pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/samba4 samba4: updated to 4.13.2
details: https://anonhg.NetBSD.org/pkgsrc/rev/a20d9c1c60c6
branches: trunk
changeset: 441842:a20d9c1c60c6
user: adam <adam%pkgsrc.org@localhost>
date: Thu Nov 12 06:37:18 2020 +0000
description:
samba4: updated to 4.13.2
Changes since 4.13.1
--------------------
* BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char
**lines onto mem_ctx on return.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
* BUG 14538: smb.conf.5: Add clarification how configuration changes
reflected by Samba.
* BUG 14552: daemons: Report status to systemd even when running in
foreground.
* BUG 14553: DNS Resolver: Support both dnspython before and after 2.0.0.
* BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present.
* BUG 14487: provision: Add support for BIND 9.16.x.
* BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
* BUG 14541: libndr: Avoid assigning duplicate versions to symbols.
* BUG 14522: docs: Fix default value of spoolss:architecture.
* BUG 14388: winbind: Fix a memleak.
* BUG 14531: s4:dsdb:acl_read: Implement "List Object" mode feature.
* BUG 14486: docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs.
* nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
* BUG 14530: vfs_shadow_copy2: Avoid closing snapsdir twice.
* BUG 14547: third_party: Update resolv_wrapper to version 1.1.7.
* BUG 14550: examples:auth: Do not install example plugin.
* BUG 14513: ctdb-recoverd: Drop unnecessary and broken code.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
Changes since 4.13.0
--------------------
* BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
unless the directory handle is open for SEC_DIR_LIST.
* BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
'samba-tool'.
* BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
* BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
4.31.0:
NEW FEATURES/CHANGES
====================
Python 3.6 or later required
----------------------------
Samba's minimum runtime requirement for python was raised to Python
3.5 with samba 4.12. Samba 4.13 raises this minimum version to Python
3.6 both to access new features and because this is the oldest version
we test with in our CI infrastructure.
This is also the last release where it will be possible to build Samba
(just the file server) with Python versions 2.6 and 2.7.
As Python 2.7 has been End Of Life upstream since April 2020, Samba
is dropping ALL Python 2.x support in the NEXT release.
Samba 4.14 to be released in March 2021 will require Python 3.6 or
later to build.
wide links functionality
------------------------
For this release, the code implementing the insecure "wide links = yes"
functionality has been moved out of the core smbd code and into a separate
VFS module, vfs_widelinks. Currently this vfs module is implicitly loaded
by smbd as the last but one module before vfs_default if "wide links = yes"
is enabled on the share (note, the existing restrictions on enabling wide
links around the SMB1 "unix extensions" and the "allow insecure wide links"
parameters are still in force). The implicit loading was done to allow
existing users of "wide links = yes" to keep this functionality without
having to make a change to existing working smb.conf files.
Please note that the Samba developers recommend changing any Samba
installations that currently use "wide links = yes" to use bind mounts
as soon as possible, as "wide links = yes" is an inherently insecure
configuration which we would like to remove from Samba. Moving the
feature into a VFS module allows this to be done in a cleaner way
in future.
A future release to be determined will remove this implicit linkage,
causing administrators who need this functionality to have to explicitly
add the vfs_widelinks module into the "vfs objects =" parameter lists.
The release notes will be updated to note this change when it occurs.
NT4-like 'classic' Samba domain controllers
-------------------------------------------
Samba 4.13 deprecates Samba's original domain controller mode.
Sites using Samba as a Domain Controller should upgrade from the
NT4-like 'classic' Domain Controller to a Samba Active Directory DC
to ensure full operation with modern windows clients.
SMBv1 only protocol options deprecated
--------------------------------------
A number of smb.conf parameters for less-secure authentication methods
which are only possible over SMBv1 are deprecated in this release.
diffstat:
net/samba4/Makefile | 6 +-
net/samba4/PLIST | 42 ++++-----
net/samba4/distinfo | 14 +-
net/samba4/options.mk | 6 +-
net/samba4/patches/patch-lib_tsocket_tsocket.h | 22 -----
net/samba4/patches/patch-lib_tsocket_tsocket__bsd.c | 23 -----
net/samba4/patches/patch-source3_libsmb_libsmb__stat.c | 37 ++++++++
net/samba4/patches/patch-source4_torture_libsmbclient_libsmbclient.c | 32 +++++++
8 files changed, 98 insertions(+), 84 deletions(-)
diffs (truncated from 373 to 300 lines):
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/Makefile
--- a/net/samba4/Makefile Thu Nov 12 06:26:57 2020 +0000
+++ b/net/samba4/Makefile Thu Nov 12 06:37:18 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.110 2020/10/30 07:17:16 taca Exp $
+# $NetBSD: Makefile,v 1.111 2020/11/12 06:37:18 adam Exp $
-DISTNAME= samba-4.12.9
+DISTNAME= samba-4.13.2
CATEGORIES= net
MASTER_SITES= https://download.samba.org/pub/samba/stable/
@@ -206,7 +206,7 @@
.endif
.include "../../archivers/libarchive/buildlink3.mk"
.include "../../converters/libiconv/buildlink3.mk"
-BUILDLINK_API_DEPENDS.ldb+= ldb>=2.0.8
+BUILDLINK_API_DEPENDS.ldb+= ldb>=2.2.0
.include "../../databases/ldb/buildlink3.mk"
.include "../../databases/lmdb/buildlink3.mk"
.include "../../devel/cmocka/buildlink3.mk"
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/PLIST
--- a/net/samba4/PLIST Thu Nov 12 06:26:57 2020 +0000
+++ b/net/samba4/PLIST Thu Nov 12 06:37:18 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.33 2020/08/18 07:39:31 adam Exp $
+@comment $NetBSD: PLIST,v 1.34 2020/11/12 06:37:18 adam Exp $
bin/cifsdd
bin/dbwrap_tool
bin/dumpmscat
@@ -103,7 +103,6 @@
include/tsocket_internal.h
include/util/attr.h
include/util/blocking.h
-include/util/byteorder.h
include/util/data_blob.h
include/util/debug.h
include/util/discard.h
@@ -253,6 +252,7 @@
${PYSITELIB}/samba/dcerpc/xattr.so
${PYSITELIB}/samba/dckeytab.so
${PYSITELIB}/samba/descriptor.py
+${PYSITELIB}/samba/dnsresolver.py
${PYSITELIB}/samba/dnsserver.py
${PYSITELIB}/samba/domain_update.py
${PYSITELIB}/samba/drs_utils.py
@@ -271,6 +271,7 @@
${PYSITELIB}/samba/gp_parse/gp_inf.py
${PYSITELIB}/samba/gp_parse/gp_ini.py
${PYSITELIB}/samba/gp_parse/gp_pol.py
+${PYSITELIB}/samba/gp_scripts_ext.py
${PYSITELIB}/samba/gp_sec_ext.py
${PYSITELIB}/samba/gpclass.py
${PYSITELIB}/samba/gpo.so
@@ -372,6 +373,8 @@
${PYSITELIB}/samba/tests/blackbox/ndrdump.py
${PYSITELIB}/samba/tests/blackbox/netads_json.py
${PYSITELIB}/samba/tests/blackbox/samba_dnsupdate.py
+${PYSITELIB}/samba/tests/blackbox/smbcacls.py
+${PYSITELIB}/samba/tests/blackbox/smbcacls_basic.py
${PYSITELIB}/samba/tests/blackbox/smbcontrol.py
${PYSITELIB}/samba/tests/blackbox/smbcontrol_process.py
${PYSITELIB}/samba/tests/blackbox/traffic_learner.py
@@ -431,6 +434,12 @@
${PYSITELIB}/samba/tests/kcc/graph_utils.py
${PYSITELIB}/samba/tests/kcc/kcc_utils.py
${PYSITELIB}/samba/tests/kcc/ldif_import_export.py
+${PYSITELIB}/samba/tests/krb5/kcrypto.py
+${PYSITELIB}/samba/tests/krb5/raw_testcase.py
+${PYSITELIB}/samba/tests/krb5/rfc4120_pyasn1.py
+${PYSITELIB}/samba/tests/krb5/s4u_tests.py
+${PYSITELIB}/samba/tests/krb5/simple_tests.py
+${PYSITELIB}/samba/tests/krb5/xrealm_tests.py
${PYSITELIB}/samba/tests/krb5_credentials.py
${PYSITELIB}/samba/tests/ldap_raw.py
${PYSITELIB}/samba/tests/ldap_referrals.py
@@ -538,6 +547,8 @@
lib/samba/bind9/dlz_bind9_10.${SOEXT}
lib/samba/bind9/dlz_bind9_11.${SOEXT}
lib/samba/bind9/dlz_bind9_12.${SOEXT}
+lib/samba/bind9/dlz_bind9_14.${SOEXT}
+lib/samba/bind9/dlz_bind9_16.${SOEXT}
lib/samba/bind9/dlz_bind9_9.${SOEXT}
lib/samba/gensec/krb5.${SOEXT}
${PLIST.ads}lib/samba/idmap/ad.${SOEXT}
@@ -771,13 +782,13 @@
lib/samba/vfs/shadow_copy.${SOEXT}
lib/samba/vfs/shadow_copy2.${SOEXT}
lib/samba/vfs/shell_snap.${SOEXT}
-${PLIST.dbus}lib/samba/vfs/snapper.${SOEXT}
lib/samba/vfs/streams_depot.${SOEXT}
lib/samba/vfs/streams_xattr.${SOEXT}
lib/samba/vfs/syncops.${SOEXT}
lib/samba/vfs/time_audit.${SOEXT}
lib/samba/vfs/unityed_media.${SOEXT}
lib/samba/vfs/virusfilter.${SOEXT}
+lib/samba/vfs/widelinks.${SOEXT}
lib/samba/vfs/worm.${SOEXT}
lib/samba/vfs/xattr_tdb.${SOEXT}
man/man1/dbwrap_tool.1
@@ -870,13 +881,13 @@
man/man8/vfs_shadow_copy.8
man/man8/vfs_shadow_copy2.8
man/man8/vfs_shell_snap.8
-${PLIST.dbus}man/man8/vfs_snapper.8
man/man8/vfs_streams_depot.8
man/man8/vfs_streams_xattr.8
man/man8/vfs_syncops.8
man/man8/vfs_time_audit.8
man/man8/vfs_unityed_media.8
man/man8/vfs_virusfilter.8
+man/man8/vfs_widelinks.8
man/man8/vfs_worm.8
man/man8/vfs_xattr_tdb.8
man/man8/winbind_krb5_locator.8
@@ -910,7 +921,8 @@
@pkgdir share/examples/samba/pam_smbpass
share/examples/samba/samba.schema
share/examples/samba/smb.conf.default
-share/samba/setup/DB_CONFIG
+share/samba/samba/admx/en-US/samba.adml
+share/samba/samba/admx/samba.admx
share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf
share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf
share/samba/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf
@@ -933,7 +945,6 @@
share/samba/setup/adprep/WindowsServerDocs/Schema-Updates.md
share/samba/setup/adprep/fix-forest-rev.ldf
share/samba/setup/aggregate_schema.ldif
-share/samba/setup/cn=samba.ldif
share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt
share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt
share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt
@@ -941,26 +952,12 @@
share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt
share/samba/setup/dns_update_list
share/samba/setup/extended-rights.ldif
-share/samba/setup/fedorads-index.ldif
-share/samba/setup/fedorads-linked-attributes.ldif
-share/samba/setup/fedorads-pam.ldif
-share/samba/setup/fedorads-samba.ldif
-share/samba/setup/fedorads-sasl.ldif
share/samba/setup/idmap_init.ldif
share/samba/setup/krb5.conf
-share/samba/setup/memberof.conf
-share/samba/setup/mmr_serverids.conf
-share/samba/setup/mmr_syncrepl.conf
-share/samba/setup/modules.conf
share/samba/setup/named.conf
share/samba/setup/named.conf.dlz
share/samba/setup/named.conf.update
share/samba/setup/named.txt
-share/samba/setup/olc_mmr.conf
-share/samba/setup/olc_seed.ldif
-share/samba/setup/olc_serverid.conf
-share/samba/setup/olc_syncrepl.conf
-share/samba/setup/olc_syncrepl_seed.conf
share/samba/setup/prefixMap.txt
share/samba/setup/provision.ldif
share/samba/setup/provision.reg
@@ -997,15 +994,10 @@
share/samba/setup/provision_users_add.ldif
share/samba/setup/provision_users_modify.ldif
share/samba/setup/provision_well_known_sec_princ.ldif
-share/samba/setup/refint.conf
-share/samba/setup/schema-map-fedora-ds-1.0
-share/samba/setup/schema-map-openldap-2.3
share/samba/setup/schema_samba4.ldif
share/samba/setup/secrets.ldif
share/samba/setup/secrets_dns.ldif
share/samba/setup/secrets_init.ldif
-share/samba/setup/secrets_sasl_ldap.ldif
-share/samba/setup/secrets_simple_ldap.ldif
share/samba/setup/share.ldif
share/samba/setup/spn_update_list
share/samba/setup/ypServ30.ldif
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/distinfo
--- a/net/samba4/distinfo Thu Nov 12 06:26:57 2020 +0000
+++ b/net/samba4/distinfo Thu Nov 12 06:37:18 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.53 2020/10/30 07:17:16 taca Exp $
+$NetBSD: distinfo,v 1.54 2020/11/12 06:37:18 adam Exp $
-SHA1 (samba-4.12.9.tar.gz) = ec12a1e9577b70e1d1239e88ae54b2625885cf9f
-RMD160 (samba-4.12.9.tar.gz) = a34871667c3dd51b9c8866ffb0a677de90a10196
-SHA512 (samba-4.12.9.tar.gz) = 8bd3122bcaab2f5a16a73902a9b628384063a8116a08f0254541e05c148016839b3215c60ff0d3291a332e7884708950ad64137204b0ac19801012d3b6684fa6
-Size (samba-4.12.9.tar.gz) = 18236198 bytes
+SHA1 (samba-4.13.2.tar.gz) = 07cccec91790c2fac51d5ce8337878308b45f229
+RMD160 (samba-4.13.2.tar.gz) = 7bb6b908f239e5959773c853e7e2259295435dae
+SHA512 (samba-4.13.2.tar.gz) = 60b8597b7fad13dd55ffec4c750ee4f5f39220d8e8d52232d3a8c4d830a5ff29254716a7230b0182e0717585e5a34b01373527caecd1d32f2170c6063a97d070
+Size (samba-4.13.2.tar.gz) = 18418249 bytes
SHA1 (patch-buildtools_wafsamba_samba__conftests.py) = d927db17124d2bb5b382885e70a41f84c3929926
SHA1 (patch-buildtools_wafsamba_samba__install.py) = d801340617da325e3bb70a90350e45cc8e383c2d
SHA1 (patch-buildtools_wafsamba_samba__pidl.py) = e4c0ed3dacfcf5613a5b397b3c6cf88509497da7
@@ -18,19 +18,19 @@
SHA1 (patch-lib_tevent_tevent.c) = 4a20506e2bfbab85bad664299b884575326e73fd
SHA1 (patch-lib_tevent_tevent__threads.c) = 14867888dd0b7c4613914752ab368c39bfdbb943
SHA1 (patch-lib_tevent_wscript) = fbbe2024096b57d651d90064f53489a974db9d7a
-SHA1 (patch-lib_tsocket_tsocket.h) = d8699b21a591a4c531ee91e7fa45bfe269164da6
-SHA1 (patch-lib_tsocket_tsocket__bsd.c) = 3143adde8c4711599608592f737cbe0fab912fa0
SHA1 (patch-lib_util_smb__threads.h) = 93bbc4276ad927ad6faf305af093064f47c09254
SHA1 (patch-lib_util_tfork.c) = cd70dcff5f2ce94ffe642e0f029f03ee07dff27d
SHA1 (patch-libcli_dns_wscript__build) = 4103a144aa1bb4662fd7a62270941f1a3d01fe89
SHA1 (patch-nsswitch_stress-nss-libwbclient.c) = bf327282a59aefeeb2d6bf9eccf9b3a832033066
SHA1 (patch-nsswitch_winbind__nss__netbsd.c) = 2773ec9269d1fe0d7ce7ed220f6a7122d187fabe
SHA1 (patch-nsswitch_wscript__build) = e8a6251e031ffa13d6347fade8891f7afd65d3eb
+SHA1 (patch-source3_libsmb_libsmb__stat.c) = 1f88759babfd64b525df8087ea143c7bc3171549
SHA1 (patch-source3_libsmb_pylibsmb.c) = 50c3aaecf345449e02642e387eeac3dd7043e77a
SHA1 (patch-source3_smbd_process.c) = 532d2426b9bd2a215d133bc489741558aa07f849
SHA1 (patch-source4_dsdb_samdb_ldb__modules_wscript__build__server) = 47f55ec16b667a0a4d38de5ac89a117f2ac8f898
SHA1 (patch-source4_heimdal__build_roken.h) = f467a541fa09e2aa483d10ed9d49df9167a3443a
SHA1 (patch-source4_heimdal_include_heim__threads.h) = c93e0c80790ea2045333822c80e66d371bf2249c
SHA1 (patch-source4_scripting_wsript_build) = bd4feddcaadf1c3d2d25eb7914e7b5843e4e9511
+SHA1 (patch-source4_torture_libsmbclient_libsmbclient.c) = 38bb8b53581d5f0b5b0e9f0fce58f51148e91c20
SHA1 (patch-source4_utils_oLschema2ldif_wscript__build) = b0cbbcd4ebedd443dc9f9a59d1dad2e039bb9663
SHA1 (patch-third__party_socket__wrapper_socket__wrapper.c) = 0cc01c932f21e9f6219fb9d204e6fdf3682938f8
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/options.mk
--- a/net/samba4/options.mk Thu Nov 12 06:26:57 2020 +0000
+++ b/net/samba4/options.mk Thu Nov 12 06:37:18 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.11 2020/07/20 22:19:58 wiz Exp $
+# $NetBSD: options.mk,v 1.12 2020/11/12 06:37:18 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.samba4
PKG_SUPPORTED_OPTIONS= ads avahi fam ldap pam winbind # cups # cups option is broken for me.
@@ -17,7 +17,7 @@
.include "../../mk/bsd.options.mk"
-PLIST_VARS+= ads cups dbus fam ldap pam winbind
+PLIST_VARS+= ads cups fam ldap pam winbind
###
### Access Control List support.
@@ -104,8 +104,6 @@
###
.if !empty(PKG_OPTIONS:Mavahi)
.include "../../net/avahi/buildlink3.mk"
-# avahi also pulls in dbus, which affects whether the snapper module gets built
-PLIST.dbus= yes
CONFIGURE_ARGS+= --enable-avahi
.else
CONFIGURE_ARGS+= --disable-avahi
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/patches/patch-lib_tsocket_tsocket.h
--- a/net/samba4/patches/patch-lib_tsocket_tsocket.h Thu Nov 12 06:26:57 2020 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-lib_tsocket_tsocket.h,v 1.1 2020/05/26 13:11:01 jperkin Exp $
-
-Avoid conflict with host s_addr.
-
---- lib/tsocket/tsocket.h.orig 2020-01-31 10:25:36.000000000 +0000
-+++ lib/tsocket/tsocket.h
-@@ -1000,12 +1000,12 @@ int tsocket_address_bsd_from_samba_socka
- struct tsocket_address **t_addr);
- #else
- int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
-- const struct samba_sockaddr *s_addr,
-+ const struct samba_sockaddr *samba_s_addr,
- struct tsocket_address **t_addr,
- const char *location);
-
--#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr) \
-- _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, s_addr, t_addr, \
-+#define tsocket_address_bsd_from_samba_sockaddr(mem_ctx, samba_s_addr, t_addr) \
-+ _tsocket_address_bsd_from_samba_sockaddr(mem_ctx, samba_s_addr, t_addr, \
- __location__)
- #endif
-
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/patches/patch-lib_tsocket_tsocket__bsd.c
--- a/net/samba4/patches/patch-lib_tsocket_tsocket__bsd.c Thu Nov 12 06:26:57 2020 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-$NetBSD: patch-lib_tsocket_tsocket__bsd.c,v 1.1 2020/05/26 13:11:01 jperkin Exp $
-
-Avoid conflict with host s_addr.
-
---- lib/tsocket/tsocket_bsd.c.orig 2020-01-31 10:25:36.000000000 +0000
-+++ lib/tsocket/tsocket_bsd.c
-@@ -282,13 +282,13 @@ int _tsocket_address_bsd_from_sockaddr(T
- }
-
- int _tsocket_address_bsd_from_samba_sockaddr(TALLOC_CTX *mem_ctx,
-- const struct samba_sockaddr *s_addr,
-+ const struct samba_sockaddr *samba_s_addr,
- struct tsocket_address **t_addr,
- const char *location)
- {
- return _tsocket_address_bsd_from_sockaddr(mem_ctx,
-- &s_addr->u.sa,
-- s_addr->sa_socklen,
-+ &samba_s_addr->u.sa,
-+ samba_s_addr->sa_socklen,
- t_addr,
- location);
- }
diff -r 0f48c0b2a1ef -r a20d9c1c60c6 net/samba4/patches/patch-source3_libsmb_libsmb__stat.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/samba4/patches/patch-source3_libsmb_libsmb__stat.c Thu Nov 12 06:37:18 2020 +0000
@@ -0,0 +1,37 @@
Home |
Main Index |
Thread Index |
Old Index