Created attachment 351746 [details, diff]
After a recent --depclean, I noticed this:
!!! existing preserved libs:
>>> package: sys-apps/dmapi-2.2.12
* - /lib64/libdm.so.0
* - /lib64/libdm.so.0.0.4
* used by /usr/lib64/samba/libsmbd_base.so (net-fs/samba-4.0.6)
So samba-4.0.6 silently uses dmapi if available - that should be controlled by a USE flag just as it was in <samba-4.
My attempt to solve this was not successful however. configure is well aware of --without-dmapi but still checks for and builds with it.
Comment on attachment 351746 [details, diff]
If this dependency is really automagic, your patch unfortunately is not enough to solve the problem.
The following bug contains the commit that seems to have introduced the automagic: https://bugzilla.samba.org/show_bug.cgi?id=9803
As fam seems to be configured likewise, I'm not sure how that USE flag is supposed to work when dmapi doesn't. Not sure if simply reverting that commit would help?
Created attachment 362404 [details, diff]
Had another go at it and changed the relevant wscript. I made a few configure runs, with and without dmapi enabled and/or installed, and it seemed to work for me. I don't really understand why the checks were done that way before though.
Created attachment 362406 [details, diff]
Created attachment 362408 [details, diff]
actually, make that compile, not only configure (small fix)
Build with USE="-dmapi" but dmapi package present was successful, without preserved libs after removing dmapi package.
Great work Andreas. This is really appreciated!
Any chance you can present that patch to upstream and convince them to integrate it into their source repos?
+*samba-4.1.1 (12 Nov 2013)
+*samba-4.0.11 (12 Nov 2013)
+*samba-3.6.20 (12 Nov 2013)
+ 12 Nov 2013; Lars Wendler <email@example.com> -samba-3.6.16.ebuild,
+ +samba-3.6.20.ebuild, +samba-4.0.11.ebuild, +samba-4.1.1.ebuild,
+ Security bumps for CVE-2013-4475 and CVE-2013-4476. Removed automagic
+ dependency on dmapi. Thanks to Andreas Sturmlechner for providing a patch in
+ bug #474492. Removed old.
I keep this patch open as a reminder to push your patch upstream.
> I keep this patch open as a reminder to push your patch upstream.
I mean I keep this bug open... m(
As upstream seems to not care about such kind of problems I gonna mark this bug as fixed. Let's hope we don't have to carry this patch around forever :-(
Files bugs on upstream with patch.
Hope this time it really got fix.
Bugs is fixed on upstream :)
Good for us ;)