ff3c3af95e
This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities: o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible) o CVE-2016-2115 (SMB IPC traffic is not integrity protected) o CVE-2016-2114 ("server signing = mandatory" not enforced) o CVE-2016-2113 (Missing TLS certificate validation) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) o CVE-2015-5370 (Multiple errors in DCE-RPC code)
204 lines
6.3 KiB
Makefile
204 lines
6.3 KiB
Makefile
# $NetBSD: Makefile,v 1.17 2016/04/13 08:26:10 manu Exp $
|
|
|
|
DISTNAME= samba-${VERSION}
|
|
CATEGORIES= net
|
|
MASTER_SITES= http://download.samba.org/pub/samba/stable/
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://www.samba.org/
|
|
COMMENT= SMB/CIFS protocol server suite
|
|
LICENSE= gnu-gpl-v3
|
|
|
|
DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
|
|
|
|
VERSION= 4.3.8
|
|
CONFLICTS+= ja-samba-[0-9]* pam-smbpass-[0-9]* tdb-[0-9]* winbind-[0-9]*
|
|
|
|
BUILD_DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat
|
|
|
|
BUILD_DEFS+= VARBASE
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
SMB_LIB?= ${PREFIX}/lib
|
|
|
|
PKG_SYSCONFSUBDIR= samba
|
|
SMB_SHAREDSTATE?= ${PREFIX}/com
|
|
SMB_LOCALSTATE?= ${VARBASE}
|
|
SMB_INFO?= ${PREFIX}/info
|
|
SMB_MAN?= ${PREFIX}/${PKGMANDIR}
|
|
SMB_STATE?= ${VARBASE}/run
|
|
SMB_PRIVATE?= ${SMB_LIB}/samba/private
|
|
SMB_PID?= ${VARBASE}/run
|
|
SMB_CACHE?= ${VARBASE}/run
|
|
SMB_LOCK?= ${VARBASE}/run
|
|
SMB_LOGFILEBASE?= ${VARBASE}/log
|
|
SMB_SOCKETS?= ${VARBASE}/run
|
|
SMB_MODULES?= ${SMB_LIB}/samba
|
|
SMB_PRIVATELIB?= ${SMB_LIB}/samba/private
|
|
SMB_PRIVSOCKETS?= ${VARBASE}/run
|
|
SMB_CONFIG?= ${PKG_SYSCONFDIR}
|
|
SMB_DATAROOT?= ${PREFIX}/share/samba
|
|
SMB_LOCALE?= ${PREFIX}/share/locale
|
|
SMB_DOC?= ${PREFIX}/share/doc/samba
|
|
SMB_PAMMODULES?= ${SMB_LIB}/samba/security
|
|
|
|
FILES_SUBST+= SMB_CONFIG=${SMB_CONFIG}
|
|
FILES_SUBST+= SMB_PID=${SMB_PID}
|
|
|
|
# mktemp is useful for the replacement adduser script, but don't require
|
|
# a full dependency since it's not actually needed by samba.
|
|
USE_TOOLS+= gmake mktemp perl:run
|
|
|
|
REPLACE_PERL= script/findsmb.in
|
|
|
|
USE_GNU_ICONV= yes # FIXME: something doesn't work on NetBSD
|
|
BROKEN_GETTEXT_DETECTION=yes
|
|
|
|
# Debugging
|
|
#CONFIGURE_ARGS+= -vvv
|
|
#CONFIGURE_ARGS+= --enable-developer
|
|
#CONFIGURE_ARGS+= --fatal-errors
|
|
|
|
HAS_CONFIGURE= yes
|
|
CONFIGURE_ENV+= XSLTPROC=${FALSE} # suppress generation of man pages
|
|
CONFIGURE_ARGS+= --libdir=${SAMBA_LIB}
|
|
CONFIG_SHELL= ${PYTHONBIN}
|
|
CONFIGURE_SCRIPT= ${WRKSRC}/buildtools/bin/waf
|
|
CONFIGURE_ARGS+= configure
|
|
CONFIGURE_ARGS+= --prefix=${PREFIX}
|
|
CONFIGURE_ARGS+= --infodir=${SMB_INFO}
|
|
CONFIGURE_ARGS+= --mandir=${SMB_MAN}
|
|
CONFIGURE_ARGS+= --datarootdir=${SMB_DATAROOT}
|
|
CONFIGURE_ARGS+= --localedir=${SMB_LOCALE}
|
|
CONFIGURE_ARGS+= --docdir=${SMB_DOC}
|
|
CONFIGURE_ARGS+= --with-statedir=${SMB_STATE}
|
|
CONFIGURE_ARGS+= --with-privatedir=${SMB_PRIVATE}
|
|
CONFIGURE_ARGS+= --with-piddir=${SMB_PID}
|
|
CONFIGURE_ARGS+= --with-cachedir=${SMB_CACHE}
|
|
CONFIGURE_ARGS+= --with-lockdir=${SMB_LOCK}
|
|
CONFIGURE_ARGS+= --with-logfilebase=${SMB_LOGFILEBASE}
|
|
CONFIGURE_ARGS+= --with-sockets-dir=${SMB_SOCKETS}
|
|
CONFIGURE_ARGS+= --with-modulesdir=${SMB_MODULES}
|
|
CONFIGURE_ARGS+= --with-privatelibdir=${SMB_PRIVATELIB}
|
|
CONFIGURE_ARGS+= --with-privileged-socket-dir=${SMB_PRIVSOCKETS}
|
|
CONFIGURE_ARGS+= --with-configdir=${SMB_CONFIG}
|
|
CONFIGURE_ARGS+= --with-libiconv=${BUILDLINK_PREFIX.iconv}
|
|
CONFIGURE_ARGS+= --with-gettext=${BUILDLINK_PREFIX.gettext}
|
|
#CONFIGURE_ARGS+= --bundled-libraries=com_err
|
|
CONFIGURE_ARGS+= --enable-gnutls
|
|
CONFIGURE_ARGS+= --with-system-mitkrb5
|
|
CONFIGURE_ARGS+= --abi-check-disable
|
|
#CONFIGURE_ARGS+= --bundled-libraries=!crypto,ldb,ntdb,talloc,tdb,tevent
|
|
.if defined(MAKE_JOBS) && !empty(MAKE_JOBS) && !(defined(MAKE_JOBS_SAFE) && !empty(MAKE_JOBS_SAFE:M[nN][oO]))
|
|
CONFIGURE_ARGS+= --jobs=${MAKE_JOBS}
|
|
.else
|
|
CONFIGURE_ARGS+= --jobs=1
|
|
.endif
|
|
|
|
# Depends on ncurses, explicitly disable for now.
|
|
CONFIGURE_ARGS+= --without-regedit
|
|
|
|
# for winbind option build.
|
|
.if ${OPSYS} != "SunOS"
|
|
LDFLAGS+= -Wl,--allow-shlib-undefined
|
|
.endif
|
|
LDFLAGS+= ${BUILDLINK_LDADD.gettext}
|
|
LDFLAGS+= ${COMPILER_RPATH_FLAG}${SMB_PRIVATELIB}
|
|
|
|
CFLAGS.SunOS+= -DHAVE_SOLARIS_GETGRENT_R
|
|
|
|
.include "options.mk"
|
|
|
|
PLIST_VARS+= macosx
|
|
|
|
.if ${OPSYS} == "Darwin"
|
|
PLIST.macosx= yes
|
|
.endif
|
|
|
|
.if ${_OPSYS_SHLIB_TYPE} == "dylib"
|
|
PLIST_SUBST+= LIBEXT=dylib
|
|
SAMBA_LIBEXT= dylib
|
|
.else
|
|
PLIST_SUBST+= LIBEXT=so
|
|
SAMBA_LIBEXT= so
|
|
.endif
|
|
|
|
.if !defined(PWD_MKDB)
|
|
PWD_MKDB!= ${TYPE} pwd_mkdb 2>&1 | \
|
|
${AWK} '/not found/ { print "pwd_mkdb"; exit } { print $$3 }'
|
|
MAKEFLAGS+= PWD_MKDB=${PWD_MKDB:Q}
|
|
.endif
|
|
FILES_SUBST+= MKTEMP=${MKTEMP:Q}
|
|
FILES_SUBST+= PWD_MKDB=${PWD_MKDB:Q}
|
|
|
|
INSTALLATION_DIRS+= ${DOCDIR} ${EGDIR}
|
|
|
|
DOCDIR= share/doc/${PKGBASE}
|
|
EGDIR= share/examples/${PKGBASE}
|
|
CONF_FILES= ${PREFIX}/${EGDIR}/smb.conf.default ${SMB_CONFIG}/smb.conf
|
|
OWN_DIRS_PERMS= ${SMB_PRIVATE} ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700
|
|
RCD_SCRIPTS+= samba nmbd smbd ${WINBINDD_RCD_SCRIPT}
|
|
|
|
SUBST_CLASSES+= paths
|
|
SUBST_MESSAGE.paths= Fixing paths.
|
|
SUBST_FILES.paths= ${WRKDIR}/adduser.sh ${WRKDIR}/deluser.sh
|
|
SUBST_STAGE.paths= post-patch
|
|
SUBST_SED.paths+= -e 's,@AWK@,${AWK},g'
|
|
SUBST_SED.paths+= -e 's,@CAT@,${CAT},g'
|
|
SUBST_SED.paths+= -e 's,@MKTEMP@,${MKTEMP},g'
|
|
SUBST_SED.paths+= -e 's,@RM@,${RM},g'
|
|
SUBST_SED.paths+= -e 's,@PWD_MKDB@,${PWD_MKDB},g'
|
|
SUBST_SED.paths+= -e 's,@SH@,${SH},g'
|
|
|
|
SUBST_CLASSES+= logpath
|
|
SUBST_MESSAGE.logpath= Fixing log path.
|
|
SUBST_FILES.logpath= examples/smb.conf.default
|
|
SUBST_STAGE.logpath= pre-configure
|
|
SUBST_SED.logpath+= -e 's,/usr/local/samba/var/log.%m,${SMB_LOGFILEBASE}/log.%m,g'
|
|
|
|
.if ${INIT_SYSTEM} == "rc.d"
|
|
MESSAGE_SRC= ${PKGDIR}/MESSAGE.rcd
|
|
.endif
|
|
|
|
post-extract:
|
|
${CP} ${FILESDIR}/adduser.sh ${FILESDIR}/deluser.sh ${WRKDIR}
|
|
|
|
post-install:
|
|
set -e ; cd ${WRKSRC}/docs-xml/registry; for f in *.reg; do \
|
|
${INSTALL_DATA} $${f} ${DESTDIR}${PREFIX}/${DOCDIR}/$${f}; \
|
|
done
|
|
${INSTALL_SCRIPT} ${WRKDIR}/adduser.sh \
|
|
${DESTDIR}${PREFIX}/${EGDIR}/adduser.sh
|
|
${INSTALL_SCRIPT} ${WRKDIR}/deluser.sh \
|
|
${DESTDIR}${PREFIX}/${EGDIR}/deluser.sh
|
|
${INSTALL_DATA} ${WRKSRC}/examples/LDAP/samba.schema \
|
|
${DESTDIR}${PREFIX}/${EGDIR}
|
|
${INSTALL_DATA} ${WRKSRC}/examples/smb.conf.default \
|
|
${DESTDIR}${PREFIX}/${EGDIR}
|
|
|
|
REPLACE_PERL= pidl/pidl
|
|
REPLACE_PYTHON= buildtools/bin/waf \
|
|
source4/setup/* \
|
|
source4/scripting/bin/* \
|
|
lib/tevent/tevent.py
|
|
|
|
PYTHON_VERSIONS_INCOMPATIBLE= 33 34 35 # as of 4.3.2
|
|
|
|
.include "../../lang/python/application.mk"
|
|
|
|
PY_PATCHPLIST= yes
|
|
.include "../../lang/python/extension.mk"
|
|
|
|
.if ${OPSYS} == "Linux"
|
|
.include "../../devel/libuuid/buildlink3.mk"
|
|
.endif
|
|
.include "../../converters/libiconv/buildlink3.mk"
|
|
.include "../../devel/gettext-lib/buildlink3.mk"
|
|
.include "../../devel/popt/buildlink3.mk"
|
|
.include "../../devel/readline/buildlink3.mk"
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/gnutls/buildlink3.mk"
|
|
BUILDLINK_API_DEPENDS.mit-krb5+= mit-krb5>=1.9.0
|
|
.include "../../security/mit-krb5/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|