--- - branch: pkgsrc-2017Q1 date: Sat May 27 19:01:15 UTC 2017 files: - new: 1.27.2.1 old: '1.27' path: pkgsrc/net/samba4/Makefile pathrev: pkgsrc/net/samba4/Makefile@1.27.2.1 type: modified - new: 1.10.6.1 old: '1.10' path: pkgsrc/net/samba4/PLIST pathrev: pkgsrc/net/samba4/PLIST@1.10.6.1 type: modified - new: 1.11.6.1 old: '1.11' path: pkgsrc/net/samba4/distinfo pathrev: pkgsrc/net/samba4/distinfo@1.11.6.1 type: modified - new: 1.3.6.1 old: '1.3' path: pkgsrc/net/samba4/options.mk pathrev: pkgsrc/net/samba4/options.mk@1.3.6.1 type: modified - new: 1.1.12.1 old: '1.1' path: pkgsrc/net/samba4/patches/patch-lib_param_loadparm.h pathrev: pkgsrc/net/samba4/patches/patch-lib_param_loadparm.h@1.1.12.1 type: modified - new: 1.2.12.1 old: '1.2' path: pkgsrc/net/samba4/patches/patch-source3_script_tests_test__smbclient__s3.sh pathrev: pkgsrc/net/samba4/patches/patch-source3_script_tests_test__smbclient__s3.sh@1.2.12.1 type: modified id: 20170527T190115Z.7cd4af8b83cc5a2e4e412a7ace76efb784486a6c log: "Pullup ticket #5431 - requested by he\nnet/samba4: security fix\n\nRevisions pulled up:\n- net/samba4/Makefile 1.28-1.30\n- net/samba4/PLIST 1.11-1.12\n- net/samba4/distinfo \ 1.12-1.13\n- net/samba4/options.mk \ 1.4\n- net/samba4/patches/patch-lib_param_loadparm.h \ 1.2\n- net/samba4/patches/patch-source3_script_tests_test__smbclient__s3.sh 1.3\n\n---\n Module Name:\tpkgsrc\n Committed By:\tryoon\n Date:\t\tSat Apr 8 08:56:27 UTC 2017\n\n Modified Files:\n \tpkgsrc/net/samba4: Makefile PLIST distinfo options.mk\n \tpkgsrc/net/samba4/patches: patch-lib_param_loadparm.h\n \ \t patch-source3_script_tests_test__smbclient__s3.sh\n\n Log Message:\n \ Update to 4.6.2\n\n * Use internal heimdal\n\n Changelog:\n Changes since 4.6.1:\n --------------------\n\n o Jeremy Allison \n * BUG 12721: Fix regression with \"follow symlinks = no\".\n\n Changes since 4.6.0:\n \ --------------------\n\n o Jeremy Allison \n * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share\n directory.\n\n \ o Ralph Boehme \n * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share\n directory.\n\n CHANGES SINCE 4.6.0rc4\n ======================\n\n o Jeremy Allison \n \ * BUG 12592: Fix several issues found by covscan.\n * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send\n queue is drained.\n\n \ o Ralph Boehme \n * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.\n * BUG 12526: vfs_fruit: Only veto AppleDouble files if \"fruit:resource\" is\n set to \"file\".\n * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.\n\n o Volker Lendecke \n \ * BUG 12612: Re-enable token groups fallback.\n\n o Stefan Metzmacher \n * BUG 9048: Samba4 ldap error codes.\n * BUG 12557: gensec:spnego: Add debug message for the failed principal.\n * BUG 12605: s3:winbindd: Fix endless forest trust scan.\n * BUG 12612: winbindd: Find the domain based on the sid within\n wb_lookupusergroups_send().\n\n o \ Andreas Schneider \n * BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token()\n correctly.\n * BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash\n manpage.\n * BUG 12592: Fix several issues found by covscan.\n\n o Martin Schwenke \n \ * BUG 12592: ctdb-logging: CID 1396883 Dereference null return value\n (NULL_RETURNS).\n\n \ CHANGES SINCE 4.6.0rc3\n ======================\n\n o Jeremy Allison \n \ * BUG 12545: s3: rpc_server/mdssvc: Add attribute \"kMDItemContentType\".\n \ * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.\n\n \ o Ralph Boehme \n * BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.\n * BUG 12536: s3/smbd: Check for invalid access_mask\n \ smbd_calculate_access_mask().\n * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.\n\n o Amitay Isaacs \n * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().\n * BUG 12595: build: Fix generation of CTDB manpages while creating tarball.\n\n o Bryan Mason \n * BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if\n AUTH_INFO_REQUIRED is not set or is not \"negotiate\".\n\n o Stefan Metzmacher \n * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP\n against trusted domains.\n * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the\n trust password.\n * BUG 12585: librpc/rpc: fix regression in\n NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.\n \ * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without\n netr_LogonSamLogonEx.\n \ * BUG 12587: winbindd child segfaults on connect to an NT4 domain.\n * BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK\n with a valid tree connect.\n * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,\n while it shouldn't.\n * BUG 12601: Backport pytalloc_GenericObject_reference() related changes to\n 4.6.\n\n o Garming Sam \n * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are\n alive.\n\n o Andreas Schneider \n \ * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().\n\n \ o Martin Schwenke \n * BUG 12589: CTDB statd-callout does not cause grace period when\n CTDB_NFS_CALLOUT=\"\".\n * BUG 12595: ctdb-build: Fix RPM build.\n\n CHANGES SINCE 4.6.0rc2\n ======================\n\n \ o Jeremy Allison \n * BUG 12499: s3: vfs: dirsort doesn't handle opendir of \".\" correctly.\n * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store\n the same path as streams_xattr_recheck().\n \ * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.\n\n \ o Andrew Bartlett \n * BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and\n use_xattrs.\n * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and\n requiredFeatures.\n \ * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a\n \ rename.\n\n o Ralph Boehme \n * BUG 12184: s3/rpc_server: Shared rpc modules loading.\n * BUG 12520: Ensure global \"smb encrypt = off\" is effective.\n * BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.\n * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses\n readdirattr.\n\n o Volker Lendecke \n \ * BUG 12551: smbd: Fix \"map acl inherit\" = yes.\n\n o Stefan Metzmacher \n * BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and\n DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S\n * BUG 12540: s3:smbd: allow \"server min protocol = SMB3_00\" to go via \"SMB\n \ 2.???\" negprot.\n\n o John Mulligan \n * BUG 12542: docs: Improve description of \"unix_primary_group\" parameter in\n \ idmap_ad manpage.\n\n o Andreas Schneider \n * BUG 12552: waf: Do not install the unit test binary for krb5samba.\n\n o Amitay Isaacs \n * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.\n * BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.\n\n o Garming Sam \n * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a\n rename.\n\n \ o Uri Simchoni \n * BUG 12529: waf: Backport finding of pkg-config.\n\n CHANGES SINCE 4.6.0rc1\n ======================\n\n o Amitay Isaacs \n * BUG 12469: CTDB lock helper getting stuck trying to lock a record.\n * BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket\n I/O.\n * BUG 12510: sock_daemon_test 4 crashes with SEGV.\n * BUG 12513: ctdb-daemon: Remove stale eventd socket.\n\n o \ Bjæ\x97¦rn Jacke \n * BUG 12535: vfs_default: Unlock the right file in copy chunk.\n\n o Volker Lendecke \n * BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.\n * BUG 12538: Backport winbind fixes.\n\n o Stefan Metzmacher \n \ * BUG 12501: s3:winbindd: talloc_steal the extra_data in\n winbindd_list_users_recv().\n\n \ o Martin Schwenke \n * BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to\n send.\n * BUG 12512: ctdb-scripts: Fix remaining uses of \"ctdb gratiousarp\".\n * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple\n 'default' entries.\n\n---\n \ Module Name:\tpkgsrc\n Committed By:\tjnemeth\n Date:\t\tMon Apr 10 15:27:22 UTC 2017\n\n Modified Files:\n \tpkgsrc/net/samba4: Makefile\n\n Log Message:\n \ Add pkg-config to USE_TOOLS, which is needed to find gnutls.\n Problem found in a bulk build. Not bumping PKGREVISION since it\n shouldn't change the binary package when it built.\n\n---\n Module Name: pkgsrc\n Committed By: he\n \ Date: Wed May 24 15:51:32 UTC 2017\n\n Modified Files:\n pkgsrc/net/samba4: Makefile PLIST distinfo\n\n Log Message:\n Update samba4 to version 4.6.4.\n\n \ Pkgsrc changes:\n * Adapt PLIST, new .so installed.\n\n Upstream changes:\n\n \ Changes since 4.6.3:\n ---------------------\n o Volker Lendecke \n \ * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable\n \ share.\n\n Changes since 4.6.2:\n --------------------\n o Michael Adam \n * BUG 12743: s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots\n from shares with GlusterFS backend.\n\n o Jeremy Allison \n * BUG 12559: Fix for Solaris C compiler.\n * BUG 12628: s3: locking: Update oplock optimization for the leases era.\n * BUG 12693: Make the Solaris C compiler happy.\n * BUG 12695: s3: libgpo: Allow skipping GPO objects that don't have the\n expected LDAP attributes.\n \ * BUG 12747: Fix buffer overflow caused by wrong use of getgroups.\n\n o \ Hanno Boeck \n * BUG 12746: lib: debug: Avoid negative array access.\n * BUG 12748: cleanupdb: Fix a memory read error.\n\n o \ Ralph Boehme \n * BUG 7537: streams_xattr and kernel oplocks results in\n NT_STATUS_NETWORK_BUSY.\n * BUG 11961: winbindd: idmap_autorid allocates ids for unknown SIDs from\n other backends.\n * BUG 12565: vfs_fruit: Resource fork open request with\n flags=O_CREAT|O_RDONLY.\n \ * BUG 12615: manpages/vfs_fruit: Document global options.\n * BUG 12624: lib/pthreadpool: Fix a memory leak.\n * BUG 12727: Lookup-domain for well-known SIDs on a DC.\n * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids().\n \ * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation.\n\n \ o Alexander Bokovoy \n * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI\n use case.\n * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4.\n\n o Amitay Isaacs \n * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to\n complete.\n * BUG 12723: ctdb_event monitor command crashes if event is not specified.\n * BUG 12733: ctdb-docs: Fix documentation of \"-n\" option to 'ctdb tool'.\n\n o Volker Lendecke \n * BUG 12558: smbd: Fix smb1 findfirst with DFS.\n * BUG 12610: smbd: Do an early exit on negprot failure.\n * BUG 12699: winbindd: Fix substitution for 'template homedir'.\n\n o Stefan Metzmacher \n * BUG 12554: s4:kdc: Disable principal based autodetected referral detection.\n \ * BUG 12613: idmap_autorid: Allocate new domain range if the callers knows\n \ the sid is valid.\n * BUG 12724: LINKFLAGS_PYEMBED should not contain -L/some/path.\n * BUG 12725: PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for\n trusted domain.\n * BUG 12731: rpcclient: Allow -U'OTHERDOMAIN\\user' again.\n\n o Christof Schmitt \n * BUG 12725: winbindd: Fix password policy for pam authentication.\n\n o Andreas Schneider \n * BUG 12554: s3:gse: Correctly handle external trusts with MIT.\n * BUG 12611: auth/credentials: Always set the realm if we set the principal\n from the ccache.\n * BUG 12686: replace: Include sysmacros.h.\n * BUG 12687: s3:vfs_expand_msdfs: Do not open the remote address as a file.\n * BUG 12704: s3:libsmb: Only print error message if kerberos use is forced.\n * BUG 12708: winbindd: Child process crashes when kerberos-authenticating\n \ a user with wrong password.\n\n o Uri Simchoni \n * BUG 12715: vfs_fruit: Office document opens as read-only on macOS due to\n CNID semantics.\n * BUG 12737: vfs_acl_xattr: Fix failure to get ACL on Linux if memory is\n fragmented.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2017Q1] pkgsrc/net/samba4' unixtime: '1495911675' user: bsiegert