[Buildroot] samba: bump to version 3.5.10

[Buildroot] samba: bump to version 3.5.10

[Sven Neumann]

Hi,

here's a series of patches that brings samba to the state
that we are using in our branch. This includes the update
to version 3.5.10 and the removal of many patches that don't
seem to be needed any longer.


Regards,
Sven

[Buildroot] [PATCH 1/3] samba: bump to version 3.5.10

[Sven Neumann]

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-CVE-2011-0719.patch            |  613 --------------------
 package/samba/samba-add-check-for-__use_bsd.patch  |   18 -
 .../samba/samba-do-not-check-glibc-version.patch   |  104 ----
 package/samba/samba-fix-client-mtab.patch          |   11 -
 package/samba/samba-fix-mount.cifs.patch           |   18 -
 package/samba/samba-getgrouplist.patch             |   41 --
 package/samba/samba-remove-legacy-index.patch      |    4 +-
 package/samba/samba.mk                             |    4 +-
 8 files changed, 4 insertions(+), 809 deletions(-)
 delete mode 100644 package/samba/samba-CVE-2011-0719.patch
 delete mode 100644 package/samba/samba-add-check-for-__use_bsd.patch
 delete mode 100644 package/samba/samba-do-not-check-glibc-version.patch
 delete mode 100644 package/samba/samba-fix-client-mtab.patch
 delete mode 100644 package/samba/samba-fix-mount.cifs.patch
 delete mode 100644 package/samba/samba-getgrouplist.patch

diff --git a/package/samba/samba-CVE-2011-0719.patch b/package/samba/samba-CVE-2011-0719.patch
deleted file mode 100644
index 1cb8580..0000000
--- a/package/samba/samba-CVE-2011-0719.patch
+++ /dev/null
@@ -1,613 +0,0 @@
-From 724e44eed299c618066dec411530aa9f156119ec Mon Sep 17 00:00:00 2001
-From: Karolin Seeger <kseeger@samba.org>
-Date: Sun, 27 Feb 2011 18:28:29 +0100
-Subject: [PATCH] Fix denial of service - memory corruption.
-
-CVE-2011-0719
-
-Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
-
-All current released versions of Samba are vulnerable to
-a denial of service caused by memory corruption. Range
-checks on file descriptors being used in the FD_SET macro
-were not present allowing stack corruption. This can cause
-the Samba code to crash or to loop attempting to select
-on a bad file descriptor set.
-
-A connection to a file share, or a local account is needed
-to exploit this problem, either authenticated or unauthenticated
-(guest connection).
-
-Currently we do not believe this flaw is exploitable
-beyond a crash or causing the code to loop, but on the
-advice of our security reviewers we are releasing fixes
-in case an exploit is discovered at a later date.
----
- source/client/client.c          |    4 +++-
- source/client/dnsbrowse.c       |   12 ++++++++++++
- source/lib/events.c             |   13 +++++++++++++
- source/lib/packet.c             |    5 +++++
- source/lib/readline.c           |    5 +++++
- source/lib/select.c             |    6 ++++++
- source/lib/util_sock.c          |   11 +++++++++--
- source/libaddns/dnssock.c       |    6 +++++-
- source/libsmb/nmblib.c          |    5 +++++
- source/nmbd/nmbd_packets.c      |   24 ++++++++++++++++++++++--
- source/nsswitch/wb_common.c     |   22 ++++++++++++++++++++--
- source/printing/printing.c      |    5 +++++
- source/smbd/dnsregister.c       |    6 ++++++
- source/smbd/oplock.c            |    5 ++++-
- source/smbd/oplock_irix.c       |    5 +++++
- source/smbd/process.c           |    2 +-
- source/smbd/server.c            |   29 +++++++++++++++++++++--------
- source/utils/smbfilter.c        |    8 ++++++--
- source/winbindd/winbindd.c      |   12 +++++++++++-
- source/winbindd/winbindd_dual.c |    7 +++++++
- 20 files changed, 171 insertions(+), 21 deletions(-)
-
-diff --git a/source/client/client.c b/source/client/client.c
-index 53bd9e6..a989441 100644
---- a/source/client/client.c
-+++ b/source/client/client.c
-@@ -4379,8 +4379,10 @@ static void readline_callback(void)
- 
-  again:
- 
--	if (cli->fd == -1)
-+	if (cli->fd < 0 || cli->fd >= FD_SETSIZE) {
-+		errno = EBADF;
- 		return;
-+	}
- 
- 	FD_ZERO(&fds);
- 	FD_SET(cli->fd,&fds);
-diff --git a/source/client/dnsbrowse.c b/source/client/dnsbrowse.c
-index 5e3a4de..aa2fb22 100644
---- a/source/client/dnsbrowse.c
-+++ b/source/client/dnsbrowse.c
-@@ -81,6 +81,11 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
- 			TALLOC_FREE(fdset);
- 		}
- 
-+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			break;
-+		}
-+
- 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
- 		fdset = TALLOC_ZERO(ctx, fdsetsz);
- 		FD_SET(mdnsfd, fdset);
-@@ -183,6 +188,13 @@ int do_smb_browse(void)
- 
- 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
- 		fdset = TALLOC_ZERO(ctx, fdsetsz);
-+
-+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			TALLOC_FREE(ctx);
-+			return 1;
-+		}
-+
- 		FD_SET(mdnsfd, fdset);
- 
- 		tv.tv_sec = 1;
-diff --git a/source/lib/events.c b/source/lib/events.c
-index cd20ceb..2ddbab7 100644
---- a/source/lib/events.c
-+++ b/source/lib/events.c
-@@ -140,6 +140,11 @@ struct fd_event *event_add_fd(struct event_context *event_ctx,
- {
- 	struct fd_event *fde;
- 
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return NULL;
-+	}
-+
- 	if (!(fde = TALLOC_P(mem_ctx, struct fd_event))) {
- 		return NULL;
- 	}
-@@ -190,6 +195,14 @@ bool event_add_to_select_args(struct event_context *event_ctx,
- 	bool ret = False;
- 
- 	for (fde = event_ctx->fd_events; fde; fde = fde->next) {
-+		if (fde->fd < 0 || fde->fd >= FD_SETSIZE) {
-+			/* We ignore here, as it shouldn't be
-+			   possible to add an invalid fde->fd
-+			   but we don't want FD_SET to see an
-+			   invalid fd. */
-+			continue;
-+		}
-+
- 		if (fde->flags & EVENT_FD_READ) {
- 			FD_SET(fde->fd, read_fds);
- 			ret = True;
-diff --git a/source/lib/packet.c b/source/lib/packet.c
-index e048616..512c7f2 100644
---- a/source/lib/packet.c
-+++ b/source/lib/packet.c
-@@ -106,6 +106,11 @@ NTSTATUS packet_fd_read_sync(struct packet_context *ctx)
- 	int res;
- 	fd_set r_fds;
- 
-+	if (ctx->fd < 0 || ctx->fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return map_nt_error_from_unix(errno);
-+	}
-+
- 	FD_ZERO(&r_fds);
- 	FD_SET(ctx->fd, &r_fds);
- 
-diff --git a/source/lib/readline.c b/source/lib/readline.c
-index 34867aa..70a82f2 100644
---- a/source/lib/readline.c
-+++ b/source/lib/readline.c
-@@ -91,6 +91,11 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
- 		timeout.tv_sec = 5;
- 		timeout.tv_usec = 0;
- 
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			break;
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(fd,&fds);
- 
-diff --git a/source/lib/select.c b/source/lib/select.c
-index c3da6a9..2d5f02c 100644
---- a/source/lib/select.c
-+++ b/source/lib/select.c
-@@ -61,6 +61,11 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s
- 		if (pipe(select_pipe) == -1)
- 			smb_panic("Could not create select pipe");
- 
-+		if (select_pipe[0] < 0 || select_pipe[0] >= FD_SETSIZE) {
-+			errno = EBADF;
-+			return -1;
-+		}
-+
- 		/*
- 		 * These next two lines seem to fix a bug with the Linux
- 		 * 2.0.x kernel (and probably other UNIXes as well) where
-@@ -87,6 +92,7 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s
- 		readfds2 = &readfds_buf;
- 		FD_ZERO(readfds2);
- 	}
-+
- 	FD_SET(select_pipe[0], readfds2);
- 
- 	errno = 0;
-diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
-index 650bd13..8aa2c97 100644
---- a/source/lib/util_sock.c
-+++ b/source/lib/util_sock.c
-@@ -960,6 +960,11 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
- 	timeout.tv_usec = (long)(1000 * (time_out % 1000));
- 
- 	for (nread=0; nread < mincnt; ) {
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			return map_nt_error_from_unix(EBADF);
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(fd,&fds);
- 
-@@ -1492,7 +1497,7 @@ bool open_any_socket_out(struct sockaddr_storage *addrs, int num_addrs,
- 
- 	for (i=0; i<num_addrs; i++) {
- 		sockets[i] = socket(addrs[i].ss_family, SOCK_STREAM, 0);
--		if (sockets[i] < 0)
-+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE)
- 			goto done;
- 		set_blocking(sockets[i], false);
- 	}
-@@ -1541,8 +1546,10 @@ bool open_any_socket_out(struct sockaddr_storage *addrs, int num_addrs,
- 	FD_ZERO(&r_fds);
- 
- 	for (i=0; i<num_addrs; i++) {
--		if (sockets[i] == -1)
-+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE) {
-+			/* This cannot happen - ignore if so. */
- 			continue;
-+		}
- 		FD_SET(sockets[i], &wr_fds);
- 		FD_SET(sockets[i], &r_fds);
- 		if (sockets[i]>maxfd)
-diff --git a/source/libaddns/dnssock.c b/source/libaddns/dnssock.c
-index 7c8bd41..f427bd5 100644
---- a/source/libaddns/dnssock.c
-+++ b/source/libaddns/dnssock.c
-@@ -218,7 +218,11 @@ static DNS_ERROR read_all(int fd, uint8 *data, size_t len)
- 	while (total < len) {
- 		ssize_t ret;
- 		int fd_ready;
--		
-+
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			return ERROR_DNS_SOCKET_ERROR;
-+		}
-+
- 		FD_ZERO( &rfds );
- 		FD_SET( fd, &rfds );
- 
-diff --git a/source/libsmb/nmblib.c b/source/libsmb/nmblib.c
-index bfe5e7b..768e54d 100644
---- a/source/libsmb/nmblib.c
-+++ b/source/libsmb/nmblib.c
-@@ -1097,6 +1097,11 @@ struct packet_struct *receive_packet(int fd,enum packet_type type,int t)
- 	struct timeval timeout;
- 	int ret;
- 
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return NULL;
-+	}
-+
- 	FD_ZERO(&fds);
- 	FD_SET(fd,&fds);
- 	timeout.tv_sec = t/1000;
-diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
-index 4b97819..03e5362 100644
---- a/source/nmbd/nmbd_packets.c
-+++ b/source/nmbd/nmbd_packets.c
-@@ -1683,7 +1683,7 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
- 		count++;
- 
--	if((count*2) + 2 > FD_SETSIZE) {
-+	if((count*2) + 2 >= FD_SETSIZE) {
- 		DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
- only use %d.\n", (count*2) + 2, FD_SETSIZE));
- 		SAFE_FREE(pset);
-@@ -1699,24 +1699,44 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
- 	FD_ZERO(pset);
- 
- 	/* Add in the broadcast socket on 137. */
-+	if (ClientNMB < 0 || ClientNMB >= FD_SETSIZE) {
-+		errno = EBADF;
-+		SAFE_FREE(pset);
-+		return True;
-+	}
-+
- 	FD_SET(ClientNMB,pset);
- 	sock_array[num++] = ClientNMB;
- 	*maxfd = MAX( *maxfd, ClientNMB);
- 
- 	/* Add in the 137 sockets on all the interfaces. */
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
-+		if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) {
-+			/* We have to ignore sockets outside FD_SETSIZE. */
-+			continue;
-+		}
- 		FD_SET(subrec->nmb_sock,pset);
- 		sock_array[num++] = subrec->nmb_sock;
- 		*maxfd = MAX( *maxfd, subrec->nmb_sock);
- 	}
- 
- 	/* Add in the broadcast socket on 138. */
-+	if (ClientDGRAM < 0 || ClientDGRAM >= FD_SETSIZE) {
-+		errno = EBADF;
-+		SAFE_FREE(pset);
-+		return True;
-+	}
-+
- 	FD_SET(ClientDGRAM,pset);
- 	sock_array[num++] = ClientDGRAM;
- 	*maxfd = MAX( *maxfd, ClientDGRAM);
- 
- 	/* Add in the 138 sockets on all the interfaces. */
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
-+		if (subrec->dgram_sock < 0 || subrec->dgram_sock >= FD_SETSIZE) {
-+			/* We have to ignore sockets outside FD_SETSIZE. */
-+			continue;
-+		}
- 		FD_SET(subrec->dgram_sock,pset);
- 		sock_array[num++] = subrec->dgram_sock;
- 		*maxfd = MAX( *maxfd, subrec->dgram_sock);
-@@ -1767,7 +1787,7 @@ bool listen_for_packets(bool run_election)
- 
- #ifndef SYNC_DNS
- 	dns_fd = asyncdns_fd();
--	if (dns_fd != -1) {
-+	if (dns_fd >= 0 && dns_fd < FD_SETSIZE) {
- 		FD_SET(dns_fd, &r_fds);
- 		maxfd = MAX( maxfd, dns_fd);
- 	}
-diff --git a/source/nsswitch/wb_common.c b/source/nsswitch/wb_common.c
-index a164621..4f76bd0 100644
---- a/source/nsswitch/wb_common.c
-+++ b/source/nsswitch/wb_common.c
-@@ -240,6 +240,12 @@ static int winbind_named_pipe_sock(const char *dir)
- 
- 		switch (errno) {
- 			case EINPROGRESS:
-+
-+				if (fd < 0 || fd >= FD_SETSIZE) {
-+					errno = EBADF;
-+					goto error_out;
-+				}
-+
- 				FD_ZERO(&w_fds);
- 				FD_SET(fd, &w_fds);
- 				tv.tv_sec = CONNECT_TIMEOUT - wait_time;
-@@ -383,7 +389,13 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
- 	while(nwritten < count) {
- 		struct timeval tv;
- 		fd_set r_fds;
--		
-+
-+		if (winbindd_fd < 0 || winbindd_fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			winbind_close_sock();
-+			return -1;
-+		}
-+
- 		/* Catch pipe close on other end by checking if a read()
- 		   call would not block by calling select(). */
- 
-@@ -443,7 +455,13 @@ int winbind_read_sock(void *buffer, int count)
- 	while(nread < count) {
- 		struct timeval tv;
- 		fd_set r_fds;
--		
-+
-+		if (winbindd_fd < 0 || winbindd_fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			winbind_close_sock();
-+			return -1;
-+		}
-+
- 		/* Catch pipe close on other end by checking if a read()
- 		   call would not block by calling select(). */
- 
-diff --git a/source/printing/printing.c b/source/printing/printing.c
-index a9272eb..c3b8c61 100644
---- a/source/printing/printing.c
-+++ b/source/printing/printing.c
-@@ -1407,6 +1407,11 @@ void start_background_queue(void)
- 		exit(1);
- 	}
- 
-+	if (pause_pipe[1] < 0 || pause_pipe[1] >= FD_SETSIZE) {
-+		DEBUG(5,("start_background_queue: pipe fd out of range.\n"));
-+		exit(1);
-+	}
-+
- 	background_lpq_updater_pid = sys_fork();
- 
- 	if (background_lpq_updater_pid == -1) {
-diff --git a/source/smbd/dnsregister.c b/source/smbd/dnsregister.c
-index f02739e..3c689b9 100644
---- a/source/smbd/dnsregister.c
-+++ b/source/smbd/dnsregister.c
-@@ -125,6 +125,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
- 	 */
- 	if (dns_state->srv_ref != NULL) {
- 		mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
-+		if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
-+			return;
-+		}
- 		FD_SET(mdnsd_conn_fd, listen_set);
- 		return;
- 	}
-@@ -156,6 +159,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
- 	}
- 
- 	mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
-+	if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
-+		return;
-+	}
- 	FD_SET(mdnsd_conn_fd, listen_set);
- 	*maxfd = MAX(*maxfd, mdnsd_conn_fd);
- 	*timeout = timeval_zero();
-diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
-index a07d05d..5ae3fdf 100644
---- a/source/smbd/oplock.c
-+++ b/source/smbd/oplock.c
-@@ -241,7 +241,10 @@ bool downgrade_oplock(files_struct *fsp)
- int oplock_notify_fd(void)
- {
- 	if (koplocks) {
--		return koplocks->notification_fd;
-+		int fd = koplocks->notification_fd;
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			return -1;
-+		}
- 	}
- 
- 	return -1;
-diff --git a/source/smbd/oplock_irix.c b/source/smbd/oplock_irix.c
-index 8c287c9..6e86fac 100644
---- a/source/smbd/oplock_irix.c
-+++ b/source/smbd/oplock_irix.c
-@@ -284,6 +284,11 @@ struct kernel_oplocks *irix_init_kernel_oplocks(void)
- 		return False;
- 	}
- 
-+	if (pfd[0] < 0 || pfd[0] >= FD_SETSIZE) {
-+		DEBUG(0,("setup_kernel_oplock_pipe: fd out of range.\n"));
-+		return False;
-+	}
-+
- 	oplock_pipe_read = pfd[0];
- 	oplock_pipe_write = pfd[1];
- 
-diff --git a/source/smbd/process.c b/source/smbd/process.c
-index 403c7c6..9b8f29b 100644
---- a/source/smbd/process.c
-+++ b/source/smbd/process.c
-@@ -698,7 +698,7 @@ static void async_processing(fd_set *pfds)
- 
- static int select_on_fd(int fd, int maxfd, fd_set *fds)
- {
--	if (fd != -1) {
-+	if (fd != -1 && fd < FD_SETSIZE) {
- 		FD_SET(fd, fds);
- 		maxfd = MAX(maxfd, fd);
- 	}
-diff --git a/source/smbd/server.c b/source/smbd/server.c
-index 5129484..a670334 100644
---- a/source/smbd/server.c
-+++ b/source/smbd/server.c
-@@ -209,7 +209,13 @@ static bool open_sockets_inetd(void)
- 	/* Started from inetd. fd 0 is the socket. */
- 	/* We will abort gracefully when the client or remote system 
- 	   goes away */
--	smbd_set_server_fd(dup(0));
-+	int fd = dup(0);
-+
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		return false;
-+	}
-+
-+	smbd_set_server_fd(fd);
- 	
- 	/* close our standard file descriptors */
- 	close_low_fds(False); /* Don't close stderr */
-@@ -436,7 +442,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 							num_sockets == 0 ? 0 : 2,
- 							ifss,
- 							true);
--				if(s == -1) {
-+				if(s < 0 || s >= FD_SETSIZE) {
-+					close(s);
- 					continue;
- 				}
- 
-@@ -516,7 +523,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 						num_sockets == 0 ? 0 : 2,
- 						&ss,
- 						true);
--				if (s == -1) {
-+				if (s < 0 || s >= FD_SETSIZE) {
- 					continue;
- 				}
- 
-@@ -709,6 +716,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 			struct sockaddr addr;
- 			socklen_t in_addrlen = sizeof(addr);
- 			pid_t child = 0;
-+			int fd;
- 
- 			s = -1;
- 			for(i = 0; i < num_sockets; i++) {
-@@ -721,16 +729,21 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 				}
- 			}
- 
--			smbd_set_server_fd(accept(s,&addr,&in_addrlen));
--
--			if (smbd_server_fd() == -1 && errno == EINTR)
-+			fd = accept(s,&addr,&in_addrlen);
-+			if (fd == -1 && errno == EINTR)
- 				continue;
--
--			if (smbd_server_fd() == -1) {
-+			if (fd == -1) {
- 				DEBUG(2,("open_sockets_smbd: accept: %s\n",
- 					 strerror(errno)));
- 				continue;
- 			}
-+			if (fd < 0 || fd >= FD_SETSIZE) {
-+				DEBUG(2,("open_sockets_smbd: bad fd %d\n",
-+					fd ));
-+				continue;
-+			}
-+
-+			smbd_set_server_fd(fd);
- 
- 			/* Ensure child is set to blocking mode */
- 			set_blocking(smbd_server_fd(),True);
-diff --git a/source/utils/smbfilter.c b/source/utils/smbfilter.c
-index 1e22a40..45f9207 100644
---- a/source/utils/smbfilter.c
-+++ b/source/utils/smbfilter.c
-@@ -162,8 +162,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
- 		int num;
- 		
- 		FD_ZERO(&fds);
--		if (s != -1) FD_SET(s, &fds);
--		if (c != -1) FD_SET(c, &fds);
-+		if (s >= 0 && s < FD_SETSIZE) FD_SET(s, &fds);
-+		if (c >= 0 && c < FD_SETSIZE) FD_SET(c, &fds);
- 
- 		num = sys_select_intr(MAX(s+1, c+1),&fds,NULL,NULL,NULL);
- 		if (num <= 0) continue;
-@@ -235,6 +235,10 @@ static void start_filter(char *desthost)
- 		struct sockaddr_storage ss;
- 		socklen_t in_addrlen = sizeof(ss);
- 		
-+		if (s < 0 || s >= FD_SETSIZE) {
-+			break;
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(s, &fds);
- 
-diff --git a/source/winbindd/winbindd.c b/source/winbindd/winbindd.c
-index 1d618e2..6b5c251 100644
---- a/source/winbindd/winbindd.c
-+++ b/source/winbindd/winbindd.c
-@@ -836,7 +836,8 @@ static void process_loop(void)
- 	listen_sock = open_winbindd_socket();
- 	listen_priv_sock = open_winbindd_priv_socket();
- 
--	if (listen_sock == -1 || listen_priv_sock == -1) {
-+	if (listen_sock < 0 || listen_sock >= FD_SETSIZE ||
-+			listen_priv_sock < 0 || listen_priv_sock >= FD_SETSIZE) {
- 		perror("open_winbind_socket");
- 		exit(1);
- 	}
-@@ -861,6 +862,9 @@ static void process_loop(void)
- 
- 	FD_ZERO(&r_fds);
- 	FD_ZERO(&w_fds);
-+
-+	/* We check the range for listen_sock and
-+	   listen_priv_sock above. */
- 	FD_SET(listen_sock, &r_fds);
- 	FD_SET(listen_priv_sock, &r_fds);
- 
-@@ -890,6 +894,12 @@ static void process_loop(void)
- 	}
- 
- 	for (ev = fd_events; ev; ev = ev->next) {
-+		if (ev->fd < 0 || ev->fd >= FD_SETSIZE) {
-+			/* Ignore here - event_add_to_select_args
-+			   should make this impossible. */
-+			continue;
-+		}
-+
- 		if (ev->flags & EVENT_FD_READ) {
- 			FD_SET(ev->fd, &r_fds);
- 			maxfd = MAX(ev->fd, maxfd);
-diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
-index ff004f2..b30ec20 100644
---- a/source/winbindd/winbindd_dual.c
-+++ b/source/winbindd/winbindd_dual.c
-@@ -1250,6 +1250,12 @@ static bool fork_domain_child(struct winbindd_child *child)
- 		return False;
- 	}
- 
-+	if (fdpair[0] < 0 || fdpair[0] >= FD_SETSIZE) {
-+		DEBUG(0, ("fork_domain_child: bad fd range (%d)\n", fdpair[0]));
-+		errno = EBADF;
-+		return False;
-+	}
-+
- 	ZERO_STRUCT(state);
- 	state.pid = sys_getpid();
- 
-@@ -1405,6 +1411,7 @@ static bool fork_domain_child(struct winbindd_child *child)
- 		message_dispatch(winbind_messaging_context());
- 
- 		FD_ZERO(&read_fds);
-+		/* We check state.sock against FD_SETSIZE above. */
- 		FD_SET(state.sock, &read_fds);
- 
- 		ret = sys_select(state.sock + 1, &read_fds, NULL, NULL, tp);
--- 
-1.6.4.2
-
diff --git a/package/samba/samba-add-check-for-__use_bsd.patch b/package/samba/samba-add-check-for-__use_bsd.patch
deleted file mode 100644
index a4c7109..0000000
--- a/package/samba/samba-add-check-for-__use_bsd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/client/mount.cifs.c	2009-04-20 12:59:57.000000000 +0200
-@@ -100,6 +100,7 @@
- 
- /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
-  * don't link to libreplace so need them here. */
-+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))
- 
- /* like strncpy but does not 0 fill the buffer and always null
-  *    terminates. bufsize is the size of the destination buffer */
-@@ -181,6 +182,7 @@
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-do-not-check-glibc-version.patch b/package/samba/samba-do-not-check-glibc-version.patch
deleted file mode 100644
index c5e3cd4..0000000
--- a/package/samba/samba-do-not-check-glibc-version.patch
+++ /dev/null
@@ -1,104 +0,0 @@
---- a/source/configure	2009-04-01 14:19:36.000000000 +0200
-+++ b/source/configure	2009-04-20 13:05:12.000000000 +0200
-@@ -44061,90 +44061,8 @@
- 
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- 
--#
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       if test "$cross_compiling" = yes; then
--  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--{ { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&5
--$as_echo "$as_me: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&2;}
--   { (exit 1); exit 1; }; }; }
--else
--  cat >conftest.$ac_ext <<_ACEOF
--/* confdefs.h.  */
--_ACEOF
--cat confdefs.h >>conftest.$ac_ext
--cat >>conftest.$ac_ext <<_ACEOF
--/* end confdefs.h.  */
--
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--
--_ACEOF
--rm -f conftest$ac_exeext
--if { (ac_try="$ac_link"
--case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_link") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
--  { (case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_try") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); }; }; then
--  linux_getgrouplist_ok=yes
--else
--  $as_echo "$as_me: program exited with status $ac_status" >&5
--$as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--( exit $ac_status )
--linux_getgrouplist_ok=no
--fi
--rm -rf conftest.dSYM
--rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
--fi
--
--
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--
--cat >>confdefs.h <<\_ACEOF
--#define HAVE_GETGROUPLIST 1
--_ACEOF
--
--       fi
--       ;;
--    *)
-+# Stripped glibc test which is not needed for uClibc
-+linux_getgrouplist_ok=yes
- 
- for ac_func in getgrouplist
- do
-@@ -44246,8 +44164,6 @@
- fi
- done
- 
--       ;;
--esac
- 
- #
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
diff --git a/package/samba/samba-fix-client-mtab.patch b/package/samba/samba-fix-client-mtab.patch
deleted file mode 100644
index 21e7158..0000000
--- a/package/samba/samba-fix-client-mtab.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/source/client/mtab.c
-+++ b/source/client/mtab.c
-@@ -31,6 +31,8 @@
- #include <unistd.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
- #include <sys/time.h>
- #include <time.h>
- #include <fcntl.h>
diff --git a/package/samba/samba-fix-mount.cifs.patch b/package/samba/samba-fix-mount.cifs.patch
deleted file mode 100644
index 90bff23..0000000
--- a/package/samba/samba-fix-mount.cifs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c
-+++ b/source/client/mount.cifs.c
-@@ -138,6 +138,7 @@ static size_t strlcat(char *d, const cha
- 	return ret;
- }
- #endif
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* BB finish BB
- 
-@@ -178,7 +179,6 @@ static void mount_cifs_usage(void)
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
--#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-getgrouplist.patch b/package/samba/samba-getgrouplist.patch
deleted file mode 100644
index e98d9cd..0000000
--- a/package/samba/samba-getgrouplist.patch
+++ /dev/null
@@ -1,41 +0,0 @@
---- a/source/configure.in	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/configure.in	2009-04-20 13:08:42.000000000 +0200
-@@ -1219,38 +1219,6 @@
- AC_DEFINE(HAVE_PRCTL, 1, [Whether prctl is available]),[])
- 
- #
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       AC_TRY_RUN([
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--], [linux_getgrouplist_ok=yes], [linux_getgrouplist_ok=no])
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--          AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
--       fi
--       ;;
--    *)
--       AC_CHECK_FUNCS(getgrouplist)
--       ;;
--esac
--
--#
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
- #
- 
diff --git a/package/samba/samba-remove-legacy-index.patch b/package/samba/samba-remove-legacy-index.patch
index 49a3b7d..855bca7 100644
--- a/package/samba/samba-remove-legacy-index.patch
+++ b/package/samba/samba-remove-legacy-index.patch
@@ -1,5 +1,5 @@
---- a/source/registry/reg_perfcount.c
-+++ b/source/registry/reg_perfcount.c
+--- a/source3/registry/reg_perfcount.c
++++ b/source3/registry/reg_perfcount.c
 @@ -616,14 +616,14 @@ static bool _reg_perfcount_add_counter(P
  	obj = NULL;
  	memset(buf, 0, PERFCOUNT_MAX_LEN);
diff --git a/package/samba/samba.mk b/package/samba/samba.mk
index a3bd63c..b3fbd4b 100644
--- a/package/samba/samba.mk
+++ b/package/samba/samba.mk
@@ -3,11 +3,11 @@
 # samba
 #
 #############################################################
-SAMBA_VERSION:=3.3.14
+SAMBA_VERSION:=3.5.10
 SAMBA_SOURCE:=samba-$(SAMBA_VERSION).tar.gz
 SAMBA_SITE:=http://samba.org/samba/ftp/stable/
 
-SAMBA_SUBDIR = source
+SAMBA_SUBDIR = source3
 SAMBA_AUTORECONF = NO
 
 SAMBA_INSTALL_STAGING = YES
-- 
1.7.4.1

[Buildroot] [PATCH 2/3] samba: fix linking of smbd with avahi support

[Sven Neumann]

Expliticly link with -lpthread if smbd is compiled with
avahi support. Otherwise the binary will fail to run.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-fix-smbd-libs-avahi.patch |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)
 create mode 100644 package/samba/samba-fix-smbd-libs-avahi.patch

diff --git a/package/samba/samba-fix-smbd-libs-avahi.patch b/package/samba/samba-fix-smbd-libs-avahi.patch
new file mode 100644
index 0000000..c317b84
--- /dev/null
+++ b/package/samba/samba-fix-smbd-libs-avahi.patch
@@ -0,0 +1,11 @@
+--- a/source3/Makefile.in	2010-10-07 18:41:16.000000000 +0200
++++ b/source3/Makefile.in	2010-10-27 14:52:40.000000000 +0200
+@@ -1552,7 +1552,7 @@
+ 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
+ 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
+ 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
+-		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
++		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS)
+ 
+ bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+ 	@echo Linking $@
-- 
1.7.4.1

[Buildroot] [PATCH 3/3] samba: make installation of smbd configurable

[Sven Neumann]

It may be desirable to compile samba but not actually install
the smbd binary. This is the case if you need libsmbclient but
don't want to run a samba server.

Make this possible by allowing to disable installation of smbd.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/Config.in |    7 +++++++
 package/samba/samba.mk  |    1 +
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/package/samba/Config.in b/package/samba/Config.in
index 58a84f3..c4fb456 100644
--- a/package/samba/Config.in
+++ b/package/samba/Config.in
@@ -122,6 +122,13 @@ config BR2_PACKAGE_SAMBA_SMBCQUOTAS
 	help
 	  Set or get QUOTAs of NTFS 5 shares
 
+config BR2_PACKAGE_SAMBA_SMBD
+	bool "smbd"
+	default y
+	depends on BR2_PACKAGE_SAMBA
+	help
+	  The server daemon that provides filesharing and printing services,
+
 config BR2_PACKAGE_SAMBA_SMBGET
 	bool "smbget"
 	default y
diff --git a/package/samba/samba.mk b/package/samba/samba.mk
index b3fbd4b..2bb0530 100644
--- a/package/samba/samba.mk
+++ b/package/samba/samba.mk
@@ -110,6 +110,7 @@ SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBCACLS) += usr/bin/smbcacls
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBCLIENT) += usr/bin/smbclient
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBCONTROL) += usr/bin/smbcontrol
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBCQUOTAS) += usr/bin/smbcquotas
+SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBD) += usr/sbin/smbd
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBGET) += usr/bin/smbget
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBLDBTOOLS) += usr/bin/ldbadd
 SAMBA_BINTARGETS_$(BR2_PACKAGE_SAMBA_SMBLDBTOOLS) += usr/bin/ldbdel
-- 
1.7.4.1

[Buildroot] [PATCH 1/3] samba: bump to version 3.5.10

[Sven Neumann]

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-CVE-2011-0719.patch            |  613 --------------------
 package/samba/samba-add-check-for-__use_bsd.patch  |   18 -
 .../samba/samba-do-not-check-glibc-version.patch   |  104 ----
 package/samba/samba-fix-client-mtab.patch          |   11 -
 package/samba/samba-fix-mount.cifs.patch           |   18 -
 package/samba/samba-getgrouplist.patch             |   41 --
 package/samba/samba-remove-legacy-index.patch      |    4 +-
 package/samba/samba.mk                             |    4 +-
 8 files changed, 4 insertions(+), 809 deletions(-)
 delete mode 100644 package/samba/samba-CVE-2011-0719.patch
 delete mode 100644 package/samba/samba-add-check-for-__use_bsd.patch
 delete mode 100644 package/samba/samba-do-not-check-glibc-version.patch
 delete mode 100644 package/samba/samba-fix-client-mtab.patch
 delete mode 100644 package/samba/samba-fix-mount.cifs.patch
 delete mode 100644 package/samba/samba-getgrouplist.patch

diff --git a/package/samba/samba-CVE-2011-0719.patch b/package/samba/samba-CVE-2011-0719.patch
deleted file mode 100644
index 1cb8580..0000000
--- a/package/samba/samba-CVE-2011-0719.patch
+++ /dev/null
@@ -1,613 +0,0 @@
-From 724e44eed299c618066dec411530aa9f156119ec Mon Sep 17 00:00:00 2001
-From: Karolin Seeger <kseeger@samba.org>
-Date: Sun, 27 Feb 2011 18:28:29 +0100
-Subject: [PATCH] Fix denial of service - memory corruption.
-
-CVE-2011-0719
-
-Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
-
-All current released versions of Samba are vulnerable to
-a denial of service caused by memory corruption. Range
-checks on file descriptors being used in the FD_SET macro
-were not present allowing stack corruption. This can cause
-the Samba code to crash or to loop attempting to select
-on a bad file descriptor set.
-
-A connection to a file share, or a local account is needed
-to exploit this problem, either authenticated or unauthenticated
-(guest connection).
-
-Currently we do not believe this flaw is exploitable
-beyond a crash or causing the code to loop, but on the
-advice of our security reviewers we are releasing fixes
-in case an exploit is discovered at a later date.
----
- source/client/client.c          |    4 +++-
- source/client/dnsbrowse.c       |   12 ++++++++++++
- source/lib/events.c             |   13 +++++++++++++
- source/lib/packet.c             |    5 +++++
- source/lib/readline.c           |    5 +++++
- source/lib/select.c             |    6 ++++++
- source/lib/util_sock.c          |   11 +++++++++--
- source/libaddns/dnssock.c       |    6 +++++-
- source/libsmb/nmblib.c          |    5 +++++
- source/nmbd/nmbd_packets.c      |   24 ++++++++++++++++++++++--
- source/nsswitch/wb_common.c     |   22 ++++++++++++++++++++--
- source/printing/printing.c      |    5 +++++
- source/smbd/dnsregister.c       |    6 ++++++
- source/smbd/oplock.c            |    5 ++++-
- source/smbd/oplock_irix.c       |    5 +++++
- source/smbd/process.c           |    2 +-
- source/smbd/server.c            |   29 +++++++++++++++++++++--------
- source/utils/smbfilter.c        |    8 ++++++--
- source/winbindd/winbindd.c      |   12 +++++++++++-
- source/winbindd/winbindd_dual.c |    7 +++++++
- 20 files changed, 171 insertions(+), 21 deletions(-)
-
-diff --git a/source/client/client.c b/source/client/client.c
-index 53bd9e6..a989441 100644
---- a/source/client/client.c
-+++ b/source/client/client.c
-@@ -4379,8 +4379,10 @@ static void readline_callback(void)
- 
-  again:
- 
--	if (cli->fd == -1)
-+	if (cli->fd < 0 || cli->fd >= FD_SETSIZE) {
-+		errno = EBADF;
- 		return;
-+	}
- 
- 	FD_ZERO(&fds);
- 	FD_SET(cli->fd,&fds);
-diff --git a/source/client/dnsbrowse.c b/source/client/dnsbrowse.c
-index 5e3a4de..aa2fb22 100644
---- a/source/client/dnsbrowse.c
-+++ b/source/client/dnsbrowse.c
-@@ -81,6 +81,11 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
- 			TALLOC_FREE(fdset);
- 		}
- 
-+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			break;
-+		}
-+
- 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
- 		fdset = TALLOC_ZERO(ctx, fdsetsz);
- 		FD_SET(mdnsfd, fdset);
-@@ -183,6 +188,13 @@ int do_smb_browse(void)
- 
- 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
- 		fdset = TALLOC_ZERO(ctx, fdsetsz);
-+
-+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			TALLOC_FREE(ctx);
-+			return 1;
-+		}
-+
- 		FD_SET(mdnsfd, fdset);
- 
- 		tv.tv_sec = 1;
-diff --git a/source/lib/events.c b/source/lib/events.c
-index cd20ceb..2ddbab7 100644
---- a/source/lib/events.c
-+++ b/source/lib/events.c
-@@ -140,6 +140,11 @@ struct fd_event *event_add_fd(struct event_context *event_ctx,
- {
- 	struct fd_event *fde;
- 
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return NULL;
-+	}
-+
- 	if (!(fde = TALLOC_P(mem_ctx, struct fd_event))) {
- 		return NULL;
- 	}
-@@ -190,6 +195,14 @@ bool event_add_to_select_args(struct event_context *event_ctx,
- 	bool ret = False;
- 
- 	for (fde = event_ctx->fd_events; fde; fde = fde->next) {
-+		if (fde->fd < 0 || fde->fd >= FD_SETSIZE) {
-+			/* We ignore here, as it shouldn't be
-+			   possible to add an invalid fde->fd
-+			   but we don't want FD_SET to see an
-+			   invalid fd. */
-+			continue;
-+		}
-+
- 		if (fde->flags & EVENT_FD_READ) {
- 			FD_SET(fde->fd, read_fds);
- 			ret = True;
-diff --git a/source/lib/packet.c b/source/lib/packet.c
-index e048616..512c7f2 100644
---- a/source/lib/packet.c
-+++ b/source/lib/packet.c
-@@ -106,6 +106,11 @@ NTSTATUS packet_fd_read_sync(struct packet_context *ctx)
- 	int res;
- 	fd_set r_fds;
- 
-+	if (ctx->fd < 0 || ctx->fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return map_nt_error_from_unix(errno);
-+	}
-+
- 	FD_ZERO(&r_fds);
- 	FD_SET(ctx->fd, &r_fds);
- 
-diff --git a/source/lib/readline.c b/source/lib/readline.c
-index 34867aa..70a82f2 100644
---- a/source/lib/readline.c
-+++ b/source/lib/readline.c
-@@ -91,6 +91,11 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
- 		timeout.tv_sec = 5;
- 		timeout.tv_usec = 0;
- 
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			break;
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(fd,&fds);
- 
-diff --git a/source/lib/select.c b/source/lib/select.c
-index c3da6a9..2d5f02c 100644
---- a/source/lib/select.c
-+++ b/source/lib/select.c
-@@ -61,6 +61,11 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s
- 		if (pipe(select_pipe) == -1)
- 			smb_panic("Could not create select pipe");
- 
-+		if (select_pipe[0] < 0 || select_pipe[0] >= FD_SETSIZE) {
-+			errno = EBADF;
-+			return -1;
-+		}
-+
- 		/*
- 		 * These next two lines seem to fix a bug with the Linux
- 		 * 2.0.x kernel (and probably other UNIXes as well) where
-@@ -87,6 +92,7 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s
- 		readfds2 = &readfds_buf;
- 		FD_ZERO(readfds2);
- 	}
-+
- 	FD_SET(select_pipe[0], readfds2);
- 
- 	errno = 0;
-diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
-index 650bd13..8aa2c97 100644
---- a/source/lib/util_sock.c
-+++ b/source/lib/util_sock.c
-@@ -960,6 +960,11 @@ NTSTATUS read_socket_with_timeout(int fd, char *buf,
- 	timeout.tv_usec = (long)(1000 * (time_out % 1000));
- 
- 	for (nread=0; nread < mincnt; ) {
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			return map_nt_error_from_unix(EBADF);
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(fd,&fds);
- 
-@@ -1492,7 +1497,7 @@ bool open_any_socket_out(struct sockaddr_storage *addrs, int num_addrs,
- 
- 	for (i=0; i<num_addrs; i++) {
- 		sockets[i] = socket(addrs[i].ss_family, SOCK_STREAM, 0);
--		if (sockets[i] < 0)
-+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE)
- 			goto done;
- 		set_blocking(sockets[i], false);
- 	}
-@@ -1541,8 +1546,10 @@ bool open_any_socket_out(struct sockaddr_storage *addrs, int num_addrs,
- 	FD_ZERO(&r_fds);
- 
- 	for (i=0; i<num_addrs; i++) {
--		if (sockets[i] == -1)
-+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE) {
-+			/* This cannot happen - ignore if so. */
- 			continue;
-+		}
- 		FD_SET(sockets[i], &wr_fds);
- 		FD_SET(sockets[i], &r_fds);
- 		if (sockets[i]>maxfd)
-diff --git a/source/libaddns/dnssock.c b/source/libaddns/dnssock.c
-index 7c8bd41..f427bd5 100644
---- a/source/libaddns/dnssock.c
-+++ b/source/libaddns/dnssock.c
-@@ -218,7 +218,11 @@ static DNS_ERROR read_all(int fd, uint8 *data, size_t len)
- 	while (total < len) {
- 		ssize_t ret;
- 		int fd_ready;
--		
-+
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			return ERROR_DNS_SOCKET_ERROR;
-+		}
-+
- 		FD_ZERO( &rfds );
- 		FD_SET( fd, &rfds );
- 
-diff --git a/source/libsmb/nmblib.c b/source/libsmb/nmblib.c
-index bfe5e7b..768e54d 100644
---- a/source/libsmb/nmblib.c
-+++ b/source/libsmb/nmblib.c
-@@ -1097,6 +1097,11 @@ struct packet_struct *receive_packet(int fd,enum packet_type type,int t)
- 	struct timeval timeout;
- 	int ret;
- 
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		errno = EBADF;
-+		return NULL;
-+	}
-+
- 	FD_ZERO(&fds);
- 	FD_SET(fd,&fds);
- 	timeout.tv_sec = t/1000;
-diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
-index 4b97819..03e5362 100644
---- a/source/nmbd/nmbd_packets.c
-+++ b/source/nmbd/nmbd_packets.c
-@@ -1683,7 +1683,7 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
- 		count++;
- 
--	if((count*2) + 2 > FD_SETSIZE) {
-+	if((count*2) + 2 >= FD_SETSIZE) {
- 		DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
- only use %d.\n", (count*2) + 2, FD_SETSIZE));
- 		SAFE_FREE(pset);
-@@ -1699,24 +1699,44 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
- 	FD_ZERO(pset);
- 
- 	/* Add in the broadcast socket on 137. */
-+	if (ClientNMB < 0 || ClientNMB >= FD_SETSIZE) {
-+		errno = EBADF;
-+		SAFE_FREE(pset);
-+		return True;
-+	}
-+
- 	FD_SET(ClientNMB,pset);
- 	sock_array[num++] = ClientNMB;
- 	*maxfd = MAX( *maxfd, ClientNMB);
- 
- 	/* Add in the 137 sockets on all the interfaces. */
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
-+		if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) {
-+			/* We have to ignore sockets outside FD_SETSIZE. */
-+			continue;
-+		}
- 		FD_SET(subrec->nmb_sock,pset);
- 		sock_array[num++] = subrec->nmb_sock;
- 		*maxfd = MAX( *maxfd, subrec->nmb_sock);
- 	}
- 
- 	/* Add in the broadcast socket on 138. */
-+	if (ClientDGRAM < 0 || ClientDGRAM >= FD_SETSIZE) {
-+		errno = EBADF;
-+		SAFE_FREE(pset);
-+		return True;
-+	}
-+
- 	FD_SET(ClientDGRAM,pset);
- 	sock_array[num++] = ClientDGRAM;
- 	*maxfd = MAX( *maxfd, ClientDGRAM);
- 
- 	/* Add in the 138 sockets on all the interfaces. */
- 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
-+		if (subrec->dgram_sock < 0 || subrec->dgram_sock >= FD_SETSIZE) {
-+			/* We have to ignore sockets outside FD_SETSIZE. */
-+			continue;
-+		}
- 		FD_SET(subrec->dgram_sock,pset);
- 		sock_array[num++] = subrec->dgram_sock;
- 		*maxfd = MAX( *maxfd, subrec->dgram_sock);
-@@ -1767,7 +1787,7 @@ bool listen_for_packets(bool run_election)
- 
- #ifndef SYNC_DNS
- 	dns_fd = asyncdns_fd();
--	if (dns_fd != -1) {
-+	if (dns_fd >= 0 && dns_fd < FD_SETSIZE) {
- 		FD_SET(dns_fd, &r_fds);
- 		maxfd = MAX( maxfd, dns_fd);
- 	}
-diff --git a/source/nsswitch/wb_common.c b/source/nsswitch/wb_common.c
-index a164621..4f76bd0 100644
---- a/source/nsswitch/wb_common.c
-+++ b/source/nsswitch/wb_common.c
-@@ -240,6 +240,12 @@ static int winbind_named_pipe_sock(const char *dir)
- 
- 		switch (errno) {
- 			case EINPROGRESS:
-+
-+				if (fd < 0 || fd >= FD_SETSIZE) {
-+					errno = EBADF;
-+					goto error_out;
-+				}
-+
- 				FD_ZERO(&w_fds);
- 				FD_SET(fd, &w_fds);
- 				tv.tv_sec = CONNECT_TIMEOUT - wait_time;
-@@ -383,7 +389,13 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
- 	while(nwritten < count) {
- 		struct timeval tv;
- 		fd_set r_fds;
--		
-+
-+		if (winbindd_fd < 0 || winbindd_fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			winbind_close_sock();
-+			return -1;
-+		}
-+
- 		/* Catch pipe close on other end by checking if a read()
- 		   call would not block by calling select(). */
- 
-@@ -443,7 +455,13 @@ int winbind_read_sock(void *buffer, int count)
- 	while(nread < count) {
- 		struct timeval tv;
- 		fd_set r_fds;
--		
-+
-+		if (winbindd_fd < 0 || winbindd_fd >= FD_SETSIZE) {
-+			errno = EBADF;
-+			winbind_close_sock();
-+			return -1;
-+		}
-+
- 		/* Catch pipe close on other end by checking if a read()
- 		   call would not block by calling select(). */
- 
-diff --git a/source/printing/printing.c b/source/printing/printing.c
-index a9272eb..c3b8c61 100644
---- a/source/printing/printing.c
-+++ b/source/printing/printing.c
-@@ -1407,6 +1407,11 @@ void start_background_queue(void)
- 		exit(1);
- 	}
- 
-+	if (pause_pipe[1] < 0 || pause_pipe[1] >= FD_SETSIZE) {
-+		DEBUG(5,("start_background_queue: pipe fd out of range.\n"));
-+		exit(1);
-+	}
-+
- 	background_lpq_updater_pid = sys_fork();
- 
- 	if (background_lpq_updater_pid == -1) {
-diff --git a/source/smbd/dnsregister.c b/source/smbd/dnsregister.c
-index f02739e..3c689b9 100644
---- a/source/smbd/dnsregister.c
-+++ b/source/smbd/dnsregister.c
-@@ -125,6 +125,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
- 	 */
- 	if (dns_state->srv_ref != NULL) {
- 		mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
-+		if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
-+			return;
-+		}
- 		FD_SET(mdnsd_conn_fd, listen_set);
- 		return;
- 	}
-@@ -156,6 +159,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
- 	}
- 
- 	mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
-+	if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
-+		return;
-+	}
- 	FD_SET(mdnsd_conn_fd, listen_set);
- 	*maxfd = MAX(*maxfd, mdnsd_conn_fd);
- 	*timeout = timeval_zero();
-diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
-index a07d05d..5ae3fdf 100644
---- a/source/smbd/oplock.c
-+++ b/source/smbd/oplock.c
-@@ -241,7 +241,10 @@ bool downgrade_oplock(files_struct *fsp)
- int oplock_notify_fd(void)
- {
- 	if (koplocks) {
--		return koplocks->notification_fd;
-+		int fd = koplocks->notification_fd;
-+		if (fd < 0 || fd >= FD_SETSIZE) {
-+			return -1;
-+		}
- 	}
- 
- 	return -1;
-diff --git a/source/smbd/oplock_irix.c b/source/smbd/oplock_irix.c
-index 8c287c9..6e86fac 100644
---- a/source/smbd/oplock_irix.c
-+++ b/source/smbd/oplock_irix.c
-@@ -284,6 +284,11 @@ struct kernel_oplocks *irix_init_kernel_oplocks(void)
- 		return False;
- 	}
- 
-+	if (pfd[0] < 0 || pfd[0] >= FD_SETSIZE) {
-+		DEBUG(0,("setup_kernel_oplock_pipe: fd out of range.\n"));
-+		return False;
-+	}
-+
- 	oplock_pipe_read = pfd[0];
- 	oplock_pipe_write = pfd[1];
- 
-diff --git a/source/smbd/process.c b/source/smbd/process.c
-index 403c7c6..9b8f29b 100644
---- a/source/smbd/process.c
-+++ b/source/smbd/process.c
-@@ -698,7 +698,7 @@ static void async_processing(fd_set *pfds)
- 
- static int select_on_fd(int fd, int maxfd, fd_set *fds)
- {
--	if (fd != -1) {
-+	if (fd != -1 && fd < FD_SETSIZE) {
- 		FD_SET(fd, fds);
- 		maxfd = MAX(maxfd, fd);
- 	}
-diff --git a/source/smbd/server.c b/source/smbd/server.c
-index 5129484..a670334 100644
---- a/source/smbd/server.c
-+++ b/source/smbd/server.c
-@@ -209,7 +209,13 @@ static bool open_sockets_inetd(void)
- 	/* Started from inetd. fd 0 is the socket. */
- 	/* We will abort gracefully when the client or remote system 
- 	   goes away */
--	smbd_set_server_fd(dup(0));
-+	int fd = dup(0);
-+
-+	if (fd < 0 || fd >= FD_SETSIZE) {
-+		return false;
-+	}
-+
-+	smbd_set_server_fd(fd);
- 	
- 	/* close our standard file descriptors */
- 	close_low_fds(False); /* Don't close stderr */
-@@ -436,7 +442,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 							num_sockets == 0 ? 0 : 2,
- 							ifss,
- 							true);
--				if(s == -1) {
-+				if(s < 0 || s >= FD_SETSIZE) {
-+					close(s);
- 					continue;
- 				}
- 
-@@ -516,7 +523,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 						num_sockets == 0 ? 0 : 2,
- 						&ss,
- 						true);
--				if (s == -1) {
-+				if (s < 0 || s >= FD_SETSIZE) {
- 					continue;
- 				}
- 
-@@ -709,6 +716,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 			struct sockaddr addr;
- 			socklen_t in_addrlen = sizeof(addr);
- 			pid_t child = 0;
-+			int fd;
- 
- 			s = -1;
- 			for(i = 0; i < num_sockets; i++) {
-@@ -721,16 +729,21 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
- 				}
- 			}
- 
--			smbd_set_server_fd(accept(s,&addr,&in_addrlen));
--
--			if (smbd_server_fd() == -1 && errno == EINTR)
-+			fd = accept(s,&addr,&in_addrlen);
-+			if (fd == -1 && errno == EINTR)
- 				continue;
--
--			if (smbd_server_fd() == -1) {
-+			if (fd == -1) {
- 				DEBUG(2,("open_sockets_smbd: accept: %s\n",
- 					 strerror(errno)));
- 				continue;
- 			}
-+			if (fd < 0 || fd >= FD_SETSIZE) {
-+				DEBUG(2,("open_sockets_smbd: bad fd %d\n",
-+					fd ));
-+				continue;
-+			}
-+
-+			smbd_set_server_fd(fd);
- 
- 			/* Ensure child is set to blocking mode */
- 			set_blocking(smbd_server_fd(),True);
-diff --git a/source/utils/smbfilter.c b/source/utils/smbfilter.c
-index 1e22a40..45f9207 100644
---- a/source/utils/smbfilter.c
-+++ b/source/utils/smbfilter.c
-@@ -162,8 +162,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
- 		int num;
- 		
- 		FD_ZERO(&fds);
--		if (s != -1) FD_SET(s, &fds);
--		if (c != -1) FD_SET(c, &fds);
-+		if (s >= 0 && s < FD_SETSIZE) FD_SET(s, &fds);
-+		if (c >= 0 && c < FD_SETSIZE) FD_SET(c, &fds);
- 
- 		num = sys_select_intr(MAX(s+1, c+1),&fds,NULL,NULL,NULL);
- 		if (num <= 0) continue;
-@@ -235,6 +235,10 @@ static void start_filter(char *desthost)
- 		struct sockaddr_storage ss;
- 		socklen_t in_addrlen = sizeof(ss);
- 		
-+		if (s < 0 || s >= FD_SETSIZE) {
-+			break;
-+		}
-+
- 		FD_ZERO(&fds);
- 		FD_SET(s, &fds);
- 
-diff --git a/source/winbindd/winbindd.c b/source/winbindd/winbindd.c
-index 1d618e2..6b5c251 100644
---- a/source/winbindd/winbindd.c
-+++ b/source/winbindd/winbindd.c
-@@ -836,7 +836,8 @@ static void process_loop(void)
- 	listen_sock = open_winbindd_socket();
- 	listen_priv_sock = open_winbindd_priv_socket();
- 
--	if (listen_sock == -1 || listen_priv_sock == -1) {
-+	if (listen_sock < 0 || listen_sock >= FD_SETSIZE ||
-+			listen_priv_sock < 0 || listen_priv_sock >= FD_SETSIZE) {
- 		perror("open_winbind_socket");
- 		exit(1);
- 	}
-@@ -861,6 +862,9 @@ static void process_loop(void)
- 
- 	FD_ZERO(&r_fds);
- 	FD_ZERO(&w_fds);
-+
-+	/* We check the range for listen_sock and
-+	   listen_priv_sock above. */
- 	FD_SET(listen_sock, &r_fds);
- 	FD_SET(listen_priv_sock, &r_fds);
- 
-@@ -890,6 +894,12 @@ static void process_loop(void)
- 	}
- 
- 	for (ev = fd_events; ev; ev = ev->next) {
-+		if (ev->fd < 0 || ev->fd >= FD_SETSIZE) {
-+			/* Ignore here - event_add_to_select_args
-+			   should make this impossible. */
-+			continue;
-+		}
-+
- 		if (ev->flags & EVENT_FD_READ) {
- 			FD_SET(ev->fd, &r_fds);
- 			maxfd = MAX(ev->fd, maxfd);
-diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
-index ff004f2..b30ec20 100644
---- a/source/winbindd/winbindd_dual.c
-+++ b/source/winbindd/winbindd_dual.c
-@@ -1250,6 +1250,12 @@ static bool fork_domain_child(struct winbindd_child *child)
- 		return False;
- 	}
- 
-+	if (fdpair[0] < 0 || fdpair[0] >= FD_SETSIZE) {
-+		DEBUG(0, ("fork_domain_child: bad fd range (%d)\n", fdpair[0]));
-+		errno = EBADF;
-+		return False;
-+	}
-+
- 	ZERO_STRUCT(state);
- 	state.pid = sys_getpid();
- 
-@@ -1405,6 +1411,7 @@ static bool fork_domain_child(struct winbindd_child *child)
- 		message_dispatch(winbind_messaging_context());
- 
- 		FD_ZERO(&read_fds);
-+		/* We check state.sock against FD_SETSIZE above. */
- 		FD_SET(state.sock, &read_fds);
- 
- 		ret = sys_select(state.sock + 1, &read_fds, NULL, NULL, tp);
--- 
-1.6.4.2
-
diff --git a/package/samba/samba-add-check-for-__use_bsd.patch b/package/samba/samba-add-check-for-__use_bsd.patch
deleted file mode 100644
index a4c7109..0000000
--- a/package/samba/samba-add-check-for-__use_bsd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/client/mount.cifs.c	2009-04-20 12:59:57.000000000 +0200
-@@ -100,6 +100,7 @@
- 
- /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
-  * don't link to libreplace so need them here. */
-+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))
- 
- /* like strncpy but does not 0 fill the buffer and always null
-  *    terminates. bufsize is the size of the destination buffer */
-@@ -181,6 +182,7 @@
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-do-not-check-glibc-version.patch b/package/samba/samba-do-not-check-glibc-version.patch
deleted file mode 100644
index c5e3cd4..0000000
--- a/package/samba/samba-do-not-check-glibc-version.patch
+++ /dev/null
@@ -1,104 +0,0 @@
---- a/source/configure	2009-04-01 14:19:36.000000000 +0200
-+++ b/source/configure	2009-04-20 13:05:12.000000000 +0200
-@@ -44061,90 +44061,8 @@
- 
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- 
--#
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       if test "$cross_compiling" = yes; then
--  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--{ { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&5
--$as_echo "$as_me: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&2;}
--   { (exit 1); exit 1; }; }; }
--else
--  cat >conftest.$ac_ext <<_ACEOF
--/* confdefs.h.  */
--_ACEOF
--cat confdefs.h >>conftest.$ac_ext
--cat >>conftest.$ac_ext <<_ACEOF
--/* end confdefs.h.  */
--
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--
--_ACEOF
--rm -f conftest$ac_exeext
--if { (ac_try="$ac_link"
--case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_link") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
--  { (case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_try") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); }; }; then
--  linux_getgrouplist_ok=yes
--else
--  $as_echo "$as_me: program exited with status $ac_status" >&5
--$as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--( exit $ac_status )
--linux_getgrouplist_ok=no
--fi
--rm -rf conftest.dSYM
--rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
--fi
--
--
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--
--cat >>confdefs.h <<\_ACEOF
--#define HAVE_GETGROUPLIST 1
--_ACEOF
--
--       fi
--       ;;
--    *)
-+# Stripped glibc test which is not needed for uClibc
-+linux_getgrouplist_ok=yes
- 
- for ac_func in getgrouplist
- do
-@@ -44246,8 +44164,6 @@
- fi
- done
- 
--       ;;
--esac
- 
- #
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
diff --git a/package/samba/samba-fix-client-mtab.patch b/package/samba/samba-fix-client-mtab.patch
deleted file mode 100644
index 21e7158..0000000
--- a/package/samba/samba-fix-client-mtab.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/source/client/mtab.c
-+++ b/source/client/mtab.c
-@@ -31,6 +31,8 @@
- #include <unistd.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
- #include <sys/time.h>
- #include <time.h>
- #include <fcntl.h>
diff --git a/package/samba/samba-fix-mount.cifs.patch b/package/samba/samba-fix-mount.cifs.patch
deleted file mode 100644
index 90bff23..0000000
--- a/package/samba/samba-fix-mount.cifs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c
-+++ b/source/client/mount.cifs.c
-@@ -138,6 +138,7 @@ static size_t strlcat(char *d, const cha
- 	return ret;
- }
- #endif
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* BB finish BB
- 
-@@ -178,7 +179,6 @@ static void mount_cifs_usage(void)
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
--#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-getgrouplist.patch b/package/samba/samba-getgrouplist.patch
deleted file mode 100644
index e98d9cd..0000000
--- a/package/samba/samba-getgrouplist.patch
+++ /dev/null
@@ -1,41 +0,0 @@
---- a/source/configure.in	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/configure.in	2009-04-20 13:08:42.000000000 +0200
-@@ -1219,38 +1219,6 @@
- AC_DEFINE(HAVE_PRCTL, 1, [Whether prctl is available]),[])
- 
- #
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       AC_TRY_RUN([
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--], [linux_getgrouplist_ok=yes], [linux_getgrouplist_ok=no])
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--          AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
--       fi
--       ;;
--    *)
--       AC_CHECK_FUNCS(getgrouplist)
--       ;;
--esac
--
--#
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
- #
- 
diff --git a/package/samba/samba-remove-legacy-index.patch b/package/samba/samba-remove-legacy-index.patch
index 49a3b7d..855bca7 100644
--- a/package/samba/samba-remove-legacy-index.patch
+++ b/package/samba/samba-remove-legacy-index.patch
@@ -1,5 +1,5 @@
---- a/source/registry/reg_perfcount.c
-+++ b/source/registry/reg_perfcount.c
+--- a/source3/registry/reg_perfcount.c
++++ b/source3/registry/reg_perfcount.c
 @@ -616,14 +616,14 @@ static bool _reg_perfcount_add_counter(P
  	obj = NULL;
  	memset(buf, 0, PERFCOUNT_MAX_LEN);
diff --git a/package/samba/samba.mk b/package/samba/samba.mk
index a3bd63c..b3fbd4b 100644
--- a/package/samba/samba.mk
+++ b/package/samba/samba.mk
@@ -3,11 +3,11 @@
 # samba
 #
 #############################################################
-SAMBA_VERSION:=3.3.14
+SAMBA_VERSION:=3.5.10
 SAMBA_SOURCE:=samba-$(SAMBA_VERSION).tar.gz
 SAMBA_SITE:=http://samba.org/samba/ftp/stable/
 
-SAMBA_SUBDIR = source
+SAMBA_SUBDIR = source3
 SAMBA_AUTORECONF = NO
 
 SAMBA_INSTALL_STAGING = YES
-- 
1.7.4.1

[Buildroot] samba: bump to version 3.5.10

[Sven Neumann]

Hi,

did patch 1/3 ever show up on the list? I sent it twice and never
received a copy of it.


Sven

[Buildroot] samba: bump to version 3.5.10

[Baruch Siach]

Hi Sven,

On Tue, Aug 02, 2011 at 10:24:57AM +0200, Sven Neumann wrote:
> did patch 1/3 ever show up on the list? I sent it twice and never
> received a copy of it.

I got it (twice). See also 
http://lists.busybox.net/pipermail/buildroot/2011-August/044771.html.

baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

[Buildroot] [PATCH 1/3] samba: bump to version 3.5.10

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
 Sven> ---
 Sven>  package/samba/samba-CVE-2011-0719.patch            |  613 --------------------
 Sven>  package/samba/samba-add-check-for-__use_bsd.patch  |   18 -
 Sven>  .../samba/samba-do-not-check-glibc-version.patch   |  104 ----
 Sven>  package/samba/samba-fix-client-mtab.patch          |   11 -
 Sven>  package/samba/samba-fix-mount.cifs.patch           |   18 -
 Sven>  package/samba/samba-getgrouplist.patch             |   41 --
 Sven>  package/samba/samba-remove-legacy-index.patch      |    4 +-
 Sven>  package/samba/samba.mk                             |    4 +-
 Sven>  8 files changed, 4 insertions(+), 809 deletions(-)
 Sven>  delete mode 100644 package/samba/samba-CVE-2011-0719.patch
 Sven>  delete mode 100644 package/samba/samba-add-check-for-__use_bsd.patch
 Sven>  delete mode 100644 package/samba/samba-do-not-check-glibc-version.patch
 Sven>  delete mode 100644 package/samba/samba-fix-client-mtab.patch
 Sven>  delete mode 100644 package/samba/samba-fix-mount.cifs.patch
 Sven>  delete mode 100644 package/samba/samba-getgrouplist.patch

What version/tree is this against? When trying to commit I get:

Applying: samba: bump to version 3.5.10
error: package/samba/samba-CVE-2011-0719.patch: does not exist in index
error: patch failed: package/samba/samba.mk:3
error: package/samba/samba.mk: patch does not apply
Patch failed at 0001 samba: bump to version 3.5.10

We don't have a samba-CVE-2011-0719.patch file. Care to respin and
resend?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/3] samba: fix linking of smbd with avahi support

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> Expliticly link with -lpthread if smbd is compiled with
 Sven> avahi support. Otherwise the binary will fail to run.

 Sven> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
 Sven> ---
 Sven>  package/samba/samba-fix-smbd-libs-avahi.patch |   11 +++++++++++
 Sven>  1 files changed, 11 insertions(+), 0 deletions(-)
 Sven>  create mode 100644 package/samba/samba-fix-smbd-libs-avahi.patch

 Sven> diff --git a/package/samba/samba-fix-smbd-libs-avahi.patch b/package/samba/samba-fix-smbd-libs-avahi.patch
 Sven> new file mode 100644
 Sven> index 0000000..c317b84
 Sven> --- /dev/null
 Sven> +++ b/package/samba/samba-fix-smbd-libs-avahi.patch
 Sven> @@ -0,0 +1,11 @@

Please add the same description / signed-off-by in the patch header.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 3/3] samba: make installation of smbd configurable

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> It may be desirable to compile samba but not actually install
 Sven> the smbd binary. This is the case if you need libsmbclient but
 Sven> don't want to run a samba server.

 Sven> Make this possible by allowing to disable installation of smbd.

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] samba: bump to version 3.5.10 (UPDATE)

[Sven Neumann]

Sorry for sending a broken patch-set. I have now rebased the
changes and checked that everything compiles fine.


Regards,
Sven

[Buildroot] [PATCH 1/2] samba: bump to version 3.5.10

[Sven Neumann]

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-00CVE-2011-2694.patch          |   55 --
 package/samba/samba-01CVE-2011-2522.patch          |  749 --------------------
 package/samba/samba-add-check-for-__use_bsd.patch  |   18 -
 .../samba/samba-do-not-check-glibc-version.patch   |  104 ---
 package/samba/samba-fix-client-mtab.patch          |   11 -
 package/samba/samba-fix-mount.cifs.patch           |   18 -
 package/samba/samba-getgrouplist.patch             |   41 --
 package/samba/samba-remove-legacy-index.patch      |    4 +-
 package/samba/samba.mk                             |    9 +-
 9 files changed, 6 insertions(+), 1003 deletions(-)
 delete mode 100644 package/samba/samba-00CVE-2011-2694.patch
 delete mode 100644 package/samba/samba-01CVE-2011-2522.patch
 delete mode 100644 package/samba/samba-add-check-for-__use_bsd.patch
 delete mode 100644 package/samba/samba-do-not-check-glibc-version.patch
 delete mode 100644 package/samba/samba-fix-client-mtab.patch
 delete mode 100644 package/samba/samba-fix-mount.cifs.patch
 delete mode 100644 package/samba/samba-getgrouplist.patch

diff --git a/package/samba/samba-00CVE-2011-2694.patch b/package/samba/samba-00CVE-2011-2694.patch
deleted file mode 100644
index 167accf..0000000
--- a/package/samba/samba-00CVE-2011-2694.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Thu, 7 Jul 2011 10:03:33 +0200
-Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289)
-
-Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
-against SWAT, the Samba Web Administration Tool. The attack uses reflection to
-insert arbitrary content into the "change password" page.
-
-This patch fixes the reflection issue by not printing user-specified content on
-the website anymore.
-
-Signed-off-by: Kai Blin <kai@samba.org>
-
-CVE-2011-2694.
----
- source/web/swat.c |   14 ++------------
- 1 files changed, 2 insertions(+), 12 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 9c7294a..434b1ac 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1120,11 +1120,9 @@ static void chg_passwd(void)
- 	if(cgi_variable(CHG_S_PASSWD_FLAG)) {
- 		printf("<p>");
- 		if (rslt == True) {
--			printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
--			printf("\n");
-+			printf("%s\n", _(" The passwd has been changed."));
- 		} else {
--			printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
--			printf("\n");
-+			printf("%s\n", _(" The passwd has NOT been changed."));
- 		}
- 	}
- 	
-@@ -1138,14 +1136,6 @@ static void passwd_page(void)
- {
- 	const char *new_name = cgi_user_name();
- 
--	/* 
--	 * After the first time through here be nice. If the user
--	 * changed the User box text to another users name, remember it.
--	 */
--	if (cgi_variable(SWAT_USER)) {
--		new_name = cgi_variable_nonull(SWAT_USER);
--	} 
--
- 	if (!new_name) new_name = "";
- 
- 	printf("<H2>%s</H2>\n", _("Server Password Management"));
--- 
-1.7.1
-
diff --git a/package/samba/samba-01CVE-2011-2522.patch b/package/samba/samba-01CVE-2011-2522.patch
deleted file mode 100644
index 7d48b55..0000000
--- a/package/samba/samba-01CVE-2011-2522.patch
+++ /dev/null
@@ -1,749 +0,0 @@
-From b610e0cee563465c6b970647b215f8ae4d0c6599 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:56:21 +0200
-Subject: [PATCH 01/12] s3 swat: Allow getting the user's HTTP auth password
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/cgi.c        |    9 +++++++++
- source/web/swat_proto.h |    1 +
- 2 files changed, 10 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/cgi.c b/source/web/cgi.c
-index 72aa11c..ccdc3a7 100644
---- a/source/web/cgi.c
-+++ b/source/web/cgi.c
-@@ -42,6 +42,7 @@ static char *query_string;
- static const char *baseurl;
- static char *pathinfo;
- static char *C_user;
-+static char *C_pass;
- static bool inetd_server;
- static bool got_request;
- 
-@@ -388,6 +389,7 @@ static bool cgi_handle_authorization(char *line)
- 			
- 			/* Save the users name */
- 			C_user = SMB_STRDUP(user);
-+			C_pass = SMB_STRDUP(user_pass);
- 			TALLOC_FREE(pass);
- 			return True;
- 		}
-@@ -422,6 +424,13 @@ char *cgi_user_name(void)
-         return(C_user);
- }
- 
-+/***************************************************************************
-+return a ptr to the users password
-+  ***************************************************************************/
-+char *cgi_user_pass(void)
-+{
-+        return(C_pass);
-+}
- 
- /***************************************************************************
- handle a file download
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index 0f84e4f..76f9c3c 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -31,6 +31,7 @@ const char *cgi_variable(const char *name);
- const char *cgi_variable_nonull(const char *name);
- bool am_root(void);
- char *cgi_user_name(void);
-+char *cgi_user_pass(void);
- void cgi_setup(const char *rootdir, int auth_required);
- const char *cgi_baseurl(void);
- const char *cgi_pathinfo(void);
--- 
-1.7.1
-
-
-From 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:57:43 +0200
-Subject: [PATCH 02/12] s3 swat: Add support for anti-XSRF token
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c       |   54 +++++++++++++++++++++++++++++++++++++++++++++++
- source/web/swat_proto.h |    5 ++++
- 2 files changed, 59 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 434b1ac..e7d84e5 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -29,6 +29,7 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
-+#include "../lib/crypto/md5.h"
- 
- static int demo_mode = False;
- static int passwd_only = False;
-@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
- #define DISABLE_USER_FLAG "disable_user_flag"
- #define ENABLE_USER_FLAG "enable_user_flag"
- #define RHOST "remote_host"
-+#define XSRF_TOKEN "xsrf"
- 
- #define _(x) lang_msg_rotate(talloc_tos(),x)
- 
-@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
- 	return parmname;
- }
- 
-+void get_xsrf_token(const char *username, const char *pass,
-+		    const char *formname, char token_str[33])
-+{
-+	struct MD5Context md5_ctx;
-+	uint8_t token[16];
-+	int i;
-+
-+	token_str[0] = '\0';
-+	ZERO_STRUCT(md5_ctx);
-+	MD5Init(&md5_ctx);
-+
-+	MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
-+	if (username != NULL) {
-+		MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
-+	}
-+	if (pass != NULL) {
-+		MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
-+	}
-+
-+	MD5Final(token, &md5_ctx);
-+
-+	for(i = 0; i < sizeof(token); i++) {
-+		char tmp[3];
-+
-+		snprintf(tmp, sizeof(tmp), "%02x", token[i]);
-+		strncat(token_str, tmp, sizeof(tmp));
-+	}
-+}
-+
-+void print_xsrf_token(const char *username, const char *pass,
-+		      const char *formname)
-+{
-+	char token[33];
-+
-+	get_xsrf_token(username, pass, formname, token);
-+	printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
-+	       XSRF_TOKEN, token);
-+
-+}
-+
-+bool verify_xsrf_token(const char *formname)
-+{
-+	char expected[33];
-+	const char *username = cgi_user_name();
-+	const char *pass = cgi_user_pass();
-+	const char *token = cgi_variable_nonull(XSRF_TOKEN);
-+
-+	get_xsrf_token(username, pass, formname, expected);
-+	return (strncmp(expected, token, sizeof(expected)) == 0);
-+}
-+
-+
- /****************************************************************************
-   include a lump of html in a page 
- ****************************************************************************/
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index 76f9c3c..e66c942 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -67,5 +67,10 @@ void status_page(void);
- /* The following definitions come from web/swat.c  */
- 
- const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
-+void get_xsrf_token(const char *username, const char *pass,
-+		    const char *formname, char token_str[33]);
-+void print_xsrf_token(const char *username, const char *pass,
-+		      const char *formname);
-+bool verify_xsrf_token(const char *formname);
- 
- #endif /*  _SWAT_PROTO_H_  */
--- 
-1.7.1
-
-
-From 3f38cf42facc38c19e0448cbae3078b9606b08e4 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:58:53 +0200
-Subject: [PATCH 03/12] s3 swat: Add XSRF protection to status page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/statuspage.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/statuspage.c b/source/web/statuspage.c
-index 8070ae7..fe545e4 100644
---- a/source/web/statuspage.c
-+++ b/source/web/statuspage.c
-@@ -247,9 +247,14 @@ void status_page(void)
- 	int nr_running=0;
- 	bool waitup = False;
- 	TALLOC_CTX *ctx = talloc_stackframe();
-+	const char form_name[] = "status";
- 
- 	smbd_pid = pid_to_procid(pidfile_pid("smbd"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) {
- 		stop_smbd();
- 		start_smbd();
-@@ -326,9 +331,11 @@ void status_page(void)
- 
- 	initPid2Machine ();
- 
-+output_page:
- 	printf("<H2>%s</H2>\n", _("Server Status"));
- 
- 	printf("<FORM method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (!autorefresh) {
- 		printf("<input type=submit value=\"%s\" name=\"autorefresh\">\n", _("Auto Refresh"));
--- 
-1.7.1
-
-
-From ba996f0ae87f6bf4f19a4918e44dbd6d44a96561 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:02:53 +0200
-Subject: [PATCH 04/12] s3 swat: Add XSRF protection to viewconfig page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index e7d84e5..647126f 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -664,13 +664,20 @@ static void welcome_page(void)
- static void viewconfig_page(void)
- {
- 	int full_view=0;
-+	const char form_name[] = "viewconfig";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (cgi_variable("full_view")) {
- 		full_view = 1;
- 	}
- 
-+output_page:
- 	printf("<H2>%s</H2>\n", _("Current Config"));
- 	printf("<form method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (full_view) {
- 		printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
--- 
-1.7.1
-
-
-From 94f8482607a175c44436fae456fbda3624629982 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:03:15 +0200
-Subject: [PATCH 05/12] s3 swat: Add XSRF protection to wizard_params page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 647126f..b7eec4a 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -697,18 +697,25 @@ output_page:
- static void wizard_params_page(void)
- {
- 	unsigned int parm_filter = FLAG_WIZARD;
-+	const char form_name[] = "wizard_params";
- 
- 	/* Here we first set and commit all the parameters that were selected
-  	   in the previous screen. */
- 
- 	printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("Commit")) {
- 		commit_parameters(GLOBAL_SECTION_SNUM);
- 		save_reload(0);
- 	}
- 
-+output_page:
- 	printf("<form name=\"swatform\" method=post action=wizard_params>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (have_write_access) {
- 		printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
--- 
-1.7.1
-
-
-From eb22fd73060534700d514ec295985549131c7569 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:03:44 +0200
-Subject: [PATCH 06/12] s3 swat: Add XSRF protection to wizard page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    9 ++++++++-
- 1 files changed, 8 insertions(+), 1 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index b7eec4a..b6e0c0f 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -751,6 +751,11 @@ static void wizard_page(void)
- 	int have_home = -1;
- 	int HomeExpo = 0;
- 	int SerType = 0;
-+	const char form_name[] = "wizard";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (cgi_variable("Rewrite")) {
- 		(void) rewritecfg_file();
-@@ -841,10 +846,12 @@ static void wizard_page(void)
- 		winstype = 3;
- 
- 	role = lp_server_role();
--	
-+
-+output_page:
- 	/* Here we go ... */
- 	printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
- 	printf("<form method=post action=wizard>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (have_write_access) {
- 		printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
--- 
-1.7.1
-
-
-From 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:04:12 +0200
-Subject: [PATCH 07/12] s3 swat: Add XSRF protection to globals page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index b6e0c0f..5d11685 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -920,9 +920,14 @@ static void globals_page(void)
- {
- 	unsigned int parm_filter = FLAG_BASIC;
- 	int mode = 0;
-+	const char form_name[] = "globals";
- 
- 	printf("<H2>%s</H2>\n", _("Global Parameters"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("Commit")) {
- 		commit_parameters(GLOBAL_SECTION_SNUM);
- 		save_reload(0);
-@@ -935,7 +940,9 @@ static void globals_page(void)
- 	if ( cgi_variable("AdvMode"))
- 		mode = 1;
- 
-+output_page:
- 	printf("<form name=\"swatform\" method=post action=globals>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
--- 
-1.7.1
-
-
-From ef457a20422cfa8231e25b539d2cd87f299686b9 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:04:48 +0200
-Subject: [PATCH 08/12] s3 swat: Add XSRF protection to shares page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   18 +++++++++++++-----
- 1 files changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 5d11685..4544c31 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -982,11 +982,17 @@ static void shares_page(void)
- 	int mode = 0;
- 	unsigned int parm_filter = FLAG_BASIC;
- 	size_t converted_size;
-+	const char form_name[] = "shares";
-+
-+	printf("<H2>%s</H2>\n", _("Share Parameters"));
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (share)
- 		snum = lp_servicenumber(share);
- 
--	printf("<H2>%s</H2>\n", _("Share Parameters"));
- 
- 	if (cgi_variable("Commit") && snum >= 0) {
- 		commit_parameters(snum);
-@@ -1012,10 +1018,6 @@ static void shares_page(void)
- 		}
- 	}
- 
--	printf("<FORM name=\"swatform\" method=post>\n");
--
--	printf("<table>\n");
--
- 	if ( cgi_variable("ViewMode") )
- 		mode = atoi(cgi_variable_nonull("ViewMode"));
- 	if ( cgi_variable("BasicMode"))
-@@ -1023,6 +1025,12 @@ static void shares_page(void)
- 	if ( cgi_variable("AdvMode"))
- 		mode = 1;
- 
-+output_page:
-+	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
-+
-+	printf("<table>\n");
-+
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
- 		case 0:
--- 
-1.7.1
-
-
-From 4850456845d2da5e3451716a5ad4ca0ef034e01f Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:05:38 +0200
-Subject: [PATCH 09/12] s3 swat: Add XSRF protection to password page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   11 ++++++++---
- 1 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 4544c31..5242484 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1225,12 +1225,15 @@ static void chg_passwd(void)
- static void passwd_page(void)
- {
- 	const char *new_name = cgi_user_name();
-+	const char passwd_form[] = "passwd";
-+	const char rpasswd_form[] = "rpasswd";
- 
- 	if (!new_name) new_name = "";
- 
- 	printf("<H2>%s</H2>\n", _("Server Password Management"));
- 
- 	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form);
- 
- 	printf("<table>\n");
- 
-@@ -1270,14 +1273,16 @@ static void passwd_page(void)
- 	 * Do some work if change, add, disable or enable was
- 	 * requested. It could be this is the first time through this
- 	 * code, so there isn't anything to do.  */
--	if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
--	    (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
-+	if (verify_xsrf_token(passwd_form) &&
-+	   ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
-+	    (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) {
- 		chg_passwd();		
- 	}
- 
- 	printf("<H2>%s</H2>\n", _("Client/Server Password Management"));
- 
- 	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form);
- 
- 	printf("<table>\n");
- 
-@@ -1310,7 +1315,7 @@ static void passwd_page(void)
- 	 * password somewhere other than the server. It could be this
- 	 * is the first time through this code, so there isn't
- 	 * anything to do.  */
--	if (cgi_variable(CHG_R_PASSWD_FLAG)) {
-+	if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) {
- 		chg_passwd();		
- 	}
- 
--- 
-1.7.1
-
-
-From 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:06:13 +0200
-Subject: [PATCH 10/12] s3 swat: Add XSRF protection to printer page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   28 ++++++++++++++++++----------
- 1 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 5242484..4582a63 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1332,18 +1332,15 @@ static void printers_page(void)
- 	int i;
- 	int mode = 0;
- 	unsigned int parm_filter = FLAG_BASIC;
-+	const char form_name[] = "printers";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (share)
- 		snum = lp_servicenumber(share);
- 
--        printf("<H2>%s</H2>\n", _("Printer Parameters"));
-- 
--        printf("<H3>%s</H3>\n", _("Important Note:"));
--        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
--        printf("%s",_("are autoloaded printers from "));
--        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
--        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
--
- 	if (cgi_variable("Commit") && snum >= 0) {
- 		commit_parameters(snum);
- 		if (snum >= iNumNonAutoPrintServices)
-@@ -1372,8 +1369,6 @@ static void printers_page(void)
- 		}
- 	}
- 
--	printf("<FORM name=\"swatform\" method=post>\n");
--
- 	if ( cgi_variable("ViewMode") )
- 		mode = atoi(cgi_variable_nonull("ViewMode"));
-         if ( cgi_variable("BasicMode"))
-@@ -1381,6 +1376,19 @@ static void printers_page(void)
-         if ( cgi_variable("AdvMode"))
-                 mode = 1;
- 
-+output_page:
-+        printf("<H2>%s</H2>\n", _("Printer Parameters"));
-+
-+        printf("<H3>%s</H3>\n", _("Important Note:"));
-+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
-+        printf("%s",_("are autoloaded printers from "));
-+        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
-+        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
-+
-+
-+	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
-+
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
- 		case 0:
--- 
-1.7.1
-
-
-From 11e281228f334bf3d384df5655136f0b4b4068aa Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Sat, 9 Jul 2011 09:52:07 +0200
-Subject: [PATCH 11/12] s3 swat: Add time component to XSRF token
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c       |   28 ++++++++++++++++++++++++----
- source/web/swat_proto.h |    2 +-
- 2 files changed, 25 insertions(+), 5 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 4582a63..50df66e 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -52,6 +52,8 @@ static int iNumNonAutoPrintServices = 0;
- #define ENABLE_USER_FLAG "enable_user_flag"
- #define RHOST "remote_host"
- #define XSRF_TOKEN "xsrf"
-+#define XSRF_TIME "xsrf_time"
-+#define XSRF_TIMEOUT 300
- 
- #define _(x) lang_msg_rotate(talloc_tos(),x)
- 
-@@ -141,7 +143,7 @@ static char *make_parm_name(const char *label)
- }
- 
- void get_xsrf_token(const char *username, const char *pass,
--		    const char *formname, char token_str[33])
-+		    const char *formname, time_t xsrf_time, char token_str[33])
- {
- 	struct MD5Context md5_ctx;
- 	uint8_t token[16];
-@@ -152,6 +154,7 @@ void get_xsrf_token(const char *username, const char *pass,
- 	MD5Init(&md5_ctx);
- 
- 	MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
-+	MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
- 	if (username != NULL) {
- 		MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
- 	}
-@@ -173,11 +176,13 @@ void print_xsrf_token(const char *username, const char *pass,
- 		      const char *formname)
- {
- 	char token[33];
-+	time_t xsrf_time = time(NULL);
- 
--	get_xsrf_token(username, pass, formname, token);
-+	get_xsrf_token(username, pass, formname, xsrf_time, token);
- 	printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
- 	       XSRF_TOKEN, token);
--
-+	printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n",
-+	       XSRF_TIME, (long long int)xsrf_time);
- }
- 
- bool verify_xsrf_token(const char *formname)
-@@ -186,8 +191,23 @@ bool verify_xsrf_token(const char *formname)
- 	const char *username = cgi_user_name();
- 	const char *pass = cgi_user_pass();
- 	const char *token = cgi_variable_nonull(XSRF_TOKEN);
-+	const char *time_str = cgi_variable_nonull(XSRF_TIME);
-+	time_t xsrf_time = 0;
-+	time_t now = time(NULL);
-+
-+	if (sizeof(time_t) == sizeof(int)) {
-+		xsrf_time = atoi(time_str);
-+	} else if (sizeof(time_t) == sizeof(long)) {
-+		xsrf_time = atol(time_str);
-+	} else if (sizeof(time_t) == sizeof(long long)) {
-+		xsrf_time = atoll(time_str);
-+	}
-+
-+	if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
-+		return false;
-+	}
- 
--	get_xsrf_token(username, pass, formname, expected);
-+	get_xsrf_token(username, pass, formname, xsrf_time, expected);
- 	return (strncmp(expected, token, sizeof(expected)) == 0);
- }
- 
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index e66c942..424a3af 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -68,7 +68,7 @@ void status_page(void);
- 
- const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
- void get_xsrf_token(const char *username, const char *pass,
--		    const char *formname, char token_str[33]);
-+		    const char *formname, time_t xsrf_time, char token_str[33]);
- void print_xsrf_token(const char *username, const char *pass,
- 		      const char *formname);
- bool verify_xsrf_token(const char *formname);
--- 
-1.7.1
-
-
-From 3973cfa50024983618a44ffdb9f756b642b85be7 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Tue, 12 Jul 2011 08:08:24 +0200
-Subject: [PATCH 12/12] s3 swat: Create random nonce in CGI mode
-
-In CGI mode, we don't get access to the user's password, which would
-reduce the hash used so far to parameters an attacker can easily guess.
-To work around this, read the nonce from secrets.tdb or generate one if
-it's not there.
-Also populate the C_user field so we can use that for token creation.
-
-Signed-off-by: Kai Blin <kai@samba.org>
-
-The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
-This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
----
- source/web/cgi.c  |   18 +++++++++++++++++-
- source/web/swat.c |    1 -
- 2 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/source/web/cgi.c b/source/web/cgi.c
-index ccdc3a7..890ac8e 100644
---- a/source/web/cgi.c
-+++ b/source/web/cgi.c
-@@ -19,6 +19,7 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
-+#include "secrets.h"
- 
- #define MAX_VARIABLES 10000
- 
-@@ -321,7 +322,22 @@ static void cgi_web_auth(void)
- 		exit(0);
- 	}
- 
--	setuid(0);
-+	C_user = SMB_STRDUP(user);
-+
-+	if (!setuid(0)) {
-+		C_pass = secrets_fetch_generic("root", "SWAT");
-+		if (C_pass == NULL) {
-+			char *tmp_pass = NULL;
-+			tmp_pass = generate_random_str(16);
-+			if (tmp_pass == NULL) {
-+				printf("%sFailed to create random nonce for "
-+				       "SWAT session\n<br>%s\n", head, tail);
-+				exit(0);
-+			}
-+			secrets_store_generic("root", "SWAT", tmp_pass);
-+			C_pass = SMB_STRDUP(tmp_pass);
-+		}
-+	}
- 	setuid(pwd->pw_uid);
- 	if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
- 		printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", 
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 50df66e..146f1cf 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -29,7 +29,6 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
--#include "../lib/crypto/md5.h"
- 
- static int demo_mode = False;
- static int passwd_only = False;
--- 
-1.7.1
-
diff --git a/package/samba/samba-add-check-for-__use_bsd.patch b/package/samba/samba-add-check-for-__use_bsd.patch
deleted file mode 100644
index a4c7109..0000000
--- a/package/samba/samba-add-check-for-__use_bsd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/client/mount.cifs.c	2009-04-20 12:59:57.000000000 +0200
-@@ -100,6 +100,7 @@
- 
- /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
-  * don't link to libreplace so need them here. */
-+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))
- 
- /* like strncpy but does not 0 fill the buffer and always null
-  *    terminates. bufsize is the size of the destination buffer */
-@@ -181,6 +182,7 @@
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-do-not-check-glibc-version.patch b/package/samba/samba-do-not-check-glibc-version.patch
deleted file mode 100644
index c5e3cd4..0000000
--- a/package/samba/samba-do-not-check-glibc-version.patch
+++ /dev/null
@@ -1,104 +0,0 @@
---- a/source/configure	2009-04-01 14:19:36.000000000 +0200
-+++ b/source/configure	2009-04-20 13:05:12.000000000 +0200
-@@ -44061,90 +44061,8 @@
- 
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- 
--#
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       if test "$cross_compiling" = yes; then
--  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--{ { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&5
--$as_echo "$as_me: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&2;}
--   { (exit 1); exit 1; }; }; }
--else
--  cat >conftest.$ac_ext <<_ACEOF
--/* confdefs.h.  */
--_ACEOF
--cat confdefs.h >>conftest.$ac_ext
--cat >>conftest.$ac_ext <<_ACEOF
--/* end confdefs.h.  */
--
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--
--_ACEOF
--rm -f conftest$ac_exeext
--if { (ac_try="$ac_link"
--case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_link") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
--  { (case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_try") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); }; }; then
--  linux_getgrouplist_ok=yes
--else
--  $as_echo "$as_me: program exited with status $ac_status" >&5
--$as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--( exit $ac_status )
--linux_getgrouplist_ok=no
--fi
--rm -rf conftest.dSYM
--rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
--fi
--
--
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--
--cat >>confdefs.h <<\_ACEOF
--#define HAVE_GETGROUPLIST 1
--_ACEOF
--
--       fi
--       ;;
--    *)
-+# Stripped glibc test which is not needed for uClibc
-+linux_getgrouplist_ok=yes
- 
- for ac_func in getgrouplist
- do
-@@ -44246,8 +44164,6 @@
- fi
- done
- 
--       ;;
--esac
- 
- #
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
diff --git a/package/samba/samba-fix-client-mtab.patch b/package/samba/samba-fix-client-mtab.patch
deleted file mode 100644
index 21e7158..0000000
--- a/package/samba/samba-fix-client-mtab.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/source/client/mtab.c
-+++ b/source/client/mtab.c
-@@ -31,6 +31,8 @@
- #include <unistd.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
- #include <sys/time.h>
- #include <time.h>
- #include <fcntl.h>
diff --git a/package/samba/samba-fix-mount.cifs.patch b/package/samba/samba-fix-mount.cifs.patch
deleted file mode 100644
index 90bff23..0000000
--- a/package/samba/samba-fix-mount.cifs.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c
-+++ b/source/client/mount.cifs.c
-@@ -138,6 +138,7 @@ static size_t strlcat(char *d, const cha
- 	return ret;
- }
- #endif
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* BB finish BB
- 
-@@ -178,7 +179,6 @@ static void mount_cifs_usage(void)
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
--#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-getgrouplist.patch b/package/samba/samba-getgrouplist.patch
deleted file mode 100644
index e98d9cd..0000000
--- a/package/samba/samba-getgrouplist.patch
+++ /dev/null
@@ -1,41 +0,0 @@
---- a/source/configure.in	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/configure.in	2009-04-20 13:08:42.000000000 +0200
-@@ -1219,38 +1219,6 @@
- AC_DEFINE(HAVE_PRCTL, 1, [Whether prctl is available]),[])
- 
- #
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       AC_TRY_RUN([
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--], [linux_getgrouplist_ok=yes], [linux_getgrouplist_ok=no])
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--          AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
--       fi
--       ;;
--    *)
--       AC_CHECK_FUNCS(getgrouplist)
--       ;;
--esac
--
--#
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
- #
- 
diff --git a/package/samba/samba-remove-legacy-index.patch b/package/samba/samba-remove-legacy-index.patch
index 49a3b7d..855bca7 100644
--- a/package/samba/samba-remove-legacy-index.patch
+++ b/package/samba/samba-remove-legacy-index.patch
@@ -1,5 +1,5 @@
---- a/source/registry/reg_perfcount.c
-+++ b/source/registry/reg_perfcount.c
+--- a/source3/registry/reg_perfcount.c
++++ b/source3/registry/reg_perfcount.c
 @@ -616,14 +616,14 @@ static bool _reg_perfcount_add_counter(P
  	obj = NULL;
  	memset(buf, 0, PERFCOUNT_MAX_LEN);
diff --git a/package/samba/samba.mk b/package/samba/samba.mk
index 621d13c..2bb0530 100644
--- a/package/samba/samba.mk
+++ b/package/samba/samba.mk
@@ -3,12 +3,11 @@
 # samba
 #
 #############################################################
+SAMBA_VERSION:=3.5.10
+SAMBA_SOURCE:=samba-$(SAMBA_VERSION).tar.gz
+SAMBA_SITE:=http://samba.org/samba/ftp/stable/
 
-SAMBA_VERSION = 3.3.15
-SAMBA_SOURCE = samba-$(SAMBA_VERSION).tar.gz
-SAMBA_SITE = http://samba.org/samba/ftp/stable/
-
-SAMBA_SUBDIR = source
+SAMBA_SUBDIR = source3
 SAMBA_AUTORECONF = NO
 
 SAMBA_INSTALL_STAGING = YES
-- 
1.7.4.1

[Buildroot] [PATCH 2/2] samba: fix linking of smbd with avahi support

[Sven Neumann]

Expliticly link with -lpthread if smbd is compiled with
avahi support. Otherwise the binary will fail to run.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-fix-smbd-libs-avahi.patch |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)
 create mode 100644 package/samba/samba-fix-smbd-libs-avahi.patch

diff --git a/package/samba/samba-fix-smbd-libs-avahi.patch b/package/samba/samba-fix-smbd-libs-avahi.patch
new file mode 100644
index 0000000..d6423de
--- /dev/null
+++ b/package/samba/samba-fix-smbd-libs-avahi.patch
@@ -0,0 +1,15 @@
+Expliticly link with -lpthread if smbd is compiled with
+avahi support. Otherwise the binary will fail to run.
+
+Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
+--- samba-3.5.6-orig/source3/Makefile.in	2010-10-07 18:41:16.000000000 +0200
++++ samba-3.5.6/source3/Makefile.in	2010-10-27 14:52:40.000000000 +0200
+@@ -1552,7 +1552,7 @@
+ 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
+ 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
+ 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
+-		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
++		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS)
+ 
+ bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+ 	@echo Linking $@
-- 
1.7.4.1

[Buildroot] [PATCH 1/2] samba: bump to version 3.5.10

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
  Sven> ---
 Sven> +SAMBA_VERSION:=3.5.10
 Sven> +SAMBA_SOURCE:=samba-$(SAMBA_VERSION).tar.gz
 Sven> +SAMBA_SITE:=http://samba.org/samba/ftp/stable/
 
 Sven> -SAMBA_VERSION = 3.3.15
 Sven> -SAMBA_SOURCE = samba-$(SAMBA_VERSION).tar.gz
 Sven> -SAMBA_SITE = http://samba.org/samba/ftp/stable/

We prefer the ' =' form rather than ':=', so please don't change
this. More importantly, atleast mount.cifs doesn't seem to build here:

Compiling ../client/mount.cifs.c
../client/mount.cifs.c:42:19: error: fstab.h: No such file or directory
In file included from ../client/mount.cifs.c:62:
./include/config.h:3351:1: warning: "_GNU_SOURCE" redefined
../client/mount.cifs.c:20:1: warning: this is the location of the previous definition
../client/mount.cifs.c: In function 'check_fstab':
../client/mount.cifs.c:266: error: '_PATH_FSTAB' undeclared (first use in this function)

-- 
Bye, Peter Korsgaard

[Buildroot] samba: bump to 3.5.11

[Sven Neumann]

Hi,

here's another patch-set for the samba update. This time we
bump to 3.5.11 and I have reintroduced a patch that fixes
the mount.cifs compile issue by hardcoding the /etc/fstab path
instead of pulling it from the (non-existant) fstab.h header.

This time I have successfully compiled this with all Samba
tools enabled.


Regards,
Sven

[Buildroot] [PATCH 1/2] samba: bump to 3.5.11

[Sven Neumann]

Bump to version 3.5.11 and also update the download location.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-00CVE-2011-2694.patch          |   55 --
 package/samba/samba-01CVE-2011-2522.patch          |  749 --------------------
 package/samba/samba-add-check-for-__use_bsd.patch  |   18 -
 .../samba/samba-do-not-check-glibc-version.patch   |  104 ---
 package/samba/samba-fix-client-mtab.patch          |   11 -
 package/samba/samba-fix-mount.cifs.patch           |   35 +-
 package/samba/samba-getgrouplist.patch             |   41 --
 package/samba/samba-remove-legacy-index.patch      |    4 +-
 package/samba/samba.mk                             |    7 +-
 9 files changed, 24 insertions(+), 1000 deletions(-)
 delete mode 100644 package/samba/samba-00CVE-2011-2694.patch
 delete mode 100644 package/samba/samba-01CVE-2011-2522.patch
 delete mode 100644 package/samba/samba-add-check-for-__use_bsd.patch
 delete mode 100644 package/samba/samba-do-not-check-glibc-version.patch
 delete mode 100644 package/samba/samba-fix-client-mtab.patch
 delete mode 100644 package/samba/samba-getgrouplist.patch

diff --git a/package/samba/samba-00CVE-2011-2694.patch b/package/samba/samba-00CVE-2011-2694.patch
deleted file mode 100644
index 167accf..0000000
--- a/package/samba/samba-00CVE-2011-2694.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Thu, 7 Jul 2011 10:03:33 +0200
-Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289)
-
-Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
-against SWAT, the Samba Web Administration Tool. The attack uses reflection to
-insert arbitrary content into the "change password" page.
-
-This patch fixes the reflection issue by not printing user-specified content on
-the website anymore.
-
-Signed-off-by: Kai Blin <kai@samba.org>
-
-CVE-2011-2694.
----
- source/web/swat.c |   14 ++------------
- 1 files changed, 2 insertions(+), 12 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 9c7294a..434b1ac 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1120,11 +1120,9 @@ static void chg_passwd(void)
- 	if(cgi_variable(CHG_S_PASSWD_FLAG)) {
- 		printf("<p>");
- 		if (rslt == True) {
--			printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
--			printf("\n");
-+			printf("%s\n", _(" The passwd has been changed."));
- 		} else {
--			printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
--			printf("\n");
-+			printf("%s\n", _(" The passwd has NOT been changed."));
- 		}
- 	}
- 	
-@@ -1138,14 +1136,6 @@ static void passwd_page(void)
- {
- 	const char *new_name = cgi_user_name();
- 
--	/* 
--	 * After the first time through here be nice. If the user
--	 * changed the User box text to another users name, remember it.
--	 */
--	if (cgi_variable(SWAT_USER)) {
--		new_name = cgi_variable_nonull(SWAT_USER);
--	} 
--
- 	if (!new_name) new_name = "";
- 
- 	printf("<H2>%s</H2>\n", _("Server Password Management"));
--- 
-1.7.1
-
diff --git a/package/samba/samba-01CVE-2011-2522.patch b/package/samba/samba-01CVE-2011-2522.patch
deleted file mode 100644
index 7d48b55..0000000
--- a/package/samba/samba-01CVE-2011-2522.patch
+++ /dev/null
@@ -1,749 +0,0 @@
-From b610e0cee563465c6b970647b215f8ae4d0c6599 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:56:21 +0200
-Subject: [PATCH 01/12] s3 swat: Allow getting the user's HTTP auth password
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/cgi.c        |    9 +++++++++
- source/web/swat_proto.h |    1 +
- 2 files changed, 10 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/cgi.c b/source/web/cgi.c
-index 72aa11c..ccdc3a7 100644
---- a/source/web/cgi.c
-+++ b/source/web/cgi.c
-@@ -42,6 +42,7 @@ static char *query_string;
- static const char *baseurl;
- static char *pathinfo;
- static char *C_user;
-+static char *C_pass;
- static bool inetd_server;
- static bool got_request;
- 
-@@ -388,6 +389,7 @@ static bool cgi_handle_authorization(char *line)
- 			
- 			/* Save the users name */
- 			C_user = SMB_STRDUP(user);
-+			C_pass = SMB_STRDUP(user_pass);
- 			TALLOC_FREE(pass);
- 			return True;
- 		}
-@@ -422,6 +424,13 @@ char *cgi_user_name(void)
-         return(C_user);
- }
- 
-+/***************************************************************************
-+return a ptr to the users password
-+  ***************************************************************************/
-+char *cgi_user_pass(void)
-+{
-+        return(C_pass);
-+}
- 
- /***************************************************************************
- handle a file download
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index 0f84e4f..76f9c3c 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -31,6 +31,7 @@ const char *cgi_variable(const char *name);
- const char *cgi_variable_nonull(const char *name);
- bool am_root(void);
- char *cgi_user_name(void);
-+char *cgi_user_pass(void);
- void cgi_setup(const char *rootdir, int auth_required);
- const char *cgi_baseurl(void);
- const char *cgi_pathinfo(void);
--- 
-1.7.1
-
-
-From 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:57:43 +0200
-Subject: [PATCH 02/12] s3 swat: Add support for anti-XSRF token
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c       |   54 +++++++++++++++++++++++++++++++++++++++++++++++
- source/web/swat_proto.h |    5 ++++
- 2 files changed, 59 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 434b1ac..e7d84e5 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -29,6 +29,7 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
-+#include "../lib/crypto/md5.h"
- 
- static int demo_mode = False;
- static int passwd_only = False;
-@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
- #define DISABLE_USER_FLAG "disable_user_flag"
- #define ENABLE_USER_FLAG "enable_user_flag"
- #define RHOST "remote_host"
-+#define XSRF_TOKEN "xsrf"
- 
- #define _(x) lang_msg_rotate(talloc_tos(),x)
- 
-@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
- 	return parmname;
- }
- 
-+void get_xsrf_token(const char *username, const char *pass,
-+		    const char *formname, char token_str[33])
-+{
-+	struct MD5Context md5_ctx;
-+	uint8_t token[16];
-+	int i;
-+
-+	token_str[0] = '\0';
-+	ZERO_STRUCT(md5_ctx);
-+	MD5Init(&md5_ctx);
-+
-+	MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
-+	if (username != NULL) {
-+		MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
-+	}
-+	if (pass != NULL) {
-+		MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
-+	}
-+
-+	MD5Final(token, &md5_ctx);
-+
-+	for(i = 0; i < sizeof(token); i++) {
-+		char tmp[3];
-+
-+		snprintf(tmp, sizeof(tmp), "%02x", token[i]);
-+		strncat(token_str, tmp, sizeof(tmp));
-+	}
-+}
-+
-+void print_xsrf_token(const char *username, const char *pass,
-+		      const char *formname)
-+{
-+	char token[33];
-+
-+	get_xsrf_token(username, pass, formname, token);
-+	printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
-+	       XSRF_TOKEN, token);
-+
-+}
-+
-+bool verify_xsrf_token(const char *formname)
-+{
-+	char expected[33];
-+	const char *username = cgi_user_name();
-+	const char *pass = cgi_user_pass();
-+	const char *token = cgi_variable_nonull(XSRF_TOKEN);
-+
-+	get_xsrf_token(username, pass, formname, expected);
-+	return (strncmp(expected, token, sizeof(expected)) == 0);
-+}
-+
-+
- /****************************************************************************
-   include a lump of html in a page 
- ****************************************************************************/
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index 76f9c3c..e66c942 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -67,5 +67,10 @@ void status_page(void);
- /* The following definitions come from web/swat.c  */
- 
- const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
-+void get_xsrf_token(const char *username, const char *pass,
-+		    const char *formname, char token_str[33]);
-+void print_xsrf_token(const char *username, const char *pass,
-+		      const char *formname);
-+bool verify_xsrf_token(const char *formname);
- 
- #endif /*  _SWAT_PROTO_H_  */
--- 
-1.7.1
-
-
-From 3f38cf42facc38c19e0448cbae3078b9606b08e4 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 12:58:53 +0200
-Subject: [PATCH 03/12] s3 swat: Add XSRF protection to status page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/statuspage.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/statuspage.c b/source/web/statuspage.c
-index 8070ae7..fe545e4 100644
---- a/source/web/statuspage.c
-+++ b/source/web/statuspage.c
-@@ -247,9 +247,14 @@ void status_page(void)
- 	int nr_running=0;
- 	bool waitup = False;
- 	TALLOC_CTX *ctx = talloc_stackframe();
-+	const char form_name[] = "status";
- 
- 	smbd_pid = pid_to_procid(pidfile_pid("smbd"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) {
- 		stop_smbd();
- 		start_smbd();
-@@ -326,9 +331,11 @@ void status_page(void)
- 
- 	initPid2Machine ();
- 
-+output_page:
- 	printf("<H2>%s</H2>\n", _("Server Status"));
- 
- 	printf("<FORM method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (!autorefresh) {
- 		printf("<input type=submit value=\"%s\" name=\"autorefresh\">\n", _("Auto Refresh"));
--- 
-1.7.1
-
-
-From ba996f0ae87f6bf4f19a4918e44dbd6d44a96561 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:02:53 +0200
-Subject: [PATCH 04/12] s3 swat: Add XSRF protection to viewconfig page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index e7d84e5..647126f 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -664,13 +664,20 @@ static void welcome_page(void)
- static void viewconfig_page(void)
- {
- 	int full_view=0;
-+	const char form_name[] = "viewconfig";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (cgi_variable("full_view")) {
- 		full_view = 1;
- 	}
- 
-+output_page:
- 	printf("<H2>%s</H2>\n", _("Current Config"));
- 	printf("<form method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (full_view) {
- 		printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
--- 
-1.7.1
-
-
-From 94f8482607a175c44436fae456fbda3624629982 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:03:15 +0200
-Subject: [PATCH 05/12] s3 swat: Add XSRF protection to wizard_params page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 647126f..b7eec4a 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -697,18 +697,25 @@ output_page:
- static void wizard_params_page(void)
- {
- 	unsigned int parm_filter = FLAG_WIZARD;
-+	const char form_name[] = "wizard_params";
- 
- 	/* Here we first set and commit all the parameters that were selected
-  	   in the previous screen. */
- 
- 	printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("Commit")) {
- 		commit_parameters(GLOBAL_SECTION_SNUM);
- 		save_reload(0);
- 	}
- 
-+output_page:
- 	printf("<form name=\"swatform\" method=post action=wizard_params>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (have_write_access) {
- 		printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
--- 
-1.7.1
-
-
-From eb22fd73060534700d514ec295985549131c7569 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:03:44 +0200
-Subject: [PATCH 06/12] s3 swat: Add XSRF protection to wizard page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    9 ++++++++-
- 1 files changed, 8 insertions(+), 1 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index b7eec4a..b6e0c0f 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -751,6 +751,11 @@ static void wizard_page(void)
- 	int have_home = -1;
- 	int HomeExpo = 0;
- 	int SerType = 0;
-+	const char form_name[] = "wizard";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (cgi_variable("Rewrite")) {
- 		(void) rewritecfg_file();
-@@ -841,10 +846,12 @@ static void wizard_page(void)
- 		winstype = 3;
- 
- 	role = lp_server_role();
--	
-+
-+output_page:
- 	/* Here we go ... */
- 	printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
- 	printf("<form method=post action=wizard>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	if (have_write_access) {
- 		printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
--- 
-1.7.1
-
-
-From 8fb3064eeaa3640af6c8b91aa5859d8bfb6d0888 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:04:12 +0200
-Subject: [PATCH 07/12] s3 swat: Add XSRF protection to globals page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index b6e0c0f..5d11685 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -920,9 +920,14 @@ static void globals_page(void)
- {
- 	unsigned int parm_filter = FLAG_BASIC;
- 	int mode = 0;
-+	const char form_name[] = "globals";
- 
- 	printf("<H2>%s</H2>\n", _("Global Parameters"));
- 
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
-+
- 	if (cgi_variable("Commit")) {
- 		commit_parameters(GLOBAL_SECTION_SNUM);
- 		save_reload(0);
-@@ -935,7 +940,9 @@ static void globals_page(void)
- 	if ( cgi_variable("AdvMode"))
- 		mode = 1;
- 
-+output_page:
- 	printf("<form name=\"swatform\" method=post action=globals>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
- 
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
--- 
-1.7.1
-
-
-From ef457a20422cfa8231e25b539d2cd87f299686b9 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:04:48 +0200
-Subject: [PATCH 08/12] s3 swat: Add XSRF protection to shares page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   18 +++++++++++++-----
- 1 files changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 5d11685..4544c31 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -982,11 +982,17 @@ static void shares_page(void)
- 	int mode = 0;
- 	unsigned int parm_filter = FLAG_BASIC;
- 	size_t converted_size;
-+	const char form_name[] = "shares";
-+
-+	printf("<H2>%s</H2>\n", _("Share Parameters"));
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (share)
- 		snum = lp_servicenumber(share);
- 
--	printf("<H2>%s</H2>\n", _("Share Parameters"));
- 
- 	if (cgi_variable("Commit") && snum >= 0) {
- 		commit_parameters(snum);
-@@ -1012,10 +1018,6 @@ static void shares_page(void)
- 		}
- 	}
- 
--	printf("<FORM name=\"swatform\" method=post>\n");
--
--	printf("<table>\n");
--
- 	if ( cgi_variable("ViewMode") )
- 		mode = atoi(cgi_variable_nonull("ViewMode"));
- 	if ( cgi_variable("BasicMode"))
-@@ -1023,6 +1025,12 @@ static void shares_page(void)
- 	if ( cgi_variable("AdvMode"))
- 		mode = 1;
- 
-+output_page:
-+	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
-+
-+	printf("<table>\n");
-+
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
- 		case 0:
--- 
-1.7.1
-
-
-From 4850456845d2da5e3451716a5ad4ca0ef034e01f Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:05:38 +0200
-Subject: [PATCH 09/12] s3 swat: Add XSRF protection to password page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   11 ++++++++---
- 1 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 4544c31..5242484 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1225,12 +1225,15 @@ static void chg_passwd(void)
- static void passwd_page(void)
- {
- 	const char *new_name = cgi_user_name();
-+	const char passwd_form[] = "passwd";
-+	const char rpasswd_form[] = "rpasswd";
- 
- 	if (!new_name) new_name = "";
- 
- 	printf("<H2>%s</H2>\n", _("Server Password Management"));
- 
- 	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form);
- 
- 	printf("<table>\n");
- 
-@@ -1270,14 +1273,16 @@ static void passwd_page(void)
- 	 * Do some work if change, add, disable or enable was
- 	 * requested. It could be this is the first time through this
- 	 * code, so there isn't anything to do.  */
--	if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
--	    (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
-+	if (verify_xsrf_token(passwd_form) &&
-+	   ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
-+	    (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) {
- 		chg_passwd();		
- 	}
- 
- 	printf("<H2>%s</H2>\n", _("Client/Server Password Management"));
- 
- 	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form);
- 
- 	printf("<table>\n");
- 
-@@ -1310,7 +1315,7 @@ static void passwd_page(void)
- 	 * password somewhere other than the server. It could be this
- 	 * is the first time through this code, so there isn't
- 	 * anything to do.  */
--	if (cgi_variable(CHG_R_PASSWD_FLAG)) {
-+	if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) {
- 		chg_passwd();		
- 	}
- 
--- 
-1.7.1
-
-
-From 407ae61fbfc8ee1643a4db8ea9b104f031b32e0f Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Fri, 8 Jul 2011 15:06:13 +0200
-Subject: [PATCH 10/12] s3 swat: Add XSRF protection to printer page
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c |   28 ++++++++++++++++++----------
- 1 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 5242484..4582a63 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -1332,18 +1332,15 @@ static void printers_page(void)
- 	int i;
- 	int mode = 0;
- 	unsigned int parm_filter = FLAG_BASIC;
-+	const char form_name[] = "printers";
-+
-+	if (!verify_xsrf_token(form_name)) {
-+		goto output_page;
-+	}
- 
- 	if (share)
- 		snum = lp_servicenumber(share);
- 
--        printf("<H2>%s</H2>\n", _("Printer Parameters"));
-- 
--        printf("<H3>%s</H3>\n", _("Important Note:"));
--        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
--        printf("%s",_("are autoloaded printers from "));
--        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
--        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
--
- 	if (cgi_variable("Commit") && snum >= 0) {
- 		commit_parameters(snum);
- 		if (snum >= iNumNonAutoPrintServices)
-@@ -1372,8 +1369,6 @@ static void printers_page(void)
- 		}
- 	}
- 
--	printf("<FORM name=\"swatform\" method=post>\n");
--
- 	if ( cgi_variable("ViewMode") )
- 		mode = atoi(cgi_variable_nonull("ViewMode"));
-         if ( cgi_variable("BasicMode"))
-@@ -1381,6 +1376,19 @@ static void printers_page(void)
-         if ( cgi_variable("AdvMode"))
-                 mode = 1;
- 
-+output_page:
-+        printf("<H2>%s</H2>\n", _("Printer Parameters"));
-+
-+        printf("<H3>%s</H3>\n", _("Important Note:"));
-+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
-+        printf("%s",_("are autoloaded printers from "));
-+        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
-+        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
-+
-+
-+	printf("<FORM name=\"swatform\" method=post>\n");
-+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
-+
- 	ViewModeBoxes( mode );
- 	switch ( mode ) {
- 		case 0:
--- 
-1.7.1
-
-
-From 11e281228f334bf3d384df5655136f0b4b4068aa Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Sat, 9 Jul 2011 09:52:07 +0200
-Subject: [PATCH 11/12] s3 swat: Add time component to XSRF token
-
-Signed-off-by: Kai Blin <kai@samba.org>
----
- source/web/swat.c       |   28 ++++++++++++++++++++++++----
- source/web/swat_proto.h |    2 +-
- 2 files changed, 25 insertions(+), 5 deletions(-)
-
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 4582a63..50df66e 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -52,6 +52,8 @@ static int iNumNonAutoPrintServices = 0;
- #define ENABLE_USER_FLAG "enable_user_flag"
- #define RHOST "remote_host"
- #define XSRF_TOKEN "xsrf"
-+#define XSRF_TIME "xsrf_time"
-+#define XSRF_TIMEOUT 300
- 
- #define _(x) lang_msg_rotate(talloc_tos(),x)
- 
-@@ -141,7 +143,7 @@ static char *make_parm_name(const char *label)
- }
- 
- void get_xsrf_token(const char *username, const char *pass,
--		    const char *formname, char token_str[33])
-+		    const char *formname, time_t xsrf_time, char token_str[33])
- {
- 	struct MD5Context md5_ctx;
- 	uint8_t token[16];
-@@ -152,6 +154,7 @@ void get_xsrf_token(const char *username, const char *pass,
- 	MD5Init(&md5_ctx);
- 
- 	MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
-+	MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
- 	if (username != NULL) {
- 		MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
- 	}
-@@ -173,11 +176,13 @@ void print_xsrf_token(const char *username, const char *pass,
- 		      const char *formname)
- {
- 	char token[33];
-+	time_t xsrf_time = time(NULL);
- 
--	get_xsrf_token(username, pass, formname, token);
-+	get_xsrf_token(username, pass, formname, xsrf_time, token);
- 	printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
- 	       XSRF_TOKEN, token);
--
-+	printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n",
-+	       XSRF_TIME, (long long int)xsrf_time);
- }
- 
- bool verify_xsrf_token(const char *formname)
-@@ -186,8 +191,23 @@ bool verify_xsrf_token(const char *formname)
- 	const char *username = cgi_user_name();
- 	const char *pass = cgi_user_pass();
- 	const char *token = cgi_variable_nonull(XSRF_TOKEN);
-+	const char *time_str = cgi_variable_nonull(XSRF_TIME);
-+	time_t xsrf_time = 0;
-+	time_t now = time(NULL);
-+
-+	if (sizeof(time_t) == sizeof(int)) {
-+		xsrf_time = atoi(time_str);
-+	} else if (sizeof(time_t) == sizeof(long)) {
-+		xsrf_time = atol(time_str);
-+	} else if (sizeof(time_t) == sizeof(long long)) {
-+		xsrf_time = atoll(time_str);
-+	}
-+
-+	if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
-+		return false;
-+	}
- 
--	get_xsrf_token(username, pass, formname, expected);
-+	get_xsrf_token(username, pass, formname, xsrf_time, expected);
- 	return (strncmp(expected, token, sizeof(expected)) == 0);
- }
- 
-diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h
-index e66c942..424a3af 100644
---- a/source/web/swat_proto.h
-+++ b/source/web/swat_proto.h
-@@ -68,7 +68,7 @@ void status_page(void);
- 
- const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
- void get_xsrf_token(const char *username, const char *pass,
--		    const char *formname, char token_str[33]);
-+		    const char *formname, time_t xsrf_time, char token_str[33]);
- void print_xsrf_token(const char *username, const char *pass,
- 		      const char *formname);
- bool verify_xsrf_token(const char *formname);
--- 
-1.7.1
-
-
-From 3973cfa50024983618a44ffdb9f756b642b85be7 Mon Sep 17 00:00:00 2001
-From: Kai Blin <kai@samba.org>
-Date: Tue, 12 Jul 2011 08:08:24 +0200
-Subject: [PATCH 12/12] s3 swat: Create random nonce in CGI mode
-
-In CGI mode, we don't get access to the user's password, which would
-reduce the hash used so far to parameters an attacker can easily guess.
-To work around this, read the nonce from secrets.tdb or generate one if
-it's not there.
-Also populate the C_user field so we can use that for token creation.
-
-Signed-off-by: Kai Blin <kai@samba.org>
-
-The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
-This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
----
- source/web/cgi.c  |   18 +++++++++++++++++-
- source/web/swat.c |    1 -
- 2 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/source/web/cgi.c b/source/web/cgi.c
-index ccdc3a7..890ac8e 100644
---- a/source/web/cgi.c
-+++ b/source/web/cgi.c
-@@ -19,6 +19,7 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
-+#include "secrets.h"
- 
- #define MAX_VARIABLES 10000
- 
-@@ -321,7 +322,22 @@ static void cgi_web_auth(void)
- 		exit(0);
- 	}
- 
--	setuid(0);
-+	C_user = SMB_STRDUP(user);
-+
-+	if (!setuid(0)) {
-+		C_pass = secrets_fetch_generic("root", "SWAT");
-+		if (C_pass == NULL) {
-+			char *tmp_pass = NULL;
-+			tmp_pass = generate_random_str(16);
-+			if (tmp_pass == NULL) {
-+				printf("%sFailed to create random nonce for "
-+				       "SWAT session\n<br>%s\n", head, tail);
-+				exit(0);
-+			}
-+			secrets_store_generic("root", "SWAT", tmp_pass);
-+			C_pass = SMB_STRDUP(tmp_pass);
-+		}
-+	}
- 	setuid(pwd->pw_uid);
- 	if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
- 		printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", 
-diff --git a/source/web/swat.c b/source/web/swat.c
-index 50df66e..146f1cf 100644
---- a/source/web/swat.c
-+++ b/source/web/swat.c
-@@ -29,7 +29,6 @@
- 
- #include "includes.h"
- #include "web/swat_proto.h"
--#include "../lib/crypto/md5.h"
- 
- static int demo_mode = False;
- static int passwd_only = False;
--- 
-1.7.1
-
diff --git a/package/samba/samba-add-check-for-__use_bsd.patch b/package/samba/samba-add-check-for-__use_bsd.patch
deleted file mode 100644
index a4c7109..0000000
--- a/package/samba/samba-add-check-for-__use_bsd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/source/client/mount.cifs.c	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/client/mount.cifs.c	2009-04-20 12:59:57.000000000 +0200
-@@ -100,6 +100,7 @@
- 
- /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
-  * don't link to libreplace so need them here. */
-+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))
- 
- /* like strncpy but does not 0 fill the buffer and always null
-  *    terminates. bufsize is the size of the destination buffer */
-@@ -181,6 +182,7 @@
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
- }
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
diff --git a/package/samba/samba-do-not-check-glibc-version.patch b/package/samba/samba-do-not-check-glibc-version.patch
deleted file mode 100644
index c5e3cd4..0000000
--- a/package/samba/samba-do-not-check-glibc-version.patch
+++ /dev/null
@@ -1,104 +0,0 @@
---- a/source/configure	2009-04-01 14:19:36.000000000 +0200
-+++ b/source/configure	2009-04-20 13:05:12.000000000 +0200
-@@ -44061,90 +44061,8 @@
- 
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- 
--#
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       if test "$cross_compiling" = yes; then
--  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
--$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
--{ { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&5
--$as_echo "$as_me: error: cannot run test program while cross compiling
--See \`config.log' for more details." >&2;}
--   { (exit 1); exit 1; }; }; }
--else
--  cat >conftest.$ac_ext <<_ACEOF
--/* confdefs.h.  */
--_ACEOF
--cat confdefs.h >>conftest.$ac_ext
--cat >>conftest.$ac_ext <<_ACEOF
--/* end confdefs.h.  */
--
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--
--_ACEOF
--rm -f conftest$ac_exeext
--if { (ac_try="$ac_link"
--case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_link") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
--  { (case "(($ac_try" in
--  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
--  *) ac_try_echo=$ac_try;;
--esac
--eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
--$as_echo "$ac_try_echo") >&5
--  (eval "$ac_try") 2>&5
--  ac_status=$?
--  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
--  (exit $ac_status); }; }; then
--  linux_getgrouplist_ok=yes
--else
--  $as_echo "$as_me: program exited with status $ac_status" >&5
--$as_echo "$as_me: failed program was:" >&5
--sed 's/^/| /' conftest.$ac_ext >&5
--
--( exit $ac_status )
--linux_getgrouplist_ok=no
--fi
--rm -rf conftest.dSYM
--rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
--fi
--
--
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--
--cat >>confdefs.h <<\_ACEOF
--#define HAVE_GETGROUPLIST 1
--_ACEOF
--
--       fi
--       ;;
--    *)
-+# Stripped glibc test which is not needed for uClibc
-+linux_getgrouplist_ok=yes
- 
- for ac_func in getgrouplist
- do
-@@ -44246,8 +44164,6 @@
- fi
- done
- 
--       ;;
--esac
- 
- #
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
diff --git a/package/samba/samba-fix-client-mtab.patch b/package/samba/samba-fix-client-mtab.patch
deleted file mode 100644
index 21e7158..0000000
--- a/package/samba/samba-fix-client-mtab.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/source/client/mtab.c
-+++ b/source/client/mtab.c
-@@ -31,6 +31,8 @@
- #include <unistd.h>
- #include <errno.h>
- #include <stdio.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
- #include <sys/time.h>
- #include <time.h>
- #include <fcntl.h>
diff --git a/package/samba/samba-fix-mount.cifs.patch b/package/samba/samba-fix-mount.cifs.patch
index 90bff23..9c235ea 100644
--- a/package/samba/samba-fix-mount.cifs.patch
+++ b/package/samba/samba-fix-mount.cifs.patch
@@ -1,18 +1,21 @@
---- a/source/client/mount.cifs.c
-+++ b/source/client/mount.cifs.c
-@@ -138,6 +138,7 @@ static size_t strlcat(char *d, const cha
- 	return ret;
- }
- #endif
-+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* BB finish BB
+--- a/client/mount.cifs.c	2011-09-13 10:26:21.000000000 +0200
++++ b/client/mount.cifs.c	2011-09-13 10:27:16.000000000 +0200
+@@ -39,7 +39,6 @@
+ #include <mntent.h>
+ #include <fcntl.h>
+ #include <limits.h>
+-#include <fstab.h>
+ #include "mount.h"
  
-@@ -178,7 +179,6 @@ static void mount_cifs_usage(void)
- 	SAFE_FREE(mountpassword);
- 	exit(EX_USAGE);
+ #define MOUNT_CIFS_VERSION_MAJOR "1"
+@@ -255,6 +254,10 @@
+ 	return 0;
  }
--#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */
- 
- /* caller frees username if necessary */
- static char * getusername(void) {
+ #else /* CIFS_LEGACY_SETUID_CHECK */
++
++#ifndef _PATH_FSTAB
++#define _PATH_FSTAB "/etc/fstab"
++#endif
+ static int
+ check_fstab(const char *progname, char *mountpoint, char *devname,
+ 	    char **options)
diff --git a/package/samba/samba-getgrouplist.patch b/package/samba/samba-getgrouplist.patch
deleted file mode 100644
index e98d9cd..0000000
--- a/package/samba/samba-getgrouplist.patch
+++ /dev/null
@@ -1,41 +0,0 @@
---- a/source/configure.in	2009-04-01 13:48:54.000000000 +0200
-+++ b/source/configure.in	2009-04-20 13:08:42.000000000 +0200
-@@ -1219,38 +1219,6 @@
- AC_DEFINE(HAVE_PRCTL, 1, [Whether prctl is available]),[])
- 
- #
--#
--#
--case "$host_os" in
--    *linux*)
--       # glibc <= 2.3.2 has a broken getgrouplist
--       AC_TRY_RUN([
--#include <unistd.h>
--#include <sys/utsname.h>
--main() {
--       /* glibc up to 2.3 has a broken getgrouplist */
--#if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
--       int libc_major = __GLIBC__;
--       int libc_minor = __GLIBC_MINOR__;
--
--       if (libc_major < 2)
--              exit(1);
--       if ((libc_major == 2) && (libc_minor <= 3))
--              exit(1);
--#endif
--       exit(0);
--}
--], [linux_getgrouplist_ok=yes], [linux_getgrouplist_ok=no])
--       if test x"$linux_getgrouplist_ok" = x"yes"; then
--          AC_DEFINE(HAVE_GETGROUPLIST, 1, [Have good getgrouplist])
--       fi
--       ;;
--    *)
--       AC_CHECK_FUNCS(getgrouplist)
--       ;;
--esac
--
--#
- # stat64 family may need <sys/stat.h> on some systems, notably ReliantUNIX
- #
- 
diff --git a/package/samba/samba-remove-legacy-index.patch b/package/samba/samba-remove-legacy-index.patch
index 49a3b7d..855bca7 100644
--- a/package/samba/samba-remove-legacy-index.patch
+++ b/package/samba/samba-remove-legacy-index.patch
@@ -1,5 +1,5 @@
---- a/source/registry/reg_perfcount.c
-+++ b/source/registry/reg_perfcount.c
+--- a/source3/registry/reg_perfcount.c
++++ b/source3/registry/reg_perfcount.c
 @@ -616,14 +616,14 @@ static bool _reg_perfcount_add_counter(P
  	obj = NULL;
  	memset(buf, 0, PERFCOUNT_MAX_LEN);
diff --git a/package/samba/samba.mk b/package/samba/samba.mk
index 621d13c..f36da85 100644
--- a/package/samba/samba.mk
+++ b/package/samba/samba.mk
@@ -3,12 +3,11 @@
 # samba
 #
 #############################################################
-
-SAMBA_VERSION = 3.3.15
+SAMBA_VERSION = 3.5.11
 SAMBA_SOURCE = samba-$(SAMBA_VERSION).tar.gz
-SAMBA_SITE = http://samba.org/samba/ftp/stable/
+SAMBA_SITE = http://ftp.samba.org/pub/samba/stable/
 
-SAMBA_SUBDIR = source
+SAMBA_SUBDIR = source3
 SAMBA_AUTORECONF = NO
 
 SAMBA_INSTALL_STAGING = YES
-- 
1.7.4.1

[Buildroot] [PATCH 2/2] samba: fix linking of smbd with avahi support

[Sven Neumann]

Expliticly link with -lpthread if smbd is compiled with
avahi support. Otherwise the binary will fail to run.

Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
---
 package/samba/samba-fix-smbd-libs-avahi.patch |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)
 create mode 100644 package/samba/samba-fix-smbd-libs-avahi.patch

diff --git a/package/samba/samba-fix-smbd-libs-avahi.patch b/package/samba/samba-fix-smbd-libs-avahi.patch
new file mode 100644
index 0000000..d6423de
--- /dev/null
+++ b/package/samba/samba-fix-smbd-libs-avahi.patch
@@ -0,0 +1,15 @@
+Expliticly link with -lpthread if smbd is compiled with
+avahi support. Otherwise the binary will fail to run.
+
+Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>
+--- samba-3.5.6-orig/source3/Makefile.in	2010-10-07 18:41:16.000000000 +0200
++++ samba-3.5.6/source3/Makefile.in	2010-10-27 14:52:40.000000000 +0200
+@@ -1552,7 +1552,7 @@
+ 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
+ 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \
+ 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
+-		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
++		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) $(PTHREAD_LDFLAGS)
+ 
+ bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
+ 	@echo Linking $@
-- 
1.7.4.1

[Buildroot] [PATCH 1/2] samba: bump to 3.5.11

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> Bump to version 3.5.11 and also update the download location.
 Sven> Signed-off-by: Sven Neumann <s.neumann@raumfeld.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/2] samba: fix linking of smbd with avahi support

[Peter Korsgaard]

>>>>> "Sven" == Sven Neumann <s.neumann@raumfeld.com> writes:

 Sven> Expliticly link with -lpthread if smbd is compiled with
 Sven> avahi support. Otherwise the binary will fail to run.

Committed, thanks.

-- 
Bye, Peter Korsgaard