From Joerg.Pulz@frm2.tum.de  Thu Dec 16 20:42:44 2004
Return-Path: <Joerg.Pulz@frm2.tum.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3E6416A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Dec 2004 20:42:44 +0000 (GMT)
Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 621D543D2D
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 16 Dec 2004 20:42:41 +0000 (GMT)
	(envelope-from Joerg.Pulz@frm2.tum.de)
Received: from localhost (mailhost.frm2.tum.de [129.187.179.12])
	by mailhost.frm2.tum.de (8.12.10/8.12.10) with ESMTP id iBGKge6c063531;
	Thu, 16 Dec 2004 21:42:40 +0100 (CET)
	(envelope-from jpulz@frm2.tum.de)
Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10])
	by mailhost.frm2.tum.de (8.12.10/8.12.10) with ESMTP id iBGKgUVd063523
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 16 Dec 2004 21:42:30 +0100 (CET)
	(envelope-from jpulz@frm2.tum.de)
Received: from hades.admin.frm2 (localhost [127.0.0.1])
	by hades.admin.frm2 (8.13.1/8.13.1) with ESMTP id iBGKgUuq097649;
	Thu, 16 Dec 2004 21:42:30 +0100 (CET)
	(envelope-from jpulz@frm2.tum.de)
Received: (from jpulz@localhost)
	by hades.admin.frm2 (8.13.1/8.13.1/Submit) id iBGKgUP1097648;
	Thu, 16 Dec 2004 21:42:30 +0100 (CET)
	(envelope-from jpulz)
Message-Id: <200412162042.iBGKgUP1097648@hades.admin.frm2>
Date: Thu, 16 Dec 2004 21:42:30 +0100 (CET)
From: Joerg Pulz <Joerg.Pulz@frm2.tum.de>
Reply-To: Joerg Pulz <Joerg.Pulz@frm2.tum.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Maintainer <timur@gnu.org>
Subject: [security] update net/samba3 to 3.0.10
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         75168
>Category:       ports
>Synopsis:       [security] update net/samba3 to 3.0.10
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    sem
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 16 20:50:31 GMT 2004
>Closed-Date:    Tue Dec 21 12:25:56 GMT 2004
>Last-Modified:  Tue Dec 21 12:25:56 GMT 2004
>Originator:     Joerg Pulz
>Release:        FreeBSD 5.3-RELEASE-p1 i386
>Organization:
TU-Munich / ZWE FRM-II
>Environment:
System: FreeBSD hades.admin.frm2 5.3-RELEASE-p1 FreeBSD 5.3-RELEASE-p1 #10: Fri Nov 19 18:49:33 CET 2004 jpulz@hades.admin.frm2:/usr/obj/usr/src/sys/HADES i386


	
>Description:
	- security update for net/samba3 to 3.0.10
	  > see: http://us1.samba.org/samba/security/CAN-2004-1154.html

	Additionally
	- make SAMBA_CONFDIR user defineable like SAMBA_PRIVATE
	  > therefor set RC_DIR to ${PREFIX}/etc/rc.d
	    instead of ${SAMBA_CONFDIR}/rc.d
	  > small changes to pkg-plist and PLIST_SUB
	  > the samba.sh script is able to handle this without modifications

	please, please, please don't remove the user defineable SAMBA_CONFDIR
	stuff. I like it very much and it is running on all my machines this way
	for several versions now. It is really annoying to change this ever and
	ever again for every update on every machine.

>How-To-Repeat:
	
>Fix:

	- remove net/samba3/files/patch-script_installswat.sh
	  (this is fixed in 3.0.10)
	- apply the patch

--- samba-3_0_10.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/samba3/Makefile,v
retrieving revision 1.131
diff -u -r1.131 Makefile
--- Makefile	23 Nov 2004 17:34:51 -0000	1.131
+++ Makefile	16 Dec 2004 20:19:33 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=		samba
-PORTVERSION=		3.0.9
+PORTVERSION=		3.0.10
 PORTREVISION?=		0
 PORTEPOCH?=		1
 CATEGORIES?=		net
@@ -33,10 +33,10 @@
 SAMBA_RUNDIR=		${VARDIR}/run
 SAMBA_LOCKDIR?=		${VARDIR}/db/samba
 SAMBA_PRIVATE?=		${PREFIX}/private
-SAMBA_CONFDIR=		${PREFIX}/etc
+SAMBA_CONFDIR?=		${PREFIX}/etc
 SAMBA_SWATDIR=		${PREFIX}/share/swat
 SAMBA_LIBDIR=		${PREFIX}/lib
-RC_DIR=			${SAMBA_CONFDIR}/rc.d
+RC_DIR=			${PREFIX}/etc/rc.d
 SAMBA_CONFIG=		${SAMBA_CONFDIR}/smb.conf
 
 CONFIGURE_ENV+=		CPPFLAGS=-I${LOCALBASE}/include \
@@ -259,7 +259,8 @@
 
 PLIST_SUB+=		RC_DIR=${RC_DIR} \
 			SAMBA_LOGDIR=${SAMBA_LOGDIR} \
-			SAMBA_LOCKDIR=${SAMBA_LOCKDIR}
+			SAMBA_LOCKDIR=${SAMBA_LOCKDIR} \
+			SAMBA_CONFIG=${SAMBA_CONFIG}
 
 RC_SCRIPTS_SUB=		PREFIX=${PREFIX} \
 			CUPS=${CUPS} \
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/net/samba3/distinfo,v
retrieving revision 1.60
diff -u -r1.60 distinfo
--- distinfo	23 Nov 2004 17:34:51 -0000	1.60
+++ distinfo	16 Dec 2004 20:19:33 -0000
@@ -1,2 +1,2 @@
-MD5 (samba-3.0.9.tar.gz) = 9cf2bcef71509a81687dec8732545400
-SIZE (samba-3.0.9.tar.gz) = 15172821
+MD5 (samba-3.0.10.tar.gz) = b19fd86d3c11a1b43f75a5988cd9ceeb
+SIZE (samba-3.0.10.tar.gz) = 15176926
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/net/samba3/pkg-plist,v
retrieving revision 1.57
diff -u -r1.57 pkg-plist
--- pkg-plist	23 Nov 2004 17:34:51 -0000	1.57
+++ pkg-plist	16 Dec 2004 20:19:33 -0000
@@ -23,8 +23,8 @@
 %%WINBIND%%bin/wbinfo
 @unexec %D/etc/rc.d/samba.sh forcestop 2>/dev/null || true
 etc/rc.d/samba.sh
-@unexec if cmp -s %D/etc/smb.conf %D/etc/smb.conf.default; then rm -f %D/etc/smb.conf; fi
-etc/smb.conf.default
+@unexec if cmp -s %%SAMBA_CONFIG%% %%SAMBA_CONFIG%%.default; then rm -f %%SAMBA_CONFIG%%; fi
+@unexec rm -f %%SAMBA_CONFIG%%.default 2>/dev/null || true
 sbin/smbd
 sbin/nmbd
 sbin/swat
@@ -434,6 +434,7 @@
 share/swat/help/nmbd.8.html
 share/swat/help/nmblookup.1.html
 share/swat/help/ntlm_auth.1.html
+share/swat/help/pam_winbind.8.html
 share/swat/help/pdbedit.8.html
 share/swat/help/profiles.1.html
 share/swat/help/rpcclient.1.html
Index: files/patch-lib_util_str.c
===================================================================
RCS file: /home/ncvs/ports/net/samba3/files/patch-lib_util_str.c,v
retrieving revision 1.1
diff -u -r1.1 patch-lib_util_str.c
--- files/patch-lib_util_str.c	18 May 2004 14:52:47 -0000	1.1
+++ files/patch-lib_util_str.c	16 Dec 2004 20:19:33 -0000
@@ -1,23 +1,23 @@
---- lib/util_str.c.orig	Tue Apr 20 22:42:55 2004
-+++ lib/util_str.c	Fri May 14 02:02:30 2004
-@@ -1980,10 +1980,16 @@
+--- lib/util_str.c.orig	Thu Dec 16 20:46:53 2004
++++ lib/util_str.c	Thu Dec 16 20:48:54 2004
+@@ -2008,10 +2008,16 @@
  {
  	int bits = 0;
  	int char_count = 0;
 -	size_t out_cnt = 0;
 -	size_t len = data.length;
 -	size_t output_len = data.length * 2;
--	char *result = malloc(output_len); /* get us plenty of space */
+-	char *result = SMB_MALLOC(output_len); /* get us plenty of space */
 +	size_t out_cnt, len, output_len;
 +	char *result;
 +
-+        if (!data.length || !data.data)
++	 if (!data.length || !data.data)
 +		return NULL;
 +
 +	out_cnt = 0;
 +	len = data.length;
 +	output_len = data.length * 2;
-+	result = malloc(output_len); /* get us plenty of space */
++	result = SMB_MALLOC(output_len); /* get us plenty of space */
  
  	while (len-- && out_cnt < (data.length * 2) - 5) {
  		int c = (unsigned char) *(data.data++);
--- samba-3_0_10.diff ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: sem 
State-Changed-When: Fri Dec 17 14:30:04 GMT 2004 
State-Changed-Why:  
Maintainer asks to wait his patch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75168 
Responsible-Changed-From-To: freebsd-ports-bugs->sem 
Responsible-Changed-By: sem 
Responsible-Changed-When: Sat Dec 18 14:59:15 GMT 2004 
Responsible-Changed-Why:  
Take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75168 

From: "Timur I. Bakeyev" <timur@gnu.org>
To: freebsd-gnats-submit@FreeBSD.org, Joerg.Pulz@frm2.tum.de
Cc:  
Subject: Re: ports/75168: [security] update net/samba3 to 3.0.10
Date: Mon, 20 Dec 2004 04:22:29 +0100

 Hi Joerg!
 
 Sorry for the delay with the answer - was too busy last week... I made 
 some small changes to your patch and approve the commit.
 
 One question is - I don't really see the necessirity to make 
 SAMBA_CONFDIR configurable during compile time as you can always
 specify another location of smb.conf in rc.conf. But if you like it so 
 much - I left it as is...
 
 There are few other changes to the port, maybe, not optimal - that 
 another Samba exploit screwed things up...
 
 With regards,
 Timur.
 
 Index: Makefile
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/Makefile,v
 retrieving revision 1.131
 diff -u -r1.131 Makefile
 --- Makefile    23 Nov 2004 17:34:51 -0000    1.131
 +++ Makefile    20 Dec 2004 03:15:22 -0000
 @@ -6,7 +6,7 @@
  #
  
  PORTNAME=        samba
 -PORTVERSION=        3.0.9
 +PORTVERSION=        3.0.10
  PORTREVISION?=        0
  PORTEPOCH?=        1
  CATEGORIES?=        net
 @@ -20,6 +20,7 @@
  CONFLICTS?=        ja-samba-2.* ja-samba-3.* samba-2.* sharity-light-1.*
  
  USE_ICONV=        yes
 +USE_AUTOHEADER_VER=    259
  USE_AUTOCONF_VER=    259
  
  LATEST_LINK?=        ${PKGNAMEPREFIX}${PORTNAME}3${PKGNAMESUFFIX}
 @@ -33,10 +34,10 @@
  SAMBA_RUNDIR=        ${VARDIR}/run
  SAMBA_LOCKDIR?=        ${VARDIR}/db/samba
  SAMBA_PRIVATE?=        ${PREFIX}/private
 -SAMBA_CONFDIR=        ${PREFIX}/etc
 +SAMBA_CONFDIR?=        ${PREFIX}/etc
  SAMBA_SWATDIR=        ${PREFIX}/share/swat
  SAMBA_LIBDIR=        ${PREFIX}/lib
 -RC_DIR=            ${SAMBA_CONFDIR}/rc.d
 +RC_DIR=            ${PREFIX}/etc/rc.d
  SAMBA_CONFIG=        ${SAMBA_CONFDIR}/smb.conf
  
  CONFIGURE_ENV+=        CPPFLAGS=-I${LOCALBASE}/include \
 @@ -72,6 +73,7 @@
          SAM_PGSQL    "With PostgreSQL smbpasswd backend" off \
          SAM_OLD_LDAP    "With Samba2.x LDAP smbpasswd backend" off \
          PAM_SMBPASS    "With SMB PAM module" off \
 +        EXP_MODULES    "With experimental module(s)" off \
          POPT        "With installed POPT library" on
  .endif
  
 @@ -173,6 +175,14 @@
  CONFIGURE_ARGS+=    --with-expsam=${WANT_EXPSAM_MODULES}
  .endif
  # SAM
 +.if defined(WITH_EXP_MODULES)
 +.if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
 +WANT_EXP_MODULES=    rpc_echo idmap_rid charset_weird
 +.endif
 +WANT_EXP_MODULES!=    ${ECHO_CMD} ${WANT_EXP_MODULES} | ${SED} -e 's/ /,/g'
 +CONFIGURE_ARGS+=    --with-shared-modules=${WANT_EXP_MODULES}
 +.endif
 +
  .if defined(WITH_PAM_SMBPASS)
  CONFIGURE_ARGS+=    --with-pam_smbpass
  PLIST_SUB+=        SMBPASS=""
 @@ -219,7 +229,7 @@
  CONFIGURE_ARGS+=    --with-krb5=${KRB5_HOME}
  .elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.a)
  CONFIGURE_ARGS+=    --with-krb5=${HEIMDAL_HOME}
 -.elif ( defined(MAKE_KERBEROS5) || ${OSVERSION} > 500105 ) && 
 exists(${DESTDIR}/usr/lib/libkrb5.a)
 +.elif exists(${DESTDIR}/usr/lib/libkrb5.a) && 
 exists(${DESTDIR}/usr/bin/krb5-config)
  CONFIGURE_ARGS+=    --with-krb5=${DESTDIR}/usr
  .else
  LIB_DEPENDS+=        krb5:${PORTSDIR}/security/heimdal
 @@ -237,7 +247,6 @@
  .endif
  
  .if !defined(SAMBA_SUBPORT)
 -
  MAN1=        findsmb.1 nmblookup.1 log2pcap.1 rpcclient.1 \
          smbget.1 smbcacls.1 smbclient.1 smbcontrol.1 smbsh.1 \
          smbstatus.1 smbtar.1 testparm.1 testprns.1 vfstest.1 \
 @@ -248,7 +257,7 @@
          swat.8 tdbdump.8 tdbbackup.8
  .if !defined(WITHOUT_WINBIND)
  MAN1+=        wbinfo.1
 -MAN8+=        winbindd.8
 +MAN8+=        pam_winbind.8 winbindd.8
  .endif
  
  .if !defined(WITHOUT_WINBIND)
 @@ -259,7 +268,8 @@
  
  PLIST_SUB+=        RC_DIR=${RC_DIR} \
              SAMBA_LOGDIR=${SAMBA_LOGDIR} \
 -            SAMBA_LOCKDIR=${SAMBA_LOCKDIR}
 +            SAMBA_LOCKDIR=${SAMBA_LOCKDIR} \
 +            SAMBA_CONFIG=${SAMBA_CONFIG}
  
  RC_SCRIPTS_SUB=        PREFIX=${PREFIX} \
              CUPS=${CUPS} \
 @@ -288,6 +298,10 @@
  post-patch:
      @${FIND} ${WRKSRC} -name CVS -o -name .cvsignore | ${XARGS} ${RM}
      @${RM} -rf ${WRKDIR}/${DISTNAME}/examples/libsmbclient
 +    @${RM} -rf ${WRKDIR}/${DISTNAME}/swat/lang
 +
 +pre-install:
 +    @${FIND} ${SAMBA_LIBDIR} -type f | ${SORT} | ${SED} -e 
 's|^${PREFIX}||; s|^/||' >> ${WRKDIR}/.PLIST.exclude
  
  post-install:
  .for sect in 1 5 7 8
 @@ -309,6 +323,21 @@
          ${FILESDIR}/smb.conf.default > ${WRKDIR}/smb.conf.default
      ${INSTALL_DATA} ${WRKDIR}/smb.conf.default ${SAMBA_CONFIG}.default
      ${INSTALL_SCRIPT} ${WRKSRC}/script/mksmbpasswd.sh 
 ${PREFIX}/bin/make_smbpasswd
 +.if !defined(WITHOUT_WINBIND)
 +.if defined(WITH_WINBIND_NSS)
 +    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/nss_winbind.so 
 ${SAMBA_LIBDIR}/nss_winbind.so.1
 +    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/nss_wins.so 
 ${SAMBA_LIBDIR}/nss_wins.so.1
 +.endif
 +    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/pam_winbind.so ${SAMBA_LIBDIR}
 +.endif
 +.if defined(WITH_PAM_SMBPASS)
 +    @${INSTALL_PROGRAM} ${WRKSRC}/bin/pam_smbpass.so ${SAMBA_LIBDIR}
 +.endif
 +# Lib
 +    @${FIND} ${SAMBA_LIBDIR} -type f | ${SED} -e 's|^${PREFIX}||; 
 s|^/||' | ${EGREP} -F -v -f ${WRKDIR}/.PLIST.exclude | ${SORT} >> 
 ${TMPPLIST}
 +    @for d in `${FIND} ${SAMBA_LIBDIR}/samba -type d | ${SORT} -r`; do \
 +        ${ECHO_CMD} "@unexec ${RMDIR} $$d 2>/dev/null || true" >> 
 ${TMPPLIST}; \
 +    done
  # Spool
      @test -d ${SAMBA_SPOOL} || ${MKDIR} ${SAMBA_SPOOL} &&        \
          ${CHMOD} 1777 ${SAMBA_SPOOL} && ${CHOWN} root:wheel ${SAMBA_SPOOL}
 @@ -342,16 +371,6 @@
      @${ECHO_CMD} "@exec ${CHOWN} root:wheel ${SAMBA_PRIVATE}" >> 
 ${TMPPLIST}
      @${ECHO_CMD} "@unexec ${RMDIR} ${SAMBA_PRIVATE} 2>/dev/null || 
 true" >> ${TMPPLIST}
      @${ECHO_CMD} "@unexec ${ECHO_CMD} \"Warning: If you will *NOT* use 
 this package anymore, please remove ${SAMBA_PRIVATE}/* manually.\"" >> 
 ${TMPPLIST}
 -.if !defined(WITHOUT_WINBIND)
 -.if defined(WITH_WINBIND_NSS)
 -    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/nss_winbind.so 
 ${SAMBA_LIBDIR}/nss_winbind.so.1
 -    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/nss_wins.so 
 ${SAMBA_LIBDIR}/nss_wins.so.1
 -.endif
 -    ${INSTALL_PROGRAM} ${WRKSRC}/nsswitch/pam_winbind.so ${SAMBA_LIBDIR}
 -.endif
 -.if defined(WITH_PAM_SMBPASS)
 -    @${INSTALL_PROGRAM} ${WRKSRC}/bin/pam_smbpass.so ${SAMBA_LIBDIR}
 -.endif
  .if !defined(NOPORTDOCS)
      @${MKDIR} ${DOCSDIR}
      @${CP} -Rp ${WRKDIR}/${DISTNAME}/docs/registry ${DOCSDIR}
 Index: distinfo
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/distinfo,v
 retrieving revision 1.60
 diff -u -r1.60 distinfo
 --- distinfo    23 Nov 2004 17:34:51 -0000    1.60
 +++ distinfo    16 Dec 2004 22:22:18 -0000
 @@ -1,2 +1,2 @@
 -MD5 (samba-3.0.9.tar.gz) = 9cf2bcef71509a81687dec8732545400
 -SIZE (samba-3.0.9.tar.gz) = 15172821
 +MD5 (samba-3.0.10.tar.gz) = b19fd86d3c11a1b43f75a5988cd9ceeb
 +SIZE (samba-3.0.10.tar.gz) = 15176926
 Index: pkg-plist
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/pkg-plist,v
 retrieving revision 1.57
 diff -u -r1.57 pkg-plist
 --- pkg-plist    23 Nov 2004 17:34:51 -0000    1.57
 +++ pkg-plist    17 Dec 2004 03:38:42 -0000
 @@ -23,51 +23,12 @@
  %%WINBIND%%bin/wbinfo
  @unexec %D/etc/rc.d/samba.sh forcestop 2>/dev/null || true
  etc/rc.d/samba.sh
 -@unexec if cmp -s %D/etc/smb.conf %D/etc/smb.conf.default; then rm -f 
 %D/etc/smb.conf; fi
 -etc/smb.conf.default
 +@unexec if cmp -s %%SAMBA_CONFIG%% %%SAMBA_CONFIG%%.default; then rm -f 
 %%SAMBA_CONFIG%%; fi
 +@unexec rm -f %%SAMBA_CONFIG%%.default
  sbin/smbd
  sbin/nmbd
  sbin/swat
  %%WINBIND%%sbin/winbindd
 -lib/samba/lowcase.dat
 -lib/samba/upcase.dat
 -lib/samba/valid.dat
 -lib/samba/de.msg
 -lib/samba/en.msg
 -lib/samba/fr.msg
 -lib/samba/it.msg
 -lib/samba/ja.msg
 -lib/samba/nl.msg
 -lib/samba/pl.msg
 -lib/samba/tr.msg
 -lib/samba/vfs/audit.so
 -lib/samba/vfs/cap.so
 -lib/samba/vfs/default_quota.so
 -lib/samba/vfs/expand_msdfs.so
 -lib/samba/vfs/extd_audit.so
 -lib/samba/vfs/fake_perms.so
 -lib/samba/vfs/full_audit.so
 -lib/samba/vfs/netatalk.so
 -lib/samba/vfs/readonly.so
 -lib/samba/vfs/recycle.so
 -lib/samba/vfs/shadow_copy.so
 -%%MULTIBYTE%%lib/samba/vfs/hex.so
 -lib/samba/charset/CP437.so
 -lib/samba/charset/CP850.so
 -%%SAMMYSQL%%lib/samba/pdb/mysql.so
 -%%SAMPGSQL%%lib/samba/pdb/pgsql.so
 -%%SAMXML%%lib/samba/pdb/xml.so
 -%%WINBIND_NSS%%lib/nss_winbind.so.1
 -%%WINBIND_NSS%%lib/nss_wins.so.1
 -%%WINBIND%%lib/pam_winbind.so
 -%%SMBPASS%%lib/pam_smbpass.so
 -@dirrm lib/samba/rpc
 -@dirrm lib/samba/pdb
 -@dirrm lib/samba/idmap
 -@dirrm lib/samba/charset
 -@dirrm lib/samba/auth
 -@unexec rmdir %D/lib/samba/vfs 2>/dev/null || true
 -@unexec rmdir %D/lib/samba 2>/dev/null || true
  %%SMBPASS%%%%EXAMPLESDIR%%/pam_smbpass/README
  %%SMBPASS%%%%EXAMPLESDIR%%/pam_smbpass/kdc-pdc
  %%SMBPASS%%%%EXAMPLESDIR%%/pam_smbpass/password-mature
 @@ -434,6 +395,7 @@
  share/swat/help/nmbd.8.html
  share/swat/help/nmblookup.1.html
  share/swat/help/ntlm_auth.1.html
 +share/swat/help/pam_winbind.8.html
  share/swat/help/pdbedit.8.html
  share/swat/help/profiles.1.html
  share/swat/help/rpcclient.1.html
 @@ -476,16 +438,6 @@
  share/swat/images/wizard.gif
  share/swat/include/footer.html
  share/swat/include/header.html
 -share/swat/lang/ja/help/welcome.html
 -share/swat/lang/tr/help/welcome.html
 -share/swat/lang/tr/images/globals.gif
 -share/swat/lang/tr/images/home.gif
 -share/swat/lang/tr/images/passwd.gif
 -share/swat/lang/tr/images/printers.gif
 -share/swat/lang/tr/images/samba.gif
 -share/swat/lang/tr/images/shares.gif
 -share/swat/lang/tr/images/status.gif
 -share/swat/lang/tr/images/viewconfig.gif
  share/swat/using_samba/appa.html
  share/swat/using_samba/appb.html
  share/swat/using_samba/appc.html
 @@ -651,15 +603,6 @@
  share/swat/using_samba/toc.html
  @dirrm share/swat/using_samba/figs
  @dirrm share/swat/using_samba
 -@dirrm share/swat/lang/tr/include
 -@dirrm share/swat/lang/tr/images
 -@dirrm share/swat/lang/tr/help
 -@dirrm share/swat/lang/tr
 -@dirrm share/swat/lang/ja/include
 -@dirrm share/swat/lang/ja/images
 -@dirrm share/swat/lang/ja/help
 -@dirrm share/swat/lang/ja
 -@dirrm share/swat/lang
  @dirrm share/swat/include
  @dirrm share/swat/images
  @dirrm share/swat/help/images
 Index: files/patch-configure.in
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/files/patch-configure.in,v
 retrieving revision 1.8
 diff -u -r1.8 patch-configure.in
 --- files/patch-configure.in    1 Sep 2004 16:23:29 -0000    1.8
 +++ files/patch-configure.in    26 Nov 2004 01:05:09 -0000
 @@ -1,6 +1,17 @@
 ---- configure.in.orig    Fri Aug  6 23:38:21 2004
 -+++ configure.in    Wed Sep  1 03:03:48 2004
 -@@ -810,6 +810,13 @@
 +--- configure.in.orig    Tue Nov 16 04:03:30 2004
 ++++ configure.in    Fri Nov 26 02:04:59 2004
 +@@ -691,7 +691,9 @@
 + AC_CHECK_HEADERS(nss.h nss_common.h nsswitch.h ns_api.h sys/security.h 
 security/pam_appl.h)
 + AC_CHECK_HEADERS(stropts.h poll.h)
 + AC_CHECK_HEADERS(sys/capability.h syscall.h sys/syscall.h)
 +-AC_CHECK_HEADERS(sys/acl.h sys/attributes.h attr/xattr.h sys/xattr.h 
 sys/cdefs.h glob.h)
 ++AC_CHECK_HEADERS(sys/acl.h sys/attributes.h attr/xattr.h sys/xattr.h 
 sys/extattr.h sys/uio.h)
 ++AC_CHECK_HEADERS(sys/cdefs.h glob.h)
 ++
 + # These faile to compile on Solaris so just check for their presence
 + AC_CHECK_HEADERS(security/pam_modules.h net/if.h netinet/ip.h, [], [], -)
 +
 +@@ -829,6 +831,13 @@
      AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t 
 variable type])
   fi
  
 @@ -14,7 +25,19 @@
   # stupid headers have the functions but no declaration. grrrr.
   AC_HAVE_DECL(errno, [#include <errno.h>])
   AC_HAVE_DECL(setresuid, [#include <unistd.h>])
 -@@ -3870,7 +3877,7 @@
 +@@ -1125,6 +1134,11 @@
 + AC_CHECK_FUNCS(setxattr lsetxattr fsetxattr)
 + AC_CHECK_FUNCS(attr_get attr_list attr_set attr_remove)
 + AC_CHECK_FUNCS(attr_getf attr_listf attr_setf attr_removef)
 ++# Check if we have extattr
 ++AC_CHECK_FUNCS(extattr_delete_fd extattr_delete_file extattr_delete_link)
 ++AC_CHECK_FUNCS(extattr_get_fd extattr_get_file extattr_get_link)
 ++AC_CHECK_FUNCS(extattr_list_fd extattr_list_file extattr_list_link)
 ++AC_CHECK_FUNCS(extattr_set_fd extattr_set_file extattr_set_link)
 +
 + # Assume non-shared by default and override below
 + BLDSHARED="false"
 +@@ -3939,7 +3953,7 @@
           AC_DEFINE(HAVE_TRU64_ACLS,1,[Whether Tru64 ACLs are available])
           ACL_LIBS="$ACL_LIBS -lpacl"
           ;;
 @@ -23,7 +46,7 @@
           AC_MSG_RESULT(Using FreeBSD posix ACLs)
           AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether FreeBSD POSIX ACLs are 
 available])
           AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is 
 available])
 -@@ -4189,7 +4196,7 @@
 +@@ -4258,7 +4272,7 @@
       *linux*)
           WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
           ;;
 Index: files/patch-include_config.h.in
 ===================================================================
 RCS file: files/patch-include_config.h.in
 diff -N files/patch-include_config.h.in
 --- files/patch-include_config.h.in    3 Jul 2004 12:46:41 -0000    1.1
 +++ /dev/null    1 Jan 1970 00:00:00 -0000
 @@ -1,12 +0,0 @@
 ---- include/config.h.in.orig    Sat May  8 02:33:46 2004
 -+++ include/config.h.in    Thu May 20 14:17:44 2004
 -@@ -236,6 +236,9 @@
 - /* Define to 1 if you have the `endnetgrent' function. */
 - #undef HAVE_ENDNETGRENT
 -
 -+/* Whether optreset is available */
 -+#undef HAVE_OPTRESET
 -+
 - /* Whether errno() is available */
 - #undef HAVE_ERRNO_DECL
 -
 Index: files/patch-include_includes.h
 ===================================================================
 RCS file: files/patch-include_includes.h
 diff -N files/patch-include_includes.h
 --- /dev/null    1 Jan 1970 00:00:00 -0000
 +++ files/patch-include_includes.h    26 Nov 2004 00:59:54 -0000
 @@ -0,0 +1,17 @@
 +--- include/includes.h.orig    Fri Nov 26 00:47:28 2004
 ++++ include/includes.h    Fri Nov 26 01:59:16 2004
 +@@ -476,6 +476,14 @@
 + #include <sys/xattr.h>
 + #endif
 +
 ++#ifdef HAVE_SYS_EXTATTR_H
 ++#include <sys/extattr.h>
 ++#endif
 ++
 ++#ifdef HAVE_SYS_UIO_H
 ++#include <sys/uio.h>
 ++#endif
 ++        
 + #if HAVE_LOCALE_H
 + #include <locale.h>
 + #endif
 Index: files/patch-lib_system.c
 ===================================================================
 RCS file: files/patch-lib_system.c
 diff -N files/patch-lib_system.c
 --- /dev/null    1 Jan 1970 00:00:00 -0000
 +++ files/patch-lib_system.c    19 Dec 2004 23:00:28 -0000
 @@ -0,0 +1,134 @@
 +--- lib/system.c.orig    Tue Nov 16 04:03:19 2004
 ++++ lib/system.c    Mon Dec 20 00:00:05 2004
 +@@ -1308,6 +1308,13 @@
 + {
 + #if defined(HAVE_GETXATTR)
 +     return getxattr(path, name, value, size);
 ++#elif defined(HAVE_EXTATTR_GET_FILE)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_get_file(path, attrnamespace, attrname, value, size);
 + #elif defined(HAVE_ATTR_GET)
 +     int retval, flags = 0;
 +     int valuelength = (int)size;
 +@@ -1328,6 +1335,13 @@
 + {
 + #if defined(HAVE_LGETXATTR)
 +     return lgetxattr(path, name, value, size);
 ++#elif defined(HAVE_EXTATTR_GET_LINK)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_get_link(path, attrnamespace, attrname, value, size);
 + #elif defined(HAVE_ATTR_GET)
 +     int retval, flags = ATTR_DONTFOLLOW;
 +     int valuelength = (int)size;
 +@@ -1348,6 +1362,13 @@
 + {
 + #if defined(HAVE_FGETXATTR)
 +     return fgetxattr(filedes, name, value, size);
 ++#elif defined(HAVE_EXTATTR_GET_FD)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_get_fd(filedes, attrnamespace, attrname, value, size);
 + #elif defined(HAVE_ATTR_GETF)
 +     int retval, flags = 0;
 +     int valuelength = (int)size;
 +@@ -1472,6 +1493,13 @@
 + {
 + #if defined(HAVE_REMOVEXATTR)
 +     return removexattr(path, name);
 ++#elif defined(HAVE_EXTATTR_DELETE_FILE)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_delete_file(path, attrnamespace, attrname);
 + #elif defined(HAVE_ATTR_REMOVE)
 +     int flags = 0;
 +     char *attrname = strchr(name,'.') +1;
 +@@ -1489,6 +1517,13 @@
 + {
 + #if defined(HAVE_LREMOVEXATTR)
 +     return lremovexattr(path, name);
 ++#elif defined(HAVE_EXTATTR_DELETE_LINK)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_delete_link(path, attrnamespace, attrname);
 + #elif defined(HAVE_ATTR_REMOVE)
 +     int flags = ATTR_DONTFOLLOW;
 +     char *attrname = strchr(name,'.') +1;
 +@@ -1506,6 +1541,13 @@
 + {
 + #if defined(HAVE_FREMOVEXATTR)
 +     return fremovexattr(filedes, name);
 ++#elif defined(HAVE_EXTATTR_DELETE_FD)
 ++    char *s;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    return extattr_delete_fd(filedes, attrnamespace, attrname);
 + #elif defined(HAVE_ATTR_REMOVEF)
 +     int flags = 0;
 +     char *attrname = strchr(name,'.') +1;
 +@@ -1528,6 +1570,15 @@
 + {
 + #if defined(HAVE_SETXATTR)
 +     return setxattr(path, name, value, size, flags);
 ++#elif defined(HAVE_EXTATTR_SET_FILE)
 ++    char *s;
 ++    int retval = 0;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    retval = extattr_set_file(path, attrnamespace, attrname, value, size);
 ++    return (retval < 0) ? -1 : 0;
 + #elif defined(HAVE_ATTR_SET)
 +     int myflags = 0;
 +     char *attrname = strchr(name,'.') +1;
 +@@ -1547,6 +1598,15 @@
 + {
 + #if defined(HAVE_LSETXATTR)
 +     return lsetxattr(path, name, value, size, flags);
 ++#elif defined(HAVE_EXTATTR_SET_LINK)
 ++    char *s;
 ++    int retval = 0;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    retval = extattr_set_link(path, attrnamespace, attrname, value, size);
 ++    return (retval < 0) ? -1 : 0;
 + #elif defined(HAVE_ATTR_SET)
 +     int myflags = ATTR_DONTFOLLOW;
 +     char *attrname = strchr(name,'.') +1;
 +@@ -1566,6 +1626,15 @@
 + {
 + #if defined(HAVE_FSETXATTR)
 +     return fsetxattr(filedes, name, value, size, flags);
 ++#elif defined(HAVE_EXTATTR_SET_FD)
 ++    char *s;
 ++    int retval = 0;
 ++    int attrnamespace = (strncmp(name, "system", 6) == 0) ?
 ++        EXTATTR_NAMESPACE_SYSTEM : EXTATTR_NAMESPACE_USER;
 ++    const char *attrname = ((s=strchr_m(name, '.')) == NULL) ? name : 
 s + 1;
 ++
 ++    retval = extattr_set_fd(filedes, attrnamespace, attrname, value, 
 size);
 ++    return (retval < 0) ? -1 : 0;
 + #elif defined(HAVE_ATTR_SETF)
 +     int myflags = 0;
 +     char *attrname = strchr(name,'.') +1;
 Index: files/patch-lib_util_str.c
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/files/patch-lib_util_str.c,v
 retrieving revision 1.1
 diff -u -r1.1 patch-lib_util_str.c
 --- files/patch-lib_util_str.c    18 May 2004 14:52:47 -0000    1.1
 +++ files/patch-lib_util_str.c    17 Dec 2004 02:00:17 -0000
 @@ -1,13 +1,13 @@
 ---- lib/util_str.c.orig    Tue Apr 20 22:42:55 2004
 -+++ lib/util_str.c    Fri May 14 02:02:30 2004
 -@@ -1980,10 +1980,16 @@
 +--- lib/util_str.c.orig    Wed Dec 15 15:33:12 2004
 ++++ lib/util_str.c    Fri Dec 17 02:15:34 2004
 +@@ -2008,10 +2008,16 @@
   {
       int bits = 0;
       int char_count = 0;
  -    size_t out_cnt = 0;
  -    size_t len = data.length;
  -    size_t output_len = data.length * 2;
 --    char *result = malloc(output_len); /* get us plenty of space */
 +-    char *result = SMB_MALLOC(output_len); /* get us plenty of space */
  +    size_t out_cnt, len, output_len;
  +    char *result;
  +
 @@ -17,7 +17,7 @@
  +    out_cnt = 0;
  +    len = data.length;
  +    output_len = data.length * 2;
 -+    result = malloc(output_len); /* get us plenty of space */
 ++    result = SMB_MALLOC(output_len); /* get us plenty of space */
  
       while (len-- && out_cnt < (data.length * 2) - 5) {
           int c = (unsigned char) *(data.data++);
 Index: files/patch-script_installswat.sh
 ===================================================================
 RCS file: /home/ncvs/ports/net/samba3/files/patch-script_installswat.sh,v
 retrieving revision 1.1
 diff -u -r1.1 patch-script_installswat.sh
 --- files/patch-script_installswat.sh    23 Nov 2004 17:34:51 -0000    1.1
 +++ files/patch-script_installswat.sh    17 Dec 2004 03:08:48 -0000
 @@ -1,11 +1,12 @@
 ---- script/installswat.sh.orig    Fri Nov 19 21:11:15 2004
 -+++ script/installswat.sh    Fri Nov 19 21:11:45 2004
 -@@ -103,7 +103,7 @@
 -               fi
 -           fi
 -           for f in $SRCDIR../docs/$dir/images/*.png; do
 --              FNAME=$INSTALLDIR/`basename $f`
 -+              FNAME=$INSTALLDIR/images/`basename $f`
 -               echo $FNAME
 -               cp $f $FNAME || echo Cannot install $FNAME. Does $USER 
 have privileges?
 -               chmod 0644 $FNAME
 +--- script/installswat.sh.orig    Fri Dec 17 03:59:34 2004
 ++++ script/installswat.sh    Fri Dec 17 04:01:34 2004
 +@@ -8,8 +8,7 @@
 + echo Installing SWAT in $SWATDIR
 + echo Installing the Samba Web Administration Tool
 +
 +-LANGS=". `cd $SRCDIR../swat/; /bin/echo lang/??`"
 +-echo Installing langs are `cd $SRCDIR../swat/lang/; /bin/echo ??`
 ++LANGS="."
 +
 + for ln in $LANGS; do
 +  SWATLANGDIR=$SWATDIR/$ln
 
State-Changed-From-To: suspended->feedback 
State-Changed-By: sem 
State-Changed-When: Mon Dec 20 18:32:23 GMT 2004 
State-Changed-Why:  
Ask for feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75168 

From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, Joerg.Pulz@frm2.tum.de,
	timur@gnu.org
Cc:  
Subject: Re: ports/75168: [security] update net/samba3 to 3.0.10
Date: Mon, 20 Dec 2004 21:31:44 +0300

 Build fails on 4.x:
 Compiling lib/system.c
 In file included from lib/system.c:22:
 include/includes.h:441: krb5.h: No such file or directory
 In file included from lib/system.c:22:
 include/includes.h:457: gssapi.h: No such file or directory
 In file included from lib/system.c:22:
 include/includes.h:1329: syntax error before `krb5_set_real_time'
 include/includes.h:1329: syntax error before `context'
 include/includes.h:1329: warning: data definition has no type or storage 
 class
 include/includes.h:1333: syntax error before `krb5_set_default_tgs_ktypes'
 include/includes.h:1333: syntax error before `ctx'
 include/includes.h:1333: warning: data definition has no type or storage 
 class
 include/includes.h:1337: syntax error before `krb5_auth_con_setuseruserkey'
 include/includes.h:1337: syntax error before `context'
 include/includes.h:1337: warning: data definition has no type or storage 
 class
 include/includes.h:1341: syntax error before `ctx'
 include/includes.h:1345: syntax error before `*'
 include/includes.h:1346: syntax error before `context'
 include/includes.h:1347: syntax error before `context'
 include/includes.h:1348: syntax error before `krb5_ticket'
 include/includes.h:1349: syntax error before `get_principal_from_tkt'
 include/includes.h:1349: syntax error before `*'
 include/includes.h:1349: warning: data definition has no type or storage 
 class
 include/includes.h:1350: syntax error before `krb5_locate_kdc'
 include/includes.h:1350: syntax error before `ctx'
 include/includes.h:1350: warning: data definition has no type or storage 
 class
 include/includes.h:1351: syntax error before `get_kerberos_allowed_etypes'
 include/includes.h:1351: syntax error before `context'
 include/includes.h:1351: warning: data definition has no type or storage 
 class
 include/includes.h:1352: syntax error before `context'
 include/includes.h:1353: syntax error before `context'
 include/includes.h:1354: syntax error before `smb_krb5_kt_free_entry'
 include/includes.h:1354: syntax error before `context'
 include/includes.h:1354: warning: data definition has no type or storage 
 class
 include/includes.h:1355: syntax error before 
 `kerberos_fetch_salt_princ_for_host_princ'
 include/includes.h:1355: syntax error before `context'
 include/includes.h:1355: warning: data definition has no type or storage 
 class
 include/includes.h:1356: syntax error before `*'
 include/includes.h:1357: syntax error before `context'
 include/includes.h:1358: syntax error before `context'
 lib/system.c: In function `sys_getxattr':
 lib/system.c:1314: `EXTATTR_NAMESPACE_SYSTEM' undeclared (first use in 
 this function)
 lib/system.c:1314: (Each undeclared identifier is reported only once
 lib/system.c:1314: for each function it appears in.)
 lib/system.c:1314: `EXTATTR_NAMESPACE_USER' undeclared (first use in 
 this function)
 lib/system.c:1317: warning: passing arg 2 of `extattr_get_file' makes 
 pointer from integer without a cast
 lib/system.c:1317: warning: passing arg 3 of `extattr_get_file' from 
 incompatible pointer type
 lib/system.c:1317: warning: passing arg 4 of `extattr_get_file' makes 
 integer from pointer without a cast
 lib/system.c:1317: too many arguments to function `extattr_get_file'
 lib/system.c: In function `sys_removexattr':
 lib/system.c:1499: `EXTATTR_NAMESPACE_SYSTEM' undeclared (first use in 
 this function)
 lib/system.c:1499: `EXTATTR_NAMESPACE_USER' undeclared (first use in 
 this function)
 lib/system.c:1502: warning: passing arg 2 of `extattr_delete_file' makes 
 pointer from integer without a cast
 lib/system.c:1502: too many arguments to function `extattr_delete_file'
 lib/system.c: In function `sys_setxattr':
 lib/system.c:1577: `EXTATTR_NAMESPACE_SYSTEM' undeclared (first use in 
 this function)
 lib/system.c:1577: `EXTATTR_NAMESPACE_USER' undeclared (first use in 
 this function)
 lib/system.c:1580: warning: passing arg 2 of `extattr_set_file' makes 
 pointer from integer without a cast
 lib/system.c:1580: warning: passing arg 3 of `extattr_set_file' from 
 incompatible pointer type
 lib/system.c:1580: warning: passing arg 4 of `extattr_set_file' makes 
 integer from pointer without a cast
 lib/system.c:1580: too many arguments to function `extattr_set_file'
 *** Error code 1
 
 Stop in /usr/build/usr/ports/net/samba3/work/samba-3.0.10/source.
 *** Error code 1
 
 Stop in /usr/ports/net/samba3.
 
 -- 
 Sem.
State-Changed-From-To: feedback->closed 
State-Changed-By: sem 
State-Changed-When: Tue Dec 21 12:25:29 GMT 2004 
State-Changed-Why:  
Commtted with maintainer's modifications. 
Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=75168 
>Unformatted:
