Fix incorrect unix mode_t caused by invalid client DOS attributes on create. * BUG 7734: Apply appropriate create masks when creating files with "inherit ACLs" set to true. * BUG 7743: Fix finding users on domain members. * BUG 7744: Fix "dfree cache time" parameter. * BUG 7777: Fix requesting lookups for BUILTIN sids. * BUG 7785: Fix atime limit. * BUG 7791: Fix copying files from a SMB share using Gnome vfs and SMB signing. * BUG 7812: ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb. * BUG 7835: vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on. * BUG 7843: Expand the local SAMs aliases. * BUG 7892: Fix stale lock in open_file_fchmod(). * BUG 7950: Revalidate the pathname once re-constructed from a root fsp. o Andrew Bartlett <abartlet@samba.org> * BUG 7356: Fix 'net ads dns register' in Windows 2008 R2 domains. o Björn Baumbach <bb@sernet.de> * BUG 7875: Fix 'nmbd --port'. * BUG 7880: Make 'rpcclient deldriver' delete drivers for all architectures. o Günther Deschner <gd@samba.org> * BUG 7567: Fix printing with Windows 7 clients. * BUG 7641: Handle Windows 9x adddriver calls without config file. * BUG 7945: Let Winbind try to use samlogon validation level 6. o Holger Hetterich <hhetter@novell.com> * BUG 3185: Fix 'testparm' return code when EOF in encountered in param name. o Björn Jacke <bj@sernet.de> * BUG 7821: Fix build of shared libraries on Tru64. o Volker Lendecke <vl@samba.org> * BUG 7066: Fix "Your Password expires today" message for users of trusted domains. * BUG 7262: Fix maintaining of users' groups via UsrMgr. * BUG 7656: Fix scalability problem with hundreds of printers. * BUG 7665: Fix memory leak in the netapi routines. * BUG 7730: Fix Winbind crash bug when no DC is available. * BUG 7774: Fix a getgrent crash with many groups. * BUG 7779: Fix smbd crash caused by expand_msdfs. * BUG 7800: Make Winbind recover from a signing error. * BUG 7817: Fix "force group" with ntlmssp guest session setup. * BUG 7841: Make WINBINDD_LOOKUPRIDS asking the right domain. * BUG 7842: Make WINBINDD_LOOKUPRIDS returning the domain name. * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't support. * BUG 7879: Fix memory leaks in Winbind. * BUG 7881: Fix flaky Winbind against Windows 2008. * BUG 7917: Fix connections from WinCE. * BUG 7940: Fix opening MS Powerpoint files. o Stefan Metzmacher <metze@samba.org> * BUG 7567: Fix printing with Windows 7 clients. * BUG 7855: ntlm_auth: Support clients which offer a spnego mechs we don't support. * BUG 7883: Fix SMB session setups with Kerberos against some closed source SMB servers. * BUG 7896: Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name. * BUG 7899: Don't return "-1" on success in 'net rpc vampire keytab'. * BUG 7942: Fix endless loops caused by inotify. * BUG 7944: Catch lookup_names/sids schannel errors over ncacn_ip_tcp. o Jonathan Nieder <jrnieder@gmail.com> * BUG 6837: Make "rlimit_max below minimum Windows limit" notification less scary. o olivier <olivier@virtscano.fakenet> * BUG 7789: vfs_scannedonly: Switch from mtime to ctime which is more reliable. o Rusty Russell <rusty@rustcorp.com.au> * BUG 7498: Fix updating the time on close in vfs_gpfs. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN /usr/ports/net/samba35/Makefile samba35/Makefile --- /usr/ports/net/samba35/Makefile 2011-02-24 20:32:01.000000000 -0500 +++ samba35/Makefile 2011-06-01 19:06:28.000000000 -0400 @@ -6,8 +6,7 @@ # PORTNAME= ${SAMBA_BASENAME}35 -PORTVERSION= 3.5.6 -PORTREVISION?= 2 +PORTVERSION= 3.5.8 CATEGORIES?= net MASTER_SITES= ${MASTER_SITE_SAMBA} MASTER_SITE_SUBDIR= . old-versions rc pre @@ -74,7 +73,7 @@ CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS}" LDFLAGS="${LDFLAGS}" \ +CONFIGURE_ENV+= CPPFLAGS+="${CPPFLAGS}" LDFLAGS="${LDFLAGS}" \ PTHREAD_CFLAGS="${PTHREAD_CFLAGS}" \ PTHREAD_LDFLAGS="${PTHREAD_LIBS}" # pkg-config is used to find talloc diff -urN /usr/ports/net/samba35/distinfo samba35/distinfo --- /usr/ports/net/samba35/distinfo 2010-11-15 07:29:21.000000000 -0500 +++ samba35/distinfo 2011-06-01 18:34:50.000000000 -0400 @@ -1,2 +1,2 @@ -SHA256 (samba-3.5.6.tar.gz) = 466410868375d19a286ac3fc5d9f3c267ce359189f8e0d76e72ec10bd54247da -SIZE (samba-3.5.6.tar.gz) = 30803319 +SHA256 (samba-3.5.8.tar.gz) = 331e3f2806edcad853b48f4b1e653367ad9a6ce1ab5ed486c03a6bf614882796 +SIZE (samba-3.5.8.tar.gz) = 30721269 diff -urN /usr/ports/net/samba35/files/sernet.patch samba35/files/sernet.patch --- /usr/ports/net/samba35/files/sernet.patch 2010-10-25 22:41:58.000000000 -0400 +++ samba35/files/sernet.patch 2011-06-01 18:43:00.000000000 -0400 @@ -1,60 +1,6 @@ -0001-s3-Fix-another-aspect-of-bug-7262.patch -samba3-3.4-honor-all-loopback-ips.patch - -From 325f03d3df7afb758b6815d327739fc121dbbe71 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke <vl@samba.org> -Date: Tue, 6 Jul 2010 16:55:14 +0200 -Subject: [PATCH] s3: Fix another aspect of bug 7262 and make paged results work again ---- - source3/passdb/pdb_ldap.c | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c -index 6ac8f0d..f4c8dbe 100644 ---- a/source3/passdb/pdb_ldap.c -+++ b/source3/passdb/pdb_ldap.c -@@ -4483,10 +4483,6 @@ static bool ldapsam_search_next_entry(struct pdb_search *search, - bool result; - - retry: -- if (state->current_entry == NULL) { -- return false; -- } -- - if ((state->entries == NULL) && (state->pagedresults_cookie == NULL)) - return False; - -@@ -4494,6 +4490,10 @@ static bool ldapsam_search_next_entry(struct pdb_search *search, - !ldapsam_search_nextpage(search)) - return False; - -+ if (state->current_entry == NULL) { -+ return false; -+ } -+ - result = state->ldap2displayentry(state, search, - state->connection->ldap_struct, - state->current_entry, entry); --- -1.6.0.4 - -commit b6afe7ef236a454d8a6abf104b8846f817378f73 -Author: Björn Jacke <bj@sernet.de> -Date: Thu Oct 15 02:02:30 2009 +0200 - - util: cope the all loopback addresses IPv4 knows - - The fact that we just recogniced 127.0.0.1 as loopback IP address and not the - rest of the 127.0.0.0/8 IP address range we used the lo interface for sending - packages even though we should send them to some more physical interface. This - way we ended up with failing WINS registration and so on like in #6348. - On the lo interface sendto() returned "Invalid Argument" (EINVAL). - -diff --git a/lib/util/util_net.c b/lib/util/util_net.c -index 0ce495e..0511a28 100644 ---- a/lib/util/util_net.c -+++ b/lib/util/util_net.c -@@ -351,13 +351,11 @@ bool is_broadcast_addr(const struct sockaddr *pss) +--- a/lib/util/util_net.c 2011-03-06 13:48:05.000000000 -0500 ++++ b/lib/util/util_net.c 2011-06-01 18:35:34.000000000 -0400 +@@ -351,13 +351,11 @@ } /** >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106012352.p51Nq97U047241>