net/samba413: Remove expired port

2024-03-31 net/samba413: Reached its EoL on March 21, 2022

net/samba413: Sanitize MANPREFIX

Approved by:    portmgr (blanket)

*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree

- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
  ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
  Also move conditional flags for non sparc64/arm ARCH to fixed flags.

Reviewed by:	brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068

net/samba413: Extend EXPIRATION_DATE

Approved by:	portmgr

net/samba41[36]: Make 'USES=shebangfix' work as is expected

While testing patch submitted to bug #270383, I noticed
'USES=shebangfix' doesn't work as is expected with current samba
ports. According to the investigation by Tatsuki Makino, it is because
SHEBANG_FILES is defined after bsd.port.options.mk and bsd.port.pre.mk
are included. So fix the issue by moving the definition before the
inclusion of them

Reference:	https://lists.freebsd.org/archives/freebsd-ports/2023-November/004849.html
Reference:	https://lists.freebsd.org/archives/freebsd-ports/2023-November/004852.html
Reference:	https://lists.freebsd.org/archives/freebsd-ports/2023-November/004853.html
PR:		274885
Approved by:	maintainer timeout

net/samba413: Mark DEPRECATED and set EXPIRATION_DATE

Samba 4.13 has already reached its EoL on March 21, 2022. The main
reason this port isn't removed yet is that Samba 4.16 (net/samba416)
doesn't work with FreeBSD 12. So mark DEPRECATED and set
EXPIRATION_DATE to December 31, 2023, the EoL day of FreeBSD 12.

PR:		267142
Approved by:	maintainer timeout

devel/icu: update to 74.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-74-1
Reported by:	GitHub (watch releases)
PR:		274317
Exp-run by:	antoine (incomplete)
Approved by:	fluffy

net/samba413: fix build with lld 17

Building net/samba413 with lld 17 results in the following link errors:

  runner ['cc', '-Wl,--as-needed',
'-Wl,--version-script=/wrkdirs/share/dim/ports/net/samba413/work/samba-4.13.17/bin/default/lib/replace/replace.vscript',
'-shared', 'lib/replace/replace.c.2.o', 'lib/replace/strptime.c.2.o',
'lib/replace/cwrap.c.2.o', 'lib/replace/xattr.c.2.o',
'-o/wrkdirs/share/dim/ports/net/samba413/work/samba-4.13.17/bin/default/lib/replace/libreplace-samba4.so',
'-Wl,-Bstatic', '-Wl,-Bdynamic', '-L/usr/local/lib', '-L/usr/local/lib',
'-fstack-protector-strong', '-L/usr/local/lib', '-Wl,-z,relro,-z,now',
'-Wl,-no-undefined', '-Wl,--export-dynamic']
  ld: error: version script assignment of 'local' to symbol '_end' failed:
symbol not defined
  ld: error: version script assignment of 'local' to symbol '__bss_start'
failed: symbol not defined
  ld: error: version script assignment of 'local' to symbol '_edata' failed:
symbol not defined
  cc: error: linker command failed with exit code 1 (use -v to see invocation)

Since the linker version scripts are generated dynamically, suppress
errors with lld >= 17 due to these undefined symbols.

PR:		274313
Approved by:	maintainer timeout (2 weeks)
MFH:		2023Q4

net/samba413: back port security fixes from 4.16.11

The security defects addressed in these fixes are described at
https://www.samba.org/samba/history/samba-4.16.11.html

PR:		273595
Approved by:	maintainer timeout

net/samba413: Work around 12.4 bug with orphaned temp files

Because src commit 96e101bec9 never made it into 12.4, temporary files
are littering the staging directory and causing plist errors.  Since
12.4 will be EOL soon, just work around the issue.

PR:		255626
Approved by:	portmgr (rene)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D42030

all: remove explicit versions in USES=python for "3.x+"

The logic in USES=python will automatically convert this to 3.8+ by
itself.

Adjust two ports that only had Python 3.7 mentioned but build fine
on Python 3.8 too.

finance/quickfix: mark BROKEN with PYTHON

libtool: compile:  c++ -DHAVE_CONFIG_H -I. -I../.. -I -I. -I.. -I../.. -I../C++
-DLIBICONV_PLUG -DPYTHON_MAJOR_VERSION=3 -Wno-unused-variable
-Wno-maybe-uninitialized -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong
-fno-strict-aliasing -DLIBICONV_PLUG -Wall -ansi
-Wno-unused-command-line-argument -Wpointer-arith -Wwrite-strings
-Wno-overloaded-virtual -Wno-deprecated-declarations -Wno-deprecated -std=c++0x
-MT _quickfix_la-QuickfixPython.lo -MD -MP -MF
.deps/_quickfix_la-QuickfixPython.Tpo -c QuickfixPython.cpp  -fPIC -DPIC -o
.libs/_quickfix_la-QuickfixPython.o
warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean
'-Wno-uninitialized'? [-Wunknown-warning-option]
QuickfixPython.cpp:175:11: fatal error: 'Python.h' file not found
          ^~~~~~~~~~
1 warning and 1 error generated.

Reviewed by:	portmgr, vishwin, yuri
Differential Revision:	<https://reviews.freebsd.org/D40568>

devel/icu: update to 73.1

- Temporarily switch to GitHub auto archive (release artifacts are N/A atm)

Changes:	https://github.com/unicode-org/icu/releases/tag/release-73-1
Reported by:	GitHub (watch releases)
PR:		270422
Exp-run by:	antoine

MOVED: Use the nox11 flavor for tshark and friends

This includes net/py-pyshark, net/termshark, and the samba ports for
testing.
Reported by:	mat

net/termshark|samba41[36]: Chase the tshark>wireshark change

Reported by:	cperciva

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

net/samba413: Backport fix for CVE-2022-3437

Also backported dlz_bind module creation for Bind 9.18.

Security:	CVE-2022-3437

devel/icu: update to 72.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-72-1
Reported by:	GitHub (watch releases)
PR:		266582
Exp-run by:	antoine

net/samba413: Fix alignment of the WWW line.

net/samba413: Backport security fix from 4.14.14

* Add upstream patch to fix configure error with Python 3.11.
* Fix plist error when AD_DC option is off and PYTHON3 option is on.
* Replace BIND911 option with BIND918 as dns/bind911 is removed from
  ports tree and dns/bind918 is added instead.

PR:		266641
Approved by:	maintainer timeout
MFH:		2022Q4
Security:	f9140ad4-4920-11ed-a07e-080027f5fec9

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

net: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Aaron Straup Cope <ascope@cpan.org>
  *  Aaron Zauner <az_mail@gmx.at>
  *  Adam Jette <jettea46@yahoo.com>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Alan Eldridge <alane@geeksrus.net>
  *  Alex Bakhtin <Alex.Bakhtin@gmail.com>
  *  Alex Deiter <Alex.Deiter@Gmail.COM>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Dupre <sysadmin@alexdupre.com>

net/samba*: restore indentation after 268cee3b0227

PR:		262654

devel/icu: update to 71.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-71-1
Reported by:	GitHub (watch releases)
PR:		262654
Exp-run by:	antoine
Approved by:	fluffy

net/samba41[23]: set PYTHONHASHSEED during build

The build with CCACHE can be significantly sped up by passing
PYTHONHASHSEED=1 in the environment to make the build reproducible
with regard to the compiler commands issued.

PR:		262092
Reported by:	chris at chrullrich.net (Christian Ullrich)

net/samba413: Update Samba to the 4.13.17 version to address security
vulnerabilities.

Security:	CVE-2021-44141
		CVE-2021-44142
		CVE-2022-0336

net/samba413: Update to the 4.13.16 release to address CVE-2021-43566

In addition an CVE-2021-20316 is issued, but can't be address in this
Samba release.

====================================================
Workaround and mitigating factors for CVE-2021-20316
====================================================

Do not enable SMB1 (please note SMB1 is disabled by default in Samba
from version 4.11.0 and onwards). This prevents the creation of
symbolic links via SMB1. If SMB1 must be enabled for backwards
compatibility then add the parameter:

unix extensions = no

Fix CONFLICTS entries of multiple ports

There have been lots of missing CONFLICTS_INSTALL entries, either
because conflicting ports were added without updating existing ports,
due to name changes of generated packages, due to mis-understanding
the format and semantics of the conflicts entries, or just due to
typoes in package names.

This patch is the result of a comparison of all files contained in
the official packages with each other. This comparison was based on
packages built with default options and may therefore have missed
further conflicts with optionally installed files.

Where possible, version numbers in conflicts entries have been
generalized, some times taking advantage of the fact that a port

net/samba413: Upgrade to the latest version to address security vulnerabilities:

* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192

devel/icu: update to 70.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-70-1
Reported by:	GitHub (watch releases)
PR:		258794
Exp-run by:	antoine

net/openldap24-client: bump all dependent port

In the earlier net/openldap24-server commit, only those which depend on
net/openldap24-sasl-client were bumped. Bumping all dependent port that
didn't get a bump to force a rebuild of these packages.

Suggested by:	kib

PR:		255415
		254033
		252385
Security:	CVE-2021-20254

Updated net/samba412 and net/samba413 to fix CVE-2021-20254.

Also fixed:
* Incorrect include line for the bind backend(255415)
* Broken pkg-plist with NO_PYTHON(254033)
* Broken URL parsing in LDAP client(252385)

devel/icu: update to 69.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-69-1
Reported by:	GitHub (watch releases)

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

Security update for net/samba4* ports to 4.13.6 and 4.12.13 respectively.

Mark net/samba411 s deprecated.

Relnotes:	CVE-2020-27840
		CVE-2021-20277

Bump net/samba413 to 4.13.4 version.
Split pkg-plist into managable chunks.
Made PYTHON3 bindings a selectable option.

PR:		252164

net/samba411 net/samba412 net/samba413: Fix zero-sized VLAs

With recent versions of clang, samba could dump core shortly after
startup, terminating with either SIGILL or SIGSEGV.

Investigation showed that samba is using C99 variable length arrays
(VLAs), and in some cases the length of these arrays would become zero.
Since this is undefined behavior, various interesting things would
happen, often ending in segfaults.

Fix this by avoiding to use zero as the length for these VLA
declarations.

A similar patch was also sent upstream, and was accepted and included in
subsequent samba releases.

See also: https://bugzilla.samba.org/show_bug.cgi?id=14605

Reported by:	Dries Michiels <driesm.michiels@gmail.com>
PR:		252157
MFH:		2021Q1

net/samba41[1-3]: switch to PYTHON_EXT_SUFFIX

devel/icu: update to 68.1

Changes:	http://site.icu-project.org/download/68
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
Reported by:	GitHub (watch releases)

Security update for samba411, samba412 and samba413:

CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify)
CVE-2020-14323 (Unprivileged user can crash winbind)
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records)

Security:	CVE-2020-14318
		CVE-2020-14323
		CVE-2020-14383

Introduce Samba 4.13 port as net/samba413