Created attachment 237392 [details] Patch file * Fix plist error with following cases. - AD_DC option is off. - PYTHON3 option is off. * Update comment about possible values of SAMBA_DEFAULT in Mk/bsd.default-versions.mk * Update Mk/Uses/samba.mk so 4.16 is regarded as valid version of samba.
Created attachment 237394 [details] Updated patch file Also fix plist error when ADS option is off.
This is a bit embarrassing, as I've tested those combinations of the flags(and other) for 4.16.4. Apparently, something changed for 4.16.5, which I didn't dare to test(as usually packaging doesn't change within a major version).
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=890f94ea16e9af2a5f2c74e14d2ffc0873120468 commit 890f94ea16e9af2a5f2c74e14d2ffc0873120468 Author: Timur I. Bakeyev <timur@FreeBSD.org> AuthorDate: 2022-10-25 23:11:43 +0000 Commit: Timur I. Bakeyev <timur@FreeBSD.org> CommitDate: 2022-10-25 23:21:17 +0000 net/samba416: Update port to address CVE-2022-3437 PR: 267141 Security: CVE-2022-3437 net/samba416/Makefile | 32 ++++++++++++++++---------------- net/samba416/distinfo | 6 +++--- net/samba416/files/pkg-message.in | 5 +++-- net/samba416/pkg-plist | 22 ++++++++++++++++++---- net/samba416/pkg-plist.ad_dc | 13 ------------- net/samba416/pkg-plist.python | 1 - 6 files changed, 40 insertions(+), 39 deletions(-)
This is still not working. With the following config: ===> The following configuration options are available for samba416-4.16.6: ADS=off: Active Directory client(implies LDAP) AD_DC=off: Active Directory Domain Controller(implies PYTHON3) CLUSTER=off: Clustering support CUPS=off: CUPS printing system support DOCS=off: Build and/or install documentation FAM=on: File Alteration Monitor GPGME=off: GpgME support LDAP=off: LDAP client MANDOC=off: Build manpages from DOCBOOK templates PROFILE=off: Profiling data PYTHON3=off: Python 3.x bindings or support QUOTAS=on: Disk quota support SPOTLIGHT=off: Spotlight server-side search support SYSLOG=on: Syslog logging support UTMP=on: UTMP accounting ====> VFS modules FRUIT=on: MacOSX and TimeMachine support GLUSTERFS=off: GlusterFS support ====> GSSAPI Security API support: you have to select exactly one of them GSSAPI_BUILTIN=on: GSSAPI support via bundled Heimdal GSSAPI_MIT=off: GSSAPI support via security/krb5 ====> Zero configuration networking: you have to select exactly one of them ZEROCONF_NONE=off: Zeroconf support is absent AVAHI=on: Zeroconf support via Avahi MDNSRESPONDER=off: Zeroconf support via mDNSResponder ===> Use 'make config' to modify these settings I get: # /usr/local/bin/testparm -v ld-elf.so.1: Shared object "libldb-samba4.so" not found, required by "libsamba-credentials.so.1" # service samba_server start Performing sanity check on Samba configuration: FAILED Starting smbd. ld-elf.so.1: Shared object "libldb-samba4.so" not found, required by "libsamba-credentials.so.1" /usr/local/etc/rc.d/samba_server: WARNING: failed to start smbd
Created attachment 237680 [details] Bundled non-python lib.
(In reply to Michal Vanco from comment #4) Try the attached patch, just blindly created it base on your input. Next question would be - why do you disable almost all the Samba functionality, including Python bindings?
(In reply to Timur I. Bakeyev from comment #6) Thanks for the patch. I'll test it later. I don't understand your question. I disabled them because I don't want them to be compiled at all. I don't need LDAP, AD. I even don't need printing. Afterall, they are all optional (in the sense that they can be turned off by the user). Are some of those "options" required to even link the binary correctly (like python bindings)? Then those shouldn't be optional.
(In reply to Timur I. Bakeyev from comment #6) Patch seems to be working fine. No more missing shared object and smbd started normally. Good job
Committed, thanks!
*** Bug 267472 has been marked as a duplicate of this bug. ***