Date: Tue, 24 Feb 2015 20:44:11 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r379838 - in head/net: samba36 samba4 samba4/files samba41 samba41/files Message-ID: <201502242044.t1OKiBw5023952@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Tue Feb 24 20:44:10 2015 New Revision: 379838 URL: https://svnweb.freebsd.org/changeset/ports/379838 QAT: https://qat.redports.org/buildarchive/r379838/ Log: Update samba ports to address CVE-2015-0240 Security: CVE-2015-0240 Modified: head/net/samba36/Makefile head/net/samba4/Makefile head/net/samba4/distinfo head/net/samba4/files/samba_server.in head/net/samba41/Makefile head/net/samba41/distinfo head/net/samba41/files/samba_server.in Modified: head/net/samba36/Makefile ============================================================================== --- head/net/samba36/Makefile Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba36/Makefile Tue Feb 24 20:44:10 2015 (r379838) @@ -102,15 +102,30 @@ OPTIONS_DEFINE= ACL_SUPPORT ADS AIO_SUP DOCS EXAMPLES EXP_MODULES FAM IPV6 LDAP \ MAX_DEBUG PAM_SMBPASS POPT PTHREADPOOL QUOTAS \ SMBTORTURE SWAT SYSLOG UTMP WINBIND +OPTIONS_RADIO= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_DEFAULT= ACL_SUPPORT AIO_SUPPORT CUPS LDAP POPT PTHREADPOOL \ - WINBIND + WINBIND GSSAPI_NONE ACL_SUPPORT_DESC= ACL support + ADS_DESC= Active Directory support -AIO_SUPPORT_DESC= Asynchronous IO support -DNSUPDATE_DESC= Dynamic DNS update (requires ADS) +ADS_CONFIGURE_ON= --with-ads --with-krb5="${GSSAPIBASEDIR}" +ADS_CONFIGURE_OFF= --without-ads --without-krb5 + +AIO_SUPPORT_DESC= Asyncronous IO support +DNSUPDATE_DESC= Dynamic DNS update(require ADS) EXP_MODULES_DESC= Experimental modules + +GSSAPI_BASE_DESC= Use Heimdal in base +GSSAPI_BASE_USES= gssapi +GSSAPI_HEIMDAL_DESC= Use Heimdal from ports +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_DESC= Use MIT Kerberos V5 +GSSAPI_MIT_USES= gssapi:mit,flags +GSSAPI_NONE_DESC= No Kerberos support + MAX_DEBUG_DESC= Maximum debugging PAM_SMBPASS_DESC= PAM authentication via passdb backends POPT_DESC= System-wide POPT library @@ -316,26 +331,11 @@ PLIST_SUB+= SMBTORTURE="@comment " ### .if ${PORT_OPTIONS:MADS} -SAMBA_WANT_LDAP= yes -SAMBA_WANT_KRB5= yes -CONFIGURE_ARGS+= --with-ads -.else -CONFIGURE_ARGS+= --without-ads -.endif +. if ${PORT_OPTIONS:MGSSAPI_NONE} # Kerberos5 is necessary for ADS -.if defined(SAMBA_WANT_KRB5) -.if defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libgssapi_krb5.so) -CONFIGURE_ARGS+= --with-krb5="${KRB5_HOME}" -.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so) -CONFIGURE_ARGS+= --with-krb5="${HEIMDAL_HOME}" -.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config) -CONFIGURE_ARGS+= --with-krb5="/usr" -.else -LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/heimdal -CONFIGURE_ARGS+= --with-krb5="${LOCALBASE}" -.endif -.else -CONFIGURE_ARGS+= --without-krb5 +IGNORE= ADS support requires GSSAPI_BASE, GSSAPI_HEIMDAL, or GSSAPI_MIT +. endif +SAMBA_WANT_LDAP= yes .endif .if defined(SAMBA_WANT_LDAP) Modified: head/net/samba4/Makefile ============================================================================== --- head/net/samba4/Makefile Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba4/Makefile Tue Feb 24 20:44:10 2015 (r379838) @@ -18,7 +18,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba41-4. SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.0.24 +SAMBA4_VERSION= 4.0.25 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} Modified: head/net/samba4/distinfo ============================================================================== --- head/net/samba4/distinfo Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba4/distinfo Tue Feb 24 20:44:10 2015 (r379838) @@ -1,2 +1,2 @@ -SHA256 (samba-4.0.24.tar.gz) = e1e4068c65684848d8cb17c8997c91be426ff75ccd617f647878307817af615a -SIZE (samba-4.0.24.tar.gz) = 22148369 +SHA256 (samba-4.0.25.tar.gz) = e6a07940a658b81d368fc7ed8e5068bd27188996d73dee1cea9755682cb9a485 +SIZE (samba-4.0.25.tar.gz) = 22150978 Modified: head/net/samba4/files/samba_server.in ============================================================================== --- head/net/samba4/files/samba_server.in Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba4/files/samba_server.in Tue Feb 24 20:44:10 2015 (r379838) @@ -27,15 +27,9 @@ name="samba_server" rcvar=${name}_enable - # Defaults samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%" -samba_server_config=${samba_server_config=${samba_server_config_default}} -samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" -#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" -testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" smbcontrol_command="%%PREFIX%%/bin/smbcontrol" - # Custom commands extra_commands="reload status" @@ -48,7 +42,6 @@ status_cmd="samba_server_cmd" reload_cmd="samba_server_reload_cmd" rcvar_cmd="samba_server_rcvar_cmd" - samba_server_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} >/dev/null 2>&1; then @@ -144,6 +137,14 @@ samba_server_cmd() { samba_server_config_init() { local name + # Load configuration + load_rc_config "${name}" + # Defaults + samba_server_enable=${samba_server_enable:=NO} + samba_server_config=${samba_server_config=${samba_server_config_default}} + samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" + #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" + testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" # Determine what daemons are necessary to run Samba in the current role samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) case "${samba_server_role}" in @@ -154,38 +155,34 @@ samba_server_config_init() { samba_daemons="nmbd smbd winbindd" ;; esac - # Load configuration - load_rc_config "${name}" + # Load daemons configuration for name in ${samba_daemons}; do load_rc_config "${name}" - done - # Defaults - samba_server_enable=${samba_server_enable:=NO} - # Setup dependent variables - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then - for name in ${samba_daemons}; do - # Winbindd - if [ "${name}" = "winbindd" ]; then + # If samba_server_enable is 'YES' + if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if [ "${name}" != "winbindd" ]; then + # Set variable to 'YES' only if it is unset + eval ${name}_enable=\${${name}_enable-YES} + else + # Winbindd samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null) if [ -n "${samba_server_idmap}" ]; then winbindd_enable="YES" fi fi - # Set variable to 'YES' only if it is unset - eval ${name}_enable=\${${name}_enable-YES} - # If variable is empty set it to 'NO' - eval ${name}_enable=\${${name}_enable:-NO} - done - fi + fi + # If variable is empty, set it to 'NO' + eval ${name}_enable=\${${name}_enable:-NO} + done + # Fetch parameters from configuration file + samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)" + samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%} + samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)" + samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%} } # Load configuration variables samba_server_config_init -# Fetch parameters from configuration file -samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null) -samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%} -samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null) -samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%} # Common flags command_args=${samba_server_configfile_arg} samba_flags=${samba_flags="--daemon"} Modified: head/net/samba41/Makefile ============================================================================== --- head/net/samba41/Makefile Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba41/Makefile Tue Feb 24 20:44:10 2015 (r379838) @@ -18,7 +18,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.1.16 +SAMBA4_VERSION= 4.1.17 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -102,8 +102,8 @@ BUILD_DEPENDS+= tevent>=0.9.18:${PORTSD RUN_DEPENDS+= tevent>=0.9.18:${PORTSDIR}/devel/tevent SAMBA4_BUNDLED_LIBS+= !tevent # tdb -BUILD_DEPENDS+= tdb>=1.2.11:${PORTSDIR}/databases/tdb -RUN_DEPENDS+= tdb>=1.2.11:${PORTSDIR}/databases/tdb +BUILD_DEPENDS+= tdb>=1.2.12:${PORTSDIR}/databases/tdb +RUN_DEPENDS+= tdb>=1.2.12:${PORTSDIR}/databases/tdb SAMBA4_BUNDLED_LIBS+= !tdb # ntdb BUILD_DEPENDS+= ntdb>=1.0:${PORTSDIR}/databases/ntdb Modified: head/net/samba41/distinfo ============================================================================== --- head/net/samba41/distinfo Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba41/distinfo Tue Feb 24 20:44:10 2015 (r379838) @@ -1,2 +1,2 @@ -SHA256 (samba-4.1.16.tar.gz) = 12a09c167bfa25f50b82775bcbeda94c71c5d71d3b0d1210f6dae0f23020a87b -SIZE (samba-4.1.16.tar.gz) = 19534236 +SHA256 (samba-4.1.17.tar.gz) = 7aeb5d09e9c84bbeeb4b98d33404e9dbc4d99c54e64a447cc9c4d57e9255cb1d +SIZE (samba-4.1.17.tar.gz) = 19536407 Modified: head/net/samba41/files/samba_server.in ============================================================================== --- head/net/samba41/files/samba_server.in Tue Feb 24 20:10:42 2015 (r379837) +++ head/net/samba41/files/samba_server.in Tue Feb 24 20:44:10 2015 (r379838) @@ -27,15 +27,9 @@ name="samba_server" rcvar=${name}_enable - # Defaults samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%" -samba_server_config=${samba_server_config=${samba_server_config_default}} -samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" -#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" -testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" smbcontrol_command="%%PREFIX%%/bin/smbcontrol" - # Custom commands extra_commands="reload status" @@ -48,7 +42,6 @@ status_cmd="samba_server_cmd" reload_cmd="samba_server_reload_cmd" rcvar_cmd="samba_server_rcvar_cmd" - samba_server_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} >/dev/null 2>&1; then @@ -144,6 +137,14 @@ samba_server_cmd() { samba_server_config_init() { local name + # Load configuration + load_rc_config "${name}" + # Defaults + samba_server_enable=${samba_server_enable:=NO} + samba_server_config=${samba_server_config=${samba_server_config_default}} + samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" + #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" + testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" # Determine what daemons are necessary to run Samba in the current role samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) case "${samba_server_role}" in @@ -154,38 +155,34 @@ samba_server_config_init() { samba_daemons="nmbd smbd winbindd" ;; esac - # Load configuration - load_rc_config "${name}" + # Load daemons configuration for name in ${samba_daemons}; do load_rc_config "${name}" - done - # Defaults - samba_server_enable=${samba_server_enable:=NO} - # Setup dependent variables - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then - for name in ${samba_daemons}; do - # Winbindd - if [ "${name}" = "winbindd" ]; then + # If samba_server_enable is 'YES' + if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if [ "${name}" != "winbindd" ]; then + # Set variable to 'YES' only if it is unset + eval ${name}_enable=\${${name}_enable-YES} + else + # Winbindd samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null) if [ -n "${samba_server_idmap}" ]; then winbindd_enable="YES" fi fi - # Set variable to 'YES' only if it is unset - eval ${name}_enable=\${${name}_enable-YES} - # If variable is empty set it to 'NO' - eval ${name}_enable=\${${name}_enable:-NO} - done - fi + fi + # If variable is empty, set it to 'NO' + eval ${name}_enable=\${${name}_enable:-NO} + done + # Fetch parameters from configuration file + samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)" + samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%} + samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)" + samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%} } # Load configuration variables samba_server_config_init -# Fetch parameters from configuration file -samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null) -samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%} -samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null) -samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%} # Common flags command_args=${samba_server_configfile_arg} samba_flags=${samba_flags="--daemon"}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502242044.t1OKiBw5023952>