A security fix release of Samba 4.1, 4.2 and 4.3. Samba 4.1 is also marked as deprecated.

Security: CVE-2015-3223 CVE-2015-5252 CVE-2015-5299 CVE-2015-5296 CVE-2015-8467 CVE-2015-5330
author: timur <timur@FreeBSD.org> 2015-12-20 06:51:10 +0800
committer: timur <timur@FreeBSD.org> 2015-12-20 06:51:10 +0800
commit: 88b79ab934f256dcc94fb8b44b76113b0421602a (patch)
tree: 7c564ad1988756d157541a009c23c5fb5be549eb /net
parent: d1ce58772203132f05e509fe166a45f19d6ea388 (diff)
download: freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.tar.gz
freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.tar.zst
freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.zip
13 files changed, 1246 insertions, 40 deletions
diff --git a/net/samba41/Makefile b/net/samba41/Makefile
index de69e25fa4ae..62b3084846c8 100644
--- a/net/samba41/Makefile
+++ b/net/samba41/Makefile
@@ -15,9 +15,12 @@ LICENSE=		GPLv3
 
 CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0.*
 
+DEPRECATED=		not supported by the upstream
+EXPIRATION_DATE=	2016-03-01
+
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.1.21
+SAMBA4_VERSION=		4.1.22
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -105,8 +108,8 @@ BUILD_DEPENDS+=		tdb>=1.3.8:${PORTSDIR}/databases/tdb
 RUN_DEPENDS+=		tdb>=1.3.8:${PORTSDIR}/databases/tdb
 SAMBA4_BUNDLED_LIBS+=	!tdb
 # ldb
-BUILD_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
-RUN_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
+BUILD_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
+RUN_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
 SAMBA4_BUNDLED_LIBS+=	!ldb
 # Don't use external libcom_err
 SAMBA4_BUNDLED_LIBS+=	com_err
@@ -489,11 +492,11 @@ pre-build:
 			source4/utils/man/ntlm_auth4.1 \
 			source4/utils/man/oLschema2ldif.1
 			-@${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
-			@${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
+			${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
 .	endfor
 			-@${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
 .	for man in ${SAMBA_MAN1} ${SAMBA_MAN5} ${SAMBA_MAN7} ${SAMBA_MAN8}
-			-@${INSTALL_MAN} ${BUILD_WRKSRC}/docs/manpages/${man} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
+			-${INSTALL_MAN} ${BUILD_WRKSRC}/docs/manpages/${man} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
 .	endfor
 .endif
 
@@ -502,7 +505,7 @@ post-install:
 .if ${PORT_OPTIONS:MDOCS}
 			@${MKDIR} ${STAGEDIR}${DOCSDIR}
 .	for doc in ${PORTDOCS}
-			@${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
+			${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
 .	endfor
 .endif
 # Run post-install script
diff --git a/net/samba41/distinfo b/net/samba41/distinfo
index 26d4d9242ad3..38c9bf235ef1 100644
--- a/net/samba41/distinfo
+++ b/net/samba41/distinfo
@@ -1,2 +1,2 @@
-SHA256 (samba-4.1.21.tar.gz) = 00f1c26cd310811afb2fa1a3fb72a23bd2e5c2f6466e6efdcb530305d7c3ce2e
-SIZE (samba-4.1.21.tar.gz) = 19561830
+SHA256 (samba-4.1.22.tar.gz) = 5563a1c94a2dac837ccffd1f0821bb25e097affaa7389fef186f9cfb3486cfe5
+SIZE (samba-4.1.22.tar.gz) = 19557688
diff --git a/net/samba42/Makefile b/net/samba42/Makefile
index b54452b30d84..2a4de83c2b02 100644
--- a/net/samba42/Makefile
+++ b/net/samba42/Makefile
@@ -15,9 +15,11 @@ LICENSE=		GPLv3
 
 CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba43-4.3.*
 
+EXTRA_PATCHES=		${PATCHDIR}/extra-patch-security:-p1
+
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.2.5
+SAMBA4_VERSION=		4.2.7
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -107,8 +109,8 @@ BUILD_DEPENDS+=		ntdb>=1.0:${PORTSDIR}/databases/ntdb
 RUN_DEPENDS+=		ntdb>=1.0:${PORTSDIR}/databases/ntdb
 SAMBA4_BUNDLED_LIBS+=	!ntdb
 # ldb
-BUILD_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
-RUN_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
+BUILD_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
+RUN_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
 SAMBA4_BUNDLED_LIBS+=	!ldb
 # Don't use external libcom_err
 SAMBA4_BUNDLED_LIBS+=	com_err
@@ -174,6 +176,8 @@ SUB_LIST+=		NSUPDATE="@comment "
 .elif ${PORT_OPTIONS:MNSUPDATE}
 RUN_DEPENDS+=		samba-nsupdate:${PORTSDIR}/dns/samba-nsupdate
 SUB_LIST+=		NSUPDATE=""
+.else
+SUB_LIST+=		NSUPDATE="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MDEBUG}
@@ -239,8 +243,10 @@ CONFIGURE_ARGS+=	--without-acl-support
 .if ! ${PORT_OPTIONS:MAD_DC}
 CONFIGURE_ARGS+=	--without-ad-dc
 PLIST_SUB+=		AD_DC="@comment "
+SUB_LIST+=		AD_DC="@comment "
 .else
 PLIST_SUB+=		AD_DC=""
+SUB_LIST+=		AD_DC=""
 .endif
 
 .if ${PORT_OPTIONS:MADS}
diff --git a/net/samba42/distinfo b/net/samba42/distinfo
index 54c74be60598..5db9d732f2ee 100644
--- a/net/samba42/distinfo
+++ b/net/samba42/distinfo
@@ -1,2 +1,2 @@
-SHA256 (samba-4.2.5.tar.gz) = 8191c4c0730daf7f9e9a3ea1cc6e680798d76bf855269807778adcccc8d706cf
-SIZE (samba-4.2.5.tar.gz) = 20734836
+SHA256 (samba-4.2.7.tar.gz) = f586ab3166ce4c663360f15b1de24ef083816a5471856e3ad49bc26b35f0104a
+SIZE (samba-4.2.7.tar.gz) = 20741971
diff --git a/net/samba42/files/extra-patch-security b/net/samba42/files/extra-patch-security
new file mode 100644
index 000000000000..5a9732052567
--- /dev/null
+++ b/net/samba42/files/extra-patch-security
@@ -0,0 +1,647 @@
+From 6a25f2a8c651523a272c0019895e1d2b1e83b022 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Sat, 18 Jul 2015 21:50:55 +0200
+Subject: [PATCH 1/5] dbwrap_rbt: Make "key" and "value" aligned to 16 byte
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by Uri Simchoni <urisimchoni@gmail.com>. Thanks!
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Ralph Boehme <slow@samba.org>
+
+Autobuild-User(master): Ralph Böhme <slow@samba.org>
+Autobuild-Date(master): Mon Jul 20 23:18:23 CEST 2015 on sn-devel-104
+
+(cherry picked from commit 64a88f74ca5309dce1d3ec0755ceba4af5144dbd)
+---
+ lib/dbwrap/dbwrap_rbt.c | 51 +++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 39 insertions(+), 12 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index 3f97086..03f2f57 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -38,13 +38,6 @@ struct db_rbt_rec {
+ struct db_rbt_node {
+ 	struct rb_node rb_node;
+ 	size_t keysize, valuesize;
+-
+-	/*
+-	 * key and value are appended implicitly, "data" is only here as a
+-	 * target for offsetof()
+-	 */
+-
+-	char data[1];
+ };
+ 
+ /*
+@@ -83,12 +76,43 @@ static int db_rbt_compare(TDB_DATA a, TDB_DATA b)
+ static void db_rbt_parse_node(struct db_rbt_node *node,
+ 			      TDB_DATA *key, TDB_DATA *value)
+ {
+-	key->dptr = ((uint8_t *)node) + offsetof(struct db_rbt_node, data);
++	size_t key_offset, value_offset;
++
++	key_offset = DBWRAP_RBT_ALIGN(sizeof(struct db_rbt_node));
++	key->dptr = ((uint8_t *)node) + key_offset;
+ 	key->dsize = node->keysize;
+-	value->dptr = key->dptr + node->keysize;
++
++	value_offset = DBWRAP_RBT_ALIGN(node->keysize);
++	value->dptr = key->dptr + value_offset;
+ 	value->dsize = node->valuesize;
+ }
+ 
++static ssize_t db_rbt_reclen(size_t keylen, size_t valuelen)
++{
++	size_t len, tmp;
++
++	len = DBWRAP_RBT_ALIGN(sizeof(struct db_rbt_node));
++
++	tmp = DBWRAP_RBT_ALIGN(keylen);
++	if (tmp < keylen) {
++		goto overflow;
++	}
++
++	len += tmp;
++	if (len < tmp) {
++		goto overflow;
++	}
++
++	len += valuelen;
++	if (len < valuelen) {
++		goto overflow;
++	}
++
++	return len;
++overflow:
++	return -1;
++}
++
+ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ {
+ 	struct db_rbt_ctx *db_ctx = talloc_get_type_abort(
+@@ -99,6 +123,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	struct rb_node ** p;
+ 	struct rb_node * parent;
+ 
++	ssize_t reclen;
+ 	TDB_DATA this_key, this_val;
+ 
+ 	if (rec_priv->node != NULL) {
+@@ -123,10 +148,12 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		}
+ 	}
+ 
+-	node = (struct db_rbt_node *)talloc_size(db_ctx,
+-		offsetof(struct db_rbt_node, data) + rec->key.dsize
+-		+ data.dsize);
++	reclen = db_rbt_reclen(rec->key.dsize, data.dsize);
++	if (reclen == -1) {
++		return NT_STATUS_INSUFFICIENT_RESOURCES;
++	}
+ 
++	node = talloc_size(db_ctx, reclen);
+ 	if (node == NULL) {
+ 		return NT_STATUS_NO_MEMORY;
+ 	}
+-- 
+1.9.1
+
+
+From b4d52184a113851954b1b901f478db200e9fd7a8 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 10:17:34 +0100
+Subject: [PATCH 2/5] dbwrap_rbt: use talloc_zero_size() instead of a partial
+ ZERO_STRUCT()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit f3d1fc1d06822a951a2a3eeb5aa53748b9b5b299)
+---
+ lib/dbwrap/dbwrap_rbt.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index 03f2f57..2d65647 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -153,7 +153,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		return NT_STATUS_INSUFFICIENT_RESOURCES;
+ 	}
+ 
+-	node = talloc_size(db_ctx, reclen);
++	node = talloc_zero_size(db_ctx, reclen);
+ 	if (node == NULL) {
+ 		return NT_STATUS_NO_MEMORY;
+ 	}
+@@ -172,8 +172,6 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		 */
+ 	}
+ 
+-	ZERO_STRUCT(node->rb_node);
+-
+ 	node->keysize = rec->key.dsize;
+ 	node->valuesize = data.dsize;
+ 
+-- 
+1.9.1
+
+
+From 10abdaf5c7f99eca742c84a7d55b7bb9c324aeab Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 09:22:08 +0100
+Subject: [PATCH 3/5] dbwrap_rbt: add nested traverse protection
+
+Multiple dbwrap_traverse_read() calls are possible.
+
+store() and delete() on a fetch locked record
+are rejected during dbwrap_traverse_read().
+
+A dbwrap_traverse() within a dbwrap_traverse_read()
+behaves like a dbwrap_traverse_read().
+
+Nested dbwrap_traverse() calls are not possible.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 590507951fc514a679f44b8bfdd03c721189c3fa)
+---
+ lib/dbwrap/dbwrap_rbt.c | 71 ++++++++++++++++++++++++++++---------------------
+ 1 file changed, 40 insertions(+), 31 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index 2d65647..d4cb40d 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -27,6 +27,8 @@
+ 
+ struct db_rbt_ctx {
+ 	struct rb_root tree;
++	size_t traverse_read;
++	bool traverse_write;
+ };
+ 
+ struct db_rbt_rec {
+@@ -126,6 +128,10 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	ssize_t reclen;
+ 	TDB_DATA this_key, this_val;
+ 
++	if (db_ctx->traverse_read > 0) {
++		return NT_STATUS_MEDIA_WRITE_PROTECTED;
++	}
++
+ 	if (rec_priv->node != NULL) {
+ 
+ 		/*
+@@ -222,6 +228,10 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 		rec->db->private_data, struct db_rbt_ctx);
+ 	struct db_rbt_rec *rec_priv = (struct db_rbt_rec *)rec->private_data;
+ 
++	if (db_ctx->traverse_read > 0) {
++		return NT_STATUS_MEDIA_WRITE_PROTECTED;
++	}
++
+ 	if (rec_priv->node == NULL) {
+ 		return NT_STATUS_OK;
+ 	}
+@@ -232,16 +242,6 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 	return NT_STATUS_OK;
+ }
+ 
+-static NTSTATUS db_rbt_store_deny(struct db_record *rec, TDB_DATA data, int flag)
+-{
+-	return NT_STATUS_MEDIA_WRITE_PROTECTED;
+-}
+-
+-static NTSTATUS db_rbt_delete_deny(struct db_record *rec)
+-{
+-	return NT_STATUS_MEDIA_WRITE_PROTECTED;
+-}
+-
+ struct db_rbt_search_result {
+ 	TDB_DATA key;
+ 	TDB_DATA val;
+@@ -414,13 +414,8 @@ static int db_rbt_traverse_internal(struct db_context *db,
+ 	ZERO_STRUCT(rec);
+ 	rec.db = db;
+ 	rec.private_data = &rec_priv;
+-	if (rw) {
+-		rec.store = db_rbt_store;
+-		rec.delete_rec = db_rbt_delete;
+-	} else {
+-		rec.store = db_rbt_store_deny;
+-		rec.delete_rec = db_rbt_delete_deny;
+-	}
++	rec.store = db_rbt_store;
++	rec.delete_rec = db_rbt_delete;
+ 	db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+ 
+ 	ret = f(&rec, private_data);
+@@ -440,18 +435,21 @@ static int db_rbt_traverse_internal(struct db_context *db,
+ 	return db_rbt_traverse_internal(db, rb_right, f, private_data, count, rw);
+ }
+ 
+-static int db_rbt_traverse(struct db_context *db,
+-			   int (*f)(struct db_record *db,
+-				    void *private_data),
+-			   void *private_data)
++static int db_rbt_traverse_read(struct db_context *db,
++				int (*f)(struct db_record *db,
++					 void *private_data),
++				void *private_data)
+ {
+ 	struct db_rbt_ctx *ctx = talloc_get_type_abort(
+ 		db->private_data, struct db_rbt_ctx);
+ 	uint32_t count = 0;
++	int ret;
+ 
+-	int ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
+-					   f, private_data, &count,
+-					   true /* rw */);
++	ctx->traverse_read++;
++	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++				       f, private_data, &count,
++				       false /* rw */);
++	ctx->traverse_read--;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+@@ -461,18 +459,29 @@ static int db_rbt_traverse(struct db_context *db,
+ 	return count;
+ }
+ 
+-static int db_rbt_traverse_read(struct db_context *db,
+-				int (*f)(struct db_record *db,
+-					 void *private_data),
+-				void *private_data)
++static int db_rbt_traverse(struct db_context *db,
++			   int (*f)(struct db_record *db,
++				    void *private_data),
++			   void *private_data)
+ {
+ 	struct db_rbt_ctx *ctx = talloc_get_type_abort(
+ 		db->private_data, struct db_rbt_ctx);
+ 	uint32_t count = 0;
++	int ret;
++
++	if (ctx->traverse_write) {
++		return -1;
++	};
++
++	if (ctx->traverse_read > 0) {
++		return db_rbt_traverse_read(db, f, private_data);
++	}
+ 
+-	int ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
+-					   f, private_data, &count,
+-					   false /* rw */);
++	ctx->traverse_write = true;
++	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++				       f, private_data, &count,
++				       true /* rw */);
++	ctx->traverse_write = false;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+-- 
+1.9.1
+
+
+From fd6bcd4cb3752554dd1041f0a41fd7e9edac602d Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 09:22:08 +0100
+Subject: [PATCH 4/5] dbwrap_rbt: fix modifying the db during traverse
+
+We delete and add of records rebalace the tree, but our
+traverse code doesn't handle that and skips records
+randomly.
+
+We maintain records in a linked list for now
+in addition to the rbtree and use that list during
+traverse.
+
+This add a bit overhead, but at least it works reliable.
+If someone finds a way to do reliable traverse with the
+rebalanced tree, we can replace this commit.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 0f46da08e160e6712e5282af14e1ec4012614fc7)
+---
+ lib/dbwrap/dbwrap_rbt.c | 104 ++++++++++++++++++++++++++----------------------
+ 1 file changed, 57 insertions(+), 47 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index d4cb40d..a9cc641 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -22,13 +22,15 @@
+ #include "dbwrap/dbwrap_private.h"
+ #include "dbwrap/dbwrap_rbt.h"
+ #include "../lib/util/rbtree.h"
++#include "../lib/util/dlinklist.h"
+ 
+ #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
+ 
+ struct db_rbt_ctx {
+ 	struct rb_root tree;
++	struct db_rbt_node *nodes;
+ 	size_t traverse_read;
+-	bool traverse_write;
++	struct db_rbt_node **traverse_nextp;
+ };
+ 
+ struct db_rbt_rec {
+@@ -40,6 +42,7 @@ struct db_rbt_rec {
+ struct db_rbt_node {
+ 	struct rb_node rb_node;
+ 	size_t keysize, valuesize;
++	struct db_rbt_node *prev, *next;
+ };
+ 
+ /*
+@@ -123,7 +126,8 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	struct db_rbt_node *node;
+ 
+ 	struct rb_node ** p;
+-	struct rb_node * parent;
++	struct rb_node *parent = NULL;
++	struct db_rbt_node *parent_node = NULL;
+ 
+ 	ssize_t reclen;
+ 	TDB_DATA this_key, this_val;
+@@ -165,12 +169,19 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	}
+ 
+ 	if (rec_priv->node != NULL) {
++		if (db_ctx->traverse_nextp != NULL) {
++			if (*db_ctx->traverse_nextp == rec_priv->node) {
++				*db_ctx->traverse_nextp = node;
++			}
++		}
++
+ 		/*
+ 		 * We need to delete the key from the tree and start fresh,
+ 		 * there's not enough space in the existing record
+ 		 */
+ 
+ 		rb_erase(&rec_priv->node->rb_node, &db_ctx->tree);
++		DLIST_REMOVE(db_ctx->nodes, rec_priv->node);
+ 
+ 		/*
+ 		 * Keep the existing node around for a while: If the record
+@@ -197,10 +208,11 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		TDB_DATA search_key, search_val;
+ 		int res;
+ 
+-		parent = (*p);
+-
+ 		r = db_rbt2node(*p);
+ 
++		parent = (*p);
++		parent_node = r;
++
+ 		db_rbt_parse_node(r, &search_key, &search_val);
+ 
+ 		res = db_rbt_compare(this_key, search_key);
+@@ -217,6 +229,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	}
+ 
+ 	rb_link_node(&node->rb_node, parent, p);
++	DLIST_ADD_AFTER(db_ctx->nodes, node, parent_node);
+ 	rb_insert_color(&node->rb_node, &db_ctx->tree);
+ 
+ 	return NT_STATUS_OK;
+@@ -236,7 +249,14 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 		return NT_STATUS_OK;
+ 	}
+ 
++	if (db_ctx->traverse_nextp != NULL) {
++		if (*db_ctx->traverse_nextp == rec_priv->node) {
++			*db_ctx->traverse_nextp = rec_priv->node->next;
++		}
++	}
++
+ 	rb_erase(&rec_priv->node->rb_node, &db_ctx->tree);
++	DLIST_REMOVE(db_ctx->nodes, rec_priv->node);
+ 	TALLOC_FREE(rec_priv->node);
+ 
+ 	return NT_STATUS_OK;
+@@ -383,56 +403,48 @@ static NTSTATUS db_rbt_parse_record(struct db_context *db, TDB_DATA key,
+ }
+ 
+ static int db_rbt_traverse_internal(struct db_context *db,
+-				    struct rb_node *n,
+ 				    int (*f)(struct db_record *db,
+ 					     void *private_data),
+ 				    void *private_data, uint32_t* count,
+ 				    bool rw)
+ {
+-	struct rb_node *rb_right;
+-	struct rb_node *rb_left;
+-	struct db_record rec;
+-	struct db_rbt_rec rec_priv;
++	struct db_rbt_ctx *ctx = talloc_get_type_abort(
++		db->private_data, struct db_rbt_ctx);
++	struct db_rbt_node *cur = NULL;
++	struct db_rbt_node *next = NULL;
+ 	int ret;
+ 
+-	if (n == NULL) {
+-		return 0;
+-	}
+-
+-	rb_left = n->rb_left;
+-	rb_right = n->rb_right;
++	for (cur = ctx->nodes; cur != NULL; cur = next) {
++		struct db_record rec;
++		struct db_rbt_rec rec_priv;
+ 
+-	ret = db_rbt_traverse_internal(db, rb_left, f, private_data, count, rw);
+-	if (ret != 0) {
+-		return ret;
+-	}
++		rec_priv.node = cur;
++		next = rec_priv.node->next;
+ 
+-	rec_priv.node = db_rbt2node(n);
+-	/* n might be altered by the callback function */
+-	n = NULL;
++		ZERO_STRUCT(rec);
++		rec.db = db;
++		rec.private_data = &rec_priv;
++		rec.store = db_rbt_store;
++		rec.delete_rec = db_rbt_delete;
++		db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+ 
+-	ZERO_STRUCT(rec);
+-	rec.db = db;
+-	rec.private_data = &rec_priv;
+-	rec.store = db_rbt_store;
+-	rec.delete_rec = db_rbt_delete;
+-	db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+-
+-	ret = f(&rec, private_data);
+-	(*count) ++;
+-	if (ret != 0) {
+-		return ret;
+-	}
+-
+-	if (rec_priv.node != NULL) {
+-		/*
+-		 * If the current record is still there
+-		 * we should take the current rb_right.
+-		 */
+-		rb_right = rec_priv.node->rb_node.rb_right;
++		if (rw) {
++			ctx->traverse_nextp = &next;
++		}
++		ret = f(&rec, private_data);
++		(*count) ++;
++		if (rw) {
++			ctx->traverse_nextp = NULL;
++		}
++		if (ret != 0) {
++			return ret;
++		}
++		if (rec_priv.node != NULL) {
++			next = rec_priv.node->next;
++		}
+ 	}
+ 
+-	return db_rbt_traverse_internal(db, rb_right, f, private_data, count, rw);
++	return 0;
+ }
+ 
+ static int db_rbt_traverse_read(struct db_context *db,
+@@ -446,7 +458,7 @@ static int db_rbt_traverse_read(struct db_context *db,
+ 	int ret;
+ 
+ 	ctx->traverse_read++;
+-	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++	ret = db_rbt_traverse_internal(db,
+ 				       f, private_data, &count,
+ 				       false /* rw */);
+ 	ctx->traverse_read--;
+@@ -469,7 +481,7 @@ static int db_rbt_traverse(struct db_context *db,
+ 	uint32_t count = 0;
+ 	int ret;
+ 
+-	if (ctx->traverse_write) {
++	if (ctx->traverse_nextp != NULL) {
+ 		return -1;
+ 	};
+ 
+@@ -477,11 +489,9 @@ static int db_rbt_traverse(struct db_context *db,
+ 		return db_rbt_traverse_read(db, f, private_data);
+ 	}
+ 
+-	ctx->traverse_write = true;
+-	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++	ret = db_rbt_traverse_internal(db,
+ 				       f, private_data, &count,
+ 				       true /* rw */);
+-	ctx->traverse_write = false;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+-- 
+1.9.1
+
+
+From 5b555ac802ce714c26411b48a375d1cc6699b22c Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 00:13:17 +0100
+Subject: [PATCH 5/5] s3:torture: add traverse testing to LOCAL-RBTREE
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
+Autobuild-Date(master): Fri Nov 27 13:16:59 CET 2015 on sn-devel-104
+
+(cherry picked from commit bb9f13ab4165f150e01a88ddcc51605a7c176f5d)
+---
+ source3/torture/torture.c | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/source3/torture/torture.c b/source3/torture/torture.c
+index 594d28f..0b37e5c 100644
+--- a/source3/torture/torture.c
++++ b/source3/torture/torture.c
+@@ -8352,11 +8352,29 @@ static bool rbt_testval(struct db_context *db, const char *key,
+ 	return ret;
+ }
+ 
++static int local_rbtree_traverse_read(struct db_record *rec, void *private_data)
++{
++	int *count2 = (int *)private_data;
++	(*count2)++;
++	return 0;
++}
++
++static int local_rbtree_traverse_delete(struct db_record *rec, void *private_data)
++{
++	int *count2 = (int *)private_data;
++	(*count2)++;
++	dbwrap_record_delete(rec);
++	return 0;
++}
++
+ static bool run_local_rbtree(int dummy)
+ {
+ 	struct db_context *db;
+ 	bool ret = false;
+ 	int i;
++	NTSTATUS status;
++	int count = 0;
++	int count2 = 0;
+ 
+ 	db = db_open_rbt(NULL);
+ 
+@@ -8399,6 +8417,27 @@ static bool run_local_rbtree(int dummy)
+ 	}
+ 
+ 	ret = true;
++	count = 0; count2 = 0;
++	status = dbwrap_traverse_read(db, local_rbtree_traverse_read,
++				      &count2, &count);
++	printf("%s: read1: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 1000)) {
++		ret = false;
++	}
++	count = 0; count2 = 0;
++	status = dbwrap_traverse(db, local_rbtree_traverse_delete,
++				 &count2, &count);
++	printf("%s: delete: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 1000)) {
++		ret = false;
++	}
++	count = 0; count2 = 0;
++	status = dbwrap_traverse_read(db, local_rbtree_traverse_read,
++				      &count2, &count);
++	printf("%s: read2: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 0)) {
++		ret = false;
++	}
+ 
+  done:
+ 	TALLOC_FREE(db);
+-- 
+1.9.1
+
diff --git a/net/samba42/files/pkg-message.in b/net/samba42/files/pkg-message.in
index 6cdc13d1753d..812abb282747 100644
--- a/net/samba42/files/pkg-message.in
+++ b/net/samba42/files/pkg-message.in
@@ -8,8 +8,8 @@ How to start: http://wiki.samba.org/index.php/Samba4/HOWTO
 
 * All the logs are under: %%SAMBA4_LOGDIR%%
 
-* Provisioning script is: %%PREFIX%%/bin/samba-tool
-
+%%AD_DC%%* Provisioning script is: %%PREFIX%%/bin/samba-tool
+%%AD_DC%%
 %%NSUPDATE%%You will need to specify location of the 'nsupdate' command in the
 %%NSUPDATE%%%%SAMBA4_CONFIG%% file:
 %%NSUPDATE%%
diff --git a/net/samba42/pkg-plist b/net/samba42/pkg-plist
index b12fcf839107..993127e7ae0e 100644
--- a/net/samba42/pkg-plist
+++ b/net/samba42/pkg-plist
@@ -1,3 +1,4 @@
+bin/async_connect_send_test
 bin/cifsdd
 bin/dbwrap_tool
 bin/eventlogadm
@@ -306,7 +307,7 @@ lib/samba/libsmb-transport-samba4.so
 lib/samba/libsmbd-base-samba4.so
 lib/samba/libsmbd-conn-samba4.so
 lib/samba/libsmbd-shim-samba4.so
-lib/samba/libsmbldaphelper-samba4.so
+%%LDAP%%lib/samba/libsmbldaphelper-samba4.so
 lib/samba/libsmbpasswdparser-samba4.so
 lib/samba/libsmbregistry-samba4.so
 lib/samba/libsocket-blocking-samba4.so
diff --git a/net/samba43/Makefile b/net/samba43/Makefile
index dc3bff0ecf87..f029e308be84 100644
--- a/net/samba43/Makefile
+++ b/net/samba43/Makefile
@@ -15,9 +15,11 @@ LICENSE=		GPLv3
 
 CONFLICTS?=		*samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba42-4.2.*
 
+EXTRA_PATCHES=		${PATCHDIR}/extra-patch-security:-p1
+
 SAMBA4_BASENAME=	samba
 SAMBA4_PORTNAME=	${SAMBA4_BASENAME}4
-SAMBA4_VERSION=		4.3.1
+SAMBA4_VERSION=		4.3.3
 SAMBA4_DISTNAME=	${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=		${WRKDIR}/${DISTNAME}
@@ -86,7 +88,7 @@ RUN_DEPENDS+=		libarchive>=3.1.2:${PORTSDIR}/archivers/libarchive
 # External Samba dependencies
 # IDL compiler
 BUILD_DEPENDS+=		p5-Parse-Pidl>=4.3.1:${PORTSDIR}/devel/p5-Parse-Pidl
-# 
+#
 BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:${PORTSDIR}/dns/py-dnspython
 RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}dnspython>=1.9.4:${PORTSDIR}/dns/py-dnspython
 PLIST_SUB+=		PY_DNSPYTHON="@comment "
@@ -103,8 +105,8 @@ BUILD_DEPENDS+=		tdb>=1.3.8:${PORTSDIR}/databases/tdb
 RUN_DEPENDS+=		tdb>=1.3.8:${PORTSDIR}/databases/tdb
 SAMBA4_BUNDLED_LIBS+=	!tdb
 # ldb
-BUILD_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
-RUN_DEPENDS+=		ldb>=1.1.23:${PORTSDIR}/databases/ldb
+BUILD_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
+RUN_DEPENDS+=		ldb>=1.1.24:${PORTSDIR}/databases/ldb
 SAMBA4_BUNDLED_LIBS+=	!ldb
 # Don't use external libcom_err
 SAMBA4_BUNDLED_LIBS+=	com_err
@@ -170,6 +172,8 @@ SUB_LIST+=		NSUPDATE="@comment "
 .elif ${PORT_OPTIONS:MNSUPDATE}
 RUN_DEPENDS+=		samba-nsupdate:${PORTSDIR}/dns/samba-nsupdate
 SUB_LIST+=		NSUPDATE=""
+.else
+SUB_LIST+=		NSUPDATE="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MDEBUG}
@@ -235,8 +239,10 @@ CONFIGURE_ARGS+=	--without-acl-support
 .if ! ${PORT_OPTIONS:MAD_DC}
 CONFIGURE_ARGS+=	--without-ad-dc
 PLIST_SUB+=		AD_DC="@comment "
+SUB_LIST+=		AD_DC="@comment "
 .else
 PLIST_SUB+=		AD_DC=""
+SUB_LIST+=		AD_DC=""
 .endif
 
 .if ${PORT_OPTIONS:MADS}
@@ -278,16 +284,16 @@ CONFIGURE_ARGS+=	--disable-cups --disable-iprint
 .if ${PORT_OPTIONS:MDNSUPDATE}
 SAMBA_WANT_ADS=		yes
 CONFIGURE_ARGS+=	--with-dnsupdate
+PLIST_SUB+=		DNSUPDATE=""
 .else
 CONFIGURE_ARGS+=	--without-dnsupdate
+PLIST_SUB+=		DNSUPDATE="@comment "
 .endif
 
 # https://bugzilla.samba.org/show_bug.cgi?id=9545
 .if ${PORT_OPTIONS:MFAM}
 USES+=			fam
 CONFIGURE_ARGS+=	--with-fam
-WANT_EXP_MODULES+=	vfs_notify_fam
-SAMBA4_MODULES+=	vfs_notify_fam
 .else
 CONFIGURE_ARGS+=	--without-fam
 .endif
@@ -368,7 +374,7 @@ CONFIGURE_ARGS+=	--with-shared-modules="${SAMBA4_MODULES:Q:C|(\\\\ )+|,|g:S|\\||
 		gpext_security idmap_ad idmap_ldap idmap_nss idmap_passdb idmap_tdb \
 		nss_info_template pdb_ldap pdb_samba_dsdb pdb_smbpasswd pdb_tdbsam \
 		pdb_test pdb_wbc_sam perfcount_test vfs_aio_posix vfs_aio_pthread \
-		vfs_cacheprime vfs_dfs_samba4 vfs_fake_acls vfs_notify_fam \
+		vfs_cacheprime vfs_dfs_samba4 vfs_fake_acls \
 		vfs_shadow_copy_test vfs_skel_opaque vfs_skel_transparent
 .	if !empty(SAMBA4_MODULES) && ${SAMBA4_MODULES:M${module}}
 PLIST_SUB+=		MODULE_${module:tu}=""
@@ -399,7 +405,6 @@ USE_RC_SUBR=		samba_server
 SUB_FILES=		pkg-message README.FreeBSD
 # Make sure that the right version of Python is used by the tools
 # https://bugzilla.samba.org/show_bug.cgi?id=7305
-python_OLD_CMD=		/usr/bin/env python
 SHEBANG_FILES=		${PATCH_WRKSRC}/source4/scripting/bin/*
 # No fancy color error messages
 .if ${COMPILER_TYPE} == "clang"
@@ -432,7 +437,7 @@ SAMBA_MAN8+=		eventlogadm.8 idmap_ad.8 idmap_autorid.8 idmap_hash.8 \
 			vfs_commit.8 vfs_crossrename.8 vfs_default_quota.8 \
 			vfs_dirsort.8 vfs_extd_audit.8 vfs_fake_perms.8 vfs_fileid.8 \
 			vfs_fruit.8 vfs_full_audit.8 vfs_glusterfs.8 vfs_gpfs.8 vfs_media_harmony.8 \
-			vfs_netatalk.8 vfs_notify_fam.8 vfs_prealloc.8 \
+			vfs_netatalk.8 vfs_prealloc.8 \
 			vfs_preopen.8 vfs_readahead.8 vfs_readonly.8 \
 			vfs_recycle.8 vfs_scannedonly.8 vfs_shadow_copy.8 \
 			vfs_shadow_copy2.8 vfs_snapper.8 vfs_smb_traffic_analyzer.8 \
@@ -489,11 +494,11 @@ pre-build:
 			source4/utils/man/ntlm_auth4.1 \
 			source4/utils/man/oLschema2ldif.1
 			-@${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
-			@${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
+			${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
 .	endfor
 			-@${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
 .	for man in ${SAMBA_MAN1} ${SAMBA_MAN5} ${SAMBA_MAN7} ${SAMBA_MAN8}
-			-@${INSTALL_MAN} ${BUILD_WRKSRC}/docs/manpages/${man} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
+			-${INSTALL_MAN} ${BUILD_WRKSRC}/docs/manpages/${man} ${BUILD_WRKSRC}/bin/default/docs-xml/manpages
 .	endfor
 .endif
 
@@ -502,7 +507,7 @@ post-install:
 .if ${PORT_OPTIONS:MDOCS}
 			@${MKDIR} ${STAGEDIR}${DOCSDIR}
 .	for doc in ${PORTDOCS}
-			@${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
+			${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
 .	endfor
 .endif
 # Run post-install script
diff --git a/net/samba43/distinfo b/net/samba43/distinfo
index 513b1be4239d..1f4aa1d2dbf9 100644
--- a/net/samba43/distinfo
+++ b/net/samba43/distinfo
@@ -1,2 +1,2 @@
-SHA256 (samba-4.3.1.tar.gz) = 9908a80d95b9e2583906ed4347a8c80b769539a2788158992fb48ea9fb4d2c82
-SIZE (samba-4.3.1.tar.gz) = 20424516
+SHA256 (samba-4.3.3.tar.gz) = e62d21313acbb29e24b0b80aaf2b63fdd1ccce4cfb741f333deca95a1a3a70df
+SIZE (samba-4.3.3.tar.gz) = 20427281
diff --git a/net/samba43/files/extra-patch-security b/net/samba43/files/extra-patch-security
new file mode 100644
index 000000000000..05e298dd1c95
--- /dev/null
+++ b/net/samba43/files/extra-patch-security
@@ -0,0 +1,534 @@
+From a4e75bba5d2b799c11aac9eb1c345b8e58563089 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 10:17:34 +0100
+Subject: [PATCH 1/4] dbwrap_rbt: use talloc_zero_size() instead of a partial
+ ZERO_STRUCT()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit f3d1fc1d06822a951a2a3eeb5aa53748b9b5b299)
+---
+ lib/dbwrap/dbwrap_rbt.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index 03f2f57..2d65647 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -153,7 +153,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		return NT_STATUS_INSUFFICIENT_RESOURCES;
+ 	}
+ 
+-	node = talloc_size(db_ctx, reclen);
++	node = talloc_zero_size(db_ctx, reclen);
+ 	if (node == NULL) {
+ 		return NT_STATUS_NO_MEMORY;
+ 	}
+@@ -172,8 +172,6 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		 */
+ 	}
+ 
+-	ZERO_STRUCT(node->rb_node);
+-
+ 	node->keysize = rec->key.dsize;
+ 	node->valuesize = data.dsize;
+ 
+-- 
+1.9.1
+
+
+From 3f448c47a8567b0e4794e787399202f050002819 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 09:22:08 +0100
+Subject: [PATCH 2/4] dbwrap_rbt: add nested traverse protection
+
+Multiple dbwrap_traverse_read() calls are possible.
+
+store() and delete() on a fetch locked record
+are rejected during dbwrap_traverse_read().
+
+A dbwrap_traverse() within a dbwrap_traverse_read()
+behaves like a dbwrap_traverse_read().
+
+Nested dbwrap_traverse() calls are not possible.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 590507951fc514a679f44b8bfdd03c721189c3fa)
+---
+ lib/dbwrap/dbwrap_rbt.c | 71 ++++++++++++++++++++++++++++---------------------
+ 1 file changed, 40 insertions(+), 31 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index 2d65647..d4cb40d 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -27,6 +27,8 @@
+ 
+ struct db_rbt_ctx {
+ 	struct rb_root tree;
++	size_t traverse_read;
++	bool traverse_write;
+ };
+ 
+ struct db_rbt_rec {
+@@ -126,6 +128,10 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	ssize_t reclen;
+ 	TDB_DATA this_key, this_val;
+ 
++	if (db_ctx->traverse_read > 0) {
++		return NT_STATUS_MEDIA_WRITE_PROTECTED;
++	}
++
+ 	if (rec_priv->node != NULL) {
+ 
+ 		/*
+@@ -222,6 +228,10 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 		rec->db->private_data, struct db_rbt_ctx);
+ 	struct db_rbt_rec *rec_priv = (struct db_rbt_rec *)rec->private_data;
+ 
++	if (db_ctx->traverse_read > 0) {
++		return NT_STATUS_MEDIA_WRITE_PROTECTED;
++	}
++
+ 	if (rec_priv->node == NULL) {
+ 		return NT_STATUS_OK;
+ 	}
+@@ -232,16 +242,6 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 	return NT_STATUS_OK;
+ }
+ 
+-static NTSTATUS db_rbt_store_deny(struct db_record *rec, TDB_DATA data, int flag)
+-{
+-	return NT_STATUS_MEDIA_WRITE_PROTECTED;
+-}
+-
+-static NTSTATUS db_rbt_delete_deny(struct db_record *rec)
+-{
+-	return NT_STATUS_MEDIA_WRITE_PROTECTED;
+-}
+-
+ struct db_rbt_search_result {
+ 	TDB_DATA key;
+ 	TDB_DATA val;
+@@ -414,13 +414,8 @@ static int db_rbt_traverse_internal(struct db_context *db,
+ 	ZERO_STRUCT(rec);
+ 	rec.db = db;
+ 	rec.private_data = &rec_priv;
+-	if (rw) {
+-		rec.store = db_rbt_store;
+-		rec.delete_rec = db_rbt_delete;
+-	} else {
+-		rec.store = db_rbt_store_deny;
+-		rec.delete_rec = db_rbt_delete_deny;
+-	}
++	rec.store = db_rbt_store;
++	rec.delete_rec = db_rbt_delete;
+ 	db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+ 
+ 	ret = f(&rec, private_data);
+@@ -440,18 +435,21 @@ static int db_rbt_traverse_internal(struct db_context *db,
+ 	return db_rbt_traverse_internal(db, rb_right, f, private_data, count, rw);
+ }
+ 
+-static int db_rbt_traverse(struct db_context *db,
+-			   int (*f)(struct db_record *db,
+-				    void *private_data),
+-			   void *private_data)
++static int db_rbt_traverse_read(struct db_context *db,
++				int (*f)(struct db_record *db,
++					 void *private_data),
++				void *private_data)
+ {
+ 	struct db_rbt_ctx *ctx = talloc_get_type_abort(
+ 		db->private_data, struct db_rbt_ctx);
+ 	uint32_t count = 0;
++	int ret;
+ 
+-	int ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
+-					   f, private_data, &count,
+-					   true /* rw */);
++	ctx->traverse_read++;
++	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++				       f, private_data, &count,
++				       false /* rw */);
++	ctx->traverse_read--;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+@@ -461,18 +459,29 @@ static int db_rbt_traverse(struct db_context *db,
+ 	return count;
+ }
+ 
+-static int db_rbt_traverse_read(struct db_context *db,
+-				int (*f)(struct db_record *db,
+-					 void *private_data),
+-				void *private_data)
++static int db_rbt_traverse(struct db_context *db,
++			   int (*f)(struct db_record *db,
++				    void *private_data),
++			   void *private_data)
+ {
+ 	struct db_rbt_ctx *ctx = talloc_get_type_abort(
+ 		db->private_data, struct db_rbt_ctx);
+ 	uint32_t count = 0;
++	int ret;
++
++	if (ctx->traverse_write) {
++		return -1;
++	};
++
++	if (ctx->traverse_read > 0) {
++		return db_rbt_traverse_read(db, f, private_data);
++	}
+ 
+-	int ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
+-					   f, private_data, &count,
+-					   false /* rw */);
++	ctx->traverse_write = true;
++	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++				       f, private_data, &count,
++				       true /* rw */);
++	ctx->traverse_write = false;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+-- 
+1.9.1
+
+
+From a2e7deb101d4aee633015fdd22df6255ee03c00e Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 09:22:08 +0100
+Subject: [PATCH 3/4] dbwrap_rbt: fix modifying the db during traverse
+
+We delete and add of records rebalace the tree, but our
+traverse code doesn't handle that and skips records
+randomly.
+
+We maintain records in a linked list for now
+in addition to the rbtree and use that list during
+traverse.
+
+This add a bit overhead, but at least it works reliable.
+If someone finds a way to do reliable traverse with the
+rebalanced tree, we can replace this commit.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 0f46da08e160e6712e5282af14e1ec4012614fc7)
+---
+ lib/dbwrap/dbwrap_rbt.c | 104 ++++++++++++++++++++++++++----------------------
+ 1 file changed, 57 insertions(+), 47 deletions(-)
+
+diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
+index d4cb40d..a9cc641 100644
+--- a/lib/dbwrap/dbwrap_rbt.c
++++ b/lib/dbwrap/dbwrap_rbt.c
+@@ -22,13 +22,15 @@
+ #include "dbwrap/dbwrap_private.h"
+ #include "dbwrap/dbwrap_rbt.h"
+ #include "../lib/util/rbtree.h"
++#include "../lib/util/dlinklist.h"
+ 
+ #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
+ 
+ struct db_rbt_ctx {
+ 	struct rb_root tree;
++	struct db_rbt_node *nodes;
+ 	size_t traverse_read;
+-	bool traverse_write;
++	struct db_rbt_node **traverse_nextp;
+ };
+ 
+ struct db_rbt_rec {
+@@ -40,6 +42,7 @@ struct db_rbt_rec {
+ struct db_rbt_node {
+ 	struct rb_node rb_node;
+ 	size_t keysize, valuesize;
++	struct db_rbt_node *prev, *next;
+ };
+ 
+ /*
+@@ -123,7 +126,8 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	struct db_rbt_node *node;
+ 
+ 	struct rb_node ** p;
+-	struct rb_node * parent;
++	struct rb_node *parent = NULL;
++	struct db_rbt_node *parent_node = NULL;
+ 
+ 	ssize_t reclen;
+ 	TDB_DATA this_key, this_val;
+@@ -165,12 +169,19 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	}
+ 
+ 	if (rec_priv->node != NULL) {
++		if (db_ctx->traverse_nextp != NULL) {
++			if (*db_ctx->traverse_nextp == rec_priv->node) {
++				*db_ctx->traverse_nextp = node;
++			}
++		}
++
+ 		/*
+ 		 * We need to delete the key from the tree and start fresh,
+ 		 * there's not enough space in the existing record
+ 		 */
+ 
+ 		rb_erase(&rec_priv->node->rb_node, &db_ctx->tree);
++		DLIST_REMOVE(db_ctx->nodes, rec_priv->node);
+ 
+ 		/*
+ 		 * Keep the existing node around for a while: If the record
+@@ -197,10 +208,11 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 		TDB_DATA search_key, search_val;
+ 		int res;
+ 
+-		parent = (*p);
+-
+ 		r = db_rbt2node(*p);
+ 
++		parent = (*p);
++		parent_node = r;
++
+ 		db_rbt_parse_node(r, &search_key, &search_val);
+ 
+ 		res = db_rbt_compare(this_key, search_key);
+@@ -217,6 +229,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag)
+ 	}
+ 
+ 	rb_link_node(&node->rb_node, parent, p);
++	DLIST_ADD_AFTER(db_ctx->nodes, node, parent_node);
+ 	rb_insert_color(&node->rb_node, &db_ctx->tree);
+ 
+ 	return NT_STATUS_OK;
+@@ -236,7 +249,14 @@ static NTSTATUS db_rbt_delete(struct db_record *rec)
+ 		return NT_STATUS_OK;
+ 	}
+ 
++	if (db_ctx->traverse_nextp != NULL) {
++		if (*db_ctx->traverse_nextp == rec_priv->node) {
++			*db_ctx->traverse_nextp = rec_priv->node->next;
++		}
++	}
++
+ 	rb_erase(&rec_priv->node->rb_node, &db_ctx->tree);
++	DLIST_REMOVE(db_ctx->nodes, rec_priv->node);
+ 	TALLOC_FREE(rec_priv->node);
+ 
+ 	return NT_STATUS_OK;
+@@ -383,56 +403,48 @@ static NTSTATUS db_rbt_parse_record(struct db_context *db, TDB_DATA key,
+ }
+ 
+ static int db_rbt_traverse_internal(struct db_context *db,
+-				    struct rb_node *n,
+ 				    int (*f)(struct db_record *db,
+ 					     void *private_data),
+ 				    void *private_data, uint32_t* count,
+ 				    bool rw)
+ {
+-	struct rb_node *rb_right;
+-	struct rb_node *rb_left;
+-	struct db_record rec;
+-	struct db_rbt_rec rec_priv;
++	struct db_rbt_ctx *ctx = talloc_get_type_abort(
++		db->private_data, struct db_rbt_ctx);
++	struct db_rbt_node *cur = NULL;
++	struct db_rbt_node *next = NULL;
+ 	int ret;
+ 
+-	if (n == NULL) {
+-		return 0;
+-	}
+-
+-	rb_left = n->rb_left;
+-	rb_right = n->rb_right;
++	for (cur = ctx->nodes; cur != NULL; cur = next) {
++		struct db_record rec;
++		struct db_rbt_rec rec_priv;
+ 
+-	ret = db_rbt_traverse_internal(db, rb_left, f, private_data, count, rw);
+-	if (ret != 0) {
+-		return ret;
+-	}
++		rec_priv.node = cur;
++		next = rec_priv.node->next;
+ 
+-	rec_priv.node = db_rbt2node(n);
+-	/* n might be altered by the callback function */
+-	n = NULL;
++		ZERO_STRUCT(rec);
++		rec.db = db;
++		rec.private_data = &rec_priv;
++		rec.store = db_rbt_store;
++		rec.delete_rec = db_rbt_delete;
++		db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+ 
+-	ZERO_STRUCT(rec);
+-	rec.db = db;
+-	rec.private_data = &rec_priv;
+-	rec.store = db_rbt_store;
+-	rec.delete_rec = db_rbt_delete;
+-	db_rbt_parse_node(rec_priv.node, &rec.key, &rec.value);
+-
+-	ret = f(&rec, private_data);
+-	(*count) ++;
+-	if (ret != 0) {
+-		return ret;
+-	}
+-
+-	if (rec_priv.node != NULL) {
+-		/*
+-		 * If the current record is still there
+-		 * we should take the current rb_right.
+-		 */
+-		rb_right = rec_priv.node->rb_node.rb_right;
++		if (rw) {
++			ctx->traverse_nextp = &next;
++		}
++		ret = f(&rec, private_data);
++		(*count) ++;
++		if (rw) {
++			ctx->traverse_nextp = NULL;
++		}
++		if (ret != 0) {
++			return ret;
++		}
++		if (rec_priv.node != NULL) {
++			next = rec_priv.node->next;
++		}
+ 	}
+ 
+-	return db_rbt_traverse_internal(db, rb_right, f, private_data, count, rw);
++	return 0;
+ }
+ 
+ static int db_rbt_traverse_read(struct db_context *db,
+@@ -446,7 +458,7 @@ static int db_rbt_traverse_read(struct db_context *db,
+ 	int ret;
+ 
+ 	ctx->traverse_read++;
+-	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++	ret = db_rbt_traverse_internal(db,
+ 				       f, private_data, &count,
+ 				       false /* rw */);
+ 	ctx->traverse_read--;
+@@ -469,7 +481,7 @@ static int db_rbt_traverse(struct db_context *db,
+ 	uint32_t count = 0;
+ 	int ret;
+ 
+-	if (ctx->traverse_write) {
++	if (ctx->traverse_nextp != NULL) {
+ 		return -1;
+ 	};
+ 
+@@ -477,11 +489,9 @@ static int db_rbt_traverse(struct db_context *db,
+ 		return db_rbt_traverse_read(db, f, private_data);
+ 	}
+ 
+-	ctx->traverse_write = true;
+-	ret = db_rbt_traverse_internal(db, ctx->tree.rb_node,
++	ret = db_rbt_traverse_internal(db,
+ 				       f, private_data, &count,
+ 				       true /* rw */);
+-	ctx->traverse_write = false;
+ 	if (ret != 0) {
+ 		return -1;
+ 	}
+-- 
+1.9.1
+
+
+From 88752f5f769bae1edf6f395303b9daf9d13131f1 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Nov 2015 00:13:17 +0100
+Subject: [PATCH 4/4] s3:torture: add traverse testing to LOCAL-RBTREE
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
+Autobuild-Date(master): Fri Nov 27 13:16:59 CET 2015 on sn-devel-104
+
+(cherry picked from commit bb9f13ab4165f150e01a88ddcc51605a7c176f5d)
+---
+ source3/torture/torture.c | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/source3/torture/torture.c b/source3/torture/torture.c
+index 7bb776f..505920f 100644
+--- a/source3/torture/torture.c
++++ b/source3/torture/torture.c
+@@ -8348,11 +8348,29 @@ static bool rbt_testval(struct db_context *db, const char *key,
+ 	return ret;
+ }
+ 
++static int local_rbtree_traverse_read(struct db_record *rec, void *private_data)
++{
++	int *count2 = (int *)private_data;
++	(*count2)++;
++	return 0;
++}
++
++static int local_rbtree_traverse_delete(struct db_record *rec, void *private_data)
++{
++	int *count2 = (int *)private_data;
++	(*count2)++;
++	dbwrap_record_delete(rec);
++	return 0;
++}
++
+ static bool run_local_rbtree(int dummy)
+ {
+ 	struct db_context *db;
+ 	bool ret = false;
+ 	int i;
++	NTSTATUS status;
++	int count = 0;
++	int count2 = 0;
+ 
+ 	db = db_open_rbt(NULL);
+ 
+@@ -8395,6 +8413,27 @@ static bool run_local_rbtree(int dummy)
+ 	}
+ 
+ 	ret = true;
++	count = 0; count2 = 0;
++	status = dbwrap_traverse_read(db, local_rbtree_traverse_read,
++				      &count2, &count);
++	printf("%s: read1: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 1000)) {
++		ret = false;
++	}
++	count = 0; count2 = 0;
++	status = dbwrap_traverse(db, local_rbtree_traverse_delete,
++				 &count2, &count);
++	printf("%s: delete: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 1000)) {
++		ret = false;
++	}
++	count = 0; count2 = 0;
++	status = dbwrap_traverse_read(db, local_rbtree_traverse_read,
++				      &count2, &count);
++	printf("%s: read2: %d %d, %s\n", __func__, count, count2, nt_errstr(status));
++	if ((count != count2) || (count != 0)) {
++		ret = false;
++	}
+ 
+  done:
+ 	TALLOC_FREE(db);
+-- 
+1.9.1
+
diff --git a/net/samba43/files/patch-source3__client__dnsbrowse.c b/net/samba43/files/patch-source3__client__dnsbrowse.c
index 83f2dd7789f6..d0610d875d65 100644
--- a/net/samba43/files/patch-source3__client__dnsbrowse.c
+++ b/net/samba43/files/patch-source3__client__dnsbrowse.c
@@ -1,5 +1,5 @@
---- source3/client/dnsbrowse.c.orig	2013-11-12 10:20:03.145351798 +0100
-+++ source3/client/dnsbrowse.c	2013-11-12 10:20:11.762761273 +0100
+--- source3/client/dnsbrowse.c.orig	2015-07-21 09:47:49.000000000 +0000
++++ source3/client/dnsbrowse.c	2015-12-07 02:08:01.627022117 +0000
 @@ -91,7 +91,7 @@
  		}
  	}
@@ -9,3 +9,12 @@
  	DNSServiceRefDeallocate(mdns_conn_sdref);
  }
  
+@@ -168,7 +168,7 @@
+ 	for (;;)  {
+ 		int revents;
+ 
+-		ret = poll_one_fd(mdnsfd, POLLIN|POLLHUP, &revents, 1000);
++		ret = poll_one_fd(mdnsfd, POLLIN|POLLHUP, 1000, &revents);
+ 		if (ret <= 0 && errno != EINTR) {
+ 			break;
+ 		}
diff --git a/net/samba43/files/pkg-message.in b/net/samba43/files/pkg-message.in
index 6cdc13d1753d..812abb282747 100644
--- a/net/samba43/files/pkg-message.in
+++ b/net/samba43/files/pkg-message.in
@@ -8,8 +8,8 @@ How to start: http://wiki.samba.org/index.php/Samba4/HOWTO
 
 * All the logs are under: %%SAMBA4_LOGDIR%%
 
-* Provisioning script is: %%PREFIX%%/bin/samba-tool
-
+%%AD_DC%%* Provisioning script is: %%PREFIX%%/bin/samba-tool
+%%AD_DC%%
 %%NSUPDATE%%You will need to specify location of the 'nsupdate' command in the
 %%NSUPDATE%%%%SAMBA4_CONFIG%% file:
 %%NSUPDATE%%
diff --git a/net/samba43/pkg-plist b/net/samba43/pkg-plist
index c7f45525633a..b5aba77725d7 100644
--- a/net/samba43/pkg-plist
+++ b/net/samba43/pkg-plist
@@ -1,3 +1,4 @@
+bin/async_connect_send_test
 bin/cifsdd
 bin/dbwrap_tool
 bin/eventlogadm
@@ -252,8 +253,8 @@ lib/samba/libdb-glue-samba4.so
 lib/samba/libdbwrap-samba4.so
 lib/samba/libdcerpc-samba-samba4.so
 lib/samba/libdcerpc-samba4.so
-lib/samba/libdfs-server-ad-samba4.so
-lib/samba/libdnsserver-common-samba4.so
+%%AD_DC%%lib/samba/libdfs-server-ad-samba4.so
+%%AD_DC%%lib/samba/libdnsserver-common-samba4.so
 lib/samba/libdsdb-module-samba4.so
 lib/samba/liberrors-samba4.so
 lib/samba/libevents-samba4.so
@@ -311,7 +312,7 @@ lib/samba/libsmb-transport-samba4.so
 lib/samba/libsmbd-base-samba4.so
 lib/samba/libsmbd-conn-samba4.so
 lib/samba/libsmbd-shim-samba4.so
-lib/samba/libsmbldaphelper-samba4.so
+%%LDAP%%lib/samba/libsmbldaphelper-samba4.so
 lib/samba/libsmbpasswdparser-samba4.so
 lib/samba/libsmbregistry-samba4.so
 lib/samba/libsocket-blocking-samba4.so
@@ -428,10 +429,10 @@ lib/shared-modules/idmap/hash.so
 lib/shared-modules/idmap/rid.so
 lib/shared-modules/idmap/script.so
 lib/shared-modules/idmap/tdb2.so
-lib/shared-modules/ldb/dns_notify.so
+%%AD_DC%%lib/shared-modules/ldb/dns_notify.so
 lib/shared-modules/ldb/ildap.so
 lib/shared-modules/ldb/ldbsamba_extensions.so
-lib/shared-modules/ldb/tombstone_reanimate.so
+%%AD_DC%%lib/shared-modules/ldb/tombstone_reanimate.so
 lib/shared-modules/nss_info/hash.so
 lib/shared-modules/vfs/acl_tdb.so
 lib/shared-modules/vfs/acl_xattr.so
@@ -781,7 +782,7 @@ lib/shared-modules/vfs/zfsacl.so
 %%AD_DC%%@dir %%DATADIR%%/setup/display-specifiers
 %%AD_DC%%@dir %%DATADIR%%/setup/ad-schema
 %%AD_DC%%@dir %%DATADIR%%/setup
-@dir %%DATADIR%%
+%%AD_DC%%@dir %%DATADIR%%
 man/man1/dbwrap_tool.1.gz
 man/man1/findsmb.1.gz
 man/man1/gentest.1.gz
author	timur <timur@FreeBSD.org>	2015-12-20 06:51:10 +0800
committer	timur <timur@FreeBSD.org>	2015-12-20 06:51:10 +0800
commit	88b79ab934f256dcc94fb8b44b76113b0421602a (patch)
tree	7c564ad1988756d157541a009c23c5fb5be549eb /net
parent	d1ce58772203132f05e509fe166a45f19d6ea388 (diff)
download	freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.tar.gz freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.tar.zst freebsd-ports-gnome-88b79ab934f256dcc94fb8b44b76113b0421602a.zip