ports/70034: [japanese/samba] security update of samba-2.2.10-ja-1.0 was released
NAKAJI Hiroyuki
nakaji at jp.freebsd.org
Thu Aug 5 14:10:26 UTC 2004
>Number: 70034
>Category: ports
>Synopsis: [japanese/samba] security update of samba-2.2.10-ja-1.0 was released
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 05 14:10:19 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: NAKAJI Hiroyuki
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD xa12.heimat.gr.jp 5.2-CURRENT FreeBSD 5.2-CURRENT #15: Thu Jul 22 23:29:03 JST 2004 root at xa12.heimat.gr.jp:/usr/obj/home/nakaji/FreeBSD-PC98/src/sys/NAKAJI i386
>Description:
Samba-2.2.10-ja-1.0 was released on Aug 4 2004. This is a
security fix for CAN-2004-0686.
In addition, files/samba.sh.sample is imported from net/samba3
to use rcNG.
>How-To-Repeat:
>Fix:
Diff from ports-current is attached below.
Index: Makefile
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/Makefile,v
retrieving revision 1.42
diff -u -r1.42 Makefile
--- Makefile 7 Jun 2004 21:44:37 -0000 1.42
+++ Makefile 5 Aug 2004 13:32:34 -0000
@@ -21,7 +21,7 @@
CONFLICTS= samba-2.2.* samba-3.0.* sharity-light-1.*
-SAMBA_VERSION= 2.2.9
+SAMBA_VERSION= 2.2.10
SAMBA_JA_VERSION= 1.0
USE_BZIP2= yes
@@ -60,9 +60,14 @@
VARDIR= /var
SAMBA_SPOOL= ${VARDIR}/spool/samba
SAMBA_LOGDIR= ${VARDIR}/log
+SAMBA_RUNDIR= ${VARDIR}/run
+SAMBA_LOCKDIR= ${VARDIR}/db/samba
SAMBA_PRIVATE= ${PREFIX}/private
SAMBA_CONFDIR= ${PREFIX}/etc
+SAMBA_SWATDIR= ${PREFIX}/share/swat
SAMBA_VFSDIR= ${PREFIX}/lib/samba
+SAMBA_CONFIG= ${SAMBA_CONFDIR}/smb.conf
+
SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \
TOUCH="${TOUCH}" \
MKDIR="${MKDIR}" \
@@ -70,21 +75,23 @@
SAMBA_OPTIONS="${SAMBA_OPTIONS}" \
REALCURDIR="${.CURDIR}"
# sample files
-STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/samba.sh.sample
+STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/samba.sh
SAMPLE_CONFIG= ${SAMBA_CONFDIR}/smb.conf.default
+.include <bsd.port.pre.mk>
+
+USE_RC_SUBR= yes
+
CONFIGURE_ARGS= --with-i18n-swat \
--libdir=${SAMBA_CONFDIR} \
- --localstatedir=${VARDIR} --with-swatdir=${PREFIX}/share/swat \
- --with-lockdir=${VARDIR}/db/samba \
+ --localstatedir=${VARDIR} --with-swatdir=${SAMBA_SWATDIR} \
+ --with-lockdir=${SAMBA_LOCKDIR} \
--with-logfilebase=${SAMBA_LOGDIR} \
--with-privatedir=${SAMBA_PRIVATE} \
--with-piddir=${VARDIR}/run \
--with-pam --with-pam_smbpass \
--with-included-popt
-.include <bsd.port.pre.mk>
-
.if defined(WITH_SYSLOG)
CONFIGURE_ARGS+= --with-syslog
.endif
@@ -116,6 +123,9 @@
.if defined(WITH_WINBIND)
CONFIGURE_ARGS+= --with-winbind
WINBIND= ""
+WINBIND_FILTER= ${SED} -e 's|%%WINBIND%%||g'
+.else
+WINBIND_FILTER= ${GREP} -v '^%%WINBIND%%'
.endif
.if defined(WITH_WINBIND_AUTH_CHALLENGE)
@@ -179,6 +189,16 @@
WINBIND=${WINBIND} \
SMBSH=${SMBSH}
+RC_SCRIPTS_SUB= PREFIX=${PREFIX} \
+ CUPS=${CUPS} \
+ RC_SUBR=${RC_SUBR} \
+ SAMBA_CONFDIR=${SAMBA_CONFDIR} \
+ SAMBA_CONFIG=${SAMBA_CONFIG} \
+ SAMBA_LOGDIR=${SAMBA_LOGDIR} \
+ SAMBA_RUNDIR=${SAMBA_RUNDIR} \
+ SAMBA_LOCKDIR=${SAMBA_LOCKDIR} \
+ SAMBA_SPOOL=${SAMBA_SPOOL}
+
post-patch:
${FIND} ${WRKSRC}/.. -name '*.orig' -delete
@@ -187,8 +207,8 @@
(cd ${WRKSRC} && make proto)
post-build:
- ${SED} 's:/usr/local:${PREFIX}:g' ${FILESDIR}/samba.sh.sample \
- > ${WRKDIR}/samba.sh.sample
+ ${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
+ ${FILESDIR}/samba.sh.sample | ${WINBIND_FILTER} > ${WRKDIR}/samba.sh.sample
.if defined(WITH_RECYCLE) || defined(WITH_AUDIT)
cd ${WRKSRC}/../examples/VFS; \
./configure;${MAKE}; \
Index: distinfo
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/distinfo,v
retrieving revision 1.21
diff -u -r1.21 distinfo
--- distinfo 7 Jun 2004 21:44:37 -0000 1.21
+++ distinfo 5 Aug 2004 13:51:40 -0000
@@ -1,2 +1,2 @@
-MD5 (samba-2.2.9-ja-1.0.tar.bz2) = 7648a1afc62ffb8e1f507f731f3f8de3
-SIZE (samba-2.2.9-ja-1.0.tar.bz2) = 7474160
+MD5 (samba-2.2.10-ja-1.0.tar.bz2) = 73d85b6ff8c6d3a925ff70f264eaeded
+SIZE (samba-2.2.10-ja-1.0.tar.bz2) = 7473659
Index: pkg-plist
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/pkg-plist,v
retrieving revision 1.16
diff -u -r1.16 pkg-plist
--- pkg-plist 7 Jun 2004 21:44:37 -0000 1.16
+++ pkg-plist 4 Aug 2004 15:10:26 -0000
@@ -82,7 +82,8 @@
etc/codepages/unicode_map.KOI8-R
etc/codepages/unicode_map.KOI8-U
@dirrm etc/codepages
-etc/rc.d/samba.sh.sample
+ at unexec %D/etc/rc.d/samba.sh forcestop 2>/dev/null || true
+etc/rc.d/samba.sh
etc/smb.conf.default
%%AUDIT%%lib/samba/audit.so
%%RECYCLE%%lib/samba/recycle.so
Index: files/samba.sh.sample
===================================================================
RCS file: /net/pcat/home/ncvs/ports/japanese/samba/files/samba.sh.sample,v
retrieving revision 1.2
diff -u -r1.2 samba.sh.sample
--- files/samba.sh.sample 19 Jan 2002 11:05:29 -0000 1.2
+++ files/samba.sh.sample 4 Aug 2004 15:10:27 -0000
@@ -1,30 +1,123 @@
#!/bin/sh
#
# $FreeBSD: ports/japanese/samba/files/samba.sh.sample,v 1.2 2002/01/19 11:05:29 knu Exp $
+#
-smbspool=/var/spool/samba
-pidfiledir=/var/run
-smbd=/usr/local/sbin/smbd
-nmbd=/usr/local/sbin/nmbd
-
-# start
-if [ "x$1" = "x" -o "x$1" = "xstart" ]; then
- if [ -f $smbd ]; then
- if [ -d $smbspool ]; then
- rm -f $smbspool/*
- fi
- echo -n ' Samba'
- $nmbd -D
- $smbd -D
- fi
-
-# stop
-elif [ "x$1" = "xstop" ]; then
- kill `cat $pidfiledir/smbd.pid`
- kill `cat $pidfiledir/nmbd.pid`
-
-# restart
-elif [ "x$1" = "xrestart" ]; then
- $0 stop
- $0 start
+# PROVIDE: nmbd smbd
+%%WINBIND%%# PROVIDE: winbindd
+# REQUIRE: NETWORKING SERVERS named %%CUPS%%
+# BEFORE: DAEMON
+# KEYWORD: FreeBSD shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable samba:
+#
+#samba_enable="YES"
+#
+# or, for fine grain control
+#
+#nmbd_enable="YES"
+#smbd_enable="YES"
+%%WINBIND%%#winbindd_enable="YES"
+#
+
+. %%RC_SUBR%%
+
+name=samba
+rcvar=`set_rcvar`
+
+load_rc_config $name
+# Set defaults
+samba_config=${samba_config:-"%%SAMBA_CONFIG%%"}
+# Config file is required
+if [ ! -r ${samba_config} ]; then
+ warn "${samba_config} is not readable."
+ case $1 in
+ force*) : ;;
+ *) exit 1 ;;
+ esac
+fi
+
+if test -n ${samba_enable:-""} && checkyesno samba_enable; then
+ nmbd_enable=${nmbd_enable:-"YES"}
+ smbd_enable=${smbd_enable:-"YES"}
+%%WINBIND%% winbindd_enable=${winbindd_enable:-"YES"}
+%%WINBIND%% # Check, that winbind is actally configured
+%%WINBIND%% if [ ! "`egrep -i '(idmap.*uid|winbind.*uid)' ${samba_config} 2>/dev/null | egrep -v [\#\;]`" ]; then
+%%WINBIND%% #warn "Winbind support is not configured"
+%%WINBIND%% winbindd_enable="NO"
+%%WINBIND%% fi
fi
+
+# Hack until run_rc_command() get rid of exit()
+samba_stop() {
+ pid=$(check_pidfile ${pidfile} ${command})
+ if [ -z ${pid} ]; then
+ echo "${name} not running? (check ${pidfile})."
+ return 1
+ fi
+ echo "Stopping ${command}."
+ kill -${sig_stop:-TERM} ${pid}
+ [ $? -ne 0 ] && [ -z "$rc_force" ] && return 1
+ wait_for_pids ${pid}
+}
+
+nmbd_precmd() {
+ # XXX: Never delete winbindd_idmap, winbindd_cache and group_mapping
+ if [ -d "%%SAMBA_LOCKDIR%%" ]; then
+ echo "Starting SAMBA: removing stale tdbs :"
+ for file in connections.tdb locking.tdb messages.tdb \
+ sessionid.tdb unexpected.tdb brlock.tdb \
+ namelist.debug
+ do
+ rm -vf "%%SAMBA_LOCKDIR%%/$file"
+ done
+ fi
+}
+
+# nmbd
+name=nmbd
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/${name}"
+required_dirs="%%SAMBA_LOCKDIR%%"
+pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+start_precmd="nmbd_precmd"
+stop_cmd="samba_stop"
+# Defaults
+nmbd_enable=${nmbd_enable:-"NO"}
+nmbd_flags=${nmbd_flags:-"-D"}
+command_args="-s ${samba_config}"
+
+load_rc_config $name
+run_rc_command "$1"
+
+# smbd
+name=smbd
+rcvar=`set_rcvar`
+command="%%PREFIX%%/sbin/${name}"
+pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+start_precmd=":"
+stop_cmd="samba_stop"
+# Defaults
+smbd_enable=${smbd_enable:-"NO"}
+smbd_flags=${smbd_flags:-"-D"}
+command_args="-s ${samba_config}"
+
+load_rc_config $name
+run_rc_command "$1"
+%%WINBIND%%
+%%WINBIND%%# winbindd
+%%WINBIND%%name=winbindd
+%%WINBIND%%rcvar=`set_rcvar`
+%%WINBIND%%command="%%PREFIX%%/sbin/${name}"
+%%WINBIND%%required_dirs="%%SAMBA_LOCKDIR%%"
+%%WINBIND%%pidfile=%%SAMBA_RUNDIR%%/${name}.pid
+%%WINBIND%%start_precmd=":"
+%%WINBIND%%stop_cmd="samba_stop"
+%%WINBIND%%# Defaults
+%%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"}
+%%WINBIND%%winbindd_flags=${winbindd_flags:-""}
+%%WINBIND%%command_args="-s ${samba_config}"
+%%WINBIND%%
+%%WINBIND%%load_rc_config $name
+%%WINBIND%%run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list