commit: d90012c04bed622a962d1869fa6348aefd22f188 Author: Ben Kohler <bkohler <AT> gentoo <DOT> org> AuthorDate: Fri Feb 20 16:39:47 2026 +0000 Commit: Ben Kohler <bkohler <AT> gentoo <DOT> org> CommitDate: Fri Feb 20 17:14:40 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d90012c0
net-fs/samba: drop 4.20.8-r1 Signed-off-by: Ben Kohler <bkohler <AT> gentoo.org> net-fs/samba/Manifest | 1 - .../samba/files/samba-4.20.8-CVE-2025-0620.patch | 532 --------------------- net-fs/samba/samba-4.20.8-r1.ebuild | 385 --------------- 3 files changed, 918 deletions(-) diff --git a/net-fs/samba/Manifest b/net-fs/samba/Manifest index 6fa36e12482b..c0deb8711d57 100644 --- a/net-fs/samba/Manifest +++ b/net-fs/samba/Manifest @@ -1,4 +1,3 @@ -DIST samba-4.20.8.tar.gz 42531989 BLAKE2B 4c8d6d4fe40c0640667089179af5a8a49e6117fcd46b735ac59ffad0334e7fddffb99d2204c30d272a1902b8bf22bc9dc10a7b58762642977f0aec25acb91a57 SHA512 1dc598cb3aa830d35985e5840f1956d48b93eef02805248ececd0eb472b514311a9f6e69798bb5f5735a845b6e1c8de84b4ecaff6dea7a61324202d6fb0b3eeb DIST samba-4.22.5.tar.gz 42876122 BLAKE2B c6ee4c98c4aced9faa0b5f90c61a3ea9473fc8c90e7c3ceb470aba9354fb4bb21cdd16a7d19bb6b0faee4454259e02546b4bb5093e8e8fe64a67b5635fc1152b SHA512 ee183e664768076f814c252afef0cd2225961d173174e8f4703d8cf59fe2abc2d1a089e293905849201ab2af75e27d8666360072a85bcce2b0dc735324d6b02e DIST samba-4.22.8.tar.gz 42868679 BLAKE2B 24c285d0b41a37c03338332d85493300641b89dd8e159873bb97b858c24d00ce56c756557c54b3a25e701dfc286f55fd6ca9d0ba97a50083147c00d946d80582 SHA512 35f7aa28c24647250c1d1a8df8bbaab16422fd6372d4f90e3d2682b801911d9c833e72ac71b61e96166dd2b86b16dbeddacfd273f4846a56196ce022cd58055e DIST samba-4.23.5.tar.gz 43298892 BLAKE2B cab8a569da87d32b0268ea2111327450b64fa863507a286d46e200c21c947c477807f181651fa32bf81b799f1ae7554f417300abc8442fbe274208becb7432c9 SHA512 5bf5733dddde9dbd8f5680b53fb927a6802572d1f4758d1d58e00e58fdadc19bec1ef2b195bcdc065c7bed05c3d4aade5ffe9af9227051cf9ea91a9428a3693c diff --git a/net-fs/samba/files/samba-4.20.8-CVE-2025-0620.patch b/net-fs/samba/files/samba-4.20.8-CVE-2025-0620.patch deleted file mode 100644 index 6b15a2258411..000000000000 --- a/net-fs/samba/files/samba-4.20.8-CVE-2025-0620.patch +++ /dev/null @@ -1,532 +0,0 @@ -From 9fd05848d4a59db3977ae74f1a7a89f63f22b9ca Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher <[email protected]> -Date: Fri, 11 Oct 2024 13:32:22 +0000 -Subject: [PATCH 1/3] s3:libsmb: let discover_dc_netbios() return - DOMAIN_CONTROLLER_NOT_FOUND - -We may get NT_STATUS_NOT_FOUND when the name can't be resolved -and NT_STATUS_INVALID_ADDRESS if the system doesn't have ipv4 -addresses... - -Signed-off-by: Stefan Metzmacher <[email protected]> -Reviewed-by: Andreas Schneider <[email protected]> -(cherry picked from commit e47ce1d10b13d8ef165c70984e6e490f4c2a64c2) ---- - source3/libsmb/dsgetdcname.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c -index 654893c172c..00e1fac6b93 100644 ---- a/source3/libsmb/dsgetdcname.c -+++ b/source3/libsmb/dsgetdcname.c -@@ -483,7 +483,19 @@ static NTSTATUS discover_dc_netbios(TALLOC_CTX *mem_ctx, - &count, - resolve_order); - if (!NT_STATUS_IS_OK(status)) { -- DEBUG(10,("discover_dc_netbios: failed to find DC\n")); -+ NTSTATUS raw_status = status; -+ -+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { -+ status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; -+ } -+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_ADDRESS)) { -+ status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; -+ } -+ -+ DBG_DEBUG("failed to find DC for %s: %s => %s\n", -+ domain_name, -+ nt_errstr(raw_status), -+ nt_errstr(status)); - return status; - } - --- -2.47.2 - - -From 4108b021383ccad766a571c93bd6d5fafc4e7b80 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher <[email protected]> -Date: Fri, 9 May 2025 09:38:41 +0200 -Subject: [PATCH 2/3] s3:winbindd: avoid using any netlogon call to get a dc - name - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 - -Signed-off-by: Stefan Metzmacher <[email protected]> -Reviewed-by: Guenther Deschner <[email protected]> -Reviewed-by: Andreas Schneider <[email protected]> -Reviewed-by: Ralph Boehme <[email protected]> -(backported from commit f86a4bf6848ade2db7229d182576db3320c3ece7) ---- - source3/winbindd/winbindd_cm.c | 145 --------------------------- - source3/winbindd/winbindd_dual_srv.c | 105 +------------------ - 2 files changed, 5 insertions(+), 245 deletions(-) - -diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c -index 1685edbabaa..28ebc15ddf9 100644 ---- a/source3/winbindd/winbindd_cm.c -+++ b/source3/winbindd/winbindd_cm.c -@@ -475,135 +475,6 @@ static bool cm_is_ipc_credentials(struct cli_credentials *creds) - return ret; - } - --static bool get_dc_name_via_netlogon(struct winbindd_domain *domain, -- fstring dcname, -- struct sockaddr_storage *dc_ss, -- uint32_t request_flags) --{ -- struct winbindd_domain *our_domain = NULL; -- struct rpc_pipe_client *netlogon_pipe = NULL; -- NTSTATUS result; -- WERROR werr; -- TALLOC_CTX *mem_ctx; -- unsigned int orig_timeout; -- const char *tmp = NULL; -- const char *p; -- struct dcerpc_binding_handle *b; -- -- /* Hmmmm. We can only open one connection to the NETLOGON pipe at the -- * moment.... */ -- -- if (IS_DC) { -- return False; -- } -- -- if (domain->primary) { -- return False; -- } -- -- our_domain = find_our_domain(); -- -- if ((mem_ctx = talloc_init("get_dc_name_via_netlogon")) == NULL) { -- return False; -- } -- -- result = cm_connect_netlogon(our_domain, &netlogon_pipe); -- if (!NT_STATUS_IS_OK(result)) { -- talloc_destroy(mem_ctx); -- return False; -- } -- -- b = netlogon_pipe->binding_handle; -- -- /* This call can take a long time - allow the server to time out. -- 35 seconds should do it. */ -- -- orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000); -- -- if (our_domain->active_directory) { -- struct netr_DsRGetDCNameInfo *domain_info = NULL; -- -- /* -- * TODO request flags are not respected in the server -- * (and in some cases, like REQUIRE_PDC, causes an error) -- */ -- result = dcerpc_netr_DsRGetDCName(b, -- mem_ctx, -- our_domain->dcname, -- domain->name, -- NULL, -- NULL, -- request_flags|DS_RETURN_DNS_NAME, -- &domain_info, -- &werr); -- if (NT_STATUS_IS_OK(result) && W_ERROR_IS_OK(werr)) { -- tmp = talloc_strdup( -- mem_ctx, domain_info->dc_unc); -- if (tmp == NULL) { -- DEBUG(0, ("talloc_strdup failed\n")); -- talloc_destroy(mem_ctx); -- return false; -- } -- if (domain->alt_name == NULL) { -- domain->alt_name = talloc_strdup(domain, -- domain_info->domain_name); -- if (domain->alt_name == NULL) { -- DEBUG(0, ("talloc_strdup failed\n")); -- talloc_destroy(mem_ctx); -- return false; -- } -- } -- if (domain->forest_name == NULL) { -- domain->forest_name = talloc_strdup(domain, -- domain_info->forest_name); -- if (domain->forest_name == NULL) { -- DEBUG(0, ("talloc_strdup failed\n")); -- talloc_destroy(mem_ctx); -- return false; -- } -- } -- } -- } else { -- result = dcerpc_netr_GetAnyDCName(b, mem_ctx, -- our_domain->dcname, -- domain->name, -- &tmp, -- &werr); -- } -- -- /* And restore our original timeout. */ -- rpccli_set_timeout(netlogon_pipe, orig_timeout); -- -- if (!NT_STATUS_IS_OK(result)) { -- DEBUG(10,("dcerpc_netr_GetAnyDCName failed: %s\n", -- nt_errstr(result))); -- talloc_destroy(mem_ctx); -- return false; -- } -- -- if (!W_ERROR_IS_OK(werr)) { -- DEBUG(10,("dcerpc_netr_GetAnyDCName failed: %s\n", -- win_errstr(werr))); -- talloc_destroy(mem_ctx); -- return false; -- } -- -- /* dcerpc_netr_GetAnyDCName gives us a name with \\ */ -- p = strip_hostname(tmp); -- -- fstrcpy(dcname, p); -- -- talloc_destroy(mem_ctx); -- -- DEBUG(10,("dcerpc_netr_GetAnyDCName returned %s\n", dcname)); -- -- if (!resolve_name(dcname, dc_ss, 0x20, true)) { -- return False; -- } -- -- return True; --} -- - /** - * Helper function to assemble trust password and account name - */ -@@ -1283,24 +1154,8 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, - struct samba_sockaddr *sa_list = NULL; - size_t salist_size = 0; - size_t i; -- bool is_our_domain; - enum security_types sec = (enum security_types)lp_security(); - -- is_our_domain = strequal(domain->name, lp_workgroup()); -- -- /* If not our domain, get the preferred DC, by asking our primary DC */ -- if ( !is_our_domain -- && get_dc_name_via_netlogon(domain, dcname, &ss, request_flags) -- && add_one_dc_unique(mem_ctx, domain->name, dcname, &ss, dcs, -- num_dcs) ) -- { -- char addr[INET6_ADDRSTRLEN]; -- print_sockaddr(addr, sizeof(addr), &ss); -- DEBUG(10, ("Retrieved DC %s at %s via netlogon\n", -- dcname, addr)); -- return True; -- } -- - if ((sec == SEC_ADS) && (domain->alt_name != NULL)) { - char *sitename = NULL; - -diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c -index bbdaf6e5807..0d9d88733da 100644 ---- a/source3/winbindd/winbindd_dual_srv.c -+++ b/source3/winbindd/winbindd_dual_srv.c -@@ -662,106 +662,11 @@ NTSTATUS _wbint_QueryUserRidList(struct pipes_struct *p, - - NTSTATUS _wbint_DsGetDcName(struct pipes_struct *p, struct wbint_DsGetDcName *r) - { -- struct winbindd_domain *domain = wb_child_domain(); -- struct rpc_pipe_client *netlogon_pipe; -- struct netr_DsRGetDCNameInfo *dc_info; -- NTSTATUS status; -- WERROR werr; -- unsigned int orig_timeout; -- struct dcerpc_binding_handle *b; -- bool retry = false; -- bool try_dsrgetdcname = false; -- -- if (domain == NULL) { -- return dsgetdcname(p->mem_ctx, global_messaging_context(), -- r->in.domain_name, r->in.domain_guid, -- r->in.site_name ? r->in.site_name : "", -- r->in.flags, -- r->out.dc_info); -- } -- -- if (domain->active_directory) { -- try_dsrgetdcname = true; -- } -- --reconnect: -- status = cm_connect_netlogon(domain, &netlogon_pipe); -- -- reset_cm_connection_on_error(domain, NULL, status); -- if (!NT_STATUS_IS_OK(status)) { -- DEBUG(10, ("Can't contact the NETLOGON pipe\n")); -- return status; -- } -- -- b = netlogon_pipe->binding_handle; -- -- /* This call can take a long time - allow the server to time out. -- 35 seconds should do it. */ -- -- orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000); -- -- if (try_dsrgetdcname) { -- status = dcerpc_netr_DsRGetDCName(b, -- p->mem_ctx, domain->dcname, -- r->in.domain_name, NULL, r->in.domain_guid, -- r->in.flags, r->out.dc_info, &werr); -- if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(werr)) { -- goto done; -- } -- if (!retry && -- reset_cm_connection_on_error(domain, NULL, status)) -- { -- retry = true; -- goto reconnect; -- } -- try_dsrgetdcname = false; -- retry = false; -- } -- -- /* -- * Fallback to less capable methods -- */ -- -- dc_info = talloc_zero(r->out.dc_info, struct netr_DsRGetDCNameInfo); -- if (dc_info == NULL) { -- status = NT_STATUS_NO_MEMORY; -- goto done; -- } -- -- if (r->in.flags & DS_PDC_REQUIRED) { -- status = dcerpc_netr_GetDcName(b, -- p->mem_ctx, domain->dcname, -- r->in.domain_name, &dc_info->dc_unc, &werr); -- } else { -- status = dcerpc_netr_GetAnyDCName(b, -- p->mem_ctx, domain->dcname, -- r->in.domain_name, &dc_info->dc_unc, &werr); -- } -- -- if (!retry && reset_cm_connection_on_error(domain, b, status)) { -- retry = true; -- goto reconnect; -- } -- if (!NT_STATUS_IS_OK(status)) { -- DEBUG(10, ("dcerpc_netr_Get[Any]DCName failed: %s\n", -- nt_errstr(status))); -- goto done; -- } -- if (!W_ERROR_IS_OK(werr)) { -- DEBUG(10, ("dcerpc_netr_Get[Any]DCName failed: %s\n", -- win_errstr(werr))); -- status = werror_to_ntstatus(werr); -- goto done; -- } -- -- *r->out.dc_info = dc_info; -- status = NT_STATUS_OK; -- --done: -- /* And restore our original timeout. */ -- rpccli_set_timeout(netlogon_pipe, orig_timeout); -- -- return status; -+ return dsgetdcname(p->mem_ctx, global_messaging_context(), -+ r->in.domain_name, r->in.domain_guid, -+ r->in.site_name ? r->in.site_name : "", -+ r->in.flags, -+ r->out.dc_info); - } - - NTSTATUS _wbint_LookupRids(struct pipes_struct *p, struct wbint_LookupRids *r) --- -2.47.2 - - -From 41191db034ea7825acd01a0166cd2a8b425878ed Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <[email protected]> -Date: Wed, 2 Jul 2025 21:59:48 +0200 -Subject: [PATCH 3/3] s3-winbindd: Fix internal winbind dsgetdcname calls - w.r.t. domain name -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -when winbind calls to dsgetdcname internally, make sure to -prefer the DNS domain name if we have it. Makes DNS lookups much more -likely to succeed. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876 - -Guenther - -Signed-off-by: Guenther Deschner <[email protected]> -Reviewed-by: Andreas Schneider <[email protected]> -Reviewed-by: Ralph Boehme <[email protected]> - -Autobuild-User(master): Ralph Böhme <[email protected]> -Autobuild-Date(master): Mon Jul 7 10:44:37 UTC 2025 on atb-devel-224 - -(cherry picked from commit 2560c9b3224816ffd371a62103f65b3aca301ad5) ---- - source3/winbindd/wb_queryuser.c | 17 +++++++++++++---- - source3/winbindd/wb_sids2xids.c | 17 +++++++++++++---- - source3/winbindd/wb_xids2sids.c | 12 +++++++++--- - source3/winbindd/winbindd_dual.c | 6 +++++- - source3/winbindd/winbindd_proto.h | 1 + - source3/winbindd/winbindd_util.c | 19 +++++++++++++++++++ - 6 files changed, 60 insertions(+), 12 deletions(-) - -diff --git a/source3/winbindd/wb_queryuser.c b/source3/winbindd/wb_queryuser.c -index c2758f1b76a..db8e946ba71 100644 ---- a/source3/winbindd/wb_queryuser.c -+++ b/source3/winbindd/wb_queryuser.c -@@ -289,10 +289,19 @@ static void wb_queryuser_done(struct tevent_req *subreq) - - if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) && - !state->tried_dclookup) { -- D_DEBUG("GetNssInfo got DOMAIN_CONTROLLER_NOT_FOUND, calling wb_dsgetdcname_send()\n"); -- subreq = wb_dsgetdcname_send( -- state, state->ev, state->info->domain_name, NULL, NULL, -- DS_RETURN_DNS_NAME); -+ const char *domain_name = find_dns_domain_name( -+ state->info->domain_name); -+ -+ D_DEBUG("GetNssInfo got DOMAIN_CONTROLLER_NOT_FOUND, calling " -+ "wb_dsgetdcname_send(%s)\n", -+ domain_name); -+ -+ subreq = wb_dsgetdcname_send(state, -+ state->ev, -+ domain_name, -+ NULL, -+ NULL, -+ DS_RETURN_DNS_NAME); - if (tevent_req_nomem(subreq, req)) { - return; - } -diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c -index f0f6c23fc20..03e5e7e0258 100644 ---- a/source3/winbindd/wb_sids2xids.c -+++ b/source3/winbindd/wb_sids2xids.c -@@ -612,13 +612,22 @@ static void wb_sids2xids_done(struct tevent_req *subreq) - !state->tried_dclookup) { - - struct lsa_DomainInfo *d; -+ const char *domain_name = NULL; - -- D_DEBUG("Domain controller not found. Calling wb_dsgetdcname_send() to get it.\n"); - d = &state->idmap_doms.domains[state->dom_index]; - -- subreq = wb_dsgetdcname_send( -- state, state->ev, d->name.string, NULL, NULL, -- DS_RETURN_DNS_NAME); -+ domain_name = find_dns_domain_name(d->name.string); -+ -+ D_DEBUG("Domain controller not found. Calling " -+ "wb_dsgetdcname_send(%s) to get it.\n", -+ domain_name); -+ -+ subreq = wb_dsgetdcname_send(state, -+ state->ev, -+ domain_name, -+ NULL, -+ NULL, -+ DS_RETURN_DNS_NAME); - if (tevent_req_nomem(subreq, req)) { - return; - } -diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c -index 86bd7f9deab..6fcf524d94f 100644 ---- a/source3/winbindd/wb_xids2sids.c -+++ b/source3/winbindd/wb_xids2sids.c -@@ -143,9 +143,15 @@ static void wb_xids2sids_dom_done(struct tevent_req *subreq) - if (NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) && - !state->tried_dclookup) { - -- subreq = wb_dsgetdcname_send( -- state, state->ev, state->dom_map->name, NULL, NULL, -- DS_RETURN_DNS_NAME); -+ const char *domain_name = find_dns_domain_name( -+ state->dom_map->name); -+ -+ subreq = wb_dsgetdcname_send(state, -+ state->ev, -+ domain_name, -+ NULL, -+ NULL, -+ DS_RETURN_DNS_NAME); - if (tevent_req_nomem(subreq, req)) { - return; - } -diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c -index b8e1ceddecc..ee80a4725fa 100644 ---- a/source3/winbindd/winbindd_dual.c -+++ b/source3/winbindd/winbindd_dual.c -@@ -532,6 +532,7 @@ static void wb_domain_request_trigger(struct tevent_req *req, - struct wb_domain_request_state *state = tevent_req_data( - req, struct wb_domain_request_state); - struct winbindd_domain *domain = state->domain; -+ const char *domain_name = NULL; - struct tevent_req *subreq = NULL; - size_t shortest_queue_length; - -@@ -604,8 +605,11 @@ static void wb_domain_request_trigger(struct tevent_req *req, - * which is indicated by DS_RETURN_DNS_NAME. - * For NT4 domains we still get the netbios name. - */ -+ -+ domain_name = find_dns_domain_name(state->domain->name); -+ - subreq = wb_dsgetdcname_send(state, state->ev, -- state->domain->name, -+ domain_name, - NULL, /* domain_guid */ - NULL, /* site_name */ - DS_RETURN_DNS_NAME); /* flags */ -diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h -index 4dee9b046cf..292b96ee5fa 100644 ---- a/source3/winbindd/winbindd_proto.h -+++ b/source3/winbindd/winbindd_proto.h -@@ -603,6 +603,7 @@ bool parse_sidlist(TALLOC_CTX *mem_ctx, const char *sidstr, - struct dom_sid **sids, uint32_t *num_sids); - bool parse_xidlist(TALLOC_CTX *mem_ctx, const char *xidstr, - struct unixid **pxids, uint32_t *pnum_xids); -+const char *find_dns_domain_name(const char *domain_name); - - /* The following definitions come from winbindd/winbindd_wins.c */ - -diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c -index 7527a78b30e..5c832fc22b5 100644 ---- a/source3/winbindd/winbindd_util.c -+++ b/source3/winbindd/winbindd_util.c -@@ -2241,3 +2241,22 @@ fail: - TALLOC_FREE(xids); - return false; - } -+ -+/** -+ * Helper to extract the DNS Domain Name from a struct winbindd_domain -+ */ -+const char *find_dns_domain_name(const char *domain_name) -+{ -+ struct winbindd_domain *wbdom = NULL; -+ -+ wbdom = find_domain_from_name(domain_name); -+ if (wbdom == NULL) { -+ return domain_name; -+ } -+ -+ if (wbdom->active_directory && wbdom->alt_name != NULL) { -+ return wbdom->alt_name; -+ } -+ -+ return wbdom->name; -+} --- -2.47.2 - diff --git a/net-fs/samba/samba-4.20.8-r1.ebuild b/net-fs/samba/samba-4.20.8-r1.ebuild deleted file mode 100644 index b0c63cceefd3..000000000000 --- a/net-fs/samba/samba-4.20.8-r1.ebuild +++ /dev/null @@ -1,385 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{11..13} ) -PYTHON_REQ_USE="threads(+),xml(+)" -inherit python-single-r1 flag-o-matic waf-utils multilib-minimal linux-info systemd pam tmpfiles - -DESCRIPTION="Samba Suite Version 4" -HOMEPAGE="https://samba.org/"; - -MY_PV="${PV/_rc/rc}" -MY_P="${PN}-${MY_PV}" -if [[ ${PV} == *_rc* ]]; then - SRC_URI="https://download.samba.org/pub/samba/rc/${MY_P}.tar.gz"; -else - SRC_URI="https://download.samba.org/pub/samba/stable/${MY_P}.tar.gz"; - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~sparc x86" -fi -S="${WORKDIR}/${MY_P}" - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl addc ads ceph client cluster cups debug fam glusterfs gpg" -IUSE+=" iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux" -IUSE+=" snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind" -IUSE+=" zeroconf" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - addc? ( json python !system-mitkrb5 winbind ) - ads? ( acl ldap python winbind ) - cluster? ( ads ) - gpg? ( addc ) - spotlight? ( json ) - test? ( python ) - !ads? ( !addc ) - ?? ( system-heimdal system-mitkrb5 ) -" - -# the test suite is messed, it uses system-installed samba -# bits instead of what was built, tests things disabled via use -# flags, and generally just fails to work in a way ebuilds could -# rely on in its current state -RESTRICT="test" - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/samba-4.0/policy.h - /usr/include/samba-4.0/dcerpc_server.h - /usr/include/samba-4.0/ctdb.h - /usr/include/samba-4.0/ctdb_client.h - /usr/include/samba-4.0/ctdb_protocol.h - /usr/include/samba-4.0/ctdb_private.h - /usr/include/samba-4.0/ctdb_typesafe_cb.h - /usr/include/samba-4.0/ctdb_version.h -) - -TALLOC_VERSION="2.4.2" -TDB_VERSION="1.4.10" -TEVENT_VERSION="0.16.1" - -COMMON_DEPEND=" - >=app-arch/libarchive-3.1.2:=[${MULTILIB_USEDEP}] - dev-lang/perl:= - dev-libs/icu:=[${MULTILIB_USEDEP}] - dev-libs/libbsd[${MULTILIB_USEDEP}] - dev-libs/libtasn1:=[${MULTILIB_USEDEP}] - dev-libs/popt[${MULTILIB_USEDEP}] - dev-perl/Parse-Yapp - >=net-libs/gnutls-3.4.7:=[${MULTILIB_USEDEP}] - >=sys-fs/e2fsprogs-1.46.4-r51[${MULTILIB_USEDEP}] - >=sys-libs/ldb-2.9.2:=[ldap(+)?,${MULTILIB_USEDEP}] - <sys-libs/ldb-2.10.0:=[ldap(+)?,${MULTILIB_USEDEP}] - sys-libs/libcap[${MULTILIB_USEDEP}] - sys-libs/liburing:=[${MULTILIB_USEDEP}] - sys-libs/ncurses:= - sys-libs/readline:= - >=sys-libs/talloc-${TALLOC_VERSION}[${MULTILIB_USEDEP}] - >=sys-libs/tdb-${TDB_VERSION}[${MULTILIB_USEDEP}] - >=sys-libs/tevent-${TEVENT_VERSION}[${MULTILIB_USEDEP}] - virtual/zlib:=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - virtual/libiconv - $(python_gen_cond_dep ' - addc? ( - dev-python/dnspython:=[${PYTHON_USEDEP}] - dev-python/markdown[${PYTHON_USEDEP}] - ) - ads? ( - dev-python/dnspython:=[${PYTHON_USEDEP}] - net-dns/bind[gssapi] - ) - ') - acl? ( virtual/acl ) - ceph? ( sys-cluster/ceph ) - cluster? ( net-libs/rpcsvc-proto ) - cups? ( net-print/cups ) - debug? ( dev-util/lttng-ust ) - fam? ( virtual/fam ) - gpg? ( app-crypt/gpgme:= ) - json? ( dev-libs/jansson:= ) - ldap? ( net-nds/openldap:=[${MULTILIB_USEDEP}] ) - pam? ( sys-libs/pam ) - python? ( - sys-libs/ldb[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/talloc[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/tdb[python,${PYTHON_SINGLE_USEDEP}] - sys-libs/tevent[python,${PYTHON_SINGLE_USEDEP}] - ) - snapper? ( sys-apps/dbus ) - system-heimdal? ( >=app-crypt/heimdal-1.5[-ssl(-),${MULTILIB_USEDEP}] ) - system-mitkrb5? ( >=app-crypt/mit-krb5-1.19[${MULTILIB_USEDEP}] ) - !system-heimdal? ( !system-mitkrb5? ( sys-apps/keyutils[${MULTILIB_USEDEP}] ) ) - systemd? ( sys-apps/systemd:= ) - unwind? ( - llvm-libunwind? ( llvm-runtimes/libunwind:= ) - !llvm-libunwind? ( sys-libs/libunwind:= ) - ) - zeroconf? ( net-dns/avahi[dbus] ) -" -DEPEND="${COMMON_DEPEND} - dev-perl/JSON - net-libs/libtirpc[${MULTILIB_USEDEP}] - net-libs/rpcsvc-proto - spotlight? ( dev-libs/glib ) - test? ( - >=dev-util/cmocka-1.1.3[${MULTILIB_USEDEP}] - $(python_gen_cond_dep "dev-python/python-subunit[\${PYTHON_USEDEP},${MULTILIB_USEDEP}]" ) - !system-mitkrb5? ( - >=net-dns/resolv_wrapper-1.1.4 - >=net-libs/socket_wrapper-1.1.9 - >=sys-libs/nss_wrapper-1.1.3 - >=sys-libs/uid_wrapper-1.2.1 - ) - )" -RDEPEND="${COMMON_DEPEND} - client? ( net-fs/cifs-utils[ads?] ) - python? ( ${PYTHON_DEPS} ) - selinux? ( sec-policy/selinux-samba ) -" -BDEPEND="${PYTHON_DEPS} - app-text/docbook-xsl-stylesheets - dev-libs/libxslt - virtual/pkgconfig -" - -PATCHES=( - "${FILESDIR}"/${PN}-4.18.4-pam.patch - "${FILESDIR}"/ldb-2.5.2-skip-wav-tevent-check.patch - "${FILESDIR}"/${P}-dont-use-deprecated-readline-CPPFunction-cast.patch - "${FILESDIR}"/${P}-CVE-2025-0620.patch -) - -CONFDIR="${FILESDIR}/4.4" -WAF_BINARY="${S}/buildtools/bin/waf" -SHAREDMODS="" - -pkg_setup() { - # Package fails to build with distcc - export DISTCC_DISABLE=1 - export PYTHONHASHSEED=1 - - python-single-r1_pkg_setup - - SHAREDMODS="$(usev !snapper '!')vfs_snapper" - if use cluster ; then - SHAREDMODS+=",idmap_rid,idmap_tdb2,idmap_ad" - elif use ads ; then - SHAREDMODS+=",idmap_ad" - fi -} - -check_samba_dep_versions() { - actual_talloc_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/talloc/wscript || die) - if [[ ${actual_talloc_version} != ${TALLOC_VERSION} ]] ; then - eerror "Source talloc version: ${TALLOC_VERSION}" - eerror "Ebuild talloc version: ${actual_talloc_version}" - die "Ebuild needs to fix TALLOC_VERSION!" - fi - - actual_tdb_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tdb/wscript || die) - if [[ ${actual_tdb_version} != ${TDB_VERSION} ]] ; then - eerror "Source tdb version: ${TDB_VERSION}" - eerror "Ebuild tdb version: ${actual_tdb_version}" - die "Ebuild needs to fix TDB_VERSION!" - fi - - actual_tevent_version=$(sed -En '/^VERSION =/{s/[^0-9.]//gp}' lib/tevent/wscript || die) - if [[ ${actual_tevent_version} != ${TEVENT_VERSION} ]] ; then - eerror "Source tevent version: ${TEVENT_VERSION}" - eerror "Ebuild tevent version: ${actual_tevent_version}" - die "Ebuild needs to fix TEVENT_VERSION!" - fi -} - -src_prepare() { - default - - check_samba_dep_versions - - # Unbundle dnspython - sed -i -e '/"dns.resolver":/d' "${S}"/third_party/wscript || die - - # Unbundle iso8601 unless tests are enabled - if ! use test ; then - sed -i -e '/"iso8601":/d' "${S}"/third_party/wscript || die - fi - - # Ugly hackaround for bug #592502 - #cp /usr/include/tevent_internal.h "${S}"/lib/tevent/ || die - - # WAF - multilib_copy_sources -} - -multilib_src_configure() { - # When specifying libs for samba build you must append NONE to the end to - # stop it automatically including things - local bundled_libs="NONE" - if ! use system-heimdal && ! use system-mitkrb5 ; then - bundled_libs="heimbase,heimntlm,hdb,kdc,krb5,wind,gssapi,hcrypto,hx509,roken,asn1,com_err,NONE" - fi - - # We "use" bundled cmocka when we're not running tests as we're - # not using it anyway. Means we avoid making users install it for - # no reason. bug #802531 - if ! use test ; then - bundled_libs="cmocka,${bundled_libs}" - fi - - # bug #874633 - if use llvm-libunwind ; then - mkdir -p "${T}"/${ABI}/pkgconfig || die - - local -x PKG_CONFIG_PATH="${T}/${ABI}/pkgconfig:${PKG_CONFIG_PATH}" - - cat <<-EOF > "${T}"/${ABI}/pkgconfig/libunwind-generic.pc || die - exec_prefix=\${prefix} - libdir=/usr/$(get_libdir) - includedir=\${prefix}/include - - Name: libunwind-generic - Description: libunwind generic library - Version: 1.70 - Libs: -L\${libdir} -lunwind - Cflags: -I\${includedir} - EOF - fi - - local myconf=( - --enable-fhs - --sysconfdir="${EPREFIX}/etc" - --localstatedir="${EPREFIX}/var" - --with-modulesdir="${EPREFIX}/usr/$(get_libdir)/samba" - --with-piddir="${EPREFIX}/run/${PN}" - --bundled-libraries="${bundled_libs}" - --builtin-libraries=NONE - --disable-rpath - --disable-rpath-install - --nopyc - --nopyo - --without-winexe - $(multilib_native_use_with acl acl-support) - $(multilib_native_usex addc '' '--without-ad-dc') - $(multilib_native_use_with ads) - $(multilib_native_use_enable ceph cephfs) - $(multilib_native_use_with cluster cluster-support) - $(multilib_native_use_enable cups) - --without-dmapi - $(multilib_native_use_with fam) - $(multilib_native_use_enable glusterfs) - $(multilib_native_use_with gpg gpgme) - $(multilib_native_use_with json) - $(multilib_native_use_enable iprint) - $(multilib_native_use_with pam) - $(multilib_native_usex pam "--with-pammodulesdir=${EPREFIX}/$(get_libdir)/security" '') - $(multilib_native_use_with quota quotas) - $(multilib_native_use_with regedit) - $(multilib_native_use_enable spotlight) - $(multilib_native_use_with syslog) - $(multilib_native_use_with systemd) - --systemd-install-services - --with-systemddir="$(systemd_get_systemunitdir)" - $(multilib_native_use_with unwind libunwind) - $(multilib_native_use_with winbind) - $(multilib_native_usex python '' '--disable-python') - $(multilib_native_use_enable zeroconf avahi) - $(multilib_native_usex test '--enable-selftest' '') - $(usev system-mitkrb5 "--with-system-mitkrb5 ${ESYSROOT}/usr $(multilib_native_usex addc --with-experimental-mit-ad-dc '')") - $(use_with debug lttng) - $(use_with ldap) - $(use_with profiling-data) - # bug #683148 - --jobs 1 - ) - - if multilib_is_native_abi ; then - myconf+=( --with-shared-modules=${SHAREDMODS} ) - else - myconf+=( --with-shared-modules=DEFAULT,!vfs_snapper ) - fi - - append-ldflags $(test-flags-CCLD -Wl,--undefined-version) # bug 914898 - - append-cppflags "-I${ESYSROOT}/usr/include/et" - - waf-utils_src_configure ${myconf[@]} -} - -multilib_src_compile() { - waf-utils_src_compile -} - -multilib_src_test() { - if multilib_is_native_abi ; then - "${WAF_BINARY}" test || die "Test failed" - fi -} - -multilib_src_install() { - waf-utils_src_install - - # Make all .so files executable - find "${ED}" -type f -name "*.so" -exec chmod +x {} + || die - # smbspool_krb5_wrapper must only be accessible to root, bug #880739 - find "${ED}" -type f -name "smbspool_krb5_wrapper" -exec chmod go-rwx {} + || die - - # Remove empty runtime dirs created by build system (bug #892341) - find "${ED}"/{run,var} -type d -empty -delete || die - - if multilib_is_native_abi ; then - # Install ldap schema for server (bug #491002) - if use ldap ; then - insinto /etc/openldap/schema - doins examples/LDAP/samba.schema - fi - - # Create symlink for cups (bug #552310) - if use cups ; then - dosym ../../../bin/smbspool \ - /usr/libexec/cups/backend/smb - fi - - # Install example config file - insinto /etc/samba - doins examples/smb.conf.default - - # Fix paths in example file (bug #603964) - sed \ - -e '/log file =/s@/usr/local/samba/var/@/var/log/samba/@' \ - -e '/include =/s@/usr/local/samba/lib/@/etc/samba/@' \ - -e '/path =/s@/usr/local/samba/lib/@/var/lib/samba/@' \ - -e '/path =/s@/usr/local/samba/@/var/lib/samba/@' \ - -e '/path =/s@/usr/spool/samba@/var/spool/samba@' \ - -i "${ED}"/etc/samba/smb.conf.default || die - - # Install init script and conf.d file - newinitd "${CONFDIR}/samba4.initd-r1" samba - newconfd "${CONFDIR}/samba4.confd" samba - - dotmpfiles "${FILESDIR}"/samba.conf - if ! use addc ; then - rm "${D}/$(systemd_get_systemunitdir)/samba.service" \ - || die - fi - - # Preserve functionality for old gentoo-specific unit names - dosym nmb.service "$(systemd_get_systemunitdir)/nmbd.service" - dosym smb.service "$(systemd_get_systemunitdir)/smbd.service" - dosym winbind.service "$(systemd_get_systemunitdir)/winbindd.service" - - use python && python_optimize - fi - - if use pam && use winbind ; then - newpamd "${CONFDIR}/system-auth-winbind.pam" system-auth-winbind - # bugs #376853 and #590374 - insinto /etc/security - doins examples/pam_winbind/pam_winbind.conf - fi -} - -pkg_postinst() { - tmpfiles_process samba.conf -}
