Fixes CVE-2016-2119
Client side SMB2/3 required signing can be downgraded
Summary: A man in the middle attack can disable client signing
over SMB2/3, even if enforced by configuration
parameters.
Details:
https://www.samba.org/samba/security/CVE-2016-2119.html
The previously bundled libraries are now individual ports, therefore manual
action is needed to upgrade.
IE: pkgrm samba; prt-get depinst samba
/etc/rc.d/samba will now start all samba daemons: smbd, nmbd and winbindd,
previously it didn't start winbindd. In most cases not all of them are
needed, so now there are also individual scripts to suit all needs.
Note 1
------
This is the first version of our opt/samba port that uses the samba 4
sources, but it resembles more the old samba 3 port rather than to
introduce any support for the samba 4 sepcific features.
I've tested it only as an simple fileserver in my LAN and will not do
anything releated to the server-side of the Active Directory logon
environment. Of course, contributions and ideas therefor are welcome.
Note 2
------
New dependencies: libaio popt
samba depends now on the talloc library provided by opt/talloc which
is used by opt/mesa3d as well.
Because we have a file-conflict between samba and talloc, do a forced
install of talloc first and after that rebuild samba.
Beginning with this new major version, samba is configured to use
an external tdb, thus depends on opt/tdb now.
Unfortunately this breaks the build of samba, because you have to
do a forced-install of tdb first and update samba afterwards, or
remove samba first, next install tdb and samba.
The default passdb backend has been changed to 'tdbsam'!
That breaks existing setups using the 'smbpasswd' backend without
explicit declaration. Please use 'passdb backend = smbpasswd' if
you would like to stick to the 'smbpasswd' backend or convert your
smbpasswd entries using e.g. 'pdbedit -i smbpasswd -e tdbsam'.
Release notes: http://www.samba.org/samba/history/samba-3.4.0.html
