summaryrefslogtreecommitdiff
path: root/net-fs
diff options
context:
space:
mode:
authorTiziano Müller <dev-zero@gentoo.org>2007-11-15 14:44:00 +0000
committerTiziano Müller <dev-zero@gentoo.org>2007-11-15 14:44:00 +0000
commita4a5a5347e217aa0739a26413d4d74c92c051c95 (patch)
tree69a5ee7a80844f26e4053717b2c70278aabc2404 /net-fs
parentVersion bump (diff)
downloadhistorical-a4a5a5347e217aa0739a26413d4d74c92c051c95.tar.gz
historical-a4a5a5347e217aa0739a26413d4d74c92c051c95.tar.bz2
historical-a4a5a5347e217aa0739a26413d4d74c92c051c95.zip
Revision bump. Marking stable for all archs for remote vulnerability security bug (CVE-2007-5398)
Diffstat (limited to 'net-fs')
-rw-r--r--net-fs/samba/ChangeLog9
-rw-r--r--net-fs/samba/Manifest19
-rw-r--r--net-fs/samba/files/3.0.26a-CVE-2007-5398.patch36
-rw-r--r--net-fs/samba/files/digest-samba-3.0.26a-r23
-rw-r--r--net-fs/samba/samba-3.0.26a-r2.ebuild311
5 files changed, 373 insertions, 5 deletions
diff --git a/net-fs/samba/ChangeLog b/net-fs/samba/ChangeLog
index 12e67e8492cc..e4850272be44 100644
--- a/net-fs/samba/ChangeLog
+++ b/net-fs/samba/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for net-fs/samba
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.307 2007/11/02 22:09:42 dev-zero Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/ChangeLog,v 1.308 2007/11/15 14:43:59 dev-zero Exp $
+
+*samba-3.0.26a-r2 (15 Nov 2007)
+
+ 15 Nov 2007; Tiziano Müller <dev-zero@gentoo.org>
+ +files/3.0.26a-CVE-2007-5398.patch, +samba-3.0.26a-r2.ebuild:
+ Revision bump. Marking stable for all archs for remote vulnerability
+ security bug (CVE-2007-5398)
*samba-3.0.26a-r1 (02 Nov 2007)
diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest
index bcee49f63db3..6b7afdaf351c 100644
--- a/net-fs/samba/Manifest
+++ b/net-fs/samba/Manifest
@@ -22,6 +22,10 @@ AUX 3.0.25c-py_smp.patch 914 RMD160 455ec69a623fc75a56ca7f26e243873e890360f9 SHA
MD5 95c1be28c63f32afbac815dd5463a693 files/3.0.25c-py_smp.patch 914
RMD160 455ec69a623fc75a56ca7f26e243873e890360f9 files/3.0.25c-py_smp.patch 914
SHA256 676078b5e331b43f426f6cfd10db00d9c70a88df2da436abb2eccad1b49cd0db files/3.0.25c-py_smp.patch 914
+AUX 3.0.26a-CVE-2007-5398.patch 1232 RMD160 b547196a44437d6336495ea727f9abfcfd41e79c SHA1 e2b7d91446e07bf1be5930187417f26841995743 SHA256 37a0181aa647de7feb888d675ea726e135bbe53bc3099076eaf0682fc1b11b05
+MD5 79934d4dcc779a467697e7cf86046631 files/3.0.26a-CVE-2007-5398.patch 1232
+RMD160 b547196a44437d6336495ea727f9abfcfd41e79c files/3.0.26a-CVE-2007-5398.patch 1232
+SHA256 37a0181aa647de7feb888d675ea726e135bbe53bc3099076eaf0682fc1b11b05 files/3.0.26a-CVE-2007-5398.patch 1232
AUX 3.0.26a-invalid-free-fix.patch 541 RMD160 13e1b0420ae9c06a2e6d4f9a8a0a3af8c32318b9 SHA1 0457c901f55b86b9b3751dc67b86a26cb19ec4e7 SHA256 4a727b9a02cbc7e2efc00190d5068c82e12a0b9fdad2a50869a2f10bc39a06f2
MD5 1c3431c8feebecfc2e0ae8987afee555 files/3.0.26a-invalid-free-fix.patch 541
RMD160 13e1b0420ae9c06a2e6d4f9a8a0a3af8c32318b9 files/3.0.26a-invalid-free-fix.patch 541
@@ -99,10 +103,14 @@ EBUILD samba-3.0.26a-r1.ebuild 8770 RMD160 f4223617e3687035ee9e3577ddfa6c444b61e
MD5 19b0f919c6d15e7ebf07a3f0899bccc0 samba-3.0.26a-r1.ebuild 8770
RMD160 f4223617e3687035ee9e3577ddfa6c444b61ee2e samba-3.0.26a-r1.ebuild 8770
SHA256 07a93917ca0d9baf6c1717069981fff449b45ebf136af93242ba1446dbf54e5e samba-3.0.26a-r1.ebuild 8770
-MISC ChangeLog 52511 RMD160 a92f778811e9b000612325c115856a4918e8eb79 SHA1 372d1739a92215c3e86731686d5ffeee88c44b33 SHA256 bed96c8f2a89905a8d9018fc72b9a70122f61439db2cc60c2bfb414676531838
-MD5 1a304b9bfc7a261225c69b1aee371d8b ChangeLog 52511
-RMD160 a92f778811e9b000612325c115856a4918e8eb79 ChangeLog 52511
-SHA256 bed96c8f2a89905a8d9018fc72b9a70122f61439db2cc60c2bfb414676531838 ChangeLog 52511
+EBUILD samba-3.0.26a-r2.ebuild 8827 RMD160 2e668f31f4c351b7fde97bf9cff9062a92ace8d5 SHA1 315b319339bedfc4d2e78bed77dd64e135b64fbb SHA256 8967cd7571aab33026f856a3bf934803a5d29aeb141e05dbe746d93610ed71d2
+MD5 3c44bc7ef1f33b538585be2437da759f samba-3.0.26a-r2.ebuild 8827
+RMD160 2e668f31f4c351b7fde97bf9cff9062a92ace8d5 samba-3.0.26a-r2.ebuild 8827
+SHA256 8967cd7571aab33026f856a3bf934803a5d29aeb141e05dbe746d93610ed71d2 samba-3.0.26a-r2.ebuild 8827
+MISC ChangeLog 52764 RMD160 dc6b567c4a31be9d0e7d2d8498368ebc9026abbe SHA1 59680f56a9e90ff7997c5ca823237491a9e26608 SHA256 504361b96fc9d6a952420da5a0a4c81140ff8badb5823a685970259e795bc89f
+MD5 3ad68922daec7d500b411baa80a44570 ChangeLog 52764
+RMD160 dc6b567c4a31be9d0e7d2d8498368ebc9026abbe ChangeLog 52764
+SHA256 504361b96fc9d6a952420da5a0a4c81140ff8badb5823a685970259e795bc89f ChangeLog 52764
MISC metadata.xml 489 RMD160 36eed0edca609c521314ae415efd57ca9acfecb4 SHA1 317e61704a10a3bd888d32c6834721f5d40d00ff SHA256 6f35f13dd39bb51d304fd59b5352c92bc35a957c9c9412c5c1f3f58e98519792
MD5 324855d88a5c326d1b45b5c7719d5536 metadata.xml 489
RMD160 36eed0edca609c521314ae415efd57ca9acfecb4 metadata.xml 489
@@ -116,3 +124,6 @@ SHA256 6772b5cc291b0f6dbd584253eabd0e7ad75966af1ff8f17c48762a65e4111a9c files/di
MD5 cdaa94996a44f40213ca611e5ddc5e2e files/digest-samba-3.0.26a-r1 247
RMD160 eda75ec256c84904565d4fd0c9c69baa95ee7938 files/digest-samba-3.0.26a-r1 247
SHA256 19fc1538d2f06366e50a6fb6da02b496ae459035c2d650c508d34f1ad970150e files/digest-samba-3.0.26a-r1 247
+MD5 cdaa94996a44f40213ca611e5ddc5e2e files/digest-samba-3.0.26a-r2 247
+RMD160 eda75ec256c84904565d4fd0c9c69baa95ee7938 files/digest-samba-3.0.26a-r2 247
+SHA256 19fc1538d2f06366e50a6fb6da02b496ae459035c2d650c508d34f1ad970150e files/digest-samba-3.0.26a-r2 247
diff --git a/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch
new file mode 100644
index 000000000000..e27c73e596f9
--- /dev/null
+++ b/net-fs/samba/files/3.0.26a-CVE-2007-5398.patch
@@ -0,0 +1,36 @@
+commit 089a51061b1be809f278ab4e9a741d0a44e52750
+Author: Gerald (Jerry) Carter <jerry@samba.org>
+Date: Wed Nov 14 20:51:14 2007 -0600
+
+ Fix for CVE-2007-5398.
+
+ == Subject: Remote code execution in Samba's WINS
+ == server daemon (nmbd) when processing name
+ == registration followed name query requests.
+ ==
+ == CVE ID#: CVE-2007-5398
+ ==
+ == Versions: Samba 3.0.0 - 3.0.26a (inclusive)
+ ...
+ Secunia Research reported a vulnerability that allows for
+ the execution of arbitrary code in nmbd. This defect may
+ only be exploited when the "wins support" parameter has
+ been enabled in smb.conf.
+
+diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
+index 87a38b9..bbcc1ec 100644
+--- a/source/nmbd/nmbd_packets.c
++++ b/source/nmbd/nmbd_packets.c
+@@ -963,6 +963,12 @@ for id %hu\n", packet_type, nmb_namestr(&orig_nmb->question.question_name),
+ nmb->answers->ttl = ttl;
+
+ if (data && len) {
++ if (len < 0 || len > sizeof(nmb->answers->rdata)) {
++ DEBUG(5,("reply_netbios_packet: "
++ "invalid packet len (%d)\n",
++ len ));
++ return;
++ }
+ nmb->answers->rdlength = len;
+ memcpy(nmb->answers->rdata, data, len);
+ }
diff --git a/net-fs/samba/files/digest-samba-3.0.26a-r2 b/net-fs/samba/files/digest-samba-3.0.26a-r2
new file mode 100644
index 000000000000..7056d3102e2e
--- /dev/null
+++ b/net-fs/samba/files/digest-samba-3.0.26a-r2
@@ -0,0 +1,3 @@
+MD5 16b47e6add332e5ac4523fc88c381d06 samba-3.0.26a.tar.gz 18180031
+RMD160 9a62ba3ea2747b500ddea56729499524ae4329d2 samba-3.0.26a.tar.gz 18180031
+SHA256 41e11f69288b2291f12f8db093e2c55dc1360555d4542c83c0758c4c7a3d4d37 samba-3.0.26a.tar.gz 18180031
diff --git a/net-fs/samba/samba-3.0.26a-r2.ebuild b/net-fs/samba/samba-3.0.26a-r2.ebuild
new file mode 100644
index 000000000000..2a5f75117cbe
--- /dev/null
+++ b/net-fs/samba/samba-3.0.26a-r2.ebuild
@@ -0,0 +1,311 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/samba-3.0.26a-r2.ebuild,v 1.1 2007/11/15 14:43:59 dev-zero Exp $
+
+inherit eutils pam python multilib versionator confutils
+
+MY_P=${PN}-${PV/_/}
+
+DESCRIPTION="A suite of SMB and CIFS client/server programs for UNIX"
+HOMEPAGE="http://www.samba.org/"
+SRC_URI="mirror://samba/${MY_P}.tar.gz
+ mirror://samba/old-versions/${MY_P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE_LINGUAS="linguas_ja linguas_pl"
+IUSE="${IUSE_LINGUAS} acl ads async automount caps cups doc examples ipv6 kernel_linux ldap fam
+ pam python quotas readline selinux swat syslog winbind"
+
+RDEPEND="dev-libs/popt
+ virtual/libiconv
+ acl? ( kernel_linux? ( sys-apps/acl ) )
+ cups? ( net-print/cups )
+ ipv6? ( sys-apps/xinetd )
+ ads? ( virtual/krb5 )
+ ldap? ( net-nds/openldap )
+ pam? ( virtual/pam )
+ python? ( dev-lang/python )
+ readline? ( sys-libs/readline )
+ selinux? ( sec-policy/selinux-samba )
+ swat? ( sys-apps/xinetd )
+ syslog? ( virtual/logger )
+ fam? ( virtual/fam )
+ caps? ( sys-libs/libcap )"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+CONFDIR=${FILESDIR}/config
+PRIVATE_DST=/var/lib/samba/private
+
+pkg_setup() {
+ confutils_use_depend_all ads ldap
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}/source"
+
+ # This patch adds "-Wl,-z,now" to smb{mnt,umount}
+ # Please read ... for further informations
+ epatch "${FILESDIR}/${PV}-lazyldflags.patch"
+
+ # Bug #196015 (upstream: #5021)
+ epatch "${FILESDIR}/${PV}-invalid-free-fix.patch"
+
+ # Bug #197519
+ epatch "${FILESDIR}/${PV}-CVE-2007-5398.patch"
+
+ # Ok, agreed, this is ugly. But it avoids a patch we
+ # need for every samba version and we don't need autotools
+ sed -i \
+ -e 's|"lib32" ||' \
+ -e 's|if test -d "$i/$l" ;|if test -d "$i/$l" -o -L "$i/$l";|' \
+ configure || die "sed failed"
+
+ rm "${S}/docs/manpages"/{mount,umount}.cifs.8
+}
+
+src_compile() {
+ cd "${S}/source"
+
+ local myconf
+ local mylangs
+ local mymod_shared
+
+ python_version
+ myconf="--with-python=no"
+ use python && myconf="--with-python=${python}"
+
+ mylangs="--with-manpages-langs=en"
+ use linguas_ja && mylangs="${mylangs},ja"
+ use linguas_pl && mylangs="${mylangs},pl"
+
+ use winbind && mymod_shared="--with-shared-modules=idmap_rid"
+ if use ldap ; then
+ myconf="${myconf} $(use_with ads)"
+ use winbind && mymod_shared="${mymod_shared},idmap_ad"
+ fi
+
+ [[ ${CHOST} == *-*bsd* ]] && myconf="${myconf} --disable-pie"
+ use hppa && myconf="${myconf} --disable-pie"
+
+ use caps && export ac_cv_header_sys_capability_h=yes || export ac_cv_header_sys_capability_h=no
+
+ # Otherwise we get the whole swat stuff installed
+ if ! use swat ; then
+ sed -i \
+ -e 's/^\(install:.*\)installswat \(.*\)/\1\2/' \
+ Makefile.in || die "sed failed"
+ fi
+
+ econf \
+ --with-fhs \
+ --sysconfdir=/etc/samba \
+ --localstatedir=/var \
+ --with-configdir=/etc/samba \
+ --with-libdir=/usr/$(get_libdir)/samba \
+ --with-swatdir=/usr/share/doc/${PF}/swat \
+ --with-piddir=/var/run/samba \
+ --with-lockdir=/var/cache/samba \
+ --with-logfilebase=/var/log/samba \
+ --with-privatedir=${PRIVATE_DST} \
+ --with-libsmbclient \
+ --without-spinlocks \
+ --enable-socket-wrapper \
+ --with-cifsmount=no \
+ $(use_with acl acl-support) \
+ $(use_with async aio-support) \
+ $(use_with automount) \
+ $(use_enable cups) \
+ $(use_enable fam) \
+ $(use_with ads krb5) \
+ $(use_with ldap) \
+ $(use_with pam) $(use_with pam pam_smbpass) \
+ $(use_with quotas) $(use_with quotas sys-quotas) \
+ $(use_with readline) \
+ $(use_with kernel_linux smbmount) \
+ $(use_with syslog) \
+ $(use_with winbind) \
+ ${myconf} ${mylangs} ${mymod_shared} || die "econf failed"
+
+ emake proto || die "emake proto failed"
+ emake everything || die "emake everything failed"
+
+ if use python ; then
+ emake python_ext || die "emake python_ext failed"
+ fi
+}
+
+src_test() {
+ cd "${S}/source"
+ emake test || die "tests failed"
+}
+
+src_install() {
+ cd "${S}/source"
+
+ emake DESTDIR="${D}" install-everything || die "emake install-everything failed"
+
+ # Extra rpctorture progs
+ local extra_bins="rpctorture"
+ for i in ${extra_bins} ; do
+ [[ -x "${S}/bin/${i}" ]] && dobin "${S}/bin/${i}"
+ done
+
+ # remove .old stuff from /usr/bin:
+ rm -f "${D}"/usr/bin/*.old
+
+ # Nsswitch extensions. Make link for wins and winbind resolvers
+ if use winbind ; then
+ dolib.so nsswitch/libnss_wins.so
+ dosym libnss_wins.so /usr/$(get_libdir)/libnss_wins.so.2
+ dolib.so nsswitch/libnss_winbind.so
+ dosym libnss_winbind.so /usr/$(get_libdir)/libnss_winbind.so.2
+ fi
+
+ if use pam ; then
+ dopammod bin/pam_smbpass.so
+ use winbind && dopammod bin/pam_winbind.so
+ fi
+
+ if use kernel_linux ; then
+ # Warning: this can byte you if /usr is
+ # on a separate volume and you have to mount
+ # a smb volume before the local mount
+ dosym ../usr/bin/smbmount /sbin/mount.smbfs
+ fperms 4755 /usr/bin/smbmnt
+ fperms 4755 /usr/bin/smbumount
+ fi
+
+ # bug #46389: samba doesn't create symlink anymore
+ # beaviour seems to be changed in 3.0.6, see bug #61046
+ dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so.0
+ dosym samba/libsmbclient.so /usr/$(get_libdir)/libsmbclient.so
+
+ # make the smb backend symlink for cups printing support (bug #133133)
+ if use cups ; then
+ dodir $(cups-config --serverbin)/backend
+ dosym /usr/bin/smbspool $(cups-config --serverbin)/backend/smb
+ fi
+
+ if use python ; then
+ emake DESTDIR="${D}" python_install || die "emake installpython failed"
+ # We're doing that manually
+ find "${D}/usr/$(get_libdir)/python${PYVER}/site-packages" -iname "*.pyc" -delete
+ fi
+
+ cd "${S}/source"
+
+ # General config files
+ insinto /etc/samba
+ doins "${CONFDIR}"/{smbusers,lmhosts}
+ newins "${CONFDIR}/smb.conf.example-samba3" smb.conf.example
+
+ newpamd "${CONFDIR}/samba.pam" samba
+ use winbind && doins ${CONFDIR}/system-auth-winbind
+ if use swat ; then
+ insinto /etc/xinetd.d
+ newins "${CONFDIR}/swat.xinetd" swat
+ else
+ rm -f "${D}/usr/sbin/swat"
+ rm -f "${D}/usr/share/man/man8/swat.8"
+ fi
+
+ newinitd "${FILESDIR}/samba-init" samba
+ newconfd "${FILESDIR}/samba-conf" samba
+
+ if use ldap ; then
+ insinto /etc/openldap/schema
+ doins "${S}/examples/LDAP/samba.schema"
+ fi
+
+ if use ipv6 ; then
+ insinto /etc/xinetd.d
+ newins "${FILESDIR}/samba-xinetd" smb
+ fi
+
+ # dirs
+ diropts -m0700 ; keepdir ${PRIVATE_DST}
+ diropts -m1777 ; keepdir /var/spool/samba
+
+ diropts -m0755
+ keepdir /var/{log,run,cache}/samba
+ keepdir /var/lib/samba/{netlogon,profiles}
+ keepdir /var/lib/samba/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC}
+ keepdir /usr/$(get_libdir)/samba/{rpc,idmap,auth}
+
+ # docs
+ dodoc "${FILESDIR}/README.gentoo"
+ dodoc "${S}"/{README,Roadmap,WHATSNEW.txt}
+ dodoc "${CONFDIR}/nsswitch.conf-wins"
+ use winbind && dodoc "${CONFDIR}/nsswitch.conf-winbind"
+
+ if use examples ; then
+ insinto /usr/share/doc/${PF}
+ doins -r "${S}/examples/"
+ find "${D}/usr/share/doc/${PF}" -type d -print0 | xargs -0 chmod 755
+ find "${D}/usr/share/doc/${PF}/examples" ! -type d -print0 | xargs -0 chmod 644
+ if use python ; then
+ insinto /usr/share/doc/${PF}/python
+ doins -r "${S}/source/python/examples"
+ fi
+ fi
+
+ if ! use doc ; then
+ if ! use swat ; then
+ rm -rf "${D}/usr/share/doc/${PF}/swat"
+ else
+ rm -rf "${D}/usr/share/doc/${PF}/swat/help"/{guide,howto,devel}
+ rm -rf "${D}/usr/share/doc/${PF}/swat/using_samba"
+ fi
+ fi
+
+}
+
+pkg_preinst() {
+ local PRIVATE_SRC=/etc/samba/private
+ if [[ ! -r "${ROOT}/${PRIVATE_DST}/secrets.tdb" \
+ && -r "${ROOT}/${PRIVATE_SRC}/secrets.tdb" ]] ; then
+ ebegin "Copying ${ROOT}/${PRIVATE_SRC}/* to ${ROOT}/${PRIVATE_DST}/"
+ mkdir -p "${D}/${PRIVATE_DST}"
+ cp -pPRf "${ROOT}/${PRIVATE_SRC}"/* "${D}/${PRIVATE_DST}/"
+ eend $?
+ fi
+
+ if [[ ! -f "${ROOT}/etc/samba/smb.conf" ]] ; then
+ touch "${D}/etc/samba/smb.conf"
+ fi
+}
+
+pkg_postinst() {
+ if use python ; then
+ python_version
+ python_mod_optimize /usr/$(get_libdir)/python${PYVER}/site-packages/samba
+ fi
+
+ if use swat ; then
+ einfo "swat must be enabled by xinetd:"
+ einfo " change the /etc/xinetd.d/swat configuration"
+ fi
+
+ if use ipv6 ; then
+ einfo "ipv6 support must be enabled by xinetd:"
+ einfo " change the /etc/xinetd.d/smb configuration"
+ fi
+
+ elog "It is possible to start/stop daemons seperately:"
+ elog " Create a symlink from /etc/init.d/samba.{smbd,nmbd,winbind} to"
+ elog " /etc/init.d/samba. Calling /etc/init.d/samba directly will start"
+ elog " the daemons configured in /etc/conf.d/samba"
+
+ elog "The mount/umount.cifs helper applications are not included anymore."
+ elog "Please install net-fs/mount-cifs instead."
+}
+
+pkg_postrm() {
+ if use python ; then
+ python_version
+ python_mod_cleanup /usr/$(get_libdir)/python${PYVER}/site-packages/samba
+ fi
+}