From dc06e557e9bee348c1239b1197195ab11ab13e79 Mon Sep 17 00:00:00 2001 From: Christian Andreetta Date: Fri, 17 Sep 2004 11:42:09 +0000 Subject: libs preload on suid binaries only (bug #63884) --- net-fs/samba/ChangeLog | 7 +- net-fs/samba/Manifest | 4 +- net-fs/samba/files/digest-samba-3.0.7-r1 | 3 + net-fs/samba/samba-3.0.7-r1.ebuild | 375 +++++++++++++++++++++++++++++++ 4 files changed, 387 insertions(+), 2 deletions(-) create mode 100644 net-fs/samba/files/digest-samba-3.0.7-r1 create mode 100644 net-fs/samba/samba-3.0.7-r1.ebuild (limited to 'net-fs') diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog index e0c81e9f4d51..299addf1bc96 100644 --- a/net-fs/samba/ChangeLog +++ b/net-fs/samba/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-fs/samba # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.109 2004/09/16 13:16:48 satya Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.110 2004/09/17 11:42:09 satya Exp $ + +*samba-3.0.7-r1 (17 Sep 2004) + + 17 Sep 2004; Christian Andreetta +samba-3.0.7-r1.ebuild: + libs preload on suid binaries only (bug #63884) 16 Sep 2004; Christian Andreetta samba-3.0.5-r1.ebuild, samba-3.0.6-r3.ebuild, samba-3.0.6-r4.ebuild, samba-3.0.7.ebuild: diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index 09114f6f37bf..6979c4c79e30 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -1,8 +1,9 @@ MD5 104b2678dbeb406024a7737bfed32ab5 samba-3.0.7.ebuild 13975 +MD5 ee844ffc28747ffaf3b33c3368537c63 samba-3.0.7-r1.ebuild 15241 MD5 eae72aa99c4ca08f0ca12e8af7f09e38 samba-3.0.6-r4.ebuild 14256 MD5 e87fc478aa8c0e99d6e15246a35567a2 samba-3.0.6-r3.ebuild 14211 MD5 b3e177446bd7b42b3919cc0785fad5e6 samba-3.0.5-r1.ebuild 13700 -MD5 09c4cbb9e098607a4c3da920696a6e58 ChangeLog 20997 +MD5 9c1b7d503bd2a8565a0bcd0049c4bf67 ChangeLog 21157 MD5 41299f246433a1a55c8fccc77ccd709e metadata.xml 491 MD5 4505c7b9cd715168b75a4dfb5c4ac294 samba-3.0.5.ebuild 11142 MD5 ccc96fcdc7493be42da52364061c6c17 files/winbind-init 484 @@ -34,6 +35,7 @@ MD5 bf268fdddc8ef677b6fa78661a094eac files/samba-3.0.6-samba.schema 16044 MD5 0ab3bc91606d4ac5eacae70f95c4eb9b files/digest-samba-3.0.5-r1 203 MD5 8c114eb3ebe56e7adb7db9381bea62db files/digest-samba-3.0.6-r3 203 MD5 8c114eb3ebe56e7adb7db9381bea62db files/digest-samba-3.0.6-r4 203 +MD5 a6cb7ea67d2a4fa00cb2d5dba0710cc3 files/digest-samba-3.0.7-r1 203 MD5 8c1f1e3655e12b85102ce257f3efad62 files/smb.conf.example-samba3 20762 MD5 9560b7e29d3a65db029fc1800e84abcc files/samba-pdb_ldap-exop.patch 3921 MD5 3685eadb817d185b06476eca6c0c15c4 files/smbusers 204 diff --git a/net-fs/samba/files/digest-samba-3.0.7-r1 b/net-fs/samba/files/digest-samba-3.0.7-r1 new file mode 100644 index 000000000000..09d0212c5614 --- /dev/null +++ b/net-fs/samba/files/digest-samba-3.0.7-r1 @@ -0,0 +1,3 @@ +MD5 5906341429e64214909865a4be92e4ab samba-3.0.7.tar.gz 15012667 +MD5 5f173d549014985d681478897135915b samba-vscan-0.3.5.tar.bz2 161982 +MD5 998ece1ac96680d75cebe6f0352f56b9 smbldap-tools-0.8.5.tgz 271436 diff --git a/net-fs/samba/samba-3.0.7-r1.ebuild b/net-fs/samba/samba-3.0.7-r1.ebuild new file mode 100644 index 000000000000..91563a077e81 --- /dev/null +++ b/net-fs/samba/samba-3.0.7-r1.ebuild @@ -0,0 +1,375 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.0.7-r1.ebuild,v 1.1 2004/09/17 11:42:09 satya Exp $ + +inherit eutils flag-o-matic +#--------------------------------------------------------------------------- +IUSE="kerberos mysql postgres xml xml2 acl cups ldap pam readline python doc" +IUSE="${IUSE} oav selinux" +#--------------------------------------------------------------------------- +DESCRIPTION="SAMBA is a suite of SMB and CIFS client/server programs for UNIX" +HOMEPAGE="http://www.samba.org/ + http://www.openantivirus.org/projects.php + http://samba.idealx.org" +#--------------------------------------------------------------------------- +SMBLDAP_TOOLS_VER=0.8.5 +VSCAN_VER=0.3.5 +# all vscan modules are being installed +#VSCAN_MODS="oav sophos fprotd fsav trend icap mksd kavp clamav nai" +#--------------------------------------------------------------------------- +_CVS="-${PV/_/}" +S=${WORKDIR}/${PN}${_CVS} +#--------------------------------------------------------------------------- +SRC_URI="mirror://samba/${PN}${_CVS}.tar.gz + oav? mirror://sourceforge/openantivirus/${PN}-vscan-${VSCAN_VER}.tar.bz2 + ldap? http://samba.idealx.org/dist/smbldap-tools-${SMBLDAP_TOOLS_VER}.tgz" +RESTRICT="nomirror" # 2004-09: smbldap-tools changed md5 (stale mirrors) +#--------------------------------------------------------------------------- +_COMMON_DEPS="dev-libs/popt + readline? sys-libs/readline + ldap? ( kerberos? ( virtual/krb5 ) ) + mysql? ( dev-db/mysql sys-libs/zlib ) + postgres? ( dev-db/postgresql sys-libs/zlib ) + xml? ( dev-libs/libxml2 sys-libs/zlib ) + xml2? ( dev-libs/libxml2 sys-libs/zlib ) + acl? sys-apps/acl + cups? net-print/cups + ldap? ( net-nds/openldap dev-perl/Crypt-SmbHash ) + pam? sys-libs/pam + python? dev-lang/python" +DEPEND="sys-devel/autoconf + >=sys-apps/sed-4 + ${_COMMON_DEPS}" +#IDEALX scripts are now using Net::LDAP +#selinux: bug #62907 +RDEPEND="ldap? dev-perl/perl-ldap ${_COMMON_DEPS} + selinux? ( sec-policy/selinux-samba )" +#--------------------------------------------------------------------------- +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~arm ~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" +#=========================================================================== +src_unpack() { + local i + unpack ${A} || die + cd ${S} || die + # Clean up CVS --------------------------------------------------------- + find . -name .cvsignore | xargs rm -f + find . -name CVS | xargs rm -rf + # Add patch(es) -------------------------------------------------------- + # This patchset fixes Samba bugs #1315, #1319 and #1345 + # courtesy of Gerald Carter (jerry@samba.org) + # they are hopefully fixed in this version ! + # epatch ${FILESDIR}/samba-3.0.x.patch + #Next one is from eger@cc.gatech.edu + epatch ${FILESDIR}/samba-3.0.x-python-setup.patch || die + #bug #44743 ------------------------------------------------------------ + if [ ${ARCH} = "amd64" -o ${ARCH} = "ppc" -o ${ARCH} = "ppc64" ]; then + cd ${S} && epatch ${FILESDIR}/samba-3.0.x-smbumount-uid32.patch + fi + #Fix for bug #27858 ---------------------------------------------------- + if [ ${ARCH} = "sparc" -o ${ARCH} = "ppc" -o ${ARCH} = "ppc64" ]; then + cd ${S}/source/include && epatch ${FILESDIR}/samba-2.2.8-statfs.patch + fi + #Bug #36200; sys-kernel/linux-headers dependent ------------------------ + sed -i -e 's:#define LINUX_QUOTAS_2:#define LINUX_QUOTAS_1:' \ + -e 's:::' \ + ${S}/source/smbd/quotas.c + #amd64 lib location is not lib32 nor lib ------------------------------- + cd ${S} || die + use amd64 && epatch ${FILESDIR}/samba-3.0.x-libdirsymlink.patch + # examples: to be copied as docs --------------------------------------- + rm -rf ${S}/examples.ORIG + cp -a ${S}/examples ${S}/examples.ORIG + # Prep samba-vscan source. + use oav && cp -a ${WORKDIR}/${PN}-vscan-${VSCAN_VER} ${S}/examples/VFS + #----------------------------------------------------------------------- + cd ${S}/source + echo "Running autoconf ..." + autoconf || die +} +#=========================================================================== +my_configure() { + local myconf="$1" + #----------------------------------------------------------------------- + for info_var in myconf CFLAGS LDFLAGS; do + einfo "${info_var} is: ${!info_var}" + done + #----------------------------------------------------------------------- + #default_{static,shared}_modules|source/configure + cd ${S}/source + econf \ + --prefix=/usr \ + --libdir=/usr/lib/samba \ + --with-libdir=/usr/lib/samba \ + --with-swatdir=/usr/share/doc/${PF}/swat \ + --localstatedir=/var \ + --with-piddir=/var/run/samba \ + --with-lockdir=/var/cache/samba \ + --with-logfilebase=/var/log/samba \ + --sysconfdir=/etc/samba \ + --with-configdir=/etc/samba \ + --with-privatedir=/etc/samba/private \ + \ + --enable-static \ + --enable-shared \ + --with-manpages-langs=en \ + --without-spinlocks \ + --with-libsmbclient \ + --with-automount \ + --with-smbmount \ + --with-winbind \ + --with-quotas \ + --with-syslog \ + --with-idmap \ + --host=${CHOST} \ + ${myconf} || die + # Show install dirs ---------------------------------------------------- + einfo "Dir conf:" + emake showlayout + # serialized headers make ---------------------------------------------- + make proto +} +#=========================================================================== +src_compile() { + local myconf + local mymods + #mymods="nisplussam" #this is deprecated... + #----------------------------------------------------------------------- + use xml || use xml2 && mymods="xml,${mymods}" + use mysql && mymods="mysql,${mymods}" + use postgres && mymods="pgsql,${mymods}" + [ -n "${mymods}" ] && myconf="--with-expsam=${mymods}" + use acl \ + && myconf="${myconf} --with-acl-support" \ + || myconf="${myconf} --without-acl-support" + use pam \ + && myconf="${myconf} --with-pam --with-pam_smbpass" \ + || myconf="${myconf} --without-pam --without-pam_smbpass" + use cups \ + && myconf="${myconf} --enable-cups" \ + || myconf="${myconf} --disable-cups" + use ldap \ + && myconf="${myconf} --with-ldap" \ + || myconf="${myconf} --without-ldap" + #this is for old samba 2.x compat + #myconf="${myconf} --with-ldapsam" + myconf="${myconf} --without-ldapsam" + use python \ + && myconf="${myconf} --with-python=yes" \ + || myconf="${myconf} --with-python=no" + use readline \ + && myconf="${myconf} --with-readline" \ + || myconf="${myconf} --without-readline" + #Fix #57063 ------------------------------------------------------------ + # too cautious for some archs: maybe -O2 is sufficient on some of them + strip-flags + if [ "${ARCH}" = "ppc" -o "${ARCH}" = "ppc64" ]; then + replace-flags -O? -O1 + else + replace-flags -O? -O1 + fi + #----------------------------------------------------------------------- + if [ "${ARCH}" != "amd64" ]; then + use kerberos && use ldap \ + && myconf="${myconf} --with-ads" \ + || myconf="${myconf} --without-ads" + else + myconf="${myconf} --without-ads" + fi + #----------------------------------------------------------------------- + append-ldflags -L/usr/$(get_libdir) # lib64 location + append-ldflags -Wl,-z,now # lib preload + # SUID configure ------------------------------------------------------- + my_configure "${myconf}" + # SUID compile --------------------------------------------------------- + for file in smbmnt smbumount; do + einfo "LD: BIND_NOW: bin/${file}" + rm -f bin/${file} + emake bin/${file} || die "LD: BIND_NOW: bin/${file} compile error" + done + for file in mount.cifs; do + einfo "LD: BIND_NOW: bin/${file}" + gcc ${CFLAGS} ${LDFLAGS} client/${file}.c -o bin/${file} || die "LD: BIND_NOW: bin/${file} compile error" + done + # CONFIGURE ------------------------------------------------------------ + LDFLAGS=${LDFLAGS/-Wl,-z,now/} #lib preload change must affect suid only! + my_configure "${myconf}" + # Compile main SAMBA pieces -------------------------------------------- + einfo "make everything" && emake everything || die "SAMBA make everything error" + einfo "make rpctorture" && emake rpctorture || ewarn "rpctorture didn't build" + # build smbget --------------------------------------------------------- + einfo "smbget" + emake bin/smbget; assert "smbget compile error" + # Build selected samba-vscan plugins ----------------------------------- + if use oav; then + cd ${S}/examples/VFS/${PN}-vscan-${VSCAN_VER} + ./configure --prefix=/usr --libdir=/usr/lib/samba + assert "bad ${PN}-vscan-${VSCAN_VER} ./configure" + emake #${VSCAN_MODS} + fi +} +#=========================================================================== +src_install() { + local i #for cicles + local extra_bins="debug2html smbfilter talloctort mount.cifs smbget" + #smbsh editreg + extra_bins="${extra_bins} smbtorture msgtest masktest locktest \ + locktest2 nsstest vfstest rpctorture" + # ---------------------------------------------------------------------- + cd ${S}/source + make DESTDIR=${D} install-everything + # Extra binary files, testing/torture progs ---------------------------- + exeinto /usr/bin + for i in ${extra_bins}; do + [ -x ${S}/source/bin/${i} ] && doexe ${S}/source/bin/${i} && \ + einfo "Extra binaries: ${i}" + done + # Installing these setuid-root allows users to (un)mount smbfs/cifs ---- + for i in /usr/bin/smbumount /usr/bin/smbmnt /usr/bin/mount.cifs; do + fperms 4111 ${i} || die "No perms: ${i}" + einfo "suid: ${i}" + done + # Nsswitch extensions. Make link for wins and winbind resolvers -------- + exeinto /lib + for i in wins winbind; do + doexe ${S}/source/nsswitch/libnss_${i}.so + ( cd ${D}/lib; ln -s libnss_${i}.so libnss_${i}.so.2 ) + done + exeinto /lib/security + doexe ${S}/source/nsswitch/pam_winbind.so + use pam && doexe ${S}/source/bin/pam_smbpass.so + # mount backend -------------------------------------------------------- + dodir /sbin + dosym ../usr/bin/smbmount /sbin/mount.smbfs + dosym ../usr/bin/mount.cifs /sbin/mount.cifs + # bug #46389: samba doesn't create symlink anymore + # beaviour seems to be changed in 3.0.6, see bug #61046 + dosym /usr/lib/samba/libsmbclient.so /usr/lib/libsmbclient.so.0 + dosym /usr/lib/samba/libsmbclient.so /usr/lib/libsmbclient.so + # make the smb backend symlink for cups printing support.. + if use cups; then + dodir /usr/lib/cups/backend + dosym /usr/bin/smbspool /usr/lib/cups/backend/smb + fi + # Install IDEALX scripts for LDAP backend administration --------------- + if use ldap; then + # corrections as per bug #41796 + cd ${WORKDIR}/smbldap-tools-${SMBLDAP_TOOLS_VER} + exeinto /usr/share/samba/scripts; doexe smbldap-* + exeinto /etc/samba ; doexe smbldap_tools.pm + insinto /etc/smbldap-tools ; doins *.conf + fperms 644 /etc/smbldap-tools/smbldap.conf + fperms 600 /etc/smbldap-tools/smbldap_bind.conf + eval `perl '-V:installarchlib'` + dodir ${installarchlib} + #dosym /etc/samba/smbldap_conf.pm ${installarchlib} + #dosym /etc/samba/smbldap_conf.pm /usr/share/samba/scripts + dosym /etc/samba/smbldap_tools.pm ${installarchlib} + dosym /etc/samba/smbldap_tools.pm /usr/share/samba/scripts + if [ -f mkntpwd/mkntpwd ]; then + exeinto /usr/sbin ; doexe mkntpwd/mkntpwd + fi + fi + # VFS plugin modules --------------------------------------------------- + if use oav; then + #exeinto /usr/lib/samba/vfs + #doexe ${S}/examples/VFS/${PN}-vscan-${VSCAN_VER}/vscan-*.so + cd ${S}/examples/VFS/${PN}-vscan-${VSCAN_VER} + make install DESTDIR=${D} || die "VFS: vscan error" + insinto /etc/samba + doins ${S}/examples/VFS/${PN}-vscan-${VSCAN_VER}/openantivirus/*conf + fi + # Python extensions ---------------------------------------------------- + if use python; then + cd ${S}/source + python python/setup.py install --root=${D} || die + fi + # General config files ------------------------------------------------- + insinto /etc/samba + touch ${D}/etc/samba/smb.conf + doins ${FILESDIR}/smbusers + #newins ${FILESDIR}/smb.conf.example-samba3 smb.conf.example + newins ${FILESDIR}/smb.conf.example-samba3.gz smb.conf.example.gz + doins ${FILESDIR}/lmhosts + doins ${FILESDIR}/recycle.conf + insinto /etc/pam.d + newins ${FILESDIR}/samba.pam samba + doins ${FILESDIR}/system-auth-winbind + insinto /etc/xinetd.d + newins ${FILESDIR}/swat.xinetd swat + exeinto /etc/init.d; newexe ${FILESDIR}/samba-init samba + insinto /etc/conf.d; newins ${FILESDIR}/samba-conf samba + if use ldap; then + insinto /etc/openldap/schema + doins ${S}/examples/LDAP/samba.schema + fi + # dirs ----------------------------------------------------------------- + diropts -m0700 + dodir /etc/samba/private + touch ${D}/etc/samba/private/.keep + diropts -m1777 + dodir /var/spool/samba + touch ${D}/var/spool/samba/.keep + diropts -m0755 + dodir /var/{log,run,cache}/samba + dodir /var/lib/samba/{netlogon,profiles} + dodir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC} + touch ${D}/var/{log,run,cache}/samba/.keep + touch ${D}/var/lib/samba/{netlogon,profiles}/.keep + touch ${D}/var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC}/.keep + # docs ----------------------------------------------------------------- + docinto "" + dodoc ${S}/COPYING ${S}/Manifest ${S}/README ${S}/Roadmap ${S}/WHATSNEW.txt + docinto examples + dodoc ${FILESDIR}/nsswitch.conf-{wins,winbind} + cp -a ${S}/examples.ORIG/* ${D}/usr/share/doc/${PF}/examples + if use oav; then + docinto ${PN}-vscan-${VSCAN_VER} + cd ${WORKDIR}/${PN}-vscan-${VSCAN_VER} + dodoc AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO + dodoc */*.conf + fi + if use ldap; then + docinto smbldap-tools-${SMBLDAP_TOOLS_VER} + cd ${WORKDIR}/smbldap-tools-${SMBLDAP_TOOLS_VER} + dodoc CONTRIBUTORS COPYING ChangeLog FILES INFRA INSTALL README TODO + fi + if ! use doc; then + rm -rf ${D}/usr/share/doc/${PF}/swat/help/{guide,howto,devel} + rm -rf ${D}/usr/share/doc/${PF}/swat/using_samba + fi + chown -R root:root ${D}/usr/share/doc/${PF} + # moving manpages ------------------------------------------------------ + mv ${D}/usr/man ${D}/usr/share/man +} +#=========================================================================== +pkg_postinst() { + # touch /etc/samba/smb.conf so that people installing samba just + # to mount smb shares don't get annoying warnings all the time.. + #[ ! -e ${ROOT}/etc/samba/smb.conf ] && touch ${ROOT}/etc/samba/smb.conf + + ewarn "" + ewarn "If you are upgrading from a Samba version prior to 3.0.2, and you" + ewarn "use Samba's password database, you must run the following command:" + ewarn "" + ewarn " pdbedit --force-initialized-passwords" + ewarn "" + ewarn "2004-05: LIBs location change: /usr/lib/samba/*" + ewarn " (due to ldap/vfs external tools assumptions)" + ewarn "2004-09: LIBs flags changes for suid bins: LDFLAGS+='-Wl,-z,now'" + ewarn " 3.0.7: param: 'winbind enable local accounts' is now" + ewarn " disabled by default" + ewarn "" + if use ldap; then + ewarn "If you are upgrading from prior to 3.0.2, and you are using LDAP" + ewarn " for Samba authentication, you must check the sambaPwdLastSet" + ewarn " attribute on all accounts, and ensure it is not 0." + einfo "2004-07: WARNING: smbldap-tools changes" + einfo " smbldap-tools conf changed to /etc/smbldap-tools" + einfo " /usr/shared/samba/scripts: some script names changed" + einfo " dev-perl/Crypt-SmbHash: new pwd hash validation/conversion system" + einfo "" + fi +} + -- cgit v1.2.3-65-gdbad