diff options
| author | timur <timur@FreeBSD.org> | 2015-02-25 04:44:10 +0800 |
|---|---|---|
| committer | timur <timur@FreeBSD.org> | 2015-02-25 04:44:10 +0800 |
| commit | 33823117667ba69308d43831967ecbf0fef1fb0a (patch) | |
| tree | 31210d178c87f9a8d6f49738a2eefc829abb4fbc | |
| parent | f454e28f605a29aefe9d44c10f0ce342f3b7419f (diff) | |
| download | freebsd-ports-gnome-33823117667ba69308d43831967ecbf0fef1fb0a.tar.gz freebsd-ports-gnome-33823117667ba69308d43831967ecbf0fef1fb0a.tar.zst freebsd-ports-gnome-33823117667ba69308d43831967ecbf0fef1fb0a.zip | |
Update samba ports to address CVE-2015-0240
Security: CVE-2015-0240
| -rw-r--r-- | net/samba36/Makefile | 44 | ||||
| -rw-r--r-- | net/samba4/Makefile | 2 | ||||
| -rw-r--r-- | net/samba4/distinfo | 4 | ||||
| -rw-r--r-- | net/samba4/files/samba_server.in | 53 | ||||
| -rw-r--r-- | net/samba41/Makefile | 6 | ||||
| -rw-r--r-- | net/samba41/distinfo | 4 | ||||
| -rw-r--r-- | net/samba41/files/samba_server.in | 53 |
7 files changed, 80 insertions, 86 deletions
diff --git a/net/samba36/Makefile b/net/samba36/Makefile index 1614f18a212b..7239691b3049 100644 --- a/net/samba36/Makefile +++ b/net/samba36/Makefile @@ -102,15 +102,30 @@ OPTIONS_DEFINE= ACL_SUPPORT ADS AIO_SUPPORT AVAHI CUPS DNSUPDATE \ DOCS EXAMPLES EXP_MODULES FAM IPV6 LDAP \ MAX_DEBUG PAM_SMBPASS POPT PTHREADPOOL QUOTAS \ SMBTORTURE SWAT SYSLOG UTMP WINBIND +OPTIONS_RADIO= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_DEFAULT= ACL_SUPPORT AIO_SUPPORT CUPS LDAP POPT PTHREADPOOL \ - WINBIND + WINBIND GSSAPI_NONE ACL_SUPPORT_DESC= ACL support + ADS_DESC= Active Directory support -AIO_SUPPORT_DESC= Asynchronous IO support -DNSUPDATE_DESC= Dynamic DNS update (requires ADS) +ADS_CONFIGURE_ON= --with-ads --with-krb5="${GSSAPIBASEDIR}" +ADS_CONFIGURE_OFF= --without-ads --without-krb5 + +AIO_SUPPORT_DESC= Asyncronous IO support +DNSUPDATE_DESC= Dynamic DNS update(require ADS) EXP_MODULES_DESC= Experimental modules + +GSSAPI_BASE_DESC= Use Heimdal in base +GSSAPI_BASE_USES= gssapi +GSSAPI_HEIMDAL_DESC= Use Heimdal from ports +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_DESC= Use MIT Kerberos V5 +GSSAPI_MIT_USES= gssapi:mit,flags +GSSAPI_NONE_DESC= No Kerberos support + MAX_DEBUG_DESC= Maximum debugging PAM_SMBPASS_DESC= PAM authentication via passdb backends POPT_DESC= System-wide POPT library @@ -316,26 +331,11 @@ PLIST_SUB+= SMBTORTURE="@comment " ### .if ${PORT_OPTIONS:MADS} -SAMBA_WANT_LDAP= yes -SAMBA_WANT_KRB5= yes -CONFIGURE_ARGS+= --with-ads -.else -CONFIGURE_ARGS+= --without-ads -.endif +. if ${PORT_OPTIONS:MGSSAPI_NONE} # Kerberos5 is necessary for ADS -.if defined(SAMBA_WANT_KRB5) -.if defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libgssapi_krb5.so) -CONFIGURE_ARGS+= --with-krb5="${KRB5_HOME}" -.elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so) -CONFIGURE_ARGS+= --with-krb5="${HEIMDAL_HOME}" -.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config) -CONFIGURE_ARGS+= --with-krb5="/usr" -.else -LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/heimdal -CONFIGURE_ARGS+= --with-krb5="${LOCALBASE}" -.endif -.else -CONFIGURE_ARGS+= --without-krb5 +IGNORE= ADS support requires GSSAPI_BASE, GSSAPI_HEIMDAL, or GSSAPI_MIT +. endif +SAMBA_WANT_LDAP= yes .endif .if defined(SAMBA_WANT_LDAP) diff --git a/net/samba4/Makefile b/net/samba4/Makefile index d899572a776c..7f08fc08a71f 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -18,7 +18,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba41-4.1.* SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.0.24 +SAMBA4_VERSION= 4.0.25 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} diff --git a/net/samba4/distinfo b/net/samba4/distinfo index 7190cec08a49..88ae03ac1967 100644 --- a/net/samba4/distinfo +++ b/net/samba4/distinfo @@ -1,2 +1,2 @@ -SHA256 (samba-4.0.24.tar.gz) = e1e4068c65684848d8cb17c8997c91be426ff75ccd617f647878307817af615a -SIZE (samba-4.0.24.tar.gz) = 22148369 +SHA256 (samba-4.0.25.tar.gz) = e6a07940a658b81d368fc7ed8e5068bd27188996d73dee1cea9755682cb9a485 +SIZE (samba-4.0.25.tar.gz) = 22150978 diff --git a/net/samba4/files/samba_server.in b/net/samba4/files/samba_server.in index 3993ceeb6406..6c1d8a10552e 100644 --- a/net/samba4/files/samba_server.in +++ b/net/samba4/files/samba_server.in @@ -27,15 +27,9 @@ name="samba_server" rcvar=${name}_enable - # Defaults samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%" -samba_server_config=${samba_server_config=${samba_server_config_default}} -samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" -#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" -testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" smbcontrol_command="%%PREFIX%%/bin/smbcontrol" - # Custom commands extra_commands="reload status" @@ -48,7 +42,6 @@ status_cmd="samba_server_cmd" reload_cmd="samba_server_reload_cmd" rcvar_cmd="samba_server_rcvar_cmd" - samba_server_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} >/dev/null 2>&1; then @@ -144,6 +137,14 @@ samba_server_cmd() { samba_server_config_init() { local name + # Load configuration + load_rc_config "${name}" + # Defaults + samba_server_enable=${samba_server_enable:=NO} + samba_server_config=${samba_server_config=${samba_server_config_default}} + samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" + #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" + testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" # Determine what daemons are necessary to run Samba in the current role samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) case "${samba_server_role}" in @@ -154,38 +155,34 @@ samba_server_config_init() { samba_daemons="nmbd smbd winbindd" ;; esac - # Load configuration - load_rc_config "${name}" + # Load daemons configuration for name in ${samba_daemons}; do load_rc_config "${name}" - done - # Defaults - samba_server_enable=${samba_server_enable:=NO} - # Setup dependent variables - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then - for name in ${samba_daemons}; do - # Winbindd - if [ "${name}" = "winbindd" ]; then + # If samba_server_enable is 'YES' + if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if [ "${name}" != "winbindd" ]; then + # Set variable to 'YES' only if it is unset + eval ${name}_enable=\${${name}_enable-YES} + else + # Winbindd samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null) if [ -n "${samba_server_idmap}" ]; then winbindd_enable="YES" fi fi - # Set variable to 'YES' only if it is unset - eval ${name}_enable=\${${name}_enable-YES} - # If variable is empty set it to 'NO' - eval ${name}_enable=\${${name}_enable:-NO} - done - fi + fi + # If variable is empty, set it to 'NO' + eval ${name}_enable=\${${name}_enable:-NO} + done + # Fetch parameters from configuration file + samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)" + samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%} + samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)" + samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%} } # Load configuration variables samba_server_config_init -# Fetch parameters from configuration file -samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null) -samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%} -samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null) -samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%} # Common flags command_args=${samba_server_configfile_arg} samba_flags=${samba_flags="--daemon"} diff --git a/net/samba41/Makefile b/net/samba41/Makefile index 996a6bc89ec8..9377ff53f58c 100644 --- a/net/samba41/Makefile +++ b/net/samba41/Makefile @@ -18,7 +18,7 @@ CONFLICTS?= *samba3[2-6]-3.* samba4-4.0.* SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.1.16 +SAMBA4_VERSION= 4.1.17 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -102,8 +102,8 @@ BUILD_DEPENDS+= tevent>=0.9.18:${PORTSDIR}/devel/tevent RUN_DEPENDS+= tevent>=0.9.18:${PORTSDIR}/devel/tevent SAMBA4_BUNDLED_LIBS+= !tevent # tdb -BUILD_DEPENDS+= tdb>=1.2.11:${PORTSDIR}/databases/tdb -RUN_DEPENDS+= tdb>=1.2.11:${PORTSDIR}/databases/tdb +BUILD_DEPENDS+= tdb>=1.2.12:${PORTSDIR}/databases/tdb +RUN_DEPENDS+= tdb>=1.2.12:${PORTSDIR}/databases/tdb SAMBA4_BUNDLED_LIBS+= !tdb # ntdb BUILD_DEPENDS+= ntdb>=1.0:${PORTSDIR}/databases/ntdb diff --git a/net/samba41/distinfo b/net/samba41/distinfo index e982bdba3510..442390a63efc 100644 --- a/net/samba41/distinfo +++ b/net/samba41/distinfo @@ -1,2 +1,2 @@ -SHA256 (samba-4.1.16.tar.gz) = 12a09c167bfa25f50b82775bcbeda94c71c5d71d3b0d1210f6dae0f23020a87b -SIZE (samba-4.1.16.tar.gz) = 19534236 +SHA256 (samba-4.1.17.tar.gz) = 7aeb5d09e9c84bbeeb4b98d33404e9dbc4d99c54e64a447cc9c4d57e9255cb1d +SIZE (samba-4.1.17.tar.gz) = 19536407 diff --git a/net/samba41/files/samba_server.in b/net/samba41/files/samba_server.in index 3993ceeb6406..6c1d8a10552e 100644 --- a/net/samba41/files/samba_server.in +++ b/net/samba41/files/samba_server.in @@ -27,15 +27,9 @@ name="samba_server" rcvar=${name}_enable - # Defaults samba_server_config_default="%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%" -samba_server_config=${samba_server_config=${samba_server_config_default}} -samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" -#testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" -testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" smbcontrol_command="%%PREFIX%%/bin/smbcontrol" - # Custom commands extra_commands="reload status" @@ -48,7 +42,6 @@ status_cmd="samba_server_cmd" reload_cmd="samba_server_reload_cmd" rcvar_cmd="samba_server_rcvar_cmd" - samba_server_checkconfig() { echo -n "Performing sanity check on Samba configuration: " if ${testparm_command} >/dev/null 2>&1; then @@ -144,6 +137,14 @@ samba_server_cmd() { samba_server_config_init() { local name + # Load configuration + load_rc_config "${name}" + # Defaults + samba_server_enable=${samba_server_enable:=NO} + samba_server_config=${samba_server_config=${samba_server_config_default}} + samba_server_configfile_arg=${samba_server_config:+--configfile="${samba_server_config}"} #" + #testparm_command="%%PREFIX%%/bin/samba-tool testparm --suppress-prompt --verbose ${samba_server_configfile_arg}" + testparm_command="%%PREFIX%%/bin/testparm --suppress-prompt --verbose ${samba_server_config}" # Determine what daemons are necessary to run Samba in the current role samba_server_role=$(${testparm_command} --parameter-name='server role' 2>/dev/null) case "${samba_server_role}" in @@ -154,38 +155,34 @@ samba_server_config_init() { samba_daemons="nmbd smbd winbindd" ;; esac - # Load configuration - load_rc_config "${name}" + # Load daemons configuration for name in ${samba_daemons}; do load_rc_config "${name}" - done - # Defaults - samba_server_enable=${samba_server_enable:=NO} - # Setup dependent variables - if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then - for name in ${samba_daemons}; do - # Winbindd - if [ "${name}" = "winbindd" ]; then + # If samba_server_enable is 'YES' + if [ -n "${rcvar}" ] && checkyesno "${rcvar}"; then + if [ "${name}" != "winbindd" ]; then + # Set variable to 'YES' only if it is unset + eval ${name}_enable=\${${name}_enable-YES} + else + # Winbindd samba_server_idmap=$(${testparm_command} --parameter-name='idmap uid' 2>/dev/null) if [ -n "${samba_server_idmap}" ]; then winbindd_enable="YES" fi fi - # Set variable to 'YES' only if it is unset - eval ${name}_enable=\${${name}_enable-YES} - # If variable is empty set it to 'NO' - eval ${name}_enable=\${${name}_enable:-NO} - done - fi + fi + # If variable is empty, set it to 'NO' + eval ${name}_enable=\${${name}_enable:-NO} + done + # Fetch parameters from configuration file + samba_server_lockdir="$(${testparm_command} --parameter-name='lock directory' 2>/dev/null)" + samba_server_lockdir=${samba_server_lockdir:=%%SAMBA4_LOCKDIR%%} + samba_server_piddir="$(${testparm_command} --parameter-name='pid directory' 2>/dev/null)" + samba_server_piddir=${samba_server_piddir:=%%SAMBA4_RUNDIR%%} } # Load configuration variables samba_server_config_init -# Fetch parameters from configuration file -samba_server_lockdir=$(${testparm_command} --parameter-name='lock directory' 2>/dev/null) -samba_server_lockdir=${samba_server_lockdir=%%SAMBA4_LOCKDIR%%} -samba_server_piddir=$(${testparm_command} --parameter-name='pid directory' 2>/dev/null) -samba_server_piddir=${samba_server_piddir=%%SAMBA4_RUNDIR%%} # Common flags command_args=${samba_server_configfile_arg} samba_flags=${samba_flags="--daemon"} |