Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Samba 3.6.25 status?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
MageSlayer
Apprentice
Apprentice


Joined: 26 Jul 2007
Posts: 250
Location: Ukraine

PostPosted: Thu Oct 06, 2016 2:05 pm    Post subject: Samba 3.6.25 status? Reply with quote

Hi all

According to https://packages.gentoo.org/packages/net-fs/samba , v3.6.25 is still supported in portage.
However, what worries me is lack of any security patches released after official v3.6.25 release.

I mean those which can be found here - https://www.samba.org/samba/history/security.html
Specifically https://www.samba.org/samba/ftp/patches/security/samba-3.6.25-security-2015-12-16.patch and
https://www.samba.org/samba/ftp/patches/security/samba-v3-6-security-2016-04-12.tar.xz

Are those applied aside of common practice (patches in ebuild) or v3.6.25 is really out-of-date and no longer supported?
/I mean I am quite happy with old and working 3.x Samba and as long it does not pose any security thread, I am fine with it.

Can anybody give some status?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Thu Oct 06, 2016 4:38 pm    Post subject: Reply with quote

You'll probably need to contact the Gentoo samba maintainer: File a security bug on bugs.gentoo.org against 3.6.25 with the links you found... Hopefully they have the time to add a -r1 or other patch, otherwise they may need to deprecate 3.6.x...

I don't know what the outcome will be, but seems like there is an upstream solution to this, just takes some effort to make an ebuild. As I don't have a working/needed samba system, I just upgraded to 4.x and left the config as it is. I don't know if it even works or introduces security holes...

/slaps self on wrist
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Princess Nell
l33t
l33t


Joined: 15 Apr 2005
Posts: 738

PostPosted: Thu Oct 06, 2016 9:52 pm    Post subject: Reply with quote

I'd move on to 4.x. Made the jump at work and no problems. Just make sure to check whether default options have changed and update config accordingly. testparm is your friend.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Thu Oct 06, 2016 10:33 pm    Post subject: Reply with quote

I did have to hack my smb.conf a bit to swap to 4.x before it would start up cleanly again --- so it wasn't completely painless. For the record, the Apache 2.2 to 2.4 was more painful, and the Apache 1.2.13 to 2.0 was absolutely mega-downtime.

I can see the reason why one would not want to version bump, but it all depends on the dev if you don't want to get down and dirty with ebuilds.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
MageSlayer
Apprentice
Apprentice


Joined: 26 Jul 2007
Posts: 250
Location: Ukraine

PostPosted: Fri Oct 07, 2016 8:09 am    Post subject: Reply with quote

Ok.

I filed https://bugs.gentoo.org/show_bug.cgi?id=596418
Let's see maintainer's view on that.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Fri Oct 07, 2016 2:15 pm    Post subject: Reply with quote

Interesting, there had been some discussion about stabilization of even newer sambas. I guess they had been planning deprecating 3.6.* for a while except the newer sambas were not fully stable yet (due to a dependency!)

Doesn't look good, might have to go make your own ebuild or do the dirty and upgrade...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Princess Nell
l33t
l33t


Joined: 15 Apr 2005
Posts: 738

PostPosted: Fri Oct 07, 2016 8:26 pm    Post subject: Reply with quote

For newer 4.x releases, there's also the annoying https://bugzilla.samba.org/show_bug.cgi?id=10604. Still marked new.
Back to top
View user's profile Send private message
MageSlayer
Apprentice
Apprentice


Joined: 26 Jul 2007
Posts: 250
Location: Ukraine

PostPosted: Mon Oct 10, 2016 9:28 am    Post subject: Reply with quote

Call somebody ask Alex Legler or any other Samba maintainer if it's possible to include those patches in -r1 in case I provide new ebuild for 3.6.25 with patches?

He does not respond in https://bugs.gentoo.org/show_bug.cgi?id=596418
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Mon Oct 10, 2016 4:21 pm    Post subject: Reply with quote

Since he marked it as a "duplicate" of bugid 539486 I think you may be on your own for now as this implies the devs want to stabilize a new version instead of keeping the old one around. :(
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Princess Nell
l33t
l33t


Joined: 15 Apr 2005
Posts: 738

PostPosted: Mon Oct 10, 2016 9:04 pm    Post subject: Reply with quote

This can be a workaround: https://wiki.gentoo.org/wiki//etc/portage/patches.
Back to top
View user's profile Send private message
MageSlayer
Apprentice
Apprentice


Joined: 26 Jul 2007
Posts: 250
Location: Ukraine

PostPosted: Tue Oct 11, 2016 8:11 am    Post subject: Reply with quote

Princess Nell wrote:
This can be a workaround: https://wiki.gentoo.org/wiki//etc/portage/patches.


Thanks. But I think I'll just create a new ebuild in overlay repo and be done with it.
That said, it's kind of strange situation.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum