![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / samba4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.180 / (download) - annotate - [select for diffs], Mon Apr 15 07:16:38 2024 UTC (2 days, 23 hours ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.179: +2 -2
lines
Diff to previous 1.179 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.20.0
Samba 4.20.0
NEW FEATURES/CHANGES
====================
New Minimum MIT Krb5 version for Samba AD Domain Controller
-----------------------------------------------------------
Samba now requires MIT 1.21 when built against a system MIT Krb5 and
acting as an Active Directory DC. This addresses the issues that were
fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures that
Samba builds against the MIT version that allows us to avoid that
attack.
Removed dependency on Perl JSON module
--------------------------------------
Distributions are advised that the Perl JSON package is no longer
required by Samba builds that use the imported Heimdal. The build
instead uses Perl's JSON::PP built into recent perl5 versions.
Current lists of packages required by Samba for major distributions
are found in the bootstrap/generated-dists/ directory of a Samba
source tree. While there will be some differences - due to features
chosen by packagers - comparing these lists with the build dependencies
in a package may locate other dependencies we no longer require.
samba-tool user getpassword / syncpasswords ;rounds= change
-----------------------------------------------------------
The password access tool "samba-tool user getpassword" and the
password sync tool "samba-tool user syncpasswords" allow attributes to
be chosen for output, and accept parameters like
pwdLastSet;format=GeneralizedTime
These attributes then appear, in the same format, as the attributes in
the LDIF output. This was not the case for the ;rounds= parameter of
virtualCryptSHA256 and virtualCryptSHA512, for example as
--attributes="virtualCryptSHA256;rounds=50000"
This release makes the behaviour consistent between these two
features. Installations using GPG-encrypted passwords (or plaintext
storage) and the rounds= option, will find the output has changed
from:
virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
to:
virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
Group Managed service account client-side features
--------------------------------------------------
samba-tool has been extended to provide client-side support for Group
Managed Service accounts. These accounts have passwords that change
automatically, giving the advantages of service isolation without risk
of poor, unchanging passwords.
Where possible, Samba's existing samba-tool password handling
commands, which in the past have only operated against the local
sam.ldb have been extended to permit operation against a remote server
with authenticated access to "-H ldap://$DCNAME"
Supported operations include:
- reading the current and previous gMSA password via
"samba-tool user getpassword"
- writing a Kerberos Ticket Granting Ticket (TGT) to a local
credentials cache with a new command
"samba-tool user get-kerberos-ticket"
New Windows Search Protocol Client
----------------------------------
Samba now by default builds new experimental Windows Search Protocol (WSP)
command line client "wspsearch"
The "wspsearch" cmd-line utility allows a WSP search request to be sent
to a server (such as a windows server) that has the (WSP)
Windows Search Protocol service configured and enabled.
For more details see the wspsearch man page.
Allow 'smbcacls' to save/restore DACLs to file
--------------------------------------------
'smbcacls' has been extended to allow DACLs to be saved and restored
to/from a file. This feature mimics the functionality that windows cmd
line tool 'icacls.exe' provides. Additionally files created either
by 'smbcalcs' or 'icacls.exe' are interchangeable and can be used by
either tool as the same file format is used.
New options added are:
- '--save savefile' Saves DACLs in sddl format to file
- '--recurse' Performs the '--save' operation above on directory
and all files/directories below.
- '--restore savefile' Restores the stored DACLS to files in directory
Samba-tool extensions for AD Claims, Authentication Policies and Silos
----------------------------------------------------------------------
samba-tool now allows users to be associated with claims. In the
Samba AD DC, claims derive from Active Directory attributes mapped
into specific names. These claims can be used in rules, which are
conditional ACEs in a security descriptor, that decide if a user is
restricted by an authentication policy.
samba-tool also allows the creation and management of authentication
policies, which are rules about where a user may authenticate from,
if NTLM is permitted, and what services a user may authenticate to.
Finally, support is added for the creation and management of
authentication silos, which are helpful in defining network boundaries
by grouping users and the services they connect to.
Please note: The command line syntax for these tools is not final, and
may change before the next release, as we gain user feedback. The
syntax will be locked in once Samba offers 2016 AD Functional Level as
a default.
AD DC support for Authentication Silos and Authentication Policies
------------------------------------------------------------------
The Samba AD DC now also honours any existing claims, authentication
policy and authentication silo configuration previously created (eg
from an import of a Microsoft AD), as well as new configurations
created with samba-tool. The use of Microsoft's Powershell based
client tools is not expected to work.
To use this feature, the functional level must be set to 2012_R2 or
later with:
ad dc functional level = 2016
in the smb.conf.
The smb.conf file on each DC must have 'ad dc functional level = 2016'
set to have the partially complete feature available. This will also,
at first startup, update the server's own AD entry with the configured
functional level.
For new domains, add these parameters to 'samba-tool provision'
--option="ad dc functional level = 2016" --function-level=2016
The second option, setting the overall domain functional level
indicates that all DCs should be at this functional level.
To raise the domain functional level of an existing domain, after
updating the smb.conf and restarting Samba run
samba-tool domain schemaupgrade --schema=2019
samba-tool domain functionalprep --function-level=2016
samba-tool domain level raise --domain-level=2016 --forest-level=2016
This support is still new, so is not enabled by default in this
release. The above instructions are set at 2016, which while not
complete, matches what our testing environment validates.
Conditional ACEs and Resource Attribute ACEs
--------------------------------------------
Ordinary Access Control Entries (ACEs) unconditionally allow or deny
access to a given user or group. Conditional ACEs have an additional
section that describes conditions under which the ACE applies. If the
conditional expression is true, the ACE works like an ordinary ACE,
otherwise it is ignored. The condition terms can refer to claims,
group memberships, and attributes on the object itself. These
attributes are described in Resource Attribute ACEs that occur in the
object's System Access Control List (SACL). Conditional ACEs are
described in Microsoft documentation.
Conditional ACE evaluation is controlled by the "acl claims
evaluation" smb.conf option. The default value is "AD DC only" which
enables them in AD DC settings. The other option is "never", which
disables them altogether. There is currently no option to enable them
on the file server (this is likely to change in future releases).
The Security Descriptor Definition Language has extensions for
conditional ACEs and resource attribute ACEs; these are now supported
by Samba.
Service Witness Protocol [MS-SWN]
---------------------------------
In a ctdb cluster it is now possible to provide
the SMB witness service that allows clients to
monitor their current smb connection to cluster
node A by asking cluster node B to notify the
client if the ip address from node A or the
whole node A becomes unavailable.
For disk shares in a ctdb cluster
SMB2_SHARE_CAP_SCALEOUT is now always returned
for SMB3 tree connect responses.
If the witness service is active
SMB2_SHARE_CAP_CLUSTER is now also returned.
In order to activate the witness service
"rpc start on demand helpers = no" needs to
be configured in the global section.
At the same time the 'samba-dcerpcd' service
needs to be started explicitly, typically
with the '--libexec-rpcds' option in order
to make all available services usable.
One important aspect is that tcp ports
135 (for the endpoint mapper) and various
ports in the 'rpc server dynamic port range'
will be used to provide the witness service
(rpcd_witness).
ctdb provides a '47.samba-dcerpcd.script' in order
to manage the samba-dcerpcd.service.
Typically as systemd service, but that's up
to the packager and/or admin.
Please note that current windows client
requires SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY
in addition to SMB2_SHARE_CAP_CLUSTER in order
to make use of the witness service.
But SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY implies
the windows clients always ask for persistent handle
(which are not implemented in samba yet), so
that every open generates a warning in the
windows smb client event log.
That's why SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY
is not returned by default.
An explicit 'smb3 share cap:CONTINUOUS AVAILABILITY = yes'
is needed.
There are also new 'net witness' commands in order
to let the admin list active client registrations
or ask specific clients to move their smb connection
to another cluster node. These are available:
net witness list
net witness client-move
net witness share-move
net witness force-unregister
net witness force-response
Consult 'man net' or 'net witness help' for further details.
Revision 1.179 / (download) - annotate - [select for diffs], Tue Feb 20 05:21:35 2024 UTC (8 weeks, 2 days ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1
Changes since 1.178: +2 -2
lines
Diff to previous 1.178 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.19.5 Changes since 4.19.4 -------------------- * BUG 13688: Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot. * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before that). * BUG 12421: Fake directory create times has no effect. * BUG 15550: ctime mixed up with mtime by smbd. * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site. * BUG 15557: gpupdate: The root cert import when NDES is not available is broken. * BUG 15552: samba-gpupdate should print a useful message if cepces-submit can't be found. * BUG 15558: samba-gpupdate logging doesn't work. * BUG 15555: smbpasswd reset permissions only if not 0600.
Revision 1.178 / (download) - annotate - [select for diffs], Wed Jan 10 08:39:30 2024 UTC (3 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.177: +2 -2
lines
Diff to previous 1.177 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.19.4 Changes since 4.19.3 * BUG 13577: net changesecretpw cannot set the machine account password if secrets.tdb is empty. * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES. * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c. * BUG 15542: vfs_linux_xfs is incorrectly named. * BUG 15377: systemd stumbled over copyright-message at smbd startup. * BUG 15505: Following intermediate abolute share-local symlinks is broken. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15544: shadow_copy2 broken when current fileset's directories are removed. * BUG 15377: systemd stumbled over copyright-message at smbd startup. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel exclusion. * BUG 15469: 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set. * BUG 15525: smbget debug logging doesn't work. * BUG 15532: smget: username in the smburl and interactive password entry doesn't work. * BUG 15538: smbget auth function doesn't set values for password prompt correctly. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15440: Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module. * BUG 15547: Multichannel refresh network information.
Revision 1.169.2.2 / (download) - annotate - [select for diffs], Sat Dec 9 21:54:35 2023 UTC (4 months, 1 week ago) by bsiegert
Branch: pkgsrc-2023Q3
Changes since 1.169.2.1: +2 -2
lines
Diff to previous 1.169.2.1 (colored) to branchpoint 1.169 (colored) next main 1.170 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6825 - requested by taca net/samba4: security fix Update to 4.18.9 (via patch)
Revision 1.177 / (download) - annotate - [select for diffs], Mon Nov 27 17:08:25 2023 UTC (4 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base,
pkgsrc-2023Q4
Changes since 1.176: +2 -2
lines
Diff to previous 1.176 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.19.3
Release Notes for Samba 4.19.3
This is the latest stable release of the Samba 4.19 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Description of CVE-2018-14628
-----------------------------
All versions of Samba from 4.0.0 onwards are vulnerable to an
information leak (compared with the established behaviour of
Microsoft's Active Directory) when Samba is an Active Directory Domain
Controller.
When a domain was provisioned with an unpatched Samba version,
the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
instead of being very strict (as on a Windows provisioned domain).
This means also non privileged users can use the
LDAP_SERVER_SHOW_DELETED_OID control in order to view,
the names and preserved attributes of deleted objects.
No information that was hidden before the deletion is visible, but in
with the correct ntSecurityDescriptor value in place the whole object
is also not visible without administrative rights.
There is no further vulnerability associated with this error, merely an
information disclosure.
Action required in order to resolve CVE-2018-14628!
---------------------------------------------------
The patched Samba does NOT protect existing domains!
The administrator needs to run the following command
(on only one domain controller)
in order to apply the protection to an existing domain:
samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
The above requires manual interaction in order to review the
changes before they are applied. Typicall question look like this:
Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
Owner mismatch: SY (in ref) DA(in current)
Group mismatch: SY (in ref) DA(in current)
Part dacl is different between reference and current here is the detail:
(A;;LCRPLORC;;;AU) ACE is not present in the reference
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
(A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
(A;;LCRP;;;BA) ACE is not present in the current
[y/N/all/none] y
Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
The change should be confirmed with 'y' for all objects starting with
'CN=Deleted Objects'.
Changes since 4.19.2
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15520: sid_strings test broken by unix epoch > 1700000000.
o Ralph Boehme <slow@samba.org>
* BUG 15487: smbd crashes if asked to return full information on close of a
stream handle with delete on close disposition set.
* BUG 15521: smbd: fix close order of base_fsp and stream_fsp in
smb_fname_fsp_destructor().
o Pavel Filipensk <pfilipensky@samba.org>
* BUG 15499: Improve logging for failover scenarios.
o Björn Jacke <bj@sernet.de>
* BUG 15093: Files without "read attributes" NFS4 ACL permission are not
listed in directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in
AD LDAP to normal users.
* BUG 15492: Kerberos TGS-REQ with User2User does not work for normal
accounts.
o Christof Schmitt <cs@samba.org>
* BUG 15507: vfs_gpfs stat calls fail due to file system permissions.
o Andreas Schneider <asn@samba.org>
* BUG 15513: Samba doesn't build with Python 3.12.
Revision 1.176 / (download) - annotate - [select for diffs], Wed Nov 15 18:54:43 2023 UTC (5 months ago) by wiz
Branch: MAIN
Changes since 1.175: +4 -4
lines
Diff to previous 1.175 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.19.2. This is the first stable release of the Samba 4.19 release series.
Revision 1.175 / (download) - annotate - [select for diffs], Wed Nov 8 13:20:35 2023 UTC (5 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.174: +2 -2
lines
Diff to previous 1.174 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for icu 74.1
Revision 1.174 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:33 2023 UTC (5 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.173: +2 -2
lines
Diff to previous 1.173 (colored) to selected 1.16.2.1 (colored)
*: bump for openssl 3
Revision 1.173 / (download) - annotate - [select for diffs], Mon Oct 23 06:37:50 2023 UTC (5 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.172: +3 -3
lines
Diff to previous 1.172 (colored) to selected 1.16.2.1 (colored)
*: update for Python base package change Instead of depending on one of the removed packages (that are now included in the base Python packages), include batteries-included.mk to require a Python version that supplies them. Remove now included packages. Bump PKGREVISION.
Revision 1.172 / (download) - annotate - [select for diffs], Sat Oct 21 17:11:13 2023 UTC (5 months, 3 weeks ago) by gdt
Branch: MAIN
Changes since 1.171: +2 -1
lines
Diff to previous 1.171 (colored) to selected 1.16.2.1 (colored)
recursive revbump for tiff update
Revision 1.169.2.1 / (download) - annotate - [select for diffs], Thu Oct 12 15:59:15 2023 UTC (6 months ago) by bsiegert
Branch: pkgsrc-2023Q3
Changes since 1.169: +3 -3
lines
Diff to previous 1.169 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6808 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.170-1.171
- net/samba4/PLIST 1.52
- net/samba4/distinfo 1.97-1.98
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Sep 27 12:02:48 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.18.7
==============================
Release Notes for Samba 4.18.7
September 27, 2023
==============================
This is the latest stable release of the Samba 4.18 release series.
Changes since 4.18.6
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15419: Weird filename can cause assert to fail in
openat_pathref_fsp_nosymlink().
* BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
* BUG 15407: Samba replication logs show (null) DN.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Remi Collet <rcollet@redhat.com>
* BUG 14808: smbc_getxattr() return value is incorrect.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o MikeLiu <mikeliu@qnap.com>
* BUG 15453: File doesn't show when user doesn't have permission if
aio_pthread is loaded.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
empty claims pac blobs (from Samba 4.19 or Windows).
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Oct 10 16:05:01 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
net/samba4: update to 4.18.8
==============================
Release Notes for Samba 4.18.8
October 10, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
Revision 1.171 / (download) - annotate - [select for diffs], Tue Oct 10 16:05:01 2023 UTC (6 months, 1 week ago) by taca
Branch: MAIN
Changes since 1.170: +2 -2
lines
Diff to previous 1.170 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.18.8
==============================
Release Notes for Samba 4.18.8
October 10, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
Revision 1.170 / (download) - annotate - [select for diffs], Wed Sep 27 12:02:48 2023 UTC (6 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.169: +3 -3
lines
Diff to previous 1.169 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.18.7
==============================
Release Notes for Samba 4.18.7
September 27, 2023
==============================
This is the latest stable release of the Samba 4.18 release series.
Changes since 4.18.6
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15419: Weird filename can cause assert to fail in
openat_pathref_fsp_nosymlink().
* BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
* BUG 15407: Samba replication logs show (null) DN.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Remi Collet <rcollet@redhat.com>
* BUG 14808: smbc_getxattr() return value is incorrect.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o MikeLiu <mikeliu@qnap.com>
* BUG 15453: File doesn't show when user doesn't have permission if
aio_pthread is loaded.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
empty claims pac blobs (from Samba 4.19 or Windows).
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
Revision 1.169 / (download) - annotate - [select for diffs], Tue Aug 29 14:50:41 2023 UTC (7 months, 2 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base
Branch point for: pkgsrc-2023Q3
Changes since 1.168: +2 -3
lines
Diff to previous 1.168 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.18.5
Changes since 4.18.5
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
pointer.
* BUG 15430: Missing return in reply_exit_done().
o Andrew Bartlett <abartlet@samba.org>
* BUG 15289: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Ralph Boehme <slow@samba.org>
* BUG 15342: Spotlight sometimes returns no results on latest macOS.
* BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
attempted to remove the destination.
* BUG 15427: Spotlight results return wrong date in result list.
o Günther Deschner <gd@samba.org>
* BUG 15414: "net offlinejoin provision" does not work as non-root user.
o Pavel Filipenský <pfilipensky@samba.org>
* BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
* BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
o Stefan Metzmacher <metze@samba.org>
* BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
bad message_id 2.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
o Noel Power <noel.power@suse.com>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15435: Regression DFS not working with widelinks = true.
o Arvid Requate <requate@univention.de>
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Jones Syue <jonessyue@qnap.com>
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
Revision 1.165.2.1 / (download) - annotate - [select for diffs], Tue Aug 15 18:21:21 2023 UTC (8 months ago) by bsiegert
Branch: pkgsrc-2023Q2
Changes since 1.165: +2 -2
lines
Diff to previous 1.165 (colored) next main 1.166 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6782 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.166-1.167
- net/samba4/distinfo 1.94-1.95
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jul 19 15:33:28 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba: update to 4.18.4.
Changes since 4.18.3
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15404: Backport --pidl-developer fixes.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14030: Named crashes on DLZ zone update.
o Björn Jacke <bj@sernet.de>
* BUG 2312: smbcacls and smbcquotas do not check // before the server.
o Volker Lendecke <vl@samba.org>
* BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
* BUG 15391: smbclient leaks fds with showacls.
* BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
o Stefan Metzmacher <metze@samba.org>
* BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
causes test timeouts.
o Noel Power <noel.power@suse.com>
* BUG 15384: net ads lookup (with unspecified realm) fails.
o Christof Schmitt <cs@samba.org>
* BUG 15381: Register Samba processes with GPFS.
o Andreas Schneider <asn@samba.org>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15398: The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`.
o Jones Syue <jonessyue@qnap.com>
* BUG 15383: Remove comments about deprecated 'write cache size'.
* BUG 15403: smbget memory leak if failed to download files recursively.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 20 01:28:34 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.18.5
==============================
Release Notes for Samba 4.18.5
July 19, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
Changes since 4.18.4
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15072: CVE-2022-2127.
* BUG 15340: CVE-2023-34966.
* BUG 15341: CVE-2023-34967.
* BUG 15388: CVE-2023-34968.
* BUG 15397: CVE-2023-3347.
o Volker Lendecke <vl@samba.org>
* BUG 15072: CVE-2022-2127.
o Stefan Metzmacher <metze@samba.org>
* BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
Revision 1.168 / (download) - annotate - [select for diffs], Mon Aug 14 05:25:03 2023 UTC (8 months ago) by wiz
Branch: MAIN
Changes since 1.167: +2 -1
lines
Diff to previous 1.167 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for Python 3.11 as new default
Revision 1.167 / (download) - annotate - [select for diffs], Thu Jul 20 01:28:34 2023 UTC (8 months, 4 weeks ago) by taca
Branch: MAIN
Changes since 1.166: +2 -2
lines
Diff to previous 1.166 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.18.5
==============================
Release Notes for Samba 4.18.5
July 19, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
Changes since 4.18.4
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15072: CVE-2022-2127.
* BUG 15340: CVE-2023-34966.
* BUG 15341: CVE-2023-34967.
* BUG 15388: CVE-2023-34968.
* BUG 15397: CVE-2023-3347.
o Volker Lendecke <vl@samba.org>
* BUG 15072: CVE-2022-2127.
o Stefan Metzmacher <metze@samba.org>
* BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
Revision 1.166 / (download) - annotate - [select for diffs], Wed Jul 19 15:33:27 2023 UTC (8 months, 4 weeks ago) by wiz
Branch: MAIN
Changes since 1.165: +2 -2
lines
Diff to previous 1.165 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.18.4.
Changes since 4.18.3
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15404: Backport --pidl-developer fixes.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14030: Named crashes on DLZ zone update.
o Björn Jacke <bj@sernet.de>
* BUG 2312: smbcacls and smbcquotas do not check // before the server.
o Volker Lendecke <vl@samba.org>
* BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
* BUG 15391: smbclient leaks fds with showacls.
* BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
o Stefan Metzmacher <metze@samba.org>
* BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
causes test timeouts.
o Noel Power <noel.power@suse.com>
* BUG 15384: net ads lookup (with unspecified realm) fails.
o Christof Schmitt <cs@samba.org>
* BUG 15381: Register Samba processes with GPFS.
o Andreas Schneider <asn@samba.org>
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15398: The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`.
o Jones Syue <jonessyue@qnap.com>
* BUG 15383: Remove comments about deprecated 'write cache size'.
* BUG 15403: smbget memory leak if failed to download files recursively.
Revision 1.165 / (download) - annotate - [select for diffs], Fri Jun 16 21:40:12 2023 UTC (10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base
Branch point for: pkgsrc-2023Q2
Changes since 1.164: +2 -2
lines
Diff to previous 1.164 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.18.3.
Changes since 4.18.2
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15375: Symlinks to files can have random DOS mode information in a
directory listing.
* BUG 15378: vfs_fruit might cause a failing open for delete.
o Volker Lendecke <vl@samba.org>
* BUG 15361: winbind recurses into itself via rpcd_lsad.
* BUG 15366: wbinfo -u fails on ad dc with >1000 users.
o Stefan Metzmacher <metze@samba.org>
* BUG 15338: DS ACEs might be inherited to unrelated object classes.
* BUG 15362: a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
* BUG 15374: aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse().
o Andreas Schneider <asn@samba.org>
* BUG 15360: Setting veto files = /.*/ break listing directories.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15363: "samba-tool domain provision" does not run interactive mode if
no arguments are given.
o Nathaniel W. Turner <nturner@exagrid.com>
* BUG 15325: dsgetdcname: assumes local system uses IPv4.
Revision 1.164 / (download) - annotate - [select for diffs], Tue Jun 6 12:42:09 2023 UTC (10 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.163: +4 -4
lines
Diff to previous 1.163 (colored) to selected 1.16.2.1 (colored)
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/. Almost all uses, if not all of them, are wrong, according to the semantics of BUILD_DEPENDS (packages built for target available for use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for host available for use _as_ tools at build-time). No change to BUILD_DEPENDS as used correctly inside buildlink3. As proposed on tech-pkg: https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
Revision 1.163 / (download) - annotate - [select for diffs], Sat Apr 29 08:01:06 2023 UTC (11 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.162: +3 -4
lines
Diff to previous 1.162 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.18.2.
4.18.2
Changes since 4.18.1
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15302: Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower.
* BUG 15306: Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on
Rackspace GitLab runners.
* BUG 15329: Reduce flapping of ridalloc test.
* BUG 15351: large_ldap test is unreliable.
o Ralph Boehme <slow@samba.org>
* BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
* BUG 15354: mdssvc may crash when initializing.
o Volker Lendecke <vl@samba.org>
* BUG 15313: large directory optimization broken for non-lcomp path elements.
* BUG 15357: streams_depot fails to create streams.
* BUG 15358: shadow_copy2 and streams_depot don't play well together.
o Rob van der Linde <rob@catalyst.net.nz>
* BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
o Stefan Metzmacher <metze@samba.org>
* BUG 15317: winbindd idmap child contacts the domain controller without a
need.
* BUG 15318: idmap_autorid may fail to map sids of trusted domains for the
first time.
* BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
* BUG 15323: net ads search -P doesn't work against servers in other domains.
* BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
* BUG 15343: Tests use depricated and removed methods like
assertRegexpMatches.
4.18.1
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Changes since 4.18.0
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15276: CVE-2023-0225.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15270: CVE-2023-0614.
* BUG 15331: ldb wildcard matching makes excessive allocations.
* BUG 15332: large_ldap test is inefficient.
o Rob van der Linde <rob@catalyst.net.nz>
* BUG 15315: CVE-2023-0922.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15270: CVE-2023-0614.
* BUG 15276: CVE-2023-0225.
4.18.0
This is the first stable release of the Samba 4.18 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
SMB Server performance improvements
-----------------------------------
The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for metadata heavy workloads.
While 4.17 already improved the situation quite a lot,
with 4.18 the locking overhead for contended path based operations
is reduced by an additional factor of ~ 3 compared to 4.17.
It means the throughput of open/close
operations reached the level of 4.12 again.
More succinct samba-tool error messages
---------------------------------------
Historically samba-tool has reported user error or misconfiguration by
means of a Python traceback, showing you where in its code it noticed
something was wrong, but not always exactly what is amiss. Now it
tries harder to identify the true cause and restrict its output to
describing that. Particular cases include:
* a username or password is incorrect
* an ldb database filename is wrong (including in smb.conf)
* samba-tool dns: various zones or records do not exist
* samba-tool ntacl: certain files are missing
* the network seems to be down
* bad --realm or --debug arguments
Accessing the old samba-tool messages
-------------------------------------
This is not new, but users are reminded they can get the full Python
stack trace, along with other noise, by using the argument '-d3'.
This may be useful when searching the web.
The intention is that when samba-tool encounters an unrecognised
problem (especially a bug), it will still output a Python traceback.
If you encounter a problem that has been incorrectly identified by
samba-tool, please report it on https://bugzilla.samba.org.
Colour output with samba-tool --color
-------------------------------------
For some time a few samba-tool commands have had a --color=yes|no|auto
option, which determines whether the command outputs ANSI colour
codes. Now all samba-tool commands support this option, which now also
accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
and 'tty' and 'if-tty' for 'auto' (this more closely matches
convention). With --color=auto, or when --color is omitted, colour
codes are only used when output is directed to a terminal.
Most commands have very little colour in any case. For those that
already used it, the defaults have changed slightly.
* samba-tool drs showrepl: default is now 'auto', not 'no'
* samba-tool visualize: the interactions between --color-scheme,
--color, and --output have changed slightly. When --color-scheme is
set it overrides --color for the purpose of the output diagram, but
not for other output like error messages.
New samba-tool dsacl subcommand for deleting ACES
-------------------------------------------------
The samba-tool dsacl tool can now delete entries in directory access
control lists. The interface for 'samba-tool dsacl delete' is similar
to that of 'samba-tool dsacl set', with the difference being that the
ACEs described by the --sddl argument are deleted rather than added.
No colour with NO_COLOR environment variable
--------------------------------------------
With both samba-tool --color=auto (see above) and some other places
where we use ANSI colour codes, the NO_COLOR environment variable will
disable colour output. See https://no-color.org/ for a description of
this variable. `samba-tool --color=always` will use colour regardless
of NO_COLOR.
New wbinfo option --change-secret-at
------------------------------------
The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
which forces the trust account password to be changed at a specified domain
controller. If the specified domain controller cannot be contacted the
password change fails rather than trying other DCs.
New option to change the NT ACL default location
------------------------------------------------
Usually the NT ACLs are stored in the security.NTACL extended
attribute (xattr) of files and directories. The new
"acl_xattr:security_acl_name" option allows to redefine the default
location. The default "security.NTACL" is a protected location, which
means the content of the security.NTACL attribute is not accessible
from normal users outside of Samba. When this option is set to use a
user-defined value, e.g. user.NTACL then any user can potentially
access and overwrite this information. The module prevents access to
this xattr over SMB, but the xattr may still be accessed by other
means (eg local access, SSH, NFS). This option must only be used when
this consequence is clearly understood and when specific precautions
are taken to avoid compromising the ACL content.
Azure Active Directory / Office365 synchronisation improvements
--------------------------------------------------------------
Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.
REMOVED FEATURES
================
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
acl_xattr:security_acl_name New security.NTACL
server addresses New
CHANGES SINCE 4.18.0rc4
=======================
o Jeremy Allison <jra@samba.org>
* BUG 15314: streams_xattr is creating unexpected locks on folders.
o Volker Lendecke <vl@samba.org>
* BUG 15310: New samba-dcerpc architecture does not scale gracefully.
CHANGES SINCE 4.18.0rc3
=======================
o Andreas Schneider <asn@samba.org>
* BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
failure.
o baixiangcpp <baixiangcpp@gmail.com>
* BUG 15311: fd_load() function implicitly closes the fd where it should not.
CHANGES SINCE 4.18.0rc2
=======================
o Jeremy Allison <jra@samba.org>
* BUG 15301: Improve file_modtime() and issues around smb3 unix test.
o Ralph Boehme <slow@samba.org>
* BUG 15299: Spotlight doesn't work with latest macOS Ventura.
o Stefan Metzmacher <metze@samba.org>
* BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
(tevent 0.14.1 and ldb 2.7.1 are already released...)
o John Mulligan <jmulligan@redhat.com>
* BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
fsp_get_pathref_fd() in close and fstat.
o Andreas Schneider <asn@samba.org>
* BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
* BUG 15301: Improve file_modtime() and issues around smb3 unix test.
CHANGES SINCE 4.18.0rc1
=======================
o Andrew Bartlett <abartlet@samba.org>
* BUG 10635: Office365 azure Password Sync not working.
o Stefan Metzmacher <metze@samba.org>
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Noel Power <noel.power@suse.com>
* BUG 15293: With clustering enabled samba-bgqd can core dump due to use
after free.
Revision 1.162 / (download) - annotate - [select for diffs], Wed Apr 19 08:08:38 2023 UTC (11 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.161: +2 -1
lines
Diff to previous 1.161 (colored) to selected 1.16.2.1 (colored)
revbump after textproc/icu update
Revision 1.160.2.1 / (download) - annotate - [select for diffs], Sat Apr 1 18:55:38 2023 UTC (12 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2023Q1
Changes since 1.160: +3 -3
lines
Diff to previous 1.160 (colored) next main 1.161 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6744 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.161
- net/samba4/distinfo 1.91
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 1 08:49:05 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.7
==============================
Release Notes for Samba 4.17.7
March 29, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Revision 1.161 / (download) - annotate - [select for diffs], Sat Apr 1 08:49:05 2023 UTC (12 months, 2 weeks ago) by taca
Branch: MAIN
Changes since 1.160: +3 -3
lines
Diff to previous 1.160 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.17.7
==============================
Release Notes for Samba 4.17.7
March 29, 2023
==============================
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Revision 1.160 / (download) - annotate - [select for diffs], Fri Mar 17 14:01:50 2023 UTC (13 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base
Branch point for: pkgsrc-2023Q1
Changes since 1.159: +2 -2
lines
Diff to previous 1.159 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.17.6
==============================
Release Notes for Samba 4.17.6
March 09, 2023
==============================
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.5
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15314: streams_xattr is creating unexpected locks on folders.
o Andrew Bartlett <abartlet@samba.org>
* BUG 10635: Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.
o Ralph Boehme <slow@samba.org>
* BUG 15299: Spotlight doesn't work with latest macOS Ventura.
o Volker Lendecke <vl@samba.org>
* BUG 15310: New samba-dcerpc architecture does not scale gracefully.
o John Mulligan <jmulligan@redhat.com>
* BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
fsp_get_pathref_fd() in close and fstat.
o Noel Power <noel.power@suse.com>
* BUG 15293: With clustering enabled samba-bgqd can core dump due to use
after free.
o baixiangcpp <baixiangcpp@gmail.com>
* BUG 15311: fd_load() function implicitly closes the fd where it should not.
Revision 1.154.2.1 / (download) - annotate - [select for diffs], Sun Feb 12 19:23:21 2023 UTC (14 months ago) by spz
Branch: pkgsrc-2022Q4
Changes since 1.154: +4 -2
lines
Diff to previous 1.154 (colored) next main 1.155 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6728 - requested by taca
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.155,1.157-1.159
- net/samba4/PLIST 1.49-1.50
- net/samba4/distinfo 1.88-1.89
- net/samba4/options.mk 1.18
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 3 15:27:23 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo options.mk
Log Message:
samba: update to 4.17.4.
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.155 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.87 -r1.88 pkgsrc/net/samba4/distinfo
cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/samba4/options.mk
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tnn
Date: Tue Jan 10 02:12:40 UTC 2023
Modified Files:
pkgsrc/net/samba4: PLIST
Log Message:
samba4: fix PLIST error when option ads is off
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/samba4/PLIST
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: hauke
Date: Thu Jan 19 16:32:54 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Un-break FreeBSD build - it does not define ENODATA.
See also this thread
<https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 23 09:13:52 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
samba4: add upper bound for ldb and remove reference to non-existent file
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Jan 28 13:52:03 UTC 2023
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.17.5
===============
Release Notes for Samba 4.17.5
January 26, 2023
===============
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value).
o Samuel Cabrero <scabrero@samba.org>
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
o Volker Lendecke <vl@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
o Stefan Metzmacher <metze@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Andreas Schneider <asn@samba.org>
* BUG 15268: smbclient segfaults with use after free on an optimized build.
o Jones Syue <jonessyue@qnap.com>
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
o Andrew Walker <awalker@ixsystems.com>
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer.
o Florian Weimer <fweimer@redhat.com>
* BUG 15281: Avoid relying on C89 features in a few places.
To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.159 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/samba4/distinfo
Revision 1.159 / (download) - annotate - [select for diffs], Sat Jan 28 13:52:03 2023 UTC (14 months, 2 weeks ago) by taca
Branch: MAIN
Changes since 1.158: +2 -3
lines
Diff to previous 1.158 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.17.5
==============================
Release Notes for Samba 4.17.5
January 26, 2023
==============================
This is the latest stable release of the Samba 4.17 release series.
Changes since 4.17.4
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value).
o Samuel Cabrero <scabrero@samba.org>
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
based SChannel on NETLOGON (additional changes).
o Volker Lendecke <vl@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
o Stefan Metzmacher <metze@samba.org>
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
o Andreas Schneider <asn@samba.org>
* BUG 15268: smbclient segfaults with use after free on an optimized build.
o Jones Syue <jonessyue@qnap.com>
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
o Andrew Walker <awalker@ixsystems.com>
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer.
o Florian Weimer <fweimer@redhat.com>
* BUG 15281: Avoid relying on C89 features in a few places.
Revision 1.158 / (download) - annotate - [select for diffs], Mon Jan 23 09:13:52 2023 UTC (14 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.157: +2 -3
lines
Diff to previous 1.157 (colored) to selected 1.16.2.1 (colored)
samba4: add upper bound for ldb and remove reference to non-existent file
Revision 1.157 / (download) - annotate - [select for diffs], Thu Jan 19 16:32:54 2023 UTC (14 months, 4 weeks ago) by hauke
Branch: MAIN
Changes since 1.156: +4 -2
lines
Diff to previous 1.156 (colored) to selected 1.16.2.1 (colored)
Un-break FreeBSD build - it does not define ENODATA. See also this thread <https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.
Revision 1.156 / (download) - annotate - [select for diffs], Tue Jan 3 17:38:03 2023 UTC (15 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.155: +2 -1
lines
Diff to previous 1.155 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for tiff shlib major bump
Revision 1.155 / (download) - annotate - [select for diffs], Tue Jan 3 15:27:23 2023 UTC (15 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.154: +2 -2
lines
Diff to previous 1.154 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.17.4.
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
Revision 1.154 / (download) - annotate - [select for diffs], Fri Nov 25 10:21:14 2022 UTC (16 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base
Branch point for: pkgsrc-2022Q4
Changes since 1.153: +3 -4
lines
Diff to previous 1.153 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.17.3.
This is a security release in order to address the following defects:
o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
integer overflows when parsing a PAC on a 32-bit system, which
allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
Changes since 4.17.2
--------------------
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15203: CVE-2022-42898
o Nicolas Williams <nico@twosigma.com>
* BUG 15203: CVE-2022-42898
Revision 1.150.2.1 / (download) - annotate - [select for diffs], Sat Nov 5 17:58:53 2022 UTC (17 months, 1 week ago) by bsiegert
Branch: pkgsrc-2022Q3
Changes since 1.150: +2 -2
lines
Diff to previous 1.150 (colored) next main 1.151 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6694 - requested by taca
devel/samba4: security fix
via patch -- update to 4.16.6
---
Samba 4.16.6 fixes these security problems.
4.16.6 (2022-10-25)
This is a security release in order to address the following defect:
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
Changes since 4.16.5
---------------------
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15134: CVE-2022-3437.
Revision 1.153 / (download) - annotate - [select for diffs], Wed Oct 26 10:31:06 2022 UTC (17 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.152: +2 -1
lines
Diff to previous 1.152 (colored) to selected 1.16.2.1 (colored)
*: bump PKGREVISION for libunistring shlib major bump
Revision 1.152 / (download) - annotate - [select for diffs], Tue Oct 25 16:15:35 2022 UTC (17 months, 3 weeks ago) by taca
Branch: MAIN
Changes since 1.151: +4 -4
lines
Diff to previous 1.151 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.17.2
4.17.2 (2022/10-25)
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
o CVE-2022-3592: A malicious client can use a symlink to escape the exported
directory.
https://www.samba.org/samba/security/CVE-2022-3592.html
Changes since 4.17.1
--------------------
o Volker Lendecke <vl@samba.org>
* BUG 15207: CVE-2022-3592.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15134: CVE-2022-3437.
Revision 1.151 / (download) - annotate - [select for diffs], Tue Oct 25 07:46:11 2022 UTC (17 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.150: +3 -5
lines
Diff to previous 1.150 (colored) to selected 1.16.2.1 (colored)
samba: update to 4.17.1.
Changes since 4.17.0
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15174: smbXsrv_connection_shutdown_send result leaked.
* BUG 15182: Flush on a named stream never completes.
* BUG 15195: Permission denied calling SMBC_getatr when file not exists.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
* BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
o Ralph Boehme <slow@samba.org>
* BUG 15182: Flush on a named stream never completes.
o Volker Lendecke <vl@samba.org>
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
o Stefan Metzmacher <metze@samba.org>
* BUG 15200: multi-channel socket passing may hit a race if one of the
involved processes already existed.
* BUG 15201: memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others).
o Noel Power <noel.power@suse.com>
* BUG 15205: Since popt1.19 various use after free errors using result of
poptGetArg are now exposed.
o Anoop C S <anoopcs@samba.org>
* BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
==============================
Release Notes for Samba 4.17.0
September 13, 2022
==============================
This is the first stable release of the Samba 4.17 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
SMB Server performance improvements
-----------------------------------
The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for meta data heavy workloads.
With 4.17 the situation improved a lot again:
- Pathnames given by a client are devided into dirname and basename.
The amount of syscalls to validate dirnames is reduced to 2 syscalls
(openat, close) per component. On modern Linux kernels (>= 5.6) smbd
makes use of the openat2() syscall with RESOLVE_NO_SYMLINKS,
in order to just use 2 syscalls (openat2, close) for the whole dirname.
- Contended path based operations used to generate a lot of unsolicited
wakeup events causing thundering herd problems, which lead to masive
latencies for some clients. These events are now avoided in order
to provide stable latencies and much higher throughput of open/close
operations.
Configure without the SMB1 Server
---------------------------------
It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:
--with-smb1-server
--without-smb1-server
By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).
None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.
This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.
Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.
Bronze bit and S4U support now also with MIT Kerberos 1.20
----------------------------------------------------------
In 2020 Microsoft Security Response Team received another Kerberos-related
report. Eventually, that led to a security update of the CVE-2020-17049,
Kerberos KDC Security Feature Bypass Vulnerability, also known as a ϣronze
Bitãà With this vulnerability, a compromised service that is configured to use
Kerberos constrained delegation feature could tamper with a service ticket that
is not valid for delegation to force the KDC to accept it.
With the release of MIT Kerberos 1.20, Samba AD DC is able able to mitigate the
ãàÏ£ronze Bitãàattack. MIT Kerberos KDC's KDB (Kerberos Database Driver) API was
changed to allow passing more details between KDC and KDB components. When built
against MIT Kerberos, Samba AD DC supports MIT Kerberos 1.19 and 1.20 versions
but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20.
In addition to fixing the ãàÏ£ronze Bitãàissue, Samba AD DC now fully supports
S4U2Self and S4U2Proxy Kerberos extensions.
Note the default (Heimdal-based) KDC was already fixed in 2021,
see https://bugzilla.samba.org/show_bug.cgi?id=14642
Resource Based Constrained Delegation (RBCD) support
----------------------------------------------------
Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT
Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite.
samba-tool delegation got the 'add-principal' and 'del-principal' subcommands
in order to manage RBCD.
To complete RBCD support and make it useful to Administrators we added the
Asserted Identity [1] SID into the PAC for constrained delegation. This is
available for Samba AD compiled with MIT Kerberos 1.20.
Note the default (Heimdal-based) KDC does not support RBCD yet.
[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Customizable DNS listening port
-------------------------------
It is now possible to set a custom listening port for the builtin DNS service,
making easy to host another DNS on the same system that would bind to the
default port and forward the domain-specific queries to Samba using the custom
port. This is the opposite configuration of setting a forwarder in Samba.
It makes possible to use another DNS server as a front and forward to Samba.
Dynamic DNS updates may not be proxied by the front DNS server when forwarding
to Samba. Dynamic DNS update proxying depends on the features of the other DNS
server used as a front.
CTDB changes
------------
* When Samba is configured with both --with-cluster-support and
--systemd-install-services then a systemd service file for CTDB will
be installed.
* ctdbd_wrapper has been removed. ctdbd is now started directly from
a systemd service file or init script.
* The syntax for the ctdb.tunables configuration file has been
relaxed. However, trailing garbage after the value, including
comments, is no longer permitted. Please see ctdb-tunables(7) for
more details.
Operation without the (unsalted) NT password hash
-------------------------------------------------
When Samba is configured with 'nt hash store = never' then Samba will
no longer store the (unsalted) NT password hash for users in Active
Directory. (Trust accounts, like computers, domain controllers and
inter-domain trusts are not impacted).
In the next version of Samba the default for 'nt hash store' will
change from 'always' to 'auto', where it will follow (behave as 'nt
hash store = never' when 'ntlm auth = disabled' is set.
Security-focused deployments of Samba that have eliminated NTLM from
their networks will find setting 'ntlm auth = disabled' with 'nt hash
store = always' as a useful way to improve compliance with
best-practice guidance on password storage (which is to always use an
interated hash).
Note that when 'nt hash store = never' is set, then arcfour-hmac-md5
Kerberos keys will not be available for users who subsequently change
their password, as these keys derive their values from NT hashes. AES
keys are stored by default for all deployments of Samba with Domain
Functional Level 2008 or later, are supported by all modern clients,
and are much more secure.
Finally, also note that password history in Active Directory is stored
in nTPwdHistory using a series of NT hash values. Therefore the full
password history feature is not available in this mode.
To provide some protection against password re-use previous Kerberos
hash values (the current, old and older values are already stored) are
used, providing a history length of 3.
There is one small limitation of this workaround: Changing the
sAMAccountName, userAccountControl or userPrincipalName of an account
can cause the Kerberos password salt to change. This means that after
*both* an account rename and a password change, only the current
password will be recognised for password history purposes.
Python API for smbconf
----------------------
Samba's smbconf library provides a generic frontend to various
configuration backends (plain text file, registry) as a C library. A
new Python wrapper, importable as 'samba.smbconf' is available. An
additional module, 'samba.samba3.smbconf', is also available to enable
registry backend support. These libraries allow Python programs to
read, and optionally write, Samba configuration natively.
JSON support for smbstatus
--------------------------
It is now possible to print detailed information in JSON format in
the smbstatus program using the new option --json. The JSON output
covers all the existing text output including sessions, connections,
open files, byte-range locks, notifies and profile data with all
low-level information maintained by Samba in the respective databases.
Protected Users security group
------------------------------
Samba AD DC now includes support for the Protected Users security
group introduced in Windows Server 2012 R2. The feature reduces the
attack surface of user accounts by preventing the use of weak
encryption types. It also mitigates the effects of credential theft by
limiting credential lifetime and scope.
The protections are intended for user accounts only, and service or
computer accounts should not be added to the Protected Users
group. User accounts added to the group are granted the following
security protections:
* NTLM authentication is disabled.
* Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are
not issued to or accepted from affected principals. Tickets
encrypted with AES, and service tickets encrypted with RC4, are
not affected by this restriction.
* The lifetime of Kerberos TGTs is restricted to a maximum of four
hours.
* Kerberos constrained and unconstrained delegation is disabled.
If the Protected Users group is not already present in the domain, it
can be created with 'samba-tool group add'. The new '--special'
parameter must be specified, with 'Protected Users' as the name of the
group. An example command invocation is:
samba-tool group add 'Protected Users' --special
or against a remote server:
samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U Administrator
The Protected Users group is identified in the domain by its having a
RID of 525. Thus, it should only be created with samba-tool and the
'--special' parameter, as above, so that it has the required RID
to function correctly.
REMOVED FEATURES
================
LanMan Authentication and password storage removed from the AD DC
-----------------------------------------------------------------
The storage and authentication with LanMan passwords has been entirely
removed from the Samba AD DC, even when "lanman auth = yes" is set.
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
dns port New default 53
fruit:zero_file_id New default yes
nt hash store New parameter always
smb1 unix extensions Replaces "unix extensions"
volume serial number New parameter -1
winbind debug traceid New parameter no
Revision 1.150 / (download) - annotate - [select for diffs], Mon Sep 12 16:04:57 2022 UTC (19 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base
Branch point for: pkgsrc-2022Q3
Changes since 1.149: +2 -2
lines
Diff to previous 1.149 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.16.5 Changes since 4.16.4 -------------------- * BUG 15128: Possible use after free of connection_struct when iterating smbd_server_connection->connections. * BUG 15086: Spotlight RPC service returns wrong response when Spotlight is disabled on a share. * BUG 15126: acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr. * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1. * BUG 15161: assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197. * BUG 15148: Missing READ_LEASE break could cause data corruption. * BUG 15124: rpcclient can crash using setuserinfo(2). * BUG 15132: Samba fails to build with glibc 2.36 caused by including <sys/mount.h> in libreplace. * BUG 15152: SMB1 negotiation can fail to handle connection errors. * BUG 15078: samba-tool domain join segfault when joining a samba ad domain.
Revision 1.149 / (download) - annotate - [select for diffs], Tue Aug 30 17:47:50 2022 UTC (19 months, 2 weeks ago) by jperkin
Branch: MAIN
Changes since 1.148: +1 -13
lines
Diff to previous 1.148 (colored) to selected 1.16.2.1 (colored)
samba4: Various build fixes.
Revision 1.142.4.1 / (download) - annotate - [select for diffs], Sun Aug 28 08:13:40 2022 UTC (19 months, 3 weeks ago) by spz
Branch: pkgsrc-2022Q2
Changes since 1.142: +2 -3
lines
Diff to previous 1.142 (colored) next main 1.143 (colored) to selected 1.16.2.1 (colored)
Pullup tickets #6664 #6669 - requested by taca net/samba4: security update databases/ldb: dependency update Update net/samba4 to 4.15.9 from samba-4.15.6 by patch, since HEAD is on a later minor. Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it.
Revision 1.148 / (download) - annotate - [select for diffs], Tue Aug 9 17:56:09 2022 UTC (20 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.147: +14 -13
lines
Diff to previous 1.147 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.16.4
Release Notes for Samba 4.16.4
This is a security release in order to address the following defects:
o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
o CVE-2022-32744: Samba AD users can forge password change requests for any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
Revision 1.147 / (download) - annotate - [select for diffs], Fri Jul 29 20:33:38 2022 UTC (20 months, 2 weeks ago) by jperkin
Branch: MAIN
Changes since 1.146: +12 -2
lines
Diff to previous 1.146 (colored) to selected 1.16.2.1 (colored)
samba4: Add support for mit-krb5. The builtin heimdal no longer builds and it's unclear how it can possibly work as it uses functions that do not exist anywhere. Also fix some SunOS build issues. I'm not convinced this won't break builds that use heimdal but will keep an eye out for failures.
Revision 1.146 / (download) - annotate - [select for diffs], Wed Jul 27 08:23:04 2022 UTC (20 months, 3 weeks ago) by dogcow
Branch: MAIN
Changes since 1.145: +2 -2
lines
Diff to previous 1.145 (colored) to selected 1.16.2.1 (colored)
samba4 now requires ldb >= 2.5.1; no nb bump needed because it won't compile correctly without it
Revision 1.145 / (download) - annotate - [select for diffs], Thu Jul 21 09:35:19 2022 UTC (20 months, 4 weeks ago) by adam
Branch: MAIN
Changes since 1.144: +4 -4
lines
Diff to previous 1.144 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.16.3 Changes since 4.16.2 -------------------- * BUG 15099: Using vfs_streams_xattr and deleting a file causes a panic. * BUG 14986: Add support for bind 9.18. * BUG 15076: logging dsdb audit to specific files does not work. * BUG 14979: Problem when winbind renews Kerberos. * BUG 15095: Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode. * BUG 15105: Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL. * BUG 15118: Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(). * BUG 15100: smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS. * BUG 15120: Fix check for chown when processing NFSv4 ACL. * BUG 15082: The pcap background queue process should not be stopped. * BUG 15097: testparm: Fix typo in idmap rangesize check. * BUG 15106: net ads info returns LDAP server and LDAP server name as null. * BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link. * BUG 15090: CTDB child process logging does not work as expected. Changes since 4.16.1 -------------------- * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie. * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted. * BUG 15087: netgroups support removed. * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted server. * BUG 15062: Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS. * BUG 15071: waf produces incorrect names for python extensions with Python 3.11. * BUG 15075: smbclient -E doesn't work as advertised. * BUG 15071: waf produces incorrect names for python extensions with Python 3.11. * BUG 15081: The samba background daemon doesn't refresh the printcap cache on startup. * BUG 14443: Out-by-4 error in smbd read reply max_send clamp.. Changes since 4.16.0 -------------------- * BUG 14831: Share and server swapped in smbget password prompt. * BUG 15022: Durable handles won't reconnect if the leased file is written to. * BUG 15023: rmdir silently fails if directory contains unreadable files and hide unreadable is yes. * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle. * BUG 8731: Need to describe --builtin-libraries= better (compare with --bundled-libraries). * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback. * BUG 15035: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes. * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew error. * BUG 15041: Username map - samba erroneously applies unix group memberships to user account entries. * BUG 14951: KVNO off by 100000. * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module. * BUG 15055: vfs_gpfs recalls=no option prevents listing files. * BUG 15054: smbd doesn't handle UPNs for looking up names.
Revision 1.144 / (download) - annotate - [select for diffs], Thu Jun 30 11:18:43 2022 UTC (21 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.143: +2 -2
lines
Diff to previous 1.143 (colored) to selected 1.16.2.1 (colored)
*: Revbump packages that use Python at runtime without a PKGNAME prefix
Revision 1.143 / (download) - annotate - [select for diffs], Mon Jun 27 20:59:40 2022 UTC (21 months, 3 weeks ago) by rin
Branch: MAIN
Changes since 1.142: +2 -2
lines
Diff to previous 1.142 (colored) to selected 1.16.2.1 (colored)
net/samba{,4}: Restrict ``disabling PIE hack'' for NetBSD/powerpc
prior to 9.0.
ld.elf_so(1) for 9.0 and later support R_PPC_ADDR16_HA (== 6) and
friends:
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ld.elf_so/arch/powerpc/ppc_reloc.c#rev1.58.2.1
Bump revision.
Close PR pkg/38961.
Revision 1.142 / (download) - annotate - [select for diffs], Thu Mar 24 10:16:13 2022 UTC (2 years ago) by hauke
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Branch point for: pkgsrc-2022Q2
Changes since 1.141: +3 -1
lines
Diff to previous 1.141 (colored) to selected 1.16.2.1 (colored)
Restore a SYSCONFDIR path substitution that had gone lost, probably as a result of running mkpatches after 'make configure'.
Revision 1.141 / (download) - annotate - [select for diffs], Sun Mar 20 21:53:53 2022 UTC (2 years ago) by adam
Branch: MAIN
Changes since 1.140: +2 -9
lines
Diff to previous 1.140 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.15.6 Changes since 4.15.5 -------------------- * BUG 14169: Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND. * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key. * BUG 14938: NT error code is not set when overwriting a file during rename in libsmbclient. * BUG 14996: Fix ldap simple bind with TLS auditing. * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted server. * BUG 14979: Problem when winbind renews Kerberos. * BUG 8691: pam_winbind will not allow gdm login if password about to expire. * BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file. * BUG 13631: DFS fix for AIX broken. * BUG 14974: Solaris and AIX acl modules: wrong function arguments. * BUG 7239: Function aixacl_sys_acl_get_file not declared / coredump. * BUG 14900: Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam. * BUG 14989: Fix a use-after-free in SMB1 server. * BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2. * BUG 14984: changing the machine password against an RODC likely destroys the domain join. * BUG 14993: authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument. * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot. * BUG 14967: Samba autorid fails to map AD users if id rangesize fits in the id range only once.
Revision 1.140 / (download) - annotate - [select for diffs], Wed Mar 9 16:36:54 2022 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.139: +2 -2
lines
Diff to previous 1.139 (colored) to selected 1.16.2.1 (colored)
samba4: Add missing dependency on bison
Revision 1.139 / (download) - annotate - [select for diffs], Mon Mar 7 22:45:49 2022 UTC (2 years, 1 month ago) by thor
Branch: MAIN
Changes since 1.138: +2 -2
lines
Diff to previous 1.138 (colored) to selected 1.16.2.1 (colored)
net/samba4: security update to 4.15.5
This is a security release in order to address the following defects:
o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Revision 1.138 / (download) - annotate - [select for diffs], Mon Mar 7 21:40:37 2022 UTC (2 years, 1 month ago) by thor
Branch: MAIN
Changes since 1.137: +3 -6
lines
Diff to previous 1.137 (colored) to selected 1.16.2.1 (colored)
net/samba4: version 4.15.4 This includes a patch (already posted upstream) to fix updated Samba on NetBSD's /proc, so the upgrade is not blocked anymore. Release notes for 4.15: EW FEATURES/CHANGES ==================== VFS --- The effort to modernize Samba's VFS interface is complete and Samba 4.15.0 ships with a modernized VFS designed for the post SMB1 world. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the <https://wiki.samba.org/index.php/The_New_VFS>. Bind DLZ: add the ability to set allow/deny lists for zone transfer clients --------------------------------------------------------------------------- Up to now, any client could use a DNS zone transfer request to the bind server, and get an answer from Samba. Now the default behaviour will be to deny those request. Two new options have been added to manage the list of authorized/denied clients for zone transfer requests. In order to be accepted, the request must be issued by a client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental ----------------------------------------------------- This option is enabled by default starting with 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. samba-tool available without the ad-dc -------------------------------------- The 'samba-tool' command is now available when samba is configured "--without-ad-dc". Not all features will work, and some ad-dc specific options have been disabled. The 'samba-tool domain' options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable 'samba-tool'. Improved command line user experience ------------------------------------- Samba utilities did not consistently implement their command line interface. A number of options were requiring to specify values in one tool and not in the other, some options meant different in different tools. These should be stories of the past now. A new command line parser has been implemented with sanity checking. Also the command line interface has been simplified and provides better control for encryption, signing and kerberos. Previously many tools silently ignored unknown options. To prevent unexpected behaviour all tools will now consistently reject unknown options. Also several command line options have a smb.conf variable to control the default now. All tools are now logging to stderr by default. You can use "--debug-stdout" to change the behavior. All servers will log to stderr at early startup until logging is setup to go to a file by default. ### Common parser: Options added: --client-protection=off|sign|encrypt Options renamed: --kerberos -> --use-kerberos=required|desired|off --krb5-ccache -> --use-krb5-ccache=CCACHE --scope -> --netbios-scope=SCOPE --use-ccache -> --use-winbind-ccache Options removed: -e|--encrypt -C removed from --use-winbind-ccache -i removed from --netbios-scope -S|--signing ### Duplicates in command line utils ldbadd/ldbdel/ldbedit/ldbmodify/ldbrename/ldbsearch: -e is still available as an alias for --editor, as it used to be. -s is no longer reported as an alias for --configfile, it never worked that way as it was shadowed by '-s' for '--scope'. ndrdump: -l is not available for --load-dso anymore net: -l is not available for --long anymore sharesec: -V is not available for --viewsddl anymore smbcquotas: --user -> --quota-user nmbd: --log-stdout -> --debug-stdout smbd: --log-stdout -> --debug-stdout winbindd: --log-stdout -> --debug-stdout Scanning of trusted domains and enterprise principals ----------------------------------------------------- As an artifact from the NT4 times, we still scanned the list of trusted domains on winbindd startup. This is wrong as we never can get a full picture in Active Directory. It is time to change the default value to "No". Also with this change we always use enterprise principals for Kerberos so that the DC will be able to redirect ticket requests to the right DC. This is e.g. needed for one way trusts. The options `winbind use krb5 enterprise principals` and `winbind scan trusted domains` will be deprecated in one of the next releases. Support for Offline Domain Join (ODJ) ------------------------------------- The net utility is now able to support the offline domain join feature as known from the Windows djoin.exe command for many years. Samba's implementation is accessible via the 'net offlinejoin' subcommand. It can provision computers and request offline joining for both Windows and Unix machines. It is also possible to provision computers from Windows (using djoin.exe) and use the generated data in Samba's 'net' utility. The existing options for the provisioning and joining steps are documented in the net(8) manpage. 'samba-tool dns zoneoptions' for aging control ---------------------------------------------- The 'samba-tool dns zoneoptions' command can be used to turn aging on and off, alter the refresh and no-refresh periods, and manipulate the timestamps of existing records. To turn aging on for a zone, you can use something like this: samba-tool dns zoneoptions --aging=1 --refreshinterval=306600 which turns on aging and ensures no records less than five years old are aged out and scavenged. After aging has been on for sufficient time for records to be renewed, the command samba-tool dns zoneoptions --refreshinterval=168 will set the refresh period to the standard seven days. Using this two step process will help prevent the temporary loss of dynamic records if scavenging happens before their first renewal. Marking old records as static or dynamic with 'samba-tool' ---------------------------------------------------------- A bug in Samba versions prior to 4.9 meant records that were meant to be static were marked as dynamic and vice versa. To fix the timestamps in these domains, it is possible to use the following options, preferably before turning aging on. --mark-old-records-static --mark-records-dynamic-regex --mark-records-static-regex The "--mark-old-records-static" option will make records older than the specified date static (that is, with a zero timestamp). For example, if you upgraded to Samba 4.9 in November 2018, you could use ensure no old records will be mistakenly interpreted as dynamic using the following option: samba-tool dns zoneoptions --mark-old-records-static=2018-11-30 Then, if you know that that will have marked some records as static that should be dynamic, and you know which those are due to your naming scheme, you can use commands like: samba-tool dns zoneoptions --mark-records-dynamic-regex='\w+-desktop' where '\w+-desktop' is a perl-compatible regular expression that will match 'bob-desktop', 'alice-desktop', and so on. These options are deliberately long and cumbersome to type, so people have a chance to think before they get to the end. You can make a mess if you get it wrong. All 'samba-tool dns zoneoptions' modes can be given a "--dry-run/-n" argument that allows you to inspect the likely results before going ahead. NOTE: for aging to work, you need to have "dns zone scavenging = yes" set in the smb.conf of at least one server. DNS tombstones are now deleted as appropriate --------------------------------------------- When all the records for a DNS name have been deleted, the node is put in a tombstoned state (separate from general AD object tombstoning, which deleted nodes also go through). These tombstones should be cleaned up periodically. Due to a conflation of scavenging and tombstoning, we have only been deleting tombstones when aging is enabled. If you have a lot of tombstoned DNS nodes (that is, DNS names for which you have removed all the records), cleaning up these DNS tombstones may take a noticeable time. DNS tombstones use a consistent timestamp format ------------------------------------------------ DNS records use an hours-since-1601 timestamp format except for in the case of tombstone records where a 100-nanosecond-intervals-since-1601 format is used (this latter format being the most common in Windows). We had mixed that up, which might have had strange effects in zones where aging was enabled (and hence tombstone timestamps were used). samba-tool dns update and RPC changes ------------------------------------- The dnsserver DCERPC pipe can be used by 'samba-tool' and Windows tools to manipulate dns records on the remote server. A bug in Samba meant it was not possible to update an existing DNS record to change the TTL. The general behaviour of RPC updates is now closer to that of Windows. 'samba-tool dns update' is now a bit more careful in rejecting and warning you about malformed IPv4 and IPv6 addresses. CVE-2021-3671: Crash in Heimdal KDC and updated security release policy ----------------------------------------------------------------------- An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. Per Samba's updated security process a specific security release was not made for this issue as it is a recoverable Denial Of Service. See https://wiki.samba.org/index.php/Samba_Security_Proces samba-tool domain backup offline with the LMDB backend ------------------------------------------------------ samba-tool domain backup offline, when operating with the LMDB backend now correctly takes out locks against concurrent modification of the database during the backup. If you use this tool on a Samba AD DC using LMDB, you should upgrade to this release for safer backups. REMOVED FEATURES ================ Tru64 ACL support has been removed from this release. The last supported release of Tru64 UNIX was in 2012. NIS support has been removed from this release. This is not available in Linux distributions anymore. The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9, which have been out of support since 2018. smb.conf changes ================ Parameter Name Description Default -------------- ----------- ------- client use kerberos New desired client max protocol Values Removed client min protocol Values Removed client protection New default client smb3 signing algorithms New see man smb.conf client smb3 encryption algorithms New see man smb.conf preopen:posix-basic-regex New No preopen:nomatch_log_level New 5 preopen:match_log_level New 5 preopen:nodigits_log_level New 1 preopen:founddigits_log_level New 3 preopen:reset_log_level New 5 preopen:push_log_level New 3 preopen:queue_log_level New 10 server max protocol Values Removed server min protocol Values Removed server multi channel support Changed Yes (on Linux and FreeBSD) server smb3 signing algorithms New see man smb.conf server smb3 encryption algorithms New see man smb.conf winbind use krb5 enterprise principals Changed Yes winbind scan trusted domains Changed No Release notes for 4.14: NEW FEATURES/CHANGES ==================== Here is a copy of a clarification note added to the Samba code in the file: VFS-License-clarification.txt. -------------------------------------------------------------- A clarification of our GNU GPL License enforcement boundary within the Samba Virtual File System (VFS) layer. Samba is licensed under the GNU GPL. All code committed to the Samba project or that creates a "modified version" or software "based on" Samba must be either licensed under the GNU GPL or a compatible license. Samba has several plug-in interfaces where external code may be called from Samba GNU GPL licensed code. The most important of these is the Samba VFS layer. Samba VFS modules are intimately connected by header files and API definitions to the part of the Samba code that provides file services, and as such, code that implements a plug-in Samba VFS module must be licensed under the GNU GPL or a compatible license. However, Samba VFS modules may themselves call third-party external libraries that are not part of the Samba project and are externally developed and maintained. As long as these third-party external libraries do not use any of the Samba internal structure, APIs or interface definitions created by the Samba project (to the extent that they would be considered subject to the GNU GPL), then the Samba Team will not consider such third-party external libraries called from Samba VFS modules as "based on" and/or creating a "modified version" of the Samba code for the purposes of GNU GPL. Accordingly, we do not require such libraries be licensed under the GNU GPL or a GNU GPL compatible license. VFS --- The effort to modernize Samba's VFS interface has reached a major milestone with the next release Samba 4.14. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the <https://wiki.samba.org/index.php/The_New_VFS>. Printing -------- Publishing printers in AD is more reliable and more printer features are added to the published information in AD. Samba now also supports Windows drivers for the ARM64 architecture. Client Group Policy ------------------- This release extends Samba to support Group Policy functionality for Winbind clients. Active Directory Administrators can set policies that apply Sudoers configuration, and cron jobs to run hourly, daily, weekly or monthly. To enable the application of Group Policies on a client, set the global smb.conf option 'apply group policies' to 'yes'. Policies are applied on an interval of every 90 minutes, plus a random offset between 0 and 30 minutes. Policies applied by Samba are 'non-tattooing', meaning that changes can be reverted by executing the `samba-gpupdate --unapply` command. Policies can be re-applied using the `samba-gpupdate --force` command. To view what policies have been or will be applied to a system, use the `samba-gpupdate --rsop` command. Administration of Samba policy requires that a Samba ADMX template be uploaded to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is provided as a convenient method for adding this policy. Once uploaded, policies can be modified in the Group Policy Management Editor under Computer Configuration/Policies/Administrative Templates. Alternatively, Samba policy may be managed using the `samba-tool gpo manage` command. This tool does not require the admx templates to be installed. Python 3.6 or later required
Revision 1.134.2.2 / (download) - annotate - [select for diffs], Sun Feb 6 19:11:23 2022 UTC (2 years, 2 months ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.134.2.1: +4 -2
lines
Diff to previous 1.134.2.1 (colored) to branchpoint 1.134 (colored) next main 1.135 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6577 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.136-1.137
- net/samba4/distinfo 1.72
---
Module Name: pkgsrc
Committed By: gdt
Date: Tue Jan 25 19:25:01 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
net/samba4: Add upstream bug report URL
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 31 13:45:12 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: udpate to 4.13.17
===============================
Release Notes for Samba 4.13.17
January 31, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Changes since 4.13.16
---------------------
o Ralph Boehme <slow@samba.org>
* BUG 14914: CVE-2021-44142
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14950: CVE-2022-0336
Revision 1.137 / (download) - annotate - [select for diffs], Mon Jan 31 13:45:12 2022 UTC (2 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.136: +2 -2
lines
Diff to previous 1.136 (colored) to selected 1.16.2.1 (colored)
net/samba4: udpate to 4.13.17
===============================
Release Notes for Samba 4.13.17
January 31, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
Changes since 4.13.16
---------------------
o Ralph Boehme <slow@samba.org>
* BUG 14914: CVE-2021-44142
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14950: CVE-2022-0336
Revision 1.136 / (download) - annotate - [select for diffs], Tue Jan 25 19:25:01 2022 UTC (2 years, 2 months ago) by gdt
Branch: MAIN
Changes since 1.135: +3 -1
lines
Diff to previous 1.135 (colored) to selected 1.16.2.1 (colored)
net/samba4: Add upstream bug report URL
Revision 1.134.2.1 / (download) - annotate - [select for diffs], Fri Jan 21 15:49:25 2022 UTC (2 years, 2 months ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.134: +2 -2
lines
Diff to previous 1.134 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6572 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.135
- net/samba4/distinfo 1.71
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 10 14:11:16 UTC 2022
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.13.16
===============================
Release Notes for Samba 4.13.16
January 10, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x.
https://www.samba.org/samba/security/CVE-2021-43566.html
=======
Details
=======
o CVE-2021-43566:
All versions of Samba prior to 4.13.16 are vulnerable to a malicious
client using an SMB1 or NFS symlink race to allow a directory to be
created in an area of the server file system not exported under the
share definition. Note that SMB1 has to be enabled, or the share
also available via NFS in order for this attack to succeed.
Clients that have write access to the exported part of the file system
under a share via SMB1 unix extensions or NFS can create symlinks that
can race the server by renaming an existing path and then replacing it
with a symlink. If the client wins the race it can cause the server to
create a directory under the new symlink target after the exported
share path check has been done. This new symlink target can point to
anywhere on the server file system. The authenticated user must have
permissions to create a directory under the target directory of the
symlink.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race only when the server
is slowed down and put under heavy load. Exploitation of this bug has
not been seen in the wild.
Changes since 4.13.15
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 13979: CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x
Revision 1.135 / (download) - annotate - [select for diffs], Mon Jan 10 14:11:16 2022 UTC (2 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.134: +2 -2
lines
Diff to previous 1.134 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.13.16
===============================
Release Notes for Samba 4.13.16
January 10, 2022
===============================
This is a security release in order to address the following defects:
o CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x.
https://www.samba.org/samba/security/CVE-2021-43566.html
=======
Details
=======
o CVE-2021-43566:
All versions of Samba prior to 4.13.16 are vulnerable to a malicious
client using an SMB1 or NFS symlink race to allow a directory to be
created in an area of the server file system not exported under the
share definition. Note that SMB1 has to be enabled, or the share
also available via NFS in order for this attack to succeed.
Clients that have write access to the exported part of the file system
under a share via SMB1 unix extensions or NFS can create symlinks that
can race the server by renaming an existing path and then replacing it
with a symlink. If the client wins the race it can cause the server to
create a directory under the new symlink target after the exported
share path check has been done. This new symlink target can point to
anywhere on the server file system. The authenticated user must have
permissions to create a directory under the target directory of the
symlink.
This is a difficult race to win, but theoretically possible. Note that
the proof of concept code supplied wins the race only when the server
is slowed down and put under heavy load. Exploitation of this bug has
not been seen in the wild.
Changes since 4.13.15
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 13979: CVE-2021-43566: mkdir race condition allows share escape in Samba 4.x
Revision 1.134 / (download) - annotate - [select for diffs], Sat Dec 25 03:36:01 2021 UTC (2 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base
Branch point for: pkgsrc-2021Q4
Changes since 1.133: +3 -3
lines
Diff to previous 1.133 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.13.15
This release contain security fixes.
===============================
Release Notes for Samba 4.13.15
December 15, 2021
===============================
This is the latest stable release of the Samba 4.13 release series.
Important Notes
===============
There have been a few regressions in the security release 4.13.14:
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
PLEASE [RE-]READ!
The instructions have been updated and some workarounds
initially adviced for 4.13.14 are no longer required and
should be reverted in most cases.
o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable. While this release should fix this bug, it is
adviced to have a look at the bug report for more detailed
information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.
Changes since 4.13.14
---------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 14656: Spaces incorrectly collapsed in ldb attributes.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
* BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become un-
deletable.
o Ralph Boehme <slow@samba.org>
* BUG 14922: Kerberos authentication on standalone server in MIT realm
broken.
o Alexander Bokovoy <ab@samba.org>
* BUG 14903: Support for ROLE_IPA_DC is incomplete.
o Stefan Metzmacher <metze@samba.org>
* BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token.
Revision 1.133 / (download) - annotate - [select for diffs], Wed Dec 8 16:02:30 2021 UTC (2 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.132: +2 -1
lines
Diff to previous 1.132 (colored) to selected 1.16.2.1 (colored)
revbump for icu and libffi
Revision 1.129.2.1 / (download) - annotate - [select for diffs], Wed Nov 24 12:45:47 2021 UTC (2 years, 4 months ago) by tm
Branch: pkgsrc-2021Q3
Changes since 1.129: +4 -4
lines
Diff to previous 1.129 (colored) next main 1.130 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6537 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.130-1.132
- net/samba4/PLIST 1.39-1.40
- net/samba4/distinfo 1.67,1.69
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Sep 29 19:01:31 UTC 2021
Modified Files:
pkgsrc/archivers/ark: Makefile
pkgsrc/archivers/innoextract: Makefile
pkgsrc/archivers/libcomprex: Makefile buildlink3.mk
pkgsrc/archivers/libzip: Makefile buildlink3.mk
pkgsrc/archivers/php-pecl-zip: Makefile
pkgsrc/archivers/php-zip: Makefile
pkgsrc/audio/ardour: Makefile
pkgsrc/audio/ario: Makefile
pkgsrc/audio/audacious-plugins: Makefile
pkgsrc/audio/bmp-scrobbler: Makefile
pkgsrc/audio/cmusfm: Makefile
pkgsrc/audio/csound6: Makefile
pkgsrc/audio/din: Makefile
pkgsrc/audio/flactag: Makefile
pkgsrc/audio/forked-daapd: Makefile
pkgsrc/audio/gbemol: Makefile
pkgsrc/audio/glyr: Makefile buildlink3.mk
pkgsrc/audio/grip: Makefile
pkgsrc/audio/herrie: Makefile
pkgsrc/audio/hydrogen: Makefile
pkgsrc/audio/icecast: Makefile
pkgsrc/audio/jack-rack: Makefile
pkgsrc/audio/libmusicbrainz: Makefile buildlink3.mk
pkgsrc/audio/libmusicbrainz5: Makefile buildlink3.mk
pkgsrc/audio/libofa: Makefile
pkgsrc/audio/mad123: Makefile
pkgsrc/audio/moc: Makefile
pkgsrc/audio/mp3diags: Makefile
pkgsrc/audio/mpdas: Makefile
pkgsrc/audio/musicpd: Makefile
pkgsrc/audio/ncmpcpp: Makefile
pkgsrc/audio/pianobar: Makefile
pkgsrc/audio/pragha: Makefile
pkgsrc/audio/qmmp: Makefile
pkgsrc/audio/sound-juicer: Makefile
pkgsrc/audio/strawberry: Makefile
pkgsrc/audio/streamtuner: Makefile buildlink3.mk
pkgsrc/audio/terminatorx: Makefile
pkgsrc/audio/tremor-tools: Makefile
pkgsrc/audio/vimpc: Makefile
pkgsrc/audio/vorbis-tools: Makefile
pkgsrc/biology/canu: Makefile
pkgsrc/biology/coordgenlibs: Makefile buildlink3.mk
pkgsrc/biology/htslib: Makefile
pkgsrc/biology/maeparser: Makefile buildlink3.mk
pkgsrc/biology/ncbi-blast+: Makefile
pkgsrc/biology/openbabel: Makefile
pkgsrc/cad/kicad: Makefile
pkgsrc/cad/librecad: Makefile
pkgsrc/cad/openscad: Makefile
pkgsrc/chat/anope: Makefile
pkgsrc/chat/bitlbee: Makefile
pkgsrc/chat/centerim: Makefile
pkgsrc/chat/ctrlproxy: Makefile
pkgsrc/chat/ekg: Makefile
pkgsrc/chat/farstream: Makefile
pkgsrc/chat/gloox: Makefile
pkgsrc/chat/ircd-hybrid: Makefile
pkgsrc/chat/konversation: Makefile
pkgsrc/chat/ktp-accounts-kcm: Makefile
pkgsrc/chat/ktp-approver: Makefile
pkgsrc/chat/ktp-auth-handler: Makefile
pkgsrc/chat/ktp-common-internals: Makefile buildlink3.mk
pkgsrc/chat/ktp-contact-list: Makefile
pkgsrc/chat/ktp-contact-runner: Makefile
pkgsrc/chat/ktp-desktop-applets: Makefile
pkgsrc/chat/ktp-filetransfer-handler: Makefile
pkgsrc/chat/ktp-kded-integration-module: Makefile
pkgsrc/chat/ktp-send-file: Makefile
pkgsrc/chat/ktp-text-ui: Makefile
pkgsrc/chat/libgadu: Makefile buildlink3.mk
pkgsrc/chat/libpurple: Makefile
pkgsrc/chat/mumble: Makefile
pkgsrc/chat/profanity: Makefile
pkgsrc/chat/scrollz: Makefile
pkgsrc/chat/spectrum: Makefile
pkgsrc/chat/swift: Makefile
pkgsrc/chat/telepathy-gabble: Makefile
pkgsrc/chat/unrealircd: Makefile
pkgsrc/chat/weechat: Makefile
pkgsrc/chat/znc: Makefile
pkgsrc/comms/asterisk13: Makefile
pkgsrc/comms/asterisk16: Makefile
pkgsrc/comms/asterisk18: Makefile
pkgsrc/comms/gammu: Makefile
pkgsrc/converters/libabw: Makefile buildlink3.mk
pkgsrc/converters/libcdr: Makefile buildlink3.mk
pkgsrc/converters/libe-book: Makefile buildlink3.mk
pkgsrc/converters/libepubgen: Makefile buildlink3.mk
pkgsrc/converters/libetonyek: Makefile buildlink3.mk
pkgsrc/converters/libfreehand: Makefile buildlink3.mk
pkgsrc/converters/libmspub: Makefile buildlink3.mk
pkgsrc/converters/libmwaw: Makefile buildlink3.mk
pkgsrc/converters/libpagemaker: Makefile buildlink3.mk
pkgsrc/converters/libqxp: Makefile buildlink3.mk
pkgsrc/converters/librevenge: Makefile buildlink3.mk
pkgsrc/converters/libstaroffice: Makefile
pkgsrc/converters/libvisio: Makefile buildlink3.mk
pkgsrc/converters/libwpd: Makefile buildlink3.mk
pkgsrc/converters/libwpg: Makefile buildlink3.mk
pkgsrc/converters/libwps: Makefile buildlink3.mk
pkgsrc/converters/libzmf: Makefile
pkgsrc/converters/orcus: Makefile
pkgsrc/converters/rss2html: Makefile
pkgsrc/databases/couchdb: Makefile
pkgsrc/databases/freetds: Makefile buildlink3.mk
pkgsrc/databases/libcassandra: Makefile
pkgsrc/databases/mariadb104-client: Makefile
pkgsrc/databases/mariadb104-server: Makefile
pkgsrc/databases/mariadb105-client: Makefile
pkgsrc/databases/mariadb105-server: Makefile
pkgsrc/databases/mariadb106-client: Makefile
pkgsrc/databases/mariadb106-server: Makefile
pkgsrc/databases/mongodb: Makefile
pkgsrc/databases/mongodb3: Makefile
pkgsrc/databases/mysql-workbench: Makefile
pkgsrc/databases/mysql57-client: Makefile
pkgsrc/databases/mysql57-server: Makefile
pkgsrc/databases/p5-DBD-Sybase: Makefile
pkgsrc/databases/p5-sqlrelay: Makefile
pkgsrc/databases/p5-sybperl: Makefile
pkgsrc/databases/php-mssql: Makefile
pkgsrc/databases/php-pdo_dblib: Makefile
pkgsrc/databases/php-sqlrelay: Makefile
pkgsrc/databases/postgresql-postgis2: Makefile
pkgsrc/databases/py-mssql: Makefile
pkgsrc/databases/py-sqlrelay: Makefile
pkgsrc/databases/py-sybase: Makefile
pkgsrc/databases/qore-freetds-module: Makefile
pkgsrc/databases/ruby-sqlrelay: Makefile
pkgsrc/databases/ruby-tiny_tds: Makefile
pkgsrc/databases/soci: Makefile
pkgsrc/databases/sqlrelay: Makefile buildlink3.mk
pkgsrc/databases/sqlrelay-freetds: Makefile
pkgsrc/databases/sqlrelay-mysql: Makefile
pkgsrc/databases/sqlrelay-nodejs: Makefile
pkgsrc/databases/sqlrelay-odbc: Makefile
pkgsrc/databases/sqlrelay-pgsql: Makefile
pkgsrc/databases/sqlrelay-sqlite: Makefile
pkgsrc/databases/sqsh: Makefile
pkgsrc/databases/virtuoso: Makefile
pkgsrc/devel/aegis: Makefile
pkgsrc/devel/cfitsio: Makefile
pkgsrc/devel/cmake: Makefile
pkgsrc/devel/cmake-gui: Makefile
pkgsrc/devel/darcs: Makefile
pkgsrc/devel/ecore: Makefile buildlink3.mk
pkgsrc/devel/eio: Makefile buildlink3.mk
pkgsrc/devel/exempi: Makefile
pkgsrc/devel/fifengine: Makefile
pkgsrc/devel/gearmand: Makefile buildlink3.mk
pkgsrc/devel/git-base: Makefile
pkgsrc/devel/gnustep-base: Makefile
pkgsrc/devel/kdesdk-kioslaves: Makefile
pkgsrc/devel/kdesdk-strigi-analyzers: Makefile
pkgsrc/devel/kdesdk-thumbnailers: Makefile
pkgsrc/devel/kdevelop4: Makefile
pkgsrc/devel/kdevplatform: Makefile
pkgsrc/devel/kio-extras: Makefile
pkgsrc/devel/libcutl: Makefile
pkgsrc/devel/libftdi1: Makefile
pkgsrc/devel/libgit2: Makefile
pkgsrc/devel/libkgapi: Makefile
pkgsrc/devel/librelp: Makefile buildlink3.mk
pkgsrc/devel/libthrift: Makefile
pkgsrc/devel/libxenserver: Makefile buildlink3.mk
pkgsrc/devel/mad-flute: Makefile
pkgsrc/devel/mdds: Makefile
pkgsrc/devel/mdds1.2: Makefile
pkgsrc/devel/netcdf: Makefile buildlink3.mk
pkgsrc/devel/netcdf-cxx: Makefile buildlink3.mk
pkgsrc/devel/netcdf-fortran: Makefile buildlink3.mk
pkgsrc/devel/okteta: Makefile
pkgsrc/devel/php-gearman: Makefile
pkgsrc/devel/radare2: Makefile buildlink3.mk
pkgsrc/devel/radare2-cutter: Makefile
pkgsrc/devel/rudiments: Makefile buildlink3.mk
pkgsrc/devel/sdcc3: Makefile
pkgsrc/devel/ucommon: Makefile buildlink3.mk
pkgsrc/devel/vera++: Makefile
pkgsrc/editors/Sigil: Makefile
pkgsrc/editors/TeXmacs: Makefile
pkgsrc/editors/abiword: Makefile buildlink3.mk
pkgsrc/editors/abiword-plugins: Makefile
pkgsrc/editors/codelite: Makefile
pkgsrc/editors/emacs25: Makefile
pkgsrc/editors/emacs26: Makefile
pkgsrc/editors/emacs27: Makefile
pkgsrc/editors/gobby: Makefile
pkgsrc/editors/lyx: Makefile
pkgsrc/editors/obby: Makefile buildlink3.mk
pkgsrc/editors/poedit: Makefile
pkgsrc/editors/xournalpp: Makefile
pkgsrc/emulators/cannonball: Makefile
pkgsrc/emulators/ckmame: Makefile
pkgsrc/emulators/dolphin-emu: Makefile
pkgsrc/emulators/emulationstation: Makefile
pkgsrc/emulators/libretro-dolphin: Makefile
pkgsrc/emulators/mgba: Makefile
pkgsrc/emulators/qemu: Makefile
pkgsrc/emulators/wine: Makefile
pkgsrc/filesystems/cloudfuse: Makefile
pkgsrc/filesystems/fuse-curlftpfs: Makefile
pkgsrc/filesystems/fuse-wdfs: Makefile
pkgsrc/finance/QuantLib: Makefile
pkgsrc/finance/bitcoin: Makefile
pkgsrc/finance/cpuminer: Makefile
pkgsrc/finance/gnucash: Makefile
pkgsrc/finance/ledger: Makefile
pkgsrc/finance/libofx: Makefile
pkgsrc/fonts/ghostscript-cidfonts-ryumin: Makefile
pkgsrc/games/7kaa: Makefile
pkgsrc/games/amor: Makefile
pkgsrc/games/asc: Makefile
pkgsrc/games/assaultcube: Makefile
pkgsrc/games/bastet: Makefile
pkgsrc/games/bzflag: Makefile
pkgsrc/games/criticalmass: Makefile
pkgsrc/games/crossfire-client: Makefile
pkgsrc/games/crossfire-server: Makefile
pkgsrc/games/dhewm3: Makefile
pkgsrc/games/dopewars: Makefile
pkgsrc/games/enigma: Makefile
pkgsrc/games/etlegacy: Makefile
pkgsrc/games/etlegacy-server: Makefile
pkgsrc/games/flightgear: Makefile
pkgsrc/games/freeciv-client: Makefile
pkgsrc/games/freeciv-server: Makefile
pkgsrc/games/freeciv-share: Makefile
pkgsrc/games/ggz-client-libs: Makefile buildlink3.mk
pkgsrc/games/holtz: Makefile
pkgsrc/games/ioquake3: Makefile
pkgsrc/games/iortcw: Makefile
pkgsrc/games/klavaro: Makefile
pkgsrc/games/lgogdownloader: Makefile
pkgsrc/games/libggz: Makefile buildlink3.mk
pkgsrc/games/manaplus: Makefile
pkgsrc/games/megaglest: Makefile
pkgsrc/games/minetest: Makefile
pkgsrc/games/naev: Makefile
pkgsrc/games/openmw: Makefile
pkgsrc/games/openrct2: Makefile
pkgsrc/games/pingus: Makefile
pkgsrc/games/powder-toy: Makefile
pkgsrc/games/quakeforge: Makefile
pkgsrc/games/scummvm: Makefile
pkgsrc/games/scummvm-tools: Makefile
pkgsrc/games/simgear: Makefile buildlink3.mk
pkgsrc/games/supertux: Makefile
pkgsrc/games/supertuxkart: Makefile
pkgsrc/games/taisei: Makefile
pkgsrc/games/ufoai: Makefile
pkgsrc/games/violetland: Makefile
pkgsrc/games/warmux: Makefile
pkgsrc/games/warzone2100: Makefile
pkgsrc/games/wesnoth: Makefile
pkgsrc/games/widelands: Makefile
pkgsrc/games/yquake2: Makefile
pkgsrc/geography/R-rgdal: Makefile
pkgsrc/geography/R-sf: Makefile
pkgsrc/geography/gdal-lib: Makefile buildlink3.mk
pkgsrc/geography/mapserver: Makefile
pkgsrc/geography/merkaartor: Makefile
pkgsrc/geography/opencpn: Makefile
pkgsrc/geography/osm2pgsql: Makefile
pkgsrc/geography/pdal-lib: Makefile buildlink3.mk
pkgsrc/geography/py-gdal: Makefile
pkgsrc/geography/qgis: Makefile
pkgsrc/geography/qlandkartegt: Makefile
pkgsrc/geography/qlandkartem: Makefile
pkgsrc/geography/viking: Makefile
pkgsrc/graphics/GMT: Makefile
pkgsrc/graphics/GraphicsMagick: Makefile buildlink3.mk
pkgsrc/graphics/ImageMagick: Makefile buildlink3.mk
pkgsrc/graphics/ImageMagick6: Makefile buildlink3.mk
pkgsrc/graphics/aqsis: Makefile
pkgsrc/graphics/autotrace: Makefile
pkgsrc/graphics/blender: Makefile
pkgsrc/graphics/blender-lts: Makefile
pkgsrc/graphics/camlimages: Makefile
pkgsrc/graphics/darktable: Makefile
pkgsrc/graphics/digikam: Makefile
pkgsrc/graphics/drawpile: Makefile
pkgsrc/graphics/dx: Makefile
pkgsrc/graphics/edje: Makefile buildlink3.mk
pkgsrc/graphics/enblend-enfuse: Makefile
pkgsrc/graphics/feh: Makefile
pkgsrc/graphics/gimmage: Makefile
pkgsrc/graphics/gmic: Makefile
pkgsrc/graphics/gource: Makefile
pkgsrc/graphics/gpick: Makefile
pkgsrc/graphics/graphviz: Makefile
pkgsrc/graphics/gri: Makefile
pkgsrc/graphics/hugin: Makefile
pkgsrc/graphics/jp2a: Makefile
pkgsrc/graphics/kde-base-artwork: Makefile
pkgsrc/graphics/kdegraphics-strigi-analyzer: Makefile
pkgsrc/graphics/kgamma: Makefile
pkgsrc/graphics/koverartist: Makefile
pkgsrc/graphics/kqtquickcharts4: Makefile
pkgsrc/graphics/krita: Makefile
pkgsrc/graphics/libgltf: Makefile
pkgsrc/graphics/libkexiv2-kde4: Makefile
pkgsrc/graphics/libsixel: Makefile
pkgsrc/graphics/lsix: Makefile
pkgsrc/graphics/luminance-hdr: Makefile
pkgsrc/graphics/ncview: Makefile
pkgsrc/graphics/openimageio: Makefile buildlink3.mk
pkgsrc/graphics/osg: Makefile buildlink3.mk
pkgsrc/graphics/p5-GraphicsMagick: Makefile
pkgsrc/graphics/p5-PerlMagick: Makefile
pkgsrc/graphics/pcl: Makefile buildlink3.mk
pkgsrc/graphics/pfstools: Makefile
pkgsrc/graphics/php-imagick: Makefile
pkgsrc/graphics/pstoedit: Makefile
pkgsrc/graphics/ruby-RMagick: Makefile
pkgsrc/graphics/sane-airscan: Makefile
pkgsrc/graphics/shotwell: Makefile
pkgsrc/graphics/tango-icon-theme: Makefile
pkgsrc/graphics/vtk: Makefile buildlink3.mk
pkgsrc/graphics/zbar: Makefile
pkgsrc/graphics/zphoto: Makefile
pkgsrc/ham/fldigi: Makefile
pkgsrc/ham/gnuradio-channels: Makefile
pkgsrc/ham/gnuradio-companion: Makefile
pkgsrc/ham/gnuradio-core: Makefile
pkgsrc/ham/gnuradio-ctrlport: Makefile
pkgsrc/ham/gnuradio-digital: Makefile
pkgsrc/ham/gnuradio-doxygen: Makefile
pkgsrc/ham/gnuradio-dtv: Makefile
pkgsrc/ham/gnuradio-fec: Makefile
pkgsrc/ham/gnuradio-network: Makefile
pkgsrc/ham/gnuradio-qtgui: Makefile
pkgsrc/ham/gnuradio-soapy-sdr: Makefile
pkgsrc/ham/gnuradio-trellis: Makefile
pkgsrc/ham/gnuradio-uhd: Makefile
pkgsrc/ham/gnuradio-utils: Makefile
pkgsrc/ham/gnuradio-video-sdl: Makefile
pkgsrc/ham/gnuradio-vocoder: Makefile
pkgsrc/ham/gnuradio-wavelet: Makefile
pkgsrc/ham/gnuradio-zeromq: Makefile
pkgsrc/ham/gpredict: Makefile
pkgsrc/ham/gr-fcdproplus: Makefile
pkgsrc/ham/gr-osmosdr: Makefile
pkgsrc/ham/trustedQSL: Makefile
pkgsrc/ham/uhd: Makefile
pkgsrc/inputmethod/fcitx5-chinese-addons: Makefile
pkgsrc/inputmethod/fcitx5-mozc: Makefile
pkgsrc/inputmethod/fcitx5-table-extra: Makefile
pkgsrc/inputmethod/fcitx5-table-other: Makefile
pkgsrc/inputmethod/ibus-mozc: Makefile
pkgsrc/inputmethod/libime: Makefile
pkgsrc/inputmethod/librime: Makefile
pkgsrc/inputmethod/mozc-elisp: Makefile
pkgsrc/inputmethod/mozc-renderer: Makefile
pkgsrc/inputmethod/mozc-server: Makefile
pkgsrc/inputmethod/mozc-tool: Makefile
pkgsrc/inputmethod/uim-mozc: Makefile
pkgsrc/lang/konoha: Makefile
pkgsrc/lang/nodejs10: Makefile buildlink3.mk
pkgsrc/lang/nodejs12: Makefile buildlink3.mk
pkgsrc/lang/openjdk11: Makefile
pkgsrc/lang/openjdk8: Makefile
pkgsrc/lang/rust: Makefile
pkgsrc/mail/akonadi: Makefile
pkgsrc/mail/balsa: Makefile
pkgsrc/mail/claws-mail: Makefile
pkgsrc/mail/claws-mail-archive: Makefile
pkgsrc/mail/claws-mail-attachwarner: Makefile
pkgsrc/mail/claws-mail-attremover: Makefile
pkgsrc/mail/claws-mail-bogofilter: Makefile
pkgsrc/mail/claws-mail-dillo: Makefile
pkgsrc/mail/claws-mail-fetchinfo: Makefile
pkgsrc/mail/claws-mail-libravatar: Makefile
pkgsrc/mail/claws-mail-mailmbox: Makefile
pkgsrc/mail/claws-mail-managesieve: Makefile
pkgsrc/mail/claws-mail-newmail: Makefile
pkgsrc/mail/claws-mail-notification: Makefile
pkgsrc/mail/claws-mail-pgpcore: Makefile
pkgsrc/mail/claws-mail-pgpinline: Makefile
pkgsrc/mail/claws-mail-pgpmime: Makefile
pkgsrc/mail/claws-mail-rssyl: Makefile
pkgsrc/mail/claws-mail-smime: Makefile
pkgsrc/mail/claws-mail-spamassassin: Makefile
pkgsrc/mail/claws-mail-spamreport: Makefile
pkgsrc/mail/claws-mail-tnef: Makefile
pkgsrc/mail/claws-mail-vcalendar: Makefile
pkgsrc/mail/cone: Makefile
pkgsrc/mail/evolution-data-server: Makefile
pkgsrc/mail/libetpan: Makefile buildlink3.mk
pkgsrc/mail/mailfront: Makefile
pkgsrc/mail/milter-greylist: Makefile
pkgsrc/mail/mpop: Makefile
pkgsrc/mail/msmtp: Makefile
pkgsrc/mail/mutt: Makefile
pkgsrc/mail/nmh: Makefile
pkgsrc/mail/nullmailer: Makefile
pkgsrc/mail/wmbiff: Makefile
pkgsrc/mail/xfce4-mailwatch-plugin: Makefile
pkgsrc/math/R: Makefile
pkgsrc/math/R-CGIwithR: Makefile
pkgsrc/math/R-RNetCDF: Makefile
pkgsrc/math/R-ncdf: Makefile
pkgsrc/math/R-ncdf4: Makefile
pkgsrc/math/cantor: Makefile
pkgsrc/math/cgal: Makefile buildlink3.mk
pkgsrc/math/grace: Makefile
pkgsrc/math/libixion: Makefile
pkgsrc/math/octave: Makefile
pkgsrc/math/py-Scientific: Makefile
pkgsrc/math/py-libixion: Makefile
pkgsrc/math/py-netCDF4: Makefile
pkgsrc/math/qalculate: Makefile buildlink3.mk
pkgsrc/math/qalculate-gtk: Makefile
pkgsrc/math/sc-im: Makefile
pkgsrc/math/volk: Makefile
pkgsrc/math/vowpal_wabbit: Makefile
pkgsrc/math/xmgr: Makefile
pkgsrc/misc/bibletime: Makefile
pkgsrc/misc/esniper: Makefile
pkgsrc/misc/fbreader: Makefile
pkgsrc/misc/gwaei: Makefile
pkgsrc/misc/kaccessible: Makefile
pkgsrc/misc/kchmviewer: Makefile
pkgsrc/misc/kde-wallpapers4: Makefile
pkgsrc/misc/kdeartwork4: Makefile
pkgsrc/misc/kdepim-runtime4: Makefile
pkgsrc/misc/kdepim4: Makefile
pkgsrc/misc/kdepimlibs4: Makefile buildlink3.mk
pkgsrc/misc/kdeplasma-addons4: Makefile
pkgsrc/misc/kremotecontrol: Makefile
pkgsrc/misc/kstars: Makefile
pkgsrc/misc/ktux: Makefile
pkgsrc/misc/libcarddav: Makefile
pkgsrc/misc/libkdeedu: Makefile buildlink3.mk
pkgsrc/misc/libreoffice: Makefile
pkgsrc/misc/ocaml-opam: Makefile
pkgsrc/misc/parley: Makefile
pkgsrc/misc/rocs: Makefile
pkgsrc/misc/step: Makefile
pkgsrc/misc/superkaramba: Makefile
pkgsrc/misc/sweeper: Makefile
pkgsrc/misc/sword: Makefile buildlink3.mk
pkgsrc/misc/usbprog: Makefile
pkgsrc/misc/wandio: Makefile buildlink3.mk
pkgsrc/multimedia/audiocd-kio: Makefile
pkgsrc/multimedia/dvdauthor: Makefile
pkgsrc/multimedia/ffmpeg2: Makefile
pkgsrc/multimedia/ffmpeg3: Makefile
pkgsrc/multimedia/ffmpeg4: Makefile
pkgsrc/multimedia/ffmpegthumbs: Makefile
pkgsrc/multimedia/gnome-mplayer: Makefile
pkgsrc/multimedia/gpac: Makefile
pkgsrc/multimedia/kscd: Makefile
pkgsrc/multimedia/libkcddb: Makefile buildlink3.mk
pkgsrc/multimedia/lightspark: Makefile
pkgsrc/multimedia/mediatomb: Makefile
pkgsrc/multimedia/mkvtoolnix: Makefile
pkgsrc/multimedia/mkvtoolnix-old: Makefile
pkgsrc/multimedia/mplayerthumbs: Makefile
pkgsrc/multimedia/nostt: Makefile
pkgsrc/multimedia/obs-studio: Makefile
pkgsrc/multimedia/omxplayer: Makefile
pkgsrc/multimedia/totem: Makefile
pkgsrc/multimedia/transcode: Makefile
pkgsrc/multimedia/vlc: Makefile
pkgsrc/multimedia/xine-lib: Makefile
pkgsrc/multimedia/xine-ui: Makefile
pkgsrc/net/aiccu: Makefile
pkgsrc/net/bbk_cli: Makefile
pkgsrc/net/btget: Makefile
pkgsrc/net/cclive: Makefile
pkgsrc/net/ccrtp: Makefile buildlink3.mk
pkgsrc/net/choqok: Makefile
pkgsrc/net/chrony: Makefile
pkgsrc/net/dc_gui2: Makefile
pkgsrc/net/deforaos-vncviewer: Makefile
pkgsrc/net/doh: Makefile
pkgsrc/net/ettercap: Makefile
pkgsrc/net/ettercap-gtk: Makefile
pkgsrc/net/filezilla: Makefile
pkgsrc/net/flickcurl: Makefile
pkgsrc/net/freeDiameter: Makefile
pkgsrc/net/freeradius-freetds: Makefile
pkgsrc/net/freeradius-rest: Makefile
pkgsrc/net/glib-networking: Makefile
pkgsrc/net/grilo: Makefile buildlink3.mk
pkgsrc/net/grilo-plugins: Makefile
pkgsrc/net/grive2: Makefile
pkgsrc/net/gst-plugins0.10-rtmp: Makefile
pkgsrc/net/gst-plugins1-rtmp: Makefile
pkgsrc/net/gtk-gnutella: Makefile
pkgsrc/net/gtk-vnc: Makefile buildlink3.mk
pkgsrc/net/guacamole-server: Makefile
pkgsrc/net/icinga2: Makefile
pkgsrc/net/jigdo: Makefile
pkgsrc/net/kdenetwork-filesharing: Makefile
pkgsrc/net/kdenetwork-strigi-analyzers: Makefile
pkgsrc/net/kget: Makefile
pkgsrc/net/kmldonkey: Makefile
pkgsrc/net/knot: Makefile
pkgsrc/net/kopete: Makefile
pkgsrc/net/kppp: Makefile
pkgsrc/net/krdc: Makefile
pkgsrc/net/krfb: Makefile
pkgsrc/net/ktorrent: Makefile
pkgsrc/net/lftp: Makefile
pkgsrc/net/libcmis: Makefile
pkgsrc/net/libfilezilla: Makefile
pkgsrc/net/libgdata: Makefile buildlink3.mk
pkgsrc/net/libktorrent: Makefile buildlink3.mk
pkgsrc/net/libquvi: Makefile
pkgsrc/net/libtorrent-rasterbar: Makefile buildlink3.mk
pkgsrc/net/libtrace: Makefile
pkgsrc/net/libvncserver: Makefile buildlink3.mk
pkgsrc/net/libzrtpcpp: Makefile buildlink3.mk
pkgsrc/net/megatools: Makefile
pkgsrc/net/nanotodon: Makefile
pkgsrc/net/ncdc: Makefile
pkgsrc/net/net6: Makefile buildlink3.mk
pkgsrc/net/netatalk22: Makefile
pkgsrc/net/netatalk3: Makefile
pkgsrc/net/ntopng: Makefile
pkgsrc/net/ocamlnet: Makefile
pkgsrc/net/ocsync: Makefile buildlink3.mk
pkgsrc/net/openvpn: Makefile
pkgsrc/net/podcastdl: Makefile
pkgsrc/net/powerdns: Makefile
pkgsrc/net/py-smbc: Makefile
pkgsrc/net/qbittorrent: Makefile
pkgsrc/net/quvi: Makefile
pkgsrc/net/rdesktop: Makefile
pkgsrc/net/remmina: Makefile
pkgsrc/net/rtmpdump: Makefile buildlink3.mk
pkgsrc/net/rtorrent: Makefile
pkgsrc/net/samba: Makefile
pkgsrc/net/samba4: Makefile buildlink3.mk
pkgsrc/net/snort: Makefile
pkgsrc/net/synergy: Makefile
pkgsrc/net/taskserver: Makefile
pkgsrc/net/tcpflow: Makefile
pkgsrc/net/tigervnc: Makefile
pkgsrc/net/transmission: Makefile
pkgsrc/net/transmission-gtk: Makefile
pkgsrc/net/transmission-qt: Makefile
pkgsrc/net/unbound: Makefile buildlink3.mk
pkgsrc/net/urlgfe: Makefile
pkgsrc/net/vinagre: Makefile
pkgsrc/net/vino: Makefile
pkgsrc/net/wget: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/wmget: Makefile
pkgsrc/net/zeroconf-ioslave: Makefile
pkgsrc/news/neix: Makefile
pkgsrc/news/newsbeuter: Makefile
pkgsrc/news/pan: Makefile
pkgsrc/parallel/slurm-wlm: Makefile
pkgsrc/print/auctex: Makefile
pkgsrc/print/brlaser: Makefile
pkgsrc/print/cups: Makefile
pkgsrc/print/cups-base: Makefile buildlink3.mk
pkgsrc/print/cups-drivers-Magicolor5440DL: Makefile
pkgsrc/print/cups-filters: Makefile buildlink3.mk
pkgsrc/print/cups-pdf: Makefile
pkgsrc/print/dspdfviewer: Makefile
pkgsrc/print/epdfview: Makefile
pkgsrc/print/ghostscript: Makefile buildlink3.mk
pkgsrc/print/ghostscript-gpl: Makefile buildlink3.mk
pkgsrc/print/gtklp: Makefile
pkgsrc/print/gutenprint-lib: Makefile
pkgsrc/print/hplip: Makefile
pkgsrc/print/libcups: Makefile buildlink3.mk
pkgsrc/print/mupdf: Makefile buildlink3.mk
pkgsrc/print/okular: Makefile
pkgsrc/print/p5-Net-CUPS: Makefile
pkgsrc/print/pdf2djvu: Makefile
pkgsrc/print/py-cups: Makefile
pkgsrc/print/qpdfview: Makefile
pkgsrc/print/scribus-qt4: Makefile
pkgsrc/print/scribus-qt5: Makefile
pkgsrc/print/xpdf4: Makefile
pkgsrc/print/xpp: Makefile
pkgsrc/print/zathura-pdf-mupdf: Makefile
pkgsrc/security/ap-modsecurity2: Makefile
pkgsrc/security/botan-devel: Makefile buildlink3.mk
pkgsrc/security/clamav: Makefile
pkgsrc/security/dirb: Makefile
pkgsrc/security/gnupg: Makefile
pkgsrc/security/gnupg-pkcs11-scd: Makefile
pkgsrc/security/gnupg2: Makefile
pkgsrc/security/gnutls: Makefile buildlink3.mk
pkgsrc/security/gsasl: Makefile
pkgsrc/security/kgpg: Makefile
pkgsrc/security/lastpass-cli: Makefile
pkgsrc/security/libfprint: Makefile
pkgsrc/security/liboauth: Makefile buildlink3.mk
pkgsrc/security/libprelude: Makefile buildlink3.mk
pkgsrc/security/libprelude-lua: Makefile
pkgsrc/security/libprelude-perl: Makefile
pkgsrc/security/libprelude-python: Makefile
pkgsrc/security/libpreludedb: Makefile buildlink3.mk
pkgsrc/security/libpreludedb-mysql: Makefile
pkgsrc/security/libpreludedb-perl: Makefile
pkgsrc/security/libpreludedb-pgsql: Makefile
pkgsrc/security/libpreludedb-python: Makefile
pkgsrc/security/libpreludedb-sqlite3: Makefile
pkgsrc/security/libykneomgr: Makefile
pkgsrc/security/opendnssec2: Makefile
pkgsrc/security/opensaml: Makefile
pkgsrc/security/openvas-libnasl: Makefile
pkgsrc/security/openvas-libraries: Makefile
pkgsrc/security/openvas-plugins: Makefile
pkgsrc/security/openvas-server: Makefile
pkgsrc/security/pam-yubico: Makefile
pkgsrc/security/php-oauth: Makefile
pkgsrc/security/php-oauth1: Makefile
pkgsrc/security/pkcs11-helper: Makefile buildlink3.mk
pkgsrc/security/prelude-lml: Makefile
pkgsrc/security/prelude-manager: Makefile
pkgsrc/security/prelude-pflogger: Makefile
pkgsrc/security/rvault: Makefile
pkgsrc/security/softhsm2: Makefile buildlink3.mk
pkgsrc/security/ykclient: Makefile buildlink3.mk
pkgsrc/sysutils/baloo: Makefile
pkgsrc/sysutils/cfengine3: Makefile
pkgsrc/sysutils/collectd-curl: Makefile
pkgsrc/sysutils/collectd-riemann: Makefile
pkgsrc/sysutils/collectd-virt: Makefile
pkgsrc/sysutils/collectd-write_prometheus: Makefile
pkgsrc/sysutils/conky: Makefile
pkgsrc/sysutils/edbus: Makefile buildlink3.mk
pkgsrc/sysutils/efreet: Makefile buildlink3.mk
pkgsrc/sysutils/gkrellm: Makefile
pkgsrc/sysutils/gnome-control-center: Makefile
pkgsrc/sysutils/gnome-settings-daemon: Makefile
pkgsrc/sysutils/gvfs: Makefile
pkgsrc/sysutils/k3b: Makefile
pkgsrc/sysutils/kcron: Makefile
pkgsrc/sysutils/kfilemetadata: Makefile
pkgsrc/sysutils/kfilemetadata5: Makefile
pkgsrc/sysutils/kuser: Makefile
pkgsrc/sysutils/libbaloo4: Makefile
pkgsrc/sysutils/mc: Makefile
pkgsrc/sysutils/openxenmanager: Makefile
pkgsrc/sysutils/riemann-client: Makefile buildlink3.mk
pkgsrc/sysutils/rsyslog: Makefile
pkgsrc/sysutils/rsyslog-dbi: Makefile
pkgsrc/sysutils/rsyslog-elasticsearch: Makefile
pkgsrc/sysutils/rsyslog-gnutls: Makefile
pkgsrc/sysutils/rsyslog-gssapi: Makefile
pkgsrc/sysutils/rsyslog-kafka: Makefile
pkgsrc/sysutils/rsyslog-libgcrypt: Makefile
pkgsrc/sysutils/rsyslog-mysql: Makefile
pkgsrc/sysutils/rsyslog-omprog: Makefile
pkgsrc/sysutils/rsyslog-pgsql: Makefile
pkgsrc/sysutils/rsyslog-rabbitmq: Makefile
pkgsrc/sysutils/rsyslog-relp: Makefile
pkgsrc/sysutils/rsyslog-snmp: Makefile
pkgsrc/sysutils/strigi: Makefile buildlink3.mk
pkgsrc/sysutils/syslog-ng-curl: Makefile
pkgsrc/sysutils/virt-viewer: Makefile
pkgsrc/sysutils/zabbix: Makefile
pkgsrc/sysutils/zabbix50-agent: Makefile
pkgsrc/sysutils/zabbix50-proxy: Makefile
pkgsrc/sysutils/zabbix50-server: Makefile
pkgsrc/textproc/FlightCrew: Makefile
pkgsrc/textproc/dikt: Makefile
pkgsrc/textproc/ebook-tools: Makefile buildlink3.mk
pkgsrc/textproc/iksemel: Makefile
pkgsrc/textproc/libclucene: Makefile buildlink3.mk
pkgsrc/textproc/libkolabxml: Makefile buildlink3.mk
pkgsrc/textproc/liblrdf: Makefile buildlink3.mk
pkgsrc/textproc/libnxml: Makefile buildlink3.mk
pkgsrc/textproc/libodfgen: Makefile buildlink3.mk
pkgsrc/textproc/lucene++: Makefile
pkgsrc/textproc/multimarkdown: Makefile
pkgsrc/textproc/odt2tex: Makefile
pkgsrc/textproc/p5-Syntax-SourceHighlight: Makefile
pkgsrc/textproc/raptor: Makefile buildlink3.mk
pkgsrc/textproc/raptor2: Makefile buildlink3.mk
pkgsrc/textproc/rasqal: Makefile buildlink3.mk
pkgsrc/textproc/redland: Makefile buildlink3.mk
pkgsrc/textproc/soprano: Makefile buildlink3.mk
pkgsrc/textproc/source-highlight: Makefile buildlink3.mk
pkgsrc/textproc/translate-shell: Makefile
pkgsrc/textproc/xmlrpc-c: Makefile buildlink3.mk
pkgsrc/textproc/xmltooling: Makefile
pkgsrc/time/taskwarrior: Makefile
pkgsrc/wm/compiz: Makefile
pkgsrc/www/R-RCurl: Makefile
pkgsrc/www/R-curl: Makefile
pkgsrc/www/SOGo: Makefile
pkgsrc/www/SOGo4: Makefile
pkgsrc/www/ap-auth-openidc: Makefile
pkgsrc/www/ap-authnz-crowd: Makefile
pkgsrc/www/ap2-auth-mellon: Makefile
pkgsrc/www/ap2-passenger: Makefile
pkgsrc/www/apache24: Makefile
pkgsrc/www/aws: Makefile
pkgsrc/www/aws-demos: Makefile
pkgsrc/www/cadaver: Makefile
pkgsrc/www/curl: Makefile buildlink3.mk
pkgsrc/www/elinks: Makefile
pkgsrc/www/felinks: Makefile
pkgsrc/www/htdavlock: Makefile
pkgsrc/www/htmldoc: Makefile
pkgsrc/www/kore: Makefile
pkgsrc/www/libmicrohttpd: Makefile buildlink3.mk
pkgsrc/www/libmrss: Makefile buildlink3.mk
pkgsrc/www/lighttpd: Makefile
pkgsrc/www/litmus: Makefile
pkgsrc/www/lua-curl: Makefile
pkgsrc/www/lynx: Makefile
pkgsrc/www/neon: Makefile buildlink3.mk
pkgsrc/www/netsurf: Makefile
pkgsrc/www/nghttp2: buildlink3.mk
pkgsrc/www/nspluginwrapper: Makefile
pkgsrc/www/ocaml-curl: Makefile
pkgsrc/www/p5-Net-Curl: Makefile
pkgsrc/www/passenger: Makefile
pkgsrc/www/php-curl: Makefile
pkgsrc/www/php-http: Makefile
pkgsrc/www/php-http3: Makefile
pkgsrc/www/py-curl: Makefile
pkgsrc/www/rekonq: Makefile
pkgsrc/www/ruby-patron: Makefile
pkgsrc/www/shibboleth-sp: Makefile
pkgsrc/www/sitecopy: Makefile
pkgsrc/www/snownews: Makefile
pkgsrc/www/squid4: Makefile
pkgsrc/www/wwwoffle: Makefile
pkgsrc/www/yahttp: Makefile
pkgsrc/x11/elementary: Makefile buildlink3.mk
pkgsrc/x11/enlightenment: Makefile buildlink3.mk
pkgsrc/x11/gtk2: Makefile
pkgsrc/x11/gtk3: Makefile
pkgsrc/x11/gtk4: Makefile
pkgsrc/x11/kactivities: Makefile buildlink3.mk
pkgsrc/x11/kactivities-stats: Makefile
pkgsrc/x11/kactivities5: Makefile
pkgsrc/x11/kde-baseapps4: Makefile
pkgsrc/x11/kde-runtime4: Makefile buildlink3.mk
pkgsrc/x11/kde-workspace4: Makefile buildlink3.mk
pkgsrc/x11/kdelibs4: Makefile buildlink3.mk
pkgsrc/x11/libkactivities4: Makefile buildlink3.mk
pkgsrc/x11/qt4-libs: Makefile
pkgsrc/x11/qt5-qtbase: Makefile
pkgsrc/x11/qt5-qtwebengine: Makefile
pkgsrc/x11/vte3: Makefile
pkgsrc/x11/wmweather: Makefile
pkgsrc/x11/x11vnc: Makefile
pkgsrc/x11/x2go-client: Makefile
pkgsrc/x11/xfce4-tumbler: Makefile
pkgsrc/x11/xlockmore: Makefile
Log Message:
revbump for boost-libs
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Oct 8 13:20:34 UTC 2021
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.13.12
Changes since 4.13.11
---------------------
* BUG 14806: Address a signifcant performance regression in database access
in the AD DC since Samba 4.12.
* BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since
Samba 4.9 by using an explicit database handle cache.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14818: Address flapping samba_tool_drs_showrepl test.
* BUG 14819: Address flapping dsdb_schema_attributes test.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
* BUG 14784: Fix CTDB flag/status update race conditions.
* BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ.
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Nov 10 13:33:20 UTC 2021
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.13.14
Changes since 4.13.13
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-25722
o Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
o Ralph Boehme <slow@samba.org>
* CVE-2020-25717
o Alexander Bokovoy <ab@samba.org>
* CVE-2020-25717
o Samuel Cabrero <scabrero@samba.org>
* CVE-2020-25717
o Nadezhda Ivanova <nivanova@symas.com>
* CVE-2020-25722
o Stefan Metzmacher <metze@samba.org>
* CVE-2016-2124
* CVE-2020-25717
* CVE-2020-25719
* CVE-2020-25722
* CVE-2021-23192
* CVE-2021-3738
* ldb: version 2.2.3
o Andreas Schneider <asn@samba.org>
* CVE-2020-25719
o Joseph Sutton <josephsutton@catalyst.net.nz>
* CVE-2020-17049
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* MS CVE-2020-17049
Changes since 4.13.12
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 14868: rodc_rwdc test flaps.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Isaac Boukris <iboukris@gmail.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Viktor Dukhovni <viktor@twosigma.com>
* BUG 12998: Fix transit path validation.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Luke Howard <lukeh@padl.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Stefan Metzmacher <metze@samba.org>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o David Mulder <dmulder@suse.com>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andreas Schneider <asn@samba.org>
* BUG 14870: Prepare to operate with MIT krb5 >= 1.20.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order
violation: brlock.tdb, share_entries.tdb.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14868: rodc_rwdc test flaps.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Nicolas Williams <nico@twosigma.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
Revision 1.132 / (download) - annotate - [select for diffs], Wed Nov 10 13:33:20 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.131: +4 -4
lines
Diff to previous 1.131 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.14
Changes since 4.13.13
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-25722
o Andrew Bartlett <abartlet@samba.org>
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
o Ralph Boehme <slow@samba.org>
* CVE-2020-25717
o Alexander Bokovoy <ab@samba.org>
* CVE-2020-25717
o Samuel Cabrero <scabrero@samba.org>
* CVE-2020-25717
o Nadezhda Ivanova <nivanova@symas.com>
* CVE-2020-25722
o Stefan Metzmacher <metze@samba.org>
* CVE-2016-2124
* CVE-2020-25717
* CVE-2020-25719
* CVE-2020-25722
* CVE-2021-23192
* CVE-2021-3738
* ldb: version 2.2.3
o Andreas Schneider <asn@samba.org>
* CVE-2020-25719
o Joseph Sutton <josephsutton@catalyst.net.nz>
* CVE-2020-17049
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* MS CVE-2020-17049
Changes since 4.13.12
---------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 14868: rodc_rwdc test flaps.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Isaac Boukris <iboukris@gmail.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Viktor Dukhovni <viktor@twosigma.com>
* BUG 12998: Fix transit path validation.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Luke Howard <lukeh@padl.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Stefan Metzmacher <metze@samba.org>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o David Mulder <dmulder@suse.com>
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Andreas Schneider <asn@samba.org>
* BUG 14870: Prepare to operate with MIT krb5 >= 1.20.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14645: rpcclient NetFileEnum and net rpc file both cause lock order
violation: brlock.tdb, share_entries.tdb.
* BUG 14836: Python ldb.msg_diff() memory handling failure.
* BUG 14845: "in" operator on ldb.Message is case sensitive.
* BUG 14848: Release LDB 2.3.1 for Samba 4.14.9.
* BUG 14868: rodc_rwdc test flaps.
* BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
* BUG 14874: Allow special chars like "@" in samAccountName when generating
the salt.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
o Nicolas Williams <nico@twosigma.com>
* BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal.
* BUG 14881: Backport bronze bit fixes, tests, and selftest improvements.
Revision 1.131 / (download) - annotate - [select for diffs], Fri Oct 8 13:20:34 2021 UTC (2 years, 6 months ago) by adam
Branch: MAIN
Changes since 1.130: +2 -3
lines
Diff to previous 1.130 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.12 Changes since 4.13.11 --------------------- * BUG 14806: Address a signifcant performance regression in database access in the AD DC since Samba 4.12. * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14818: Address flapping samba_tool_drs_showrepl test. * BUG 14819: Address flapping dsdb_schema_attributes test. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ. * BUG 14784: Fix CTDB flag/status update race conditions. * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ.
Revision 1.130 / (download) - annotate - [select for diffs], Wed Sep 29 19:00:11 2021 UTC (2 years, 6 months ago) by adam
Branch: MAIN
Changes since 1.129: +2 -1
lines
Diff to previous 1.129 (colored) to selected 1.16.2.1 (colored)
revbump for boost-libs
Revision 1.129 / (download) - annotate - [select for diffs], Mon Sep 13 10:13:33 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base
Branch point for: pkgsrc-2021Q3
Changes since 1.128: +2 -3
lines
Diff to previous 1.128 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.3.11 Changes since 4.13.10 * BUG 14769: smbd panic on force-close share during offload write. * BUG 14731: Fix returned attributes on fake quota file handle and avoid hitting the VFS. * BUG 14783: smbd "deadtime" parameter doesn't work anymore. * BUG 14787: net conf list crashes when run as normal user. * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7. * BUG 14793: Start the SMB encryption as soon as possible. * BUG 14792: Winbind should not start if the socket path for the privileged pipe is too long.
Revision 1.128 / (download) - annotate - [select for diffs], Sun Jul 25 15:58:04 2021 UTC (2 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.127: +2 -2
lines
Diff to previous 1.127 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.3.10
Changes since 4.13.9
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles.
* BUG 14721: Take a copy to make sure we don't reference free'd memory.
* BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname().
* BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14575: samba-tool: Give better error information when the
'domain backup restore' fails with a duplicate SID.
o Ralph Boehme <slow@samba.org>
* BUG 14714: smbd: Correctly initialize close timestamp fields.
* BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs.
o Volker Lendecke <vl@samba.org>
* BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().
o Stefan Metzmacher <metze@samba.org>
* BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd.
* BUG 14752: smbXsrv_{open,session,tcon}: Protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ
backend.
* BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup.
Revision 1.127 / (download) - annotate - [select for diffs], Tue Jun 22 09:36:41 2021 UTC (2 years, 9 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.126: +10 -3
lines
Diff to previous 1.126 (colored) to selected 1.16.2.1 (colored)
samba4: downgrade to 4.13.9, as discussed on netbsd-users@
Revision 1.126 / (download) - annotate - [select for diffs], Mon Jun 21 10:23:48 2021 UTC (2 years, 9 months ago) by nia
Branch: MAIN
Changes since 1.125: +2 -1
lines
Diff to previous 1.125 (colored) to selected 1.16.2.1 (colored)
samba4: Warn before starting if procfs is not mounted on NetBSD...
Revision 1.125 / (download) - annotate - [select for diffs], Tue Jun 1 08:30:17 2021 UTC (2 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.124: +2 -3
lines
Diff to previous 1.124 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.14.5 Changes since 4.14.4 -------------------- * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. * BUG 14721: s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). * BUG 14689: docs: Expand the "log level" docs on audit logging. * BUG 14714: smbd: Correctly initialize close timestamp fields. * BUG 14699: Fix gcc11 compiler issues. * BUG 14718: docs-xml: Update smbcacls manpage. * BUG 14719: docs: Update list of available commands in rpcclient. * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be set. * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.
Revision 1.124 / (download) - annotate - [select for diffs], Sun May 30 20:02:31 2021 UTC (2 years, 10 months ago) by thor
Branch: MAIN
Changes since 1.123: +2 -2
lines
Diff to previous 1.123 (colored) to selected 1.16.2.1 (colored)
net/samba4: handle dbus dependency explicitly on Linux This manifests as the snapper vfs files appearing depending on dbus being present or not on Linux, causing PLIST mismatch. This option actually disables this if desired. The default is still on, as dbus is to be expected on modern Linux installs anyway.
Revision 1.123 / (download) - annotate - [select for diffs], Mon May 24 19:53:36 2021 UTC (2 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.122: +2 -1
lines
Diff to previous 1.122 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for perl 5.34
Revision 1.122 / (download) - annotate - [select for diffs], Thu Apr 29 15:21:16 2021 UTC (2 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.121: +2 -2
lines
Diff to previous 1.121 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.14.4
pkgsrc changes: remove extra spaces in some patch files.
==============================
Release Notes for Samba 4.14.4
April 29, 2021
==============================
This is a security release in order to address the following defect:
o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
in the Samba file server process token.
=======
Details
=======
o CVE-2021-20254:
The Samba smbd file server must map Windows group identities (SIDs) into unix
group ids (gids). The code that performs this had a flaw that could allow it
to read data beyond the end of the array in the case where a negative cache
entry had been added to the mapping cache. This could cause the calling code
to return those values into the process token that stores the group
membership for a user.
Most commonly this flaw caused the calling code to crash, but an alert user
(Peter Eriksson, IT Department, Linköping University) found this flaw by
noticing an unprivileged user was able to delete a file within a network
share that they should have been disallowed access to.
Analysis of the code paths has not allowed us to discover a way for a
remote user to be able to trigger this flaw reproducibly or on demand,
but this CVE has been issued out of an abundance of caution.
Changes since 4.14.3
--------------------
o Volker Lendecke <vl@samba.org>
* BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
Revision 1.121 / (download) - annotate - [select for diffs], Wed Apr 28 09:03:49 2021 UTC (2 years, 11 months ago) by nia
Branch: MAIN
Changes since 1.120: +2 -2
lines
Diff to previous 1.120 (colored) to selected 1.16.2.1 (colored)
samba4: add flex to USE_TOOLS
Revision 1.120 / (download) - annotate - [select for diffs], Thu Apr 22 15:47:45 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.119: +2 -3
lines
Diff to previous 1.119 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.14.3 Changes since 4.14.2 -------------------- * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. * BUG 14586: build: Notice if flex is missing at configure time. * BUG 14672: Fix smbd panic when two clients open same file. * BUG 14675: Fix memory leak in the RPC server. * BUG 14679: s3: smbd: fix deferred renames. * BUG 14675: s3-iremotewinspool: Set the per-request memory context. * BUG 14675: Fix memory leak in the RPC server. * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. * BUG 14665: samba-gpupdate: Test that sysvol paths download in case-insensitive way. * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict. * BUG 14288: build: Only add -Wl,--as-needed when supported.
Revision 1.119 / (download) - annotate - [select for diffs], Wed Apr 21 13:24:14 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.118: +2 -1
lines
Diff to previous 1.118 (colored) to selected 1.16.2.1 (colored)
revbump for boost-libs
Revision 1.118 / (download) - annotate - [select for diffs], Wed Apr 14 19:11:20 2021 UTC (3 years ago) by adam
Branch: MAIN
Changes since 1.117: +3 -2
lines
Diff to previous 1.117 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.14.2 Samba 4.14.2 This is a follow-up release to depend on the correct ldb version. This is only needed when building against a system ldb library. This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. Samba 4.14.1 This is a security release in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. Samba 4.14.0 This is the first stable release of the Samba 4.14 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== Here is a copy of a clarification note added to the Samba code in the file: VFS-License-clarification.txt. -------------------------------------------------------------- A clarification of our GNU GPL License enforcement boundary within the Samba Virtual File System (VFS) layer. Samba is licensed under the GNU GPL. All code committed to the Samba project or that creates a "modified version" or software "based on" Samba must be either licensed under the GNU GPL or a compatible license. Samba has several plug-in interfaces where external code may be called from Samba GNU GPL licensed code. The most important of these is the Samba VFS layer. Samba VFS modules are intimately connected by header files and API definitions to the part of the Samba code that provides file services, and as such, code that implements a plug-in Samba VFS module must be licensed under the GNU GPL or a compatible license. However, Samba VFS modules may themselves call third-party external libraries that are not part of the Samba project and are externally developed and maintained. As long as these third-party external libraries do not use any of the Samba internal structure, APIs or interface definitions created by the Samba project (to the extent that they would be considered subject to the GNU GPL), then the Samba Team will not consider such third-party external libraries called from Samba VFS modules as "based on" and/or creating a "modified version" of the Samba code for the purposes of GNU GPL. Accordingly, we do not require such libraries be licensed under the GNU GPL or a GNU GPL compatible license. VFS --- The effort to modernize Samba's VFS interface has reached a major milestone with the next release Samba 4.14. For details please refer to the documentation at source3/modules/The_New_VFS.txt or visit the <https://wiki.samba.org/index.php/The_New_VFS>. Printing -------- Publishing printers in AD is more reliable and more printer features are added to the published information in AD. Samba now also supports Windows drivers for the ARM64 architecture. Client Group Policy ------------------- This release extends Samba to support Group Policy functionality for Winbind clients. Active Directory Administrators can set policies that apply Sudoers configuration, and cron jobs to run hourly, daily, weekly or monthly. To enable the application of Group Policies on a client, set the global smb.conf option 'apply group policies' to 'yes'. Policies are applied on an interval of every 90 minutes, plus a random offset between 0 and 30 minutes. Policies applied by Samba are 'non-tattooing', meaning that changes can be reverted by executing the `samba-gpupdate --unapply` command. Policies can be re-applied using the `samba-gpupdate --force` command. To view what policies have been or will be applied to a system, use the `samba-gpupdate --rsop` command. Administration of Samba policy requires that a Samba ADMX template be uploaded to the SYSVOL share. The samba-tool command `samba-tool gpo admxload` is provided as a convenient method for adding this policy. Once uploaded, policies can be modified in the Group Policy Management Editor under Computer Configuration/Policies/Administrative Templates. Alternatively, Samba policy may be managed using the `samba-tool gpo manage` command. This tool does not require the admx templates to be installed. Python 3.6 or later required
Revision 1.117 / (download) - annotate - [select for diffs], Wed Mar 24 16:33:46 2021 UTC (3 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.116: +3 -3
lines
Diff to previous 1.116 (colored) to selected 1.16.2.1 (colored)
ldb: updated to 2.2.1; samba: updated to 4.13.7
==============================
Release Notes for Samba 4.13.7
March 24, 2021
==============================
This is a follow-up release to depend on the correct ldb version. This is only
needed when building against a system ldb library.
This is a security release in order to address the following defects:
o CVE-2020-27840: Heap corruption via crafted DN strings.
o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
=======
Details
=======
o CVE-2020-27840:
An anonymous attacker can crash the Samba AD DC LDAP server by sending easily
crafted DNs as part of a bind request. More serious heap corruption is likely
also possible.
o CVE-2021-20277:
User-controlled LDAP filter strings against the AD DC LDAP server may crash
the LDAP server.
For more details, please refer to the security advisories.
Changes since 4.13.6
--------------------
o Release with dependency on ldb version 2.2.1.
Revision 1.116 / (download) - annotate - [select for diffs], Sat Mar 20 19:27:35 2021 UTC (3 years ago) by adam
Branch: MAIN
Changes since 1.115: +2 -2
lines
Diff to previous 1.115 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.5 Changes since 4.13.4 -------------------- * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure. * BUG 13992: s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection. * BUG 14604: smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services. * BUG 14593: dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones. * BUG 14503: s3: Fix fcntl waf configure check. * BUG 14602: s3/auth: Implement "winbind:ignore domains". * BUG 14617: smbd: Use fsp->conn->session_info for the initial delete-on-close token. * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path. * BUG 14624: classicupgrade: Treat old never expires value right. * BUG 14636: g_lock: Fix uninitalized variable reads. * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file(). * BUG 14625: lib:util: Avoid free'ing our own pointer. * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work.
Revision 1.115 / (download) - annotate - [select for diffs], Wed Jan 27 06:17:17 2021 UTC (3 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.114: +2 -2
lines
Diff to previous 1.114 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.4 Changes 4.13.4 * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7. * BUG 14612: Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does. * BUG 14605: lib: Avoid declaring zero-length VLAs in various messaging functions. * BUG 14579: Do not create an empty DB when accessing a sam.ldb. * BUG 14596: vfs_fruit may close wrong backend fd. * BUG 14612: Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does. * BUG 14606: vfs_virusfilter: Allocate separate memory for config char*. * BUG 14596: vfs_fruit may close wrong backend fd. * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7. * BUG 14601: The cache directory for the user gencache should be created recursively. * BUG 14594: Be more flexible with repository names in CentOS 8 test environments.
Revision 1.114 / (download) - annotate - [select for diffs], Thu Dec 17 12:15:43 2020 UTC (3 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.113: +2 -3
lines
Diff to previous 1.113 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.3 Changes since 4.13.2 * BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob. * BUG 14486: s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function. * BUG 14515: s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(). * BUG 14568: s3: spoolss: Make parameters in call to user_ok_token() match all other uses. * BUG 14590: s3: smbd: Quiet log messages from usershares for an unknown share. * BUG 14248: samba process does not honor max log size. * BUG 14587: vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE. * BUG 13124: s3-libads: Pass timeout to open_socket_out in ms. * BUG 14486: s3-vfs_glusterfs: Always disable write-behind translator. * BUG 14517: smbclient: Fix recursive mget. * BUG 14581: clitar: Use do_list()'s recursion in clitar.c. * BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind translator. * BUG 14573: vfs_shadow_copy2: Preserve all open flags assuming ROFS. * BUG 14514: interface: Fix if_index is not parsed correctly.
Revision 1.113 / (download) - annotate - [select for diffs], Fri Dec 4 20:45:36 2020 UTC (3 years, 4 months ago) by nia
Branch: MAIN
Changes since 1.112: +2 -2
lines
Diff to previous 1.112 (colored) to selected 1.16.2.1 (colored)
Revbump packages with a runtime Python dep but no version prefix. For the Python 3.8 default switch.
Revision 1.112 / (download) - annotate - [select for diffs], Fri Dec 4 04:56:09 2020 UTC (3 years, 4 months ago) by riastradh
Branch: MAIN
Changes since 1.111: +2 -1
lines
Diff to previous 1.111 (colored) to selected 1.16.2.1 (colored)
Revbump for openpam cppflags change months ago, belatedly.
Revision 1.111 / (download) - annotate - [select for diffs], Thu Nov 12 06:37:18 2020 UTC (3 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.110: +3 -3
lines
Diff to previous 1.110 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.13.2
Changes since 4.13.1
--------------------
* BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char
**lines onto mem_ctx on return.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
* BUG 14538: smb.conf.5: Add clarification how configuration changes
reflected by Samba.
* BUG 14552: daemons: Report status to systemd even when running in
foreground.
* BUG 14553: DNS Resolver: Support both dnspython before and after 2.0.0.
* BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present.
* BUG 14487: provision: Add support for BIND 9.16.x.
* BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
* BUG 14541: libndr: Avoid assigning duplicate versions to symbols.
* BUG 14522: docs: Fix default value of spoolss:architecture.
* BUG 14388: winbind: Fix a memleak.
* BUG 14531: s4:dsdb:acl_read: Implement "List Object" mode feature.
* BUG 14486: docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs.
* nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
* BUG 14530: vfs_shadow_copy2: Avoid closing snapsdir twice.
* BUG 14547: third_party: Update resolv_wrapper to version 1.1.7.
* BUG 14550: examples:auth: Do not install example plugin.
* BUG 14513: ctdb-recoverd: Drop unnecessary and broken code.
* BUG 14471: RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special.
Changes since 4.13.0
--------------------
* BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
unless the directory handle is open for SEC_DIR_LIST.
* BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
'samba-tool'.
* BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
* BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
4.31.0:
NEW FEATURES/CHANGES
====================
Python 3.6 or later required
Revision 1.109.2.1 / (download) - annotate - [select for diffs], Sun Nov 1 10:50:52 2020 UTC (3 years, 5 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.109: +2 -2
lines
Diff to previous 1.109 (colored) next main 1.110 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6361 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.110
- net/samba4/distinfo 1.53
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 30 07:17:16 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.12.9
Summary from NEWS files:
Samba 4.12.9 (2020-10-29)
o CVE-2020-14318:
The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
request file name notification on a directory handle when a condition such as
"new file creation" or "file size change" or "file timestamp update" occurs.
A missing permissions check on a directory handle requesting ChangeNotify
meant that a client with a directory handle open only for
FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
notify replies from the server. These replies contain information that should
not be available to directory handles open for FILE_READ_ATTRIBUTE only.
o CVE-2020-14323:
winbind in version 3.6 and later implements a request to translate multiple
Windows SIDs into names in one request. This was done for performance
reasons: Active Directory domain controllers can do multiple SID to name
translations in one RPC call. It was an obvious extension to also offer this
batch operation on the winbind unix domain stream socket that is available to
local processes on the Samba server to reduce network round-trips to the
domain controller.
Due to improper input validation a hand-crafted packet can make winbind
perform a NULL pointer dereference and thus crash.
o CVE-2020-14383:
Some DNS records (such as MX and NS records) usually contain data in the
additional section. Samba's dnsserver RPC pipe (which is an administrative
interface not used in the DNS server itself) made an error in handling the
case where there are no records present: instead of noticing the lack of
records, it dereferenced uninitialised memory, causing the RPC server to
crash. This RPC server, which also serves protocols other than dnsserver,
will be restarted after a short delay, but it is easy for an authenticated
non-admin attacker to crash it again as soon as it returns. The Samba DNS
server itself will continue to operate, but many RPC services will not.
Samba 4.12.8 (2020-10-07)
Changes since 4.12.7
--------------------
o Guenther Deschner <gd@samba.org>
* BUG 14318: docs: Add missing winexe manpage.
o Volker Lendecke <vl@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
o Laurent Menase <laurent.menase@hpe.com>
* BUG 14388: winbind: Fix a memleak.
o Stefan Metzmacher <metze@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
* BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.
o Christof Schmitt <cs@samba.org>
* BUG 14166: util: Allow symlinks in directory_create_or_exist.
o Andreas Schneider <asn@samba.org>
* BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
3.6.14.
* BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
o Martin Schwenke <martin@meltin.net>
* BUG 14466: ctdb disable/enable can fail due to race condition.
Revision 1.110 / (download) - annotate - [select for diffs], Fri Oct 30 07:17:16 2020 UTC (3 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.109: +2 -2
lines
Diff to previous 1.109 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.12.9
Summary from NEWS files:
Samba 4.12.9 (2020-10-29)
o CVE-2020-14318:
The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
request file name notification on a directory handle when a condition such as
"new file creation" or "file size change" or "file timestamp update" occurs.
A missing permissions check on a directory handle requesting ChangeNotify
meant that a client with a directory handle open only for
FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
notify replies from the server. These replies contain information that should
not be available to directory handles open for FILE_READ_ATTRIBUTE only.
o CVE-2020-14323:
winbind in version 3.6 and later implements a request to translate multiple
Windows SIDs into names in one request. This was done for performance
reasons: Active Directory domain controllers can do multiple SID to name
translations in one RPC call. It was an obvious extension to also offer this
batch operation on the winbind unix domain stream socket that is available to
local processes on the Samba server to reduce network round-trips to the
domain controller.
Due to improper input validation a hand-crafted packet can make winbind
perform a NULL pointer dereference and thus crash.
o CVE-2020-14383:
Some DNS records (such as MX and NS records) usually contain data in the
additional section. Samba's dnsserver RPC pipe (which is an administrative
interface not used in the DNS server itself) made an error in handling the
case where there are no records present: instead of noticing the lack of
records, it dereferenced uninitialised memory, causing the RPC server to
crash. This RPC server, which also serves protocols other than dnsserver,
will be restarted after a short delay, but it is easy for an authenticated
non-admin attacker to crash it again as soon as it returns. The Samba DNS
server itself will continue to operate, but many RPC services will not.
Samba 4.12.8 (2020-10-07)
Changes since 4.12.7
--------------------
o G¾çÏther Deschner <gd@samba.org>
* BUG 14318: docs: Add missing winexe manpage.
o Volker Lendecke <vl@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
o Laurent Menase <laurent.menase@hpe.com>
* BUG 14388: winbind: Fix a memleak.
o Stefan Metzmacher <metze@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
* BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.
o Christof Schmitt <cs@samba.org>
* BUG 14166: util: Allow symlinks in directory_create_or_exist.
o Andreas Schneider <asn@samba.org>
* BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
3.6.14.
* BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
o Martin Schwenke <martin@meltin.net>
* BUG 14466: ctdb disable/enable can fail due to race condition.
Revision 1.109 / (download) - annotate - [select for diffs], Sat Sep 19 14:00:54 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.108: +2 -3
lines
Diff to previous 1.108 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.12.7
Update samba4 package to 4.12.7.
==============================
Release Notes for Samba 4.12.7
September 18, 2020
==============================
This is a security release in order to address the following defect:
o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon").
The following applies to Samba used as domain controller only (most
seriously the Active Directory DC, but also the classic/NT4-style DC).
Installations running Samba as a file server only are not directly
affected by this flaw, though they may need configuration changes to
continue to talk to domain controllers (see "file servers and domain
members" below).
The netlogon protocol contains a flaw that allows an authentication
bypass. This was reported and patched by Microsoft as CVE-2020-1472.
Since the bug is a protocol level flaw, and Samba implements the
protocol, Samba is also vulnerable.
However, since version 4.8 (released in March 2018), the default
behaviour of Samba has been to insist on a secure netlogon channel,
which is a sufficient fix against the known exploits. This default is
equivalent to having 'server schannel = yes' in the smb.conf.
Therefore versions 4.8 and above are not vulnerable unless they have
the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
Samba versions 4.7 and below are vulnerable unless they have 'server
schannel = yes' in the smb.conf.
Note each domain controller needs the correct settings in its smb.conf.
Vendors supporting Samba 4.7 and below are advised to patch their
installations and packages to add this line to the [global] section if
their smb.conf file.
The 'server schannel = yes' smb.conf line is equivalent to Microsoft's
'FullSecureChannelProtection=1' registry key, the introduction of
which we understand forms the core of Microsoft's fix.
Some domains employ third-party software that will not work with a
'server schannel = yes'. For these cases patches are available that
allow specific machines to use insecure netlogon. For example, the
following smb.conf:
server schannel = yes
server require schannel:triceratops$ = no
server require schannel:greywacke$ = no
will allow only "triceratops$" and "greywacke$" to avoid schannel.
More details can be found here:
https://www.samba.org/samba/security/CVE-2020-1472.html
Revision 1.108 / (download) - annotate - [select for diffs], Fri Sep 11 17:18:09 2020 UTC (3 years, 7 months ago) by jperkin
Branch: MAIN
Changes since 1.107: +4 -2
lines
Diff to previous 1.107 (colored) to selected 1.16.2.1 (colored)
samba4: Limit iconv hack to NetBSD. Resolves issue on Linux reported by sobukus on IRC.
Revision 1.107 / (download) - annotate - [select for diffs], Mon Aug 31 18:10:53 2020 UTC (3 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.106: +2 -1
lines
Diff to previous 1.106 (colored) to selected 1.16.2.1 (colored)
*: bump PKGREVISION for perl-5.32.
Revision 1.106 / (download) - annotate - [select for diffs], Tue Aug 18 07:39:31 2020 UTC (3 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.105: +2 -3
lines
Diff to previous 1.105 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.12.6 Changes since 4.12.5 * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server. * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7. * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs. * BUG 14426: lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL. * BUG 14428: PANIC: Assert failed in get_lease_type(). * BUG 14422: util: Fix build on AIX by fixing the order of replace.h include. * BUG 14355: srvsvc_NetFileEnum asserts with open files. * BUG 14354: KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it. * BUG 14427: s3:smbd: Make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD. * BUG 14428: PANIC: Assert failed in get_lease_type(). * BUG 14358: docs: Fix documentation for require_membership_of of pam_winbind.conf. * BUG 14444: ctdb-scripts: Use nfsconf utility for variable values in CTDB NFS scripts. * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal.
Revision 1.105 / (download) - annotate - [select for diffs], Mon Aug 17 20:19:50 2020 UTC (3 years, 8 months ago) by leot
Branch: MAIN
Changes since 1.104: +2 -2
lines
Diff to previous 1.104 (colored) to selected 1.16.2.1 (colored)
*: revbump after fontconfig bl3 changes (libuuid removal)
Revision 1.101.2.1 / (download) - annotate - [select for diffs], Wed Jul 29 20:15:59 2020 UTC (3 years, 8 months ago) by bsiegert
Branch: pkgsrc-2020Q2
Changes since 1.101: +2 -3
lines
Diff to previous 1.101 (colored) next main 1.102 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6276 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.102
- net/samba4/PLIST 1.31
- net/samba4/distinfo 1.49
- net/samba4/patches/patch-lib_replace_system_passwd.h 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Jul 6 14:38:06 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Added Files:
pkgsrc/net/samba4/patches: patch-lib_replace_system_passwd.h
Log Message:
samba4: updated to 4.12.5
Changes since 4.12.4
--------------------
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name.
* BUG 14391: Fix DFS links.
* BUG 14310: Can't use DNS functionality after a Windows DC has been in
domain.
* BUG 14413: ldapi search to FreeIPA crashes.
* BUG 14396: Add net-ads-join dnshostname=fqdn option.
* BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
* BUG 14386: docs-xml: Update list of posible VFS operations for
vfs_full_audit.
* BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
* BUG 14370: Client tools are not able to read gencache anymore.
Samba 4.12.4
============
o CVE-2020-10730:
A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
de-reference and further combinations with the LDAP paged_results feature can
give a use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760:
The use of the paged_results or VLV controls against the Global Catalog LDAP
server on the AD DC will cause a use-after-free.
o CVE-2020-14303:
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
further requests once it receives an empty (zero-length) UDP packet to
port 137.
For more details, please refer to the security advisories.
Changes since 4.12.3
--------------------
* BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
several seconds of CPU each.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined.
* BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV.
* BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
AD DC nbt_server.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
Revision 1.104 / (download) - annotate - [select for diffs], Tue Jul 28 01:11:10 2020 UTC (3 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.103: +4 -4
lines
Diff to previous 1.103 (colored) to selected 1.16.2.1 (colored)
Move sysvol from /var/run/sysvol to /var/db/samba4/sysvol as FreeBSD does, so that the provisioning data gets preserved across reboots. From Matthias Perelmann
Revision 1.103 / (download) - annotate - [select for diffs], Tue Jul 21 18:42:25 2020 UTC (3 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.102: +2 -1
lines
Diff to previous 1.102 (colored) to selected 1.16.2.1 (colored)
Fix arguments to getgroupmembership
Revision 1.102 / (download) - annotate - [select for diffs], Mon Jul 6 14:38:06 2020 UTC (3 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.101: +2 -3
lines
Diff to previous 1.101 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.12.5
Changes since 4.12.4
--------------------
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name.
* BUG 14391: Fix DFS links.
* BUG 14310: Can't use DNS functionality after a Windows DC has been in
domain.
* BUG 14413: ldapi search to FreeIPA crashes.
* BUG 14396: Add net-ads-join dnshostname=fqdn option.
* BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.
* BUG 14386: docs-xml: Update list of posible VFS operations for
vfs_full_audit.
* BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
* BUG 14370: Client tools are not able to read gencache anymore.
Samba 4.12.4
============
o CVE-2020-10730:
A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
de-reference and further combinations with the LDAP paged_results feature can
give a use-after-free in Samba's AD DC LDAP server.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760:
The use of the paged_results or VLV controls against the Global Catalog LDAP
server on the AD DC will cause a use-after-free.
o CVE-2020-14303:
The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
further requests once it receives an empty (zero-length) UDP packet to
port 137.
For more details, please refer to the security advisories.
Changes since 4.12.3
--------------------
* BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
several seconds of CPU each.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined.
* BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV.
* BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
AD DC nbt_server.
* BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined, ldb: Bump version to 2.1.4.
Revision 1.101 / (download) - annotate - [select for diffs], Fri May 22 10:55:48 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base
Branch point for: pkgsrc-2020Q2
Changes since 1.100: +2 -1
lines
Diff to previous 1.100 (colored) to selected 1.16.2.1 (colored)
revbump after updating security/nettle
Revision 1.100 / (download) - annotate - [select for diffs], Wed May 20 04:26:38 2020 UTC (3 years, 10 months ago) by dogcow
Branch: MAIN
Changes since 1.99: +2 -2
lines
Diff to previous 1.99 (colored) to selected 1.16.2.1 (colored)
Require docbook-xsl>=1.79.2 for building smb.conf.5; otherwise, it errors out with runtime error: file /usr/pkg/share/xsl/docbook/lib/lib.xsl line 58 element choose xsltApplySequenceConstructor: A potential infinite template recursion was detected.
Revision 1.99 / (download) - annotate - [select for diffs], Tue May 19 16:51:43 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.98: +2 -3
lines
Diff to previous 1.98 (colored) to selected 1.16.2.1 (colored)
net/samba4 databases/ldb: updated to 4.12.3 2.1.3 Changes 4.12.3: * BUG 14301: Fix smbd panic on force-close share during async io. * BUG 14343: s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array. * BUG 14361: vfs_io_uring: Fix data corruption with Windows clients. * BUG 14372: Fix smbd crashes when MacOS Catalina connects if iconv initialization fails. * BUG 14150: Exporting from macOS Adobe Illustrator creates multiple copies. * BUG 14256: smbd does a chdir() twice per request. * BUG 14320: smbd mistakenly updates a file's write-time on close. * BUG 14350: vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename(). * BUG 14375: Fix Windows 7 clients problem after upgrading samba file server. * BUG 14359: s3: Pass DCE RPC handle type to create_policy_hnd. * BUG 14155: Fix uxsuccess test with new MIT krb5 library 1.18. * BUG 14342: mit-kdc: Explicitly reject S4U requests. * BUG 14352: dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked(). * BUG 14345: lib:util: Fix smbclient -l basename dir. * BUG 14336: s3:libads: Fix ads_get_upn(). * BUG 14348: ctdb: Fix a memleak. * BUG 14366: Malicous SMB1 server can crash libsmbclient. * BUG 14330: ldb: Bump version to 2.1.3, LMDB databases can grow without bounds * BUG 14361: vfs_io_uring: Fix data corruption with Windows clients. * BUG 14344: s3/librpc/crypto: Fix double free with unresolved credential cache. * BUG 14358: docs-xml: Fix usernames in pam_winbind manpages.
Revision 1.98 / (download) - annotate - [select for diffs], Tue May 19 12:13:51 2020 UTC (3 years, 11 months ago) by hauke
Branch: MAIN
Changes since 1.97: +2 -1
lines
Diff to previous 1.97 (colored) to selected 1.16.2.1 (colored)
The smb.conf(5) man page builds fine on netbsd-9, so re-add it. This is probably the most important of the Samba man pages, and it should not have been excluded from the build without a detailed explanation, "just to make the pkg build".
Revision 1.97 / (download) - annotate - [select for diffs], Wed May 13 04:29:24 2020 UTC (3 years, 11 months ago) by rillig
Branch: MAIN
Changes since 1.96: +1 -2
lines
Diff to previous 1.96 (colored) to selected 1.16.2.1 (colored)
net/samba4: remove nonexistent file from REPLACE_PERL
Revision 1.96 / (download) - annotate - [select for diffs], Wed Apr 29 10:01:18 2020 UTC (3 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.95: +2 -2
lines
Diff to previous 1.95 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.12.2 Samba 4.12.2 This is a security release in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Revision 1.95 / (download) - annotate - [select for diffs], Tue Apr 7 08:17:28 2020 UTC (4 years ago) by adam
Branch: MAIN
Changes since 1.94: +2 -2
lines
Diff to previous 1.94 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.12.1 Samba 4.12.1 * BUG 14295: nmblib: Avoid undefined behaviour in handle_name_ptrs(). * BUG 14296: samba-tool group: Handle group names with special chars correctly. * BUG 14293: Add missing check for DMAPI offline status in async DOS attributes. * BUG 14295: Starting ctdb node that was powered off hard before results in recovery loop. * BUG 14307: smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs. * BUG 14316: vfs_recycle: Prevent flooding the log if we're called on non-existant paths. * BUG 14313: librpc: Fix IDL for svcctl_ChangeServiceConfigW. * BUG 14327: nsswitch: Fix use-after-free causing segfault in _pam_delete_cred. * BUG 13622: fruit:time machine max size is broken on arm. * BUG 14294: CTDB recovery corner cases can cause record resurrection and node banning. * BUG 14332: s3/utils: Fix double free error with smbtree. * BUG 14294: CTDB recovery corner cases can cause record resurrection and node banning. * BUG 14295: Starting ctdb node that was powered off hard before results in recovery loop. * BUG 14324: CTDB recovery daemon can crash due to dereference of NULL pointer.
Revision 1.94 / (download) - annotate - [select for diffs], Thu Apr 2 11:21:41 2020 UTC (4 years ago) by adam
Branch: MAIN
Changes since 1.93: +2 -3
lines
Diff to previous 1.93 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.12.0
samba 4.12.0:
NEW FEATURES/CHANGES
====================
Python 3.5 Required
-------------------
Samba's minimum runtime requirement for python was raised to Python
3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python
3.5 both to access new features and because this is the oldest version
we test with in our CI infrastructure.
(Build time support for the file server with Python 2.6 has not
changed)
Removing in-tree cryptography: GnuTLS 3.4.7 required
----------------------------------------------------
Samba is making efforts to remove in-tree cryptographic functionality,
and to instead rely on externally maintained libraries. To this end,
Samba has chosen GnuTLS as our standard cryptographic provider.
Samba now requires GnuTLS 3.4.7 to be installed (including development
headers at build time) for all configurations, not just the Samba AD
DC.
Thanks to this work Samba no longer ships an in-tree DES
implementation and on GnuTLS 3.6.5 or later Samba will include no
in-tree cryptography other than the MD4 hash and that
implemented in our copy of Heimdal.
Using GnuTLS for SMB3 encryption you will notice huge performance and copy
speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
show a 3x speed improvement for writing and a 2.5x speed improvement for reads!
NOTE WELL: The use of GnuTLS means that Samba will honour the
system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
standard) and so will not operate in many still common situations if
this system-wide parameter is in effect, as many of our protocols rely
on outdated cryptography.
A future Samba version will mitigate this to some extent where good
cryptography effectively wraps bad cryptography, but for now that above
applies.
zlib library is now required to build Samba
-------------------------------------------
Samba no longer includes a local copy of zlib in our source tarball.
By removing this we do not need to ship (even where we did not
build) the old, broken zip encryption code found there.
New Spotlight backend for Elasticsearch
---------------------------------------
Support for the macOS specific Spotlight search protocol has been enhanced
significantly. Starting with 4.12 Samba supports using Elasticsearch as search
backend. Various new parameters have been added to configure this:
spotlight backend = noindex | elasticsearch | tracker
elasticsearch:address = ADDRESS
elasticsearch:port = PORT
elasticsearch:use tls = BOOLEAN
elasticsearch:index = INDEXNAME
elasticsearch:mappings = PATH
elasticsearch:max results = NUMBER
Samba also ships a Spotlight client command "mdfind" which can be used to search
any SMB server that runs the Spotlight RPC service. See the manpage of mdfind
for details.
Note that when upgrading existing installations that are using the previous
default Spotlight backend Gnome Tracker must explicitly set "spotlight backend =
tracker" as the new default is "noindex".
'net ads kerberos pac save' and 'net eventlog export'
-----------------------------------------------------
The 'net ads kerberos pac save' and 'net eventlog export' tools will
no longer silently overwrite an existing file during data export. If
the filename given exits, an error will be shown.
Fuzzing
-------
A large number of fuzz targets have been added to Samba, and Samba has
been registered in Google's oss-fuzz cloud fuzzing service. In
particular, we now have good fuzzing coverage of our generated NDR
parsing code.
A large number of issues have been found and fixed thanks to this
effort.
'samba-tool' improvements add contacts as member to groups
----------------------------------------------------------
Previously 'samba-tool group addmemers' can just add users, groups and
computers as members to groups. But also contacts can be members of
groups. Samba 4.12 adds the functionality to add contacts to
groups. Since contacts have no sAMAccountName, it's possible that
there are more than one contact with the same name in different
organizational units. Therefore it's necessary to have an option to
handle group members by their DN.
To get the DN of an object there is now the "--full-dn" option available
for all necessary commands.
The MS Windows UI allows to search for specific types of group members
when searching for new members for a group. This feature is included
here with the new samba-tool group addmembers "--object-type=OBJECTYPE"
option. The different types are selected accordingly to the Windows
UI. The default samba-toole behaviour shouldn't be changed.
Allow filtering by OU or subtree in samba-tool
----------------------------------------------
A new "--base-dn" and "--member-base-dn" option is added to relevant
samba-tool user, group and ou management commands to allow operation
on just one part of the AD tree, such as a single OU.
VFS
===
SMB_VFS_NTIMES
--------------
Samba now uses a sentinel value based on utimensat(2) UTIME_OMIT to denote
to-be-ignored timestamp variables passed to the SMB_VFS_NTIMES() VFS function.
VFS modules can check whether any of the time values inside a struct
smb_file_time is to be ignored by calling is_omit_timespec() on the value.
'io_uring' vfs module
---------------------
The module makes use of the new io_uring infrastructure
(intruduced in Linux 5.1), see https://lwn.net/Articles/776703/
Currently this implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV
and avoids the overhead of the userspace threadpool in the default
vfs backend. See also vfs_io_uring(8).
In order to build the module you need the liburing userspace library
and its developement headers installed, see
https://git.kernel.dk/cgit/liburing/
At runtime you'll need a Linux kernel with version 5.1 or higher.
Note that 5.4.14 and 5.4.15 have a regression that breaks the Samba
module! The regression was fixed in Linux 5.4.16 again.
MS-DFS changes in the VFS
-------------------------
This release changes set getting and setting of MS-DFS redirects
on the filesystem to go through two new VFS functions:
SMB_VFS_CREATE_DFS_PATHAT()
SMB_VFS_READ_DFS_PATHAT()
instead of smbd explicitly storing MS-DFS redirects inside
symbolic links on the filesystem. The underlying default
implementations of this has not changed, the redirects are
still stored inside symbolic links on the filesystem, but
moving the creation and reading of these links into the VFS
as first-class functions now allows alternate methods of
storing them (maybe in extended attributes) for OEMs who
don't want to mis-use filesystem symbolic links in this
way.
CTDB changes
============
* The ctdb_mutex_fcntl_helper periodically re-checks the lock file
The re-check period is specified using a 2nd argument to this
helper. The default re-check period is 5s.
If the file no longer exists or the inode number changes then the
helper exits. This triggers an election.
REMOVED FEATURES
================
The smb.conf parameter "write cache size" has been removed.
Since the in-memory write caching code was written, our write path has
changed significantly. In particular we have gained very flexible
support for async I/O, with the new linux io_uring interface in
development. The old write cache concept which cached data in main
memory followed by a blocking pwrite no longer gives any improvement
on modern systems, and may make performance worse on memory-contrained
systems, so this functionality should not be enabled in core smbd
code.
In addition, it complicated the write code, which is a performance
critical code path.
If required for specialist purposes, it can be recreated as a VFS
module.
Retiring DES encryption types in Kerberos.
------------------------------------------
With this release, support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause Kerberos
authentication to fail for that account (see RFC-6649).
Samba-DC: DES keys no longer saved in DB.
-----------------------------------------
When a new password is set for an account, Samba DC will store random keys
in DB instead of DES keys derived from the password. If the account is being
migrated to Windbows or to an older version of Samba in order to use DES keys,
the password must be reset to make it work.
Heimdal-DC: removal of weak-crypto.
-----------------------------------
Following removal of DES encryption types from Samba, the embedded Heimdal
build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO).
vfs_netatalk: The netatalk VFS module has been removed.
-------------------------------------------------------
The netatalk VFS module has been removed. It was unmaintained and is not needed
any more.
BIND9_FLATFILE deprecated
-------------------------
The BIND9_FLATFILE DNS backend is deprecated in this release and will
be removed in the future. This was only practically useful on a single
domain controller or under expert care and supervision.
This release removes the 'rndc command' smb.conf parameter, which
supported this configuration by writing out a list of DCs permitted to
make changes to the DNS Zone and nudging the 'named' server if a new
DC was added to the domain. Administrators using BIND9_FLATFILE will
need to maintain this manually from now on.
Revision 1.93 / (download) - annotate - [select for diffs], Tue Mar 10 22:10:48 2020 UTC (4 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.92: +2 -2
lines
Diff to previous 1.92 (colored) to selected 1.16.2.1 (colored)
librsvg: update bl3.mk to remove libcroco in rust case recursive bump for the dependency change
Revision 1.92 / (download) - annotate - [select for diffs], Sun Mar 8 16:48:04 2020 UTC (4 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.91: +2 -1
lines
Diff to previous 1.91 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for libffi
Revision 1.91 / (download) - annotate - [select for diffs], Sun Mar 8 12:39:27 2020 UTC (4 years, 1 month ago) by tnn
Branch: MAIN
Changes since 1.90: +1 -2
lines
Diff to previous 1.90 (colored) to selected 1.16.2.1 (colored)
samba4: make avahi optional Avahi by default pulls in X11 via gtk2 and dbus, so you might want to disable it on a small server if your clients don't need ZeroConf capability.
Revision 1.85.4.1 / (download) - annotate - [select for diffs], Wed Jan 29 13:13:05 2020 UTC (4 years, 2 months ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.85: +5 -3
lines
Diff to previous 1.85 (colored) next main 1.86 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6125 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.86-1.89
- net/samba4/PLIST 1.25
- net/samba4/distinfo 1.39-1.41
- net/samba4/patches/patch-source4_utils_oLschema2ldif_wscript__build 1.1
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Dec 30 13:58:35 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.11.4
Changes since 4.11.3:
* BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode
number.
* BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum()
on an SMB1 connection.
* BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx.
* BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if
encrypting an interim response.
* BUG 14205: Prevent smbd crash after invalid SMB1 negprot.
* BUG 13745: s3:printing: Fix %J substition.
* BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context().
* BUG 14069: Incomplete conversion of former parametric options.
* BUG 14070: Fix sync dosmode fallback in async dosmode codepath.
* BUG 14171: vfs_fruit returns capped resource fork length.
* BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries.
* BUG 14211: smbd: Increase a debug level.
* BUG 14153: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant.
* BUG 14179: krb5_plugin: Fix developer build with newer heimdal system
library.
* BUG 14168: replace: Only link libnsl and libsocket if requrired.
* BUG 14175: ctdb: Incoming queue can be orphaned causing communication
breakdown.
* BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take
cross-answers or cross-execute.
* BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in
asn1_compile-generated code.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Jan 8 10:40:03 UTC 2020
Modified Files:
pkgsrc/net/samba4: distinfo
Added Files:
pkgsrc/net/samba4/patches:
patch-source4_utils_oLschema2ldif_wscript__build
Log Message:
samba4: Disable more fmemopen utilities on SunOS.
---
Module Name: pkgsrc
Committed By: jperkin
Date: Sat Jan 18 21:51:16 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
*: Recursive revision bump for openssl 1.1.1.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jan 21 14:12:36 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.11.5
Update samba4 to 4.11.5.
==============================
Release Notes for Samba 4.11.5
January 21, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
=======
Details
=======
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 27 14:04:13 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
net/samba4: update depdendency
Update dependency for daabases/ldb and devel/talloc.
Bump PKGREVISION.
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jan 29 12:44:14 2020 UTC (4 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.89: +2 -3
lines
Diff to previous 1.89 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.11.6 Changes since 4.11.5: * BUG 14209: pygpo: Use correct method flags. * BUG 14216: vfs_ceph_snapshots: Fix root relative path handling. * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. * BUG 14218: source4/utils/oLschema2ldif: Include stdint.h before cmocka.h. * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. * BUG 14251: smbd: Fix the build with clang. * BUG 14199: upgradedns: Ensure lmdb lock files linked. * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir. * BUG 14101: smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file. * BUG 14219: librpc: Fix string length checking in ndr_pull_charset_to_null(). * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection info.
Revision 1.89 / (download) - annotate - [select for diffs], Mon Jan 27 14:04:13 2020 UTC (4 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.88: +4 -2
lines
Diff to previous 1.88 (colored) to selected 1.16.2.1 (colored)
net/samba4: update depdendency Update dependency for daabases/ldb and devel/talloc. Bump PKGREVISION.
Revision 1.88 / (download) - annotate - [select for diffs], Tue Jan 21 14:12:36 2020 UTC (4 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.87: +2 -3
lines
Diff to previous 1.87 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.11.5
Update samba4 to 4.11.5.
==============================
Release Notes for Samba 4.11.5
January 21, 2020
==============================
This is a security release in order to address the following defects:
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
=======
Details
=======
o CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.
Revision 1.87 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:25 2020 UTC (4 years, 3 months ago) by jperkin
Branch: MAIN
Changes since 1.86: +2 -1
lines
Diff to previous 1.86 (colored) to selected 1.16.2.1 (colored)
*: Recursive revision bump for openssl 1.1.1.
Revision 1.86 / (download) - annotate - [select for diffs], Mon Dec 30 13:58:35 2019 UTC (4 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.85: +2 -2
lines
Diff to previous 1.85 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.11.4 Changes since 4.11.3: * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx. * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. * BUG 14205: Prevent smbd crash after invalid SMB1 negprot. * BUG 13745: s3:printing: Fix %J substition. * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). * BUG 14069: Incomplete conversion of former parametric options. * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. * BUG 14171: vfs_fruit returns capped resource fork length. * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. * BUG 14211: smbd: Increase a debug level. * BUG 14153: Prevent azure ad connect from reporting discovery errors: reference-value-not-ldap-conformant. * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system library. * BUG 14168: replace: Only link libnsl and libsocket if requrired. * BUG 14175: ctdb: Incoming queue can be orphaned causing communication breakdown. * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute. * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code.
Revision 1.85 / (download) - annotate - [select for diffs], Tue Dec 10 13:03:41 2019 UTC (4 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base
Branch point for: pkgsrc-2019Q4
Changes since 1.84: +2 -3
lines
Diff to previous 1.84 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.11.3 Samba 4.11.3 This is a security release in order to address the following defects: o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC.
Revision 1.84 / (download) - annotate - [select for diffs], Sat Nov 23 08:45:45 2019 UTC (4 years, 4 months ago) by mef
Branch: MAIN
Changes since 1.83: +2 -1
lines
Diff to previous 1.83 (colored) to selected 1.16.2.1 (colored)
Recursive revbump based on devel/cmocka 1.1.3 -> 1.1.5
Revision 1.83 / (download) - annotate - [select for diffs], Sun Nov 10 17:01:58 2019 UTC (4 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.82: +3 -4
lines
Diff to previous 1.82 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.11.2 4.11.2: This is a security release in order to address the following defects: o CVE-2019-10218: Client code can return filenames containing path separators. o CVE-2019-14833: Samba AD DC check password script does not receive the full password. o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. 4.11.1: This is the latest stable release of the Samba 4.11 release series. Changes since 4.11.0: * BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH group. * BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(). * BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls. * BUG 14137: Fix stale file handle error when using mkstemp on a share. * BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14130: s3-winbindd: Fix forest trusts with additional trust attributes. * BUG 14134: auth/gensec: Fix non-AES schannel seal. * BUG 14147: Deleted records can be resurrected during recovery. * BUG 14136: Fix uncaught exception in classicupgrade. * BUG 14139: fault.c: Improve fault_report message text pointing to our wiki. * BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI. * BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests. * BUG 14131: Remove 'pod2man' as it is no longer needed. * BUG 13884: Joining Active Directory should not use SAMR to set the password. * BUG 14140: Overlinking libreplace against librt and pthread against every binary or library causes issues. * BUG 14155: 'kpasswd' fails when built with MIT Kerberos. * BUG 14129: Exit code of ctdb nodestatus should not be influenced by deleted nodes. 4.11.0: * BUG 14049: ldb: Don't try to save a value that isn't there. * ldb_dn: Free dn components on explode failure. * ldb: Do not allow adding a DN as a base to itself. * ldb: Release ldb 2.0.7. * BUG 13695: ldb: Correct Pigeonhole principle validation in ldb_filter_attrs(). * BUG 14049: Fix ldb dn crash. * BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords = no". * BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust mutexes. * BUG 14121: smbd returns bad File-ID on filehandle used to create a file or directory. * BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations. * BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint to load balancers or servers with "multi-tenancy" support. * BUG 14113: Fix byte range locking bugs/regressions. * ldb: Fix mem-leak if talloc_realloc fails. * BUG 14007: Fix join with don't exists machine account. * BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map. CHANGES SINCE 4.11.0rc2 * BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what is happening). * BUG 14092: docs: Deprecate "rndc command" for Samba 4.11. * BUG 14059: ldb: Free memory when repacking database. * BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id. * BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and st_ex_iflags. * BUG 14093: vfs_glusterfs: Enable profiling for file system operations. * BUG 14059: Backport sambadowngradedatabase for v4.11. * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. * BUG 14032: vfs_gpfs: Implement special case for denying owner access to ACL. * BUG 14084: Avoid marking a node as connected before it can receive packets. * BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7. * BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing databases.
Revision 1.82 / (download) - annotate - [select for diffs], Sun Nov 3 11:45:52 2019 UTC (4 years, 5 months ago) by rillig
Branch: MAIN
Changes since 1.81: +2 -2
lines
Diff to previous 1.81 (colored) to selected 1.16.2.1 (colored)
net: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.72.2.1 / (download) - annotate - [select for diffs], Sun Sep 15 09:11:02 2019 UTC (4 years, 7 months ago) by bsiegert
Branch: pkgsrc-2019Q2
Changes since 1.72: +4 -4
lines
Diff to previous 1.72 (colored) next main 1.73 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #6047 - requested by taca
databases/ldb: dependent update
net/samba4: security fix
Revisions pulled up:
- databases/ldb/Makefile 1.6
- databases/ldb/buildlink3.mk 1.2
- databases/ldb/distinfo 1.3
- net/samba4/Makefile 1.75,1.77-1.78
- net/samba4/PLIST 1.23
- net/samba4/distinfo 1.33-1.35
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 20 22:46:59 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile buildlink3.mk
Log Message:
*: recursive bump for nettle 3.5.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Jul 21 22:26:08 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
*: recursive bump for gdk-pixbuf2-2.38.1
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Aug 3 06:54:39 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.10.6
Changes 4.10.6:
* BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts.
* BUG 13964: smbd does not correctly parse arguments passed to dfree and
quota scripts.
* BUG 13965: samba-tool dns: use bytes for inet_ntop.
* BUG 13828: samba-tool domain provision: Fix --interactive module in
python3.
* BUG 13893: ldb_kv: Skip @ records early in a search full scan.
* BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth"
connection.
* BUG 14002: python/ntacls: Use correct "state directory" smb.conf option
instead of "state dir".
* BUG 13840: registry: Add a missing include.
* BUG 13944: Fix SMB guest authentication.
* BUG 13958: AppleDouble conversion breaks Resourceforks.
* BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread().
* BUG 13987: s3:mdssvc: Fix flex compilation error.
* BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:
* BUG 13799: dsdb:samdb: schemainfo update with relax control.
* BUG 13964: s3:util: Move static file_pload() function to lib/util.
* BUG 13957: smbd: Fix a panic.
* BUG 12478: ldap server: Generate correct referral schemes.
* BUG 13941: s4 dsdb/repl_meta_data: fix use after free in
dsdb_audit_add_ldb_value.
* BUG 13942: s4 dsdb: Fix use after free in
samldb_rename_search_base_callback.
* BUG 12204: dsdb/repl: we need to replicate the whole schema before we can
apply it.
* BUG 12478: ldb: Release ldb 1.5.5
* BUG 13713: Schema replication fails if link crosses chunk boundary
backwards.
* BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips
the schemaInfo update provision.
* BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown]
SID [(NULL SID)] ..."
* BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in
order to get the ACL.
* BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte
boundary.
* BUG 13939: Using Kerberos credentials to print using spoolss doesn't work.
* BUG 13998: wafsamba: Use native waf timer.
* BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Aug 11 13:25:21 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Bump PKGREVISIONs for perl 5.30.0
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Aug 23 10:52:41 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.7
Samba 4.10.7
* BUG 14010: Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module.
* BUG 13844: build: Allow build when '--disable-gnutls' is set.
* BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py.
* BUG 14008: Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade.
* BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC.
* BUG 14046: join: Use a specific attribute order for the DsAddEntry
nTDSDSA object.
* BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname().
* BUG 14091: lookup_name: Allow own domain lookup when flags == 0.
* BUG 13932: s4 librpc rpc pyrpc: Ensure tevent_context deleted last.
* BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log
file.
* BUG 13949: Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto".
* BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days.
* BUG 13969: dnsProperty fails to decode values from older Windows versions.
* BUG 13973: samba-tool: Use only one LDAP modify for dns partition fsmo
role transfer.
* BUG 13960: third_party: Update waf to version 2.0.17.
* BUG 14051: netcmd: Allow 'drs replicate --local' to create partitions.
* BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file.
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Sep 3 19:11:58 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.8
Samba 4.10.8:
This is a security release in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Aug 3 06:52:32 UTC 2019
Modified Files:
pkgsrc/databases/ldb: Makefile buildlink3.mk distinfo
Log Message:
ldb: updated to 1.5.5
1.5.5:
Unknown changes
Revision 1.81 / (download) - annotate - [select for diffs], Mon Sep 9 00:33:05 2019 UTC (4 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.80: +2 -1
lines
Diff to previous 1.80 (colored) to selected 1.16.2.1 (colored)
net/samba4: Makefile format correction Revert remove of a blank line. There should be blank line. Thanks to wiz@ noted via private mail.
Revision 1.80 / (download) - annotate - [select for diffs], Thu Sep 5 12:39:56 2019 UTC (4 years, 7 months ago) by hauke
Branch: MAIN
Changes since 1.79: +2 -1
lines
Diff to previous 1.79 (colored) to selected 1.16.2.1 (colored)
Solarish pthreads expect mutex datastructures to be properly zeroed out, unlike the Linux implementation, which upstream mainly targets. This leads to "tdb_open_ex: tdb_mutex_init failed for /var/samba/lock/gencache.tdb: Device busy" errors, described in <https://illumos.topicbox.com/groups/developer/T28dcabf2f69cac04>. Illumos kernel code attempted to mitigate the problem as of <https://www.illumos.org/issues/9959>, but the changes have yet to show up in releases. The patches originate from <https://github.com/oposs/pkg.oetiker.ch-build/blob/master/build/samba4/patches/pthread_mutex_init>, modified appropriately. Tested on omniosce r151030.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Sep 4 08:15:32 2019 UTC (4 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.78: +2 -3
lines
Diff to previous 1.78 (colored) to selected 1.16.2.1 (colored)
net/samba4: update MASTER_SITES Update MASTER_SITES switching to https URL. And remove extra empty line.
Revision 1.78 / (download) - annotate - [select for diffs], Tue Sep 3 19:11:58 2019 UTC (4 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.77: +2 -2
lines
Diff to previous 1.77 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.8
Samba 4.10.8:
This is a security release in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
Revision 1.77 / (download) - annotate - [select for diffs], Fri Aug 23 10:52:41 2019 UTC (4 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.76: +3 -4
lines
Diff to previous 1.76 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.7 Samba 4.10.7 * BUG 14010: Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module. * BUG 13844: build: Allow build when '--disable-gnutls' is set. * BUG 13973: samba-tool: Add 'import samba.drs_utils' to fsmo.py. * BUG 14008: Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade. * BUG 14021: s4/libnet: Fix joining a Windows pre-2008R2 DC. * BUG 14046: join: Use a specific attribute order for the DsAddEntry nTDSDSA object. * BUG 14015: vfs_catia: Pass stat info to synthetic_smb_fname(). * BUG 14091: lookup_name: Allow own domain lookup when flags == 0. * BUG 13932: s4 librpc rpc pyrpc: Ensure tevent_context deleted last. * BUG 13915: DEBUGC and DEBUGADDC doesn't print into a class specific log file. * BUG 13949: Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto". * BUG 13967: dbcheck: Fallback to the default tombstoneLifetime of 180 days. * BUG 13969: dnsProperty fails to decode values from older Windows versions. * BUG 13973: samba-tool: Use only one LDAP modify for dns partition fsmo role transfer. * BUG 13960: third_party: Update waf to version 2.0.17. * BUG 14051: netcmd: Allow 'drs replicate --local' to create partitions. * BUG 14017: ctdb-config: Depend on /etc/ctdb/nodes file.
Revision 1.76 / (download) - annotate - [select for diffs], Sun Aug 11 13:22:29 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.75: +2 -1
lines
Diff to previous 1.75 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISIONs for perl 5.30.0
Revision 1.75 / (download) - annotate - [select for diffs], Sat Aug 3 06:54:39 2019 UTC (4 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.74: +3 -3
lines
Diff to previous 1.74 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.6 Changes 4.10.6: * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. * BUG 13964: smbd does not correctly parse arguments passed to dfree and quota scripts. * BUG 13965: samba-tool dns: use bytes for inet_ntop. * BUG 13828: samba-tool domain provision: Fix --interactive module in python3. * BUG 13893: ldb_kv: Skip @ records early in a search full scan. * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" connection. * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option instead of "state dir". * BUG 13840: registry: Add a missing include. * BUG 13944: Fix SMB guest authentication. * BUG 13958: AppleDouble conversion breaks Resourceforks. * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). * BUG 13987: s3:mdssvc: Fix flex compilation error. * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly: * BUG 13799: dsdb:samdb: schemainfo update with relax control. * BUG 13964: s3:util: Move static file_pload() function to lib/util. * BUG 13957: smbd: Fix a panic. * BUG 12478: ldap server: Generate correct referral schemes. * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value. * BUG 13942: s4 dsdb: Fix use after free in samldb_rename_search_base_callback. * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can apply it. * BUG 12478: ldb: Release ldb 1.5.5 * BUG 13713: Schema replication fails if link crosses chunk boundary backwards. * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision. * BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL. * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary. * BUG 13939: Using Kerberos credentials to print using spoolss doesn't work. * BUG 13998: wafsamba: Use native waf timer. * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check.
Revision 1.74 / (download) - annotate - [select for diffs], Sun Jul 21 22:25:33 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for gdk-pixbuf2-2.38.1
Revision 1.73 / (download) - annotate - [select for diffs], Sat Jul 20 22:46:03 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored) to selected 1.16.2.1 (colored)
*: recursive bump for nettle 3.5.1
Revision 1.72 / (download) - annotate - [select for diffs], Fri Jun 28 17:13:50 2019 UTC (4 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base
Branch point for: pkgsrc-2019Q2
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored) to selected 1.16.2.1 (colored)
samba4: Build fixes for SunOS.
Revision 1.71 / (download) - annotate - [select for diffs], Sat Jun 22 16:11:49 2019 UTC (4 years, 9 months ago) by jmcneill
Branch: MAIN
Changes since 1.70: +2 -1
lines
Diff to previous 1.70 (colored) to selected 1.16.2.1 (colored)
Enable ads option by default.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Jun 19 21:22:59 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.5
Release Notes for Samba 4.10.5
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
Details
=======
o CVE-2019-12435:
An authenticated user can crash the Samba AD DC's RPC server process via a
NULL pointer dereference.
o CVE-2019-12436:
An user with read access to the directory can cause a NULL pointer
dereference using the paged search control.
For more details and workarounds, please refer to the security advisories.
Revision 1.63.2.2 / (download) - annotate - [select for diffs], Tue Jun 4 16:17:37 2019 UTC (4 years, 10 months ago) by spz
Branch: pkgsrc-2019Q1
Changes since 1.63.2.1: +1 -1
lines
Diff to previous 1.63.2.1 (colored) to branchpoint 1.63 (colored) next main 1.64 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #5972 - requested by taca net/samba4: security update Revisions pulled up: - net/samba4/Makefile 1.67 - net/samba4/PLIST.Linux 1.2 - net/samba4/distinfo 1.28 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Tue Apr 23 07:42:53 UTC 2019 Modified Files: pkgsrc/net/samba4: PLIST.Linux Log Message: samba4: update Linux-specific PLIST entries from mmoll in https://github.com/NetBSD/pkgsrc/pull/46 I am not adding the SunOS part because the files are in the non-OS specific PLIST, now (the SunOS entries seem to be duplicated) To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/samba4/PLIST.Linux ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Thu Apr 25 07:33:32 UTC 2019 Modified Files: pkgsrc/archivers/bmap-tools: Makefile pkgsrc/archivers/engrampa: Makefile pkgsrc/archivers/rox-archive: Makefile pkgsrc/audio/aeneas: Makefile pkgsrc/audio/amaroc: Makefile pkgsrc/audio/ardour: Makefile pkgsrc/audio/aubio: Makefile pkgsrc/audio/cplay: Makefile pkgsrc/audio/csound5: Makefile pkgsrc/audio/csound6: Makefile pkgsrc/audio/csound6-manual: Makefile pkgsrc/audio/exaile: Makefile pkgsrc/audio/eyeD3: Makefile pkgsrc/audio/gtkpod: Makefile pkgsrc/audio/icecast1: Makefile pkgsrc/audio/ices-mp3: Makefile pkgsrc/audio/libmatemixer: Makefile pkgsrc/audio/lilv: Makefile pkgsrc/audio/lv2: Makefile pkgsrc/audio/moss: Makefile pkgsrc/audio/picard: Makefile pkgsrc/audio/playitslowly: Makefile pkgsrc/audio/pocketsphinx: Makefile pkgsrc/audio/pulseaudio: Makefile pkgsrc/audio/py-beets: Makefile pkgsrc/audio/quodlibet2: Makefile pkgsrc/audio/rhythmbox: Makefile pkgsrc/audio/solfege: Makefile pkgsrc/audio/sonata: Makefile pkgsrc/audio/sphinxtrain: Makefile pkgsrc/audio/suil: Makefile pkgsrc/audio/tunapie: Makefile pkgsrc/benchmarks/fio: Makefile pkgsrc/benchmarks/glmark2: Makefile pkgsrc/biology/bcftools: Makefile pkgsrc/biology/hisat2: Makefile pkgsrc/biology/ncbi-blast+: Makefile pkgsrc/biology/samtools: Makefile pkgsrc/biology/stacks: Makefile pkgsrc/cad/geda: Makefile pkgsrc/cad/klayout: Makefile pkgsrc/cad/openscad: Makefile pkgsrc/chat/bitlbee: Makefile pkgsrc/chat/centerim: Makefile pkgsrc/chat/centerim5: Makefile pkgsrc/chat/empathy: Makefile pkgsrc/chat/gajim: Makefile pkgsrc/chat/gajim-plugin-omemo: Makefile pkgsrc/chat/hexchat: Makefile pkgsrc/chat/konversation: Makefile pkgsrc/chat/libpurple: Makefile pkgsrc/chat/libtelepathy: Makefile pkgsrc/chat/spectrum: Makefile pkgsrc/chat/swift: Makefile pkgsrc/chat/telepathy-farsight: Makefile pkgsrc/chat/telepathy-gabble: Makefile pkgsrc/chat/telepathy-glib: Makefile pkgsrc/chat/telepathy-idle: Makefile pkgsrc/chat/telepathy-logger: Makefile pkgsrc/chat/telepathy-mission-control: Makefile pkgsrc/chat/telepathy-mission-control5: Makefile pkgsrc/chat/telepathy-qt: Makefile pkgsrc/chat/tootstream: Makefile pkgsrc/comms/multisync-gui: Makefile pkgsrc/converters/libkkc: Makefile pkgsrc/converters/sratom: Makefile pkgsrc/converters/unoconv: Makefile pkgsrc/converters/wkhtmltopdf: Makefile pkgsrc/databases/apache-cassandra: Makefile pkgsrc/databases/apache-cassandra2: Makefile pkgsrc/databases/gourmet: Makefile pkgsrc/databases/gramps3: Makefile pkgsrc/databases/ldb: Makefile pkgsrc/databases/libpqxx: Makefile pkgsrc/databases/luma: Makefile pkgsrc/databases/mongodb: Makefile pkgsrc/databases/mysql-cluster: Makefile pkgsrc/databases/mysql-workbench: Makefile pkgsrc/databases/oraedit: Makefile pkgsrc/databases/postgresql10-plpython: Makefile pkgsrc/databases/postgresql11-plpython: Makefile pkgsrc/databases/postgresql93-plpython: Makefile pkgsrc/databases/postgresql94-plpython: Makefile pkgsrc/databases/postgresql95-plpython: Makefile pkgsrc/databases/postgresql96-plpython: Makefile pkgsrc/databases/skytools: Makefile pkgsrc/databases/sqlrelay-nodejs: Makefile pkgsrc/databases/tdb: Makefile pkgsrc/devel/ExmanIDE: Makefile pkgsrc/devel/GConf: Makefile pkgsrc/devel/RBTools: Makefile pkgsrc/devel/accerciser: Makefile pkgsrc/devel/accerciser3: Makefile pkgsrc/devel/anjuta: Makefile pkgsrc/devel/appdata-tools: Makefile pkgsrc/devel/arcanist: Makefile pkgsrc/devel/boa-constructor: Makefile pkgsrc/devel/bpython: Makefile pkgsrc/devel/bzr: Makefile pkgsrc/devel/bzr-explorer: Makefile pkgsrc/devel/bzr-gtk: Makefile pkgsrc/devel/bzr-svn: Makefile pkgsrc/devel/bzrtools: Makefile pkgsrc/devel/clion-bin: Makefile pkgsrc/devel/coccinelle: Makefile pkgsrc/devel/codeville: Makefile pkgsrc/devel/cppcheck: Makefile pkgsrc/devel/ctemplate: Makefile pkgsrc/devel/cvs-fast-export: Makefile pkgsrc/devel/cvs2svn: Makefile pkgsrc/devel/dconf: Makefile pkgsrc/devel/diffuse: Makefile pkgsrc/devel/distcc-pump: Makefile pkgsrc/devel/doxygen: Makefile pkgsrc/devel/epydoc: Makefile pkgsrc/devel/eric4: Makefile pkgsrc/devel/etrace: Makefile pkgsrc/devel/fromcvs: Makefile pkgsrc/devel/gdb: Makefile pkgsrc/devel/gdb7: Makefile pkgsrc/devel/gdbus-codegen: Makefile pkgsrc/devel/git-remote-hg: Makefile pkgsrc/devel/glib2: Makefile pkgsrc/devel/glib2-tools: Makefile pkgsrc/devel/global: Makefile pkgsrc/devel/gnatpython: Makefile pkgsrc/devel/go-cli: Makefile pkgsrc/devel/go-termbox: Makefile pkgsrc/devel/gobject-introspection: Makefile pkgsrc/devel/gps: Makefile pkgsrc/devel/hyperscan: Makefile pkgsrc/devel/include-what-you-use: Makefile pkgsrc/devel/intellij-ce-bin: Makefile pkgsrc/devel/intellij-ue-bin: Makefile pkgsrc/devel/kcachegrind: Makefile pkgsrc/devel/kde-dev-scripts: Makefile pkgsrc/devel/ko-po-check: Makefile pkgsrc/devel/kpackage: Makefile pkgsrc/devel/kpeople: Makefile pkgsrc/devel/kpty: Makefile pkgsrc/devel/kservice: Makefile pkgsrc/devel/lettuce: Makefile pkgsrc/devel/libdbusmenu-tools: Makefile pkgsrc/devel/libftdi1: Makefile pkgsrc/devel/libgit2: Makefile pkgsrc/devel/libhid: Makefile pkgsrc/devel/libpeas: Makefile pkgsrc/devel/librdkafka: Makefile pkgsrc/devel/lld: Makefile pkgsrc/devel/lldb: Makefile pkgsrc/devel/lokalize: Makefile pkgsrc/devel/mate-common: Makefile pkgsrc/devel/meld: Makefile pkgsrc/devel/mercurial: Makefile pkgsrc/devel/ncc: Makefile pkgsrc/devel/netbeans-ide: Makefile pkgsrc/devel/ninja-build: Makefile pkgsrc/devel/phpstorm-bin: Makefile pkgsrc/devel/ply: Makefile pkgsrc/devel/py-gobject-shared: Makefile pkgsrc/devel/py-proteus: Makefile pkgsrc/devel/pycharm-bin: Makefile pkgsrc/devel/pythontidy: Makefile pkgsrc/devel/qbzr: Makefile pkgsrc/devel/radare2-cutter: Makefile pkgsrc/devel/reposurgeon: Makefile pkgsrc/devel/ropper: Makefile pkgsrc/devel/roundup: Makefile pkgsrc/devel/rox-lib: Makefile pkgsrc/devel/rubymine-bin: Makefile pkgsrc/devel/sdcc3: Makefile pkgsrc/devel/stgit: Makefile pkgsrc/devel/subversion: Makefile pkgsrc/devel/swig2: Makefile pkgsrc/devel/tailor: Makefile pkgsrc/devel/talloc: Makefile pkgsrc/devel/tevent: Makefile pkgsrc/devel/umbrello: Makefile pkgsrc/devel/undebt: Makefile pkgsrc/devel/waf: Makefile pkgsrc/editors/Sigil: Makefile pkgsrc/editors/TeXmacs: Makefile pkgsrc/editors/cooledit: Makefile pkgsrc/editors/gedit-python: Makefile pkgsrc/editors/gedit3: Makefile pkgsrc/editors/kate: Makefile pkgsrc/editors/lyx: Makefile pkgsrc/editors/medit: Makefile pkgsrc/editors/nts: Makefile pkgsrc/editors/pluma: Makefile pkgsrc/editors/retext: Makefile pkgsrc/editors/rox-edit: Makefile pkgsrc/emulators/dynagen: Makefile pkgsrc/emulators/fs-uae-arcade: Makefile pkgsrc/emulators/fs-uae-launcher: Makefile pkgsrc/emulators/gns3: Makefile pkgsrc/emulators/hatari: Makefile pkgsrc/emulators/keystone: Makefile pkgsrc/emulators/libretro-dolphin: Makefile pkgsrc/emulators/mame: Makefile pkgsrc/emulators/openmsx: Makefile pkgsrc/emulators/qemu: Makefile pkgsrc/emulators/simulavr: Makefile pkgsrc/emulators/snes9x-gtk: Makefile pkgsrc/emulators/unicorn: Makefile pkgsrc/filesystems/fuse-gmailfs: Makefile pkgsrc/filesystems/fuse-pcachefs: Makefile pkgsrc/filesystems/fuse-wikipediafs: Makefile pkgsrc/filesystems/glusterfs: Makefile pkgsrc/filesystems/tahoe-lafs: Makefile pkgsrc/finance/gnucash: Makefile pkgsrc/finance/ledger: Makefile pkgsrc/finance/moneyguru: Makefile pkgsrc/fonts/fontforge: Makefile pkgsrc/fonts/mftrace: Makefile pkgsrc/fonts/mkfontalias: Makefile pkgsrc/games/4stAttack: Makefile pkgsrc/games/accelerator3d: Makefile pkgsrc/games/blindmine: Makefile pkgsrc/games/crossfire-server: Makefile pkgsrc/games/duckmaze: Makefile pkgsrc/games/flare-engine: Makefile pkgsrc/games/flare-game: Makefile pkgsrc/games/gcompris: Makefile pkgsrc/games/gnome-games: Makefile pkgsrc/games/jools: Makefile pkgsrc/games/kajongg: Makefile pkgsrc/games/kye: Makefile pkgsrc/games/monsterz: Makefile pkgsrc/games/pysolfc: Makefile pkgsrc/games/pytraffic: Makefile pkgsrc/games/quakeforge: Makefile pkgsrc/games/scid: Makefile pkgsrc/games/singularity: Makefile pkgsrc/games/stegavorto: Makefile pkgsrc/games/teeworlds: Makefile pkgsrc/games/wesnoth: Makefile pkgsrc/geography/gpsd: Makefile pkgsrc/geography/proj-swig: Makefile pkgsrc/geography/qgis: Makefile pkgsrc/graphics/MesaLib: Makefile pkgsrc/graphics/MesaLib18: Makefile pkgsrc/graphics/MesaLib7: Makefile pkgsrc/graphics/aqsis: Makefile pkgsrc/graphics/asymptote: Makefile pkgsrc/graphics/blender: Makefile pkgsrc/graphics/cinepaint: Makefile pkgsrc/graphics/comix: Makefile pkgsrc/graphics/dia-python: Makefile pkgsrc/graphics/edje: Makefile pkgsrc/graphics/eog: Makefile pkgsrc/graphics/gif2png: Makefile pkgsrc/graphics/graphite2: Makefile pkgsrc/graphics/hugin: Makefile pkgsrc/graphics/inkscape: Makefile pkgsrc/graphics/jbig2dec: Makefile pkgsrc/graphics/kiconthemes: Makefile pkgsrc/graphics/krita: Makefile pkgsrc/graphics/lensfun: Makefile pkgsrc/graphics/libepoxy: Makefile pkgsrc/graphics/libscigraphica: Makefile pkgsrc/graphics/mate-backgrounds: Makefile pkgsrc/graphics/mate-icon-theme: Makefile pkgsrc/graphics/mate-icon-theme-faenza: Makefile pkgsrc/graphics/mate-themes: Makefile pkgsrc/graphics/mypaint: Makefile pkgsrc/graphics/opencv: Makefile pkgsrc/graphics/opencv-contrib-face: Makefile pkgsrc/graphics/opencv2: Makefile pkgsrc/graphics/scidavis: Makefile pkgsrc/graphics/scigraphica: Makefile pkgsrc/graphics/skencil: Makefile pkgsrc/graphics/veusz: Makefile pkgsrc/graphics/xdot: Makefile pkgsrc/ham/chirp: Makefile pkgsrc/ham/cwtext: Makefile pkgsrc/ham/gr-fcdproplus: Makefile pkgsrc/ham/gr-osmosdr: Makefile pkgsrc/ham/hackrf: Makefile pkgsrc/ham/uhd: Makefile pkgsrc/inputmethod/ibus: Makefile pkgsrc/inputmethod/ibus-anthy: Makefile pkgsrc/inputmethod/ibus-array: Makefile pkgsrc/inputmethod/ibus-hangul: Makefile pkgsrc/inputmethod/ibus-libpinyin: Makefile pkgsrc/inputmethod/ibus-pinyin: Makefile pkgsrc/inputmethod/ibus-table: Makefile pkgsrc/inputmethod/ibus-table-others: Makefile pkgsrc/inputmethod/ibus-tegaki: Makefile pkgsrc/inputmethod/tegaki-pygtk: Makefile pkgsrc/inputmethod/tegaki-python: Makefile pkgsrc/inputmethod/tegaki-recognize: Makefile pkgsrc/inputmethod/tegaki-tools: Makefile pkgsrc/inputmethod/tegaki-train: Makefile pkgsrc/inputmethod/tegaki-wagomu: Makefile pkgsrc/lang/clang: Makefile pkgsrc/lang/clang-static-analyzer: Makefile pkgsrc/lang/clang-tools-extra: Makefile pkgsrc/lang/compiler-rt: Makefile pkgsrc/lang/coq: Makefile pkgsrc/lang/coreclr: Makefile pkgsrc/lang/gcc8: Makefile pkgsrc/lang/libLLVM: Makefile pkgsrc/lang/libLLVM34: Makefile pkgsrc/lang/libLLVM4: Makefile pkgsrc/lang/likepython: Makefile pkgsrc/lang/llvm: Makefile pkgsrc/lang/micropython: Makefile pkgsrc/lang/mono: Makefile pkgsrc/lang/mono2: Makefile pkgsrc/lang/npm: Makefile pkgsrc/lang/nuitka: Makefile pkgsrc/lang/pfe: Makefile pkgsrc/lang/rust: Makefile pkgsrc/lang/spidermonkey185: Makefile pkgsrc/lang/spidermonkey52: Makefile pkgsrc/mail/archivemail: Makefile pkgsrc/mail/evolution-data-server: Makefile pkgsrc/mail/fetchmailconf: Makefile pkgsrc/mail/getmail: Makefile pkgsrc/mail/mailman: Makefile pkgsrc/mail/newspipe: Makefile pkgsrc/mail/notmuch: Makefile pkgsrc/mail/offlineimap: Makefile pkgsrc/mail/pymsgauth: Makefile pkgsrc/mail/queue-repair: Makefile pkgsrc/mail/roundcube-plugin-enigma: Makefile pkgsrc/mail/roundcube-plugin-password: Makefile pkgsrc/mail/roundcube-plugin-zipdownload: Makefile pkgsrc/mail/rss2email: Makefile pkgsrc/mail/tmda: Makefile pkgsrc/math/cantor: Makefile pkgsrc/math/crfsuite: Makefile pkgsrc/math/djbsort: Makefile pkgsrc/math/gnumeric112: Makefile pkgsrc/math/libshorttext: Makefile pkgsrc/math/libsvm: Makefile pkgsrc/math/maxima: Makefile pkgsrc/math/sundials: Makefile pkgsrc/math/units: Makefile pkgsrc/math/z3: Makefile pkgsrc/meta-pkgs/boost: Makefile pkgsrc/meta-pkgs/bulk-large: Makefile pkgsrc/meta-pkgs/bulk-medium: Makefile pkgsrc/meta-pkgs/bulk-small: Makefile pkgsrc/meta-pkgs/gnome: Makefile pkgsrc/meta-pkgs/py-gnome-bindings: Makefile pkgsrc/meta-pkgs/qmail-server: Makefile pkgsrc/misc/byobu: Makefile pkgsrc/misc/calibre: Makefile pkgsrc/misc/deskbar-applet: Makefile pkgsrc/misc/gaupol: Makefile pkgsrc/misc/khard: Makefile pkgsrc/misc/kig: Makefile pkgsrc/misc/kunitconversion: Makefile pkgsrc/misc/labelnation: Makefile pkgsrc/misc/libkkc-data: Makefile pkgsrc/misc/libmateweather: Makefile pkgsrc/misc/libreoffice: Makefile pkgsrc/misc/mate-calc: Makefile pkgsrc/misc/mate-utils: Makefile pkgsrc/misc/mnemosyne: Makefile pkgsrc/misc/mtail: Makefile pkgsrc/misc/orca: Makefile pkgsrc/misc/rlwrap: Makefile pkgsrc/misc/routeplanner-cli: Makefile pkgsrc/misc/rox-memo: Makefile pkgsrc/misc/superkaramba: Makefile pkgsrc/misc/tellico: Makefile pkgsrc/misc/todoman: Makefile pkgsrc/multimedia/farsight2: Makefile pkgsrc/multimedia/kodi: Makefile pkgsrc/multimedia/mate-media: Makefile pkgsrc/multimedia/mpv: Makefile pkgsrc/multimedia/pitivi: Makefile pkgsrc/multimedia/streamlink: Makefile pkgsrc/net/Radicale: Makefile pkgsrc/net/Radicale2: Makefile pkgsrc/net/bittornado: Makefile pkgsrc/net/bittornado-gui: Makefile pkgsrc/net/bittorrent: Makefile pkgsrc/net/bittorrent-gui: Makefile pkgsrc/net/calypso: Makefile pkgsrc/net/coda: Makefile pkgsrc/net/coherence: Makefile pkgsrc/net/coursera-dl: Makefile pkgsrc/net/exabgp: Makefile pkgsrc/net/flow-tools: Makefile pkgsrc/net/freeradius-python: Makefile pkgsrc/net/gallery-dl: Makefile pkgsrc/net/gitso: Makefile pkgsrc/net/glib-networking: Makefile pkgsrc/net/gupnp: Makefile pkgsrc/net/httpstat: Makefile pkgsrc/net/ipcheck: Makefile pkgsrc/net/knot: Makefile pkgsrc/net/mate-user-share: Makefile pkgsrc/net/mimms: Makefile pkgsrc/net/mitmproxy: Makefile pkgsrc/net/nagstamon: Makefile pkgsrc/net/ndiff: Makefile pkgsrc/net/netatalk3: Makefile pkgsrc/net/netatalk30: Makefile pkgsrc/net/nicotine: Makefile pkgsrc/net/nicovideo-dl: Makefile pkgsrc/net/ntop: Makefile pkgsrc/net/nyx: Makefile pkgsrc/net/omniORB: Makefile pkgsrc/net/onionbalance: Makefile pkgsrc/net/openconnect: Makefile pkgsrc/net/pygopherd: Makefile pkgsrc/net/rabbitmq: Makefile pkgsrc/net/ruby-recog: Makefile pkgsrc/net/samba4: Makefile pkgsrc/net/scapy: Makefile pkgsrc/net/speedtest-cli: Makefile pkgsrc/net/syncthing-gtk: Makefile pkgsrc/net/upnpinspector: Makefile pkgsrc/net/wireshark: Makefile pkgsrc/net/youtube-dl: Makefile pkgsrc/net/zenmap: Makefile pkgsrc/news/hellanzb: Makefile pkgsrc/news/lottanzb: Makefile pkgsrc/parallel/ganglia-monitor-core: Makefile pkgsrc/parallel/slurm-wlm: Makefile pkgsrc/pkgtools/gnome-packagekit: Makefile pkgsrc/pkgtools/packagekit: Makefile pkgsrc/print/atril: Makefile pkgsrc/print/bg5pdf: Makefile pkgsrc/print/bg5ps: Makefile pkgsrc/print/electrix: Makefile pkgsrc/print/hplip: Makefile pkgsrc/print/lilypond: Makefile pkgsrc/print/pdf-redact-tools: Makefile pkgsrc/print/pdfshuffler: Makefile pkgsrc/print/poppler-glib: Makefile pkgsrc/print/scribus-qt4: Makefile pkgsrc/print/tex-changes: Makefile pkgsrc/print/tex-minted: Makefile pkgsrc/security/PACK: Makefile pkgsrc/security/botan: Makefile pkgsrc/security/botan-devel: Makefile pkgsrc/security/fail2ban: Makefile pkgsrc/security/flawfinder: Makefile pkgsrc/security/fsh: Makefile pkgsrc/security/hitch: Makefile pkgsrc/security/kwallet: Makefile pkgsrc/security/libprelude-python: Makefile pkgsrc/security/libpreludedb-python: Makefile pkgsrc/security/mate-polkit: Makefile pkgsrc/security/mbedtls: Makefile pkgsrc/security/mixminion: Makefile pkgsrc/security/pcsc-lite: Makefile pkgsrc/security/prelude-correlator: Makefile pkgsrc/security/pyca: Makefile pkgsrc/security/sqlmap: Makefile pkgsrc/security/sshfp: Makefile pkgsrc/security/volatility: Makefile pkgsrc/shells/autojump: Makefile pkgsrc/shells/fish: Makefile pkgsrc/shells/lshell: Makefile pkgsrc/shells/xonsh: Makefile pkgsrc/sysutils/ansible2: Makefile pkgsrc/sysutils/binwalk: Makefile pkgsrc/sysutils/bup: Makefile pkgsrc/sysutils/caja: Makefile pkgsrc/sysutils/caja-dropbox: Makefile pkgsrc/sysutils/caja-extensions: Makefile pkgsrc/sysutils/cuisine: Makefile pkgsrc/sysutils/dbus-python-common: Makefile pkgsrc/sysutils/dupeguru: Makefile pkgsrc/sysutils/duplicity: Makefile pkgsrc/sysutils/fabric: Makefile pkgsrc/sysutils/gnome-commander: Makefile pkgsrc/sysutils/htop: Makefile pkgsrc/sysutils/kfilemetadata5: Makefile pkgsrc/sysutils/libvirt: Makefile pkgsrc/sysutils/lnav: Makefile pkgsrc/sysutils/logfinder: Makefile pkgsrc/sysutils/manifold: Makefile pkgsrc/sysutils/mate-notification-daemon: Makefile pkgsrc/sysutils/mate-power-manager: Makefile pkgsrc/sysutils/mate-sensors-applet: Makefile pkgsrc/sysutils/monitoring: Makefile pkgsrc/sysutils/munin-doc: Makefile pkgsrc/sysutils/munin-node: Makefile pkgsrc/sysutils/openstack_init: Makefile pkgsrc/sysutils/openxenmanager: Makefile pkgsrc/sysutils/ovmf: Makefile pkgsrc/sysutils/polysh: Makefile pkgsrc/sysutils/rdiff-backup: Makefile pkgsrc/sysutils/rsyslog: Makefile pkgsrc/sysutils/rsyslog-dbi: Makefile pkgsrc/sysutils/rsyslog-elasticsearch: Makefile pkgsrc/sysutils/rsyslog-gnutls: Makefile pkgsrc/sysutils/rsyslog-gssapi: Makefile pkgsrc/sysutils/rsyslog-kafka: Makefile pkgsrc/sysutils/rsyslog-libgcrypt: Makefile pkgsrc/sysutils/rsyslog-mysql: Makefile pkgsrc/sysutils/rsyslog-omprog: Makefile pkgsrc/sysutils/rsyslog-pgsql: Makefile pkgsrc/sysutils/rsyslog-rabbitmq: Makefile pkgsrc/sysutils/rsyslog-relp: Makefile pkgsrc/sysutils/rsyslog-snmp: Makefile pkgsrc/sysutils/salt: Makefile pkgsrc/sysutils/salt-docs: Makefile pkgsrc/sysutils/tdir: Makefile pkgsrc/sysutils/virt-manager: Makefile pkgsrc/sysutils/virtinst: Makefile pkgsrc/sysutils/vxargs: Makefile pkgsrc/sysutils/xenkernel411: Makefile pkgsrc/sysutils/xenkernel42: Makefile pkgsrc/sysutils/xenkernel45: Makefile pkgsrc/sysutils/xenkernel46: Makefile pkgsrc/sysutils/xenkernel48: Makefile pkgsrc/sysutils/xenstoretools: Makefile pkgsrc/sysutils/xentools411: Makefile pkgsrc/sysutils/xentools42: Makefile pkgsrc/sysutils/xentools45: Makefile pkgsrc/sysutils/xentools46: Makefile pkgsrc/sysutils/xentools48: Makefile pkgsrc/textproc/asciidoc: Makefile pkgsrc/textproc/cmark: Makefile pkgsrc/textproc/coccigrep: Makefile pkgsrc/textproc/csvkit: Makefile pkgsrc/textproc/csvtomd: Makefile pkgsrc/textproc/dblatex: Makefile pkgsrc/textproc/doclifter: Makefile pkgsrc/textproc/gnome-doc-utils: Makefile pkgsrc/textproc/gtk-doc: Makefile pkgsrc/textproc/icu: Makefile pkgsrc/textproc/iso-codes: Makefile pkgsrc/textproc/ispell-lt: Makefile pkgsrc/textproc/itstool: Makefile pkgsrc/textproc/kapidox: Makefile pkgsrc/textproc/libplist: Makefile pkgsrc/textproc/libxlsxwriter: Makefile pkgsrc/textproc/queequeg: Makefile pkgsrc/textproc/rubber: Makefile pkgsrc/textproc/serd: Makefile pkgsrc/textproc/sord: Makefile pkgsrc/textproc/subliminal: Makefile pkgsrc/textproc/translate-toolkit: Makefile pkgsrc/textproc/xmlada: Makefile pkgsrc/textproc/xxdiff-scripts: Makefile pkgsrc/textproc/yelp-tools: Makefile pkgsrc/textproc/yelp-xsl: Makefile pkgsrc/textproc/yodl: Makefile pkgsrc/time/etm: Makefile pkgsrc/time/hamster-applet: Makefile pkgsrc/time/khal: Makefile pkgsrc/time/ntpsec: Makefile pkgsrc/time/wxRemind: Makefile pkgsrc/wm/bmpanel2: Makefile pkgsrc/wm/ccsm: Makefile pkgsrc/wm/marco: Makefile pkgsrc/wm/mate-netbook: Makefile pkgsrc/wm/openbox: Makefile pkgsrc/wm/oroborox: Makefile pkgsrc/www/aws: Makefile pkgsrc/www/bluefish: Makefile pkgsrc/www/browser-bookmarks-menu: Makefile pkgsrc/www/cherokee: Makefile pkgsrc/www/clearsilver: Makefile pkgsrc/www/cliqz: Makefile pkgsrc/www/cppcms: Makefile pkgsrc/www/ies4linux: Makefile pkgsrc/www/ikiwiki: Makefile pkgsrc/www/libpsl: Makefile pkgsrc/www/loggerhead: Makefile pkgsrc/www/nghttp2: Makefile pkgsrc/www/php-concrete5: Makefile pkgsrc/www/php-nextcloud: Makefile pkgsrc/www/php-owncloud: Makefile pkgsrc/www/py-flask-restplus: Makefile pkgsrc/www/ruby-pygments.rb: Makefile pkgsrc/www/trac: Makefile pkgsrc/www/trafficserver: Makefile pkgsrc/www/urlgrabber: Makefile pkgsrc/www/varnish: Makefile pkgsrc/www/viewvc: Makefile pkgsrc/www/webkit-gtk: Makefile pkgsrc/www/zopeedit: Makefile pkgsrc/x11/alacarte: Makefile pkgsrc/x11/arandr: Makefile pkgsrc/x11/avant-window-navigator: Makefile pkgsrc/x11/caribou: Makefile pkgsrc/x11/driconf: Makefile pkgsrc/x11/gnome-applets: Makefile pkgsrc/x11/gnome-desktop: Makefile pkgsrc/x11/gnome-mag: Makefile pkgsrc/x11/gnome-terminal: Makefile pkgsrc/x11/gtk2: Makefile pkgsrc/x11/gtkada: Makefile pkgsrc/x11/kconfigwidgets: Makefile pkgsrc/x11/kde-runtime4: Makefile pkgsrc/x11/kde-workspace4: Makefile pkgsrc/x11/kde4-l10n-sr: Makefile pkgsrc/x11/kitty: Makefile pkgsrc/x11/ktextwidgets: Makefile pkgsrc/x11/kxmlgui: Makefile pkgsrc/x11/libdesktop-agnostic: Makefile pkgsrc/x11/libmatekbd: Makefile pkgsrc/x11/libxcb: Makefile pkgsrc/x11/mate-applets: Makefile pkgsrc/x11/mate-control-center: Makefile pkgsrc/x11/mate-desktop: Makefile pkgsrc/x11/mate-indicator-applet: Makefile pkgsrc/x11/mate-menus: Makefile pkgsrc/x11/mate-panel: Makefile pkgsrc/x11/mate-screensaver: Makefile pkgsrc/x11/mate-session-manager: Makefile pkgsrc/x11/mate-settings-daemon: Makefile pkgsrc/x11/mate-terminal: Makefile pkgsrc/x11/mozo: Makefile pkgsrc/x11/qt5-qtdeclarative: Makefile pkgsrc/x11/qt5-qtwebkit: Makefile pkgsrc/x11/rox-session: Makefile pkgsrc/x11/rox-wallpaper: Makefile pkgsrc/x11/xcb-proto: Makefile Log Message: PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 pkgsrc/net/samba4/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Wed May 15 09:07:21 UTC 2019 Modified Files: pkgsrc/net/samba4: Makefile distinfo Log Message: samba4: updated to 4.10.3 Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum). To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 pkgsrc/net/samba4/Makefile cvs rdiff -u -r1.27 -r1.28 pkgsrc/net/samba4/distinfo
Revision 1.69 / (download) - annotate - [select for diffs], Tue May 28 13:35:54 2019 UTC (4 years, 10 months ago) by jperkin
Branch: MAIN
Changes since 1.68: +1 -5
lines
Diff to previous 1.68 (colored) to selected 1.16.2.1 (colored)
*: Remove per-package MESSAGE.{rcd,smf} handling.
This is now centralised in mk/pkgformat so no need to do it manually.
Revision 1.68 / (download) - annotate - [select for diffs], Wed May 22 19:57:12 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.4 Changes since 4.10.3: * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's. * BUG 13882: py/provision: Fix for Python 2.6. * BUG 13873: netcmd: Fix 'passwordsettings --max-pwd-age' command. * BUG 13938: s3:smbd: Don't use recvfile on streams. * BUG 13861: s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot". * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. * BUG 13895: ctdb-common: Avoid race between fd and signal events. * BUG 13943: ctdb-common: Fix memory leak in run_proc. * BUG 13892: lib: Initialize getline() arguments. * BUG 13903: winbind: Fix overlapping id ranges. * BUG 13902: lib util debug: Increase format buffer to 4KiB. * BUG 13927: nsswitch pam_winbind: Fix Asan use after free. * BUG 13929: s4 lib socket: Ensure address string owned by parent struct. * BUG 13936: s3 rpc_client: Fix Asan stack use after scope. * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO. * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. * BUG 12845: smb2_sesssetup: avoid STATUS_PENDING responses for session setup. * BUG 13698: smb2_tcon: Avoid STATUS_PENDING completely on tdis. * BUG 13796: smb2_sesssetup: avoid STATUS_PENDING responses for session setup. * BUG 13843: dbcheck: Fix the err_empty_attribute() check. * BUG 13858: vfs_snapper: Drop unneeded fstat handler. * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check. * BUG 13863: smb2_server: Grant all 8192 credits to clients. * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. * BUG 13872: s3/vfs_glusterfs: Dynamically determine NAME_MAX. * BUG 13918: s3: modules: ceph: Use current working directory instead of share path. * BUG 13831: winbind: Use domain name from lsa query for sid_to_name cache entry. * BUG 13865: memcache: Increase size of default memcache to 512k. * BUG 13857: docs: Update smbclient manpage for "--max-protocol". * BUG 13861: 'net ads join' to child domain fails when using "-U admin@forestroot". * BUG 13937: s3:utils: If share is NULL in smbcacls, don't print it. * BUG 13939: s3:smbspool: Fix regression printing with Kerberos credentials. * BUG 13860: ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd. * BUG 13888: ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake". * BUG 13930: ctdb-daemon: Never use 0 as a client ID. * BUG 13943: ctdb-common: Fix memory leak. * BUG 13904: s3:debug: Enable logging for early startup failures.
Revision 1.67 / (download) - annotate - [select for diffs], Wed May 15 09:07:21 2019 UTC (4 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.66: +2 -3
lines
Diff to previous 1.66 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.3 Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available These are security releases in order to address CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum).
Revision 1.66 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:12 2019 UTC (4 years, 11 months ago) by maya
Branch: MAIN
Changes since 1.65: +2 -1
lines
Diff to previous 1.65 (colored) to selected 1.16.2.1 (colored)
PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump.
Revision 1.63.2.1 / (download) - annotate - [select for diffs], Wed Apr 10 10:27:05 2019 UTC (5 years ago) by bsiegert
Branch: pkgsrc-2019Q1
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #5933 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.64-1.65
- net/samba4/PLIST 1.22
- net/samba4/distinfo 1.26-1.27
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Apr 3 14:23:06 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
samba4: updated to 4.10.1
Changes since 4.10.0:
* BUG 13837: py/kcc_utils: py2.6 compatibility.
* BUG 13869: libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response.
* BUG 13840: regfio: Improve handling of malformed registry hive files.
* BUG 13789: ctdb-version: Simplify version string usage.
* BUG 13859: lib: Make fd_load work for non-regular files.
* BUG 13816: dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option.
* BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT().
* BUG 13854: s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so.
* BUG 13836: acl_read: Fix regression for empty lists.
* BUG 13841: s4:dlz make b9_has_soa check dc=@ node.
* BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth.
* BUG 13847: s4:librpc: Fix installation of Samba.
* BUG 13848: s3:lib: Fix the debug message for adding cache entries.
* BUG 13793: s3:utils: Add 'smbstatus -L --resolve-uids' to show username.
* BUG 13848: s3:lib: Fix the debug message for adding cache entries.
* BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux.
* BUG 13789: ctdb-build: Drop creation of .distversion in tarball.
* BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory.
---
Module Name: pkgsrc
Committed By: adam
Date: Mon Apr 8 18:35:59 UTC 2019
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
samba4: updated to 4.10.2
Release Notes for Samba 4.10.2
This is a security release in order to address the following defects:
o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
Details
o CVE-2019-3870:
During the provision of a new Active Directory DC, some files in the private/
directory are created world-writable.
o CVE-2019-3880:
Authenticated users with write permission can trigger a symlink traversal to
write or detect files outside the Samba share.
For more details and workarounds, please refer to the security advisories.
Changes since 4.10.1:
* BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
smbd.mkdir().
* BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
SaveKey/RestoreKey.
Revision 1.65 / (download) - annotate - [select for diffs], Mon Apr 8 18:35:58 2019 UTC (5 years ago) by adam
Branch: MAIN
Changes since 1.64: +2 -2
lines
Diff to previous 1.64 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.2 Release Notes for Samba 4.10.2 This is a security release in order to address the following defects: o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) o CVE-2019-3880 (Save registry file outside share as unprivileged user) Details o CVE-2019-3870: During the provision of a new Active Directory DC, some files in the private/ directory are created world-writable. o CVE-2019-3880: Authenticated users with write permission can trigger a symlink traversal to write or detect files outside the Samba share. For more details and workarounds, please refer to the security advisories. Changes since 4.10.1: * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for smbd.mkdir(). * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
Revision 1.64 / (download) - annotate - [select for diffs], Wed Apr 3 14:23:06 2019 UTC (5 years ago) by adam
Branch: MAIN
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.1 Changes since 4.10.0: * BUG 13837: py/kcc_utils: py2.6 compatibility. * BUG 13869: libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response. * BUG 13840: regfio: Improve handling of malformed registry hive files. * BUG 13789: ctdb-version: Simplify version string usage. * BUG 13859: lib: Make fd_load work for non-regular files. * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option. * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(). * BUG 13854: s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so. * BUG 13836: acl_read: Fix regression for empty lists. * BUG 13841: s4:dlz make b9_has_soa check dc=@ node. * BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth. * BUG 13847: s4:librpc: Fix installation of Samba. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13793: s3:utils: Add 'smbstatus -L --resolve-uids' to show username. * BUG 13848: s3:lib: Fix the debug message for adding cache entries. * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. * BUG 13789: ctdb-build: Drop creation of .distversion in tarball. * BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory.
Revision 1.63 / (download) - annotate - [select for diffs], Wed Mar 27 06:28:05 2019 UTC (5 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base
Branch point for: pkgsrc-2019Q1
Changes since 1.62: +3 -1
lines
Diff to previous 1.62 (colored) to selected 1.16.2.1 (colored)
Mark as incomparible with Python 2.7
Revision 1.62 / (download) - annotate - [select for diffs], Wed Mar 20 19:09:10 2019 UTC (5 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.61: +9 -20
lines
Diff to previous 1.61 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.10.0
Release Notes for Samba 4.10.0
This is the first stable release of the Samba 4.10 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
GPO Improvements
----------------
A new 'samba-tool gpo backup' command has been added that can export a
set of Group Policy Objects from a domain in a generalised XML format.
A corresponding 'samba-tool gpo restore' command has been added to
rebuild the Group Policy Objects from the XML after generalization.
(The administrator needs to correct the values of XML entities between
the backup and restore to account for the change in domain).
KDC prefork
-----------
The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.
Prefork 'prefork children'
--------------------------
The default value for this smdb.conf parameter has been increased from 1 to
4.
Netlogon prefork
----------------
DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
pre-forked when the prefork process model is selected for samba.
Offline domain backups
----------------------
The 'samba-tool domain backup' command has been extended with a new 'offline'
option. This safely creates a backup of the local DC's database directly from
disk. The main benefits of an offline backup are it's quicker, it stores more
database details (for forensic purposes), and the samba process does not have
to be running when the backup is made. Refer to the samba-tool help for more
details on using this command.
Group membership statistics
---------------------------
A new 'samba-tool group stats' command has been added. This provides summary
information about how the users are spread across groups in your domain.
The 'samba-tool group list --verbose' command has also been updated to include
the number of users in each group.
Paged results LDAP control
--------------------------
The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696)
has been changed to more closely match Windows servers, to improve memory
usage. Paged results may be used internally (or is requested by the user) by
LDAP libraries or tools that deal with large result sizes, for example, when
listing all the objects in the database.
Previously, results were returned as a snapshot of the database but now,
some changes made to the set of results while paging may be reflected in the
responses. If strict inter-record consistency is required in answers (which is
not possible on Windows with large result sets), consider avoiding the paged
results control or alternatively, it might be possible to enforce restrictions
using the LDAP filter expression.
For further details see https://wiki.samba.org/index.php/Paged_Results
Prefork process restart
-----------------------
The pre-fork process model now restarts failed processes. The delay between
restart attempts is controlled by the "prefork backoff increment" (default = 10)
and "prefork maximum backoff" (default = 120) smbd.conf parameters. A linear
back off strategy is used with "prefork backoff increment" added to the
delay between restart attempts up until it reaches "prefork maximum backoff".
Using the default sequence the restart delays (in seconds) are:
0, 10, 20, ..., 120, 120, ...
Standard process model
----------------------
When using the standard process model samba forks a new process to handle ldap
and netlogon connections. Samba now honours the 'max smbd processes' smb.conf
parameter. The default value of 0, indicates there is no limit. The limit
is applied individually to netlogon and ldap. When the process limit is
exceeded Samba drops new connections immediately.
python3 support
---------------
This is the first release of Samba which has full support for Python 3.
Samba 4.10 still has support for Python 2, however, Python 3 will be used by
default, i.e. 'configure' & 'make' will execute using python3.
To build Samba with python2 you *must* set the 'PYTHON' environment variable
for both the 'configure' and 'make' steps, i.e.
'PYTHON=python2 ./configure'
'PYTHON=python2 make'
This will override the python3 default.
Alternatively, it is possible to produce Samba Python bindings for both
Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2'
as part of the 'configure' command. Note that python3 will still be used as
the default in this case.
Note that Samba 4.10 supports Python 3.4 onwards.
Future Python support
---------------------
Samba 4.10 will be the last release that comes with full support for
Python 2. Unfortunately, the Samba Team doesn't have the resources to support
both Python 2 and Python 3 long-term.
Samba 4.11 will not have any runtime support for Python 2. This means if
you use Python 2 bindings it is time to migrate to Python 3 now.
If you are building Samba using the '--disable-python' option (i.e. you're
excluding all the run-time Python support), then this will continue to work
on a system that supports either python2 or python3.
Also note that Samba 4.11 will most likely only support Python 3.6 onwards.
JSON logging
------------
Authentication messages now contain the Windows Event Id "eventId" and logon
type "logonType". The supported event codes and logon types are:
Event codes:
4624 Successful logon
4625 Unsuccessful logon
Logon Types:
2 Interactive
3 Network
8 NetworkCleartext
The version number for Authentication messages is now 1.1, changed from 1.0
Password change messages now contain the Windows Event Id "eventId", the
supported event Id's are:
4723 Password changed
4724 Password reset
The version number for PasswordChange messages is now 1.1, changed from 1.0
Group membership change messages now contain the Windows Event Id "eventId",
the supported event Id's are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global group
4756 A member was added to a security enabled universal group
4757 A member was removed from a security enabled universal group
4761 A member was added to a security disabled universal group
4762 A member was removed from a security disabled universal group
The version number for GroupChange messages is now 1.1, changed from 1.0. Also
A GroupChange message is generated when a new user is created to log that the
user has been added to their primary group.
The leading "JSON <message type>:" and source file prefix of the JSON formatted
log entries has been removed to make the parsing of the JSON log messages
easier. JSON log entries now start with 2 spaces followed by an opening brace
i.e. " {"
SMBv2 samba-tool support
------------------------
On previous releases, some samba-tool commands would not work against a remote
DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
The affected commands are 'samba-tool domain backup|rename' and the
'samba-tool gpo' set of commands.
New glusterfs_fuse VFS module
-----------------------------
The new vfs_glusterfs_fuse module improves performance when Samba
accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
as part of the Linux kernel). It achieves that by leveraging a
mechanism to retrieve the appropriate case of filenames by querying a
specific extended attribute in the filesystem. No extra configuration
is required to use this module, only glusterfs_fuse needs to be set in
the "vfs objects" parameter. Further details can be found in the
vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
not replace the existing vfs_glusterfs module, it just provides an
additional, alternative mechanism to access a Gluster volume.
REMOVED FEATURES
================
MIT Kerberos build of the AD DC
-------------------------------
While not removed, the MIT Kerberos build of the Samba AD DC is still
considered experimental. Because Samba will not issue security
patches for this configuration, such builds now require the explicit
configure option: --with-experimental-mit-ad-dc
For further details see
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
samba_backup
------------
The samba_backup script has been removed. This has now been replaced by the
'samba-tool domain backup offline' command.
SMB client Python bindings
--------------------------
The SMB client python bindings are now deprecated and will be removed in future
Samba releases. This will only affects users that may have used the Samba
Python bindings to write their own utilities, i.e. users with a custom Python
script that includes the line 'from samba import smb'.
Revision 1.61 / (download) - annotate - [select for diffs], Wed Mar 13 18:02:31 2019 UTC (5 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.60: +3 -4
lines
Diff to previous 1.60 (colored) to selected 1.16.2.1 (colored)
py-twine: updated to 1.13.0 Twine is a utility for publishing Python packages on PyPI. It provides build system independent uploads of source and binary distribution artifacts for both new and existing projects.
Revision 1.60 / (download) - annotate - [select for diffs], Fri Mar 1 20:03:24 2019 UTC (5 years, 1 month ago) by roy
Branch: MAIN
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored) to selected 1.16.2.1 (colored)
Add a patch taken from upstream to allow smbd to work when winbindd has been started but not configured.
Revision 1.59 / (download) - annotate - [select for diffs], Sat Feb 23 21:29:29 2019 UTC (5 years, 1 month ago) by jperkin
Branch: MAIN
Changes since 1.58: +2 -1
lines
Diff to previous 1.58 (colored) to selected 1.16.2.1 (colored)
samba4: Needs socket libraries on SunOS.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jan 3 19:36:45 2019 UTC (5 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.57: +5 -4
lines
Diff to previous 1.57 (colored) to selected 1.16.2.1 (colored)
samba4: use external tevent and tdb; bump revision
Revision 1.57 / (download) - annotate - [select for diffs], Sat Dec 22 01:13:52 2018 UTC (5 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.56: +40 -23
lines
Diff to previous 1.56 (colored) to selected 1.16.2.1 (colored)
samba4: buidling fixes PkgSrc changes: * fix building on Darwin and probably other systems as well * install manpages * use correct install_name on Darwin * does not collide with p5-Parse-Yapp anymore * use cmocka and libgcrypt * clean-ups
Revision 1.56 / (download) - annotate - [select for diffs], Thu Dec 20 21:18:22 2018 UTC (5 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.55: +13 -17
lines
Diff to previous 1.55 (colored) to selected 1.16.2.1 (colored)
samba4: updated to 4.9.4
Release Notes for Samba 4.9.4
Major bug fixes include:
o dns: Fix CNAME loop prevention using counter regression.
Changes since 4.9.3:
* BUG 9175: libcli/smb: Don't overwrite status code.
* BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
* BUG 13661: Session setup reauth fails to sign response.
* BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
* BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing.
* BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
* BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
* BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
* PEP8: fix E231: missing whitespace after ','.
* BUG 13629: winbindd: Fix crash when taking profiles.
* BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression.
* BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs.
* BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
* BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
* BUG 13696: ctdb-daemon: Exit with error if a database directory does not
exist.
* BUG 13498: s3:libads: Add net ads leave keep-account option.
Revision 1.55 / (download) - annotate - [select for diffs], Mon Dec 10 00:14:23 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.54: +1 -2
lines
Diff to previous 1.54 (colored) to selected 1.16.2.1 (colored)
Remove PLIST.*=no to fix packaging
Revision 1.54 / (download) - annotate - [select for diffs], Sun Dec 9 14:48:03 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.53: +12 -2
lines
Diff to previous 1.53 (colored) to selected 1.16.2.1 (colored)
FIx build on 32-bit architecture environments. ldb-lmdb part is not buildable for 32-bit architecture environments. Tested on NetBSD/i386 8.
Revision 1.53 / (download) - annotate - [select for diffs], Mon Dec 3 13:51:52 2018 UTC (5 years, 4 months ago) by mlelstv
Branch: MAIN
Changes since 1.52: +3 -2
lines
Diff to previous 1.52 (colored) to selected 1.16.2.1 (colored)
Set SMB_PRIVATE directory correctly. Add two missing libraries to PLIST.
Revision 1.52 / (download) - annotate - [select for diffs], Thu Nov 29 14:46:46 2018 UTC (5 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.51: +2 -2
lines
Diff to previous 1.51 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.9.3
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Nov 23 07:30:02 2018 UTC (5 years, 4 months ago) by ryoon
Branch: MAIN
Changes since 1.50: +5 -3
lines
Diff to previous 1.50 (colored) to selected 1.16.2.1 (colored)
Update to 4.9.2 Changelog: * Many bugfixes * Update some bundled libraries
Revision 1.50 / (download) - annotate - [select for diffs], Wed Nov 14 22:22:14 2018 UTC (5 years, 5 months ago) by kleink
Branch: MAIN
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored) to selected 1.16.2.1 (colored)
Revbump after cairo 1.16.0 update.
Revision 1.49 / (download) - annotate - [select for diffs], Mon Nov 12 14:40:22 2018 UTC (5 years, 5 months ago) by jperkin
Branch: MAIN
Changes since 1.48: +3 -1
lines
Diff to previous 1.48 (colored) to selected 1.16.2.1 (colored)
*: Add CTF_SUPPORTED/CTF_FILES_SKIP where necessary.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Nov 12 03:52:45 2018 UTC (5 years, 5 months ago) by ryoon
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored) to selected 1.16.2.1 (colored)
Recursive revbump from hardbuzz-2.1.1
Revision 1.47 / (download) - annotate - [select for diffs], Sat Sep 29 14:37:30 2018 UTC (5 years, 6 months ago) by wiedi
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.46: +4 -2
lines
Diff to previous 1.46 (colored) to selected 1.16.2.1 (colored)
samba4: mention correct SMF instances
Revision 1.46 / (download) - annotate - [select for diffs], Wed Aug 22 09:46:07 2018 UTC (5 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored) to selected 1.16.2.1 (colored)
Recursive bump for perl5-5.28.0
Revision 1.45 / (download) - annotate - [select for diffs], Wed Jul 4 13:40:30 2018 UTC (5 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.44: +2 -2
lines
Diff to previous 1.44 (colored) to selected 1.16.2.1 (colored)
*: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed.
Revision 1.44 / (download) - annotate - [select for diffs], Tue Jul 3 05:03:29 2018 UTC (5 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored) to selected 1.16.2.1 (colored)
extend PYTHON_VERSIONS_ for Python 3.7
Revision 1.43 / (download) - annotate - [select for diffs], Tue Apr 17 22:29:46 2018 UTC (6 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored) to selected 1.16.2.1 (colored)
Add p11-kit to gnutls/bl3.mk and bump dependencies.
Revision 1.42 / (download) - annotate - [select for diffs], Mon Apr 16 14:35:03 2018 UTC (6 years ago) by wiz
Branch: MAIN
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored) to selected 1.16.2.1 (colored)
Recursive bump for new fribidi dependency in pango.
Revision 1.41 / (download) - annotate - [select for diffs], Thu Apr 12 09:05:57 2018 UTC (6 years ago) by maya
Branch: MAIN
Changes since 1.40: +2 -1
lines
Diff to previous 1.40 (colored) to selected 1.16.2.1 (colored)
samba4: require GCC 4.4 from xalopp in https://github.com/NetBSD/pkgsrc/pull/24 (Doesn't include the PLIST changes, which I'm hesitating about)
Revision 1.40 / (download) - annotate - [select for diffs], Mon Mar 12 11:17:23 2018 UTC (6 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored) to selected 1.16.2.1 (colored)
Recursive bumps for fontconfig and libzip dependency changes.
Revision 1.39 / (download) - annotate - [select for diffs], Wed Feb 28 03:38:49 2018 UTC (6 years, 1 month ago) by nonaka
Branch: MAIN
Changes since 1.38: +5 -3
lines
Diff to previous 1.38 (colored) to selected 1.16.2.1 (colored)
net/samba4: use devel/talloc package instead of bundled library. I'd like to install net/samba4 and net/freeradius on the same server. But devel/talloc on which net/freeradius depends conflicts bundled talloc library used in net/samba. net/samba also should use devel/talloc package. Bump PKGREVISION.
Revision 1.38 / (download) - annotate - [select for diffs], Sun Jan 28 20:11:00 2018 UTC (6 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION for gdbm shlib major bump
Revision 1.37 / (download) - annotate - [select for diffs], Thu Nov 23 17:20:07 2017 UTC (6 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.36: +2 -2
lines
Diff to previous 1.36 (colored) to selected 1.16.2.1 (colored)
recursive bump for libxkbcommon removal from at-spi2-core
Revision 1.36 / (download) - annotate - [select for diffs], Sun Nov 12 16:03:35 2017 UTC (6 years, 5 months ago) by khorben
Branch: MAIN
Changes since 1.35: +2 -1
lines
Diff to previous 1.35 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION on packages depending on CUPS This should be the last part of the renaming operation for print/cups to print/cups-base. Rationale: packages depending on CUPS but not relying on a functional printing setup only need to depend on print/cups-base (equivalent to the former print/cups). The new print/cups now depends on print/cups-base and on print/cups-filters, thus directly providing a functional printing setup. This bump reflects this change of dependency. As discussed on tech-pkg@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Sep 20 15:14:30 2017 UTC (6 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.6.8, security fix
=============================
Release Notes for Samba 4.6.8
September 20, 2017
=============================
This is a security release in order to address the following defects:
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
=======
Details
=======
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-12150.html
o https://www.samba.org/samba/security/CVE-2017-12151.html
o https://www.samba.org/samba/security/CVE-2017-12163.html
Changes since 4.6.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
* BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.
o Stefan Metzmacher <metze@samba.org>
* BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects.
* BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
when they should.
Revision 1.34 / (download) - annotate - [select for diffs], Mon Sep 18 06:41:46 2017 UTC (6 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.33: +3 -4
lines
Diff to previous 1.33 (colored) to selected 1.16.2.1 (colored)
net/samba4: update to 4.6.7
4.6.7 (2017/08/09): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.6
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.
* BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
smbd_notifyd_init.
o Günther Deschner <gd@samba.org>
* BUG 12840: vfs_fruit: Add fruit:model = <modelname> parametric option.
o David Disseldorp <ddiss@samba.org>
* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Dustin L. Howett
* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Thomas Jarosch <thomas.jarosch@intra2net.com>
* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
o Volker Lendecke <vl@samba.org>
* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher <metze@samba.org>
* BUG 12782: winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change.
* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().
o Noel Power <noel.power@suse.com>
* BUG 12937: smbcacls: Don't fail against a directory on Windows using SMB2.
o Arvid Requate <requate@univention.de>
* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12813: dnsserver: Stop dns_name_equal doing OOB read.
o Andreas Schneider <asn@samba.org>
* BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for
authentication.
o Martin Schwenke <martin@meltin.net>
* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
4.6.6 (2017/07/12): security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
Changes since 4.6.5:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
4.6.5 (2017/06/06): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.4:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
o Christian Ambach <ambi@samba.org>
* BUG 12765: s3:smbcacls add prompt for password.
o Ralph Boehme <slow@samba.org>
* BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if
ignore_system_acls is set.
* BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory.
* BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool.
* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12751: Allow passing trusted domain password as plain-text to PASSDB
layer.
* BUG 12764: systemd: Fix detection of libsystemd.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value.
o Shilpa Krishnareddy <skrishnareddy@panzura.com>
* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke <vl@samba.org>
* BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails.
o Stefan Metzmacher <metze@samba.org>
* BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
immediately.
o Doug Nazar <nazard@nazar.ca>
* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Andreas Schneider <asn@samba.org>
* BUG 12687: vfs_expand_msdfs tries to open the remote address as a file
path.
o Martin Schwenke <martin@meltin.net>
* BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes with
wrong exit code.
* BUG 12814: ctdb-common: Fix crash in logging initialisation.
Revision 1.33 / (download) - annotate - [select for diffs], Tue Jun 27 13:37:16 2017 UTC (6 years, 9 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.32: +4 -8
lines
Diff to previous 1.32 (colored) to selected 1.16.2.1 (colored)
Substitute SYSCONFDIR assumed by the embedded Heimdal code properly. Fixes calls to e.g. krb5.keytab that were hardcoded to /etc. PKGREVISION++
Revision 1.32 / (download) - annotate - [select for diffs], Thu Jun 1 13:30:26 2017 UTC (6 years, 10 months ago) by jlam
Branch: MAIN
Changes since 1.31: +2 -2
lines
Diff to previous 1.31 (colored) to selected 1.16.2.1 (colored)
Use public SHLIB_TYPE instead of private _OPSYS_SHLIB_TYPE.
Revision 1.31 / (download) - annotate - [select for diffs], Mon May 29 00:24:19 2017 UTC (6 years, 10 months ago) by wiedi
Branch: MAIN
Changes since 1.30: +4 -1
lines
Diff to previous 1.30 (colored) to selected 1.16.2.1 (colored)
add workaround for https://bugzilla.samba.org/show_bug.cgi?id=12502 fixes build on sunos
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Sat May 27 19:01:15 2017 UTC (6 years, 10 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.27: +7 -10
lines
Diff to previous 1.27 (colored) next main 1.28 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #5431 - requested by he
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.28-1.30
- net/samba4/PLIST 1.11-1.12
- net/samba4/distinfo 1.12-1.13
- net/samba4/options.mk 1.4
- net/samba4/patches/patch-lib_param_loadparm.h 1.2
- net/samba4/patches/patch-source3_script_tests_test__smbclient__s3.sh 1.3
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sat Apr 8 08:56:27 UTC 2017
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo options.mk
pkgsrc/net/samba4/patches: patch-lib_param_loadparm.h
patch-source3_script_tests_test__smbclient__s3.sh
Log Message:
Update to 4.6.2
* Use internal heimdal
Changelog:
Changes since 4.6.1:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12721: Fix regression with "follow symlinks = no".
Changes since 4.6.0:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
o Ralph Boehme <slow@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
CHANGES SINCE 4.6.0rc4
======================
o Jeremy Allison <jra@samba.org>
* BUG 12592: Fix several issues found by covscan.
* BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
queue is drained.
o Ralph Boehme <slow@samba.org>
* BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
* BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is
set to "file".
* BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
o Volker Lendecke <vl@samba.org>
* BUG 12612: Re-enable token groups fallback.
o Stefan Metzmacher <metze@samba.org>
* BUG 9048: Samba4 ldap error codes.
* BUG 12557: gensec:spnego: Add debug message for the failed principal.
* BUG 12605: s3:winbindd: Fix endless forest trust scan.
* BUG 12612: winbindd: Find the domain based on the sid within
wb_lookupusergroups_send().
o Andreas Schneider <asn@samba.org>
* BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token()
correctly.
* BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash
manpage.
* BUG 12592: Fix several issues found by covscan.
o Martin Schwenke <martin@meltin.net>
* BUG 12592: ctdb-logging: CID 1396883 Dereference null return value
(NULL_RETURNS).
CHANGES SINCE 4.6.0rc3
======================
o Jeremy Allison <jra@samba.org>
* BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType".
* BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
o Ralph Boehme <slow@samba.org>
* BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.
* BUG 12536: s3/smbd: Check for invalid access_mask
smbd_calculate_access_mask().
* BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
* BUG 12595: build: Fix generation of CTDB manpages while creating tarball.
o Bryan Mason <bmason@redhat.com>
* BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if
AUTH_INFO_REQUIRED is not set or is not "negotiate".
o Stefan Metzmacher <metze@samba.org>
* BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
against trusted domains.
* BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
trust password.
* BUG 12585: librpc/rpc: fix regression in
NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
* BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
netr_LogonSamLogonEx.
* BUG 12587: winbindd child segfaults on connect to an NT4 domain.
* BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK
with a valid tree connect.
* BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
while it shouldn't.
* BUG 12601: Backport pytalloc_GenericObject_reference() related changes to
4.6.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
alive.
o Andreas Schneider <asn@samba.org>
* BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
o Martin Schwenke <martin@meltin.net>
* BUG 12589: CTDB statd-callout does not cause grace period when
CTDB_NFS_CALLOUT="".
* BUG 12595: ctdb-build: Fix RPM build.
CHANGES SINCE 4.6.0rc2
======================
o Jeremy Allison <jra@samba.org>
* BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
* BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
the same path as streams_xattr_recheck().
* BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.
o Andrew Bartlett <abartlet@samba.org>
* BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and
use_xattrs.
* BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
requiredFeatures.
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Ralph Boehme <slow@samba.org>
* BUG 12184: s3/rpc_server: Shared rpc modules loading.
* BUG 12520: Ensure global "smb encrypt = off" is effective.
* BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.
* BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
readdirattr.
o Volker Lendecke <vl@samba.org>
* BUG 12551: smbd: Fix "map acl inherit" = yes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and
DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S
* BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
2.???" negprot.
o John Mulligan <jmulligan@nasuni.com>
* BUG 12542: docs: Improve description of "unix_primary_group" parameter in
idmap_ad manpage.
o Andreas Schneider <asn@samba.org>
* BUG 12552: waf: Do not install the unit test binary for krb5samba.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
* BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Uri Simchoni <uri@samba.org>
* BUG 12529: waf: Backport finding of pkg-config.
CHANGES SINCE 4.6.0rc1
======================
o Amitay Isaacs <amitay@gmail.com>
* BUG 12469: CTDB lock helper getting stuck trying to lock a record.
* BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket
I/O.
* BUG 12510: sock_daemon_test 4 crashes with SEGV.
* BUG 12513: ctdb-daemon: Remove stale eventd socket.
o Björn Jacke <bj@sernet.de>
* BUG 12535: vfs_default: Unlock the right file in copy chunk.
o Volker Lendecke <vl@samba.org>
* BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
* BUG 12538: Backport winbind fixes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12501: s3:winbindd: talloc_steal the extra_data in
winbindd_list_users_recv().
o Martin Schwenke <martin@meltin.net>
* BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to
send.
* BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
* BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple
'default' entries.
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Mon Apr 10 15:27:22 UTC 2017
Modified Files:
pkgsrc/net/samba4: Makefile
Log Message:
Add pkg-config to USE_TOOLS, which is needed to find gnutls.
Problem found in a bulk build. Not bumping PKGREVISION since it
shouldn't change the binary package when it built.
---
Module Name: pkgsrc
Committed By: he
Date: Wed May 24 15:51:32 UTC 2017
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
Update samba4 to version 4.6.4.
Pkgsrc changes:
* Adapt PLIST, new .so installed.
Upstream changes:
Changes since 4.6.3:
---------------------
o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.
Changes since 4.6.2:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend.
o Jeremy Allison <jra@samba.org>
* BUG 12559: Fix for Solaris C compiler.
* BUG 12628: s3: locking: Update oplock optimization for the leases era.
* BUG 12693: Make the Solaris C compiler happy.
* BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
* BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
o Hanno Boeck <hanno@hboeck.de>
* BUG 12746: lib: debug: Avoid negative array access.
* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme <slow@samba.org>
* BUG 7537: streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY.
* BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from
other backends.
* BUG 12565: vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY.
* BUG 12615: manpages/vfs_fruit: Document global options.
* BUG 12624: lib/pthreadpool: Fix a memory leak.
* BUG 12727: Lookup-domain for well-known SIDs on a DC.
* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case.
* BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12723: ctdb_event monitor command crashes if event is not specified.
* BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
o Volker Lendecke <vl@samba.org>
* BUG 12558: smbd: Fix smb1 findfirst with DFS.
* BUG 12610: smbd: Do an early exit on negprot failure.
* BUG 12699: winbindd: Fix substitution for 'template homedir'.
o Stefan Metzmacher <metze@samba.org>
* BUG 12554: s4:kdc: Disable principal based autodetected referral detection.
* BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
the sid is valid.
* BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.
* BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain.
* BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again.
o Christof Schmitt <cs@samba.org>
* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider <asn@samba.org>
* BUG 12554: s3:gse: Correctly handle external trusts with MIT.
* BUG 12611: auth/credentials: Always set the realm if we set the principal
from the ccache.
* BUG 12686: replace: Include sysmacros.h.
* BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.
* BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.
* BUG 12708: winbindd: Child process crashes when kerberos-authenticating
a user with wrong password.
o Uri Simchoni <uri@samba.org>
* BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics.
* BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented.
Revision 1.30 / (download) - annotate - [select for diffs], Wed May 24 15:51:32 2017 UTC (6 years, 10 months ago) by he
Branch: MAIN
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored) to selected 1.16.2.1 (colored)
Update samba4 to version 4.6.4.
Pkgsrc changes:
* Adapt PLIST, new .so installed.
Upstream changes:
Changes since 4.6.3:
---------------------
o Volker Lendecke <vl@samba.org>
* BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
share.
Changes since 4.6.2:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend.
o Jeremy Allison <jra@samba.org>
* BUG 12559: Fix for Solaris C compiler.
* BUG 12628: s3: locking: Update oplock optimization for the leases era.
* BUG 12693: Make the Solaris C compiler happy.
* BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes.
* BUG 12747: Fix buffer overflow caused by wrong use of getgroups.
o Hanno Boeck <hanno@hboeck.de>
* BUG 12746: lib: debug: Avoid negative array access.
* BUG 12748: cleanupdb: Fix a memory read error.
o Ralph Boehme <slow@samba.org>
* BUG 7537: streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY.
* BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from
other backends.
* BUG 12565: vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY.
* BUG 12615: manpages/vfs_fruit: Document global options.
* BUG 12624: lib/pthreadpool: Fix a memory leak.
* BUG 12727: Lookup-domain for well-known SIDs on a DC.
* BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().
* BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case.
* BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12723: ctdb_event monitor command crashes if event is not specified.
* BUG 12733: ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'.
o Volker Lendecke <vl@samba.org>
* BUG 12558: smbd: Fix smb1 findfirst with DFS.
* BUG 12610: smbd: Do an early exit on negprot failure.
* BUG 12699: winbindd: Fix substitution for 'template homedir'.
o Stefan Metzmacher <metze@samba.org>
* BUG 12554: s4:kdc: Disable principal based autodetected referral detection.
* BUG 12613: idmap_autorid: Allocate new domain range if the callers knows
the sid is valid.
* BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.
* BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain.
* BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\user' again.
o Christof Schmitt <cs@samba.org>
* BUG 12725: winbindd: Fix password policy for pam authentication.
o Andreas Schneider <asn@samba.org>
* BUG 12554: s3:gse: Correctly handle external trusts with MIT.
* BUG 12611: auth/credentials: Always set the realm if we set the principal
from the ccache.
* BUG 12686: replace: Include sysmacros.h.
* BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.
* BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.
* BUG 12708: winbindd: Child process crashes when kerberos-authenticating
a user with wrong password.
o Uri Simchoni <uri@samba.org>
* BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics.
* BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Apr 10 15:27:22 2017 UTC (7 years ago) by jnemeth
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored) to selected 1.16.2.1 (colored)
Add pkg-config to USE_TOOLS, which is needed to find gnutls. Problem found in a bulk build. Not bumping PKGREVISION since it shouldn't change the binary package when it built.
Revision 1.28 / (download) - annotate - [select for diffs], Sat Apr 8 08:56:27 2017 UTC (7 years ago) by ryoon
Branch: MAIN
Changes since 1.27: +6 -9
lines
Diff to previous 1.27 (colored) to selected 1.16.2.1 (colored)
Update to 4.6.2
* Use internal heimdal
Changelog:
Changes since 4.6.1:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12721: Fix regression with "follow symlinks = no".
Changes since 4.6.0:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
o Ralph Boehme <slow@samba.org>
* BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
directory.
CHANGES SINCE 4.6.0rc4
======================
o Jeremy Allison <jra@samba.org>
* BUG 12592: Fix several issues found by covscan.
* BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
queue is drained.
o Ralph Boehme <slow@samba.org>
* BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
* BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is
set to "file".
* BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
o Volker Lendecke <vl@samba.org>
* BUG 12612: Re-enable token groups fallback.
o Stefan Metzmacher <metze@samba.org>
* BUG 9048: Samba4 ldap error codes.
* BUG 12557: gensec:spnego: Add debug message for the failed principal.
* BUG 12605: s3:winbindd: Fix endless forest trust scan.
* BUG 12612: winbindd: Find the domain based on the sid within
wb_lookupusergroups_send().
o Andreas Schneider <asn@samba.org>
* BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token()
correctly.
* BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash
manpage.
* BUG 12592: Fix several issues found by covscan.
o Martin Schwenke <martin@meltin.net>
* BUG 12592: ctdb-logging: CID 1396883 Dereference null return value
(NULL_RETURNS).
CHANGES SINCE 4.6.0rc3
======================
o Jeremy Allison <jra@samba.org>
* BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType".
* BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
o Ralph Boehme <slow@samba.org>
* BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.
* BUG 12536: s3/smbd: Check for invalid access_mask
smbd_calculate_access_mask().
* BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
* BUG 12595: build: Fix generation of CTDB manpages while creating tarball.
o Bryan Mason <bmason@redhat.com>
* BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if
AUTH_INFO_REQUIRED is not set or is not "negotiate".
o Stefan Metzmacher <metze@samba.org>
* BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
against trusted domains.
* BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
trust password.
* BUG 12585: librpc/rpc: fix regression in
NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
* BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
netr_LogonSamLogonEx.
* BUG 12587: winbindd child segfaults on connect to an NT4 domain.
* BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK
with a valid tree connect.
* BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
while it shouldn't.
* BUG 12601: Backport pytalloc_GenericObject_reference() related changes to
4.6.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
alive.
o Andreas Schneider <asn@samba.org>
* BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
o Martin Schwenke <martin@meltin.net>
* BUG 12589: CTDB statd-callout does not cause grace period when
CTDB_NFS_CALLOUT="".
* BUG 12595: ctdb-build: Fix RPM build.
CHANGES SINCE 4.6.0rc2
======================
o Jeremy Allison <jra@samba.org>
* BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
* BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
the same path as streams_xattr_recheck().
* BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.
o Andrew Bartlett <abartlet@samba.org>
* BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and
use_xattrs.
* BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
requiredFeatures.
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Ralph Boehme <slow@samba.org>
* BUG 12184: s3/rpc_server: Shared rpc modules loading.
* BUG 12520: Ensure global "smb encrypt = off" is effective.
* BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.
* BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
readdirattr.
o Volker Lendecke <vl@samba.org>
* BUG 12551: smbd: Fix "map acl inherit" = yes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and
DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S
* BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
2.???" negprot.
o John Mulligan <jmulligan@nasuni.com>
* BUG 12542: docs: Improve description of "unix_primary_group" parameter in
idmap_ad manpage.
o Andreas Schneider <asn@samba.org>
* BUG 12552: waf: Do not install the unit test binary for krb5samba.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
* BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
rename.
o Uri Simchoni <uri@samba.org>
* BUG 12529: waf: Backport finding of pkg-config.
CHANGES SINCE 4.6.0rc1
======================
o Amitay Isaacs <amitay@gmail.com>
* BUG 12469: CTDB lock helper getting stuck trying to lock a record.
* BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket
I/O.
* BUG 12510: sock_daemon_test 4 crashes with SEGV.
* BUG 12513: ctdb-daemon: Remove stale eventd socket.
o Björn Jacke <bj@sernet.de>
* BUG 12535: vfs_default: Unlock the right file in copy chunk.
o Volker Lendecke <vl@samba.org>
* BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
* BUG 12538: Backport winbind fixes.
o Stefan Metzmacher <metze@samba.org>
* BUG 12501: s3:winbindd: talloc_steal the extra_data in
winbindd_list_users_recv().
o Martin Schwenke <martin@meltin.net>
* BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to
send.
* BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
* BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple
'default' entries.
Revision 1.27 / (download) - annotate - [select for diffs], Sun Feb 12 06:25:53 2017 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored) to selected 1.16.2.1 (colored)
Recursive revbump from fonts/harfbuzz
Revision 1.26 / (download) - annotate - [select for diffs], Mon Feb 6 13:55:51 2017 UTC (7 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.25: +2 -2
lines
Diff to previous 1.25 (colored) to selected 1.16.2.1 (colored)
Recursive bump for harfbuzz's new graphite2 dependency.
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jan 1 14:43:53 2017 UTC (7 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.24: +2 -2
lines
Diff to previous 1.24 (colored) to selected 1.16.2.1 (colored)
Add python-3.6 to incompatible versions.
Revision 1.24 / (download) - annotate - [select for diffs], Tue Sep 20 11:12:23 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.16.2.1 (colored)
Recursive bump for cups openssl -> gnutls change.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Sep 19 13:04:26 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored) to selected 1.16.2.1 (colored)
Recursive PKGREVISION bump for gnutls shlib major bump.
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Wed Jul 20 18:52:47 2016 UTC (7 years, 8 months ago) by spz
Branch: pkgsrc-2016Q2
Changes since 1.18: +6 -3
lines
Diff to previous 1.18 (colored) next main 1.19 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #5060 - requested by taca
net/samba4: security update
Revisions pulled up:
- net/samba4/Makefile 1.19-1.22
- net/samba4/PLIST 1.8-1.9
- net/samba4/distinfo 1.11
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 7 16:44:14 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
Update samba4 to 4.3.11 (Samba 4.3.11), including security fix for
CVE-2016-2119.
Changes from 4.3.9 to 4.3.10 are too many to write here, please refer
WHATSNEW.txt file.
==============================
Release Notes for Samba 4.3.11
July 07, 2016
==============================
This is a security release in order to address the following defect:
o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
=======
Details
=======
o CVE-2016-2119:
It's possible for an attacker to downgrade the required signing for
an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST
or SMB2_SESSION_FLAG_IS_NULL flags.
This means that the attacker can impersonate a server being connected to by
Samba, and return malicious results.
The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking
to domain controllers as a member server, and trusted domains as a domain
controller. These DCE/RPC connections were intended to protected by the
combination of "client ipc signing" and
"client ipc max protocol" in their effective default settings
("mandatory" and "SMB3_11").
Additionally, management tools like net, samba-tool and rpcclient use DCERPC
over SMB2/3 connections.
By default, other tools in Samba are unprotected, but rarely they are
configured to use smb signing, via the "client signing" parameter (the default
is "if_required"). Even more rarely the "client max protocol" is set to SMB2,
rather than the NT1 default.
If both these conditions are met, then this issue would also apply to these
other tools, including command line tools like smbcacls, smbcquota, smbclient,
smbget and applications using libsmbclient.
Changes since 4.3.10:
--------------------
o Stefan Metzmacher <metze@samba.org>
* BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.
* BUG 11948: Total dcerpc response payload more than 0x400000.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/samba4/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/samba4/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 9 06:39:18 UTC 2016
Modified Files:
pkgsrc/archivers/dar: Makefile
pkgsrc/archivers/file-roller: Makefile
pkgsrc/archivers/libzip: Makefile
pkgsrc/archivers/upx: Makefile
pkgsrc/audio/abcde: Makefile
pkgsrc/audio/amarok: Makefile
pkgsrc/audio/ardour: Makefile
pkgsrc/audio/arts: Makefile
pkgsrc/audio/disc-cover: Makefile
pkgsrc/audio/distmp3: Makefile
pkgsrc/audio/festival: Makefile
pkgsrc/audio/flac2mp3: Makefile
pkgsrc/audio/gtkpod: Makefile
pkgsrc/audio/jack: Makefile
pkgsrc/audio/kid3: Makefile
pkgsrc/audio/libgroove: Makefile
pkgsrc/audio/liteamp: Makefile
pkgsrc/audio/lmms: Makefile
pkgsrc/audio/mkcdtoc: Makefile
pkgsrc/audio/mp32ogg: Makefile
pkgsrc/audio/mp3cut: Makefile
pkgsrc/audio/mserv: Makefile
pkgsrc/audio/mserv-devel: Makefile
pkgsrc/audio/mserv-irman: Makefile
pkgsrc/audio/mstream: Makefile
pkgsrc/audio/nas-auscope: Makefile
pkgsrc/audio/normalize: Makefile
pkgsrc/audio/oggasm: Makefile
pkgsrc/audio/paprefs: Makefile
pkgsrc/audio/pavucontrol: Makefile
pkgsrc/audio/pavumeter: Makefile
pkgsrc/audio/rip: Makefile
pkgsrc/audio/sphinxbase: Makefile
pkgsrc/audio/sphinxtrain: Makefile
pkgsrc/benchmarks/bonnie++: Makefile
pkgsrc/benchmarks/bytebench: Makefile
pkgsrc/benchmarks/hbench: Makefile
pkgsrc/benchmarks/iozone: Makefile
pkgsrc/benchmarks/lmbench: Makefile
pkgsrc/biology/bioperl: Makefile
pkgsrc/biology/bodr: Makefile
pkgsrc/biology/bwa: Makefile
pkgsrc/biology/cdhit: Makefile
pkgsrc/biology/gnome-chemistry-utils: Makefile
pkgsrc/biology/gromacs: Makefile
pkgsrc/biology/mpqc: Makefile
pkgsrc/biology/mummer: Makefile
pkgsrc/cad/dinotrace: Makefile
pkgsrc/cad/freehdl: Makefile
pkgsrc/cad/geda: Makefile
pkgsrc/cad/gwave: Makefile
pkgsrc/cad/spiceprm: Makefile
pkgsrc/chat/anope: Makefile
pkgsrc/chat/bitchbot: Makefile
pkgsrc/chat/centerim: Makefile
pkgsrc/chat/cgiirc: Makefile
pkgsrc/chat/dccserver: Makefile
pkgsrc/chat/dircproxy: Makefile
pkgsrc/chat/finch: Makefile
pkgsrc/chat/inspircd: Makefile
pkgsrc/chat/inspircd12: Makefile
pkgsrc/chat/ircd-hybrid: Makefile
pkgsrc/chat/ircservices: Makefile
pkgsrc/chat/jabberd2: Makefile
pkgsrc/chat/kgb-bot: Makefile
pkgsrc/chat/kmess: Makefile
pkgsrc/chat/konversation: Makefile
pkgsrc/chat/konversation-kde3: Makefile
pkgsrc/chat/libpurple: Makefile
pkgsrc/chat/pidgin-libnotify: Makefile
pkgsrc/chat/pidgin-otr: Makefile
pkgsrc/chat/pidgin-sametime: Makefile
pkgsrc/chat/pidgin-silc: Makefile
pkgsrc/chat/sirc: Makefile
pkgsrc/chat/vicq: Makefile
pkgsrc/chat/xchat: Makefile
pkgsrc/chat/xchat-python: Makefile
pkgsrc/comms/asterisk: Makefile
pkgsrc/comms/asterisk13: Makefile
pkgsrc/comms/asterisk18: Makefile
pkgsrc/comms/fidogate: Makefile
pkgsrc/comms/gnome-pilot: Makefile
pkgsrc/comms/mgetty+sendfax: Makefile
pkgsrc/comms/op_panel: Makefile
pkgsrc/comms/p5-Asterisk: Makefile
pkgsrc/comms/pilot-link: Makefile
pkgsrc/comms/pilotmgr: Makefile
pkgsrc/converters/2vcard: Makefile
pkgsrc/converters/bibtex2html: Makefile
pkgsrc/converters/code2html: Makefile
pkgsrc/converters/convmv: Makefile
pkgsrc/converters/doc2html: Makefile
pkgsrc/converters/docx2txt: Makefile
pkgsrc/converters/dos2unix: Makefile
pkgsrc/converters/help2man: Makefile
pkgsrc/converters/jcode-perl: Makefile
pkgsrc/converters/libabw: Makefile
pkgsrc/converters/libfreehand: Makefile
pkgsrc/converters/libvisio: Makefile
pkgsrc/converters/libwpg: Makefile
pkgsrc/converters/nkf: Makefile
pkgsrc/converters/rpm2cpio: Makefile
pkgsrc/converters/skf: Makefile
pkgsrc/converters/smbchartool: Makefile
pkgsrc/converters/txt2html: Makefile
pkgsrc/converters/txt2pdbdoc: Makefile
pkgsrc/cross/avr-binutils: Makefile
pkgsrc/cross/avr-gcc: Makefile
pkgsrc/cross/avr-libc: Makefile
pkgsrc/cross/binutils-mips-current: Makefile
pkgsrc/cross/cc65: Makefile
pkgsrc/cross/cross-binutils: Makefile
pkgsrc/cross/cross-libtool-base: Makefile
pkgsrc/cross/gcc-mips-current: Makefile
pkgsrc/cross/nios2-gcc: Makefile
pkgsrc/cross/nios2-gcc3: Makefile
pkgsrc/cross/nios2-gcc41: Makefile
pkgsrc/databases/couchdb: Makefile
pkgsrc/databases/cstore: Makefile
pkgsrc/databases/gnome-mime-data: Makefile
pkgsrc/databases/gq: Makefile
pkgsrc/databases/idzebra: Makefile
pkgsrc/databases/innotop: Makefile
pkgsrc/databases/krecipes: Makefile
pkgsrc/databases/lbdb: Makefile
pkgsrc/databases/libcassandra: Makefile
pkgsrc/databases/maatkit: Makefile
pkgsrc/databases/mariadb55-client: Makefile
pkgsrc/databases/mysql-cluster: Makefile
pkgsrc/databases/mysql51-client: Makefile
pkgsrc/databases/mysql55-client: Makefile
pkgsrc/databases/mysql56-client: Makefile
pkgsrc/databases/mysqltuner: Makefile
pkgsrc/databases/mytop: Makefile
pkgsrc/databases/p5-DBI: Makefile
pkgsrc/databases/p5-DBIWrapper: Makefile
pkgsrc/databases/p5-perl-ldap: Makefile
pkgsrc/databases/p5-postgresql: Makefile
pkgsrc/databases/p5-sybperl: Makefile
pkgsrc/databases/p5-tokyocabinet: Makefile
pkgsrc/databases/p5-tokyotyrant: Makefile
pkgsrc/databases/percona-toolkit: Makefile
pkgsrc/databases/pgbuildfarm: Makefile
pkgsrc/databases/postgresql-postgis2: Makefile
pkgsrc/databases/postgresql91: Makefile
pkgsrc/databases/postgresql91-docs: Makefile
pkgsrc/databases/postgresql91-plperl: Makefile
pkgsrc/databases/postgresql92: Makefile
pkgsrc/databases/postgresql92-docs: Makefile
pkgsrc/databases/postgresql92-plperl: Makefile
pkgsrc/databases/postgresql93: Makefile
pkgsrc/databases/postgresql93-docs: Makefile
pkgsrc/databases/postgresql93-plperl: Makefile
pkgsrc/databases/postgresql94: Makefile
pkgsrc/databases/postgresql94-docs: Makefile
pkgsrc/databases/postgresql94-plperl: Makefile
pkgsrc/databases/postgresql95: Makefile
pkgsrc/databases/postgresql95-docs: Makefile
pkgsrc/databases/postgresql95-plperl: Makefile
pkgsrc/databases/rdb: Makefile
pkgsrc/databases/rrdtool: Makefile
pkgsrc/databases/rrdtool12: Makefile
pkgsrc/databases/sqlrelay: Makefile
pkgsrc/databases/yasql: Makefile
pkgsrc/devel/GConf: Makefile
pkgsrc/devel/MoarVM: Makefile
pkgsrc/devel/RTx-RightsMatrix: Makefile
pkgsrc/devel/adocman: Makefile
pkgsrc/devel/aegis: Makefile
pkgsrc/devel/anjuta: Makefile
pkgsrc/devel/atkmm: Makefile
pkgsrc/devel/autoconf: Makefile
pkgsrc/devel/autoconf213: Makefile
pkgsrc/devel/autogen: Makefile
pkgsrc/devel/automake: Makefile
pkgsrc/devel/automake14: Makefile
pkgsrc/devel/bglibs: Makefile
pkgsrc/devel/binutils: Makefile
pkgsrc/devel/bison: Makefile
pkgsrc/devel/bugzilla: Makefile
pkgsrc/devel/bugzilla3: Makefile
pkgsrc/devel/cogito: Makefile
pkgsrc/devel/colordiff: Makefile
pkgsrc/devel/commit-patch: Makefile
pkgsrc/devel/cook: Makefile
pkgsrc/devel/cqual: Makefile
pkgsrc/devel/ctemplate: Makefile
pkgsrc/devel/cvs2cl: Makefile
pkgsrc/devel/cvs2html: Makefile
pkgsrc/devel/cvsd: Makefile
pkgsrc/devel/cvsutils: Makefile
pkgsrc/devel/darcs: Makefile
pkgsrc/devel/delta: Makefile
pkgsrc/devel/devhelp: Makefile
pkgsrc/devel/doxygen: Makefile
pkgsrc/devel/easygit: Makefile
pkgsrc/devel/etrace: Makefile
pkgsrc/devel/gconfmm: Makefile
pkgsrc/devel/gcvs: Makefile
pkgsrc/devel/gdb: Makefile
pkgsrc/devel/gdbus-codegen: Makefile
pkgsrc/devel/gdl: Makefile
pkgsrc/devel/geany: Makefile
pkgsrc/devel/git-base: Makefile
pkgsrc/devel/git-docs: Makefile
pkgsrc/devel/gitolite: Makefile
pkgsrc/devel/glib2: Makefile
pkgsrc/devel/glibmm: Makefile
pkgsrc/devel/global: Makefile
pkgsrc/devel/gmake: Makefile
pkgsrc/devel/gperftools: Makefile
pkgsrc/devel/gps: Makefile
pkgsrc/devel/jemalloc: Makefile
pkgsrc/devel/kdbg: Makefile
pkgsrc/devel/kdesdk-kioslaves: Makefile
pkgsrc/devel/kdesdk3: Makefile
pkgsrc/devel/kdevelop-base: Makefile
pkgsrc/devel/kdevelop4: Makefile
pkgsrc/devel/kdevplatform: Makefile
pkgsrc/devel/kdoctools: Makefile
pkgsrc/devel/ktexteditor: Makefile
pkgsrc/devel/lcov: Makefile
pkgsrc/devel/ldapsdk: Makefile
pkgsrc/devel/libbonobo: Makefile
pkgsrc/devel/libcerf: Makefile
pkgsrc/devel/libcompizconfig: Makefile
pkgsrc/devel/libgnomeui: Makefile
pkgsrc/devel/libidn: Makefile
pkgsrc/devel/libpgm: Makefile
pkgsrc/devel/libsigc++: Makefile
pkgsrc/devel/libstatgrab: Makefile
pkgsrc/devel/libthrift: Makefile
pkgsrc/devel/libtool: Makefile
pkgsrc/devel/libtool-base: Makefile
pkgsrc/devel/libtool-fortran: Makefile
pkgsrc/devel/libwhisker2: Makefile
pkgsrc/devel/lua-posix: Makefile
pkgsrc/devel/memcached: Makefile
pkgsrc/devel/monodevelop: Makefile
pkgsrc/devel/monotone: Makefile
pkgsrc/devel/mr: Makefile
pkgsrc/devel/nasm: Makefile
pkgsrc/devel/ncurses: Makefile
pkgsrc/devel/netbeans-ide: Makefile
pkgsrc/devel/nspr: Makefile
pkgsrc/devel/nss: Makefile
pkgsrc/devel/ossp-uuid: Makefile
pkgsrc/devel/p5-App-perlbrew: Makefile
pkgsrc/devel/p5-B-Hooks-OP-Annotation: Makefile
pkgsrc/devel/p5-EV: Makefile
pkgsrc/devel/p5-Event: Makefile
pkgsrc/devel/p5-LDAP: Makefile
pkgsrc/devel/p5-Log-Any-Adapter-Log4perl: Makefile
pkgsrc/devel/p5-Log-Log4perl: Makefile
pkgsrc/devel/p5-Test-Log4perl: Makefile
pkgsrc/devel/pangomm: Makefile
pkgsrc/devel/papaya: Makefile
pkgsrc/devel/patchutils: Makefile
pkgsrc/devel/prcs: Makefile
pkgsrc/devel/pstreams: Makefile
pkgsrc/devel/quilt: Makefile
pkgsrc/devel/refinecvs: Makefile
pkgsrc/devel/rpc2: Makefile
pkgsrc/devel/rt-mysql: Makefile
pkgsrc/devel/rt4: Makefile
pkgsrc/devel/sdcc: Makefile
pkgsrc/devel/sdcc3: Makefile
pkgsrc/devel/sparse: Makefile
pkgsrc/devel/startbug1: Makefile
pkgsrc/devel/stfl: Makefile
pkgsrc/devel/stgit: Makefile
pkgsrc/devel/subversion: Makefile
pkgsrc/devel/sunifdef: Makefile
pkgsrc/devel/svk: Makefile
pkgsrc/devel/tet3: Makefile
pkgsrc/devel/tmake: Makefile
pkgsrc/devel/valgrind: Makefile
pkgsrc/devel/xfce4-conf: Makefile
pkgsrc/devel/xulrunner10: Makefile
pkgsrc/devel/xulrunner17: Makefile
pkgsrc/devel/xulrunner192: Makefile
pkgsrc/editors/TeXmacs: Makefile
pkgsrc/editors/conglomerate: Makefile
pkgsrc/editors/emacs20: Makefile
pkgsrc/editors/emacs21: Makefile
pkgsrc/editors/emacs22: Makefile
pkgsrc/editors/gedit: Makefile
pkgsrc/editors/gedit-python: Makefile
pkgsrc/editors/gedit3: Makefile
pkgsrc/editors/kile: Makefile
pkgsrc/editors/kile-kde3: Makefile
pkgsrc/editors/lyx: Makefile
pkgsrc/editors/nvi-m17n: Makefile
pkgsrc/editors/vigor: Makefile
pkgsrc/editors/xemacs-packages: Makefile
pkgsrc/emulators/darwin_lib: Makefile
pkgsrc/emulators/freebsd_lib: Makefile
pkgsrc/emulators/fuse-emulator: Makefile
pkgsrc/emulators/hercules: Makefile
pkgsrc/emulators/kegs: Makefile
pkgsrc/emulators/libspectrum: Makefile
pkgsrc/emulators/osf1_lib: Makefile
pkgsrc/emulators/palmosemulator: Makefile
pkgsrc/emulators/qemu: Makefile
pkgsrc/emulators/qemu0: Makefile
pkgsrc/emulators/raine: Makefile
pkgsrc/emulators/shoebill: Makefile
pkgsrc/emulators/snes9x-gtk: Makefile
pkgsrc/emulators/suse100_base: Makefile
pkgsrc/emulators/suse121_base: Makefile
pkgsrc/emulators/suse131_base: Makefile
pkgsrc/emulators/tme: Makefile
pkgsrc/emulators/z26: Makefile
pkgsrc/filesystems/fuse-svnfs: Makefile
pkgsrc/finance/gkrellm-stock: Makefile
pkgsrc/finance/gnucash: Makefile
pkgsrc/finance/kmymoney2: Makefile
pkgsrc/fonts/fntsample: Makefile
pkgsrc/fonts/ja-shinonome: Makefile
pkgsrc/fonts/monafonts: Makefile
pkgsrc/fonts/terminus-font: Makefile
pkgsrc/fonts/tex-accfonts: Makefile
pkgsrc/fonts/tex-dosepsbin: Makefile
pkgsrc/fonts/tex-fontools: Makefile
pkgsrc/fonts/tex-mf2pt1: Makefile
pkgsrc/fonts/ttf2pt1: Makefile
pkgsrc/fonts/type1inst: Makefile
pkgsrc/fonts/unifont: Makefile
pkgsrc/games/asc: Makefile
pkgsrc/games/asciiquarium: Makefile
pkgsrc/games/bzflag: Makefile
pkgsrc/games/crossfire-client: Makefile
pkgsrc/games/crossfire-server: Makefile
pkgsrc/games/eboard: Makefile
pkgsrc/games/frozen-bubble: Makefile
pkgsrc/games/minami: Makefile
pkgsrc/games/netmaj: Makefile
pkgsrc/games/wesnoth: Makefile
pkgsrc/games/xboard: Makefile
pkgsrc/games/xracer: Makefile
pkgsrc/games/xscorch: Makefile
pkgsrc/games/zoom: Makefile
pkgsrc/geography/gpsdrive: Makefile
pkgsrc/geography/proj-swig: Makefile
pkgsrc/geography/qgis: Makefile
pkgsrc/graphics/GraphicsMagick: Makefile
pkgsrc/graphics/ImageMagick: Makefile
pkgsrc/graphics/ImageMagick6: Makefile
pkgsrc/graphics/OpenRM: Makefile
pkgsrc/graphics/asymptote: Makefile
pkgsrc/graphics/cairomm: Makefile
pkgsrc/graphics/cdlabelgen: Makefile
pkgsrc/graphics/cheese: Makefile
pkgsrc/graphics/circos: Makefile
pkgsrc/graphics/claraocr: Makefile
pkgsrc/graphics/compface: Makefile
pkgsrc/graphics/digikam: Makefile
pkgsrc/graphics/digikam-doc-kde3: Makefile
pkgsrc/graphics/digikam-kde3: Makefile
pkgsrc/graphics/enblend-enfuse: Makefile
pkgsrc/graphics/fly: Makefile
pkgsrc/graphics/g2: Makefile
pkgsrc/graphics/gd: Makefile
pkgsrc/graphics/get_ds7: Makefile
pkgsrc/graphics/gimp: Makefile
pkgsrc/graphics/gimp-docs-en: Makefile
pkgsrc/graphics/gimp-ufraw: Makefile
pkgsrc/graphics/gnome-icon-theme: Makefile
pkgsrc/graphics/goocanvasmm: Makefile
pkgsrc/graphics/graphviz: Makefile
pkgsrc/graphics/gri: Makefile
pkgsrc/graphics/gtkam: Makefile
pkgsrc/graphics/gtkglext: Makefile
pkgsrc/graphics/gwenview-kde3: Makefile
pkgsrc/graphics/icon-naming-utils: Makefile
pkgsrc/graphics/inkscape: Makefile
pkgsrc/graphics/kbarcode: Makefile
pkgsrc/graphics/kipi-plugins-calendar-kde3: Makefile
pkgsrc/graphics/kipi-plugins-kde3: Makefile
pkgsrc/graphics/koverartist: Makefile
pkgsrc/graphics/magicpoint: Makefile
pkgsrc/graphics/netpbm: Makefile
pkgsrc/graphics/pfstools: Makefile
pkgsrc/graphics/ps2eps: Makefile
pkgsrc/graphics/ristretto: Makefile
pkgsrc/graphics/showimg: Makefile
pkgsrc/graphics/tex-a2ping: Makefile
pkgsrc/graphics/tex-epstopdf: Makefile
pkgsrc/graphics/tex-pdfcrop: Makefile
pkgsrc/graphics/ucview: Makefile
pkgsrc/graphics/unicap: Makefile
pkgsrc/graphics/xplot: Makefile
pkgsrc/graphics/xplot-devel: Makefile
pkgsrc/graphics/zphoto: Makefile
pkgsrc/ham/fldigi: Makefile
pkgsrc/ham/gnuradio-core: Makefile
pkgsrc/ham/hamlib: Makefile
pkgsrc/ham/linpsk: Makefile
pkgsrc/ham/osmo-sdr: Makefile
pkgsrc/ham/trustedQSL: Makefile
pkgsrc/inputmethod/scim: Makefile
pkgsrc/inputmethod/xcin: Makefile
pkgsrc/lang/asn1c: Makefile
pkgsrc/lang/cim: Makefile
pkgsrc/lang/clang-static-analyzer: Makefile
pkgsrc/lang/erlang: Makefile
pkgsrc/lang/fort77: Makefile
pkgsrc/lang/g95: Makefile
pkgsrc/lang/gcc-aux: Makefile
pkgsrc/lang/gcc44: Makefile
pkgsrc/lang/gcc45: Makefile
pkgsrc/lang/gcc46: Makefile
pkgsrc/lang/gcc47: Makefile
pkgsrc/lang/gcc48: Makefile
pkgsrc/lang/gcc49: Makefile
pkgsrc/lang/gcc5: Makefile
pkgsrc/lang/gforth: Makefile
pkgsrc/lang/ghc: Makefile
pkgsrc/lang/ghc-bootstrap: Makefile
pkgsrc/lang/ghc7: Makefile
pkgsrc/lang/go: Makefile
pkgsrc/lang/go14: Makefile
pkgsrc/lang/guile: Makefile
pkgsrc/lang/gwydion-dylan: Makefile
pkgsrc/lang/libLLVM: Makefile
pkgsrc/lang/llvm: Makefile
pkgsrc/lang/mercury: Makefile
pkgsrc/lang/mono: Makefile
pkgsrc/lang/mono2: Makefile
pkgsrc/lang/moscow_ml: Makefile
pkgsrc/lang/nqp: Makefile
pkgsrc/lang/oo2c: Makefile
pkgsrc/lang/ossp-js: Makefile
pkgsrc/lang/parrot: Makefile
pkgsrc/lang/pfe: Makefile
pkgsrc/lang/rakudo-star: Makefile
pkgsrc/lang/sather: Makefile
pkgsrc/lang/see: Makefile
pkgsrc/lang/spidermonkey17: Makefile
pkgsrc/mail/YoSucker: Makefile
pkgsrc/mail/amavis-perl: Makefile
pkgsrc/mail/amavisd-new: Makefile
pkgsrc/mail/anomy-sanitizer: Makefile
pkgsrc/mail/avenger: Makefile
pkgsrc/mail/balsa: Makefile
pkgsrc/mail/bogofilter: Makefile
pkgsrc/mail/claws-mail: Makefile
pkgsrc/mail/claws-mail-vcalendar: Makefile
pkgsrc/mail/clawsker: Makefile
pkgsrc/mail/cone: Makefile
pkgsrc/mail/courier-analog: Makefile
pkgsrc/mail/courier-imap: Makefile
pkgsrc/mail/courier-maildir: Makefile
pkgsrc/mail/cyrus-imapd: Makefile
pkgsrc/mail/cyrus-imapd23: Makefile
pkgsrc/mail/cyrus-imapd24: Makefile
pkgsrc/mail/dcc: Makefile
pkgsrc/mail/demime: Makefile
pkgsrc/mail/distribute: Makefile
pkgsrc/mail/dspam: Makefile
pkgsrc/mail/elmo: Makefile
pkgsrc/mail/etpan: Makefile
pkgsrc/mail/exim: Makefile
pkgsrc/mail/exim3: Makefile
pkgsrc/mail/faces: Makefile
pkgsrc/mail/fetchyahoo: Makefile
pkgsrc/mail/fix-mime-charset: Makefile
pkgsrc/mail/fml: Makefile
pkgsrc/mail/fromto: Makefile
pkgsrc/mail/grepmail: Makefile
pkgsrc/mail/imapsync: Makefile
pkgsrc/mail/kbiff: Makefile
pkgsrc/mail/mailagent: Makefile
pkgsrc/mail/maildrop: Makefile
pkgsrc/mail/mailgraph: Makefile
pkgsrc/mail/mailhops: Makefile
pkgsrc/mail/mailserv: Makefile
pkgsrc/mail/mailsort: Makefile
pkgsrc/mail/majordomo: Makefile
pkgsrc/mail/mb2md: Makefile
pkgsrc/mail/mdfrm: Makefile
pkgsrc/mail/mhonarc: Makefile
pkgsrc/mail/mime-construct: Makefile
pkgsrc/mail/minimalist: Makefile
pkgsrc/mail/mutt: Makefile
pkgsrc/mail/opendkim: Makefile
pkgsrc/mail/opendmarc: Makefile
pkgsrc/mail/policyd-weight: Makefile
pkgsrc/mail/poppy: Makefile
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postgrey: Makefile
pkgsrc/mail/prayer: Makefile
pkgsrc/mail/qgreylist: Makefile
pkgsrc/mail/qmHandle: Makefile
pkgsrc/mail/qmail-lint: Makefile
pkgsrc/mail/qmqtool: Makefile
pkgsrc/mail/rspamd: Makefile
pkgsrc/mail/sendmail-qtool: Makefile
pkgsrc/mail/sendymail: Makefile
pkgsrc/mail/spamassassin: Makefile
pkgsrc/mail/squirrelmail: Makefile
pkgsrc/mail/sqwebmail: Makefile
pkgsrc/mail/teapop: Makefile
pkgsrc/mail/thunderbird-enigmail: Makefile
pkgsrc/mail/turba: Makefile
pkgsrc/math/R: Makefile
pkgsrc/math/R-gdata: Makefile
pkgsrc/math/R-genetics: Makefile
pkgsrc/math/antixls: Makefile
pkgsrc/math/ess: Makefile
pkgsrc/math/fftw: Makefile
pkgsrc/math/fftwf: Makefile
pkgsrc/math/genius: Makefile
pkgsrc/math/maxima: Makefile
pkgsrc/math/ntl: Makefile
pkgsrc/math/ocaml-zarith: Makefile
pkgsrc/math/octave: Makefile
pkgsrc/math/pari: Makefile
pkgsrc/math/pari23: Makefile
pkgsrc/math/ppl: Makefile
pkgsrc/math/pspp: Makefile
pkgsrc/math/qalculate-kde: Makefile
pkgsrc/math/superlu: Makefile
pkgsrc/math/udunits: Makefile
pkgsrc/math/xmgr: Makefile
pkgsrc/math/yacas: Makefile
pkgsrc/mbone/beacon: Makefile
pkgsrc/meta-pkgs/bulk-medium: Makefile
pkgsrc/meta-pkgs/bulk-small: Makefile
pkgsrc/meta-pkgs/kde3: Makefile
pkgsrc/meta-pkgs/kde4: Makefile
pkgsrc/meta-pkgs/netbsd-www: Makefile
pkgsrc/meta-pkgs/texlive-collection-bibtexextra: Makefile
pkgsrc/meta-pkgs/texlive-collection-latexextra: Makefile
pkgsrc/meta-pkgs/texlive-collection-pstricks: Makefile
pkgsrc/meta-pkgs/xfce4: Makefile
pkgsrc/misc/bbweather: Makefile
pkgsrc/misc/byobu: Makefile
pkgsrc/misc/colorize: Makefile
pkgsrc/misc/cowsay: Makefile
pkgsrc/misc/dpkg: Makefile
pkgsrc/misc/gkrellm-weather: Makefile
pkgsrc/misc/gnome-utils: Makefile
pkgsrc/misc/gwaei: Makefile
pkgsrc/misc/ipbt: Makefile
pkgsrc/misc/kanjipad: Makefile
pkgsrc/misc/kdepim3: Makefile
pkgsrc/misc/kdepim4: Makefile
pkgsrc/misc/koffice: Makefile
pkgsrc/misc/libcdio: Makefile
pkgsrc/misc/libcdio-paranoia: Makefile
pkgsrc/misc/libreoffice: Makefile
pkgsrc/misc/libreoffice4: Makefile
pkgsrc/misc/libreoffice43: Makefile
pkgsrc/misc/loco: Makefile
pkgsrc/misc/mirmon: Makefile
pkgsrc/misc/nxtvepg: Makefile
pkgsrc/misc/openoffice3: Makefile
pkgsrc/misc/p5-Locale-libintl: Makefile
pkgsrc/misc/pdmenu: Makefile
pkgsrc/misc/reed: Makefile
pkgsrc/misc/rlwrap: Makefile
pkgsrc/misc/rpm: Makefile
pkgsrc/misc/stellarium: Makefile
pkgsrc/misc/taskjuggler: Makefile
pkgsrc/misc/tds: Makefile
pkgsrc/misc/tellico-kde3: Makefile
pkgsrc/misc/teseq: Makefile
pkgsrc/misc/topless: Makefile
pkgsrc/misc/vfu: Makefile
pkgsrc/misc/vym: Makefile
pkgsrc/misc/whohas: Makefile
pkgsrc/multimedia/acidrip: Makefile
pkgsrc/multimedia/dirac: Makefile
pkgsrc/multimedia/dvb-apps: Makefile
pkgsrc/multimedia/dvdrip: Makefile
pkgsrc/multimedia/ffmpeg2: Makefile
pkgsrc/multimedia/ffmpeg3: Makefile
pkgsrc/multimedia/gmediaserver: Makefile
pkgsrc/multimedia/gnome-media: Makefile
pkgsrc/multimedia/gst-plugins0.10-base: Makefile
pkgsrc/multimedia/gst-plugins0.10-ffmpeg: Makefile
pkgsrc/multimedia/gst-plugins1-base: Makefile
pkgsrc/multimedia/gst-plugins1-libav: Makefile
pkgsrc/multimedia/gst-plugins1-omx: Makefile
pkgsrc/multimedia/gstreamer0.10: Makefile
pkgsrc/multimedia/gstreamer1: Makefile
pkgsrc/multimedia/gxine: Makefile
pkgsrc/multimedia/handbrake: Makefile
pkgsrc/multimedia/kdenlive: Makefile
pkgsrc/multimedia/kmplayer: Makefile
pkgsrc/multimedia/kmplayer-kde3: Makefile
pkgsrc/multimedia/libvpx: Makefile
pkgsrc/multimedia/ming: Makefile
pkgsrc/multimedia/mpv: Makefile
pkgsrc/multimedia/vlc: Makefile
pkgsrc/multimedia/vlc20: Makefile
pkgsrc/multimedia/x264-devel: Makefile
pkgsrc/multimedia/xawtv: Makefile
pkgsrc/multimedia/xine-lib: Makefile
pkgsrc/net/amule: Makefile
pkgsrc/net/argus: Makefile
pkgsrc/net/arp-scan: Makefile
pkgsrc/net/bind910: Makefile
pkgsrc/net/bind99: Makefile
pkgsrc/net/choqok: Makefile
pkgsrc/net/clive: Makefile
pkgsrc/net/coda: Makefile
pkgsrc/net/dctc: Makefile
pkgsrc/net/ddclient: Makefile
pkgsrc/net/dhcpd-pools: Makefile
pkgsrc/net/dlint: Makefile
pkgsrc/net/dnscheck: Makefile
pkgsrc/net/dnstracer: Makefile
pkgsrc/net/exabgp: Makefile
pkgsrc/net/fpdns: Makefile
pkgsrc/net/freeradius: Makefile
pkgsrc/net/get-flash-videos: Makefile
pkgsrc/net/gift: Makefile
pkgsrc/net/gnapfetch: Makefile
pkgsrc/net/ipcalc: Makefile
pkgsrc/net/irrd: Makefile
pkgsrc/net/kftpgrabber: Makefile
pkgsrc/net/kismet: Makefile
pkgsrc/net/kmldonkey-kde3: Makefile
pkgsrc/net/ktorrent: Makefile
pkgsrc/net/ktorrent-kde3: Makefile
pkgsrc/net/ldns: Makefile
pkgsrc/net/lftp: Makefile
pkgsrc/net/libktorrent: Makefile
pkgsrc/net/libquic: Makefile
pkgsrc/net/librsync: Makefile
pkgsrc/net/logjam: Makefile
pkgsrc/net/md-whois: Makefile
pkgsrc/net/mirror: Makefile
pkgsrc/net/mldonkey: Makefile
pkgsrc/net/monsoon: Makefile
pkgsrc/net/mrtg: Makefile
pkgsrc/net/nagios-nrpe: Makefile
pkgsrc/net/nagios-nsca: Makefile
pkgsrc/net/nagios-plugin-snmp: Makefile
pkgsrc/net/nagios-plugin-spamd: Makefile
pkgsrc/net/nagios-plugins: Makefile
pkgsrc/net/nasd: Makefile
pkgsrc/net/net-snmp: Makefile
pkgsrc/net/netatalk22: Makefile
pkgsrc/net/netatalk30: Makefile
pkgsrc/net/netdisco: Makefile
pkgsrc/net/nocol: Makefile
pkgsrc/net/ns: Makefile
pkgsrc/net/ntp4: Makefile
pkgsrc/net/ocsinventory-agent: Makefile
pkgsrc/net/oinkmaster: Makefile
pkgsrc/net/openwbem: Makefile
pkgsrc/net/perlbal: Makefile
pkgsrc/net/pfnet: Makefile
pkgsrc/net/proftpd: Makefile
pkgsrc/net/quagga: Makefile
pkgsrc/net/radiusd-cistron: Makefile
pkgsrc/net/rancid: Makefile
pkgsrc/net/remmina: Makefile
pkgsrc/net/remmina-plugins: Makefile
pkgsrc/net/samba: Makefile
pkgsrc/net/samba4: Makefile
pkgsrc/net/sitescooper: Makefile
pkgsrc/net/smokeping: Makefile
pkgsrc/net/snmptt: Makefile
pkgsrc/net/spread: Makefile
pkgsrc/net/stripes: Makefile
pkgsrc/net/tacacs: Makefile
pkgsrc/net/tacacs-shrubbery: Makefile
pkgsrc/net/tigervnc: Makefile
pkgsrc/net/tightvnc: Makefile
pkgsrc/net/torrentutils: Makefile
pkgsrc/net/tsclient: Makefile
pkgsrc/net/udpcast: Makefile
pkgsrc/net/vcheck: Makefile
pkgsrc/net/vino: Makefile
pkgsrc/net/vnc: Makefile
pkgsrc/net/vpnc: Makefile
pkgsrc/net/walker: Makefile
pkgsrc/net/wget: Makefile
pkgsrc/net/whois3: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/wireshark1: Makefile
pkgsrc/net/wol: Makefile
pkgsrc/news/cleanscore: Makefile
pkgsrc/news/newsbeuter: Makefile
pkgsrc/news/nntpcache: Makefile
pkgsrc/news/tin: Makefile
pkgsrc/news/trn: Makefile
pkgsrc/parallel/gridscheduler: Makefile
pkgsrc/parallel/mpi-ch: Makefile
pkgsrc/parallel/openmpi: Makefile
pkgsrc/parallel/parallel: Makefile
pkgsrc/parallel/pdsh: Makefile
pkgsrc/parallel/sge: Makefile
pkgsrc/parallel/slurm: Makefile
pkgsrc/pkgtools/gnome-packagekit: Makefile
pkgsrc/pkgtools/lintpkgsrc: Makefile
pkgsrc/pkgtools/pkg_distinst: Makefile
pkgsrc/pkgtools/pkg_filecheck: Makefile
pkgsrc/pkgtools/pkg_notify: Makefile
pkgsrc/pkgtools/pkg_p5up2date: Makefile
pkgsrc/pkgtools/pkgdep: Makefile
pkgsrc/pkgtools/pkgdepgraph: Makefile
pkgsrc/pkgtools/pkgdiff: Makefile
pkgsrc/pkgtools/pkglint4: Makefile
pkgsrc/pkgtools/pkgse: Makefile
pkgsrc/pkgtools/pkgsrc-todo: Makefile
pkgsrc/pkgtools/port2pkg: Makefile
pkgsrc/pkgtools/revbump: Makefile
pkgsrc/pkgtools/texlive2pkg: Makefile
pkgsrc/pkgtools/url2pkg: Makefile
pkgsrc/print/a2ps: Makefile
pkgsrc/print/bibtool: Makefile
pkgsrc/print/chktex: Makefile
pkgsrc/print/cups: Makefile
pkgsrc/print/cups-pdf: Makefile
pkgsrc/print/cups15: Makefile
pkgsrc/print/enscript: Makefile
pkgsrc/print/foomatic-filters: Makefile
pkgsrc/print/foomatic4-db-engine: Makefile
pkgsrc/print/foomatic4-filters: Makefile
pkgsrc/print/ghostscript-agpl: Makefile
pkgsrc/print/ghostscript-gpl: Makefile
pkgsrc/print/gutenprint-lib: Makefile
pkgsrc/print/gv: Makefile
pkgsrc/print/hplip: Makefile
pkgsrc/print/html2ps: Makefile
pkgsrc/print/if-psprint: Makefile
pkgsrc/print/ja-a2ps: Makefile
pkgsrc/print/kbibtex: Makefile
pkgsrc/print/kbibtex-kde3: Makefile
pkgsrc/print/latexmk: Makefile
pkgsrc/print/lilypond: Makefile
pkgsrc/print/luatex: Makefile
pkgsrc/print/pdflib: Makefile
pkgsrc/print/pdflib-lite: Makefile
pkgsrc/print/psjoin: Makefile
pkgsrc/print/pslib: Makefile
pkgsrc/print/psutils: Makefile
pkgsrc/print/qpdf: Makefile
pkgsrc/print/scribus: Makefile
pkgsrc/print/scribus-qt4: Makefile
pkgsrc/print/tex-cjk-gs-integrate: Makefile
pkgsrc/print/tex-glossaries: Makefile
pkgsrc/print/tex-kotex-utils: Makefile
pkgsrc/print/tex-oberdiek: Makefile
pkgsrc/print/tex-pdftex-doc: Makefile
pkgsrc/print/tex-pdftools: Makefile
pkgsrc/print/tex-pkfix: Makefile
pkgsrc/print/tex-tetex: Makefile
pkgsrc/print/tex-texlive.infra: Makefile
pkgsrc/print/tex-thumbpdf: Makefile
pkgsrc/print/tex-xetex: Makefile
pkgsrc/print/tex4ht: Makefile
pkgsrc/print/xetex: Makefile
pkgsrc/print/yup: Makefile
pkgsrc/security/Bastille: Makefile
pkgsrc/security/CSP: Makefile
pkgsrc/security/antonym: Makefile
pkgsrc/security/apg: Makefile
pkgsrc/security/base: Makefile
pkgsrc/security/boringssl: Makefile
pkgsrc/security/caff: Makefile
pkgsrc/security/ccid: Makefile
pkgsrc/security/clusterssh: Makefile
pkgsrc/security/courier-authlib: Makefile
pkgsrc/security/dnssec-tools: Makefile
pkgsrc/security/egd: Makefile
pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile
pkgsrc/security/gnutls: Makefile
pkgsrc/security/gpg2dot: Makefile
pkgsrc/security/hackbot: Makefile
pkgsrc/security/lasso: Makefile
pkgsrc/security/libprelude: Makefile
pkgsrc/security/libprelude-perl: Makefile
pkgsrc/security/libpreludedb: Makefile
pkgsrc/security/libpreludedb-mysql: Makefile
pkgsrc/security/libpreludedb-perl: Makefile
pkgsrc/security/libpreludedb-pgsql: Makefile
pkgsrc/security/libpreludedb-python: Makefile
pkgsrc/security/libpreludedb-sqlite3: Makefile
pkgsrc/security/log2timeline: Makefile
pkgsrc/security/mbedtls: Makefile
pkgsrc/security/mbedtls1: Makefile
pkgsrc/security/mhash: Makefile
pkgsrc/security/mit-krb5: Makefile
pkgsrc/security/munge: Makefile
pkgsrc/security/nikto: Makefile
pkgsrc/security/openpam: Makefile
pkgsrc/security/openssh: Makefile
pkgsrc/security/openssl: Makefile
pkgsrc/security/p5-pcsc: Makefile
pkgsrc/security/pcsc-tools: Makefile
pkgsrc/security/pgp5: Makefile
pkgsrc/security/pgpenvelope: Makefile
pkgsrc/security/policykit: Makefile
pkgsrc/security/policykit-gnome: Makefile
pkgsrc/security/polkit: Makefile
pkgsrc/security/py-lasso: Makefile
pkgsrc/security/racoon2: Makefile
pkgsrc/security/sfs: Makefile
pkgsrc/security/skey: Makefile
pkgsrc/security/sks: Makefile
pkgsrc/security/sleuthkit: Makefile
pkgsrc/security/snortsnarf: Makefile
pkgsrc/security/stunnel: Makefile
pkgsrc/security/tct: Makefile
pkgsrc/security/validns: Makefile
pkgsrc/security/zebedee: Makefile
pkgsrc/security/zoneminder: Makefile
pkgsrc/shells/mksh: Makefile
pkgsrc/shells/perlsh: Makefile
pkgsrc/shells/xsh: Makefile
pkgsrc/sysutils/amanda-common: Makefile
pkgsrc/sysutils/amtterm: Makefile
pkgsrc/sysutils/backuppc: Makefile
pkgsrc/sysutils/bacula: Makefile
pkgsrc/sysutils/boxbackup-client: Makefile
pkgsrc/sysutils/boxbackup-server: Makefile
pkgsrc/sysutils/bup: Makefile
pkgsrc/sysutils/cdbkup: Makefile
pkgsrc/sysutils/cdrkit: Makefile
pkgsrc/sysutils/cfengine2: Makefile
pkgsrc/sysutils/collectd: Makefile
pkgsrc/sysutils/consolekit: Makefile
pkgsrc/sysutils/coreutils: Makefile
pkgsrc/sysutils/cpogm: Makefile
pkgsrc/sysutils/cvsreport: Makefile
pkgsrc/sysutils/dirvish: Makefile
pkgsrc/sysutils/diskscrub: Makefile
pkgsrc/sysutils/dmassage: Makefile
pkgsrc/sysutils/dmesg2gif: Makefile
pkgsrc/sysutils/etckeeper: Makefile
pkgsrc/sysutils/etcmanage: Makefile
pkgsrc/sysutils/filelight-kde3: Makefile
pkgsrc/sysutils/gdmap: Makefile
pkgsrc/sysutils/gio-fam: Makefile
pkgsrc/sysutils/gnome-commander: Makefile
pkgsrc/sysutils/gnome-device-manager: Makefile
pkgsrc/sysutils/gnome-mount: Makefile
pkgsrc/sysutils/gnome-power-manager: Makefile
pkgsrc/sysutils/gnome-system-tools: Makefile
pkgsrc/sysutils/gnome-volume-manager: Makefile
pkgsrc/sysutils/hal: Makefile
pkgsrc/sysutils/hal-info: Makefile
pkgsrc/sysutils/k3b: Makefile
pkgsrc/sysutils/k3b-kde3: Makefile
pkgsrc/sysutils/k4dirstat: Makefile
pkgsrc/sysutils/krusader: Makefile
pkgsrc/sysutils/lavaps: Makefile
pkgsrc/sysutils/libgtop: Makefile
pkgsrc/sysutils/liboobs: Makefile
pkgsrc/sysutils/libvirt: Makefile
pkgsrc/sysutils/lilo: Makefile
pkgsrc/sysutils/lsof: Makefile
pkgsrc/sysutils/lxpanel: Makefile
pkgsrc/sysutils/magicrescue: Makefile
pkgsrc/sysutils/mc: Makefile
pkgsrc/sysutils/mc46: Makefile
pkgsrc/sysutils/memconf: Makefile
pkgsrc/sysutils/mgm: Makefile
pkgsrc/sysutils/munin-doc: Makefile
pkgsrc/sysutils/munin-node: Makefile
pkgsrc/sysutils/munin-server: Makefile
pkgsrc/sysutils/pflogsumm: Makefile
pkgsrc/sysutils/rconfig: Makefile
pkgsrc/sysutils/roller: Makefile
pkgsrc/sysutils/rsnapshot: Makefile
pkgsrc/sysutils/safetynet: Makefile
pkgsrc/sysutils/sarah: Makefile
pkgsrc/sysutils/shelldap: Makefile
pkgsrc/sysutils/smbldap-tools: Makefile
pkgsrc/sysutils/stow: Makefile
pkgsrc/sysutils/strace: Makefile
pkgsrc/sysutils/strigi: Makefile
pkgsrc/sysutils/swatch: Makefile
pkgsrc/sysutils/tenshi: Makefile
pkgsrc/sysutils/vifm: Makefile
pkgsrc/sysutils/webmin: Makefile
pkgsrc/sysutils/xentools3: Makefile
pkgsrc/sysutils/xentools3-hvm: Makefile
pkgsrc/sysutils/xentools33: Makefile
pkgsrc/sysutils/xentools41: Makefile
pkgsrc/sysutils/xentools42: Makefile
pkgsrc/sysutils/xentools45: Makefile
pkgsrc/sysutils/xentools46: Makefile
pkgsrc/sysutils/xps: Makefile
pkgsrc/sysutils/znapzend: Makefile
pkgsrc/textproc/Markdown: Makefile
pkgsrc/textproc/aspell: Makefile
pkgsrc/textproc/aspell-da: Makefile
pkgsrc/textproc/aspell-fo: Makefile
pkgsrc/textproc/btparse: Makefile
pkgsrc/textproc/c2html: Makefile
pkgsrc/textproc/cdif: Makefile
pkgsrc/textproc/cmigemo: Makefile
pkgsrc/textproc/crush-tools: Makefile
pkgsrc/textproc/dict-mueller7: Makefile
pkgsrc/textproc/diffsplit: Makefile
pkgsrc/textproc/docbook-xsl: Makefile
pkgsrc/textproc/dsssl-docbook-modular: Makefile
pkgsrc/textproc/dtdparse: Makefile
pkgsrc/textproc/eb: Makefile
pkgsrc/textproc/freepwing: Makefile
pkgsrc/textproc/grep: Makefile
pkgsrc/textproc/groff: Makefile
pkgsrc/textproc/gtk-doc: Makefile
pkgsrc/textproc/halibut: Makefile
pkgsrc/textproc/html2wml: Makefile
pkgsrc/textproc/hunspell: Makefile
pkgsrc/textproc/hunspell-de: Makefile
pkgsrc/textproc/hyphen: Makefile
pkgsrc/textproc/intltool: Makefile
pkgsrc/textproc/ispell-de: Makefile
pkgsrc/textproc/ja-groff: Makefile
pkgsrc/textproc/kdoc: Makefile
pkgsrc/textproc/latex2html: Makefile
pkgsrc/textproc/libxml++: Makefile
pkgsrc/textproc/libxslt: Makefile
pkgsrc/textproc/mdoclint: Makefile
pkgsrc/textproc/multimarkdown: Makefile
pkgsrc/textproc/mythes: Makefile
pkgsrc/textproc/namazu: Makefile
pkgsrc/textproc/ndtpd: Makefile
pkgsrc/textproc/openjade: Makefile
pkgsrc/textproc/opensp: Makefile
pkgsrc/textproc/p5-libxml: Makefile
pkgsrc/textproc/p5-mecab: Makefile
pkgsrc/textproc/p5-mobiperl: Makefile
pkgsrc/textproc/po4a: Makefile
pkgsrc/textproc/pod2mdoc: Makefile
pkgsrc/textproc/postgresql-autodoc: Makefile
pkgsrc/textproc/redland: Makefile
pkgsrc/textproc/rfcutil: Makefile
pkgsrc/textproc/sablotron: Makefile
pkgsrc/textproc/sub2srt: Makefile
pkgsrc/textproc/tex-latexdiff: Makefile
pkgsrc/textproc/tex-latexdiff-doc: Makefile
pkgsrc/textproc/texi2html: Makefile
pkgsrc/textproc/troffcvt: Makefile
pkgsrc/textproc/xapian-omega: Makefile
pkgsrc/textproc/xmltoman: Makefile
pkgsrc/textproc/yamcha: Makefile
pkgsrc/time/hebcal: Makefile
pkgsrc/time/ical2rem: Makefile
pkgsrc/time/libical: Makefile
pkgsrc/time/rem2ics: Makefile
pkgsrc/time/remind: Makefile
pkgsrc/time/rsibreak: Makefile
pkgsrc/time/rsibreak-kde3: Makefile
pkgsrc/time/titrax: Makefile
pkgsrc/wm/afterstep: Makefile
pkgsrc/wm/bbkeys: Makefile
pkgsrc/wm/bbkeys09: Makefile
pkgsrc/wm/compiz-fusion-plugins-extra: Makefile
pkgsrc/wm/enlightenment: Makefile
pkgsrc/wm/fvwm: Makefile
pkgsrc/wm/fvwm-devel: Makefile
pkgsrc/wm/fvwm-themes: Makefile
pkgsrc/wm/i3: Makefile
pkgsrc/wm/ratpoison: Makefile
pkgsrc/wm/waimea: Makefile
pkgsrc/wm/windowmaker: Makefile
pkgsrc/wm/wmakerconf: Makefile
pkgsrc/www/SpeedyCGI: Makefile
pkgsrc/www/adzap: Makefile
pkgsrc/www/album: Makefile
pkgsrc/www/album_themes: Makefile
pkgsrc/www/amaya: Makefile
pkgsrc/www/ap2-perl: Makefile
pkgsrc/www/apache22: Makefile
pkgsrc/www/apache24: Makefile
pkgsrc/www/awstats: Makefile
pkgsrc/www/bannerfilter: Makefile
pkgsrc/www/bins: Makefile
pkgsrc/www/bluefish: Makefile
pkgsrc/www/calamaris: Makefile
pkgsrc/www/checkbot: Makefile
pkgsrc/www/clearsilver: Makefile
pkgsrc/www/cronolog: Makefile
pkgsrc/www/curl: Makefile
pkgsrc/www/cvsweb: Makefile
pkgsrc/www/dansguardian: Makefile
pkgsrc/www/davical: Makefile
pkgsrc/www/dillo: Makefile
pkgsrc/www/drraw: Makefile
pkgsrc/www/firefox: Makefile
pkgsrc/www/firefox24: Makefile
pkgsrc/www/firefox31: Makefile
pkgsrc/www/firefox38: Makefile
pkgsrc/www/firefox45: Makefile
pkgsrc/www/gallery: Makefile
pkgsrc/www/gitweb: Makefile
pkgsrc/www/h2o: Makefile
pkgsrc/www/htmlfix: Makefile
pkgsrc/www/htmllint: Makefile
pkgsrc/www/icedtea-web: Makefile
pkgsrc/www/ikiwiki: Makefile
pkgsrc/www/kannel: Makefile
pkgsrc/www/kdewebdev3: Makefile
pkgsrc/www/libwww: Makefile
pkgsrc/www/liferea: Makefile
pkgsrc/www/llgal: Makefile
pkgsrc/www/make_album: Makefile
pkgsrc/www/mknmz-wwwoffle: Makefile
pkgsrc/www/moodle: Makefile
pkgsrc/www/neon: Makefile
pkgsrc/www/netsurf: Makefile
pkgsrc/www/nvu: Makefile
pkgsrc/www/p5-HTMLObject: Makefile
pkgsrc/www/p5-libwww: Makefile
pkgsrc/www/php-owncloud: Makefile
pkgsrc/www/privoxy: Makefile
pkgsrc/www/py-moin: Makefile
pkgsrc/www/screws: Makefile
pkgsrc/www/snownews: Makefile
pkgsrc/www/squid3: Makefile
pkgsrc/www/squidGuard: Makefile
pkgsrc/www/squidanalyzer: Makefile
pkgsrc/www/squidclamav: Makefile
pkgsrc/www/surfraw: Makefile
pkgsrc/www/swish-e: Makefile
pkgsrc/www/w3m: Makefile
pkgsrc/www/wApua: Makefile
pkgsrc/www/wdg-validate: Makefile
pkgsrc/www/webkit-gtk: Makefile
pkgsrc/www/webkit24-gtk: Makefile
pkgsrc/www/weblint: Makefile
pkgsrc/www/webnew: Makefile
pkgsrc/www/whisker: Makefile
pkgsrc/www/wml: Makefile
pkgsrc/www/wwwoffle: Makefile
pkgsrc/www/yaws: Makefile
pkgsrc/x11/alacarte: Makefile
pkgsrc/x11/eterm: Makefile
pkgsrc/x11/gcolor2: Makefile
pkgsrc/x11/gnome-desktop: Makefile
pkgsrc/x11/gnome-panel: Makefile
pkgsrc/x11/gnome-session: Makefile
pkgsrc/x11/gnome-terminal: Makefile
pkgsrc/x11/gtk: Makefile
pkgsrc/x11/gtk-sharp: Makefile
pkgsrc/x11/gtk2: Makefile
pkgsrc/x11/gtk2-chtheme: Makefile
pkgsrc/x11/gtk3: Makefile
pkgsrc/x11/gtkada: Makefile
pkgsrc/x11/gtkmm: Makefile
pkgsrc/x11/gtkmm3: Makefile
pkgsrc/x11/gtksourceview: Makefile
pkgsrc/x11/gtksourceview2: Makefile
pkgsrc/x11/gtksourceviewmm: Makefile
pkgsrc/x11/kconfigwidgets: Makefile
pkgsrc/x11/kdebindings-ruby: Makefile
pkgsrc/x11/kdelibs3: Makefile
pkgsrc/x11/p5-Wx: Makefile
pkgsrc/x11/pixman: Makefile
pkgsrc/x11/py-wxWidgets: Makefile
pkgsrc/x11/qt5-qtbase: Makefile
pkgsrc/x11/wxGTK30: Makefile
pkgsrc/x11/xephem: Makefile
pkgsrc/x11/xfce4-exo: Makefile
pkgsrc/x11/xfce4-whiskermenu-plugin: Makefile
pkgsrc/x11/xkbset: Makefile
pkgsrc/x11/xplanet: Makefile
pkgsrc/x11/xscreensaver: Makefile
Log Message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 9 13:04:18 UTC 2016
Modified Files:
pkgsrc/audio/ardour: Makefile
pkgsrc/audio/aubio: Makefile
pkgsrc/audio/csound5: Makefile
pkgsrc/audio/csound6: Makefile
pkgsrc/audio/csound6-manual: Makefile
pkgsrc/audio/exaile: Makefile
pkgsrc/audio/eyeD3: Makefile
pkgsrc/audio/moss: Makefile
pkgsrc/audio/mutagen-tools: Makefile
pkgsrc/audio/picard: Makefile
pkgsrc/audio/py-acoustid: Makefile
pkgsrc/audio/py-ao: Makefile
pkgsrc/audio/py-beets: Makefile
pkgsrc/audio/py-cddb: Makefile
pkgsrc/audio/py-daap: Makefile
pkgsrc/audio/py-discogs_client: Makefile
pkgsrc/audio/py-id3: Makefile
pkgsrc/audio/py-id3lib: Makefile
pkgsrc/audio/py-karaoke: Makefile
pkgsrc/audio/py-libmtag: Makefile
pkgsrc/audio/py-mad: Makefile
pkgsrc/audio/py-musicbrainz: Makefile
pkgsrc/audio/py-musique: Makefile
pkgsrc/audio/py-ogg: Makefile
pkgsrc/audio/py-vorbis: Makefile
pkgsrc/audio/quodlibet2: Makefile
pkgsrc/audio/rhythmbox: Makefile
pkgsrc/audio/solfege: Makefile
pkgsrc/audio/sonata: Makefile
pkgsrc/audio/streamtuner: options.mk
pkgsrc/audio/tunapie: Makefile
pkgsrc/benchmarks/glmark2: Makefile
pkgsrc/biology/py-mol: Makefile
pkgsrc/cad/py-MyHDL: Makefile
pkgsrc/chat/empathy: Makefile
pkgsrc/chat/gajim: Makefile options.mk
pkgsrc/chat/libtelepathy: Makefile
pkgsrc/chat/py-xmpppy: Makefile
pkgsrc/chat/spectrum: Makefile
pkgsrc/chat/telepathy-farsight: Makefile
pkgsrc/chat/telepathy-gabble: Makefile
pkgsrc/chat/telepathy-glib: Makefile
pkgsrc/chat/telepathy-haze: Makefile
pkgsrc/chat/telepathy-idle: Makefile
pkgsrc/chat/telepathy-logger: Makefile
pkgsrc/chat/telepathy-mission-control5: Makefile
pkgsrc/chat/telepathy-qt: Makefile
pkgsrc/chat/xchat-python: Makefile
pkgsrc/comms/multisync-gui: Makefile
pkgsrc/comms/py-gammu: Makefile
pkgsrc/converters/py-jpCodecs: Makefile
pkgsrc/converters/py-yenc: Makefile
pkgsrc/converters/py-zbase32: Makefile
pkgsrc/converters/py-zfec: Makefile
pkgsrc/converters/py-zhCodecs: Makefile
pkgsrc/databases/gourmet: Makefile
pkgsrc/databases/gramps3: Makefile options.mk
pkgsrc/databases/libpqxx: Makefile
pkgsrc/databases/luma: Makefile
pkgsrc/databases/mongodb: Makefile
pkgsrc/databases/py-PgSQL: Makefile
pkgsrc/databases/py-bdb-xml: Makefile
pkgsrc/databases/py-carbon: Makefile options.mk
pkgsrc/databases/py-cassa: Makefile
pkgsrc/databases/py-cdb: Makefile
pkgsrc/databases/py-ckanclient: Makefile
pkgsrc/databases/py-couchdb: Makefile
pkgsrc/databases/py-datapkg: Makefile
pkgsrc/databases/py-elixir: Makefile
pkgsrc/databases/py-ldap: Makefile
pkgsrc/databases/py-metakit: Makefile
pkgsrc/databases/py-mssql: Makefile
pkgsrc/databases/py-mysqldb: Makefile
pkgsrc/databases/py-python-rrdtool: Makefile
pkgsrc/databases/py-sqlalchemy-migrate: Makefile
pkgsrc/databases/py-sqlite: Makefile
pkgsrc/databases/py-sqlite2: Makefile
pkgsrc/databases/py-sqlrelay: Makefile
pkgsrc/databases/py-sybase: Makefile
pkgsrc/databases/py-table: Makefile
pkgsrc/databases/py-tokyocabinet: Makefile
pkgsrc/databases/py-whisper: Makefile
pkgsrc/databases/skytools: Makefile
pkgsrc/databases/tdb: Makefile
pkgsrc/devel/ExmanIDE: Makefile
pkgsrc/devel/GConf: Makefile
pkgsrc/devel/RBTools: Makefile
pkgsrc/devel/accerciser: Makefile
pkgsrc/devel/boa-constructor: Makefile
pkgsrc/devel/bokken: Makefile
pkgsrc/devel/bpython: Makefile
pkgsrc/devel/bugs-everywhere: Makefile
pkgsrc/devel/bzr: Makefile
pkgsrc/devel/bzr-explorer: Makefile
pkgsrc/devel/bzr-gtk: Makefile
pkgsrc/devel/bzr-svn: Makefile
pkgsrc/devel/bzrtools: Makefile
pkgsrc/devel/codeville: Makefile
pkgsrc/devel/cvs2svn: Makefile
pkgsrc/devel/diffuse: Makefile
pkgsrc/devel/distcc-pump: Makefile
pkgsrc/devel/doxygen: Makefile
pkgsrc/devel/epydoc: Makefile
pkgsrc/devel/eric4: Makefile
pkgsrc/devel/gdb: options.mk
pkgsrc/devel/gnatpython: Makefile
pkgsrc/devel/googletest: Makefile
pkgsrc/devel/gps: options.mk
pkgsrc/devel/gyp: Makefile
pkgsrc/devel/kdesdk3: Makefile
pkgsrc/devel/ko-po-check: Makefile
pkgsrc/devel/lettuce: Makefile
pkgsrc/devel/libappindicator: Makefile
pkgsrc/devel/libappindicator3: Makefile
pkgsrc/devel/libftdi1: Makefile
pkgsrc/devel/libgit2: Makefile
pkgsrc/devel/libhid: Makefile
pkgsrc/devel/meld: Makefile
pkgsrc/devel/py-InlineEgg: Makefile
pkgsrc/devel/py-Optik: Makefile
pkgsrc/devel/py-astroid: Makefile
pkgsrc/devel/py-at-spi: Makefile
pkgsrc/devel/py-buildbot: Makefile
pkgsrc/devel/py-buildbot-slave: Makefile
pkgsrc/devel/py-cached-property: Makefile
pkgsrc/devel/py-checker: Makefile
pkgsrc/devel/py-cheetah: Makefile
pkgsrc/devel/py-compizconfig: Makefile
pkgsrc/devel/py-daemon: Makefile
pkgsrc/devel/py-darcsver: Makefile
pkgsrc/devel/py-dialog2: Makefile
pkgsrc/devel/py-distorm3: Makefile
pkgsrc/devel/py-doctor: Makefile
pkgsrc/devel/py-enum34: Makefile
pkgsrc/devel/py-expect: Makefile
pkgsrc/devel/py-fastimport: Makefile
pkgsrc/devel/py-futures: Makefile
pkgsrc/devel/py-gflags: Makefile
pkgsrc/devel/py-gobject: Makefile
pkgsrc/devel/py-google-apputils: Makefile
pkgsrc/devel/py-hg-fastimport: Makefile
pkgsrc/devel/py-hg-git: Makefile
pkgsrc/devel/py-hglib: Makefile
pkgsrc/devel/py-hglist: Makefile
pkgsrc/devel/py-hgnested: Makefile
pkgsrc/devel/py-hgview: Makefile
pkgsrc/devel/py-ipaddr: Makefile
pkgsrc/devel/py-ipython010: Makefile
pkgsrc/devel/py-ipython013: Makefile
pkgsrc/devel/py-jersey: Makefile
pkgsrc/devel/py-kjbuckets: Makefile
pkgsrc/devel/py-kqueue: Makefile
pkgsrc/devel/py-logilab-astng: Makefile
pkgsrc/devel/py-logilab-common: Makefile
pkgsrc/devel/py-memcached: Makefile
pkgsrc/devel/py-mercurial: Makefile.version
pkgsrc/devel/py-multiprocessing: Makefile
pkgsrc/devel/py-newt: Makefile
pkgsrc/devel/py-open-vcdiff: Makefile
pkgsrc/devel/py-pqueue: Makefile
pkgsrc/devel/py-proteus: options.mk
pkgsrc/devel/py-protobuf: Makefile
pkgsrc/devel/py-pylint: Makefile
pkgsrc/devel/py-pytemplate: Makefile
pkgsrc/devel/py-pyutil: Makefile
pkgsrc/devel/py-quixote: Makefile
pkgsrc/devel/py-rope: Makefile
pkgsrc/devel/py-ruamel-ordereddict: Makefile
pkgsrc/devel/py-setuptools_trial: Makefile
pkgsrc/devel/py-singledispatch: Makefile
pkgsrc/devel/py-stompclient: Makefile
pkgsrc/devel/py-subprocess32: Makefile
pkgsrc/devel/py-subvertpy: Makefile
pkgsrc/devel/py-tabular: Makefile
pkgsrc/devel/py-tortoisehg: Makefile
pkgsrc/devel/py-tryton: options.mk
pkgsrc/devel/py-trytond: Makefile.common options.mk
pkgsrc/devel/py-unit: Makefile
pkgsrc/devel/py-unitgui: Makefile
pkgsrc/devel/py-usb: Makefile
pkgsrc/devel/py-windbg: Makefile
pkgsrc/devel/py-zanata-python-client: Makefile
pkgsrc/devel/py-zconfig: Makefile
pkgsrc/devel/qbzr: Makefile
pkgsrc/devel/reposurgeon: Makefile
pkgsrc/devel/roundup: Makefile
pkgsrc/devel/rox-lib: Makefile
pkgsrc/devel/scons: Makefile
pkgsrc/devel/stgit: Makefile
pkgsrc/devel/tailor: Makefile
pkgsrc/devel/talloc: Makefile
pkgsrc/devel/transifex-client: Makefile
pkgsrc/devel/umbrello: Makefile
pkgsrc/devel/xulrunner10: mozilla-common.mk
pkgsrc/devel/xulrunner17: mozilla-common.mk
pkgsrc/devel/xulrunner192: mozilla-common.mk
pkgsrc/editors/gedit-python: Makefile
pkgsrc/editors/kdissert: Makefile
pkgsrc/editors/lyx: Makefile
pkgsrc/editors/medit: Makefile
pkgsrc/editors/nts: Makefile
pkgsrc/editors/pluma: options.mk
pkgsrc/editors/zim: Makefile
pkgsrc/emulators/fs-uae-launcher: Makefile
pkgsrc/emulators/gns3: Makefile
pkgsrc/emulators/hatari: Makefile
pkgsrc/emulators/mame: Makefile
pkgsrc/emulators/openmsx: Makefile
pkgsrc/emulators/qemu: Makefile
pkgsrc/emulators/qemu0: Makefile
pkgsrc/emulators/unicorn: Makefile
pkgsrc/filesystems/fuse-gmailfs: Makefile
pkgsrc/filesystems/fuse-pcachefs: Makefile
pkgsrc/filesystems/fuse-wikipediafs: Makefile
pkgsrc/filesystems/glusterfs: Makefile
pkgsrc/filesystems/py-filesystem: Makefile
pkgsrc/filesystems/py-fuse-bindings: Makefile
pkgsrc/filesystems/tahoe-lafs: Makefile
pkgsrc/finance/gnucash: Makefile
pkgsrc/finance/moneyguru: Makefile
pkgsrc/finance/py-stripe: Makefile
pkgsrc/finance/py-vatnumber: Makefile
pkgsrc/fonts/mftrace: Makefile
pkgsrc/fonts/py-TTFQuery: Makefile
pkgsrc/games/4stAttack: Makefile
pkgsrc/games/blindmine: Makefile
pkgsrc/games/freeciv-share: Makefile.common
pkgsrc/games/gcompris: Makefile
pkgsrc/games/gnome-games: Makefile
pkgsrc/games/jools: Makefile
pkgsrc/games/kajongg: Makefile
pkgsrc/games/kye: Makefile
pkgsrc/games/monsterz: Makefile
pkgsrc/games/py-easyAI: Makefile
pkgsrc/games/py-renpy: Makefile
pkgsrc/games/pysolfc: Makefile
pkgsrc/games/pytraffic: Makefile
pkgsrc/games/teeworlds: Makefile
pkgsrc/games/wesnoth: Makefile
pkgsrc/geography/gpsd: Makefile
pkgsrc/geography/proj-swig: Makefile
pkgsrc/geography/py-google-maps-services-python: Makefile
pkgsrc/geography/py-obspy: Makefile
pkgsrc/geography/qgis: options.mk
pkgsrc/graphics/MesaLib: Makefile
pkgsrc/graphics/MesaLib7: Makefile
pkgsrc/graphics/blender: Makefile
pkgsrc/graphics/comix: Makefile
pkgsrc/graphics/dia-python: Makefile
pkgsrc/graphics/eog: Makefile
pkgsrc/graphics/eom: options.mk
pkgsrc/graphics/gimp-docs-en: Makefile.common
pkgsrc/graphics/libscigraphica: Makefile
pkgsrc/graphics/mypaint: Makefile
pkgsrc/graphics/py-OpenGL: Makefile
pkgsrc/graphics/py-aafigure: Makefile
pkgsrc/graphics/py-biggles: Makefile
pkgsrc/graphics/py-cairo: Makefile
pkgsrc/graphics/py-chart: Makefile
pkgsrc/graphics/py-dot: Makefile
pkgsrc/graphics/py-gdchart: Makefile
pkgsrc/graphics/py-gdmodule: Makefile
pkgsrc/graphics/py-gnuplot: Makefile
pkgsrc/graphics/py-goocanvas: Makefile
pkgsrc/graphics/py-gtkglext: Makefile
pkgsrc/graphics/py-imaging: Makefile
pkgsrc/graphics/py-imagingtk: Makefile
pkgsrc/graphics/py-matplotlib-gtk2: Makefile
pkgsrc/graphics/py-mcomix: Makefile
pkgsrc/graphics/py-piddle: Makefile
pkgsrc/graphics/py-pycha: Makefile
pkgsrc/graphics/py-sk1libs: Makefile
pkgsrc/graphics/py-uniconvertor: Makefile
pkgsrc/graphics/scigraphica: Makefile
pkgsrc/graphics/skencil: Makefile
pkgsrc/graphics/xdot: Makefile
pkgsrc/ham/gnuradio-core: Makefile.common
pkgsrc/inputmethod/ibus-python: Makefile
pkgsrc/inputmethod/ibus-tegaki: Makefile
pkgsrc/inputmethod/mozc-server: Makefile.common
pkgsrc/inputmethod/py-input-pad: Makefile
pkgsrc/inputmethod/py-zinnia: Makefile
pkgsrc/inputmethod/scim-python: Makefile
pkgsrc/inputmethod/tegaki-pygtk: Makefile
pkgsrc/inputmethod/tegaki-python: Makefile
pkgsrc/inputmethod/tegaki-recognize: Makefile
pkgsrc/inputmethod/tegaki-tools: Makefile
pkgsrc/inputmethod/tegaki-train: Makefile
pkgsrc/inputmethod/tegaki-wagomu: Makefile
pkgsrc/lang/clang-static-analyzer: Makefile
pkgsrc/lang/nodejs: Makefile.common
pkgsrc/lang/py-basicproperty: Makefile
pkgsrc/lang/py-pyrex: Makefile
pkgsrc/lang/py-pythonz: Makefile
pkgsrc/lang/python: pyversion.mk
pkgsrc/mail/archivemail: Makefile
pkgsrc/mail/fetchmailconf: Makefile
pkgsrc/mail/getmail: Makefile
pkgsrc/mail/mailman: Makefile
pkgsrc/mail/offlineimap: Makefile
pkgsrc/mail/py-libgmail: Makefile
pkgsrc/mail/thunderbird-enigmail: Makefile.common
pkgsrc/mail/tmda: Makefile
pkgsrc/math/gnumeric: Makefile
pkgsrc/math/gnumeric110: Makefile
pkgsrc/math/gnumeric112: Makefile
pkgsrc/math/py-Numeric: Makefile
pkgsrc/math/py-Scientific: Makefile
pkgsrc/math/py-cdecimal: Makefile
pkgsrc/math/py-ephem: Makefile
pkgsrc/math/py-fftw: Makefile
pkgsrc/math/py-fpconst: Makefile
pkgsrc/math/py-networkx: Makefile
pkgsrc/math/py-numarray: Makefile
pkgsrc/math/py-simpleeval: Makefile
pkgsrc/meta-pkgs/bulk-large: Makefile
pkgsrc/meta-pkgs/bulk-medium: Makefile
pkgsrc/meta-pkgs/gnome: Makefile
pkgsrc/meta-pkgs/py-gnome-bindings: Makefile
pkgsrc/misc/byobu: Makefile
pkgsrc/misc/calibre: Makefile
pkgsrc/misc/calibre1: Makefile
pkgsrc/misc/deskbar-applet: Makefile
pkgsrc/misc/kdeutils3: Makefile
pkgsrc/misc/khard: Makefile
pkgsrc/misc/koffice: Makefile
pkgsrc/misc/mnemosyne: Makefile
pkgsrc/misc/openoffice3: Makefile
pkgsrc/misc/orca: Makefile
pkgsrc/misc/py-anita: Makefile
pkgsrc/misc/py-anki2: Makefile
pkgsrc/misc/py-carddav: Makefile
pkgsrc/misc/py-stdnum: Makefile
pkgsrc/misc/routeplanner-cli: Makefile
pkgsrc/misc/superkaramba: Makefile
pkgsrc/multimedia/farsight2: Makefile
pkgsrc/multimedia/kodi: Makefile
pkgsrc/multimedia/libkate: options.mk
pkgsrc/multimedia/livestreamer: Makefile
pkgsrc/multimedia/pitivi: Makefile
pkgsrc/multimedia/py-gstreamer0.10: Makefile
pkgsrc/multimedia/py-ming: Makefile
pkgsrc/multimedia/totem: Makefile.common
pkgsrc/net/Radicale: options.mk
pkgsrc/net/avahi: options.mk
pkgsrc/net/bittornado: Makefile
pkgsrc/net/bittornado-gui: Makefile
pkgsrc/net/bittorrent: Makefile
pkgsrc/net/bittorrent-gui: Makefile
pkgsrc/net/calypso: Makefile
pkgsrc/net/coherence: Makefile
pkgsrc/net/coilmq: Makefile
pkgsrc/net/exabgp: Makefile
pkgsrc/net/gitso: Makefile
pkgsrc/net/gtk-vnc: options.mk
pkgsrc/net/mimms: Makefile
pkgsrc/net/mitmproxy: Makefile
pkgsrc/net/nagstamon: Makefile
pkgsrc/net/nicotine: Makefile
pkgsrc/net/nmap: options.mk
pkgsrc/net/omniORB: Makefile
pkgsrc/net/py-GeoIP: Makefile
pkgsrc/net/py-ORBit: Makefile
pkgsrc/net/py-adns: Makefile
pkgsrc/net/py-beanstalkc: Makefile
pkgsrc/net/py-bitmessage: Makefile
pkgsrc/net/py-caldav: Makefile
pkgsrc/net/py-dpkt: Makefile
pkgsrc/net/py-eventlib: Makefile
pkgsrc/net/py-foolscap: Makefile
pkgsrc/net/py-gevent: Makefile
pkgsrc/net/py-google: Makefile
pkgsrc/net/py-ipaddress: Makefile
pkgsrc/net/py-kenosis: Makefile
pkgsrc/net/py-libdnet: Makefile
pkgsrc/net/py-libpcap: Makefile
pkgsrc/net/py-medusa: Makefile
pkgsrc/net/py-metar: Makefile
pkgsrc/net/py-netifaces: Makefile
pkgsrc/net/py-netsnmp: Makefile
pkgsrc/net/py-omniORBpy: Makefile
pkgsrc/net/py-pcap: Makefile
pkgsrc/net/py-s3cmd: Makefile
pkgsrc/net/py-soappy: Makefile
pkgsrc/net/py-socketpool: Makefile
pkgsrc/net/py-spreadmodule: Makefile
pkgsrc/net/py-suds: Makefile
pkgsrc/net/py-tweepy: Makefile
pkgsrc/net/py-twisted: Makefile.common
pkgsrc/net/py-txamqp: Makefile
pkgsrc/net/py-zsi: Makefile
pkgsrc/net/pygopherd: Makefile
pkgsrc/net/samba4: Makefile
pkgsrc/net/scapy: Makefile options.mk
pkgsrc/net/upnpinspector: Makefile
pkgsrc/net/wireshark: Makefile
pkgsrc/net/wireshark1: Makefile
pkgsrc/news/hellanzb: Makefile
pkgsrc/news/lottanzb: Makefile
pkgsrc/pkgtools/gnome-packagekit: Makefile
pkgsrc/pkgtools/packagekit: Makefile
pkgsrc/print/hplip: options.mk
pkgsrc/print/lilypond: Makefile
pkgsrc/print/pdfshuffler: Makefile
pkgsrc/print/py-pisa: Makefile
pkgsrc/print/py-poppler: Makefile
pkgsrc/print/py-reportlab: Makefile
pkgsrc/print/scribus: Makefile
pkgsrc/print/scribus-qt4: Makefile
pkgsrc/security/botan: Makefile
pkgsrc/security/lasso: Makefile
pkgsrc/security/libprelude-python: Makefile
pkgsrc/security/libpreludedb-python: Makefile
pkgsrc/security/mixminion: Makefile
pkgsrc/security/prelude-correlator: Makefile
pkgsrc/security/py-SSLCrypto: Makefile
pkgsrc/security/py-backports.ssl_match_hostname: Makefile
pkgsrc/security/py-cryptkit: Makefile
pkgsrc/security/py-cryptopp: Makefile
pkgsrc/security/py-cybox: Makefile
pkgsrc/security/py-denyhosts: Makefile
pkgsrc/security/py-gnupg: Makefile
pkgsrc/security/py-lasso: Makefile
pkgsrc/security/py-libtaxii: Makefile
pkgsrc/security/py-m2crypto: Makefile
pkgsrc/security/py-mcrypt: Makefile
pkgsrc/security/py-oauth2: Makefile
pkgsrc/security/py-openid: Makefile
pkgsrc/security/py-prewikka: Makefile
pkgsrc/security/py-service_identity: Makefile
pkgsrc/security/py-stix: Makefile
pkgsrc/security/py-tlslite: Makefile
pkgsrc/security/py-urllib2-kerberos: Makefile
pkgsrc/security/py-xmlsec: Makefile
pkgsrc/security/py-yara: Makefile
pkgsrc/security/py-yubiauth: Makefile
pkgsrc/security/volatility: Makefile
pkgsrc/shells/lshell: Makefile
pkgsrc/sysutils/ansible: Makefile
pkgsrc/sysutils/bup: Makefile
pkgsrc/sysutils/caja-dropbox: Makefile
pkgsrc/sysutils/cuisine: Makefile
pkgsrc/sysutils/dbus-python-common: Makefile
pkgsrc/sysutils/duplicity: Makefile
pkgsrc/sysutils/euca2ools: Makefile
pkgsrc/sysutils/fabric: Makefile
pkgsrc/sysutils/gnome-commander: Makefile
pkgsrc/sysutils/libvirt: Makefile
pkgsrc/sysutils/manifold: Makefile
pkgsrc/sysutils/monitoring: Makefile
pkgsrc/sysutils/openxenmanager: Makefile
pkgsrc/sysutils/polysh: Makefile
pkgsrc/sysutils/py-borgbackup: Makefile
pkgsrc/sysutils/py-gnome-menus: Makefile
pkgsrc/sysutils/py-notify: Makefile
pkgsrc/sysutils/py-notify-python: Makefile
pkgsrc/sysutils/py-pefile: Makefile
pkgsrc/sysutils/py-xattr: Makefile
pkgsrc/sysutils/rdiff-backup: Makefile
pkgsrc/sysutils/salt: Makefile
pkgsrc/sysutils/salt-docs: Makefile
pkgsrc/sysutils/virt-manager: Makefile
pkgsrc/sysutils/virtinst: Makefile
pkgsrc/sysutils/xenkernel3: Makefile
pkgsrc/sysutils/xenkernel33: Makefile
pkgsrc/sysutils/xenkernel41: Makefile
pkgsrc/sysutils/xenkernel42: Makefile
pkgsrc/sysutils/xenkernel45: Makefile
pkgsrc/sysutils/xenkernel46: Makefile
pkgsrc/sysutils/xentools3: Makefile
pkgsrc/sysutils/xentools3-hvm: Makefile
pkgsrc/sysutils/xentools33: Makefile
pkgsrc/sysutils/xentools41: Makefile
pkgsrc/sysutils/xentools42: Makefile
pkgsrc/sysutils/xentools45: Makefile
pkgsrc/sysutils/xentools46: Makefile
pkgsrc/textproc/asciidoc: Makefile
pkgsrc/textproc/coccigrep: Makefile
pkgsrc/textproc/dblatex: Makefile
pkgsrc/textproc/gnome-doc-utils: Makefile
pkgsrc/textproc/gtk-doc: Makefile
pkgsrc/textproc/ispell-lt: Makefile
pkgsrc/textproc/itstool: Makefile
pkgsrc/textproc/libplist: Makefile
pkgsrc/textproc/markdown2social: Makefile
pkgsrc/textproc/py-4Suite: Makefile
pkgsrc/textproc/py-Excelerator: Makefile
pkgsrc/textproc/py-HappyDoc: Makefile
pkgsrc/textproc/py-Whoosh: Makefile
pkgsrc/textproc/py-X2: Makefile
pkgsrc/textproc/py-cabocha: Makefile
pkgsrc/textproc/py-cjson: Makefile
pkgsrc/textproc/py-cmTemplate: Makefile
pkgsrc/textproc/py-elementtree: Makefile
pkgsrc/textproc/py-empy: Makefile
pkgsrc/textproc/py-generateDS: Makefile
pkgsrc/textproc/py-gnosis-utils: Makefile
pkgsrc/textproc/py-iniparse: Makefile
pkgsrc/textproc/py-jsonlib: Makefile
pkgsrc/textproc/py-libxslt: Makefile
pkgsrc/textproc/py-marisa: Makefile
pkgsrc/textproc/py-mecab: Makefile
pkgsrc/textproc/py-relatorio: Makefile
pkgsrc/textproc/py-vobject: Makefile
pkgsrc/textproc/py-xlwt: Makefile
pkgsrc/textproc/py-xml: Makefile
pkgsrc/textproc/py-yamcha: Makefile
pkgsrc/textproc/queequeg: Makefile
pkgsrc/textproc/rubber: Makefile
pkgsrc/textproc/xmlada: Makefile
pkgsrc/time/etm: Makefile
pkgsrc/time/gdeskcal: Makefile
pkgsrc/time/hamster-applet: Makefile
pkgsrc/time/py-goocalendar: Makefile
pkgsrc/time/py-mxDateTime: Makefile
pkgsrc/time/wxRemind: Makefile
pkgsrc/wm/bmpanel2: Makefile
pkgsrc/wm/ccsm: Makefile
pkgsrc/wm/py-tyle: Makefile
pkgsrc/www/ap-scgi: Makefile
pkgsrc/www/bluefish: Makefile
pkgsrc/www/browser-bookmarks-menu: Makefile
pkgsrc/www/cherokee: Makefile
pkgsrc/www/clearsilver: Makefile
pkgsrc/www/firefox: mozilla-common.mk
pkgsrc/www/firefox24: mozilla-common.mk
pkgsrc/www/firefox31: mozilla-common.mk
pkgsrc/www/firefox38: mozilla-common.mk
pkgsrc/www/firefox45: mozilla-common.mk
pkgsrc/www/ies4linux: Makefile
pkgsrc/www/loggerhead: Makefile
pkgsrc/www/py-ClientForm: Makefile
pkgsrc/www/py-HTMLgen: Makefile
pkgsrc/www/py-beautifulsoup: Makefile
pkgsrc/www/py-blosxom: Makefile
pkgsrc/www/py-clearsilver: Makefile
pkgsrc/www/py-django-appmedia: Makefile
pkgsrc/www/py-django-mezzanine-filebrowser: Makefile
pkgsrc/www/py-django-mezzanine-grappelli: Makefile
pkgsrc/www/py-django-photologue: Makefile
pkgsrc/www/py-django14: Makefile options.mk
pkgsrc/www/py-djangorestframework: Makefile
pkgsrc/www/py-flup: Makefile
pkgsrc/www/py-gdata: Makefile
pkgsrc/www/py-google-api-python-client: Makefile
pkgsrc/www/py-graphite-web: Makefile
pkgsrc/www/py-jonpy: Makefile
pkgsrc/www/py-mechanize: Makefile
pkgsrc/www/py-mezzanine: Makefile
pkgsrc/www/py-moin: Makefile
pkgsrc/www/py-nevow: Makefile
pkgsrc/www/py-pendrell: Makefile
pkgsrc/www/py-python-digest: Makefile
pkgsrc/www/py-pywebdav: Makefile
pkgsrc/www/py-recaptcha: Makefile
pkgsrc/www/py-scgi: Makefile
pkgsrc/www/py-simpletal: Makefile
pkgsrc/www/py-swish-e: Makefile
pkgsrc/www/py-twill: Makefile
pkgsrc/www/py-uliweb: Makefile
pkgsrc/www/py-webpy: Makefile
pkgsrc/www/py-werkzeug-docs: Makefile
pkgsrc/www/ruby-pygments.rb: Makefile
pkgsrc/www/trac: Makefile
pkgsrc/www/urlgrabber: Makefile
pkgsrc/www/viewvc: Makefile
pkgsrc/www/webkit-gtk: Makefile
pkgsrc/www/webkit24-gtk: Makefile.common
pkgsrc/x11/alacarte: Makefile
pkgsrc/x11/arandr: Makefile
pkgsrc/x11/avant-window-navigator: Makefile
pkgsrc/x11/driconf: Makefile
pkgsrc/x11/gnome-applets: Makefile
pkgsrc/x11/gnome-mag: Makefile
pkgsrc/x11/gnome-panel: Makefile
pkgsrc/x11/gnome-terminal: Makefile
pkgsrc/x11/gtk2: Makefile
pkgsrc/x11/kde-workspace4: Makefile
pkgsrc/x11/libdesktop-agnostic: Makefile
pkgsrc/x11/mozo: Makefile
pkgsrc/x11/py-Pmw: Makefile
pkgsrc/x11/py-gnome2: Makefile
pkgsrc/x11/py-gnome2-desktop: Makefile
pkgsrc/x11/py-gnome2-extras: Makefile
pkgsrc/x11/py-gtk2: Makefile
pkgsrc/x11/py-gtksourceview: Makefile
pkgsrc/x11/py-keybinder: Makefile
pkgsrc/x11/py-kiwi: Makefile
pkgsrc/x11/py-qwt-qt4: Makefile
pkgsrc/x11/py-terminator: Makefile
pkgsrc/x11/py-vte: Makefile
pkgsrc/x11/py-wxWidgets: Makefile
pkgsrc/x11/rox-session: Makefile
pkgsrc/x11/tint2: Makefile
Log Message:
Remove python33: adapt all packages that refer to it.
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 pkgsrc/net/samba4/Makefile
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 11 12:28:17 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST
Log Message:
If py-dns or py-iso8601 are installed, the PLIST is wrong because
the separate copy coming with samba4 is not installed.
Depend on the two packages and never install the separate copies.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/net/samba4/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/samba4/PLIST
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jul 11 12:28:17 2016 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.21: +4 -2
lines
Diff to previous 1.21 (colored) to selected 1.16.2.1 (colored)
If py-dns or py-iso8601 are installed, the PLIST is wrong because the separate copy coming with samba4 is not installed. Depend on the two packages and never install the separate copies. Bump PKGREVISION.
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 9 13:04:02 2016 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored) to selected 1.16.2.1 (colored)
Remove python33: adapt all packages that refer to it.
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jul 9 06:38:45 2016 UTC (7 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.19: +2 -1
lines
Diff to previous 1.19 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Revision 1.19 / (download) - annotate - [select for diffs], Thu Jul 7 16:44:14 2016 UTC (7 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored) to selected 1.16.2.1 (colored)
Update samba4 to 4.3.11 (Samba 4.3.11), including security fix for
CVE-2016-2119.
Changes from 4.3.9 to 4.3.10 are too many to write here, please refer
WHATSNEW.txt file.
==============================
Release Notes for Samba 4.3.11
July 07, 2016
==============================
This is a security release in order to address the following defect:
o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
=======
Details
=======
o CVE-2016-2119:
It's possible for an attacker to downgrade the required signing for
an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST
or SMB2_SESSION_FLAG_IS_NULL flags.
This means that the attacker can impersonate a server being connected to by
Samba, and return malicious results.
The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking
to domain controllers as a member server, and trusted domains as a domain
controller. These DCE/RPC connections were intended to protected by the
combination of "client ipc signing" and
"client ipc max protocol" in their effective default settings
("mandatory" and "SMB3_11").
Additionally, management tools like net, samba-tool and rpcclient use DCERPC
over SMB2/3 connections.
By default, other tools in Samba are unprotected, but rarely they are
configured to use smb signing, via the "client signing" parameter (the default
is "if_required"). Even more rarely the "client max protocol" is set to SMB2,
rather than the NT1 default.
If both these conditions are met, then this issue would also apply to these
other tools, including command line tools like smbcacls, smbcquota, smbclient,
smbget and applications using libsmbclient.
Changes since 4.3.10:
--------------------
o Stefan Metzmacher <metze@samba.org>
* BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.
* BUG 11948: Total dcerpc response payload more than 0x400000.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Fri May 13 14:49:20 2016 UTC (7 years, 11 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.16.2.1: +2 -2
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Pullup ticket #5011 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.18
- net/samba4/PLIST 1.7
- net/samba4/distinfo 1.10
- net/samba4/patches/patch-lib_nss__wrapper_wscript deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 7 03:09:33 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Removed Files:
pkgsrc/net/samba4/patches: patch-lib_nss__wrapper_wscript
Log Message:
Update samba4 to 4.3.8, which contains security fix.
This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.
Changes since 4.3.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11822: s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11780: smbd: Only check dev/inode in open_directory, not the full
stat().
* BUG 11789: pydsdb: Fix returning of ldb.MessageElement.
o Berend De Schouwer <berend.de.schouwer@gmail.com>
* BUG 11643: docs: Add example for domain logins to smbspool man page.
o Günther Deschner <gd@samba.org>
* BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
* BUG 8093: access based share enum: Handle permission set in configuration
files.
o Volker Lendecke <vl@samba.org>
* BUG 11816: nwrap: Fix the build on Solaris.
* BUG 11827: vfs_catia: Fix memleak.
* BUG 11878: smbd: Avoid large reads beyond EOF.
o Stefan Metzmacher <metze@samba.org>
* BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
dereferencing an ioctl response.
* BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
* BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
ldap_add.
* BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
restored.
* BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
list.
* BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
* BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
* BUG 11847: Only validate MIC if "map to guest" is not being used.
* BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
option for testing.
* BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
* BUG 11858: Allow anonymous smb connections.
* BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
* BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
o Noel Power <noel.power@suse.com>
* BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
o Garming Sam <garming@catalyst.net.nz>
* BUG 11789: build: Mark explicit dependencies on pytalloc-util.
o Partha Sarathi <partha@exablox.com>
* BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
infolevel.
o Jorge Schrauwen <sjorge@blackdot.be>
* BUG 11816: configure: Don't check for inotify on illumos.
o Uri Simchoni <uri@samba.org>
* BUG 11691: winbindd: Return trust parameters when listing trusts.
* BUG 11753: smbd: Ignore SVHDX create context.
* BUG 11763: passdb: Add linefeed to debug message.
* BUG 11788: build: Fix disk-free quota support on Solaris 10.
* BUG 11798: build: Fix build when '--without-quota' specified.
* BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set.
* BUG 11852: libads: Record session expiry for spnego sasl binds.
o Hemanth Thummala <hemanth.thummala@nutanix.com>
* BUG 11740: Real memory leak(buildup) issue in loadparm.
* BUG 11840: Mask general purpose signals for notifyd.
Revision 1.18 / (download) - annotate - [select for diffs], Sat May 7 03:09:33 2016 UTC (7 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base
Branch point for: pkgsrc-2016Q2
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored) to selected 1.16.2.1 (colored)
Update samba4 to 4.3.8, which contains security fix.
This release fixes some regressions introduced by the last security fixes.
Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
bugs addressing these regressions and more information.
Changes since 4.3.8:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 11742: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11771: lib: tevent: Fix memory leak when old signal action restored.
* BUG 11822: s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11780: smbd: Only check dev/inode in open_directory, not the full
stat().
* BUG 11789: pydsdb: Fix returning of ldb.MessageElement.
o Berend De Schouwer <berend.de.schouwer@gmail.com>
* BUG 11643: docs: Add example for domain logins to smbspool man page.
o Günther Deschner <gd@samba.org>
* BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
* BUG 8093: access based share enum: Handle permission set in configuration
files.
o Volker Lendecke <vl@samba.org>
* BUG 11816: nwrap: Fix the build on Solaris.
* BUG 11827: vfs_catia: Fix memleak.
* BUG 11878: smbd: Avoid large reads beyond EOF.
o Stefan Metzmacher <metze@samba.org>
* BUG 11622: libcli/smb: Make sure we have a body size of 0x31 before
dereferencing an ioctl response.
* BUG 11623: libcli/smb: Fix BUFFER_OVERFLOW handling in tstream_smbXcli_np.
* BUG 11755: s3:libads: Setup the msDS-SupportedEncryptionTypes attribute on
ldap_add.
* BUG 11771: tevent: Version 0.9.28. Fix memory leak when old signal action
restored.
* BUG 11782: s3:winbindd: Don't include two '\0' at the end of the domain
list.
* BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
* BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
* BUG 11847: Only validate MIC if "map to guest" is not being used.
* BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
option for testing.
* BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
* BUG 11858: Allow anonymous smb connections.
* BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
* BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
o Noel Power <noel.power@suse.com>
* BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
o Garming Sam <garming@catalyst.net.nz>
* BUG 11789: build: Mark explicit dependencies on pytalloc-util.
o Partha Sarathi <partha@exablox.com>
* BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
infolevel.
o Jorge Schrauwen <sjorge@blackdot.be>
* BUG 11816: configure: Don't check for inotify on illumos.
o Uri Simchoni <uri@samba.org>
* BUG 11691: winbindd: Return trust parameters when listing trusts.
* BUG 11753: smbd: Ignore SVHDX create context.
* BUG 11763: passdb: Add linefeed to debug message.
* BUG 11788: build: Fix disk-free quota support on Solaris 10.
* BUG 11798: build: Fix build when '--without-quota' specified.
* BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set.
* BUG 11852: libads: Record session expiry for spnego sasl binds.
o Hemanth Thummala <hemanth.thummala@nutanix.com>
* BUG 11740: Real memory leak(buildup) issue in loadparm.
* BUG 11840: Mask general purpose signals for notifyd.
Revision 1.16.2.1 / (download) - annotate - [selected], Fri Apr 15 07:25:11 2016 UTC (8 years ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored)
Pullup ticket #4958 - requested by manu
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.17
- net/samba4/PLIST 1.6
- net/samba4/distinfo 1.9
---
Module Name: pkgsrc
Committed By: manu
Date: Wed Apr 13 08:26:10 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
Update net/samba4 to 4.3.8
This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities:
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
Revision 1.17 / (download) - annotate - [select for diffs], Wed Apr 13 08:26:10 2016 UTC (8 years ago) by manu
Branch: MAIN
Changes since 1.16: +2 -3
lines
Diff to previous 1.16 (colored) to selected 1.16.2.1 (colored)
Update net/samba4 to 4.3.8
This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities:
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:11 2016 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jan 31 20:28:23 2016 UTC (8 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored) to selected 1.16.2.1 (colored)
Update to 4.3.4
Changelog:
=============================
Release Notes for Samba 4.3.4
January 12, 2016
=============================
This is the latest stable release of Samba 4.3.
Changes since 4.3.3:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 11619: doc: Fix a typo in the smb.conf manpage, explanation of idmap
config.
* BUG 11647: s3:smbd: Fix a corner case of the symlink verification.
o Jeremy Allison <jra@samba.org>
* BUG 11624: s3: libsmb: Correctly initialize the list head when keeping a
list of primary followed by DFS connections.
* BUG 11625: Reduce the memory footprint of empty string options.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11659: Update lastLogon and lastLogonTimestamp.
o Ralph Boehme <slow@samba.org>
* BUG 11065: vfs_fruit: Enable POSIX directory rename semantics.
* BUG 11466: Copying files with vfs_fruit fails when using vfs_streams_xattr
without stream prefix and type suffix.
* BUG 11645: smbd: Make "hide dot files" option work with "store dos
attributes = yes".
o Günther Deschner <gd@samba.org>
* BUG 11639: lib/async_req: Do not install async_connect_send_test.
o Stefan Metzmacher <metze@samba.org>
* BUG 11394: Crash: Bad talloc magic value - access after free.
o Rowland Penny <repenny241155@gmail.com>
* BUG 11613: samba-tool: Fix uncaught exception if no fSMORoleOwner
attribute is given.
o Karolin Seeger <kseeger@samba.org>
* BUG 11619: docs: Fix some typos in the idmap backend section.
* BUG 11641: docs: Fix typos in man vfs_gpfs.
o Uri Simchoni <uri@samba.org>
* BUG 11649: smbd: Do not disable "store dos attributes" on-the-fly.
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Sat Jan 2 09:44:52 2016 UTC (8 years, 3 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored) next main 1.14 (colored) to selected 1.16.2.1 (colored)
Pullup ticket #4881 - requested by wiz
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.14
- net/samba4/distinfo 1.7
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 29 23:58:32 UTC 2015
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
Update samba4 to 4.3.3.
=============================
Release Notes for Samba 4.3.3
December 16, 2015
=============================
This is a security release in order to address the following CVEs:
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24. This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.
=======
Details
=======
o CVE-2015-3223:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a denial of service attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to become unresponsive, preventing the server
from servicing any other requests.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2015-5252:
All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
a bug in symlink verification, which under certain circumstances could
allow client access to files outside the exported share path.
If a Samba share is configured with a path that shares a common path
prefix with another directory on the file system, the smbd daemon may
allow the client to follow a symlink pointing to a file or directory
in that other directory, even if the share parameter "wide links" is
set to "no" (the default).
o CVE-2015-5299:
All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
a missing access control check in the vfs_shadow_copy2 module. When
looking for the shadow copy directory under the share path the current
accessing user should have DIRECTORY_LIST access rights in order to
view the current snapshots.
This was not being checked in the affected versions of Samba.
o CVE-2015-5296:
Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
signing is negotiated when creating an encrypted client connection to
a server.
Without this a man-in-the-middle attack could downgrade the connection
and connect using the supplied credentials as an unsigned, unencrypted
connection.
o CVE-2015-8467:
Samba, operating as an AD DC, is sometimes operated in a domain with a
mix of Samba and Windows Active Directory Domain Controllers.
All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
an AD DC in the same domain with Windows DCs, could be used to
override the protection against the MS15-096 / CVE-2015-2535 security
issue in Windows.
Prior to MS16-096 it was possible to bypass the quota of machine
accounts a non-administrative user could create. Pure Samba domains
are not impacted, as Samba does not implement the
SeMachineAccountPrivilege functionality to allow non-administrator
users to create new computer objects.
o CVE-2015-5330:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a remote memory read attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to return heap memory beyond the length of the
requested value.
This memory may contain data that the client should not be allowed to
see, allowing compromise of the server.
The memory may either be returned to the client in an error string, or
stored in the database by a suitabily privileged user. If untrusted
users can create objects in your database, please confirm that all DN
and name attributes are reasonable.
Changes since 4.3.2:
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
userAccountControl.
o Jeremy Allison <jra@samba.org>
* BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
* BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
access outside the share).
* BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
snapdir.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
o Stefan Metzmacher <metze@samba.org>
* BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
smb encryption on the client side.
Revision 1.14 / (download) - annotate - [select for diffs], Tue Dec 29 23:58:32 2015 UTC (8 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored) to selected 1.16.2.1 (colored)
Update samba4 to 4.3.3.
=============================
Release Notes for Samba 4.3.3
December 16, 2015
=============================
This is a security release in order to address the following CVEs:
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24. This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.
=======
Details
=======
o CVE-2015-3223:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a denial of service attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to become unresponsive, preventing the server
from servicing any other requests.
This flaw is not exploitable beyond causing the code to loop expending
CPU resources.
o CVE-2015-5252:
All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
a bug in symlink verification, which under certain circumstances could
allow client access to files outside the exported share path.
If a Samba share is configured with a path that shares a common path
prefix with another directory on the file system, the smbd daemon may
allow the client to follow a symlink pointing to a file or directory
in that other directory, even if the share parameter "wide links" is
set to "no" (the default).
o CVE-2015-5299:
All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
a missing access control check in the vfs_shadow_copy2 module. When
looking for the shadow copy directory under the share path the current
accessing user should have DIRECTORY_LIST access rights in order to
view the current snapshots.
This was not being checked in the affected versions of Samba.
o CVE-2015-5296:
Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
signing is negotiated when creating an encrypted client connection to
a server.
Without this a man-in-the-middle attack could downgrade the connection
and connect using the supplied credentials as an unsigned, unencrypted
connection.
o CVE-2015-8467:
Samba, operating as an AD DC, is sometimes operated in a domain with a
mix of Samba and Windows Active Directory Domain Controllers.
All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
an AD DC in the same domain with Windows DCs, could be used to
override the protection against the MS15-096 / CVE-2015-2535 security
issue in Windows.
Prior to MS16-096 it was possible to bypass the quota of machine
accounts a non-administrative user could create. Pure Samba domains
are not impacted, as Samba does not implement the
SeMachineAccountPrivilege functionality to allow non-administrator
users to create new computer objects.
o CVE-2015-5330:
All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
ldb versions up to 1.1.23 inclusive) are vulnerable to
a remote memory read attack in the samba daemon LDAP server.
A malicious client can send packets that cause the LDAP server in the
samba daemon process to return heap memory beyond the length of the
requested value.
This memory may contain data that the client should not be allowed to
see, allowing compromise of the server.
The memory may either be returned to the client in an error string, or
stored in the database by a suitabily privileged user. If untrusted
users can create objects in your database, please confirm that all DN
and name attributes are reasonable.
Changes since 4.3.2:
--------------------
o Andrew Bartlett <abartlet@samba.org>
* BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
userAccountControl.
o Jeremy Allison <jra@samba.org>
* BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
* BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
access outside the share).
* BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
snapdir.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
o Stefan Metzmacher <metze@samba.org>
* BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
smb encryption on the client side.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Dec 18 15:03:35 2015 UTC (8 years, 4 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored) to selected 1.16.2.1 (colored)
fix master site
Revision 1.12 / (download) - annotate - [select for diffs], Sun Dec 13 08:48:36 2015 UTC (8 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.11: +4 -5
lines
Diff to previous 1.11 (colored) to selected 1.16.2.1 (colored)
Update samba4 to 4.3.2.
While here, comment a patch.
Changes since 4.3.1:
--------------------
o Michael Adam <obnox@samba.org>
* BUG 11577: ctdb: Open the RO tracking db with perms 0600 instead of 0000.
o Jeremy Allison <jra@samba.org>
* BUG 11452: s3-smbd: Fix old DOS client doing wildcard delete - gives an
attribute type of zero.
* BUG 11565: auth: gensec: Fix a memory leak.
* BUG 11566: lib: util: Make non-critical message a warning.
* BUG 11589: s3: smbd: If EAs are turned off on a share don't allow an SMB2
create containing them.
* BUG 11615: s3: smbd: have_file_open_below() fails to enumerate open files
below an open directory handle.
o Ralph Boehme <slow@samba.org>
* BUG 11562: s4:lib/messaging: Use correct path for names.tdb.
* BUG 11564: async_req: Fix non-blocking connect().
o Volker Lendecke <vl@samba.org>
* BUG 11243: vfs_gpfs: Re-enable share modes.
* BUG 11570: smbd: Send SMB2 oplock breaks unencrypted.
* BUG 11612: winbind: Fix crash on invalid idmap configs.
o YvanM <yvan.masson@openmailbox.org>
* BUG 11584: manpage: Correct small typo error.
o Stefan Metzmacher <metze@samba.org>
* BUG 11327: dcerpc.idl: Accept invalid dcerpc_bind_nak pdus.
* BUG 11581: s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE()
clearer.
o Marc Muehlfeld <mmuehlfeld@samba.org>
* BUG 9912: Changing log level of two entries to DBG_NOTICE.
* BUG 11581: s3-smbd: Fix use after issue in smbd_smb2_request_dispatch().
o Noel Power <noel.power@suse.com>
* BUG 11569: Fix winbindd crashes with samlogon for trusted domain user.
* BUG 11597: Backport some valgrind fixes from upstream master.
o Andreas Schneider <asn@samba.org
* BUG 11563: Fix segfault of 'net ads (join|leave) -S INVALID' with
nss_wins.
o Tom Schulz <schulz@adi.com>
* BUG 11511: Add libreplace dependency to texpect, fixes a linking error on
Solaris.
* BUG 11512: s4: Fix linking of 'smbtorture' on Solaris.
o Uri Simchoni <uri@samba.org>
* BUG 11608: auth: Consistent handling of well-known alias as primary gid.
Changes since 4.3.0:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 10252: s3: smbd: Fix our access-based enumeration on "hide unreadable"
to match Windows.
* BUG 10634: smbd: Fix file name buflen and padding in notify repsonse.
* BUG 11486: s3: smbd: Fix mkdir race condition.
* BUG 11522: s3: smbd: Fix opening/creating :stream files on the root share
directory.
* BUG 11535: s3: smbd: Fix NULL pointer bug introduced by previous 'raw'
* stream fix (bug #11522).
* BUG 11555: s3: lsa: lookup_name() logic for unqualified (no DOMAIN\
component) names is incorrect.
o Ralph Boehme <slow@samba.org>
* BUG 11535: s3: smbd: Fix a crash in unix_convert().
* BUG 11543: vfs_fruit: Return value of ad_pack in vfs_fruit.c.
* BUG 11549: s3:locking: Initialize lease pointer in
share_mode_traverse_fn().
* BUG 11550: s3:smbstatus: Add stream name to share_entry_forall().
* BUG 11555: s3:lib: Validate domain name in lookup_wellknown_name().
o Günther Deschner <gd@samba.org>
* BUG 11038: kerberos: Make sure we only use prompter type when available.
o Volker Lendecke <vl@samba.org>
* BUG 11038: winbind: Fix 100% loop.
* BUG 11053: source3/lib/msghdr.c: Fix compiling error on Solaris.
o Stefan Metzmacher <metze@samba.org>
* BUG 11316: s3:ctdbd_conn: make sure we destroy tevent_fd before closing
the socket.
* BUG 11515: s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging
related subdirs.
* BUG 11526: lib/param: Fix hiding of FLAG_SYNONYM values.
o Björn Jacke <bj@sernet.de>
* BUG 10365: nss_winbind: Fix hang on Solaris on big groups.
* BUG 11355: build: Use as-needed linker flag also on OpenBSD.
o Har Gagan Sahai <SHarGagan@novell.com>
* BUG 11509: s3: dfs: Fix a crash when the dfs targets are disabled.
o Andreas Schneider <asn@samba.org>
* BUG 11502: pam_winbind: Fix a segfault if initialization fails.
o Uri Simchoni <uri@samba.org>
* BUG 11528: net: Fix a crash with 'net ads keytab create'.
* BUG 11547: vfs_commit: set the fd on open before calling SMB_VFS_FSTAT.
Revision 1.11 / (download) - annotate - [select for diffs], Mon Sep 28 17:37:04 2015 UTC (8 years, 6 months ago) by ryoon
Branch: MAIN
Changes since 1.10: +2 -3
lines
Diff to previous 1.10 (colored) to selected 1.16.2.1 (colored)
Update to 4.3.0
Changelog:
=============================
Release Notes for Samba 4.3.0
September 8, 2015
=============================
This is the first stable release of Samba 4.3.
UPGRADING
=========
Read the "New FileChangeNotify subsystem" and "smb.conf changes" sections
(below).
NEW FEATURES
============
Logging
-------
The logging code now supports logging to multiple backends. In
addition to the previously available syslog and file backends, the
backends for logging to the systemd-journal, lttng and gpfs have been
added. Please consult the section for the 'logging' parameter in the
smb.conf manpage for details.
Spotlight
---------
Support for Apple's Spotlight has been added by integrating with Gnome
Tracker.
For detailed instructions how to build and setup Samba for Spotlight,
please see the Samba wiki: <https://wiki.samba.org/index.php/Spotlight>
New FileChangeNotify subsystem
------------------------------
Samba now contains a new subsystem to do FileChangeNotify. The
previous system used a central database, notify_index.tdb, to store
all notification requests. In particular in a cluster this turned out
to be a major bottleneck, because some hot records need to be bounced
back and forth between nodes on every change event like a new created
file.
The new FileChangeNotify subsystem works with a central daemon per
node. Every FileChangeNotify request and every event are handled by an
asynchronous message from smbd to the notify daemon. The notify daemon
maintains a database of all FileChangeNotify requests in memory and
will distribute the notify events accordingly. This database is
asynchronously distributed in the cluster by the notify daemons.
The notify daemon is supposed to scale a lot better than the previous
implementation. The functional advantage is cross-node kernel change
notify: Files created via NFS will be seen by SMB clients on other
nodes per FileChangeNotify, despite the fact that popular cluster file
systems do not offer cross-node inotify.
Two changes to the configuration were required for this new subsystem:
The parameters "change notify" and "kernel change notify" are not
per-share anymore but must be set globally. So it is no longer
possible to enable or disable notify per share, the notify daemon has
no notion of a share, it only works on absolute paths.
New SMB profiling code
----------------------
The code for SMB (SMB1, SMB2 and SMB3) profiling uses a tdb instead
of sysv IPC shared memory. This avoids performance problems and NUMA
effects. The profile stats are a bit more detailed than before.
Improved DCERPC man in the middle detection for kerberos
--------------------------------------------------------
The gssapi based kerberos backends for gensec have support for
DCERPC header signing when using DCERPC_AUTH_LEVEL_PRIVACY.
SMB signing required in winbindd by default
-------------------------------------------
The effective value for "client signing" is required
by default for winbindd, if the primary domain uses active directory.
Experimental NTDB was removed
-----------------------------
The experimental NTDB library introduced in Samba 4.0 has been
removed again.
Improved support for trusted domains (as AD DC)
-----------------------------------------------
The support for trusted domains/forests has improved a lot.
samba-tool got "domain trust" subcommands to manage trusts:
create - Create a domain or forest trust.
delete - Delete a domain trust.
list - List domain trusts.
namespaces - Manage forest trust namespaces.
show - Show trusted domain details.
validate - Validate a domain trust.
External trusts between individual domains work in both ways
(inbound and outbound). The same applies to root domains of
a forest trust. The transitive routing into the other forest
is fully functional for kerberos, but not yet supported for NTLMSSP.
While a lot of things are working fine, there are currently a few limitations:
- Both sides of the trust need to fully trust each other!
- No SID filtering rules are applied at all!
- This means DCs of domain A can grant domain admin rights
in domain B.
- It's not possible to add users/groups of a trusted domain
into domain groups.
SMB 3.1.1 supported
-------------------
Both client and server have support for SMB 3.1.1 now.
This is the dialect introduced with Windows 10, it improves the secure
negotiation of SMB dialects and features.
There's also a new optinal encryption algorithm aes-gcm-128,
but for now this is only selected as fallback and aes-ccm-128
is preferred because of the better performance. This might change
in future versions when hardware encryption will be supported.
See https://bugzilla.samba.org/show_bug.cgi?id=11451.
New smbclient subcommands
-------------------------
- Query a directory for change notifications: notify <dir name>
- Server side copy: scopy <source filename> <destination filename>
New rpcclient subcommands
-------------------------
netshareenumall - Enumerate all shares
netsharegetinfo - Get Share Info
netsharesetinfo - Set Share Info
netsharesetdfsflags - Set DFS flags
netfileenum - Enumerate open files
netnamevalidate - Validate sharename
netfilegetsec - Get File security
netsessdel - Delete Session
netsessenum - Enumerate Sessions
netdiskenum - Enumerate Disks
netconnenum - Enumerate Connections
netshareadd - Add share
netsharedel - Delete share
New modules
-----------
idmap_script - see 'man 8 idmap_script'
vfs_unityed_media - see 'man 8 vfs_unityed_media'
vfs_shell_snap - see 'man 8 vfs_shell_snap'
New sparsely connected replia graph (Improved KCC)
--------------------------------------------------
The Knowledge Consistency Checker (KCC) maintains a replication graph
for DCs across an AD network. The existing Samba KCC uses a fully
connected graph, so that each DC replicates from all the others, which
does not scale well with large networks. In 4.3 there is an
experimental new KCC that creates a sparsely connected replication
graph and closely follows Microsoft's specification. It is turned off
by default. To use the new KCC, set "kccsrv:samba_kcc=true" in
smb.conf and let us know how it goes. You should consider doing this
if you are making a large new network. For small networks there is
little benefit and you can always switch over at a later date.
Configurable TLS protocol support, with better defaults
-------------------------------------------------------
The "tls priority" option can be used to change the supported TLS
protocols. The default is to disable SSLv3, which is no longer
considered secure.
Samba-tool now supports all 7 FSMO roles
-------------------------------------------------------
Previously "samba-tool fsmo" could only show, transfer or seize the
five well-known FSMO roles:
Schema Master
Domain Naming Master
RID Master
PDC Emulator
Infrastructure Master
It can now also show, transfer or seize the DNS infrastructure roles:
DomainDnsZones Infrastructure Master
ForestDnsZones Infrastructure Master
CTDB logging changes
--------------------
The destination for CTDB logging is now set via a single new
configuration variable CTDB_LOGGING. This replaces CTDB_LOGFILE and
CTDB_SYSLOG, which have both been removed. See ctdbd.conf(5) for
details of CTDB_LOGGING.
CTDB no longer runs a separate logging daemon.
CTDB NFS support changes
------------------------
CTDB's NFS service management has been combined into a single 60.nfs
event script. This updated 60.nfs script now uses a call-out to
interact with different NFS implementations. See the CTDB_NFS_CALLOUT
option in the ctdbd.conf(5) manual page for details. A default
call-out is provided to interact with the Linux kernel NFS
implementation. The 60.ganesha event script has been removed - a
sample call-out is provided for NFS Ganesha, based on this script.
The method of configuring NFS RPC checks has been improved. See
ctdb/config/nfs-checks.d/README for details.
Improved Cross-Compiling Support
--------------------------------
A new "hybrid" build configuration mode is added to improve
cross-compilation support.
A common challenge in cross-compilation is that of obtaining the results
of tests that have to run on the target, during the configuration
phase of the build. The Samba build system already supports the following
means to do so:
- Executing configure tests using the --cross-execute parameter
- Obtaining the results from an answers file using the --cross-answers
parameter
The first method has the drawback of inaccurate results if the tests are
run using an emulator, or a need to be connected to a running target
while building, if the tests are to be run on an actual target. The
second method presents a challenge of figuring out the test results.
The new hybrid mode runs the tests and records the result in an answer file.
To activate this mode, use both --cross-execute and --cross-answers in the
same configure invocation. This mode can be activated once against a
running target, and then the generated answers file can be used in
subsequent builds.
Also supplied is an example script that can be used as the
cross-execute program. This script copies the test to a running target
and runs the test on the target, obtaining the result. The obtained
results are more accurate than running the test with an emulator, because
they reflect the exact kernel and system libraries that exist on the
target.
Improved Sparse File Support
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 23 14:30:40 2015 UTC (8 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION for nettle shlib major bump.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jun 26 16:09:49 2015 UTC (8 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.8: +4 -1
lines
Diff to previous 1.8 (colored) to selected 1.16.2.1 (colored)
Attempt to fix various build issues: - Explicitly disable samba-regedit for now, it is built depending on various curses characteristics that we do not currently support. - Avoid epoll implementation on SmartOS. - Pull in Active Directory and LDAP options from net/samba, LDAP support is dynamically configured and we need to ensure that, if enabled, we correctly pull in openldap. The SunOS native LDAP is missing some TLS functions that Samba depends upon. Tested with various PKG_OPTIONS combinations, fixes build on SmartOS.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jun 12 10:50:53 2015 UTC (8 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) to selected 1.16.2.1 (colored)
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 26 15:17:56 2015 UTC (8 years, 10 months ago) by jperkin
Branch: MAIN
Changes since 1.6: +6 -2
lines
Diff to previous 1.6 (colored) to selected 1.16.2.1 (colored)
Move rc.d-specific MESSAGE file out of the way and only display if rc.d is used. Bump PKGREVISION.
Revision 1.6 / (download) - annotate - [select for diffs], Tue May 26 15:11:25 2015 UTC (8 years, 10 months ago) by jperkin
Branch: MAIN
Changes since 1.5: +9 -1
lines
Diff to previous 1.5 (colored) to selected 1.16.2.1 (colored)
Various changes to fix the build and install on SunOS.
Revision 1.5 / (download) - annotate - [select for diffs], Sun May 24 05:24:12 2015 UTC (8 years, 10 months ago) by spz
Branch: MAIN
Changes since 1.4: +4 -4
lines
Diff to previous 1.4 (colored) to selected 1.16.2.1 (colored)
make it build when MAKE_JOBS is not set
Revision 1.4 / (download) - annotate - [select for diffs], Sun May 17 15:47:01 2015 UTC (8 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION again. * Change CACHE directory.
Revision 1.3 / (download) - annotate - [select for diffs], Sun May 17 13:46:27 2015 UTC (8 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.2: +5 -1
lines
Diff to previous 1.2 (colored) to selected 1.16.2.1 (colored)
Bump PKGREVISION. * Add py-expat dependency to fix build. * Add knob for gettext.
Revision 1.2 / (download) - annotate - [select for diffs], Sun May 17 12:27:07 2015 UTC (8 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored) to selected 1.16.2.1 (colored)
Fix typo in comment.
Revision 1.1 / (download) - annotate - [select for diffs], Tue May 12 12:19:52 2015 UTC (8 years, 11 months ago) by ryoon
Branch: MAIN
Diff to selected 1.16.2.1 (colored)
Import samba-4.2.1 as net/samba4. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others. Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member. This package tracks 4.x branch release.