-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-fs/samba: Security bump to versions 4.11.13, 4.12.7 and 4.13.0
Bug: https://bugs.gentoo.org/743433 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
- Loading branch information
Lars Wendler
committed
Sep 23, 2020
1 parent
60c6294
commit 308c787
Showing
4 changed files
with
644 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
DIST samba-4.11.11.tar.gz 18590837 BLAKE2B 0d585d4561717c6a08ac51fb8ae9944901aa81e437fc8e78ca22e5a43232295002f5456d78b302278aa7a0a4596f8c5b0b910e092aa54a8d9c46fd804b772d33 SHA512 71403fe4c1de3730b115a7e1b1cdfcae6f2e8c7ca8b18ed154be309f06484d136e66ef64379409c6e39ade3b5bfa5587f9229755e9ee1747915c546fd1f08d5f | ||
DIST samba-4.11.13.tar.gz 18598813 BLAKE2B 5671498058e61c1afbdb0976b6931dc4e13087792612d4fdc3073e8e40a60be82f578836e3baa48f111a600da5c6e0e08aa7ba638fbc1285bbb57644ae7e8b1d SHA512 396ab636db6f9583b772935d58a3cf1860109bb9e1ef841a38c08d7be9f3839d6e198d5cdc80ef0803fcbfa6c06f1173585f3b582937e8834857fc47d90f7181 | ||
DIST samba-4.12.6.tar.gz 18224870 BLAKE2B 5a8086c3575dd46cc8f428db818dc3db8772fa08fb7a431940377219f782555923f9b0a62b067b4c89a0208aa022bfa0c0664706a1241487183344e822c20bc3 SHA512 16a4ced3942bc6d51e80db257e8caeaa426980f66caf2aaf2324f091ec5063bc6b9029d90ff2f321b68be4cede7555d1ebf142405105468bd581e7a7bf9f0be5 | ||
DIST samba-4.13.0rc5.tar.gz 18404324 BLAKE2B d8830623332c348c15e3b988e5e413eb050927d55f34984fddf5a33816d5bc0608716d72650e2037a98615685320444e4bd1b230545bcc1acd636b8ef5917b0b SHA512 addf0d9a9b100814c7f3dda6930b60032a8ab615cadf35a304a1397c9064588211b6702019b4afedcb3c43394294704cc10825972bc7c1ebf7a8ca5fb0b6831e | ||
DIST samba-4.12.7.tar.gz 18230157 BLAKE2B cf0ed50177e1e0d840892753537d8fab8c31ed4a6ba9b4e6bfc12e56c9f14a760c9e3dd230dc8e6caf2d7493e204bffb2fbd1bfa0931ae3fd93311ae2d5b3e32 SHA512 5afb1f24b029e665bb4f6bd7b7cf915243476b09b304942b2105586fa99adc6a19b46b4753ca116e230e5bb7b82e011fbe296c62bc70a8a897e56aece55a7f0b | ||
DIST samba-4.13.0.tar.gz 18406380 BLAKE2B d54db52102c6d507c3e6f32fc6c64051a95ef8ccfdb1e81a379d2c0325f6f9fe79c64ce9a26ddf48ae11351912ad988f6f532474a81284c7a7147521ceacc509 SHA512 0c15e887efa79ba8c1d24eda2f03898a1a080cb947056df12abc361f12eb5659f9ee37132767f5ef7e4ecb9c431759e5b619cb785921276fda17f4a9411af81c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,321 @@ | ||
# Copyright 1999-2020 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=6 | ||
|
||
PYTHON_COMPAT=( python3_{6,7,8} ) | ||
PYTHON_REQ_USE='threads(+),xml(+)' | ||
inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam | ||
|
||
MY_PV="${PV/_rc/rc}" | ||
MY_P="${PN}-${MY_PV}" | ||
|
||
SRC_PATH="stable" | ||
[[ ${PV} = *_rc* ]] && SRC_PATH="rc" | ||
|
||
SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" | ||
[[ ${PV} = *_rc* ]] || \ | ||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" | ||
|
||
DESCRIPTION="Samba Suite Version 4" | ||
HOMEPAGE="https://www.samba.org/" | ||
LICENSE="GPL-3" | ||
|
||
SLOT="0" | ||
|
||
IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gpg iprint | ||
json ldap pam profiling-data python quota selinux snapper syslog | ||
system-heimdal +system-mitkrb5 systemd test winbind zeroconf" | ||
|
||
MULTILIB_WRAPPED_HEADERS=( | ||
/usr/include/samba-4.0/policy.h | ||
/usr/include/samba-4.0/dcerpc_server.h | ||
/usr/include/samba-4.0/ctdb.h | ||
/usr/include/samba-4.0/ctdb_client.h | ||
/usr/include/samba-4.0/ctdb_protocol.h | ||
/usr/include/samba-4.0/ctdb_private.h | ||
/usr/include/samba-4.0/ctdb_typesafe_cb.h | ||
/usr/include/samba-4.0/ctdb_version.h | ||
) | ||
|
||
CDEPEND=" | ||
>=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] | ||
dev-lang/perl:= | ||
dev-libs/libbsd[${MULTILIB_USEDEP}] | ||
dev-libs/libtasn1[${MULTILIB_USEDEP}] | ||
dev-libs/popt[${MULTILIB_USEDEP}] | ||
>=net-libs/gnutls-3.2.0[${MULTILIB_USEDEP}] | ||
net-libs/libnsl:=[${MULTILIB_USEDEP}] | ||
sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] | ||
>=sys-libs/ldb-2.0.12[ldap(+)?,python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] | ||
<sys-libs/ldb-2.1.0[ldap(+)?,python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] | ||
sys-libs/libcap | ||
sys-libs/ncurses:0= | ||
sys-libs/readline:0= | ||
>=sys-libs/talloc-2.2.0[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] | ||
>=sys-libs/tdb-1.4.2[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] | ||
>=sys-libs/tevent-0.10.0[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] | ||
sys-libs/zlib[${MULTILIB_USEDEP}] | ||
virtual/libiconv | ||
pam? ( sys-libs/pam ) | ||
acl? ( virtual/acl ) | ||
$(python_gen_cond_dep " | ||
dev-python/subunit[\${PYTHON_MULTI_USEDEP},${MULTILIB_USEDEP}] | ||
addns? ( | ||
net-dns/bind-tools[gssapi] | ||
dev-python/dnspython:=[\${PYTHON_MULTI_USEDEP}] | ||
) | ||
") | ||
ceph? ( sys-cluster/ceph ) | ||
cluster? ( | ||
net-libs/rpcsvc-proto | ||
!dev-db/ctdb | ||
) | ||
cups? ( net-print/cups ) | ||
debug? ( dev-util/lttng-ust ) | ||
dmapi? ( sys-apps/dmapi ) | ||
fam? ( virtual/fam ) | ||
gpg? ( app-crypt/gpgme ) | ||
json? ( dev-libs/jansson ) | ||
ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) | ||
snapper? ( sys-apps/dbus ) | ||
system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) | ||
system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) | ||
systemd? ( sys-apps/systemd:0= ) | ||
zeroconf? ( net-dns/avahi ) | ||
" | ||
DEPEND="${CDEPEND} | ||
${PYTHON_DEPS} | ||
app-text/docbook-xsl-stylesheets | ||
dev-libs/libxslt | ||
>=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] | ||
net-libs/libtirpc[${MULTILIB_USEDEP}] | ||
virtual/pkgconfig | ||
|| ( | ||
net-libs/rpcsvc-proto | ||
<sys-libs/glibc-2.26[rpc(+)] | ||
) | ||
test? ( | ||
!system-mitkrb5? ( | ||
>=sys-libs/nss_wrapper-1.1.3 | ||
>=net-dns/resolv_wrapper-1.1.4 | ||
>=net-libs/socket_wrapper-1.1.9 | ||
>=sys-libs/uid_wrapper-1.2.1 | ||
) | ||
)" | ||
RDEPEND="${CDEPEND} | ||
python? ( ${PYTHON_DEPS} ) | ||
client? ( net-fs/cifs-utils[ads?] ) | ||
selinux? ( sec-policy/selinux-samba ) | ||
!dev-perl/Parse-Yapp | ||
" | ||
|
||
REQUIRED_USE=" | ||
addc? ( python json winbind ) | ||
addns? ( python ) | ||
ads? ( acl ldap winbind ) | ||
cluster? ( ads ) | ||
gpg? ( addc ) | ||
test? ( python ) | ||
?? ( system-heimdal system-mitkrb5 ) | ||
${PYTHON_REQUIRED_USE} | ||
" | ||
|
||
# the test suite is messed, it uses system-installed samba | ||
# bits instead of what was built, tests things disabled via use | ||
# flags, and generally just fails to work in a way ebuilds could | ||
# rely on in its current state | ||
RESTRICT="test" | ||
|
||
S="${WORKDIR}/${MY_P}" | ||
|
||
PATCHES=( | ||
"${FILESDIR}/${PN}-4.4.0-pam.patch" | ||
"${FILESDIR}/${PN}-4.9.2-timespec.patch" | ||
"${FILESDIR}/${PN}-4.13-winexe_option.patch" | ||
"${FILESDIR}/${PN}-4.13-vfs_snapper_configure_option.patch" | ||
) | ||
|
||
#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" | ||
CONFDIR="${FILESDIR}/4.4" | ||
|
||
WAF_BINARY="${S}/buildtools/bin/waf" | ||
|
||
SHAREDMODS="" | ||
|
||
pkg_setup() { | ||
# Package fails to build with distcc | ||
export DISTCC_DISABLE=1 | ||
|
||
python-single-r1_pkg_setup | ||
if use cluster ; then | ||
SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" | ||
elif use ads ; then | ||
SHAREDMODS="idmap_ad" | ||
fi | ||
} | ||
|
||
src_prepare() { | ||
default | ||
|
||
# un-bundle dnspython | ||
sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die | ||
|
||
# unbundle iso8601 unless tests are enabled | ||
if ! use test ; then | ||
sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die | ||
fi | ||
|
||
## ugly hackaround for bug #592502 | ||
#cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die | ||
|
||
sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ | ||
-i source4/dsdb/samdb/ldb_modules/password_hash.c \ | ||
|| die | ||
|
||
# Friggin' WAF shit | ||
multilib_copy_sources | ||
} | ||
|
||
multilib_src_configure() { | ||
# when specifying libs for samba build you must append NONE to the end to | ||
# stop it automatically including things | ||
local bundled_libs="NONE" | ||
if ! use system-heimdal && ! use system-mitkrb5 ; then | ||
bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" | ||
fi | ||
|
||
local myconf=( | ||
--enable-fhs | ||
--sysconfdir="${EPREFIX}/etc" | ||
--localstatedir="${EPREFIX}/var" | ||
--with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" | ||
--with-piddir="${EPREFIX}/run/${PN}" | ||
--bundled-libraries="${bundled_libs}" | ||
--builtin-libraries=NONE | ||
--disable-rpath | ||
--disable-rpath-install | ||
--nopyc | ||
--nopyo | ||
--without-winexe | ||
$(multilib_native_use_with acl acl-support) | ||
$(multilib_native_usex addc '' '--without-ad-dc') | ||
$(multilib_native_use_with addns dnsupdate) | ||
$(multilib_native_use_with ads) | ||
$(multilib_native_use_enable ceph cephfs) | ||
$(multilib_native_use_with cluster cluster-support) | ||
$(multilib_native_use_enable cups) | ||
$(multilib_native_use_with dmapi) | ||
$(multilib_native_use_with fam) | ||
$(multilib_native_use_with gpg gpgme) | ||
$(multilib_native_use_with json) | ||
$(multilib_native_use_enable iprint) | ||
$(multilib_native_use_with pam) | ||
$(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') | ||
$(multilib_native_use_with quota quotas) | ||
$(multilib_native_use_enable snapper) | ||
$(multilib_native_use_with syslog) | ||
$(multilib_native_use_with systemd) | ||
--systemd-install-services | ||
--with-systemddir="$(systemd_get_systemunitdir)" | ||
$(multilib_native_use_with winbind) | ||
$(multilib_native_usex python '' '--disable-python') | ||
$(multilib_native_use_enable zeroconf avahi) | ||
$(multilib_native_usex test '--enable-selftest' '') | ||
$(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') | ||
$(use_with debug lttng) | ||
$(use_with ldap) | ||
$(use_with profiling-data) | ||
# bug #683148 | ||
--jobs 1 | ||
) | ||
|
||
multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) | ||
|
||
CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ | ||
waf-utils_src_configure ${myconf[@]} | ||
} | ||
|
||
multilib_src_compile() { | ||
waf-utils_src_compile | ||
} | ||
|
||
multilib_src_install() { | ||
waf-utils_src_install | ||
|
||
# Make all .so files executable | ||
find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die | ||
|
||
if multilib_is_native_abi ; then | ||
# install ldap schema for server (bug #491002) | ||
if use ldap ; then | ||
insinto /etc/openldap/schema | ||
doins examples/LDAP/samba.schema | ||
fi | ||
|
||
# create symlink for cups (bug #552310) | ||
if use cups ; then | ||
dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb | ||
fi | ||
|
||
# install example config file | ||
insinto /etc/samba | ||
doins examples/smb.conf.default | ||
|
||
# Fix paths in example file (#603964) | ||
sed \ | ||
-e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ | ||
-e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ | ||
-e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ | ||
-e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ | ||
-e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ | ||
-i "${ED%/}"/etc/samba/smb.conf.default || die | ||
|
||
# Install init script and conf.d file | ||
newinitd "${CONFDIR}/samba4.initd-r1" samba | ||
newconfd "${CONFDIR}/samba4.confd" samba | ||
|
||
systemd_dotmpfilesd "${FILESDIR}"/samba.conf | ||
use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die | ||
|
||
# Preserve functionality for old gentoo-specific unit names | ||
dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" | ||
dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" | ||
dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" | ||
fi | ||
|
||
if use pam && use winbind ; then | ||
newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind | ||
# bugs #376853 and #590374 | ||
insinto /etc/security | ||
doins examples/pam_winbind/pam_winbind.conf | ||
fi | ||
|
||
keepdir /var/cache/samba | ||
keepdir /var/lib/ctdb | ||
keepdir /var/lib/samba/{bind-dns,private} | ||
keepdir /var/log/samba | ||
} | ||
|
||
multilib_src_install_all() { | ||
# Attempt to fix bug #673168 | ||
find "${ED}" -type d -name "Yapp" -print0 \ | ||
| xargs -0 --no-run-if-empty rm -r || die | ||
} | ||
|
||
multilib_src_test() { | ||
if multilib_is_native_abi ; then | ||
"${WAF_BINARY}" test || die "test failed" | ||
fi | ||
} | ||
|
||
pkg_postinst() { | ||
ewarn "Be aware that this release contains the best of all of Samba's" | ||
ewarn "technology parts, both a file server (that you can reasonably expect" | ||
ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" | ||
ewarn "controller work previously known as 'samba4'." | ||
|
||
elog "For further information and migration steps make sure to read " | ||
elog "https://samba.org/samba/history/${P}.html " | ||
elog "https://wiki.samba.org/index.php/Samba4/HOWTO " | ||
} |
Oops, something went wrong.