Bug 255415 - net/samba412: "samba-tool domain provision --dns-backend=BIND9_DLZ" create wrong named.conf for DLZ
Summary: net/samba412: "samba-tool domain provision --dns-backend=BIND9_DLZ" create wr...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Timur I. Bakeyev
Depends on:
Reported: 2021-04-26 10:54 UTC by shellingfield
Modified: 2021-05-04 00:26 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (timur)

Patch for files/patch-bind (501 bytes, patch)
2021-04-26 10:54 UTC, shellingfield
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description shellingfield 2021-04-26 10:54:48 UTC
Created attachment 224437 [details]
Patch for files/patch-bind

on fresh installed 12.2-RELEASE(-p6) and net/samba412-4.12.14,

after provisioning Samba AD DC w/ BIND9_DLZ, /var/db/samba4/bind-dns/named.conf whould be created.
however including this named.conf for dlz, dns/bind916 said

# /usr/local/etc/rc.d/named start
/var/db/samba4/bind-dns/named.conf:35: expected string near '/'
/usr/local/etc/rc.d/named: ERROR: named-checkconf for /usr/local/etc/namedb/named.conf failed

generated named.conf is like

    database /usr/local/lib/samba4/modules/bind9/dlz_bind9_16.so";

but this should be

    database "dlopen /usr/local/lib/samba4/modules/bind9/dlz_bind9_16.so";

and then named would start well.

maybe commit 0664fec9b05912d1c1f0f051831ef2c997d8fa2a (ports r550234) for files/patch-bind cause this problem.

reverting this could fix for me.

Comment 1 Timur I. Bakeyev freebsd_committer 2021-05-02 02:00:32 UTC
Well spotted!

Not sure, how this re-occured again... Fixed back in the new version.

Thank you!
Comment 2 commit-hook freebsd_committer 2021-05-04 00:26:44 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3887986f673b9aa45588ab13e18544654ba5218a

commit 3887986f673b9aa45588ab13e18544654ba5218a
Author:     Timur I. Bakeyev <timur@FreeBSD.org>
AuthorDate: 2021-05-04 00:16:47 +0000
Commit:     Timur I. Bakeyev <timur@FreeBSD.org>
CommitDate: 2021-05-04 00:26:52 +0000

    PR:             255415
    Security:       CVE-2021-20254

    Updated net/samba412 and net/samba413 to fix CVE-2021-20254.

    Also fixed:
    * Incorrect include line for the bind backend(255415)
    * Broken pkg-plist with NO_PYTHON(254033)
    * Broken URL parsing in LDAP client(252385)

 net/samba412/Makefile                    |   4 +-
 net/samba412/distinfo                    |   6 +-
 net/samba412/files/patch-bind            |   2 +-
 net/samba412/files/patch-linuxisms (new) |  68 +++
 net/samba412/pkg-plist                   | 702 +++++++++++++++----------------
 net/samba413/Makefile                    |   4 +-
 net/samba413/distinfo                    |   6 +-
 net/samba413/files/patch-bind            |   2 +-
 net/samba413/files/patch-linuxisms (new) |  91 ++++
 9 files changed, 522 insertions(+), 363 deletions(-)