Samba 3.0.28 and 3.0.28a (and probably 3.0.28a-r1) have problems regarding interdomain trusts, which should be fixed in 3.0.29 (see changelog), as 3.0.29 is not secure, 3.0.30 should have been released (although I can't access the Samba website at the moment to verify that). See Bug 212955 So it would be nice, if Samba 3.0.30 were in portage to be able to fix the problem using emerge and upgrading to the new version. 3.0.29 compiled well with the samba-3.0.28a-ebuild on x86-arch (at least for me in the testing environment) Reproducible: Always Steps to Reproduce: emerge --sync --quiet eix samba Actual Results: --> see that there is no Samba 3.0.30 in portage Expected Results: want to see Samba 3.0.30 in portage
Actually the most important reason to use samba 3.0.30 is fix for CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched: http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch This bug was originally introduced in Samba 2.2.4 so ALL versions in portage are affected.
(In reply to comment #1) > Actually the most important reason to use samba 3.0.30 is fix for > CVE-2008-1105. Samba 3.0.29 should be skipped and old versions must be patched: > http://us3.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch > > This bug was originally introduced in Samba 2.2.4 so ALL versions in portage > are affected. > I believe that CVE-2008-1105.patch is applied in samba-3.0.28a-r1.ebuild However, I desperately NEED 3.0.30 in portage. I fear others may feel the squeeze. http://forums.gentoo.org/viewtopic-t-694503-highlight-samba.html
For anyone else, I have made a modified ebuid, similar to what is described at http://bugs.gentoo.org/show_bug.cgi?id=212955#c7 as a stop-gap. Incase portage is not updated.
Yes, the security issue is handled with 3.0.28a-r1. Bumped. Please wait a couple of hours & resync. Will take the usual 30 days until it shows up in stable.
(In reply to comment #4) > Yes, the security issue is handled with 3.0.28a-r1. > Bumped. Please wait a couple of hours & resync. > Will take the usual 30 days until it shows up in stable. > Haven't these 30 days passed yet? There is still no newer stable version in portage than 3.0.28a-r1. Event 3.0.31 has been in portage longer than 30 days, and I can't find any bug reports on it, so shouldn't that one be marked stable too?
Well, we do not have automatic stabilization but it must be requested. I opened bug #237913 for that. Thanks for letting me know.