Updating Samba to 4.3.11_1

Karl Denninger karl at denninger.net
Sun Jul 24 14:10:11 UTC 2016

On 7/23/2016 18:09, Don Lewis wrote:
> On 23 Jul, Karl Denninger wrote:
>> On 7/23/2016 10:13, Gerard Seibert wrote:
>>> On Sat, 23 Jul 2016 09:29:59 -0500, Karl Denninger stated:
>>>> Caution: This advice is WRONG.  If you have a RUNNING Samba 4.3 do NOT
>>>> deinstall it before attempting to build the CVE-patched version.
>>>> I followed the above advice on failure to build the latest Samba 4.3
>>>> and now have NO samba server software on the machine; I get to recover
>>> >from last snapshot now (or attempt to load it via pkg), as the build
>>>> STILL fails in the same place following deinstall with errors in
>>>> undefined references to BIO_ calls.
>>>> Since Samba is a *very* widely used piece of software *and* the upgrade
>>>> is broken the maintainer either needs to get this fixed pronto or the
>>>> port needs to be marked broken so that people don't get hosed in this
>>>> fashion on 11-BETA{1|2}.
>>>> Good thing it's the weekend and I can afford the lack of SMB server on
>>>> this network at the present time without being lynched.
>>> Sorry, but my experience was very different from yours. I deleted the
>>> old version of Samba43, deactivated it in rc.conf, rebooted the machine
>>> and installed the new version. I reactivated it in rc.conf and manually
>>> started it. Everything worked fine. Are you absolutely sure you deleted
>>> it? Try "make clean" before rebuilding the port and see if that helps.
>> Yes, I'm sure; I did a pkg delete before starting and a make clean.
>> Results (this is consistent and repeatable):
>> Waf: Entering directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>>         Selected embedded Heimdal build
>> [3604/3871] Linking default/source3/client/smbclient
>> runner cc default/source3/client/client_162.o
>> default/source3/client/clitar_162.o
>> default/source3/client/dnsbrowse_162.o
>> default/libcli/smbreadline/smbreadline_1.o -o
>> /usr/ports/net/samba43/work/samba-4.3.11/bin/default/source3/client/smbclient
>> -fstack-protector -pie -Wl,-z,relro,-z,now -lpthread -Wl,-no-undefined
>> -Wl,--export-dynamic -Wl,--as-needed
>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared
>> -Wl,-rpath,/usr/ports/net/samba43/work/samba-4.3.11/bin/shared/private
>> -Ldefault/libds/common -Ldefault/auth -Ldefault/source4/lib/socket
>> -Ldefault/libcli/nbt -Ldefault/lib/ldb-samba -Ldefault/nsswitch
>> -Ldefault/source4/auth/kerberos -Ldefault/source4/dsdb
>> -Ldefault/source4/libcli/ldap -Ldefault/source4/lib/events
>> -Ldefault/libcli/registry -Ldefault/lib/tdb_wrap
>> -Ldefault/source4/librpc -Ldefault/lib/param -Ldefault/auth/credentials
>> -Ldefault/nsswitch/libwbclient -Ldefault/auth/gensec
>> -Ldefault/lib/krb5_wrap -Ldefault/libcli/auth -Ldefault/libcli/cldap
>> -Ldefault/libcli/ldap -Ldefault/lib/addns
>> -Ldefault/source4/heimdal_build -Ldefault/lib -Ldefault/librpc
>> -Ldefault/libcli/smb -Ldefault/lib/dbwrap -Ldefault/lib/socket
>> -Ldefault/libcli/util -Ldefault/libcli/security -Ldefault/source3
>> -Ldefault/lib/replace -Ldefault/lib/util -L/usr/local/lib -Wl,-Bdynamic
>> -ltalloc-report-samba4 -ltevent-util -lreplace-samba4
>> -lmessages-dgm-samba4 -lsamba-security-samba4 -lerrors-samba4
>> -lsamba3-util-samba4 -lsys-rw-samba4 -lutil-tdb-samba4
>> -linterfaces-samba4 -lpopt-samba3-samba4 -lsamba-util
>> -lsocket-blocking-samba4 -lmessages-util-samba4 -llibsmb-samba4
>> -lmsrpc3-samba4 -lserver-id-db-samba4 -ldbwrap-samba4 -liov-buf-samba4
>> -lsmbconf -lcli-smb-common-samba4 -lsamba-cluster-support-samba4
>> -ldcerpc-samba-samba4 -lndr-standard -lmsghdr-samba4
>> -lsamba-sockets-samba4 -lndr -lsamba-debug-samba4 -lutil-cmdline-samba4
>> -ltime-basic-samba4 -lutil-setid-samba4 -lgenrand-samba4 -lkrb5-samba4
>> -laddns-samba4 -lgssapi-samba4 -lcli-ldap-common-samba4
>> -lcli-cldap-samba4 -lcliauth-samba4 -lkrb5samba-samba4 -lgse-samba4
>> -lgensec -lwbclient -lsamba-credentials -lndr-samba-samba4
>> -lsamba-hostconfig -lndr-nbt -ldcerpc-binding -lndr-samba4
>> -ltdb-wrap-samba4 -lsmbregistry-samba4 -lCHARSET3-samba4
>> -lutil-reg-samba4 -lsmb-transport-samba4 -lroken-samba4 -levents-samba4
>> -lsecrets3-samba4 -lheimbase-samba4 -lcom_err-samba4 -lasn1-samba4
>> -lhx509-samba4 -lhcrypto-samba4 -lwind-samba4 -lasn1util-samba4
>> -lcli-ldap-samba4 -lsamba-modules-samba4 -lsamdb -lauthkrb5-samba4
>> -lwinbind-client-samba4 -lsamdb-common-samba4 -lldbsamba-samba4
>> -lndr-krb5pac -lserver-role-samba4 -lsmbd-shim-samba4 -lcli-nbt-samba4
>> -lnetif-samba4 -lauth-sam-reply-samba4 -lflag-mapping-samba4 -lutil -lz
>> -lgnutls -lldb -ltalloc -lldap -llber -liconv -lmd -lrt -lexecinfo
>> -lncurses -ltdb -lpopt -larchive -lcrypt -ltevent -lreadline
>> //usr/local/lib/libssl.so.8: undefined reference to
>> `BIO_dgram_sctp_msg_waiting'
>> //usr/local/lib/libssl.so.8: undefined reference to `BIO_dgram_is_sctp'
>> //usr/local/lib/libssl.so.8: undefined reference to
>> `BIO_dgram_sctp_wait_for_dry'
>> cc: error: linker command failed with exit code 1 (use -v to see invocation)
>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>> Build failed:  -> task failed (err #1):
> That's a different error than the one in the PR.
I have a PR open on this as well (different blowup, different PR)
>> Now let's remove the openssl port and....
>> .....
>> Waf: Leaving directory `/usr/ports/net/samba43/work/samba-4.3.11/bin'
>> 'build' finished successfully (39.249s)
>> Yep.
>> That's (badly) broken, because there are plenty of people (myself
>> included) that *need* the newer openssl version on our systems and with
>> or without it in /etc/make.conf declared as default *the newer version
>> libraries still get picked up and blow up the Samba build.*
> I've got this in my poudriere make.conf:
> 	DEFAULT_VERSIONS+=ssl=openssl
> and I haven't run into any build problems with samba43 on either FreeBSD
> 10 or 11 (though my last build on 11 was a few weeks ago).
Is openssl *installed* before you build samba?  It has to be installed
to fail the samba build.
> What's interestinga about this error is that the samba43 Makefile has no
> mention of ssl, and the link command above doesn't list -lssl, so why is
> libssl getting hauled in?  Also, why aren't you seeing this error on
> other things that use openssl from ports?
> BIO_dgram_is_sctp is defined by the ports version of libcrpto.so.8,
> which libssl is linked against, so that should be resolving the symbol.
Yes, but.... it isn't.

If the openssl port is installed both Samba43 and Samba44 fail to build
with the above error.  If the port is *removed* (e.g. "pkg delete
openssl") then the build completes.  Whether openssl is declared in
/etc/make.conf appears to be immaterial to the outcome.

It's not immediately obvious to me why either, given a quick look at the
samba port makefiles.

Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2996 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20160724/4cc66c41/attachment.bin>

More information about the freebsd-ports mailing list