kumquat-buildroot/package/samba4/samba4.mk
Gustavo Zacarias 80e0583a70 samba4: security bump to version 4.4.8
Fixes:
CVE-2016-2123 - Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
Overflow Remote Code Execution Vulnerability.
CVE-2016-2125 - Unconditional privilege delegation to Kerberos servers
in trusted realms.
CVE-2016-2126 - Flaws in Kerberos PAC validation can trigger privilege
elevation.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-19 20:55:29 +01:00

164 lines
4.8 KiB
Makefile

################################################################################
#
# samba4
#
################################################################################
SAMBA4_VERSION = 4.4.8
SAMBA4_SITE = http://ftp.samba.org/pub/samba/stable
SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
SAMBA4_INSTALL_STAGING = YES
SAMBA4_LICENSE = GPLv3+
SAMBA4_LICENSE_FILES = COPYING
SAMBA4_DEPENDENCIES = \
host-e2fsprogs host-heimdal host-python \
e2fsprogs popt python zlib \
$(if $(BR2_PACKAGE_LIBAIO),libaio) \
$(if $(BR2_PACKAGE_LIBBSD),libbsd) \
$(if $(BR2_PACKAGE_LIBCAP),libcap) \
$(if $(BR2_PACKAGE_READLINE),readline)
ifeq ($(BR2_PACKAGE_ACL),y)
SAMBA4_CONF_OPTS += --with-acl-support
SAMBA4_DEPENDENCIES += acl
else
SAMBA4_CONF_OPTS += --without-acl-support
endif
ifeq ($(BR2_PACKAGE_CUPS),y)
SAMBA4_CONF_ENV += CUPS_CONFIG="$(STAGING_DIR)/usr/bin/cups-config"
SAMBA4_CONF_OPTS += --enable-cups
SAMBA4_DEPENDENCIES += cups
else
SAMBA4_CONF_OPTS += --disable-cups
endif
ifeq ($(BR2_PACKAGE_DBUS)$(BR2_PACKAGE_AVAHI_DAEMON),yy)
SAMBA4_CONF_OPTS += --enable-avahi
SAMBA4_DEPENDENCIES += avahi
else
SAMBA4_CONF_OPTS += --disable-avahi
endif
ifeq ($(BR2_PACKAGE_GAMIN),y)
SAMBA4_CONF_OPTS += --with-fam
SAMBA4_DEPENDENCIES += gamin
else
SAMBA4_CONF_OPTS += --without-fam
endif
ifeq ($(BR2_PACKAGE_GETTEXT),y)
SAMBA4_DEPENDENCIES += gettext
else
SAMBA4_CONF_OPTS += --without-gettext
endif
ifeq ($(BR2_PACKAGE_GNUTLS),y)
SAMBA4_CONF_OPTS += --enable-gnutls
SAMBA4_DEPENDENCIES += gnutls
else
SAMBA4_CONF_OPTS += --disable-gnutls
endif
ifeq ($(BR2_PACKAGE_NCURSES_TARGET_FORM)$(BR2_PACKAGE_NCURSES_TARGET_MENU)$(BR2_PACKAGE_NCURSES_TARGET_PANEL),yyy)
SAMBA4_CONF_ENV += NCURSES_CONFIG="$(STAGING_DIR)/usr/bin/$(NCURSES_CONFIG_SCRIPTS)"
SAMBA4_DEPENDENCIES += ncurses
else
SAMBA4_CONF_OPTS += --without-regedit
endif
# The ctdb tests (cluster) need bash and take up some space
# They're normally intended for debugging so remove them
define SAMBA4_REMOVE_CTDB_TESTS
rm -rf $(TARGET_DIR)/usr/lib/ctdb-tests
rm -rf $(TARGET_DIR)/usr/share/ctdb-tests
rm -f $(TARGET_DIR)/usr/bin/ctdb_run_*tests
endef
SAMBA4_POST_INSTALL_TARGET_HOOKS += SAMBA4_REMOVE_CTDB_TESTS
define SAMBA4_CONFIGURE_CMDS
cp package/samba4/samba4-cache.txt $(@D)/cache.txt;
echo 'Checking uname machine type: $(BR2_ARCH)' >>$(@D)/cache.txt;
(cd $(@D); \
PYTHON_CONFIG="$(STAGING_DIR)/usr/bin/python-config" \
python_LDFLAGS="" \
python_LIBDIR="" \
$(TARGET_CONFIGURE_OPTS) \
$(SAMBA4_CONF_ENV) \
./buildtools/bin/waf configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-libiconv=$(STAGING_DIR)/usr \
--enable-fhs \
--cross-compile \
--cross-answers=$(@D)/cache.txt \
--hostcc=gcc \
--disable-rpath \
--disable-rpath-install \
--disable-iprint \
--without-pam \
--without-dmapi \
--disable-glusterfs \
--with-cluster-support \
--bundled-libraries='!asn1_compile,!compile_et' \
$(SAMBA4_CONF_OPTS) \
)
endef
define SAMBA4_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)
endef
define SAMBA4_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(STAGING_DIR) install
endef
define SAMBA4_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) install
endef
ifeq ($(BR2_PACKAGE_SAMBA4_AD_DC),)
SAMBA4_CONF_OPTS += --without-ad-dc
endif
ifeq ($(BR2_PACKAGE_SAMBA4_ADS),y)
SAMBA4_CONF_OPTS += --with-ads --with-ldap --with-shared-modules=idmap_ad
SAMBA4_DEPENDENCIES += openldap
else
SAMBA4_CONF_OPTS += --without-ads --without-ldap
endif
ifeq ($(BR2_PACKAGE_SAMBA4_SMBTORTURE),)
define SAMBA4_REMOVE_SMBTORTURE
rm -f $(TARGET_DIR)/usr/bin/smbtorture
endef
SAMBA4_POST_INSTALL_TARGET_HOOKS += SAMBA4_REMOVE_SMBTORTURE
endif
define SAMBA4_INSTALL_INIT_SYSV
$(INSTALL) -m 0755 -D package/samba4/S91smb \
$(TARGET_DIR)/etc/init.d/S91smb
endef
define SAMBA4_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 $(@D)/packaging/systemd/nmb.service \
$(TARGET_DIR)/usr/lib/systemd/system/nmb.service
$(INSTALL) -D -m 644 $(@D)/packaging/systemd/smb.service \
$(TARGET_DIR)/usr/lib/systemd/system/smb.service
$(INSTALL) -D -m 644 $(@D)/packaging/systemd/winbind.service \
$(TARGET_DIR)/usr/lib/systemd/system/winbind.service
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
ln -sf ../../../../usr/lib/systemd/system/nmb.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/nmb.service
ln -sf ../../../../usr/lib/systemd/system/smb.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/smb.service
ln -sf ../../../../usr/lib/systemd/system/winbind.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/winbind.service
$(INSTALL) -D -m 644 $(@D)/packaging/systemd/samba.conf.tmp \
$(TARGET_DIR)/usr/lib/tmpfiles.d/samba.conf
printf "d /var/log/samba 755 root root\n" >>$(TARGET_DIR)/usr/lib/tmpfiles.d/samba.conf
endef
$(eval $(generic-package))