Bump port version to 3.4.14, closing security issues CVE-2011-0719,

CVE-2011-2522 and CVE-2011-2694

Security:	CVE-2011-0719
Security:	CVE-2011-2522
Security:	CVE-2011-2694

4 files changed, 207 insertions, 155 deletions

diff --git a/net/samba34/Makefile b/net/samba34/Makefile
index ae2018edde5b..e1d1915cf87f 100644
--- a/net/samba34/Makefile
+++ b/net/samba34/Makefile
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=		samba34
-PORTVERSION=		3.4.9
-PORTREVISION?=	2
+PORTVERSION=		3.4.14
+PORTREVISION?=		0
 CATEGORIES?=		net
 MASTER_SITES=		${MASTER_SITE_SAMBA}
 MASTER_SITE_SUBDIR=	. old-versions rc pre
@@ -16,7 +16,7 @@ DISTNAME=		${PORTNAME:S|34$||}-${PORTVERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|al
 MAINTAINER?=		timur@FreeBSD.org
 COMMENT?=		A free SMB and CIFS client and server for UNIX
 
-CONFLICTS?=		ja-samba-[235].* samba-[235].* sharity-light-1.* tdb-1.*
+CONFLICTS?=		samba3[2356]-3.*
 # Additional patches from Sernet.de
 PATCH_STRIP=		-p1
 EXTRA_PATCHES=		${PATCHDIR}/sernet.patch
@@ -136,7 +136,7 @@ CONFIGURE_ARGS+=	--with-pam --with-readline=/usr \
 			--without-libsmbclient \
 			--without-libaddns \
 			--without-libnetapi \
-			--without-libsmbsharemodes
+			--without-libsmbsharemodes --disable-pie
 
 .if !defined(WITHOUT_LDAP)
 SAMBA_WANT_LDAP=	yes
diff --git a/net/samba34/distinfo b/net/samba34/distinfo
index 934080f02637..de9789053a81 100644
--- a/net/samba34/distinfo
+++ b/net/samba34/distinfo
@@ -1,2 +1,2 @@
-SHA256 (samba-3.4.9.tar.gz) = 593952940f6c460a8486906aff55c56c8168c0f74d2d016bb55d080259048b8e
-SIZE (samba-3.4.9.tar.gz) = 34850281
+SHA256 (samba-3.4.14.tar.gz) = 0c44883213859c7e45c89471194f8cab04917b1610213df5df0986913b1b99be
+SIZE (samba-3.4.14.tar.gz) = 34803817
diff --git a/net/samba34/files/samba.in b/net/samba34/files/samba.in
index cb86f976ea5f..58f8fbb0b7ec 100644
--- a/net/samba34/files/samba.in
+++ b/net/samba34/files/samba.in
@@ -28,29 +28,20 @@
 
 name="samba"
 rcvar=$(set_rcvar)
-
-load_rc_config "${name}"
-# Custom commands
-extra_commands="reload status"
-start_precmd="samba_start_precmd"
-start_cmd="samba_cmd"
-stop_cmd="samba_cmd"
-status_cmd="samba_cmd"
-restart_precmd="samba_checkconfig"
-reload_precmd="samba_checkconfig"
-reload_cmd="samba_reload_cmd"
-rcvar_cmd="samba_rcvar_cmd"
+set_rcvar ${rcvar} "NO" "Samba service" > /dev/null
 # Defaults
-samba_enable=${samba_enable:=NO}
+eval ${rcvar}=\${${rcvar}:=NO}
 samba_config_default="%%SAMBA_CONFDIR%%/%%SAMBA_CONFIG%%"
 samba_config=${samba_config="${samba_config_default}"}
 command_args=${samba_config:+-s "${samba_config}"}
+# Fetch parameters from configuration file
 testparm_command="%%PREFIX%%/bin/testparm"
 smbcontrol_command="%%PREFIX%%/bin/smbcontrol"
-# Fetch parameters from configuration file
 samba_parm="${testparm_command} -s -v --parameter-name"
-%%WINBIND%%samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null)
+samba_idmap=$(${samba_parm} 'idmap uid' "${samba_config}" 2>/dev/null)
 samba_lockdir=$(${samba_parm} 'lock directory' "${samba_config}" 2>/dev/null)
+# Load configuration
+load_rc_config "${name}"
 # Setup dependent variables
 if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
     nmbd_enable=${nmbd_enable=YES}
@@ -60,20 +51,37 @@ if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
 %%WINBIND%%	winbindd_enable=${winbindd_enable=YES}
 %%WINBIND%%    fi
 fi
-# Defaults for dependent variables
+# XXX: Hack to enable check of the dependent variables
+eval real_${rcvar}="\${${rcvar}:=NO}"	${rcvar}=YES
+# nmbd
 nmbd_enable=${nmbd_enable:=NO}
 nmbd_flags=${nmbd_flags="-D"}
+set_rcvar nmbd_enable "NO" "nmb daemon" >/dev/null
+# smbd
 smbd_enable=${smbd_enable:=NO}
 smbd_flags=${smbd_flags="-D"}
+set_rcvar smbd_enable "NO" "smb daemon" >/dev/null
+%%WINBIND%%# winbindd
 %%WINBIND%%winbindd_enable=${winbindd_enable:=NO}
 %%WINBIND%%winbindd_flags=${winbindd_flags=''}
+%%WINBIND%%set_rcvar winbindd_enable "NO" "winbind daemon" >/dev/null
+# Custom commands
+extra_commands="reload status"
+start_precmd="samba_start_precmd"
+start_cmd="samba_cmd"
+stop_cmd="samba_cmd"
+status_cmd="samba_cmd"
+restart_precmd="samba_checkconfig"
+reload_precmd="samba_checkconfig"
+reload_cmd="samba_reload_cmd"
+rcvar_cmd="samba_rcvar_cmd"
+#
 samba_daemons="nmbd smbd"
 %%WINBIND%%samba_daemons="${samba_daemons} winbindd"
-# Hack to enable check of dependent variables
-eval real_${rcvar}="\${${rcvar}:=NO}"	${rcvar}=YES
 # Requirements
 required_files="${samba_config}"
 required_dirs="${samba_lockdir}"
+
 samba_checkconfig() {
     echo -n "Performing sanity check on Samba configuration: "
     if ${testparm_command} -s ${samba_config:+"${samba_config}"} >/dev/null 2>&1; then
@@ -82,6 +90,7 @@ samba_checkconfig() {
 	echo "FAILED"
 	return 1
     fi
+    return 0
 }
 
 samba_start_precmd() {
@@ -99,20 +108,13 @@ samba_start_precmd() {
 }
 
 samba_rcvar_cmd() {
+    local rcvar
+    rcvar=$(set_rcvar ${name})
+    eval ${rcvar}=\${real_${rcvar}}
     # Prevent recursive calling
     unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
     # Check master variable
-    echo "# ${name}"
-    if [ -n "${rcvar}" ]; then
-	# Use original configured value
-	if checkyesno "real_${rcvar}"; then
-	    echo "\$${rcvar}=YES"
-	else
-	    echo "\$${rcvar}=NO"
-	fi
-    fi
-    # Check dependent variables
-    samba_cmd "${_rc_prefix}${rc_arg}" ${rc_extra_args}
+    run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
 }
 
 samba_reload_cmd() {
@@ -121,7 +123,7 @@ samba_reload_cmd() {
     unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
     # Apply to all daemons
     for name in ${samba_daemons}; do
-    	rcvar=$(set_rcvar)
+    	rcvar=$(set_rcvar ${name})
 	command="%%PREFIX%%/sbin/${name}"
 	pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid"
 	# Daemon should be enabled and running
@@ -137,30 +139,30 @@ samba_reload_cmd() {
 }
 
 samba_cmd() {
-    local name rcvar command pidfile samba_daemons result _result
+    local name rcvar rcvars v command pidfile samba_daemons result
     # Prevent recursive calling
     unset "${rc_arg}_cmd" "${rc_arg}_precmd" "${rc_arg}_postcmd"
-    # Stop processes in the reverse to order
+    # Stop processes in the reverse order
     if [ "${rc_arg}" = "stop" ] ; then
 	samba_daemons=$(reverse_list ${samba_daemons})
     fi
-    # Apply to all daemons
+    # Assume success
     result=0
+    # Apply to all daemons
     for name in ${samba_daemons}; do
-	rcvar=$(set_rcvar)
+	rcvar=$(set_rcvar ${name})
+	# XXX
+	rcvars=''; v=''
 	command="%%PREFIX%%/sbin/${name}"
 	pidfile="%%SAMBA_RUNDIR%%/${name}${pid_extra}.pid"
 	# Daemon should be enabled and running
 	if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then
 	    run_rc_command "${_rc_prefix}${rc_arg}" ${rc_extra_args}
-	    # Collect return values
-	    _result=$?
-	    if [ ${_result} != 0 ]; then
-		result=${_result}
-	    fi
+	    # If any of the of the commands failed, take it as a total result
+	    result=$((${result} || $?))
 	fi
     done
-    return $result
+    return ${result}
 }
 
 run_rc_command "$1"
diff --git a/net/samba34/files/sernet.patch b/net/samba34/files/sernet.patch
index cd3590cea656..b2283b054d18 100644
--- a/net/samba34/files/sernet.patch
+++ b/net/samba34/files/sernet.patch
@@ -1,8 +1,8 @@
 samba-3.4-check-bad-password-count.patch
 samba-3.4-net-trustdom-list-tidyup.patch
 samba3-3.4-honor-all-loopback-ips.patch
+samba3-3.4.12-nmbd-bind-explicit.patch
 samba3-3.4.4-fix-account-unlock.patch
-samba3-3.4.6-nmbd-bind-explicit.patch
 
  source3/auth/auth_sam.c      |  159 +++++++++++++++++++++++++++++++++---------
  source3/include/proto.h      |    3 +
@@ -625,83 +625,7 @@ index 0ce495e..0511a28 100644
  }
  
  /**
-From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001
-From: Michael Adam <obnox@samba.org>
-Date: Thu, 14 Jan 2010 14:24:35 +0100
-Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf-8
-Content-Transfer-Encoding: 8bit
-
-By an oversight, the patchset for #4347 made the unlocking of a locked
-account after the lockout duration ineffective.
-Thanks to Björn for finding this!
-
-Michael
----
- source3/auth/auth_sam.c |   12 +++++-------
- 1 files changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
-index 1dd8fc9..01b2517 100644
---- a/source3/auth/auth_sam.c
-+++ b/source3/auth/auth_sam.c
-@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
- 	DATA_BLOB user_sess_key = data_blob_null;
- 	DATA_BLOB lm_sess_key = data_blob_null;
- 	bool updated_autolock = False, updated_badpw = False;
--	uint32_t acct_ctrl;
- 	const char *username;
- 	const uint8_t *nt_pw;
- 	const uint8_t *lm_pw;
-@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
- 		return NT_STATUS_NO_SUCH_USER;
- 	}
- 
--	acct_ctrl = pdb_get_acct_ctrl(sampass);
- 	username = pdb_get_username(sampass);
- 	nt_pw = pdb_get_nt_passwd(sampass);
- 	lm_pw = pdb_get_lanman_passwd(sampass);
- 
- 	/* see if autolock flag needs to be updated */
--	if (acct_ctrl & ACB_NORMAL)
-+	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
- 		pdb_update_autolock_flag(sampass, &updated_autolock);
- 	/* Quit if the account was locked out. */
--	if (acct_ctrl & ACB_AUTOLOCK) {
-+	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
- 		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
- 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
- 	}
- 
- 	nt_status = sam_password_ok(auth_context, mem_ctx,
--				    username, acct_ctrl, lm_pw, nt_pw,
-+				    username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw,
- 				    user_info, &user_sess_key, &lm_sess_key);
- 
- 	/* Notify passdb backend of login success/failure. If not 
-@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
- 		bool increment_bad_pw_count = false;
- 
- 		if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
--		    acct_ctrl & ACB_NORMAL &&
-+		    pdb_get_acct_ctrl(sampass) & ACB_NORMAL &&
- 		    NT_STATUS_IS_OK(update_login_attempts_status)) 
- 		{
- 			increment_bad_pw_count =
-@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
- 		goto done;
- 	}
- 
--	if ((acct_ctrl & ACB_NORMAL) &&
-+	if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
- 	    (pdb_get_bad_password_count(sampass) > 0)){
- 		pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
- 		pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
--- 
-1.6.3.3
-
-From 2ad43c8c290ebb070d793fc24925f7c1ceb8a438 Mon Sep 17 00:00:00 2001
+From 104c65054cb5e4c4b78f7e75a21a078d68d12bb8 Mon Sep 17 00:00:00 2001
 From: Stefan Metzmacher <metze@samba.org>
 Date: Thu, 28 Jan 2010 11:04:05 +0100
 Subject: [PATCH 1/4] s3:nmbd: also listen explicit on the subnet broadcast addresses
@@ -718,9 +642,9 @@ metze
  source3/libsmb/namequery.c   |    6 +-
  source3/libsmb/nmblib.c      |    9 ++-
  source3/nmbd/nmbd.c          |    5 +-
- source3/nmbd/nmbd_packets.c  |  189 ++++++++++++++++++++++++++++--------------
- source3/nmbd/nmbd_subnetdb.c |  123 ++++++++++++++++++----------
- 6 files changed, 222 insertions(+), 115 deletions(-)
+ source3/nmbd/nmbd_packets.c  |  197 ++++++++++++++++++++++++++++--------------
+ source3/nmbd/nmbd_subnetdb.c |  123 +++++++++++++++++---------
+ 6 files changed, 230 insertions(+), 115 deletions(-)
 
 diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h
 index 496d87e..53ffd6f 100644
@@ -771,7 +695,7 @@ index 50fb9f1..8f8d891 100644
  	p.packet_type = NMB_PACKET;
  
 diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
-index 5f3eda4..1a21066 100644
+index 8230c5a..f7bcf8f 100644
 --- a/source3/libsmb/nmblib.c
 +++ b/source3/libsmb/nmblib.c
 @@ -601,6 +601,8 @@ static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
@@ -812,7 +736,7 @@ index 5f3eda4..1a21066 100644
  
  /****************************************************************************
 diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
-index f31e7b1..418771a 100644
+index eefe27a..07a4b02 100644
 --- a/source3/nmbd/nmbd.c
 +++ b/source3/nmbd/nmbd.c
 @@ -441,13 +441,14 @@ static void msg_nmbd_send_packet(struct messaging_context *msg,
@@ -833,7 +757,7 @@ index f31e7b1..418771a 100644
  			break;
  		}
 diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
-index f69845b..51f4e32 100644
+index 1c570ea..402282c 100644
 --- a/source3/nmbd/nmbd_packets.c
 +++ b/source3/nmbd/nmbd_packets.c
 @@ -207,7 +207,8 @@ static struct packet_struct *create_and_init_netbios_packet(struct nmb_name *nmb
@@ -881,7 +805,7 @@ index f69845b..51f4e32 100644
  	packet.timestamp = time(NULL);
  
  	debug_nmb_packet(&packet);
-@@ -1679,50 +1686,74 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n
+@@ -1679,26 +1686,32 @@ static bool create_listen_fdset(fd_set **ppset, int **psock_array, int *listen_n
  		return True;
  	}
  
@@ -892,11 +816,11 @@ index f69845b..51f4e32 100644
  	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
  		count++;
  
--	if((count*2) + 2 > FD_SETSIZE) {
+-	if((count*2) + 2 >= FD_SETSIZE) {
 +	/* each interface gets 4 sockets */
 +	count *= 4;
 +
-+	if(count > FD_SETSIZE) {
++	if(count >= FD_SETSIZE) {
  		DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
 -only use %d.\n", (count*2) + 2, FD_SETSIZE));
 +only use %d.\n", count, FD_SETSIZE));
@@ -916,7 +840,10 @@ index f69845b..51f4e32 100644
  
 -	/* Add in the broadcast socket on 137. */
 +	/* Add in the lp_socket_address() interface on 137. */
- 	FD_SET(ClientNMB,pset);
+ 	if (ClientNMB < 0 || ClientNMB >= FD_SETSIZE) {
+ 		errno = EBADF;
+ 		SAFE_FREE(pset);
+@@ -1709,6 +1722,9 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
  	sock_array[num++] = ClientNMB;
  	*maxfd = MAX( *maxfd, ClientNMB);
  
@@ -925,12 +852,18 @@ index f69845b..51f4e32 100644
 +
  	/* Add in the 137 sockets on all the interfaces. */
  	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
+ 		if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) {
+@@ -1718,9 +1734,19 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
  		FD_SET(subrec->nmb_sock,pset);
  		sock_array[num++] = subrec->nmb_sock;
  		*maxfd = MAX( *maxfd, subrec->nmb_sock);
 +
 +		sock_array[num++] = subrec->nmb_bcast;
 +		if (subrec->nmb_bcast != -1) {
++			if (subrec->nmb_bcast < 0 || subrec->nmb_bcast >= FD_SETSIZE) {
++				/* We have to ignore sockets outside FD_SETSIZE. */
++				continue;
++			}
 +			FD_SET(subrec->nmb_bcast,pset);
 +			*maxfd = MAX( *maxfd, subrec->nmb_bcast);
 +		}
@@ -938,7 +871,10 @@ index f69845b..51f4e32 100644
  
 -	/* Add in the broadcast socket on 138. */
 +	/* Add in the lp_socket_address() interface on 138. */
- 	FD_SET(ClientDGRAM,pset);
+ 	if (ClientDGRAM < 0 || ClientDGRAM >= FD_SETSIZE) {
+ 		errno = EBADF;
+ 		SAFE_FREE(pset);
+@@ -1731,6 +1757,9 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
  	sock_array[num++] = ClientDGRAM;
  	*maxfd = MAX( *maxfd, ClientDGRAM);
  
@@ -947,12 +883,18 @@ index f69845b..51f4e32 100644
 +
  	/* Add in the 138 sockets on all the interfaces. */
  	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
+ 		if (subrec->dgram_sock < 0 || subrec->dgram_sock >= FD_SETSIZE) {
+@@ -1740,9 +1769,19 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
  		FD_SET(subrec->dgram_sock,pset);
  		sock_array[num++] = subrec->dgram_sock;
  		*maxfd = MAX( *maxfd, subrec->dgram_sock);
 +
 +		sock_array[num++] = subrec->dgram_bcast;
 +		if (subrec->dgram_bcast != -1) {
++			if (subrec->dgram_bcast < 0 || subrec->dgram_bcast >= FD_SETSIZE) {
++				/* We have to ignore sockets outside FD_SETSIZE. */
++				continue;
++			}
 +			FD_SET(subrec->dgram_bcast,pset);
 +			*maxfd = MAX( *maxfd, subrec->dgram_bcast);
 +		}
@@ -963,7 +905,7 @@ index f69845b..51f4e32 100644
  
  	SAFE_FREE(*ppset);
  	SAFE_FREE(*psock_array);
-@@ -1811,61 +1842,90 @@ bool listen_for_packets(bool run_election)
+@@ -1831,61 +1870,90 @@ bool listen_for_packets(bool run_election)
  #endif
  
  	for(i = 0; i < listen_number; i++) {
@@ -1071,16 +1013,16 @@ index f69845b..51f4e32 100644
 +					inet_ntoa(packet->ip),packet->port));
 +				free_packet(packet);
 +				continue;
- 			}
--		} /* end processing 138 socket. */
--	} /* end for */
++			}
 +
 +			if (packet->packet.nmb.header.nm_flags.bcast) {
 +				DEBUG(7,("discarding own nmb bcast packet from %s:%d\n",
 +					inet_ntoa(packet->ip),packet->port));
 +				free_packet(packet);
 +				continue;
-+			}
+ 			}
+-		} /* end processing 138 socket. */
+-	} /* end for */
 +		}
 +
 +		/*
@@ -1106,7 +1048,7 @@ index f69845b..51f4e32 100644
  	return False;
  }
  
-@@ -1944,7 +2004,8 @@ bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len,
+@@ -1964,7 +2032,8 @@ bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len,
  
  	p.ip = dest_ip;
  	p.port = dest_port;
@@ -1290,10 +1232,10 @@ index 13bc931..96d7b32 100644
  
  /****************************************************************************
 -- 
-1.6.3.3
+1.7.0.4
 
 
-From df62c7c73e1a30a7db1257df44bbb50471d782c8 Mon Sep 17 00:00:00 2001
+From 67f12b0e16d6e97e5b942d2293c3e063ed1a520a Mon Sep 17 00:00:00 2001
 From: Stefan Metzmacher <metze@samba.org>
 Date: Mon, 8 Feb 2010 12:51:29 +0100
 Subject: [PATCH 2/4] s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit broadcast"
@@ -1307,10 +1249,10 @@ metze
  3 files changed, 13 insertions(+), 1 deletions(-)
 
 diff --git a/source3/include/proto.h b/source3/include/proto.h
-index d2ae62c..82c55d0 100644
+index 7c2893b..26b0643 100644
 --- a/source3/include/proto.h
 +++ b/source3/include/proto.h
-@@ -3934,6 +3934,7 @@ const char *lp_logon_drive(void);
+@@ -3939,6 +3939,7 @@ const char *lp_logon_drive(void);
  const char *lp_logon_home(void);
  char *lp_remote_announce(void);
  char *lp_remote_browse_sync(void);
@@ -1332,7 +1274,7 @@ index 96d7b32..703e229 100644
  	/* Check if we are creating a non broadcast subnet - if so don't create
  		sockets.  */
 diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index 6e5e0b2..5e4f2f6 100644
+index 2ba2dd3..87df0d4 100644
 --- a/source3/param/loadparm.c
 +++ b/source3/param/loadparm.c
 @@ -157,6 +157,7 @@ struct global {
@@ -1368,10 +1310,10 @@ index 6e5e0b2..5e4f2f6 100644
  FN_GLOBAL_LIST(lp_interfaces, &Globals.szInterfaces)
  FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName)
 -- 
-1.6.3.3
+1.7.0.4
 
 
-From 4b52a598f0eb179183b66a05707a3d7e3eaf50a6 Mon Sep 17 00:00:00 2001
+From c7cbb3f8a06cf98abbbcaaad5806b101aea5b2a0 Mon Sep 17 00:00:00 2001
 From: Stefan Metzmacher <metze@samba.org>
 Date: Mon, 8 Feb 2010 12:59:13 +0100
 Subject: [PATCH 3/4] s3:docs-xml: document "nmbd bind explicit broadcast"
@@ -1406,10 +1348,10 @@ index 0000000..f328594
 +<value type="default">no</value>
 +</samba:parameter>
 -- 
-1.6.3.3
+1.7.0.4
 
 
-From fa11a65188c2973ebba441d7b4f528831bfe3882 Mon Sep 17 00:00:00 2001
+From 49b0020da61243090848136c1fb03fdd819655d0 Mon Sep 17 00:00:00 2001
 From: Jeremy Allison <jra@samba.org>
 Date: Wed, 10 Feb 2010 12:32:05 -0800
 Subject: [PATCH 4/4] More of the fix for bug #7118 - nmbd problems with socket address.
@@ -1438,10 +1380,10 @@ Jeremy.
  1 files changed, 89 insertions(+), 0 deletions(-)
 
 diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
-index 51f4e32..6c4b96a 100644
+index 402282c..567a9df 100644
 --- a/source3/nmbd/nmbd_packets.c
 +++ b/source3/nmbd/nmbd_packets.c
-@@ -1765,6 +1765,83 @@ only use %d.\n", count, FD_SETSIZE));
+@@ -1793,6 +1793,83 @@ only use %d.\n", count, FD_SETSIZE));
  }
  
  /****************************************************************************
@@ -1525,7 +1467,7 @@ index 51f4e32..6c4b96a 100644
    Listens for NMB or DGRAM packets, and queues them.
    return True if the socket is dead
  ***************************************************************************/
-@@ -1784,6 +1861,7 @@ bool listen_for_packets(bool run_election)
+@@ -1812,6 +1889,7 @@ bool listen_for_packets(bool run_election)
  #ifndef SYNC_DNS
  	int dns_fd;
  #endif
@@ -1533,7 +1475,7 @@ index 51f4e32..6c4b96a 100644
  
  	if(listen_set == NULL || rescan_listen_set) {
  		if(create_listen_fdset(&listen_set, &sock_array, &listen_number, &maxfd)) {
-@@ -1906,6 +1984,16 @@ bool listen_for_packets(bool run_election)
+@@ -1934,6 +2012,16 @@ bool listen_for_packets(bool run_election)
  			}
  		}
  
@@ -1550,7 +1492,7 @@ index 51f4e32..6c4b96a 100644
  		/*
  		 * 0,2,4,... are unicast sockets
  		 * 1,3,5,... are broadcast sockets
-@@ -1926,6 +2014,7 @@ bool listen_for_packets(bool run_election)
+@@ -1954,6 +2042,7 @@ bool listen_for_packets(bool run_election)
  		queue_packet(packet);
  	}
  
@@ -1559,5 +1501,113 @@ index 51f4e32..6c4b96a 100644
  }
  
 -- 
+1.7.0.4
+
+From 179e63ae9aa93984ea3d237c1039460c5acf01a5 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Thu, 14 Jan 2010 14:24:35 +0100
+Subject: [PATCH] s3:auth: fix account unlock regression introduced with fix for bug #4347
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+Content-Transfer-Encoding: 8bit
+
+By an oversight, the patchset for #4347 made the unlocking of a locked
+account after the lockout duration ineffective.
+Thanks to Björn for finding this!
+
+Michael
+---
+ source3/auth/auth_sam.c |   12 +++++-------
+ 1 files changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
+index 1dd8fc9..01b2517 100644
+--- a/source3/auth/auth_sam.c
++++ b/source3/auth/auth_sam.c
+@@ -369,7 +369,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ 	DATA_BLOB user_sess_key = data_blob_null;
+ 	DATA_BLOB lm_sess_key = data_blob_null;
+ 	bool updated_autolock = False, updated_badpw = False;
+-	uint32_t acct_ctrl;
+ 	const char *username;
+ 	const uint8_t *nt_pw;
+ 	const uint8_t *lm_pw;
+@@ -399,22 +398,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ 		return NT_STATUS_NO_SUCH_USER;
+ 	}
+ 
+-	acct_ctrl = pdb_get_acct_ctrl(sampass);
+ 	username = pdb_get_username(sampass);
+ 	nt_pw = pdb_get_nt_passwd(sampass);
+ 	lm_pw = pdb_get_lanman_passwd(sampass);
+ 
+ 	/* see if autolock flag needs to be updated */
+-	if (acct_ctrl & ACB_NORMAL)
++	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+ 		pdb_update_autolock_flag(sampass, &updated_autolock);
+ 	/* Quit if the account was locked out. */
+-	if (acct_ctrl & ACB_AUTOLOCK) {
++	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+ 		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
+ 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ 	}
+ 
+ 	nt_status = sam_password_ok(auth_context, mem_ctx,
+-				    username, acct_ctrl, lm_pw, nt_pw,
++				    username, pdb_get_acct_ctrl(sampass), lm_pw, nt_pw,
+ 				    user_info, &user_sess_key, &lm_sess_key);
+ 
+ 	/* Notify passdb backend of login success/failure. If not 
+@@ -426,7 +424,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ 		bool increment_bad_pw_count = false;
+ 
+ 		if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
+-		    acct_ctrl & ACB_NORMAL &&
++		    pdb_get_acct_ctrl(sampass) & ACB_NORMAL &&
+ 		    NT_STATUS_IS_OK(update_login_attempts_status)) 
+ 		{
+ 			increment_bad_pw_count =
+@@ -457,7 +455,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+ 		goto done;
+ 	}
+ 
+-	if ((acct_ctrl & ACB_NORMAL) &&
++	if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
+ 	    (pdb_get_bad_password_count(sampass) > 0)){
+ 		pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
+ 		pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
+-- 
 1.6.3.3
 
+From b2ec4bffca5d033a172c572ecf0605e84af68315 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Thu, 30 Jun 2011 09:56:06 +0200
+Subject: [PATCH] s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276)
+
+Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
+(commit feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
+so that we skipped some sockets.
+
+This should work for v3-4-test.
+
+metze
+---
+ source3/nmbd/nmbd_packets.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
+index 1c570ea..855f6af 100644
+--- a/source3/nmbd/nmbd_packets.c
++++ b/source3/nmbd/nmbd_packets.c
+@@ -1742,7 +1742,7 @@ only use %d.\n", (count*2) + 2, FD_SETSIZE));
+ 		*maxfd = MAX( *maxfd, subrec->dgram_sock);
+ 	}
+ 
+-	*listen_number = count;
++	*listen_number = num;
+ 
+ 	SAFE_FREE(*ppset);
+ 	SAFE_FREE(*psock_array);
+-- 
+1.7.4.1
+