From c271c73a6281948bbe7c362bc52449e7a360f152 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Mon, 14 Dec 2020 20:46:28 -0500 Subject: [PATCH 1/7] New build-helper: samba Samba and its dependendencies maintained by the Saamb team all require a common cross-compilation configuration for the waf3 build-style, and a complete wrapping of python3-config as python${py3_ver}-config. This is the perfect application for a build helper. --- Manual.md | 6 ++++++ common/build-helper/samba.sh | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 common/build-helper/samba.sh diff --git a/Manual.md b/Manual.md index aa7a196d4f4..d1c5bfd8e3c 100644 --- a/Manual.md +++ b/Manual.md @@ -1012,6 +1012,12 @@ This aims to fix cross-builds for when the build-style is mixed: e.g. when in a `gnu-configure` style the configure script calls `qmake` or a `Makefile` in `gnu-makefile` style, respectively. +- `samba` prepares the cross-compilation environment needed by the `samba` package and its +dependencies maintained by the Samba team. The `python3-config` script is wrapped more thoroughly +than the default cross-compilation wrapper provided in `xbps-src` and, when used in concert with the +`qemu` build helper, and the arguments `--cross-compile`, `--cross-hostcc` and `--cross-execute` are +added to the `${configure_args}` variable. + ### Functions diff --git a/common/build-helper/samba.sh b/common/build-helper/samba.sh new file mode 100644 index 00000000000..7e59ba364f9 --- /dev/null +++ b/common/build-helper/samba.sh @@ -0,0 +1,24 @@ +if [[ $makedepends != *"python3-devel"* ]]; then + makedepends+=" python3-devel" +fi + +if [ "$CROSS_BUILD" ]; then + # Wrap python-config for samba and its dependencies; this wrapper is + # more thorough than the simple default and depends on which + if [[ $hostmakedepends != *"which"* ]]; then + hostmakedepends+=" which" + fi + + cat > ${XBPS_WRAPPERDIR}/python${py3_ver}-config <<-EOF + #!/bin/sh + exec ${XBPS_CROSS_BASE}/usr/bin/python${py3_ver}-config "\$@" + EOF + + chmod 755 ${XBPS_WRAPPERDIR}/python${py3_ver}-config + cp -p ${XBPS_WRAPPERDIR}/python{$py3_ver,3}-config + + if command -v qemu-${XBPS_TARGET_QEMU_MACHINE}-static >/dev/null 2>&1; then + configure_args+=" --cross-compile --hostcc=${CC_FOR_BUILD} + --cross-execute=qemu-${XBPS_TARGET_QEMU_MACHINE}-static" + fi +fi From 7b63e7809214b139215f06fe92c4bd5cfd084057 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 15:45:32 -0500 Subject: [PATCH 2/7] tdb: update to 1.4.3. --- srcpkgs/tdb-python3 | 1 + srcpkgs/tdb/files/cross-32bit.answers | 46 --------------------------- srcpkgs/tdb/template | 36 ++++++++++++--------- 3 files changed, 22 insertions(+), 61 deletions(-) create mode 120000 srcpkgs/tdb-python3 delete mode 100644 srcpkgs/tdb/files/cross-32bit.answers diff --git a/srcpkgs/tdb-python3 b/srcpkgs/tdb-python3 new file mode 120000 index 00000000000..98969817250 --- /dev/null +++ b/srcpkgs/tdb-python3 @@ -0,0 +1 @@ +tdb \ No newline at end of file diff --git a/srcpkgs/tdb/files/cross-32bit.answers b/srcpkgs/tdb/files/cross-32bit.answers deleted file mode 100644 index c661c19441d..00000000000 --- a/srcpkgs/tdb/files/cross-32bit.answers +++ /dev/null @@ -1,46 +0,0 @@ -Checking uname sysname type: "Linux" -Checking uname machine type: "@@XBPS_TARGET_MACHINE@@" -Checking uname release type: "ok" -Checking uname version type: "ok" -Checking simple C program: "ok" -building library support: "ok" -Checking for large file support: "ok" -Checking for -D_FILE_OFFSET_BITS=64: "ok" -Checking for WORDS_BIGENDIAN: "ok" -Checking size of char: "1" -Checking size of int: "4" -Checking size of long long: "4" -Checking size of long: "4" -Checking size of off_t: "4" -Checking size of short: "2" -Checking size of size_t: "4" -Checking size of ssize_t: "4" -Checking size of dev_t: "4" -Checking size of ino_t: "4" -Checking size of time_t: "4" -Checking size of void*: "4" -Checking for C99 vsnprintf: OK -Checking for HAVE_SECURE_MKSTEMP: OK -rpath library support: OK --Wl,--version-script support: OK -Checking size of bool: "1" -Checking size of int8_t: "1" -Checking size of uint8_t: "1" -Checking size of int16_t: "2" -Checking size of uint16_t: "2" -Checking size of int32_t: "4" -Checking size of uint32_t: "4" -Checking size of int64_t: "4" -Checking size of uint64_t: "4" -Checking correct behavior of strtoll: OK -Checking correct behavior of strptime: OK -Checking for HAVE_IFACE_GETIFADDRS: OK -Checking for HAVE_IFACE_IFCONF: OK -Checking for HAVE_IFACE_IFREQ: OK -Checking getconf LFS_CFLAGS: OK -Checking for large file support without additional flags: OK -Checking for working strptime: OK -Checking for HAVE_SHARED_MMAP: OK -Checking for HAVE_MREMAP: OK -Checking for HAVE_INCOHERENT_MMAP: OK -Checking getconf large file support flags work: OK diff --git a/srcpkgs/tdb/template b/srcpkgs/tdb/template index e49bc46e078..f1901500a3f 100644 --- a/srcpkgs/tdb/template +++ b/srcpkgs/tdb/template @@ -1,24 +1,21 @@ # Template file for 'tdb' pkgname=tdb -version=1.3.16 +version=1.4.3 revision=1 -build_style=gnu-configure -hostmakedepends="pkg-config python libxslt docbook-xsl" -short_desc="A Trivial Database similar to GDBM but allows simultaneous commits" +build_style=waf3 +build_helper="qemu samba" +configure_script="buildtools/bin/waf" +configure_args="--prefix=/usr --libdir=/usr/lib --sysconfdir=/etc + --localstatedir=/var --disable-rpath --disable-rpath-install + --builtin-libraries=replace --bundled-libraries=NONE --without-gettext" +hostmakedepends="pkg-config docbook2x" +makedepends="python3-devel libxslt gettext-devel" +short_desc="Trivial Database, similar to GDBM but allows simultaneous commits" maintainer="Orphaned " license="GPL-3.0-or-later" homepage="https://tdb.samba.org/" distfiles="http://samba.org/ftp/tdb/tdb-${version}.tar.gz" -checksum=6a3fc2616567f23993984ada3cea97d953a27669ffd1bfbbe961f26e0cf96cc5 - -do_configure() { - if [ "$CROSS_BUILD" ]; then - cp ${FILESDIR}/cross-32bit.answers . - sed -i "s,@@XBPS_TARGET_MACHINE@@,$XBPS_TARGET_MACHINE,g" cross-32bit.answers - _args="--cross-compile --hostcc=cc --cross-answers=cross-32bit.answers" - fi - ./configure --prefix=/usr --disable-python ${_args} -} +checksum=c8058393dfa15f47e11ebd2f1d132693f0b3b3b8bf22d0201bfb305026f88a1b tdb-devel_package() { depends="libtdb-${version}_${revision}" @@ -29,8 +26,17 @@ tdb-devel_package() { vmove "usr/lib/*.so" } } + +tdb-python3_package() { + short_desc+=" - Python3 bindings" + depends="python3" + pkg_install() { + vmove ${py3_lib} + } +} + libtdb_package() { - short_desc="Trivial Database - shared library" + short_desc+=" - shared libraries" pkg_install() { vmove "usr/lib/*.so.*" } From a0151a7f4fdef00bd404f42e0c8b99f993b24eb2 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 16:41:53 -0500 Subject: [PATCH 3/7] talloc: enable python bindings Also support cross compilation without relying on "answer" files. --- common/shlibs | 1 + srcpkgs/libpytalloc-util | 1 + srcpkgs/talloc-python3 | 1 + srcpkgs/talloc/files/cross-32bit.answers | 47 ------------------------ srcpkgs/talloc/template | 40 ++++++++++++++------ 5 files changed, 32 insertions(+), 58 deletions(-) create mode 120000 srcpkgs/libpytalloc-util create mode 120000 srcpkgs/talloc-python3 delete mode 100644 srcpkgs/talloc/files/cross-32bit.answers diff --git a/common/shlibs b/common/shlibs index 76b3f458b15..b985d30fd73 100644 --- a/common/shlibs +++ b/common/shlibs @@ -735,6 +735,7 @@ libasm.so.1 libelf-0.155_1 libdebuginfod.so.1 libdebuginfod-0.182_1 libgtksourceview-3.0.so.1 gtksourceview-3.8.0_1 libtalloc.so.2 talloc-2.0.1_1 +libpytalloc-util.so.2 libpytalloc-util-2.3.1_2 libmount.so.1 libmount-2.18_1 libdconf.so.1 dconf-0.13.90_1 libassuan.so.0 libassuan-2.0.1_1 diff --git a/srcpkgs/libpytalloc-util b/srcpkgs/libpytalloc-util new file mode 120000 index 00000000000..e5668c8aed6 --- /dev/null +++ b/srcpkgs/libpytalloc-util @@ -0,0 +1 @@ +talloc \ No newline at end of file diff --git a/srcpkgs/talloc-python3 b/srcpkgs/talloc-python3 new file mode 120000 index 00000000000..e5668c8aed6 --- /dev/null +++ b/srcpkgs/talloc-python3 @@ -0,0 +1 @@ +talloc \ No newline at end of file diff --git a/srcpkgs/talloc/files/cross-32bit.answers b/srcpkgs/talloc/files/cross-32bit.answers deleted file mode 100644 index 4223ff00679..00000000000 --- a/srcpkgs/talloc/files/cross-32bit.answers +++ /dev/null @@ -1,47 +0,0 @@ -Checking uname sysname type: "Linux" -Checking uname machine type: "dontcare" -Checking uname release type: "dontcare" -Checking uname version type: "dontcare" -Checking simple C program: OK -Checking for -D_LARGE_FILES: OK -building library support: OK -Checking for large file support: OK -Checking for -D_FILE_OFFSET_BITS=64: OK -Checking for WORDS_BIGENDIAN: OK -Checking size of char: "1" -Checking size of int: "4" -Checking size of long long: "4" -Checking size of long: "4" -Checking size of off_t: "4" -Checking size of short: "2" -Checking size of size_t: "4" -Checking size of ssize_t: "4" -Checking size of dev_t: "4" -Checking size of ino_t: "4" -Checking size of time_t: "4" -Checking size of void*: "4" -Checking for C99 vsnprintf: OK -Checking for HAVE_SECURE_MKSTEMP: OK -rpath library support: OK --Wl,--version-script support: OK -Checking size of bool: "1" -Checking size of int8_t: "1" -Checking size of uint8_t: "1" -Checking size of int16_t: "2" -Checking size of uint16_t: "2" -Checking size of int32_t: "4" -Checking size of uint32_t: "4" -Checking size of int64_t: "4" -Checking size of uint64_t: "4" -Checking correct behavior of strtoll: OK -Checking correct behavior of strptime: OK -Checking for HAVE_IFACE_GETIFADDRS: OK -Checking for HAVE_IFACE_IFCONF: OK -Checking for HAVE_IFACE_IFREQ: OK -Checking getconf LFS_CFLAGS: "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" -Checking for large file support without additional flags: OK -Checking for working strptime: OK -Checking for HAVE_SHARED_MMAP: OK -Checking for HAVE_MREMAP: OK -Checking for HAVE_INCOHERENT_MMAP: NO -Checking getconf large file support flags work: OK diff --git a/srcpkgs/talloc/template b/srcpkgs/talloc/template index a07179ee871..4c8e729f75c 100644 --- a/srcpkgs/talloc/template +++ b/srcpkgs/talloc/template @@ -1,9 +1,15 @@ # Template file for 'talloc' pkgname=talloc version=2.3.1 -revision=1 -build_style=configure -hostmakedepends="pkg-config python3 libxslt docbook-xsl which" +revision=2 +build_style=waf3 +build_helper="qemu samba" +configure_script="buildtools/bin/waf" +configure_args="--sysconfdir=/etc --localstatedir=/var + --disable-rpath --disable-rpath-install --without-gettext + --builtin-libraries=replace --bundled-libraries=NONE" +hostmakedepends="pkg-config docbook2x" +makedepends="python3-devel libtirpc-devel libxslt gettext-devel" short_desc="Hierarchical pool based memory allocator with destructors" maintainer="Orphaned " license="GPL-3.0-or-later" @@ -11,22 +17,34 @@ homepage="https://talloc.samba.org/" distfiles="http://samba.org/ftp/${pkgname}/${pkgname}-${version}.tar.gz" checksum=ef4822d2fdafd2be8e0cabc3ec3c806ae29b8268e932c5e9a4cd5585f37f9f77 -do_configure() { - if [ "$CROSS_BUILD" ]; then - cp "$FILESDIR"/cross-32bit.answers . - _args+=" --cross-compile --hostcc=${CC} --cross-answers=cross-32bit.answers" - fi +post_patch() { + # Avoid Python shlib extension noise in libpytallic-util.so + vsed -e "/env.pyext_PATTERN/s/dct\['SO'\]/'.so'/" \ + -i third_party/waf/waflib/Tools/python.py +} - ./configure --prefix=/usr --disable-python ${_args} +talloc-python3_package() { + short_desc+=" - Python3 bindings" + pkg_install() { + vmove ${py3_lib} + } +} + +libpytalloc-util_package() { + short_desc+=" - Python3 utility library" + pkg_install() { + vmove "usr/lib/libpytalloc-util.so.*" + } } talloc-devel_package() { - depends="${sourcepkg}-${version}_${revision}" + depends="${sourcepkg}>=${version}_${revision} + libpytalloc-util>=${version}_${revision}" short_desc+=" - development files" pkg_install() { vmove usr/include vmove usr/lib/pkgconfig - vmove usr/lib/libtalloc.so + vmove "usr/lib/*.so" vmove usr/share/man/man3 } } From 2e1c543336b735f3dec3a8a4e1c1bcb5abb28ed5 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 16:50:32 -0500 Subject: [PATCH 4/7] tevent: enable python bindings Also support cross compilation without relying on "answer" files. --- srcpkgs/tevent-python3 | 1 + srcpkgs/tevent/files/cross-32bit.answers | 51 ------------------------ srcpkgs/tevent/template | 36 ++++++++++------- 3 files changed, 22 insertions(+), 66 deletions(-) create mode 120000 srcpkgs/tevent-python3 delete mode 100644 srcpkgs/tevent/files/cross-32bit.answers diff --git a/srcpkgs/tevent-python3 b/srcpkgs/tevent-python3 new file mode 120000 index 00000000000..fdd38c388ca --- /dev/null +++ b/srcpkgs/tevent-python3 @@ -0,0 +1 @@ +tevent \ No newline at end of file diff --git a/srcpkgs/tevent/files/cross-32bit.answers b/srcpkgs/tevent/files/cross-32bit.answers deleted file mode 100644 index dbfe963257a..00000000000 --- a/srcpkgs/tevent/files/cross-32bit.answers +++ /dev/null @@ -1,51 +0,0 @@ -Checking uname sysname type: "Linux" -Checking uname machine type: "dontcare" -Checking uname release type: "dontcare" -Checking uname version type: "dontcare" -Checking simple C program: OK -Checking for -D_LARGE_FILES: OK -building library support: OK -Checking for large file support: OK -Checking for -D_FILE_OFFSET_BITS=64: OK -Checking for WORDS_BIGENDIAN: OK -Checking size of char: "1" -Checking size of int: "4" -Checking size of long long: "4" -Checking size of long: "4" -Checking size of off_t: "4" -Checking size of short: "2" -Checking size of size_t: "4" -Checking size of ssize_t: "4" -Checking size of dev_t: "4" -Checking size of ino_t: "4" -Checking size of time_t: "4" -Checking size of void*: "4" -Checking for C99 vsnprintf: OK -Checking for HAVE_SECURE_MKSTEMP: OK -rpath library support: OK --Wl,--version-script support: OK -Checking size of bool: "1" -Checking size of int8_t: "1" -Checking size of uint8_t: "1" -Checking size of int16_t: "2" -Checking size of uint16_t: "2" -Checking size of int32_t: "4" -Checking size of uint32_t: "4" -Checking size of int64_t: "4" -Checking size of uint64_t: "4" -Checking correct behavior of strtoll: OK -Checking correct behavior of strptime: OK -Checking for HAVE_IFACE_GETIFADDRS: OK -Checking for HAVE_IFACE_IFCONF: OK -Checking for HAVE_IFACE_IFREQ: OK -Checking getconf LFS_CFLAGS: "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" -Checking for large file support without additional flags: OK -Checking for working strptime: OK -Checking for HAVE_SHARED_MMAP: OK -Checking for HAVE_MREMAP: OK -Checking for HAVE_INCOHERENT_MMAP: NO -Checking getconf large file support flags work: OK -Checking value of NSIG: 64 -Checking value of _NSIG: 64 -Checking value of SIGRTMAX: 32 -Checking value of SIGRTMIN: 32 diff --git a/srcpkgs/tevent/template b/srcpkgs/tevent/template index 4c66e0cbfe5..386bd30400d 100644 --- a/srcpkgs/tevent/template +++ b/srcpkgs/tevent/template @@ -1,10 +1,15 @@ # Template file for 'tevent' pkgname=tevent version=0.10.2 -revision=1 -build_style=configure -hostmakedepends="python3 pkg-config which" -makedepends="talloc-devel libtirpc-devel" +revision=2 +build_style=waf3 +build_helper="qemu samba" +configure_script="buildtools/bin/waf" +configure_args="--sysconfdir=/etc --localstatedir=/var + --disable-rpath --disable-rpath-install --without-gettext + --builtin-libraries=replace --bundled-libraries=NONE" +hostmakedepends="pkg-config docbook2x" +makedepends="python3-devel talloc-devel libxslt gettext-devel" short_desc="Event system based on the talloc memory management library" maintainer="Yuusha Spacewolf " license="GPL-3.0-or-later" @@ -12,17 +17,18 @@ homepage="https://tevent.samba.org" distfiles="https://ftp.samba.org/pub/tevent/tevent-${version}.tar.gz" checksum=f8427822e5b2878fb8b28d6f50d96848734f3f3130612fb574fdd2d2148a6696 -do_configure() { - case "XBPS_TARGET_WORDSIZE" in - 32) vsed -e '/NSIG/s,64,32,' -e '/_NSIG/s,64,32,' -i "$FILESDIR"/cross-32bit.answers - esac - - if [ "$CROSS_BUILD" ]; then - cp "$FILESDIR"/cross-32bit.answers . - _args="${configure_args} --cross-compile --hostcc=${CC} --cross-answers=cross-32bit.answers" - fi +post_patch() { + # Avoid Python shlib extension noise in libpytallic-util.so + vsed -e "/env.pyext_PATTERN/s/dct\['SO'\]/'.so'/" \ + -i third_party/waf/waflib/Tools/python.py +} - ./configure --prefix=/usr --disable-python ${_args} +tevent-python3_package() { + short_desc+=" - Python3 bindings" + depends="python3" + pkg_install() { + vmove ${py3_lib} + } } tevent-devel_package() { @@ -31,6 +37,6 @@ tevent-devel_package() { pkg_install() { vmove usr/include vmove usr/lib/pkgconfig - vmove usr/lib/*.so + vmove "usr/lib/*.so" } } From 1bb1ed9d5d84f29011e7ea3436a9f7fa5b9a7daa Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 17:07:30 -0500 Subject: [PATCH 5/7] ldb: update to 2.2.0. --- common/shlibs | 3 +- srcpkgs/ldb-python3 | 1 + .../patches/disable-compile-error-test.patch | 21 +++++++++ srcpkgs/ldb/template | 43 +++++++++++++++---- srcpkgs/libpyldb-util | 1 + 5 files changed, 59 insertions(+), 10 deletions(-) create mode 120000 srcpkgs/ldb-python3 create mode 100644 srcpkgs/ldb/patches/disable-compile-error-test.patch create mode 120000 srcpkgs/libpyldb-util diff --git a/common/shlibs b/common/shlibs index b985d30fd73..db37ea032a7 100644 --- a/common/shlibs +++ b/common/shlibs @@ -2778,7 +2778,8 @@ libply-boot-client.so.4 plymouth-0.9.2_1 libmilter.so.1.0.2 libmilter-1.0.2_1 libopendkim.so.10 opendkim-2.10.3_1 libtevent.so.0 tevent-0.9.28_1 -libldb.so.1 ldb-1.1.26_1 +libldb.so.2 ldb-2.2.0_1 +libpyldb-util.so.2 libpyldb-util-2.2.0_1 libpath_utils.so.1 ding-libs-0.5.0_1 libdhash.so.1 ding-libs-0.5.0_1 libcollection.so.4 ding-libs-0.5.0_1 diff --git a/srcpkgs/ldb-python3 b/srcpkgs/ldb-python3 new file mode 120000 index 00000000000..59d203f674d --- /dev/null +++ b/srcpkgs/ldb-python3 @@ -0,0 +1 @@ +ldb \ No newline at end of file diff --git a/srcpkgs/ldb/patches/disable-compile-error-test.patch b/srcpkgs/ldb/patches/disable-compile-error-test.patch new file mode 100644 index 00000000000..bbb497567f4 --- /dev/null +++ b/srcpkgs/ldb/patches/disable-compile-error-test.patch @@ -0,0 +1,21 @@ +--- tests/ldb_match_test.c ++++ tests/ldb_match_test.c +@@ -32,6 +32,8 @@ + * This allows test applications to use custom definitions of C standard + * library functions and types. + */ ++// fails to compile on musl, so limit to glibc ++#ifdef __GLIBC__ + #include + #include + #include +@@ -189,3 +191,9 @@ + + return cmocka_run_group_tests(tests, NULL, NULL); + } ++#else ++int main(int argc, const char **argv) ++{ ++ return 0; ++} ++#endif diff --git a/srcpkgs/ldb/template b/srcpkgs/ldb/template index fd0c68e64a7..3d642466b9c 100644 --- a/srcpkgs/ldb/template +++ b/srcpkgs/ldb/template @@ -1,29 +1,54 @@ # Template file for 'ldb' pkgname=ldb -version=1.5.1 +version=2.2.0 revision=1 -build_style=gnu-configure -configure_args="--with-modulesdir=/usr/lib/ldb/modules" -hostmakedepends="python pkg-config docbook-xsl libxslt" -makedepends="tdb-devel tevent-devel popt-devel talloc-devel lmdb-devel" +build_style=waf3 +build_helper="qemu samba" +configure_script="buildtools/bin/waf" +configure_args="--sysconfdir=/etc --localstatedir=/var + --disable-rpath --disable-rpath-install --without-gettext + --builtin-libraries=replace --bundled-libraries=NONE + --with-modulesdir=/usr/lib/ldb/modules" +hostmakedepends="pkg-config docbook2x tdb-python3 tevent-python3" +makedepends="python3-devel tdb-devel tevent-devel talloc-devel + popt-devel lmdb-devel libxslt gettext-devel cmocka-devel" checkdepends="cmocka-devel" short_desc="LDAP-like database from samba" maintainer="Yuusha Spacewolf " license="LGPL-3.0-or-later" homepage="https://www.samba.org/ldb/" distfiles="https://www.samba.org/ftp/pub/ldb/ldb-${version}.tar.gz" -checksum=232e54b87c53210a6861424ad411b04dbfa0f2ca4bc463aefea188158e0cc963 - -nocross="see srcpkgs/tdb (cross-32bit.answers)." +checksum=134bb51769709af59f30bf468e454d1377a8096acd4e80dcb42fd264f558bd5f # workaround for cmocka's broken uintptr_t definition on musl if [ "$XBPS_TARGET_WORDSIZE" = "64" -a "$XBPS_TARGET_LIBC" = "musl" ]; then CFLAGS+=" -D__WORDSIZE=64" fi +post_patch() { + # Avoid Python shlib extension noise in libpyldb-util.so + vsed -e "/env.pyext_PATTERN/s/dct\['SO'\]/'.so'/" \ + -i third_party/waf/waflib/Tools/python.py +} + +ldb-python3_package() { + short_desc+=" - Python3 bindings" + pkg_install() { + vmove ${py3_lib} + } +} + +libpyldb-util_package() { + short_desc+=" - Python3 utility library" + pkg_install() { + vmove "usr/lib/libpyldb-util.so.*" + } +} + ldb-devel_package() { short_desc+=" - development files" - depends="${makedepends} ${sourcepkg}>=${version}_${revision}" + depends="${sourcepkg}>=${version}_${revision} + libpyldb-util>=${version}_${revision}" pkg_install() { vmove usr/include vmove usr/lib/pkgconfig diff --git a/srcpkgs/libpyldb-util b/srcpkgs/libpyldb-util new file mode 120000 index 00000000000..59d203f674d --- /dev/null +++ b/srcpkgs/libpyldb-util @@ -0,0 +1 @@ +ldb \ No newline at end of file From 9a3abae90850c16b2a7ec35d665aad8c122ec73b Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 17:07:41 -0500 Subject: [PATCH 6/7] sssd: rebuild for ldb --- srcpkgs/sssd/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/sssd/template b/srcpkgs/sssd/template index 082a56831ae..4dc04533091 100644 --- a/srcpkgs/sssd/template +++ b/srcpkgs/sssd/template @@ -1,7 +1,7 @@ # Template file for 'sssd' pkgname=sssd version=2.3.1 -revision=2 +revision=3 build_style=gnu-configure configure_args="--without-selinux --without-semanage --without-libwbclient --disable-cifs-idmap-plugin --without-samba --with-os=fedora @@ -29,6 +29,7 @@ homepage="https://sssd.io" distfiles="https://github.com/SSSD/sssd/releases/download/${pkgname}-${version//./_}/${pkgname}-${version}.tar.gz" checksum=ef8b047e6d0452a585862dffd16db725ac828e0d3fb594a8dea6d2f24a61ad17 python_version=3 +nocross="configure attempts to run compiled output" do_check() { export CK_TIMEOUT_MULTIPLIER=10 From 0ae093bd519eedd7e9ec50a884d24f71cd63b913 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Sun, 13 Dec 2020 19:17:17 -0500 Subject: [PATCH 7/7] samba: update to 4.13.2. --- common/shlibs | 56 +++- srcpkgs/{libsmbclient => samba-libs} | 0 srcpkgs/{samba-cups => samba-python3} | 0 srcpkgs/samba/patches/CVE-2017-7494.patch | 32 --- .../patches/add_missing___compar_fn_t.patch | 14 + srcpkgs/samba/patches/getpwent_r.patch | 80 ++++++ srcpkgs/samba/patches/glibc-2.28.patch | 32 --- srcpkgs/samba/patches/missing-headers.patch | 38 +++ srcpkgs/samba/patches/musl.patch | 10 - .../samba/patches/musl_rm_unistd_incl.patch | 37 +++ srcpkgs/samba/patches/musl_uintptr.patch | 35 +++ srcpkgs/samba/patches/netdb-defines.patch | 19 ++ .../samba-3.6.25-security-2015-12-16.patch | 255 ------------------ srcpkgs/samba/template | 216 ++++++++------- 14 files changed, 401 insertions(+), 423 deletions(-) rename srcpkgs/{libsmbclient => samba-libs} (100%) rename srcpkgs/{samba-cups => samba-python3} (100%) delete mode 100644 srcpkgs/samba/patches/CVE-2017-7494.patch create mode 100644 srcpkgs/samba/patches/add_missing___compar_fn_t.patch create mode 100644 srcpkgs/samba/patches/getpwent_r.patch delete mode 100644 srcpkgs/samba/patches/glibc-2.28.patch create mode 100644 srcpkgs/samba/patches/missing-headers.patch delete mode 100644 srcpkgs/samba/patches/musl.patch create mode 100644 srcpkgs/samba/patches/musl_rm_unistd_incl.patch create mode 100644 srcpkgs/samba/patches/musl_uintptr.patch create mode 100644 srcpkgs/samba/patches/netdb-defines.patch delete mode 100644 srcpkgs/samba/patches/samba-3.6.25-security-2015-12-16.patch diff --git a/common/shlibs b/common/shlibs index db37ea032a7..74df73f3b58 100644 --- a/common/shlibs +++ b/common/shlibs @@ -774,10 +774,8 @@ libgssdp-1.2.so.0 gssdp-1.2.0_1 libgupnp-1.2.so.0 gupnp-1.2.0_1 libsamplerate.so.0 libsamplerate-0.1.7_1 libmms.so.0 libmms-0.6_1 -libsmbclient.so.0 libsmbclient-3.5.6_1 libsmbios.so.2 libsmbios-2.2.28_1 libsmbios_c.so.2 libsmbios-2.2.28_1 -libwbclient.so.0 libsmbclient-3.5.6_1 libjasper.so.4 libjasper-1.900.27_1 librecode.so.0 librecode-3.6_1 libenca.so.0 libenca-1.13_1 @@ -1618,8 +1616,6 @@ libdovecot-compression.so.0 dovecot-2.2.11_2 libdovecot-sql.so.0 dovecot-2.2.11_2 libdovecot-storage.so.0 dovecot-2.2.11_2 libdovecot-lda.so.0 dovecot-2.2.11_2 -libnetapi.so.0 samba-3.6.23_1 -libsmbsharemodes.so.0 samba-3.6.23_1 libmysqld.so.18 libmariadbclient-5.5.36_1 libwiretap.so.11 libwireshark-3.4.0_1 libwireshark.so.14 libwireshark-3.4.0_1 @@ -4000,3 +3996,55 @@ libevemu.so.3 evemu-2.7.0_1 libantilib.so.1 libantimicrox-3.1.2_1 libinih.so.0 inih-52_1 libpcaudio.so.0 pcaudiolib-1.1_1 +libauth-unix-token-samba4.so samba-4.13.2_1 +libauth4-samba4.so samba-4.13.2_1 +libdcerpc-samba4.so samba-4.13.2_1 +libdcerpc-samr.so.0 samba-4.13.2_1 +libdcerpc-server-core.so.0 samba-4.13.2_1 +libdsdb-module-samba4.so samba-4.13.2_1 +libgpext-samba4.so samba-4.13.2_1 +libnet-keytab-samba4.so samba-4.13.2_1 +libnetapi.so.0 samba-4.13.2_1 +libnss_winbind.so.2 samba-4.13.2_1 +libnss_wins.so.2 samba-4.13.2_1 +libposix-eadb-samba4.so samba-4.13.2_1 +libprinting-migrate-samba4.so samba-4.13.2_1 +libsamba-net-samba4.so samba-4.13.2_1 +libsamba-policy.so.0 samba-4.13.2_1 +libsamba-python-samba4.so samba-4.13.2_1 +libshares-samba4.so samba-4.13.2_1 +libsmbd-base-samba4.so samba-4.13.2_1 +libsmbd-conn-samba4.so samba-4.13.2_1 +libsmbpasswdparser-samba4.so samba-4.13.2_1 +libxattr-tdb-samba4.so samba-4.13.2_1 +libcli-ldap-samba4.so samba-libs-4.13.2_1 +libcliauth-samba4.so samba-libs-4.13.2_1 +libcluster-samba4.so samba-libs-4.13.2_1 +libcommon-auth-samba4.so samba-libs-4.13.2_1 +libdcerpc.so.0 samba-libs-4.13.2_1 +libdcerpc-binding.so.0 samba-libs-4.13.2_1 +libdcerpc-samba-samba4.so samba-libs-4.13.2_1 +libflag-mapping-samba4.so samba-libs-4.13.2_1 +libgpo-samba4.so samba-libs-4.13.2_1 +libiov-buf-samba4.so samba-libs-4.13.2_1 +libndr-krb5pac.so.0 samba-libs-4.13.2_1 +libndr-nbt.so.0 samba-libs-4.13.2_1 +libndr-samba-samba4.so samba-libs-4.13.2_1 +libndr-samba4.so samba-libs-4.13.2_1 +libndr-standard.so.0 samba-libs-4.13.2_1 +libndr.so.1 samba-libs-4.13.2_1 +libprinter-driver-samba4.so samba-libs-4.13.2_1 +libsamba-credentials.so.0 samba-libs-4.13.2_1 +libsamba-errors.so.1 samba-libs-4.13.2_1 +libsamba-hostconfig.so.0 samba-libs-4.13.2_1 +libsamba-passdb.so.0 samba-libs-4.13.2_1 +libsamba-util.so.0 samba-libs-4.13.2_1 +libsamdb.so.0 samba-libs-4.13.2_1 +libsmb-transport-samba4.so samba-libs-4.13.2_1 +libsmbclient.so.0 samba-libs-4.13.2_1 +libsmbconf.so.0 samba-libs-4.13.2_1 +libsmbldap.so.2 samba-libs-4.13.2_1 +libtdb-wrap-samba4.so samba-libs-4.13.2_1 +libutil-cmdline-samba4.so samba-libs-4.13.2_1 +libwbclient.so.0 samba-libs-4.13.2_1 +libwinbind-client-samba4.so samba-libs-4.13.2_1 diff --git a/srcpkgs/libsmbclient b/srcpkgs/samba-libs similarity index 100% rename from srcpkgs/libsmbclient rename to srcpkgs/samba-libs diff --git a/srcpkgs/samba-cups b/srcpkgs/samba-python3 similarity index 100% rename from srcpkgs/samba-cups rename to srcpkgs/samba-python3 diff --git a/srcpkgs/samba/patches/CVE-2017-7494.patch b/srcpkgs/samba/patches/CVE-2017-7494.patch deleted file mode 100644 index e02093a1ed8..00000000000 --- a/srcpkgs/samba/patches/CVE-2017-7494.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c12670f75b6403aa0b7d7c02bd7af0d4f1160b9e Mon Sep 17 00:00:00 2001 -From: Volker Lendecke -Date: Mon, 8 May 2017 21:40:40 +0200 -Subject: [PATCH 1/1] CVE-2017-7494: Refuse to open pipe names with / inside - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780 - -Signed-off-by: Volker Lendecke -Reviewed-by: Andreas Schneider ---- - source3/rpc_server/srv_pipe.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c -index 251f899..7126865 100644 ---- source3/rpc_server/srv_pipe.c -+++ source3/rpc_server/srv_pipe.c -@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax) - pipename += 1; - } - -+ if (strchr(pipename, '/')) { -+ DEBUG(1,("Refusing open on pipe %s\n", pipename)); -+ return false; -+ } -+ - if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { - DEBUG(10, ("refusing spoolss access\n")); - return false; -2.9.3 - - diff --git a/srcpkgs/samba/patches/add_missing___compar_fn_t.patch b/srcpkgs/samba/patches/add_missing___compar_fn_t.patch new file mode 100644 index 00000000000..657c72add4d --- /dev/null +++ b/srcpkgs/samba/patches/add_missing___compar_fn_t.patch @@ -0,0 +1,14 @@ +--- source4/dsdb/samdb/ldb_modules/count_attrs.c ++++ source4/dsdb/samdb/ldb_modules/count_attrs.c +@@ -38,6 +38,11 @@ + #define NULL_REQ_PSEUDO_N -2LL; + #define STAR_REQ_PSEUDO_N -4LL; + ++#ifndef __COMPAR_FN_T ++#define __COMPAR_FN_T ++typedef int (*__compar_fn_t)(const void *, const void *); ++#endif ++ + struct count_attrs_private { + struct tdb_wrap *requested; + struct tdb_wrap *duplicates; diff --git a/srcpkgs/samba/patches/getpwent_r.patch b/srcpkgs/samba/patches/getpwent_r.patch new file mode 100644 index 00000000000..8b635298b91 --- /dev/null +++ b/srcpkgs/samba/patches/getpwent_r.patch @@ -0,0 +1,80 @@ +diff --git source4/torture/local/nss_tests.c source4/torture/local/nss_tests.c +index 2cd6122..04f13c6 100644 +--- source4/torture/local/nss_tests.c ++++ source4/torture/local/nss_tests.c +@@ -247,7 +247,6 @@ static bool test_getgrnam_r(struct torture_context *tctx, + return true; + } + +- + static bool test_getgrgid(struct torture_context *tctx, + gid_t gid, + struct group *grp_p) +@@ -333,6 +332,7 @@ static bool test_enum_passwd(struct torture_context *tctx, + return true; + } + ++#if HAVE_GETPWENT_R + static bool test_enum_r_passwd(struct torture_context *tctx, + struct passwd **pwd_array_p, + size_t *num_pwd_p) +@@ -383,6 +383,7 @@ static bool test_enum_r_passwd(struct torture_context *tctx, + + return true; + } ++#endif + + static bool torture_assert_passwd_equal(struct torture_context *tctx, + const struct passwd *p1, +@@ -434,7 +435,7 @@ static bool test_passwd_r(struct torture_context *tctx) + struct passwd *pwd, pwd1, pwd2; + size_t num_pwd; + +- torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd), ++ torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd), + "failed to enumerate passwd"); + + for (i=0; i < num_pwd; i++) { +@@ -462,7 +463,7 @@ static bool test_passwd_r_cross(struct torture_context *tctx) + struct passwd *pwd, pwd1, pwd2, pwd3, pwd4; + size_t num_pwd; + +- torture_assert(tctx, test_enum_r_passwd(tctx, &pwd, &num_pwd), ++ torture_assert(tctx, test_enum_passwd(tctx, &pwd, &num_pwd), + "failed to enumerate passwd"); + + for (i=0; i < num_pwd; i++) { +@@ -533,6 +534,7 @@ static bool test_enum_group(struct torture_context *tctx, + return true; + } + ++#if HAVE_GETGRENT_R + static bool test_enum_r_group(struct torture_context *tctx, + struct group **grp_array_p, + size_t *num_grp_p) +@@ -583,6 +585,7 @@ static bool test_enum_r_group(struct torture_context *tctx, + + return true; + } ++#endif + + static bool torture_assert_group_equal(struct torture_context *tctx, + const struct group *g1, +@@ -639,7 +642,7 @@ static bool test_group_r(struct torture_context *tctx) + struct group *grp, grp1, grp2; + size_t num_grp; + +- torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp), ++ torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp), + "failed to enumerate group"); + + for (i=0; i < num_grp; i++) { +@@ -667,7 +670,7 @@ static bool test_group_r_cross(struct torture_context *tctx) + struct group *grp, grp1, grp2, grp3, grp4; + size_t num_grp; + +- torture_assert(tctx, test_enum_r_group(tctx, &grp, &num_grp), ++ torture_assert(tctx, test_enum_group(tctx, &grp, &num_grp), + "failed to enumerate group"); + + for (i=0; i < num_grp; i++) { diff --git a/srcpkgs/samba/patches/glibc-2.28.patch b/srcpkgs/samba/patches/glibc-2.28.patch deleted file mode 100644 index e931496b894..00000000000 --- a/srcpkgs/samba/patches/glibc-2.28.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- source3/lib/system.c.orig 2019-01-23 23:55:02.171524646 +0100 -+++ source3/lib/system.c 2019-01-23 23:55:32.693250813 +0100 -@@ -25,6 +25,7 @@ - #include "system/capability.h" - #include "system/passwd.h" - #include "system/filesys.h" -+#include - - #ifdef HAVE_SYS_PRCTL_H - #include - ---- source3/libsmb/clifile.c.orig 2019-01-24 00:00:41.142565919 +0100 -+++ source3/libsmb/clifile.c 2019-01-24 00:00:28.148674834 +0100 -@@ -26,6 +26,7 @@ - #include "libsmb/clirap.h" - #include "trans2.h" - #include "ntioctl.h" -+#include - - /*********************************************************** - Common function for pushing stings, used by smb_bytes_push_str() - ---- lib/replace/replace.h.orig 2019-01-24 00:04:11.908799366 +0100 -+++ lib/replace/replace.h 2019-01-24 00:04:32.329628199 +0100 -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - #if defined(_MSC_VER) || defined(__MINGW32__) - #include "win32_replace.h" diff --git a/srcpkgs/samba/patches/missing-headers.patch b/srcpkgs/samba/patches/missing-headers.patch new file mode 100644 index 00000000000..44a5418e0bd --- /dev/null +++ b/srcpkgs/samba/patches/missing-headers.patch @@ -0,0 +1,38 @@ +diff --git lib/param/loadparm.h lib/param/loadparm.h +index b5d79b9..3f4eae0 100644 +--- lib/param/loadparm.h ++++ lib/param/loadparm.h +@@ -31,6 +31,7 @@ + #define _LOADPARM_H + + #include ++#include + + struct parmlist_entry { + struct parmlist_entry *prev, *next; +diff --git source3/lib/system_smbd.c source3/lib/system_smbd.c +index 3b1ac9c..4044d75 100644 +--- source3/lib/system_smbd.c ++++ source3/lib/system_smbd.c +@@ -27,6 +27,8 @@ + #include "system/passwd.h" + #include "nsswitch/winbind_client.h" + #include "../lib/util/setid.h" ++#include ++#include + + #ifndef HAVE_GETGROUPLIST + +diff --git source4/torture/local/nss_tests.c source4/torture/local/nss_tests.c +index 2cd6122..0c84ec2 100644 +--- source4/torture/local/nss_tests.c ++++ source4/torture/local/nss_tests.c +@@ -20,6 +20,8 @@ + */ + + #include "includes.h" ++#include ++#include + + #include "torture/torture.h" + #include "torture/local/proto.h" diff --git a/srcpkgs/samba/patches/musl.patch b/srcpkgs/samba/patches/musl.patch deleted file mode 100644 index c119a7576b9..00000000000 --- a/srcpkgs/samba/patches/musl.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- source3/include/samba_linux_quota.h.orig 2015-06-13 11:42:24.658548702 +0200 -+++ source3/include/samba_linux_quota.h 2015-06-13 11:42:33.241642520 +0200 -@@ -40,6 +40,7 @@ - * Headerfile for old quotafile format - */ - -+#include - #include - - #define V1_DQBLK_SIZE_BITS 10 diff --git a/srcpkgs/samba/patches/musl_rm_unistd_incl.patch b/srcpkgs/samba/patches/musl_rm_unistd_incl.patch new file mode 100644 index 00000000000..1fafa741e11 --- /dev/null +++ b/srcpkgs/samba/patches/musl_rm_unistd_incl.patch @@ -0,0 +1,37 @@ +--- lib/replace/replace.h ++++ lib/replace/replace.h +@@ -168,10 +168,6 @@ + #include + #endif + +-#ifdef HAVE_UNISTD_H +-#include +-#endif +- + #ifdef HAVE_STRING_H + #include + #endif +--- lib/replace/system/network.h ++++ lib/replace/system/network.h +@@ -31,10 +31,6 @@ + #error "AC_LIBREPLACE_NETWORK_CHECKS missing in configure" + #endif + +-#ifdef HAVE_UNISTD_H +-#include +-#endif +- + #ifdef HAVE_SYS_SOCKET_H + #include + #endif +--- source3/rpc_server/mdssvc/mdssvc.c ++++ source3/rpc_server/mdssvc/mdssvc.c +@@ -18,6 +18,8 @@ + along with this program. If not, see . + */ + ++#include ++ + #include "includes.h" + #include "librpc/gen_ndr/auth.h" + #include "dbwrap/dbwrap.h" diff --git a/srcpkgs/samba/patches/musl_uintptr.patch b/srcpkgs/samba/patches/musl_uintptr.patch new file mode 100644 index 00000000000..4c09c54d4eb --- /dev/null +++ b/srcpkgs/samba/patches/musl_uintptr.patch @@ -0,0 +1,35 @@ +commit f81e5b71ce78f33250347914dacc75c8463bf102 +Author: Breno Leitao +Date: Wed Mar 29 15:22:38 2017 -0300 + + include: Check for previous declaration of uintptr_t + + Adding a extra check before declaring uintptr_t. Currently musl uses + macro __DEFINED_uintptr_t once it defines uintptr_t type. Checking + this macro before defining it, and, defining it when uintptr_t is + defined. + + Signed-off-by: Breno Leitao + +diff --git third_party/cmocka/cmocka.h third_party/cmocka/cmocka.h +index 303d0ae..a2bfc40 100644 +--- third_party/cmocka/cmocka.h ++++ third_party/cmocka/cmocka.h +@@ -111,7 +111,7 @@ + ((LargestIntegralType)(value)) + + /* Smallest integral type capable of holding a pointer. */ +-#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED) ++#if !defined(_UINTPTR_T) && !defined(_UINTPTR_T_DEFINED) && !defined(__DEFINED_uintptr_t) + # if defined(_WIN32) + /* WIN32 is an ILP32 platform */ + typedef unsigned int uintptr_t; +@@ -137,6 +137,8 @@ + + # define _UINTPTR_T + # define _UINTPTR_T_DEFINED ++# define __DEFINED_uintptr_t ++ + #endif /* !defined(_UINTPTR_T) || !defined(_UINTPTR_T_DEFINED) */ + + /* Perform an unsigned cast to uintptr_t. */ diff --git a/srcpkgs/samba/patches/netdb-defines.patch b/srcpkgs/samba/patches/netdb-defines.patch new file mode 100644 index 00000000000..5d7caa6208b --- /dev/null +++ b/srcpkgs/samba/patches/netdb-defines.patch @@ -0,0 +1,19 @@ +diff --git nsswitch/wins.c nsswitch/wins.c +index dccb6dd..bb24acb 100644 +--- nsswitch/wins.c ++++ nsswitch/wins.c +@@ -39,6 +39,14 @@ static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER; + #define INADDRSZ 4 + #endif + ++#ifndef NETDB_INTERNAL ++#define NETDB_INTERNAL -1 ++#endif ++ ++#ifndef NETDB_SUCCESS ++#define NETDB_SUCCESS 0 ++#endif ++ + NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname, + struct hostent *he, + char *buffer, diff --git a/srcpkgs/samba/patches/samba-3.6.25-security-2015-12-16.patch b/srcpkgs/samba/patches/samba-3.6.25-security-2015-12-16.patch deleted file mode 100644 index 6a9fccc6c5d..00000000000 --- a/srcpkgs/samba/patches/samba-3.6.25-security-2015-12-16.patch +++ /dev/null @@ -1,255 +0,0 @@ -From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 9 Jul 2015 10:58:11 -0700 -Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file - access outside the share). - -Ensure matching component ends in '/' or '\0'. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/vfs.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c -index 6c56964..bd93b7f 100644 ---- source3/smbd/vfs.c -+++ source3/smbd/vfs.c -@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - if (!allow_widelinks || !allow_symlinks) { - const char *conn_rootdir; - size_t rootdir_len; -+ bool matched; - - conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); - if (conn_rootdir == NULL) { -@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - } - - rootdir_len = strlen(conn_rootdir); -- if (strncmp(conn_rootdir, resolved_name, -- rootdir_len) != 0) { -+ matched = (strncmp(conn_rootdir, resolved_name, -+ rootdir_len) == 0); -+ if (!matched || (resolved_name[rootdir_len] != '/' && -+ resolved_name[rootdir_len] != '\0')) { - DEBUG(2, ("check_reduced_name: Bad access " - "attempt: %s is a symlink outside the " - "share path\n", fname)); --- -2.5.0 - -From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in do_connect() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/libsmb/clidfs.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index 23e1471..f153b6b 100644 ---- source3/libsmb/clidfs.c -+++ source3/libsmb/clidfs.c -@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, - const char *username; - const char *password; - NTSTATUS status; -+ int signing_state = get_cmdline_auth_info_signing_state(auth_info); -+ -+ if (force_encrypt) { -+ signing_state = Required; -+ } - - /* make a copy so we don't modify the global string 'service' */ - servicename = talloc_strdup(ctx,share); -@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, - zero_sockaddr(&ss); - - /* have to open a new connection */ -- c = cli_initialise_ex(get_cmdline_auth_info_signing_state(auth_info)); -+ c = cli_initialise_ex(signing_state); - if (c == NULL) { - d_printf("Connection to %s failed\n", server_n); - return NULL; --- -2.5.0 - - -From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in SMBC_server_internal() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/libsmb/libsmb_server.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 45be660..167f2c9 100644 ---- source3/libsmb/libsmb_server.c -+++ source3/libsmb/libsmb_server.c -@@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, - const char *username_used; - NTSTATUS status; - char *newserver, *newshare; -+ int signing_state = Undefined; - - zero_sockaddr(&ss); - ZERO_STRUCT(c); -@@ -404,8 +405,12 @@ again: - - zero_sockaddr(&ss); - -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = Required; -+ } -+ - /* have to open a new connection */ -- if ((c = cli_initialise()) == NULL) { -+ if ((c = cli_initialise_ex(signing_state)) == NULL) { - errno = ENOMEM; - return NULL; - } -@@ -750,6 +755,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", - pp_workgroup, pp_username, pp_password); - if (!ipc_srv) { -+ int signing_state = Undefined; - - /* We didn't find a cached connection. Get the password */ - if (!*pp_password || (*pp_password)[0] == '\0') { -@@ -771,6 +777,9 @@ SMBC_attr_server(TALLOC_CTX *ctx, - if (smbc_getOptionUseCCache(context)) { - flags |= CLI_FULL_CONNECTION_USE_CCACHE; - } -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = Required; -+ } - - zero_sockaddr(&ss); - nt_status = cli_full_connection(&ipc_cli, -@@ -780,7 +789,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - *pp_workgroup, - *pp_password, - flags, -- Undefined); -+ signing_state); - if (! NT_STATUS_IS_OK(nt_status)) { - DEBUG(1,("cli_full_connection failed! (%s)\n", - nt_errstr(nt_status))); --- -2.5.0 - -From 8e49de7754f7171a58a1f94dee0f1138dbee3c60 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Fri, 23 Oct 2015 14:54:31 -0700 -Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on - snapdir - -Fix originally from - -https://bugzilla.samba.org/show_bug.cgi?id=11529 - -Signed-off-by: Jeremy Allison -Reviewed-by: David Disseldorp ---- - source3/modules/vfs_shadow_copy2.c | 47 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 47 insertions(+) - -diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c -index fedfb53..16c1ed7 100644 ---- source3/modules/vfs_shadow_copy2.c -+++ source3/modules/vfs_shadow_copy2.c -@@ -21,6 +21,8 @@ - - #include "includes.h" - #include "smbd/smbd.h" -+#include "smbd/globals.h" -+#include "../libcli/security/security.h" - #include "system/filesys.h" - #include "ntioctl.h" - -@@ -764,6 +766,43 @@ static int shadow_copy2_mkdir(vfs_handle_struct *handle, const char *fname, mod - SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1); - } - -+static bool check_access_snapdir(struct vfs_handle_struct *handle, -+ const char *path) -+{ -+ struct smb_filename smb_fname; -+ int ret; -+ NTSTATUS status; -+ uint32_t access_granted = 0; -+ -+ ZERO_STRUCT(smb_fname); -+ smb_fname.base_name = talloc_asprintf(talloc_tos(), -+ "%s", -+ path); -+ if (smb_fname.base_name == NULL) { -+ return false; -+ } -+ -+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname); -+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) { -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ -+ status = smbd_check_open_rights(handle->conn, -+ &smb_fname, -+ SEC_DIR_LIST, -+ &access_granted); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(0,("user does not have list permission " -+ "on snapdir %s\n", -+ smb_fname.base_name)); -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ TALLOC_FREE(smb_fname.base_name); -+ return true; -+} -+ - static int shadow_copy2_rmdir(vfs_handle_struct *handle, const char *fname) - { - SHADOW2_NEXT(RMDIR, (handle, name), int, -1); -@@ -877,6 +916,7 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, - SMB_STRUCT_DIRENT *d; - TALLOC_CTX *tmp_ctx = talloc_new(handle->data); - char *snapshot; -+ bool ret; - - snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle); - if (snapdir == NULL) { -@@ -886,6 +926,13 @@ static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, - talloc_free(tmp_ctx); - return -1; - } -+ ret = check_access_snapdir(handle, snapdir); -+ if (!ret) { -+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir)); -+ errno = EACCES; -+ talloc_free(tmp_ctx); -+ return -1; -+ } - - p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0); - --- -2.5.0 - diff --git a/srcpkgs/samba/template b/srcpkgs/samba/template index 4359f1c4784..a2a28a55759 100644 --- a/srcpkgs/samba/template +++ b/srcpkgs/samba/template @@ -1,82 +1,77 @@ # Template file for 'samba' pkgname=samba -version=3.6.25 -revision=15 -build_wrksrc=source3 -build_style=gnu-configure -configure_args="--with-fhs --with-pam --with-pam_smbpass --with-ldap - --with-configdir=/etc/samba --with-lockdir=/var/samba --with-static-libs=libtevent - --with-cachedir=/var/samba --with-nmbdsocketdir=/run/samba/socket - --with-statedir=/var/samba --with-piddir=/run/samba --with-dnsupdate - --with-pammodulesdir=/usr/lib/security --with-automount --disable-swat - --with-syslog --enable-external-libtalloc --with-quotas --enable-cups - --enable-external-libtdb --disable-fam --with-ads --with-acl-support - --with-shared-modules=idmap_ad,idmap_adex,idmap_rid,idmap_hash,idmap_tdb2 - --sbindir=/usr/bin" +version=4.13.2 +revision=1 +build_style=waf3 +build_helper="qemu samba" +configure_script="buildtools/bin/waf" +_idmap_modules="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2" +_pdb_modules="pdb_tdbsam,pdb_ldap,pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4" +_auth_modules="auth_unix,auth_wbc,auth_server,auth_netlogind,autH_script,auth_samba4" +configure_args="--enable-fhs --sbindir=/usr/bin --localstatedir=/var + --sysconfdir=/etc --with-piddir=/run/samba --with-sockets-dir=/run/samba + --with-privatedir=/etc/samba/private --with-pammodulesdir=/usr/lib/security + --with-modulesdir=/usr/lib/samba --disable-rpath --disable-rpath-install + --without-systemd --without-gettext --bundled-libraries=NONE + --with-system-mitkrb5 --without-ad-dc + --with-shared-modules=${_idmap_modules},${_pdb_modules},${_auth_modules}" +hostmakedepends="pkg-config perl-Parse-Yapp rpcsvc-proto docbook2x + libtasn1-tools tdb-python3 tevent-python3 talloc-python3" +makedepends="python3-devel libtirpc-devel popt-devel e2fsprogs-devel + mit-krb5-devel pam-devel acl-devel cups-devel avahi-libs-devel tdb-devel + talloc-devel tevent-devel ldb-devel cmocka-devel gnutls-devel zlib-devel + ncurses-devel libldap-devel libarchive-devel jansson-devel" short_desc="SMB/CIFS file, print, and login server for Unix" maintainer="Orphaned " -license="GPL-3" +license="GPL-3.0-or-later" homepage="http://www.samba.org" -distfiles="http://us1.samba.org/samba/ftp/stable/$pkgname-$version.tar.gz" -checksum=8f2c8a7f2bd89b0dfd228ed917815852f7c625b2bc0936304ac3ed63aaf83751 - +distfiles="http://download.samba.org/pub/samba/stable/${pkgname}-${version}.tar.gz" +checksum=276464396a05d88b775bda01ac2eb1e5a636ccf7010b0fd28efc3d85583af2b4 lib32disabled=yes conf_files="/etc/pam.d/samba /etc/samba/smb.conf" make_dirs="/etc/samba/private 0750 root root" -hostmakedepends="pkg-config perl python-devel" -makedepends="readline-devel libcap-devel popt-devel e2fsprogs-devel mit-krb5-devel - libldap-devel pam-devel acl-devel avahi-libs-devel tdb-devel talloc-devel cups-devel" if [ "$XBPS_TARGET_LIBC" = "musl" ]; then makedepends+=" musl-legacy-compat" fi -do_configure() { - sed -e 's,XFS_QUOTA_,FS_QUOTA_,g' -i lib/sysquotas_xfs.c - - if [ "$CROSS_BUILD" ]; then - configure_args+=" samba_cv_CC_NEGATIVE_ENUM_VALUES=yes - libreplace_cv_HAVE_GETADDRINFO=no - libreplace_cv_HAVE_GETIFADDRS=yes - ac_cv_file__proc_sys_kernel_core_pattern=yes - ac_cv_func_ext_krb5_free_keytab_entry_contents=yes - samba_cv_HAVE_WRFILE_KEYTAB=yes - smb_krb5_cv_enctype_to_string_takes_size_t_arg=yes - smb_krb5_cv_enctype_to_string_takes_krb5_context_arg=yes" - fi - # Disable quotas, broken with musl (needs rpc). - ./configure ${configure_args} --without-quotas +# By default, samba wants to install a bunch of private "*-samba4.so" shared +# libraries that leak into shlib_requires dependencies. Most of these can be +# built into the public shared libraries, avoiding the mess of tracking shlibs +# that shouldn't be exposed locally. For those that cannot be built in, make +# sure to install them into /usr/lib so xbps-src picks them up. +_privlibs="CHARSET3 MESSAGING_SEND MESSAGING LIBWBCLIENT_OLD addns ads \ + asn1util auth authkrb5 cmdline_contexts cmdline-credentials cli_cldap \ + cli-ldap-common cli-nbt cli_smb_common cli_spoolss clidns common-auth dbwrap \ + events flag-mapping genrand gensec gse http interfaces iov-buf krb5samba \ + ldbsamba libcli_lsa3 libcli_netlogon3 libsmb messages_dgm messages_util mscat \ + msghdr msrpc3 netif npa_tstream popt_samba3 popt_samba3_cmdline \ + printer-driver registry replace samba-cluster-support samba-debug \ + samba-modules samba-security samba-sockets samba3-util samdb-common secrets3 \ + server_id_db server-role smbclient-raw smbd_shim socket-blocking \ + sys_rw talloc_report_printf talloc_report tdb_wrap time-basic trusts_util \ + util_reg util_setid util_tdb tevent-util" +configure_args+=" --with-privatelibdir=/usr/lib --builtin-libraries=${_privlibs// /,}" + +post_patch() { + # Look for properly named python support libraries + vsed -i third_party/waf/waflib/Tools/python.py \ + -e "/env.pyext_PATTERN/s/dct\['SO'\]/'.so'/" + + # Fix log and spool locations in conf file + vsed -i examples/smb.conf.default \ + -e 's|/usr/spool/samba|/var/spool/samba|g' \ + -e 's|log file = .*$|log file = /var/log/samba/%m.log|g' } -post_install() { - cd ${wrksrc} - # conf file - cat examples/smb.conf.default | \ - sed 's|log file = .*$|log file = /var/log/samba/%m.log|g' > \ - ${DESTDIR}/etc/samba/smb.conf - - # fix logrotate - sed -i -e 's|log.%m|%m.log|g' ${DESTDIR}/etc/samba/smb.conf - - # fix spool directory - sed -i 's|/usr/spool/samba|/var/spool/samba|g' \ - ${DESTDIR}/etc/samba/smb.conf - # nsswitch libraries - vinstall nsswitch/libnss_wins.so 755 usr/lib - ln -s libnss_wins.so ${DESTDIR}/usr/lib/libnss_wins.so.2 - - vinstall nsswitch/libnss_winbind.so 755 usr/lib - ln -s libnss_winbind.so ${DESTDIR}/usr/lib/libnss_winbind.so.2 - - # winbind krb5 locator - vinstall source3/bin/winbind_krb5_locator.so 755 \ - usr/lib/krb5/plugins/libkrb5 +post_install() { + # install conf file + vinstall examples/smb.conf.default 644 etc/samba smb.conf - # Remove unused manpages - rm -f ${DESTDIR}/usr/share/man/man8/tdb* - rm -f ${DESTDIR}/usr/share/man/man8/swat* - rm -f ${DESTDIR}/usr/lib/libtevent* - rm -f ${DESTDIR}/usr/include/samba/tevent* + # move winbind krb5 locator into place + vmkdir usr/lib/krb5/plugins/libkrb5 + mv ${DESTDIR}/usr/lib/samba/krb5/winbind_krb5_locator.so \ + ${DESTDIR}/usr/lib/krb5/plugins/libkrb5 vsv nmbd vsv smbd @@ -84,54 +79,95 @@ post_install() { # PAM support vinstall ${FILESDIR}/samba.pam 644 etc/pam.d samba - # Install pkg-config files. - vmkdir usr/lib/pkgconfig - install -m644 source3/pkgconfig/*.pc ${DESTDIR}/usr/lib/pkgconfig - # Link cups backend vmkdir usr/lib/cups/backend - ln -s /usr/bin/smbspool ${DESTDIR}/usr/lib/cups/backend/smb + ln -fs /usr/bin/smbspool ${DESTDIR}/usr/lib/cups/backend/smb } smbclient_package() { - short_desc="Command-line SMB/CIFS clients for Unix" + short_desc+=" - client utilities" + provides="samba-cups-${version}_${revision}" + replaces="samba-cups>=0" pkg_install() { - vmove usr/share/man/man1 - - # Determine which binaries are client and which are server - # by looking at manpage suffix, and vmove the client - # binaries. Ugly. - for f in "$PKGDESTDIR"/usr/share/man/man1/*.1; do - g=$(basename "${f}" .1) - if [ -e "${DESTDIR}/usr/bin/${g}" ]; then - vmove usr/bin/${g} - fi + local _t _tools + + # These utilities have man pages in section 1 + _tools="findsmb dbwrap_tool mdfind mvxattr nmblookup ntlm_auth + oLschema2ldif regdiff regpatch regshell regtree rpcclient + sharesec smbcacls smbclient smbcquotas smbget smbtar smbtree + wbinfo" + + for _t in ${_tools}; do + vmove usr/bin/${_t} + vmove usr/share/man/man1/${_t}.1 done + + # These utilities have man pages in section 8 + _tools="cifsdd samba-regedit smbspool" + for _t in ${_tools}; do + vmove usr/bin/${_t} + vmove usr/share/man/man8/${_t}.8 + done + + # No man page for this one + vmove usr/bin/dumpmscat + + # Extra man page for smbget + vmove usr/share/man/man5/smbgetrc.5 + + vmove usr/libexec/samba/smbspool_krb5_wrapper + vmove usr/share/man/man8/smbspool_krb5_wrapper.8 + + # Move symlink + vmove usr/lib/cups/backend/smb } } -libsmbclient_package() { - short_desc="Shared libraries for communication with SMB/CIFS servers" + +samba-libs_package() { + short_desc+=" - core libraries" + provides="libsmbclient-${version}_${revision}" + replaces="libsmbclient>=0" pkg_install() { - vmove "usr/lib/libwbclient.so.*" - vmove "usr/lib/libsmbclient.so.*" + local _libs _privlibs _lib + _libs="dcerpc dcerpc-binding ndr-krb5pac ndr-nbt ndr-standard ndr + samba-credentials samba-errors samba-hostconfig samba-passdb + samba-util samdb smbclient smbconf smbldap wbclient" + _privlibs="cli-ldap cliauth cluster common-auth dcerpc-samba + flag-mapping gpo iov-buf ndr-samba ndr printer-driver + smb-transport tdb-wrap util-cmdline winbind-client" + + for _lib in ${_libs}; do + vmove "usr/lib/lib${_lib}.so.*" + done + + for _lib in ${_privlibs}; do + vmove "usr/lib/lib${_lib}-samba4.so" + done + vmove usr/share/man/man7/libsmbclient.7 } } + samba-devel_package() { - depends="libsmbclient>=${version}_${revision}" + depends="samba-libs>=${version}_${revision}" short_desc+=" - development files" pkg_install() { vmove usr/include vmove usr/lib/pkgconfig - vmove usr/lib/libwbclient.so - vmove usr/lib/libsmbclient.so + + vmkdir usr/lib + + local _f + for _f in ${DESTDIR}/usr/lib/*.so; do + [ -L "$_f" ] || continue + mv "$_f" ${PKGDESTDIR}/usr/lib + done } } -samba-cups_package() { - depends="${sourcepkg}-${version}_${revision}" - short_desc="SMB backend for cups" +samba-python3_package() { + short_desc+=" - Python3 bindings" pkg_install() { - vmove usr/lib/cups/backend/smb + vmove ${py3_lib} } }