Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-28 09:59:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackware-current/patches/source/samba/samba.SlackBuild
Patrick J Volkerding 79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023 
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
2023-08-05 13:30:38 +02:00

258 lines
8 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Copyright 2008, 2009, 2010, 2012, 2013, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Modified 2012 by Eric Hameleers <alien at slackware.com> for ARM port.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=samba
VERSION=${VERSION:-$(echo samba-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
BUILD=${BUILD:-1_slack15.0}
# This option may be set to "heimdal" or "mit".
# Upstream considers the use of MIT Kerberos for provisioning an AD DC
# to be experimental (for now), and recommends using the bundled Heimdal.
# Set here to MIT, since Slackware 15.0 shipped using that option.
KERBEROS=${KERBEROS:-mit}
if [ "$KERBEROS" = "mit" ]; then
KERB_OPTIONS="--with-system-mitkrb5 --with-experimental-mit-ad-dc"
elif [ "$KERBEROS" = "heimdal" ]; then
# Please note that this perl module will be required: https://metacpan.org/pod/JSON
KERB_OPTIONS="--bundled-libraries=heimdal"
fi
if [ -e $CWD/machine.conf ]; then
. $CWD/machine.conf ]
elif [ -e /etc/slackbuild/machine.conf ]; then
. /etc/slackbuild/machine.conf ]
else
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) export ARCH=i586 ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$( uname -m ) ;;
esac
fi
# Set CFLAGS/CXXFLAGS and LIBDIRSUFFIX:
if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "s390" ]; then
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
case "$ARCH" in
arm*) TARGET=$ARCH-slackware-linux-gnueabi ;;
*) TARGET=$ARCH-slackware-linux ;;
esac
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
TMP=${TMP:-/tmp}
PKG=$TMP/package-samba
rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf samba-$VERSION
tar xvf $CWD/samba-$VERSION.tar.?z || exit 1
cd samba-$VERSION || exit 1
# Add time.h to libsmbclient.h for ffmpeg compatibility:
zcat $CWD/samba.libsmbclient.h.ffmpeg.compat.diff.gz | patch -p1 --verbose || exit 1
if [ ! -d source3/lib/cmdline ]; then
( cd source3/lib
mkdir cmdline
cd cmdline
ln -sf ../../../source3/include/popt_common.h . )
fi
chown -R root:root .
find . \
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \+
# Choose correct options depending on whether PAM is installed:
if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
PAM_OPTIONS="--with-pam --with-pammodulesdir=/lib${LIBDIRSUFFIX}/security"
unset SHADOW_OPTIONS
else
unset PAM_OPTIONS
SHADOW_OPTIONS="--without-pam"
fi
# Some of these options could be auto-detected, but declaring them
# here doesn't hurt and helps document what features we're trying to
# build in.
#
# LDFLAGS are needed to avoid problems with missing symbols.
LDFLAGS="-Wl,--no-as-needed" \
CFLAGS="$SLKCFLAGS" \
./configure \
--enable-fhs \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--includedir=/usr/include \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--mandir=/usr/man \
--sysconfdir=/etc \
--with-configdir=/etc/samba \
--with-piddir=/var/run \
--with-privatedir=/var/lib/samba/private \
--with-privatelibdir=/usr/lib${LIBDIRSUFFIX} \
--with-modulesdir=/usr/lib${LIBDIRSUFFIX} \
--with-lockdir=/var/cache/samba \
--with-logfilebase=/var/log/samba \
--localstatedir=/var \
--enable-cups \
--with-acl-support \
--with-automount \
--with-quotas \
--with-syslog \
--with-utmp \
--with-winbind \
--with-ldap \
--with-ads \
--without-fam \
$KERB_OPTIONS \
$PAM_OPTIONS \
$SHADOW_OPTIONS \
--build=$TARGET || exit 1
# Gives errors:
#--builtin-libraries=replace,ccan \
# Build with waf directly so that multiple jobs work.
# Script lifted from "./configure".
PREVPATH=$(dirname $0)
WAF=./buildtools/bin/waf
# using JOBS=1 gives maximum compatibility with
# systems like AIX which have broken threading in python
JOBS=$(echo $NUMJOBS | tr -dc '0-9')
export JOBS
# Make sure we don't have any library preloaded.
unset LD_PRELOAD
# Make sure we get stable hashes
PYTHONHASHSEED=1
export PYTHONHASHSEED
cd . || exit 1
${PYTHON:=python3} $WAF build "$@" || exit 1
cd $PREVPATH
mkdir -p \
$PKG/usr/doc/samba-$VERSION \
$PKG/var/spool/samba \
$PKG/var/log/samba \
$PKG/var/lib/samba/private \
$PKG/var/cache/samba
chmod 700 $PKG/var/lib/samba/private
chmod 1777 $PKG/var/spool/samba
# Again, use waf directly to allow multithreading:
#make install DESTDIR=$PKG || exit 1
DESTDIR=$PKG
export DESTDIR
${PYTHON:=python3} $WAF install "$@" || exit 1
# Install the smbprint script:
install -m0744 packaging/printing/smbprint $PKG/usr/bin/smbprint
# Add a sample config file:
cat $CWD/smb.conf.default > $PKG/etc/samba/smb.conf-sample
# Setup a default lmhosts file:
echo "127.0.0.1 localhost" > $PKG/etc/samba/lmhosts.new
if [ ! -r $PKG/usr/bin/smbget ]; then
rm -f $PKG/usr/share/man/man1/smbget.1
fi
# We'll add rc.samba to the init directory, but chmod 644 so that it doesn't
# start by default:
mkdir -p $PKG/etc/rc.d
cat $CWD/rc.samba > $PKG/etc/rc.d/rc.samba.new
chmod 644 $PKG/etc/rc.d/rc.samba.new
mv $PKG/usr/share/man $PKG/usr
gzip -9 $PKG/usr/man/man?/*.?
find $PKG | xargs file | grep -e "executable" -e "shared object" \
| grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
# PAM related stuff we don't use:
rm -r $PKG/usr/share/locale
rm -f $PKG/usr/man/man8/pam*
cp -a \
COPYING* MAINTAINERS Manifest PFIF.txt README* \
Read-Manifest-Now Roadmap WHATSNEW.txt docs examples \
$PKG/usr/doc/samba-$VERSION
# These are installed elsewhere:
rm -rf $PKG/usr/doc/samba-$VERSION/docs/htmldocs \
$PKG/usr/doc/samba-$VERSION/docs/manpages
# Empty now?
rmdir $PKG/usr/doc/samba-$VERSION/docs 2> /dev/null
# I'm sorry, but when all this info is included in HTML, adding 7MB worth of
# PDF files just to have extra artwork is more fluff than I'll agree to.
rm -f $PKG/usr/doc/samba-$VERSION/docs/*.pdf
# Also redundant also:
rm -rf $PKG/usr/doc/samba-$VERSION/docs/docbook
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
cat << EOF
*** Be sure the package contains:
drwxr-xr-x 2 root root 4096 May 3 15:46 /var/cache/samba/
drwx------ 2 root root 1024 Mar 12 13:21 /var/lib/samba/private
drwxr-xr-x 2 root root 48 Aug 29 13:06 /var/log/samba/
drwxrwxrwt 2 root root 1024 Mar 12 13:21 /var/spool/samba/
EOF
cd $PKG
/sbin/makepkg -l y -c n $TMP/samba-$VERSION-$ARCH-$BUILD.txz
Reference in a new issue View git blame Copy permalink