pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/samba4 samba4: updated to 4.11.2



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1f6ae0d123bc
branches:  trunk
changeset: 343754:1f6ae0d123bc
user:      adam <adam%pkgsrc.org@localhost>
date:      Sun Nov 10 17:01:58 2019 +0000

description:
samba4: updated to 4.11.2

4.11.2:
This is a security release in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the full
                  password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
                  via dirsync.

4.11.1:
This is the latest stable release of the Samba 4.11 release series.


Changes since 4.11.0:
* BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH
  group.
* BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and
  smbc_lseekdir().
* BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into
  SMB1-specific calls.
* BUG 14137: Fix stale file handle error when using mkstemp on a share.
* BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server.
* BUG 14140: Overlinking libreplace against librt and pthread against every
  binary or library causes issues.
* BUG 14130: s3-winbindd: Fix forest trusts with additional trust attributes.
* BUG 14134: auth/gensec: Fix non-AES schannel seal.
* BUG 14147: Deleted records can be resurrected during recovery.
* BUG 14136: Fix uncaught exception in classicupgrade.
* BUG 14139: fault.c: Improve fault_report message text pointing to our wiki.
* BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI.
* BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users
  of trusted domains/forests.
* BUG 14131: Remove 'pod2man' as it is no longer needed.
* BUG 13884: Joining Active Directory should not use SAMR to set the
  password.
* BUG 14140: Overlinking libreplace against librt and pthread against every
  binary or library causes issues.
* BUG 14155: 'kpasswd' fails when built with MIT Kerberos.
* BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted
  nodes.

4.11.0:
* BUG 14049: ldb: Don't try to save a value that isn't there.
* ldb_dn: Free dn components on explode failure.
* ldb: Do not allow adding a DN as a base to itself.
* ldb: Release ldb 2.0.7.
* BUG 13695: ldb: Correct Pigeonhole principle validation in
  ldb_filter_attrs().
* BUG 14049: Fix ldb dn crash.
* BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords = no".
* BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust
  mutexes.
* BUG 14121: smbd returns bad File-ID on filehandle used to create a file or
  directory.
* BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations.
* BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint to
  load balancers or servers with "multi-tenancy" support.
* BUG 14113: Fix byte range locking bugs/regressions.
* ldb: Fix mem-leak if talloc_realloc fails.
* BUG 14007: Fix join with don't exists machine account.
* BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map.

CHANGES SINCE 4.11.0rc2
* BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data
  loss in CTDB cluster.
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
  from the share.
* BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what
  is happening).
* BUG 14092: docs: Deprecate "rndc command" for Samba 4.11.
* BUG 14059: ldb: Free memory when repacking database.
* BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id.
* BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and
  st_ex_iflags.
* BUG 14093: vfs_glusterfs: Enable profiling for file system operations.
* BUG 14059: Backport sambadowngradedatabase for v4.11.
* BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
  from the share.
* BUG 14032: vfs_gpfs: Implement special case for denying owner access to
  ACL.
* BUG 14084: Avoid marking a node as connected before it can receive packets.
* BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7.
* BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing
  databases.

diffstat:

 net/samba4/Makefile                                                |   7 +-
 net/samba4/PLIST                                                   |  67 +++------
 net/samba4/distinfo                                                |  18 +-
 net/samba4/patches/patch-buildtools_wafsamba_samba__conftests.py   |   8 +-
 net/samba4/patches/patch-buildtools_wafsamba_wscript               |  10 +-
 net/samba4/patches/patch-libcli_dns_wscript__build                 |   6 +-
 net/samba4/patches/patch-source4_heimdal__build_wscript__configure |  22 ---
 7 files changed, 47 insertions(+), 91 deletions(-)

diffs (truncated from 436 to 300 lines):

diff -r 976991b92b4a -r 1f6ae0d123bc net/samba4/Makefile
--- a/net/samba4/Makefile       Sun Nov 10 16:59:26 2019 +0000
+++ b/net/samba4/Makefile       Sun Nov 10 17:01:58 2019 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.82 2019/11/03 11:45:52 rillig Exp $
+# $NetBSD: Makefile,v 1.83 2019/11/10 17:01:58 adam Exp $
 
-DISTNAME=      samba-4.10.8
-PKGREVISION=   1
+DISTNAME=      samba-4.11.2
 CATEGORIES=    net
 MASTER_SITES=  https://download.samba.org/pub/samba/stable/
 
@@ -91,7 +90,6 @@
 #CONFIGURE_ARGS+=      --bundled-libraries=com_err
 CONFIGURE_ARGS+=       --abi-check-disable
 CONFIGURE_ARGS+=       --disable-symbol-versions
-CONFIGURE_ARGS+=       --enable-gnutls
 .if defined(MAKE_JOBS) && !empty(MAKE_JOBS) && !(defined(MAKE_JOBS_SAFE) && !empty(MAKE_JOBS_SAFE:M[nN][oO]))
 CONFIGURE_ARGS+=       --jobs=${MAKE_JOBS}
 .else
@@ -219,6 +217,7 @@
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../lang/python/application.mk"
 .include "../../lang/python/extension.mk"
+.include "../../net/avahi/buildlink3.mk"
 .include "../../security/gnutls/buildlink3.mk"
 .include "../../security/libgcrypt/buildlink3.mk"
 .include "../../textproc/jansson/buildlink3.mk"
diff -r 976991b92b4a -r 1f6ae0d123bc net/samba4/PLIST
--- a/net/samba4/PLIST  Sun Nov 10 16:59:26 2019 +0000
+++ b/net/samba4/PLIST  Sun Nov 10 17:01:58 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2019/08/03 06:54:39 adam Exp $
+@comment $NetBSD: PLIST,v 1.24 2019/11/10 17:01:58 adam Exp $
 bin/cifsdd
 bin/dbwrap_tool
 bin/dumpmscat
@@ -13,7 +13,6 @@
 bin/ntlm_auth
 bin/oLschema2ldif
 bin/pdbedit
-bin/pidl
 bin/profiles
 bin/regdiff
 bin/regpatch
@@ -35,6 +34,8 @@
 bin/smbtree
 bin/testparm
 bin/wbinfo
+@pkgdir bind-dns
+@pkgdir etc/samba
 include/charset.h
 include/core/doserr.h
 include/core/error.h
@@ -155,7 +156,7 @@
 lib/libsamba-hostconfig.so.0.0.1
 lib/libsamba-passdb.so
 lib/libsamba-passdb.so.0
-lib/libsamba-passdb.so.0.27.2
+lib/libsamba-passdb.so.0.28.0
 lib/libsamba-policy.so
 lib/libsamba-policy.so.0
 lib/libsamba-policy.so.0.0.1
@@ -178,31 +179,6 @@
 lib/libwbclient.so
 lib/libwbclient.so.0
 lib/libwbclient.so.0.15
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/CUtil.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Compat.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Dump.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Expr.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/IDL.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/NDR.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/ODL.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba3/ClientNDR.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba3/ServerNDR.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/COM/Header.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/COM/Proxy.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/COM/Stub.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/Header.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/NDR/Client.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/NDR/Parser.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/NDR/Server.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/Python.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/TDR.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Samba4/Template.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Typelist.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Util.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Wireshark/Conformance.pm
-${PERL5_SUB_INSTALLVENDORLIB}/Parse/Pidl/Wireshark/NDR.pm
 lib/pkgconfig/dcerpc.pc
 lib/pkgconfig/dcerpc_samr.pc
 lib/pkgconfig/dcerpc_server.pc
@@ -314,6 +290,7 @@
 ${PYSITELIB}/samba/netcmd/__init__.py
 ${PYSITELIB}/samba/netcmd/common.py
 ${PYSITELIB}/samba/netcmd/computer.py
+${PYSITELIB}/samba/netcmd/contact.py
 ${PYSITELIB}/samba/netcmd/dbcheck.py
 ${PYSITELIB}/samba/netcmd/delegation.py
 ${PYSITELIB}/samba/netcmd/dns.py
@@ -362,7 +339,6 @@
 ${PYSITELIB}/samba/sd_utils.py
 ${PYSITELIB}/samba/security.so
 ${PYSITELIB}/samba/sites.py
-${PYSITELIB}/samba/smb.so
 ${PYSITELIB}/samba/subnets.py
 ${PYSITELIB}/samba/subunit/__init__.py
 ${PYSITELIB}/samba/subunit/run.py
@@ -379,9 +355,11 @@
 ${PYSITELIB}/samba/tests/auth_log_netlogon_bad_creds.py
 ${PYSITELIB}/samba/tests/auth_log_pass_change.py
 ${PYSITELIB}/samba/tests/auth_log_samlogon.py
+${PYSITELIB}/samba/tests/auth_log_winbind.py
 ${PYSITELIB}/samba/tests/blackbox/__init__.py
 ${PYSITELIB}/samba/tests/blackbox/bug13653.py
 ${PYSITELIB}/samba/tests/blackbox/check_output.py
+${PYSITELIB}/samba/tests/blackbox/downgradedatabase.py
 ${PYSITELIB}/samba/tests/blackbox/ndrdump.py
 ${PYSITELIB}/samba/tests/blackbox/netads_json.py
 ${PYSITELIB}/samba/tests/blackbox/samba_dnsupdate.py
@@ -414,7 +392,6 @@
 ${PYSITELIB}/samba/tests/dns.py
 ${PYSITELIB}/samba/tests/dns_base.py
 ${PYSITELIB}/samba/tests/dns_forwarder.py
-${PYSITELIB}/samba/tests/dns_forwarder_helpers/dns_hub.py
 ${PYSITELIB}/samba/tests/dns_forwarder_helpers/server.py
 ${PYSITELIB}/samba/tests/dns_invalid.py
 ${PYSITELIB}/samba/tests/dns_tkey.py
@@ -488,18 +465,24 @@
 ${PYSITELIB}/samba/tests/samba_tool/__init__.py
 ${PYSITELIB}/samba/tests/samba_tool/base.py
 ${PYSITELIB}/samba/tests/samba_tool/computer.py
+${PYSITELIB}/samba/tests/samba_tool/contact.py
 ${PYSITELIB}/samba/tests/samba_tool/demote.py
 ${PYSITELIB}/samba/tests/samba_tool/dnscmd.py
+${PYSITELIB}/samba/tests/samba_tool/drs_clone_dc_data_lmdb_size.py
+${PYSITELIB}/samba/tests/samba_tool/dsacl.py
 ${PYSITELIB}/samba/tests/samba_tool/forest.py
 ${PYSITELIB}/samba/tests/samba_tool/fsmo.py
 ${PYSITELIB}/samba/tests/samba_tool/gpo.py
 ${PYSITELIB}/samba/tests/samba_tool/group.py
 ${PYSITELIB}/samba/tests/samba_tool/help.py
 ${PYSITELIB}/samba/tests/samba_tool/join.py
+${PYSITELIB}/samba/tests/samba_tool/join_lmdb_size.py
 ${PYSITELIB}/samba/tests/samba_tool/ntacl.py
 ${PYSITELIB}/samba/tests/samba_tool/ou.py
 ${PYSITELIB}/samba/tests/samba_tool/passwordsettings.py
 ${PYSITELIB}/samba/tests/samba_tool/processes.py
+${PYSITELIB}/samba/tests/samba_tool/promote_dc_lmdb_size.py
+${PYSITELIB}/samba/tests/samba_tool/provision_lmdb_size.py
 ${PYSITELIB}/samba/tests/samba_tool/provision_password_check.py
 ${PYSITELIB}/samba/tests/samba_tool/rodc.py
 ${PYSITELIB}/samba/tests/samba_tool/schema.py
@@ -514,6 +497,7 @@
 ${PYSITELIB}/samba/tests/samdb.py
 ${PYSITELIB}/samba/tests/samdb_api.py
 ${PYSITELIB}/samba/tests/security.py
+${PYSITELIB}/samba/tests/segfault.py
 ${PYSITELIB}/samba/tests/smb.py
 ${PYSITELIB}/samba/tests/smbd_base.py
 ${PYSITELIB}/samba/tests/source.py
@@ -523,12 +507,12 @@
 ${PYSITELIB}/samba/tests/upgrade.py
 ${PYSITELIB}/samba/tests/upgradeprovision.py
 ${PYSITELIB}/samba/tests/upgradeprovisionneeddc.py
+${PYSITELIB}/samba/tests/usage.py
 ${PYSITELIB}/samba/tests/xattr.py
 ${PYSITELIB}/samba/third_party/__init__.py
 ${PYSITELIB}/samba/upgrade.py
 ${PYSITELIB}/samba/upgradehelpers.py
 ${PYSITELIB}/samba/uptodateness.py
-${PYSITELIB}/samba/web_server/__init__.py
 ${PYSITELIB}/samba/werror.so
 ${PYSITELIB}/samba/xattr.py
 ${PYSITELIB}/samba/xattr_native.so
@@ -552,6 +536,7 @@
 lib/samba/ldb/aclread.${SOEXT}
 lib/samba/ldb/anr.${SOEXT}
 lib/samba/ldb/audit_log.${SOEXT}
+lib/samba/ldb/count_attrs.${SOEXT}
 lib/samba/ldb/descriptor.${SOEXT}
 lib/samba/ldb/dirsync.${SOEXT}
 lib/samba/ldb/dns_notify.${SOEXT}
@@ -643,6 +628,7 @@
 lib/samba/private/libgenrand-samba4.so
 lib/samba/private/libgensec-samba4.so
 lib/samba/private/libgpext-samba4.so
+lib/samba/private/libgpo-samba4.so
 lib/samba/private/libgse-samba4.so
 lib/samba/private/libgssapi-samba4.so.2
 lib/samba/private/libgssapi-samba4.so.2.0.0
@@ -678,13 +664,13 @@
 lib/samba/private/libndr-samba4.so
 lib/samba/private/libnet-keytab-samba4.so
 lib/samba/private/libnetif-samba4.so
-lib/samba/private/libnon-posix-acls-samba4.so
 lib/samba/private/libnpa-tstream-samba4.so
 lib/samba/private/libnss-info-samba4.so
 lib/samba/private/libpac-samba4.so
 lib/samba/private/libpopt-samba3-cmdline-samba4.so
 lib/samba/private/libpopt-samba3-samba4.so
 lib/samba/private/libposix-eadb-samba4.so
+lib/samba/private/libprinter-driver-samba4.so
 lib/samba/private/libprinting-migrate-samba4.so
 lib/samba/private/libprocess-model-samba4.so
 lib/samba/private/libregistry-samba4.so
@@ -742,7 +728,6 @@
 lib/samba/service/nbtd.${SOEXT}
 lib/samba/service/ntp_signd.${SOEXT}
 lib/samba/service/s3fs.${SOEXT}
-lib/samba/service/web.${SOEXT}
 lib/samba/service/winbindd.${SOEXT}
 lib/samba/service/wrepl.${SOEXT}
 lib/samba/vfs/acl_tdb.${SOEXT}
@@ -761,7 +746,6 @@
 lib/samba/vfs/fake_perms.${SOEXT}
 lib/samba/vfs/fruit.${SOEXT}
 lib/samba/vfs/full_audit.${SOEXT}
-lib/samba/vfs/glusterfs_fuse.${SOEXT}
 lib/samba/vfs/linux_xfs_sgid.${SOEXT}
 lib/samba/vfs/media_harmony.${SOEXT}
 lib/samba/vfs/netatalk.${SOEXT}
@@ -774,6 +758,7 @@
 lib/samba/vfs/shadow_copy.${SOEXT}
 lib/samba/vfs/shadow_copy2.${SOEXT}
 lib/samba/vfs/shell_snap.${SOEXT}
+lib/samba/vfs/snapper.${SOEXT}
 lib/samba/vfs/streams_depot.${SOEXT}
 lib/samba/vfs/streams_xattr.${SOEXT}
 lib/samba/vfs/syncops.${SOEXT}
@@ -793,7 +778,6 @@
 man/man1/nmblookup.1
 man/man1/ntlm_auth.1
 man/man1/oLschema2ldif.1
-man/man1/pidl.1
 man/man1/profiles.1
 man/man1/regdiff.1
 man/man1/regpatch.1
@@ -813,11 +797,6 @@
 man/man1/testparm.1
 man/man1/vfstest.1
 man/man1/wbinfo.1
-man/man3/Parse::Pidl::Dump.3
-man/man3/Parse::Pidl::NDR.3
-man/man3/Parse::Pidl::Util.3
-man/man3/Parse::Pidl::Wireshark::Conformance.3
-man/man3/Parse::Pidl::Wireshark::NDR.3
 man/man5/lmhosts.5
 man/man5/pam_winbind.conf.5
 man/man5/smbgetrc.5
@@ -846,6 +825,7 @@
 man/man8/samba-regedit.8
 man/man8/samba-tool.8
 man/man8/samba.8
+man/man8/samba_downgrade_db.8
 man/man8/smbd.8
 man/man8/smbpasswd.8
 man/man8/smbspool.8
@@ -865,7 +845,6 @@
 man/man8/vfs_fake_perms.8
 man/man8/vfs_fruit.8
 man/man8/vfs_full_audit.8
-man/man8/vfs_glusterfs_fuse.8
 man/man8/vfs_linux_xfs_sgid.8
 man/man8/vfs_media_harmony.8
 man/man8/vfs_netatalk.8
@@ -877,6 +856,7 @@
 man/man8/vfs_shadow_copy.8
 man/man8/vfs_shadow_copy2.8
 man/man8/vfs_shell_snap.8
+man/man8/vfs_snapper.8
 man/man8/vfs_streams_depot.8
 man/man8/vfs_streams_xattr.8
 man/man8/vfs_syncops.8
@@ -892,6 +872,7 @@
 sbin/samba
 sbin/samba-gpupdate
 sbin/samba_dnsupdate
+sbin/samba_downgrade_db
 sbin/samba_kcc
 sbin/samba_spnupdate
 sbin/samba_upgradedns
@@ -912,6 +893,7 @@
 share/doc/samba/WindowsTerminalServer.reg
 share/examples/samba/adduser.sh
 share/examples/samba/deluser.sh
+@pkgdir share/examples/samba/pam_smbpass
 share/examples/samba/samba.schema
 share/examples/samba/smb.conf.default
 share/samba/setup/DB_CONFIG
@@ -1020,6 +1002,3 @@
 share/samba/setup/slapd.conf
 share/samba/setup/spn_update_list
 share/samba/setup/ypServ30.ldif
-@pkgdir share/examples/samba/pam_smbpass
-@pkgdir etc/samba



Home | Main Index | Thread Index | Old Index