Updating Samba to 4.3.11_1

Don Lewis truckman at FreeBSD.org
Sun Jul 24 20:13:49 UTC 2016 

On 24 Jul, Karl Denninger wrote:
> On 7/23/2016 18:09, Don Lewis wrote:
>> On 23 Jul, Karl Denninger wrote:
>>> On 7/23/2016 10:13, Gerard Seibert wrote:
>>>> On Sat, 23 Jul 2016 09:29:59 -0500, Karl Denninger stated:
>>>>
>>>>> Caution: This advice is WRONG.  If you have a RUNNING Samba 4.3 do NOT
>>>>> deinstall it before attempting to build the CVE-patched version.
>>>>>
>>>>> I followed the above advice on failure to build the latest Samba 4.3
>>>>> and now have NO samba server software on the machine; I get to recover
>>>> >from last snapshot now (or attempt to load it via pkg), as the build
>>>>> STILL fails in the same place following deinstall with errors in
>>>>> undefined references to BIO_ calls.
>>>>>
>>>>> Since Samba is a *very* widely used piece of software *and* the upgrade
>>>>> is broken the maintainer either needs to get this fixed pronto or the
>>>>> port needs to be marked broken so that people don't get hosed in this
>>>>> fashion on 11-BETA{1|2}.
>>>>>
>>>>> Good thing it's the weekend and I can afford the lack of SMB server on
>>>>> this network at the present time without being lynched.
>>>> Sorry, but my experience was very different from yours. I deleted the
>>>> old version of Samba43, deactivated it in rc.conf, rebooted the machine
>>>> and installed the new version. I reactivated it in rc.conf and manually
>>>> started it. Everything worked fine. Are you absolutely sure you deleted
>>>> it? Try "make clean" before rebuilding the port and see if that helps.
>>> Yes, I'm sure; I did a pkg delete before starting and a make clean.
>>>
>>> Results (this is consistent and repeatable):
>>>
>>> Waf: Entering directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>>>         Selected embedded Heimdal build
>>> [3604/3871] Linking default/source3/client/smbclient
>>> runner cc default/source3/client/client_162.o
>>> default/source3/client/clitar_162.o
>>> default/source3/client/dnsbrowse_162.o
>>> default/libcli/smbreadline/smbreadline_1.o -o
>>> /usr/ports/net/samba43/work/samba-4.3.11/bin/default/source3/client/smbclient
>>> -fstack-protector -pie -Wl,-z,relro,-z,now -lpthread -Wl,-no-undefined
>>> -Wl,--export-dynamic -Wl,--as-needed
>>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared
>>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared/private
>>> -Ldefault/libds/common -Ldefault/auth -Ldefault/source4/lib/socket
>>> -Ldefault/libcli/nbt -Ldefault/lib/ldb-samba -Ldefault/nsswitch
>>> -Ldefault/source4/auth/kerberos -Ldefault/source4/dsdb
>>> -Ldefault/source4/libcli/ldap -Ldefault/source4/lib/events
>>> -Ldefault/libcli/registry -Ldefault/lib/tdb_wrap
>>> -Ldefault/source4/librpc -Ldefault/lib/param -Ldefault/auth/credentials
>>> -Ldefault/nsswitch/libwbclient -Ldefault/auth/gensec
>>> -Ldefault/lib/krb5_wrap -Ldefault/libcli/auth -Ldefault/libcli/cldap
>>> -Ldefault/libcli/ldap -Ldefault/lib/addns
>>> -Ldefault/source4/heimdal_build -Ldefault/lib -Ldefault/librpc
>>> -Ldefault/libcli/smb -Ldefault/lib/dbwrap -Ldefault/lib/socket
>>> -Ldefault/libcli/util -Ldefault/libcli/security -Ldefault/source3
>>> -Ldefault/lib/replace -Ldefault/lib/util -L/usr/local/lib -Wl,-Bdynamic
>>> -ltalloc-report-samba4 -ltevent-util -lreplace-samba4
>>> -lmessages-dgm-samba4 -lsamba-security-samba4 -lerrors-samba4
>>> -lsamba3-util-samba4 -lsys-rw-samba4 -lutil-tdb-samba4
>>> -linterfaces-samba4 -lpopt-samba3-samba4 -lsamba-util
>>> -lsocket-blocking-samba4 -lmessages-util-samba4 -llibsmb-samba4
>>> -lmsrpc3-samba4 -lserver-id-db-samba4 -ldbwrap-samba4 -liov-buf-samba4
>>> -lsmbconf -lcli-smb-common-samba4 -lsamba-cluster-support-samba4
>>> -ldcerpc-samba-samba4 -lndr-standard -lmsghdr-samba4
>>> -lsamba-sockets-samba4 -lndr -lsamba-debug-samba4 -lutil-cmdline-samba4
>>> -ltime-basic-samba4 -lutil-setid-samba4 -lgenrand-samba4 -lkrb5-samba4
>>> -laddns-samba4 -lgssapi-samba4 -lcli-ldap-common-samba4
>>> -lcli-cldap-samba4 -lcliauth-samba4 -lkrb5samba-samba4 -lgse-samba4
>>> -lgensec -lwbclient -lsamba-credentials -lndr-samba-samba4
>>> -lsamba-hostconfig -lndr-nbt -ldcerpc-binding -lndr-samba4
>>> -ltdb-wrap-samba4 -lsmbregistry-samba4 -lCHARSET3-samba4
>>> -lutil-reg-samba4 -lsmb-transport-samba4 -lroken-samba4 -levents-samba4
>>> -lsecrets3-samba4 -lheimbase-samba4 -lcom_err-samba4 -lasn1-samba4
>>> -lhx509-samba4 -lhcrypto-samba4 -lwind-samba4 -lasn1util-samba4
>>> -lcli-ldap-samba4 -lsamba-modules-samba4 -lsamdb -lauthkrb5-samba4
>>> -lwinbind-client-samba4 -lsamdb-common-samba4 -lldbsamba-samba4
>>> -lndr-krb5pac -lserver-role-samba4 -lsmbd-shim-samba4 -lcli-nbt-samba4
>>> -lnetif-samba4 -lauth-sam-reply-samba4 -lflag-mapping-samba4 -lutil -lz
>>> -lgnutls -lldb -ltalloc -lldap -llber -liconv -lmd -lrt -lexecinfo
>>> -lncurses -ltdb -lpopt -larchive -lcrypt -ltevent -lreadline
>>> //usr/local/lib/libssl.so.8: undefined reference to
>>> `BIO_dgram_sctp_msg_waiting'
>>> //usr/local/lib/libssl.so.8: undefined reference to `BIO_dgram_is_sctp'
>>> //usr/local/lib/libssl.so.8: undefined reference to
>>> `BIO_dgram_sctp_wait_for_dry'
>>> cc: error: linker command failed with exit code 1 (use -v to see invocation)
>>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>>> Build failed:  -> task failed (err #1):
>> That's a different error than the one in the PR.
> I have a PR open on this as well (different blowup, different PR)
>>
>>> Now let's remove the openssl port and....
>>>
>>> .....
>>>
>>>
>>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>>> 'build' finished successfully (39.249s)
>>>
>>> Yep.
>>>
>>> That's (badly) broken, because there are plenty of people (myself
>>> included) that *need* the newer openssl version on our systems and with
>>> or without it in /etc/make.conf declared as default *the newer version
>>> libraries still get picked up and blow up the Samba build.*
>> I've got this in my poudriere make.conf:
>> 	WITH_OPENSSL_PORT=yes
>> 	DEFAULT_VERSIONS+=ssl=openssl
>> and I haven't run into any build problems with samba43 on either FreeBSD
>> 10 or 11 (though my last build on 11 was a few weeks ago).
> Is openssl *installed* before you build samba?  It has to be installed
> to fail the samba build.
>> What's interestinga about this error is that the samba43 Makefile has no
>> mention of ssl, and the link command above doesn't list -lssl, so why is
>> libssl getting hauled in?  Also, why aren't you seeing this error on
>> other things that use openssl from ports?
>>
>> BIO_dgram_is_sctp is defined by the ports version of libcrpto.so.8,
>> which libssl is linked against, so that should be resolving the symbol.
> Yes, but.... it isn't.
> 
> If the openssl port is installed both Samba43 and Samba44 fail to build
> with the above error.  If the port is *removed* (e.g. "pkg delete
> openssl") then the build completes.  Whether openssl is declared in
> /etc/make.conf appears to be immaterial to the outcome.
> 
> It's not immediately obvious to me why either, given a quick look at the
> samba port makefiles.

I just ran "poudriere testport -i" to build samba43.  I've specify the
ports version of openssl in my make.conf, and when I look at the jail
used by poudriere to build samba, I see that the ports version of
openssl is installed.  Furthermore, if I run ldd on nmbd, I see that
libssl and libcrypto are linked it, probably indirectly via a
dependency.

# ldd /usr/local/sbin/nmbd 
/usr/local/sbin/nmbd:
	libthr.so.3 => /lib/libthr.so.3 (0x801651000)
	libpopt-samba3-samba4.so => /usr/local/lib/samba/libpopt-samba3-samba4.so (0x801875000)
	libsamba-util.so.0 => /usr/local/lib/libsamba-util.so.0 (0x801a7b000)
	liblibsmb-samba4.so => /usr/local/lib/samba/liblibsmb-samba4.so (0x801cf3000)
	libsamba-security-samba4.so => /usr/local/lib/samba/libsamba-security-samba4.so (0x801f85000)
	liberrors-samba4.so => /usr/local/lib/samba/liberrors-samba4.so (0x8021ad000)
	libsmbconf.so.0 => /usr/local/lib/libsmbconf.so.0 (0x8024e9000)
	libsys-rw-samba4.so => /usr/local/lib/samba/libsys-rw-samba4.so (0x802778000)
	libutil-tdb-samba4.so => /usr/local/lib/samba/libutil-tdb-samba4.so (0x80297b000)
	libsamba3-util-samba4.so => /usr/local/lib/samba/libsamba3-util-samba4.so (0x802b7f000)
	libsocket-blocking-samba4.so => /usr/local/lib/samba/libsocket-blocking-samba4.so (0x802d8b000)
	libsamba-sockets-samba4.so => /usr/local/lib/samba/libsamba-sockets-samba4.so (0x802f8d000)
	libndr.so.0 => /usr/local/lib/libndr.so.0 (0x8031aa000)
	libsamba-debug-samba4.so => /usr/local/lib/samba/libsamba-debug-samba4.so (0x8033cc000)
	libcli-cldap-samba4.so => /usr/local/lib/samba/libcli-cldap-samba4.so (0x8035d3000)
	libcli-smb-common-samba4.so => /usr/local/lib/samba/libcli-smb-common-samba4.so (0x8037dd000)
	libgse-samba4.so => /usr/local/lib/samba/libgse-samba4.so (0x803a1e000)
	libsmbregistry-samba4.so => /usr/local/lib/samba/libsmbregistry-samba4.so (0x803c53000)
	libCHARSET3-samba4.so => /usr/local/lib/samba/libCHARSET3-samba4.so (0x803e79000)
	libndr-nbt.so.0 => /usr/local/lib/libndr-nbt.so.0 (0x80407d000)
	libcli-nbt-samba4.so => /usr/local/lib/samba/libcli-nbt-samba4.so (0x8042a7000)
	libtalloc.so.2 => /usr/local/lib/libtalloc.so.2 (0x8044b4000)
	libpopt.so.0 => /usr/local/lib/libpopt.so.0 (0x8046c1000)
	libtdb.so.1 => /usr/local/lib/libtdb.so.1 (0x8048cd000)
	libtevent.so.0 => /usr/local/lib/libtevent.so.0 (0x804ae2000)
	libc.so.7 => /lib/libc.so.7 (0x800822000)
	libutil-cmdline-samba4.so => /usr/local/lib/samba/libutil-cmdline-samba4.so (0x804cf1000)
	libsamba-hostconfig.so.0 => /usr/local/lib/libsamba-hostconfig.so.0 (0x804ef5000)
	libtime-basic-samba4.so => /usr/local/lib/samba/libtime-basic-samba4.so (0x80512a000)
	libgenrand-samba4.so => /usr/local/lib/samba/libgenrand-samba4.so (0x80532c000)
	libreplace-samba4.so => /usr/local/lib/samba/libreplace-samba4.so (0x80553d000)
	libcliauth-samba4.so => /usr/local/lib/samba/libcliauth-samba4.so (0x805745000)
	libkrb5samba-samba4.so => /usr/local/lib/samba/libkrb5samba-samba4.so (0x80595f000)
	libgensec.so.0 => /usr/local/lib/libgensec.so.0 (0x805b6c000)
	libcom_err-samba4.so.0 => /usr/local/lib/samba/libcom_err-samba4.so.0 (0x805da3000)
	libasn1util-samba4.so => /usr/local/lib/samba/libasn1util-samba4.so (0x805fa5000)
	libtevent-util.so.0 => /usr/local/lib/libtevent-util.so.0 (0x8061ac000)
	libsmb-transport-samba4.so => /usr/local/lib/samba/libsmb-transport-samba4.so (0x8063af000)
	libsamba-credentials.so.0 => /usr/local/lib/libsamba-credentials.so.0 (0x8065b5000)
	libmessages-util-samba4.so => /usr/local/lib/samba/libmessages-util-samba4.so (0x8067cc000)
	libtalloc-report-samba4.so => /usr/local/lib/samba/libtalloc-report-samba4.so (0x8069ce000)
	libmessages-dgm-samba4.so => /usr/local/lib/samba/libmessages-dgm-samba4.so (0x806bd1000)
	libserver-id-db-samba4.so => /usr/local/lib/samba/libserver-id-db-samba4.so (0x806ddd000)
	libdbwrap-samba4.so => /usr/local/lib/samba/libdbwrap-samba4.so (0x806fe2000)
	libsamba-cluster-support-samba4.so => /usr/local/lib/samba/libsamba-cluster-support-samba4.so (0x8071f0000)
	libutil-reg-samba4.so => /usr/local/lib/samba/libutil-reg-samba4.so (0x8073f2000)
	libinterfaces-samba4.so => /usr/local/lib/samba/libinterfaces-samba4.so (0x8075f5000)
	libsmbd-shim-samba4.so => /usr/local/lib/samba/libsmbd-shim-samba4.so (0x8077f8000)
	libutil-setid-samba4.so => /usr/local/lib/samba/libutil-setid-samba4.so (0x8079fb000)
	libtdb-wrap-samba4.so => /usr/local/lib/samba/libtdb-wrap-samba4.so (0x807bfe000)
	libserver-role-samba4.so => /usr/local/lib/samba/libserver-role-samba4.so (0x807e01000)
	libndr-standard.so.0 => /usr/local/lib/libndr-standard.so.0 (0x808200000)
	libexecinfo.so.1 => /usr/lib/libexecinfo.so.1 (0x808a06000)
	libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x808c09000)
	liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x808e4f000)
	libiov-buf-samba4.so => /usr/local/lib/samba/libiov-buf-samba4.so (0x80905d000)
	libcli-ldap-common-samba4.so => /usr/local/lib/samba/libcli-ldap-common-samba4.so (0x80925f000)
	libldb.so.1 => /usr/local/lib/libldb.so.1 (0x809469000)
	libmd.so.6 => /lib/libmd.so.6 (0x809699000)
	libkrb5-samba4.so.26 => /usr/local/lib/samba/libkrb5-samba4.so.26 (0x8098a9000)
	libaddns-samba4.so => /usr/local/lib/samba/libaddns-samba4.so (0x809b38000)
	libgssapi-samba4.so.2 => /usr/local/lib/samba/libgssapi-samba4.so.2 (0x809d46000)
	libsecrets3-samba4.so => /usr/local/lib/samba/libsecrets3-samba4.so (0x809f92000)
	libauthkrb5-samba4.so => /usr/local/lib/samba/libauthkrb5-samba4.so (0x80a1a0000)
	librt.so.1 => /usr/lib/librt.so.1 (0x80a3c1000)
	libcrypt.so.5 => /lib/libcrypt.so.5 (0x80a5c7000)
	libintl.so.8 => /usr/local/lib/libintl.so.8 (0x80a7e7000)
	libndr-samba-samba4.so => /usr/local/lib/samba/libndr-samba-samba4.so (0x80aa00000)
	libasn1-samba4.so.8 => /usr/local/lib/samba/libasn1-samba4.so.8 (0x80ae3d000)
	libwbclient.so.0 => /usr/local/lib/libwbclient.so.0 (0x80b104000)
	libsamba-modules-samba4.so => /usr/local/lib/samba/libsamba-modules-samba4.so (0x80b319000)
	libsamdb.so.0 => /usr/local/lib/libsamdb.so.0 (0x80b51d000)
	libsamdb-common-samba4.so => /usr/local/lib/samba/libsamdb-common-samba4.so (0x80b73b000)
	libldbsamba-samba4.so => /usr/local/lib/samba/libldbsamba-samba4.so (0x80b96f000)
	libmsghdr-samba4.so => /usr/local/lib/samba/libmsghdr-samba4.so (0x80bba5000)
	libelf.so.1 => /usr/lib/libelf.so.1 (0x80bda8000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x80bfbd000)
	libssl.so.8 => /usr/local/lib/libssl.so.8 (0x80c1cb000)
	libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x80c437000)
	libheimbase-samba4.so.1 => /usr/local/lib/samba/libheimbase-samba4.so.1 (0x80c841000)
	libhx509-samba4.so.5 => /usr/local/lib/samba/libhx509-samba4.so.5 (0x80ca46000)
	libhcrypto-samba4.so.5 => /usr/local/lib/samba/libhcrypto-samba4.so.5 (0x80ccab000)
	libroken-samba4.so.19 => /usr/local/lib/samba/libroken-samba4.so.19 (0x80cefb000)
	libwind-samba4.so.0 => /usr/local/lib/samba/libwind-samba4.so.0 (0x80d10d000)
	libauth-sam-reply-samba4.so => /usr/local/lib/samba/libauth-sam-reply-samba4.so (0x80d336000)
	libndr-krb5pac.so.0 => /usr/local/lib/libndr-krb5pac.so.0 (0x80d53c000)
	libgnutls.so.30 => /usr/local/lib/libgnutls.so.30 (0x80d74b000)
	libz.so.6 => /lib/libz.so.6 (0x80da85000)
	libwinbind-client-samba4.so => /usr/local/lib/samba/libwinbind-client-samba4.so (0x80dc9b000)
	libflag-mapping-samba4.so => /usr/local/lib/samba/libflag-mapping-samba4.so (0x80de9f000)
	libp11-kit.so.0 => /usr/local/lib/libp11-kit.so.0 (0x80e0a2000)
	libidn.so.11 => /usr/local/lib/libidn.so.11 (0x80e2fe000)
	libtasn1.so.6 => /usr/local/lib/libtasn1.so.6 (0x80e531000)
	libnettle.so.6 => /usr/local/lib/libnettle.so.6 (0x80e743000)
	libhogweed.so.4 => /usr/local/lib/libhogweed.so.4 (0x80e97a000)
	libgmp.so.10 => /usr/local/lib/libgmp.so.10 (0x80ebad000)
	libffi.so.6 => /usr/local/lib/libffi.so.6 (0x80ee23000)


My best guess at this point is that one of the samba dependencies on
your machine is linked to the base version of libcrypto.so, and that is
preventing libcrypto.so from the ports version of openssl from being
loaded to resolve the BIO_dgram_is_sctp and BIO_dgram_sctp_wait_for_dry
symbols.

More information about the freebsd-ports mailing list