Updating Samba to 4.3.11_1

Karl Denninger karl at denninger.net
Sat Jul 23 19:56:57 UTC 2016

On 7/23/2016 10:13, Gerard Seibert wrote:
> On Sat, 23 Jul 2016 09:29:59 -0500, Karl Denninger stated:
>> Caution: This advice is WRONG.  If you have a RUNNING Samba 4.3 do NOT
>> deinstall it before attempting to build the CVE-patched version.
>> I followed the above advice on failure to build the latest Samba 4.3
>> and now have NO samba server software on the machine; I get to recover
> >from last snapshot now (or attempt to load it via pkg), as the build
>> STILL fails in the same place following deinstall with errors in
>> undefined references to BIO_ calls.
>> Since Samba is a *very* widely used piece of software *and* the upgrade
>> is broken the maintainer either needs to get this fixed pronto or the
>> port needs to be marked broken so that people don't get hosed in this
>> fashion on 11-BETA{1|2}.
>> Good thing it's the weekend and I can afford the lack of SMB server on
>> this network at the present time without being lynched.
> Sorry, but my experience was very different from yours. I deleted the
> old version of Samba43, deactivated it in rc.conf, rebooted the machine
> and installed the new version. I reactivated it in rc.conf and manually
> started it. Everything worked fine. Are you absolutely sure you deleted
> it? Try "make clean" before rebuilding the port and see if that helps.
Yes, I'm sure; I did a pkg delete before starting and a make clean.

Results (this is consistent and repeatable):

Waf: Entering directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
        Selected embedded Heimdal build
[3604/3871] Linking default/source3/client/smbclient
runner cc default/source3/client/client_162.o
default/libcli/smbreadline/smbreadline_1.o -o
-fstack-protector -pie -Wl,-z,relro,-z,now -lpthread -Wl,-no-undefined
-Wl,--export-dynamic -Wl,--as-needed
-Ldefault/libds/common -Ldefault/auth -Ldefault/source4/lib/socket
-Ldefault/libcli/nbt -Ldefault/lib/ldb-samba -Ldefault/nsswitch
-Ldefault/source4/auth/kerberos -Ldefault/source4/dsdb
-Ldefault/source4/libcli/ldap -Ldefault/source4/lib/events
-Ldefault/libcli/registry -Ldefault/lib/tdb_wrap
-Ldefault/source4/librpc -Ldefault/lib/param -Ldefault/auth/credentials
-Ldefault/nsswitch/libwbclient -Ldefault/auth/gensec
-Ldefault/lib/krb5_wrap -Ldefault/libcli/auth -Ldefault/libcli/cldap
-Ldefault/libcli/ldap -Ldefault/lib/addns
-Ldefault/source4/heimdal_build -Ldefault/lib -Ldefault/librpc
-Ldefault/libcli/smb -Ldefault/lib/dbwrap -Ldefault/lib/socket
-Ldefault/libcli/util -Ldefault/libcli/security -Ldefault/source3
-Ldefault/lib/replace -Ldefault/lib/util -L/usr/local/lib -Wl,-Bdynamic
-ltalloc-report-samba4 -ltevent-util -lreplace-samba4
-lmessages-dgm-samba4 -lsamba-security-samba4 -lerrors-samba4
-lsamba3-util-samba4 -lsys-rw-samba4 -lutil-tdb-samba4
-linterfaces-samba4 -lpopt-samba3-samba4 -lsamba-util
-lsocket-blocking-samba4 -lmessages-util-samba4 -llibsmb-samba4
-lmsrpc3-samba4 -lserver-id-db-samba4 -ldbwrap-samba4 -liov-buf-samba4
-lsmbconf -lcli-smb-common-samba4 -lsamba-cluster-support-samba4
-ldcerpc-samba-samba4 -lndr-standard -lmsghdr-samba4
-lsamba-sockets-samba4 -lndr -lsamba-debug-samba4 -lutil-cmdline-samba4
-ltime-basic-samba4 -lutil-setid-samba4 -lgenrand-samba4 -lkrb5-samba4
-laddns-samba4 -lgssapi-samba4 -lcli-ldap-common-samba4
-lcli-cldap-samba4 -lcliauth-samba4 -lkrb5samba-samba4 -lgse-samba4
-lgensec -lwbclient -lsamba-credentials -lndr-samba-samba4
-lsamba-hostconfig -lndr-nbt -ldcerpc-binding -lndr-samba4
-ltdb-wrap-samba4 -lsmbregistry-samba4 -lCHARSET3-samba4
-lutil-reg-samba4 -lsmb-transport-samba4 -lroken-samba4 -levents-samba4
-lsecrets3-samba4 -lheimbase-samba4 -lcom_err-samba4 -lasn1-samba4
-lhx509-samba4 -lhcrypto-samba4 -lwind-samba4 -lasn1util-samba4
-lcli-ldap-samba4 -lsamba-modules-samba4 -lsamdb -lauthkrb5-samba4
-lwinbind-client-samba4 -lsamdb-common-samba4 -lldbsamba-samba4
-lndr-krb5pac -lserver-role-samba4 -lsmbd-shim-samba4 -lcli-nbt-samba4
-lnetif-samba4 -lauth-sam-reply-samba4 -lflag-mapping-samba4 -lutil -lz
-lgnutls -lldb -ltalloc -lldap -llber -liconv -lmd -lrt -lexecinfo
-lncurses -ltdb -lpopt -larchive -lcrypt -ltevent -lreadline
//usr/local/lib/libssl.so.8: undefined reference to
//usr/local/lib/libssl.so.8: undefined reference to `BIO_dgram_is_sctp'
//usr/local/lib/libssl.so.8: undefined reference to
cc: error: linker command failed with exit code 1 (use -v to see invocation)
Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
Build failed:  -> task failed (err #1):

Now let's remove the openssl port and....


Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
'build' finished successfully (39.249s)


That's (badly) broken, because there are plenty of people (myself
included) that *need* the newer openssl version on our systems and with
or without it in /etc/make.conf declared as default *the newer version
libraries still get picked up and blow up the Samba build.*

The same compile-time blowup, incidentally, also occurs with Samba44.

Updated on https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211185

Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2996 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20160723/3c7a15c2/attachment.bin>

More information about the freebsd-ports mailing list