| 1 |
commit: 96c00c4dd1a84dd1b7d4bb24b1c32da67d53d353 |
| 2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Dec 3 15:38:37 2021 +0000 |
| 4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Dec 3 15:39:06 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96c00c4d |
| 7 |
|
| 8 |
net-fs/samba: Security cleanup |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/821688 |
| 11 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
| 12 |
|
| 13 |
net-fs/samba/Manifest | 1 - |
| 14 |
net-fs/samba/samba-4.14.9.ebuild | 339 --------------------------------------- |
| 15 |
2 files changed, 340 deletions(-) |
| 16 |
|
| 17 |
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest |
| 18 |
index 0bd4d0b090de..fd3ea6e68854 100644 |
| 19 |
--- a/net-fs/samba/Manifest |
| 20 |
+++ b/net-fs/samba/Manifest |
| 21 |
@@ -1,3 +1,2 @@ |
| 22 |
DIST samba-4.14.10.tar.gz 19134066 BLAKE2B c6daebc7abbf2ed371ed694e4478d05875d55f7c5a9f83461932eebd7fe9089ff15e0530555d468e64f897d4cadab86e8c0acbfbd20938b3be842cb4324486e2 SHA512 0e1dd386d185cf77a2be4155646e98b3218316b5c290358684ec8eed747ffea67aa7db0937edc971fb791dc47f0f51306db33eb3b8cb65cca8787f18fd4b7f1c |
| 23 |
-DIST samba-4.14.9.tar.gz 19063803 BLAKE2B 157665aba6d2449781ad3781deb2cdb3ae325879a796b8ba07a9d981ed93aaccd7f098841136a3be9d4e304ecba00b7ecb0c4a84cdfc6593172d4bc66cb38c69 SHA512 e7eb8b55656f51d94d99358dbe39869a74e34b2c69e14ac813c2387a4b2a10d8a5c22ad9b6a3a3ed4dcec4c13df810f577e22d7f1cc903176c0962e412496deb |
| 24 |
DIST samba-4.15.2.tar.gz 19252338 BLAKE2B aded33cbefce69c9b20148de1be224514de5cc825404e8188fb0a96022d0fdc6595256f74a5e295fd2e1062e8520775b6c59c1d6a7bf80a52ed9fa9db412dcdd SHA512 6fdf9db0da90332afe527703066cca4ec5b0ec6bf6a5979443953f9fbc18b870a7e2445a41c9ae3d63f7738c9c0282e7ca82f6066aa68e151eec248615ea7b21 |
| 25 |
|
| 26 |
diff --git a/net-fs/samba/samba-4.14.9.ebuild b/net-fs/samba/samba-4.14.9.ebuild |
| 27 |
deleted file mode 100644 |
| 28 |
index d94a70025926..000000000000 |
| 29 |
--- a/net-fs/samba/samba-4.14.9.ebuild |
| 30 |
+++ /dev/null |
| 31 |
@@ -1,339 +0,0 @@ |
| 32 |
-# Copyright 1999-2021 Gentoo Authors |
| 33 |
-# Distributed under the terms of the GNU General Public License v2 |
| 34 |
- |
| 35 |
-EAPI=7 |
| 36 |
- |
| 37 |
-PYTHON_COMPAT=( python3_{8..9} ) |
| 38 |
-PYTHON_REQ_USE="threads(+),xml(+)" |
| 39 |
-inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam tmpfiles |
| 40 |
- |
| 41 |
-DESCRIPTION="Samba Suite Version 4" |
| 42 |
-HOMEPAGE="https://samba.org/" |
| 43 |
- |
| 44 |
-MY_PV="${PV/_rc/rc}" |
| 45 |
-MY_P="${PN}-${MY_PV}" |
| 46 |
-if [[ ${PV} = *_rc* ]]; then |
| 47 |
- SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" |
| 48 |
-else |
| 49 |
- SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" |
| 50 |
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 ~riscv sparc x86" |
| 51 |
-fi |
| 52 |
-S="${WORKDIR}/${MY_P}" |
| 53 |
- |
| 54 |
-LICENSE="GPL-3" |
| 55 |
-SLOT="0" |
| 56 |
-IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam glusterfs |
| 57 |
-gpg iprint json ldap ntvfs pam profiling-data python quota +regedit selinux |
| 58 |
-snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test winbind |
| 59 |
-zeroconf" |
| 60 |
- |
| 61 |
-REQUIRED_USE="${PYTHON_REQUIRED_USE} |
| 62 |
- addc? ( python json winbind ) |
| 63 |
- addns? ( python ) |
| 64 |
- ads? ( acl ldap winbind ) |
| 65 |
- cluster? ( ads ) |
| 66 |
- gpg? ( addc ) |
| 67 |
- ntvfs? ( addc ) |
| 68 |
- spotlight? ( json ) |
| 69 |
- test? ( python ) |
| 70 |
- !ads? ( !addc ) |
| 71 |
- ?? ( system-heimdal system-mitkrb5 ) |
| 72 |
-" |
| 73 |
- |
| 74 |
-# the test suite is messed, it uses system-installed samba |
| 75 |
-# bits instead of what was built, tests things disabled via use |
| 76 |
-# flags, and generally just fails to work in a way ebuilds could |
| 77 |
-# rely on in its current state |
| 78 |
-RESTRICT="test" |
| 79 |
- |
| 80 |
-MULTILIB_WRAPPED_HEADERS=( |
| 81 |
- /usr/include/samba-4.0/policy.h |
| 82 |
- /usr/include/samba-4.0/dcerpc_server.h |
| 83 |
- /usr/include/samba-4.0/ctdb.h |
| 84 |
- /usr/include/samba-4.0/ctdb_client.h |
| 85 |
- /usr/include/samba-4.0/ctdb_protocol.h |
| 86 |
- /usr/include/samba-4.0/ctdb_private.h |
| 87 |
- /usr/include/samba-4.0/ctdb_typesafe_cb.h |
| 88 |
- /usr/include/samba-4.0/ctdb_version.h |
| 89 |
-) |
| 90 |
- |
| 91 |
-COMMON_DEPEND=" |
| 92 |
- >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] |
| 93 |
- dev-lang/perl:= |
| 94 |
- dev-libs/icu:=[${MULTILIB_USEDEP}] |
| 95 |
- dev-libs/libbsd[${MULTILIB_USEDEP}] |
| 96 |
- dev-libs/libtasn1[${MULTILIB_USEDEP}] |
| 97 |
- dev-libs/popt[${MULTILIB_USEDEP}] |
| 98 |
- dev-perl/Parse-Yapp |
| 99 |
- >=net-libs/gnutls-3.4.7[${MULTILIB_USEDEP}] |
| 100 |
- net-libs/libnsl:=[${MULTILIB_USEDEP}] |
| 101 |
- sys-libs/e2fsprogs-libs[${MULTILIB_USEDEP}] |
| 102 |
- >=sys-libs/ldb-2.3.1[ldap(+)?,${MULTILIB_USEDEP}] |
| 103 |
- <sys-libs/ldb-2.4.0[ldap(+)?,${MULTILIB_USEDEP}] |
| 104 |
- sys-libs/libcap[${MULTILIB_USEDEP}] |
| 105 |
- sys-libs/liburing:=[${MULTILIB_USEDEP}] |
| 106 |
- sys-libs/ncurses:0= |
| 107 |
- sys-libs/readline:0= |
| 108 |
- >=sys-libs/talloc-2.3.2[${MULTILIB_USEDEP}] |
| 109 |
- >=sys-libs/tdb-1.4.3[${MULTILIB_USEDEP}] |
| 110 |
- >=sys-libs/tevent-0.10.2[${MULTILIB_USEDEP}] |
| 111 |
- sys-libs/zlib[${MULTILIB_USEDEP}] |
| 112 |
- virtual/libcrypt:=[${MULTILIB_USEDEP}] |
| 113 |
- virtual/libiconv |
| 114 |
- $(python_gen_cond_dep " |
| 115 |
- addc? ( |
| 116 |
- dev-python/dnspython:=[\${PYTHON_USEDEP}] |
| 117 |
- dev-python/markdown[\${PYTHON_USEDEP}] |
| 118 |
- ) |
| 119 |
- addns? ( |
| 120 |
- dev-python/dnspython:=[\${PYTHON_USEDEP}] |
| 121 |
- net-dns/bind-tools[gssapi] |
| 122 |
- ) |
| 123 |
- ") |
| 124 |
- !alpha? ( !sparc? ( sys-libs/libunwind:= ) ) |
| 125 |
- acl? ( virtual/acl ) |
| 126 |
- ceph? ( sys-cluster/ceph ) |
| 127 |
- cluster? ( net-libs/rpcsvc-proto ) |
| 128 |
- cups? ( net-print/cups ) |
| 129 |
- debug? ( dev-util/lttng-ust ) |
| 130 |
- dmapi? ( sys-apps/dmapi ) |
| 131 |
- fam? ( virtual/fam ) |
| 132 |
- gpg? ( app-crypt/gpgme ) |
| 133 |
- json? ( dev-libs/jansson:= ) |
| 134 |
- ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) |
| 135 |
- pam? ( sys-libs/pam ) |
| 136 |
- python? ( |
| 137 |
- sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] |
| 138 |
- sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] |
| 139 |
- sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] |
| 140 |
- sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] |
| 141 |
- ) |
| 142 |
- snapper? ( sys-apps/dbus ) |
| 143 |
- system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) |
| 144 |
- system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) |
| 145 |
- systemd? ( sys-apps/systemd:0= ) |
| 146 |
- zeroconf? ( net-dns/avahi[dbus] ) |
| 147 |
-" |
| 148 |
-DEPEND="${COMMON_DEPEND} |
| 149 |
- >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] |
| 150 |
- net-libs/libtirpc[${MULTILIB_USEDEP}] |
| 151 |
- || ( |
| 152 |
- net-libs/rpcsvc-proto |
| 153 |
- <sys-libs/glibc-2.26[rpc(+)] |
| 154 |
- ) |
| 155 |
- spotlight? ( dev-libs/glib ) |
| 156 |
- test? ( |
| 157 |
- $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) |
| 158 |
- !system-mitkrb5? ( |
| 159 |
- >=net-dns/resolv_wrapper-1.1.4 |
| 160 |
- >=net-libs/socket_wrapper-1.1.9 |
| 161 |
- >=sys-libs/nss_wrapper-1.1.3 |
| 162 |
- >=sys-libs/uid_wrapper-1.2.1 |
| 163 |
- ) |
| 164 |
- )" |
| 165 |
-RDEPEND="${COMMON_DEPEND} |
| 166 |
- client? ( net-fs/cifs-utils[ads?] ) |
| 167 |
- python? ( ${PYTHON_DEPS} ) |
| 168 |
- selinux? ( sec-policy/selinux-samba ) |
| 169 |
-" |
| 170 |
-BDEPEND="${PYTHON_DEPS} |
| 171 |
- app-text/docbook-xsl-stylesheets |
| 172 |
- dev-libs/libxslt |
| 173 |
- virtual/pkgconfig |
| 174 |
-" |
| 175 |
- |
| 176 |
-PATCHES=( |
| 177 |
- "${FILESDIR}/${PN}-4.4.0-pam.patch" |
| 178 |
-) |
| 179 |
- |
| 180 |
-#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" |
| 181 |
-CONFDIR="${FILESDIR}/4.4" |
| 182 |
- |
| 183 |
-WAF_BINARY="${S}/buildtools/bin/waf" |
| 184 |
- |
| 185 |
-SHAREDMODS="" |
| 186 |
- |
| 187 |
-pkg_setup() { |
| 188 |
- # Package fails to build with distcc |
| 189 |
- export DISTCC_DISABLE=1 |
| 190 |
- |
| 191 |
- python-single-r1_pkg_setup |
| 192 |
- |
| 193 |
- SHAREDMODS="$(usex snapper '' '!')vfs_snapper" |
| 194 |
- if use cluster ; then |
| 195 |
- SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" |
| 196 |
- elif use ads ; then |
| 197 |
- SHAREDMODS+=",idmap_ad" |
| 198 |
- fi |
| 199 |
-} |
| 200 |
- |
| 201 |
-src_prepare() { |
| 202 |
- default |
| 203 |
- |
| 204 |
- # un-bundle dnspython |
| 205 |
- sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die |
| 206 |
- |
| 207 |
- # unbundle iso8601 unless tests are enabled |
| 208 |
- if ! use test ; then |
| 209 |
- sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die |
| 210 |
- fi |
| 211 |
- |
| 212 |
- ## ugly hackaround for bug #592502 |
| 213 |
- #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die |
| 214 |
- |
| 215 |
- sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ |
| 216 |
- -i source4/dsdb/samdb/ldb_modules/password_hash.c \ |
| 217 |
- || die |
| 218 |
- |
| 219 |
- # Friggin' WAF shit |
| 220 |
- multilib_copy_sources |
| 221 |
-} |
| 222 |
- |
| 223 |
-multilib_src_configure() { |
| 224 |
- # when specifying libs for samba build you must append NONE to the end to |
| 225 |
- # stop it automatically including things |
| 226 |
- local bundled_libs="NONE" |
| 227 |
- if ! use system-heimdal && ! use system-mitkrb5 ; then |
| 228 |
- bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" |
| 229 |
- fi |
| 230 |
- |
| 231 |
- local myconf=( |
| 232 |
- --enable-fhs |
| 233 |
- --sysconfdir="${EPREFIX}/etc" |
| 234 |
- --localstatedir="${EPREFIX}/var" |
| 235 |
- --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" |
| 236 |
- --with-piddir="${EPREFIX}/run/${PN}" |
| 237 |
- --bundled-libraries="${bundled_libs}" |
| 238 |
- --builtin-libraries=NONE |
| 239 |
- --disable-rpath |
| 240 |
- --disable-rpath-install |
| 241 |
- --nopyc |
| 242 |
- --nopyo |
| 243 |
- --without-winexe |
| 244 |
- $(multilib_native_use_with acl acl-support) |
| 245 |
- $(multilib_native_usex addc '' '--without-ad-dc') |
| 246 |
- $(multilib_native_use_with addns dnsupdate) |
| 247 |
- $(multilib_native_use_with ads) |
| 248 |
- $(multilib_native_use_enable ceph cephfs) |
| 249 |
- $(multilib_native_use_with cluster cluster-support) |
| 250 |
- $(multilib_native_use_enable cups) |
| 251 |
- $(multilib_native_use_with dmapi) |
| 252 |
- $(multilib_native_use_with fam) |
| 253 |
- $(multilib_native_use_enable glusterfs) |
| 254 |
- $(multilib_native_use_with gpg gpgme) |
| 255 |
- $(multilib_native_use_with json) |
| 256 |
- $(multilib_native_use_enable iprint) |
| 257 |
- $(multilib_native_use_with ntvfs ntvfs-fileserver) |
| 258 |
- $(multilib_native_use_with pam) |
| 259 |
- $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') |
| 260 |
- $(multilib_native_use_with quota quotas) |
| 261 |
- $(multilib_native_use_with regedit) |
| 262 |
- $(multilib_native_use_enable spotlight) |
| 263 |
- $(multilib_native_use_with syslog) |
| 264 |
- $(multilib_native_use_with systemd) |
| 265 |
- --systemd-install-services |
| 266 |
- --with-systemddir="$(systemd_get_systemunitdir)" |
| 267 |
- $(multilib_native_use_with winbind) |
| 268 |
- $(multilib_native_usex python '' '--disable-python') |
| 269 |
- $(multilib_native_use_enable zeroconf avahi) |
| 270 |
- $(multilib_native_usex test '--enable-selftest' '') |
| 271 |
- $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') |
| 272 |
- $(use_with debug lttng) |
| 273 |
- $(use_with ldap) |
| 274 |
- $(use_with profiling-data) |
| 275 |
- # bug #683148 |
| 276 |
- --jobs 1 |
| 277 |
- ) |
| 278 |
- |
| 279 |
- if multilib_is_native_abi ; then |
| 280 |
- myconf+=( --with-shared-modules=${SHAREDMODS} ) |
| 281 |
- else |
| 282 |
- myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) |
| 283 |
- fi |
| 284 |
- |
| 285 |
- CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ |
| 286 |
- waf-utils_src_configure ${myconf[@]} |
| 287 |
-} |
| 288 |
- |
| 289 |
-multilib_src_compile() { |
| 290 |
- waf-utils_src_compile |
| 291 |
-} |
| 292 |
- |
| 293 |
-multilib_src_install() { |
| 294 |
- waf-utils_src_install |
| 295 |
- |
| 296 |
- # Make all .so files executable |
| 297 |
- find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die |
| 298 |
- |
| 299 |
- if multilib_is_native_abi ; then |
| 300 |
- # install ldap schema for server (bug #491002) |
| 301 |
- if use ldap ; then |
| 302 |
- insinto /etc/openldap/schema |
| 303 |
- doins examples/LDAP/samba.schema |
| 304 |
- fi |
| 305 |
- |
| 306 |
- # create symlink for cups (bug #552310) |
| 307 |
- if use cups ; then |
| 308 |
- dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb |
| 309 |
- fi |
| 310 |
- |
| 311 |
- # install example config file |
| 312 |
- insinto /etc/samba |
| 313 |
- doins examples/smb.conf.default |
| 314 |
- |
| 315 |
- # Fix paths in example file (#603964) |
| 316 |
- sed \ |
| 317 |
- -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ |
| 318 |
- -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ |
| 319 |
- -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ |
| 320 |
- -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ |
| 321 |
- -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ |
| 322 |
- -i "${ED}"/etc/samba/smb.conf.default || die |
| 323 |
- |
| 324 |
- # Install init script and conf.d file |
| 325 |
- newinitd "${CONFDIR}/samba4.initd-r1" samba |
| 326 |
- newconfd "${CONFDIR}/samba4.confd" samba |
| 327 |
- |
| 328 |
- dotmpfiles "${FILESDIR}"/samba.conf |
| 329 |
- use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die |
| 330 |
- |
| 331 |
- # Preserve functionality for old gentoo-specific unit names |
| 332 |
- dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" |
| 333 |
- dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" |
| 334 |
- dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" |
| 335 |
- fi |
| 336 |
- |
| 337 |
- if use pam && use winbind ; then |
| 338 |
- newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind |
| 339 |
- # bugs #376853 and #590374 |
| 340 |
- insinto /etc/security |
| 341 |
- doins examples/pam_winbind/pam_winbind.conf |
| 342 |
- fi |
| 343 |
- |
| 344 |
- keepdir /var/cache/samba |
| 345 |
- keepdir /var/lib/ctdb |
| 346 |
- keepdir /var/lib/samba/{bind-dns,private} |
| 347 |
- keepdir /var/lock/samba |
| 348 |
- keepdir /var/log/samba |
| 349 |
-} |
| 350 |
- |
| 351 |
-multilib_src_test() { |
| 352 |
- if multilib_is_native_abi ; then |
| 353 |
- "${WAF_BINARY}" test || die "test failed" |
| 354 |
- fi |
| 355 |
-} |
| 356 |
- |
| 357 |
-pkg_postinst() { |
| 358 |
- tmpfiles_process samba.conf |
| 359 |
- |
| 360 |
- if [[ -z ${REPLACING_VERSIONS} ]] ; then |
| 361 |
- elog "Be aware that this release contains the best of all of Samba's" |
| 362 |
- elog "technology parts, both a file server (that you can reasonably expect" |
| 363 |
- elog "to upgrade existing Samba 3.x releases to) and the AD domain" |
| 364 |
- elog "controller work previously known as 'samba4'." |
| 365 |
- elog |
| 366 |
- fi |
| 367 |
- elog "For further information and migration steps make sure to read " |
| 368 |
- elog "https://samba.org/samba/history/${P}.html " |
| 369 |
- elog "https://wiki.samba.org/index.php/Samba4/HOWTO " |
| 370 |
-} |
Archives