From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Aug 5 14:10:25 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E975416A4CE for ; Thu, 5 Aug 2004 14:10:25 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D23F843D55 for ; Thu, 5 Aug 2004 14:10:25 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i75EAKlp004564 for ; Thu, 5 Aug 2004 14:10:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i75EAKnZ004563; Thu, 5 Aug 2004 14:10:20 GMT (envelope-from gnats) Resent-Date: Thu, 5 Aug 2004 14:10:20 GMT Resent-Message-Id: <200408051410.i75EAKnZ004563@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, NAKAJI Hiroyuki Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2482016A4CE for ; Thu, 5 Aug 2004 14:02:26 +0000 (GMT) Received: from xa12.heimat.gr.jp (xa12.heimat.gr.jp [202.216.136.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84DC343D53 for ; Thu, 5 Aug 2004 14:02:25 +0000 (GMT) (envelope-from nakaji@xa12.heimat.gr.jp) Received: from xa12.heimat.gr.jp (localhost [127.0.0.1]) by xa12.heimat.gr.jp (8.12.11/8.12.11) with ESMTP id i75E2NIF011669 for ; Thu, 5 Aug 2004 23:02:23 +0900 (JST) (envelope-from nakaji@xa12.heimat.gr.jp) Received: (from nakaji@localhost) by xa12.heimat.gr.jp (8.12.11/8.12.11/Submit) id i75E2M6L011664; Thu, 5 Aug 2004 23:02:22 +0900 (JST) (envelope-from nakaji) Message-Id: <200408051402.i75E2M6L011664@xa12.heimat.gr.jp> Date: Thu, 5 Aug 2004 23:02:22 +0900 (JST) From: NAKAJI Hiroyuki To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/70034: [japanese/samba] security update of samba-2.2.10-ja-1.0 was released X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: NAKAJI Hiroyuki List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2004 14:10:26 -0000 >Number: 70034 >Category: ports >Synopsis: [japanese/samba] security update of samba-2.2.10-ja-1.0 was released >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Aug 05 14:10:19 GMT 2004 >Closed-Date: >Last-Modified: >Originator: NAKAJI Hiroyuki >Release: FreeBSD 5.2-CURRENT i386 >Organization: >Environment: System: FreeBSD xa12.heimat.gr.jp 5.2-CURRENT FreeBSD 5.2-CURRENT #15: Thu Jul 22 23:29:03 JST 2004 root@xa12.heimat.gr.jp:/usr/obj/home/nakaji/FreeBSD-PC98/src/sys/NAKAJI i386 >Description: Samba-2.2.10-ja-1.0 was released on Aug 4 2004. This is a security fix for CAN-2004-0686. In addition, files/samba.sh.sample is imported from net/samba3 to use rcNG. >How-To-Repeat: >Fix: Diff from ports-current is attached below. Index: Makefile =================================================================== RCS file: /net/pcat/home/ncvs/ports/japanese/samba/Makefile,v retrieving revision 1.42 diff -u -r1.42 Makefile --- Makefile 7 Jun 2004 21:44:37 -0000 1.42 +++ Makefile 5 Aug 2004 13:32:34 -0000 @@ -21,7 +21,7 @@ CONFLICTS= samba-2.2.* samba-3.0.* sharity-light-1.* -SAMBA_VERSION= 2.2.9 +SAMBA_VERSION= 2.2.10 SAMBA_JA_VERSION= 1.0 USE_BZIP2= yes @@ -60,9 +60,14 @@ VARDIR= /var SAMBA_SPOOL= ${VARDIR}/spool/samba SAMBA_LOGDIR= ${VARDIR}/log +SAMBA_RUNDIR= ${VARDIR}/run +SAMBA_LOCKDIR= ${VARDIR}/db/samba SAMBA_PRIVATE= ${PREFIX}/private SAMBA_CONFDIR= ${PREFIX}/etc +SAMBA_SWATDIR= ${PREFIX}/share/swat SAMBA_VFSDIR= ${PREFIX}/lib/samba +SAMBA_CONFIG= ${SAMBA_CONFDIR}/smb.conf + SCRIPTS_ENV= WRKDIRPREFIX="${WRKDIRPREFIX}" \ TOUCH="${TOUCH}" \ MKDIR="${MKDIR}" \ @@ -70,21 +75,23 @@ SAMBA_OPTIONS="${SAMBA_OPTIONS}" \ REALCURDIR="${.CURDIR}" # sample files -STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/samba.sh.sample +STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/samba.sh SAMPLE_CONFIG= ${SAMBA_CONFDIR}/smb.conf.default +.include + +USE_RC_SUBR= yes + CONFIGURE_ARGS= --with-i18n-swat \ --libdir=${SAMBA_CONFDIR} \ - --localstatedir=${VARDIR} --with-swatdir=${PREFIX}/share/swat \ - --with-lockdir=${VARDIR}/db/samba \ + --localstatedir=${VARDIR} --with-swatdir=${SAMBA_SWATDIR} \ + --with-lockdir=${SAMBA_LOCKDIR} \ --with-logfilebase=${SAMBA_LOGDIR} \ --with-privatedir=${SAMBA_PRIVATE} \ --with-piddir=${VARDIR}/run \ --with-pam --with-pam_smbpass \ --with-included-popt -.include - .if defined(WITH_SYSLOG) CONFIGURE_ARGS+= --with-syslog .endif @@ -116,6 +123,9 @@ .if defined(WITH_WINBIND) CONFIGURE_ARGS+= --with-winbind WINBIND= "" +WINBIND_FILTER= ${SED} -e 's|%%WINBIND%%||g' +.else +WINBIND_FILTER= ${GREP} -v '^%%WINBIND%%' .endif .if defined(WITH_WINBIND_AUTH_CHALLENGE) @@ -179,6 +189,16 @@ WINBIND=${WINBIND} \ SMBSH=${SMBSH} +RC_SCRIPTS_SUB= PREFIX=${PREFIX} \ + CUPS=${CUPS} \ + RC_SUBR=${RC_SUBR} \ + SAMBA_CONFDIR=${SAMBA_CONFDIR} \ + SAMBA_CONFIG=${SAMBA_CONFIG} \ + SAMBA_LOGDIR=${SAMBA_LOGDIR} \ + SAMBA_RUNDIR=${SAMBA_RUNDIR} \ + SAMBA_LOCKDIR=${SAMBA_LOCKDIR} \ + SAMBA_SPOOL=${SAMBA_SPOOL} + post-patch: ${FIND} ${WRKSRC}/.. -name '*.orig' -delete @@ -187,8 +207,8 @@ (cd ${WRKSRC} && make proto) post-build: - ${SED} 's:/usr/local:${PREFIX}:g' ${FILESDIR}/samba.sh.sample \ - > ${WRKDIR}/samba.sh.sample + ${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ + ${FILESDIR}/samba.sh.sample | ${WINBIND_FILTER} > ${WRKDIR}/samba.sh.sample .if defined(WITH_RECYCLE) || defined(WITH_AUDIT) cd ${WRKSRC}/../examples/VFS; \ ./configure;${MAKE}; \ Index: distinfo =================================================================== RCS file: /net/pcat/home/ncvs/ports/japanese/samba/distinfo,v retrieving revision 1.21 diff -u -r1.21 distinfo --- distinfo 7 Jun 2004 21:44:37 -0000 1.21 +++ distinfo 5 Aug 2004 13:51:40 -0000 @@ -1,2 +1,2 @@ -MD5 (samba-2.2.9-ja-1.0.tar.bz2) = 7648a1afc62ffb8e1f507f731f3f8de3 -SIZE (samba-2.2.9-ja-1.0.tar.bz2) = 7474160 +MD5 (samba-2.2.10-ja-1.0.tar.bz2) = 73d85b6ff8c6d3a925ff70f264eaeded +SIZE (samba-2.2.10-ja-1.0.tar.bz2) = 7473659 Index: pkg-plist =================================================================== RCS file: /net/pcat/home/ncvs/ports/japanese/samba/pkg-plist,v retrieving revision 1.16 diff -u -r1.16 pkg-plist --- pkg-plist 7 Jun 2004 21:44:37 -0000 1.16 +++ pkg-plist 4 Aug 2004 15:10:26 -0000 @@ -82,7 +82,8 @@ etc/codepages/unicode_map.KOI8-R etc/codepages/unicode_map.KOI8-U @dirrm etc/codepages -etc/rc.d/samba.sh.sample +@unexec %D/etc/rc.d/samba.sh forcestop 2>/dev/null || true +etc/rc.d/samba.sh etc/smb.conf.default %%AUDIT%%lib/samba/audit.so %%RECYCLE%%lib/samba/recycle.so Index: files/samba.sh.sample =================================================================== RCS file: /net/pcat/home/ncvs/ports/japanese/samba/files/samba.sh.sample,v retrieving revision 1.2 diff -u -r1.2 samba.sh.sample --- files/samba.sh.sample 19 Jan 2002 11:05:29 -0000 1.2 +++ files/samba.sh.sample 4 Aug 2004 15:10:27 -0000 @@ -1,30 +1,123 @@ #!/bin/sh # # $FreeBSD: ports/japanese/samba/files/samba.sh.sample,v 1.2 2002/01/19 11:05:29 knu Exp $ +# -smbspool=/var/spool/samba -pidfiledir=/var/run -smbd=/usr/local/sbin/smbd -nmbd=/usr/local/sbin/nmbd - -# start -if [ "x$1" = "x" -o "x$1" = "xstart" ]; then - if [ -f $smbd ]; then - if [ -d $smbspool ]; then - rm -f $smbspool/* - fi - echo -n ' Samba' - $nmbd -D - $smbd -D - fi - -# stop -elif [ "x$1" = "xstop" ]; then - kill `cat $pidfiledir/smbd.pid` - kill `cat $pidfiledir/nmbd.pid` - -# restart -elif [ "x$1" = "xrestart" ]; then - $0 stop - $0 start +# PROVIDE: nmbd smbd +%%WINBIND%%# PROVIDE: winbindd +# REQUIRE: NETWORKING SERVERS named %%CUPS%% +# BEFORE: DAEMON +# KEYWORD: FreeBSD shutdown + +# +# Add the following lines to /etc/rc.conf to enable samba: +# +#samba_enable="YES" +# +# or, for fine grain control +# +#nmbd_enable="YES" +#smbd_enable="YES" +%%WINBIND%%#winbindd_enable="YES" +# + +. %%RC_SUBR%% + +name=samba +rcvar=`set_rcvar` + +load_rc_config $name +# Set defaults +samba_config=${samba_config:-"%%SAMBA_CONFIG%%"} +# Config file is required +if [ ! -r ${samba_config} ]; then + warn "${samba_config} is not readable." + case $1 in + force*) : ;; + *) exit 1 ;; + esac +fi + +if test -n ${samba_enable:-""} && checkyesno samba_enable; then + nmbd_enable=${nmbd_enable:-"YES"} + smbd_enable=${smbd_enable:-"YES"} +%%WINBIND%% winbindd_enable=${winbindd_enable:-"YES"} +%%WINBIND%% # Check, that winbind is actally configured +%%WINBIND%% if [ ! "`egrep -i '(idmap.*uid|winbind.*uid)' ${samba_config} 2>/dev/null | egrep -v [\#\;]`" ]; then +%%WINBIND%% #warn "Winbind support is not configured" +%%WINBIND%% winbindd_enable="NO" +%%WINBIND%% fi fi + +# Hack until run_rc_command() get rid of exit() +samba_stop() { + pid=$(check_pidfile ${pidfile} ${command}) + if [ -z ${pid} ]; then + echo "${name} not running? (check ${pidfile})." + return 1 + fi + echo "Stopping ${command}." + kill -${sig_stop:-TERM} ${pid} + [ $? -ne 0 ] && [ -z "$rc_force" ] && return 1 + wait_for_pids ${pid} +} + +nmbd_precmd() { + # XXX: Never delete winbindd_idmap, winbindd_cache and group_mapping + if [ -d "%%SAMBA_LOCKDIR%%" ]; then + echo "Starting SAMBA: removing stale tdbs :" + for file in connections.tdb locking.tdb messages.tdb \ + sessionid.tdb unexpected.tdb brlock.tdb \ + namelist.debug + do + rm -vf "%%SAMBA_LOCKDIR%%/$file" + done + fi +} + +# nmbd +name=nmbd +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/${name}" +required_dirs="%%SAMBA_LOCKDIR%%" +pidfile=%%SAMBA_RUNDIR%%/${name}.pid +start_precmd="nmbd_precmd" +stop_cmd="samba_stop" +# Defaults +nmbd_enable=${nmbd_enable:-"NO"} +nmbd_flags=${nmbd_flags:-"-D"} +command_args="-s ${samba_config}" + +load_rc_config $name +run_rc_command "$1" + +# smbd +name=smbd +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/${name}" +pidfile=%%SAMBA_RUNDIR%%/${name}.pid +start_precmd=":" +stop_cmd="samba_stop" +# Defaults +smbd_enable=${smbd_enable:-"NO"} +smbd_flags=${smbd_flags:-"-D"} +command_args="-s ${samba_config}" + +load_rc_config $name +run_rc_command "$1" +%%WINBIND%% +%%WINBIND%%# winbindd +%%WINBIND%%name=winbindd +%%WINBIND%%rcvar=`set_rcvar` +%%WINBIND%%command="%%PREFIX%%/sbin/${name}" +%%WINBIND%%required_dirs="%%SAMBA_LOCKDIR%%" +%%WINBIND%%pidfile=%%SAMBA_RUNDIR%%/${name}.pid +%%WINBIND%%start_precmd=":" +%%WINBIND%%stop_cmd="samba_stop" +%%WINBIND%%# Defaults +%%WINBIND%%winbindd_enable=${winbindd_enable:-"NO"} +%%WINBIND%%winbindd_flags=${winbindd_flags:-""} +%%WINBIND%%command_args="-s ${samba_config}" +%%WINBIND%% +%%WINBIND%%load_rc_config $name +%%WINBIND%%run_rc_command "$1" >Release-Note: >Audit-Trail: >Unformatted: