samba4: update to 4.9.15
* update to 4.9.15 * fixes CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 * update smb.conf.template (aio, sendfile) Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
This commit is contained in:
Andy Walsh
parent
827969027a
commit
d08b1279eb
2 changed files with 42 additions and 28 deletions
|
|
@ -2,7 +2,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=samba
|
||||
PKG_VERSION:=4.9.13
|
||||
PKG_VERSION:=4.9.15
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
|
|
@ -12,7 +12,7 @@ PKG_SOURCE_URL:=https://ftp.heanet.ie/mirrors/ftp.samba.org/stable/ \
|
|||
http://www.nic.funet.fi/index/samba/pub/samba/stable/ \
|
||||
http://samba.mirror.bit.nl/samba/ftp/stable/ \
|
||||
https://download.samba.org/pub/samba/stable/
|
||||
PKG_HASH:=ab18331e37766b13dbb07d1f115bda3d794917baf502d0ca2b2b8fff014b88f2
|
||||
PKG_HASH:=377102b80b97941bf0d131b828cae8415190e5bdd2928c2e2c954e29f1904496
|
||||
|
||||
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
|
||||
PKG_LICENSE:=GPL-3.0-only
|
||||
|
|
|
|||
|
|
@ -7,73 +7,87 @@
|
|||
|
||||
## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
|
||||
bind interfaces only = yes
|
||||
|
||||
|
||||
## time for inactive connections to-be closed in minutes
|
||||
deadtime = 15
|
||||
|
||||
|
||||
## disable core dumps
|
||||
enable core files = no
|
||||
|
||||
|
||||
## set security (auto, user, domain, ads)
|
||||
security = user
|
||||
|
||||
|
||||
## This parameter controls whether a remote client is allowed or required to use SMB encryption.
|
||||
## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
|
||||
## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
|
||||
## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer.
|
||||
##(default/auto,desired,required,off)
|
||||
## (default/auto,desired,required,off)
|
||||
#smb encrypt = default
|
||||
|
||||
|
||||
## set invalid users
|
||||
invalid users = root
|
||||
|
||||
|
||||
## map unknow users to guest
|
||||
map to guest = Bad User
|
||||
|
||||
## allow client access to accounts that have null passwords.
|
||||
null passwords = yes
|
||||
|
||||
|
||||
## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
|
||||
## (tdbsam,smbpasswd,ldapsam)
|
||||
passdb backend = smbpasswd
|
||||
|
||||
|
||||
## Set location of smbpasswd ('smbd -b' will show default compiled location)
|
||||
#smb passwd file = /etc/samba/smbpasswd
|
||||
|
||||
|
||||
## LAN/WAN options (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT)
|
||||
socket options = IPTOS_LOWDELAY TCP_NODELAY
|
||||
|
||||
## lower CPU useage if supported
|
||||
use sendfile = yes
|
||||
|
||||
|
||||
## If this integer parameter is set to a non-zero value, Samba will read from files asynchronously when the request size is bigger than this value.
|
||||
## Note that it happens only for non-chained and non-chaining reads and when not using write cache.
|
||||
## The only reasonable values for this parameter are 0 (no async I/O) and 1 (always do async I/O).
|
||||
## (1/0)
|
||||
#aio read size = 0
|
||||
#aio write size = 0
|
||||
|
||||
## If Samba has been built with asynchronous I/O support, Samba will not wait until write requests are finished before returning the result to the client for files listed in this parameter.
|
||||
## Instead, Samba will immediately return that the write request has been finished successfully, no matter if the operation will succeed or not.
|
||||
## This might speed up clients without aio support, but is really dangerous, because data could be lost and files could be damaged.
|
||||
#aio write behind = /*.tmp/
|
||||
|
||||
## lower CPU useage if supported and aio is disabled (aio read size = 0 ; aio write size = 0)
|
||||
## currently broken (NOTE: see https://bugzilla.samba.org/show_bug.cgi?id=14095 )
|
||||
## (no, yes)
|
||||
#use sendfile = yes
|
||||
|
||||
## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
|
||||
#blocking locks = No
|
||||
|
||||
|
||||
## disable loading of all printcap printers by default (iprint, cups, lpstat)
|
||||
load printers = No
|
||||
printcap name = /dev/null
|
||||
|
||||
## Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's.
|
||||
disable spoolss = yes
|
||||
|
||||
|
||||
## This parameters controls how printer status information is interpreted on your system.
|
||||
## (BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ)
|
||||
printing = bsd
|
||||
|
||||
|
||||
## Disable that nmbd is acting as a WINS server for unknow netbios names
|
||||
#dns proxy = No
|
||||
|
||||
|
||||
## win/unix user mapping backend
|
||||
#idmap config * : backend = tdb
|
||||
|
||||
|
||||
## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
|
||||
## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
|
||||
## (netbios, mdns)
|
||||
mdns name = mdns
|
||||
|
||||
|
||||
## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
|
||||
#disable netbios = Yes
|
||||
|
||||
|
||||
## Setting this value to no will cause nmbd never to become a local master browser.
|
||||
#local master = no
|
||||
|
||||
|
|
@ -83,21 +97,21 @@
|
|||
## (445 139) Specifies which ports the server should listen on for SMB traffic.
|
||||
## 139 is netbios/nmbd
|
||||
#smb ports = 445 139
|
||||
|
||||
|
||||
## This is a list of files and directories that are neither visible nor accessible.
|
||||
## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
|
||||
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
|
||||
|
||||
|
||||
## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
|
||||
delete veto files = yes
|
||||
|
||||
|
||||
################ Filesystem and creation rules ################
|
||||
## reported filesystem type (NTFS,Samba,FAT)
|
||||
#fstype = FAT
|
||||
|
||||
|
||||
## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
|
||||
#dos filemode = Yes
|
||||
|
||||
|
||||
## file/dir creating rules
|
||||
#create mask = 0666
|
||||
#directory mask = 0777
|
||||
|
|
|
|||
Loading…
Reference in a new issue