diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2020-06-25 10:30:39 +0200 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2020-06-25 10:34:42 +0200 |
commit | b32c611babc168729365872f34b036c3e85e4d03 (patch) | |
tree | 711cc6d0bb6f8d9a226fdd9b4371e7b20460ff80 /net-fs | |
parent | net-misc/rsync: Security cleanup (diff) | |
download | gentoo-b32c611babc168729365872f34b036c3e85e4d03.tar.gz gentoo-b32c611babc168729365872f34b036c3e85e4d03.tar.bz2 gentoo-b32c611babc168729365872f34b036c3e85e4d03.zip |
net-fs/samba: Security cleanup
Bug: https://bugs.gentoo.org/719120
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-fs')
-rw-r--r-- | net-fs/samba/Manifest | 1 | ||||
-rw-r--r-- | net-fs/samba/samba-4.11.6-r2.ebuild | 316 |
2 files changed, 0 insertions, 317 deletions
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index 343ff7d3f78e..6b058ec2b28d 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -1,4 +1,3 @@ -DIST samba-4.11.6.tar.gz 18541566 BLAKE2B 2b4a40be7cec8a9706cbc344796885f59403aa11ca3d8a7dc40b3d287ec222c11d7395fd193c4b66c4116f1bffd869caf444a950d508f5a9a596db32553e1461 SHA512 3815080a1693c596a126371a5ea4e8534317a7266803c7de13a7e5b3ee9757dfbf13c0de20d498a6683d3aaf56941ed42f289e3c24f88713529a5f047a691af2 DIST samba-4.11.8.tar.gz 18571308 BLAKE2B 024920789ac8fcedfc79f4d094a47e4c1399a0bbc3ad79908f66b9bbabd765865795763c1017cc0caba18dbc11ce6a7e25231804d7dff11ab3d97a599ab8d9ed SHA512 a036c46e060d9edc11bf4e45e0449042fe44b74ff083d305779c68dad943f87fb6d2680f3a68e6bbcd0b19c8c397ec9fc5794229a311c25dad9efc366add613a DIST samba-4.11.9.tar.gz 18576961 BLAKE2B 584e62df96bd7de6c0ff93f8fb45b85583b048c300cae020e1e1b467e773b4198c215cbef3b9c34ddf2e138118cca1dd7002ab9c671d111606e735ba8595f720 SHA512 77c1e928d23115eed0cc20f5836b02e73a26b0c23b2061c6148177fbf5b140e3d3a7a9fabfee3a2306158bc157708636c58c6655a57a64f0ff9a20c1a91e4f23 DIST samba-4.12.2.tar.gz 18192360 BLAKE2B 1ef1b128dc628d5b8b69183fa99eceac27feaea54207eb2e5e2af5882cdf17d2819efbfc9f91cf73a9c744b5ef17c6b8dcd135783da9a36d8c41246d2c4515d0 SHA512 c1d5f62ea2e43c246988aa65c4b690de232f73c0213cbc5d532e43c8cfbea17f1ac92435526b64c9a85c582b29381eecfb57713861efc32f6e6257000c393562 diff --git a/net-fs/samba/samba-4.11.6-r2.ebuild b/net-fs/samba/samba-4.11.6-r2.ebuild deleted file mode 100644 index d4dbcb43bbb1..000000000000 --- a/net-fs/samba/samba-4.11.6-r2.ebuild +++ /dev/null @@ -1,316 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python3_{6,7,8} ) -PYTHON_REQ_USE='threads(+),xml(+)' -inherit python-single-r1 waf-utils multilib-minimal linux-info systemd pam - -MY_PV="${PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" - -SRC_PATH="stable" -[[ ${PV} = *_rc* ]] && SRC_PATH="rc" - -SRC_URI="mirror://samba/${SRC_PATH}/${MY_P}.tar.gz" -[[ ${PV} = *_rc* ]] || \ -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc ppc64 sparc x86" - -DESCRIPTION="Samba Suite Version 4" -HOMEPAGE="https://www.samba.org/" -LICENSE="GPL-3" - -SLOT="0" - -IUSE="acl addc addns ads ceph client cluster cups debug dmapi fam gpg iprint -json ldap pam profiling-data python quota selinux syslog system-heimdal -+system-mitkrb5 systemd test winbind zeroconf" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/samba-4.0/policy.h - /usr/include/samba-4.0/dcerpc_server.h - /usr/include/samba-4.0/ctdb.h - /usr/include/samba-4.0/ctdb_client.h - /usr/include/samba-4.0/ctdb_protocol.h - /usr/include/samba-4.0/ctdb_private.h - /usr/include/samba-4.0/ctdb_typesafe_cb.h - /usr/include/samba-4.0/ctdb_version.h -) - -# sys-apps/attr is an automagic dependency (see bug #489748) -CDEPEND=" - >=app-arch/libarchive-3.1.2[${MULTILIB_USEDEP}] - dev-lang/perl:= - dev-libs/libaio[${MULTILIB_USEDEP}] - dev-libs/libbsd[${MULTILIB_USEDEP}] - dev-libs/libgcrypt:0 - dev-libs/iniparser:0 - dev-libs/popt[${MULTILIB_USEDEP}] - >=dev-util/cmocka-1.1.1[${MULTILIB_USEDEP}] - >=net-libs/gnutls-3.2.0 - net-libs/libnsl:=[${MULTILIB_USEDEP}] - sys-apps/attr[${MULTILIB_USEDEP}] - >=sys-libs/ldb-2.0.8[ldap(+)?,python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] - <sys-libs/ldb-2.1.0[ldap(+)?,python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] - sys-libs/libcap - sys-libs/ncurses:0=[${MULTILIB_USEDEP}] - sys-libs/readline:0= - >=sys-libs/talloc-2.2.0[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] - >=sys-libs/tdb-1.4.2[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] - >=sys-libs/tevent-0.10.0[python?,${PYTHON_SINGLE_USEDEP},${MULTILIB_USEDEP}] - sys-libs/zlib[${MULTILIB_USEDEP}] - virtual/libiconv - pam? ( sys-libs/pam ) - acl? ( virtual/acl ) - $(python_gen_cond_dep " - dev-python/subunit[\${PYTHON_MULTI_USEDEP},${MULTILIB_USEDEP}] - addns? ( - net-dns/bind-tools[gssapi] - dev-python/dnspython:=[\${PYTHON_MULTI_USEDEP}] - ) - ") - ceph? ( sys-cluster/ceph ) - cluster? ( - net-libs/rpcsvc-proto - !dev-db/ctdb - ) - cups? ( net-print/cups ) - debug? ( dev-util/lttng-ust ) - dmapi? ( sys-apps/dmapi ) - fam? ( virtual/fam ) - gpg? ( app-crypt/gpgme ) - json? ( dev-libs/jansson ) - ldap? ( net-nds/openldap[${MULTILIB_USEDEP}] ) - system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) - system-mitkrb5? ( >=app-crypt/mit-krb5-1.15.1[${MULTILIB_USEDEP}] ) - systemd? ( sys-apps/systemd:0= ) - zeroconf? ( net-dns/avahi ) -" -DEPEND="${CDEPEND} - ${PYTHON_DEPS} - app-text/docbook-xsl-stylesheets - dev-libs/libxslt - net-libs/libtirpc[${MULTILIB_USEDEP}] - virtual/pkgconfig - || ( - net-libs/rpcsvc-proto - <sys-libs/glibc-2.26[rpc(+)] - ) - test? ( - !system-mitkrb5? ( - >=sys-libs/nss_wrapper-1.1.3 - >=net-dns/resolv_wrapper-1.1.4 - >=net-libs/socket_wrapper-1.1.9 - >=sys-libs/uid_wrapper-1.2.1 - ) - )" -RDEPEND="${CDEPEND} - python? ( ${PYTHON_DEPS} ) - client? ( net-fs/cifs-utils[ads?] ) - selinux? ( sec-policy/selinux-samba ) - !dev-perl/Parse-Yapp -" - -REQUIRED_USE=" - addc? ( python json winbind ) - addns? ( python ) - ads? ( acl ldap winbind ) - cluster? ( ads ) - gpg? ( addc ) - test? ( python ) - ?? ( system-heimdal system-mitkrb5 ) - ${PYTHON_REQUIRED_USE} -" - -# the test suite is messed, it uses system-installed samba -# bits instead of what was built, tests things disabled via use -# flags, and generally just fails to work in a way ebuilds could -# rely on in its current state -RESTRICT="test" - -S="${WORKDIR}/${MY_P}" - -PATCHES=( - "${FILESDIR}/${PN}-4.4.0-pam.patch" - "${FILESDIR}/${PN}-4.9.2-timespec.patch" -) - -#CONFDIR="${FILESDIR}/$(get_version_component_range 1-2)" -CONFDIR="${FILESDIR}/4.4" - -WAF_BINARY="${S}/buildtools/bin/waf" - -SHAREDMODS="" - -pkg_setup() { - python-single-r1_pkg_setup - if use cluster ; then - SHAREDMODS="idmap_rid,idmap_tdb2,idmap_ad" - elif use ads ; then - SHAREDMODS="idmap_ad" - fi -} - -src_prepare() { - default - - # un-bundle dnspython - sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die - - # unbundle iso8601 unless tests are enabled - if ! use test ; then - sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die - fi - - # ugly hackaround for bug #592502 - cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die - - sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ - -i source4/dsdb/samdb/ldb_modules/password_hash.c \ - || die - - # Friggin' WAF shit - multilib_copy_sources -} - -multilib_src_configure() { - # when specifying libs for samba build you must append NONE to the end to - # stop it automatically including things - local bundled_libs="NONE" - if ! use system-heimdal && ! use system-mitkrb5 ; then - bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" - fi - - local myconf=( - --enable-fhs - --sysconfdir="${EPREFIX}/etc" - --localstatedir="${EPREFIX}/var" - --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" - --with-piddir="${EPREFIX}/run/${PN}" - --bundled-libraries="${bundled_libs}" - --builtin-libraries=NONE - --disable-rpath - --disable-rpath-install - --nopyc - --nopyo - $(multilib_native_use_with acl acl-support) - $(multilib_native_usex addc '' '--without-ad-dc') - $(multilib_native_use_with addns dnsupdate) - $(multilib_native_use_with ads) - $(multilib_native_use_enable ceph cephfs) - $(multilib_native_use_with cluster cluster-support) - $(multilib_native_use_enable cups) - $(multilib_native_use_with dmapi) - $(multilib_native_use_with fam) - $(multilib_native_use_with gpg gpgme) - $(multilib_native_use_with json) - $(multilib_native_use_enable iprint) - $(multilib_native_use_with pam) - $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') - $(multilib_native_use_with quota quotas) - $(multilib_native_use_with syslog) - $(multilib_native_use_with systemd) - --systemd-install-services - --with-systemddir="$(systemd_get_systemunitdir)" - $(multilib_native_use_with winbind) - $(multilib_native_usex python '' '--disable-python') - $(multilib_native_use_enable zeroconf avahi) - $(multilib_native_usex test '--enable-selftest' '') - $(usex system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')" '') - $(use_with debug lttng) - $(use_with ldap) - $(use_with profiling-data) - # bug #683148 - --jobs 1 - ) - - multilib_is_native_abi && myconf+=( --with-shared-modules=${SHAREDMODS} ) - - CPPFLAGS="-I${SYSROOT}${EPREFIX}/usr/include/et ${CPPFLAGS}" \ - waf-utils_src_configure ${myconf[@]} -} - -multilib_src_compile() { - waf-utils_src_compile -} - -multilib_src_install() { - waf-utils_src_install - - # Make all .so files executable - find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die - - if multilib_is_native_abi ; then - # install ldap schema for server (bug #491002) - if use ldap ; then - insinto /etc/openldap/schema - doins examples/LDAP/samba.schema - fi - - # create symlink for cups (bug #552310) - if use cups ; then - dosym ../../../bin/smbspool /usr/libexec/cups/backend/smb - fi - - # install example config file - insinto /etc/samba - doins examples/smb.conf.default - - # Fix paths in example file (#603964) - sed \ - -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ - -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ - -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ - -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ - -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ - -i "${ED%/}"/etc/samba/smb.conf.default || die - - # Install init script and conf.d file - newinitd "${CONFDIR}/samba4.initd-r1" samba - newconfd "${CONFDIR}/samba4.confd" samba - - systemd_dotmpfilesd "${FILESDIR}"/samba.conf - use addc || rm "${D}/$(systemd_get_systemunitdir)/samba.service" || die - - # Preserve functionality for old gentoo-specific unit names - dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" - dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" - dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" - fi - - if use pam && use winbind ; then - newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind - # bugs #376853 and #590374 - insinto /etc/security - doins examples/pam_winbind/pam_winbind.conf - fi - - keepdir /var/cache/samba - keepdir /var/lib/ctdb - keepdir /var/lib/samba/{bind-dns,private} - keepdir /var/log/samba -} - -multilib_src_install_all() { - # Attempt to fix bug #673168 - find "${ED}" -type d -name "Yapp" -print0 \ - | xargs -0 --no-run-if-empty rm -r || die -} - -multilib_src_test() { - if multilib_is_native_abi ; then - "${WAF_BINARY}" test || die "test failed" - fi -} - -pkg_postinst() { - ewarn "Be aware that this release contains the best of all of Samba's" - ewarn "technology parts, both a file server (that you can reasonably expect" - ewarn "to upgrade existing Samba 3.x releases to) and the AD domain" - ewarn "controller work previously known as 'samba4'." - - elog "For further information and migration steps make sure to read " - elog "https://samba.org/samba/history/${P}.html " - elog "https://wiki.samba.org/index.php/Samba4/HOWTO " -} |