diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2013-12-09 08:44:49 +0000 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2013-12-09 08:44:49 +0000 |
commit | 490698c0bb53ad5d0201384a4ea3ba79cce972f1 (patch) | |
tree | df047502cdbfec89d8894caaa2ec2d817019e7cc /net-fs/samba | |
parent | old (diff) | |
download | gentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.tar.gz gentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.tar.bz2 gentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.zip |
Security bump (bug #493726). Removed old
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
Diffstat (limited to 'net-fs/samba')
-rw-r--r-- | net-fs/samba/ChangeLog | 11 | ||||
-rw-r--r-- | net-fs/samba/samba-3.6.22.ebuild | 466 | ||||
-rw-r--r-- | net-fs/samba/samba-4.0.13.ebuild (renamed from net-fs/samba/samba-4.0.11.ebuild) | 15 | ||||
-rw-r--r-- | net-fs/samba/samba-4.1.3.ebuild (renamed from net-fs/samba/samba-4.1.1.ebuild) | 16 |
4 files changed, 489 insertions, 19 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog index 17a5c15faf47..dd703d875098 100644 --- a/net-fs/samba/ChangeLog +++ b/net-fs/samba/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-fs/samba # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.636 2013/12/08 17:05:48 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.637 2013/12/09 08:44:49 polynomial-c Exp $ + +*samba-4.1.3 (09 Dec 2013) +*samba-4.0.13 (09 Dec 2013) +*samba-3.6.22 (09 Dec 2013) + + 09 Dec 2013; Lars Wendler <polynomial-c@gentoo.org> +samba-3.6.22.ebuild, + -samba-4.0.11.ebuild, +samba-4.0.13.ebuild, -samba-4.1.1.ebuild, + +samba-4.1.3.ebuild: + Security bump (bug #493726). Removed old. 08 Dec 2013; Agostino Sarubbo <ago@gentoo.org> samba-3.6.20.ebuild: Stable for alpha, wrt bug #491070 diff --git a/net-fs/samba/samba-3.6.22.ebuild b/net-fs/samba/samba-3.6.22.ebuild new file mode 100644 index 000000000000..aa41c5b636de --- /dev/null +++ b/net-fs/samba/samba-3.6.22.ebuild @@ -0,0 +1,466 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.6.22.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $ + +EAPI=4 + +inherit pam versionator multilib eutils flag-o-matic systemd + +MY_PV=${PV/_/} +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="Library bits of the samba network filesystem" +HOMEPAGE="http://www.samba.org/" +SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="acl addns ads +aio avahi caps +client cluster cups debug dmapi doc examples fam + ldap ldb +netapi pam quota +readline selinux +server +smbclient smbsharemodes + swat syslog +winbind" + +DEPEND="dev-libs/popt + >=sys-libs/talloc-2.0.5 + >=sys-libs/tdb-1.2.9 + >=sys-libs/tevent-0.9.18 + virtual/libiconv + ads? ( virtual/krb5 sys-fs/e2fsprogs + client? ( sys-apps/keyutils ) ) + avahi? ( net-dns/avahi[dbus] ) + caps? ( sys-libs/libcap ) + client? ( !net-fs/mount-cifs + dev-libs/iniparser ) + cluster? ( >=dev-db/ctdb-1.13 ) + cups? ( net-print/cups ) + debug? ( dev-libs/dmalloc ) + dmapi? ( sys-apps/dmapi ) + fam? ( virtual/fam ) + ldap? ( net-nds/openldap ) + ldb? ( sys-libs/ldb ) + pam? ( virtual/pam + winbind? ( dev-libs/iniparser ) + ) + readline? ( >=sys-libs/readline-5.2 ) + selinux? ( sec-policy/selinux-samba ) + syslog? ( virtual/logger )" + +RDEPEND="${DEPEND} + kernel_linux? ( ads? ( net-fs/cifs-utils[ads] ) + client? ( net-fs/cifs-utils ) )" + +# Disable tests since we don't want to build that much here +RESTRICT="test" + +SBINPROGS="" +BINPROGS="" +KRBPLUGIN="" +PLUGINEXT=".so" +SHAREDMODS="" + +S="${WORKDIR}/${MY_P}/source3" + +# TODO: +# - enable iPrint on Prefix/OSX and Darwin? +# - selftest-prefix? selftest? +# - AFS? + +CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" + +REQUIRED_USE=" + ads? ( ldap ) + swat? ( server ) +" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != binary ]]; then + if use winbind && + [[ $(tc-getCC)$ == *gcc* ]] && + [[ $(gcc-major-version)$(gcc-minor-version) -lt 43 ]] + then + eerror "It is a known issue that ${P} will not build with " + eerror "winbind use flag enabled when using gcc < 4.3 ." + eerror "Please use at least the latest stable gcc version." + die "Using sys-devel/gcc < 4.3 with winbind use flag." + fi + fi +} + +pkg_setup() { + if use server ; then + SBINPROGS="${SBINPROGS} bin/smbd bin/nmbd" + BINPROGS="${BINPROGS} bin/testparm bin/smbstatus bin/smbcontrol bin/pdbedit + bin/profiles bin/sharesec bin/eventlogadm bin/smbta-util + $(usex client "" "bin/smbclient")" + + use swat && SBINPROGS="${SBINPROGS} bin/swat" + use winbind && SBINPROGS="${SBINPROGS} bin/winbindd" + use ads && use winbind && KRBPLUGIN="${KRBPLUGIN} bin/winbind_krb5_locator" + fi + + if use client ; then + BINPROGS="${BINPROGS} bin/smbclient bin/net bin/smbget bin/smbtree + bin/nmblookup bin/smbpasswd bin/rpcclient bin/smbcacls bin/smbcquotas + bin/ntlm_auth" + + fi + + use cups && BINPROGS="${BINPROGS} bin/smbspool" +# use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename"; + + if use winbind ; then + BINPROGS="${BINPROGS} bin/wbinfo" + SHAREDMODS="${SHAREDMODS}idmap_rid,idmap_hash" + use ads && SHAREDMODS="${SHAREDMODS},idmap_ad" + use cluster && SHAREDMODS="${SHAREDMODS},idmap_tdb2" + use ldap && SHAREDMODS="${SHAREDMODS},idmap_ldap,idmap_adex" + fi +} + +src_prepare() { + cp "${FILESDIR}/samba-3.4.2-lib.tevent.python.mk" "../lib/tevent/python.mk" + + # ensure that winbind has correct ldflags (QA notice) + sed -i \ + -e 's|LDSHFLAGS="|LDSHFLAGS="\\${LDFLAGS} |g' \ + configure || die "sed failed" + cd "${WORKDIR}/${MY_P}" && epatch "${CONFDIR}"/smb.conf.default.patch +} + +src_configure() { + local myconf + + # Filter out -fPIE + [[ ${CHOST} == *-*bsd* ]] && myconf+=" --disable-pie" + + #Allowing alpha/s390/sh to build + if use alpha || use s390 || use sh ; then + replace-flags -O? -O1 + fi + + # http://wiki.samba.org/index.php/CTDB_Setup + use cluster && myconf+=" --disable-pie" + + # Upstream refuses to make this configurable + use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no + + #bug #399141 wrap newer iniparser version + has_version ">=dev-libs/iniparser-3.0.0" && \ + export CPPFLAGS+=" -Diniparser_getstr\(d,i\)=iniparser_getstring\(d,i,NULL\)" + + # Notes: + # - automount is only needed in conjunction with NIS and we don't have that + # anymore => LDAP? + # - --without-dce-dfs and --without-nisplus-home can't be passed to configure but are disabled by default + econf ${myconf} \ + --with-piddir="${EPREFIX}"/var/run/samba \ + --sysconfdir="${EPREFIX}"/etc/samba \ + --localstatedir="${EPREFIX}"/var \ + $(use_enable debug developer) \ + --enable-largefile \ + --enable-socket-wrapper \ + --enable-nss-wrapper \ + $(use_enable swat) \ + $(use_enable debug dmalloc) \ + $(use_enable cups) \ + --disable-iprint \ + $(use_enable fam) \ + --enable-shared-libs \ + --disable-dnssd \ + $(use_enable avahi) \ + --with-fhs \ + --with-privatedir="${EPREFIX}"/var/lib/samba/private \ + --with-rootsbindir="${EPREFIX}"/var/cache/samba \ + --with-lockdir="${EPREFIX}"/var/cache/samba \ + --with-swatdir="${EPREFIX}"/usr/share/doc/${PF}/swat \ + --with-configdir="${EPREFIX}"/etc/samba \ + --with-logfilebase="${EPREFIX}"/var/log/samba \ + --with-pammodulesdir=$(getpam_mod_dir) \ + $(use_with dmapi) \ + --without-afs \ + --without-fake-kaserver \ + --without-vfs-afsacl \ + $(use_with ldap) \ + $(use_with ads) \ + $(use_with ads krb5 "${EPREFIX}"/usr) \ + $(use_with ads dnsupdate) \ + --without-automount \ + $(use_with pam) \ + $(use_with pam pam_smbpass) \ + $(use_with syslog) \ + $(use_with quota quotas) \ + $(use_with quota sys-quotas) \ + --without-utmp \ + --without-lib{talloc,tdb} \ + $(use_with netapi libnetapi) \ + $(use_with smbclient libsmbclient) \ + $(use_with smbsharemodes libsmbsharemodes) \ + $(use_with addns libaddns) \ + $(use_with cluster ctdb "${EPREFIX}"/usr) \ + $(use_with cluster cluster-support) \ + $(use_with acl acl-support) \ + $(use_with aio aio-support) \ + --with-sendfile-support \ + $(use_with winbind) \ + --with-shared-modules=${SHAREDMODS} \ + --without-included-popt \ + --without-included-iniparser +} + +src_compile() { + # compile libs + if use addns ; then + einfo "make addns library" + emake libaddns + fi + if use netapi ; then + einfo "make netapi library" + emake libnetapi + fi + if use smbclient ; then + einfo "make smbclient library" + emake libsmbclient + fi + if use smbsharemodes ; then + einfo "make smbsharemodes library" + emake libsmbsharemodes + fi + + # compile modules + emake modules + + # compile pam moudles + if use pam ; then + einfo "make pam modules" + emake pam_modules + fi + + # compile winbind nss modules + if use winbind ; then + einfo "make nss modules" + emake nss_modules + fi + + # compile utilities + if [ -n "${BINPROGS}" ] ; then + einfo "make binprogs" + emake ${BINPROGS} + fi + if [ -n "${SBINPROGS}" ] ; then + einfo "make sbinprogs" + emake ${SBINPROGS} + fi + + if [ -n "${KRBPLUGIN}" ] ; then + einfo "make krbplugin" + emake ${KRBPLUGIN}${PLUGINEXT} + fi + +} + +src_install() { + # pkgconfig files installation needed, bug #464818 + local pkgconfigdir=/usr/$(get_libdir)/pkgconfig + + # install libs + if use addns ; then + einfo "install addns library" + emake installlibaddns DESTDIR="${D}" + fi + if use netapi ; then + einfo "install netapi library" + emake installlibnetapi DESTDIR="${D}" + insinto $pkgconfigdir + doins pkgconfig/netapi.pc + fi + if use smbclient ; then + einfo "install smbclient library" + emake installlibsmbclient DESTDIR="${D}" + insinto $pkgconfigdir + doins pkgconfig/smbclient.pc + fi + if use smbsharemodes ; then + einfo "install smbsharemodes library" + emake installlibsmbsharemodes DESTDIR="${D}" + insinto $pkgconfigdir + doins pkgconfig/smbsharemodes.pc + fi + + # install modules + emake installmodules DESTDIR="${D}" + + if use pam ; then + einfo "install pam modules" + emake installpammodules DESTDIR="${D}" + + if use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + doman ../docs/manpages/pam_winbind.8 + # bug #376853 + insinto /etc/security + doins ../examples/pam_winbind/pam_winbind.conf || die + fi + + newpamd "${CONFDIR}/samba.pam" samba + dodoc pam_smbpass/README + fi + + # Nsswitch extensions. Make link for wins and winbind resolvers + if use winbind ; then + einfo "install libwbclient" + emake installlibwbclient DESTDIR="${D}" + dolib.so ../nsswitch/libnss_wins.so + dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2 + dolib.so ../nsswitch/libnss_winbind.so + dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2 + insinto $pkgconfigdir + doins pkgconfig/wbclient.pc + einfo "install libwbclient related manpages" + doman ../docs/manpages/idmap_rid.8 + doman ../docs/manpages/idmap_hash.8 + if use ldap ; then + doman ../docs/manpages/idmap_adex.8 + doman ../docs/manpages/idmap_ldap.8 + fi + if use ads ; then + doman ../docs/manpages/idmap_ad.8 + fi + fi + + # install binaries + insinto /usr + for prog in ${SBINPROGS} ; do + dosbin ${prog} + doman ../docs/manpages/${prog/bin\/}* + done + + for prog in ${BINPROGS} ; do + dobin ${prog} + doman ../docs/manpages/${prog/bin\/}* + done + + # install scripts + if use client ; then + dobin script/findsmb + doman ../docs/manpages/findsmb.1 + fi + + # install krbplugin + if [ -n "${KRBPLUGIN}" ] ; then + if has_version app-crypt/mit-krb5 ; then + insinto /usr/$(get_libdir)/krb5/plugins/libkrb5 + doins ${KRBPLUGIN}${PLUGINEXT} + elif has_version app-crypt/heimdal ; then + insinto /usr/$(get_libdir)/plugin/krb5 + doins ${KRBPLUGIN}${PLUGINEXT} + fi + insinto /usr + for prog in ${KRBPLUGIN} ; do + doman ../docs/manpages/${prog/bin\/}* + done + fi + + # install server components + if use server ; then + doman ../docs/manpages/vfs* ../docs/manpages/samba.7 + + diropts -m0700 + keepdir /var/lib/samba/private + + diropts -m1777 + keepdir /var/spool/samba + + diropts -m0755 + keepdir /var/{cache,log}/samba + keepdir /var/lib/samba/{netlogon,profiles} + keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC,X64,IA64,COLOR} + keepdir /usr/$(get_libdir)/samba/{auth,pdb,rpc,idmap,nss_info,gpext} + + newconfd "${CONFDIR}/samba.confd" samba + newinitd "${CONFDIR}/samba.initd" samba + + insinto /etc/samba + doins "${CONFDIR}"/{smbusers,lmhosts} + + if use ldap ; then + insinto /etc/openldap/schema + doins ../examples/LDAP/samba.schema + fi + + if use swat ; then + insinto /etc/xinetd.d + newins "${CONFDIR}/swat.xinetd" swat + script/installswat.sh "${ED}" "${EROOT}/usr/share/doc/${PF}/swat" "${S}" + fi + + dodoc ../MAINTAINERS.txt ../README* ../Roadmap ../WHATSNEW.txt ../docs/THANKS + fi + + # install the spooler to cups + if use cups ; then + dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb + fi + + # install misc files + insinto /etc/samba + doins ../examples/smb.conf.default + doman ../docs/manpages/smb.conf.5 + + insinto /usr/"$(get_libdir)"/samba + doins ../codepages/{valid.dat,upcase.dat,lowcase.dat} + + # install docs + if use doc ; then + dohtml -r ../docs/htmldocs/* + dodoc ../docs/*.pdf + fi + + # install examples + if use examples ; then + insinto /usr/share/doc/${PF}/examples + + if use smbclient ; then + doins -r ../examples/libsmbclient + fi + + if use winbind ; then + doins -r ../examples/pam_winbind ../examples/nss + fi + + if use server ; then + cd ../examples + doins -r auth autofs dce-dfs LDAP logon misc pdb \ + perfcounter printer-accounting printing scripts tridge \ + validchars VFS + fi + fi + + # Remove empty installation directories + rmdir --ignore-fail-on-non-empty \ + "${ED}/usr/$(get_libdir)/samba" \ + "${ED}/usr"/{sbin,bin} \ + "${ED}/usr/share"/{man,locale,} \ + "${ED}/var"/{run,lib/samba/private,lib/samba,lib,cache/samba,cache,} \ + # || die "tried to remove non-empty dirs, this seems like a bug in the ebuild" + + systemd_dotmpfilesd "${FILESDIR}"/samba.conf + systemd_dounit "${FILESDIR}"/nmbd.service + systemd_dounit "${FILESDIR}"/smbd.{service,socket} + systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' + systemd_dounit "${FILESDIR}"/winbindd.service +} + +pkg_postinst() { + elog "Samba 3.6 has adopted a number of improved security defaults that" + elog "will impact on existing users of Samba." + elog " client ntlmv2 auth = yes" + elog " client use spnego principal = no" + elog " send spnego principal = no" + elog "" + elog "SMB2 protocol support in 3.6.0 is fully functional and can be " + elog "enabled by setting 'max protocol = smb2'. SMB2 is a new " + elog "implementation of the SMB protocol used by Windows Vista and higher" + elog "" + elog "For further information make sure to read the release notes at" + elog "http://samba.org/samba/history/${P}.html and " + elog "http://samba.org/samba/history/${PN}-3.6.0.html" +} diff --git a/net-fs/samba/samba-4.0.11.ebuild b/net-fs/samba/samba-4.0.13.ebuild index 63aa7af7a989..684a0dff7e98 100644 --- a/net-fs/samba/samba-4.0.11.ebuild +++ b/net-fs/samba/samba-4.0.13.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.0.11.ebuild,v 1.2 2013/11/15 23:25:46 zerochaos Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.0.13.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $ EAPI=5 PYTHON_COMPAT=( python2_{6,7} ) @@ -136,14 +136,11 @@ src_configure() { src_install() { waf-utils_src_install - # Seems like the build script gets the shebangs correct by itself - # (4.0.6) - #python_replicate_script \ - # "${D}/usr/sbin/samba_dnsupdate" \ - # "${D}/usr/sbin/samba_spnupdate" \ - # "${D}/usr/sbin/samba_upgradedns" \ - # "${D}/usr/sbin/samba_kcc" \ - # "${D}/usr/bin/samba-tool" + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi # Make all .so files executable find "${D}" -type f -name "*.so" -exec chmod +x {} + diff --git a/net-fs/samba/samba-4.1.1.ebuild b/net-fs/samba/samba-4.1.3.ebuild index ce633d296050..40b06f23cece 100644 --- a/net-fs/samba/samba-4.1.1.ebuild +++ b/net-fs/samba/samba-4.1.3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.1.1.ebuild,v 1.2 2013/11/15 23:25:46 zerochaos Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.1.3.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $ EAPI=5 PYTHON_COMPAT=( python2_{6,7} ) @@ -128,14 +128,11 @@ src_configure() { src_install() { waf-utils_src_install - # Seems like the build script gets the shebangs correct by itself - # (4.0.6) - #python_replicate_script \ - # "${D}/usr/sbin/samba_dnsupdate" \ - # "${D}/usr/sbin/samba_spnupdate" \ - # "${D}/usr/sbin/samba_upgradedns" \ - # "${D}/usr/sbin/samba_kcc" \ - # "${D}/usr/bin/samba-tool" + # install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi # Make all .so files executable find "${D}" -type f -name "*.so" -exec chmod +x {} + @@ -149,6 +146,7 @@ src_install() { systemd_dounit "${FILESDIR}"/smbd.{service,socket} systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service' systemd_dounit "${FILESDIR}"/winbindd.service + systemd_dounit "${FILESDIR}"/samba.service } src_test() { |