diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-10-25 06:33:38 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-10-25 06:35:34 +0000 |
commit | 427ff6422a5158b148b925494e82d2da9dd9cafb (patch) | |
tree | aee631fe87ec193e0512ab4a9f5e04974c83c664 /main/samba | |
parent | 827f4bcd760cf400406186ba3b0cc42f171fee14 (diff) | |
download | aports-427ff6422a5158b148b925494e82d2da9dd9cafb.zip |
main/samba: security upgrade to 4.7.0
(CVE-2017-12150, CVE-2017-12151, CVE-2017-12163)
fixes #7891
Diffstat (limited to 'main/samba')
-rw-r--r-- | main/samba/APKBUILD | 90 |
1 files changed, 38 insertions, 52 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 6f04cfad467..d96c5c5273c 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba -pkgver=4.6.6 -pkgrel=1 +pkgver=4.7.0 +pkgrel=0 pkgdesc="Tools to access a server's filespace and printers via SMB" url="http://www.samba.org" arch="all" @@ -40,7 +40,7 @@ depends="$pkgname-server=$pkgver-r$pkgrel # note that heimdal is required (over mit krb5) for AD DC functionality makedepends="popt-dev ncurses-dev openldap-dev e2fsprogs-dev - talloc-dev tdb-dev py-tdb ldb-dev<1.2 cups-dev python2-dev libcap-dev + talloc-dev tdb-dev py-tdb ldb-dev>=1.2.2 cups-dev python2-dev libcap-dev tevent-dev py-tevent iniparser-dev perl subunit-dev docbook-xsl libarchive-dev acl-dev" source="https://us1.samba.org/samba/ftp/stable/$pkgname-$pkgver.tar.gz @@ -58,6 +58,10 @@ pkggroups="winbind" builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.7.0-r0: +# - CVE-2017-12150 +# - CVE-2017-12151 +# - CVE-2017-12163 # 4.6.1-r0: # - CVE-2017-2619 @@ -93,25 +97,23 @@ build() { --enable-cups \ --without-gettext \ --bundled-libraries=NONE,ntdb,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,cmocka \ - --disable-rpath-install \ - || return 1 - make || return 1 + --disable-rpath-install + make } package() { cd "$builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install install -d "$pkgdir"/var/log/$pkgname \ - "$pkgdir"/usr/share/doc/$pkgname \ - || return 1 - install -dm755 "$pkgdir"/var/lib/$pkgname/sysvol || return 1 - install -Dm644 packaging/LSB/smb.conf \ - "$pkgdir"/etc/$pkgname/smb.conf || return 1 + "$pkgdir"/usr/share/doc/$pkgname + install -dm755 "$pkgdir"/var/lib/$pkgname/sysvol + install -Dm644 examples/smb.conf.default \ + "$pkgdir"/etc/$pkgname/smb.conf install -Dm644 packaging/RHEL/setup/smbusers \ - "$pkgdir"/etc/$pkgname/smbusers || return 1 + "$pkgdir"/etc/$pkgname/smbusers install -m744 packaging/printing/smbprint \ - "$pkgdir"/usr/bin/smbprint || return 1 + "$pkgdir"/usr/bin/smbprint install -Dm644 "$srcdir"/$pkgname.logrotate \ "$pkgdir"/etc/logrotate.d/$pkgname } @@ -130,7 +132,7 @@ _mv_files() { */*) mkdir -p "$subpkgdir"/${i%/*};; *) mkdir -p "$subpkgdir";; esac - mv "$pkgdir"/$i "$subpkgdir"/$i || return 1 + mv "$pkgdir"/$i "$subpkgdir"/$i done } @@ -140,8 +142,7 @@ common() { cd "$pkgdir" _mv_files \ etc \ - var \ - || return 1 + var install -d -m700 "$subpkgdir"/var/lib/$pkgname/private } @@ -152,8 +153,7 @@ _libs_py() { cd "$pkgdir" _mv_files \ usr/lib/$pkgname/libsamba-net-samba4.so \ - usr/lib/$pkgname/libsamba-python-samba4.so \ - || return 1 + usr/lib/$pkgname/libsamba-python-samba4.so return 0 } @@ -169,8 +169,7 @@ _common_tools() { usr/bin/smbpasswd \ usr/bin/testparm \ usr/lib/$pkgname/libgpo-samba4.so \ - usr/lib/$pkgname/libnet-keytab-samba4.so \ - || return 1 + usr/lib/$pkgname/libnet-keytab-samba4.so } _common_server_libs() { @@ -188,8 +187,7 @@ _common_server_libs() { usr/lib/$pkgname/libsmbd-base-samba4.so \ usr/lib/$pkgname/libsmbd-conn-samba4.so \ usr/lib/$pkgname/libsmbldaphelper-samba4.so \ - usr/lib/$pkgname/pdb \ - || return 1 + usr/lib/$pkgname/pdb } _common_libs() { @@ -207,7 +205,7 @@ _common_libs() { usr/lib/$pkgname/liblibsmb-samba4.so \ usr/lib/$pkgname/libmsrpc3-samba4.so \ usr/lib/$pkgname/libndr-samba4.so \ - || return 1 + usr/lib/$pkgname/libMESSAGING-SEND-samba4.so } libsmbclient() { @@ -215,8 +213,7 @@ libsmbclient() { depends= cd "$pkgdir" _mv_files \ - usr/lib/libsmbclient.so.* \ - || return 1 + usr/lib/libsmbclient.so.* } _client_libs() { @@ -232,8 +229,7 @@ _client_libs() { usr/lib/$pkgname/libhttp-samba4.so \ usr/lib/$pkgname/libnetif-samba4.so \ usr/lib/$pkgname/libregistry-samba4.so \ - usr/lib/$pkgname/libsmbclient-raw-samba4.so \ - || return 1 + usr/lib/$pkgname/libsmbclient-raw-samba4.so } client() { @@ -262,8 +258,7 @@ client() { usr/bin/smbspool \ usr/bin/smbtar \ usr/bin/smbtree \ - usr/lib/$pkgname/smbspool_krb5_wrapper \ - || return 1 + usr/lib/$pkgname/smbspool_krb5_wrapper } _server_libs() { @@ -276,8 +271,7 @@ _server_libs() { usr/lib/$pkgname/libidmap-samba4.so \ usr/lib/$pkgname/libnss-info-samba4.so \ \ - usr/lib/$pkgname/libnon-posix-acls-samba4.so \ - || return 1 + usr/lib/$pkgname/libnon-posix-acls-samba4.so } @@ -290,8 +284,7 @@ winbind() { _mv_files \ usr/sbin/winbindd \ usr/lib/$pkgname/idmap \ - usr/lib/$pkgname/nss_info \ - || return 1 + usr/lib/$pkgname/nss_info install -d -g winbind -m 750 \ "$subpkgdir"/var/cache/$pkgname/winbindd_privileged } @@ -303,8 +296,7 @@ libwbclient() { _mv_files \ usr/lib/libwbclient.so.* \ usr/lib/$pkgname/libreplace-samba4.so \ - usr/lib/$pkgname/libwinbind-client-samba4.so \ - || return 1 + usr/lib/$pkgname/libwinbind-client-samba4.so } _winbind_clients() { @@ -313,8 +305,7 @@ _winbind_clients() { cd "$pkgdir" _mv_files \ usr/bin/ntlm_auth \ - usr/bin/wbinfo \ - || return 1 + usr/bin/wbinfo } _libnss_winbind() { @@ -323,8 +314,7 @@ _libnss_winbind() { cd "$pkgdir" _mv_files \ usr/lib/libnss_winbind.so* \ - usr/lib/libnss_wins.so* \ - || return 1 + usr/lib/libnss_wins.so* } _winbind_krb5_locator() { @@ -332,8 +322,7 @@ _winbind_krb5_locator() { depends= cd "$pkgdir" _mv_files \ - usr/lib/winbind_krb5_locator.so \ - || return 1 + usr/lib/winbind_krb5_locator.so } dc() { @@ -410,8 +399,7 @@ server() { \ usr/lib/$pkgname/auth \ usr/lib/$pkgname/libxattr-tdb-samba4.so \ - usr/lib/$pkgname/vfs \ - || return 1 + usr/lib/$pkgname/vfs } @@ -421,8 +409,7 @@ pidl() { cd "$pkgdir" _mv_files \ usr/bin/pidl \ - usr/share/perl* \ - || return 1 + usr/share/perl* } _py() { @@ -443,8 +430,7 @@ _test() { usr/bin/ndrdump \ usr/bin/smbtorture \ usr/lib/$pkgname/libdlz-bind9-for-torture-samba4.so \ - usr/lib/$pkgname/libtorture-samba4.so \ - || return 1 + usr/lib/$pkgname/libtorture-samba4.so } libs() { @@ -466,13 +452,14 @@ libs() { usr/lib/$pkgname/libCHARSET3-samba4.so \ usr/lib/$pkgname/libaddns-samba4.so \ usr/lib/$pkgname/libasn1util-samba4.so \ - usr/lib/$pkgname/libauth-sam-reply-samba4.so \ usr/lib/$pkgname/libauthkrb5-samba4.so \ usr/lib/$pkgname/libcli-cldap-samba4.so \ usr/lib/$pkgname/libcli-ldap-common-samba4.so \ usr/lib/$pkgname/libcli-nbt-samba4.so \ usr/lib/$pkgname/libcli-smb-common-samba4.so \ usr/lib/$pkgname/libcliauth-samba4.so \ + usr/lib/$pkgname/libcommon-auth-samba4.so \ + usr/lib/$pkgname/libcmocka-samba4.so \ usr/lib/$pkgname/libdbwrap-samba4.so \ usr/lib/$pkgname/libflag-mapping-samba4.so \ usr/lib/$pkgname/libgenrand-samba4.so \ @@ -507,8 +494,7 @@ libs() { usr/lib/$pkgname/libutil-cmdline-samba4.so \ usr/lib/$pkgname/libutil-reg-samba4.so \ usr/lib/$pkgname/libutil-setid-samba4.so \ - usr/lib/$pkgname/libutil-tdb-samba4.so \ - || return 1 + usr/lib/$pkgname/libutil-tdb-samba4.so # exit with error if some stuff stayed at main pack rmdir "$pkgdir"/usr/lib/$pkgname \ "$pkgdir"/usr/share \ @@ -518,7 +504,7 @@ libs() { "$pkgdir"/usr } -sha512sums="e06bdc83f44c449212f2e45a902e2ca547505a75e970166259b91d2093fb442cdfd456e724d0e842b674b4b8d5bdbe9072996d768c08ebd979a44b2494a59799 samba-4.6.6.tar.gz +sha512sums="c69da34566ec672ed17f86ecf793154374c71dd33b588adceed5fbd9345d978a4ffeced5d3a4033edb4daedac2294ed088beed8cdde19724f9d03da54e22e4ee samba-4.7.0.tar.gz b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb4214655ed3154c143c20431d248cde828285380bafbf4d2627df9b uclibc-xattr-create.patch 62d373dbaee75121a1d73f2c09cdca7239705808ff807b171d1d5a28fd4ffc66bdb52494b62786d7aaba8aeece5c08433b532ca96a28d712452fe9daac8d8d2e domain.patch 0d4fd9862191554dc9c724cec0b94fd19afbfd0c4ed619e4c620c075e849cb3f3d44db1e5f119d890da23a3dd0068d9873703f3d86c47b91310521f37356208b getpwent_r.patch |