• https://download.samba.org/pub/samba/stable/ (Download)
• https://download.samba.org/pub/samba/old-versions/ (Download)

• (2022-07-29) Updated to version: samba-4.16.4
• (2022-07-19) Updated to version: samba-4.16.3
• (2022-07-16) Updated to version: samba-4.16.2
• (2022-07-01) Updated to version: samba-4.15.8
• (2022-05-19) Updated to version: samba-4.15.7
• (2022-03-24) Updated to version: samba-4.15.6
• (2022-02-02) Updated to version: samba-4.15.5
• (2021-12-13) Updated to version: samba-4.15.3
• (2021-11-20) Updated to version: samba-4.15.2
• (2021-10-18) Updated to version: samba-4.15.0

Log message:
SECURITY UPDATE to samba-4.15.2
Please see the release notes for the list of CVEs:
https://www.samba.org/samba/history/samba-4.15.2.html
Tests and ok bket@ Ian McWilliam (co-maintainer)

Log message:
SECURITY UPDATE to samba-4.14.10
Please see the release notes for the list of CVEs:
https://www.samba.org/samba/history/samba-4.14.10.html
Tested by Ian McWilliam (co-maintainer)

Log message:
bump REVISION for switch from Python 3.8 -> 3.9

Log message:
Update to samba-4.15.0
Release notes: https://www.samba.org/samba/history/samba-4.15.0.html
Tested by Ian McWilliam (co-maintainer) and bket@, input from bket@

Log message:
net/avahi -> net/avahi,-libs

Log message:
Update to samba-4.14.6
Positive test reports from Ian (co-maintainer).
Release notes:
https://www.samba.org/samba/history/samba-4.14.6.html

Log message:
Update to samba-4.14.5
Test report from Ian (co-maintainer)
Release notes:
https://www.samba.org/samba/history/samba-4.14.5.html

Log message:
remove ports libexecinfo, we now have a libunwind-based libexecinfo in base

Log message:
Rename the mdfind executable to avoid a collision with gworkspace
This SpotLight "feature" is starting to get in the way!
Reported by ajacoutot@

Log message:
Major update to samba-4.14.4
Latest release.  Many bugs have been fixed, including possibly security
relevant ones.  This long overdue update has been postponed because of
binutils-2.17 ld(1) bugs in version scripts handling.  The issue is not
fixed but at least worked around.
The SHARED_LIBS handling is a bit ugly because of the .cpython-XY tag added
to some libraries names.
Tests by Ian (co-maintainer)

Log message:
Add missing dep on py-tdb at build time
When missing, samba builds pytdb support using its bundled copy of tdb,
and installs it in WRKINST, as shown by update-plist.  samba runs fine
with the py-tdb package registered in its RUN_DEPENDS, but this is not
what was intended.  Consistently use libtdb and py-tdb from databases/tdb.

Log message:
Zap empty rc script

Log message:
Document lack of AD DC support

Log message:
Drop AD DC support
Broken since ~2018 on clang+ld.lld archs, no analysis and no diff to fix
it, so it's time to send it to the Attic.  Support for AD DC mode can't
be optimal anyway, with the deprecation of the ntvfs server code and our
lack of xattrs/ACLs.
"Fine by me" Ian

Log message:
bump REVISION for libtalloc split, add dep on py-libtalloc to samba
ok jca@

Log message:
Bump for sysutils/gamin,-main -> sysutils/gamin

Log message:
Reverse the polarity of MODPY_VERSION; default is now 3.x,
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.

Log message:
missed bump after databases/tdb commit, missed dep on databases/tdb,-python

Log message:
split the py2 version of py-dnspython off into net/py2-dnspython,
update the py3 version to 2.1.0, and adapt ports using it.

Log message:
Make use of "find -exec {} +" (which is POSIX) and "find -delete"
(which is not) throughout the ports Makefiles.
* Replace find|xargs with find -exec {} +
* Replace -exec {} \; with -exec {} + if applicable.
* Use the -delete operator to remove files and empty directories.
* Combine and tweak some find(1) invocations while here.
ok kn@ rsadowski@ espie@

Log message:
SECURITY update to samba-4.9.18
Fixes for:
o  CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o  CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o  CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.

Log message:
SECURITY update to samba-4.9.18
Fixes for:
o  CVE-2019-14902:
The implementation of ACL inheritance in the Samba AD DC was not complete,
and so absent a 'full-sync' replication, ACLs could get out of sync between
domain controllers.
o  CVE-2019-14907:
When processing untrusted string input Samba can read past the end of the
allocated buffer when printing a "Conversion error" message to the logs.
o  CVE-2019-19344:
During DNS zone scavenging (of expired dynamic entries) there is a read of
memory after it has been freed.

Log message:
Fix conflict introduced in previous
Reported by semarie@

Log message:
Downgrade to samba-4.9.17
samba-4.10.10 and later fail to link on ld.bfd archs.  Revert until
someone(tm) tracks down the problem.
Errors look like:
/usr/bin/ld: BFD 2.17 internal error, aborting at
/usr/src/gnu/usr.bin/binutils-2.17/bfd/elfcode.h line 190 in void
bfd_elf64_swap_symbol_in(bfd *, const void *, const void *,
Elf_Internal_Sym *)
/usr/bin/ld:
/pobj/samba-4.10.10/samba-4.10.10/bin/default/lib/param/libserver-role-samba4.so:
invalid string offset 3755991007 >= 625 for section `.dynstr'
3755991007 is 0xDFDFDFDF is likely already freed memory.
build failures:
http://build-failures.rhaalovely.net/sparc64/2019-12-11/net/samba,.log
http://build-failures.rhaalovely.net/mips64/2019-12-06/net/samba,,-ldb.log

Log message:
SECURITY update to samba-4.9.17
Fixes:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
transition on Samba AD DC.

Log message:
SECURITY update to samba-4.10.11
Fixes:
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
transition on Samba AD DC.

Log message:
Avoid some printf("%s", NULL) log spam
While here add the same comment to another affected file.
Reported by Ian McWilliam

Log message:
Update to samba-4.10.10
Tested by Ian McWilliam

Log message:
Switch back to kmos' mirror

Log message:
Switch back to kmos' mirror

Log message:
Mirror this samba update for now, oops

Log message:
Mirror this samba update for now, oops

Log message:
SECURITY update to samba-4.9.15
Fixes for:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes for 4.9.14 and 4.9.15:
https://www.samba.org/samba/history/samba-4.9.14.html
https://www.samba.org/samba/history/samba-4.9.15.html
-current diff tested by and ok gonzalo@

Log message:
SECURITY update to samba-4.9.15
Fixes for:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the
full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes for 4.9.14 and 4.9.15:
https://www.samba.org/samba/history/samba-4.9.14.html
https://www.samba.org/samba/history/samba-4.9.15.html
Tested by and ok gonzalo@

Log message:
Mirror a bunch of samba.org distfiles
download.samba.org now rejects the HTTP/1.0 requests sent by our ftp(1).
Changing ftp(1) now is asking for trouble so work around it.
distfiles hosting courtesy of kmos@, thanks!

Log message:
Update to samba-4.9.13
4.8.x is not supported upstream any more, so better update before 6.6 is
tagged if we want to benefit from upstream's security updates.
To stay on the safe side, this update doesn't enable the LMDB backend
which has become the default upstream.  samba requires a 64 bits system
to use LMDB (32 bits systems can keep on using tdb); and LMDB has always
been a problem child on OpenBSD anyway.
Lightly tested by me, bulk build test and ok ajacoutot@ (thanks!)

Log message:
Fix path in README, found by portcheck

Log message:
Move the ports I maintain to PERMIT_PACKAGE

Log message:
Update gettext to 0.20.1.
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext       -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new)                  devel/gettext,-textstyle

Log message:
SECURITY update to samba-4.8.12
Fixes:
o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
Release notes:
https://www.samba.org/samba/history/samba-4.8.12.html

Log message:
SECURITY update to samba-4.8.12
Fixes:
o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
Release notes:
https://www.samba.org/samba/history/samba-4.8.12.html

Log message:
SECURITY update to samba-4.8.12
Fixes:
o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
Release notes:
https://www.samba.org/samba/history/samba-4.8.12.html

Log message:
SECURITY update to samba-4.8.11
Fixes:
- CVE-2019-3880 (Save registry file outside share as unprivileged user)
Release notes:
https://www.samba.org/samba/history/samba-4.8.11.html
6.4 tests by Ian McWilliam

Log message:
Fix @conflict marker
ok naddy@

Log message:
SECURITY update to samba-4.8.11
Fixes:
- CVE-2019-3880 (Save registry file outside share as unprivileged user)
Release notes:
https://www.samba.org/samba/history/samba-4.8.11.html
Tests by Ian McWilliam and Kurt Mosiejczuk, ok sthen@

Log message:
Work around lld-7.0.1 strictness wrt version scripts
It's not clear to me whether lld rightfully complains here:
ld: error: duplicate symbol 'pdb_search_init' in version script
Work around the error for now (tm) to unlock samba and consumers in the
llvm-7.0.1 test bulk builds.

Log message:
Fix pexp
If you run samba_ad_dc you'll need to kill samba manually and remove
/var/run/rc.d/samba_ad_dc for the change to take effect.

Log message:
Respect LDFLAGS as well as CFLAGS

Log message:
The ldb tools link against libldb-cmdline-samba4.so.

Log message:
Adapt WANTLIB/LIB_DEPENDS to the recent changes in -main and -ldb

Log message:
SECURITY update to samba-4.7.12
Fixes for:
o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in
AD Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT
Kerberos configuration (unsupported))

Log message:
SECURITY update to samba-4.8.7
Fixes for:
o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in
AD Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT
Kerberos configuration (unsupported))

Log message:
SECURITY update to samba-4.8.7
Fixes for:
o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in
AD Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT
Kerberos configuration (unsupported))

Log message:
Move ldb-related files in the appropriate subpackages

Log message:
Move 6.3 to samba-4.7.11
Latest 4.7.x "bugfix-only" release, hopefully will help with possible
future security updates.  Discussed with Ian

Log message:
Update to samba-4.8.6
Track latest 4.8.x release on -stable.
ChangeLog:
https://www.samba.org/samba/history/samba-4.8.6.html
Tests by Ian McWilliam

Log message:
Update to samba-4.8.6
ChangeLog:
https://www.samba.org/samba/history/samba-4.8.6.html
Tests by Ian McWilliam

Log message:
Bad bump after READE PKGSTEM change.

Log message:
and of course some would conflict... finish PKGSTEM changes manually

Log message:
Update -stable to samba-4.7.10 (bugfix release)
https://www.samba.org/samba/history/samba-4.7.10.html
Tested by Ian McWilliam

Log message:
Avoid printing NULL values
There is still one known case in the quota code, but it needs more
analysis.
Reported and tested by Ian McWilliam.

Log message:
Update to samba-4.8.5
Tests by Ian McWilliam

Log message:
SECURITY update to samba-4.7.9
o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
See https://www.samba.org/samba/history/samba-4.7.9.html for more
information.

Log message:
SECURITY update to samba-4.8.4
Fixes:
o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
o  CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC
DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure
from the AD LDAP server.)
See https://www.samba.org/samba/history/samba-4.8.4.html for more
information.

Log message:
Update -stable to the latest release on the 4.7 branch.
Tested by Ian McWilliam.

Log message:
Update to samba-4.8.3
Tested by Ian McWilliam and Vijay Sankar.

Log message:
Update to samba-4.8.2
Release notes:
https://www.samba.org/samba/history/samba-4.8.0.html
https://www.samba.org/samba/history/samba-4.8.1.html
https://www.samba.org/samba/history/samba-4.8.2.html
Tested by Ian, who hit a crash and contributed a fix.  Looks like the
new virusfilter.so vfs module is broken.

Log message:
Not needed any more now that sys/socket.h is standalone.

Log message:
Update to samba-4.7.7
ChangeLog: https://www.samba.org/samba/history/samba-4.7.7.html
Tests + LGTM from Ian (co-maintainer)

Log message:
SECURITY update to samba-4.5.16
o  CVE-2018-1050 (Denial of Service Attack on external print server.)
o  CVE-2018-1057 (Authenticated users can change other users' password.)
If you have an AD setup, you are *strongly* advised to upgrade asap
and/or apply the documented workarounds.
More details at
https://www.samba.org/samba/history/samba-4.5.16.html

Log message:
SECURITY update to samba-4.7.6
o  CVE-2018-1050 (Denial of Service Attack on external print server.)
o  CVE-2018-1057 (Authenticated users can change other users' password.)
If you have an AD setup, you are *strongly* advised to upgrade asap
and/or apply the documented workarounds.
More details at
https://www.samba.org/samba/history/samba-4.7.6.html

Log message:
{
"port": "net/samba",
"new_dependency": {
"type": "LIB_DEPENDS",
"name": "devel/jansson",
"reason": "missing hidden dependency"
},
"ok": "jca@"
}

Log message:
Update to samba-4.7.5
Bulk build & ok ajacoutot@ (thanks!).  Let's put this in now so more
people can test, discussed with Ian.
Release notes:
https://www.samba.org/samba/history/samba-4.7.5.html
All release notes for the 4.7 series:
https://git.samba.org/?p=samba.git;a=blob;f=WHATSNEW.txt;h=2914f57c60273c797e756d66759ab81704516864;hb=refs/heads/v4-7-stable

Log message:
Update to samba-4.6.12

Log message:
Now that all ports rc.* scripts are using #!/bin/ksh
- change [] tests to [[]]
- change arithmetic [] tests to (())
- change = to == inside [[]]
- remove unecessary quoting inside [[]]
OK aja@

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
SECURITY fix for CVE-2017-11103
CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass
The fix affects the embedded Heimdal copy.
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
https://www.orpheus-lyre.info/
https://www.samba.org/samba/security/CVE-2017-11103.html

Log message:
SECURITY fix for CVE-2017-11103
CVE-2017-11103: Orpheus' Lyre mutual authentication validation bypass
The fix affects the embedded Heimdal copy.
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
https://www.orpheus-lyre.info/
https://www.samba.org/samba/security/CVE-2017-11103.html

Log message:
SECURITY fix for CVE-2017-7494
o CVE-2017-7494 rpc_server3: Refuse to open pipe names with /

Log message:
SECURITY fix for CVE-2017-7494
o CVE-2017-7494 rpc_server3: Refuse to open pipe names with /

Log message:
/usr/local/include/samba-4.0/ was not registered in any subpackage; make
-tevent own it since all include/samba-4.0 consumers depend on it.

Log message:
Fix a regression introduced by the fix for CVE-2017-2619
* BUG 12721: Fix regression with "follow symlinks = no"
Patch adapted from samba-4.4.13.  Tests & ok Ian

Log message:
Update to samba-4.5.8
Fix regression with "follow symlinks = no".  ok Ian sthen@

Log message:
SECURITY fixes for CVE-2017-2619
(Symlink race allows access outside share definition)

Log message:
SECURITY update to samba-4.5.7
o CVE-2017-2619 (Symlink race allows access outside share definition)

Log message:
Update to samba-4.5.6
Tests by Ian

Log message:
Regen PLIST to use MODPY_PYOEXTENSION

Log message:
Fix samba-tool domain --use-ntvfs
It is not clear whether s3fs is a valid alternative to ntvfs, so keep
providing ntvfs support for people who run an AD DC (AD support is
supposed to require s3fs).  The same fix was committed to -current some
time ago.  Prodded by Alex McWhirter and Ian McWilliam.

Log message:
zap zero-byte files, list from rsadowski

Log message:
SECURITY update for 4.4.8 CVEs
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995.
CVE-2016-2125: Don't send delegated credentials to all servers.
CVE-2016-2126: auth/kerberos: Only allow known checksum types in check_pac_checksum().
Test by Ian MacWilliam

Log message:
SECURITY update to samba-4.5.3
CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability).
CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
trusted realms).
CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
elevation).
ok Ian McWilliam

Log message:
Update to samba-4.5.2

Log message:
-util should own the /usr/local/lib/samba/ directory to prevent the following
warning when pkg_delete samba:
Error deleting directory /usr/local/lib/samba: Directory not empty
ok jca@ (maintainer)

Log message:
Update to samba-4.5.1
Changes:
https://www.samba.org/samba/history/samba-4.5.0.html
https://www.samba.org/samba/history/samba-4.5.1.html
powerpc build test kirby@, ok Ian McWilliam

Log message:
Repair samba-tool domain provision --use-ntvfs
The situation is a mess.  Upstream says that s3fs (the original smb code
from samba3) requires filesystem ACLs, which we don't have.  The ntvfs
code (new in samba4, but now deprecated) fit the job, but
adding --with-ntvfs-fileserver doesn't actually provide a working 'smb'
service (see "server services" in smb.conf(5)).
So right now it seems that the workaround is to provision
using --use-ntvfs, but then to strip 'smb' from the 'server services'
line.
Reports welcome...

Log message:
SECURITY update to samba-4.3.11
* CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
ok sthen@ danj@, thanks danj@ for spotting a few missing PLIST entries.

Log message:
SECURITY update to samba-4.4.5
* CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
ok ajacoutot@, Ian McWilliam, sthen@ on a previous version.  ok danj@
who noted missing entries in PLIST.

Log message:
Update to samba-4.4.4
Diff from Ian, tests & ok sthen@

Log message:
Bugfix update to samba-4.3.10
While this is not a security update, it reduces the gap for the upcoming
security releases.  This helps tracking down potential regressions.
While here, backport a patch from -current to avoid spam related to
(too?) strict permissions checks in quotactl(2).
Diff and tests from Ian (co-maintainer), update discussed with jasper@

Log message:
Fix quota handling that resulted in spam in logs.
Prodded by jung@, ok jung@ Ian

Log message:
Update to samba-4.4.3, bringing fixes for the regression introduced by 4.4.2.
Tested by Vijay Sankar and I.

Log message:
Update to samba-4.3.9, with fixes for the regressions brought by 4.3.8.
ok jung@ Ian

Log message:
Better comment.
mips64 has atomic support now, don't mention atomic_add_32

Log message:
Committed upstream.

Log message:
Better workaround for clearenv

Log message:
Drop gettext module

Log message:
Update to samba-4.4.2
Tests by Vijay Sankar and Ian, ok Ian
This release contains the security fixes introduced by 4.4.2, plus the
new features and improvements from 4.4.0:
https://www.samba.org/samba/history/samba-4.4.0.html

Log message:
Missed in previous.

Log message:
Backport SECURITY update to samba-4.3.8
ok sthen@
Fixes for:
CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
CVE-2016-0771 (Out-of-bounds read in internal DNS server)
CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
CVE-2016-2118 is http://badlock.org/

Log message:
SECURITY update to samba-4.3.8
ok sthen@ Ian McWilliam
CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
See https://www.samba.org/samba/history/samba-4.3.8.html for more
information.

Log message:
Update to samba-4.3.6
i386 build by danj@, ok sthen@
The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories.  samba-4.3.8 will follow.

Log message:
Stop fetching and packaging outdated pdf docs; ok Ian

Log message:
remove SHARED_ONLY

Log message:
SECURITY update to samba-4.1.23; ok Ian McWilliam
Fixes for CVE-2015-7560 and CVE-2016-0771.

Log message:
bump tevent

Log message:
sync WANTLIB

Log message:
SECURITY update to samba-4.1.22; ok Ian McWilliam
ChangeLog and descriptions of the relevant CVE's:
https://www.samba.org/samba/history/samba-4.1.22.html
This update changed the signature of a few functions in libsamba-util,
so bump the shlib major.  Also update Ian's email adress while here.

Log message:
daemon_timeout is not passed to the child scripts either.

Log message:
Bugfix update to samba-4.1.21
"diff looks fine" Ian McWilliam

Log message:
Backport usage warning for smbstatus(1), picked from upstream.
Problem noticed and different patch proposed by giovanni@.
ok giovanni@ Ian McWilliam

Log message:
Use -Wl,--no-undefined just like other platforms, -Wl,--as-needed works fine now.
Tested earlier on powerpc (sthen@), and on i386/amd64.  ok Ian McWilliam.

Log message:
Back in May, miod gave nm(1) a -D flag.

Log message:
gc leftover from samba3

Log message:
Fix two tests to allow building on hppa/mips64.
Those tests (for __sync_fetch_and_add and atomic_add_32) were broken,
yet waf thinks they succeed.
...

Log message:
Update to samba-4.1.20; ok sthen@

Log message:
Do not mention SWAT, it has been removed.

Log message:
Stray @sample /var/run/samba, noticed earlier by ajacoutot@
/var/run gets cleaned at boot time.  The samba daemons create this
directory at startup.

Log message:
No need to explicitely list textproc/libxslt; the dependency on
docbook-xsl is enough.
ok jca@ (maintainer)

Log message:
Add a note about nmbd being broken in AD DC setups, and bump.
Requested by giovanni@, putting it here instead of current.html so that
new users will be aware too.

Log message:
Add an rc script for samba in AD DC mode.

Log message:
Ian McWilliam and I will co-maintain this.

Log message:
Tweak rc scripts and README.  Tests, input from and ok sthen@

Log message:
Move samba4 to samba, and tweak the ports tree to use it.
ok ajacoutot@
Upcoming commits will add additional tweaks.
Many thanks to Vadim Zhukov (who did most of the work), Ian McWilliam
(co-maintainer), Stuart Henderson who provided lots of support and
feedback, Antoine Jacoutot who patiently dealt with my broken diffs,
and more generally all the people involved.  Most of the recent work was
done during p2k15 and c2k15.

Log message:
Move some obvious sudo -> '#' (root) in READMEs.

Log message:
MFC SECURITY update for CVE-2015-0240
Requested by and ok jasper@.  Original log message:
talloc free on uninitialized stack pointer in netlogon server could lead
to remote-code execution.
https://www.samba.org/samba/security/CVE-2015-0240
https://bugzilla.samba.org/show_bug.cgi?id=11077

Log message:
SECURITY update for CVE-2015-0240
talloc free on uninitialized stack pointer in netlogon server could lead
to remote-code execution.
https://www.samba.org/samba/security/CVE-2015-0240
https://bugzilla.samba.org/show_bug.cgi?id=11077
ok sthen@ naddy@ Ian McWilliam (MAINTAINER)

Log message:
Adjust the "meta" rc-scripts (these are used in ports with multiple daemons
which should all be started/stopped together), previously "restart" would
restart each sub-daemon in turn, but actually it should stop all daemons
and only then start them again. Additionally, as suggested by ajacoutot,
stop the procedure and return an error if stopping one of the rc scripts
failed.  ok ajacoutot@ rpe@

Log message:
Repair conflict between -main and -docs, introduced in previous.
The intended diff had this conflict resolved, but I ended up committing
the previous diff...  Problem spotted by Markus Lude.

Log message:
Move the ldap files from the -docs to the -main samba package.
Requested by Marcus Merighi, patch by Ian McWilliam (MAINTAINER),
input from sthen@ and tweaks by me.
ok sthen@

Log message:
Make all meta rc.d scripts consistent.
While here, unbreak when options are passed (e.g. /etc/rc.d/foobar -df start)
ok sthen@

Log message:
Update to 3.5.10
Fixes:
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
From maintainer Ian McWilliam

Log message:
Add missing directory in PLIST-main (share/doc/samba/), pointed out by fgsch@

Log message:
rc_scripts -> pkg_scripts

Log message:
update to samba 3.5.9, from maintainer Ian McWilliam

Log message:
Change the sample cap_mkdb command so it only runs if login.conf.db is present.
ok Ian McWilliam, aja@, landry@

Log message:
Add a consistent header that substitutes FULLPKGNAME for the READMEs.
ok jasper@ sthen@

Log message:
- use TRUEPREFIX instead of hardcoding it; ok aja@ sthen@

Log message:
- remove libutf8 build dependency for the ldap flavours, locale support
in base is good enough.
- remove NULL casts which are no longer needed.
ok Ian McWilliam

Log message:
SECURITY UPDATE to samba-3.5.8
Resolves CVE-2011-0719 FD_SET overflow and has bugfixes
ok ajacoutot jasper

Log message:
Rewrite samba.rc and make it a wrapper script that calls the provided
rc.d(8) script. This is much more simple, makes much more sense and
allow for proper debugging.
discussed with robert@

Log message:
bsd.port.mk now specifies groff 1.21, no need to force the version in
BUILD_DEPENDS here. bump not needed.

Log message:
- remove workaround for old groff
- remove MESSAGE-main referring to a config change, people upgrading
have had plenty of time to adapt
ok Ian McWilliam (maintainer)

Log message:
Remove all redirections -- rc.subr(8) now takes care of it.

Log message:
update to 3.5.8, ok aja@ giovanni@ Ian McWilliam (maintainer)

Log message:
These aren't needed either.

Log message:
SECURITY update to 3.5.7; fixes CVE-2011-0719 FD_SET overflow
Same diff from maintainer Ian McWilliam

Log message:
Add rc scripts.
While here, fix the LOCALBASE vs PREFIX and SYSCONFDIR vs /etc mess.
ok robert@

Log message:
Remove a left-over powerpc optimization workaround.
from Brad.

Log message:
new depends

Log message:
finish net WANTLIB

Log message:
Cosmetic, be consistent with how we set the rcs id in other files.

Log message:
Add RCS IDs and remove useless MESSAGEs.

Log message:
convert to new pkg-readmes. This one keeps a MESSAGE because it says
something.
(wanted to check multi-packages...)

Log message:
update Samba to 3.5.6; various bugfixes. From maintainer Ian McWilliam.

Log message:
USE_GROFF=Yes

Log message:
new-style WANTLIB/LIB_DEPENDS

Log message:
SECURITY update to samba 3.5.5; fixes CVE-2010-3069, CVE-2010-3069.
From maintainer Ian McWilliam.

Log message:
Run README.OpenBSD through SUBST_CMD, bump REVISION-main.

Log message:
Remove obsolete powerpc workaround, from Brad.

Log message:
Use "WORKGROUP" as a default workgroup name. It is the default in Mac OS
as well as previous Windows versions. At least it gives you a chance to
browse and mount smb shares with gvfs (or any other application using
smb.conf to get the workgroup name) without the need to configure
anything.
input and ok sthen@ on a previous version of this diff

Log message:
Rather than use Makefile workarounds for the broken shared lib handling,
fix it in configure.in so it can be sent upstream. From Brad, looks ok to
Ian McWilliam (maintainer).

Log message:
use REVISION, checked with before/after make show=PKGNAMES (plus some
extra-careful checking where there are complicated PSEUDO_FLAVORS).

Log message:
Tell the user how to correctly enable samba as a Pdc
ok Ian McWilliam (Maintainer)

Log message:
update to 3.5.4, from new maintainer, Ian McWilliam.

Log message:
SECURITY FIX
Resolves CVE-2010-2063
patch from upstream
Note: -current's samba is not affected by this bug

Log message:
On powerpc, compile smbd/smb2_create.c with -O0 to avoid an ICE with gcc3.
ok, and some simplification, sthen@

Log message:
Update to 3.5.3, from Ian McWilliam

Log message:
Samba uses modules; mark it SHARED_ONLY and collapse PFRAG.shared-main
into PLIST-main. From Brad.

Log message:
update Samba to 3.5.2, most of the work done by Ian McWilliam
Note that the default passdb backend has been changed to 'tdbsam'.
See /usr/local/share/doc/samba/README.OpenBSD (or files/README.OpenBSD)
for more information and instructions for people who wish to convert an
existing smbpasswd-based installation.

Log message:
Fix man pages (spotted by Charles Smith)
Remove unused configure args
Regen plist
ok jasper@

Log message:
fix FULLPKGPATH (ports is locked)

Log message:
MFC:
SECURITY UPDATE
samba-3.0.37
Resolves:
CVE-2009-2813, CVE-2009-2948, and CVE-2009-2906
ok jasper@

Log message:
Regen WANTLIB after CUPS gnutls -> openssl move.

Log message:
SECURITY update to Samba 3.0.37. From Brad.
This is a security release to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.

Log message:
remove marc balmer as maintainer of all of his ports, to take away the
illusion marc still maintains them. as requested by himself.

Log message:
SECURITY FIX
Resolve CVE-2009-1888, from upstream
ok robert@

Log message:
security fix for CVE-2009-1888; from william@

Log message:
- regen WANTLIB (from cups kerberos support)
- bump

Log message:
Fix pkgname-main
spotted by Mikolaj Kucharski

Log message:
Update to 3.0.34
"fine with me to commit it" jasper@

Log message:
- fix WANTLIB after cups update

Log message:
Update to Samba 3.0.33. A security release to address CVE-2008-4314.
ok mbalmer@

Log message:
- SYSCONFDIR and LOCALBASE are already part of the generic SUBST_VARS
looks good to landry@

Log message:
- Disable FAM so autoconf will not pull it in if it is installed
- Tweak how CONFIGURE_ARGS are passed along so as to remove
cases where the Makefile will pass along --without-foo
--with-foo
- Add missing crypto lib for WANTLIB with the ads FLAVOR
Part of the CONFIGURE_ARGS tweaking from form@
Missing lib from WANTLIB pointed out by sthen@
ok sthen@ ajacoutot@

Log message:
Update to Samba 3.0.32.
ok sthen@

Log message:
- don't use $SYSCONFDIR for base system files (which are always
installed under /etc, whatever $SYSCONFDIR value is)
- s/PREFIX/LOCALBASE and the opposite where it makes sense
- README.OpenBSD is part of samba-docs, so no need to tell the user to
install samba-docs
ok mbalmer@ who gave me ten bonus points for solving the samba puzzle!

Log message:
s/SYSCONDIR/SYSCONFDIR/

Log message:
Update to Samba 3.0.31; A bug fix release.
ok mbalmer@

Log message:
Correct the permissions of the examples files.
Issue and an initial patch provided by RD Thrush <rd at thrush dot com>
ok mbalmer@

Log message:
Update to Samba 3.0.30; bug fixes and a security issue fixed,
CVE-2008-1105.
Specifically crafted SMB responses can result in a heap overflow
in the Samba client code. Because the server process, smbd, can
itself act as a client during operations such as printer
notification and domain authentication, this issue affects both
Samba client and server installations.
Feedback from sthen@
ok mbalmer@ sthen@

Log message:
disable a workaround for the MIT kerberos implementation that we
dont need because we use heimdal instead. this lets the ads flavor
of samba manage the kerberos keytab on openbsd.
no objections from mbalmer@

Log message:
add support for talking to active directory with an ads flavor.
ok mbalmer@ jasper@

Log message:
tweak FAKE_FLAGS semantics to saner defaults.

Log message:
Update Samba to version 3.0.28 and add two patches from FreeBSD to allow
for non FFS filesystems (e.g. CD-ROMs) to be shared with Samba again.
This fixes CVE-2007-6015 and several other security problems.
ok winiger

Log message:
fix plist, ok mbalmer@

Log message:
Remove surrounding quotes in COMMENT*/PERMIT_*/BROKEN/ERRORS
Add $OpenBSD$ to p5-SNMP-Info/Makefile (ok kili@, simon@)

Log message:
reorder the include file paths so samba always uses it's own include files
first and not the ones in /usr/local/include.
this allows for the cups flavors to build again when databases/tdb is
installed.
problem found by naddy, fix by me, ok naddy

Log message:
Update to Samba 3.0.25b
See http://www.samba.org/samba/history/samba-3.0.25b.html for the full
list of changes.

Log message:
add 'echo -n ...' to the rc.local example in pkg/MESSAGE; ok mbalmer

Log message:
fix config file location in man page.
ok mbalmer@

Log message:
Update to Samba 3.0.25a.
See http://www.samba.org/samba/history/samba-3.0.25a.html for full details.
SECURITY:
This update fixes the following vulnerabilites:
CVE-2007-2444, CVE-2007-2446, CVE-2007-2447.

Log message:
- don't use hardcoded paths in swat man page
- regen patches while here
"if it works for you" mbalmer@

Log message:
base64 checksums.

Log message:
Adjust cups flavor WANTLIB since it's moved from gnutls to openssl.
ok mbalmer, pvalchev

Log message:
This security update fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)

Log message:
This security update fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)

Log message:
Security update to Samba 3.0.24.
This fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)

Log message:
Security update to Samba 3.0.24.
This fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)

Log message:
Correct path to swat in swat(8), remove instructions on how to install swat
from source.
Found by Bachman Kharazmi <bahkha@gmail.com>

Log message:
use BASE_PKGPATH instead of homegrown variable, no bumps needed

Log message:
new MULTI_PACKAGES

Log message:
Fix {BUILD,RUN}_DEPENDS.

Log message:
misc/libutf8 is a build dependency for the ldap flavor.

Log message:
Update to Samba 3.0.23d.

Log message:
Fix some WANTLIB entries.

Log message:
Enable logging to syslog.  Requested by Jeff Ross <jross@openvistas.net> a
while ago.  Why not.

Log message:
use in ${SYSCONFDIR} in post-install, not /etc
no need to bump

Log message:
Update to Samba-3.0.23c.  Tested on various platforms and also with local
KDE clients (Konqueror).
ok brad

Log message:
MFC:
Add security fix for CVE-2006-3403. http://secunia.com/advisories/20980/

Log message:
MFC:
Add security fix for CVE-2006-3403. http://secunia.com/advisories/20980/

Log message:
Add security fix for CVE-2006-3403. http://secunia.com/advisories/20980/
Change LD_CONFIGURE_FLAGS to make VFS modules work. (from mbalmer@)
ok espie@, mbalmer@

Log message:
correctly build with systrace

Log message:
Bump the package name after changing the pkg/MESSAGE.

Log message:
Typo found by Mark Peoples <Mark.Peoples@asu.edu>, the config file is
${SYSCONFDIR}/smb.conf, not ${SYSCONFDIR}/smbd.conf.

Log message:
fix WANTLIB for cups flavor.
ok bernd@

Log message:
Fix left over example dir. Bump PKGNAME.

Log message:
Update to Samba 3.0.21b.
requested by and ok brad@

Log message:
List share/examples/samba/ in PLIST and PLIST-docs.  Bump package name.
found and reported by espie

Log message:
SHARED_LIBS

Log message:
Add a message to give directions for a simple Samba setup.
requested by espie@

Log message:
Add a DESCR that makes more sense.

Log message:
Correct filename extensions for shared libraries.
requested by espie@

Log message:
Update to Samba 3.0.20b.
Note for LDAP users:  The 'ldap filter' statement in smb.conf is no
longer available.

Log message:
Activate mickeys utmp support.

Log message:
Add utmp patch from mickey.  Bump package name.
ok mickey@

Log message:
mark that this used to be called net/samba/stable.

Log message:
missing bump, okay pval

Log message:
conflicts from the past: history since 3.7.
As noted on ports@ recently, pkg_add -r relies on conflicts, and the
sheer existence of updates means we MUST take the past into account in
conflicts now.
Note the renaming of hugs98 to valid package names where versions are
concerned.
This commit shows clearly the renaming of the xfce4 plugin packages, the
ditching of eclipse flavors, the splitting of nessus into subpackages,
the splitting of various other software documentations, some packaging bugs
in kdeedu, and a lot of files moving around...
okay pvalchev@

Log message:
fix some NULL pointer sentinels
fix pathes in the port's Makefile
add a missing directory to PLIST
ok mbalmer@

Log message:
find old versions on MASTER_SITES
ok mbalmer@

Log message:
- Fix -docs dependencies
- Bump PKGNAME
ok mbalmer@

Log message:
Update to Samba 3.0.13.
ok alek@, espie@, pval@, xsa@