977baf7100
Fixes CVE-2016-2119
Client side SMB2/3 required signing can be downgraded
Summary: A man in the middle attack can disable client signing
over SMB2/3, even if enforced by configuration
parameters.
Details:
https://www.samba.org/samba/security/CVE-2016-2119.html
59 lines
1.4 KiB
Plaintext
59 lines
1.4 KiB
Plaintext
# Description: SMB server and client for unix
|
|
# URL: http://www.samba.org
|
|
# Maintainer: Alan Mizrahi, alan at mizrahi dot com dot ve
|
|
# Packager: Juergen Daubert, jue at crux dot nu
|
|
# Depends on: iniparser krb5 ldb libaio libcap ntdb p5-parse-yapp py-subunit subunit nss_wrapper socket_wrapper uid_wrapper
|
|
# Optional: cups
|
|
|
|
name=samba
|
|
version=4.2.14
|
|
release=4
|
|
source=(
|
|
http://www.samba.org/samba/ftp/stable/$name-$version.tar.gz
|
|
samba-4.2.1-krb5.patch
|
|
samba.rc
|
|
nmbd.rc
|
|
smbd.rc
|
|
winbindd.rc
|
|
)
|
|
|
|
build () {
|
|
cd $name-$version
|
|
|
|
# fix for configuring with krb5 installed
|
|
# https://bugzilla.samba.org/show_bug.cgi?id=11165
|
|
patch -p1 -i $SRC/samba-4.2.1-krb5.patch
|
|
|
|
# we should define vendorlib in our perl port
|
|
sed -ri 's:(vendor)(arch|lib|prefix):site\2:' buildtools/wafsamba/samba_perl.py
|
|
|
|
./configure \
|
|
--enable-fhs \
|
|
--prefix=/usr \
|
|
--localstatedir=/var \
|
|
--sysconfdir=/etc \
|
|
--with-privatedir=/etc/samba/private \
|
|
--bundled-libraries=NONE \
|
|
--with-system-mitkrb5
|
|
|
|
make
|
|
make DESTDIR=$PKG install
|
|
|
|
# man pages
|
|
for i in docs/manpages/*; do
|
|
install -D -m 644 $i $PKG/usr/share/man/man${i##*.}/${i##*/}
|
|
done
|
|
|
|
# cleanup
|
|
chmod 1777 $PKG/var/lock
|
|
|
|
# config-file and start-script
|
|
install -d $PKG/etc/{samba,rc.d}
|
|
install -m 0600 packaging/LSB/smb.conf $PKG/etc/samba/smb.conf.default
|
|
|
|
# startup scripts
|
|
for i in samba nmbd smbd winbindd; do
|
|
install -m 0755 $SRC/$i.rc $PKG/etc/rc.d/$i
|
|
done
|
|
}
|