diff options
author | David Seifert <soap@gentoo.org> | 2023-07-16 12:32:23 +0200 |
---|---|---|
committer | David Seifert <soap@gentoo.org> | 2023-07-16 12:32:23 +0200 |
commit | c580697941c0090848274bea073c0d3ef555032a (patch) | |
tree | 355ed0321f8868acbc1a30d687dbcb8d0572856d /net-fs/samba | |
parent | dev-lang/lua: add 5.4.6 (diff) | |
download | gentoo-c580697941c0090848274bea073c0d3ef555032a.tar.gz gentoo-c580697941c0090848274bea073c0d3ef555032a.tar.bz2 gentoo-c580697941c0090848274bea073c0d3ef555032a.zip |
net-fs/samba: add 4.18.4
Bug: https://bugs.gentoo.org/910306
Bug: https://bugs.gentoo.org/910334
Signed-off-by: David Seifert <soap@gentoo.org>
Diffstat (limited to 'net-fs/samba')
-rw-r--r-- | net-fs/samba/Manifest | 1 | ||||
-rw-r--r-- | net-fs/samba/files/samba-4.18.4-bug-15418-windows-update-secure-channel.patch | 56 | ||||
-rw-r--r-- | net-fs/samba/files/samba-4.18.4-pam.patch | 29 | ||||
-rw-r--r-- | net-fs/samba/samba-4.18.4.ebuild | 384 |
4 files changed, 470 insertions, 0 deletions
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index 71800bf46e2c..a4b028721aae 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -2,3 +2,4 @@ DIST samba-4.16.10.tar.gz 30695200 BLAKE2B 4cff5f6ab97e2b1d4e958f6348cf2a61d4844 DIST samba-4.16.8.tar.gz 30682100 BLAKE2B bbb9a89a39cc0bae88ba350df38aae35df0bd18c27dd37b093eb023cf71274c12f14c44037e9704404ee3ba27ab930e866b3b951bcc7a5f4499cbc544f231e6b SHA512 55fa977e046de4470a9f1cb4c7956ca1368a21fc88e6bb6ae93d3cadb5400caaebd5b7d51a5ff1aaea884ec58d8abe6c90f448168aaa175d0f6c018f1a913c70 DIST samba-4.17.8.tar.gz 30874388 BLAKE2B c1a76071a5d823433cde4e357477d433ca3054f6bb2e75124579bd75d0d93d22dc96e169bb2a4ac0f8fb1be96b54add3a0cdb1c854fdc34450ffd589b89cd074 SHA512 60cd72cd40ef4a958d26926d51d9741d4d6c6a7fc8d275c6ba76d2c3ffc4c71aa7554943125c47575135df1271bc421dd57a0d1206708dfa8e25d1b6dc2661ba DIST samba-4.18.3.tar.gz 41294739 BLAKE2B 0e132591d97316a091b1503714fb3085d8bd055f7e286a96aecdc43f8b15e38068e5aaba3fcea68158a37151c5ea8ef13f5b1e245c54f40fc6c3a167497cf70c SHA512 b0980291ca124641bd03ba51d4b4e2e492facb3939f8edf491133be83a82beed66f68f00442cb02c211a9e76eb6ba08387136e30eb7df756c3c90c76034689c4 +DIST samba-4.18.4.tar.gz 41311410 BLAKE2B 1f1aab7eb933111b9b1c72af8c3dd379fe34014085129e9d5cc400b4e434742e1c08ad4fdf2a98291d6063ce9b2ddc811e9ab5dbb133a85e97f2158f83dd7c96 SHA512 bc8d792b510061556c07b6844a825801a4271eed45e01133a4718c1839d123e2908fa0e31e67af43098500e98a9082eb104052e711a8a034fac23d86e15c29ee diff --git a/net-fs/samba/files/samba-4.18.4-bug-15418-windows-update-secure-channel.patch b/net-fs/samba/files/samba-4.18.4-bug-15418-windows-update-secure-channel.patch new file mode 100644 index 000000000000..1d0d9777fe19 --- /dev/null +++ b/net-fs/samba/files/samba-4.18.4-bug-15418-windows-update-secure-channel.patch @@ -0,0 +1,56 @@ +https://bugs.gentoo.org/910306 +https://bugzilla.samba.org/show_bug.cgi?id=15418 + + source3/rpc_server/netlogon/srv_netlog_nt.c | 9 +++++---- + source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++++---- + 2 files changed, 9 insertions(+), 8 deletions(-) + +--- a/source3/rpc_server/netlogon/srv_netlog_nt.c ++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c +@@ -2284,6 +2284,11 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p, + struct netlogon_creds_CredentialState *creds; + NTSTATUS status; + ++ if (r->in.query_level != 1) { ++ p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG; ++ return NT_STATUS_NOT_SUPPORTED; ++ } ++ + become_root(); + status = dcesrv_netr_creds_server_step_check(p->dce_call, + p->mem_ctx, +@@ -2296,10 +2301,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p, + return status; + } + +- if (r->in.query_level != 1) { +- return NT_STATUS_NOT_SUPPORTED; +- } +- + r->out.capabilities->server_capabilities = creds->negotiate_flags; + + return NT_STATUS_OK; +--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c ++++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c +@@ -2364,6 +2364,10 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c + struct netlogon_creds_CredentialState *creds; + NTSTATUS status; + ++ if (r->in.query_level != 1) { ++ DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG); ++ } ++ + status = dcesrv_netr_creds_server_step_check(dce_call, + mem_ctx, + r->in.computer_name, +@@ -2375,10 +2379,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c + } + NT_STATUS_NOT_OK_RETURN(status); + +- if (r->in.query_level != 1) { +- return NT_STATUS_NOT_SUPPORTED; +- } +- + r->out.capabilities->server_capabilities = creds->negotiate_flags; + + return NT_STATUS_OK; diff --git a/net-fs/samba/files/samba-4.18.4-pam.patch b/net-fs/samba/files/samba-4.18.4-pam.patch new file mode 100644 index 000000000000..381f77ccd32d --- /dev/null +++ b/net-fs/samba/files/samba-4.18.4-pam.patch @@ -0,0 +1,29 @@ +--- a/source3/wscript ++++ b/source3/wscript +@@ -863,7 +863,7 @@ + if conf.env.with_iconv: + conf.DEFINE('HAVE_ICONV', 1) + +- if Options.options.with_pam: ++ if Options.options.with_pam != False: + use_pam=True + conf.CHECK_HEADERS('security/pam_appl.h pam/pam_appl.h') + if not conf.CONFIG_SET('HAVE_SECURITY_PAM_APPL_H') and not conf.CONFIG_SET('HAVE_PAM_PAM_APPL_H'): +@@ -940,6 +940,17 @@ + "or headers not found. Use --without-pam to disable " + "PAM support."); + ++ else: ++ Logs.warn("PAM disabled") ++ use_pam=False ++ conf.undefine('WITH_PAM') ++ conf.undefine('WITH_PAM_MODULES') ++ conf.undefine('HAVE_SECURITY_PAM_APPL_H') ++ conf.undefine('PAM_RHOST') ++ conf.undefine('PAM_TTY') ++ conf.undefine('HAVE_PAM_PAM_APPL_H') ++ ++ + seteuid = False + + # diff --git a/net-fs/samba/samba-4.18.4.ebuild b/net-fs/samba/samba-4.18.4.ebuild new file mode 100644 index 000000000000..37860b3daa2c --- /dev/null +++ b/net-fs/samba/samba-4.18.4.ebuild @@ -0,0 +1,384 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) +PYTHON_REQ_USE="threads(+),xml(+)" +inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles + +DESCRIPTION="Samba Suite Version 4" +HOMEPAGE="https://samba.org/" + +MY_PV="${PV/_rc/rc}" +MY_P="${PN}-${MY_PV}" +if [[ ${PV} == *_rc* ]]; then + SRC_URI="mirror://samba/rc/${MY_P}.tar.gz" +else + SRC_URI="mirror://samba/stable/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +fi +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-3" +SLOT="0" +IUSE="acl addc ads ceph client cluster cpu_flags_x86_aes cups debug fam glusterfs gpg" +IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" +IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" +IUSE+=" zeroconf" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + addc? ( json python !system-mitkrb5 winbind ) + ads? ( acl ldap python winbind ) + cluster? ( ads ) + gpg? ( addc ) + spotlight? ( json ) + test? ( python ) + !ads? ( !addc ) + ?? ( system-heimdal system-mitkrb5 ) +" + +# the test suite is messed, it uses system-installed samba +# bits instead of what was built, tests things disabled via use +# flags, and generally just fails to work in a way ebuilds could +# rely on in its current state +RESTRICT="test" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/samba-4.0/policy.h + /usr/include/samba-4.0/dcerpc_server.h + /usr/include/samba-4.0/ctdb.h + /usr/include/samba-4.0/ctdb_client.h + /usr/include/samba-4.0/ctdb_protocol.h + /usr/include/samba-4.0/ctdb_private.h + /usr/include/samba-4.0/ctdb_typesafe_cb.h + /usr/include/samba-4.0/ctdb_version.h +) + +TALLOC_VERSION="2.4.0" +TDB_VERSION="1.4.8" +TEVENT_VERSION="0.14.1" + +COMMON_DEPEND=" + >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] + dev-lang/perl:= + dev-libs/icu:=[${MULTILIB_USEDEP}] + dev-libs/libbsd[${MULTILIB_USEDEP}] + dev-libs/libtasn1:=[${MULTILIB_USEDEP}] + dev-libs/popt[${MULTILIB_USEDEP}] + dev-perl/Parse-Yapp + >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] + >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] + >=sys-libs/ldb-2.7.2:=[ldap(+)?,${MULTILIB_USEDEP}] + <sys-libs/ldb-2.8.0:=[ldap(+)?,${MULTILIB_USEDEP}] + sys-libs/libcap[${MULTILIB_USEDEP}] + sys-libs/liburing:=[${MULTILIB_USEDEP}] + sys-libs/ncurses:= + sys-libs/readline:= + >=sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] + >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] + sys-libs/zlib[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + virtual/libiconv + $(python_gen_cond_dep ' + addc? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + dev-python/markdown[${PYTHON_USEDEP}] + ) + ads? ( + dev-python/dnspython:=[${PYTHON_USEDEP}] + net-dns/bind-tools[gssapi] + ) + ') + acl? ( virtual/acl ) + ceph? ( sys-cluster/ceph ) + cluster? ( net-libs/rpcsvc-proto ) + cups? ( net-print/cups ) + debug? ( dev-util/lttng-ust ) + fam? ( virtual/fam ) + gpg? ( app-crypt/gpgme:= ) + json? ( dev-libs/jansson:= ) + ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( + sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] + sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] + ) + snapper? ( sys-apps/dbus ) + system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) + system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd:= ) + unwind? ( + llvm-libunwind? ( sys-libs/llvm-libunwind:= ) + !llvm-libunwind? ( sys-libs/libunwind:= ) + ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${COMMON_DEPEND} + dev-perl/JSON + net-libs/libtirpc[${MULTILIB_USEDEP}] + net-libs/rpcsvc-proto + spotlight? ( dev-libs/glib ) + test? ( + >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] + $(python_gen_cond_dep "dev-python/subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) + !system-mitkrb5? ( + >=net-dns/resolv_wrapper-1.1.4 + >=net-libs/socket_wrapper-1.1.9 + >=sys-libs/nss_wrapper-1.1.3 + >=sys-libs/uid_wrapper-1.2.1 + ) + )" +RDEPEND="${COMMON_DEPEND} + client? ( net-fs/cifs-utils[ads?] ) + python? ( ${PYTHON_DEPS} ) + selinux? ( sec-policy/selinux-samba ) +" +BDEPEND="${PYTHON_DEPS} + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-4.18.4-pam.patch + "${FILESDIR}"/${PN}-4.18.4-bug-15418-windows-update-secure-channel.patch + "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch +) + +CONFDIR="${FILESDIR}/4.4" +WAF_BINARY="${S}/buildtools/bin/waf" +SHAREDMODS="" + +pkg_setup() { + # Package fails to build with distcc + export DISTCC_DISABLE=1 + export PYTHONHASHSEED=1 + + python-single-r1_pkg_setup + + SHAREDMODS="$(usev !snapper '!')vfs_snapper" + if use cluster ; then + SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" + elif use ads ; then + SHAREDMODS+=",idmap_ad" + fi +} + +check_samba_dep_versions() { + actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) + if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then + eerror "Source talloc version: ${TALLOC_VERSION}" + eerror "Ebuild talloc version: ${actual_talloc_version}" + die "Ebuild needs to fix TALLOC_VERSION!" + fi + + actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) + if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then + eerror "Source tdb version: ${TDB_VERSION}" + eerror "Ebuild tdb version: ${actual_tdb_version}" + die "Ebuild needs to fix TDB_VERSION!" + fi + + actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) + if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then + eerror "Source tevent version: ${TEVENT_VERSION}" + eerror "Ebuild tevent version: ${actual_tevent_version}" + die "Ebuild needs to fix TEVENT_VERSION!" + fi +} + +src_prepare() { + default + + check_samba_dep_versions + + # Unbundle dnspython + sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die + + # Unbundle iso8601 unless tests are enabled + if ! use test ; then + sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die + fi + + # Ugly hackaround for bug #592502 + #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die + + sed -e 's:<gpgme\.h>:<gpgme/gpgme.h>:' \ + -i source4/dsdb/samdb/ldb_modules/password_hash.c \ + || die + + # WAF + multilib_copy_sources +} + +multilib_src_configure() { + # When specifying libs for samba build you must append NONE to the end to + # stop it automatically including things + local bundled_libs="NONE" + if ! use system-heimdal && ! use system-mitkrb5 ; then + bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" + fi + + # We "use" bundled cmocka when we're not running tests as we're + # not using it anyway. Means we avoid making users install it for + # no reason. bug #802531 + if ! use test ; then + bundled_libs="cmocka,${bundled_libs}" + fi + + # bug #874633 + if use llvm-libunwind ; then + mkdir -p "${T}"/${ABI}/pkgconfig || die + + local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" + + cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die + exec_prefix=\${prefix} + libdir=/usr/$(get_libdir) + includedir=\${prefix}/include + + Name: libunwind-generic + Description: libunwind generic library + Version: 1.70 + Libs: -L\${libdir} -lunwind + Cflags: -I\${includedir} + EOF + fi + + local myconf=( + --enable-fhs + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" + --with-piddir="${EPREFIX}/run/${PN}" + --bundled-libraries="${bundled_libs}" + --builtin-libraries=NONE + --disable-rpath + --disable-rpath-install + --nopyc + --nopyo + --without-winexe + --accel-aes=$(usex cpu_flags_x86_aes intelaesni none) + $(multilib_native_use_with acl acl-support) + $(multilib_native_usex addc '' '--without-ad-dc') + $(multilib_native_use_with ads) + $(multilib_native_use_enable ceph cephfs) + $(multilib_native_use_with cluster cluster-support) + $(multilib_native_use_enable cups) + --without-dmapi + $(multilib_native_use_with fam) + $(multilib_native_use_enable glusterfs) + $(multilib_native_use_with gpg gpgme) + $(multilib_native_use_with json) + $(multilib_native_use_enable iprint) + $(multilib_native_use_with pam) + $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') + $(multilib_native_use_with quota quotas) + $(multilib_native_use_with regedit) + $(multilib_native_use_enable spotlight) + $(multilib_native_use_with syslog) + $(multilib_native_use_with systemd) + --systemd-install-services + --with-systemddir="$(systemd_get_systemunitdir)" + $(multilib_native_use_with unwind libunwind) + $(multilib_native_use_with winbind) + $(multilib_native_usex python '' '--disable-python') + $(multilib_native_use_enable zeroconf avahi) + $(multilib_native_usex test '--enable-selftest' '') + $(usev system-mitkrb5 "--with-system-mitkrb5 $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") + $(use_with debug lttng) + $(use_with ldap) + $(use_with profiling-data) + # bug #683148 + --jobs 1 + ) + + if multilib_is_native_abi ; then + myconf+=( --with-shared-modules=${SHAREDMODS} ) + else + myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) + fi + + append-cppflags "-I${ESYSROOT}/usr/include/et" + + waf-utils_src_configure ${myconf[@]} +} + +multilib_src_compile() { + waf-utils_src_compile +} + +multilib_src_test() { + if multilib_is_native_abi ; then + "${WAF_BINARY}" test || die "Test failed" + fi +} + +multilib_src_install() { + waf-utils_src_install + + # Make all .so files executable + find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die + # smbspool_krb5_wrapper must only be accessible to root, bug #880739 + find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die + + # Remove empty runtime dirs created by build system (bug #892341) + find "${ED}"/{run,var} -type d -empty -delete || die + + if multilib_is_native_abi ; then + # Install ldap schema for server (bug #491002) + if use ldap ; then + insinto /etc/openldap/schema + doins examples/LDAP/samba.schema + fi + + # Create symlink for cups (bug #552310) + if use cups ; then + dosym ../../../bin/smbspool \ + /usr/libexec/cups/backend/smb + fi + + # Install example config file + insinto /etc/samba + doins examples/smb.conf.default + + # Fix paths in example file (bug #603964) + sed \ + -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ + -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ + -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ + -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ + -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ + -i "${ED}"/etc/samba/smb.conf.default || die + + # Install init script and conf.d file + newinitd "${CONFDIR}/samba4.initd-r1" samba + newconfd "${CONFDIR}/samba4.confd" samba + + dotmpfiles "${FILESDIR}"/samba.conf + if ! use addc ; then + rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ + || die + fi + + # Preserve functionality for old gentoo-specific unit names + dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" + dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" + dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" + fi + + if use pam && use winbind ; then + newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind + # bugs #376853 and #590374 + insinto /etc/security + doins examples/pam_winbind/pam_winbind.conf + fi +} + +pkg_postinst() { + tmpfiles_process samba.conf +} |