Date: Sun, 24 Jul 2016 09:10:03 -0500 From: Karl Denninger <karl@denninger.net> To: freebsd-ports@freebsd.org Subject: Re: Updating Samba to 4.3.11_1 Message-ID: <a0b1b23e-36e6-d4f5-73af-a1a25d798f17@denninger.net> In-Reply-To: <201607232309.u6NN9Dsv072727@gw.catspoiler.org> References: <201607232309.u6NN9Dsv072727@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format.
--------------ms010705010906070904090005
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 7/23/2016 18:09, Don Lewis wrote:
> On 23 Jul, Karl Denninger wrote:
>> On 7/23/2016 10:13, Gerard Seibert wrote:
>>> On Sat, 23 Jul 2016 09:29:59 -0500, Karl Denninger stated:
>>>
>>>> Caution: This advice is WRONG. If you have a RUNNING Samba 4.3 do N=
OT
>>>> deinstall it before attempting to build the CVE-patched version.
>>>>
>>>> I followed the above advice on failure to build the latest Samba 4.3=
>>>> and now have NO samba server software on the machine; I get to recov=
er
>>> >from last snapshot now (or attempt to load it via pkg), as the build=
>>>> STILL fails in the same place following deinstall with errors in
>>>> undefined references to BIO_ calls.
>>>>
>>>> Since Samba is a *very* widely used piece of software *and* the upgr=
ade
>>>> is broken the maintainer either needs to get this fixed pronto or th=
e
>>>> port needs to be marked broken so that people don't get hosed in thi=
s
>>>> fashion on 11-BETA{1|2}.
>>>>
>>>> Good thing it's the weekend and I can afford the lack of SMB server =
on
>>>> this network at the present time without being lynched.
>>> Sorry, but my experience was very different from yours. I deleted the=
>>> old version of Samba43, deactivated it in rc.conf, rebooted the machi=
ne
>>> and installed the new version. I reactivated it in rc.conf and manual=
ly
>>> started it. Everything worked fine. Are you absolutely sure you delet=
ed
>>> it? Try "make clean" before rebuilding the port and see if that helps=
=2E
>> Yes, I'm sure; I did a pkg delete before starting and a make clean.
>>
>> Results (this is consistent and repeatable):
>>
>> Waf: Entering directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'=
>> Selected embedded Heimdal build
>> [3604/3871] Linking default/source3/client/smbclient
>> runner cc default/source3/client/client_162.o
>> default/source3/client/clitar_162.o
>> default/source3/client/dnsbrowse_162.o
>> default/libcli/smbreadline/smbreadline_1.o -o
>> /usr/ports/net/samba43/work/samba-4.3.11/bin/default/source3/client/sm=
bclient
>> -fstack-protector -pie -Wl,-z,relro,-z,now -lpthread -Wl,-no-undefined=
>> -Wl,--export-dynamic -Wl,--as-needed
>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared
>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared/private=
>> -Ldefault/libds/common -Ldefault/auth -Ldefault/source4/lib/socket
>> -Ldefault/libcli/nbt -Ldefault/lib/ldb-samba -Ldefault/nsswitch
>> -Ldefault/source4/auth/kerberos -Ldefault/source4/dsdb
>> -Ldefault/source4/libcli/ldap -Ldefault/source4/lib/events
>> -Ldefault/libcli/registry -Ldefault/lib/tdb_wrap
>> -Ldefault/source4/librpc -Ldefault/lib/param -Ldefault/auth/credential=
s
>> -Ldefault/nsswitch/libwbclient -Ldefault/auth/gensec
>> -Ldefault/lib/krb5_wrap -Ldefault/libcli/auth -Ldefault/libcli/cldap
>> -Ldefault/libcli/ldap -Ldefault/lib/addns
>> -Ldefault/source4/heimdal_build -Ldefault/lib -Ldefault/librpc
>> -Ldefault/libcli/smb -Ldefault/lib/dbwrap -Ldefault/lib/socket
>> -Ldefault/libcli/util -Ldefault/libcli/security -Ldefault/source3
>> -Ldefault/lib/replace -Ldefault/lib/util -L/usr/local/lib -Wl,-Bdynami=
c
>> -ltalloc-report-samba4 -ltevent-util -lreplace-samba4
>> -lmessages-dgm-samba4 -lsamba-security-samba4 -lerrors-samba4
>> -lsamba3-util-samba4 -lsys-rw-samba4 -lutil-tdb-samba4
>> -linterfaces-samba4 -lpopt-samba3-samba4 -lsamba-util
>> -lsocket-blocking-samba4 -lmessages-util-samba4 -llibsmb-samba4
>> -lmsrpc3-samba4 -lserver-id-db-samba4 -ldbwrap-samba4 -liov-buf-samba4=
>> -lsmbconf -lcli-smb-common-samba4 -lsamba-cluster-support-samba4
>> -ldcerpc-samba-samba4 -lndr-standard -lmsghdr-samba4
>> -lsamba-sockets-samba4 -lndr -lsamba-debug-samba4 -lutil-cmdline-samba=
4
>> -ltime-basic-samba4 -lutil-setid-samba4 -lgenrand-samba4 -lkrb5-samba4=
>> -laddns-samba4 -lgssapi-samba4 -lcli-ldap-common-samba4
>> -lcli-cldap-samba4 -lcliauth-samba4 -lkrb5samba-samba4 -lgse-samba4
>> -lgensec -lwbclient -lsamba-credentials -lndr-samba-samba4
>> -lsamba-hostconfig -lndr-nbt -ldcerpc-binding -lndr-samba4
>> -ltdb-wrap-samba4 -lsmbregistry-samba4 -lCHARSET3-samba4
>> -lutil-reg-samba4 -lsmb-transport-samba4 -lroken-samba4 -levents-samba=
4
>> -lsecrets3-samba4 -lheimbase-samba4 -lcom_err-samba4 -lasn1-samba4
>> -lhx509-samba4 -lhcrypto-samba4 -lwind-samba4 -lasn1util-samba4
>> -lcli-ldap-samba4 -lsamba-modules-samba4 -lsamdb -lauthkrb5-samba4
>> -lwinbind-client-samba4 -lsamdb-common-samba4 -lldbsamba-samba4
>> -lndr-krb5pac -lserver-role-samba4 -lsmbd-shim-samba4 -lcli-nbt-samba4=
>> -lnetif-samba4 -lauth-sam-reply-samba4 -lflag-mapping-samba4 -lutil -l=
z
>> -lgnutls -lldb -ltalloc -lldap -llber -liconv -lmd -lrt -lexecinfo
>> -lncurses -ltdb -lpopt -larchive -lcrypt -ltevent -lreadline
>> //usr/local/lib/libssl.so.8: undefined reference to
>> `BIO_dgram_sctp_msg_waiting'
>> //usr/local/lib/libssl.so.8: undefined reference to `BIO_dgram_is_sctp=
'
>> //usr/local/lib/libssl.so.8: undefined reference to
>> `BIO_dgram_sctp_wait_for_dry'
>> cc: error: linker command failed with exit code 1 (use -v to see invoc=
ation)
>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>> Build failed: -> task failed (err #1):
> That's a different error than the one in the PR.
I have a PR open on this as well (different blowup, different PR)
>
>> Now let's remove the openssl port and....
>>
>> .....
>>
>>
>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>> 'build' finished successfully (39.249s)
>>
>> Yep.
>>
>> That's (badly) broken, because there are plenty of people (myself
>> included) that *need* the newer openssl version on our systems and wit=
h
>> or without it in /etc/make.conf declared as default *the newer version=
>> libraries still get picked up and blow up the Samba build.*
> I've got this in my poudriere make.conf:
> WITH_OPENSSL_PORT=3Dyes
> DEFAULT_VERSIONS+=3Dssl=3Dopenssl
> and I haven't run into any build problems with samba43 on either FreeBS=
D
> 10 or 11 (though my last build on 11 was a few weeks ago).
Is openssl *installed* before you build samba? It has to be installed
to fail the samba build.
> What's interestinga about this error is that the samba43 Makefile has n=
o
> mention of ssl, and the link command above doesn't list -lssl, so why i=
s
> libssl getting hauled in? Also, why aren't you seeing this error on
> other things that use openssl from ports?
>
> BIO_dgram_is_sctp is defined by the ports version of libcrpto.so.8,
> which libssl is linked against, so that should be resolving the symbol.=
Yes, but.... it isn't.
If the openssl port is installed both Samba43 and Samba44 fail to build
with the above error. If the port is *removed* (e.g. "pkg delete
openssl") then the build completes. Whether openssl is declared in
/etc/make.conf appears to be immaterial to the outcome.
It's not immediately obvious to me why either, given a quick look at the
samba port makefiles.
--=20
Karl Denninger
karl@denninger.net <mailto:karl@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
--------------ms010705010906070904090005
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
Bl8wggZbMIIEQ6ADAgECAgEpMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHRmxvcmlkYTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3Rl
bXMgTExDMRwwGgYDVQQDExNDdWRhIFN5c3RlbXMgTExDIENBMSIwIAYJKoZIhvcNAQkBFhND
dWRhIFN5c3RlbXMgTExDIENBMB4XDTE1MDQyMTAyMjE1OVoXDTIwMDQxOTAyMjE1OVowWjEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBM
TEMxHjAcBgNVBAMTFUthcmwgRGVubmluZ2VyIChPQ1NQKTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBALmEWPhAdphrWd4K5VTvE5pxL3blRQPyGF3ApjUjgtavqU1Y8pbI3Byg
XDj2/Uz9Si8XVj/kNbKEjkRh5SsNvx3Fc0oQ1uVjyCq7zC/kctF7yLzQbvWnU4grAPZ3IuAp
3/fFxIVaXpxEdKmyZAVDhk9az+IgHH43rdJRIMzxJ5vqQMb+n2EjadVqiGPbtG9aZEImlq7f
IYDTnKyToi23PAnkPwwT+q1IkI2DTvf2jzWrhLR5DTX0fUYC0nxlHWbjgpiapyJWtR7K2YQO
aevQb/3vN9gSojT2h+cBem7QIj6U69rEYcEDvPyCMXEV9VcXdcmW42LSRsPvZcBHFkWAJqMZ
Myiz4kumaP+s+cIDaXitR/szoqDKGSHM4CPAZV9Yh8asvxQL5uDxz5wvLPgS5yS8K/o7zDR5
vNkMCyfYQuR6PAJxVOk5Arqvj9lfP3JSVapwbr01CoWDBkpuJlKfpQIEeC/pcCBKknllbMYq
yHBO2TipLyO5Ocd1nhN/nOsO+C+j31lQHfOMRZaPQykXVPWG5BbhWT7ttX4vy5hOW6yJgeT/
o3apynlp1cEavkQRS8uJHoQszF6KIrQMID/JfySWvVQ4ksnfzwB2lRomrdrwnQ4eG/HBS+0l
eozwOJNDIBlAP+hLe8A5oWZgooIIK/SulUAsfI6Sgd8dTZTTYmlhAgMBAAGjgfQwgfEwNwYI
KwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vY3VkYXN5c3RlbXMubmV0Ojg4ODgw
CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUxRyULenJaFwX
RtT79aNmIB/u5VkwHwYDVR0jBBgwFoAUJHGbnYV9/N3dvbDKkpQDofrTbTUwHQYDVR0RBBYw
FIESa2FybEBkZW5uaW5nZXIubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBPf3cYtmKowmGIYsm6
eBinJu7QVWvxi1vqnBz3KE+HapqoIZS8/PolB/hwiY0UAE1RsjBJ7yEjihVRwummSBvkoOyf
G30uPn4yg4vbJkR9lTz8d21fPshWETa6DBh2jx2Qf13LZpr3Pj2fTtlu6xMYKzg7cSDgd2bO
sJGH/rcvva9Spkx5Vfq0RyOrYph9boshRN3D4tbWgBAcX9POdXCVfJONDxhfBuPHsJ6vEmPb
An+XL5Yl26XYFPiODQ+Qbk44Ot1kt9s7oS3dVUrh92Qv0G3J3DF+Vt6C15nED+f+bk4gScu+
JHT7RjEmfa18GT8DcT//D1zEke1Ymhb41JH+GyZchDRWtjxsS5OBFMzrju7d264zJUFtX7iJ
3xvpKN7VcZKNtB6dLShj3v/XDsQVQWXmR/1YKWZ93C3LpRs2Y5nYdn6gEOpL/WfQFThtfnat
HNc7fNs5vjotaYpBl5H8+VCautKbGOs219uQbhGZLYTv6okuKcY8W+4EJEtK0xB08vqr9Jd0
FS9MGjQE++GWo+5eQxFt6nUENHbVYnsr6bYPQsZH0CRNycgTG9MwY/UIXOf4W034UpR82TBG
1LiMsYfb8ahQJhs3wdf1nzipIjRwoZKT1vGXh/cj3gwSr64GfenURBxaFZA5O1acOZUjPrRT
n3ci4McYW/0WVVA3lDGCBRMwggUPAgEBMIGWMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
RmxvcmlkYTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3RlbXMgTExD
MRwwGgYDVQQDExNDdWRhIFN5c3RlbXMgTExDIENBMSIwIAYJKoZIhvcNAQkBFhNDdWRhIFN5
c3RlbXMgTExDIENBAgEpMA0GCWCGSAFlAwQCAwUAoIICTTAYBgkqhkiG9w0BCQMxCwYJKoZI
hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA3MjQxNDEwMDNaME8GCSqGSIb3DQEJBDFCBEDn
abcI31dGVyLEsZB+sLZOReMWGmz14StmDeyJswS8FFdXdTk2tTOQpLpafCMEU/YZYOzfLDsN
7FmRFUWQGvveMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAK
BggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICASgwgacGCSsGAQQBgjcQBDGBmTCBljCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB0Zsb3JpZGExEjAQBgNVBAcTCU5pY2V2aWxsZTEZMBcGA1UEChMQQ3VkYSBTeXN0ZW1z
IExMQzEcMBoGA1UEAxMTQ3VkYSBTeXN0ZW1zIExMQyBDQTEiMCAGCSqGSIb3DQEJARYTQ3Vk
YSBTeXN0ZW1zIExMQyBDQQIBKTCBqQYLKoZIhvcNAQkQAgsxgZmggZYwgZAxCzAJBgNVBAYT
AlVTMRAwDgYDVQQIEwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1
ZGEgU3lzdGVtcyBMTEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExIjAgBgkqhkiG
9w0BCQEWE0N1ZGEgU3lzdGVtcyBMTEMgQ0ECASkwDQYJKoZIhvcNAQEBBQAEggIAr63vyCWg
rzbAOtI/ePEpse6cQN8Zf/SmimBpuJACrO4qz8GAtgiysNGxAYGJs3jhCX9fUeXuhNlIBqcl
KxTIVmp9cz9TMzTlKOBxd4YxLy3qJbYSduMqBlq8EeJ/UPxMp/CDQ/nIDUT0iIWqYgqCHQrV
WmkZrc3cOVB1qN7ZGH//ZFLKntD79ggWrMOkBhUjPO/Ws4sRmt5P3d7LqhnBk20TIGrVUIh5
5A1AdfHUGFA8QDAItW2lgIghZ6X97s2jM+QLoYYN87d2iwbFvuarVCpUziyRlEsS5UFcjVRB
3fBl3BA0GQXOZdBbroRCfNWE8XDpPUiyEqzJbfbSzxXI/iDnYKyCMqS74kmfRL2OqDUcM5zo
dlrK1u3GfI3uilli2b2yMgwlgSnQpo9pB+d/o8qdIdHr3XNQgzrwKknyLoBFQ2TxzeUJfy/l
FmpImwZycf4mFoeclBI5Y8eBccDzVpB46x5YvF65ji+4prDVHQ6yQAjHAGSS1iXYjDnucPUk
idbLs9I/cyVltXoDoePPWYJk+bxSqooz64OWLLWwqV0wNOefEyfuLZw5Qn05wAgVkBCbsXOw
fZ3GGtF+fcmdSoi/Nosu/oQ+6QLCf2Yx5JhGSyOyvd+z3CEUxZLw9LqPWmDFX2xJvSJzzT/8
M/8sHzgEtJbHBIgDteAWhUynf/kAAAAAAAA=
--------------ms010705010906070904090005--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0b1b23e-36e6-d4f5-73af-a1a25d798f17>