ports/70034: [japanese/samba] security update of samba-2.2.10-ja-1.0 was released

NAKAJI Hiroyuki nakaji at jp.freebsd.org
Thu Aug 5 14:10:26 UTC 2004 

>Number:         70034
>Category:       ports
>Synopsis:       [japanese/samba] security update of samba-2.2.10-ja-1.0 was released
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 05 14:10:19 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     NAKAJI Hiroyuki
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD xa12.heimat.gr.jp 5.2-CURRENT FreeBSD 5.2-CURRENT #15: Thu Jul 22 23:29:03 JST 2004 root at xa12.heimat.gr.jp:/usr/obj/home/nakaji/FreeBSD-PC98/src/sys/NAKAJI i386


>Description:
	Samba-2.2.10-ja-1.0 was released on Aug 4 2004. This is a
security fix for CAN-2004-0686.
	In addition, files/samba.sh.sample is imported from net/samba3
to use rcNG.

>How-To-Repeat:

>Fix:
	Diff from ports-current is attached below.

Index: Makefile
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/Makefile,v
retrieving revision 1.42
diff -u -r1.42 Makefile
--- Makefile	7 Jun 2004 21:44:37 -0000	1.42
+++ Makefile	5 Aug 2004 13:32:34 -0000
@@ -21,7 +21,7 @@
 
 CONFLICTS=	samba-2.2.* samba-3.0.* sharity-light-1.*
 
-SAMBA_VERSION=		2.2.9
+SAMBA_VERSION=		2.2.10
 SAMBA_JA_VERSION=	1.0
 
 USE_BZIP2=	yes
@@ -60,9 +60,14 @@
 VARDIR=		/var
 SAMBA_SPOOL=	${VARDIR}/spool/samba
 SAMBA_LOGDIR=	${VARDIR}/log
+SAMBA_RUNDIR=	${VARDIR}/run
+SAMBA_LOCKDIR=	${VARDIR}/db/samba
 SAMBA_PRIVATE=	${PREFIX}/private
 SAMBA_CONFDIR=	${PREFIX}/etc
+SAMBA_SWATDIR=	${PREFIX}/share/swat
 SAMBA_VFSDIR=	${PREFIX}/lib/samba
+SAMBA_CONFIG=	${SAMBA_CONFDIR}/smb.conf
+
 SCRIPTS_ENV=	WRKDIRPREFIX="${WRKDIRPREFIX}" \
 		TOUCH="${TOUCH}" \
 		MKDIR="${MKDIR}" \
@@ -70,21 +75,23 @@
 		SAMBA_OPTIONS="${SAMBA_OPTIONS}" \
 		REALCURDIR="${.CURDIR}"
 # sample files
-STARTUP_SCRIPT=	${PREFIX}/etc/rc.d/samba.sh.sample
+STARTUP_SCRIPT=	${PREFIX}/etc/rc.d/samba.sh
 SAMPLE_CONFIG=	${SAMBA_CONFDIR}/smb.conf.default
 
+.include <bsd.port.pre.mk>
+
+USE_RC_SUBR=	yes
+
 CONFIGURE_ARGS=	--with-i18n-swat \
 		--libdir=${SAMBA_CONFDIR} \
-		--localstatedir=${VARDIR} --with-swatdir=${PREFIX}/share/swat \
-		--with-lockdir=${VARDIR}/db/samba \
+		--localstatedir=${VARDIR} --with-swatdir=${SAMBA_SWATDIR} \
+		--with-lockdir=${SAMBA_LOCKDIR} \
 		--with-logfilebase=${SAMBA_LOGDIR} \
 		--with-privatedir=${SAMBA_PRIVATE} \
 		--with-piddir=${VARDIR}/run \
 		--with-pam --with-pam_smbpass \
 		--with-included-popt
 
-.include <bsd.port.pre.mk>
-
 .if defined(WITH_SYSLOG)
 CONFIGURE_ARGS+=	--with-syslog
 .endif
@@ -116,6 +123,9 @@
 .if defined(WITH_WINBIND)
 CONFIGURE_ARGS+=	--with-winbind
 WINBIND=	""
+WINBIND_FILTER=	${SED} -e 's|%%WINBIND%%||g'
+.else
+WINBIND_FILTER=	${GREP} -v '^%%WINBIND%%'
 .endif
 
 .if defined(WITH_WINBIND_AUTH_CHALLENGE)
@@ -179,6 +189,16 @@
 		WINBIND=${WINBIND} \
 		SMBSH=${SMBSH}
 
+RC_SCRIPTS_SUB=	PREFIX=${PREFIX} \
+		CUPS=${CUPS} \
+		RC_SUBR=${RC_SUBR} \
+		SAMBA_CONFDIR=${SAMBA_CONFDIR} \
+		SAMBA_CONFIG=${SAMBA_CONFIG} \
+		SAMBA_LOGDIR=${SAMBA_LOGDIR} \
+		SAMBA_RUNDIR=${SAMBA_RUNDIR} \
+		SAMBA_LOCKDIR=${SAMBA_LOCKDIR} \
+		SAMBA_SPOOL=${SAMBA_SPOOL}
+
 post-patch:
 	${FIND} ${WRKSRC}/.. -name '*.orig' -delete
 
@@ -187,8 +207,8 @@
 	(cd ${WRKSRC} && make proto)
 
 post-build:
-	${SED} 's:/usr/local:${PREFIX}:g' ${FILESDIR}/samba.sh.sample \
-		> ${WRKDIR}/samba.sh.sample
+	${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
+	   ${FILESDIR}/samba.sh.sample | ${WINBIND_FILTER} > ${WRKDIR}/samba.sh.sample
 .if defined(WITH_RECYCLE) || defined(WITH_AUDIT)
 	cd ${WRKSRC}/../examples/VFS; \
 		./configure;${MAKE}; \
Index: distinfo
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/distinfo,v
retrieving revision 1.21
diff -u -r1.21 distinfo
--- distinfo	7 Jun 2004 21:44:37 -0000	1.21
+++ distinfo	5 Aug 2004 13:51:40 -0000
@@ -1,2 +1,2 @@
-MD5 (samba-2.2.9-ja-1.0.tar.bz2) = 7648a1afc62ffb8e1f507f731f3f8de3
-SIZE (samba-2.2.9-ja-1.0.tar.bz2) = 7474160
+MD5 (samba-2.2.10-ja-1.0.tar.bz2) = 73d85b6ff8c6d3a925ff70f264eaeded
+SIZE (samba-2.2.10-ja-1.0.tar.bz2) = 7473659
Index: pkg-plist
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/pkg-plist,v
retrieving revision 1.16
diff -u -r1.16 pkg-plist
--- pkg-plist	7 Jun 2004 21:44:37 -0000	1.16
+++ pkg-plist	4 Aug 2004 15:10:26 -0000
@@ -82,7 +82,8 @@
 etc/codepages/unicode_map.KOI8-R
 etc/codepages/unicode_map.KOI8-U
 @dirrm etc/codepages
-etc/rc.d/samba.sh.sample
+ at unexec %D/etc/rc.d/samba.sh forcestop 2>/dev/null || true
+etc/rc.d/samba.sh
 etc/smb.conf.default
 %%AUDIT%%lib/samba/audit.so
 %%RECYCLE%%lib/samba/recycle.so
Index: files/samba.sh.sample
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/files/samba.sh.sample,v
retrieving revision 1.2
diff -u -r1.2 samba.sh.sample
--- files/samba.sh.sample	19 Jan 2002 11:05:29 -0000	1.2
+++ files/samba.sh.sample	4 Aug 2004 15:10:27 -0000
@@ -1,30 +1,123 @@
 #!/bin/sh
 #
 # $FreeBSD: ports/japanese/samba/files/samba.sh.sample,v 1.2 2002/01/19 11:05:29 knu Exp $
+#
 
-smbspool=/var/spool/samba
-pidfiledir=/var/run
-smbd=/usr/local/sbin/smbd
-nmbd=/usr/local/sbin/nmbd
-
-# start
-if [ "x$1" = "x" -o "x$1" = "xstart" ]; then
-	if [ -f $smbd ]; then
-		if [ -d $smbspool ]; then
-			rm -f $smbspool/*
-		fi
-		echo -n ' Samba'
-		$nmbd -D
-		$smbd -D
-	fi
-
-# stop
-elif [ "x$1" = "xstop" ]; then
-	kill `cat $pidfiledir/smbd.pid`
-	kill `cat $pidfiledir/nmbd.pid`
-
-# restart
-elif [ "x$1" = "xrestart" ]; then
-	$0 stop
-	$0 start
+# PROVIDE: nmbd smbd
+%%WINBIND%%# PROVIDE: winbindd
+# REQUIRE: NETWORKING SERVERS named %%CUPS%%
+# BEFORE: DAEMON
+# KEYWORD: FreeBSD shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable samba:
+#
+#samba_enable="YES"
+#
+# or, for fine grain control
+#
+#nmbd_enable="YES"
+#smbd_enable="YES"
+%%WINBIND%%#winbindd_enable="YES"
+#
+
+. %%RC_SUBR%%
+
+name=samba
+rcvar=`set_rcvar`
+
+load_rc_config $name
+# Set defaults
+samba_config=${samba_config:-"%%SAMBA_CONFIG%%"}
+# Config file is required
+if [ ! -r ${samba_config} ]; then
+    warn "${samba_config} is not readable."
+    case $1 in
+	force*) : ;;
+	*) exit 1 ;;
+    esac
+fi
+
+if test -n ${samba_enable:-""} && checkyesno samba_enable; then
+    nmbd_enable=${nmbd_enable:-"YES"}
+    smbd_enable=${smbd_enable:-"YES"}
+%%WINBIND%%    winbindd_enable=${winbindd_enable:-"YES"}
+%%WINBIND%%    # Check, that winbind is actally configured
+%%WINBIND%%    if [ ! "`egrep -i '(idmap.*uid|winbind.*uid)' ${samba_config} 2>/dev/null | egrep -v [\#\;]`" ]; then
+%%WINBIND%%    	#warn "Winbind support is not configured"
+%%WINBIND%%	winbindd_enable="NO"
+%%WINBIND%%    fi
 fi
+
+# Hack until run_rc_command() get rid of exit()
+samba_stop() {
+    pid=$(check_pidfile ${pidfile} ${command})
+    if [ -z ${pid} ]; then
+	echo "${name} not running? (check ${pidfile})."
+	return 1
+    fi
+    echo "Stopping ${command}."
+    kill -${sig_stop:-TERM} ${pid}
+    [ $? -ne 0 ] && [ -z "$rc_force" ] && return 1
+    wait_for_pids ${pid}
+}
+
+nmbd_precmd() {
+    # XXX: Never delete winbindd_idmap, winbindd_cache and group_mapping
+    if [ -d "%%SAMBA_LOCKDIR%%" ]; then
+	echo "Starting SAMBA: removing stale tdbs :"
+	for file in connections.tdb locking.tdb messages.tdb \
+		    sessionid.tdb unexpected.tdb brlock.tdb \
+		    namelist.debug
+	do
+	    rm -vf "%%SAMBA_LOCKDIR%%/$file"
+	done
+    fi
+}
+
+# nmbd
+name=nmbd
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/${name}"
+required_dirs="%%SAMBA_LOCKDIR%%"
+pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+start_precmd="nmbd_precmd"
+stop_cmd="samba_stop"
+# Defaults
+nmbd_enable=${nmbd_enable:-"NO"}
+nmbd_flags=${nmbd_flags:-"-D"}
+command_args="-s ${samba_config}"
+
+load_rc_config $name
+run_rc_command "$1"
+
+# smbd
+name=smbd
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/${name}"
+pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+start_precmd=":"
+stop_cmd="samba_stop"
+# Defaults
+smbd_enable=${smbd_enable:-"NO"}
+smbd_flags=${smbd_flags:-"-D"}
+command_args="-s ${samba_config}"
+
+load_rc_config $name
+run_rc_command "$1"
+%%WINBIND%%
+%%WINBIND%%# winbindd
+%%WINBIND%%name=winbindd
+%%WINBIND%%rcvar=`set_rcvar`
+%%WINBIND%%command="%%PREFIX%%/sbin/${name}"
+%%WINBIND%%required_dirs="%%SAMBA_LOCKDIR%%"
+%%WINBIND%%pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+%%WINBIND%%start_precmd=":"
+%%WINBIND%%stop_cmd="samba_stop"
+%%WINBIND%%# Defaults
+%%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"}
+%%WINBIND%%winbindd_flags=${winbindd_flags:-""}
+%%WINBIND%%command_args="-s ${samba_config}"
+%%WINBIND%%
+%%WINBIND%%load_rc_config $name
+%%WINBIND%%run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list