Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 224201 - net-fs/samba 3.0.30 missing in portage
Summary: net-fs/samba 3.0.30 missing in portage
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo's SAMBA Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-30 07:51 UTC by Huemi
Modified: 2008-09-17 09:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Huemi 2008-05-30 07:51:24 UTC 
Samba 3.0.28 and 3.0.28a (and probably 3.0.28a-r1) have problems regarding interdomain trusts, which should be fixed in 3.0.29 (see changelog), as 3.0.29 is not secure, 3.0.30 should have been released (although I can't access the Samba website at the moment to verify that). See Bug 212955

So it would be nice, if Samba 3.0.30 were in portage to be able to fix the problem using emerge and upgrading to the new version.

3.0.29 compiled well with the samba-3.0.28a-ebuild on x86-arch (at least for me in the testing environment)

Reproducible: Always

Steps to Reproduce:
emerge --sync --quiet
eix samba

Actual Results:  
--> see that there is no Samba 3.0.30 in portage


Expected Results:  
want to see Samba 3.0.30 in portage
Comment 1 vorfeed.canal 2008-05-30 15:12:51 UTC 
Actually the most important reason to use samba 3.0.30 is fix for CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched: http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch

This bug was originally introduced in Samba 2.2.4 so ALL versions in portage are affected.
Comment 2 rlmattson 2008-05-31 04:48:15 UTC 
(In reply to comment #1)
> Actually the most important reason to use samba 3.0.30 is fix for
> CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched:
> http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch
> 
> This bug was originally introduced in Samba 2.2.4 so ALL versions in portage
> are affected.
> 

I believe that CVE-2008-1105.patch is applied in samba-3.0.28a-r1.ebuild

However, I desperately NEED 3.0.30 in portage.
I fear others may feel the squeeze.
http://forums.gentoo.org/viewtopic-t-694503-highlight-samba.html
Comment 3 rlmattson 2008-05-31 05:58:25 UTC 
For anyone else, I have made a modified ebuid, similar to what is described at http://bugs.gentoo.org/show_bug.cgi?id=212955#c7
as a stop-gap. Incase portage is not updated.
Comment 4 Tiziano Müller (RETIRED) gentoo-dev 2008-05-31 08:31:05 UTC 
Yes, the security issue is handled with 3.0.28a-r1.
Bumped. Please wait a couple of hours & resync.
Will take the usual 30 days until it shows up in stable.
Comment 5 Johan Ymerson 2008-09-17 08:11:15 UTC 
(In reply to comment #4)
> Yes, the security issue is handled with 3.0.28a-r1.
> Bumped. Please wait a couple of hours & resync.
> Will take the usual 30 days until it shows up in stable.
> 

Haven't these 30 days passed yet? There is still no newer stable version in portage than 3.0.28a-r1. Event 3.0.31 has been in portage longer than 30 days, and I can't find any bug reports on it, so shouldn't that one be marked stable too?
Comment 6 Tiziano Müller (RETIRED) gentoo-dev 2008-09-17 09:36:55 UTC 
Well, we do not have automatic stabilization but it must be requested.
I opened bug #237913 for that. Thanks for letting me know.