summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2013-12-09 08:44:49 +0000
committerLars Wendler <polynomial-c@gentoo.org>2013-12-09 08:44:49 +0000
commit490698c0bb53ad5d0201384a4ea3ba79cce972f1 (patch)
treedf047502cdbfec89d8894caaa2ec2d817019e7cc
parentold (diff)
downloadgentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.tar.gz
gentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.tar.bz2
gentoo-2-490698c0bb53ad5d0201384a4ea3ba79cce972f1.zip
Security bump (bug #493726). Removed old
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC)
-rw-r--r--net-fs/samba/ChangeLog11
-rw-r--r--net-fs/samba/samba-3.6.22.ebuild466
-rw-r--r--net-fs/samba/samba-4.0.13.ebuild (renamed from net-fs/samba/samba-4.0.11.ebuild)15
-rw-r--r--net-fs/samba/samba-4.1.3.ebuild (renamed from net-fs/samba/samba-4.1.1.ebuild)16
4 files changed, 489 insertions, 19 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog
index 17a5c15faf47..dd703d875098 100644
--- a/net-fs/samba/ChangeLog
+++ b/net-fs/samba/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-fs/samba
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.636 2013/12/08 17:05:48 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.637 2013/12/09 08:44:49 polynomial-c Exp $
+
+*samba-4.1.3 (09 Dec 2013)
+*samba-4.0.13 (09 Dec 2013)
+*samba-3.6.22 (09 Dec 2013)
+
+ 09 Dec 2013; Lars Wendler <polynomial-c@gentoo.org> +samba-3.6.22.ebuild,
+ -samba-4.0.11.ebuild, +samba-4.0.13.ebuild, -samba-4.1.1.ebuild,
+ +samba-4.1.3.ebuild:
+ Security bump (bug #493726). Removed old.
08 Dec 2013; Agostino Sarubbo <ago@gentoo.org> samba-3.6.20.ebuild:
Stable for alpha, wrt bug #491070
diff --git a/net-fs/samba/samba-3.6.22.ebuild b/net-fs/samba/samba-3.6.22.ebuild
new file mode 100644
index 000000000000..aa41c5b636de
--- /dev/null
+++ b/net-fs/samba/samba-3.6.22.ebuild
@@ -0,0 +1,466 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.6.22.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $
+
+EAPI=4
+
+inherit pam versionator multilib eutils flag-o-matic systemd
+
+MY_PV=${PV/_/}
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="Library bits of the samba network filesystem"
+HOMEPAGE="http://www.samba.org/"
+SRC_URI="mirror://samba/stable/${MY_P}.tar.gz"
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="acl addns ads +aio avahi caps +client cluster cups debug dmapi doc examples fam
+ ldap ldb +netapi pam quota +readline selinux +server +smbclient smbsharemodes
+ swat syslog +winbind"
+
+DEPEND="dev-libs/popt
+ >=sys-libs/talloc-2.0.5
+ >=sys-libs/tdb-1.2.9
+ >=sys-libs/tevent-0.9.18
+ virtual/libiconv
+ ads? ( virtual/krb5 sys-fs/e2fsprogs
+ client? ( sys-apps/keyutils ) )
+ avahi? ( net-dns/avahi[dbus] )
+ caps? ( sys-libs/libcap )
+ client? ( !net-fs/mount-cifs
+ dev-libs/iniparser )
+ cluster? ( >=dev-db/ctdb-1.13 )
+ cups? ( net-print/cups )
+ debug? ( dev-libs/dmalloc )
+ dmapi? ( sys-apps/dmapi )
+ fam? ( virtual/fam )
+ ldap? ( net-nds/openldap )
+ ldb? ( sys-libs/ldb )
+ pam? ( virtual/pam
+ winbind? ( dev-libs/iniparser )
+ )
+ readline? ( >=sys-libs/readline-5.2 )
+ selinux? ( sec-policy/selinux-samba )
+ syslog? ( virtual/logger )"
+
+RDEPEND="${DEPEND}
+ kernel_linux? ( ads? ( net-fs/cifs-utils[ads] )
+ client? ( net-fs/cifs-utils ) )"
+
+# Disable tests since we don't want to build that much here
+RESTRICT="test"
+
+SBINPROGS=""
+BINPROGS=""
+KRBPLUGIN=""
+PLUGINEXT=".so"
+SHAREDMODS=""
+
+S="${WORKDIR}/${MY_P}/source3"
+
+# TODO:
+# - enable iPrint on Prefix/OSX and Darwin?
+# - selftest-prefix? selftest?
+# - AFS?
+
+CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)"
+
+REQUIRED_USE="
+ ads? ( ldap )
+ swat? ( server )
+"
+
+pkg_pretend() {
+ if [[ ${MERGE_TYPE} != binary ]]; then
+ if use winbind &&
+ [[ $(tc-getCC)$ == *gcc* ]] &&
+ [[ $(gcc-major-version)$(gcc-minor-version) -lt 43 ]]
+ then
+ eerror "It is a known issue that ${P} will not build with "
+ eerror "winbind use flag enabled when using gcc < 4.3 ."
+ eerror "Please use at least the latest stable gcc version."
+ die "Using sys-devel/gcc < 4.3 with winbind use flag."
+ fi
+ fi
+}
+
+pkg_setup() {
+ if use server ; then
+ SBINPROGS="${SBINPROGS} bin/smbd bin/nmbd"
+ BINPROGS="${BINPROGS} bin/testparm bin/smbstatus bin/smbcontrol bin/pdbedit
+ bin/profiles bin/sharesec bin/eventlogadm bin/smbta-util
+ $(usex client "" "bin/smbclient")"
+
+ use swat && SBINPROGS="${SBINPROGS} bin/swat"
+ use winbind && SBINPROGS="${SBINPROGS} bin/winbindd"
+ use ads && use winbind && KRBPLUGIN="${KRBPLUGIN} bin/winbind_krb5_locator"
+ fi
+
+ if use client ; then
+ BINPROGS="${BINPROGS} bin/smbclient bin/net bin/smbget bin/smbtree
+ bin/nmblookup bin/smbpasswd bin/rpcclient bin/smbcacls bin/smbcquotas
+ bin/ntlm_auth"
+
+ fi
+
+ use cups && BINPROGS="${BINPROGS} bin/smbspool"
+# use ldb && BINPROGS="${BINPROGS} bin/ldbedit bin/ldbsearch bin/ldbadd bin/ldbdel bin/ldbmodify bin/ldbrename";
+
+ if use winbind ; then
+ BINPROGS="${BINPROGS} bin/wbinfo"
+ SHAREDMODS="${SHAREDMODS}idmap_rid,idmap_hash"
+ use ads && SHAREDMODS="${SHAREDMODS},idmap_ad"
+ use cluster && SHAREDMODS="${SHAREDMODS},idmap_tdb2"
+ use ldap && SHAREDMODS="${SHAREDMODS},idmap_ldap,idmap_adex"
+ fi
+}
+
+src_prepare() {
+ cp "${FILESDIR}/samba-3.4.2-lib.tevent.python.mk" "../lib/tevent/python.mk"
+
+ # ensure that winbind has correct ldflags (QA notice)
+ sed -i \
+ -e 's|LDSHFLAGS="|LDSHFLAGS="\\${LDFLAGS} |g' \
+ configure || die "sed failed"
+ cd "${WORKDIR}/${MY_P}" && epatch "${CONFDIR}"/smb.conf.default.patch
+}
+
+src_configure() {
+ local myconf
+
+ # Filter out -fPIE
+ [[ ${CHOST} == *-*bsd* ]] && myconf+=" --disable-pie"
+
+ #Allowing alpha/s390/sh to build
+ if use alpha || use s390 || use sh ; then
+ replace-flags -O? -O1
+ fi
+
+ # http://wiki.samba.org/index.php/CTDB_Setup
+ use cluster && myconf+=" --disable-pie"
+
+ # Upstream refuses to make this configurable
+ use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no
+
+ #bug #399141 wrap newer iniparser version
+ has_version ">=dev-libs/iniparser-3.0.0" && \
+ export CPPFLAGS+=" -Diniparser_getstr\(d,i\)=iniparser_getstring\(d,i,NULL\)"
+
+ # Notes:
+ # - automount is only needed in conjunction with NIS and we don't have that
+ # anymore => LDAP?
+ # - --without-dce-dfs and --without-nisplus-home can't be passed to configure but are disabled by default
+ econf ${myconf} \
+ --with-piddir="${EPREFIX}"/var/run/samba \
+ --sysconfdir="${EPREFIX}"/etc/samba \
+ --localstatedir="${EPREFIX}"/var \
+ $(use_enable debug developer) \
+ --enable-largefile \
+ --enable-socket-wrapper \
+ --enable-nss-wrapper \
+ $(use_enable swat) \
+ $(use_enable debug dmalloc) \
+ $(use_enable cups) \
+ --disable-iprint \
+ $(use_enable fam) \
+ --enable-shared-libs \
+ --disable-dnssd \
+ $(use_enable avahi) \
+ --with-fhs \
+ --with-privatedir="${EPREFIX}"/var/lib/samba/private \
+ --with-rootsbindir="${EPREFIX}"/var/cache/samba \
+ --with-lockdir="${EPREFIX}"/var/cache/samba \
+ --with-swatdir="${EPREFIX}"/usr/share/doc/${PF}/swat \
+ --with-configdir="${EPREFIX}"/etc/samba \
+ --with-logfilebase="${EPREFIX}"/var/log/samba \
+ --with-pammodulesdir=$(getpam_mod_dir) \
+ $(use_with dmapi) \
+ --without-afs \
+ --without-fake-kaserver \
+ --without-vfs-afsacl \
+ $(use_with ldap) \
+ $(use_with ads) \
+ $(use_with ads krb5 "${EPREFIX}"/usr) \
+ $(use_with ads dnsupdate) \
+ --without-automount \
+ $(use_with pam) \
+ $(use_with pam pam_smbpass) \
+ $(use_with syslog) \
+ $(use_with quota quotas) \
+ $(use_with quota sys-quotas) \
+ --without-utmp \
+ --without-lib{talloc,tdb} \
+ $(use_with netapi libnetapi) \
+ $(use_with smbclient libsmbclient) \
+ $(use_with smbsharemodes libsmbsharemodes) \
+ $(use_with addns libaddns) \
+ $(use_with cluster ctdb "${EPREFIX}"/usr) \
+ $(use_with cluster cluster-support) \
+ $(use_with acl acl-support) \
+ $(use_with aio aio-support) \
+ --with-sendfile-support \
+ $(use_with winbind) \
+ --with-shared-modules=${SHAREDMODS} \
+ --without-included-popt \
+ --without-included-iniparser
+}
+
+src_compile() {
+ # compile libs
+ if use addns ; then
+ einfo "make addns library"
+ emake libaddns
+ fi
+ if use netapi ; then
+ einfo "make netapi library"
+ emake libnetapi
+ fi
+ if use smbclient ; then
+ einfo "make smbclient library"
+ emake libsmbclient
+ fi
+ if use smbsharemodes ; then
+ einfo "make smbsharemodes library"
+ emake libsmbsharemodes
+ fi
+
+ # compile modules
+ emake modules
+
+ # compile pam moudles
+ if use pam ; then
+ einfo "make pam modules"
+ emake pam_modules
+ fi
+
+ # compile winbind nss modules
+ if use winbind ; then
+ einfo "make nss modules"
+ emake nss_modules
+ fi
+
+ # compile utilities
+ if [ -n "${BINPROGS}" ] ; then
+ einfo "make binprogs"
+ emake ${BINPROGS}
+ fi
+ if [ -n "${SBINPROGS}" ] ; then
+ einfo "make sbinprogs"
+ emake ${SBINPROGS}
+ fi
+
+ if [ -n "${KRBPLUGIN}" ] ; then
+ einfo "make krbplugin"
+ emake ${KRBPLUGIN}${PLUGINEXT}
+ fi
+
+}
+
+src_install() {
+ # pkgconfig files installation needed, bug #464818
+ local pkgconfigdir=/usr/$(get_libdir)/pkgconfig
+
+ # install libs
+ if use addns ; then
+ einfo "install addns library"
+ emake installlibaddns DESTDIR="${D}"
+ fi
+ if use netapi ; then
+ einfo "install netapi library"
+ emake installlibnetapi DESTDIR="${D}"
+ insinto $pkgconfigdir
+ doins pkgconfig/netapi.pc
+ fi
+ if use smbclient ; then
+ einfo "install smbclient library"
+ emake installlibsmbclient DESTDIR="${D}"
+ insinto $pkgconfigdir
+ doins pkgconfig/smbclient.pc
+ fi
+ if use smbsharemodes ; then
+ einfo "install smbsharemodes library"
+ emake installlibsmbsharemodes DESTDIR="${D}"
+ insinto $pkgconfigdir
+ doins pkgconfig/smbsharemodes.pc
+ fi
+
+ # install modules
+ emake installmodules DESTDIR="${D}"
+
+ if use pam ; then
+ einfo "install pam modules"
+ emake installpammodules DESTDIR="${D}"
+
+ if use winbind ; then
+ newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind
+ doman ../docs/manpages/pam_winbind.8
+ # bug #376853
+ insinto /etc/security
+ doins ../examples/pam_winbind/pam_winbind.conf || die
+ fi
+
+ newpamd "${CONFDIR}/samba.pam" samba
+ dodoc pam_smbpass/README
+ fi
+
+ # Nsswitch extensions. Make link for wins and winbind resolvers
+ if use winbind ; then
+ einfo "install libwbclient"
+ emake installlibwbclient DESTDIR="${D}"
+ dolib.so ../nsswitch/libnss_wins.so
+ dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2
+ dolib.so ../nsswitch/libnss_winbind.so
+ dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2
+ insinto $pkgconfigdir
+ doins pkgconfig/wbclient.pc
+ einfo "install libwbclient related manpages"
+ doman ../docs/manpages/idmap_rid.8
+ doman ../docs/manpages/idmap_hash.8
+ if use ldap ; then
+ doman ../docs/manpages/idmap_adex.8
+ doman ../docs/manpages/idmap_ldap.8
+ fi
+ if use ads ; then
+ doman ../docs/manpages/idmap_ad.8
+ fi
+ fi
+
+ # install binaries
+ insinto /usr
+ for prog in ${SBINPROGS} ; do
+ dosbin ${prog}
+ doman ../docs/manpages/${prog/bin\/}*
+ done
+
+ for prog in ${BINPROGS} ; do
+ dobin ${prog}
+ doman ../docs/manpages/${prog/bin\/}*
+ done
+
+ # install scripts
+ if use client ; then
+ dobin script/findsmb
+ doman ../docs/manpages/findsmb.1
+ fi
+
+ # install krbplugin
+ if [ -n "${KRBPLUGIN}" ] ; then
+ if has_version app-crypt/mit-krb5 ; then
+ insinto /usr/$(get_libdir)/krb5/plugins/libkrb5
+ doins ${KRBPLUGIN}${PLUGINEXT}
+ elif has_version app-crypt/heimdal ; then
+ insinto /usr/$(get_libdir)/plugin/krb5
+ doins ${KRBPLUGIN}${PLUGINEXT}
+ fi
+ insinto /usr
+ for prog in ${KRBPLUGIN} ; do
+ doman ../docs/manpages/${prog/bin\/}*
+ done
+ fi
+
+ # install server components
+ if use server ; then
+ doman ../docs/manpages/vfs* ../docs/manpages/samba.7
+
+ diropts -m0700
+ keepdir /var/lib/samba/private
+
+ diropts -m1777
+ keepdir /var/spool/samba
+
+ diropts -m0755
+ keepdir /var/{cache,log}/samba
+ keepdir /var/lib/samba/{netlogon,profiles}
+ keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC,X64,IA64,COLOR}
+ keepdir /usr/$(get_libdir)/samba/{auth,pdb,rpc,idmap,nss_info,gpext}
+
+ newconfd "${CONFDIR}/samba.confd" samba
+ newinitd "${CONFDIR}/samba.initd" samba
+
+ insinto /etc/samba
+ doins "${CONFDIR}"/{smbusers,lmhosts}
+
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ doins ../examples/LDAP/samba.schema
+ fi
+
+ if use swat ; then
+ insinto /etc/xinetd.d
+ newins "${CONFDIR}/swat.xinetd" swat
+ script/installswat.sh "${ED}" "${EROOT}/usr/share/doc/${PF}/swat" "${S}"
+ fi
+
+ dodoc ../MAINTAINERS.txt ../README* ../Roadmap ../WHATSNEW.txt ../docs/THANKS
+ fi
+
+ # install the spooler to cups
+ if use cups ; then
+ dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb
+ fi
+
+ # install misc files
+ insinto /etc/samba
+ doins ../examples/smb.conf.default
+ doman ../docs/manpages/smb.conf.5
+
+ insinto /usr/"$(get_libdir)"/samba
+ doins ../codepages/{valid.dat,upcase.dat,lowcase.dat}
+
+ # install docs
+ if use doc ; then
+ dohtml -r ../docs/htmldocs/*
+ dodoc ../docs/*.pdf
+ fi
+
+ # install examples
+ if use examples ; then
+ insinto /usr/share/doc/${PF}/examples
+
+ if use smbclient ; then
+ doins -r ../examples/libsmbclient
+ fi
+
+ if use winbind ; then
+ doins -r ../examples/pam_winbind ../examples/nss
+ fi
+
+ if use server ; then
+ cd ../examples
+ doins -r auth autofs dce-dfs LDAP logon misc pdb \
+ perfcounter printer-accounting printing scripts tridge \
+ validchars VFS
+ fi
+ fi
+
+ # Remove empty installation directories
+ rmdir --ignore-fail-on-non-empty \
+ "${ED}/usr/$(get_libdir)/samba" \
+ "${ED}/usr"/{sbin,bin} \
+ "${ED}/usr/share"/{man,locale,} \
+ "${ED}/var"/{run,lib/samba/private,lib/samba,lib,cache/samba,cache,} \
+ # || die "tried to remove non-empty dirs, this seems like a bug in the ebuild"
+
+ systemd_dotmpfilesd "${FILESDIR}"/samba.conf
+ systemd_dounit "${FILESDIR}"/nmbd.service
+ systemd_dounit "${FILESDIR}"/smbd.{service,socket}
+ systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service'
+ systemd_dounit "${FILESDIR}"/winbindd.service
+}
+
+pkg_postinst() {
+ elog "Samba 3.6 has adopted a number of improved security defaults that"
+ elog "will impact on existing users of Samba."
+ elog " client ntlmv2 auth = yes"
+ elog " client use spnego principal = no"
+ elog " send spnego principal = no"
+ elog ""
+ elog "SMB2 protocol support in 3.6.0 is fully functional and can be "
+ elog "enabled by setting 'max protocol = smb2'. SMB2 is a new "
+ elog "implementation of the SMB protocol used by Windows Vista and higher"
+ elog ""
+ elog "For further information make sure to read the release notes at"
+ elog "http://samba.org/samba/history/${P}.html and "
+ elog "http://samba.org/samba/history/${PN}-3.6.0.html"
+}
diff --git a/net-fs/samba/samba-4.0.11.ebuild b/net-fs/samba/samba-4.0.13.ebuild
index 63aa7af7a989..684a0dff7e98 100644
--- a/net-fs/samba/samba-4.0.11.ebuild
+++ b/net-fs/samba/samba-4.0.13.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.0.11.ebuild,v 1.2 2013/11/15 23:25:46 zerochaos Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.0.13.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $
EAPI=5
PYTHON_COMPAT=( python2_{6,7} )
@@ -136,14 +136,11 @@ src_configure() {
src_install() {
waf-utils_src_install
- # Seems like the build script gets the shebangs correct by itself
- # (4.0.6)
- #python_replicate_script \
- # "${D}/usr/sbin/samba_dnsupdate" \
- # "${D}/usr/sbin/samba_spnupdate" \
- # "${D}/usr/sbin/samba_upgradedns" \
- # "${D}/usr/sbin/samba_kcc" \
- # "${D}/usr/bin/samba-tool"
+ # install ldap schema for server (bug #491002)
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ doins examples/LDAP/samba.schema
+ fi
# Make all .so files executable
find "${D}" -type f -name "*.so" -exec chmod +x {} +
diff --git a/net-fs/samba/samba-4.1.1.ebuild b/net-fs/samba/samba-4.1.3.ebuild
index ce633d296050..40b06f23cece 100644
--- a/net-fs/samba/samba-4.1.1.ebuild
+++ b/net-fs/samba/samba-4.1.3.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.1.1.ebuild,v 1.2 2013/11/15 23:25:46 zerochaos Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-4.1.3.ebuild,v 1.1 2013/12/09 08:44:49 polynomial-c Exp $
EAPI=5
PYTHON_COMPAT=( python2_{6,7} )
@@ -128,14 +128,11 @@ src_configure() {
src_install() {
waf-utils_src_install
- # Seems like the build script gets the shebangs correct by itself
- # (4.0.6)
- #python_replicate_script \
- # "${D}/usr/sbin/samba_dnsupdate" \
- # "${D}/usr/sbin/samba_spnupdate" \
- # "${D}/usr/sbin/samba_upgradedns" \
- # "${D}/usr/sbin/samba_kcc" \
- # "${D}/usr/bin/samba-tool"
+ # install ldap schema for server (bug #491002)
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ doins examples/LDAP/samba.schema
+ fi
# Make all .so files executable
find "${D}" -type f -name "*.so" -exec chmod +x {} +
@@ -149,6 +146,7 @@ src_install() {
systemd_dounit "${FILESDIR}"/smbd.{service,socket}
systemd_newunit "${FILESDIR}"/smbd_at.service 'smbd@.service'
systemd_dounit "${FILESDIR}"/winbindd.service
+ systemd_dounit "${FILESDIR}"/samba.service
}
src_test() {