8941d02bf1
Added patch from Gentoo to fix uClibc build: access.c:(.text+0x1e8): undefined reference to `innetgr' Release notes: https://www.samba.org/samba/history/samba-4.15.8.html https://www.samba.org/samba/history/samba-4.15.9.html o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html https://www.samba.org/samba/history/samba-4.15.10.html https://www.samba.org/samba/history/samba-4.15.11.html o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
206 lines
5.7 KiB
Makefile
206 lines
5.7 KiB
Makefile
################################################################################
|
|
#
|
|
# samba4
|
|
#
|
|
################################################################################
|
|
|
|
SAMBA4_VERSION = 4.15.11
|
|
SAMBA4_SITE = https://download.samba.org/pub/samba/stable
|
|
SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
|
|
SAMBA4_INSTALL_STAGING = YES
|
|
SAMBA4_LICENSE = GPL-3.0+
|
|
SAMBA4_LICENSE_FILES = COPYING
|
|
SAMBA4_CPE_ID_VENDOR = samba
|
|
SAMBA4_CPE_ID_PRODUCT = samba
|
|
SAMBA4_SELINUX_MODULES = samba
|
|
SAMBA4_DEPENDENCIES = \
|
|
host-e2fsprogs host-flex host-heimdal host-nfs-utils \
|
|
host-perl host-perl-parse-yapp host-python3 \
|
|
cmocka e2fsprogs gnutls popt zlib \
|
|
$(if $(BR2_PACKAGE_ICU),icu) \
|
|
$(if $(BR2_PACKAGE_LIBAIO),libaio) \
|
|
$(if $(BR2_PACKAGE_LIBCAP),libcap) \
|
|
$(if $(BR2_PACKAGE_LIBGLIB2),libglib2) \
|
|
$(if $(BR2_PACKAGE_READLINE),readline) \
|
|
$(TARGET_NLS_DEPENDENCIES)
|
|
SAMBA4_CFLAGS = $(TARGET_CFLAGS)
|
|
SAMBA4_LDFLAGS = $(TARGET_LDFLAGS) $(TARGET_NLS_LIBS)
|
|
SAMBA4_CONF_ENV = \
|
|
CFLAGS="$(SAMBA4_CFLAGS)" \
|
|
LDFLAGS="$(SAMBA4_LDFLAGS)" \
|
|
XSLTPROC=false \
|
|
WAF_NO_PREFORK=1
|
|
|
|
SAMBA4_PYTHON = PYTHON="$(HOST_DIR)/bin/python3"
|
|
ifeq ($(BR2_PACKAGE_PYTHON3),y)
|
|
SAMBA4_PYTHON += PYTHON_CONFIG="$(STAGING_DIR)/usr/bin/python3-config"
|
|
SAMBA4_DEPENDENCIES += python3
|
|
else
|
|
SAMBA4_CONF_OPTS += --disable-python
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBICONV),y)
|
|
SAMBA4_DEPENDENCIES += libiconv
|
|
SAMBA4_LDFLAGS += -liconv
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBTIRPC),y)
|
|
SAMBA4_CFLAGS += `$(PKG_CONFIG_HOST_BINARY) --cflags libtirpc`
|
|
SAMBA4_LDFLAGS += `$(PKG_CONFIG_HOST_BINARY) --libs libtirpc`
|
|
SAMBA4_DEPENDENCIES += libtirpc host-pkgconf
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_ACL),y)
|
|
SAMBA4_CONF_OPTS += --with-acl-support
|
|
SAMBA4_DEPENDENCIES += acl
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-acl-support
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_CUPS),y)
|
|
SAMBA4_CONF_ENV += CUPS_CONFIG="$(STAGING_DIR)/usr/bin/cups-config"
|
|
SAMBA4_CONF_OPTS += --enable-cups
|
|
SAMBA4_DEPENDENCIES += cups
|
|
else
|
|
SAMBA4_CONF_OPTS += --disable-cups
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_DBUS),y)
|
|
SAMBA4_DEPENDENCIES += dbus
|
|
SAMBA4_SHARED_MODULES += vfs_snapper
|
|
else
|
|
SAMBA4_SHARED_MODULES += !vfs_snapper
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_DBUS)$(BR2_PACKAGE_AVAHI_DAEMON),yy)
|
|
SAMBA4_CONF_OPTS += --enable-avahi
|
|
SAMBA4_DEPENDENCIES += avahi
|
|
else
|
|
SAMBA4_CONF_OPTS += --disable-avahi
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_GAMIN),y)
|
|
SAMBA4_CONF_OPTS += --with-fam
|
|
SAMBA4_DEPENDENCIES += gamin
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-fam
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBARCHIVE),y)
|
|
SAMBA4_CONF_OPTS += --with-libarchive
|
|
SAMBA4_DEPENDENCIES += libarchive
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-libarchive
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_NCURSES),y)
|
|
SAMBA4_CONF_ENV += NCURSES_CONFIG="$(STAGING_DIR)/usr/bin/$(NCURSES_CONFIG_SCRIPTS)"
|
|
SAMBA4_DEPENDENCIES += ncurses
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-regedit
|
|
endif
|
|
|
|
# The ctdb tests (cluster) need bash and take up some space
|
|
# They're normally intended for debugging so remove them
|
|
define SAMBA4_REMOVE_CTDB_TESTS
|
|
rm -rf $(TARGET_DIR)/usr/lib/ctdb-tests
|
|
rm -rf $(TARGET_DIR)/usr/share/ctdb-tests
|
|
rm -f $(TARGET_DIR)/usr/bin/ctdb_run_*tests
|
|
endef
|
|
SAMBA4_POST_INSTALL_TARGET_HOOKS += SAMBA4_REMOVE_CTDB_TESTS
|
|
|
|
define SAMBA4_CONFIGURE_CMDS
|
|
$(INSTALL) -m 0644 package/samba4/samba4-cache.txt $(@D)/cache.txt;
|
|
echo 'Checking whether fcntl supports setting/geting hints: $(if $(BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13),OK,NO)' >>$(@D)/cache.txt;
|
|
echo 'Checking uname machine type: $(BR2_ARCH)' >>$(@D)/cache.txt;
|
|
(cd $(@D); \
|
|
$(SAMBA4_PYTHON) \
|
|
python_LDFLAGS="" \
|
|
python_LIBDIR="" \
|
|
PERL="$(HOST_DIR)/bin/perl" \
|
|
$(TARGET_CONFIGURE_OPTS) \
|
|
$(SAMBA4_CONF_ENV) \
|
|
./buildtools/bin/waf configure \
|
|
--prefix=/usr \
|
|
--sysconfdir=/etc \
|
|
--localstatedir=/var \
|
|
--with-libiconv=$(STAGING_DIR)/usr \
|
|
--enable-fhs \
|
|
--cross-compile \
|
|
--cross-answers=$(@D)/cache.txt \
|
|
--hostcc=gcc \
|
|
--disable-rpath \
|
|
--disable-rpath-install \
|
|
--disable-iprint \
|
|
--without-pam \
|
|
--without-dmapi \
|
|
--without-gpgme \
|
|
--without-ldb-lmdb \
|
|
--disable-glusterfs \
|
|
--with-cluster-support \
|
|
--bundled-libraries='!asn1_compile,!compile_et' \
|
|
--with-shared-modules=$(subst $(space),$(comma),$(strip $(SAMBA4_SHARED_MODULES))) \
|
|
$(SAMBA4_CONF_OPTS) \
|
|
)
|
|
endef
|
|
|
|
define SAMBA4_BUILD_CMDS
|
|
$(TARGET_MAKE_ENV) $(SAMBA4_PYTHON) $(MAKE) -C $(@D)
|
|
endef
|
|
|
|
define SAMBA4_INSTALL_STAGING_CMDS
|
|
$(TARGET_MAKE_ENV) $(SAMBA4_PYTHON) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
|
|
endef
|
|
|
|
define SAMBA4_INSTALL_TARGET_CMDS
|
|
$(TARGET_MAKE_ENV) $(SAMBA4_PYTHON) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
|
|
endef
|
|
|
|
ifeq ($(BR2_PACKAGE_SAMBA4_AD_DC),y)
|
|
# host-python-dnspython and host-python-markdown are not strictly
|
|
# needed on the host, but on the target. however, samba's configure
|
|
# tests for their availability on the host.
|
|
SAMBA4_DEPENDENCIES += \
|
|
jansson \
|
|
host-python-dnspython \
|
|
host-python-markdown \
|
|
python-dnspython \
|
|
python-markdown
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-ad-dc --without-json
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_SAMBA4_ADS),y)
|
|
SAMBA4_CONF_OPTS += --with-ads --with-ldap
|
|
SAMBA4_DEPENDENCIES += openldap
|
|
SAMBA4_SHARED_MODULES += idmap_ad
|
|
else
|
|
SAMBA4_CONF_OPTS += --without-ads --without-ldap
|
|
SAMBA4_SHARED_MODULES += !idmap_ad
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_SAMBA4_SMBTORTURE),)
|
|
define SAMBA4_REMOVE_SMBTORTURE
|
|
rm -f $(TARGET_DIR)/usr/bin/smbtorture
|
|
endef
|
|
SAMBA4_POST_INSTALL_TARGET_HOOKS += SAMBA4_REMOVE_SMBTORTURE
|
|
endif
|
|
|
|
define SAMBA4_INSTALL_INIT_SYSV
|
|
$(INSTALL) -m 0755 -D package/samba4/S91smb \
|
|
$(TARGET_DIR)/etc/init.d/S91smb
|
|
endef
|
|
|
|
ifeq ($(BR2_INIT_SYSTEMD),y)
|
|
SAMBA4_CONF_OPTS += --systemd-install-services
|
|
SAMBA4_DEPENDENCIES += systemd
|
|
endif
|
|
|
|
define SAMBA4_INSTALL_INIT_SYSTEMD
|
|
$(INSTALL) -D -m 644 $(@D)/packaging/systemd/samba.conf.tmp \
|
|
$(TARGET_DIR)/usr/lib/tmpfiles.d/samba.conf
|
|
printf "d /var/log/samba 755 root root\n" >>$(TARGET_DIR)/usr/lib/tmpfiles.d/samba.conf
|
|
endef
|
|
|
|
$(eval $(generic-package))
|